Age | Commit message (Collapse) | Author |
|
provided by PendingIntentRecord#sendInner()
Previously we'd ignore realCallingPid and realCallingUid that
PendingIntentRecord#sendInner() provided to startActivityInPackage().
Now we correctly pass it on, preserving past behaviour if none
provided.
Test: manual; we added logging statements to check the value of realCallingUid
in startActivitiesMayWait when launching the calendar app from the calendar widget
and verified that it was the calendar uid rather than the system uid.
Bug: 123013720
Change-Id: I0ef42c2f89b537a720f1ad5aefac756b0ccac52e
Merged-In: I0ef42c2f89b537a720f1ad5aefac756b0ccac52e
(cherry picked from commit 13a804ee271845b2ab95183a5c0d0c5a02bdefa2)
|
|
The CL fixes a crash in Layout.primaryIsTrailingPreviousAllLineOffsets.
The crash was happening when the method was called for a line beginning
with an empty bidi run. This could happen, for example, for empty text -
I was unable to find any other case. The CL improves the existing test
for the method with this case, which was previously crashing.
The CL also fixes a potential crash in getLineHorizontals. However, this
bug could never happen as in the current code path clamped is always
false (and kept as parameter for parity with getHorizontal).
Bug: 135444178
Bug: 78464361
Test: atest FrameworksCoreTests:android.text.LayoutTest\#testPrimaryIsTrailingPrevious
Change-Id: I47157abe1d74675884734e3810628a566e40c1b4
(cherry picked from commit 7ad499d00716f45fffdf7331493ed21d1b8d9b77)
(cherry picked from commit 209c0e824980630c7738c219eb4fe7d9504b9bf0)
|
|
HidHostService allow to connect when priority is PRIORITY_UNDEFINED.
HidProfile should return ture when priority is PRIORITY_UNDEFINED.
Otherwise, the "Input device" toggle in off state when HID device
connected.
Bug: 132456322
Test: manual
Change-Id: Id7bae694c57aec17e019d591c0a677e3cb64f845
(cherry picked from commit 830217f277e31e63d9ab8acd21ee2a8f81ee1c8f)
|
|
This prevents any object data from being accidentally overwritten by the
exception, which could cause unexpected malformed objects to be sent
across the transaction.
Test: atest CtsOsTestCases:ParcelTest#testExceptionOverwritesObject
Bug: 34175893
Change-Id: Iaf80a0ad711762992b8ae60f76d861c97a403013
Merged-In: Iaf80a0ad711762992b8ae60f76d861c97a403013
(cherry picked from commit f8ef5bcf21c87d8617f5e11810cc94350298d114)
|
|
Bug: 130568701
Test: manual. After this, can't display on top of it
Change-Id: Ib032f800edb0416cc15f01a34954340d0d0ffa78
Merged-In: Ib032f800edb0416cc15f01a34954340d0d0ffa78
(cherry picked from commit 4e80dc2861614d25a1f957f50040a8cf04812d11)
(cherry picked from commit 016c72c8abfbae08eda269afb8923e8fc8a4ce44)
|
|
Bug: 127605586
Test: Manual
Change-Id: Ifb049d147f9ef30976cdb93d7bf63a761efc1b86
Merged-In: I40c9a29935d9e5a27cdcdf90187efe61035448fd
(cherry picked from commit 3be29d429b621980792c8dbb1f1c5ffcf2ebd95b)
|
|
Since this blob is passed between processes.
We could potentially only memset portions of the blob as it is
written to. However, the JHwBlob API itself doesn't have to have
writes in order (even though known usages of it do write in order).
Because of this, keeping track of which bytes to pad would be too
expensive.
Bug: 131356202
Test: boot, hidl_test_java
Change-Id: I48f4d7cb20c4bfe747dd323ae3744d323ad097c9
Merged-In: I48f4d7cb20c4bfe747dd323ae3744d323ad097c9
(cherry picked from commit d8157bc094569bee74976df2585d632f1793e226)
|
|
Some system apps may download unknown content and the user should
be explicitly asked whether they trust these files. System apps should
explicitly use the extra NOT_UNKNOWN_SOURCE to bypass this check.
Test: Builds, boots, existing tests pass:
atest CtsPackageInstallTestCases
Locally verified they pass if CtsPackageInstallTestCases.apk was signed by
the platform cert.
Bug: 123700348
Change-Id: I3028bf8ff3f79a41521deeee43fba3c32bb1b2ca
Merged-In: I2578251906f6656b83464d1c4fc4db99165841c9
(cherry picked from commit 43e682abef2a1c65585bef510c390480f0c4a2fd)
|
|
SUPL_ES=1 ensures the GnssLocationProvider and related framework code
accepts incoming SMS SUPL_INIT messages with ES-bit=1
(which allow redirection of the ESLP
end-point e.g. to the current local emergency services provider when
you are travelling) only during an emergency call
Bug: 115331218
Bug: 112159033
Test: Build pass
Change-Id: I4cd6832c065eb790981d6864a7d140fe64bc7356
Merged-In: I5075f7887a184ce18bb1815b35a2ce7acd8bca10
(cherry picked from commit 5194d0597464158d77573cfa6dd92ebec23bc16e)
|
|
Bug: 112159033
ASB: 2019-06
Change-Id: Iaf4b0295e726658852272de1cf857d9d55b63276
|
|
areNotificationsEnabledForPackage
Test: atest
Fixes: 128599467
Change-Id: I13a0ca7590f8c4b44379730e0ee2088aba400c2a
(cherry picked from commit 657d164136199126ae241848887de0230699cea0)
(cherry picked from commit bed6193b5954565f60afb5f5f9868d89991354d7)
|
|
Fixes: 128599668
Test: build, set up separate challenge
Merged-In: I2fef9ab13614627c0f1bcca04759d0974fc6181a
Change-Id: I2fef9ab13614627c0f1bcca04759d0974fc6181a
(cherry picked from commit 9061fcc46bb1ac5ffc16d036b632dd80963b7b52)
|
|
Added a check for the MANAGE_USERS permission to
PackageManagerService#isPackageDeviceAdminOnAnyUser.
To test that the method is still usable:
1) Enable virtual storage via: adb shell sm set-virtual-disk true
2) Follow instructions by clicking on notification to set up virtual storage
3) Go to Settings -> Apps & notifications -> See all X apps
4) Click on any non-system app (example Instagram)
5) Tap Storage and you should see a "Change" button (if not, choose another app)
6) Tap Change and you should see Internal and Virtual storage options listed
7) The above step confirms the method is still usable by Settings
Bug: 128599183
Test: SafetyNet logging (steps listed above)
Change-Id: I989f1daf52a71f6c778ebd81baa6f1bf83e9a718
Merged-In: I36521fa43daab399e08869647326a7ac32d1e512
(cherry picked from commit 18e7dedf6c35f07daf8b7239d501737745ac7f43)
|
|
Bug: 128599660
Test: com.android.server.devicepolicy.DevicePolicyManagerTest
Test: com.google.android.gts.devicepolicy.DeviceOwnerTest
Change-Id: I8be915bd6a4ff99884d23005a4c6f0100806dbe8
Merged-In: I8ee3f876fcaffa63636645f0f59709cd147254ef
(cherry picked from commit 4fd13eefcf99d9b9b0d5f5ea99fdc7c799c83d23)
|
|
Safe order of pointer setting and background thread start
Verifying mCallEndElapsedRealtimeMillis is not the initial value
Bug: 112159033
Bug: 115361555
Bug: 125124724
Test: Verified not-after-boot with test code b/115361555#comment14
Test: Reproed NPE with test thread sleep and verify fix
Change-Id: Icd2ea91d71da71c8fda109ceb70514733d35060b
(cherry picked from commit a7cb82eb85cd361b90c9700ff935ba614c94f490)
|
|
Test: bit CtsViewTestCases:android.view.textclassifier.cts.TextClassificationManagerTest
bit FrameworksCoreTests:android.widget.TextViewActivityTest
bit FrameworksCoreTests:android.widget.TextViewActivityMoutseTest
Bug: 120866126
Bug: 62745625
Merged-In: I360250a5c2a92d09c8d8f559b51c74f490f70c2c
Change-Id: I360250a5c2a92d09c8d8f559b51c74f490f70c2c
(cherry picked from commit 7c8a46e0dd32e922e285ed56d968e6f23011a51d)
|
|
This reverts commit 71588443f4ade1470f6f8c0973a07a36916cdbe7.
|
|
This reverts commit 7226be08878e3e7f4580692941a78470e90f97ab.
|
|
When we are setting a new spell checker as the default one in
Secure.Settings, TSMS#findAvailSpellCheckerLocked can pick up
any available spell checker service. This violates the principle
that user should be warned whenever we are setting an untrusted
spell checker service as the default service, since the warning
dialog is never shown.
Fixes: 64764051
Bug: 118694079
Test: Manually as follows:
1. Open 'packages/inputmethods/LatinIME/java/AndroidManifest.xml'
and remove 'AndroidSpellCheckerService'
2. lunch aosp_buillhead-userdebug && make -j
3. Flash the image
4. adb shell dumpsys textservices
-> no spell checker is recognized
5. adb shell settings get secure selected_spell_checker
-> null
6. tapas SampleSpellCheckerService
7. make -j
8. adb install -r $OUT/system/app/SampleSpellCheckerService/SampleSpellCheckerService.apk
9. adb shell dumpsys textservices
-> SampleSpellCheckerService is recognized
10. adb shell settings get secure selected_spell_checker
-> null
Change-Id: I16f12293d15258c9148677c7ee09fe6dcf81e81d
Merged-In: Idab3ecc246fe9344a09e6907a0ba39f8ea6506f9
(cherry picked from commit ed5973b8a8a2c0f0fc1f39c59c33f81882f41405)
|
|
Also don't show smart actions for selections in text with unsupported
characters.
Bug: 116321860
Test: runtest -x cts/tests/tests/text/src/android/text/util/cts/LinkifyTest.java
Change-Id: Ib2ee544b5783234fba8ee2f93adf0b36b039520f
Merged-In: Ib2ee544b5783234fba8ee2f93adf0b36b039520f
(cherry picked from commit d9e75a497e1a563ca43f92e0bce1a070cbf39e37)
|
|
Configurable by carrier config.xml resource
Bug: 118839234
Bug: 115361555
Bug: 112159033
Test: On device, see b/115361555#comment14
Change-Id: I52e61656cca8b6fa6468d32d2e69bf60f4c83c61
Merged-In: I52e61656cca8b6fa6468d32d2e69bf60f4c83c61
(cherry picked from commit 1cd7883a76d7bb28edc9c29bdabb3753a0c63396)
|
|
SUPL_ES=1 ensures the GnssLocationProvider and related framework code
accepts incoming SMS SUPL_INIT messages with ES-bit=1
(which allow redirection of the ESLP
end-point e.g. to the current local emergency services provider when
you are travelling) only during an emergency call
Bug: 115331218
Bug: 112159033
Test: Build pass
Change-Id: I4cd6832c065eb790981d6864a7d140fe64bc7356
Merged-In: I5075f7887a184ce18bb1815b35a2ce7acd8bca10
(cherry picked from commit 5194d0597464158d77573cfa6dd92ebec23bc16e)
|
|
Bug: 119819889
Test: compilation
Change-Id: If51d0e2af74d99758f79a603d40cc2f5c84e4dde
Merged-In: If51d0e2af74d99758f79a603d40cc2f5c84e4dde
(cherry picked from commit f843ccbf9e3791b426af78389e276c46dbec75e1)
|
|
This reverts commit ec00472d3acf0d0537ff5acddf39f59d3614f60a.
|
|
The path-permission element offers prefix or regex style matching of
paths, but most providers internally use UriMatcher to decide what
to do with an incoming Uri.
This causes trouble because UriMatcher uses Uri.getPathSegments(),
which quietly ignores "empty" paths. Consider this example:
<path-permission android:pathPrefix="/private" ... />
uriMatcher.addURI("com.example", "/private", CODE_PRIVATE);
content://com.example//private
The Uri above will pass the security check, since it's not
technically a prefix match. But the UriMatcher will then match it
as CODE_PRIVATE, since it ignores the "//" zero-length path.
Since we can't safely change the behavior of either path-permission
or UriMatcher, we're left with recovering these shady paths by
trimming away zero-length paths.
Bug: 112555574
Test: cts-tradefed run cts -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AppSecurityTests
Change-Id: Ibadbfa4fc904ec54780c8102958735b03293fb9a
(cherry picked from commit a1ec7b115cc378f0547f10cf1074a5248d42d94f)
|
|
SUPL_ES=1 ensures the GnssLocationProvider and related framework code
accepts incoming SMS SUPL_INIT messages with ES-bit=1
(which allow redirection of the ESLP
end-point e.g. to the current local emergency services provider when
you are travelling) only during an emergency call
Bug: 115331218
Bug: 112159033
Test: Build pass
Change-Id: I4cd6832c065eb790981d6864a7d140fe64bc7356
Merged-In: I5075f7887a184ce18bb1815b35a2ce7acd8bca10
(cherry picked from commit 5194d0597464158d77573cfa6dd92ebec23bc16e)
|
|
1: Cherry-pick ag/4067454 - Setting PRIVATE_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS
updateNonSystemOverlayWindowsVisibilityIfNeeded on relayoutWindow
2: Cherry-pick ag/3650369 - If PRIVATE_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS changed on
relayoutWindow() then updateNonSystemOverlayWindowsVisibilityIfNeeded
3: Add permissions to SystemUI to allow it to hide non-system overlays
Bug: 34170870
Test: manual (see bug for poc)
Change-Id: I57cb0f390d9a78e721c5ddce49a377d385002753
Merged-In: I57cb0f390d9a78e721c5ddce49a377d385002753
(cherry picked from commit ae3a74c1c31a77b2a74439e0cf272d1938065471)
|
|
Make sure the number of entries written by Parcel#writeMapInternal
matches the size written. If a mismatch were allowed, an exploitable
scenario could occur where the data read from the Parcel would not
match the data written.
Fixes: 112859604
Test: cts-tradefed run cts -m CtsOsTestCases -t android.os.cts.ParcelTest
Change-Id: I325d08a8b66b6e80fe76501359c41b6656848607
Merged-In: I325d08a8b66b6e80fe76501359c41b6656848607
(cherry picked from commit 057a01d1f38e9b46d3faa4059fdd7c8717681ea0)
|
|
The crash was introduced by Ib66ef392c19c937718e7101f6d48fac3abe51ad0
The root cause of the crashing is requesting out-of-line access for the
horizontal width. This invalid access is silently ignored by
TextLine#measure() method but new implementation end up with out of
bounds access.
To makes behavior as old implementation, calling getHorizontal instead
of accessing measured result array.
Bug: 78464361, 111580019
Test: Manually done
Change-Id: I5c5778718f6b397adbb1e4f2cf95e9f635f6e5c8
(cherry picked from commit 960647d582911ae7ab8b9491097898e6c313aaf1)
Merged-In: I5c5778718f6b397adbb1e4f2cf95e9f635f6e5c8
(cherry picked from commit f496a7cdc6ec1b04e0eb0cb19e4d382f2d823b8f)
|
|
When FLAG_GRANT_PERSISTABLE_URI_PERMISSION is requested, we still
need to check permissions between the source and target packages,
instead of shortcutting past them.
The spirit of the original change is remains intact: if the caller
requested FLAG_GRANT_PERSISTABLE_URI_PERMISSION, then we avoid
returning "-1", which would prevent the grant data structure from
being allocated.
Bug: 111934948
Test: atest android.appsecurity.cts.AppSecurityTests
Change-Id: Ief0fc922aa09fc3d9bb6a126c2ff5855347cd030
Merged-In: Ief0fc922aa09fc3d9bb6a126c2ff5855347cd030
(cherry picked from commit 05519b7e3d0f3d16ddfe6ee3892c8468a2c10c62)
|
|
Developers often accept selection clauses from untrusted code, and
SQLiteQueryBuilder already supports a "strict" mode to help catch
SQL injection attacks. This change extends the builder to support
update() and delete() calls, so that we can help secure those
selection clauses too.
Bug: 111085900
Test: atest packages/providers/DownloadProvider/tests/
Test: atest cts/tests/app/src/android/app/cts/DownloadManagerTest.java
Test: atest cts/tests/tests/database/src/android/database/sqlite/cts/SQLiteQueryBuilderTest.java
Change-Id: Ib4fc8400f184755ee7e971ab5f2095186341730c
Merged-In: Ib4fc8400f184755ee7e971ab5f2095186341730c
(cherry picked from commit 09d49531334ce6bc4ac45de1d3d0edb1495c0566)
|
|
SQLiteQueryBuilder has a setStrict() mode which can be used to
detect SQL attacks from untrusted sources, which it does by running
each query twice: once with an extra set of parentheses, and if that
succeeds, it runs the original query verbatim.
This sadly doesn't catch inputs of the type "1=1) OR (1=1", which
creates valid statements for both tests above, but the final executed
query ends up leaking data due to SQLite operator precedence.
Instead, we need to continue compiling both variants, but we need
to execute the query with the additional parentheses to ensure
data won't be leaked.
Test: atest cts/tests/tests/database/src/android/database/sqlite/cts/SQLiteQueryBuilderTest.java
Bug: 111085900
Change-Id: I6e8746fa48f9de13adae37d2990de11c9c585381
Merged-In: I6e8746fa48f9de13adae37d2990de11c9c585381
(cherry picked from commit 5a55a72fcd18fb676eb4c114e62048068f71c01a)
|
|
Layout#getOffsetForHorizontal was running in O(n^2) time, where n is the
length of the current line. The method is used when a touch event
happens on a text line, to compute the cursor offset (and the character)
where it happened. Although this is not an issue in common usecases,
where the number of characters on a line is relatively small, this can
be very inefficient as a consequence of Unicode containing 0-width
(invisible) characters. Specifically, there are characters defining the
text direction (LTR or RTL), which cause our algorithm to touch the
worst case quadratic runtime. For example, a person is able to send a
message containing a few visible characters, and also a lot of these
direction changing invisible ones. When the receiver touches the message
(causing the Layout#getOffsetForHorizontal method to be called), the
receiver's application would become not responsive.
This CL optimizes the method to run in O(n) worst case. This is achieved
by computing the measurements of all line prefixes at first, which can
be done in a single pass. Then, all the prefix measurement queries will
be answered in O(1), rather than O(n) as it was happening before.
Bug: 79215201
Test: manual testing
Change-Id: Ib66ef392c19c937718e7101f6d48fac3abe51ad0
Merged-In: Ib66ef392c19c937718e7101f6d48fac3abe51ad0
(cherry picked from commit 97c613bb2b69636c254db6234582a6c7566e39a6)
|
|
Bug: 77600398
Change-Id: Ia316f1c5dc4879f6851fdb78fe8b9039579be7bc
(cherry picked from commit 0d2dc943dcaa3d7c8479e22ae62be9753ea2643c)
|
|
Bug: 77599679
Test: Compile only
Change-Id: Ib417a5cb4d51744442d2fb14437cabbe5fd1c266
(cherry picked from commit abe5a73a4a81e312a1690fbc10a6b99ce98b699a)
|
|
This won't leak any traffic outside the VPN as long as there are no
processes owned by uid 0 which generate network traffic (which is
currently the case).
Bug: 69873852
Test: compared the output of 'adb shell ip rule show' before and after
Test: runtest -x frameworks/base/tests/net/java/com/android/server/connectivity/VpnTest.java
Test: local CTS tests run: android.net.cts.VpnServiceTest
Test: local CTS tests run: com.android.cts.devicepolicy.MixedDeviceOwnerTest
Change-Id: I8758e576c9d961d73f62bfcf0559dd7ecee6e8e6
Merged-In: I8758e576c9d961d73f62bfcf0559dd7ecee6e8e6
Merged-In: I1f9b78c8f828ec2df7aba71b39d62be0c4db2550
Merged-In: I8edeb0942e661c8385ff0cd3fdb72e6f62a8f218
(cherry picked from commit 00000fe55a4729f8339afdc7eab5c970b2549813)
(cherry picked from commit cb8cc6cc5a64b2b313bc6c9308da5991ee293a78)
|
|
Test: cts-tradefed run cts -m CtsShortcutManagerTestCases -t android.content.pm.cts.shortcutmanager.ShortcutManagerFakingPublisherTest
Bug: 109824443
Change-Id: I90443973aaef157d357b98b739572866125b2bbc
Merged-In: I78948446a63b428ae750464194558fd44a658493
(cherry picked from commit 9e21579a11219581a0c08ff5dd6ac4dc22e988a4)
|
|
This reverts commit 0231b21e13573cf83cf47dbf0c5e8d6f68719542.
|
|
DynamicRefTables parsed from apks are missing bounds checks that prevent
buffer overflows. This changes verifies the bounds of the header before
attempting to preform operations on the chunk.
Bug: 79488511
Test: run cts -m CtsAppSecurityHostTestCases \
-t android.appsecurity.cts.CorruptApkTests
Change-Id: I02c8ad957da244fce777ac68a482e4e8fa70f846
Merged-In: I02c8ad957da244fce777ac68a482e4e8fa70f846
(cherry picked from commit 8cf0f988b0c64bcf2c199bb76439c51c257dd162)
|
|
Changes the logs adding in a previous security fix to warnings so
devices with malformed APKs currently on them will not undergo DOS when
they are upgraded to P.
Bug: 79724567
Test: run cts -m CtsAppSecurityHostTestCases \
-t android.appsecurity.cts.CorruptApkTests
Change-Id: Ied54e4bb14abdaf79da562022c7ea6075187c1f8
(cherry picked from commit f05f47b2c1838529e682ad8f931d3da72244b1a1)
(cherry picked from commit c31cf80008fdb06ea8e1eab9764096653e7854b1)
|
|
Layout#getOffsetForHorizontal was running in O(n^2) time, where n is the
length of the current line. The method is used when a touch event
happens on a text line, to compute the cursor offset (and the character)
where it happened. Although this is not an issue in common usecases,
where the number of characters on a line is relatively small, this can
be very inefficient as a consequence of Unicode containing 0-width
(invisible) characters. Specifically, there are characters defining the
text direction (LTR or RTL), which cause our algorithm to touch the
worst case quadratic runtime. For example, a person is able to send a
message containing a few visible characters, and also a lot of these
direction changing invisible ones. When the receiver touches the message
(causing the Layout#getOffsetForHorizontal method to be called), the
receiver's application would become not responsive.
This CL optimizes the method to run in O(n) worst case. This is achieved
by computing the measurements of all line prefixes at first, which can
be done in a single pass. Then, all the prefix measurement queries will
be answered in O(1), rather than O(n) as it was happening before.
Bug: 79215201
Test: manual testing
Change-Id: Ib66ef392c19c937718e7101f6d48fac3abe51ad0
Merged-In: Ib66ef392c19c937718e7101f6d48fac3abe51ad0
(cherry picked from commit 97c613bb2b69636c254db6234582a6c7566e39a6)
|
|
Fixes an issue where input intended for the keyguard could end up going
to a different display.
To prevent this, make sure that only the default display can get focused
when the keyguard is showing.
Change-Id: I6463c44aedca06930d2c9bda7c45ffd93141308c
Merged-In: I6463c44aedca06930d2c9bda7c45ffd93141308c
Fixes: 71786287
Test: atest DisplayContentTests
(cherry picked from commit 3cd5e3d9bbb3255e874b8fa27d7ed506164905dd)
|
|
* limit the absolute maximum size of the label to 50000 characters
[which is probably far more than necessary, but, can be dialed down]
* use a string buffer while processing the string [instead of creating
multiple string objects]
Bug: 62537081
Test: Manual. Install APK in bug and see that it can be uninstalled
Change-Id: Ibf63c2691ad7438a123e92110d95b1f50050f8b1
Merged-In: Ibf63c2691ad7438a123e92110d95b1f50050f8b1
(cherry picked from commit 2263da9539daef134395226a2718ba2d7af7547d)
|
|
Fix: 70585244
Bug: 69981755
Test: Enable any accessibility service -> inflate work profile
-> Tap on any work app -> no longer crash
Test: cts-tradefed run cts-dev --module DevicePolicyManager --test com.android.cts.devicepolicy.CrossProfileAppsHostSideTest.testPrimaryUserToManagedProfile
Change-Id: I80d18f4e2ab76a228cb0aa2c8312c323a9b5c84d
(cherry picked from commit 857326e3731939f6ec7979e1d86585bf0ea484f4)
|
|
Test: presubmit
Fixes: 70506475
Bug: 69981755
Change-Id: I187bed4889a4901a7137a2995178ea651ed09186
(cherry picked from commit 6c68a692880b7cc981e130aace0edb9f2fcffff6)
|
|
Bug: 77600924
Change-Id: I46d765892e8e6839ed5140a3b0d6bb1815ccf9bc
Signed-off-by: Ecco Park <eccopark@google.com>
(cherry picked from commit 9a59cf84506e9fa841524ac2c70ae683449e709a)
|
|
Test: manual
Bug: 73173182
Change-Id: I3c25af233742e63351a68e8c5a279b51a94e49e2
Merged-In: I7f2201cab36adf7f01d1a794d783cb78a536811f
(cherry picked from commit d0c2aa5b1b2a09555c6e7eed151b3a324b55666a)
|
|
(backport from a fix merged in pi-dev)
Bug: 73884967
Test: Treehugger
Change-Id: I9deaae20893184cde36dcd936fe83708fa60b830
Merged-In: I0cf7920e138892fbcab71fae0eed1293f0b2e404
Merged-In: I9e3456e5f1e479b0e2b102f6c90db57cd0e977fe
(cherry picked from commit 7b52a48d6b10e3ed2806b57d39a2d9211dd4b585)
|
|
(backport to oc-dev)
Test: added AccessibilityEndToEndTest#testPackageNameCannotBeFaked
cts-tradefed run cts -m CtsAccessibilityServiceTestCases
cts-tradefed run cts -m CtsAccessibilityTestCases
Bug: 69981755
Change-Id: I187e3e9839f654cea9e06e5de93e10e4d1de3109
Merged-In: If3752e106aa7fdee4645dc9852289af471ceff18
(cherry picked from commit e5776af814d73825cb7b93eb8a5a32f825ef5ff3)
|
|
Adds detection of attacker-modified size and data fields passed to
ResStringPool::setTo(). These attacks are modified apks that AAPT would
not normally generate. In the rare case this occurs, the installation
cannot be allowed to continue.
Bug: 71361168
Bug: 71360999
Test: run cts -m CtsAppSecurityHostTestCases \
-t android.appsecurity.cts.CorruptApkTests
Change-Id: If7eb93a9e723b16c8a0556fc4e20006aa0391d57
Merged-In: If7eb93a9e723b16c8a0556fc4e20006aa0391d57
(cherry picked from commit 7e54c3f261d81316b75cb734075319108d8bc1d1)
|