Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / b7773ce8751b424b824cdd1e78a95520d124734c
commitb7773ce8751b424b824cdd1e78a95520d124734c[log] [tgz]
authorSeigo Nonaka <nona@google.com>Thu Jun 22 08:22:18 2017 -0700
committerNeil Fuller <nfuller@google.com>Fri Jun 23 10:02:59 2017 +0000
treeb936e55c5ca46cd71cbece78d8c265a723d9755e
parent58ad534db862cbf573e09f8d8109c29440fb7b52 [diff]
Stop loading other package's font by default.

Since CONTEXT_RESTRICTED is not a default flag of createPackageContext,
we can't rely on it for preventing unexpected font injections.
To protect developers and existing apps from a risk of font injection,
stop loading font from other package's resouce unless the developer
explicitly set CONTEXT_IGNORE_SECURITY.

Bug: 62813533
Bug: 62879353
Test: Manually done
Merged-In: I4442ddc48dadb5c968b444be86038b602074d301
Change-Id: I4442ddc48dadb5c968b444be86038b602074d301
(cherry picked from commit 6d6cd68660635d670b0cb17f348b7c1da13704b3)
5 files changed
tree: b936e55c5ca46cd71cbece78d8c265a723d9755e
  1. apct-tests/
  2. api/
  3. cmds/
  4. core/
  5. data/
  6. docs/
  7. drm/
  8. graphics/
  9. keystore/
  10. legacy-test/
  11. libs/
  12. location/
  13. lowpan/
  14. media/
  15. native/
  16. nfc-extras/
  17. obex/
  18. opengl/
  19. packages/
  20. proto/
  21. rs/
  22. samples/
  23. sax/
  24. services/
  25. telecomm/
  26. telephony/
  27. test-runner/
  28. tests/
  29. tools/
  30. vr/
  31. wifi/
  32. Android.bp
  33. Android.mk
  34. CleanSpec.mk
  35. compiled-classes-phone
  36. MODULE_LICENSE_APACHE2
  37. NOTICE
  38. pathmap.mk
  39. preloaded-classes
  40. PREUPLOAD.cfg