mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-28 08:59:40 -05:00
Cherrypicks and CVE-2019-2306 patching
This commit is contained in:
parent
e557ca3710
commit
42b94605f8
@ -0,0 +1,52 @@
|
||||
From c2dd39ba6cca75e0a0582f61f784a9432d47ec65 Mon Sep 17 00:00:00 2001
|
||||
From: Subash Chander <subash@codeaurora.org>
|
||||
Date: Thu, 24 Jan 2019 15:33:57 +0530
|
||||
Subject: [PATCH] Gralloc: Validate buffer parameters during importBuffer call
|
||||
|
||||
Validate buffer parameters like numInts, numFds, version etc of buffer
|
||||
handle while importing the buffer
|
||||
|
||||
CRs-Fixed: 2337383
|
||||
Change-Id: Ia1cb1cf05d845b5ef5b2feb476c2c924fa3bbf17
|
||||
Signed-off-by: Subash Chander <subash@codeaurora.org>
|
||||
---
|
||||
libgralloc/gralloc_priv.h | 18 +++++++++---------
|
||||
1 file changed, 9 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/libgralloc/gralloc_priv.h b/libgralloc/gralloc_priv.h
|
||||
index a2c71a420..53c1c056e 100644
|
||||
--- a/libgralloc/gralloc_priv.h
|
||||
+++ b/libgralloc/gralloc_priv.h
|
||||
@@ -1,6 +1,6 @@
|
||||
/*
|
||||
* Copyright (C) 2008 The Android Open Source Project
|
||||
- * Copyright (c) 2011-2014, The Linux Foundation. All rights reserved.
|
||||
+ * Copyright (c) 2011-2014, 2019 The Linux Foundation. All rights reserved.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -257,16 +257,16 @@ struct private_handle_t : public native_handle {
|
||||
static int validate(const native_handle* h) {
|
||||
const private_handle_t* hnd = (const private_handle_t*)h;
|
||||
if (!h || h->version != sizeof(native_handle) ||
|
||||
- h->numInts != sNumInts || h->numFds != sNumFds ||
|
||||
- hnd->magic != sMagic)
|
||||
- {
|
||||
+ h->numInts != sNumInts || h->numFds != sNumFds) {
|
||||
ALOGD("Invalid gralloc handle (at %p): "
|
||||
- "ver(%d/%zu) ints(%d/%d) fds(%d/%d)"
|
||||
- "magic(%c%c%c%c/%c%c%c%c)",
|
||||
- h,
|
||||
- h ? h->version : -1, sizeof(native_handle),
|
||||
+ "ver(%d/%zu) ints(%d/%d) fds(%d/%d)",
|
||||
+ h, h ? h->version : -1, sizeof(native_handle),
|
||||
h ? h->numInts : -1, sNumInts,
|
||||
- h ? h->numFds : -1, sNumFds,
|
||||
+ h ? h->numFds : -1, sNumFds);
|
||||
+ return -EINVAL;
|
||||
+ }
|
||||
+ if (hnd->magic != sMagic) {
|
||||
+ ALOGD("magic(%c%c%c%c/%c%c%c%c)",
|
||||
hnd ? (((hnd->magic >> 24) & 0xFF)?
|
||||
((hnd->magic >> 24) & 0xFF) : '-') : '?',
|
||||
hnd ? (((hnd->magic >> 16) & 0xFF)?
|
@ -0,0 +1,52 @@
|
||||
From 69876c188bfc98081a46423f1285ff9dbee39e00 Mon Sep 17 00:00:00 2001
|
||||
From: Subash Chander <subash@codeaurora.org>
|
||||
Date: Thu, 24 Jan 2019 15:33:57 +0530
|
||||
Subject: [PATCH] Gralloc: Validate buffer parameters during importBuffer call
|
||||
|
||||
Validate buffer parameters like numInts, numFds, version etc of buffer
|
||||
handle while importing the buffer
|
||||
|
||||
CRs-Fixed: 2337383
|
||||
Change-Id: Ia1cb1cf05d845b5ef5b2feb476c2c924fa3bbf17
|
||||
Signed-off-by: Subash Chander <subash@codeaurora.org>
|
||||
---
|
||||
libgralloc/gralloc_priv.h | 18 +++++++++---------
|
||||
1 file changed, 9 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/libgralloc/gralloc_priv.h b/libgralloc/gralloc_priv.h
|
||||
index a2c71a420..53c1c056e 100644
|
||||
--- a/libgralloc/gralloc_priv.h
|
||||
+++ b/libgralloc/gralloc_priv.h
|
||||
@@ -1,6 +1,6 @@
|
||||
/*
|
||||
* Copyright (C) 2008 The Android Open Source Project
|
||||
- * Copyright (c) 2011-2014, The Linux Foundation. All rights reserved.
|
||||
+ * Copyright (c) 2011-2014, 2019 The Linux Foundation. All rights reserved.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -257,16 +257,16 @@ struct private_handle_t : public native_handle {
|
||||
static int validate(const native_handle* h) {
|
||||
const private_handle_t* hnd = (const private_handle_t*)h;
|
||||
if (!h || h->version != sizeof(native_handle) ||
|
||||
- h->numInts != sNumInts || h->numFds != sNumFds ||
|
||||
- hnd->magic != sMagic)
|
||||
- {
|
||||
+ h->numInts != sNumInts || h->numFds != sNumFds) {
|
||||
ALOGD("Invalid gralloc handle (at %p): "
|
||||
- "ver(%d/%zu) ints(%d/%d) fds(%d/%d)"
|
||||
- "magic(%c%c%c%c/%c%c%c%c)",
|
||||
- h,
|
||||
- h ? h->version : -1, sizeof(native_handle),
|
||||
+ "ver(%d/%zu) ints(%d/%d) fds(%d/%d)",
|
||||
+ h, h ? h->version : -1, sizeof(native_handle),
|
||||
h ? h->numInts : -1, sNumInts,
|
||||
- h ? h->numFds : -1, sNumFds,
|
||||
+ h ? h->numFds : -1, sNumFds);
|
||||
+ return -EINVAL;
|
||||
+ }
|
||||
+ if (hnd->magic != sMagic) {
|
||||
+ ALOGD("magic(%c%c%c%c/%c%c%c%c)",
|
||||
hnd ? (((hnd->magic >> 24) & 0xFF)?
|
||||
((hnd->magic >> 24) & 0xFF) : '-') : '?',
|
||||
hnd ? (((hnd->magic >> 16) & 0xFF)?
|
@ -0,0 +1,52 @@
|
||||
From 2facb060edd926529c0da4a6c653ca48d1904fca Mon Sep 17 00:00:00 2001
|
||||
From: Subash Chander <subash@codeaurora.org>
|
||||
Date: Thu, 24 Jan 2019 15:33:57 +0530
|
||||
Subject: [PATCH] Gralloc: Validate buffer parameters during importBuffer call
|
||||
|
||||
Validate buffer parameters like numInts, numFds, version etc of buffer
|
||||
handle while importing the buffer
|
||||
|
||||
CRs-Fixed: 2337383
|
||||
Change-Id: Ia1cb1cf05d845b5ef5b2feb476c2c924fa3bbf17
|
||||
Signed-off-by: Subash Chander <subash@codeaurora.org>
|
||||
---
|
||||
libgralloc/gralloc_priv.h | 18 +++++++++---------
|
||||
1 file changed, 9 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/libgralloc/gralloc_priv.h b/libgralloc/gralloc_priv.h
|
||||
index f13a3d179..66c72713e 100644
|
||||
--- a/libgralloc/gralloc_priv.h
|
||||
+++ b/libgralloc/gralloc_priv.h
|
||||
@@ -1,6 +1,6 @@
|
||||
/*
|
||||
* Copyright (C) 2008 The Android Open Source Project
|
||||
- * Copyright (c) 2011-2014, The Linux Foundation. All rights reserved.
|
||||
+ * Copyright (c) 2011-2014, 2019 The Linux Foundation. All rights reserved.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -266,16 +266,16 @@ struct private_handle_t : public native_handle {
|
||||
static int validate(const native_handle* h) {
|
||||
const private_handle_t* hnd = (const private_handle_t*)h;
|
||||
if (!h || h->version != sizeof(native_handle) ||
|
||||
- h->numInts != sNumInts() || h->numFds != sNumFds ||
|
||||
- hnd->magic != sMagic)
|
||||
- {
|
||||
+ h->numInts != sNumInts() || h->numFds != sNumFds) {
|
||||
ALOGD("Invalid gralloc handle (at %p): "
|
||||
- "ver(%d/%zu) ints(%d/%d) fds(%d/%d)"
|
||||
- "magic(%c%c%c%c/%c%c%c%c)",
|
||||
- h,
|
||||
- h ? h->version : -1, sizeof(native_handle),
|
||||
+ "ver(%d/%zu) ints(%d/%d) fds(%d/%d)",
|
||||
+ h, h ? h->version : -1, sizeof(native_handle),
|
||||
h ? h->numInts : -1, sNumInts(),
|
||||
- h ? h->numFds : -1, sNumFds,
|
||||
+ h ? h->numFds : -1, sNumFds);
|
||||
+ return -EINVAL;
|
||||
+ }
|
||||
+ if (hnd->magic != sMagic) {
|
||||
+ ALOGD("magic(%c%c%c%c/%c%c%c%c)",
|
||||
hnd ? (((hnd->magic >> 24) & 0xFF)?
|
||||
((hnd->magic >> 24) & 0xFF) : '-') : '?',
|
||||
hnd ? (((hnd->magic >> 16) & 0xFF)?
|
@ -0,0 +1,52 @@
|
||||
From 156bf96e589f40654249da8804786cd7da4646bd Mon Sep 17 00:00:00 2001
|
||||
From: Subash Chander <subash@codeaurora.org>
|
||||
Date: Thu, 24 Jan 2019 15:33:57 +0530
|
||||
Subject: [PATCH] Gralloc: Validate buffer parameters during importBuffer call
|
||||
|
||||
Validate buffer parameters like numInts, numFds, version etc of buffer
|
||||
handle while importing the buffer
|
||||
|
||||
CRs-Fixed: 2337383
|
||||
Change-Id: Ia1cb1cf05d845b5ef5b2feb476c2c924fa3bbf17
|
||||
Signed-off-by: Subash Chander <subash@codeaurora.org>
|
||||
---
|
||||
libgralloc/gralloc_priv.h | 18 +++++++++---------
|
||||
1 file changed, 9 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/libgralloc/gralloc_priv.h b/libgralloc/gralloc_priv.h
|
||||
index 026d5c01a..d20e146cf 100755
|
||||
--- a/libgralloc/gralloc_priv.h
|
||||
+++ b/libgralloc/gralloc_priv.h
|
||||
@@ -1,6 +1,6 @@
|
||||
/*
|
||||
* Copyright (C) 2008 The Android Open Source Project
|
||||
- * Copyright (c) 2011-2015, The Linux Foundation. All rights reserved.
|
||||
+ * Copyright (c) 2011-2015, 2019 The Linux Foundation. All rights reserved.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -270,16 +270,16 @@ struct private_handle_t : public native_handle {
|
||||
static int validate(const native_handle* h) {
|
||||
const private_handle_t* hnd = (const private_handle_t*)h;
|
||||
if (!h || h->version != sizeof(native_handle) ||
|
||||
- h->numInts != sNumInts() || h->numFds != sNumFds ||
|
||||
- hnd->magic != sMagic)
|
||||
- {
|
||||
+ h->numInts != sNumInts() || h->numFds != sNumFds) {
|
||||
ALOGD("Invalid gralloc handle (at %p): "
|
||||
- "ver(%d/%zu) ints(%d/%d) fds(%d/%d)"
|
||||
- "magic(%c%c%c%c/%c%c%c%c)",
|
||||
- h,
|
||||
- h ? h->version : -1, sizeof(native_handle),
|
||||
+ "ver(%d/%zu) ints(%d/%d) fds(%d/%d)",
|
||||
+ h, h ? h->version : -1, sizeof(native_handle),
|
||||
h ? h->numInts : -1, sNumInts(),
|
||||
- h ? h->numFds : -1, sNumFds,
|
||||
+ h ? h->numFds : -1, sNumFds);
|
||||
+ return -EINVAL;
|
||||
+ }
|
||||
+ if (hnd->magic != sMagic) {
|
||||
+ ALOGD("magic(%c%c%c%c/%c%c%c%c)",
|
||||
hnd ? (((hnd->magic >> 24) & 0xFF)?
|
||||
((hnd->magic >> 24) & 0xFF) : '-') : '?',
|
||||
hnd ? (((hnd->magic >> 16) & 0xFF)?
|
@ -0,0 +1,51 @@
|
||||
From d3ed71555814de17fc7d1a9f8a8a1f2af5c21c08 Mon Sep 17 00:00:00 2001
|
||||
From: Subash Chander <subash@codeaurora.org>
|
||||
Date: Thu, 24 Jan 2019 15:33:57 +0530
|
||||
Subject: [PATCH] Gralloc: Validate buffer parameters during importBuffer call
|
||||
|
||||
Validate buffer parameters like numInts, numFds, version etc of buffer
|
||||
handle while importing the buffer
|
||||
|
||||
CRs-Fixed: 2337383
|
||||
Change-Id: Ia1cb1cf05d845b5ef5b2feb476c2c924fa3bbf17
|
||||
Signed-off-by: Subash Chander <subash@codeaurora.org>
|
||||
---
|
||||
libgralloc/gralloc_priv.h | 17 +++++++++--------
|
||||
1 file changed, 9 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/libgralloc/gralloc_priv.h b/libgralloc/gralloc_priv.h
|
||||
index 323cc7ac3..99d6b0f96 100644
|
||||
--- a/libgralloc/gralloc_priv.h
|
||||
+++ b/libgralloc/gralloc_priv.h
|
||||
@@ -1,6 +1,6 @@
|
||||
/*
|
||||
* Copyright (C) 2008 The Android Open Source Project
|
||||
- * Copyright (c) 2011-2013, The Linux Foundation. All rights reserved.
|
||||
+ * Copyright (c) 2011-2013, 2019 The Linux Foundation. All rights reserved.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -227,15 +227,16 @@ struct private_handle_t : public native_handle {
|
||||
static int validate(const native_handle* h) {
|
||||
const private_handle_t* hnd = (const private_handle_t*)h;
|
||||
if (!h || h->version != sizeof(native_handle) ||
|
||||
- h->numInts != sNumInts || h->numFds != sNumFds ||
|
||||
- hnd->magic != sMagic)
|
||||
- {
|
||||
+ h->numInts != sNumInts || h->numFds != sNumFds) {
|
||||
ALOGD("Invalid gralloc handle (at %p): "
|
||||
- "ver(%d/%d) ints(%d/%d) fds(%d/%d) magic(%c%c%c%c/%c%c%c%c)",
|
||||
- h,
|
||||
- h ? h->version : -1, sizeof(native_handle),
|
||||
+ "ver(%d/%zu) ints(%d/%d) fds(%d/%d)",
|
||||
+ h, h ? h->version : -1, sizeof(native_handle),
|
||||
h ? h->numInts : -1, sNumInts,
|
||||
- h ? h->numFds : -1, sNumFds,
|
||||
+ h ? h->numFds : -1, sNumFds);
|
||||
+ return -EINVAL;
|
||||
+ }
|
||||
+ if (hnd->magic != sMagic) {
|
||||
+ ALOGD("magic(%c%c%c%c/%c%c%c%c)",
|
||||
hnd ? (((hnd->magic >> 24) & 0xFF)?
|
||||
((hnd->magic >> 24) & 0xFF) : '-') : '?',
|
||||
hnd ? (((hnd->magic >> 16) & 0xFF)?
|
@ -0,0 +1,51 @@
|
||||
From dea61e5f9e37af2341e0f43db3b853c2309cb572 Mon Sep 17 00:00:00 2001
|
||||
From: Subash Chander <subash@codeaurora.org>
|
||||
Date: Thu, 24 Jan 2019 15:33:57 +0530
|
||||
Subject: [PATCH] Gralloc: Validate buffer parameters during importBuffer call
|
||||
|
||||
Validate buffer parameters like numInts, numFds, version etc of buffer
|
||||
handle while importing the buffer
|
||||
|
||||
CRs-Fixed: 2337383
|
||||
Change-Id: Ia1cb1cf05d845b5ef5b2feb476c2c924fa3bbf17
|
||||
Signed-off-by: Subash Chander <subash@codeaurora.org>
|
||||
---
|
||||
libgralloc/gralloc_priv.h | 17 +++++++++--------
|
||||
1 file changed, 9 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/libgralloc/gralloc_priv.h b/libgralloc/gralloc_priv.h
|
||||
index 7a021c6c5..cd7b350c1 100644
|
||||
--- a/libgralloc/gralloc_priv.h
|
||||
+++ b/libgralloc/gralloc_priv.h
|
||||
@@ -1,6 +1,6 @@
|
||||
/*
|
||||
* Copyright (C) 2008 The Android Open Source Project
|
||||
- * Copyright (c) 2011-2013, The Linux Foundation. All rights reserved.
|
||||
+ * Copyright (c) 2011-2013, 2019 The Linux Foundation. All rights reserved.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -215,15 +215,16 @@ struct private_handle_t : public native_handle {
|
||||
static int validate(const native_handle* h) {
|
||||
const private_handle_t* hnd = (const private_handle_t*)h;
|
||||
if (!h || h->version != sizeof(native_handle) ||
|
||||
- h->numInts != sNumInts || h->numFds != sNumFds ||
|
||||
- hnd->magic != sMagic)
|
||||
- {
|
||||
+ h->numInts != sNumInts || h->numFds != sNumFds) {
|
||||
ALOGD("Invalid gralloc handle (at %p): "
|
||||
- "ver(%d/%d) ints(%d/%d) fds(%d/%d) magic(%c%c%c%c/%c%c%c%c)",
|
||||
- h,
|
||||
- h ? h->version : -1, sizeof(native_handle),
|
||||
+ "ver(%d/%zu) ints(%d/%d) fds(%d/%d)",
|
||||
+ h, h ? h->version : -1, sizeof(native_handle),
|
||||
h ? h->numInts : -1, sNumInts,
|
||||
- h ? h->numFds : -1, sNumFds,
|
||||
+ h ? h->numFds : -1, sNumFds);
|
||||
+ return -EINVAL;
|
||||
+ }
|
||||
+ if (hnd->magic != sMagic) {
|
||||
+ ALOGD("magic(%c%c%c%c/%c%c%c%c)",
|
||||
hnd ? (((hnd->magic >> 24) & 0xFF)?
|
||||
((hnd->magic >> 24) & 0xFF) : '-') : '?',
|
||||
hnd ? (((hnd->magic >> 16) & 0xFF)?
|
@ -0,0 +1,52 @@
|
||||
From e03048729ee817b0769ba883e94f2c1e744842de Mon Sep 17 00:00:00 2001
|
||||
From: Subash Chander <subash@codeaurora.org>
|
||||
Date: Thu, 24 Jan 2019 15:33:57 +0530
|
||||
Subject: [PATCH] Gralloc: Validate buffer parameters during importBuffer call
|
||||
|
||||
Validate buffer parameters like numInts, numFds, version etc of buffer
|
||||
handle while importing the buffer
|
||||
|
||||
CRs-Fixed: 2337383
|
||||
Change-Id: Ia1cb1cf05d845b5ef5b2feb476c2c924fa3bbf17
|
||||
Signed-off-by: Subash Chander <subash@codeaurora.org>
|
||||
---
|
||||
libgralloc/gralloc_priv.h | 18 +++++++++---------
|
||||
1 file changed, 9 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/libgralloc/gralloc_priv.h b/libgralloc/gralloc_priv.h
|
||||
index 0080230f6..609ad68d0 100755
|
||||
--- a/libgralloc/gralloc_priv.h
|
||||
+++ b/libgralloc/gralloc_priv.h
|
||||
@@ -1,6 +1,6 @@
|
||||
/*
|
||||
* Copyright (C) 2008 The Android Open Source Project
|
||||
- * Copyright (c) 2011-2015, The Linux Foundation. All rights reserved.
|
||||
+ * Copyright (c) 2011-2015, 2019 The Linux Foundation. All rights reserved.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -261,16 +261,16 @@ struct private_handle_t : public native_handle {
|
||||
static int validate(const native_handle* h) {
|
||||
const private_handle_t* hnd = (const private_handle_t*)h;
|
||||
if (!h || h->version != sizeof(native_handle) ||
|
||||
- h->numInts != sNumInts() || h->numFds != sNumFds ||
|
||||
- hnd->magic != sMagic)
|
||||
- {
|
||||
+ h->numInts != sNumInts() || h->numFds != sNumFds) {
|
||||
ALOGD("Invalid gralloc handle (at %p): "
|
||||
- "ver(%d/%zu) ints(%d/%d) fds(%d/%d)"
|
||||
- "magic(%c%c%c%c/%c%c%c%c)",
|
||||
- h,
|
||||
- h ? h->version : -1, sizeof(native_handle),
|
||||
+ "ver(%d/%zu) ints(%d/%d) fds(%d/%d)",
|
||||
+ h, h ? h->version : -1, sizeof(native_handle),
|
||||
h ? h->numInts : -1, sNumInts(),
|
||||
- h ? h->numFds : -1, sNumFds,
|
||||
+ h ? h->numFds : -1, sNumFds);
|
||||
+ return -EINVAL;
|
||||
+ }
|
||||
+ if (hnd->magic != sMagic) {
|
||||
+ ALOGD("magic(%c%c%c%c/%c%c%c%c)",
|
||||
hnd ? (((hnd->magic >> 24) & 0xFF)?
|
||||
((hnd->magic >> 24) & 0xFF) : '-') : '?',
|
||||
hnd ? (((hnd->magic >> 16) & 0xFF)?
|
@ -0,0 +1,68 @@
|
||||
From 4c333adc34682eb156c33b9c9a59a54e1a72d931 Mon Sep 17 00:00:00 2001
|
||||
From: Ramkumar Radhakrishnan <ramkumar@codeaurora.org>
|
||||
Date: Thu, 20 Sep 2018 13:17:36 -0700
|
||||
Subject: [PATCH] Gralloc: Validate buffer parameters during importBuffer call
|
||||
|
||||
Validate buffer parameters like numInts, numFds, version etc of buffer
|
||||
handle while importing the buffer
|
||||
|
||||
Change-Id: Ia1cb1cf05d845b5ef5b2feb476c2c924fa3bbf17
|
||||
CRs-Fixed: 2337383
|
||||
---
|
||||
gralloc/gr_buf_mgr.cpp | 6 +++++-
|
||||
gralloc/gr_priv_handle.h | 14 ++++++++------
|
||||
2 files changed, 13 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/gralloc/gr_buf_mgr.cpp b/gralloc/gr_buf_mgr.cpp
|
||||
index af0018a93..f3c96c999 100644
|
||||
--- a/gralloc/gr_buf_mgr.cpp
|
||||
+++ b/gralloc/gr_buf_mgr.cpp
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
- * Copyright (c) 2011-2018 The Linux Foundation. All rights reserved.
|
||||
+ * Copyright (c) 2011-2019 The Linux Foundation. All rights reserved.
|
||||
* Not a Contribution
|
||||
*
|
||||
* Copyright (C) 2010 The Android Open Source Project
|
||||
@@ -227,6 +227,10 @@ void BufferManager::RegisterHandleLocked(const private_handle_t *hnd,
|
||||
}
|
||||
|
||||
gralloc1_error_t BufferManager::ImportHandleLocked(private_handle_t *hnd) {
|
||||
+ if (private_handle_t::validate(hnd) != 0) {
|
||||
+ ALOGE("ImportHandleLocked: Invalid handle: %p", hnd);
|
||||
+ return GRALLOC1_ERROR_BAD_HANDLE;
|
||||
+ }
|
||||
ALOGD_IF(DEBUG, "Importing handle:%p id: %" PRIu64, hnd, hnd->id);
|
||||
int ion_handle = allocator_->ImportBuffer(hnd->fd);
|
||||
if (ion_handle < 0) {
|
||||
diff --git a/gralloc/gr_priv_handle.h b/gralloc/gr_priv_handle.h
|
||||
index e4b521c95..2acb16cc4 100644
|
||||
--- a/gralloc/gr_priv_handle.h
|
||||
+++ b/gralloc/gr_priv_handle.h
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
- * Copyright (c) 2011-2018, The Linux Foundation. All rights reserved.
|
||||
+ * Copyright (c) 2011-2019, The Linux Foundation. All rights reserved.
|
||||
* Not a Contribution
|
||||
*
|
||||
* Copyright (C) 2008 The Android Open Source Project
|
||||
@@ -154,12 +154,14 @@ struct private_handle_t {
|
||||
static int validate(const native_handle *h) {
|
||||
const private_handle_t *hnd = (const private_handle_t *)h;
|
||||
if (!h || h->version != sizeof(native_handle) || h->numInts != NumInts() ||
|
||||
- h->numFds != kNumFds || hnd->magic != kMagic) {
|
||||
- ALOGE(
|
||||
- "Invalid gralloc handle (at %p): ver(%d/%zu) ints(%d/%d) fds(%d/%d) "
|
||||
- "magic(%c%c%c%c/%c%c%c%c)",
|
||||
+ h->numFds != kNumFds) {
|
||||
+ ALOGE("Invalid gralloc handle (at %p): ver(%d/%zu) ints(%d/%d) fds(%d/%d) ",
|
||||
h, h ? h->version : -1, sizeof(native_handle), h ? h->numInts : -1, NumInts(),
|
||||
- h ? h->numFds : -1, kNumFds,
|
||||
+ h ? h->numFds : -1, kNumFds);
|
||||
+ return -EINVAL;
|
||||
+ }
|
||||
+ if (hnd->magic != kMagic) {
|
||||
+ ALOGE("magic(%c%c%c%c/%c%c%c%c)",
|
||||
hnd ? (((hnd->magic >> 24) & 0xFF) ? ((hnd->magic >> 24) & 0xFF) : '-') : '?',
|
||||
hnd ? (((hnd->magic >> 16) & 0xFF) ? ((hnd->magic >> 16) & 0xFF) : '-') : '?',
|
||||
hnd ? (((hnd->magic >> 8) & 0xFF) ? ((hnd->magic >> 8) & 0xFF) : '-') : '?',
|
@ -0,0 +1,68 @@
|
||||
From 63a4f959f0062a618ee0f513f3f05964b9f054d0 Mon Sep 17 00:00:00 2001
|
||||
From: Ramkumar Radhakrishnan <ramkumar@codeaurora.org>
|
||||
Date: Thu, 20 Sep 2018 13:17:36 -0700
|
||||
Subject: [PATCH] Gralloc: Validate buffer parameters during importBuffer call
|
||||
|
||||
Validate buffer parameters like numInts, numFds, version etc of buffer
|
||||
handle while importing the buffer
|
||||
|
||||
Change-Id: Ia1cb1cf05d845b5ef5b2feb476c2c924fa3bbf17
|
||||
CRs-Fixed: 2337383
|
||||
---
|
||||
gralloc/gr_buf_mgr.cpp | 6 +++++-
|
||||
gralloc/gr_priv_handle.h | 14 ++++++++------
|
||||
2 files changed, 13 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/gralloc/gr_buf_mgr.cpp b/gralloc/gr_buf_mgr.cpp
|
||||
index af0018a93..f3c96c999 100644
|
||||
--- a/gralloc/gr_buf_mgr.cpp
|
||||
+++ b/gralloc/gr_buf_mgr.cpp
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
- * Copyright (c) 2011-2018 The Linux Foundation. All rights reserved.
|
||||
+ * Copyright (c) 2011-2019 The Linux Foundation. All rights reserved.
|
||||
* Not a Contribution
|
||||
*
|
||||
* Copyright (C) 2010 The Android Open Source Project
|
||||
@@ -227,6 +227,10 @@ void BufferManager::RegisterHandleLocked(const private_handle_t *hnd,
|
||||
}
|
||||
|
||||
gralloc1_error_t BufferManager::ImportHandleLocked(private_handle_t *hnd) {
|
||||
+ if (private_handle_t::validate(hnd) != 0) {
|
||||
+ ALOGE("ImportHandleLocked: Invalid handle: %p", hnd);
|
||||
+ return GRALLOC1_ERROR_BAD_HANDLE;
|
||||
+ }
|
||||
ALOGD_IF(DEBUG, "Importing handle:%p id: %" PRIu64, hnd, hnd->id);
|
||||
int ion_handle = allocator_->ImportBuffer(hnd->fd);
|
||||
if (ion_handle < 0) {
|
||||
diff --git a/gralloc/gr_priv_handle.h b/gralloc/gr_priv_handle.h
|
||||
index e4b521c95..2acb16cc4 100644
|
||||
--- a/gralloc/gr_priv_handle.h
|
||||
+++ b/gralloc/gr_priv_handle.h
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
- * Copyright (c) 2011-2018, The Linux Foundation. All rights reserved.
|
||||
+ * Copyright (c) 2011-2019, The Linux Foundation. All rights reserved.
|
||||
* Not a Contribution
|
||||
*
|
||||
* Copyright (C) 2008 The Android Open Source Project
|
||||
@@ -154,12 +154,14 @@ struct private_handle_t {
|
||||
static int validate(const native_handle *h) {
|
||||
const private_handle_t *hnd = (const private_handle_t *)h;
|
||||
if (!h || h->version != sizeof(native_handle) || h->numInts != NumInts() ||
|
||||
- h->numFds != kNumFds || hnd->magic != kMagic) {
|
||||
- ALOGE(
|
||||
- "Invalid gralloc handle (at %p): ver(%d/%zu) ints(%d/%d) fds(%d/%d) "
|
||||
- "magic(%c%c%c%c/%c%c%c%c)",
|
||||
+ h->numFds != kNumFds) {
|
||||
+ ALOGE("Invalid gralloc handle (at %p): ver(%d/%zu) ints(%d/%d) fds(%d/%d) ",
|
||||
h, h ? h->version : -1, sizeof(native_handle), h ? h->numInts : -1, NumInts(),
|
||||
- h ? h->numFds : -1, kNumFds,
|
||||
+ h ? h->numFds : -1, kNumFds);
|
||||
+ return -EINVAL;
|
||||
+ }
|
||||
+ if (hnd->magic != kMagic) {
|
||||
+ ALOGE("magic(%c%c%c%c/%c%c%c%c)",
|
||||
hnd ? (((hnd->magic >> 24) & 0xFF) ? ((hnd->magic >> 24) & 0xFF) : '-') : '?',
|
||||
hnd ? (((hnd->magic >> 16) & 0xFF) ? ((hnd->magic >> 16) & 0xFF) : '-') : '?',
|
||||
hnd ? (((hnd->magic >> 8) & 0xFF) ? ((hnd->magic >> 8) & 0xFF) : '-') : '?',
|
@ -120,7 +120,7 @@ patchWorkspace() {
|
||||
source build/envsetup.sh;
|
||||
repopick -it n_asb_09-2018-qcom;
|
||||
#repopick -it bt-sbc-hd-dualchannel-nougat;
|
||||
repopick -it ibss-mode-nougat;
|
||||
repopick -it n-asb-2021-01;
|
||||
|
||||
export DOS_GRAPHENE_MALLOC=false; #patches apply, compile fails
|
||||
|
||||
|
@ -122,6 +122,32 @@ enterAndClear "hardware/ti/wlan";
|
||||
git apply "$DOS_PATCHES/android_hardware_ti_wlan/209209.patch"; #wl12xx: Update SR and MR firmwares versions
|
||||
git apply "$DOS_PATCHES/android_hardware_ti_wlan/209210.patch"; #wl12xx: Update SR PLT firmwares
|
||||
|
||||
enterAndClear "hardware/qcom/display";
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8084.patch" --directory msm8084;
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8916.patch" --directory msm8226;
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8960.patch" --directory msm8960;
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8974.patch" --directory msm8974;
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8994.patch" --directory msm8994;
|
||||
#missing msm8909, msm8996, msm8998
|
||||
|
||||
enterAndClear "hardware/qcom/display-caf/apq8084";
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-apq8084.patch";
|
||||
|
||||
enterAndClear "hardware/qcom/display-caf/msm8916";
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8916.patch";
|
||||
|
||||
enterAndClear "hardware/qcom/display-caf/msm8952";
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8952.patch";
|
||||
|
||||
enterAndClear "hardware/qcom/display-caf/msm8960";
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8960.patch";
|
||||
|
||||
enterAndClear "hardware/qcom/display-caf/msm8974";
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8974.patch";
|
||||
|
||||
enterAndClear "hardware/qcom/display-caf/msm8994";
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8994.patch";
|
||||
|
||||
enterAndClear "hardware/qcom/gps";
|
||||
git apply "$DOS_PATCHES/android_hardware_qcom_gps/0001-rollover.patch"; #fix week rollover
|
||||
|
||||
|
@ -81,7 +81,6 @@ buildAll() {
|
||||
buildDevice d855;
|
||||
buildDevice FP2;
|
||||
buildDevice ham;
|
||||
|
||||
buildDevice klte;
|
||||
buildDevice m8;
|
||||
buildDevice victara;
|
||||
@ -111,7 +110,8 @@ export -f buildAll;
|
||||
patchWorkspace() {
|
||||
if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi;
|
||||
|
||||
#source build/envsetup.sh;
|
||||
source build/envsetup.sh;
|
||||
repopick -it O_asb_2021-01;
|
||||
|
||||
export DOS_GRAPHENE_MALLOC=false; #patches apply, compile fails
|
||||
|
||||
|
@ -104,6 +104,9 @@ if [ "$DOS_MICROG_INCLUDED" != "FULL" ]; then rm -rf packages/CompanionDeviceMan
|
||||
rm -rf packages/Osu packages/Osu2; #Automatic Wi-Fi connection non-sense
|
||||
rm -rf packages/PrintRecommendationService; #Creates popups to install proprietary print apps
|
||||
|
||||
enterAndClear "frameworks/minikin";
|
||||
git pull "https://github.com/LineageOS/android_frameworks_minikin" refs/changes/11/300511/1; #O_asb_2021-01
|
||||
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then
|
||||
enterAndClear "frameworks/opt/net/ims";
|
||||
patch -p1 < "$DOS_PATCHES/android_frameworks_opt_net_ims/0001-Fix_Calling.patch"; #Fix calling when IMS is removed
|
||||
@ -117,6 +120,32 @@ awk -i inplace '!/mPermissionReviewRequired = Build.PERMISSIONS_REVIEW_REQUIRED/
|
||||
awk -i inplace '!/\|\| context.getResources\(\).getBoolean\(/' service/java/com/android/server/wifi/WifiServiceImpl.java;
|
||||
awk -i inplace '!/com.android.internal.R.bool.config_permissionReviewRequired/' service/java/com/android/server/wifi/WifiServiceImpl.java;
|
||||
|
||||
enterAndClear "hardware/qcom/display";
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8084.patch" --directory msm8084;
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8916.patch" --directory msm8226;
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8960.patch" --directory msm8960;
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8974.patch" --directory msm8974;
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8994.patch" --directory msm8994;
|
||||
#TODO: missing msm8909, msm8996, msm8998, sdm845
|
||||
|
||||
enterAndClear "hardware/qcom/display-caf/apq8084";
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-apq8084.patch";
|
||||
|
||||
enterAndClear "hardware/qcom/display-caf/msm8916";
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8916.patch";
|
||||
|
||||
enterAndClear "hardware/qcom/display-caf/msm8952";
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8952.patch";
|
||||
|
||||
enterAndClear "hardware/qcom/display-caf/msm8960";
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8960.patch";
|
||||
|
||||
enterAndClear "hardware/qcom/display-caf/msm8974";
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8974.patch";
|
||||
|
||||
enterAndClear "hardware/qcom/display-caf/msm8994";
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8994.patch";
|
||||
|
||||
enterAndClear "hardware/qcom/gps";
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_gps/0001-rollover.patch"; #fix week rollover
|
||||
|
||||
|
@ -132,7 +132,6 @@ patchWorkspace() {
|
||||
repopick -it hh-p-sepolicy;
|
||||
repopick -i 232948; #wahoo: liblight: close fd
|
||||
#repopick -it pie-firewall;
|
||||
#repopick -it CVE-2019-2306_P;
|
||||
repopick -it P_asb_2021-01;
|
||||
|
||||
source "$DOS_SCRIPTS/Patch.sh";
|
||||
|
@ -117,6 +117,38 @@ enterAndClear "frameworks/opt/net/ims";
|
||||
patch -p1 < "$DOS_PATCHES/android_frameworks_opt_net_ims/0001-Fix_Calling.patch"; #Fix calling when IMS is removed
|
||||
fi
|
||||
|
||||
enterAndClear "hardware/qcom/display";
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8084.patch" --directory msm8084;
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8916.patch" --directory msm8226;
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8960.patch" --directory msm8960;
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8974.patch" --directory msm8974;
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8994.patch" --directory msm8994;
|
||||
#TODO: missing msm8909, msm8996, msm8998, sdm845, sdm8150
|
||||
|
||||
enterAndClear "hardware/qcom/display-caf/apq8084";
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-apq8084.patch";
|
||||
|
||||
enterAndClear "hardware/qcom/display-caf/msm8916";
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8916.patch";
|
||||
|
||||
enterAndClear "hardware/qcom/display-caf/msm8952";
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8952.patch";
|
||||
|
||||
enterAndClear "hardware/qcom/display-caf/msm8960";
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8960.patch";
|
||||
|
||||
enterAndClear "hardware/qcom/display-caf/msm8974";
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8974.patch";
|
||||
|
||||
enterAndClear "hardware/qcom/display-caf/msm8994";
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8994.patch";
|
||||
|
||||
enterAndClear "hardware/qcom/display-caf/msm8996";
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8996.patch";
|
||||
|
||||
enterAndClear "hardware/qcom/display-caf/msm8998";
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8998.patch";
|
||||
|
||||
if enter "kernel/wireguard"; then
|
||||
if [ "$DOS_WIREGUARD_INCLUDED" = false ]; then rm Android.mk; fi;
|
||||
#Remove system information from HTTP requests
|
||||
|
@ -128,7 +128,6 @@ patchWorkspace() {
|
||||
source build/envsetup.sh;
|
||||
repopick -i 271361; #releasetools: python3 fix, 287339 (alt)
|
||||
#repopick -it ten-firewall;
|
||||
#repopick -it CVE-2019-2306;
|
||||
repopick -it Q_asb_2021-01;
|
||||
|
||||
source "$DOS_SCRIPTS/Patch.sh";
|
||||
|
@ -116,6 +116,29 @@ enterAndClear "frameworks/opt/net/ims";
|
||||
patch -p1 < "$DOS_PATCHES/android_frameworks_opt_net_ims/0001-Fix_Calling.patch"; #Fix calling when IMS is removed
|
||||
fi
|
||||
|
||||
enterAndClear "hardware/qcom/display";
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8084.patch" --directory msm8084;
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8916.patch" --directory msm8226;
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8960.patch" --directory msm8960;
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8974.patch" --directory msm8974;
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8994.patch" --directory msm8994;
|
||||
#TODO: missing msm8909, msm8996, msm8998, sdm845, sdm8150
|
||||
|
||||
enterAndClear "hardware/qcom-caf/apq8084/display";
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-apq8084.patch";
|
||||
|
||||
enterAndClear "hardware/qcomcaf/msm8952/display";
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8952.patch";
|
||||
|
||||
enterAndClear "hardware/qcomy-caf/msm8960/display";
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8960.patch";
|
||||
|
||||
enterAndClear "hardware/qcom-caf/msm8974/display";
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8974.patch";
|
||||
|
||||
enterAndClear "hardware/qcom-caf/msm8994/display";
|
||||
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8994.patch";
|
||||
|
||||
enterAndClear "hardware/qcom-caf/msm8996/audio";
|
||||
patch -p1 < "$DOS_PATCHES/android_hardware_qcom_audio/0001-Unused-8996.patch"; #audio_extn: Fix unused parameter warning in utils.c
|
||||
|
||||
@ -223,7 +246,6 @@ enterAndClear "device/asus/flox";
|
||||
git revert --no-edit f638a192cbef0045b6235fdd8fe28ee500ff7527; #conflict
|
||||
compressRamdisks;
|
||||
rm -rf bdAddrLoader; #duplicate with mako
|
||||
echo "/dev/block/platform/msm_sdcc\.1/by-name/misc u:object_r:misc_block_device:s0" >> sepolicy/file_contexts;
|
||||
|
||||
#enterAndClear "device/cyanogen/msm8916-common";
|
||||
#awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' BoardConfigCommon.mk; #broken releasetools
|
||||
|
Loading…
Reference in New Issue
Block a user