1. 08 May, 2022 1 commit
    • 比特彗星's avatar
      Changes to be committed: · c40f371f
      比特彗星 authored
      	modified:   cmds/installd/InstalldNativeService.cpp
      	modified:   libs/binder/Binder.cpp
      	modified:   libs/binder/ProcessState.cpp
      
      Change-Id: Iceb9579c6d37c49a039fe121e7955faf32dd94de
      c40f371f
  2. 15 Jan, 2022 2 commits
    • Android Build Coastguard Worker's avatar
      Merge cherrypicks of [16194632] into security-aosp-rvc-release. · d4331684
      Android Build Coastguard Worker authored
      Change-Id: I0cdb3efc658328fc39c90136813865536d341306
      d4331684
    • Siarhei Vishniakou's avatar
      Check if the window is partially obscured for slippery enters · 53414cae
      Siarhei Vishniakou authored
      Currently, we only check whether a window is partially obscured during
      the initial tap down. However, there is another use case: slippery
      enter.
      
      During a slippery enter, the touch down is generated into the
      slipped-into window, and touch cancel is generated for the slipped-from
      window. The window receiving the slippery enter does not need to have
      any flags.
      
      Until we figure out whether we can restrict the usage of this flag to
      system components, add this check as an intermediate fix.
      
      Bug: 157929241
      Test: atest FlagSlipperyTest
      Test: atest inputflinger_tests
      Change-Id: I93d9681479f41244ffed4b1f88cceb69be71adf2
      Merged-In: I93d9681479f41244ffed4b1f88cceb69be71adf2
      (cherry picked from commit d8c6ef21387db53930d728272db24cca1cd38a38)
      Merged-In:I93d9681479f41244ffed4b1f88cceb69be71adf2
      53414cae
  3. 13 Nov, 2021 1 commit
  4. 12 Nov, 2021 1 commit
    • Steven Moreland's avatar
      avoid extra release of unowned objects in Parcel error path · a9d41ef7
      Steven Moreland authored
      Another bug due to a huge amount of complexity in the Parcel
      implementation.
      
      Bug: 203847542
      Test: added testcase fails on device w/o Parcel.cpp fix, and it passes
        on a device with the fix
      Merged-In: I34411675687cb3d18bffa082984ebdf308e1c1a6
      Change-Id: I34411675687cb3d18bffa082984ebdf308e1c1a6
      (cherry picked from commit 04390376b043bf6a15ff2943a9ed63d9d8173842)
      (cherry picked from commit d668098e4714025b41052207c9332de86dc3936a)
      Merged-In:I34411675687cb3d18bffa082984ebdf308e1c1a6
      a9d41ef7
  5. 10 Sep, 2021 2 commits
  6. 30 Jun, 2021 2 commits
    • Android Build Coastguard Worker's avatar
      Merge cherrypicks of [15151698, 15151719, 15151903, 15151905, 15151907,... · 6f1f9d41
      Android Build Coastguard Worker authored
      Merge cherrypicks of [15151698, 15151719, 15151903, 15151905, 15151907, 15151908, 15151950, 15151952, 15151953, 15151954, 15151955, 15151956, 15151958, 15151937, 15151938, 15151939, 15151860, 15151990, 15151977, 15151978, 15151979] into security-aosp-rvc-release
      
      Change-Id: I74f8dad38fb6392ef544cf81c710883b66816050
      6f1f9d41
    • Siarhei Vishniakou's avatar
      Do not modify vector after getting references · 92978652
      Siarhei Vishniakou authored
      We used to obtain a reference to a specific element inside a vector. We
      would then modify the vector, invalidating the reference. But we then
      used the reference, and passed it to 'assignPointerIds'.
      
      Refactor the code to modify the collection first, and then to proceed
      with modifying / reading the elements.
      
      Bug: 179839665
      Test: atest inputflinger_tests (on a hwasan build)
      Merged-In: I9204b954884e9c83a50babdad5e08a0f6d18ad78
      Change-Id: I9204b954884e9c83a50babdad5e08a0f6d18ad78
      (cherry picked from commit 8cf78f9553981600f57e9c829886848172114484)
      92978652
  7. 08 Jan, 2021 2 commits
    • Steven Moreland's avatar
      libbinder: readString*Inplace SafetyNet (II) · ffa62ed9
      Steven Moreland authored
      SafetyNet logs (this time for failure case, instead of success case).
      
      Bug: 172655291
      Test: adb logcat -b events | grep snet # exactly one occurance w/ repro
      (c/p'd from 34af0637666f43ae62040ad1bad76468423feba2)
      Merged-In: I75ace071693c0a4579ed9477f7b9212a6e27c36d
      Change-Id: I75ace071693c0a4579ed9477f7b9212a6e27c36d
      
      (cherry picked from commit 61d0f84881cfc1bbac513ccd156c56603a48cc90)
      ffa62ed9
    • Steven Moreland's avatar
      libbinder: check null bytes in readString*Inplace · 6fa3f0d4
      Steven Moreland authored
      This is entirely defensive, since the only real guarantee we have here
      from these APIs is that a buffer of a given length is available.
      However, since we write 0's here, presumably to guard against people
      assuming these are null-terminated strings, we might as well enforce
      that they are actually null terminated.
      
      Bug: 172655291
      Test: binderParcelTest (added in newer CL)
      Change-Id: Ie879112540155f6a93b97aeaf3d41ed8ba4ae79f
      Merged-In: Ie879112540155f6a93b97aeaf3d41ed8ba4ae79f
      (cherry picked from commit 51e02b16c397c44ddf81a0736cf6045cd4c44128)
      (cherry picked from commit 58f5cfa56d5282e69a7580dc4bb97603c409f003)
      6fa3f0d4
  8. 09 Dec, 2020 1 commit
  9. 12 Nov, 2020 2 commits
    • Jon Spivack's avatar
      libbinder: Add ClientCounterCallbackImpl to LazyServiceRegistrar · e0ef4474
      Jon Spivack authored
      This extra layer of indirection below ClientCounterCallback fixes a shared pointer ownership issue between LazyServiceRegistrar and ServiceManager. It also allows for implementation changes (like this one) without changing headers and breaking VNDK.
      
      Bug: 170212632
      Test: Manual (Went through reproduction steps in bug on cf_x86_phone-userdebug)
      Test: atest aidl_lazy_test
      Change-Id: I4164a6d44e567c752726953e85aee0e91c6b525e
      Merged-In: I4164a6d44e567c752726953e85aee0e91c6b525e
      (cherry picked from commit 7c227cc333b85938a1ad0f860655bb83567ca755)
      e0ef4474
    • Arthur Ishiguro's avatar
      Prevent mEventCache UAF in SensorEventConnection · 26824396
      Arthur Ishiguro authored
      Since there is no check to see if SensorEventConnection has been
      destroyed, the mEventCache pointer can still be used even after it
      was freed.
      
      Bug: 168211968
      Test: Run test code that attempts to enable a sensor after destroying
      the SensorEventConnection, and verify no system_server crash occurs.
      
      Change-Id: Ia9275b7cc574df371cdb2e1b80c6699df193b580
      Merged-In: Ia9275b7cc574df371cdb2e1b80c6699df193b580
      (cherry picked from commit 3e9afc163256db661b9039120d07501b3a8a7d99)
      (cherry picked from commit f1bf7dd095ac2f632442663cb16aeef4691b93e7)
      26824396
  10. 16 Sep, 2020 1 commit
    • Steven Moreland's avatar
      libbinder_ndk: fix failure when dump/shell are unset · 1f8eaf99
      Steven Moreland authored
      People directly using libbinder_ndk functions who didn't create a debug
      dump function function would fail to initialize that pointer, and
      potentially crash. Those who didn't create a shell function were
      guaranteed to crash. This wasn't noticed because the C++ wrappers which
      are the recommended way to use libbinder_ndk always set these functions.
      
      Bug: 161812320
      Test: unit tests
      
      Merged-In: I1f6909531bc640097f3f48c4a558fd03f2fa62cb
      Change-Id: I1f6909531bc640097f3f48c4a558fd03f2fa62cb
      (cherry picked from commit deb5346761308d9cda3a249283a482a1ce08549e)
      1f8eaf99
  11. 02 Sep, 2020 1 commit
    • Yiwei Zhang's avatar
      GpuService: secure setUpdatableDriverPath · b437df06
      Yiwei Zhang authored
      setUpdatableDriverPath should only be called by system_server and
      developer driver path needs to be protected by a lock.
      
      Bug: 162383705
      Bug: 159240322
      Test: ./gapit validate_gpu_profiling --os android
      Change-Id: I48896325598acab89079dbc658ddf9b92d303244
      Merged-In: I48896325598acab89079dbc658ddf9b92d303244
      (cherry picked from commit 2b65d6ca48773901c396344c5fdc851ec14a4bdf)
      b437df06
  12. 18 Jul, 2020 1 commit
  13. 16 Jul, 2020 1 commit
    • Stan Iliev's avatar
      Fix TextureView calling eglCreateImage with a destructed buffer · df8a0739
      Stan Iliev authored
      Fix an issue with hardware buffer passed from the SurfaceTexture
      being destroyed before an SkImage is created. This CL is matched
      by a change in frameworks/base I4d121f087fc842ce317745e7b7e2656f80a52b7d.
      
      Test: Ran TextureView CTS tests and a few apps that use TextureView.
      Test: Fix verified by partner Mediatek
      Bug: 160930384
      Bug: 152781833
      Bug: 153045874
      Bug: 156047948
      Bug: 160514803
      Bug: 155545635
      Bug: 155171712
      Change-Id: I2e025e683052168546f2e271a20a857b1e556b64
      (cherry picked from commit 0702f1d077bab79c76a4889d7859abbaabf06b81)
      df8a0739
  14. 15 Jul, 2020 1 commit
  15. 14 Jul, 2020 1 commit
  16. 10 Jul, 2020 3 commits
  17. 09 Jul, 2020 2 commits
  18. 08 Jul, 2020 1 commit
    • Ady Abraham's avatar
      SurfaceFlinger: only ExplicitDefault can use appRequestRange · 20c029ce
      Ady Abraham authored
      This change is limiting layers that are ExplicitExactOrMultiple from
      using a refresh rate outside of the primary range. When these layers
      are visible and there is an interaction with the device, we usually
      change the refresh rate due to other layers that are animating. Letting
      layers that are ExplicitExactOrMultiple to pick a refresh rate from the
      extended appRequestRange results in refresh rate changes which are not
      desired.
      
      Bug: 159940172
      Test: YouTube when the device the primary range is restricted
      Change-Id: I6aa60c359d690a92342963cb14bdeece4e6d5c5f
      20c029ce
  19. 07 Jul, 2020 1 commit
    • Stan Rokita's avatar
      Check if sensor is accessible on flush · 29adc8cc
      Stan Rokita authored
      In cases where halVersion is less than or equal to 1 or the sensor is
      virtual the sensor service does not first check that the sensor is
      accessible. This was causing failures for tests where a virtual sensor
      was used because the flush command was not returning error. Now
      INVALID_OPERATION is returned when flush is called on an idle sensor.
      
      Test: set IGNORE_HARDWARE_FUSION to true and cts-tradefed && run cts -m
      CtsSensorTestCases -t
      android.hardware.cts.SensorTest#testBatchAndFlushUidIdle which fails
      before this change, but passes now
      Bug: 160282248
      
      Change-Id: I6860bcdb9be341b5e2025caf7606d071779c9b39
      29adc8cc
  20. 01 Jul, 2020 1 commit
  21. 30 Jun, 2020 1 commit
  22. 29 Jun, 2020 1 commit
    • Kevin DuBois's avatar
      SF: update VSP timebase on error condition · 241d0eed
      Kevin DuBois authored
      When an vsync timestamp is recorded that is anonmolous to the currently
      recorded timestamp ringbuffer, update the timebase for synthetic
      calculations.
      
      Test: 2 new unit tests
      Test: visual spot checking interactions on pixel4 device
      Test: uibench a/b anti-regression
      Test: dogfood with patch based one recent rvc build.
      Fixes: 159882858
      Change-Id: Ie201cd593a54586d9b1f488c6d2ca44178d75cf1
      241d0eed
  23. 27 Jun, 2020 3 commits
  24. 26 Jun, 2020 7 commits