This project is mirrored from https://github.com/LineageOS/android_frameworks_base.git. Pull mirroring updated .
  1. 15 Aug, 2018 1 commit
    • Seigo Nonaka's avatar
      Fix crash during cursor moving on BiDi text · d30c55e3
      Seigo Nonaka authored
      The crash was introduced by Ib66ef392c19c937718e7101f6d48fac3abe51ad0
      The root cause of the crashing is requesting out-of-line access for the
      horizontal width. This invalid access is silently ignored by
      TextLine#measure() method but new implementation end up with out of
      bounds access.
      
      To makes behavior as old implementation, calling getHorizontal instead
      of accessing measured result array.
      
      Bug: 78464361, 111580019
      Test: Manually done
      Change-Id: I5c5778718f6b397adbb1e4f2cf95e9f635f6e5c8
      (cherry picked from commit 960647d5)
      Merged-In: I5c5778718f6b397adbb1e4f2cf95e9f635f6e5c8
      d30c55e3
  2. 10 Aug, 2018 9 commits
  3. 09 Aug, 2018 12 commits
  4. 07 Aug, 2018 1 commit
    • Jeff Sharkey's avatar
      DO NOT MERGE. Persistable Uri grants still require permissions. · 05519b7e
      Jeff Sharkey authored
      When FLAG_GRANT_PERSISTABLE_URI_PERMISSION is requested, we still
      need to check permissions between the source and target packages,
      instead of shortcutting past them.
      
      The spirit of the original change is remains intact: if the caller
      requested FLAG_GRANT_PERSISTABLE_URI_PERMISSION, then we avoid
      returning "-1", which would prevent the grant data structure from
      being allocated.
      
      Bug: 111934948
      Test: atest android.appsecurity.cts.AppSecurityTests
      Change-Id: Ief0fc922aa09fc3d9bb6a126c2ff5855347cd030
      Merged-In: Ief0fc922aa09fc3d9bb6a126c2ff5855347cd030
      05519b7e
  5. 03 Aug, 2018 4 commits
    • Jeff Sharkey's avatar
      DO NOT MERGE. Extend SQLiteQueryBuilder for update and delete. · 09d49531
      Jeff Sharkey authored
      Developers often accept selection clauses from untrusted code, and
      SQLiteQueryBuilder already supports a "strict" mode to help catch
      SQL injection attacks.  This change extends the builder to support
      update() and delete() calls, so that we can help secure those
      selection clauses too.
      
      Bug: 111085900
      Test: atest packages/providers/DownloadProvider/tests/
      Test: atest cts/tests/app/src/android/app/cts/DownloadManagerTest.java
      Test: atest cts/tests/tests/database/src/android/database/sqlite/cts/SQLiteQueryBuilderTest.java
      Change-Id: Ib4fc8400f184755ee7e971ab5f2095186341730c
      Merged-In: Ib4fc8400f184755ee7e971ab5f2095186341730c
      09d49531
    • Jeff Sharkey's avatar
      DO NOT MERGE. Execute "strict" queries with extra parentheses. · 5a55a72f
      Jeff Sharkey authored
      SQLiteQueryBuilder has a setStrict() mode which can be used to
      detect SQL attacks from untrusted sources, which it does by running
      each query twice: once with an extra set of parentheses, and if that
      succeeds, it runs the original query verbatim.
      
      This sadly doesn't catch inputs of the type "1=1) OR (1=1", which
      creates valid statements for both tests above, but the final executed
      query ends up leaking data due to SQLite operator precedence.
      
      Instead, we need to continue compiling both variants, but we need
      to execute the query with the additional parentheses to ensure
      data won't be leaked.
      
      Test: atest cts/tests/tests/database/src/android/database/sqlite/cts/SQLiteQueryBuilderTest.java
      Bug: 111085900
      Change-Id: I6e8746fa48f9de13adae37d2990de11c9c585381
      Merged-In: I6e8746fa48f9de13adae37d2990de11c9c585381
      5a55a72f
    • Jeff Sharkey's avatar
      DO NOT MERGE. Extend SQLiteQueryBuilder for update and delete. · 8e95967f
      Jeff Sharkey authored
      Developers often accept selection clauses from untrusted code, and
      SQLiteQueryBuilder already supports a "strict" mode to help catch
      SQL injection attacks.  This change extends the builder to support
      update() and delete() calls, so that we can help secure those
      selection clauses too.
      
      Bug: 111085900
      Test: atest packages/providers/DownloadProvider/tests/
      Test: atest cts/tests/app/src/android/app/cts/DownloadManagerTest.java
      Test: atest cts/tests/tests/database/src/android/database/sqlite/cts/SQLiteQueryBuilderTest.java
      Change-Id: Ib4fc8400f184755ee7e971ab5f2095186341730c
      Merged-In: Ib4fc8400f184755ee7e971ab5f2095186341730c
      8e95967f
    • Jeff Sharkey's avatar
      DO NOT MERGE. Execute "strict" queries with extra parentheses. · 286fd565
      Jeff Sharkey authored
      SQLiteQueryBuilder has a setStrict() mode which can be used to
      detect SQL attacks from untrusted sources, which it does by running
      each query twice: once with an extra set of parentheses, and if that
      succeeds, it runs the original query verbatim.
      
      This sadly doesn't catch inputs of the type "1=1) OR (1=1", which
      creates valid statements for both tests above, but the final executed
      query ends up leaking data due to SQLite operator precedence.
      
      Instead, we need to continue compiling both variants, but we need
      to execute the query with the additional parentheses to ensure
      data won't be leaked.
      
      Test: atest cts/tests/tests/database/src/android/database/sqlite/cts/SQLiteQueryBuilderTest.java
      Bug: 111085900
      Change-Id: I6e8746fa48f9de13adae37d2990de11c9c585381
      Merged-In: I6e8746fa48f9de13adae37d2990de11c9c585381
      286fd565
  6. 30 Jul, 2018 13 commits