Sending transaction to freed BBinder through weak handle
can cause use of a (mostly) freed object. We need to try to
safely promote to a strong reference first.
Change-Id: Ic9c6940fa824980472e94ed2dfeca52a6b0fd342
(cherry picked from commit c11146106f94e07016e8e26e4f8628f9a0c73199)
Makes sure we don't change the memory layout of the Parcel class
to maintain binary compatibility with prebuilts linking against
libbinder.
Bug: 25004154
Change-Id: I656687497f08bb85cefda796aafa2341e601e30a
In very low framerate situations, extrapolation is generally going to
either cause no benefit or make a mistake. We can safely turn it off
with no user-visible negative impact.
BUG=https://buganizer.corp.google.com/u/0/issues/24550942
TEST=Scrolled very slowly and saw mispredictions on Angler. With change,
saw the log message that the mispredictions were suppressed.
Change-Id: Ic9747d3ff098d7918047ada2ed1c2d21282c65b0
Currently keyboard maps allow to assign character sequences to key
events and allow specifying a so-called "fallback" key events that are
re-injected into input stream if target application indicates that it
was not able to handle the original key event. Unfortunately there is no
way to perform substitution before handing the event to applicationis.
This change adds a new keymap keyword "replace" that allows users query
"replacement" actions for key (if any), with the intent that such
replacement happens early in the event handling process.
Bug: 24504154
Change-Id: I3e6a2476c856524171df00ad22ff56f2018c1278
The uninitialized local variables pick up
whatever the memory content was there on stack.
This data gets sent to the remote process in
case of a failed transaction, which is a security
issue. Fixed.
(Partial manual merge of master change
12ba0f57d028a9c8f4eb3afddc326b70677d1e0c. Rest
to automerge from klp-dev)
For b/23696300
Change-Id: I704c9fab327b3545c58e8a9a96ac542eb7469c2a
If the custom sensor requires the BODY SENSOR permission, we should add
the body sensors app op for the custom sensor
Bug: 23396558
Change-Id: I132917d1bca12c76c8a9fb146e00951cba3e6d7a
i) Use pingBinder() to check the status of sensorservice everytime an
event_queue is created. Retry to establish the binder connection if
SensorService has recovered from a runtime restart.
ii) LOG_ALWAYS_FATAL_IF getService(SensorService) returns NULL or malloc
returns NULL.
Bug: 22634472
Change-Id: I4e3912839b6f4114be1a124510878774dbd576a4
If SensorService hasn't started when SensorManager instance is requested, keep retrying for a
longer duration.
Bug: 22529981
Change-Id: I3c506d962b61347085fc80b2c5832289539d6853
If SensorService hasn't started when SensorManager instance is requested, keep retrying for a
longer duration.
Bug: 22529981
Change-Id: I4ba6b760608e34d79273aeb39568f0fa72fbaf9d
writeByteArray writes the size using sizeof(size_t), however it is always
read using readInt32(). On devices where sizeof(size_t) != 4 this causes
extra bytes to be written.
BUG: 22204736
Change-Id: I8d4507b6b616857ef5827f1fe9da0907d09abf0e
Incoming surface damage was not aware that the EGL implementation was
rotating buffers in response to SurfaceFlinger's transform hint. This
didn't affect all cases because the effect was to apply a 90 degree
rotation instead of a 270 degree rotation. For full-screen updates,
things more or less worked, but in other cases this caused corruption.
This fixes that by correctly undoing the effect of rotated buffers on
the incoming surface damage, and then passing that damage down
untouched to HWC.
Bug: 22068334
Change-Id: I226ecfc7a91fe2e16edd2aa6d9149f0d26b529d6
When appending one parcel's contents to another, ignore binder
objects within the source Parcel that appear to lie beyond the
formal bounds of that Parcel's data buffer.
Bug 17312693
Change-Id: If592a260f3fcd9a56fc160e7feb2c8b44c73f514
(cherry picked from commit 27182be9f2)
When appending one parcel's contents to another, ignore binder
objects within the source Parcel that appear to lie beyond the
formal bounds of that Parcel's data buffer.
Bug 17312693
Change-Id: If592a260f3fcd9a56fc160e7feb2c8b44c73f514
(cherry picked from commit 27182be9f2)
This allows changes to the SECURE flag to propagate down to
Layers in SurfaceFlinger so that WindowManager can change it on the fly
in response to device policy updates.
Bug: 20934462
Change-Id: I558f6d22c6273be373f1f480365e42536af18a33
When we have excess pixels that need to be removed from (for example)
the left and right sides, we currently do something like:
left += excess / 2;
right -= excess / 2;
If excess is odd, however, this removes 1 too few pixels since the odd
pixel gets rounded down twice. This changes the math to effectively:
left += excess / 2;
right -= (excess - excess / 2);
Which removes the correct total number of pixels.
Bug: 19611086
Change-Id: I8d1ad9fe7ba67c149794c148663d12acbccccef0
Make sure that we don't go haywire if an exponential buffer growth
operation winds up wrapping integer range. Along the way, fix a
bookkeeping bug in BufferedTextOutput that would cause it to keep
spuriously realloc()ing on every append().
Bug 20674694
Change-Id: Ia845b7de36b90672a151a918ffc26c7da68e20a2
We now check for fd-legality before committing binder objects to
the flattened data buffer rather than after. Previously we would
wind up corrupting the parcel and incurring driver-level errors,
as well as potentially leaking FDs.
Bug 21428802
Change-Id: Ice0d641b3dcc41fb1b8c68ce2e2ebd744c2863a1