Android Nougat AOSP Changes

Changes from 7.0.0_r1 (NRD90M) to 7.0.0_r12 (NBD90W):

Warning Releases with no significant changes other than version bump in platform/build component are likely to only feature proprietary binary blob (e.g. firmwares) changes.

Newly Added Components (0):

None

Removed Components (0):

None

Updated Components (26):

  • device/google/dragon-kernel with 3 change(s)
    • fa4bb86 : ryu: update prebuilt kernel
    • 81857a3 : ryu: update prebuilt kernel
    • e94ed10 : ryu: update prebuilt kernel

  • device/htc/flounder-kernel with 3 change(s)
    • b03bbc5 : flounder: update kernel prebuilt (Oct 2016 Security)
    • 1a7eaf4 : flounder: update kernel prebuilt (Oct 2016 Security)
    • ab837c3 : flounder: update kernel prebuilt

  • device/huawei/angler with 1 change(s)
    • ce2bbf0 : media: update media_codecs_performance.xml

  • device/moto/shamu with 2 change(s)
    • e655ce7 : Path fix for backend connection to FE upon call disconnection
    • d2117b6 : shamu: Set default values for audio HAL.

  • platform/art with 1 change(s)
    • 7300ad4 : Pass the right class loader when inlining.

  • platform/build with 20 change(s)
    • 18da38c : NBD90W
    • 2b41208 : Update comments around PLATFORM_SECURITY_LEVEL (nyc-dev) Bug: 29881091
    • d6c83b7 : Update Security String to 2016-10-05 to Platform and CTS for October Security Updates (rebased)
    • baa9303 : Update Security String to 2016-10-01 to platform and CTS for October Security
    • 80fbf8c : NBD90V
    • a178721 : Update comments around PLATFORM_SECURITY_LEVEL (nyc-dev) Bug: 29881091
    • 7c44cd2 : Update Security String to 2016-10-05 to Platform and CTS for October Security Updates (rebased)
    • 7c98a41 : Update Security String to 2016-10-01 to platform and CTS for October Security
    • e802356 : NBD90U
    • 79c7788 : NBD90T
    • 740f963 : Fix build prefix to avoid duplicate build registries
    • a576db2 : "NRD90S"
    • 8aafa4c : "NRD90R"
    • b960cf8 : Update Security String to 2016-09-06 to platform and CTS for September Security (+Quadrooter,-PZ)
    • 98295db : "NRD90Q"
    • 580a30e : "NRD90P"
    • abb6d47 : Update Security String to 2016-09-07 to platform and CTS for September respin
    • d010e75 : "NRD90O"
    • 8ac0be7 : NRD90N
    • 732492b : Updating security string to 2016-09-05 to platform and CTS in preparation for 2016 September OTA on mnc-dev

  • platform/external/icu with 3 change(s)
    • 64801af : Changed Turkish translation for Cyprus, cts tests
    • 745f26a : Changed Turkish translation for Cyprus, generated binaries
    • 649ea10 : Changed Turkish translation for Cyprus, source only

  • platform/external/jhead with 1 change(s)
    • 2f16b77 : Fix possible out of bounds accesses

  • platform/external/skia with 1 change(s)
    • 30ae072 : Fix rewinding bug in SkJpegCodec (cherry picked from Skia)

  • platform/frameworks/av with 26 change(s)
    • 3f1c6d1 : MediaPlayerService: allow next player to be NULL
    • 6b9e494 : AudioFlinger: Account for frames dropped in suspend mode
    • 60a3e68 : AudioFlinger: Prevent offload underrun during active playback
    • c4c6ccc : Fix build breakage caused by commit 940829f69b52d6038db66a9c727534636ecc456d.
    • 97cbb2d : Add EFFECT_CMD_SET_PARAM parameter checking
    • f19f97e : soundtrigger: add size check on sound model and recogntion data
    • 24f0663 : MediaPlayerService: avoid invalid static cast
    • c4ff129 : better validation lengths of strings in ID3 tags
    • 3717882 : SoftMPEG4: Check the buffer size before writing the reference frame.
    • f62a2b6 : MediaPlayerService: allow next player to be NULL
    • 28055a7 : Fix build breakage caused by commit 940829f69b52d6038db66a9c727534636ecc456d.
    • d705d85 : Add EFFECT_CMD_SET_PARAM parameter checking
    • 84c6abf : soundtrigger: add size check on sound model and recogntion data
    • 11833ac : MediaPlayerService: avoid invalid static cast
    • 23bc140 : better validation lengths of strings in ID3 tags
    • 2d1f61f : SoftMPEG4: Check the buffer size before writing the reference frame.
    • 1e98017 : omx: prevent input port enable/disable for software codecs
    • c17ad2f : Fix build
    • 3c4edac : Fix build
    • 3944c65 : Add bound checks to utf16_to_utf8
    • 9f9ba25 : fix build
    • 630ed15 : SoftVPX: fix nFilledLen overflow
    • 68f67ef : Fix corruption via buffer overflow in mediaserver
    • c2639af : SoftMP3: memset safely
    • 119a012 : stagefright: fix possible stack overflow in AVCC reassemble
    • 8a74b92 : Impose a size bound for dynamically allocated tables in stbl.

  • platform/frameworks/base with 32 change(s)
    • b439040 : Properly close fd backing a MemoryIntArray
    • 628bf23 : Sanity check ICMP6 router advertisement packets
    • 8da0528 : update shared libraries for system apps
    • a8a8675 : Cherry pick TextureView fixes
    • 6f761da : Eliminate next-alarm-clock broadcast flapping
    • ed42959 : Make sure IME focus is synced to View focus
    • 086ec0f : Fix double status bar icons
    • d7789d0 : Force AlertDialogLayout to have gravity start|top
    • 535eb07 : ChooserActivity: Cannot start app that the icon overflows the layout
    • 37e9867 : FloatingActionMode: Fix screen coordinates.
    • b341e02 : Set up view state before attaching, jump drawables if needed
    • 33c9b5f : Fixed a bug where notifications could reappear
    • 7f5d46a : Fixed a bug where the headsup would be stuck disappearing
    • c662295 : Enforce consistent sizes for arrays in SpannableStringInternal
    • d7a94a8 : Fix vulnerability in LockSettings service
    • 9e96728 : Limit capabilities of a11y gesture dispatch.
    • 9b0ae9f : Process: Fix communication with zygote.
    • 6ced050 : Bind fingerprint when we start authentication
    • 38ba968 : Fix vulnerability in LockSettings service
    • d9a7562 : Limit capabilities of a11y gesture dispatch.
    • c8a462e : Process: Fix communication with zygote.
    • b55f2e5 : Bind fingerprint when we start authentication
    • 904e596 : Try to mitigate issue #31016187: system_server crash in ArraySet.
    • 71c5b44 : Avoid potential re-entry as a result of child mutation
    • c4d27e9 : Added error handling to settings suggestions list
    • c372cb6 : Allow apps with CREATE_USERS permission to call UM.getProfiles.
    • 6ca6cd5 : Don't allow enable/disable of tuner on lockscreen
    • 91fc934 : Block user from setting safe boot setting via adb
    • 866dc26 : Add bound checks to utf16_to_utf8
    • 335702d : Disallow shell to mutate always-on vpn when DISALLOW_CONFIG_VPN user restriction is set
    • e206f02 : Pre-setup restrictions
    • 61e9103 : Check uid for notification policy access.

  • platform/frameworks/native with 6 change(s)
    • a08cb88 : ServiceManager: Allow system services running as secondary users to add services
    • f369622 : ServiceManager: Restore basic uid check
    • 6b19f00 : ServiceManager: Allow system services running as secondary users to add services
    • e7d5681 : ServiceManager: Restore basic uid check
    • 3632479 : Region: Detect malicious overflow in unflatten
    • 1f4b49e : Add bound checks to utf16_to_utf8

  • platform/frameworks/opt/net/wifi with 4 change(s)
    • 92a1fa7 : VenueNameElement: fix off-by-one enum bounds check
    • 2c82860 : ANQPFactory: catch all potential parsing errors
    • 5a6c3b4 : VenueNameElement: fix off-by-one enum bounds check
    • 5d76c86 : ANQPFactory: catch all potential parsing errors

  • platform/frameworks/opt/telephony with 1 change(s)
    • b8d1aee : Do not allow premium SMS during SuW

  • platform/hardware/ril with 2 change(s)
    • 916e84e : Replace variable-length arrays on stack with malloc.
    • f1f2724 : Replace variable-length arrays on stack with malloc.

  • platform/libcore with 1 change(s)
    • f0de41a : ZipFile: Never change file offset during I/O operations.

  • platform/packages/apps/CellBroadcastReceiver with 5 change(s)
    • bc4661c : Fixed that emergency messages are not enabled for Japanese carriers
    • fa4425a : Revert "Fixed that emergency messages are not enabled for Japanese carriers"
    • 0b2682d : Fixed that emergency messages are not enabled for Japanese carriers
    • f4177dd : Revert "Fixed that emergency messages are not enabled for Japanese carriers"
    • edbdbad : Fixed that emergency messages are not enabled for Japanese carriers

  • platform/packages/apps/Dialer with 1 change(s)
    • 7f6e414 : [Cherry-pick] Use the correct handleMmi function

  • platform/packages/apps/Email with 2 change(s)
    • 19df2a4 : Limit account id and id to longs
    • 0bb048c : Limit account id and id to longs

  • platform/packages/apps/PackageInstaller with 1 change(s)
    • 6c84557 : Hide toast windows when permissions UI shown

  • platform/packages/apps/Settings with 5 change(s)
    • 54967fd : Fix NullPointerException when refreshing wifi preferences.
    • 662943f : Remove preference "Searching for Wi-Fi networks..."
    • 575e991 : Fix multiple bluetooth devices bug
    • 1a4f137 : Don't remove wifi preferences when updating AP to avoid GC.
    • bd5d517 : Pre-setup restrictions

  • platform/packages/providers/TelephonyProvider with 2 change(s)
    • 6a33615 : 30481342: Security Vulnerability - TOCTOU in MmsProvider allows access to files as phone (radio) uid
    • ac80481 : 30481342: Security Vulnerability - TOCTOU in MmsProvider allows access to files as phone (radio) uid

  • platform/packages/services/Telephony with 1 change(s)
    • d1d248d : Make TTY broadcasts protected

  • platform/system/bt with 2 change(s)
    • 30a8f58 : audio_a2dp_hw: Always update frame counter in out_write
    • ea06f02 : Disable auto-pairing for hands-free devices

  • platform/system/core with 4 change(s)
    • 9544ee2 : Fix vold vulnerability in FrameworkListener
    • bbceed5 : Fix vold vulnerability in FrameworkListener
    • ecf5fd5 : libutils/Unicode.cpp: Correct length computation and add checks for utf16-utf8
    • d760358 : debuggerd: verify that traced threads belong to the right process.

  • platform/system/media with 4 change(s)
    • a0cbcf8 : Camera: Prevent data size overflow
    • 8188864 : Camera metadata: Check for inconsistent data count
    • d2c8e5a : Camera: Prevent data size overflow
    • 2577301 : Camera metadata: Check for inconsistent data count