Fyodor Kupolov
2fe1990ba7
[DO NOT MERGE] Increased user switch timeout to 3s
...
Also report the actual delay if sendResult is eventually called.
Test: Manual - device boots, no timeouts
Bug: 30813554
Change-Id: I1271181ab9d2653fad1167049c84a6780ad46ff0
2016-12-08 17:49:09 -08:00
Bill Napier
31f2e91892
Revert "Fix vulnerability in MemoryIntArray am: a97171ec49" am: 43966dafb3 am: 498547ec6c
...
am: ef435f6780
2016-12-08 22:40:05 +00:00
Bill Napier
ef435f6780
Revert "Fix vulnerability in MemoryIntArray am: a97171ec49" am: 43966dafb3
...
am: 498547ec6c
2016-12-08 22:34:34 +00:00
Bill Napier
498547ec6c
Revert "Fix vulnerability in MemoryIntArray am: a97171ec49"
...
am: 43966dafb3
2016-12-08 22:30:02 +00:00
Bill Napier
43966dafb3
Revert "Fix vulnerability in MemoryIntArray am: a97171ec49"
...
This reverts commit fb12dd509f
2016-12-08 22:22:38 +00:00
Svetoslav Ganov
49e3ce4800
Fix vulnerability in MemoryIntArray am: a97171ec49 am: fb12dd509f am: a5ee109029
...
am: 5250d90637
2016-12-08 21:51:00 +00:00
Svetoslav Ganov
5250d90637
Fix vulnerability in MemoryIntArray am: a97171ec49 am: fb12dd509f
...
am: a5ee109029
2016-12-08 21:46:34 +00:00
Svetoslav Ganov
a5ee109029
Fix vulnerability in MemoryIntArray am: a97171ec49
...
am: fb12dd509f
2016-12-08 21:42:05 +00:00
Svetoslav Ganov
fb12dd509f
Fix vulnerability in MemoryIntArray
...
am: a97171ec49
2016-12-08 21:37:33 +00:00
Svetoslav Ganov
a97171ec49
Fix vulnerability in MemoryIntArray
...
MemoryIntArray was using the size of the undelying
ashmem region to mmap the data but the ashmem size
can be changed until the former is memory mapped.
Since we use the ashmem region size for boundary
checking and memory unmapping if it does not match
the size used while mapping an attacker can force
the system to unmap memory or to access undefined
memory and crash.
Also we were passing the memory address where the
ashmem region is mapped in the owner process to
support cases where the client can pass back the
MemoryIntArray instance. This allows an attacker
to put invalid address and cause arbitrary memory
to be freed.
Now we no longer support passing back the instance
to the owner process (the passed back instance is
read only), so no need to pass the memory adress
of the owner's mapping, thus not allowing freeing
arbitrary memory.
Further, we now check the memory mapped size against
the size of the underlying ashmem region after we do
the memory mapping (to fix the ahsmem size) and if
an attacker changed the size under us we throw.
Tests: Updated the tests and they pass.
bug:33039926
bug:33042690
Change-Id: I1004579181ff7a223ef659e85c46100c47ab2409
2016-12-08 11:51:26 -08:00
Bill Yi
462d9a3335
Merge "Import translations. DO NOT MERGE" into cw-f-dev
...
am: c0b7e766b0
2016-12-08 17:16:51 +00:00
Bill Yi
f1a5ffbf99
Import translations. DO NOT MERGE
...
am: b004945727
2016-12-08 17:16:49 +00:00
Bill Yi
f014d755a1
Merge "Import translations. DO NOT MERGE" into cw-f-dev
...
am: e1add91fa1
2016-12-08 17:15:12 +00:00
Bill Yi
a40b64efdd
Import translations. DO NOT MERGE
...
am: c30efc0214
2016-12-08 17:15:09 +00:00
Bill Yi
a62eff1f94
Merge "Import translations. DO NOT MERGE" into cw-f-dev
...
am: 7e212ae873
2016-12-08 17:13:32 +00:00
Bill Yi
83810d0665
Import translations. DO NOT MERGE
...
am: c300be1cf4
2016-12-08 17:13:31 +00:00
Bill Yi
217e5fc476
Merge "Import translations. DO NOT MERGE" into cw-f-dev
...
am: df9a47a79f
2016-12-08 17:12:00 +00:00
Bill Yi
ec82e05e7b
Import translations. DO NOT MERGE
...
am: ef89f62670
2016-12-08 17:11:59 +00:00
Bill Yi
19e2b518ff
Merge "Import translations. DO NOT MERGE" into cw-f-dev
...
am: 3c54cdf15e
2016-12-08 17:08:12 +00:00
Bill Yi
c52c508e8c
Import translations. DO NOT MERGE
...
am: d4bdbc314b
2016-12-08 17:08:10 +00:00
TreeHugger Robot
c0b7e766b0
Merge "Import translations. DO NOT MERGE" into cw-f-dev
2016-12-08 17:00:40 +00:00
TreeHugger Robot
e1add91fa1
Merge "Import translations. DO NOT MERGE" into cw-f-dev
2016-12-08 17:00:14 +00:00
TreeHugger Robot
7e212ae873
Merge "Import translations. DO NOT MERGE" into cw-f-dev
2016-12-08 16:59:47 +00:00
TreeHugger Robot
df9a47a79f
Merge "Import translations. DO NOT MERGE" into cw-f-dev
2016-12-08 16:59:19 +00:00
TreeHugger Robot
3c54cdf15e
Merge "Import translations. DO NOT MERGE" into cw-f-dev
2016-12-08 16:58:52 +00:00
Bill Yi
d4bdbc314b
Import translations. DO NOT MERGE
...
Change-Id: Iaf10ebaae14bf032c8e6ee512c3968c970b6438e
Auto-generated-cl: translation import
2016-12-07 23:47:19 -08:00
Bill Yi
ef89f62670
Import translations. DO NOT MERGE
...
Change-Id: I82ffbc76e650cbe5b782ad8ff4a257270d11b03f
Auto-generated-cl: translation import
2016-12-07 23:21:48 -08:00
Bill Yi
c300be1cf4
Import translations. DO NOT MERGE
...
Change-Id: Ifebc058ab8d5b151e49ef51ea2fd895817d70bd9
Auto-generated-cl: translation import
2016-12-07 23:18:44 -08:00
Bill Yi
c30efc0214
Import translations. DO NOT MERGE
...
Change-Id: I1b1c0c189c1979a7a885b4e6e6fef21bae6dd22a
Auto-generated-cl: translation import
2016-12-07 23:00:43 -08:00
Bill Yi
b004945727
Import translations. DO NOT MERGE
...
Change-Id: I4de79adeee71e5aa9f9055d09f6a6dd14d6a5dec
Auto-generated-cl: translation import
2016-12-07 22:46:57 -08:00
Svetoslav Ganov
061d2b6cad
Revert "Fix vulnerability in MemoryIntArray" am: 1f06508bc6 am: 64b5725900 am: 60357eb6bd
...
am: 590b77da13
2016-12-08 02:40:55 +00:00
Svetoslav Ganov
590b77da13
Revert "Fix vulnerability in MemoryIntArray" am: 1f06508bc6 am: 64b5725900
...
am: 60357eb6bd
2016-12-08 02:36:54 +00:00
Svetoslav Ganov
60357eb6bd
Revert "Fix vulnerability in MemoryIntArray" am: 1f06508bc6
...
am: 64b5725900
2016-12-08 02:33:00 +00:00
Svetoslav Ganov
64b5725900
Revert "Fix vulnerability in MemoryIntArray"
...
am: 1f06508bc6
2016-12-08 02:29:00 +00:00
Svetoslav Ganov
1f06508bc6
Revert "Fix vulnerability in MemoryIntArray"
...
This reverts commit 4694cad511
2016-12-08 02:17:40 +00:00
Svetoslav Ganov
6023fd1800
Fix vulnerability in MemoryIntArray am: 4694cad511 am: ec40a70ffb am: 138a541eaa
...
am: 557858b9c0
2016-12-08 02:08:23 +00:00
Aart Bik
116a4e883d
Revert "Fix vulnerability in MemoryIntArray" am: 29139a8ae5 am: 86699f980f am: 65cf055ad9
...
am: 278cad4793
2016-12-08 02:00:56 +00:00
Svetoslav Ganov
557858b9c0
Fix vulnerability in MemoryIntArray am: 4694cad511 am: ec40a70ffb
...
am: 138a541eaa
2016-12-08 02:00:55 +00:00
Svetoslav Ganov
138a541eaa
Fix vulnerability in MemoryIntArray am: 4694cad511
...
am: ec40a70ffb
2016-12-08 01:56:24 +00:00
Aart Bik
278cad4793
Revert "Fix vulnerability in MemoryIntArray" am: 29139a8ae5 am: 86699f980f
...
am: 65cf055ad9
2016-12-08 01:52:51 +00:00
TreeHugger Robot
1e1d5b07a6
Merge "EmergencyCryptkeeperText: Make sure we update if airplane mode changes" into nyc-mr2-dev
2016-12-08 01:50:14 +00:00
Svetoslav Ganov
ec40a70ffb
Fix vulnerability in MemoryIntArray
...
am: 4694cad511
2016-12-08 01:49:21 +00:00
Aart Bik
65cf055ad9
Revert "Fix vulnerability in MemoryIntArray" am: 29139a8ae5
...
am: 86699f980f
2016-12-08 01:44:54 +00:00
Aart Bik
86699f980f
Revert "Fix vulnerability in MemoryIntArray"
...
am: 29139a8ae5
2016-12-08 01:36:50 +00:00
Svetoslav Ganov
4694cad511
Fix vulnerability in MemoryIntArray
...
MemoryIntArray was using the size of the undelying
ashmem region to mmap the data but the ashmem size
can be changed until the former is memory mapped.
Since we use the ashmem region size for boundary
checking and memory unmapping if it does not match
the size used while mapping an attacker can force
the system to unmap memory or to access undefined
memory and crash.
Also we were passing the memory address where the
ashmem region is mapped in the owner process to
support cases where the client can pass back the
MemoryIntArray instance. This allows an attacker
to put invalid address and cause arbitrary memory
to be freed.
Now we no longer support passing back the instance
to the owner process (the passed back instance is
read only), so no need to pass the memory adress
of the owner's mapping, thus not allowing freeing
arbitrary memory.
Further, we now check the memory mapped size against
the size of the underlying ashmem region after we do
the memory mapping (to fix the ahsmem size) and if
an attacker changed the size under us we throw.
Tests: Updated the tests and they pass.
bug:33039926
bug:33042690
Change-Id: Id7f0e8a4c861b0b9fa796767e0c22d96633b14d1
2016-12-08 01:35:08 +00:00
Aart Bik
29139a8ae5
Revert "Fix vulnerability in MemoryIntArray"
...
This reverts commit 86dfa094de
2016-12-08 01:12:48 +00:00
Svetoslav Ganov
9aed2f6f53
Fix vulnerability in MemoryIntArray am: 86dfa094de am: 367023218e am: e123f41553
...
am: b317e60014
2016-12-08 01:04:48 +00:00
Svetoslav Ganov
b317e60014
Fix vulnerability in MemoryIntArray am: 86dfa094de am: 367023218e
...
am: e123f41553
2016-12-08 00:57:21 +00:00
Svetoslav Ganov
e123f41553
Fix vulnerability in MemoryIntArray am: 86dfa094de
...
am: 367023218e
2016-12-08 00:49:48 +00:00
Daniel Nishi
652276ca3f
Merge "Add methods to query the private storage." into nyc-mr2-dev
2016-12-08 00:42:25 +00:00
