| Age | Commit message (Collapse) | Author |
|---|
|
Test: treehugger
Change-Id: Idc8e95b7710f049ffd55e1a52e3f975c88fbd331
|
|
Fix rmi4utils Android build.
|
|
Added SPDX-license-identifier-Apache-2.0 to:
Android.bp
f54test/Android.bp
rmi4update/Android.bp
rmidevice/Android.bp
rmihidtool/Android.bp
Bug: 68860345
Bug: 151177513
Bug: 151953481
Test: m all
Exempt-From-Owner-Approval: janitorial work
Change-Id: Ibcb25a1902d4bb9150aeb05bc5e801f370a3ae5c
|
|
and also need backward compatible.
|
|
before parsing necessary information be run for touch screen only.
|
|
Android's libc doesn't have the GNU versionsort extension.
|
|
|
|
|
|
See build/soong/README.md for more information.
Test: cd external/rmi4utils; mma
Change-Id: I774bef8e463aafa523b0ac4698d07e8aba74cc37
|
|
|
|
|
|
This reverts commit 580f8ec5c0280afb812e0eaa4643388a128b0eb7.
|
|
|
|
all pending inotifyt events
|
|
product ids
|
|
* Suppress existing warnings.
Bug: 66996870
Test: build with WITH_TIDY=1
Change-Id: I2ad78f07782ca824db01e23e1309bcde34420e8e
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Based on changes from Leon Tu.
|
|
|
|
The /dev/hidrawX device may not exist immediately after writing to
the bind file. This change checks to see if it exists before attempting
to reopen the device.
(cherry picked from commit 8336b9c19bbf2adad93a4e193cd9258cf3fc7d0d)
Signed-off-by: Benson Leung <bleung@google.com>
Bug: 24809436
Change-Id: I02a662a2fc38e93df32190c03f35a1db3640f451
|
|
The /dev/hidrawX device may not exist immediately after writing to
the bind file. This change checks to see if it exists before attempting
to reopen the device.
|
|
Write was returning the size of an output report since that is
what the the lower level write is returning. On success HIDDevice::Write
should return the number of bytes actual data which is what the caller
cares about.
|
|
|
|
expect
Make sure that the bytes in the report do no exceed the bytes which were
requested or that the bytes exceed the bytes remaining in the buffer.
|
|
Addresses security concern:
All users of Read and Write fail to check for return value being equal
to desired write size (only look for <0, not a size >= 0 but less than
expected). This can lead to all kinds of corruption or overflows.
|
|
Addresses security concern:
WriteDeviceNameToFile does not check buffer lengths, and uses a fixed
size of 19, though this is likely safe due to how the kernel builds the
/sys tree entries. Also fails to check return code of "close".
|
|
Haven't tested split reads.
Addresses security concern:
HIDDevice::GetReport does not correctly handle split reads (count is
used at the end as if it were the total size of bytes read, which it
isn't), which could lead to communication corruption and data content
confusion (m_attnData and m_readData could have partially updated
contents). It's unlikely the hidraw interface could be tricked into
doing split reads, but I haven't tested it.
|
|
Addresses security concern:
HIDDevice::Read contains potential past-end-of-buffer write (and
read) when presented with a malicious/corrupt device report
(m_readData[HID_RMI4_READ_INPUT_COUNT] is not compared against the
remaining buf size. It asks nicely for no more than what would fit, but
the value in m_readData is HID device controlled, but isn't checked
against the actual size of the incoming buffer)
|
|
Addresses security concern:
HIDDevice::ParseReportSizes contains potential past-end-of-buffer reads
when presented with a malicious/corrupt device descriptor (++i and i +
1, i + 2 array indexes don't validate they're less than m_rptDesc.size).
|
|
Addresses Security concerns:
HIDDevice::Open does not validate minimum sizes for m_*ReportSize, which
could lead to past-end-of-buffer writes when using m_*Report arrays.
HIDDevice::GetAttentionReport does not correctly validate the size of
the m_attnData buffer vs the buf len. This is a past-end-of-buffer read
condition. I don't understand the point of reading bytes-many bytes but
returning *len set to the valid size of bytes in the buffer.
|
|
To avoid compilation warning
|
|
|
|
|
|
In some cases during firmware update the size of the input reports can change
this commit allows for the unbinding and rebinding of the transport HID device to force
a reload of the HID descriptors so that the new size if read by the HID transport
drivers.
|
|
|
|
attention report queue
Simplify GetReport and only have it read a single report and let the functions which call it decide
if they have gotten the data which they are looking for. Also, remove in the HIDDevice attention
report queue since reports are queued in the kernel so queueing in userspace is unnecessary.
|
|
|
|
|
|
optional endPage parameter is set
|
|
|
