Merge "Track more changes to keymaster_defs.h"
diff --git a/libs/hwui/FontRenderer.cpp b/libs/hwui/FontRenderer.cpp
index 5b5b098..c1b50c1 100644
--- a/libs/hwui/FontRenderer.cpp
+++ b/libs/hwui/FontRenderer.cpp
@@ -183,6 +183,8 @@
for (uint32_t i = 0; i < mRGBACacheTextures.size(); i++) {
mRGBACacheTextures[i]->init();
}
+
+ mDrawn = false;
}
void FontRenderer::flushLargeCaches(Vector<CacheTexture*>& cacheTextures) {
diff --git a/libs/hwui/RenderBufferCache.cpp b/libs/hwui/RenderBufferCache.cpp
index 830a13a..022820b 100644
--- a/libs/hwui/RenderBufferCache.cpp
+++ b/libs/hwui/RenderBufferCache.cpp
@@ -158,6 +158,11 @@
buffer->getWidth(), buffer->getHeight());
return true;
+ } else {
+ RENDER_BUFFER_LOGD("Deleted %s render buffer (%dx%d) Size=%d, MaxSize=%d",
+ RenderBuffer::formatName(buffer->getFormat()),
+ buffer->getWidth(), buffer->getHeight(), size, mMaxSize);
+ delete buffer;
}
return false;
}
diff --git a/rs/java/android/renderscript/RenderScript.java b/rs/java/android/renderscript/RenderScript.java
index 5138719..126b8c7 100644
--- a/rs/java/android/renderscript/RenderScript.java
+++ b/rs/java/android/renderscript/RenderScript.java
@@ -16,6 +16,7 @@
package android.renderscript;
+import java.io.File;
import java.lang.reflect.Method;
import java.util.concurrent.locks.ReentrantReadWriteLock;
@@ -231,6 +232,11 @@
validate();
rsnContextSetPriority(mContext, p);
}
+ native void rsnContextSetCacheDir(long con, String cacheDir);
+ synchronized void nContextSetCacheDir(String cacheDir) {
+ validate();
+ rsnContextSetCacheDir(mContext, cacheDir);
+ }
native void rsnContextDump(long con, int bits);
synchronized void nContextDump(int bits) {
validate();
@@ -1326,6 +1332,14 @@
if (rs.mContext == 0) {
throw new RSDriverException("Failed to create RS context.");
}
+
+ // set up cache directory for entire context
+ final String CACHE_PATH = "com.android.renderscript.cache";
+ File f = new File(RenderScriptCacheDir.mCacheDir, CACHE_PATH);
+ String mCachePath = f.getAbsolutePath();
+ f.mkdirs();
+ rs.nContextSetCacheDir(mCachePath);
+
rs.mMessageThread = new MessageThread(rs);
rs.mMessageThread.start();
return rs;
diff --git a/rs/jni/android_renderscript_RenderScript.cpp b/rs/jni/android_renderscript_RenderScript.cpp
index 3591199..676d94f 100644
--- a/rs/jni/android_renderscript_RenderScript.cpp
+++ b/rs/jni/android_renderscript_RenderScript.cpp
@@ -689,6 +689,17 @@
rsContextSetPriority((RsContext)con, p);
}
+static void
+nContextSetCacheDir(JNIEnv *_env, jobject _this, jlong con, jstring cacheDir)
+{
+ AutoJavaStringToUTF8 cacheDirUTF(_env, cacheDir);
+
+ if (kLogApi) {
+ ALOGD("ContextSetCacheDir, con(%p), cacheDir(%s)", (RsContext)con, cacheDirUTF.c_str());
+ }
+ rsContextSetCacheDir((RsContext)con, cacheDirUTF.c_str(), cacheDirUTF.length());
+}
+
static void
@@ -2312,6 +2323,7 @@
{"rsnContextCreateGL", "(JIIIIIIIIIIIIFI)J", (void*)nContextCreateGL },
{"rsnContextFinish", "(J)V", (void*)nContextFinish },
{"rsnContextSetPriority", "(JI)V", (void*)nContextSetPriority },
+{"rsnContextSetCacheDir", "(JLjava/lang/String;)V", (void*)nContextSetCacheDir },
{"rsnContextSetSurface", "(JIILandroid/view/Surface;)V", (void*)nContextSetSurface },
{"rsnContextDestroy", "(J)V", (void*)nContextDestroy },
{"rsnContextDump", "(JI)V", (void*)nContextDump },
diff --git a/services/core/java/com/android/server/pm/SELinuxMMAC.java b/services/core/java/com/android/server/pm/SELinuxMMAC.java
index 95ed7bc..d517642 100644
--- a/services/core/java/com/android/server/pm/SELinuxMMAC.java
+++ b/services/core/java/com/android/server/pm/SELinuxMMAC.java
@@ -37,6 +37,7 @@
import java.util.ArrayList;
import java.util.Collections;
+import java.util.Comparator;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
@@ -55,14 +56,15 @@
*/
public final class SELinuxMMAC {
- private static final String TAG = "SELinuxMMAC";
+ static final String TAG = "SELinuxMMAC";
private static final boolean DEBUG_POLICY = false;
private static final boolean DEBUG_POLICY_INSTALL = DEBUG_POLICY || false;
+ private static final boolean DEBUG_POLICY_ORDER = DEBUG_POLICY || false;
// All policy stanzas read from mac_permissions.xml. This is also the lock
// to synchronize access during policy load and access attempts.
- private static final List<Policy> sPolicies = new ArrayList<Policy>();
+ private static List<Policy> sPolicies = new ArrayList<>();
// Data policy override version file.
private static final String DATA_VERSION_FILE =
@@ -115,17 +117,9 @@
* were loaded successfully; no partial loading is possible.
*/
public static boolean readInstallPolicy() {
- // Temp structure to hold the rules while we parse the xml file. We add
- // all the rules once we know there's no problems.
+ // Temp structure to hold the rules while we parse the xml file
List<Policy> policies = new ArrayList<>();
- // A separate structure to hold the default stanza. We need to add this to
- // the end of the policies list structure.
- Policy defaultPolicy = null;
-
- // Track sets of known policy certs so we can enforce rules across stanzas.
- Set<Set<Signature>> knownCerts = new HashSet<>();
-
FileReader policyFile = null;
XmlPullParser parser = Xml.newPullParser();
try {
@@ -141,31 +135,15 @@
continue;
}
- String tagName = parser.getName();
- if ("signer".equals(tagName)) {
- Policy signerPolicy = readSignerOrThrow(parser);
- // Return of a Policy instance ensures certain invariants have
- // passed, however, we still want to do some cross policy checking.
- // Thus, check that we haven't seen the certs in another stanza.
- Set<Signature> certs = signerPolicy.getSignatures();
- if (knownCerts.contains(certs)) {
- String msg = "Separate stanzas have identical certs";
- throw new IllegalStateException(msg);
- }
- knownCerts.add(certs);
- policies.add(signerPolicy);
- } else if ("default".equals(tagName)) {
- Policy defPolicy = readDefaultOrThrow(parser);
- // Return of a Policy instance ensures certain invariants have
- // passed, however, we still want to do some cross policy checking.
- // Thus, check that we haven't already seen a default stanza.
- if (defaultPolicy != null) {
- String msg = "Multiple default stanzas identified";
- throw new IllegalStateException(msg);
- }
- defaultPolicy = defPolicy;
- } else {
- skip(parser);
+ switch (parser.getName()) {
+ case "signer":
+ policies.add(readSignerOrThrow(parser));
+ break;
+ case "default":
+ policies.add(readDefaultOrThrow(parser));
+ break;
+ default:
+ skip(parser);
}
}
} catch (IllegalStateException | IllegalArgumentException |
@@ -185,15 +163,22 @@
IoUtils.closeQuietly(policyFile);
}
- // Add the default policy to the end if there is one. This will ensure that
- // the default stanza is consulted last when performing policy lookups.
- if (defaultPolicy != null) {
- policies.add(defaultPolicy);
+ // Now sort the policy stanzas
+ PolicyComparator policySort = new PolicyComparator();
+ Collections.sort(policies, policySort);
+ if (policySort.foundDuplicate()) {
+ Slog.w(TAG, "ERROR! Duplicate entries found parsing " + MAC_PERMISSIONS);
+ return false;
}
synchronized (sPolicies) {
- sPolicies.clear();
- sPolicies.addAll(policies);
+ sPolicies = policies;
+
+ if (DEBUG_POLICY_ORDER) {
+ for (Policy policy : sPolicies) {
+ Slog.d(TAG, "Policy: " + policy.toString());
+ }
+ }
}
return true;
@@ -497,9 +482,23 @@
* of invariants before being built and returned. Each instance can be guaranteed to
* hold one valid policy stanza as outlined in the external/sepolicy/mac_permissions.xml
* file.
- * </p>
+ * <p>
* The following is an example of how to use {@link Policy.PolicyBuilder} to create a
- * signer based Policy instance.
+ * signer based Policy instance with only inner package name refinements.
+ * </p>
+ * <pre>
+ * {@code
+ * Policy policy = new Policy.PolicyBuilder()
+ * .addSignature("308204a8...")
+ * .addSignature("483538c8...")
+ * .addInnerPackageMapOrThrow("com.foo.", "bar")
+ * .addInnerPackageMapOrThrow("com.foo.other", "bar")
+ * .build();
+ * }
+ * </pre>
+ * <p>
+ * The following is an example of how to use {@link Policy.PolicyBuilder} to create a
+ * signer based Policy instance with only a global seinfo tag.
* </p>
* <pre>
* {@code
@@ -507,20 +506,18 @@
* .addSignature("308204a8...")
* .addSignature("483538c8...")
* .setGlobalSeinfoOrThrow("paltform")
- * .addInnerPackageMapOrThrow("com.foo.", "bar")
- * .addInnerPackageMapOrThrow("com.foo.other", "bar")
* .build();
* }
* </pre>
* <p>
- * An example of how to use {@link Policy.PolicyBuilder} to create a default based Policy
- * instance.
+ * The following is an example of how to use {@link Policy.PolicyBuilder} to create a
+ * default based Policy instance.
* </p>
* <pre>
* {@code
* Policy policy = new Policy.PolicyBuilder()
* .setAsDefaultPolicy()
- * .setGlobalSeinfoOrThrow("defualt")
+ * .setGlobalSeinfoOrThrow("default")
* .build();
* }
* </pre>
@@ -551,6 +548,65 @@
}
/**
+ * Return whether this policy object represents a default stanza.
+ *
+ * @return A boolean indicating if this object represents a default policy stanza.
+ */
+ public boolean isDefaultStanza() {
+ return mDefaultStanza;
+ }
+
+ /**
+ * Return whether this policy object contains package name mapping refinements.
+ *
+ * @return A boolean indicating if this object has inner package name mappings.
+ */
+ public boolean hasInnerPackages() {
+ return !mPkgMap.isEmpty();
+ }
+
+ /**
+ * Return the mapping of all package name refinements.
+ *
+ * @return A Map object whose keys are the package names and whose values are
+ * the seinfo assignments.
+ */
+ public Map<String, String> getInnerPackages() {
+ return mPkgMap;
+ }
+
+ /**
+ * Return whether the policy object has a global seinfo tag attached.
+ *
+ * @return A boolean indicating if this stanza has a global seinfo tag.
+ */
+ public boolean hasGlobalSeinfo() {
+ return mSeinfo != null;
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder();
+ if (mDefaultStanza) {
+ sb.append("defaultStanza=true ");
+ }
+
+ for (Signature cert : mCerts) {
+ sb.append("cert=" + cert.toCharsString().substring(0, 11) + "... ");
+ }
+
+ if (mSeinfo != null) {
+ sb.append("seinfo=" + mSeinfo);
+ }
+
+ for (String name : mPkgMap.keySet()) {
+ sb.append(" " + name + "=" + mPkgMap.get(name));
+ }
+
+ return sb.toString();
+ }
+
+ /**
* <p>
* Determine the seinfo value to assign to an apk. The appropriate seinfo value
* is determined using the following steps:
@@ -623,7 +679,7 @@
}
/**
- * Sets this stanza as a defualt stanza. All policy stanzas are assumed to
+ * Sets this stanza as a default stanza. All policy stanzas are assumed to
* be signer stanzas unless this method is explicitly called. Default stanzas
* are treated differently with respect to allowable child tags, ordering and
* when and how policy decisions are enforced.
@@ -757,7 +813,7 @@
* <ul>
* <li> at least one cert must be found </li>
* <li> either a global seinfo value is present OR at least one
- * inner package mapping must be present. </li>
+ * inner package mapping must be present BUT not both. </li>
* </ul>
* </li>
* </ul>
@@ -786,9 +842,9 @@
String err = "Missing certs with signer tag. Expecting at least one.";
throw new IllegalStateException(err);
}
- if ((p.mSeinfo == null) && (p.mPkgMap.isEmpty())) {
- String err = "Missing seinfo OR package tags with signer tag. At " +
- "least one must be present.";
+ if (!(p.mSeinfo == null ^ p.mPkgMap.isEmpty())) {
+ String err = "Only seinfo tag XOR package tags are allowed within " +
+ "a signer stanza.";
throw new IllegalStateException(err);
}
}
@@ -797,3 +853,58 @@
}
}
}
+
+/**
+ * Comparision imposing an ordering on Policy objects. It is understood that Policy
+ * objects can only take one of three forms and ordered according to the following
+ * set of rules most specific to least.
+ * <ul>
+ * <li> signer stanzas with inner package mappings </li>
+ * <li> signer stanzas with global seinfo tags </li>
+ * <li> default stanza </li>
+ * </ul>
+ * This comparison also checks for duplicate entries on the input selectors. Any
+ * found duplicates will be flagged and can be checked with {@link #foundDuplicate}.
+ */
+
+final class PolicyComparator implements Comparator<Policy> {
+
+ private boolean duplicateFound = false;
+
+ public boolean foundDuplicate() {
+ return duplicateFound;
+ }
+
+ @Override
+ public int compare(Policy p1, Policy p2) {
+
+ // Give precedence to signature stanzas over default stanzas
+ if (p1.isDefaultStanza() != p2.isDefaultStanza()) {
+ return p1.isDefaultStanza() ? 1 : -1;
+ }
+
+ // Give precedence to stanzas with inner package mappings
+ if (p1.hasInnerPackages() != p2.hasInnerPackages()) {
+ return p1.hasInnerPackages() ? -1 : 1;
+ }
+
+ // Check for duplicate entries
+ if (p1.getSignatures().equals(p2.getSignatures())) {
+ // Checks if default stanza or a signer w/o inner package names
+ if (p1.hasGlobalSeinfo()) {
+ duplicateFound = true;
+ Slog.e(SELinuxMMAC.TAG, "Duplicate policy entry: " + p1.toString());
+ }
+
+ // Look for common inner package name mappings
+ final Map<String, String> p1Packages = p1.getInnerPackages();
+ final Map<String, String> p2Packages = p2.getInnerPackages();
+ if (!Collections.disjoint(p1Packages.keySet(), p2Packages.keySet())) {
+ duplicateFound = true;
+ Slog.e(SELinuxMMAC.TAG, "Duplicate policy entry: " + p1.toString());
+ }
+ }
+
+ return 0;
+ }
+}