Merge android-6.0.1_r80 (MOB31Z)

[pdsouza]

Tags: https://groups.google.com/d/msg/android-building/racl35q1MCk/JeznBhUCCwAJ

Repositories to merge:

Platform

• [x] android_platform_frameworks_native (https://github.com/maruos/android_platform_frameworks_native/commit/0f2f32e9ac12fb4498e6805409f5197e4f3fc5fa)
• [x] android_platform_frameworks_base (https://github.com/maruos/android_platform_frameworks_base/commit/4c524f46b4d896caf5492175c076ac1b54890bbd)
• [x] android_platform_hardware_qcom_display (no changes)
• [x] android_platform_packages_apps_Settings (https://github.com/maruos/android_platform_packages_apps_Settings/commit/e6b5f775ffda538431ca7d7d43d1c319bd1b177c)
• [x] android_platform_build (https://github.com/maruos/android_platform_build/commit/7b9ed73f3ed49e12e849f863896774a7a8710ed5)

Device

• [x] android_device_lge_hammerhead (no changes)
• [x] android_device_asus_flo (no changes)

Kernel

• [x] android_kernel_hammerhead (no changes...past support period for hammerhead)
• [x] android_kernel_flo (no changes...past support period for flo)

Manifest

• [x] manifest (https://github.com/maruos/manifest/commit/47f8a396ab5d056907d30bad5b96a7175d006d4f)

NOTE: This is on marhsmallow-mr2-release so we need to cherry these in vs. a merge since master is based on marshmallow-mr3-release; same deal as MOB31T.

[pdsouza]

frameworks/native $ git cherry -v maruos/master android-6.0.1_r80
+ 05d6a7e2ae505a72a9b402f214c66fe6fabc6614 IGraphicBufferConsumer: fix ATTACH_BUFFER info leak
+ 2c254155cde44bbdc1699a7ddf55dd974ba3a3ba IGraphicBufferProducer: fix QUEUE_BUFFER info leak
+ d4e6bf1413f4d259965ed595f396babdea97de29 Sanity check IMemory access versus underlying mmap
+ 2a73b6305d835b9caac56a30dc20862182f4d427 BQ: Add permission check to BufferQueueConsumer::dump
+ 40a41c7a73a09ff954fa71e647556daf9b70ea7b Revert "Sanity check IMemory access versus underlying mmap" because the CL got abandoned This reverts commit d4e6bf1413f4d259965ed595f396babdea97de29.
+ 54fb75bcbdb4207317297d2419a604a201d25af5 Sanity check IMemory access versus underlying mmap
+ 95b454d2ef6fea3284d72ee2827721b137d9d6f4 Merge conflict--Add SN logging
+ 43316b32a205528e41bf6bc587b4dda09be8b840 BQ: Add permission check to BufferQueueConsumer::dump
+ c9d518ee078401bb46b215f67d89f8bed45e1e81 Sanity check IMemory access versus underlying mmap
+ 638ac77748a398b6abc291f61ad5b883d444b63b Add SN logging
+ 4cf908a1cd31b751cd954947094cd3f2022707c0 BQ: fix some uninitialized variables
+ e7ef5b66c3b68311d82d6dbbcec6addc07d07528 Fix issue #27252896: Security Vulnerability -- weak binder
+ df3f527bce1c52c95f974aed333b3c8e65847b4d BQ: fix some uninitialized variables
+ b0a3ac56663362878b62d7f422472e6fd638290a Fix issue #27252896: Security Vulnerability -- weak binder
+ 42db615d93c3345ce8665eaf51701f347446bafd Add new MotionEvent flag for partially obscured windows.
+ 9248e075cd75c0bbc0e7162c74c426e270574193 Correctly handle dup() failure in Parcel::readNativeHandle
- 3bcf0caa8cca9143443814b36676b3bae33a4368 Add FrameStats default constructor
- 98e433ee7f8637ec3c2117e1c47a0a00356f6158 Add FrameStats default constructor
- 188f11460df85c4babd21c926a0d09d0b732a40b Region: Detect malicious overflow in unflatten
- 1ecb999624165ea2a9cf5e16b3f7e93358d503d6 Region: Detect malicious overflow in unflatten
- 5d810559a3751e8beee6b1e6dc43c3cb05f0f97b ServiceManager: Restore basic uid check
- 48757ade21d6a26dd7d2a32641de6838d57fa03b ServiceManager: Allow system services running as secondary users to add services
- ebf0c917c3034002b3ca8abb22f7417b6ecc7e30 DO NOT MERGE ServiceManager: Restore basic uid check
- 23e7c1d038bae581cf896f72706221c2ef610c61 ServiceManager: Allow system services running as secondary users to add services
- a9b6ac95b7ade6e1f484c9138ce9468c1198a679 Fix SF security vulnerability: 32660278
- b5c8da661e8c6cd32d038d4fd9b5bc2f6f4046c4 Fix SF security vulnerability: 32660278
- f6079135672ebb7628d271643ae1dd519e68adbd Fix SF security vulnerability: 32706020
- 862a0188eeec4453eb318c46adf19ea632059bdd Correct overflow check in Parcel resize code
- 80fef3303ad34be1f6fefc7adfd84632f5852eb9 Correct overflow check in Parcel resize code
- b4ad8fd532d4a4dcc4329760b88e92ca0cf50181 Fix SF security vulnerability: 32706020
+ 088c16befc277069488fa557d86570c78a22f419 Fix security vulnerability
+ 33d11197f0c5153317286d4064b4d4ec790e5346 ui: Fix bad size check in Fence::unflatten
+ a6381e33b0c33b3342f743ba4e3e47cff10bba71 libgui: Check slot received from IGBP in Surface
+ 2aa91b37c8f8691c6a77f87b0b2551d15dca2ad2 libgui: check for invalid slot in attachBuffer

Looks like there are duplicates reported here even with git-cherry. The first set of "+"s are already in ours (these are a lot older), I think it's just the last four we need.

Confirmed with git rebase master android-6.0.1_r80-unique that only the last four commits introduce anything new.

[pdsouza]

frameworks/base $ git cherry -v maruos/master android-6.0.1_r80
+ 157fde188abb10de7f0bcdc0db4bbcdad4829d93 Don't allow contact sharing by default for device not recognized as carkit.
+ aa567807640645b6962736ef3b9ed7930dd0a6d7 DO NOT MERGE SoundPool: add lock for findSample access from SoundPoolThread
+ e1186566cd85027796f624707b095bcfaa4616f6 DO NOT MERGE Ensure that the device is provisioned before showing Recents.
+ ea9cca74e7e6383134a17ea6eef6b1311eeb483e Check permissions on getDeviceId.
+ 55663814f362b81c446a190fb8be29c6d1ea2448 Redact Account info from getCurrentSyncs
+ a9e5fa7d6226f9a05b37b1f7aa8b1aab9daaf3c9 NPE fix for SyncStorageEngine read authority am: a962d9eba7 am: 339c4f2b05 am: 58048c1f17
+ 2b05a696ba0eaa69436057211f73636d29970f12 Conflict resolution CL to ag/868720 when cp'ing to mnc-mr1-release
+ c5a0fcae4d5f81f355cef68b28a3a68d17cd9a11 Redact Account info from getCurrentSyncs
+ ded5c065cb76a0391e342ed81e302fc70ef2a811 [DO NOT MERGE] Disallow guest user from changing Wifi settings
+ 4903220f6b8d0e43a5ab71cede009492bc7ea365 [DO NOT MERGE] Disallow guest user from changing Wifi settings
- 810b9a6bbb9063c3fbbc8d2eb1da448881123ca8 DO NOT MERGE Fix intent filter priorities
+ 5d799cd4c48965ea4edb6b0ea8b46e9d603c8901 Add new, hidden MotionEvent flag for partially obscured windows.
+ 1408899c8a0163aa5f726631b93fa9f3073d59f9 Kill the real/isolated uid group, not the ApplicationInfo uid
+ 679c38191f3dbb5c12b808eba4793c59c9eda964 resolve merge conflicts of 44e07e0 to mnc-dev
+ 5c3aba200be469f7f69bbd2eb64e573a0560fcfc Don't pass URL path and username/password to PAC scripts
+ c8352fab0312b075eee78589813a4c1517fd4294 Backport ChooserTarget package source check from N
+ ac2d4d1a2f8c367c098a45d84c596619b302faf8 Fix missing permission check when saving pattern/password
+ 0568b17a9a2dd01b28da6d577655e420d1b55336 Backport of backup transport whitelist
- e7cf91a198de995c7440b3b64352effd2e309906 Don't trust callers to supply app info to bindBackupAgent()
- a75537b496e9df71c74c1d045ba5569631a16298 DO NOT MERGE Fix intent filter priorities
- 468651c86a8adb7aa56c708d2348e99022088af3 DO NOT MERGE Disable app pinning when emergency call button pressed
- 01875b0274e74f97edf6b0d5c92de822e0555d03 Reduce shell power over user management.
- 4e4743a354e26467318b437892a9980eb9b8328a Add pm operation to set user restrictions.
- 51a933a3cb368d155d12595fbc57be0230aa206b DO NOT MERGE Disable app pinning when emergency call button pressed
- b83baa6aac4d16367a37a7e54007b29c67f9d3c9 Don't trust callers to supply app info to bindBackupAgent()
- 163728a065206209882427e54f20b1b561100dc3 Reduce shell power over user management.
- f7f3b5da8fec498ad66c7edc4044f2f9da0d4ad4 Add pm operation to set user restrictions.
- 1b5bbd822539d981ac1a19c67fb23b1c4f543364 DO NOT MERGE: Remove the use of JHEAD in ExifInterface
- 0ba84ba241edced416e0a5093ca767c6ac1f4a09 Check caller's uid before allowing notification policy access.
- a6c819a06ebcd96b774645f29f6255ef774035ce Add bound checks to utf16_to_utf8
- a99e83d2a493171e0d1fdaeb74486da11ebc229b WifiEnterpriseConfiguration: Do not print credentials in toString
- 021c7094b88595cab276d19bd05053dc7225e358 Fix string equality comparison
- db61b272db842de84b81d6a3e00c5ea3648765c5 DO NOT MERGE Block the user from entering safe boot mode
- 55271d454881b67ff38485fdd97598c542cc2d55 WifiEnterpriseConfiguration: Do not print credentials in toString
- 81be4e3aac55305cbb5c9d523cf5c96c66604b39 Fix string equality comparison
- 28460c294ebd9c9cab258c92a20e0e2cc63e64f0 Check caller's uid before allowing notification policy access.
- f0ea4c8737ec911074cc4d284f984c5c353f32e2 Add bound checks to utf16_to_utf8
- 69729fa8b13cadbf3173fe1f389fe4f3b7bd0f9c DO NOT MERGE Block the user from entering safe boot mode
- e739d9ca5469ed30129d0fa228e3d0f2878671ac DO NOT MERGE: Remove the use of JHEAD in ExifInterface
- 688a0ae1eeb6a5a63ef879b833501c66e8554a18 DO NOT MERGE: Allow apps with CREATE_USERS permission to call UM.getProfiles.
- 72fd9c97ee20af0ac7af7cc771187241fae3b05b DO NOT MERGE: Fix CTS regression
- 5aa2601ddd7c52b740cdffdeb8afd22d0151b1d5 DO NOT MERGE: Fix CTS regression
- 90ea10c4d3e4aceba98276f5f16389aa6f99584a DO NOT MERGE: Allow apps with CREATE_USERS permission to call UM.getProfiles.
- bba5e529d762b2431dfc0d8018f4e87d7c780fb6 Bind fingerprint when we start authentication - DO NOT MERGE
- 4c8cead0c3d56f0544359b5de5daadff39f3acd4 Process: Fix communication with zygote.
- 3cbab7a7652dc7ec5fc6ba3965e2c801991b90f3 Fix vulnerability in LockSettings service
- ae4871e84afb179436f2ab73e24ab2435748ce41 DO NOT MERGE: Clean up when recycling a pid with a pending launch
- 522871c367b7547983ae05940cc32af90eaa2dd7 DO NOT MERGE: Fix vulnerability where large GPS XTRA data can be injected. -Can potentially crash system with OOM. Bug: 29555864
- c998deb9376eea9289d81ac03b41e01722c8a761 DO NOT MERGE: Clean up when recycling a pid with a pending launch
- 1d6c0efc202a21942321ffa3b83b7c9309e66c9a Fix vulnerability in LockSettings service
- a1e18814d23f36c0ec970d6e04de3dbc1214d53d Process: Fix communication with zygote.
- ca692c228dfef0b0d7f51597e726180d3f70c66c Bind fingerprint when we start authentication - DO NOT MERGE
- f1e317003659e9097f760a4b680dd595abed2e3e DO NOT MERGE: Fix vulnerability where large GPS XTRA data can be injected. -Can potentially crash system with OOM. Bug: 29555864
- 19d760b00b5d4f6e413c61edec6645f340f3afc0 DO NOT MERGE Check caller for sending media key to global priority session
- ee42a6bc012432e4a205c7da2023d4e35372e33e DO NOT MERGE) ExifInterface: Make saveAttributes throw an exception before change
- c2c6bed108595aaf4e7610a8626c5b27f4a1d0d0 Backport changes to whitelist sockets opened by the zygote.
- cf053b5dccb6ce215b9f9f7b18aec42c5589e211 Ensure munmap matches mmap
- 5cc1157b1a17ae48b207601db225e2a72ec935d6 Fix setPairingConfirmation permissions issue (2/2)
- 75f7491b59764db79743218b6091c34b26148619 DO NOT MERGE: Catch all exceptions when parsing IME meta data
- 501cc42e4bf82ac9547bfa190edd1484a52dcf7f DO NOT MERGE: Fix deadlock in AcitivityManagerService.
- f6ff0ace2f4a9a2f785093d65e249c04faa8ad4d Avoid crashing when downloading MitM'd PAC that is too big am: 7d2198b586 am: 9c1cb7a273 am: 6634e90ad7 am: 66ee2296a9
- dbb4fb43a5f4d228a16cb062d2376e0a5b8de746 Fix build break due to automerge of 7d2198b5
+ a2c5d68b8d83f64cdc0f14a9364ed880ff632fc3 Use "all_downloads" instead of "my_downloads".
+ 18201710de150c53576376f14628f8ba38fa72c6 Merge commit '0a9d537f623b2c11dce707fb9b91fea016fd0e9f' into manual_merge_0a9d537
- b8be33b0bedec211708c4525b9d3f3b4effb385c Backport changes to whitelist sockets opened by the zygote.
- 23e6629cf56378634488ea49a8acf40d709effa1 DO NOT MERGE) ExifInterface: Make saveAttributes throw an exception before change
- 26f6eb78a61323cb2cae055ee0cee62c95a8f85e Fix setPairingConfirmation permissions issue (2/2)
- 77fa5d963f796f7682fd3f859e3f148681f60bde Ensure munmap matches mmap
- 115baf8f0fb54fa86db6afc489ab8413ff714e46 DO NOT MERGE: Fix deadlock in AcitivityManagerService.
- 9e812be46b6f7be61524e14652ba380c02518262 DO NOT MERGE: Catch all exceptions when parsing IME meta data
- 4f0dec2e62ee47dec1e29a6c97e13af2c86a33e9 Fix build break due to automerge of 7d2198b5
- 4c95059c31584cbd5651183a4605301563cf2e8e DO NOT MERGE Check caller for sending media key to global priority session
- f653d365122f0cebc92ac7bb0af805cc4d80f638 Merge commit '0a9d537f623b2c11dce707fb9b91fea016fd0e9f' into manual_merge_0a9d537
- ef525e8d721a69310044eca14993df8b13ac1b14 Avoid crashing when downloading MitM'd PAC that is too big am: 7d2198b586 am: 9c1cb7a273 am: 6634e90ad7 am: 66ee2296a9
- 761bcb5ad2dd3168109009a31328643f556decba DO NOT MERGE) ExifInterface: Provide backward compatibility
- 62509ef81bccfb7e0b4e3287d624b24114093349 DO NOT MERGE Isolated processes don't get precached system service binders
- ab2f065f401aefc9ba21865102dd40440ed083aa DO NOT MERGE) ExifInterface: Close the file when an exception happens
- 248c3ab8323c774d213df75ac528d4ab96107fe4 DO NOT MERGE) ExifInterface: Provide backward compatibility
- 37648d47981bf9a52738dbe534982e0bdfd98eff DO NOT MERGE Isolated processes don't get precached system service binders
- 81a958fc287bc8b1c0601960f466828f4abb0c2c DO NOT MERGE) ExifInterface: Close the file when an exception happens
- 8dd6b2ff0b68782615b337ba6ebe48f39afef00b resolve merge conflicts of 89aa6fb to mnc-dr-dev
- c6335a8518caea5dc366d0dd67682c5ebc2ddecd Public volumes belong to a single user.
- 39e9323ab6e87be86c11ebb8f6ca06421062a9b4 Fix idmap leak in zygote process
+ 949b06016427e931bad4a3ae6b5913fa75e2c907 Zygote : Block SIGCHLD during fork.
- 6b1fa5bce711354e6462a7015bcfc01a50954eef Zygote: Additional whitelists for runtime overlay / other static resources.
- 185ad425340ffdf34295b3e6678fe35a91a23e60 Zygote: Additional whitelisting for legacy devices.
- cc3a845d08fc99b1af1a1707492495a34cb2a1cb Zygote : Block SIGCHLD during fork.
- 51665ef99ff37769005d6af85fa70ee73e0ecacc DO NOT MERGE. Retain DownloadManager Uri grants when clearing.
- 80b629288444d7841dd7a3e0daf46c263c818445 Public volumes belong to a single user.
- 7aa8ec22a3d4a834007d0e6f57a078f773dd729b Zygote: Additional whitelists for runtime overlay / other static resources.
- c3ee76203a1ce9b8c490975574707c9389c77057 Zygote: Additional whitelisting for legacy devices.
- 94946899615c2af2eaa39895a1242499d078c3c8 Fix idmap leak in zygote process
- db66afe61e52f81f185593a2b6dd63c436ce9014 resolve merge conflicts of 89aa6fb to mnc-dr-dev
- dcd0acffd8a3561e46eb97ad0b0e587e47ac6829 DO NOT MERGE: Check provider access for content changes.
+ 5e017ef63149c84749a99f1fb445b5e0e4ed26da Fix exploit where can hide the fact that a location was mocked am: a206a0f17e am: d417e54872 am: 3380a77516
- cefaefa4f447a51a717e7cca750461d3f19b68fc DO NOT MERGE: Check provider access for content changes.
- 12033ddaf11ae11d0212eabcf82639bd73410e47 DO NOT MERGE. Retain DownloadManager Uri grants when clearing.
+ 49ae4d66819cbbcb783e7524c536496fb9f3fd37 Prevent writing to FRP partition during factory reset.
+ 7cc6259d174759c855df30d3a9dc8f822d09d9ca Add @GuardedBy annotation to PersistentDataBlockService#mIsWritable.
+ 2815705326ae9f44886d39e08ebdec358e5f5fde Prevent writing to FRP partition during factory reset.
+ 8c1294a930ff2ced62b4021527083b89c6feede6 Add @GuardedBy annotation to PersistentDataBlockService#mIsWritable.
+ 5549a1f8372a46176486039e0f135f78b42cc0e3 Fix exploit where can hide the fact that a location was mocked am: a206a0f17e am: d417e54872 am: 3380a77516 am: 0a8978f04b am: 1684e5f344 am: d28eef0cc2
+ ecd72702a92662a944bacfc2da13e6e83e39a5b7 DO NOT MERGE Do not call RecoverySystem with DPMS lock held
+ 804cbf66abef1f3b550fcd245be749152d347743 Fixed the logic for tethering provisioning re-evaluation
+ f3a435f3962cf30a21455c2c70c50689f8be42fc DO NOT MERGE [DO NOT MERGE] Don't allow permission change to runtime
+ a7dc08b601a6ba07a0750b62bef424c80f962507 DO NOT MERGE [DO NOT MERGE] Check bounds in offsetToPtr
+ 4996a4b3786d2d8b5f0a726b4ef816d23c4a150b DO NOT MERGE [DO NOT MERGE] Throw exception if slot has invalid offset
+ 0fd509cf98ca2059ac9a5c8ce192d5c7842d8267 Make a11y node info parceling more robust
+ bf5b43c529ffb7d533f5907d107b925d70fff578 system_server: add CAP_SYS_PTRACE
+ fb07b46c0622dade6718ae3134bf0f590d557f6d ZygoteInit: Remove CAP_SYS_RESOURCE

Bunch of duplicates here too even with git-cherry. We just need the most recent few at the bottom. We already have up to "DO NOT MERGE. Retain DownloadManager Uri grants when clearing."

[pdsouza]

packages/apps/Settings $ git cherry -v maruos/master android-6.0.1_r80
+ edcf785b6882cfb4e3c29f0326ddb80f4a0007c0 Uncheck checkbox for contact sharing by default for non carkit devices.
+ 5de26d8329c2379d2c025226fde075057a7abaaf Block developer settings during SUW
+ be1af1486d9c587de6384a5d2e435db1eff12469 Preserve FRP lock if wiped during SUW
- f8d24fc35a26fb2a4d29809a8ff83e2974cb2b9e Pre-setup restrictions DO NOT MERGE
- 2169505c9a9300ca564a39d218b80dcfefc76c2a Pre-setup restrictions DO NOT MERGE
- 738acd5baef36000d66985ccdde89f450ef34194 [Fingerprint] Remove learn more link if not provisioned. DO NOT MERGE
- 094752f5a1257d77fc9454dad63f87dbe0dbc5be [Fingerprint] Remove learn more link if not provisioned. DO NOT MERGE
+ 97d1f86901c0a5b6bc5e210fc5933d76d4e03804 Add permission check to Intents used by Authenticator Settings.

Same issue here with duplicates still being reported with git-cherry...looks like whoever merged android-6.0.1_r80 has a bunch of duplicates, ew. We just need the last commit.

[pdsouza]

Summary of changes (HUGE):

$ repo forall -p -c git log --oneline android-6.0.1_r79..android-6.0.1_r80

project build/
85e023d Make change and version bump to MOB31Z
77fe130 Updating security string to 2017-07-01 on mnc (cherry picked from commit dce5c7b9dcf30d3d8582e704733b6d702be4e64b)
320f9ba Version bump to MOB31Y
5e68f7a Merge "MOB31X" into mnc-mr2-release
2f1cb00 MOB31X
4b44e8b Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
87ab43a MOB31W
67d11aa [DO NOT MERGE] Update Security String to 2017-06-01 for mnc-dev
8ca81cc Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
6a9de88 DO NOT MERGE : Update Security String to 2017-05-01 on mnc-dev
32a816c Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
7ed8683 [DO NOT MERGE] Update Security String to 2017-04-01 for mnc-dev
dfb6f45 MOB31V
6a6b785 [DO NOT MERGE] Updating Security String to 2017-03-01 on mnc-dev
56439f8 MOB31U
2ab374f [DO NOT MERGE] Updating Security String to 2017-03-05 on mnc-dev
922e4e7 [DO NOT MERGE] Updating Security String to 2017-03-01 on mnc-dev
817ad4a [DO NOT MERGE] Update Security String to 2017-02-05 on mnc-dev
3aef984 [DO NOT MERGE] Update Security String to 2017-02-01 on mnc-dev
ba875fc Updating Security string to 2017-01-01 on mnc-dev
bc10344 Updating Security String to 2016-12-01
ecca1c8 Updating Security String to 2016-11-01 on mnc-dev b/31618336
d7a7564 Update Security String to 2016-10-01 to platform and CTS for October Security
96e5bb1 Updating security string to 2016-09-01 to platform and CTS in preparation for 2016 September OTA
d960957 Merge "Update security patch string to 2016-08-01 - For Partners only" into security-aosp-mnc-mr1-release
60a6efd Update security patch string to 2016-08-01 - For Partners only
468b3b9 disable unpriv perf by default in user{,debug} builds
736c4a4 Updating security string to 2016-07-01
212dcf1 Update security patch string to 2016-06-01
4d05c3f Update Security String to 2016-05-01 in preparation for May 2016 Security OTA
377e0a3 Merge in history after reset to stage-aosp-mnc-mr1-release@772db68397fed9253ac4defb4fe2ebe0dbffcb97
5a53f2c Merge Conflict--Update Security String to 2016-05-01 in preparation for May 2016 Security OTA
772db68 "MMB29X"
a6860b3 Update Security String to 2016-04-02 in preparation for April 2016 Security OTA v2 - kernel updates with patches for CVE-2015-1805
2d0200f "MMB29W"
0ad1f65 Updating security string patch to 2016-04-01
bc3ca8c Updating security string patch to 2016-04-01
cb001d5 Updating security patch string to 2016-03-01
00b242b Update Security String to 2016-02-01
22dac03 Update Security String to 2016-01-01 to mnc-dev

project cts/
555a2fa Merge in history after reset to stage-aosp-mnc-mr1-release@04d23e6526745822df2e62d78160fdcb1bd0a2e6
341f1d4 MediaServerCrashTest: add testDrmManagerClientReset.
f9ec676 CTS test for robust handling of invalid cmap

project dalvik/
76ffe02 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
2db6ba9 Fix potential buffer overrun.

project device/htc/flounder/
f41c9c0 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
ddff829 Fix security issue in Visualizer effect

project external/aac/
06685fa Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
84da677 Fix aacDecoder_drcExtractAndMap()
914c690 Fix stack corruption happening in aacDecoder_drcExtractAndMap()
a58176f Merge in history after reset to stage-aosp-mnc-mr1-release@48b330d303727e1f2671f844a1d541d596f6d5da
2181968 Fix stack corruption happening in aacDecoder_drcExtractAndMap()

project external/boringssl/
61f1223 Merge cherrypicks of [2379347, 2379239, 2379364, 2379160, 2379220, 2379290, 2379348, 2379328, 2379329, 2379349, 2379350, 2379365, 2379401, 2379351, 23
d21457b CVE 2016-2109 fix
7474e7e Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
df0817d DO NOT MERGE Always use Fermat's Little Theorem in ecdsa_sign_setup.
041a809 Merge "DO NOT MERGE Constify more BN_MONT_CTX parameters." into security-aosp-mnc-mr1-release
4cedecb Merge "DO NOT MERGE Compute ECDSA modular inverses with Fermal's Little Theorem." into security-aosp-mnc-mr1-release
8cc3ca7 DO NOT MERGE Constify more BN_MONT_CTX parameters.
f0d18cf DO NOT MERGE Compute ECDSA modular inverses with Fermal's Little Theorem.
828c02a DO NOT MERGE Make BN_mod_exp_mont_consttime take a const context.
2d0c6f7 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
d1d5a84 Rewrite BN_bn2dec.
94c61cf Rewrite BN_bn2dec.
b35c285 Re-add |EVP_des_ede_cbc|.
85a9811 Fix NID of |EVP_CIPHER des3_cbc|.
7c2edb9 Fix encoding bug in i2c_ASN1_INTEGER
e2e3a5c Remove support for mis-encoded PKCS#8 DSA keys.
f268ff7 Merge in history after reset to stage-aosp-mnc-mr1-release@f7063c1e913edebd3402a2c2467c1bdb3d4b79a9
ff60157 Remove support for mis-encoded PKCS#8 DSA keys.

project external/bouncycastle/
5d79183 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
c786a67 GCMParameters: in ASN1 encoding, use 12 when no value is specified
1a9fbec Merge in history after reset to stage-aosp-mnc-mr1-release@bc445d763fe265ee2757fdc2b3cdd5719429d9e5
bc445d7 GCMParameters: fix insecure tag size
eac60a3 GCMParameters: fix insecure tag size
3068cb0 DO NOT MERGE bouncycastle: limit input length as specified by the NIST spec

project external/chromium-libpac/
511f01a Fixup libpac for V8 4.9.385.28 DO NOT MERGE.
ffb0e0b Fix for PAC script function dnsResolve.  DO NOT MERGE.
84c95a9 Update proxy resolver and tests for V8 API changes. DO NOT MERGE.

project external/chromium-webview/
d6c17b4 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
2dfacfd WebView AOSP Integration Request - 52.0.2743.100

project external/conscrypt/
fb0324f Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
0f4b04e Fix typo in name of des-ede mapping
f9dc37e Use SSL_session_reused to check when a session was reused
5796f69 OpenSSLCipher: reset AAD when necessary
348cbdc OpenSSLCipher: multiple calls to updateAAD were ignored
3fb024a Merge in history after reset to stage-aosp-mnc-mr1-release@4bdc877ba02469916cc8c865083f6523b222c28f
3312e10 Fix updateAAD when offset is not 0
dfeb941 Merge "OpenSSLCipher: reset AAD when necessary" into security-aosp-mnc-mr1-release
5dafbe6 OpenSSLCipher: reset AAD when necessary
42a8dad OpenSSLCipher: multiple calls to updateAAD were ignored
5df254b Merge "Prevent duplicate certificates in TrustedCertificateIndex" into security-aosp-mnc-mr1-release
4cc285a Prevent duplicate certificates in TrustedCertificateIndex
c800654 Cache intermediate CA separately

project external/dhcpcd/
4d613d3 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
01de984 Merge in history after reset to stage-aosp-mnc-mr1-release@2a5eac9f85a320a50bf2b377c4834eb4ce88dd20
2a5eac9 Improve length checks in DHCP Options parsing of dhcpcd.
cee18fd Improve length checks in DHCP Options parsing of dhcpcd.

project external/expat/
0f9385f Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
0c447e5 Fix cast from pointer to integer of different size
d7bd2a2 Merge "Security Vulnerability - CVE-2012-6702 and CVE-2016-5300" into security-aosp-mnc-mr1-release
f424287 Merge "Fix CVE-2016-0718: Expat XML Parser Crashes on Malformed Input" into security-aosp-mnc-mr1-release
96c4757 Security Vulnerability - CVE-2012-6702 and CVE-2016-5300
cfff574 Fix CVE-2016-0718: Expat XML Parser Crashes on Malformed Input
18c7d37 Upgrade to expat 2.1.1

project external/flac/
322936f Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
4a3b548 src/libFLAC/stream_decoder.c : Fix NULL de-reference.
62ba70e Avoid free-before-initialize vulnerability in heap
1689b1a Merge in history after reset to stage-aosp-mnc-mr1-release@e685ca5e441867515363f6f9c1be5f609b67e975
984cac7 Avoid free-before-initialize vulnerability in heap

project external/freetype/
6b395cb Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
2689da5 Merge commit '055aee28cedc3' into klp-dev:
cebcd44 [DO NOT MERGE] Update FreeType to 2.6.2 + update from 2.6.0

project external/giflib/
663d87a DO NOT MERGE Update GIFLIB to 5.1.4 DO NOT MERGE

project external/jhead/
a97d460 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
e923f0b Fix possible out of bounds accesses
3cb24f5 Fix possible out of bounds access

project external/libavc/
a7cc5a3 Merge cherrypicks of [2379347, 2379239, 2379364, 2379160, 2379220, 2379290, 2379348, 2379328, 2379329, 2379349, 2379350, 2379365, 2379401, 2379351, 23
bfcb407 Decoder: Initialize MB info buffer to zero.
6bdb902 Decoder: Fix end of bitstream error.
a9427f1 Decoder: Fix allocation for Mbaff weight matrix
97b1d82 Decoder: Fixed flag u1_top_bottom_decoded.
0a559ba Decoder: Added an error check while parsing PPS.
103cc4c Fix stack buffer overflow in ih264d_process_intra_mb
04a5e3b Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
c898468 Merge "Decoder: Fix in reference list initialization." into security-aosp-mnc-mr1-release
695b079 Merge "Decoder: Fixes in accessing mbaff flag in error cases" into security-aosp-mnc-mr1-release
0370a0d Merge "Fix in the case of MMCO 3 (long term reference idx)." into security-aosp-mnc-mr1-release
1a9219e Decoder: Fixes in accessing mbaff flag in error cases
122d0d0 Fix in the case of MMCO 3 (long term reference idx).
1d5cb46 Decoder: Fixed number of MB calculation for interlaced error streams
7f3e5c6 Decoder: Fix in reference list initialization.
6229fb8 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
f6383c8 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
eac27c6 Merge "DO NOT MERGE Decoder: Fixed error handling for dangling fields" into security-aosp-mnc-mr1-release
ad3f6e4 Fixing a check in ih264d_parse_slice.c
bf52820 DO NOT MERGE Decoder: Fixed error handling for dangling fields
151ff76 :Decoder: Moved end of pic processing to end of decode call
1762feb Decoder: Treat first slice in a picture as part of new picture always
1124d70 Merge "Decoder: Fixed initialization of first_slice_in_pic" into security-aosp-mnc-mr1-release
a49d0e0 Merge "Fix in returning end of bitstream error for MBAFF" into security-aosp-mnc-mr1-release
e92800a Merge "Decoder: Initialize default reference buffers for all pictures" into security-aosp-mnc-mr1-release
4575138 Merge "Decoder: Return correct error code for slice header errors" into security-aosp-mnc-mr1-release
1af58b4 Merge "Decoder: Fixes an out of bound write in bitstream buffer" into security-aosp-mnc-mr1-release
ca5a94f resolve merge conflicts of 3654ad0 to mnc-dr-dev
7b38293 Decoder: Fixed initialization of first_slice_in_pic
ed7d70d Fix in returning end of bitstream error for MBAFF
4f91f55 Decoder: Initialize default reference buffers for all pictures
97c26af Decoder: Return correct error code for slice header errors
c5f9133 Decoder: Fixes an out of bound write in bitstream buffer
9b25a2b Merge "Decoder: Fix in the case of error in the first MB in frame." into security-aosp-mnc-mr1-release
0ded74a Merge "Decoder: Fixed allocation of ps_dec->ps_nbr_mb_row" into security-aosp-mnc-mr1-release
d6fe55b Decoder: Padded gau1_ih264d_top_left_mb_part_indx_mod to avoid an out of bound read
41861da Decoder: Fix in checking first_mb_in_slice
316495b Decoder: Increase memory allocation for weights & offsets for interlaced clips
bb3eddb Decoder: Fixed DoS in header decode when no PPS is present
720607c Decoder: Initialize ps_cur_slice->u1_mbaff_frame_flag correctly for error cases
b877f67 Decoder: Fixed an out of bound access while parsing SEI
d10fa62 Decoder: Fix in MB count in MBAff error handling
b112a58 Call ih264d_deblock_display only for valid process calls
1f1c026 Decoder: Fixed allocation of ps_dec->ps_nbr_mb_row
8ef2bce Decoder: Fixed cur_mb_info initialization in error cases
f2001f0 Decoder: Fix in error concealment in the case of Mbaff clips
28c6e87 Decoder: Fix in the case of error in the first MB in frame.
f693c6b Decoder: Fix in returning incomplete frame error
bd6cf42 Decoder: Fix initialization of ps_next_dpb during reference list creation
ba0b4ec Merge "Decoder: Fixed DoS in header decode when no PPS is present" into security-aosp-mnc-mr1-release
6bbd83c Merge "Decoder: Fixed an out of bound access while parsing SEI" into security-aosp-mnc-mr1-release
172b4fe Merge "Decoder: Initialize ps_cur_slice->u1_mbaff_frame_flag correctly for error cases" into security-aosp-mnc-mr1-release
b4ecbb0 Merge changes I150c48c6,I9db44463,I2dfd962b,I883d5d8a,I38049763, ... into security-aosp-mnc-mr1-release
0203497 Merge "Decoder: Fix in MB count in MBAff error handling" into security-aosp-mnc-mr1-release
b4ae265 Merge "Call ih264d_deblock_display only for valid process calls" into security-aosp-mnc-mr1-release
4451654 Merge "Decoder: Padded gau1_ih264d_top_left_mb_part_indx_mod to avoid an out of bound read" into security-aosp-mnc-mr1-release
4adc531 Merge "Decoder: Fix in checking first_mb_in_slice" into security-aosp-mnc-mr1-release
f570717 Decoder: Fixed allocation of ps_dec->ps_nbr_mb_row
766229e Decoder: Fix in the case of error in the first MB in frame.
65fa600 Decoder: Fixed cur_mb_info initialization in error cases
aa26243 Decoder: Fix in returning incomplete frame error
7742ee4 Decoder: Fix initialization of ps_next_dpb during reference list creation
a345ce3 Decoder: Fix in error concealment in the case of Mbaff clips
99fa90e Decoder: Fix in the case of error in the first MB in frame.
effb5b8 Decoder: Fixed allocation of ps_dec->ps_nbr_mb_row
9614400 Call ih264d_deblock_display only for valid process calls
d972d37 Decoder: Fix in MB count in MBAff error handling
22c8136 Decoder: Fixed an out of bound access while parsing SEI
7f26623 Decoder: Initialize ps_cur_slice->u1_mbaff_frame_flag correctly for error cases
04757ee Decoder: Increase memory allocation for weights & offsets for interlaced clips
c5318ac Decoder: Fixed DoS in header decode when no PPS is present
5072c4b Decoder: Fix in checking first_mb_in_slice
28fa0db Decoder: Padded gau1_ih264d_top_left_mb_part_indx_mod to avoid an out of bound read
7f96c36 Decoder: Fix in checking for valid profile flags
9211390 Decoder: Fixes in handling errors in Mbaff clips.
12fe485 Decoder: Ignore few dpb errors
e8b5026 Decoder: Fixes for handling errors in multi-slice MB Aff streams
8770172 Fix in the case of invalid SPS PPS
bae6fe4 Fixed error concealment when no MBs are decoded in the current pic
9c5b618 Decoder: Initialize first_pb_nal_in_pic for error slices
9be2e53 Decoder: Do not conceal slices with invalid SPS/PPS
d284be2 Decoder: Fix slice number increment for error clips
e92aa04 Merge "Fix slice params for interlaced video" into security-aosp-mnc-mr1-release
2453ecb Merge "Decoder: Memset few structures to zero to handle error clips" into security-aosp-mnc-mr1-release
c680157 Merge "Decoder: Fix for handling invalid intra mode" into security-aosp-mnc-mr1-release
4fcb9cd Merge "Decoder: Initialize slice parameters before concealing error MBs" into security-aosp-mnc-mr1-release
ca98681 Fix slice params for interlaced video
4681781 Decoder: Initialize slice parameters before concealing error MBs
9134491 Decoder: Memset few structures to zero to handle error clips
0b23966 Decoder: Fix for handling invalid intra mode
2de988e Decoder: Set u1_long_term_reference_flag to 0 for error concealment
2ade57b Merge in history after reset to stage-aosp-mnc-mr1-release@0b24cbee09cc4dc1a73d58ee7b01b38c07235d3b
0b24cbe Decoder: Fix stack underflow in CAVLC 4x4 parse functions
2eddadc Ensure ih264d_start_of_pic() is not repeated in ih264d_mark_err_slice_skip()
de20684 Merge "Ensure ih264d_start_of_pic() is not repeated in ih264d_mark_err_slice_skip()" into security-aosp-mnc-mr1-release
5ac2ad8 Ensure ih264d_start_of_pic() is not repeated in ih264d_mark_err_slice_skip()
b9982d4 Decoder: Fix stack underflow in CAVLC 4x4 parse functions
d586400 Decoder Update mb count after mb map is set.

project external/libhevc/
d35db0d Merge cherrypicks of [2379347, 2379239, 2379364, 2379160, 2379220, 2379290, 2379348, 2379328, 2379329, 2379349, 2379350, 2379365, 2379401, 2379351, 23
9f44219 Fix heap buffer overflow while searching for valid PPS
a44bd29 Check for buffer overflow in pps/slice header parsing
7fa2a97 memset SPS to zero
d6a57e2 Fix reallocation for new sps
4b96ab4 DO NOT MERGE Handle streams with change in max_dec_buffering/num_reorder_frames without resolution change
673562c resolve merge conflicts of 8dc7b42 to mnc-dr-dev
104c6b6 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
03aa428 Merge "Correct Tiles rows and cols check" into security-aosp-mnc-mr1-release
40a7a93 Merge "Check only allocated mv bufs for releasing from reference" into security-aosp-mnc-mr1-release
6b908b5 Set current slice ctb x and y to fill prev incomplete slice
427dbba Correct Tiles rows and cols check
d7c2e52 Check only allocated mv bufs for releasing from reference
c2dbcc0 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
762e37d Merge "DO NOT MERGE Handle error return from ref list in slice hdr parsing" into security-aosp-mnc-mr1-release
f6d921a Merge "DO NOT MERGE Return error from cabac init if offset is greater than range" into security-aosp-mnc-mr1-release
8cab3ff DO NOT MERGE Return error if SPS parsing reads more bytes than the nal length
4024f48 DO NOT MERGE Handle error return from ref list in slice hdr parsing
e90a20e DO NOT MERGE Return error from cabac init if offset is greater than range
4fd2431 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
38676c7 Merge "Fix in handling wrong cu_qp_delta" into security-aosp-mnc-mr1-release
69f64b6 Fix in handling wrong cu_qp_delta
d739201 Handle invalid num_reorder_pics & max_dec_pic_buffering in SPS
cf5b953 Added check for invalid log2_max_transform_block_size in SPS
d646def Added check for invalid log2_max_transform_block_size in SPS
345db5c Merge changes Ib07e2ed1,I662212eb into security-aosp-mnc-mr1-release
5146486 Fixed out of bound reads in stack variables
4f2c28d Fixed handling invalid chroma tu size for error clips
0613f3d Fix in Chroma SAO for non-multiple of 8 height
f7265ad Handle invalid slice_address in slice header
7459e66 Merge in history after reset to stage-aosp-mnc-mr1-release@cc92338e922f8cc7d84220c9da98a81e2408d7e8
24aa634 Added few memsets to avoid uninitialized reads for error clips

project external/libmpeg2/
7d98d52 Merge cherrypicks of [2379347, 2379239, 2379364, 2379160, 2379220, 2379290, 2379348, 2379328, 2379329, 2379349, 2379350, 2379365, 2379401, 2379351, 23
337856a Check Number of Skip MBs
17f438e Error Resilience - Check on as_recent_fld[0][1]
5c5330e Fix Bytes Consumed Issue
6a3a940 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
a518fd6 DO NOT MERGE Fix in handling header decode errors
c460e2a Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
45550a8 Merge "Check for Valid Frame Rate in Header" into security-aosp-mnc-mr1-release
2d98b43 Check for Valid Frame Rate in Header
f4117e9 Error Check for VLD Symbols Read
0f49089 Fixed out of bound read in flush_bits
8bf56fc Merge in history after reset to stage-aosp-mnc-mr1-release@d9c2855c671080c0ff9a947c2ebfade0f7dbd78e
d9c2855 Fix for handling streams which resulted in negative num_mbs_left
5d98623 Fixed stack buffer overflow
dae6dc4 Merge "Merge conflict--Return error for wrong mb_type" into security-aosp-mnc-mr1-release
d01718d Merge "Fix for handling streams which resulted in negative num_mbs_left" into security-aosp-mnc-mr1-release
fcb882a Merge conflict--Return error for wrong mb_type
5173ff3 Fix for handling streams which resulted in negative num_mbs_left
27bbe74 Fixed stack buffer overflow
66b87dc Merge "Revert "Fix for handling streams which resulted in negative num_mbs_left"" into security-aosp-mnc-mr1-release
64b00fc Revert "Fix for handling streams which resulted in negative num_mbs_left"
55eecb8 Merge "Revert "Return error for wrong mb_type"" into security-aosp-mnc-mr1-release
7b7ff79 Revert "Return error for wrong mb_type"
e5bd818 Fix for handling streams which resulted in negative num_mbs_left
269ce52 Merge "Fixed bit stream access to make sure that it is not read beyond the allocated size." into security-aosp-mnc-mr1-release
78b1b25 Fixed bit stream access to make sure that it is not read beyond the allocated size.
48206d4 Return error for wrong mb_type

project external/libnfc-nci/
ced913d Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
8e60049 Fix native crash in nfc_ncif_proc_activate
85bb9b7 Fix native crash in nfc_ncif_proc_activate

project external/libnl/
918a700 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
63da476 Perform range check on len in nlmsg_reserve
52f2923 libnl: Check data length in nla_reserve / nla_put

project external/libopus/
215da10 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
744911a Ensure that NLSF cannot be negative when computing a min distance between them

project external/libpng/
3e1f35f Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
b68e029 DO NOT MERGE Update libpng to 1.6.20

project external/libvpx/
41e0c30 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
a88637b Limit vpx decoder to 4K frames
e7acba4 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
01b8a25 vp8:fix threading issues
807c71c Merge "DO NOT MERGE libvpx: Cherry-pick 8b4c315 from upstream" into security-aosp-mnc-mr1-release
db7319a DO NOT MERGE libvpx: Cherry-pick 8b4c315 from upstream
2bfc2b0 DO NOT MERGE | libvpx: Cherry-pick 0f42d1f from upstream
6e2e8e2 DO NOT MERGE | libvpx: cherry-pick aa1c813 from upstream
b3f304b Fix ParseElementHeader to support 0 payload elements

project external/libxml2/
59054c4 Merge "DO NOT MERGE: Use correct limit for port values" into security-aosp-mnc-mr1-release
9b0192a Merge "DO NOT MERGE: fix for the XPath nodeTab use-after-free bug from nmehta@" into security-aosp-mnc-mr1-release
e21de67 Merge "DO NOT MERGE: Disallow namespace nodes in XPointer ranges" into security-aosp-mnc-mr1-release
1852955 Merge "DO NOT MERGE: Fix XPointer paths beginning with range-to" into security-aosp-mnc-mr1-release
9d83d45 Merge "DO NOT MERGE: Add validation for eternal enities" into security-aosp-mnc-mr1-release
eb231fc Merge "DO NOT MERGE: Apply upstream Chromium patch for encoding changes" into security-aosp-mnc-mr1-release
591f7c3 DO NOT MERGE: Add validation for eternal enities
24e4363 DO NOT MERGE: Use correct limit for port values
efd0e73 DO NOT MERGE: Heap buffer overflow in xmlAddID
1ea3ab9 DO NOT MERGE: fix for the XPath nodeTab use-after-free bug from nmehta@
78654b3 DO NOT MERGE: Apply upstream Chromium patch for encoding changes
20fff36 DO NOT MERGE: Fix XPointer paths beginning with range-to
b9d9cac DO NOT MERGE: Disallow namespace nodes in XPointer ranges
cb49e76 DO NOT MERGE resolve merge conflicts of 1d43fb67 to mnc-dev am: 1d462cdbb0

project external/pdfium/
f3cb9f3 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
a4933fe Merge "Backport 940100c28ae28931722290794889cf84a92c5f6f from libopenjpeg20" into security-aosp-mnc-mr1-release
269ce88 Backport 940100c28ae28931722290794889cf84a92c5f6f from libopenjpeg20
f749948 Backport 734d57d5f7842aa7c2c9f36d62131ab4d8bd6c87 from libopenjpeg20
b8c3dc4 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
6c96c1a [DO NOT MERGE] Fix the way FreeType headers are incldued.

project external/sepolicy/
2c1c981 Merge cherrypicks of [2379347, 2379239, 2379364, 2379160, 2379220, 2379290, 2379348, 2379328, 2379329, 2379349, 2379350, 2379365, 2379401, 2379351, 23
f26c9ce system_server: replace sys_resource with sys_ptrace
e0a95d4 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
6c69ebd Allow the zygote to stat all files it opens.
2839111 expose control over unpriv perf access to shell
a0b2d1a Merge "Further restrict socket ioctls available to apps" into security-aosp-mnc-mr1-release
f919b98 Further restrict socket ioctls available to apps
8ad6f54 Remove generic socket access from untrusted processes
b2a8d37 Merge in history after reset to stage-aosp-mnc-mr1-release@9bb43a76e992c9c66f10858696f6b74ebc16c77a
9bb43a7 DO NOT MERGE: Further restrict access to socket ioctl commands
35f33a0 DO NOT MERGE: Further restrict access to socket ioctl commands

project external/skia/
a5dd198 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
652f914 Fix out of bounds memory read in GIFMovie.cpp
0e8cdb2 Merge in history after reset to stage-aosp-mnc-mr1-release@896f81103e3ea71dbf2f242565f71c12a0d38054
896f811 Update SK_CRASH to default to abort(). DO NOT MERGE
41ca5ae Update SK_CRASH to default to abort(). DO NOT MERGE

project external/sonivox/
f3ac2de Merge cherrypicks of [2379347, 2379239, 2379364, 2379160, 2379220, 2379290, 2379348, 2379328, 2379329, 2379349, 2379350, 2379365, 2379401, 2379351, 23
9e9d4a2 Fix infinite recursion
34a012f Check chunk size
038a6d4 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
0d6d59d Sonivox: sanity check headerLength in XMF_ReadNode.
c192c4c Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
a8ed52a eas_mdls: fix OOB read.
70fb061 Fix NULL pointer dereference
37ac87d Merge in history after reset to stage-aosp-mnc-mr1-release@c5843be1d4f1b43c46210a3c5f46c9d90bee53fc
c5843be Sonivox: add SafetyNet log.
6a21338 Sonivox: sanity check numSamples.
458e78b Sonivox: add SafetyNet log.
ecf277c Sonivox: sanity check numSamples.

project external/tremolo/
24b71b9 Merge cherrypicks of [2379347, 2379239, 2379364, 2379160, 2379220, 2379290, 2379348, 2379328, 2379329, 2379349, 2379350, 2379365, 2379401, 2379351, 23
f2ea3e3 Always use unsigned char
4800849 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
db824a5 Fix divide by zero for non-arm processor
07e7103 Tremolo: fix ARM assembly code for decode_map type 3 case
45cff08 Check partword is in range for # of partitions

project external/v8/
b0893cc Merge V8 5.3.332.45.  DO NOT MERGE
8b7e11b Merge V8 5.2.361.47  DO NOT MERGE
5f6805a Ignore warnings inline with upstream V8 project.  DO NOT MERGE
21c2829 Fix unused sources warning  DO NOT MERGE
7278f97 Merge V8 5.1.281.59  DO NOT MERGE
8c86306 Upgrade V8 to 5.1.281.57  DO NOT MERGE
30d0143 Revert "Revert "Upgrade to 5.0.71.48"" DO NOT MERGE
2a3cfc5 Remove mksnapshot support entirely.  DO NOT MERGE.
23f628c Upgrade V8 to version 4.9.385.28  DO NOT MERGE.
cb4387f Align SnapshotData to word boundary.  DO NOT MERGE.
8d208c6 Don't build a v8 snapshot.  DO NOT MERGE.
f02e122 Remove generator.js from LOCAL_SRC_FILES  DO NOT MERGE.
6f3d7b3 v8: prevent unnecessary rebuilds  DO NOT MERGE.
2a61e75 Update V8 to version 4.1.0.21 DO NOT MERGE.
cfa3a99 Recover from shift exponent ubsan failures. DO NOT MERGE.

project external/wpa_supplicant_8/
1a3216e Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
02f71f3 Guard against return value already being null
9819ca5 Remove newlines from config output
a48f198 Merge in history after reset to stage-aosp-mnc-mr1-release@86da57f0c3d2d7185735e2bd129b65c73dda24a1
bf5fdbe Guard against return value already being null
e960839 Remove newlines from config output
1f2be80 WNM: Ignore Key Data in WNM Sleep Mode Response frame if no PMF in use

project frameworks/av/
f9a47ed Merge cherrypicks of [2379347, 2379239, 2379364, 2379160, 2379220, 2379290, 2379348, 2379328, 2379329, 2379349, 2379350, 2379365, 2379401, 2379351, 23
b18a4dd Fix memory leak in error case
fbed441 Limit ogg packet size
3b3e9c9 Prevent OOB write in soft_avc encoder
bcb2f39 Don't allow using or allocating a buffer after the first state transition
5b1c307 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
45459b8 Merge "Avoid crash for stss sync sample number 0" into security-aosp-mnc-mr1-release
9908b1f Avoid crash for stss sync sample number 0
456ec64 Don't allow using or allocating a buffer after the first state transition
fa5e405 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
b1e42d0 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
9869bba Merge "DO NOT MERGE FLACExtractor: copy protect mWriteBuffer" into security-aosp-mnc-mr1-release
1a7ac0f Merge "DO NOT MERGE Add bounds check in SoftAACEncoder2::onQueueFilled()" into security-aosp-mnc-mr1-release
d00d358 Merge "DO NOT MERGE Fix integer overflow and divide-by-zero" into security-aosp-mnc-mr1-release
e91297b Merge "DO NOT MERGE Fix NPDs in h263 decoder" into security-aosp-mnc-mr1-release
e6b2804 Merge "DO NOT MERGE Fix out of bounds access" into security-aosp-mnc-mr1-release
b469565 Merge "DO NOT MERGE AudioFlinger: Check framecount overflow when creating track" into security-aosp-mnc-mr1-release
13bb7ef DO NOT MERGE AudioFlinger: Check framecount overflow when creating track
9e0b991 DO NOT MERGE codecs: handle onReset() for a few encoders
74ffb08 DO NOT MERGE Add bounds check in SoftAACEncoder2::onQueueFilled()
129aba4 DO NOT MERGE Fix NPDs in h263 decoder
d6eeff8 DO NOT MERGE Fix out of bounds access
6303034 DO NOT MERGE Fix integer overflow and divide-by-zero
97d752f DO NOT MERGE FLACExtractor: copy protect mWriteBuffer
abef2af Merge "CameraBase: Don't return an sp<> by reference" into security-aosp-mnc-mr1-release
7f59bed Merge "Fix overflow check and check read result" into security-aosp-mnc-mr1-release
7aa7e18 Merge "resolve merge conflicts of 79cf158c51 to mnc-dev" into security-aosp-mnc-mr1-release
432478a CameraBase: Don't return an sp<> by reference
ca32aed Fix overflow check and check read result
e660633 resolve merge conflicts of 79cf158c51 to mnc-dev
e9ff002 EffectBundle: check nb channels to write speaker angles
12d8338 avc_utils: skip empty NALs from malformed bistreams
eeaa0ea avc_utils: skip empty NALs from malformed bistreams
eb6b503 Merge "Don't initialize sync sample parameters until the end" into security-aosp-mnc-mr1-release
7d77479 Don't initialize sync sample parameters until the end
c26aa7d Don't CHECK when buffer is too large
05e97e2 DO NOT MERGE - improve audio effect framwework thread safety
e2e06ee Merge "DO NOT MERGE - improve audio effect framwework thread safety" into security-aosp-mnc-mr1-release
285fa52 DO NOT MERGE - improve audio effect framwework thread safety
d4b3c84 Don't CHECK when buffer is too large
87c3782 Don't initialize sync sample parameters until the end
523fd3c Merge "Effect: Use local cached data for Effect commit" into security-aosp-mnc-mr1-release
c069c93 Fix security vulnerability: potential OOB write in audioserver
71a018c Effect: Use local cached data for Effect commit
78d39cf Merge "Make VBRISeeker more robust" into security-aosp-mnc-mr1-release
490ca3f Merge "Fix security vulnerability: Effect command might allow negative indexes" into security-aosp-mnc-mr1-release
3bc106e Merge "Effects: Check get parameter command size" into security-aosp-mnc-mr1-release
b2dec3e Merge "DO NOT MERGE: defensive parsing of mp3 album art information" into security-aosp-mnc-mr1-release
3932a51 Merge "Fix security vulnerability: Equalizer command might allow negative indexes" into security-aosp-mnc-mr1-release
a2e361d Merge "Visualizer: Check capture size and latency parameters" into security-aosp-mnc-mr1-release
6ee0122 IOMX: convert ANWB to Gralloc meta if using useBuffer in the same process
d620c30 stagefright: remove allottedSize equality check in IOMX::useBuffer
1cf41c9 Visualizer: Check capture size and latency parameters
f9fab15 Fix security vulnerability: Equalizer command might allow negative indexes
dd004cb DO NOT MERGE: defensive parsing of mp3 album art information
697233c Effects: Check get parameter command size
b84b0bb Make VBRISeeker more robust
ba52ffa Fix security vulnerability: Effect command might allow negative indexes
16e3253 Merge "Fix potential NULL dereference in Visualizer effect" into security-aosp-mnc-mr1-release
bb303b7 DO NOT MERGE Fix divide by zero
cc2295b Fix potential NULL dereference in Visualizer effect
4ca01e8 stagefright: don't fail MediaCodec.configure if clients use store-meta key
5afced8 Merge "IOMX: do not clear buffer if it's allocated by component" into security-aosp-mnc-mr1-release
d213574 Merge "IOMX: allow configuration after going to loaded state" into security-aosp-mnc-mr1-release
f8c9768 IOMX: do not clear buffer if it's allocated by component
f565f21 IOMX: allow configuration after going to loaded state
ea35f2b IOMX: restrict conversion of ANWB to gralloc source in emptyBuffer
18a65a2 Merge "SampleIterator: clear members on seekTo error" into security-aosp-mnc-mr1-release
dd21ce7 Merge "IOMX: work against metadata buffer spoofing" into security-aosp-mnc-mr1-release
78ba530 Merge "Fix potential overflow in Visualizer effect" into security-aosp-mnc-mr1-release
58d9fa8 Merge "Radio: get service by value." into security-aosp-mnc-mr1-release
6a8156c Merge "SoundTrigger: get service by value." into security-aosp-mnc-mr1-release
30c6fba Merge "Fix stack content leak vulnerability in mediaserver" into security-aosp-mnc-mr1-release
76c8dd3 Merge "Check mprotect result" into security-aosp-mnc-mr1-release
c6c3a8f SoundTrigger: get service by value.
1610b32 Radio: get service by value.
d4063c2 SampleIterator: clear members on seekTo error
2881e7c IOMX: work against metadata buffer spoofing
abd5911 Fix stack content leak vulnerability in mediaserver
5ac546d Fix potential overflow in Visualizer effect
80ccca3 Check mprotect result
315fa40 Limit mp4 atom size to something reasonable
c19aa43 MediaPlayerService: allow next player to be NULL
dcb0b5e Fix build break from SoftMPEG4Encoder.cpp
f08206e Merge changes I4776db4a,I7701f5fc into security-aosp-mnc-mr1-release
7ee5bed Merge "better validation lengths of strings in ID3 tags" into security-aosp-mnc-mr1-release
b7d1e59 Merge "MediaPlayerService: avoid invalid static cast" into security-aosp-mnc-mr1-release
475a53d Merge "Add EFFECT_CMD_SET_PARAM parameter checking" into security-aosp-mnc-mr1-release
6a39ef5 Fix build breakage caused by commit 940829f69b52d6038db66a9c727534636ecc456d.
a22823b DO NOT MERGE - SoftMPEG4: Check the buffer size before writing the reference frame.
bd6b2c6 better validation lengths of strings in ID3 tags
50a2b17 MediaPlayerService: avoid invalid static cast
1e30fe9 Add EFFECT_CMD_SET_PARAM parameter checking
1f97582 soundtrigger: add size check on sound model and recogntion data
bf51f7d DO NOT MERGE - stagefright: fix integer overflow error
6bef580 Merge "Add bound checks to utf16_to_utf8" into security-aosp-mnc-mr1-release
ce4167d Merge "fix build" into security-aosp-mnc-mr1-release
3721419 Merge "Fix build" into security-aosp-mnc-mr1-release
c58b387 Merge "Fix build" into security-aosp-mnc-mr1-release
8fe7525 Merge "DO NOT MERGE stagefright: fix possible stack overflow in AVCC reassemble" into security-aosp-mnc-mr1-release
2bb1eef Merge "SoftVPX: fix nFilledLen overflow" into security-aosp-mnc-mr1-release
f63712b fix build
12d962b SoftVPX: fix nFilledLen overflow
be63207 Fix build
74cf8ee Fix build
2567d06 SoftMP3: memset safely
878a365 Merge "OMXCodec: check IMemory::pointer() before using allocation" into security-aosp-mnc-mr1-release
515c811 Merge "Impose a size bound for dynamically allocated tables in stbl." into security-aosp-mnc-mr1-release
e327eee Merge "omx: prevent input port enable/disable for software codecs" into security-aosp-mnc-mr1-release
9985de1 Add bound checks to utf16_to_utf8
82c7796 DO NOT MERGE stagefright: fix possible stack overflow in AVCC reassemble
ff44fd3 Impose a size bound for dynamically allocated tables in stbl.
4340643 OMXCodec: check IMemory::pointer() before using allocation
949d1a4 omx: prevent input port enable/disable for software codecs
04d6279 Fix corruption via buffer overflow in mediaserver
ee22ce6 Merge "Check effect command reply size in AudioFlinger" into security-aosp-mnc-mr1-release
aa59d05 Merge "DO NOT MERGE omx: check buffer port before using" into security-aosp-mnc-mr1-release
5b29cdf Merge "Fix potential overflow" into security-aosp-mnc-mr1-release
174503c Merge "SoftHEVC: Exit gracefully in case of decoder errors" into security-aosp-mnc-mr1-release
2d91a97 Merge "Don't use sp<>&" into security-aosp-mnc-mr1-release
95d461b Merge "SoftAAC2: fix crash on all-zero adts buffer" into security-aosp-mnc-mr1-release
9ed8c0d Check effect command reply size in AudioFlinger
c661482 DO NOT MERGE omx: check buffer port before using
7c6da52 Fix potential overflow
4d81ef1 SoftHEVC: Exit gracefully in case of decoder errors
05ca24f Don't use sp<>&
2fbe092 SoftAAC2: fix crash on all-zero adts buffer
9757686 DO NOT MERGE: Camera: Adjust pointers to ANW buffers to avoid infoleak
bb3a033 Resolve a merge issue between lmp and lmp-mr1+
8ba1871 Check malloc result to avoid NPD
0acc0fc Merge "MPEG4Extractor: ensure kKeyTrackID exists before creating an MPEG4Source as track." into security-aosp-mnc-mr1-release
bb49c36 Merge "limit mediaserver memory" into security-aosp-mnc-mr1-release
787c6e4 Merge "h264bsdActivateParamSets: Prevent multiplication overflow." into security-aosp-mnc-mr1-release
3205bbd Merge "Fix security vulnerability in libstagefright" into security-aosp-mnc-mr1-release
ad81c59 Merge "Check section size when verifying CRC" into security-aosp-mnc-mr1-release
2e721f1 MPEG4Extractor: ensure kKeyTrackID exists before creating an MPEG4Source as track.
175afe6 limit mediaserver memory
182d114 h264bsdActivateParamSets: Prevent multiplication overflow.
dfb6e0c Fix security vulnerability in libstagefright
e6ec226 Check section size when verifying CRC
de920e5 Clear unused pointer field when sending across binder
ac47464 Merge changes I9a7c9fb2,Ia2c119e2,I1f8f0109,I4412825d into security-aosp-mnc-mr1-release
a500082 Merge "codecs: check OMX buffer size before use in (h263|h264)dec" into security-aosp-mnc-mr1-release
10543c4 Merge "DO NOT MERGE codecs: check OMX buffer size before use in (vorbis|opus)dec" into security-aosp-mnc-mr1-release
0c623ec Merge "DO NOT MERGE codecs: check OMX buffer size before use in (avc|hevc|mpeg2)dec" into security-aosp-mnc-mr1-release
6480bb9 Merge "AudioSource: initialize variables" into security-aosp-mnc-mr1-release
509159d Merge "Check mp3 output buffer size" into security-aosp-mnc-mr1-release
b1972dc Merge "codecs: check OMX buffer size before use in (gsm|g711)dec" into security-aosp-mnc-mr1-release
ead1330 Merge "h264dec: check for overflows when calculating allocation size." into security-aosp-mnc-mr1-release
88507ea Fix OMX_IndexParamConsumerUsageBits size check
f19ce2d Fix size check for OMX_IndexParamConsumerUsageBits
36e7312 Fix initialization of AAC presentation struct
696f993 DO NOT MERGE Verify OMX buffer sizes prior to access
aaa2059 DO NOT MERGE codecs: check OMX buffer size before use in (vorbis|opus)dec
0f58aa9 DO NOT MERGE codecs: check OMX buffer size before use in (avc|hevc|mpeg2)dec
b06945b codecs: check OMX buffer size before use in (h263|h264)dec
7704606 SampleTable.cpp: Fixed a regression caused by a fix for bug 28076789.
8e8e869 resolve merge conflicts of 87695f6 to mnc-dev
62cd6f7 SampleTable.cpp: Prevent corrupted stts block from causing excessive memory allocation.
f597604 AudioSource: initialize variables
72b9a68 codecs: check OMX buffer size before use in (gsm|g711)dec
3779e17 Check mp3 output buffer size
17dbde0 h264dec: check for overflows when calculating allocation size.
8773562 codecs: check OMX buffer size before use in VP8 encoder.
564534f Fix AMR decoder
0c0cc87 SoftAMR: check input buffer size to avoid overflow.
244a481 SoftAMR: check output buffer size to avoid overflow.
c3c093e NuPlayerStreamListener: NULL and bounds check before memcpy
6c72d19 Camera3Device: Validate template ID
53b8af3 Add VPX output buffer size check
4ae31c7 Merge in history after reset to stage-aosp-mnc-mr1-release@6ab905e097c4792cf711949ffd42df69369838d3
d1aab38 Merge "Fix AMR decoder" into security-aosp-mnc-mr1-release
84f7835 Fix AMR decoder
bd5579c codecs: check OMX buffer size before use in VP8 encoder.
a15f494 Merge "Revert "codecs: check OMX buffer size before use in VP8 encoder." Revert for abandoned. This reverts commit f644869e3c4aee9650967368201790b72e2
dd6945d Revert "codecs: check OMX buffer size before use in VP8 encoder." Revert for abandoned. This reverts commit f644869e3c4aee9650967368201790b72e236487.
e69b03e Merge "codecs: check OMX buffer size before use in VP8 encoder." into security-aosp-mnc-mr1-release
d33c0de Merge "NuPlayerStreamListener: NULL and bounds check before memcpy" into security-aosp-mnc-mr1-release
7be8a36 Merge "SoftAMR: check input buffer size to avoid overflow." into security-aosp-mnc-mr1-release
29868b2 Merge "SoftAMR: check output buffer size to avoid overflow." into security-aosp-mnc-mr1-release
540ec29 Merge "Camera3Device: Validate template ID" into security-aosp-mnc-mr1-release
31ea2f0 SoftAMR: check input buffer size to avoid overflow.
354c30a SoftAMR: check output buffer size to avoid overflow.
f644869 codecs: check OMX buffer size before use in VP8 encoder.
67297ff NuPlayerStreamListener: NULL and bounds check before memcpy
77d9324 Camera3Device: Validate template ID
617158e Add VPX output buffer size check
6ab905e Get service by value instead of reference
67d11e9 Also fix out of bounds access for normal read
20280c5 Clear allocation to avoid info leak
b4ef484 Fixing safteynet logging bug introduced in ag/862848
8d87321 3 uninitialized variables in IOMX.cpp
5a856f2 Fix info leak vulnerability of IDrm
79b7347 IOMX.cpp uninitialized pointer in BnOMX::onTransact
ebb4bd1 Meger conflict--Fixing safteynet logging bug introduced in ag/862848
87d5309 Merge "Also fix out of bounds access for normal read" into security-aosp-mnc-mr1-release
5c4471c Merge "Get service by value instead of reference" into security-aosp-mnc-mr1-release
4ae2444 Merge "IOMX.cpp uninitialized pointer in BnOMX::onTransact" into security-aosp-mnc-mr1-release
b2b5b17 Merge "3 uninitialized variables in IOMX.cpp" into security-aosp-mnc-mr1-release
bb9a675 Merge "Clear allocation to avoid info leak" into security-aosp-mnc-mr1-release
f5e3b64 Also fix out of bounds access for normal read
7a5feaa Get service by value instead of reference
bbbeaed Fix info leak vulnerability of IDrm
4d8bcd8 3 uninitialized variables in IOMX.cpp
0c09f98 IOMX.cpp uninitialized pointer in BnOMX::onTransact
5e64327 Clear allocation to avoid info leak
4589fe7 Camera: Disallow dumping clients directly
595ec34 Merge "fix possible overflow in effect wrappers." into security-aosp-mnc-mr1-release
72f3975 fix possible overflow in effect wrappers.
0cb399d Fix out-of-bounds write
8881997 Fix security vulnerability in ICrypto DO NOT MERGE
29a2cd3 libstagefright: check requested memory size before allocation for SoftMPEG4Encoder and SoftVPXEncoder.

project frameworks/base/
b1d50c4 Merge cherrypicks of [2379347, 2379239, 2379364, 2379160, 2379220, 2379290, 2379348, 2379328, 2379329, 2379349, 2379350, 2379365, 2379401, 2379351, 23
fb07b46 ZygoteInit: Remove CAP_SYS_RESOURCE
bf5b43c system_server: add CAP_SYS_PTRACE
0fd509c Make a11y node info parceling more robust
45a53f7 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
ad6108c Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
52a443f Merge "DO NOT MERGE [DO NOT MERGE] Throw exception if slot has invalid offset" into security-aosp-mnc-mr1-release
de607e5 Merge "DO NOT MERGE [DO NOT MERGE] Check bounds in offsetToPtr" into security-aosp-mnc-mr1-release
4996a4b DO NOT MERGE [DO NOT MERGE] Throw exception if slot has invalid offset
a7dc08b DO NOT MERGE [DO NOT MERGE] Check bounds in offsetToPtr
f3a435f DO NOT MERGE [DO NOT MERGE] Don't allow permission change to runtime
9caf6cc Merge "Fixed the logic for tethering provisioning re-evaluation" into security-aosp-mnc-mr1-release
804cbf6 Fixed the logic for tethering provisioning re-evaluation
ecd7270 DO NOT MERGE Do not call RecoverySystem with DPMS lock held
3d65f61 Merge changes I1024f2a5,If3f024a1 into security-aosp-mnc-mr1-release
5549a1f Fix exploit where can hide the fact that a location was mocked am: a206a0f17e am: d417e54872 am: 3380a77516 am: 0a8978f04b am: 1684e5f344 am: d28eef0c
8c1294a Add @GuardedBy annotation to PersistentDataBlockService#mIsWritable.
2815705 Prevent writing to FRP partition during factory reset.
7cc6259 Add @GuardedBy annotation to PersistentDataBlockService#mIsWritable.
49ae4d6 Prevent writing to FRP partition during factory reset.
5e017ef Fix exploit where can hide the fact that a location was mocked am: a206a0f17e am: d417e54872 am: 3380a77516
dcd0acf DO NOT MERGE: Check provider access for content changes.
51665ef DO NOT MERGE. Retain DownloadManager Uri grants when clearing.
40892a1 Merge changes If5b53f6f,I119e0bfc,If89903a2,Idc4af77d into security-aosp-mnc-mr1-release
0b4e333 Merge "Public volumes belong to a single user." into security-aosp-mnc-mr1-release
185ad42 Zygote: Additional whitelisting for legacy devices.
6b1fa5b Zygote: Additional whitelists for runtime overlay / other static resources.
949b060 Zygote : Block SIGCHLD during fork.
39e9323 Fix idmap leak in zygote process
c6335a8 Public volumes belong to a single user.
8dd6b2f resolve merge conflicts of 89aa6fb to mnc-dr-dev
ffca450 Merge "DO NOT MERGE Isolated processes don't get precached system service binders" into security-aosp-mnc-mr1-release
ab2f065 DO NOT MERGE) ExifInterface: Close the file when an exception happens
62509ef DO NOT MERGE Isolated processes don't get precached system service binders
761bcb5 DO NOT MERGE) ExifInterface: Provide backward compatibility
e1c41ca Merge "Backport changes to whitelist sockets opened by the zygote." into security-aosp-mnc-mr1-release
b85afa5 Merge "Ensure munmap matches mmap" into security-aosp-mnc-mr1-release
9cad63c Merge "Fix setPairingConfirmation permissions issue (2/2)" into security-aosp-mnc-mr1-release
8ec82e4 Merge "DO NOT MERGE: Fix deadlock in AcitivityManagerService." into security-aosp-mnc-mr1-release
de93505 Merge changes Ib1a0bbb3,I533125b3 into security-aosp-mnc-mr1-release
e0b84b4 Merge "DO NOT MERGE: Catch all exceptions when parsing IME meta data" into security-aosp-mnc-mr1-release
d7a600b Merge "Fix build break due to automerge of 7d2198b5" into security-aosp-mnc-mr1-release
efa9683 Merge "Avoid crashing when downloading MitM'd PAC that is too big am: 7d2198b586 am: 9c1cb7a273 am: 6634e90ad7 am: 66ee2296a9" into security-aosp-mnc-
d08539d Merge "DO NOT MERGE) ExifInterface: Make saveAttributes throw an exception before change" into security-aosp-mnc-mr1-release
1820171 Merge commit '0a9d537f623b2c11dce707fb9b91fea016fd0e9f' into manual_merge_0a9d537
a2c5d68 Use "all_downloads" instead of "my_downloads".
dbb4fb4 Fix build break due to automerge of 7d2198b5
f6ff0ac Avoid crashing when downloading MitM'd PAC that is too big am: 7d2198b586 am: 9c1cb7a273 am: 6634e90ad7 am: 66ee2296a9
501cc42 DO NOT MERGE: Fix deadlock in AcitivityManagerService.
75f7491 DO NOT MERGE: Catch all exceptions when parsing IME meta data
5cc1157 Fix setPairingConfirmation permissions issue (2/2)
cf053b5 Ensure munmap matches mmap
c2c6bed Backport changes to whitelist sockets opened by the zygote.
ee42a6b DO NOT MERGE) ExifInterface: Make saveAttributes throw an exception before change
19d760b DO NOT MERGE Check caller for sending media key to global priority session
522871c DO NOT MERGE: Fix vulnerability where large GPS XTRA data can be injected. -Can potentially crash system with OOM. Bug: 29555864
0257fc2 Merge "Bind fingerprint when we start authentication - DO NOT MERGE" into security-aosp-mnc-mr1-release
cfc4e15 Merge "DO NOT MERGE: Clean up when recycling a pid with a pending launch" into security-aosp-mnc-mr1-release
e8c8e99 Merge "Fix vulnerability in LockSettings service" into security-aosp-mnc-mr1-release
ae4871e DO NOT MERGE: Clean up when recycling a pid with a pending launch
3cbab7a Fix vulnerability in LockSettings service
4c8cead Process: Fix communication with zygote.
bba5e52 Bind fingerprint when we start authentication - DO NOT MERGE
38fedf5 Merge "DO NOT MERGE: Allow apps with CREATE_USERS permission to call UM.getProfiles." into security-aosp-mnc-mr1-release
72fd9c97 DO NOT MERGE: Fix CTS regression
688a0ae DO NOT MERGE: Allow apps with CREATE_USERS permission to call UM.getProfiles.
b7d9ffd Merge "Add bound checks to utf16_to_utf8" into security-aosp-mnc-mr1-release
b9ea936 Merge "Fix string equality comparison" into security-aosp-mnc-mr1-release
deb9ef1 Merge "WifiEnterpriseConfiguration: Do not print credentials in toString" into security-aosp-mnc-mr1-release
60f9164 Merge "Check caller's uid before allowing notification policy access." into security-aosp-mnc-mr1-release
2042489 Merge "DO NOT MERGE Block the user from entering safe boot mode" into security-aosp-mnc-mr1-release
db61b27 DO NOT MERGE Block the user from entering safe boot mode
021c709 Fix string equality comparison
a99e83d WifiEnterpriseConfiguration: Do not print credentials in toString
a6c819a Add bound checks to utf16_to_utf8
0ba84ba Check caller's uid before allowing notification policy access.
1b5bbd8 DO NOT MERGE: Remove the use of JHEAD in ExifInterface
45b9e42 Merge "Add pm operation to set user restrictions." into security-aosp-mnc-mr1-release
49c3180 Merge "Reduce shell power over user management." into security-aosp-mnc-mr1-release
6c75404 Merge "Don't trust callers to supply app info to bindBackupAgent()" into security-aosp-mnc-mr1-release
f7f3b5d Add pm operation to set user restrictions.
163728a Reduce shell power over user management.
b83baa6 Don't trust callers to supply app info to bindBackupAgent()
51a933a DO NOT MERGE Disable app pinning when emergency call button pressed
843115d Merge "Backport of backup transport whitelist" into security-aosp-mnc-mr1-release
a219ec6 Merge "Fix missing permission check when saving pattern/password" into security-aosp-mnc-mr1-release
34da069 Merge "Backport ChooserTarget package source check from N" into security-aosp-mnc-mr1-release
0568b17 Backport of backup transport whitelist
ac2d4d1 Fix missing permission check when saving pattern/password
c8352fa Backport ChooserTarget package source check from N
5c3aba2 Don't pass URL path and username/password to PAC scripts
058fe8e Merge "resolve merge conflicts of 44e07e0 to mnc-dev" into security-aosp-mnc-mr1-release
536376e Merge "Kill the real/isolated uid group, not the ApplicationInfo uid" into security-aosp-mnc-mr1-release
a1f0c30 Merge "Add new, hidden MotionEvent flag for partially obscured windows." into security-aosp-mnc-mr1-release
679c381 resolve merge conflicts of 44e07e0 to mnc-dev
1408899 Kill the real/isolated uid group, not the ApplicationInfo uid
5d799cd Add new, hidden MotionEvent flag for partially obscured windows.
810b9a6 DO NOT MERGE Fix intent filter priorities
4903220 [DO NOT MERGE] Disallow guest user from changing Wifi settings
7c8a85c Merge in history after reset to stage-aosp-mnc-mr1-release@c5a0fcae4d5f81f355cef68b28a3a68d17cd9a11
ded5c06 [DO NOT MERGE] Disallow guest user from changing Wifi settings
c5a0fca Redact Account info from getCurrentSyncs
2b05a69 Conflict resolution CL to ag/868720 when cp'ing to mnc-mr1-release
bdf9f8f Merge "NPE fix for SyncStorageEngine read authority am: a962d9eba7 am: 339c4f2b05 am: 58048c1f17" into security-aosp-mnc-mr1-release
a9e5fa7 NPE fix for SyncStorageEngine read authority am: a962d9eba7 am: 339c4f2b05 am: 58048c1f17
5566381 Redact Account info from getCurrentSyncs
ea9cca7 Check permissions on getDeviceId.
e118656 DO NOT MERGE Ensure that the device is provisioned before showing Recents.
aa56780 DO NOT MERGE SoundPool: add lock for findSample access from SoundPoolThread
157fde1 Don't allow contact sharing by default for device not recognized as carkit.

project frameworks/ex/
db3603e Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
8b02fe1 DO NOT MERGE Update FrameSequence to call new DGifCloseFile DO NOT MERGE
d768f3e Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
98a3c5f Handle small sized webps correctly
6da377d Handle small sized webps correctly
2df264d resolve merge conflicts of 3802db4 to mnc-dev
62f48db Handle color bounds correctly in GIF decode.

project frameworks/minikin/
7ecc184 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
34b8f0c Merge in history after reset to stage-aosp-mnc-mr1-release@f10ea6d5cde38deefc7a32dbd7eaa30c5ec0b2a0
f10ea6d Add error logging on invalid cmap
1880cd8 Reject fonts with invalid ranges in cmap
6589772 Merge conflict --Add error logging on invalid cmap - DO NOT MERGE
87713aa Reject fonts with invalid ranges in cmap
0571164 Avoid integer overflows in parsing fonts

project frameworks/native/
89b2934 Merge cherrypicks of [2379347, 2379239, 2379364, 2379160, 2379220, 2379290, 2379348, 2379328, 2379329, 2379349, 2379350, 2379365, 2379401, 2379351, 23
2aa91b3 libgui: check for invalid slot in attachBuffer
a6381e3 libgui: Check slot received from IGBP in Surface
33d1119 ui: Fix bad size check in Fence::unflatten
773ff4f Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
088c16b Fix security vulnerability
b9c7a53 Merge "Correct overflow check in Parcel resize code" into security-aosp-mnc-mr1-release
862a018 Correct overflow check in Parcel resize code
f607913 Fix SF security vulnerability: 32706020
a9b6ac9 Fix SF security vulnerability: 32660278
48757ad ServiceManager: Allow system services running as secondary users to add services
5d81055 ServiceManager: Restore basic uid check
188f114 Region: Detect malicious overflow in unflatten
98e433e Add FrameStats default constructor
9248e07 Correctly handle dup() failure in Parcel::readNativeHandle
42db615 Add new MotionEvent flag for partially obscured windows.
b0a3ac5 Fix issue #27252896: Security Vulnerability -- weak binder
df3f527 BQ: fix some uninitialized variables
66fb767 Merge in history after reset to stage-aosp-mnc-mr1-release@638ac77748a398b6abc291f61ad5b883d444b63b
c08cc9a Merge "Fix issue #27252896: Security Vulnerability -- weak binder" into security-aosp-mnc-mr1-release
e7ef5b6 Fix issue #27252896: Security Vulnerability -- weak binder
4cf908a BQ: fix some uninitialized variables
638ac77 Add SN logging
c9d518e Sanity check IMemory access versus underlying mmap
43316b3 BQ: Add permission check to BufferQueueConsumer::dump
795fdb4 Merge "Sanity check IMemory access versus underlying mmap" into security-aosp-mnc-mr1-release
95b454d Merge conflict--Add SN logging
54fb75b Sanity check IMemory access versus underlying mmap
eac8e97 Merge "Revert "Sanity check IMemory access versus underlying mmap" because the CL got abandoned This reverts commit d4e6bf1413f4d259965ed595f396babdea
40a41c7 Revert "Sanity check IMemory access versus underlying mmap" because the CL got abandoned This reverts commit d4e6bf1413f4d259965ed595f396babdea97de29.
f4b8665 Merge "BQ: Add permission check to BufferQueueConsumer::dump" into security-aosp-mnc-mr1-release
2a73b63 BQ: Add permission check to BufferQueueConsumer::dump
d4e6bf1 Sanity check IMemory access versus underlying mmap
269c36a Merge "IGraphicBufferProducer: fix QUEUE_BUFFER info leak" into security-aosp-mnc-mr1-release
2c25415 IGraphicBufferProducer: fix QUEUE_BUFFER info leak
05d6a7e IGraphicBufferConsumer: fix ATTACH_BUFFER info leak

project frameworks/opt/net/wifi/
1245e89 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
d4cd5c5 configparse: do not delete passpoint configuration file
1e9fed3 configparse: do not delete passpoint configuration file
9323999 resolve merge conflicts of 849c5c7 to mnc-dev
b1fe81c wifinative jni: check array length to prevent stack overflow
59229c0 Revert "Fix Runtime Restart caused by ag/1370419"
2a9c887 Fix Runtime Restart caused by ag/1370419
d233d65 Merge "VenueNameElement: fix off-by-one enum bounds check" into security-aosp-mnc-mr1-release
f65e556 ANQPFactory: catch all potential parsing errors
7968227 VenueNameElement: fix off-by-one enum bounds check
f0f4f2f Deal correctly with short strings

project frameworks/opt/telephony/
7e25145 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
3320da2 Merge "Do not allow premium SMS during SuW" into security-aosp-mnc-mr1-release
06b32f0 DO NOT MERGE add private function convertSafeLable
d215127 Do not allow premium SMS during SuW
8356958 backport security fix: avoid set NITZ time to 2038
3fb0a88 Merge in history after reset to stage-aosp-mnc-mr1-release@c078223146c667cea03b090444efee76ce1a8ec0
7eb9d5a Check permissions on getDeviceId.

project hardware/broadcom/wlan/
bfc8b60 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
5bf8eea Merge in history after reset to stage-aosp-mnc-mr1-release@3e1585b455691bfec928788b0e33a5eb439fc309
8a8ccb0 Fix use-after-free in wifi_cleanup()

project hardware/libhardware/
58f4817 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
2334111 Fix security vulnerability: potential OOB write in audioserver
083e193 Add guest mode functionality (1/3)

project hardware/qcom/audio/
3c69761 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
69464fa Merge "Fix security vulnerability: Effect command might allow negative indexes" into security-aosp-mnc-mr1-release
97861f3 Fix security vulnerability: Equalizer command might allow negative indexes
a7d44c1 Fix security vulnerability: Effect command might allow negative indexes
b0a265e Fix potential NULL dereference in Visualizer effect
8fb71b9 Fix potential overflow in Visualizer effect
728ce7e DO NOT MERGE Fix AudioEffect reply overflow
7e86aec Merge in history after reset to stage-aosp-mnc-mr1-release@012de35ffa0dc181faa11a3a1ea2f0ae73254fac
012de35 post proc : volume listener : fix effect release crash
0adea37 post proc : volume listener : fix effect release crash

project hardware/qcom/media/
8598c13 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
84288db Merge "DO NOT MERGE: mm-video-v4l2: venc: Disallow changing buffer count/size on allocated port" into security-aosp-mnc-mr1-release
b8e088c Merge "DO NOT MERGE: mm-video-v4l2: vdec: Disallow changing buffer modes/counts on allocated ports" into security-aosp-mnc-mr1-release
af96a51 DO NOT MERGE: mm-video-v4l2: vdec: Disallow changing buffer modes/counts on allocated ports
8a7ee7f DO NOT MERGE: mm-video-v4l2: venc: Disallow changing buffer count/size on allocated port
b23b392 mm-video-v4l2: vdec: Disallow input usebuffer for secure case
e5cfae0 DO NOT MERGE mm-video-v4l2: venc: add checks before accessing heap pointers
d161e01 DO NOT MERGE Fix wrong nAllocLen
bd2ce5e Merge in security-aosp-mnc-mr1-release history after reset to c66f61afd84c700cc773d7350c17676de955b296 (2999832)
d2f6f68 Revert "DO NOT MERGE mm-video-v4l2: venc: add checks before accessing heap pointers"
1fead51 DO NOT MERGE mm-video-v4l2: venc: add checks before accessing heap pointers
c66f61a Merge "DO NOT MERGE mm-video-v4l2: venc: Avoid processing ETBs/FTBs in invalid states" into security-aosp-mnc-mr1-release
8bbb6d0 DO NOT MERGE mm-video-v4l2: venc: Avoid processing ETBs/FTBs in invalid states
8fae6a3 DO NOT MERGE mm-video-v4l2: vdec: Avoid processing ETBs/FTBs in invalid states
7ec16f1 Merge "DO NOT MERGE mm-video-v4l2: vdec: deprecate unused config OMX_IndexVendorVideoExtraData" into security-aosp-mnc-mr1-release
0dca6e2 Merge "DO NOT MERGE mm-video-v4l2: venc: add safety checks for freeing buffers" into security-aosp-mnc-mr1-release
90dde50 Merge "DO NOT MERGE mm-video-v4l2: vidc: validate omx param/config data" into security-aosp-mnc-mr1-release
1fec9a4 DO NOT MERGE mm-video-v4l2: vdec: deprecate unused config OMX_IndexVendorVideoExtraData
11913f7 DO NOT MERGE mm-video-v4l2: venc: add safety checks for freeing buffers
6763e1c DO NOT MERGE mm-video-v4l2: vidc: validate omx param/config data
014cdc1 DO NOT MERGE mm-video-v4l2: vdec: add safety checks for freeing buffers

project hardware/ril/
0e5d7e8 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
e44a748 Replace variable-length arrays on stack with malloc.

project libcore/
5bfcb25 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
cdc5ccc FtpURLConnection: Throw on invalid characters in commands.
424fdfb Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
afb1ebf DO NOT MERGE: IDN: Fix handling of long domain names.
16ff477 CipherTest: in ASN1 encoding for GCM, no value for tag size means 12
d96cfb7 Merge in history after reset to stage-aosp-mnc-mr1-release@50e16e8178788cdc5ad5c674f20d73c96fcc5b74
50e16e8 GCMParameters: check that the default tag size is secure (16 bits)
7315a10 GCMParameters: check that the default tag size is secure (16 bits)

project packages/apps/Bluetooth/
9c4fd07 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
a230e6b Merge "Prevent OPP from opening files that aren't sent over Bluetooth" into security-aosp-mnc-mr1-release
cc12f3b OPP: Restrict file based URI access to external storage
806a57a Prevent OPP from opening files that aren't sent over Bluetooth
aa98204 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
3b99f4c Remove MANAGE_DOCUMENTS permission as it isn't needed
bc2927c Fix setPairingConfirmation permissions issue (1/2)
35b0b46 Add guest mode functionality (3/3)
5054f03 "DO NOT MERGE" Add write SMS protection
12b40e1 Merge in history after reset to stage-aosp-mnc-mr1-release@fb02583acdfb7047795005bb5d27f0db1dfd4c5e
3d08709 DO NOT MERGE Fix SMS delivered successfully but stuck SENDING issue

project packages/apps/CertInstaller/
383d9f3 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
62a9f0b WifiInstaller: remove the installation file
97ca257 WifiInstaller: remove the installation file
a41dfb7 Merge in history after reset to stage-aosp-mnc-mr1-release@a47158ee848f4d77e241a8ef621443d4aad5e41c
a47158e Trust CA certificates added for the whole OS only
f34cd68 Trust CA certificates added for the whole OS only

project packages/apps/ContactsCommon/
d2cf29f Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
b54016a resolve merge conflicts of e20a370 to mnc-dev

project packages/apps/Email/
c1ef855 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
2859e34 Limit account id and id to longs
8cd5b40 stop exporting EmailAccountCacheProvider
dac07ba Don't allow cachedFile Attachments if the content Uri is pointing to EmailProvider.
5a63b8f Merge in history after reset to stage-aosp-mnc-mr1-release@c84ce2000f443ef6c7a6df6ad0b1c76abae7790b
21eb7f9 Don't allow cachedFile Attachments if the content Uri is pointing to EmailProvider.

project packages/apps/Messaging/
b433c26 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
a0851e0 DO NOT MERGE Update callers *GifCloseFile for new GIFLIB DO NOT MERGE
8d92b21 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
09c15f3 32764144 Security Vulnerability - heap buffer overflow in libgiftranscode.so in colorMap->Colors[colorIndex]
6fbc1c5 33388925  Mismatched new vs delete in framesequence library
ac91f0c Merge "33388925  Mismatched new vs delete in framesequence library" into security-aosp-mnc-mr1-release
ac65cc4 33388925  Mismatched new vs delete in framesequence library
89d7a3e 32764144 Security Vulnerability - heap buffer overflow in libgiftranscode.so in colorMap->Colors[colorIndex]
6113eee Merge "32322450 Security Vulnerability - heap buffer overflow in libgiftranscode.so" into security-aosp-mnc-mr1-release
b5638b5 Merge "32161610 Security Vulnerability - Information disclosure vulnerability in AOSP Messaging" into security-aosp-mnc-mr1-release
ba16cee 32807795  Security Vulnerability - AOSP Messaging App: thirdparty can attach private files from "/data/data/com.android.messaging/" directory to the m
43f6f5c 32322450 Security Vulnerability - heap buffer overflow in libgiftranscode.so
be0789e 32161610 Security Vulnerability - Information disclosure vulnerability in AOSP Messaging

project packages/apps/Nfc/
61bb6a4 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
0000967 Allow system_server access to NFC reader mode API.
be0e21a Verify setForegroundDispatch caller is in foreground.

project packages/apps/PackageInstaller/
fc3ebea Fix mismatched tag
5b9d8c0 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
550a4e6 Prioritize package installer intent filter
0193872 Prioritize package installer intent filter
5ff7486 DO NOT MERGE Take advantage of new MotionEvent flag to prevent tapjacking.

project packages/apps/Settings/
b758515 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
97d1f86 Add permission check to Intents used by Authenticator Settings.
5033842 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
738acd5 [Fingerprint] Remove learn more link if not provisioned. DO NOT MERGE
f8d24fc Pre-setup restrictions DO NOT MERGE
6667723 Merge in history after reset to stage-aosp-mnc-mr1-release@f4b8ad6c3105fa17fba85e852b710e48aaf0794d
8d3e7fe Merge "Uncheck checkbox for contact sharing by default for non carkit devices." into security-aosp-mnc-mr1-release
be1af14 Preserve FRP lock if wiped during SUW
5de26d8 Block developer settings during SUW
edcf785 Uncheck checkbox for contact sharing by default for non carkit devices.

project packages/apps/UnifiedEmail/
e0b2b2e Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
cb8e81d Don't allow file attachment from /data through GET_CONTENT.
15da6d5 Don't allow cachedFile Attachments if the content Uri is pointing to EmailProvider.
475017e Merge in history after reset to stage-aosp-mnc-mr1-release@5c1a64f800a48290a529613e62d99e548608bb6b
3284023 Don't allow cachedFile Attachments if the content Uri is pointing to EmailProvider.
5c1a64f Don't allow file attachment from file:///data.
4f3c7fc Don't allow file attachment from file:///data.

project packages/providers/DownloadProvider/
e8be5cc Merge cherrypicks of [2379347, 2379239, 2379364, 2379160, 2379220, 2379290, 2379348, 2379328, 2379329, 2379349, 2379350, 2379365, 2379401, 2379351, 23
1a49568 Deleting downloads for removed uids on downloadprovider start
2ffc370 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
5952f2f Enforce calling identity before clearing.
c2d6864 Revert "Enforce calling identity before clearing."
0e6b409 Enforce calling identity before clearing.
40dc83a Merge in history after reset to stage-aosp-mnc-mr1-release@6ef6fb9c095332722e4bfee15ad5e2f6fc80e636
6ef6fb9 DO NOT MERGE. Use resolved path when inserting and deleting.
a8bc340 Use resolved path for both checking and opening.
b74bc39 Merge "Merge conflict --Use resolved path for both checking and opening." into security-aosp-mnc-mr1-release
c63e248 Merge conflict --Use resolved path for both checking and opening.
f4fa336 DO NOT MERGE. Use resolved path when inserting and deleting.
e7689fd Revert "Use resolved path for both checking and opening."
a973562 Use resolved path for both checking and opening.

project packages/providers/MediaProvider/
a1cf9ce Merge cherrypicks of [2379347, 2379239, 2379364, 2379160, 2379220, 2379290, 2379348, 2379328, 2379329, 2379349, 2379350, 2379365, 2379401, 2379351, 23
611a98f [DO NOT MERGE] Enforce user separation on external storage

project packages/providers/TelephonyProvider/
12f7594 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
9c76905 30481342: Security Vulnerability - TOCTOU in MmsProvider allows access to files as phone (radio) uid

project packages/services/Telecomm/
c54ca73 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
70ba4bc Merge in history after reset to stage-aosp-mnc-mr1-release@e60685bb170860bf0278d7c855ef50f024878354
9472ab1 DO NOT MERGE - Restrict ability to add call based on device provision status
e60685b DO NOT MERGE - Restrict ability to add call based on device provision status
7730aa1 DO NOT MERGE Check PAH in addNewIncomingCall
7968ec6 Merge "Revert "DO NOT MERGE - Restrict ability to add call based on device provision status" his is abandoned CL - this should be ag/871782 instead. T
9d21aee Revert "DO NOT MERGE - Restrict ability to add call based on device provision status" his is abandoned CL - this should be ag/871782 instead. This rev
ae6de46 Merge "DO NOT MERGE - Restrict ability to add call based on device provision status" into security-aosp-mnc-mr1-release
59d867f DO NOT MERGE - Restrict ability to add call based on device provision status
910f745 DO NOT MERGE Check PAH in addNewIncomingCall

project packages/services/Telephony/
6b08105 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
db73083 Added permission check for setCellInfoListRate
fc2d51e Catch SIP exceptions which can crash Phone process on answer.
9af723b Merge "Restrict SipProfiles to profiles directory" into security-aosp-mnc-mr1-release
c43cb40 Unexport OmtpMessageReceiver
5600914 Restrict SipProfiles to profiles directory
981ebe0 Make TTY broadcasts protected
12babaf DO NOT MERGE Use E PhoneAccount for MT ECM Call
7abf3e8 Merge in history after reset to stage-aosp-mnc-mr1-release@4213bf629ad3fbff4aed05653e330d7ca6158a1a
4213bf6 Fixes creation of incorrect SIP PhoneAccountHandle
faf23da Fixes creation of incorrect SIP PhoneAccountHandle

project system/bt/
ec46649 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
449ad52 Check LE advertising data length before caching advertising records
3aeb286 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
7fdb9ce Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
1410b9a DO NOT MERGE Check the HCI length before extracting the L2CAP length and CID
3211612 DO NOT MERGE Fix potential DoS caused by delivering signal to BT process
31ecbc4 Merge "DO NOT MERGE btif: check overflow on create_pbuf size" into security-aosp-mnc-mr1-release
0c6ca7c DO NOT MERGE btif: check overflow on create_pbuf size
b53af3a Add guest mode functionality (2/3)
196e799 btif: Don't persist remote devices to the config
053923e DO NOT MERGE Check size of pin before replying
80dcec8 Merge in history after reset to stage-aosp-mnc-mr1-release@d5888e8782ce9dd13b3dd487c62039fb06722777
36f0948 DO NOT MERGE Check size of pin before replying
d5888e8 DO NOT MERGE Remove Porsche car-kit pairing workaround
dd34057 DO NOT MERGE Remove Porsche car-kit pairing workaround
4aa205e Fix crashes with lots of discovered LE devices

project system/core/
4e65f03 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
f011398 Fix out of bound read in libziparchive
d7db962 Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
2764245 Fix out of bound access in libziparchive
9034bfa liblog: add __android_log_close()
fdcc4f2 liblog: add __android_log_close()
7f65b0b Fix vold vulnerability in FrameworkListener
3a51203 debuggerd: fix missed use of ptrace(PTRACE_ATTACH).
58434f7 Merge "libutils/Unicode.cpp: Correct length computation and add checks for utf16->utf8" into security-aosp-mnc-mr1-release
badd4f0 Merge "adb: use asocket's close function when closing." into security-aosp-mnc-mr1-release
740f79c Merge "adb: switch the socket list mutex to a recursive_mutex." into security-aosp-mnc-mr1-release
a563e47 adb: use asocket's close function when closing.
097b7ea adb: switch the socket list mutex to a recursive_mutex.
3cc51fb libutils/Unicode.cpp: Correct length computation and add checks for utf16->utf8
07661f7 DO NOT MERGE: debuggerd: verify that traced threads belong to the right process.
00fd62a add a property for controlling perf_event_paranoid
47f2a16 Fix scanf %s in lsof.
e2bc618 Fix overflow in path building
2ce28bf Don't demangle symbol names.
960bbe2 Merge in history after reset to stage-aosp-mnc-mr1-release@78aa5385e2c3bffed194019a53c5338ef9175dd6
80088cf Don't demangle symbol names.
78aa538 Don't create tombstone directory.
442a604 Don't create tombstone directory.
8ccc65e Fix incorrect check of descsz value.
a9e5d12 Add macro to call event logger for errors.

project system/media/
310ec8e Merge remote-tracking branch 'goog/security-aosp-mnc-mr1-release' into HEAD
5e1ddf1 Fix potential overflow in Visualizer effect
d39f805 Camera metadata: Check for inconsistent data count
eed9683 Merge "Revert "Camera metadata: Check for inconsistent data count"" into security-aosp-mnc-mr1-release
45c0ad1 Revert "Camera metadata: Check for inconsistent data count"
03888c9 Merge "Camera metadata: Check for inconsistent data count" into security-aosp-mnc-mr1-release
5b7000b Camera metadata: Check for inconsistent data count
0d38bd8 Revert "Camera metadata: Check for inconsistent data count"
1e512d2 Merge "Camera: Prevent data size overflow" into security-aosp-mnc-mr1-release
d8ebb62 Camera metadata: Check for inconsistent data count
61ba45c Camera: Prevent data size overflow

[pdsouza]

I think this tag is smaller than it appears cuz of all the duplicates. But I can't complain, at least Google is still security patching Marshmallow!

[pdsouza]

All merged in!

Edit: I did a thorough smoke test on hammerhead with these patches and everything looks good!