tequilaOS/platform_hardware_interfaces
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_hardware_interfaces/drm/1.0/default
History
Edwin Wong a4e76aab23 [RESTRICT AUTOMERGE] Fix CryptoPlugin use after free vulnerability. 
The shared memory buffer used by srcPtr can be freed by another
thread because it is not protected by a mutex. Subsequently,
a use after free AIGABRT can occur in a race condition.

SafetyNet logging is not added to avoid log spamming. The
mutex lock is called to setup for decryption, which is
called frequently.

The crash was reproduced on the device before the fix.
Verified the test passes after the fix.

Test: sts
  sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Bug_176495665#testPocBug_176495665

Test: push to device with target_hwasan-userdebug build
  adb shell /data/local/tmp/Bug-176495665_sts64

Bug: 176495665
Bug: 176444161
Change-Id: I4c83c44873eef960b654f387a3574fcad49c41a9
2021-04-02 21:50:49 +00:00
..
include Fix failing drm 1.0 vts tests 2018-07-20 16:36:05 -07:00
Android.bp [RESTRICT AUTOMERGE] Fix CryptoPlugin use after free vulnerability. 2021-04-02 21:50:49 +00:00
android.hardware.drm@1.0-service-lazy.rc Add lazy service target for drm HAL 2019-01-08 09:00:23 -08:00
android.hardware.drm@1.0-service.rc Add lazy service target for drm HAL 2019-01-08 09:00:23 -08:00
Android.mk Remove libhwbinder/libhidltransport deps 2019-09-06 01:07:02 +00:00
common_default_service.mk Remove libhwbinder/libhidltransport deps 2019-09-06 01:07:02 +00:00
CryptoFactory.cpp Fix transitive includes. 2017-04-06 22:04:05 +00:00
CryptoFactory.h Build android.hardware.drm@1.0-service with BOARD_VNDK_VERSION 2017-07-03 18:16:04 +09:00
CryptoPlugin.cpp [RESTRICT AUTOMERGE] Fix CryptoPlugin use after free vulnerability. 2021-04-02 21:50:49 +00:00
CryptoPlugin.h [RESTRICT AUTOMERGE] Fix CryptoPlugin use after free vulnerability. 2021-04-02 21:50:49 +00:00
DrmFactory.cpp Fix failing drm 1.0 vts tests 2018-07-20 16:36:05 -07:00
DrmFactory.h Build android.hardware.drm@1.0-service with BOARD_VNDK_VERSION 2017-07-03 18:16:04 +09:00
DrmPlugin.cpp Add new values to KeyRequestType 2018-01-23 13:33:59 -08:00
DrmPlugin.h Revert "Fix resource leaks in drm hal" 2017-05-16 18:21:39 +00:00
LegacyPluginPath.cpp Fix failing drm 1.0 vts tests 2018-07-20 16:36:05 -07:00
LegacyPluginPath.h Add Flag for Enabling 64-bit Legacy DRM Plugins 2017-04-06 01:04:27 -07:00
OWNERS Add drm hal/vts owners 2020-01-28 13:14:09 -08:00
service.cpp Add lazy service target for drm HAL 2019-01-08 09:00:23 -08:00
serviceLazy.cpp Add lazy service target for drm HAL 2019-01-08 09:00:23 -08:00
SharedLibrary.cpp Remove dependency to libmediadrm from drm HAL 2017-06-20 12:32:28 +09:00
TypeConvert.cpp Fix CTS post submit failures 2017-03-15 20:35:37 +00:00
TypeConvert.h Reorganize drm hal modules 2017-01-20 10:48:50 -08:00