| 0fa9328b80245e6170522bf74dbae6a33122fbcb |
|
15-Aug-2017 |
Android Build Merger (Role) <android-build-merger@google.com> |
[automerger] Fix security hole in GateKeeperResponse. am: e74cae8f7c am: b1141b6ff0 am: 1cd9e8096f am: 6dfc8d8d4d am: a3c1de7e49 am: 4acf4fabf4 am: 40317127f4 am: 159cd14334 am: 24587d57cf
Change-Id: If5cad5c0f361acda25df4d90de06821d16e689c0
|
| e74cae8f7c3e6b12f2bf2b75427ee8f5b53eca3c |
|
14-Jul-2017 |
Charles He <qiurui@google.com> |
Fix security hole in GateKeeperResponse.
GateKeeperResponse has inconsistent writeToParcel() and
createFromParcel() methods, making it possible for a malicious app to
create a Bundle that changes contents after reserialization. Such
Bundles can be used to execute Intents with system privileges.
This CL changes writeToParcel() to make serialization and
deserialization consistent, thus fixing the issue.
Bug: 62998805
Test: use the debug app (see bug)
Change-Id: Ie1c64172c454c3a4b7a0919eb3454f0e38efcd09
/frameworks/base/core/java/android/service/gatekeeper/GateKeeperResponse.java
|
| 0cbc19e4a66f7db51596b57ca91afc6f5b27f3b4 |
|
09-Dec-2016 |
Rubin Xu <rubinxu@google.com> |
Add unit tests for LockSettingsService
Add infrastructure and first sets of unit tests for LockSettingsService
Bug: 33126408
Test: runtest frameworks-services -c com.android.server.LockSettingsServiceTests
Change-Id: I4f3b7f6eaef7122f72b06bd11ce49134a093fe35
/frameworks/base/core/java/android/service/gatekeeper/GateKeeperResponse.java
|
| 2397427cb1a0bad8a42e6a342dcf29b31e40a234 |
|
15-May-2015 |
Andres Morales <anmorales@google.com> |
[LockSettings] migrate password attempt throttling to hardware
leverage root protected, cryptographically secured hardware
if available
Bug: 21118563
Change-Id: Ifa804c5a0728bfd14466eb2a84051bace6d33d57
/frameworks/base/core/java/android/service/gatekeeper/GateKeeperResponse.java
|