Currently when loading implicit layers from apks, NativeLoaderNamespace
doesn't allow to dlopen the binaries if they come from apks from
/vendor/app. Implicit layers ship within /vendor/app should work like
other implicit layers. This patch extracts the construction of library
paths of the implicit layers and includes those paths when
NativeLoaderNamespace is created as the part of the permitted library
paths.
Bug: b/157832445
Test: atest android.gputools.cts.CtsRootlessGpuDebugHostTest
Test: setup debug layer and use adb logcat to check vulkan loader output
Change-Id: Ie2ca989bcab890578b5aa540d07f2aee2a0182bd
ETWS primary/secondary flag needs to be saved in the
database in order to perform duplicate check later. Used the
hardcoded database column name because Android R API freezes.
Will remove the hardcode in the next Android release.
Fix: 157699377
Test: CtsTelephonyTestCases & CellBroadcastServiceTests
Change-Id: Iedec92a1f435f60ceb9f36637a1718adbbd7e2ae
This reverts commit a0a20dc23b.
Reason for revert: This is causing a number of fatal crashes in SystemUI. See b/158081578, b/158057055, b/158060735, and b/158061923.
Fixes: 158081578
Fixes: 158057055
Fixes: 158060735
Fixes: 158061923
Change-Id: If7e6cd4ade3df540ba7d97d9265564132a235292
* if the user taps quickly such that there is only ACTION_DOWN and
ACTION_UP, without ACTION_MOVE, it'd be possible that the
isSecure check is not respected. This patch fixes that case.
Test: atest android.autofillservice.cts.inline
Bug: 157772682
Bug: 158038231
Change-Id: Icd21bf2f88259673bb9b20e46e63672648495eac
And fix a bug with toggling priority I noticed while testing
Test: atest
Fixes: 157988478
Bug: 155490513
Change-Id: I8f5a6076ed2aa6c862a187bac15f3ad9af3cd141
To mitigate a boot loop with reading a massive
install_sessions.xml file, this restricts the amount of
data that can be written by limiting the size of
unbounded parameters like package name and app label.
This introduces a lowered max session count. 50 for general
applications without the INSTALL_PACKAGES permission, and
the same 1024 for those with the permission.
Also truncates labels read from PackageItemInfo to 1000
characters, which is probably enough.
These changes restrict a malicious third party app to ~0.15 MB
written to disk, and a valid installer to ~3.6 MB, as opposed to
the >1000 MB previously allowed.
These numbers assume no install granted runtime permissions.
Those were not restricted since there's no good way to do so,
but it's assumed that any installer with that permission is
highly privleged and doesn't need to be limited.
Along the same lines, DataLoaderParams are also not restricted.
This will have to be added if that API is ever made public.
However, installer package was restricted, even though the API is
hidden. It was an easy add and may have some effect since the value
is derived from other data and passed through by other system
components.
It's still possible to inflate the file size if a lot of
different apps attempt to install a large number of packages,
but that would require thousands of malicious apps to be installed.
Bug: 157224146
Test: atest android.content.pm.PackageSessionTests
Change-Id: Iec42bee08d19d4ac53b361a92be6bc1401d9efc8
Since mDeferredDestroySurfaceControl is the same underlying
object as mSurfaceControl we also need to hold the mSurfaceControlLock
when writing to it.
Bug: 157657896
Test: Existing tests pass
Change-Id: Ie0da3ed5d94c7aae2593423fa2767dbc902da4c8
When AutofillManagerService try to trigger AugmentedAutofill, it uses
AutofillId.withoutSession() to get the AutollId without session. It
will return invalid "parentId:NO_ID" if the virtual AutofillId is
created with FLAG_IS_VIRTUAL_INT. The virtual AutofillId flag should
be FLAG_IS_VIRTUAL_INT or FLAG_IS_VIRTUAL_LONG, we should get
mVirtualIntId for FLAG_IS_VIRTUAL_INT or mVirtualLongId for
FLAG_IS_VIRTUAL_LONG.
Bug: 156408900
Test: atest android.autofillservice.cts.augmented
Test: atest android.view.autofill.AutofillIdTest#\
testVirtual_Long_withoutSession
Test: atest android.view.autofill.AutofillIdTest#\
testVirtual_Int_withoutSession
Test: Manual. Write a simple cts test for webview and check the
focused AutofillId is correct while switching between the field.
Change-Id: I7ebb4d7cfb6d6f383724b798dae69269ae3a27be
This will allow a11y services to identify the all apps system actions by
id.
Bug: 157078174
Test: manual with all apps and talkback
Change-Id: Ice0969753d6ed789dca762f49859b17ea1de85e9
Throw an IllegalStateException if recevie touch move without down,
that could give an explicit feedback about GestureDetector may not
receive the full touch stream.
Bug: 149578486
Test: manual
Change-Id: I644ec1bebbca66dd0f0c219b63a6478b1290d1e1
Child windows do not inherit FLAG_SECURE from parent windows, and
therefore, the default dialogs for JS callbacks do not have this flag
even when the app window has it.
This CL adds a note warning about this behavior to mitigate the
potential vulnerability.
Bug: 120086187
Test: m -j offline-sdk-docs seems not broken
Change-Id: I12f12befd1f303d26ebc866f4817f5184279caeb
The camera API, MediaStore.ACTION_IMAGE_CAPTURE requires apps to pass
a content:// URI with write permissions to the camera. Unfortunately,
apps haven't been doing this and we only started hitting problems in R
for two reasons:
1. The FileUriExposedException that should crash apps when they try to
share file:// URIs acroos binder is skipped. This is because, the
image_capture intent is passed across binder as a field in a
ChooserActivity Intent and the child intents are not checked for
file URI exposed
2. Prior to R, when camera gets a file:// URI, camera issues a file
open(2) in its process. This open(2) succeeds because the camera had
write_external_storage permission which gave it write access to all
files on external storage
Now, camera targets R and (2) fails because camera does not have write
access to files owned by other apps. To workaround, we do the
following in the apps process when it targets < R:
a. When we detect a file:// URI for the camera in an Intent, we create
the file on disk if it is not already created.
b. Scan the file to insert it in the database and retrieve a
content:// URI
c. Replace the file:// URI with the content URI in the image_capture
intent
This works because, the system will ensure the camera is granted write
access to the content URI.
Test: Manual
Bug: 156336269
Change-Id: I4849ff5e806a8207650ff7534846c36ecdc6d3c0
The change to use the overridden package name in the resources table
won't be included in the current release.
Test: Compile
Bug: 147434671
Change-Id: I9acbf921814088dfaba485d9acc845da650caf87
Uses applySyncTransaction to synchronize all the surface
updates during split-screen enter/exit.
In Divider, all syncTransactions are serialized and runnables
can be posted to operate on the returned transactions so
they happen all at once.
This also required adding a "merge" functionality on
WindowContainerTransactions to handle racing between rotation
and other in-flight sync transactions (because they are
serialized, sometimes they got delayed).
Bug: 153579514
Test: Enter/exit split-screen and observe no flickers
Change-Id: I57df13489247f3c4fb3ca59efa26867a872e447f
Introduce meta-data tag "android.supports_size_changes" which will indicated that an activity works well with size changes like display changing size.
Test: Manual - Run by adding metadata to the app running with SizeCompatMode.
Bug: 155041354
Change-Id: I0f358f63c9e14c63294275c0bfcd08744bee1108
Ethernet networks using tap interfaces should have TRANSPORT_TEST so
they are not considered by network selection.
Test: atest CaptivePortalApiTest FrameworksNetTests
Bug: 156319532
Original-Change: https://android-review.googlesource.com/1317238
Merged-In: I0d9477977c88aa055625ab4046577a41e76b05ff
Change-Id: I0d9477977c88aa055625ab4046577a41e76b05ff
In ContextImpl, we checked the flag "mIsAssociatedWithDisplay" to
identify if a context can access a display or not. The flag wasn't
passed from outer context, and it leads to an issue that context
which created from #createConfigurationContext from display context
failed to obtain display instance.
This CL passes mIsAssociatedWithDisplay from outer context and
also add test to verify the behavior.
fixes: 157719118
Test: atest ContextTest ContextAccessTest
Change-Id: Ibeb2a08c75f90304e12dcf99293c84409c5eea34
