Do this both on input from apps (giving error) and between wifi and
ConnectivityService (ignoring bad data). This means removing all
addresses beyond the first and all routes but the first default and
the implied direct-connect routes.
We do this because the user can't monitor the others (no UI), their
support wasn't intended, they allow redirection of all traffic
without user knowledge and they allow circumvention of legacy VPNs.
This should not move forward from JB as it breaks IPv6 and K has
a more resilient VPN.
Bug:12663469
Change-Id: I98c0672a6d9c8d5bc4f160849aa0fa182073216b
Various authenticator results such as getAuthToken and addAccount might
result in an Intent returned to the AccountManager caller. A malicious
authenticator could exploit the fact that the Settings are a system app,
lead the user to launch add account for their account type and thus get
Settings to use the intent to start some arbitrary third parties Activity.
The fix is to make sure that the UID of the app associated with Activity
to be launched by the supplied intent and the Authenticators UID share
the same signature. This means that an authenticator implementer can only
exploit apps they control.
This is a backport of 5bab9daf3c
Bug: 7699048
Change-Id: Ifed345c2fc20020d55fa2cab1f2f7ea509ea09b2
Backport...
Fix for PreferenceActivities being invoked with non-Fragment class
names via extras in the intent. Make sure that the constructor
doesn't get called if the class name is not for a Fragment type.
Bug: 9901133
Change-Id: I227756fb4246deac796cee09077e482237bb5b0d
Instead of local instance of the default HostnameVerifier, use it
directly from HttpsURLConnection. This avoids class preloading creating
an instance of it before it's necessary.
(cherry picked from commit 928ee1e48f)
Bug: 9984058
Change-Id: I56565afa0394dc98054abbaef06ac9bfff009e56
Bug: 7073422
Create the plumbing to use an annotation to allow access to
inherited methods of jsinterface objects. The default webview
behavior has not changed yet. However internally an a flag is
introduced to restrict javascript access to methods that have an annotation.
Clean cherry pick of 94740e6c33
Provided @JavascriptInterface to methods that are accessible from
js.
Clean cherry pick of b743a23fc5
Add a glue logic to require use of annotations in injected accessibility
objects.
Change-Id: I4135bd6787b2084177215302cd2c72afed090dc0
Bug: 7073422
The feature that is using search box implementation was removed from
browser after Honeycomb. This is to remove the js interface that
is added for this feature.
Clean cherry pick of d773ca8ff2
Change-Id: I033d29718d08803f375759faf83e2058df6d4906
(1) Prevent full restore from creating files/directories that are
accessible by other applications
(2) Don't restore filesets from "system" packages; i.e. any that runs
as a special uid, unless they define their own agent for handling
the restore process.
Bug 7168284
This is a cherry-pick from the originating tree.
Change-Id: I9f39ada3c4c3b7ee63330b015e62745e84ccb58f
Applications using these fields and methods are just asking for i18n bugs.
Also @deprecate two int[]s that were never meant to be public.
Change-Id: I29b3a1c0c663fe344d2567df6ed3bb537270b3b7
Indicate link up state based on flags/interface up, and not on IP address.
This is for ethernet interfaces that already exists.
Change-Id: Ib342d519c483bbb2dfa08cfac2c0c1a288cee7c0
Signed-off-by: Vishal Mahaveer <vishalm@ti.com>
