| Age | Commit message (Collapse) | Author |
|---|
|
t-keystone-qcom-dev
|
|
Using decoder capabilities for determining max size and rate
can cause failure during screen record as encoder might not be
capable of supporting it. As encoder supported size and rate
are implicitly supported by decoder, recordings will be
playable on device.
CRs-Fixed: 3593702
Change-Id: I5c9eb491df248e6150cc956574ab609102db9ac9
|
|
t-keystone-qcom-release
Change-Id: Ie3f2b3314c649cac9373c0bce29a350c9bd826d6
|
|
t-keystone-qcom-dev
|
|
t-keystone-qcom-release
Change-Id: Ia08652617d83286d1bab2c10cd8a42ae8c59edcd
|
|
CRs-Fixed: 3558573
Change-Id: I55668c1602b56596091a30d4e8faa68b8c72f1c9
|
|
Bug: 242023882
Test: manual test
CRs-Fixed: 3558573
Change-Id: I4dcfb72a038289a480bff21f2ec4756edb441eb2
(cherry picked from commit 429c14f3051450a94e58bcd310218123748159a6)
|
|
Change-Id: I9f7cfc054926dea0e76e930183ed84f778ab9290
|
|
Using decoder capabilities for determining max size and rate
can cause failure during screen record as encoder might not be
capable of supporting it. As encoder supported size and rate
are implicitly supported by decoder, recordings will be
playable on device.
CRs-Fixed: 3593702
Change-Id: I5c9eb491df248e6150cc956574ab609102db9ac9
|
|
Change-Id: I212cfbd6fecc0a4980df4d20f755cb7264f95e3b
|
|
t-keystone-qcom-release
Change-Id: Ie93e30ff88a8029cb78cd1a59f06c20baf743b7b
|
|
The logic behind CTS and Play Integrity has been updated today it now
checks the product and model names against the fingerprint and if
they do not match the CTS profile will fail.
Also switch to a newer FP from Pixel 2 while we are at it.
Squashed also with the following commit:
Author: Dyneteve <dyneteve@hentaios.com>
Date: Tue Aug 23 18:57:05 2022 +0200
gmscompat: Apply the SafetyNet workaround to Play Store
Play Store is used for the new Play Integrity API, extend the hack
to it as well
Test: Device Integrity and Basic Integrity passes.
Signed-off-by: Dyneteve <dyneteve@hentaios.com>
Change-Id: Id607cdff0b902f285a6c1b769c0a4ee4202842b1
Test: Boot, check for CTS and Play Integrity
Change-Id: I089d5ef935bba40338e10c795ea7d181103ffd15
Signed-off-by: Dyneteve <dyneteve@hentaios.com>
|
|
Multi-layer rendering can result in unexpected pending between UI
thread and render thread if pre-rendering enabled. Need to disable
pre-rendering for multi-layer cases when view get updated and calling
doRemoveView function.
Change-Id: I02989689c5ff5af6b08417a035b7684834a342b7
CRs-Fixed: 3528182
|
|
'googleplex-android-review.googlesource.com/23517237', 'googleplex-android-review.googlesource.com/23770590', 'googleplex-android-review.googlesource.com/23892147', 'googleplex-android-review.googlesource.com/23877018', 'googleplex-android-review.googlesource.com/23785419', 'googleplex-android-review.googlesource.com/23817819', 'googleplex-android-review.googlesource.com/23835332', 'googleplex-android-review.googlesource.com/23436487', 'googleplex-android-review.googlesource.com/24057913', 'googleplex-android-review.googlesource.com/24212143', 'googleplex-android-review.googlesource.com/24300599'] into tm-platform-release.
Change-Id: If074f61e64626640de606f94bd82a7ac0065de01
|
|
When RescueParty detects that a system process is crashing frequently,
it tries to recover in various ways, such as by resetting all settings.
Unfortunately, this included resetting the secure_frp_mode setting,
which is the means by which the system keeps track of whether the
Factory Reset Protection (FRP) challenge has been passed yet. With this
setting reset, some FRP restrictions went away and it became possible to
bypass FRP by setting a new lockscreen credential.
Fix this by excluding secure_frp_mode from resets.
Note: currently this bug isn't reproducible on 'main' due to ag/23727749
disabling much of RescueParty, but that is a temporary change.
Bug: 253043065
Test: With ag/23727749 reverted and with my fix to prevent
com.android.settings from crashing *not* applied, tried repeatedly
setting lockscreen credential while in FRP mode, using the
smartlock setup activity launched by intent via adb. Verified
that although RescueParty is still triggered after 5 attempts,
secure_frp_mode is no longer reset (its value remains "1").
Test: Verified that secure_frp_mode still gets changed from 1 to 0 when
FRP is passed legitimately.
Test: atest com.android.providers.settings.SettingsProviderTest
Test: atest android.provider.SettingsProviderTest
(cherry picked from commit 9890dd7f15c091f7d1a09e4fddb9f85d32015955)
(changed Global.SECURE_FRP_MODE to Secure.SECURE_FRP_MODE,
needed because this setting was moved in U)
(removed static keyword from shouldExcludeSettingFromReset(),
needed for compatibility with Java 15 and earlier)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:efc2b69c88c3b4686a521935d6e5e9884b9e6347)
Merged-In: Id95ed43b9cc2208090064392bcd5dc012710af93
Change-Id: Id95ed43b9cc2208090064392bcd5dc012710af93
|
|
Test: manual with the steps from the bug
Test: manual with a normal icon
Test: atest CanUseIconPredicate
Test: atest ControlViewHolderTest
Bug: 272025416
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:ffa97f42dd9496bb404e01727c923292d05a4466)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:570aad7c61e4fc8854ed1aba97cbb6e6a491ca6d)
Merged-In: I60896a6f53307f0e97a9223b599a2891c6c0c08d
Change-Id: I60896a6f53307f0e97a9223b599a2891c6c0c08d
|
|
Test: tested with POC in bug, also using atest
Bug: 224771621
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:fb4a72e3943d166088407e61aa4439ac349f3f12)
Merged-In: Ide65205b83063801971c5778af3154bcf3f0e530
Change-Id: Ide65205b83063801971c5778af3154bcf3f0e530
|
|
Bug: 278246904
Test: manually, with the PoC app attached to the bug
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:1aee65603e262affd815fa53dcc5416c605e4037)
Merged-In: Ib3f5b8b6b9ce644fdf1173548d9078e4d969ae2e
Change-Id: Ib3f5b8b6b9ce644fdf1173548d9078e4d969ae2e
|
|
Implicitly convert all Uris to StringUris during parcel read/write.
Bug: 231476072
Test: atest UriTest
(cherry picked from commit 98bc5f99b14239aa871a998548ad80a076756318)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:18a2f95baeabdf23ecdb0475e62b8395825a26f6)
Merged-In: Ic7688a00a07705301e5b06ee8783e801395e9f15
Change-Id: Ic7688a00a07705301e5b06ee8783e801395e9f15
|
|
Check permissions of URI inside of FillResponse's RemoteViews. If the
current user does not have the required permissions to view the URI, the
RemoteView is dropped from displaying.
This fixes a security spill in which a user can view content of another
user through a malicious Autofill provider.
Bug: 283137865
Fixes: b/283264674 b/281666022 b/281665050 b/281848557 b/281533566
b/281534749 b/283101289
Test: Verified by POC app attached in bugs
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:60a0e4f12a1e1ebc609e200ecbb7f80dcb5c1319)
Merged-In: I6f4d2a35e89bbed7bd9e07bf5cd3e2d68b20af9a
Change-Id: I6f4d2a35e89bbed7bd9e07bf5cd3e2d68b20af9a
|
|
The key mapping information between the native key mappings and
the KeyCharacterMap object available in Java is currently shared,
which means that a read can be attempted while it's being modified.
Bug: 274058082
Test: Patch tested by Oppo
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:3d993de0d1ada8065d1fe561f690c8f82b6a7d4b)
Merged-In: I745008a0a8ea30830660c45dcebee917b3913d13
Change-Id: I745008a0a8ea30830660c45dcebee917b3913d13
|
|
Also added a step to serialize & deserialize the notification in the
test, to prevent exceptions about not being able to cast e.g.
Parcelable[] to RemoteInputHistoryItem[].
Test: atest NotificationManagerServiceTest & tested with POC from bug
Bug: 276729064
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:4e19431a60300c6ea6c7f7dd64299916e4eb09bc)
Merged-In: I7053ca59f9c7f1df5226418594109cfb8b609b1e
Change-Id: I7053ca59f9c7f1df5226418594109cfb8b609b1e
|
|
EXTRA_REMOTE_INPUT_HISTORY_ITEMS."
This reverts commit 43b1711332763788c7abf05c3baa931296c45bbb.
Reason for revert: regression reported at b/289223315
Bug: 289223315
Bug: 276729064
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:f69ded9ec319f753d1464586ee28248b84a2bacd)
Merged-In: I101938fbc51592537023345ba1e642827510981b
Change-Id: I101938fbc51592537023345ba1e642827510981b
|
|
BUG:286996125
Auto-generated-cl: translation import
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:7aa5b1415941f8c4172d02072f59349d30450232)
Merged-In: Ic6ab0430324902d7fe42feb491c2b92a13e8bc17
Change-Id: Ic6ab0430324902d7fe42feb491c2b92a13e8bc17
|
|
When an app posts a media control with no available title, show a
placeholder string with the app name instead
Bug: 274775190
Test: atest MediaDataManagerTest
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:965e514614f374dcffe2a638b7ecee3d51531340)
Merged-In: Ie406c180af48653595e8e222a15b4dda27de2e0e
Change-Id: Ie406c180af48653595e8e222a15b4dda27de2e0e
|
|
When a ringtone picker tries to set a ringtone through
RingtoneManager.setActualDefaultRingtoneUri (also
called by com.android.settings.DefaultRingtonePreference),
verify the mimeType can be obtained (not found when caller
doesn't have access to it) and it is an audio resource.
Bug: 205837340
Test: atest android.media.audio.cts.RingtoneManagerTest
(cherry picked from commit 38618f9fb16d3b5617e2289354d47abe5af17dad)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:88f5aae54cf522e4ec50c2dbf2c782872734db00)
Merged-In: I3f2c487ded405c0c1a83ef0a2fe99cff7cc9328e
Change-Id: I3f2c487ded405c0c1a83ef0a2fe99cff7cc9328e
|
|
Change-Id: Id53ca628b754f072352fa9323ceec5c249b0267f
|
|
'googleplex-android-review.googlesource.com/23497629', 'googleplex-android-review.googlesource.com/23769813', 'googleplex-android-review.googlesource.com/23892525', 'googleplex-android-review.googlesource.com/23877020', 'googleplex-android-review.googlesource.com/23785419', 'googleplex-android-review.googlesource.com/23847203', 'googleplex-android-review.googlesource.com/23835332', 'googleplex-android-review.googlesource.com/23423703', 'googleplex-android-review.googlesource.com/24057913', 'googleplex-android-review.googlesource.com/23981526', 'googleplex-android-review.googlesource.com/24300600', 'googleplex-android-review.googlesource.com/24273139'] into sc-v2-platform-release.
Change-Id: I509ecc8ae64fea5fd76439f7d988a8b32245d53b
|
|
Which may be abused by malicious app to create a non-visible PiP
window that bypasses the background restriction.
Bug: 270368476
Test: Manually, using the POC app
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:59ef2c19e559bfc3f29974d63735758185975074)
Merged-In: I3531a64fc67a1b6c43997ee33b7a7d4ab4e2d985
Change-Id: I3531a64fc67a1b6c43997ee33b7a7d4ab4e2d985
|
|
When RescueParty detects that a system process is crashing frequently,
it tries to recover in various ways, such as by resetting all settings.
Unfortunately, this included resetting the secure_frp_mode setting,
which is the means by which the system keeps track of whether the
Factory Reset Protection (FRP) challenge has been passed yet. With this
setting reset, some FRP restrictions went away and it became possible to
bypass FRP by setting a new lockscreen credential.
Fix this by excluding secure_frp_mode from resets.
Note: currently this bug isn't reproducible on 'main' due to ag/23727749
disabling much of RescueParty, but that is a temporary change.
Bug: 253043065
Test: With ag/23727749 reverted and with my fix to prevent
com.android.settings from crashing *not* applied, tried repeatedly
setting lockscreen credential while in FRP mode, using the
smartlock setup activity launched by intent via adb. Verified
that although RescueParty is still triggered after 5 attempts,
secure_frp_mode is no longer reset (its value remains "1").
Test: Verified that secure_frp_mode still gets changed from 1 to 0 when
FRP is passed legitimately.
Test: atest com.android.providers.settings.SettingsProviderTest
Test: atest android.provider.SettingsProviderTest
(cherry picked from commit 9890dd7f15c091f7d1a09e4fddb9f85d32015955)
(changed Global.SECURE_FRP_MODE to Secure.SECURE_FRP_MODE,
needed because this setting was moved in U)
(removed static keyword from shouldExcludeSettingFromReset(),
needed for compatibility with Java 15 and earlier)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:a7ea34724f1bdebde64d9e9a1391c92dc2e189b5)
Merged-In: Id95ed43b9cc2208090064392bcd5dc012710af93
Change-Id: Id95ed43b9cc2208090064392bcd5dc012710af93
|
|
Test: manual with the steps from the bug
Test: manual with a normal icon
Test: atest CanUseIconPredicate
Test: atest ControlViewHolderTest
Bug: 272025416
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:ffa97f42dd9496bb404e01727c923292d05a4466)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:2be24a7804701f3dc3e185196a55e4b0add2b79b)
Merged-In: Ibe4fb69a90904787b9f97a7cd90d318a047d1e11
Change-Id: Ibe4fb69a90904787b9f97a7cd90d318a047d1e11
|
|
Test: tested with POC in bug, also using atest
Bug: 224771621
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:fb4a72e3943d166088407e61aa4439ac349f3f12)
Merged-In: Ide65205b83063801971c5778af3154bcf3f0e530
Change-Id: Ide65205b83063801971c5778af3154bcf3f0e530
|
|
Bug: 278246904
Test: manually, with the PoC app attached to the bug
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:4bf71d74fc21cd9389dbe00fb750e2f9802eb789)
Merged-In: Idbd4081bf464e2b3420d4c3fd22ca37867d26bc0
Change-Id: Idbd4081bf464e2b3420d4c3fd22ca37867d26bc0
|
|
Implicitly convert all Uris to StringUris during parcel read/write.
Bug: 231476072
Test: atest UriTest
(cherry picked from commit 98bc5f99b14239aa871a998548ad80a076756318)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:18a2f95baeabdf23ecdb0475e62b8395825a26f6)
Merged-In: Ic7688a00a07705301e5b06ee8783e801395e9f15
Change-Id: Ic7688a00a07705301e5b06ee8783e801395e9f15
|
|
Check permissions of URI inside of FillResponse's RemoteViews. If the
current user does not have the required permissions to view the URI, the
RemoteView is dropped from displaying.
This fixes a security spill in which a user can view content of another
user through a malicious Autofill provider.
Bug: 283137865
Fixes: b/283264674 b/281666022 b/281665050 b/281848557 b/281533566
b/281534749 b/283101289
Test: Verified by POC app attached in bugs
Test: atest CtsAutoFillServiceTestCases (added new tests)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:f7ca136c514dc975c3f46d95c53fd6b3752c577a)
Merged-In: I6f4d2a35e89bbed7bd9e07bf5cd3e2d68b20af9a
Change-Id: I6f4d2a35e89bbed7bd9e07bf5cd3e2d68b20af9a
|
|
The key mapping information between the native key mappings and
the KeyCharacterMap object available in Java is currently shared,
which means that a read can be attempted while it's being modified.
Bug: 274058082
Test: Patch tested by Oppo
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:3d993de0d1ada8065d1fe561f690c8f82b6a7d4b)
Merged-In: I745008a0a8ea30830660c45dcebee917b3913d13
Change-Id: I745008a0a8ea30830660c45dcebee917b3913d13
|
|
Also added a step to serialize & deserialize the notification in the
test, to prevent exceptions about not being able to cast e.g.
Parcelable[] to RemoteInputHistoryItem[].
Test: atest NotificationManagerServiceTest & tested with POC from bug
Bug: 276729064
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:88e597d2b31d054ab5286b3a666accb08a8db5d5)
Merged-In: I7053ca59f9c7f1df5226418594109cfb8b609b1e
Change-Id: I7053ca59f9c7f1df5226418594109cfb8b609b1e
|
|
EXTRA_REMOTE_INPUT_HISTORY_ITEMS."
This reverts commit 43b1711332763788c7abf05c3baa931296c45bbb.
Reason for revert: regression reported at b/289223315
Bug: 289223315
Bug: 276729064
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:bdc9b977e376fb3b6047530a179d00fd77f2aec1)
Merged-In: I101938fbc51592537023345ba1e642827510981b
Change-Id: I101938fbc51592537023345ba1e642827510981b
|
|
BUG:286996125
Auto-generated-cl: translation import
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:204ea4a673cc47f154cbff66d664618f1942b6b9)
Merged-In: I88f32886c5748d119bf37745060403a0e31d829d
Change-Id: I88f32886c5748d119bf37745060403a0e31d829d
|
|
When an app posts a media control with no available title, show a
placeholder string with the app name instead
Bug: 274775190
Test: atest MediaDataManagerTest
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:df4686dc0a38b6027960dbe69b3fe18048f02b8f)
Merged-In: Ie406c180af48653595e8e222a15b4dda27de2e0e
Change-Id: Ie406c180af48653595e8e222a15b4dda27de2e0e
|
|
When a ringtone picker tries to set a ringtone through
RingtoneManager.setActualDefaultRingtoneUri (also
called by com.android.settings.DefaultRingtonePreference),
verify the mimeType can be obtained (not found when caller
doesn't have access to it) and it is an audio resource.
Bug: 205837340
Test: atest android.media.audio.cts.RingtoneManagerTest
(cherry picked from commit 38618f9fb16d3b5617e2289354d47abe5af17dad)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:0a4792b62ea86c153653b0663ffe920d90b7cc15)
Merged-In: I3f2c487ded405c0c1a83ef0a2fe99cff7cc9328e
Change-Id: I3f2c487ded405c0c1a83ef0a2fe99cff7cc9328e
|
|
Change-Id: I5f406a1bf947841922ee01bd5e7f7176bcb963bf
|
|
Change-Id: Iea6321438c78aa8022f0e1c4cbadf2a9a310a555
|
|
SafetyNet (part of Google Play Services) opportunistically uses
hardware-backed key attestation via KeyStore as a strong integrity
check. This causes SafetyNet to fail on custom ROMs because the verified
boot key and bootloader unlock state can be detected from attestation
certificates.
As a workaround, we can take advantage of the fact that SafetyNet's
usage of key attestation is opportunistic (i.e. falls back to basic
integrity checks if it fails) and prevent it from getting the
attestation certificate chain from KeyStore. This is done by checking
the stack for DroidGuard, which is the codename for SafetyNet, and
pretending that the device doesn't support key attestation.
Key attestation has only been blocked for SafetyNet specifically, as
Google Play Services and other apps have many valid reasons to use it.
For example, it appears to be involved in Google's mobile security key
ferature.
Change-Id: I5146439d47f42dc6231cb45c4dab9f61540056f6
|
|
The unstable process is where SafetyNet attestation actually runs, so
we only need to spoof the model in that process. Leaving other processes
fixes various issues caused by model detection and flag provisioning,
including screen-off Voice Match in Google Assistant, broken At a Glance
weather and settings on Android 12, and more.
Change-Id: Idcf663907a6c3d0408dbd45b1ac53c9eb4200df8
|
|
SafetyNet's CTS profile attestation checks whether Build.FINGERPRINT
matches that of the device's stock OS, which has passed CTS testing.
Spoof the fingerprint for Google Play Services to help pass SafetyNet.
We used to set the real system build fingerprint to the stock one, but
Android relies on each build having a unique fingerprint in order to
clear the correct caches and update persistent state for system changes.
On devices that no longer receive updates from the OEM, the build
fingerprint never changes and Android doesn't account for updates
correctly, which causes issues when updating without wiping data.
Only spoofing the fingerprint for Google Play Services fixes this issue.
Corresponding vendor commit:
"Only use stock build fingerprint for Google Play Services"
NB: This code is under the gmscompat package, but it does not depend on
any code from gmscompat.
Change-Id: I26a2498eb2e2163933303b03f6d516e5fb30fe51
|
|
"LA.QSSI.13.0.r1-11000.01-qssi.0"
Change-Id: If4923c782646e4f92aec4b158e43d4014a997fa2
|
|
Change-Id: Ifee00f1468aa4653b7ecbe0407847ee5db6f378b
|
|
t-keystone-qcom-release
Change-Id: I8c7942fed10eee79e9d810514a09c1fca7661b68
|
|
'googleplex-android-review.googlesource.com/23476871', 'googleplex-android-review.googlesource.com/23733070', 'googleplex-android-review.googlesource.com/23905843', 'googleplex-android-review.googlesource.com/23905120', 'googleplex-android-review.googlesource.com/23834017'] into tm-platform-release.
Change-Id: Ia68282ccf45d558e9631260f2eaf670d6ab854bd
|
