This project is mirrored from Updated .
  1. 19 Jan, 2020 2 commits
  2. 16 Jan, 2020 1 commit
  3. 07 Jan, 2020 1 commit
  4. 23 Dec, 2019 2 commits
    • /e/ robot's avatar
    • David Sehr's avatar
      Allow tuning of heaptargetutilization · 8c1c3e25
      David Sehr authored
      Remove a pair of explicit sets of this value.  This allows ART to tune
      this parameter to improve GC responsiveness and memory usage.  Tuning
      this parameter is a key area of work for OEM-requested high-memory
      device configurations.
      Bug: 145823510
      Test: boot and run with various configurations of the flag.
      Change-Id: I19680ff5fa1ebf9dfd4a3f71533d03510f4da414
      Merged-In: I19680ff5fa1ebf9dfd4a3f71533d03510f4da414
      (cherry picked from commit b2910d3b6ff282194a4fa4e6c6818c4325168a4f)
  5. 11 Dec, 2019 1 commit
  6. 08 Dec, 2019 2 commits
  7. 03 Dec, 2019 1 commit
  8. 28 Nov, 2019 1 commit
  9. 27 Nov, 2019 2 commits
  10. 18 Nov, 2019 1 commit
  11. 17 Nov, 2019 1 commit
  12. 12 Nov, 2019 2 commits
  13. 08 Nov, 2019 3 commits
    • Jing Ji's avatar
      Prevent system uid component from running in an isolated app process · feedb38d
      Jing Ji authored
      Bug: 140055304
      Test: Manua
      Change-Id: Ie7f6ed23f0c6009aad0f67a00af119b02cdceac3
      Merged-In: I5a1618fab529cb0300d4a8e9c7762ee218ca09eb
      (cherry picked from commit 0bfebadf304bdd5f921e80f93de3e0d13b88b79c)
    • Todd Kennedy's avatar
      Only allow INSTALL_ALLOW_TEST from shell or root · df8e8e03
      Todd Kennedy authored
      Bug: 141169173
      Test: Manual. App can't be installed as test-only
      Change-Id: Ib6dcca7901aa549d620448c0165c22270a3042be
      Merged-In: Ib6dcca7901aa549d620448c0165c22270a3042be
      (cherry picked from commit 702d394762a9b162cb2a2b04bb726fd8053f24d3)
    • Ahan Wu's avatar
      DO NOT MERGE Validate wallpaper dimension while generating crop · 82b11404
      Ahan Wu authored
      If dimensions of cropped wallpaper image exceed max texture size that
      GPU can support, it will cause ImageWallpaper keep crashing
      because hwui crashes by invalid operation (0x502).
      Bug: 120847476.
      Test: Write a custom app to set a 8000x800 bitmap as wallpaper.
      Test: The cropped file will be 29600x2960 and make sysui keep crashing.
      Test: After applyed this cl, wallpaper will use fallback.
      Test: Sysui will not keep crashing any more.
      Change-Id: I8ed5931298c652a2230858cf62df3f6fcd345c5a
      (cherry picked from commit f1e1f4f04d0165ed065637a4ba556583a7c79ef0)
  14. 31 Oct, 2019 1 commit
  15. 30 Oct, 2019 1 commit
    • Michael W's avatar
      PM: Allow disabling components per-device · 0df2d7e2
      Michael W authored
      * Introduce a new overlayable string-array
      * This is equally used to disable components per-device, e.g.
      * At the same time, rename config_disabledComponents to
        config_globallyDisabledComponents to reflect the difference
      Change-Id: Ieeec0788b063a33e8a2830dd95b239c99a58466f
  16. 17 Oct, 2019 1 commit
    • Seigo Nonaka's avatar
      RESTRICT AUTOMERGE · df0912c3
      Seigo Nonaka authored
      Revive runLimit check logic
      The runLimit check logic was accidentally removed by
      Bug: 142134328
      Bug: 140632678
      Test: Manually done with reported step
      Test: StaticLayoutTest passes
      Change-Id: Ib1d5efdcb9adcc18a6a43370dc016ea464f48148
      (cherry picked from commit fd1a7e8663feb23ba912e1c519630a2385b452fc)
  17. 15 Oct, 2019 3 commits
    • /e/ robot's avatar
    • Aaron Kling's avatar
      [1/2] Add battery info to tvsettings device info · 5cd43b35
      Aaron Kling authored
      Change-Id: I98abe338d77b56f2a851e0f093a44d6911b9009b
    • Kevin F. Haggerty's avatar
      Merge tag 'android-9.0.0_r49' into staging/lineage-16.0_merge-android-9.0.0_r49 · ab78fedc
      Kevin F. Haggerty authored
      Android 9.0.0 Release 49 (5794013)
      * tag 'android-9.0.0_r49': (45 commits)
        [RESTRICT AUTOMERGE] Pass correct realCallingUid to startActivity() if provided by PendingIntentRecord#sendInner()
        OP_REQUEST_INSTALL_PACKAGES denied by default
        DO NOT MERGE Fix display freezing when screen size mismatches
        Fix Layout.primaryIsTrailingPreviousAllLineOffsets
        HidProfile: sync isPreferred() with HidHostService
        [RESTRICT AUTOMERGE] Correct argument order in permission check
        Clear the Parcel before writing an exception during a transaction
        [RESTRICT AUTOMERGE] Protect VPN dialogs against overlay.
        DO NOT MERGE SurfaceControl: Fix captureLayers JNI
        Clean up ProcessRecord when reuse a pid.
        Update API docs for TelecomManager#endCall.
        [RESTRICT AUTOMERGE] Fix NullPointerException when mLockPatternUtils is not set.
        [RESTRICT AUTOMERGE] Make LockTaskController default behaviour match ScreenPinningSettings.
        [RESTRICT AUTOMERGE] Careful with screenshots containing secure layers!
        Revert "[RESTRICT AUTOMERGE] Careful with screenshots containing secure layers!"
        [RESTRICT AUTOMERGE] Careful with screenshots containing secure layers!
        [RESTRICT AUTOMERGE]: Exclude secure layers from most screenshots taken by the system server.
        HwBlob: s/malloc/calloc/
        SUPL ES Extension - June 2019 rollup
        Add cross user permission check - areNotificationsEnabledForPackage
      Change-Id: Ic06699506c8eabe8cc0cf339b9c04459771ff247
  18. 08 Oct, 2019 3 commits
    • Evan Laird's avatar
      Force FGS notifications to show for a minimum time · 90449053
      Evan Laird authored
      It's possible for a service to do a start/stop foreground and cause a
      couple of things to happen:
      NotificationManagerService will enqueue a EnqueueNotificationRunnable,
      post a PostNotificationRunnable (for the startForeground), and then also
      enqueue a CancelNotificationRunnable. There is some racy behavior here
      in that the cancel runnable can get triggered in between enqueue and
      post runnables. If the cancel happens first, then
      NotificationListenerServices will never get the message.
      This behavior is technically allowed, however for foreground services we
      want to ensure that there is a minmum amount of time that notification
      listeners are aware of the foreground service so that (for instance) the
      FGS notification can be shown.
      This CL does two things to mitigate this problem:
      1. Introduce checking in the CancelNotificationRunnable such that it
      will not cancel until after PostNotificationRunnable has finished
      2. Introduce a NotificationLifetimeExtender method that will allow a
      lifetime extender to manage the lifetime of a notification that has been
      enqueued but not inflated yet.
      Bug: 119041698
      Test: atest NotificationManagerServiceTest
      Test: atest ForegroundServiceLifetimeExtenderTest
      Change-Id: I0680034ed9315aa2c05282524d48faaed066ebd0
      Merged-In: I0680034ed9315aa2c05282524d48faaed066ebd0
      (cherry picked from commit 3b8c4743f630dcd370bfc5dc9683b551983fbe28)
    • Seigo Nonaka's avatar
      RESTRICT AUTOMERGE · 38f822b3
      Seigo Nonaka authored
      Do not compute outside given range in TextLine
      This is second attempt of I646851973b3816bf9ba32dfe26748c0345a5a081
      which breaks various layout test on application.
      The empty string must be also handled by the TextLine since it
      retrieves the default line height from the empty string.
      Bug: 140632678
      Test: StaticLayoutTest
      Test: Manually done
      Change-Id: I7089ed9b711dddd7de2b27c9c2fa0fb4cb53a735
      (cherry picked from commit f582b9bc)
    • Suprabh Shukla's avatar
      DO NOT MERGE revoke certain app-ops on suspend · 25b32e54
      Suprabh Shukla authored
      Revoking an apps authorizations to use camera and record or play audio
      while suspended. Appops watchers will also be notified of this change to
      re-evaluate privileges at the time of suspension.
      Test: atest FrameworksServicesTests:SuspendPackagesTest
      Bug: 138636979
      Change-Id: Ie95555856afdd56728125f7e60b6a78cf9fc0e58
      Merged-In: Ie95555856afdd56728125f7e60b6a78cf9fc0e58
      Merged-In: Ic5fb1807deceabfd956b666fa76f8bcc94020ac3
      (cherry picked from commit ed5edb77)
  19. 30 Sep, 2019 2 commits
  20. 21 Sep, 2019 2 commits
    • /e/ robot's avatar
    • Peter Cai's avatar
      FODCircleView: defer removal to next re-layout · e0a5469c
      Peter Cai authored
      * Originally, when hide() is called, it removes the dim layer and then
        removes the view immediately, then calls the hide event in HAL. This
        causes severe flickering because the HAL is expected to restore the
        brightness immediately, but the dim layer will not be removed until
        the next repaint cycle.
      * Since it is not easy to listen for a redraw after the view itself has
        been removed, we can defer removal after the next time onLayout() is
        called. When tested on my OnePlus 7 Pro, this reduces flickering on
        successful fp authentication drastically.
      * There are some cases where show() is called so quickly after hide()
        that the view hasn't been actually removed due to this change (which
        is actually another cause of flickering). This is handled by checking
        the removal flag in show() and removing it immediately if the view is
        yet to be removed, and also by moving calls to HAL show / hide events
        to the actual attached / detached event handlers.
      * For consistency in semantics, also move calls related to the dim
        layer that were originally in onDraw for similar reasons to the
        onLayout function.
      Change-Id: I9b0cfe5c4d572a64b918ce7d3c130a659fd25a30
  21. 19 Sep, 2019 6 commits
    • /e/ robot's avatar
    • Jeff Sharkey's avatar
      RESTRICT AUTOMERGE · d9f91c43
      Jeff Sharkey authored
      Strict SQLiteQueryBuilder needs to be stricter.
      Malicious callers can leak side-channel information by using
      subqueries in any untrusted inputs where SQLite allows "expr" values.
      This change offers setStrictGrammar() to prevent this by outright
      blocking subqueries in WHERE and HAVING clauses, and by requiring
      that GROUP BY and ORDER BY clauses be composed only of valid columns.
      This change also offers setStrictColumns() to require that all
      untrusted column names are valid, such as those in ContentValues.
      Relaxes to always allow aggregation operators on returned columns,
      since untrusted callers can always calculate these manually.
      Bug: 135270103
      Bug: 135269143
      Test: atest android.database.sqlite.cts.SQLiteQueryBuilderTest
      Test: atest FrameworksCoreTests:android.database.sqlite.SQLiteTokenizerTest
      Exempt-From-Owner-Approval: already approved in downstream branch
      Change-Id: I6290afd19c966a8bdca71c377c88210d921a9f25
      (cherry picked from commit 216bbc2a)
    • Zongheng Wang's avatar
      Set default phonebook access to ACCESS_REJECTED when user didn't choose · 9d5a622c
      Zongheng Wang authored
      When there's no users' choice to tell us whether to share their
      phonebook information to the Bluetooth device, set the phonebook access
      permission to ACCESS_REJECTED.
      Bug: 138529441
      Test: Manual test
      Change-Id: Iefabeb731b941f09fe1272ac7b7cd2feba75c8df
      Merged-In: Iefabeb731b941f09fe1272ac7b7cd2feba75c8df
      (cherry picked from commit 9b3cb0f0)
    • Jeff Sharkey's avatar
      RESTRICT AUTOMERGE · 95c83b30
      Jeff Sharkey authored
      Enable stricter SQLiteQueryBuilder options.
      Malicious callers can leak side-channel information by using
      subqueries in any untrusted inputs where SQLite allows "expr" values.
      This change starts using setStrictColumns() and setStrictGrammar()
      on SQLiteQueryBuilder to block this class of attacks.  This means we
      now need to define the projection mapping of valid columns, which
      consists of both the columns defined in the public API and columns
      read internally by DownloadInfo.Reader.
      We're okay growing sAppReadableColumnsSet like this, since we're
      relying on our trusted WHERE clause to filter away any rows that
      don't belong to the calling UID.
      Remove the legacy Lexer code, since we're now internally relying on
      the robust and well-tested SQLiteTokenizer logic.
      Bug: 135270103
      Bug: 135269143
      Test: atest DownloadProviderTests
      Test: atest
      Change-Id: Iec1e8ce18dc4a9564318e0473d9d3863c8c2988a
      (cherry picked from commit 382d5c0c)
    • Pinyao Ting's avatar
      fixes a security vulnerability in slice provider · 54f00e83
      Pinyao Ting authored
      Bug: 138441555
      Test: Manual
      Change-Id: Ib1b4fba54ebd3599fe11021d21dc9b09d34e8965
      Merged-In: Ib1b4fba54ebd3599fe11021d21dc9b09d34e8965
      (cherry picked from commit 2b415a4c)
      (cherry picked from commit 46368e4f)
    • Jonathan Scott's avatar
      Jonathan Scott authored
      Test: Just adding a constant
      Bug: 132261064
      Change-Id: I1527be03a10fa1a2fde09e3e41d6b7e83a986fc0
      Merged-In: I2bce277ff8f2de4614e19d5385fe6712b076f9c9
      (cherry picked from commit 20e5d926)
  22. 13 Sep, 2019 1 commit
    • Sam Mortimer's avatar
      fw/b: Prevent trying to enable hw offload for tethering via VPN upstreams · 7b13c0f5
      Sam Mortimer authored
      * Tethering via VPN upstream requires a sw path.
      * hw offload setup happened to be being disabled anyway owing to a fail
        return code from setDataLimit().  However, it was causing offload to be
        disabled entirely (until next hotspot off / on event).
      * Gracefully skip hw offload for vpn upstreams so that it is automatically
        used again when a vpn is disconnected.
      Change-Id: I4df13f02889305560903b7b1e919eedc7af78c07