This project is mirrored from Pull mirroring updated .
  1. 27 May, 2020 1 commit
  2. 20 May, 2020 2 commits
  3. 17 May, 2020 1 commit
  4. 06 May, 2020 1 commit
  5. 28 Apr, 2020 3 commits
    • Christopher Tate's avatar
      Verify all possible hosts that match web nav · 5f03b08b
      Christopher Tate authored
      Even if an <intent-filter> matches non-web schemes in addition to http
      or https, make sure to include its cited hosts in the autoVerify
      Bug: 150038428
      Test: atest OsHostTests#testIntentFilterHostValidation
      Change-Id: If9ef0fc53d96e6581c56d86f89fe63bc9a5fb89a
      Merged-In: If9ef0fc53d96e6581c56d86f89fe63bc9a5fb89a
      (cherry picked from commit 1fba0f897f276d5d47962534867e764da8061105)
      (cherry picked from commit a481c86cd3742c7792f8607c004e0eeb4016b894)
    • Eugene Susla's avatar
      RESTRICT AUTOMERGE · 288ce50c
      Eugene Susla authored
      Prevent accessing companion records from arbitrary uids
      Test: manual
      Fixes: 129476618
      Change-Id: I7b18cfcdf58e62a445cbb508116c6ce7c1cea8d7
      (cherry picked from commit 98f45443e1cf397ab92b4cecd9200c2dcccf099b)
    • Anis Assi's avatar
      Revert "DO NOT MERGE - Kill apps outright for API contract violations" · 6a89d110
      Anis Assi authored
      This reverts commit c6fd63a7.
  6. 24 Apr, 2020 1 commit
  7. 16 Apr, 2020 1 commit
  8. 14 Apr, 2020 2 commits
  9. 08 Apr, 2020 3 commits
  10. 07 Apr, 2020 1 commit
  11. 06 Apr, 2020 4 commits
  12. 30 Mar, 2020 1 commit
    • Riddle Hsu's avatar
      RESTRICT AUTOMERGE Create separated tasks for different apps from startActivities · a952197b
      Riddle Hsu authored
      Assume there are 2 applications A, B with different uids.
      There are 4 activities A1, A2, B1, B2 with default task
      affinity and launch mode.
      After A1 called startActivities(B1, A2, B2):
       Original   : Task(A1, B1, A2, B2)
       This Change: Task(A1, B1), Task(A2, B2)
      In other words, the source caller cannot launch its activity
      above the activity of other application in the same task, and
      it can still launch activity of other application in its task.
      Bug: 145669109
      Test: run cts --test android.server.cts.StartActivityTests \
            -m CtsServicesHostTestCases
      Change-Id: I97bd875146a52f62b8fe82235487ccefb2955e8e
      (cherry picked from commit 973ecc619c0bb87a03481774ea9e86d2924601e4)
  13. 16 Mar, 2020 2 commits
  14. 12 Mar, 2020 2 commits
    • Riddle Hsu's avatar
      RESTRICT AUTOMERGE Use consistent calling uid and package in navigateUpTo · d37eb962
      Riddle Hsu authored
      Originally, if the caller of navigateUpTo is alive, even the calling
      uid is set to the caller who launched the existing destination activity,
      the uid from caller process has higher priority to replace the given
      calling uid. So this change doesn't modify the existing behavior if
      the caller process is valid. Besides, the case of delivering new intent
      uses the source record as calling identity too, so the case of starting
      new activity should be consistent.
      Also forbid attaching null application thread to avoid unexpected state
      in process record.
      Bug: 144285917
      Test: bit
      Change-Id: I60732f430256d37cb926d08d093581f051c4afed
      (cherry picked from commit 0d7e27af30e39fbb6dcafedc854daa639074e5cc)
    • Christopher Tate's avatar
      DO NOT MERGE - Kill apps outright for API contract violations · c6fd63a7
      Christopher Tate authored
      ...rather than relying on in-app code to perform the shutdown.
      Backport of security fix.
      Bug: 128649910
      Bug: 140108616
      Test: manual
      Test: atest OsHostTests#testForegroundServiceBadNotification
      Change-Id: I94d9de50bb03c33666471e3dbd9c721e9278f7cb
      Merged-In: I94d9de50bb03c33666471e3dbd9c721e9278f7cb
      (cherry picked from commit 874c974f73839da761177a4e0a53b7f4a7d29288)
  15. 09 Mar, 2020 1 commit
  16. 03 Mar, 2020 1 commit
  17. 24 Feb, 2020 1 commit
  18. 11 Feb, 2020 2 commits
  19. 10 Feb, 2020 1 commit
  20. 06 Feb, 2020 2 commits
    • Ryan Mitchell's avatar
      Fix potential double destroy of AssetManager · b7a2a333
      Ryan Mitchell authored
      Assume there is a XmlBlock [X] created by a AssetManager [A]
      ([A] will have mNumRefs = 2). After [A].close is called
      (mNumRefs = 1) and then both [X] and [A] are going to be GCed,
      if [A].finalize is called first (nativeDestroy), the later
      [X].finalize will invoke [A].xmlBlockGone that triggers the
      second nativeDestroy of [A] and leads to crash.
      By clearing the mObject in AssetManager.finalize, the
      decRefsLocked from other paths won't call nativeDestroy again.
      Bug: 144028297
      Test: atest
      Change-Id: Ia938502d2443f5a6de6a3cabdb7ce1d41d3ff6d1
      Merged-In: Ia938502d2443f5a6de6a3cabdb7ce1d41d3ff6d1
      (cherry picked from commit 93320661ca9a23c7b38b3f166d0facf048f2a8a3)
    • Christopher Tate's avatar
      Revoke 'always' web handler status when not autoverifying · 35c45595
      Christopher Tate authored
      If an app has previously used autoVerify to make claims about its status
      re handling web navigation intents, but is updated such that it no
      longer makes those claims, step down its "official handler" status as
      though it had never invoked autoVerify in the first place.
      Bug: 146204120
      Test: manual: as described in bug; observe policy before/after via
            'adb shell dumpsys package d'
      Test: atest CtsOsHostTestCases
      Change-Id: I58502d1b32d793aba9aa772fa2ad5ac38acca48a
      Merged-In: I58502d1b32d793aba9aa772fa2ad5ac38acca48a
      (cherry picked from commit ef5220e5b2a4b90d4260eb058475fdcdf30d861d)
  21. 04 Feb, 2020 1 commit
  22. 23 Jan, 2020 1 commit
  23. 21 Jan, 2020 2 commits
  24. 18 Jan, 2020 1 commit
  25. 10 Jan, 2020 2 commits
    • Patrick Baumann's avatar
      Fixes NPE when preparing app data during init · e8ae9fcf
      Patrick Baumann authored
      When deleting an unused static shared library on Q, the user manager was
      fetched via mContext.getSystemService. At this time during boot, the
      service wasn't registered and so null was returned. This has already
      been addressed in R with a move to injecting dependencies in the
      PackageManagerService constructor.
      Bug: 142083996
      Bug: 141413692
      Test: manual; remove static dependency on eng Q build and reboot
      Change-Id: I8ae4e331d09b4734c54cdc6887b273705dce88b1
      Merged-In: I8ae4e331d09b4734c54cdc6887b273705dce88b1
      (cherry picked from commit 5d3fc339)
    • Patrick Baumann's avatar
      Use KNOWN_PACKAGES when shared lib consumers · 9192cc56
      Patrick Baumann authored
      This change ensures we find ALL known packages that could be consuming a
      shared library, not only currently installed ones. Without this check,
      the system may get into a state in which we have currently uninstalled
      but on-device apps that depend on a shared library that does not exist
      on device.
      This change also leaves static shared library packages on device even if
      it's not installed for any of the remaining users as it could still be
      used, but marked uninstalled for users in which it is consumed.
      Bug: 141413692
      Bug: 142083996
      Test: Manual; attempt to remove shared lib after marking its consumer uninstalled.
      Test: atest StaticSharedLibsHostTests
      Change-Id: Id4e37c3e4d3ea3ad5fddae5d2c7305e56f50eeea
      Merged-In: Id4e37c3e4d3ea3ad5fddae5d2c7305e56f50eeea
      (cherry picked from commit 08315953)