Various authenticator results such as getAuthToken and addAccount might
result in an Intent returned to the AccountManager caller. A malicious
authenticator could exploit the fact that the Settings are a system app,
lead the user to launch add account for their account type and thus get
Settings to use the intent to start some arbitrary third parties Activity.
The fix is to make sure that the UID of the app associated with Activity
to be launched by the supplied intent and the Authenticators UID share
the same signature. This means that an authenticator implementer can only
exploit apps they control.
This is a backport of 5bab9daf3cf66f4de19f8757e386030e8bef23ce
Bug: 7699048
Change-Id: Ifed345c2fc20020d55fa2cab1f2f7ea509ea09b2
Various authenticator results such as getAuthToken and addAccount might
result in an Intent returned to the AccountManager caller. A malicious
authenticator could exploit the fact that the Settings are a system app,
lead the user to launch add account for their account type and thus get
Settings to use the intent to start some arbitrary third parties Activity.
The fix is to make sure that the UID of the app associated with Activity
to be launched by the supplied intent and the Authenticators UID share
the same signature. This means that an authenticator implementer can only
exploit apps they control.
Bug: 7699048
Change-Id: I34330454c341e6a8422ca1ed3b390466a0feedce
(cherry picked from commit 5bab9daf3cf66f4de19f8757e386030e8bef23ce)
Normally we do not wake the device when the internal touch screen is
touched. This behavior can now be configured by setting a property
in the input device configuration file. Add the following line to
the IDC file to enable an initial touch to wake the device from sleep.
touch.wake = 1
Change-Id: Ifd6d4f51afacd30d85f475725a66e6fcccde9cbb
Note that files changed in this patch have been automatically
generated by running frameworks/native/opengl/tools/glgen/gen
script
This will allow eglGetDisplay(int) to work on both 32-bit and
64-bit systems when EGL_DEFAULT_DISPLAY is passed as a parameter.
Change-Id: Idf27d6e00d623d331bb2d4d7f85fa450e0db26c9
Signed-off-by: Ashok Bhat <ashok.bhat@arm.com>
Some caches(PatchCache, TextureCache, PathCache) for HWUI
uses deferred removal for their cache entries even though
actual resource objects are immediately freed by
ResourceCache.
For this reason, the uniqueness of a resource address in
the caches is not guaranteed in specific cases.
(Because malloc() can return the same address when malloc()
and free() called very frequently.)
So it can be possible the cache have two cache entries for
two different resources but the same memory address.
(Of course one of the resources is already freed.)
It also can be possible mGarbage vector in PatchCache has
duplicated addresses and this can lead to duplicated free
blocks in the free block list and graphics corruption.
(Deferred removal was implmeneted based on an assumption of
unique resource addresses.)
So this patch makes sure resource objects are freed after
the resources are removed from the caches to guarantee
the uniqueness of a resource address and prevent graphics
corruption.
Change-Id: I040f033a4fc783d2c4bc04b113589657c36fb15b
Signed-off-by: Sangkyu Lee <sk82.lee@lge.com>
All callers have been moved over to getNativeAsset, and
this method has been hidden from the public API internally.
Change-Id: I5f29b5ddb4449adadf426e49a4085c7320289a15
