This project is mirrored from Updated .
  1. 15 Jun, 2019 1 commit
  2. 06 Jun, 2019 1 commit
    • WyattRiley's avatar
      Adding SUPL NI Emergency Extension Time · 79f54038
      WyattRiley authored
      Configurable by carrier config.xml resource
      Bug: 118839234
      Bug: 115361555
      Bug: 112159033
      Test: On device, see b/115361555#comment14
      Change-Id: I52e61656cca8b6fa6468d32d2e69bf60f4c83c61
      (cherry picked from commit a725dd66)
  3. 05 Jun, 2019 4 commits
    • Julia Reynolds's avatar
      Add cross user permission check - areNotificationsEnabledForPackage · 241d57ae
      Julia Reynolds authored
      Test: atest
      Fixes: 128599467
      Change-Id: I13a0ca7590f8c4b44379730e0ee2088aba400c2a
      Merged-In: I13a0ca7590f8c4b44379730e0ee2088aba400c2a
      (cherry picked from commit 657d164136199126ae241848887de0230699cea0)
      (cherry picked from commit 63846a7093ca7c6d89b73fc77bdff267b3ecb4ef)
    • Pavel Grafov's avatar
      Limit IsSeparateProfileChallengeAllowed to system callers · 7da57cb8
      Pavel Grafov authored
      Fixes: 128599668
      Test: build, set up separate challenge
      Change-Id: I2fef9ab13614627c0f1bcca04759d0974fc6181a
      (cherry picked from commit 1b6301cf2430f192c9842a05fc22984d782bade9)
    • Eran Messeri's avatar
      Permission Check For DPM.getPermittedAccessibilityServices · 3db82b0a
      Eran Messeri authored
      Bug: 128599660
      Change-Id: I8be915bd6a4ff99884d23005a4c6f0100806dbe8
      Merged-In: I8ee3f876fcaffa63636645f0f59709cd147254ef
      (cherry picked from commit 4fd13eefcf99d9b9b0d5f5ea99fdc7c799c83d23)
    • Varun Shah's avatar
      Added missing permission check to isPackageDeviceAdminOnAnyUser. · a08b5b61
      Varun Shah authored
      Added a check for the MANAGE_USERS permission to
      To test that the method is still usable:
      1) Enable virtual storage via: adb shell sm set-virtual-disk true
      2) Follow instructions by clicking on notification to set up virtual storage
      3) Go to Settings -> Apps & notifications -> See all X apps
      4) Click on any non-system app (example Instagram)
      5) Tap Storage and you should see a "Change" button (if not, choose another app)
      6) Tap Change and you should see Internal and Virtual storage options listed
      7) The above step confirms the method is still usable by Settings
      Bug: 128599183
      Test: SafetyNet logging (steps listed above)
      Change-Id: I989f1daf52a71f6c778ebd81baa6f1bf83e9a718
      Merged-In: I36521fa43daab399e08869647326a7ac32d1e512
      (cherry picked from commit 18e7dedf6c35f07daf8b7239d501737745ac7f43)
  4. 28 May, 2019 1 commit
  5. 19 May, 2019 1 commit
  6. 18 May, 2019 1 commit
    • WyattRiley's avatar
      DO NOT MERGE - SUPL ES Extension - Safer Init and Not After Boot · 8c6c7a97
      WyattRiley authored
      Safe order of pointer setting and background thread start
      Verifying mCallEndElapsedRealtimeMillis is not the initial value
      Bug: 112159033
      Bug: 115361555
      Bug: 125124724
      Test: Verified not-after-boot with test code b/115361555#comment14
      Test: Reproed NPE on Nexus 5x with test thread sleep and verify fix
      Change-Id: I596f913bc79873274c2743132c93ef2381d9f3c7
      (cherry picked from commit b5e7bbe5b8e1d120d3f13f6d15b7be16d4f2e132)
  7. 07 May, 2019 1 commit
  8. 15 Mar, 2019 2 commits
  9. 13 Mar, 2019 2 commits
  10. 12 Mar, 2019 1 commit
  11. 11 Mar, 2019 1 commit
  12. 05 Mar, 2019 2 commits
    • Guliz Tuncay's avatar
      Select only preinstalled Spell Checker Services · becc0144
      Guliz Tuncay authored
      When we are setting a new spell checker as the default one in
      Secure.Settings, TSMS#findAvailSpellCheckerLocked can pick up
      any available spell checker service. This violates the principle
      that user should be warned whenever we are setting an untrusted
      spell checker service as the default service, since the warning
      dialog is never shown.
      Fixes: 64764051
      Bug: 118694079
      Test: Manually as follows:
      1. Open 'packages/inputmethods/LatinIME/java/AndroidManifest.xml'
           and remove 'AndroidSpellCheckerService'
      2. lunch aosp_buillhead-userdebug && make -j
      3. Flash the image
      4. adb shell dumpsys textservices
          -> no spell checker is recognized
      5. adb shell settings get secure selected_spell_checker
          -> null
      6. tapas SampleSpellCheckerService
      7. make -j
      8. adb install -r $OUT/system/app/SampleSpellCheckerService/SampleSpellCheckerService.apk
      9. adb shell dumpsys textservices
          -> SampleSpellCheckerService is recognized
      10. adb shell settings get secure selected_spell_checker
          -> null
      Change-Id: I16f12293d15258c9148677c7ee09fe6dcf81e81d
      Merged-In: Idab3ecc246fe9344a09e6907a0ba39f8ea6506f9
      (cherry picked from commit ed5973b8)
    • Tony Mak's avatar
      RESTRICT AUTOMERGE Do not linkify text with RLO/LRO characters. · 7c411a06
      Tony Mak authored
      Also don't show smart actions for selections in text with unsupported
      Bug: 116321860
      Test: runtest -x cts/tests/tests/text/src/android/text/util/cts/
      Change-Id: Id271cab8aef6b9b13ef17f1a8654c7616f75cf13
      (cherry picked from commit 73f398d3)
  13. 19 Feb, 2019 1 commit
  14. 15 Feb, 2019 1 commit
  15. 24 Jan, 2019 1 commit
  16. 21 Jan, 2019 1 commit
  17. 13 Jan, 2019 1 commit
  18. 07 Jan, 2019 1 commit
  19. 27 Dec, 2018 1 commit
  20. 17 Dec, 2018 1 commit
  21. 16 Dec, 2018 2 commits
    • Jeff Sharkey's avatar
      RESTRICT AUTOMERGE: Recover shady content:// paths. · b98c5a95
      Jeff Sharkey authored
      The path-permission element offers prefix or regex style matching of
      paths, but most providers internally use UriMatcher to decide what
      to do with an incoming Uri.
      This causes trouble because UriMatcher uses Uri.getPathSegments(),
      which quietly ignores "empty" paths.  Consider this example:
          <path-permission android:pathPrefix="/private" ... />
          uriMatcher.addURI("com.example", "/private", CODE_PRIVATE);
      The Uri above will pass the security check, since it's not
      technically a prefix match.  But the UriMatcher will then match it
      as CODE_PRIVATE, since it ignores the "//" zero-length path.
      Since we can't safely change the behavior of either path-permission
      or UriMatcher, we're left with recovering these shady paths by
      trimming away zero-length paths.
      Bug: 112555574
      Test: cts-tradefed run cts -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AppSecurityTests
      Change-Id: Ibadbfa4fc904ec54780c8102958735b03293fb9a
      (cherry picked from commit a1ec7b11)
    • Robin Lee's avatar
      Pass userId through to singleton ContentProviders · 019a7eab
      Robin Lee authored
      System content providers like SettingsProvider run as singleUser but
      on receipt of a call make decisions based on the calling user ID.
      This is right up until the caller is a system service or a cross-user-
      -aware app like Settings, where putStringForUser etc. provide a
      workaround for most settings but not for the few files SettingsProvider
      Change-Id: I90060c9c13e274edd71f8a16ab3a026a58b98e3e
  22. 04 Dec, 2018 1 commit
    • Wayne Lin's avatar
      Changing SUPL_ES=1 for SUPL end point control · b3f380d3
      Wayne Lin authored
      SUPL_ES=1 ensures the GnssLocationProvider and related framework code
      accepts incoming SMS SUPL_INIT messages with ES-bit=1
      (which allow redirection of the ESLP
      end-point e.g. to the current local emergency services provider when
      you are travelling) only during an emergency call
      Bug: 115331218
      Bug: 112159033
      Test: Build pass
      Change-Id: I5075f7887a184ce18bb1815b35a2ce7acd8bca10
      (cherry picked from commit 02f38c72)
  23. 30 Nov, 2018 1 commit
  24. 24 Nov, 2018 1 commit
  25. 19 Nov, 2018 1 commit
  26. 13 Nov, 2018 1 commit
  27. 12 Nov, 2018 2 commits
    • Michael Wachenschwanz's avatar
      Verify number of Map entries written to Parcel · 3cab1737
      Michael Wachenschwanz authored
      Make sure the number of entries written by Parcel#writeMapInternal
      matches the size written. If a mismatch were allowed, an exploitable
      scenario could occur where the data read from the Parcel would not
      match the data written.
      Fixes: 112859604
      Test: cts-tradefed run cts -m CtsOsTestCases -t android.os.cts.ParcelTest
      Change-Id: I325d08a8b66b6e80fe76501359c41b6656848607
      Merged-In: I325d08a8b66b6e80fe76501359c41b6656848607
      (cherry picked from commit 057a01d1)
    • vince-bourgmayer's avatar
  28. 06 Nov, 2018 1 commit
    • Wale Ogunwale's avatar
      RESTRICT AUTOMERGE: Hide overlay windows when requesting media projection permission. · 5b9f020c
      Wale Ogunwale authored
      1: Cherry-pick ag/4067454 - Setting PRIVATE_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS
      updateNonSystemOverlayWindowsVisibilityIfNeeded on relayoutWindow
      2: Cherry-pick ag/3650369 - If PRIVATE_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS changed on
      relayoutWindow() then updateNonSystemOverlayWindowsVisibilityIfNeeded
      3: Add permissions to SystemUI to allow it to hide non-system overlays
      Bug: 34170870
      Test: manual (see bug for poc)
      Change-Id: I57cb0f390d9a78e721c5ddce49a377d385002753
      (cherry picked from commit 40f7b583)
  29. 31 Oct, 2018 1 commit
  30. 30 Oct, 2018 3 commits
    • Seigo Nonaka's avatar
      Fix crash during cursor moving on BiDi text · 04a3be40
      Seigo Nonaka authored
      The crash was introduced by Ib66ef392c19c937718e7101f6d48fac3abe51ad0
      The root cause of the crashing is requesting out-of-line access for the
      horizontal width. This invalid access is silently ignored by
      TextLine#measure() method but new implementation end up with out of
      bounds access.
      To makes behavior as old implementation, calling getHorizontal instead
      of accessing measured result array.
      Bug: 78464361, 111580019
      Test: Manually done
      Change-Id: I5c5778718f6b397adbb1e4f2cf95e9f635f6e5c8
      (cherry picked from commit 960647d582911ae7ab8b9491097898e6c313aaf1)
      Merged-In: I5c5778718f6b397adbb1e4f2cf95e9f635f6e5c8
      (cherry picked from commit a1076fda)
    • Jeff Sharkey's avatar
      DO NOT MERGE. Persistable Uri grants still require permissions. · 31824b99
      Jeff Sharkey authored
      When FLAG_GRANT_PERSISTABLE_URI_PERMISSION is requested, we still
      need to check permissions between the source and target packages,
      instead of shortcutting past them.
      The spirit of the original change is remains intact: if the caller
      requested FLAG_GRANT_PERSISTABLE_URI_PERMISSION, then we avoid
      returning "-1", which would prevent the grant data structure from
      being allocated.
      Bug: 111934948
      Test: atest android.appsecurity.cts.AppSecurityTests
      Change-Id: Ief0fc922aa09fc3d9bb6a126c2ff5855347cd030
      Merged-In: Ief0fc922aa09fc3d9bb6a126c2ff5855347cd030
      (cherry picked from commit d6a6e712)
    • Jeff Sharkey's avatar
      Always create grant structures when persistable. · bd7f6a82
      Jeff Sharkey authored
      Certain apps may already hold permissions to an underlying provider,
      but they expect APIs like takePersistableUriPermission() and
      getPersistedUriPermissions() to work when a permission grant was
      Test: builds, boots
      Bug: 31239684
      Change-Id: I4b21c57956b70133ecadb50d0d3ee339f41e2260