limit MediaMetadata object size to avoid Binder failures, version 2 #248
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…SELECTED Treat it same way other storage perms are treated for now.
This is a workaround for a bug that auto-dismisses crash dialog for native crash almost immediately after it is shown. Crash dialogs are shown only for foreground apps by default, there's no need to auto dismiss them.
Crash report dialog is not affected, it uses startActivityAsUser() already.
ANR stack traces file contains stack traces of all app's threads and of all threads of relevant or possibly relevant system processes, such as system_server.
Access to these files is controlled by their SELinux policy. They are labeled as anr_data_file. Enforcing additional read restrictions for ANR stack traces files through Unix permissions prevented LogViewer app from accessing them, since it doesn't run as the highly privileged UID 1000 (android.uid.system) which owns these files.
Adds a "Show details" item to crash and ANR (app not responding) dialogs which opens the LogViewer app.
…ystem_server side Don't require reboot or settings re-set for always on and lockdown to take effect on first vpn connection. The requirement for reboot, re-set at settings has been caused by a permission not granted or declared by VpnDialogs, which caused the unexpected behavior. Prevent this by checking the permission of local process instead.
In the general case, ContentProvider authorities can't be renamed because they aren't required to be based on the package name. Chromium always forms ContentProvider authorities by prefixing them with its package name, and relies on this invariant in code. When its package is renamed by original-package handling code, statements like String authority = context.getPackageName() + CONSTANT become invalid. Add a special-case for Vanadium to fix this.
This is needed for properly verifying updates of system packages.
versionCode of many system packages, including privileged ones, is set to the current SDK version and is thus not incremented during non-major OS upgrades. This allowed to downgrade them to the older version that had the same versionCode.
Change-Id: I5ccc4d61e52ac11ef33f44618d0e610089885b87
Squashed with:
Author: Daniel Micay <danielmicay@gmail.com>
Date: Wed Mar 15 06:32:20 2023 -0400
simplify removal of SUPL IMSI / phone number
This is not required for SUPL to work and the comment about Google is
unnecessary.
Adds a global data structure that is accessible by privileged installers and allows them to avoid installing the same package at the same time.
Applies to device PIN, SIM PIN and SIM PUK input screens.
This setting disables animations in keyguard PIN input UI.
This allows apps that have minor dependency on GmsCore (such as Pixel Camera) to work without having GmsCore installed.
Depends on commit: "don't crash apps that depend on missing Gservices provider"
- isolate EuiccGoogle from all non-system package via AppsFilter, which stops it from sending data to Google through GmsCore. EuiccGoogle doesn't send data to Google directly - keep EuiccGoogle disabled by default, but do not disable it after each reboot - remove a misleading "device information will be sent to Google" message that appears before eSIM download
Add missing @OverRide annotations, which don't change functionality but ensure that compilation fails if base methods gets removed or renamed.
…ons"" This reverts commit 00a5aed.
Fixes an issue where the End session button would show up on the owner profile but with no text (just an empty colored shape). Test: atest SystemUITests:KeyguardIndicationRotateTextViewControllerTest SystemUITests:KeyguardIndicationTest (note that these tests seem to just mock the KeyguardIndicationRotateTextView, so the code doesn't actually get called) Test: atest SystemUITests:com.android.systemui.keyguard
Remove unused strings.
…ch sensitivity. (GrapheneOS#2)" This is handled by a synthetic resource overlay now.
MediaMetadata objects are transferred over Binder. Serialized heap bitmaps for media artwork are sometimes larger than the max Binder transaction size. This commit switches MediaMetadata to shared bitmaps in order to avoid Binder transaction failures. Shared bitmaps are very small in serialized form.
…new ones" This reverts commit eccb446. This seem to trigger race conditions in GMS with the later FLAG_OVERRIDE broadcasts; overridden flag values were inconsistently set.
Async dexopt was added in Android 16. It has introduced a bug in handling of concurrent installs of the same package. Such installs started to corrupt the internal PackageManager state of the affected packages, which led to system_server crashes when attempting to uninstall them. As a workaround, this commit makes the package installer reject install requests for packages that are already being installed (package updates are considered to be installs too). For more info, see GrapheneOS#230 Based on GrapheneOS#234
Pseudo-locales currently render the device unbootable.
Add missing handling for packages that are renamed by the original-package system.
Temporary until Dialer gets CallStyle set for calling notifications. If the Dialer has two or more ungrouped notifications, autogrouping will occur. It just so happens that legacy voicemail notification is also ungrouped. Autogrouping call notifications will result in `Notification.FLAG_SILENT` being added to incoming call notifications, and that will prevent the fullScreenIntent from showing.
Apps can use it to exfiltrate data to a server.
...and activity does not request showWhenLocked. The splash screen won't contains secure information, so it's safe to declared as showWhenLocked. But before remove starting window, if the activity does not request showWhenLocked and device is locked, try to trigger unoccluding animation, and keep app window hide until transition animation finish. Bug: 378088391 Bug: 383131643 Test: run simulate app repeatly, verify the app content won't be visible during transition animation. Merged-In: Id4db3772950059803883d00f9dd6b94aa98382f0 Change-Id: Id4db3772950059803883d00f9dd6b94aa98382f0
This reverts commit 1c05ff2.
This reverts commit 50ce923.
Bitmap dimension limit is not initialized in some cases during MediaMetadata.Builder creation.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
14 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.