This project is mirrored from Pull mirroring updated .
  1. 27 May, 2020 1 commit
  2. 20 May, 2020 2 commits
  3. 29 Apr, 2020 1 commit
  4. 14 Apr, 2020 1 commit
  5. 08 Apr, 2020 2 commits
  6. 07 Apr, 2020 3 commits
    • /e/ robot's avatar
    • Ryan Mitchell's avatar
      Fix potential double destroy of AssetManager · c90263e2
      Ryan Mitchell authored
      Assume there is a XmlBlock [X] created by a AssetManager [A]
      ([A] will have mNumRefs = 2). After [A].close is called
      (mNumRefs = 1) and then both [X] and [A] are going to be GCed,
      if [A].finalize is called first (nativeDestroy), the later
      [X].finalize will invoke [A].xmlBlockGone that triggers the
      second nativeDestroy of [A] and leads to crash.
      By clearing the mObject in AssetManager.finalize, the
      decRefsLocked from other paths won't call nativeDestroy again.
      Bug: 144028297
      Test: atest
      Change-Id: Ia938502d2443f5a6de6a3cabdb7ce1d41d3ff6d1
      Merged-In: Ia938502d2443f5a6de6a3cabdb7ce1d41d3ff6d1
      (cherry picked from commit 93320661ca9a23c7b38b3f166d0facf048f2a8a3)
    • Christopher Tate's avatar
      Revoke 'always' web handler status when not autoverifying · f697cd3b
      Christopher Tate authored
      If an app has previously used autoVerify to make claims about its status
      re handling web navigation intents, but is updated such that it no
      longer makes those claims, step down its "official handler" status as
      though it had never invoked autoVerify in the first place.
      Bug: 146204120
      Test: manual: as described in bug; observe policy before/after via
            'adb shell dumpsys package d'
      Test: atest CtsOsHostTestCases
      Change-Id: I58502d1b32d793aba9aa772fa2ad5ac38acca48a
      Merged-In: I58502d1b32d793aba9aa772fa2ad5ac38acca48a
      (cherry picked from commit 6cf5f92825df545bd011b7163418f2ea0b337af3)
  7. 06 Apr, 2020 3 commits
  8. 16 Mar, 2020 2 commits
  9. 12 Mar, 2020 1 commit
  10. 06 Mar, 2020 2 commits
  11. 03 Mar, 2020 3 commits
    • Patrick Baumann's avatar
      Fixes NPE when preparing app data during init · 331107d7
      Patrick Baumann authored
      When deleting an unused static shared library on Q, the user manager was
      fetched via mContext.getSystemService. At this time during boot, the
      service wasn't registered and so null was returned. This has already
      been addressed in R with a move to injecting dependencies in the
      PackageManagerService constructor.
      Bug: 142083996
      Bug: 141413692
      Test: manual; remove static dependency on eng Q build and reboot
      Change-Id: I8ae4e331d09b4734c54cdc6887b273705dce88b1
      Merged-In: I8ae4e331d09b4734c54cdc6887b273705dce88b1
      (cherry picked from commit 5d3fc339)
    • Patrick Baumann's avatar
      Handles null outInfo in deleteSystemPackageLI · 2c0a05d0
      Patrick Baumann authored
      This change adds null checks before accessing outInfo in
      Bug: 142083996
      Bug: 141413692
      Test: manual; remove static dependency on eng build and reboot
      Change-Id: If0fd48343e89cbb77ccd25826656194195d5b0cd
      (cherry picked from commit 17471016508bb9c9ffb8c3946dda0b4897d722f1)
      Merged-In: If0fd48343e89cbb77ccd25826656194195d5b0cd
      (cherry picked from commit 6afabce5)
    • paulhu's avatar
      Fix security problem on PermissionMonitor#hasPermission · caf3c621
      paulhu authored
      PermissionMonitor#hasPermission only checks permssions that app
      requested but it doesn't check whether the permission can be
      granted to this app. If requested permission doens't be granted
      to app, this method still returns that app has this permission.
      Then PermissionMonitor will pass this info to netd that means
      this app still can use network even restricted network without
      granted privileged permission like CONNECTIVITY_INTERNAL or
      Bug: 144679405
      Test: Build, flash, manual test
      Change-Id: I5eba4909e4c2e1d9f275f66be90ac36466b93e90
      Merged-In: I8a1575dedd6e3b7a8b60ee2ffd475d790aec55c4
      Merged-In: Iae9c273af822b18c2e6fce04848a86f8dea6410a
      (cherry picked from commit 305946b9)
  12. 25 Feb, 2020 3 commits
  13. 24 Feb, 2020 1 commit
  14. 21 Feb, 2020 2 commits
  15. 14 Feb, 2020 1 commit
  16. 11 Feb, 2020 1 commit
  17. 10 Feb, 2020 1 commit
  18. 05 Feb, 2020 3 commits
    • Sterling Huber's avatar
      RESTRICT AUTOMERGE Make toasts non-clickable · 2dbe94c0
      Sterling Huber authored
      Since enforcement was only on client-side, in Toast class, an app could
      use reflection (or other means) to make the Toast clickable. This is a
      security vulnerability since it allows tapjacking, that is, intercept touch
      events and do stuff like steal PINs and passwords.
      This CL brings the enforcement to the system by applying flag
      Test: atest CtsWindowManagetDeviceTestCases:ToastTest
      Test: Construct app that uses reflection to remove flag FLAG_NOT_TOUCHABLE and
            log click events. Then:
            1) Observe click events are logged without this CL.
            2) Observer click events are not logged with this CL.
      Bug: 128674520
      (cherry picked from commit 6bf18c39)
      Change-Id: Ica346c853dcb9a1e494f7143ba1c38d22c0003d0
    • Yohei Yukawa's avatar
      DO NOT MERGE back porting for fixing sysui direct reply · de08dc76
      Yohei Yukawa authored
      Root cause: systemui run as user 0 service to handle all of users'
      notifications. And, the users can user the copy/cut/paste
      Solution: To crate @hide API in TextView let SystemUI to mark the
      TextView instance should check if the power of
      INTERACT_ACROSS_USER_FULL is needed to be restricted.
      e.x. Keyguard password textview/Notificaiton entries
      Bug: 123232892
      Test: manual test
      Reference: I6d11e4d6a84570bc2991a8552349e8b216b0d139
      Reference: Ibabe13e5b85e5bb91f9f8af6ec07c395c25c4393
      Reference: I975baa748c821538e5a733bb98a33ac609bf40a7
      Merged-In: Ie3daecd1e8fc2f7fdf37baeb5979da9f2e0b3937
      (cherry picked from commit 08391b3d)
      [basilgello: Back-ported to 14.1:
       - packages/SystemUI/src/com/android/keyguard/ ->
      Signed-off-by: default avatarVasyl Gello <>
      Change-Id: I6d11e4d6a84570bc2991a8552349e8b216b0d139
    • Tarandeep Singh's avatar
      DO NOT MERGE: Disable SpellChecker in secondary user's direct reply · 1163d5e8
      Tarandeep Singh authored
      For secondary users, when AOSP keyboard is used to type in
      direct-reply, unknown words can be added to dictionary.
      It's *not* OK for SpellCheckerService of primary user to
      check unknown words typed by a secondary user.
      The dialog to add these words shows up in primary user instead.
      TextView uses TextView#isSuggestionsEnabled() to determine if
      SpellChecker is enabled. This can be disabled by setting the flag
      Note: This doesn't affect workprofile users on P or older versions since
      they use same SpellCheckerService for all workprofiles.
      Bug: 123232892
      Test: Manually tested using the steps mentioned in the bug.
       1. Flash latest P build.
       2. Install AOSP keyboard (LatinIME) and set it as default.
       3. Install and open EditTextVariations
       4. Initiate direct reply in primary user and type non-english
          words like "ggggg hhhhh".
       5. Observe that they get red underline and tapping it brings "add
          to dictionary" popup.
       6. Create a new secondary user and switch to it.
       7. Once the setup completes, initiate a direct reply and type words
          similar to step 4.
       8. Verify that red underlines dont appear.
       9. switch back to primary user and verify direct reply still has red
      (cherry picked from commit b5c0e01a)
      Change-Id: I93918eb2c12e37908e03a7951a9e2c5375bc0ecc
  19. 03 Feb, 2020 1 commit
  20. 21 Jan, 2020 2 commits
  21. 07 Jan, 2020 3 commits
    • Jing Ji's avatar
      Prevent system uid component from running in an isolated app process · e9c1ec70
      Jing Ji authored
      Bug: 140055304
      Test: Manua
      Change-Id: Ie7f6ed23f0c6009aad0f67a00af119b02cdceac3
      Merged-In: I5a1618fab529cb0300d4a8e9c7762ee218ca09eb
      (cherry picked from commit 0bfebadf)
    • Todd Kennedy's avatar
      Only allow INSTALL_ALLOW_TEST from shell or root · f24e5205
      Todd Kennedy authored
      Bug: 141169173
      Test: Manual. App can't be installed as test-only
      Change-Id: Ib6dcca7901aa549d620448c0165c22270a3042be
      Merged-In: Ib6dcca7901aa549d620448c0165c22270a3042be
      (cherry picked from commit 702d3947)
    • Ahan Wu's avatar
      DO NOT MERGE Validate wallpaper dimension while generating crop · 7d4f9019
      Ahan Wu authored
      If dimensions of cropped wallpaper image exceed max texture size that
      GPU can support, it will cause ImageWallpaper keep crashing
      because hwui crashes by invalid operation (0x502).
      Bug: 120847476.
      Test: Write a custom app to set a 8000x800 bitmap as wallpaper.
      Test: The cropped file will be 29600x2960 and make sysui keep crashing.
      Test: After applyed this cl, wallpaper will use fallback.
      Test: Sysui will not keep crashing any more.
      Change-Id: I8ed5931298c652a2230858cf62df3f6fcd345c5a
      (cherry picked from commit f1e1f4f0)
  22. 23 Dec, 2019 1 commit