Merge tag 'android-8.1.0_r43' into staging/lineage-15.1_merge-android…

…-8.1.0_r43

Android 8.1.0 release 43

* tag 'android-8.1.0_r43': (24 commits)
  Fix DynamicRefTable::load security bug
  ResStringPool: Prevenet boot loop from se fix
  Make safe label more safe
  WM: Prevent secondary display focus while keyguard is up
  DO NOT MERGE: Add unit tests to ensure VPN meteredness
  DO NOT MERGE: Fix ConnectivityController meteredness checks
  clearCallingIdentity before calling into getPackageUidAsUser
  Nullcheck to fix Autofill CTS
  Osu: fixed Mismatch between createFromParcel and writeToParcel
  DO NOT MERGE Truncate newline and tab characters in BluetoothDevice name
  Fix broken check for TelephonyManager#getForbiddenPlmns
  DO NOT MERGE (O) Revoke permision when group changed
  ResStringPool: Fix security vulnerability
  RESTRICT AUTOMERGE: Prevent reporting fake package name - framework (backport to oc-mr1-dev)
  Use concrete CREATOR instance for parceling lists
  Rework thumbnail cleanup
  DO NOT MERGE - fix AFM.getComponentNameFromContext()
  Proper autofill fix to let phone process autofill Settings activity.
  Make sure apps cannot forge package name on AssistStructure used for Autofill.
  Fixed Security Vulnerability of DcParamObject
  ...

Change-Id: I37be2836181595f928721968cb7ffa2df312eff1

core/java/android/content/pm/PackageItemInfo.java

@@ -42,6 +42,9 @@
  */
 public class PackageItemInfo {
     private static final float MAX_LABEL_SIZE_PX = 500f;
+    /** The maximum length of a safe label, in characters */
+    private static final int MAX_SAFE_LABEL_LENGTH = 50000;
+
     /**
      * Public name of this item. From the "android:name" attribute.
      */
@@ -169,7 +172,8 @@ public CharSequence loadLabel(PackageManager pm) {
         // If the label contains new line characters it may push the UI
         // down to hide a part of it. Labels shouldn't have new line
         // characters, so just truncate at the first time one is seen.
-        final int labelLength = labelStr.length();
+        final int labelLength = Math.min(labelStr.length(), MAX_SAFE_LABEL_LENGTH);
+        final StringBuffer sb = new StringBuffer(labelLength);
         int offset = 0;
         while (offset < labelLength) {
             final int codePoint = labelStr.codePointAt(offset);
@@ -181,14 +185,19 @@ public CharSequence loadLabel(PackageManager pm) {
                 break;
             }
             // replace all non-break space to " " in order to be trimmed
+            final int charCount = Character.charCount(codePoint);
             if (type == Character.SPACE_SEPARATOR) {
-                labelStr = labelStr.substring(0, offset) + " " + labelStr.substring(offset +
-                        Character.charCount(codePoint));
+                sb.append(' ');
+            } else {
+                sb.append(labelStr.charAt(offset));
+                if (charCount == 2) {
+                    sb.append(labelStr.charAt(offset + 1));
+                }
             }
-            offset += Character.charCount(codePoint);
+            offset += charCount;
         }
 
-        labelStr = labelStr.trim();
+        labelStr = sb.toString().trim();
         if (labelStr.isEmpty()) {
             return packageName;
         }

core/java/android/net/ConnectivityManager.java

@@ -2504,6 +2504,28 @@ public boolean isActiveNetworkMetered() {
         }
     }
 
+    /**
+     * Returns if the active data network for the given UID is metered. A network
+     * is classified as metered when the user is sensitive to heavy data usage on
+     * that connection due to monetary costs, data limitations or
+     * battery/performance issues. You should check this before doing large
+     * data transfers, and warn the user or delay the operation until another
+     * network is available.
+     *
+     * @return {@code true} if large transfers should be avoided, otherwise
+     *        {@code false}.
+     *
+     * @hide
+     */
+    @RequiresPermission(android.Manifest.permission.CONNECTIVITY_INTERNAL)
+    public boolean isActiveNetworkMeteredForUid(int uid) {
+        try {
+            return mService.isActiveNetworkMeteredForUid(uid);
+        } catch (RemoteException e) {
+            throw e.rethrowFromSystemServer();
+        }
+    }
+
     /**
      * If the LockdownVpn mechanism is enabled, updates the vpn
      * with a reload of its profile.

core/java/android/net/IConnectivityManager.aidl

@@ -66,6 +66,7 @@ interface IConnectivityManager
 
     NetworkQuotaInfo getActiveNetworkQuotaInfo();
     boolean isActiveNetworkMetered();
+    boolean isActiveNetworkMeteredForUid(int uid);
 
     boolean requestRouteToHostAddress(int networkType, in byte[] hostAddress);
 

core/java/android/view/WindowManagerPolicy.java

@@ -616,6 +616,11 @@ public InputConsumer createInputConsumer(Looper looper, String name,
          */
         void notifyKeyguardTrustedChanged();
 
+        /**
+         * The keyguard showing state has changed
+         */
+        void onKeyguardShowingAndNotOccludedChanged();
+
         /**
          * Notifies the window manager that screen is being turned off.
          *

libs/androidfw/ResourceTypes.cpp

@@ -460,7 +460,7 @@ status_t ResStringPool::setTo(const void* data, size_t size, bool copyData)
 
     // The chunk must be at least the size of the string pool header.
     if (size < sizeof(ResStringPool_header)) {
-        LOG_ALWAYS_FATAL("Bad string block: data size %zu is too small to be a string block", size);
+        ALOGW("Bad string block: data size %zu is too small to be a string block", size);
         return (mError=BAD_TYPE);
     }
 
@@ -470,7 +470,7 @@ status_t ResStringPool::setTo(const void* data, size_t size, bool copyData)
     if (validate_chunk(reinterpret_cast<const ResChunk_header*>(data), sizeof(ResStringPool_header),
                        reinterpret_cast<const uint8_t*>(data) + size,
                        "ResStringPool_header") != NO_ERROR) {
-        LOG_ALWAYS_FATAL("Bad string block: malformed block dimensions");
+        ALOGW("Bad string block: malformed block dimensions");
         return (mError=BAD_TYPE);
     }
 
@@ -6581,8 +6581,16 @@ status_t ResTable::parsePackage(const ResTable_package* const pkg,
             }
 
         } else if (ctype == RES_TABLE_LIBRARY_TYPE) {
+
             if (group->dynamicRefTable.entries().size() == 0) {
-                status_t err = group->dynamicRefTable.load((const ResTable_lib_header*) chunk);
+                const ResTable_lib_header* lib = (const ResTable_lib_header*) chunk;
+                status_t err = validate_chunk(&lib->header, sizeof(*lib),
+                                              endPos, "ResTable_lib_header");
+                if (err != NO_ERROR) {
+                    return (mError=err);
+                }
+
+                err = group->dynamicRefTable.load(lib);
                 if (err != NO_ERROR) {
                     return (mError=err);
                 }

services/core/java/com/android/server/ConnectivityService.java

@@ -971,7 +971,7 @@ private Network[] getVpnUnderlyingNetworks(int uid) {
         if (!mLockdownEnabled) {
             int user = UserHandle.getUserId(uid);
             synchronized (mVpns) {
-                Vpn vpn = mVpns.get(user);
+                Vpn vpn = getVpn(user);
                 if (vpn != null && vpn.appliesToUid(uid)) {
                     return vpn.getUnderlyingNetworks();
                 }
@@ -1019,7 +1019,7 @@ private boolean isNetworkWithLinkPropertiesBlocked(LinkProperties lp, int uid,
             return false;
         }
         synchronized (mVpns) {
-            final Vpn vpn = mVpns.get(UserHandle.getUserId(uid));
+            final Vpn vpn = getVpn(UserHandle.getUserId(uid));
             if (vpn != null && vpn.isBlockingUid(uid)) {
                 return true;
             }
@@ -1096,7 +1096,7 @@ private Network getActiveNetworkForUidInternal(final int uid, boolean ignoreBloc
         final int user = UserHandle.getUserId(uid);
         int vpnNetId = NETID_UNSET;
         synchronized (mVpns) {
-            final Vpn vpn = mVpns.get(user);
+            final Vpn vpn = getVpn(user);
             if (vpn != null && vpn.appliesToUid(uid)) vpnNetId = vpn.getNetId();
         }
         NetworkAgentInfo nai;
@@ -1226,7 +1226,7 @@ public NetworkCapabilities[] getDefaultNetworkCapabilitiesForUser(int userId) {
 
         if (!mLockdownEnabled) {
             synchronized (mVpns) {
-                Vpn vpn = mVpns.get(userId);
+                Vpn vpn = getVpn(userId);
                 if (vpn != null) {
                     Network[] networks = vpn.getUnderlyingNetworks();
                     if (networks != null) {
@@ -1341,7 +1341,17 @@ public NetworkQuotaInfo getActiveNetworkQuotaInfo() {
     public boolean isActiveNetworkMetered() {
         enforceAccessPermission();
 
-        final int uid = Binder.getCallingUid();
+        return isActiveNetworkMeteredCommon(Binder.getCallingUid());
+    }
+
+    @Override
+    public boolean isActiveNetworkMeteredForUid(int uid) {
+        enforceConnectivityInternalPermission();
+
+        return isActiveNetworkMeteredCommon(uid);
+    }
+
+    private boolean isActiveNetworkMeteredCommon(int uid) {
         final NetworkCapabilities caps = getUnfilteredActiveNetworkState(uid).networkCapabilities;
         if (caps != null) {
             return !caps.hasCapability(NetworkCapabilities.NET_CAPABILITY_NOT_METERED);
@@ -3444,7 +3454,7 @@ public boolean prepareVpn(@Nullable String oldPackage, @Nullable String newPacka
         throwIfLockdownEnabled();
 
         synchronized (mVpns) {
-            Vpn vpn = mVpns.get(userId);
+            Vpn vpn = getVpn(userId);
             if (vpn != null) {
                 return vpn.prepare(oldPackage, newPackage);
             } else {
@@ -3471,7 +3481,7 @@ public void setVpnPackageAuthorization(String packageName, int userId, boolean a
         enforceCrossUserPermission(userId);
 
         synchronized (mVpns) {
-            Vpn vpn = mVpns.get(userId);
+            Vpn vpn = getVpn(userId);
             if (vpn != null) {
                 vpn.setPackageAuthorization(packageName, authorized);
             }
@@ -3490,7 +3500,7 @@ public ParcelFileDescriptor establishVpn(VpnConfig config) {
         throwIfLockdownEnabled();
         int user = UserHandle.getUserId(Binder.getCallingUid());
         synchronized (mVpns) {
-            return mVpns.get(user).establish(config);
+            return getVpn(user).establish(config);
         }
     }
 
@@ -3507,7 +3517,7 @@ public void startLegacyVpn(VpnProfile profile) {
         }
         int user = UserHandle.getUserId(Binder.getCallingUid());
         synchronized (mVpns) {
-            mVpns.get(user).startLegacyVpn(profile, mKeyStore, egress);
+            getVpn(user).startLegacyVpn(profile, mKeyStore, egress);
         }
     }
 
@@ -3521,7 +3531,7 @@ public LegacyVpnInfo getLegacyVpnInfo(int userId) {
         enforceCrossUserPermission(userId);
 
         synchronized (mVpns) {
-            return mVpns.get(userId).getLegacyVpnInfo();
+            return getVpn(userId).getLegacyVpnInfo();
         }
     }
 
@@ -3585,7 +3595,7 @@ private VpnInfo createVpnInfo(Vpn vpn) {
     public VpnConfig getVpnConfig(int userId) {
         enforceCrossUserPermission(userId);
         synchronized (mVpns) {
-            Vpn vpn = mVpns.get(userId);
+            Vpn vpn = getVpn(userId);
             if (vpn != null) {
                 return vpn.getVpnConfig();
             } else {
@@ -3619,7 +3629,7 @@ public boolean updateLockdownVpn() {
             }
             int user = UserHandle.getUserId(Binder.getCallingUid());
             synchronized (mVpns) {
-                Vpn vpn = mVpns.get(user);
+                Vpn vpn = getVpn(user);
                 if (vpn == null) {
                     Slog.w(TAG, "VPN for user " + user + " not ready yet. Skipping lockdown");
                     return false;
@@ -3666,7 +3676,7 @@ private void throwIfLockdownEnabled() {
      */
     private boolean startAlwaysOnVpn(int userId) {
         synchronized (mVpns) {
-            Vpn vpn = mVpns.get(userId);
+            Vpn vpn = getVpn(userId);
             if (vpn == null) {
                 // Shouldn't happen as all codepaths that point here should have checked the Vpn
                 // exists already.
@@ -3684,7 +3694,7 @@ public boolean isAlwaysOnVpnPackageSupported(int userId, String packageName) {
         enforceCrossUserPermission(userId);
 
         synchronized (mVpns) {
-            Vpn vpn = mVpns.get(userId);
+            Vpn vpn = getVpn(userId);
             if (vpn == null) {
                 Slog.w(TAG, "User " + userId + " has no Vpn configuration");
                 return false;
@@ -3704,7 +3714,7 @@ public boolean setAlwaysOnVpnPackage(int userId, String packageName, boolean loc
         }
 
         synchronized (mVpns) {
-            Vpn vpn = mVpns.get(userId);
+            Vpn vpn = getVpn(userId);
             if (vpn == null) {
                 Slog.w(TAG, "User " + userId + " has no Vpn configuration");
                 return false;
@@ -3726,7 +3736,7 @@ public String getAlwaysOnVpnPackage(int userId) {
         enforceCrossUserPermission(userId);
 
         synchronized (mVpns) {
-            Vpn vpn = mVpns.get(userId);
+            Vpn vpn = getVpn(userId);
             if (vpn == null) {
                 Slog.w(TAG, "User " + userId + " has no Vpn configuration");
                 return null;
@@ -3872,22 +3882,38 @@ public void setAirplaneMode(boolean enable) {
 
     private void onUserStart(int userId) {
         synchronized (mVpns) {
-            Vpn userVpn = mVpns.get(userId);
+            Vpn userVpn = getVpn(userId);
             if (userVpn != null) {
                 loge("Starting user already has a VPN");
                 return;
             }
             userVpn = new Vpn(mHandler.getLooper(), mContext, mNetd, userId);
-            mVpns.put(userId, userVpn);
+            setVpn(userId, userVpn);
         }
         if (mUserManager.getUserInfo(userId).isPrimary() && LockdownVpnTracker.isEnabled()) {
             updateLockdownVpn();
         }
     }
 
+    /** @hide */
+    @VisibleForTesting
+    Vpn getVpn(int userId) {
+        synchronized (mVpns) {
+            return mVpns.get(userId);
+        }
+    }
+
+    /** @hide */
+    @VisibleForTesting
+    void setVpn(int userId, Vpn userVpn) {
+        synchronized (mVpns) {
+            mVpns.put(userId, userVpn);
+        }
+    }
+
     private void onUserStop(int userId) {
         synchronized (mVpns) {
-            Vpn userVpn = mVpns.get(userId);
+            Vpn userVpn = getVpn(userId);
             if (userVpn == null) {
                 loge("Stopped user has no VPN");
                 return;
@@ -5461,7 +5487,7 @@ public boolean addVpnAddress(String address, int prefixLength) {
         throwIfLockdownEnabled();
         int user = UserHandle.getUserId(Binder.getCallingUid());
         synchronized (mVpns) {
-            return mVpns.get(user).addAddress(address, prefixLength);
+            return getVpn(user).addAddress(address, prefixLength);
         }
     }
 
@@ -5470,7 +5496,7 @@ public boolean removeVpnAddress(String address, int prefixLength) {
         throwIfLockdownEnabled();
         int user = UserHandle.getUserId(Binder.getCallingUid());
         synchronized (mVpns) {
-            return mVpns.get(user).removeAddress(address, prefixLength);
+            return getVpn(user).removeAddress(address, prefixLength);
         }
     }
 
@@ -5480,7 +5506,7 @@ public boolean setUnderlyingNetworksForVpn(Network[] networks) {
         int user = UserHandle.getUserId(Binder.getCallingUid());
         boolean success;
         synchronized (mVpns) {
-            success = mVpns.get(user).setUnderlyingNetworks(networks);
+            success = getVpn(user).setUnderlyingNetworks(networks);
         }
         if (success) {
             notifyIfacesChangedForNetworkStats();

services/core/java/com/android/server/job/controllers/ConnectivityController.java

@@ -112,10 +112,8 @@ private boolean updateConstraintsSatisfied(JobStatus jobStatus) {
         final boolean connected = (info != null) && info.isConnected();
         final boolean connectionUsable = connected && validated;
 
-        final boolean metered = connected && (capabilities != null)
-                && !capabilities.hasCapability(NetworkCapabilities.NET_CAPABILITY_NOT_METERED);
-        final boolean unmetered = connected && (capabilities != null)
-                && capabilities.hasCapability(NetworkCapabilities.NET_CAPABILITY_NOT_METERED);
+        final boolean metered = connected && mConnManager.isActiveNetworkMeteredForUid(jobUid);
+        final boolean unmetered = connected && !mConnManager.isActiveNetworkMeteredForUid(jobUid);
         final boolean notRoaming = connected && (info != null)
                 && !info.isRoaming();
 

services/core/java/com/android/server/policy/PhoneWindowManager.java

@@ -2414,6 +2414,11 @@ public void onAppTransitionCancelledLocked(int transit) {
                     public void onTrustedChanged() {
                         mWindowManagerFuncs.notifyKeyguardTrustedChanged();
                     }
+
+                    @Override
+                    public void onShowingChanged() {
+                        mWindowManagerFuncs.onKeyguardShowingAndNotOccludedChanged();
+                    }
                 });
 
         final Resources res = mContext.getResources();

services/core/java/com/android/server/policy/keyguard/KeyguardStateMonitor.java

@@ -86,6 +86,8 @@ public boolean hasLockscreenWallpaper() {
     @Override // Binder interface
     public void onShowingStateChanged(boolean showing) {
         mIsShowing = showing;
+
+        mCallback.onShowingChanged();
     }
 
     @Override // Binder interface
@@ -119,6 +121,7 @@ public void onHasLockscreenWallpaperChanged(boolean hasLockscreenWallpaper) {
 
     public interface StateCallback {
         void onTrustedChanged();
+        void onShowingChanged();
     }
 
     public void dump(String prefix, PrintWriter pw) {