This project is mirrored from https://github.com/LineageOS/android_frameworks_base.git. Updated .
  1. 13 Nov, 2019 1 commit
  2. 12 Nov, 2019 1 commit
    • Kevin F. Haggerty's avatar
      Merge tag 'android-8.1.0_r70' into staging/lineage-15.1_merge-android-8.1.0_r70 · 1bbe2b78
      Kevin F. Haggerty authored
      Android 8.1.0 release 70
      
      * tag 'android-8.1.0_r70':
        RESTRICT AUTOMERGE Enable stricter SQLiteQueryBuilder options.
        RESTRICT AUTOMERGE Strict SQLiteQueryBuilder needs to be stricter.
        Set default phonebook access to ACCESS_REJECTED when user didn't choose one
        Add MANAGED_PROVISIONING_DPC_DOWNLOADED (nyc).
      
      Change-Id: Ia2b60472b8a69fbe7cde0ee3bbf92cacbff35c8f
      1bbe2b78
  3. 15 Oct, 2019 2 commits
  4. 19 Sep, 2019 4 commits
    • Jeff Sharkey's avatar
      RESTRICT AUTOMERGE · 35dba262
      Jeff Sharkey authored
      Enable stricter SQLiteQueryBuilder options.
      
      Malicious callers can leak side-channel information by using
      subqueries in any untrusted inputs where SQLite allows "expr" values.
      
      This change starts using setStrictColumns() and setStrictGrammar()
      on SQLiteQueryBuilder to block this class of attacks.  This means we
      now need to define the projection mapping of valid columns, which
      consists of both the columns defined in the public API and columns
      read internally by DownloadInfo.Reader.
      
      We're okay growing sAppReadableColumnsSet like this, since we're
      relying on our trusted WHERE clause to filter away any rows that
      don't belong to the calling UID.
      
      Remove the legacy Lexer code, since we're now internally relying on
      the robust and well-tested SQLiteTokenizer logic.
      
      Bug: 135270103, 135269143
      Test: cts-tradefed run cts -m CtsAppTestCases -t android.app.cts.DownloadManagerTest
      Change-Id: Iec1e8ce18dc4a9564318e0473d9d3863c8c2988a
      (cherry picked from commit f683c688d5fcd1c178aad2dc154ae5d7b5c60aa9)
      35dba262
    • Jeff Sharkey's avatar
      RESTRICT AUTOMERGE · ce56aee7
      Jeff Sharkey authored
      Strict SQLiteQueryBuilder needs to be stricter.
      
      Malicious callers can leak side-channel information by using
      subqueries in any untrusted inputs where SQLite allows "expr" values.
      
      This change offers setStrictGrammar() to prevent this by outright
      blocking subqueries in WHERE and HAVING clauses, and by requiring
      that GROUP BY and ORDER BY clauses be composed only of valid columns.
      
      This change also offers setStrictColumns() to require that all
      untrusted column names are valid, such as those in ContentValues.
      
      Relaxes to always allow aggregation operators on returned columns,
      since untrusted callers can always calculate these manually.
      
      Bug: 135270103, 135269143
      Test: cts-tradefed run cts -m CtsDatabaseTestCases -t android.database.sqlite.cts.SQLiteQueryBuilderTest
      Change-Id: I6290afd19c966a8bdca71c377c88210d921a9f25
      (cherry picked from commit 92e5e5e45c171f88cb30d8044e43e40fd5437416)
      ce56aee7
    • Zongheng Wang's avatar
      Set default phonebook access to ACCESS_REJECTED when user didn't choose · a19300ef
      Zongheng Wang authored
      one
      
      When there's no users' choice to tell us whether to share their
      phonebook information to the Bluetooth device, set the phonebook access
      permission to ACCESS_REJECTED.
      
      Bug: 138529441
      Test: Manual test
      Change-Id: Iefabeb731b941f09fe1272ac7b7cd2feba75c8df
      Merged-In: Iefabeb731b941f09fe1272ac7b7cd2feba75c8df
      (cherry picked from commit 02046b4f2ce82f6a3b6fd733c4b45f47acf51296)
      a19300ef
    • Jonathan Scott's avatar
      Add MANAGED_PROVISIONING_DPC_DOWNLOADED (nyc). · 176c6ed5
      Jonathan Scott authored
      Test: Just adding a constant
      Bug: 132261064
      Change-Id: I1527be03a10fa1a2fde09e3e41d6b7e83a986fc0
      Merged-In: I2bce277ff8f2de4614e19d5385fe6712b076f9c9
      (cherry picked from commit 20e5d92613268c196b508865b7275b59f00688f5)
      176c6ed5
  5. 12 Sep, 2019 1 commit
  6. 11 Sep, 2019 1 commit
  7. 06 Sep, 2019 2 commits
    • Mihai Popa's avatar
      Fix Layout.primaryIsTrailingPreviousAllLineOffsets · 07645c9d
      Mihai Popa authored
      The CL fixes a crash in Layout.primaryIsTrailingPreviousAllLineOffsets.
      The crash was happening when the method was called for a line beginning
      with an empty bidi run. This could happen, for example, for empty text -
      I was unable to find any other case. The CL improves the existing test
      for the method with this case, which was previously crashing.
      
      The CL also fixes a potential crash in getLineHorizontals. However, this
      bug could never happen as in the current code path clamped is always
      false (and kept as parameter for parity with getHorizontal).
      
      Bug: 135444178
      Bug: 78464361
      Test: atest FrameworksCoreTests:android.text.LayoutTest\#testPrimaryIsTrailingPrevious
      Change-Id: I47157abe1d74675884734e3810628a566e40c1b4
      (cherry picked from commit 7ad499d0)
      (cherry picked from commit 42a6af7a)
      07645c9d
    • Chienyuan's avatar
      HidProfile: sync isPreferred() with HidHostService · ff37add2
      Chienyuan authored
      HidHostService allow to connect when priority is PRIORITY_UNDEFINED.
      HidProfile should return ture when priority is PRIORITY_UNDEFINED.
      Otherwise, the "Input device" toggle in off state when HID device
      connected.
      
      Bug: 132456322
      Test: manual
      Change-Id: Id7bae694c57aec17e019d591c0a677e3cb64f845
      (cherry picked from commit 830217f2)
      ff37add2
  8. 13 Aug, 2019 2 commits
    • Romain Hunault's avatar
    • Kevin F. Haggerty's avatar
      Merge remote-tracking branch 'aosp/oreo-mr1-security-release' into lineage-15.1 · 9b500577
      Kevin F. Haggerty authored
      * aosp/oreo-mr1-security-release: (68 commits)
        Clear the Parcel before writing an exception during a transaction
        Protect VPN dialogs against overlay.
        [RESTRICT AUTOMERGE] Make Lock task default consistent w/ Settings (oc-mr1-dev).
        HwBlob: s/malloc/calloc/
        SUPL ES Extension - June 2019 rollup
        [RESTRICT_AUTOMERGE]: Add cross user permission check - areNotificationsEnabledForPackage
        Limit IsSeparateProfileChallengeAllowed to system callers
        Added missing permission check to isPackageDeviceAdminOnAnyUser.
        Permission Check For DPM.getPermittedAccessibilityServices
        DO NOT MERGE - SUPL ES Extension - Safer Init and Not After Boot
        Revert "Adding SUPL NI Emergency Extension Time"
        DPM: Fix regression from I54376f60ac53451ace22965d331b47cd8c2e614e
        RESTRICT AUTOMERGE Do not linkify text with RLO/LRO characters.
        Adding SUPL NI Emergency Extension Time
        FRP: save password quality in DPM.resetPassword
        [DO NOT MERGE] Changing SUPL_ES=1 for SUPL end point control
        Bluetooth: Check descriptors size in BluetoothHidDeviceAppSdpSettings
        Revert "[DO NOT MERGE] Changing SUPL_ES=1 for SUPL end point control"
        RESTRICT AUTOMERGE: Recover shady content:// paths.
        [DO NOT MERGE] Changing SUPL_ES=1 for SUPL end point control
        ...
      
      Change-Id: Id108dc782e17da0d76595e162a3fcb72a108a684
      9b500577
  9. 12 Aug, 2019 1 commit
  10. 11 Aug, 2019 2 commits
  11. 09 Aug, 2019 1 commit
  12. 07 Aug, 2019 2 commits
    • Bryan Ferris's avatar
      [RESTRICT AUTOMERGE] Pass correct realCallingUid to startActivity() if... · dcd427cc
      Bryan Ferris authored
      [RESTRICT AUTOMERGE] Pass correct realCallingUid to startActivity() if provided by PendingIntentRecord#sendInner()
      
      Previously we'd ignore realCallingPid and realCallingUid that
      PendingIntentRecord#sendInner() provided to startActivityInPackage().
      Now we correctly pass it on, preserving past behaviour if none
      provided.
      
      Test: manual; we added logging statements to check the value of realCallingUid
      in startActivitiesMayWait when launching the calendar app from the calendar widget
      and verified that it was the calendar uid rather than the system uid.
      
      Bug: 123013720
      Change-Id: I0ef42c2f89b537a720f1ad5aefac756b0ccac52e
      Merged-In: I0ef42c2f89b537a720f1ad5aefac756b0ccac52e
      (cherry picked from commit f5e5af7f)
      dcd427cc
    • Christopher Dombroski's avatar
      OP_REQUEST_INSTALL_PACKAGES denied by default · 36168195
      Christopher Dombroski authored
      Some system apps may download unknown content and the user should
      be explicitly asked whether they trust these files. System apps should
      explicitly use the extra NOT_UNKNOWN_SOURCE to bypass this check.
      
      Test: Builds, boots, existing tests pass:
      atest CtsPackageInstallTestCases
      
      Locally verified they pass if CtsPackageInstallTestCases.apk was signed by
      the platform cert.
      
      Bug: 123700348
      Change-Id: I3028bf8ff3f79a41521deeee43fba3c32bb1b2ca
      Merged-In: I2578251906f6656b83464d1c4fc4db99165841c9
      (cherry picked from commit 43e682ab)
      36168195
  13. 06 Aug, 2019 1 commit
  14. 11 Jul, 2019 2 commits
    • Mihai Popa's avatar
      Fix Layout.primaryIsTrailingPreviousAllLineOffsets · 205355ee
      Mihai Popa authored
      The CL fixes a crash in Layout.primaryIsTrailingPreviousAllLineOffsets.
      The crash was happening when the method was called for a line beginning
      with an empty bidi run. This could happen, for example, for empty text -
      I was unable to find any other case. The CL improves the existing test
      for the method with this case, which was previously crashing.
      
      The CL also fixes a potential crash in getLineHorizontals. However, this
      bug could never happen as in the current code path clamped is always
      false (and kept as parameter for parity with getHorizontal).
      
      Bug: 135444178
      Bug: 78464361
      Test: atest FrameworksCoreTests:android.text.LayoutTest\#testPrimaryIsTrailingPrevious
      Change-Id: I47157abe1d74675884734e3810628a566e40c1b4
      (cherry picked from commit 7ad499d0)
      (cherry picked from commit 42a6af7a)
      205355ee
    • Chienyuan's avatar
      HidProfile: sync isPreferred() with HidHostService · 7193aefe
      Chienyuan authored
      HidHostService allow to connect when priority is PRIORITY_UNDEFINED.
      HidProfile should return ture when priority is PRIORITY_UNDEFINED.
      Otherwise, the "Input device" toggle in off state when HID device
      connected.
      
      Bug: 132456322
      Test: manual
      Change-Id: Id7bae694c57aec17e019d591c0a677e3cb64f845
      (cherry picked from commit 830217f2)
      7193aefe
  15. 08 Jul, 2019 1 commit
  16. 02 Jul, 2019 1 commit
    • Steven Moreland's avatar
      HwBlob: s/malloc/calloc/ · e0efa9f2
      Steven Moreland authored
      Since this blob is passed between processes.
      
      We could potentially only memset portions of the blob as it is
      written to. However, the JHwBlob API itself doesn't have to have
      writes in order (even though known usages of it do write in order).
      Because of this, keeping track of which bytes to pad would be too
      expensive.
      
      Bug: 131356202
      Test: boot, hidl_test_java
      Change-Id: I48f4d7cb20c4bfe747dd323ae3744d323ad097c9
      Merged-In: I48f4d7cb20c4bfe747dd323ae3744d323ad097c9
      (cherry picked from commit d8157bc0)
      e0efa9f2
  17. 21 Jun, 2019 1 commit
  18. 20 Jun, 2019 1 commit
  19. 19 Jun, 2019 1 commit
  20. 12 Jun, 2019 1 commit
  21. 10 Jun, 2019 3 commits
  22. 06 Jun, 2019 5 commits
    • WyattRiley's avatar
      Adding SUPL NI Emergency Extension Time · ebddf832
      WyattRiley authored
      Configurable by carrier config.xml resource
      
      Bug: 118839234
      Bug: 115361555
      Bug: 112159033
      Test: On device, see b/115361555#comment14
      Change-Id: I52e61656cca8b6fa6468d32d2e69bf60f4c83c61
      (cherry picked from commit a725dd66)
      ebddf832
    • Julia Reynolds's avatar
      Add cross user permission check - areNotificationsEnabledForPackage · 8f3ee1a0
      Julia Reynolds authored
      Test: atest
      Fixes: 128599467
      Change-Id: I13a0ca7590f8c4b44379730e0ee2088aba400c2a
      (cherry picked from commit 657d1641)
      (cherry picked from commit bed6193b)
      8f3ee1a0
    • Pavel Grafov's avatar
      Limit IsSeparateProfileChallengeAllowed to system callers · b8d17064
      Pavel Grafov authored
      Fixes: 128599668
      Test: build, set up separate challenge
      Change-Id: I2fef9ab13614627c0f1bcca04759d0974fc6181a
      (cherry picked from commit 1b6301cf)
      b8d17064
    • Varun Shah's avatar
      Added missing permission check to isPackageDeviceAdminOnAnyUser. · 0c41251f
      Varun Shah authored
      Added a check for the MANAGE_USERS permission to
      PackageManagerService#isPackageDeviceAdminOnAnyUser.
      
      To test that the method is still usable:
      1) Enable virtual storage via: adb shell sm set-virtual-disk true
      2) Follow instructions by clicking on notification to set up virtual storage
      3) Go to Settings -> Apps & notifications -> See all X apps
      4) Click on any non-system app (example Instagram)
      5) Tap Storage and you should see a "Change" button (if not, choose another app)
      6) Tap Change and you should see Internal and Virtual storage options listed
      7) The above step confirms the method is still usable by Settings
      
      Bug: 128599183
      Test: SafetyNet logging (steps listed above)
      Change-Id: I989f1daf52a71f6c778ebd81baa6f1bf83e9a718
      Merged-In: I36521fa43daab399e08869647326a7ac32d1e512
      (cherry picked from commit 18e7dedf)
      0c41251f
    • Eran Messeri's avatar
      Permission Check For DPM.getPermittedAccessibilityServices · 1cc8e0e5
      Eran Messeri authored
      Bug: 128599660
      Test: com.android.server.devicepolicy.DevicePolicyManagerTest
      Test: com.google.android.gts.devicepolicy.DeviceOwnerTest
      Change-Id: I8be915bd6a4ff99884d23005a4c6f0100806dbe8
      Merged-In: I8ee3f876fcaffa63636645f0f59709cd147254ef
      (cherry picked from commit 4fd13eef)
      1cc8e0e5
  23. 01 Jun, 2019 1 commit
  24. 29 May, 2019 1 commit
  25. 26 May, 2019 1 commit