Android-x86

Fork

• external-gbm_gralloc
• hardware-powerbtnd
• hardware-intel-libva
• manifest
• device-generic-x86_64
• device-generic-common
• system-bt
• hardware-intel-intel-driver
• external-bluetooth-bluedroid
• build
• device-generic-x86
• packages-apps-Camera2
• device-viewsonic-viewpad10
• packages-apps-Taskbar
• packages-apps-Gallery2
• system-media
• hardware-intel-common-libva
• external-vboxguest-linux-modules
• system-netd
• hardware-intel-common-vaapi
• external-swiftshader
• external-efibootmgr
• device-generic-openthos
• packages-apps-Settings
• hardware-ril
• packages-apps-CMFileManager
• packages-apps-Eleven
• external-toybox
• external-drm_hwcomposer
• hardware-libhardware_legacy
• system-extras
• hardware-libsensors
• hardware-liblights
• hardware-broadcom-libbt
• packages-apps-TSCalibration2
• system-core
• packages-apps-Bluetooth
• device-generic-firmware
• device-generic-goldfish
• external-s2tc
• device-asus
• device-amd
• device-common
• device-hp-tx2500
• device-ibm-thinkpad
• device-lenovo-s103t
• device-tegatech-tegav2
• external-srec
• external-webkit
• external-wpa_supplicant_6
• packages-apps-AndroidTerm
• packages-apps-FileManager
• external-tslib
• external-modules-rtl8723au
• packages-inputmethods-PinyinIME
• sdk
• system-bluetooth
• hardware-alsa_sound
• device-asus-laptop
• device-amd-persimmon
• development
• device-dell-sparta
• device-vm-vm
• hardware-wacom-input
• libcore
• packages-apps-Browser
• packages-apps-Camera
• prebuilt
• device-motion-m1400
• device-viliv-s5
• packages-apps-Superuser
• device-asus-eeepc
• device-generic-goldfish-opengl
• external-mplayer
• external-wpa_supplicant
• frameworks-policies-base
• ndk
• packages-apps-Calendar
• packages-apps-ConnectBot
• packages-apps-Contacts
• packages-apps-DeskClock
• packages-apps-LIME
• packages-apps-Music
• packages-providers-DownloadProvider
• packages-wallpapers-Basic
• packages-wallpapers-MagicSmoke
• packages-wallpapers-MusicVisualization
• packages-providers-ImProvider
• packages-apps-AlarmClock
• packages-apps-IM
• packages-apps-Launcher
• packages-apps-SoundRecorder
• external-opencore
• vendor-intel-houdini
• vendor-samsung-q1u
• external-dhcpcd
• hardware-menlow-psb
• hardware-menlow-ioport
• push
• external-eject
• external-v86d
• external-koush-Superuser
• external-koush-Widgets
• frameworks-native
• external-libpciaccess
• external-bluetooth-bluez
• external-libtruezip
• external-stagefright-plugins
• external-ntfs-3g
• external-parted
• hardware-intel-hwcomposer
• external-mesa
• external-ffmpeg
• external-llvm
• external-libdrm
• external-e2fsprogs
• external-bluetooth-glib
• hardware-broadcom-wlan
• external-drm_gralloc
• hardware-gps
• external-busybox
• kernel
• external-alsa-lib
• external-alsa-utils
• system-vold
• frameworks-base
• frameworks-av
• external-bluetooth-sbc
• packages-apps-Trebuchet
• dalvik
• hardware-x86power
• packages-services-Analytics
• external-ppp
• packages-apps-Launcher3
• external-wpa_supplicant_8
• hardware-intel-audio_media
• hardware-intel-libsensors
• hardware-libaudio
• hardware-libcamera
• external-googleanalytics
• hardware-libhardware
• hardware-interfaces
• bootable-newinstaller
• art
• external-efivar
• hardware-memtrack
• system-connectivity-wificond
• bionic
• external-kernel-drivers
• external-drm_framebuffer
• external-exfat
• external-openssh
• external-wireless-tools
• external-mksh
• external-libffi
• external-musl-libc
• system-hardware-interfaces
• external-minigbm
• external-IA-Hardware-Composer
• external-drmfb-composer
• external-alsa-ucm-conf
• external-libncurses
• external-llvm-project
• system-linkerconfig

Spenden

Merge remote-tracking branch 'cm/cm-14.1' into cm-14.1-x86

Avoid more annoying crashing

Fix a security issue in sdp_server.cc

Bug: 169342531
Test: POC
Change-Id: I0e8cdb9a00184f62d11fb06bc30f07b2a35bc49e
(cherry picked from commit d7573f4fa9007ab7750edfc56305eea97c525cdb)

Check Classic key before cross-key derivation

Bug: 158854097
Test: atest net_test_stack_smp
Tag: #security
Ignore-AOSP-First: Security fix
Exempt-From-Owner-Approval: Already got owner approval,
but somehow it still shows no owner vote

Change-Id: Id88241324e9fb89ef14e50b52eb459a0d81c492b
(cherry picked from commit 814160abca57badda240ff606444537c9d9e02df)

Send a response to an smp security request depending on the callback event

Tag: #feature
Bug: 157038281
Test: Manual
Merged-In: Iadeb25a43b46f615b55a0dfb6e7723e5d1204351
Change-Id: Iadeb25a43b46f615b55a0dfb6e7723e5d1204351
(cherry picked from commit 1570e8de12bd994abd8ac18e80734bcbd05430d1)

Check whether local device is an ATV device to determine whether to show the consent dialog for BLE pairing in JUSTWORKS and ENCRYPTION_ONLY mode

Tag: #feature
Bug: 157038281
Test: Manual
Merged-In: I6d06f5996da71e5a1407e544b0023d82924aa56f
Change-Id: I6d06f5996da71e5a1407e544b0023d82924aa56f
(cherry picked from commit 0b4c1014f7d1b22b5e397f7eee72f0a471f90519)

Shows a consent dialog on the local device when pairing a bluetooth low energy device if the local device has a display.

Tag: #security
Bug: 157038281
Test: Manual
Merged-In: I7de396230beb84bd0fa2b0cea346523b6824472a
Change-Id: I7de396230beb84bd0fa2b0cea346523b6824472a
(cherry picked from commit b5c0bfc132b296853ba1143f34394e2719ff876d)

Return after removing sample LTK device

Return directly after calling bta_dm_remove_device to
prevent from accessing the invalid security record (p_dev_rec).

Test: Hardcode to test bond with sample key
Tag: #security
Bug: 162497143
Change-Id: Iaa59f3c415dd8066849fd70912fdb83f890229d7
(cherry picked from commit 7c86810c44ef2efd97c3e78bd77e36257a05f75b)

Fix possible OOB when receive gatt read type response data

Bug: 158833854
Bug: 158778659
Test: manual
Tag: #security

[syphyr: Backport to 14.1:
- replace log function with GATT_TRACE_ERROR]
Signed-off-by: L.W.Reek <syphyr@gmail.com>

Change-Id: I1bd8713eecebc2bc3d919402b035987e06a2d4d3
(cherry picked from commit 0eb7a763dff47d349b5cfc5821116ece5a46ffa3)

DO NOT MERGE: Remove pairing on incoming bond request

Bug: 150156492
Tag: #security
Test: Bond two devices, forget from one device and reconnect
Change-Id: I048b7b142e3fe2096cf1a9aa2931c175fa52cd45
(cherry picked from commit 13f409ad3a2423b06af7a7f1a9b06fb06c8820a7)
Merged-In: I048b7b142e3fe2096cf1a9aa2931c175fa52cd45
(cherry picked from commit 85b5df1d0dcc782ed5afc1dcf9247880416d5fbd)

Enable bitpool sanity checks

Enable bitpool sanity checks to run all the time, not just in debug
mode.

Tag: #security
Test: sbcdecoder_fuzzer
Bug: 146398979
Change-Id: Iff58305cd18de35e37290f0c09fba01ee14e787a
(cherry picked from commit 59c234a8fddda37147bb3fe1dd3b3a668828bcab)

Fix potential stack overflow caused by integer overflow

Bug: 151155194
Merged-In: I0655b0b62301f78cd8705cc7b0e4fc11522f00ca
Change-Id: I0655b0b62301f78cd8705cc7b0e4fc11522f00ca
(cherry picked from commit 1570b62c88d7c5b9c6bfe43da8cc16ea30d3e8df)

GattServcer: Check invalid offset

Test: manual
Bug: 143231677
Merged-In: I0396380f431cdb7f91c78db6de9043ea0f373dfe
Merged-In: I0ca22e7c60292d61c758120c1cd67f6e6edd8ae8
Change-Id: I0ca22e7c60292d61c758120c1cd67f6e6edd8ae8
(cherry picked from commit 30a2860ed19866159a0870c57a94ad8df0b1a683)

SDP: add return after SDP disconnection

A return is needed after sdp_disconnect(). It is the logic
expected and it prevents the use of p_ccb after it's freed.

Bug: 144177780
Bug: 117105007
Test: manual test
Change-Id: I7a64382b36adca37a8ff0c7e361d89ecdc8f3b55
(cherry picked from commit 30efc8c90a846460359a489e17e1461c725958b3)
(cherry picked from commit 5edd605227af9a1b9eedf4fd9f02373a47fd49fb)

Fix potential OOB write in btm_read_remote_ext_features_complete

Add event length check to avoid hci event sent from controller not
correct.
Add page number check to avoid page number is bigger than
HCI_EXT_FEATURES_PAGE_MAX.

Bug: 141552859
Bug: 144205318
Test: inject function
Merged-In: Iaca4db4ee9bf27362f62aba0da088727e98955d1
Change-Id: Iaca4db4ee9bf27362f62aba0da088727e98955d1
(cherry picked from commit 140d8297ace9cd54a903a9cd3a079fd805030f1e)

GAP: Correct the continuous pkt length in l2cap

L2cap continuous pkt length wrongly calculated in
reassembly logic when remote sends more data
than expected.

Wrong pkt length leading to memory corruption

Hence the Correct the continuous pkt length in
l2cap reassembly logic.

Bug: 135239489
Bug: 143894715
CRs-Fixed: 2434229
Test: make and internal testing
Change-Id: I758d9e31465b99e436b9b1841320000f08186c97
Merged-In: I758d9e31465b99e436b9b1841320000f08186c97
(cherry picked from commit 337bd4579453bd6bf98ff519de3ac1019cd30d28)
(cherry picked from commit 602f4b44fe30ec8b225e1cee5f96817607d93e5a)

fix -Wdangling-gsl

BtAddrString() returns a std::string. It's not safe to chain a call to
c_str() as otherwise the returned std::string is a temporary, and the
expression evaluates to an immediately dangling pointer.

Bug: 139945549
Bug: 142558228
Test: mm
Change-Id: I30972458abcc563b24ee0d80b289c3efd6c3e04d
Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>
(cherry picked from commit 20ed45d6339079645ef9fe576b894e9497684c93)

JustWorks: Auto-accept only incoming temporary pairing.

Bug: 110433804
Bug: 134461862
Test: Manual; atest net_test_bluetooth
Change-Id: I4e3f39bc08e9d9493734a21ea29d76e43aeb50c8
Merged-In: I4e3f39bc08e9d9493734a21ea29d76e43aeb50c8
(cherry picked from commit 10e15ee4610969b10e7558969fed8ba229d8e5a0)

SDP: Disconnect when there is a bad length

Handle the case when SDP_RAW_DATA_INCLUDED is FALSE.
Related to: I9f0df8b2de28970e7d69b737ce5d363785183bf3

Bug: 137239831
Bug: 117105007
Test: manual test
Change-Id: I354494565005f2ca9093486546fc54c145066413
Merged-In: I354494565005f2ca9093486546fc54c145066413
(cherry picked from commit e45fe0a8ec678c73c57967b69c2fd485eef92927)
(cherry picked from commit 7f555a1a9b641a8e4892a4e7a7cc1ff294d8f2b7)

Use memcpy instead of casting to convert device_class to int

Bug: 140152619
Test: atest net_test_btcoreclear
Change-Id: Iee71ce35576e438317841d41a81fda6a87e1984a
Merged-In: Iee71ce35576e438317841d41a81fda6a87e1984a
(cherry picked from commit ec75f1efb6b9be4933225a4b724e7a3ef5e3d70b)
(cherry picked from commit ecf8f751b0ef9945b1a3e3433116d7363e3a24f9)

SDP: disconnect if sdp_copy_raw_data fails

Our partners met with the problem with sdp_copy_raw_data updated in
CVE-2019-2116. When peer device responds with a wrong size,
sdp_copy_raw_data will not complete and won't trigger
disconnection. This CL enables the disconnection when a wrong size is
received.

Bug: 137239831
Bug: 117105007
Test: manual test
Change-Id: I9f0df8b2de28970e7d69b737ce5d363785183bf3
Merged-In: I9f0df8b2de28970e7d69b737ce5d363785183bf3
(cherry picked from commit bc9df3451dad17c1ab1002fdbc85d60e57d4f0af)
(cherry picked from commit 41939a2b5a8e3584c5a99dfe264a47df79e3091f)

DO NOT MERGE: btif: require pairing dialog for JustWorks SSP

Bug: 110433804
Test: Manual; atest net_test_bluetooth
Change-Id: If65a8d53ff368ba3ddddb47cfc0072469090b46a
(cherry picked from commit ddae6274742e241c03526c7659dca7b3446b9f8d)
(cherry picked from commit ee34c562b296751cd457e828c3debf38a8d35fb4)

DO NOT MERGE Store BLE keys using the address from the ble_auth_cmpl_evt

Reading the peer address from btif_dm_ble_auth_cmpl_evt, instead
of using the value from the pairing control block in
btif_dm_save_ble_bonding_keys, ensures that BLE keys are stored with
the correct address.

Bug: 133234174
Bug: 79703832
Test: 1. Initiate crosskey pairing from BLE
2. Check whether BLE keys are stored correctly
Change-Id: I18b4a1d8e2cdcd6dd4a300f1dc9e6d3892a3baff
(cherry picked from commit 0d95651e8b22b1012f1ee103e4a0b8665a0c17d4)
(cherry picked from commit b2334f05895e9926666904c41f13821210cbd6e9)

Merge remote-tracking branch 'cm/cm-14.1' into cm-14.1-x86

Merge remote-tracking branch 'x86/nougat-x86' into cm-14.1-x86

Fall back to CLOCK_BOOTTIME if CLOCK_BOOTTIME_ALARM fails

If the cuttlefish device does not have an rtc device (such as the crosvm
VMM) the bt osi layer can promote crashes due to it not being able to
create a CLOCK_BOOTTIME_ALARM timer. Bring back a fallback but enable it
at runtime instead of compile time.

Bug: 126955943
Test: run with cuttlefish
Change-Id: I3ab0282b3e8fde776aa7b37d5772c8f62cf957bf

DO NOT MERGE Fix for Bluetooth connection being dropped after HCI Read Encryption Key Size

If remote device stop the encryption before we call "Read Encryption Key Size",
we might receive Insufficient Security, which means that link is no longer
encrypted.

In such cases we should stay connected, rather than disconnecting the
link.

Test: Connect to device that stop encryption right after encryption is
complete, i.e. to change roles.
Bug: 124301137
Bug: 132626699

Change-Id: Iab0fd9f357d18a6b048b971d0393fbb47fd4d793
Merged-In: Iab0fd9f357d18a6b048b971d0393fbb47fd4d793
(cherry picked from commit c5aa5feebf558df160772fefaf271a6f3251e261)

DO NOT MERGE Send HCI Read Encryption Key properly

This patch fixes bad HCI command being send instead of Read Encryption
Key Size.

Bug: 124301137
Test: pair and connect with Bluetooth headset
Change-Id: If325ef2771ca1546ae58df7c684f66ae537b8573
(cherry picked from commit a3cc7575f9ce644a3dfceee61ab7b4b206a3982e)

DO NOT MERGE Drop Bluetooth connection with weak encryption key

This patch requires Bluetooth chip to support HCI Read Encryption Key Size
command and will cause Bluetooth to crash if this command is not supported
on a device. Such device should not take this patch and should look for
alternative solution to drop Bluetooth connection with weak encryption key.

Bug: 124301137
Change-Id: Id4b6b4e765628397a79e6806f45c2cd27acebd5b
(cherry picked from commit 027532b3678e3d50ed41270d747df5eb06bc6a8d)

Fix potential OOB read in sdpu_get_len_from_type

Add boundary check in sdpu_get_len_from_type to prevent potential OOB read.

Bug: 117105007
Test: Manul
Merged-In: I3755e13ee0a7e22ffd5f48fca909610a26b09d0a
Change-Id: I3755e13ee0a7e22ffd5f48fca909610a26b09d0a
(cherry picked from commit 1243f8da338dadfe2a3c281a08297b431402d41c)
(cherry picked from commit 4d8e1d63e1a2116c47702d38d858f5a742e8292f)