Style resources with circular parental dependencies caused infinite
recursion when calling AssetManager2::GetBag. This fix allows recursion
to cease when a circular dependency is found.
Bug: 77928512
Change-Id: Ib900c36ab1aef5da5b03234a9484c4dad3b63c02
Test: Manual test of b/77928512 and duplicates of 74493983
Adds detection of attacker-modified size and data fields passed to
ResStringPool::setTo(). These attacks are modified apks that AAPT would
not normally generate. In the rare case this occurs, the installation
cannot be allowed to continue.
Bug: 71361168
Bug: 71360999
Test: run cts -m CtsAppSecurityHostTestCases \
-t android.appsecurity.cts.CorruptApkTests
Change-Id: If7eb93a9e723b16c8a0556fc4e20006aa0391d57
AAPT incorrectly writes a truncated string length when the string size
exceeded the maximum possible encode length value (0x7FFF). To decode a
truncated length, this change iterates through length values that end
in the encode length bits. Strings that exceed the maximum encode length
are not placed into StringPools in AAPT2.
Test: Successfully ran broken apps from the duplicates of the bugs
provided and created tests
Bug: 69320870
Change-Id: I99dd9b63e91ac250f81d5dfc26b7c0e6276ae162
(cherry picked from commit ea9e8b447a)
An app was crashing because in an attempt to retrieve layout
attribute/style data, the app infinitely recursed because its parent was
set to itself. This change checks if the resource bag parent and child
have the same ids, and if so, attempts to find the resource in this bag
alone rather than attempting to also look in parent bags.
Bug: 74493983
Test: Manual testing of Fitbit app
Change-Id: Iea37533a0676bd51b72c9bb235adec9bd04f2ccc
(cherry picked from commit ac04095ba9)
List was skipping directories. Include them, and add tests to ensure
the order and precedence is correct.
Bug: 72511641
Test: make libandroidfw_tests
Test: atest CtsContentTestCases:AssetManagerTest
Change-Id: Iadf45883283d3e4aae93bd7c3343745912e34fa0
AssetManager2 assumes that RES_TABLE_TYPE_SPEC_TYPEs must immediately
precede their associated RES_TABLE_TYPE_TYPEs. This is not correct.
RES_TABLE_TYPE_SPEC_TYPEs must precede their associated
RES_TABLE_TYPE_TYPEs, but they do not need to immediately precede them.
For example, this is what we currently expect:
RES_TABLE_TYPE_SPEC_TYPE id=1
RES_TABLE_TYPE_TYPE id=1
RES_TABLE_TYPE_SPEC_TYPE id=2
RES_TABLE_TYPE_TYPE id=2
but this is also valid:
RES_TABLE_TYPE_SPEC_TYPE id=1
RES_TABLE_TYPE_SPEC_TYPE id=2
RES_TABLE_TYPE_TYPE id=1
RES_TABLE_TYPE_TYPE id=2
Bug: 73052092
Test: make libandroidfw_tests
Change-Id: I1f3c43760f8108eee24c2c6ed7bc16f70e951c2b
AssetManager2 relied on creating a list of configurations
present in the resource table so as to avoid copying and
converting ResTable_config's from the APK on every
resource retrieval.
ResTable, however, had a better optimization that pruned
the configurations that didn't match the currently set
configuration. This vastly reduced the number of ResTable_configs
to test.
In this CL, AssetManager2 follows suite with this optimization
and only maintains the filtered ResTable_configs, falling back
to the slow path when the configuration is overridden.
Test: mma frameworks/base/libs/androidfw
Test: adb sync system data
Test: adb shell /data/benchmarktest64/libandroidfw_benchmarks/libandroidfw_benchmarks
Change-Id: Ib57b75fbb32e1d310eec146e5a12dfc6de4385f9
When an app is loaded as a shared library (eg. monochrome),
make sure to set the bit that it loaded as such, so that
conversions from package ID 7f -> shared library ID are done.
Bug: 72511998
Test: make libandroidfw_tests
Test: out/host/<host_os>/nativetest64/libandroidfw_tests/libandroidfw_tests
Change-Id: Icd11b7a5adff351165ca16d5853fb5a0002c34b1
This CL will support the followings.
- installing a RRO package for framework from /product/overlay
- installing apps from /product/app
- installing priv-apps from /product/priv-app
- installing permissions from
/product/etc/[default-permissions|permissions|sysconfig]
Bug: 64195575
Test: `mm` under frameworks/base/tests/[libs|privapp]-permissions
adb sync && adb reboot
adb shell cmd package list libraries
=> confirmed com.android.test.libs.product library
adb shell cmd package dump \
com.android.framework.permission.privapp.tests.product
=> confirmed that the package is a priv-app
And I moved vendor/overlay/framework-res__auto_generated_rro.apk into
system/product/overlay/ on sailfish, and I confirmed that the RRO was
installed properly.
Change-Id: I16175933cebd9ec665d190cc5d564b5414a91827
AssetManager2 relied on creating a list of configurations
present in the resource table so as to avoid copying and
converting ResTable_config's from the APK on every
resource retrieval.
ResTable, however, had a better optimization that pruned
the configurations that didn't match the currently set
configuration. This vastly reduced the number of ResTable_configs
to test.
In this CL, AssetManager2 follows suite with this optimization
and only maintains the filtered ResTable_configs, falling back
to the slow path when the configuration is overridden.
Test: mma frameworks/base/libs/androidfw
Test: adb sync system data
Test: adb shell /data/benchmarktest64/libandroidfw_benchmarks/libandroidfw_benchmarks
Change-Id: I5d46f8b005a37b72750d00bd75f090e7b5a36f60
Take into account numbering system when selecting a matching
resource configuration. Add numbering system specifier into the
generated BCP 47 language tag.
Test: build and run libandroidfw_tests
Bug: 71873777
Change-Id: I3afda181f36de4b29a7be270b6f7593c2261fd71
All other stringAt methods check for null termination. Be consistent
so that upper levels don't end up with huge corrupt strings.
Bug: 62537081
Test: none
Change-Id: I17bdfb0c1e34507b66c6cad651bbdb12c5d4c417
(cherry picked from commit 3d35a0ea30)
(cherry picked from commit 97f8cb01149b35b1832c7f9efe85ff19edf1083e)
The unsigned integer overflow sanitizer catches an overflow on
Res_GETPACKAGE usages. This is used in a number of places in
ResourceTypes.cpp in a number of large functions. For now, lets disable
the sanitizer in this source file.
Test: Compiles and device boots without runtime errors.
Bug: 30969751
Change-Id: Id9e0776ef819c895a3194a32da5c85459f1af431
Merged-In: Id9e0776ef819c895a3194a32da5c85459f1af431
(cherry picked from commit 02828740da)
First pass at getting overlays to respect which resources should be
overlaid. First step is to call it out but not enforce.
Bug: 64980941
Test: manual (inspect the warnings at boot)
Change-Id: I40baee1110d4bc1e54e7f2f9d3b73ffabb067f90
Resources can be marked as overlayable, which means they can
be overlaid by runtime resource overlays.
This change propagates this state to the final resource table that
is installed on device.
Future work:
- Have the idmap tool respect the overlayable state and ignore
entries that overlay anything else.
Bug: 64980941
Test: make aapt2_tests
Change-Id: Id45b1e141a281be2ee32a4ac3096fcf1114d523b
This added more up-front cost to loading an APK and didn't provide
a significant benefit to resource retrieval.
Test: make libandroidfw_tests
Change-Id: Idbf993abc433fa8c8950d106c66469b310b66f7f
If the value passed to AssetManager::ResolveReference is not a
reference, the caller may be expecting for the last reference to
not be cleared, as a more appropriate value should most likely be
retained.
This was causing an issue when a caller was manually resolving
references and expecting the last resource ID resolved to be propagated
across calls to ResolveReference.
Test: make libandroidfw_tests
Change-Id: I5b7f586e2cd541059023eaa9ba23e324a21a9a1e
