This reverts commit 4d91b5aa0b.
Reason for revert: will deliver a better fix for that, ag/16580245.
Change-Id: I8691f47251157aae83d326eb808dd1c06b13a420
The size of the input of both setStream and setResource may very big
that system server got oom while handling it, so we try to decode it
first before copying it to the wallpaper path, if the decoding fails, we
treat the input as an invalid input.
Bug: 204087139
Test: Manually set wallpaper, no PDoS observed.
Change-Id: I014cf461954992782b3dfa0dde67c98a572cc770
See comment here for the discussion on solution
https://b.corp.google.com/issues/169762606#comment14
Change-Id: If212df3a3b7be1de0fb26b8e88b2fcbb8077c253
Bug: 169762606
(cherry picked from commit 11053c17b3)
Change-Id: I6494366a5695daedc3f4f0046da9e130a5363f5f
Merged-In: If212df3a3b7be1de0fb26b8e88b2fcbb8077c253
The system is overwhelmed by an enormous label string returned by
the load label api. This cl truncates the label string if it exceeds
the maximum safe length.
Also update the max safe label length to 1000 characters, which is
enough.
Bug: 67013844
Test: atest PackageManagerTest
Change-Id: Ia4d768cc93a47cfb8b6f7c4b6dc73abd801809bd
Merged-in: Ia4d768cc93a47cfb8b6f7c4b6dc73abd801809bd
The system is overwhelmed by an enormous label string returned by
the load label api. This cl truncates the label string if it exceeds
the maximum safe length.
Also update the max safe label length to 1000 characters, which is
enough.
Bug: 67013844
Test: atest PackageManagerTest
Change-Id: Ia4d768cc93a47cfb8b6f7c4b6dc73abd801809bd
Merged-in: Ia4d768cc93a47cfb8b6f7c4b6dc73abd801809bd
The system is overwhelmed by an enormous label string returned by
the load label api. This cl truncates the label string if it exceeds
the maximum safe length.
Also update the max safe label length to 1000 characters, which is
enough.
Bug: 67013844
Test: atest PackageManagerTest
Change-Id: Ia4d768cc93a47cfb8b6f7c4b6dc73abd801809bd
Merged-in: Ia4d768cc93a47cfb8b6f7c4b6dc73abd801809bd
Do not catch exceptions when we attempt to create the following classes
from a parcel
- OutputConfiguration
- VendorTagDescriptor
- VendorTagDescriptorCache
- SessionConfiguration
This could cause subsequent parcel information to be read incorrectly.
Bug: 188675581
Test: Sample app which tries to write invalid data into an
OutputConfiguration parcel to send in an intent via Broadcast. When read by the receiving app,
gets an exception (not swallowed).
Merged-In: I745ca49daa6ca36b1020d518e9f346b52684f2b1
Change-Id: I745ca49daa6ca36b1020d518e9f346b52684f2b1
Signed-off-by: Jayant Chowdhary <jchowdhary@google.com>
(cherry picked from commit 6b0bcd60c8)
Do not catch exceptions when we attempt to create the following classes
from a parcel
- OutputConfiguration
- VendorTagDescriptor
- VendorTagDescriptorCache
- SessionConfiguration
This could cause subsequent parcel information to be read incorrectly.
Bug: 188675581
Test: Sample app which tries to write invalid data into an
OutputConfiguration parcel to send in an intent via Broadcast. When read by the receiving app,
gets an exception (not swallowed).
Merged-In: I745ca49daa6ca36b1020d518e9f346b52684f2b1
Change-Id: I745ca49daa6ca36b1020d518e9f346b52684f2b1
Signed-off-by: Jayant Chowdhary <jchowdhary@google.com>
(cherry picked from commit 6b0bcd60c8)
This is a CP of ag/14736230 to qt-dev.
Apps were able to bypass BAL and BG-FGS restrictions by retrieving their
own notifications and firing their PI since those were allowlisted for
those operations.
Now we strip the token that granted them that ability
from notifications returned via NM.getActiveNotifications(), which
returns the notifications of the caller.
Notifications returned via notification listener APIs still contain such
token, as they should.
Bug: 185388103
Bug: 169821287
Test: Manually tested
Change-Id: I2ede0d639a560f6acacec3864a0a7d23af152ba5
Merged-In: I2ede0d639a560f6acacec3864a0a7d23af152ba5
(cherry picked from commit 5fbeff59df)
Instead of iterate all ellipsized characters, only iterate the necessary
ranges for copying.
Bug: 188913943
Test: atest CtsTextTestCases CtsGraphicsTestCases CtsWidgetTestCases
Change-Id: I3d03b1e3897e427c23fbe51315f412c57a4ce9e9
Merged-In: I3d03b1e3897e427c23fbe51315f412c57a4ce9e9
Instead of iterate all ellipsized characters, only iterate the necessary
ranges for copying.
Bug: 188913943
Test: atest CtsTextTestCases CtsGraphicsTestCases CtsWidgetTestCases
Change-Id: I3d03b1e3897e427c23fbe51315f412c57a4ce9e9
(cherry picked from commit 2c6121f3e3)
Instead of iterate all ellipsized characters, only iterate the necessary
ranges for copying.
Bug: 188913943
Test: atest CtsTextTestCases CtsGraphicsTestCases CtsWidgetTestCases
Change-Id: I3d03b1e3897e427c23fbe51315f412c57a4ce9e9
(cherry picked from commit 2c6121f3e3)
As per requested in b/176940932#comment3 and b/156260178#comment32,
extending the valid font size scale range to [0.25, 5].
Existing CTS tests still pass.
BUG: 156260178
Test: atest android.provider.cts.settings.Settings_SystemTest
Test: atest android.app.cts.ApplicationTest
Change-Id: Icff82d727d63da4353342b0f9a5ca3c2ae1671c1
(cherry picked from commit df8852a0b5)
Merged-In: Icff82d727d63da4353342b0f9a5ca3c2ae1671c1
NO_INPUT_CHANNEL is a hidden WM flag that allows creation of a window
without an input channel. Unfortunately in releases prior to Android R
this would allow creation of a Window which will not be known to the
InputDispatcher at all. This means that the logic generating
FLAG_OBSCURED will work and a window will be able to overlay another
window without the overlayed window being notified. In Android R and
later this isn't a problem as the InputDispatcher is informed of all
windows, input channel or not. For past Android releases, this patch
disables NO_INPUT_CHANNEL for use outside of the WM.
Bug: 152064592
Test: Existing tests pass
Change-Id: I7e1f45cba139eab92e7df88d1e052baba0ae2cc6
NO_INPUT_CHANNEL is a hidden WM flag that allows creation of a window
without an input channel. Unfortunately in releases prior to Android R
this would allow creation of a Window which will not be known to the
InputDispatcher at all. This means that the logic generating
FLAG_OBSCURED will work and a window will be able to overlay another
window without the overlayed window being notified. In Android R and
later this isn't a problem as the InputDispatcher is informed of all
windows, input channel or not. For past Android releases, this patch
disables NO_INPUT_CHANNEL for use outside of the WM.
Bug: 152064592
Test: Existing tests pass
Change-Id: I7e1f45cba139eab92e7df88d1e052baba0ae2cc6
NO_INPUT_CHANNEL is a hidden WM flag that allows creation of a window
without an input channel. Unfortunately in releases prior to Android R
this would allow creation of a Window which will not be known to the
InputDispatcher at all. This means that the logic generating
FLAG_OBSCURED will work and a window will be able to overlay another
window without the overlayed window being notified. In Android R and
later this isn't a problem as the InputDispatcher is informed of all
windows, input channel or not. For past Android releases, this patch
disables NO_INPUT_CHANNEL for use outside of the WM.
Bug: 152064592
Test: Existing tests pass
Change-Id: I7e1f45cba139eab92e7df88d1e052baba0ae2cc6
Activity can be used only in two cases.
1) Calling uid matches uid grantee.
2) Calling uid is is system. This flow is used by getToken methods with
notifyAuthFailure=true.
Test: Existing CTS tests
Bug: 158480899
Merged-In: I1421c333b6cebb4f7cddcdd8766298f6872e933b
Change-Id: I18af48cf3cb4ad23a3e5b02a8ea1416aa5570dba
Activity can be used only in two cases.
1) Calling uid matches uid grantee.
2) Calling uid is is system. This flow is used by getToken methods with
notifyAuthFailure=true.
Test: Existing CTS tests
Bug: 158480899
Change-Id: I1421c333b6cebb4f7cddcdd8766298f6872e933b
