* changes:
DO NOT MERGE NetworkMonitor: send one DNS probe per web probe
DO NOT MERGE NetworkMonitor metrics: add first validation information
DO NOT MERGE Captive portal systel log improvements
UserManager.isUserUnlocked/isUserRunning/isUserUnlockingOrUnlocked now
return state from UMS.mUserStates that is pushed from ActivityManager.
Test: create managed profile using TestDPC and check Launcher3
Test: manually create unstarted managed profile and check launchers
Bug: 33232933
Change-Id: I6b619ba1880188eabdd6e3e4cc7eb60d3a22a977
This patch adds first validation information to:
- ValidationProbeEvent, by extending the probe_type int field of to
also include a bit indicating if the probe was part of a first
validation attempt or not.
- NetworkMonitorEvent, by defining new contants for the event_type
field.
Test: $ runtest frameworks-net
+ manually generating events and inspecting the
output of $ adb shell dumpsys connmetrics list
Bug: b/32198726
(cherry picked from commit 147aa6d53b)
Change-Id: I7ed954dee006f8804a5bf8940eec180714bddd07
MemoryIntArray was using the size of the undelying
ashmem region to mmap the data but the ashmem size
can be changed until the former is memory mapped.
Since we use the ashmem region size for boundary
checking and memory unmapping if it does not match
the size used while mapping an attacker can force
the system to unmap memory or to access undefined
memory and crash.
Also we were passing the memory address where the
ashmem region is mapped in the owner process to
support cases where the client can pass back the
MemoryIntArray instance. This allows an attacker
to put invalid address and cause arbitrary memory
to be freed.
Now we no longer support passing back the instance
to the owner process (the passed back instance is
read only), so no need to pass the memory adress
of the owner's mapping, thus not allowing freeing
arbitrary memory.
Further, we now check the memory mapped size against
the size of the underlying ashmem region after we do
the memory mapping (to fix the ahsmem size) and if
an attacker changed the size under us we throw.
Tests: Updated the tests and they pass.
bug:33039926
bug:33042690
Change-Id: Ibf56827209a9b791aa83ae679219baf829ffc2ac
MemoryIntArray was using the size of the undelying
ashmem region to mmap the data but the ashmem size
can be changed until the former is memory mapped.
Since we use the ashmem region size for boundary
checking and memory unmapping if it does not match
the size used while mapping an attacker can force
the system to unmap memory or to access undefined
memory and crash.
Also we were passing the memory address where the
ashmem region is mapped in the owner process to
support cases where the client can pass back the
MemoryIntArray instance. This allows an attacker
to put invalid address and cause arbitrary memory
to be freed.
Now we no longer support passing back the instance
to the owner process (the passed back instance is
read only), so no need to pass the memory adress
of the owner's mapping, thus not allowing freeing
arbitrary memory.
Further, we now check the memory mapped size against
the size of the underlying ashmem region after we do
the memory mapping (to fix the ahsmem size) and if
an attacker changed the size under us we throw.
Tests: Updated the tests and they pass.
bug:33039926
bug:33042690
Change-Id: I1004579181ff7a223ef659e85c46100c47ab2409
MemoryIntArray was using the size of the undelying
ashmem region to mmap the data but the ashmem size
can be changed until the former is memory mapped.
Since we use the ashmem region size for boundary
checking and memory unmapping if it does not match
the size used while mapping an attacker can force
the system to unmap memory or to access undefined
memory and crash.
Also we were passing the memory address where the
ashmem region is mapped in the owner process to
support cases where the client can pass back the
MemoryIntArray instance. This allows an attacker
to put invalid address and cause arbitrary memory
to be freed.
Now we no longer support passing back the instance
to the owner process (the passed back instance is
read only), so no need to pass the memory adress
of the owner's mapping, thus not allowing freeing
arbitrary memory.
Further, we now check the memory mapped size against
the size of the underlying ashmem region after we do
the memory mapping (to fix the ahsmem size) and if
an attacker changed the size under us we throw.
Tests: Updated the tests and they pass.
bug:33039926
bug:33042690
Change-Id: Id7f0e8a4c861b0b9fa796767e0c22d96633b14d1
MemoryIntArray was using the size of the undelying
ashmem region to mmap the data but the ashmem size
can be changed until the former is memory mapped.
Since we use the ashmem region size for boundary
checking and memory unmapping if it does not match
the size used while mapping an attacker can force
the system to unmap memory or to access undefined
memory and crash.
Also we were passing the memory address where the
ashmem region is mapped in the owner process to
support cases where the client can pass back the
MemoryIntArray instance. This allows an attacker
to put invalid address and cause arbitrary memory
to be freed.
Now we no longer support passing back the instance
to the owner process (the passed back instance is
read only), so no need to pass the memory adress
of the owner's mapping, thus not allowing freeing
arbitrary memory.
Further, we now check the memory mapped size against
the size of the underlying ashmem region after we do
the memory mapping (to fix the ahsmem size) and if
an attacker changed the size under us we throw.
Tests: Updated the tests and they pass.
bug:33039926
bug:33042690
Change-Id: Ie267646eb88014034fbd048d7a9bc273420c7eff
Modifies swipe-to-close activities to be opaque by default (instead
of translucent by default). Previously, android:noHistory properties
on most activities in Wear were being ignored because they were
usually transitioning to a swipe-to-close activity that was marked
as translucent. This meant that the noHistory activity was still
technically visible, and so would never be culled from the task
history.
Now, we convert a swiped activity to translucent as soon as a swipe
begins, and convert it back after the swipe finishes. The previous
version of SDL tries to do this, but fails in the case where the
context is a ContextWrapper.
This approach is hacky and isn't merge-able into master. We leave
it DO NOT MERGE and will do a long-term fix after the holidays.
Test: Built a test app to verify that noHistory is now being
correctly respected. Manually verified that new activities start
out opaque and not translucent. Manually verified that Home
correctly starts/stops when it's revealed from underneath a
partially swiped activity. Tested general swipe behavior on Settings,
Contacts, Flashlight, Fit.
Bug: 33252029
Change-Id: Ib2e7f21ea1e0d52db03e78d25676501e5f73b31f
When Binder calls are nested, we can quickly end up with a snowball
of stacktraces that can cause the original transaction to fail. This
CL makes two specific changes to alleviate this pressure:
-- Consider a nested Binder call from PID A -> B -> C. If both B and
C encounter dozens of StrictMode violations, then gatheredViolations
in B will end up with 10 ViolationInfo (5 from B and 5 from C). This
problem only grows with each successive nested call. To solve this,
always limit ourselves to only ever write out 3 ViolationInfo from
any given process.
-- CrashInfo already nicely truncates any large stack traces to 20kB,
but readAndHandleBinderCallViolations() blindly appends the entire
local trace, and never considers truncating again. Similar to the
first problem above, nested calls can quickly cause the stackTrace
value to explode in size. To solve this, we always re-truncate the
stackTrace value after appending our local stack.
Also fix some NPE bugs when missing crashInfo.
(cherry-picked from commit 58f27b5033)
Test: builds, boots
Bug: 32575987
Change-Id: Ie8373ca277296f920f2b1c564d419c702a8ee0f2
Fixes a bug where the max lines restriction was not properly
passed to ImageFloatingTextView's layout, causing the TextView
to improperly apply bottom padding.
Change-Id: Ibe07515866a4599047712a0482332ed4430c9056
Test: runtest -x core/tests/coretests/src/com/android/internal/widget/ImageFloatingTextViewTest.java
Fixes: 32658499
Bug: 32658499
Instead of relying on the window animation system, in the special
case of a swipe-dismiss, disable any default window exit animation
and perform a custom animation. This bypasses some bugs in the
window animator codebase and allows us to have a nice "rebound"
animation if the user doesn't swipe far/fast enough to trigger a
dismiss.
Bug: 33041168
Change-Id: Ied45700d35a59950bacef1ba0650eaa5bc60fadb
