This project is mirrored from Updated .
  1. 14 Nov, 2019 1 commit
  2. 05 Nov, 2019 4 commits
    • Jeff Sharkey's avatar
      RESTRICT AUTOMERGE Strict SQLiteQueryBuilder needs to be stricter. · a634fae4
      Jeff Sharkey authored
      Malicious callers can leak side-channel information by using
      subqueries in any untrusted inputs where SQLite allows "expr" values.
      This change offers setStrictGrammar() to prevent this by outright
      blocking subqueries in WHERE and HAVING clauses, and by requiring
      that GROUP BY and ORDER BY clauses be composed only of valid columns.
      This change also offers setStrictColumns() to require that all
      untrusted column names are valid, such as those in ContentValues.
      Relaxes to always allow aggregation operators on returned columns,
      since untrusted callers can always calculate these manually.
      Bug: 135270103
      Bug: 135269143
      Test: atest android.database.sqlite.cts.SQLiteQueryBuilderTest
      Test: atest FrameworksCoreTests:android.database.sqlite.SQLiteTokenizerTest
      Exempt-From-Owner-Approval: already approved in downstream branch
      Change-Id: I6290afd19c966a8bdca71c377c88210d921a9f25
      (cherry picked from commit 216bbc2a2e4f697d88f8fd633646e3c0433246f1)
    • Zongheng Wang's avatar
      Set default phonebook access to ACCESS_REJECTED when user didn't choose one · 000e1d20
      Zongheng Wang authored
      When there's no users' choice to tell us whether to share their
      phonebook information to the Bluetooth device, set the phonebook access
      permission to ACCESS_REJECTED.
      Bug: 138529441
      Test: Manual test
      Change-Id: Iefabeb731b941f09fe1272ac7b7cd2feba75c8df
      Merged-In: Iefabeb731b941f09fe1272ac7b7cd2feba75c8df
      (cherry picked from commit 9b3cb0f06b7c4907c293aa65e68c7ed6e4962d4b)
    • Jeff Sharkey's avatar
      RESTRICT AUTOMERGE Enable stricter SQLiteQueryBuilder options. · 598188b4
      Jeff Sharkey authored
      Malicious callers can leak side-channel information by using
      subqueries in any untrusted inputs where SQLite allows "expr" values.
      This change starts using setStrictColumns() and setStrictGrammar()
      on SQLiteQueryBuilder to block this class of attacks.  This means we
      now need to define the projection mapping of valid columns, which
      consists of both the columns defined in the public API and columns
      read internally by DownloadInfo.Reader.
      We're okay growing sAppReadableColumnsSet like this, since we're
      relying on our trusted WHERE clause to filter away any rows that
      don't belong to the calling UID.
      Remove the legacy Lexer code, since we're now internally relying on
      the robust and well-tested SQLiteTokenizer logic.
      Bug: 135270103
      Bug: 135269143
      Test: atest DownloadProviderTests
      Test: atest
      Change-Id: Iec1e8ce18dc4a9564318e0473d9d3863c8c2988a
      (cherry picked from commit 382d5c0c199f3743514e024d2fd921248f7b14b3)
    • Jonathan Scott's avatar
      Jonathan Scott authored
      Test: Just adding a constant
      Bug: 132261064
      Change-Id: I1527be03a10fa1a2fde09e3e41d6b7e83a986fc0
      Merged-In: I2bce277ff8f2de4614e19d5385fe6712b076f9c9
      (cherry picked from commit 20e5d92613268c196b508865b7275b59f00688f5)
  3. 23 Oct, 2019 1 commit
  4. 22 Oct, 2019 1 commit
  5. 14 Oct, 2019 1 commit
  6. 08 Oct, 2019 1 commit
    • Bryan Ferris's avatar
      [RESTRICT AUTOMERGE] Pass correct realCallingUid to startActivity() from startActivityInPackage · b06d7be1
      Bryan Ferris authored
      Previously startActivity would assume that the system was the calling user when
      startActivityInPackage was called. Now the uid of the calling application is
      forwarded by the system.
      Test: manual; we added logging statements to check the value of realCallingUid
      in startActivitiesMayWait when launching the calendar app from the calendar widget
      and verified that it was the calendar uid rather than the system uid.
      Bug: 123013720
      Change-Id: I0ef42c2f89b537a720f1ad5aefac756b0ccac52e
      Merged-In: I0ef42c2f89b537a720f1ad5aefac756b0ccac52e
      (cherry picked from commit 216f65bf)
  7. 04 Oct, 2019 1 commit
  8. 12 Sep, 2019 1 commit
  9. 11 Sep, 2019 1 commit
  10. 06 Sep, 2019 3 commits
    • Mihai Popa's avatar
      Fix Layout.primaryIsTrailingPreviousAllLineOffsets · 676c2ff5
      Mihai Popa authored
      The CL fixes a crash in Layout.primaryIsTrailingPreviousAllLineOffsets.
      The crash was happening when the method was called for a line beginning
      with an empty bidi run. This could happen, for example, for empty text -
      I was unable to find any other case. The CL improves the existing test
      for the method with this case, which was previously crashing.
      The CL also fixes a potential crash in getLineHorizontals. However, this
      bug could never happen as in the current code path clamped is always
      false (and kept as parameter for parity with getHorizontal).
      Bug: 135444178
      Bug: 78464361
      Test: atest FrameworksCoreTests:android.text.LayoutTest\#testPrimaryIsTrailingPrevious
      Change-Id: I47157abe1d74675884734e3810628a566e40c1b4
      (cherry picked from commit 7ad499d0)
      (cherry picked from commit d3e81cd6)
    • Chienyuan's avatar
      HidProfile: sync isPreferred() with HidHostService · e5269350
      Chienyuan authored
      HidHostService allow to connect when priority is PRIORITY_UNDEFINED.
      HidProfile should return ture when priority is PRIORITY_UNDEFINED.
      Otherwise, the "Input device" toggle in off state when HID device
      Bug: 132456322
      Test: manual
      Change-Id: Id7bae694c57aec17e019d591c0a677e3cb64f845
      (cherry picked from commit 830217f2)
    • Michael Wachenschwanz's avatar
      Clear the Parcel before writing an exception during a transaction · c7ffe07c
      Michael Wachenschwanz authored
      This prevents any object data from being accidentally overwritten by the
      exception, which could cause unexpected malformed objects to be sent
      across the transaction.
      Test: atest CtsOsTestCases:ParcelTest#testExceptionOverwritesObject
      Bug: 34175893
      Change-Id: Iaf80a0ad711762992b8ae60f76d861c97a403013
      Merged-In: Iaf80a0ad711762992b8ae60f76d861c97a403013
      (cherry picked from commit f8ef5bcf)
  11. 13 Aug, 2019 1 commit
  12. 08 Aug, 2019 3 commits
  13. 06 Aug, 2019 1 commit
  14. 09 Jul, 2019 2 commits
  15. 21 Jun, 2019 1 commit
  16. 15 Jun, 2019 1 commit
  17. 06 Jun, 2019 1 commit
    • WyattRiley's avatar
      Adding SUPL NI Emergency Extension Time · 79f54038
      WyattRiley authored
      Configurable by carrier config.xml resource
      Bug: 118839234
      Bug: 115361555
      Bug: 112159033
      Test: On device, see b/115361555#comment14
      Change-Id: I52e61656cca8b6fa6468d32d2e69bf60f4c83c61
      (cherry picked from commit a725dd66)
  18. 05 Jun, 2019 4 commits
    • Julia Reynolds's avatar
      Add cross user permission check - areNotificationsEnabledForPackage · 241d57ae
      Julia Reynolds authored
      Test: atest
      Fixes: 128599467
      Change-Id: I13a0ca7590f8c4b44379730e0ee2088aba400c2a
      Merged-In: I13a0ca7590f8c4b44379730e0ee2088aba400c2a
      (cherry picked from commit 657d1641)
      (cherry picked from commit 63846a70)
    • Pavel Grafov's avatar
      Limit IsSeparateProfileChallengeAllowed to system callers · 7da57cb8
      Pavel Grafov authored
      Fixes: 128599668
      Test: build, set up separate challenge
      Change-Id: I2fef9ab13614627c0f1bcca04759d0974fc6181a
      (cherry picked from commit 1b6301cf)
    • Eran Messeri's avatar
      Permission Check For DPM.getPermittedAccessibilityServices · 3db82b0a
      Eran Messeri authored
      Bug: 128599660
      Change-Id: I8be915bd6a4ff99884d23005a4c6f0100806dbe8
      Merged-In: I8ee3f876fcaffa63636645f0f59709cd147254ef
      (cherry picked from commit 4fd13eef)
    • Varun Shah's avatar
      Added missing permission check to isPackageDeviceAdminOnAnyUser. · a08b5b61
      Varun Shah authored
      Added a check for the MANAGE_USERS permission to
      To test that the method is still usable:
      1) Enable virtual storage via: adb shell sm set-virtual-disk true
      2) Follow instructions by clicking on notification to set up virtual storage
      3) Go to Settings -> Apps & notifications -> See all X apps
      4) Click on any non-system app (example Instagram)
      5) Tap Storage and you should see a "Change" button (if not, choose another app)
      6) Tap Change and you should see Internal and Virtual storage options listed
      7) The above step confirms the method is still usable by Settings
      Bug: 128599183
      Test: SafetyNet logging (steps listed above)
      Change-Id: I989f1daf52a71f6c778ebd81baa6f1bf83e9a718
      Merged-In: I36521fa43daab399e08869647326a7ac32d1e512
      (cherry picked from commit 18e7dedf)
  19. 28 May, 2019 1 commit
  20. 19 May, 2019 1 commit
  21. 18 May, 2019 1 commit
    • WyattRiley's avatar
      DO NOT MERGE - SUPL ES Extension - Safer Init and Not After Boot · 8c6c7a97
      WyattRiley authored
      Safe order of pointer setting and background thread start
      Verifying mCallEndElapsedRealtimeMillis is not the initial value
      Bug: 112159033
      Bug: 115361555
      Bug: 125124724
      Test: Verified not-after-boot with test code b/115361555#comment14
      Test: Reproed NPE on Nexus 5x with test thread sleep and verify fix
      Change-Id: I596f913bc79873274c2743132c93ef2381d9f3c7
      (cherry picked from commit b5e7bbe5)
  22. 07 May, 2019 1 commit
  23. 15 Mar, 2019 2 commits
  24. 13 Mar, 2019 2 commits
  25. 12 Mar, 2019 1 commit
  26. 11 Mar, 2019 1 commit
  27. 05 Mar, 2019 1 commit
    • Guliz Tuncay's avatar
      Select only preinstalled Spell Checker Services · becc0144
      Guliz Tuncay authored
      When we are setting a new spell checker as the default one in
      Secure.Settings, TSMS#findAvailSpellCheckerLocked can pick up
      any available spell checker service. This violates the principle
      that user should be warned whenever we are setting an untrusted
      spell checker service as the default service, since the warning
      dialog is never shown.
      Fixes: 64764051
      Bug: 118694079
      Test: Manually as follows:
      1. Open 'packages/inputmethods/LatinIME/java/AndroidManifest.xml'
           and remove 'AndroidSpellCheckerService'
      2. lunch aosp_buillhead-userdebug && make -j
      3. Flash the image
      4. adb shell dumpsys textservices
          -> no spell checker is recognized
      5. adb shell settings get secure selected_spell_checker
          -> null
      6. tapas SampleSpellCheckerService
      7. make -j
      8. adb install -r $OUT/system/app/SampleSpellCheckerService/SampleSpellCheckerService.apk
      9. adb shell dumpsys textservices
          -> SampleSpellCheckerService is recognized
      10. adb shell settings get secure selected_spell_checker
          -> null
      Change-Id: I16f12293d15258c9148677c7ee09fe6dcf81e81d
      Merged-In: Idab3ecc246fe9344a09e6907a0ba39f8ea6506f9
      (cherry picked from commit ed5973b8)