The shared memory buffer used by srcPtr can be freed by another
thread because it is not protected by a mutex. Subsequently,
a use after free AIGABRT can occur in a race condition.
SafetyNet logging is not added to avoid log spamming. The
mutex lock is called to setup for decryption, which is
called frequently.
The crash was reproduced on the device before the fix.
Verified the test passes after the fix.
Test: sts
sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Bug_176495665#testPocBug_176495665
Test: push to device with target_hwasan-userdebug build
adb shell /data/local/tmp/Bug-176495665_sts64
Bug: 176495665
Bug: 176444161
Change-Id: I3ec33cd444183f40ee76bec4c88dec0dac859cd3
There is a potential integer overflow to bypass the
destination base size check in decrypt. The destPtr
can then point to the outside of the destination buffer.
Test: sts-tradefed
sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Bug_176444622#testPocBug_176444622
Test: push to device with target_hwasan-userdebug build
adb shell /data/local/tmp/Bug-17644462264
Bug: 176444622
Bug: 176496353
Change-Id: I71b390846a17aecbb9180865e1f9538b4b464abf
There is a potential integer overflow to bypass the
source base size check in decrypt. The source pointer
can then point to the outside of the source buffer,
which could potentially leak arbitrary memory content
to destination pointer.
Test: sts-tradefed
sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Bug_176496160#testPocBug_176496160
Test: push to device with target_hwasan-userdebug build
adb shell /data/local/tmp/Bug-17649616064
Bug: 176496160
Bug: 176444786
Change-Id: I811a6f60948bde2a72906c2c6172fd7bc5feb6d9
There is a potential integer overflow to bypass the
source base size check in decrypt. The source pointer
can then point to the outside of the source buffer,
which could potentially leak arbitrary memory content
to destination pointer.
Test: sts-tradefed
sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Bug_176496160#testPocBug_176496160
Test: push to device with target_hwasan-userdebug build
adb shell /data/local/tmp/Bug-17649616064
Bug: 176496160
Bug: 176444786
Change-Id: I5ed8921cbd7120e2f3841de1ea7b73d33539838f
There is a potential integer overflow to bypass the
source base size check in decrypt. The source pointer
can then point to the outside of the source buffer,
which could potentially leak arbitrary memory content
to destination pointer.
Test: sts-tradefed
sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Bug_176496160#testPocBug_176496160
Test: push to device with target_hwasan-userdebug build
adb shell /data/local/tmp/Bug-17649616064
Bug: 176496160
Bug: 176444786
Change-Id: I811a6f60948bde2a72906c2c6172fd7bc5feb6d9
[root cause ] VtsHalWifiSupplicant first stop supplicant, but framework will restart supplicant, the test will fail, according to Partner IssueTracker 169498893, AOSP suggest to add a blocking
[changes ] add sleep(3)
[side effects]no
[self test ]:yes
[download normally]:yes
[power on/off normally]:yes
[do common repository/branch inspection]:no
[is there dependence]:no
[confirm dependent commit]:no
[board]:unisoc
[test case]:VtsHalWifiSupplicant test
[reviewers ] chao.meng
[change_type ] feature_bugfix
[tag_product ] common
Bug: 169498893
Change-Id: I7990226d346a3444f606951386e7c223fc87f98f
backport to P changes to ensure optional features are only
exercised if advertised as supported.
Bug: 73543546
Bug: 73306751
Signed-off-by: Pierre Couillaud <pierre@broadcom.com>
Change-Id: I809a3eb90dfcc8ab37fdd3e2c60e432c7a686a49
1. Docomo, Softbank, KDDI, and another Japan Operator request this.
- During operation, the mobile device confirms the presence of the ICC and performs ICC outlier detection. If ICC disconnection is detected during operation, turn off the power within 5 seconds after detection, and perform power reset operation.
2. "setSimCardPower power down"
- After "setSimCardPower power down", SIM set power down. and ME is wating for "remove sim card" event, but phsically detect pin is still connected, so "remove" event never be sent, and ME can't reboot.
3. Japan model can not "setSimCardPower power up"
After "setSimCardPower power down", Japan model prepare for rebooting.
so so VTS requests "setSimCardPower power up", they can't do this.
Signed-off-by: Jicheol Shin <jicheol.shin@lge.com>
Test: VTS
Test: runc vts -m VtsHalRadioV1_1Target -t VtsHalRadioV1_1Target#RadioHidlTest_v1_1.setSimCardPower_1_1(slot1)_32bit
Test: runc vts -m VtsHalRadioV1_1Target -t VtsHalRadioV1_1Target#RadioHidlTest_v1_1.setSimCardPower_1_1(slot1)_64bit
Bug ID : 147969063
Change-Id: I524a16d04a7783f605913fd3ead15d3c1fbbc78b
(cherry picked from commit c89fd888a9)
Both EXIF_TAG_IMAGE_WIDTH and EXIF_TAG_IMAGE_LENGTH
expect short values as per EXIF spec. Call appropriate
libexif function to avoid possible heap corruption.
Bug: 148223871
Test: Successful build
Change-Id: Ib16bf1ae8ab2093da529efe6ff0778331c3e9eb3
VTS test VtsHalGnssV1_0Target#GnssHalTest.GetAllExtensions tests that
IGnss::getEnxtensionGnssDebug returns an actual extension. Make an
exception for automotive devices.
Bug: 143966170
Test: ran VtsHalGnssV1_0Target on Volvo IHU
Change-Id: I1588099a5be704c7869d6d5e8c0312d8b498bb95
The test used to always test input stream, assuming that all devices had
built-in device on the primary Module. Nevertheless, although uncommon,
the mic could be on any module or even not exist.
This patch makes sure that the input stream tests are only run if there
is a Built-in mic on the primary module.
This patch also fixes GetMicrophonesTest to accept NOT_SUPPORTED
result.
This patch is specific for Android P. Later versions already have
these fixes.
Bug: 114303641
Test: atest VtsHalAudioV4_0TargetTest
on device with a built-in mic and on a device w/o
Change-Id: I7289724e5a73c1ffd09ca990f681844bdc8f6b3e
Non-default audio service (e.g. MSD) is allowed not to have
a "primary" device. In this case tests that require it can be
skipped.
This is Android P specific version of the change.
Bug: 139321356
Bug: 141433379
Test: vts-tradefed run commandAndExit vts -m VtsHalAudioV4_0Target
on a device with "msd" audio HAL module
Change-Id: I3b999664130013294cebd26976a1b18354926a5e
Ensures it can access /dev/uinput in Android Q, sepolicy permitting.
Bug: 142105193
Test: confirm hall sensor works again on marlin
Change-Id: I585c32d4da4bdc0917068e4d81adeca43d257e56
(cherry picked from commit 82299438b5)
Due to asynchronous nature of the destruction of server-side objects
it is required to flush IPC messages to the server and wait to avoid
flakiness due to an attempt to open the stream while it's still not
closed on the server side.
This patch is specific for Android P release.
Test: atest VtsHalAudioV4_0TargetTest
Bug: 118655804
Change-Id: I1a5ec28bce9802ec654c139153ec4aa6786474e5
The XSD has to be kept manually synced to the HAL definition. When some
formats were introduced and the corresponding enum values were added in
the HAL .hal, the XSD was not updated.
This change is for P branch only.
Test: xmllint --noout --schema hardware/interfaces/audio/4.0/config/audio_policy_configuration.xsd --xinclude out/target/product/*/vendor/etc/audio_policy_configuration.xml
Bug: 128967080
Change-Id: Iad91c510b9b908fdf5cabc46c61d7c687f1acd1e
