summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--core/java/android/view/TextureView.java11
-rw-r--r--core/res/AndroidManifest.xml5
-rw-r--r--media/java/android/media/MediaRecorder.java21
-rw-r--r--packages/CaptivePortalLogin/src/com/android/captiveportallogin/CaptivePortalLoginActivity.java4
-rw-r--r--services/core/java/com/android/server/ConnectivityService.java12
-rw-r--r--services/core/java/com/android/server/connectivity/PermissionMonitor.java36
-rw-r--r--services/net/java/android/net/apf/ApfFilter.java11
7 files changed, 69 insertions, 31 deletions
diff --git a/core/java/android/view/TextureView.java b/core/java/android/view/TextureView.java
index 1a712c3916db..b2e2505f5c5b 100644
--- a/core/java/android/view/TextureView.java
+++ b/core/java/android/view/TextureView.java
@@ -355,17 +355,6 @@ public class TextureView extends View {
}
}
- /**
- * @hide
- */
- @Override
- protected void destroyHardwareResources() {
- super.destroyHardwareResources();
- destroySurface();
- invalidateParentCaches();
- invalidate(true);
- }
-
HardwareLayer getHardwareLayer() {
if (mLayer == null) {
if (mAttachInfo == null || mAttachInfo.mHardwareRenderer == null) {
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index 48dfdff4fd72..ed71fc2f4a8e 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -1262,6 +1262,11 @@
<permission android:name="android.permission.CONNECTIVITY_INTERNAL"
android:protectionLevel="signature|privileged" />
+ <!-- Allows an internal user to use restricted Networks.
+ @hide -->
+ <permission android:name="android.permission.CONNECTIVITY_USE_RESTRICTED_NETWORKS"
+ android:protectionLevel="signature|privileged" />
+
<!-- Allows a system application to access hardware packet offload capabilities.
@hide -->
<permission android:name="android.permission.PACKET_KEEPALIVE_OFFLOAD"
diff --git a/media/java/android/media/MediaRecorder.java b/media/java/android/media/MediaRecorder.java
index 73485afcecff..94e894f9ce9d 100644
--- a/media/java/android/media/MediaRecorder.java
+++ b/media/java/android/media/MediaRecorder.java
@@ -746,6 +746,27 @@ public class MediaRecorder
}
/**
+ * Sets the video encoding profile for recording. Call this method before prepare().
+ * Prepare() may perform additional checks on the parameter to make sure whether the
+ * specified profile and level are applicable, and sometimes the passed profile or
+ * level will be discarded due to codec capablity or to ensure the video recording
+ * can proceed smoothly based on the capabilities of the platform.
+ * @hide
+ * @param profile declared in {@link MediaCodecInfo.CodecProfileLevel}.
+ * @param level declared in {@link MediaCodecInfo.CodecProfileLevel}.
+ */
+ public void setVideoEncodingProfileLevel(int profile, int level) {
+ if (profile <= 0) {
+ throw new IllegalArgumentException("Video encoding profile is not positive");
+ }
+ if (level <= 0) {
+ throw new IllegalArgumentException("Video encoding level is not positive");
+ }
+ setParameter("video-param-encoder-profile=" + profile);
+ setParameter("video-param-encoder-level=" + level);
+ }
+
+ /**
* Currently not implemented. It does nothing.
* @deprecated Time lapse mode video recording using camera still image capture
* is not desirable, and will not be supported.
diff --git a/packages/CaptivePortalLogin/src/com/android/captiveportallogin/CaptivePortalLoginActivity.java b/packages/CaptivePortalLogin/src/com/android/captiveportallogin/CaptivePortalLoginActivity.java
index 6fb8b518acf5..b58c87a5094d 100644
--- a/packages/CaptivePortalLogin/src/com/android/captiveportallogin/CaptivePortalLoginActivity.java
+++ b/packages/CaptivePortalLogin/src/com/android/captiveportallogin/CaptivePortalLoginActivity.java
@@ -96,7 +96,7 @@ public class CaptivePortalLoginActivity extends Activity {
// Exit app if Network disappears.
final NetworkCapabilities networkCapabilities = mCm.getNetworkCapabilities(mNetwork);
if (networkCapabilities == null) {
- finish();
+ finishAndRemoveTask();
return;
}
mNetworkCallback = new NetworkCallback() {
@@ -163,7 +163,7 @@ public class CaptivePortalLoginActivity extends Activity {
mCaptivePortal.useNetwork();
break;
}
- finish();
+ finishAndRemoveTask();
}
@Override
diff --git a/services/core/java/com/android/server/ConnectivityService.java b/services/core/java/com/android/server/ConnectivityService.java
index 051cb2d8052e..1106262ce190 100644
--- a/services/core/java/com/android/server/ConnectivityService.java
+++ b/services/core/java/com/android/server/ConnectivityService.java
@@ -1577,6 +1577,16 @@ public class ConnectivityService extends IConnectivityManager.Stub
"ConnectivityService");
}
+ private void enforceConnectivityRestrictedNetworksPermission() {
+ try {
+ mContext.enforceCallingOrSelfPermission(
+ android.Manifest.permission.CONNECTIVITY_USE_RESTRICTED_NETWORKS,
+ "ConnectivityService");
+ return;
+ } catch (SecurityException e) { /* fallback to ConnectivityInternalPermission */ }
+ enforceConnectivityInternalPermission();
+ }
+
private void enforceKeepalivePermission() {
mContext.enforceCallingOrSelfPermission(KeepaliveTracker.PERMISSION, "ConnectivityService");
}
@@ -4109,7 +4119,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
private void enforceNetworkRequestPermissions(NetworkCapabilities networkCapabilities) {
if (networkCapabilities.hasCapability(NET_CAPABILITY_NOT_RESTRICTED) == false) {
- enforceConnectivityInternalPermission();
+ enforceConnectivityRestrictedNetworksPermission();
} else {
enforceChangePermission();
}
diff --git a/services/core/java/com/android/server/connectivity/PermissionMonitor.java b/services/core/java/com/android/server/connectivity/PermissionMonitor.java
index 22cefd14d45f..7cd1b7bab99e 100644
--- a/services/core/java/com/android/server/connectivity/PermissionMonitor.java
+++ b/services/core/java/com/android/server/connectivity/PermissionMonitor.java
@@ -18,6 +18,7 @@ package com.android.server.connectivity;
import static android.Manifest.permission.CHANGE_NETWORK_STATE;
import static android.Manifest.permission.CONNECTIVITY_INTERNAL;
+import static android.Manifest.permission.CONNECTIVITY_USE_RESTRICTED_NETWORKS;
import static android.content.pm.ApplicationInfo.FLAG_SYSTEM;
import static android.content.pm.ApplicationInfo.FLAG_UPDATED_SYSTEM_APP;
import static android.content.pm.PackageManager.GET_PERMISSIONS;
@@ -65,10 +66,10 @@ public class PermissionMonitor {
private final BroadcastReceiver mIntentReceiver;
// Values are User IDs.
- private final Set<Integer> mUsers = new HashSet<Integer>();
+ private final Set<Integer> mUsers = new HashSet<>();
// Keys are App IDs. Values are true for SYSTEM permission and false for NETWORK permission.
- private final Map<Integer, Boolean> mApps = new HashMap<Integer, Boolean>();
+ private final Map<Integer, Boolean> mApps = new HashMap<>();
public PermissionMonitor(Context context, INetworkManagementService netd) {
mContext = context;
@@ -126,14 +127,14 @@ public class PermissionMonitor {
}
boolean isNetwork = hasNetworkPermission(app);
- boolean isSystem = hasSystemPermission(app);
+ boolean hasRestrictedPermission = hasRestrictedNetworkPermission(app);
- if (isNetwork || isSystem) {
+ if (isNetwork || hasRestrictedPermission) {
Boolean permission = mApps.get(uid);
// If multiple packages share a UID (cf: android:sharedUserId) and ask for different
// permissions, don't downgrade (i.e., if it's already SYSTEM, leave it as is).
if (permission == null || permission == NETWORK) {
- mApps.put(uid, isSystem);
+ mApps.put(uid, hasRestrictedPermission);
}
}
}
@@ -164,12 +165,13 @@ public class PermissionMonitor {
return hasPermission(app, CHANGE_NETWORK_STATE);
}
- private boolean hasSystemPermission(PackageInfo app) {
+ private boolean hasRestrictedNetworkPermission(PackageInfo app) {
int flags = app.applicationInfo != null ? app.applicationInfo.flags : 0;
if ((flags & FLAG_SYSTEM) != 0 || (flags & FLAG_UPDATED_SYSTEM_APP) != 0) {
return true;
}
- return hasPermission(app, CONNECTIVITY_INTERNAL);
+ return hasPermission(app, CONNECTIVITY_INTERNAL)
+ || hasPermission(app, CONNECTIVITY_USE_RESTRICTED_NETWORKS);
}
private int[] toIntArray(List<Integer> list) {
@@ -181,8 +183,8 @@ public class PermissionMonitor {
}
private void update(Set<Integer> users, Map<Integer, Boolean> apps, boolean add) {
- List<Integer> network = new ArrayList<Integer>();
- List<Integer> system = new ArrayList<Integer>();
+ List<Integer> network = new ArrayList<>();
+ List<Integer> system = new ArrayList<>();
for (Entry<Integer, Boolean> app : apps.entrySet()) {
List<Integer> list = app.getValue() ? system : network;
for (int user : users) {
@@ -209,7 +211,7 @@ public class PermissionMonitor {
}
mUsers.add(user);
- Set<Integer> users = new HashSet<Integer>();
+ Set<Integer> users = new HashSet<>();
users.add(user);
update(users, mApps, true);
}
@@ -221,7 +223,7 @@ public class PermissionMonitor {
}
mUsers.remove(user);
- Set<Integer> users = new HashSet<Integer>();
+ Set<Integer> users = new HashSet<>();
users.add(user);
update(users, mApps, false);
}
@@ -235,16 +237,16 @@ public class PermissionMonitor {
try {
PackageInfo app = mPackageManager.getPackageInfo(appName, GET_PERMISSIONS);
boolean isNetwork = hasNetworkPermission(app);
- boolean isSystem = hasSystemPermission(app);
- if (isNetwork || isSystem) {
+ boolean hasRestrictedPermission = hasRestrictedNetworkPermission(app);
+ if (isNetwork || hasRestrictedPermission) {
Boolean permission = mApps.get(appUid);
// If multiple packages share a UID (cf: android:sharedUserId) and ask for different
// permissions, don't downgrade (i.e., if it's already SYSTEM, leave it as is).
if (permission == null || permission == NETWORK) {
- mApps.put(appUid, isSystem);
+ mApps.put(appUid, hasRestrictedPermission);
- Map<Integer, Boolean> apps = new HashMap<Integer, Boolean>();
- apps.put(appUid, isSystem);
+ Map<Integer, Boolean> apps = new HashMap<>();
+ apps.put(appUid, hasRestrictedPermission);
update(mUsers, apps, true);
}
}
@@ -260,7 +262,7 @@ public class PermissionMonitor {
}
mApps.remove(appUid);
- Map<Integer, Boolean> apps = new HashMap<Integer, Boolean>();
+ Map<Integer, Boolean> apps = new HashMap<>();
apps.put(appUid, NETWORK); // doesn't matter which permission we pick here
update(mUsers, apps, false);
}
diff --git a/services/net/java/android/net/apf/ApfFilter.java b/services/net/java/android/net/apf/ApfFilter.java
index 0f812acf67bd..4bb0902f2ec0 100644
--- a/services/net/java/android/net/apf/ApfFilter.java
+++ b/services/net/java/android/net/apf/ApfFilter.java
@@ -192,6 +192,7 @@ public class ApfFilter {
private static final int ICMP6_TYPE_OFFSET = ETH_HEADER_LEN + IPV6_HEADER_LEN;
private static final int ICMP6_NEIGHBOR_ANNOUNCEMENT = 136;
+ private static final int ICMP6_ROUTER_ADVERTISEMENT = 134;
// NOTE: this must be added to the IPv4 header length in IPV4_HEADER_SIZE_MEMORY_SLOT
private static final int UDP_DESTINATION_PORT_OFFSET = ETH_HEADER_LEN + 2;
@@ -452,6 +453,16 @@ public class ApfFilter {
Ra(byte[] packet, int length) {
mPacket = ByteBuffer.wrap(Arrays.copyOf(packet, length));
mLastSeen = curTime();
+
+ // Sanity check packet in case a packet arrives before we attach RA filter
+ // to our packet socket. b/29586253
+ if (getUint16(mPacket, ETH_ETHERTYPE_OFFSET) != ETH_P_IPV6 ||
+ uint8(mPacket.get(IPV6_NEXT_HEADER_OFFSET)) != IPPROTO_ICMPV6 ||
+ uint8(mPacket.get(ICMP6_TYPE_OFFSET)) != ICMP6_ROUTER_ADVERTISEMENT) {
+ throw new IllegalArgumentException("Not an ICMP6 router advertisement");
+ }
+
+
RaEvent.Builder builder = new RaEvent.Builder();
// Ignore the checksum.
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-12-11 05:39:30 +0000