Adding freeform resizing to activities which require
a certain orientation. This is needed for e.g. ARC++.
Bug: 33267688
Test: runtest frameworks-services -c com.android.server.wm.TaskPositionerTests
Test: Visually on ARC++
Change-Id: If708c1602cb2ff464174389af4648ad767b0b079
MemoryIntArray was using the size of the undelying
ashmem region to mmap the data but the ashmem size
can be changed until the former is memory mapped.
Since we use the ashmem region size for boundary
checking and memory unmapping if it does not match
the size used while mapping an attacker can force
the system to unmap memory or to access undefined
memory and crash.
Also we were passing the memory address where the
ashmem region is mapped in the owner process to
support cases where the client can pass back the
MemoryIntArray instance. This allows an attacker
to put invalid address and cause arbitrary memory
to be freed.
Now we no longer support passing back the instance
to the owner process (the passed back instance is
read only), so no need to pass the memory adress
of the owner's mapping, thus not allowing freeing
arbitrary memory.
Further, we now check the memory mapped size against
the size of the underlying ashmem region after we do
the memory mapping (to fix the ahsmem size) and if
an attacker changed the size under us we throw.
Tests: Updated the tests and they pass.
bug:33039926
bug:33042690
Change-Id: Id7f0e8a4c861b0b9fa796767e0c22d96633b14d1
We had overriding of PRIVATE format scattered at multiple places.
Consolidate them into one place.
Test: Camera preview/capture, and camcorder recording
Change-Id: I098ce93bba2000760a20c0297fcf0cb9d8c6caab
- Use RemoteCallbackList for managing multiple callbacks
- Add unregisterNetworkScoreCache to the service interface
- Added NetworkScoreServiceTest
Test: runtest frameworks-services
Bug: 32913019
Change-Id: I16ca1682acca9cbe403812e520394688a026414b
- If an activity requests that it can auto-enter PIP, then we will trigger
it to enter PIP when the task is effectively being occluded. This does
not affect the activity when the screen is locking, or if it starts new
activities within its own task, or if it finishes itself, or if there is
already a PIP activity.
- Changed setPictureInPictureAspectRatio to also specify the aspect ratio
to use when auto-entering PIP. If the activity is not PIP'ed and has
not requested auto-enter, then the call continues to fail.
Test: android.server.cts.ActivityManagerPinnedStackTests
Test: #testAutoEnterPictureInPicture
Test: #testAutoEnterPictureInPictureLaunchActivity
Test: #testAutoEnterPictureInPictureFinish
Test: #testAutoEnterPictureInPictureAspectRatio
Test: #testAutoEnterPictureInPictureOverPip
Change-Id: I6477b6d1f160cf0219d935123bbb505f57ee7a56
MemoryIntArray was using the size of the undelying
ashmem region to mmap the data but the ashmem size
can be changed until the former is memory mapped.
Since we use the ashmem region size for boundary
checking and memory unmapping if it does not match
the size used while mapping an attacker can force
the system to unmap memory or to access undefined
memory and crash.
Also we were passing the memory address where the
ashmem region is mapped in the owner process to
support cases where the client can pass back the
MemoryIntArray instance. This allows an attacker
to put invalid address and cause arbitrary memory
to be freed.
Now we no longer support passing back the instance
to the owner process (the passed back instance is
read only), so no need to pass the memory adress
of the owner's mapping, thus not allowing freeing
arbitrary memory.
Further, we now check the memory mapped size against
the size of the underlying ashmem region after we do
the memory mapping (to fix the ahsmem size) and if
an attacker changed the size under us we throw.
Tests: Updated the tests and they pass.
bug:33039926
bug:33042690
Change-Id: Ie267646eb88014034fbd048d7a9bc273420c7eff
Fixes a bug in MessagingLinearLayout where we would not
recompute the height of it after applying the computed
insets to the text views, leading to incorrect padding
and in rare cases a cut off message at the bottom.
Change-Id: If87a527555158e94e501832e9f49e380cc7da2bb
Test: runtest -x core/tests/coretests/src/com/android/internal/widget/MessagingLinearLayoutTest.java
Fixes: 31463075
MemoryIntArray was using the size of the undelying
ashmem region to mmap the data but the ashmem size
can be changed until the former is memory mapped.
Since we use the ashmem region size for boundary
checking and memory unmapping if it does not match
the size used while mapping an attacker can force
the system to unmap memory or to access undefined
memory and crash.
Also we were passing the memory address where the
ashmem region is mapped in the owner process to
support cases where the client can pass back the
MemoryIntArray instance. This allows an attacker
to put invalid address and cause arbitrary memory
to be freed.
Now we no longer support passing back the instance
to the owner process (the passed back instance is
read only), so no need to pass the memory adress
of the owner's mapping, thus not allowing freeing
arbitrary memory.
Further, we now check the memory mapped size against
the size of the underlying ashmem region after we do
the memory mapping (to fix the ahsmem size) and if
an attacker changed the size under us we throw.
Tests: Updated the tests and they pass.
bug:33039926
bug:33042690
Change-Id: Ib8e50afcdb5475123968572ac9696e8ed4031631
- Add a set of write methods to ProtoOutputStream that figure out the type.
The other methods are doing all the type checking anyway, so this won't be
much slower, and it's way easier to use. The expected java type casts
that people would do anyway happen inside.
- Add writeObject and writeRepeatedObject methods that write a pre-encoded
object.
- Add a constructor that takes an OutputStream, and a flush() method. Right
now, all the data gets flushed at the end, but given this API it would be
possible to write smaller chunks at the object boundaries and do more
sophisticated buffering.
Test: CTS
Change-Id: Ieb852092d3d65812c81139558151de9e3f467dc8
