Make sure the number of entries written by Parcel#writeMapInternal
matches the size written. If a mismatch were allowed, an exploitable
scenario could occur where the data read from the Parcel would not
match the data written.
Fixes: 112859604
Test: cts-tradefed run cts -m CtsOsTestCases -t android.os.cts.ParcelTest
Change-Id: I325d08a8b66b6e80fe76501359c41b6656848607
Merged-In: I325d08a8b66b6e80fe76501359c41b6656848607
Leaving a no-op CREATOR can lead to issues. We throw a run-time
exception to prevent anyone from using this. The StatsLogEventWrapper is
meant to be write-only since it's only used to send data to statsd.
Bug: 112550251
Test: Tested with provided POC app by external researcher.
Change-Id: I001d84e2a61a1cd8a4f59aa156ca52f73ad0f6e1
For the various Build.VERSION_CODES.<version_name> constants, adding
a link to the appropriate "about this release" page in
/about/versions/ , if there is one.
Staged doc to:
http://go/dac-stage/reference/android/os/Build.VERSION_CODES
Bug: 80546406
Test: make ds-docs
Change-Id: If363445c938d325172da6beeed25e821121c5539
The BinderProxy class is not thread-safe, hence all calls into it
must be serialized. This was achieved by holding the gProxyLock in
JNI code. However, a recent change added calls into BinderProxy
from ActivityManagerService without holding that lock, causing
ConcurrentModificationExceptions.
Instead of dumping debug info from AMS, make the call directly
from JNI, so we can make sure gProxyLock is held correctly.
Also, only dump on debug builds.
Bug: 71353150
Bug: 109701487
Test: sailfish builds, boots, info gets dumped with lowered limits.
Change-Id: I446a71ce4115b9936a01a170401ef98ba3818c0b
Because we can't always create the range of effects we'd like, we may
need different default intensity levels for different devices. This
works fine for prebaked effects, but for application defined amplitudes
we need to provide a scaling function. In addition, this scaling
function should leave amplitude values untouched in the default state so
that application developers produce the effects they expect.
Bug: 80275800
Test: manual
Merged-In: Ibb552ddfa60891853ebcb1a5567ed6745bb5defe
Change-Id: Ibb552ddfa60891853ebcb1a5567ed6745bb5defe
If a process gets killed because it sends too many proxies,
dump proxy debug info so we can see what types of interfaces
it sends.
Bug: 71353150
Test: builds, output generated
Change-Id: I3a7787cb3fa73b0b4ad223b18cd79f44e22b9ef5
Also fixing method for requiring both MANAGE_USERS
and INTERACT_ACROSS_USERS_FULL permissions.
Fixes: 80001332
Bug: 25935510
Test: unit test
Change-Id: If10166b4379ddc6a5f004eab77fa1f93abf6ac2a
In order to ensure we maintain compatibility, we now configure the
canonical URIs instead of the raw URIs. Correspondingly, we need to
uncanonicalize before comparing them.
Note that we uncanonicalize the configured URI, rather than
canonicalizing the one given to us. This is because the canonicalization
format might change (e.g. add extra parameters) at which point they'll
no longer by equal, but should always uncanonicalize to the same value.
Bug: 75947705
Test: manual
Merged-In: If3b02dfef480245210fd2c585c7c727de77a4a73
Change-Id: I53dece42424a6629e0fb406845f57ebbb06dffcb
SystemUI runs under a single user (user 0), and needs to build
browse intents for secondary users. To accommodate this, the safety
check recently added to buildBrowseIntent() needs to be relaxed
when building for a non-current user.
Bug: 79733193
Test: builds, boots
Change-Id: Icce014bf824d0a0ee15e3d84c34f1c2b73d213c1
Due to permissions changes, we now need to access
the underlying filesystem of removable devices in
order to get write access.
Add internalPath to StorageVolume, and have VolumeInfo
set the field on creation.
Bug: 77849654
Test: Can write to emulated sdcard through MTP
Change-Id: I63302ecf2dd2600a1c9f3f6ab106c3695654cbaa
It will only print out a dump for userdebug or eng builds.
Bug: 77727638
Test: flash device and check output of incident proto and
'dumpsys batterystats -c --history'
Merged-In: Ib74d4c664f23a61e6fc33f700ba6a3c6fad32c74
Change-Id: Ia0c993d1281cc350d93f9c13f5540b349a4bfb84
We thought we could push everyone through sdcardfs, but secondary
devices mounted in a stable location don't give full write access to
apps holding WRITE_EXTERNAL_STORAGE, so system internals still need
to reach behind sdcardfs.
To keep sdcardfs in the loop about changes that we make behind its
back, we issue access(2) calls which should be enough for it to
invalidate any cached details.
Bug: 74132243
Test: manual
Change-Id: I727cd179a5a825b16ec4df6e2f41a079758d41c5
PersistableBundle.java expects items to be sorted by the hash codes
of the keys, but PersistableBundle.cpp isn't compatible to it.
PersistableBundle.java now knowns what was parceled by C++
because it now uses a different magic, and change the unpercel
strategy.
Change-Id: Ia516f80b6d48dcb9f981767e0e64303434f39fb4
Fixes: 65744965
Test: adb shell sm fstrim and check logcat
Test: On sailfish, set vibration intensity to High, lock the phone and
unlock with FPS. Vibration should be played.
Bug: 76129874
Change-Id: I546341e55fa0e6de0af1d22c8e8e07d67670f0b9
Merged-In: I546341e55fa0e6de0af1d22c8e8e07d67670f0b9
Virtual disks are adoptable by default, but for debugging purposes
we want to treat them as unadoptable in some cases. Add the ability
for the "sm" shell command to force on/off, or return to default.
Bug: 77849654, 74132243
Test: manual
Change-Id: Ieda317396624ca081e5dd9568795483f684f9297
The warning dedupe logic in the runtime meant that only the first usage of
each API was detected. Disable this logic when DETECT_VM_NON_SDK_API_USAGE
is enabled.
Test: m
Test: $ atest android.os.cts.StrictModeTest#testNonSdkApiUsage
Bug: 78268765
Change-Id: Iba1127b84180b9a5e5eb68abc4691ccad082b80e
If we send a bad API whitelist to the Zygote, it causes it to close the
socket. If we take no further action in AMS, it results in the same list
of exceptions being sent when we re-open the socket, resulting in it again
being closed. This results in no longer fork/start any new processes.
Since the list is persisted, this would result in the device entering a
boot loop upon reboot. Since no apps could be started, we cannot recover.
So in the case that the exemptions list causes problems, clear out the
list so we don't try to send it again next time. This means we will see
a single failure, but future attempts will succeed (obviously without
any whitelist). The device should not enter a boot loop.
Note, the test below relies on the fact that we can send at most 1024
arguments in a command to the Zygote (MAX_ZYGOTE_ARGC), and that each
item on the list is a separate argument.
Test: adb shell settings put global hidden_api_blacklist_exemptions \
Test: $(for i in {1..1025}; do echo -n $i,; done)
Bug: 64382372
Change-Id: Ie47095d516c247ff6a8d667a2ac9b7be45f1acda
