Skip to content

GitLab

Switch branch/tag
  1. 30 Nov, 2016 14 commits
    • Hugo Benichi's avatar
      DO NOT MERGE resolve merge conflicts of b446883 to nyc-dev · 5034a198
      Hugo Benichi authored 
      Change-Id: I854eddda678934d0da083d22b99b855ed57fd644
      5034a198
    • Narayan Kamath's avatar
      Zygote : Block SIGCHLD during fork. · b47ff6b0
      Narayan Kamath authored 
      
We close the android logging related sockets prior as late as possible
before every fork to avoid having to whitelist them. If one of the
zygote's children dies after this point (but prior to the fork), we can
end up reopening the logging sockets from the SIGCHLD signal handler.

To prevent this from happening, block SIGCHLD during this critical
section.

Bug: 32693692
Test: Manual

(cherry picked from commit e9a525829a354c92983a35455ccab16d1b0d3892)

Zygote: Unblock SIGCHLD in the parent after fork.

Follow up to change e9a525829a354c92983a. Allows the zygote to
receive SIGCHLD again and prevents the zygote from getting into a
zombie state if it's killed.
Contributed-By: default avatarrhed_jao <rhed_jao@htc.com>
Bug: 32693692
Test: manual

(cherry picked from commit c7161f756e86b98f2244a04d9207b47149965fd7)

Change-Id: If89903a29c84dfc9b056f9e19618046874bba689
(cherry picked from commit dfcc79ee8ecd4166cba19be7493c6175cb0c65a9)
      b47ff6b0
    • neo.chae's avatar
      Fix idmap leak in zygote process · c9ea2af4
      neo.chae authored 
      
Fix a idmap leak in AssetManager::addSystemOverlays.
And, The fix could also prevent fd leak of idmap.

Test: none
Bug: 32691930
Signed-off-by: default avatarHyangseok Chae <neo.chae@lge.com>

(cherry picked from commit 6a742a38)

Change-Id: Idc4af77db2b0cb739bd6b009b6af0f9123be1aac
(cherry picked from commit 0244ca8d10dfc27e14f481fe649b89f7638c48eb)
      c9ea2af4
    • Narayan Kamath's avatar
      Zygote: Additional whitelisting for legacy devices. · 43438dab
      Narayan Kamath authored 
      On M and below, we provide a blanket whitelist for all files under
"/vendor/zygote_whitelist". This path is whitelisted purely to allow
this patch to be applied easily on legacy devices and configurations.

Note that this does not amount to a loosening of our security policy
because whitelisted files are reopened anyway.

Bug: 32691930
Test: manual
Change-Id: If5b53f6f0a707f8d36603c09bfd3f72dbfbbbb99
(cherry picked from commit 5e2f7c6229d7191183888d685b57a7d0a2835fce)
      43438dab
    • Narayan Kamath's avatar
      Zygote: Additional whitelists for runtime overlay / other static resources. · a2aab2d0
      Narayan Kamath authored 
      Partially cherry picked from commit 1c15c635.

These files are safe to reopen for the same reason that files in
/system/framework are. They're regular files and will not change after
the first zygote fork.

Bug: 32618130

Change-Id: I119e0bfcbf397cb331064adf148d92a5cd3ea92f
(cherry picked from commit 25cd01cc69fcad34756b00e52a79c0c54178f2e6)
      a2aab2d0
    • Jeff Sharkey's avatar
      Public volumes belong to a single user. · df6558f3
      Jeff Sharkey authored 
      When a public (vfat) device is inserted, it's strongly associated
with the current foreground user, and no other users should be able
to access it, since otherwise that would be a cross-user data leak.

To use the device under a different user, switch users and then
eject/remount the device.

Test: verified user isolation of USB drive
Bug: 32523490
Change-Id: I590c791996f1fea8d78f625dc942d149f1f41614
(cherry picked from commit 6566fbe99bcd34a8d842299e835dc1b65d674436)
      df6558f3
    • gitbuildkicker's avatar
      merge in nyc-bugfix-release history after reset to nyc-dev · b216735e
      gitbuildkicker authored
      b216735e
    • Hugo Benichi's avatar
      DO NOT MERGE resolve merge conflicts of b446883 to nyc-dev · bfd98107
      Hugo Benichi authored 
      Change-Id: I854eddda678934d0da083d22b99b855ed57fd644
(cherry picked from commit 476da32d865f942cc470405ca84fadecf507ce9b)
      bfd98107
    • Narayan Kamath's avatar
      Zygote : Block SIGCHLD during fork. · 6b241462
      Narayan Kamath authored 
      
We close the android logging related sockets prior as late as possible
before every fork to avoid having to whitelist them. If one of the
zygote's children dies after this point (but prior to the fork), we can
end up reopening the logging sockets from the SIGCHLD signal handler.

To prevent this from happening, block SIGCHLD during this critical
section.

Bug: 32693692
Test: Manual

(cherry picked from commit e9a525829a354c92983a35455ccab16d1b0d3892)

Zygote: Unblock SIGCHLD in the parent after fork.

Follow up to change e9a525829a354c92983a. Allows the zygote to
receive SIGCHLD again and prevents the zygote from getting into a
zombie state if it's killed.
Contributed-By: default avatarrhed_jao <rhed_jao@htc.com>
Bug: 32693692
Test: manual

(cherry picked from commit c7161f756e86b98f2244a04d9207b47149965fd7)

Change-Id: If89903a29c84dfc9b056f9e19618046874bba689
(cherry picked from commit dfcc79ee8ecd4166cba19be7493c6175cb0c65a9)
      6b241462
    • neo.chae's avatar
      Fix idmap leak in zygote process · 32cbbac3
      neo.chae authored 
      
Fix a idmap leak in AssetManager::addSystemOverlays.
And, The fix could also prevent fd leak of idmap.

Test: none
Bug: 32691930
Signed-off-by: default avatarHyangseok Chae <neo.chae@lge.com>

(cherry picked from commit 6a742a38)

Change-Id: Idc4af77db2b0cb739bd6b009b6af0f9123be1aac
(cherry picked from commit 0244ca8d10dfc27e14f481fe649b89f7638c48eb)
      32cbbac3
    • Narayan Kamath's avatar
      Zygote: Additional whitelisting for legacy devices. · e7a2a488
      Narayan Kamath authored 
      On M and below, we provide a blanket whitelist for all files under
"/vendor/zygote_whitelist". This path is whitelisted purely to allow
this patch to be applied easily on legacy devices and configurations.

Note that this does not amount to a loosening of our security policy
because whitelisted files are reopened anyway.

Bug: 32691930
Test: manual
Change-Id: If5b53f6f0a707f8d36603c09bfd3f72dbfbbbb99
(cherry picked from commit 5e2f7c6229d7191183888d685b57a7d0a2835fce)
      e7a2a488
    • Narayan Kamath's avatar
      Zygote: Additional whitelists for runtime overlay / other static resources. · 4e41a33a
      Narayan Kamath authored 
      Partially cherry picked from commit 1c15c635.

These files are safe to reopen for the same reason that files in
/system/framework are. They're regular files and will not change after
the first zygote fork.

Bug: 32618130

Change-Id: I119e0bfcbf397cb331064adf148d92a5cd3ea92f
(cherry picked from commit 25cd01cc69fcad34756b00e52a79c0c54178f2e6)
      4e41a33a
    • Jeff Sharkey's avatar
      Public volumes belong to a single user. · 78d58151
      Jeff Sharkey authored 
      When a public (vfat) device is inserted, it's strongly associated
with the current foreground user, and no other users should be able
to access it, since otherwise that would be a cross-user data leak.

To use the device under a different user, switch users and then
eject/remount the device.

Test: verified user isolation of USB drive
Bug: 32523490
Change-Id: I590c791996f1fea8d78f625dc942d149f1f41614
(cherry picked from commit 6566fbe99bcd34a8d842299e835dc1b65d674436)
      78d58151
    • gitbuildkicker's avatar
      merge in nyc-bugfix-release history after reset to nyc-dev · 5a4fee69
      gitbuildkicker authored
      5a4fee69
  3. 14 Nov, 2016 1 commit
  5. 27 Oct, 2016 9 commits
  7. 26 Oct, 2016 5 commits
    • Christopher Tate's avatar
      DO NOT MERGE Isolated processes don't get precached system service binders · cf4e893a
      Christopher Tate authored 
      More specifically, they get a PackageManager binder -- necessary for
Android process startup and configuration -- but none of the other
usual preloaded service binders.

Bug 30202228

Change-Id: I3810649f504cd631665ece338a83d2e54d41ad05
(cherry picked from commit 2c61c57a)
(cherry picked from commit 47796319)
      cf4e893a
    • Jason Monk's avatar
      Fix launching alarm pending intent · f460753a
      Jason Monk authored 
      Launch it as a pending intent.

Change-Id: I2adf9347facb9c6fb58cbf8549233c34fcc87350
Fixes: 23909438
(cherry picked from commit d0408f00)
      f460753a
    • Todd Kennedy's avatar
      Force APKs to be streamed · 43964567
      Todd Kennedy authored 
      When using the new "cmd" command, APKs must be streamed instead of specifying
a file.

Change-Id: I977cd817ac545d7c5293f53b9fa4b155bea7449e
Fixes: 31251489
Test: manually installed packages using 'adb install', 'adb shell cmd package install' and 'adb shell pm install'
(cherry picked from commit d220683d)
      43964567
    • Sungsoo's avatar
      ExifInterface: Provide backward compatibility · 965e4f23
      Sungsoo authored 
      Resolve merge conflict into nyc-release
ExifInterface.saveAttribute() didn't throw UnsupportedOperationException
before. Use IOException instead of UnsupportedOperationException for
backward compatibility.

Bug: 30936376, Bug: 32068647, Bug: 31319086
Change-Id: Ifb478db3af820eb846c5373d3a284367da3495a0
(cherry picked from commit 5a7bd1b9f09ed0b67b0807e12cf4b1e477af5f90)
      965e4f23
    • gitbuildkicker's avatar
      merge in nyc-bugfix-release history after reset to nyc-dev · eae6eb85
      gitbuildkicker authored
      eae6eb85
  9. 25 Oct, 2016 1 commit
  11. 24 Oct, 2016 1 commit
  13. 30 Sep, 2016 3 commits
  15. 29 Sep, 2016 1 commit
    • Fan Zhang's avatar
      Fix NPE for WifiConfiguration in AccessPoint. · 7d96a1a9
      Fan Zhang authored 
      In getSummary methods, make a local reference to WifiConfig before
accessing the fields to prevent member variable mConfig being reset in a
different thread.

Bug: 31617798
Test: manually open/close/refresh wifi settings and see no crash.

Change-Id: I254cb3cb59dead425a9ada17d9e84a7e2974f738
(cherry picked from commit 51365c3b)
      7d96a1a9
  17. 28 Sep, 2016 1 commit
  19. 27 Sep, 2016 4 commits
    • Wyatt Riley's avatar
      LocationManager - Handle Shutdown for right User · e612ba0c
      Wyatt Riley authored 
      Only process a shutdown when it is for all users (whole system),
not a single user

Change-Id: Id51b7fb4606460462c2f6749e5ac3984bdd8319f
Bug: 30646142
(cherry picked from commit 1b24fb17)
(cherry picked from commit a8037fff)
      e612ba0c
    • Eino-Ville Talvala's avatar
      DO NOT MERGE ANYWHERE: ImageReader: Add discardFreeBuffers method · 63d556ab
      Eino-Ville Talvala authored 
      This method (currently @hide) discards all cached buffers for
the ImageReader, which can be useful to free up memory at the
cost of reallocation time if more buffers are needed later.

It has no effect on acquired Images, filled Images waiting to be
acquired, or buffers being actively used by the source rendering to the
Surface.

Bug: 28695173
Change-Id: I427a8ba4ad73a267083f843dbf228bfc53a730d9
(cherry picked from commit e175aa82)
      63d556ab
    • Paul Jensen's avatar
      Avoid crashing when downloading MitM'd PAC that is too big am: 7d2198b5 am:... · 76d2d22f
      Paul Jensen authored 
      Avoid crashing when downloading MitM'd PAC that is too big am: 7d2198b5 am: 9c1cb7a2 am: 6634e90a
am: 66ee2296

Change-Id: Ib0023b44e521b936ab2f9450ad367b1feda64492
      76d2d22f
    • Jeff Sharkey's avatar
      Use "all_downloads" instead of "my_downloads". · 03cc9664
      Jeff Sharkey authored 
      Fix Merge Conflict into nyc-release
We can no longer return the "my_downloads" paths: if those Uris were
shared beyond the app that requested the download, access would be
denied.  Instead, we need to switch to using "all_downloads" Uris so
that permission grants can be issued to third-party viewer apps.

Since an app requesting a download doesn't normally have permission
to "all_downloads" paths, DownloadProvider now issues narrow grants
toward the owner of each download, both at device boot and when new
downloads are started.

Bug: 30537115, 30945409
Change-Id: I533125b36444877f54373d88922f2acc777e250b
(cherry picked from commit 9fab683c)
(cherry picked from commit df0de20e)
      03cc9664