See build/soong/README.md for more information.
Test: m -j checkbuild
Change-Id: Ie3c9c3d3c8c75ade36422d1e8ee0a5fe117e9091
(cherry picked from commit 3f8fd40f285dba5b3639ee1e3d4e4544048c1446)
See build/soong/README.md for more information.
Test: m -j checkbuild
Change-Id: I0b45697d1042cb1647f2609b2257444dede84d2a
(cherry picked from commit aa0d4355d78a94b2c6557983d1fa9aa6c529294c)
MemoryIntArray was using the size of the undelying
ashmem region to mmap the data but the ashmem size
can be changed until the former is memory mapped.
Since we use the ashmem region size for boundary
checking and memory unmapping if it does not match
the size used while mapping an attacker can force
the system to unmap memory or to access undefined
memory and crash.
Also we were passing the memory address where the
ashmem region is mapped in the owner process to
support cases where the client can pass back the
MemoryIntArray instance. This allows an attacker
to put invalid address and cause arbitrary memory
to be freed.
Now we no longer support passing back the instance
to the owner process (the passed back instance is
read only), so no need to pass the memory adress
of the owner's mapping, thus not allowing freeing
arbitrary memory.
Further, we now check the memory mapped size against
the size of the underlying ashmem region after we do
the memory mapping (to fix the ahsmem size) and if
an attacker changed the size under us we throw.
Tests: Updated the tests and they pass.
bug:33039926
bug:33042690
Change-Id: Ib8e50afcdb5475123968572ac9696e8ed4031631
The headers are already migrated because they're in
frameworks/native/include/android, which was covered when migrating
libandroid.
Test: make native
Bug: http://b/30465923
Change-Id: I610dc6c613f2a408960088a86629073da38682a0
