Malformed authority segments can currently cause the parser to produce
a hostname that doesn't match the hostname produced by the WHATWG URL
parsing algorithm* used by browsers, which means that a URL could be seen
as having a "safe" host when checked by an Android app but actually visit
a different host when passed to a browser. The WHATWG URL parsing
algorithm always produces a hostname based on the last @ in the authority
segment, so we do the same.
* https://url.spec.whatwg.org/#authority-state resets the "buffer", which
is being used to build up the host name, each time an @ is found, so it
has the effect of using the content between the final @ and the end
of the authority section as the hostname.
Bug: 68341964
Test: vogar android.net.UriTest (on NYC branch)
Test: cts -m CtsNetTestCases (on NYC branch)
Change-Id: Idca79f35a886de042c94d6ab66787c2e98ac8376
There are intermittent issues where either the returned Bluetooth
MAC address to Java framework is uninitialized or this address update
arrives too late. This fix will do 2 things:
(1) Returns error when MAC address is unavailable in the native code.
(2) Updates the MAC address later by adding a new broadcast event.
Test: Check address for these cases: factory reset, system reboot, and
Bluetooth re-enable.
Bug: 36709382
Merged-In: I09720193e38fdf9139e1bb146f8e1847e2b65b1a
(cherry picked from commit ad4d1d8e28)
Change-Id: Ifae3adf6e2aad1f0811c03d3114d1bd0452e7c23
Bug: 62196835
Test: Created an accessibility service that displays a system
and a toast overlay, confirmed that it disappeared when we
reached the accessibility permission screen that uses this
flag.
Change-Id: Ic51ead670fc480e549512ba1d02f49d9c13bc3f0
Bug: 62196835
Test: Created an accessibility service that displays a system
and a toast overlay, confirmed that it disappeared when we
reached the accessibility permission screen that uses this
flag.
Change-Id: Ic51ead670fc480e549512ba1d02f49d9c13bc3f0
Bug: 62196835
Test: Created an accessibility service that displays a system
and a toast overlay, confirmed that it disappeared when we
reached the accessibility permission screen that uses this
flag.
Change-Id: Ic51ead670fc480e549512ba1d02f49d9c13bc3f0
GateKeeperResponse has inconsistent writeToParcel() and
createFromParcel() methods, making it possible for a malicious app to
create a Bundle that changes contents after reserialization. Such
Bundles can be used to execute Intents with system privileges.
This CL changes writeToParcel() to make serialization and
deserialization consistent, thus fixing the issue.
Bug: 62998805
Test: use the debug app (see bug)
Change-Id: Ie1c64172c454c3a4b7a0919eb3454f0e38efcd09
Bug: 62196835
Test: Created an accessibility service that displays a system
and a toast overlay, confirmed that it disappeared when we
reached the accessibility permission screen that uses this
flag.
Change-Id: Ic51ead670fc480e549512ba1d02f49d9c13bc3f0
Bug: 62196835
Test: Created an accessibility service that displays a system
and a toast overlay, confirmed that it disappeared when we
reached the accessibility permission screen that uses this
flag.
Change-Id: Ic51ead670fc480e549512ba1d02f49d9c13bc3f0
Fix a bug where a malformed Parceled representation
of an AccessibilityNodeInfo could be used to mess with
Bundles as they get reparceled.
Bug: 36491278
Test: Verified that POC no longer works, a11y cts still passes.
(Manual merge from commit 687bb44b43)
Change-Id: I7746c9175a2da28f75d4f4b169d7997abadf1852
Fix a bug where a malformed Parceled representation
of an AccessibilityNodeInfo could be used to mess with
Bundles as they get reparceled.
Bug: 36491278
Test: Verified that POC no longer works, a11y cts still passes.
Change-Id: I10f24747e3ab87d77cd1deba56db4526e3aa5441
(cherry picked from commit 687bb44b43)
Percentage-base sizes involving screen height are incorrect for watch
devices with non 1:1 display metrics. These are round screens with an
inactive bottom portion. To maintain the correct proportions the
bottom inset must be added to the height.
BUG: 36728475
Change-Id: Ibe351d1db7964b4b89ce9a588c171cd8407e2a50
In ag/1835531 we introduced a check for permissions review mode,
that relies on an overlay resource. Since we can't use overlay
resources for the Unified Build, this CL temporarily introduces
the checking for a build property as well. This possibly won't work
for O/G, but will work for the Feldspar release of the Unified build.
BUG: 35028846
Change-Id: I4c82f242bc680028ecd872589552534a419f0152
