merge from gingerbread

Jean-Baptiste Queru · Jean-Baptiste Queru · commit d9c17cc1178b · 2010-12-09T09:11:06.000-08:00
Change-Id: I12d6ef65986db41e658bf8d476a8e18c4dd89917
diff --git a/core/java/android/provider/Downloads.java b/core/java/android/provider/Downloads.java
@@ -600,7 +600,14 @@ private Impl() {}
                 "android.permission.ACCESS_DOWNLOAD_MANAGER_ADVANCED";
 
         /**
-         * The permission to directly access the download manager's cache directory
+         * The permission to access the all the downloads in the manager.
+         */
+        public static final String PERMISSION_ACCESS_ALL =
+                "android.permission.ACCESS_ALL_DOWNLOADS";
+
+        /**
+         * The permission to directly access the download manager's cache
+         * directory
          */
         public static final String PERMISSION_CACHE = "android.permission.ACCESS_CACHE_FILESYSTEM";
 
diff --git a/core/java/com/android/internal/os/BatteryStatsImpl.java b/core/java/com/android/internal/os/BatteryStatsImpl.java
@@ -3079,13 +3079,18 @@ void writeExcessivePowerToParcelLocked(Parcel out) {
                 }
             }
 
-            void readExcessivePowerFromParcelLocked(Parcel in) {
+            boolean readExcessivePowerFromParcelLocked(Parcel in) {
                 final int N = in.readInt();
                 if (N == 0) {
                     mExcessivePower = null;
-                    return;
+                    return true;
                 }
 
+                if (N > 10000) {
+                    Slog.w(TAG, "File corrupt: too many excessive power entries " + N);
+                    return false;
+                }
+                
                 mExcessivePower = new ArrayList<ExcessivePower>();
                 for (int i=0; i<N; i++) {
                     ExcessivePower ew = new ExcessivePower();
@@ -3094,6 +3099,7 @@ void readExcessivePowerFromParcelLocked(Parcel in) {
                     ew.usedTime = in.readLong();
                     mExcessivePower.add(ew);
                 }
+                return true;
             }
 
             void writeToParcelLocked(Parcel out) {
@@ -4689,7 +4695,7 @@ private void readSummaryFromParcel(Parcel in) {
             }
             
             int NW = in.readInt();
-            if (NW > 10000) {
+            if (NW > 100) {
                 Slog.w(TAG, "File corrupt: too many wake locks " + NW);
                 return;
             }
@@ -4707,7 +4713,7 @@ private void readSummaryFromParcel(Parcel in) {
             }
 
             int NP = in.readInt();
-            if (NP > 10000) {
+            if (NP > 1000) {
                 Slog.w(TAG, "File corrupt: too many sensors " + NP);
                 return;
             }
@@ -4720,7 +4726,7 @@ private void readSummaryFromParcel(Parcel in) {
             }
 
             NP = in.readInt();
-            if (NP > 10000) {
+            if (NP > 1000) {
                 Slog.w(TAG, "File corrupt: too many processes " + NP);
                 return;
             }
@@ -4731,14 +4737,20 @@ private void readSummaryFromParcel(Parcel in) {
                 p.mSystemTime = p.mLoadedSystemTime = in.readLong();
                 p.mStarts = p.mLoadedStarts = in.readInt();
                 int NSB = in.readInt();
+                if (NSB > 100) {
+                    Slog.w(TAG, "File corrupt: too many speed bins " + NSB);
+                    return;
+                }
                 p.mSpeedBins = new SamplingCounter[NSB];
                 for (int i=0; i<NSB; i++) {
                     if (in.readInt() != 0) {
                         p.mSpeedBins[i] = new SamplingCounter(mUnpluggables);
                         p.mSpeedBins[i].readSummaryFromParcelLocked(in);
                     }
                 }
-                p.readExcessivePowerFromParcelLocked(in);
+                if (!p.readExcessivePowerFromParcelLocked(in)) {
+                    return;
+                }
             }
 
             NP = in.readInt();
@@ -4751,6 +4763,10 @@ private void readSummaryFromParcel(Parcel in) {
                 Uid.Pkg p = u.getPackageStatsLocked(pkgName);
                 p.mWakeups = p.mLoadedWakeups = in.readInt();
                 final int NS = in.readInt();
+                if (NS > 1000) {
+                    Slog.w(TAG, "File corrupt: too many services " + NS);
+                    return;
+                }
                 for (int is = 0; is < NS; is++) {
                     String servName = in.readString();
                     Uid.Pkg.Serv s = u.getServiceStatsLocked(pkgName, servName);
diff --git a/packages/DefaultContainerService/AndroidManifest.xml b/packages/DefaultContainerService/AndroidManifest.xml
@@ -1,6 +1,7 @@
 <manifest xmlns:android="http://schemas.android.com/apk/res/android"
         package="com.android.defcontainer">
     <uses-permission android:name="android.permission.ACCESS_DOWNLOAD_MANAGER"/>
+    <uses-permission android:name="android.permission.ACCESS_ALL_DOWNLOADS"/>
     <uses-permission android:name="android.permission.ASEC_ACCESS"/>
     <uses-permission android:name="android.permission.ASEC_CREATE"/>
     <uses-permission android:name="android.permission.ASEC_DESTROY"/>
