GitLab

Because of lack of mutex lock when get mSidebandStream, if one thread
getSidebandStream, another thread setSidebandStream frequently, an UAF
will be triggered.

Bug: 32660278
Test: Marlin device with poc
Change-Id: Idbcf0976ce2db682d0f13455105c45a5c7481a45
(cherry picked from commit 2d8a2432e04234d9edbb3b099f9bbbaa36ad4843)

Passing a size to std::vector that is too big causes it to silently
under-allocate when exceptions are disabled, leaving us open to an OOB
write. We check the bounds and the resulting size now to verify
allocation succeeds.

Test: Verified reproducer attached to bug no longer crashes Camera
      service.
Bug: 31677614

Change-Id: I064b1442838032d93658f8bf63b7aa6d021c99b7
(cherry picked from commit 65a8f07e57a492289798ca709a311650b5bd5af1)

To speed up boot times, we recently relaxed SELinux restorecon logic
to only consider relabeling app storage when the top level SELinux
label changed.

However, if an app manually deletes either their cache or code_cache
directories, installd will helpfully recreate those directories at
the next boot, but they'll be stuck with incorrect SELinux labels
which an app can't fix.  (Our historically aggressive restorecons had
relabeled them, which is why we didn't observe until now.)

This change checks the labels of the cache/code_cache directories,
and runs a restorecon if needed, fixing the issue above.

Test: delete cache and verify recreated with correct label
Bug: 32504081
Change-Id: I0114ae4129223e5909b1075d56a9b1145ebc5ef4
(cherry picked from commit 397ec266753a675e6891c479971e6506491b1b44)

This reverts commit 1d3df546.

Original patch may have caused a stability issue caught in monkey testing.

Bug: 32312240
Change-Id: Ie8d291679590e624b8b90c4786b1c25c76cb2c9f
(cherry picked from commit 598f6d54)

This reverts commit 1d3df546.

Original patch may have caused a stability issue caught in monkey testing.

Bug: 32312240
Change-Id: Ie8d291679590e624b8b90c4786b1c25c76cb2c9f

Merge "DO NOT MERGE. Revert "Dumpstate should hold a wakelock to save bug report time."" into nyc-mr1-dev

This reverts commit f87959e0.

BUG: 32402587
Fixes: 32365477

Change-Id: Ic4daec37efbaef1906450bf6609d5588d5c9a835

Bug: 31959453
Change-Id: I6fef6781e14f3c1239197798b79cc9239d34d53d

BUG: 32219165
Fixes: 32335112
Change-Id: I2bc630f9c840ccd3a2e0474ed16a766e8a405ad8

Move layer removal to the main thread, while the display is on.

Bug: 30281222
Change-Id: Id9f956c1e626819734868340e7fa12abf257b702

sysfs should be ready on ealier stage than boot

Bug: 32025203
Test: take systrace
Change-Id: Id73b6959f3075dc793d93551963193a211060da8

BUG: 31828706
BUG: 30832947

Change-Id: I0a4b1fcce91caa96ccbc4e890d9968e3033487de
(cherry picked from commit f87959e0)

Bug: 31522731
Change-Id: I84d82e55aba5b58dfdbcac9e208c36767fbedfd1
(cherry picked from commit d6e9946c)

Bug: 31522731
Change-Id: I84d82e55aba5b58dfdbcac9e208c36767fbedfd1

Bug: 30869013
Change-Id: I1f0e5d820f0153484c38ecb0f9c764fca02d786c

Bug: 23113288
Change-Id: I6304425f968fcb22c75c3f6e64bf7992e34e0889

PackageManager has been pretty aggressive about asking installd to
restorecon over app data when it thinks something might have
changed.  However, in the vast majority of cases these are no-op
requests, and we waste a bunch of time recursively walking all
private data, easily costing 60+ seconds on dogfooder devices.

This change updates the initial "create_app_data" command to kick off
a recursive restorecon if it detects that the top-level SELinux label
on the app private data directory changes.  The "create_app_data"
command is designed to ensure that an app's storage is ready, so
PackageManager always calls it at least once per boot before apps
can run.  (This change means that PackageManager no longer needs to
make separate "restorecon_app_data" calls.)

Test: booted, verified that a label change triggered restorecon
Bug: 30768146
Change-Id: I0c8d4018cf8ff888d0ae07a82adc3d61a6002aad

Even though SolidColor layers map cleanly to HWC_BACKGROUND composition
in HWC1, SurfaceFlinger never used HWC_BACKGROUND, so we can't trust
that HWC1 devices implemented it correctly. To preserve backwards
compatibility, this changes the behavior to fall back to client
composition to minimize incompatibilities with existing devices.

Bug: 30479781
Change-Id: I638339062e03f2c057b3e1624e7157587ddee7ec

Add a new method forceScopedDisconnect to Surface. This will
be used by the framework to force disconnection at times where
the underlying GraphicBufferProducer may be about to be reused.
This is scoped by PID to avoid conflicting with remote producers.

Bug: 30236166
Change-Id: I857216483c0b550f240b3baea41977cbc58a67ed

The NPOT version already has 3 as the threshold and at least one
platform seems to have diff of 3 in one of the internal pixels for POW2
variant.

Bug: 21306103
Bug: 30920650
Change-Id: I7882a6ff43ffc862d95fea32c8ee8e7f19fb759d
Cherry-pick from master (e3747fd25918c943caef4d9c7158a668c786c55d)

Add a command to delete odex files.

Bug: 31347757
Change-Id: I29bca8751bcee8d6981c682fbbc816c73b78ac68

am: 7b265d8a  -s ours

Change-Id: I555ef520067d4300450ef3b0e91f127d06e55b66

am: 82110471  -s ours

Change-Id: If827f77c9c8cb36ad3a8f2eaeb6157bc59258a7a