This project is mirrored from Pull mirroring updated .
  1. 16 Aug, 2018 5 commits
    • akirilov's avatar
      RESTRICT AUTOMERGE: Revoke permissions defined in a to-be removed package. · 1cd46563
      akirilov authored
      Bug: 67319274
      Test: run cts-dev --module CtsPermissionTestCases --test android.permission.cts.RemovePermissionTest#permissionShouldBeRevokedIfRemoved
      Change-Id: I2771c048e13529e168121c5a5501aa26fc21e30f
      (cherry picked from commit 82107644)
    • Jeff Sharkey's avatar
      DO NOT MERGE. Extend SQLiteQueryBuilder for update and delete. · 136692bd
      Jeff Sharkey authored
      Developers often accept selection clauses from untrusted code, and
      SQLiteQueryBuilder already supports a "strict" mode to help catch
      SQL injection attacks.  This change extends the builder to support
      update() and delete() calls, so that we can help secure those
      selection clauses too.
      Bug: 111085900
      Test: atest packages/providers/DownloadProvider/tests/
      Test: atest cts/tests/app/src/android/app/cts/
      Test: atest cts/tests/tests/database/src/android/database/sqlite/cts/
      Change-Id: Ib4fc8400f184755ee7e971ab5f2095186341730c
      Merged-In: Ib4fc8400f184755ee7e971ab5f2095186341730c
      (cherry picked from commit 09d49531)
    • Jeff Sharkey's avatar
      DO NOT MERGE. Execute "strict" queries with extra parentheses. · 1a161653
      Jeff Sharkey authored
      SQLiteQueryBuilder has a setStrict() mode which can be used to
      detect SQL attacks from untrusted sources, which it does by running
      each query twice: once with an extra set of parentheses, and if that
      succeeds, it runs the original query verbatim.
      This sadly doesn't catch inputs of the type "1=1) OR (1=1", which
      creates valid statements for both tests above, but the final executed
      query ends up leaking data due to SQLite operator precedence.
      Instead, we need to continue compiling both variants, but we need
      to execute the query with the additional parentheses to ensure
      data won't be leaked.
      Test: atest cts/tests/tests/database/src/android/database/sqlite/cts/
      Bug: 111085900
      Change-Id: I6e8746fa48f9de13adae37d2990de11c9c585381
      Merged-In: I6e8746fa48f9de13adae37d2990de11c9c585381
      (cherry picked from commit 5a55a72f)
    • Jeff Sharkey's avatar
      DO NOT MERGE. Persistable Uri grants still require permissions. · ab8e82d8
      Jeff Sharkey authored
      When FLAG_GRANT_PERSISTABLE_URI_PERMISSION is requested, we still
      need to check permissions between the source and target packages,
      instead of shortcutting past them.
      The spirit of the original change is remains intact: if the caller
      requested FLAG_GRANT_PERSISTABLE_URI_PERMISSION, then we avoid
      returning "-1", which would prevent the grant data structure from
      being allocated.
      Bug: 111934948
      Test: atest android.appsecurity.cts.AppSecurityTests
      Change-Id: Ief0fc922aa09fc3d9bb6a126c2ff5855347cd030
      Merged-In: Ief0fc922aa09fc3d9bb6a126c2ff5855347cd030
      (cherry picked from commit 05519b7e)
    • Mihai Popa's avatar
      Optimise the hit test algorithm · 89be24c6
      Mihai Popa authored
      Layout#getOffsetForHorizontal was running in O(n^2) time, where n is the
      length of the current line. The method is used when a touch event
      happens on a text line, to compute the cursor offset (and the character)
      where it happened. Although this is not an issue in common usecases,
      where the number of characters on a line is relatively small, this can
      be very inefficient as a consequence of Unicode containing 0-width
      (invisible) characters. Specifically, there are characters defining the
      text direction (LTR or RTL), which cause our algorithm to touch the
      worst case quadratic runtime. For example, a person is able to send a
      message containing a few visible characters, and also a lot of these
      direction changing invisible ones. When the receiver touches the message
      (causing the Layout#getOffsetForHorizontal method to be called), the
      receiver's application would become not responsive.
      This CL optimizes the method to run in O(n) worst case. This is achieved
      by computing the measurements of all line prefixes at first, which can
      be done in a single pass. Then, all the prefix measurement queries will
      be answered in O(1), rather than O(n) as it was happening before.
      Bug: 79215201
      Test: manual testing
      Change-Id: Ib66ef392c19c937718e7101f6d48fac3abe51ad0
      Merged-In: Ib66ef392c19c937718e7101f6d48fac3abe51ad0
      (cherry picked from commit 69b589b2)
  2. 10 Aug, 2018 24 commits
    • android-build-team Robot's avatar
      Merge cherrypicks of [4741663, 4741664, 4741665, 4741666, 4743080, 4743081,... · 3c2c834a
      android-build-team Robot authored
      Merge cherrypicks of [4741663, 4741664, 4741665, 4741666, 4743080, 4743081, 4743082, 4743083, 4741262, 4741263, 4741264, 4741265, 4741266, 4741667, 4743084, 4741242, 4741243, 4741741, 4741742, 4741743, 4741744, 4741822, 4743085, 4741668, 4741338, 4743055, 4743056, 4743070, 4743073, 4743075, 4743076, 4743078, 4743079, 4743161, 4743162, 4743164, 4743165, 4743167, 4743168, 4743169, 4743170, 4741681, 4741682, 4741683, 4741684, 4741685, 4741686, 4741687, 4741688, 4741689, 4741690, 4741691, 4741692, 4741693, 4741694, 4741695, 4741696, 4741697, 4741698, 4741699, 4743240, 4743241, 4743242, 4743243, 4741745, 4741823, 4741824, 4741825, 4741267, 4741268, 4743244, 4743280, 4743281, 4743224, 4743203, 4743204, 4743205, 4741746, 4741747, 4743245, 4741826, 4741827, 4741828, 4741829, 4741748, 4741749, 4741750, 4743233, 4743282, 4741244, 4741245, 4741246, 4741247, 4743206, 4743207, 4743208, 4743209, 4743210, 4743211, 4743212, 4743213, 4743214, 4743215, 4743216, 4743217, 4743218, 4743219, 4743360, 4743361, 4743362, 4743363, 4743364, 4743365, 4743366, 4743367, 4743368, 4743369, 4743370, 4743371, 4743372, 4743373, 4743374, 4743375, 4743376, 4743377, 4743283, 4743284, 4741830, 4742501, 4743246, 4743086, 4743087, 4743378, 4743379, 4741751] into sparse-4749909-L04200000199131547
      Change-Id: I1492186998ee5230a67cd2efaf8c68d8b008cb7e
    • Robert Shih's avatar
      Fix TrackInfo parcel write · f28568c9
      Robert Shih authored
      Bug: 77600398
      Change-Id: Ia316f1c5dc4879f6851fdb78fe8b9039579be7bc
      (cherry picked from commit 0d2dc943)
    • Bernie Innocenti's avatar
      vpn: allow IPSec traffic through Always-on VPN · 7d8ce934
      Bernie Innocenti authored
      This won't leak any traffic outside the VPN as long as there are no
      processes owned by uid 0 which generate network traffic (which is
      currently the case).
      Bug: 69873852
      Test: compared the output of 'adb shell ip rule show' before and after
      Test: runtest -x frameworks/base/tests/net/java/com/android/server/connectivity/
      Test: local CTS tests run:
      Test: local CTS tests run:
      Change-Id: I8758e576c9d961d73f62bfcf0559dd7ecee6e8e6
      Merged-In: I8758e576c9d961d73f62bfcf0559dd7ecee6e8e6
      Merged-In: I1f9b78c8f828ec2df7aba71b39d62be0c4db2550
      Merged-In: I8edeb0942e661c8385ff0cd3fdb72e6f62a8f218
      (cherry picked from commit 00000fe5)
      (cherry picked from commit ef2910dc)
    • Arthur Ishiguro's avatar
      Resolve inconsistent parcel read in NanoAppFilter · eabaff1c
      Arthur Ishiguro authored
      Bug: 77599679
      Test: Compile only
      Change-Id: Ib417a5cb4d51744442d2fb14437cabbe5fd1c266
      (cherry picked from commit abe5a73a)
    • Makoto Onuki's avatar
      Backport Prevent shortcut info package name spoofing · faf2dc95
      Makoto Onuki authored
      Test: cts-tradefed run cts -m CtsShortcutManagerTestCases -t
      Bug: 109824443
      Change-Id: I90443973aaef157d357b98b739572866125b2bbc
      Merged-In: I78948446a63b428ae750464194558fd44a658493
      (cherry picked from commit 9e21579a)
    • Ryan Mitchell's avatar
      Fix DynamicRefTable::load security bug · 906afb4f
      Ryan Mitchell authored
      DynamicRefTables parsed from apks are missing bounds checks that prevent
      buffer overflows. This changes verifies the bounds of the header before
      attempting to preform operations on the chunk.
      Bug: 79488511
      Test: run cts -m CtsAppSecurityHostTestCases \
              -t android.appsecurity.cts.CorruptApkTests
      Change-Id: I02c8ad957da244fce777ac68a482e4e8fa70f846
      Merged-In: I02c8ad957da244fce777ac68a482e4e8fa70f846
      (cherry picked from commit 18a6ada4)
    • Ryan Mitchell's avatar
      ResStringPool: Prevenet boot loop from se fix · 92aed32d
      Ryan Mitchell authored
      Changes the logs adding in a previous security fix to warnings so
      devices with malformed APKs currently on them will not undergo DOS when
      they are upgraded to P.
      Bug: 79724567
      Test: run cts -m CtsAppSecurityHostTestCases \
                -t android.appsecurity.cts.CorruptApkTests
      Change-Id: Ied54e4bb14abdaf79da562022c7ea6075187c1f8
      (cherry picked from commit f05f47b2)
      (cherry picked from commit c31cf800)
    • Todd Kennedy's avatar
      Make safe label more safe · d0c09ae7
      Todd Kennedy authored
      * limit the absolute maximum size of the label to 50000 characters
      [which is probably far more than necessary, but, can be dialed down]
      * use a string buffer while processing the string [instead of creating
      multiple string objects]
      Bug: 62537081
      Test: Manual. Install APK in bug and see that it can be uninstalled
      Change-Id: Ibf63c2691ad7438a123e92110d95b1f50050f8b1
      Merged-In: Ibf63c2691ad7438a123e92110d95b1f50050f8b1
      (cherry picked from commit 2263da95)
    • Adrian Roos's avatar
      WM: Prevent secondary display focus while keyguard is up · 03af9f28
      Adrian Roos authored
      Fixes an issue where input intended for the keyguard could end up going
      to a different display.
      To prevent this, make sure that only the default display can get focused
      when the keyguard is showing.
      Change-Id: I6463c44aedca06930d2c9bda7c45ffd93141308c
      Merged-In: I6463c44aedca06930d2c9bda7c45ffd93141308c
      Fixes: 71786287
      Test: atest DisplayContentTests
      (cherry picked from commit 3cd5e3d9)
    • Benedict Wong's avatar
      DO NOT MERGE: Add unit tests to ensure VPN meteredness · eef265cf
      Benedict Wong authored
      These new tests ensure that VPNs report the meteredness of their
      underlying networks correctly. The added test verifies VPN meteredness
      for cases of metered and unmetered WiFi and Cell
      Bug: 78644887
      Test: This; ran on walleye-eng
      Change-Id: I28bdc71a336bfd97f7908455d4781d774df44b87
      (cherry picked from commit 66bc5288)
    • Benedict Wong's avatar
      DO NOT MERGE: Fix ConnectivityController meteredness checks · 007288b7
      Benedict Wong authored
      This patch corrects ConnectivityController's meteredness checks to
      perform correct meteredness checks while VPNs are running. This fixes a
      bug in O-MR1 where any apps using the DownloadProvider with unmetered
      network constraints fail to start while the VPN is enabled.
      This change adds a bespoke method for ConnectivityController, allowing
      it to correctly identify the meteredness without affecting public API
      Bug: 78644887
      Test: Built, flashed on Walleye, and tested.
      Test: Additional test coverage in subsequent patch(es).
      Change-Id: Ie1d11d93d51d936ce81cd5984af61bde30325983
      (cherry picked from commit d08ab5a6)
    • Tony Mak's avatar
      clearCallingIdentity before calling into getPackageUidAsUser · 13343c13
      Tony Mak authored
      Fix: 70585244
      Bug: 69981755
      Test: Enable any accessibility service -> inflate work profile
            -> Tap on any work app -> no longer crash
      Test: cts-tradefed run cts-dev --module DevicePolicyManager --test
      Change-Id: I80d18f4e2ab76a228cb0aa2c8312c323a9b5c84d
      (cherry picked from commit 857326e3)
    • Eugene Susla's avatar
      Nullcheck to fix Autofill CTS · 275d49fd
      Eugene Susla authored
      Test: presubmit
      Fixes: 70506475
      Bug: 69981755
      Change-Id: I187bed4889a4901a7137a2995178ea651ed09186
      (cherry picked from commit 6c68a692)
    • Ecco Park's avatar
      Osu: fixed Mismatch between createFromParcel and writeToParcel · 1112a8b6
      Ecco Park authored
      Bug: 77600924
      Change-Id: I46d765892e8e6839ed5140a3b0d6bb1815ccf9bc
      Signed-off-by: default avatarEcco Park <>
      (cherry picked from commit 9a59cf84)
    • Hansong Zhang's avatar
      DO NOT MERGE Truncate newline and tab characters in BluetoothDevice name · 9214edb6
      Hansong Zhang authored
      Test: manual
      Bug: 73173182
      Change-Id: I7f2201cab36adf7f01d1a794d783cb78a536811f
      (cherry picked from commit 24da173b)
    • sqian's avatar
      Fix broken check for TelephonyManager#getForbiddenPlmns · 2c8e19da
      sqian authored
      (backport from a fix merged in pi-dev)
      Bug: 73884967
      Test: Treehugger
      Change-Id: I9deaae20893184cde36dcd936fe83708fa60b830
      Merged-In: I0cf7920e138892fbcab71fae0eed1293f0b2e404
      Merged-In: I9e3456e5f1e479b0e2b102f6c90db57cd0e977fe
      (cherry picked from commit 7b52a48d)
    • Philip P. Moltmann's avatar
      DO NOT MERGE (O) Revoke permision when group changed · fcd57678
      Philip P. Moltmann authored
      If a run time permission of a group is already granted we grant the
      other permission of the group automatically when requested.
      Hence if an already granted permission changed its group during an
      update suddenly permission of a potentially not approved group will
      get auto-granted.
      This is undesirable, hence we revoke the permission during the update
      Test: atest android.permission.cts.PermissionGroupChange
      Change-Id: Ib2165d1ae53b80455ebe02e07775853e37a2e339
      Fixes: 72710897
      (cherry picked from commit 0ed1b472)
    • y's avatar
      ResStringPool: Fix security vulnerability · 4ab6bce2
      y authored
      Adds detection of attacker-modified size and data fields passed to
      ResStringPool::setTo(). These attacks are modified apks that AAPT would
      not normally generate. In the rare case this occurs, the installation
      cannot be allowed to continue.
      Bug: 71361168
      Bug: 71360999
      Test: run cts -m CtsAppSecurityHostTestCases \
                -t android.appsecurity.cts.CorruptApkTests
      Change-Id: If7eb93a9e723b16c8a0556fc4e20006aa0391d57
      Merged-In: If7eb93a9e723b16c8a0556fc4e20006aa0391d57
      (cherry picked from commit 7e54c3f2)
    • akirilov's avatar
      RESTRICT AUTOMERGE: Prevent reporting fake package name - framework (backport to oc-mr1-dev) · 0da68f30
      akirilov authored
      Test: added AccessibilityEndToEndTest#testPackageNameCannotBeFaked
            cts-tradefed run cts -m CtsAccessibilityServiceTestCases
            cts-tradefed run cts -m CtsAccessibilityTestCases
      Bug: 69981755
      Change-Id: If3752e106aa7fdee4645dc9852289af471ceff18
      Merged-In: I13304efbee10d1affa087e9c8bc4ec237643283e
      (cherry picked from commit c36db6d4)
    • Fyodor Kupolov's avatar
      Use concrete CREATOR instance for parceling lists · c1db43a6
      Fyodor Kupolov authored
      Replaced readTypedArrayList/writeTypedArrayList with
      Bug: 71508348
      Test: CtsAutoFillServiceTestCases pass
      Merged-In: I2a8321023b40cc74b7026eb0fb32a9cc5f5543a9
      Change-Id: Id17d02e40a4ae567bf2d74d2ea8ba4d8a943bdb7
      (cherry picked from commit 4921986d)
    • Marco Nelissen's avatar
      Rework thumbnail cleanup · 4f2587a2
      Marco Nelissen authored
      Bug: 63766886
      Test: ran CTS tests
      Change-Id: I1f92bb014e275eafe3f42aef1f8c817f187c6608
      (cherry picked from commit 6d2096f3)
    • Felipe Leme's avatar
      DO NOT MERGE - fix AFM.getComponentNameFromContext() · fbbc3fb9
      Felipe Leme authored
      This method broke on O-MR1 when I3abf999eb6056c1df7982780bae43b58337c0668
      was chery-picked from master.
      Test: cts-tradefed run commandAndExit cts-dev -m CtsAutoFillServiceTestCases \
            -t android.autofillservice.cts.AttachedContextActivityTest#testAutofill
      Test: cts-tradefed run commandAndExit cts-dev -m CtsAutoFillServiceTestCases
      Also individually ran tests that failed (due to flakiness) when ran in a suite:
      Test: cts-tradefed run commandAndExit cts-dev -m CtsAutoFillServiceTestCases \
      -t android.autofillservice.cts.OptionalSaveActivityTest#testDontShowSaveUiWhenUserManuallyFilled_oneDatasetAllRequiredFields
      Test: cts-tradefed run commandAndExit cts-dev -m CtsAutoFillServiceTestCases -t android.autofillservice.cts.PreSimpleSaveActivityTest #testTapLink_tapBack_thenStartOverBySayingYesAndManualRequest
      Fixes: 71960322
      Change-Id: Ia093dcefe6699dc9493c46d671e48c2000214b31
      Merged-In: I3abf999eb6056c1df7982780bae43b58337c0668
      (cherry picked from commit b25b4736)
    • Felipe Leme's avatar
      Proper autofill fix to let phone process autofill Settings activity. · bdfe9722
      Felipe Leme authored
      Test: adb shell am start
      Bug: 69981710
      Fixes: 70506888
      Change-Id: Id29bad2d20b621f7379eb6144c95dcc819949b3d
      Merged-In: Id29bad2d20b621f7379eb6144c95dcc819949b3d
      (cherry picked from commit 97f16a76db29269619d9a1b45d4cea49026a5b6a)
      (cherry picked from commit 92b5d278)
    • Felipe Leme's avatar
      Make sure apps cannot forge package name on AssistStructure used for Autofill. · 9e403fa0
      Felipe Leme authored
      Test: cts-tradefed run commandAndExit cts-dev -m CtsAutoFillServiceTestCases -t android.autofillservice.cts.VirtualContainerActivityTest#testAppCannotFakePackageName
      Test: cts-tradefed run commandAndExit cts-dev -m CtsAutoFillServiceTestCases
      Bug: 69981710
      Change-Id: Id6036cddb51dd8dd0c9128b7212d573f630d693f
      Merged-In: Id6036cddb51dd8dd0c9128b7212d573f630d693f
      (cherry picked from commit 23e61a90)
  3. 13 Apr, 2018 6 commits
  4. 15 Mar, 2018 1 commit
  5. 09 Feb, 2018 4 commits
    • android-build-team Robot's avatar
      Merge cherrypicks of [3594034, 3594272, 3594273, 3594274, 3594275, 3594347,... · 833770d2
      android-build-team Robot authored
      Merge cherrypicks of [3594034, 3594272, 3594273, 3594274, 3594275, 3594347, 3594035, 3592471] into oc-mr1-release
      Change-Id: Id0214b5206fd01da1829b1475cef34ecac46f4e2
    • Eric Enslen's avatar
      fix isActiveNetworkMetered with VPNs · db0f5100
      Eric Enslen authored
      Bug: 72871435
      Test: flashed and verified, also ran runtest framework-net
      Change-Id: I69319a7db269489053426bb2d41574180be2d43d
      (cherry picked from commit c81ef199)
    • Ryan Lothian's avatar
      Handle onBindingDied in notification manager · 0748edce
      Ryan Lothian authored
      On Android, if the process containing the service being bound to
      crashes before the bind succeeds, the app doing the binding won't
      get a success or failure callback.
      When that happens in this code, this leaves notif. manager thinking
      that a binding is in progress, so it never attempts to rebind until
      the device is rebooted.
      Bug: 69064494
      Test: manual, crashed listener on proc start, verified not unbound forever
      Change-Id: Id2082744208e21a709d9453365f282449a2e9407
      (cherry picked from commit 4a86a51b)
      (cherry picked from commit 1936097a)
    • Chad Brubaker's avatar
      Relax Instant Apps Settings whitelist enforcement · fef1a3e7
      Chad Brubaker authored
      The strict whitelist of settings for Instant Apps is leading to too much
      unintended breakage, remove the enforcement until better infrastructure
      can be added to make sure settings that should be whitelisted are.
      Bug: 71009655
      Test: Coming in a follow up
      (cherry picked from commit b6108d62)
      Change-Id: Iaa1d71331407cee86c10105c1e5668ffd0c925a1
      (cherry picked from commit 26ae1d35)