15.1: August 2024 ASB work

Signed-off-by: Tavi <tavi@divested.dev>
This commit is contained in:
Tavi 2024-08-17 13:19:18 -04:00
parent 7251c3f1d1
commit 03a3bdbeda
No known key found for this signature in database
GPG Key ID: E599F62ECBAEAF2E
5 changed files with 204 additions and 1 deletions

View File

@ -0,0 +1,38 @@
From 27b0b9e4ea4019f315bdb424a36b3182708de29f Mon Sep 17 00:00:00 2001
From: Rakesh Kumar <rakesh.kumar@ittiam.com>
Date: Thu, 30 May 2024 11:17:48 +0000
Subject: [PATCH] StagefrightRecoder: Disabling B-frame support
Disabling b-frame support from stagefright recorder in case of
audio source as mic and video source is surface use case only
because screen recorder with microphone doesn't play in sync
if b-frame is enabled.
If the audio source selected is INTERNAL (i.e. device) or
MIC_AND_INTERNAL with screen recorder then b frame is supported.
Bug: 288549440
Test: manually check screen recording with audio from mic has audio/video in synch
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:af685c66bab17b71fe1624f76b5d55628f79e6fa)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:da3407f7688f35eb2dce79f1405feeb182241a3c)
Merged-In: I4098655eb9687fb633085333bc140634441566e6
Change-Id: I4098655eb9687fb633085333bc140634441566e6
---
media/libmediaplayerservice/StagefrightRecorder.cpp | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/media/libmediaplayerservice/StagefrightRecorder.cpp b/media/libmediaplayerservice/StagefrightRecorder.cpp
index dfc4a2a5a9f..c81643e534d 100644
--- a/media/libmediaplayerservice/StagefrightRecorder.cpp
+++ b/media/libmediaplayerservice/StagefrightRecorder.cpp
@@ -1759,6 +1759,11 @@ status_t StagefrightRecorder::setupVideoEncoder(
if (tsLayers > 1) {
uint32_t bLayers = std::min(2u, tsLayers - 1); // use up-to 2 B-layers
+ // TODO(b/341121900): Remove this once B frames are handled correctly in screen recorder
+ // use case in case of mic only
+ if (mAudioSource == AUDIO_SOURCE_MIC && mVideoSource == VIDEO_SOURCE_SURFACE) {
+ bLayers = 0;
+ }
uint32_t pLayers = tsLayers - bLayers;
format->setString(
"ts-schema", AStringPrintf("android.generic.%u+%u", pLayers, bLayers));

View File

@ -0,0 +1,65 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Kiran S <krns@google.com>
Date: Mon, 13 May 2024 05:49:06 +0000
Subject: [PATCH] Restrict USB poups while setup is in progress
Test: Cherry pick of http://ag/27094197
Bug: 294105066
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:2ce2e54a040342373e401f9c2e70035ede4e63ad)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:ec96cc3e3a81d21f2249db381c10638bb307cf39)
Merged-In: I7d54534696fd73f3b94c5b4250142eed9341c5d8
Change-Id: I7d54534696fd73f3b94c5b4250142eed9341c5d8
---
.../usb/UsbProfileGroupSettingsManager.java | 21 +++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/services/usb/java/com/android/server/usb/UsbProfileGroupSettingsManager.java b/services/usb/java/com/android/server/usb/UsbProfileGroupSettingsManager.java
index ebb5a62ce7ec..ab4a999df11e 100644
--- a/services/usb/java/com/android/server/usb/UsbProfileGroupSettingsManager.java
+++ b/services/usb/java/com/android/server/usb/UsbProfileGroupSettingsManager.java
@@ -16,6 +16,8 @@
package com.android.server.usb;
+import static android.provider.Settings.Secure.USER_SETUP_COMPLETE;
+
import static com.android.internal.app.IntentForwarderActivity.FORWARD_INTENT_TO_MANAGED_PROFILE;
import android.annotation.NonNull;
@@ -40,6 +42,7 @@ import android.os.AsyncTask;
import android.os.Environment;
import android.os.UserHandle;
import android.os.UserManager;
+import android.provider.Settings;
import android.util.AtomicFile;
import android.util.Log;
import android.util.Slog;
@@ -1060,10 +1063,28 @@ class UsbProfileGroupSettingsManager {
return;
}
+ if (shouldRestrictOverlayActivities()) {
+ return;
+ }
+
// Start activity with registered intent
resolveActivity(intent, matches, defaultActivity, device, null);
}
+ private boolean shouldRestrictOverlayActivities() {
+ if (Settings.Secure.getIntForUser(
+ mContext.getContentResolver(),
+ USER_SETUP_COMPLETE,
+ /* defaultValue= */ 1,
+ UserHandle.CURRENT.getIdentifier())
+ == 0) {
+ Slog.d(TAG, "restricting usb overlay activities as setup is not complete");
+ return true;
+ }
+
+ return false;
+ }
+
public void deviceAttachedForFixedHandler(UsbDevice device, ComponentName component) {
final Intent intent = createDeviceAttachedIntent(device);

View File

@ -0,0 +1,33 @@
From fe760134bfa7c0950b3474a3e5abfa0a3b7e53a7 Mon Sep 17 00:00:00 2001
From: Linus Tufvesson <lus@google.com>
Date: Mon, 29 Apr 2024 16:32:15 +0200
Subject: [PATCH] Hide SAW subwindows
.. when top window is hidden through Window#setHideOverlayWindows
Bug: 318683640
Test: atest CtsWindowManagerDeviceWindow:HideOverlayWindowsTest
Flag: EXEMPT securityfix
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:c37bc9147086f497ac7b1595083836014f524d5f)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:89bc634cb534b8e0ffd798ac9f9f89ac1be0f785)
Merged-In: If19240f5aec2e048de80d75cbbdc00be47622d7f
Change-Id: If19240f5aec2e048de80d75cbbdc00be47622d7f
---
services/core/java/com/android/server/wm/WindowState.java | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/services/core/java/com/android/server/wm/WindowState.java b/services/core/java/com/android/server/wm/WindowState.java
index 087bd6a80c73d..74b2ef791ade6 100644
--- a/services/core/java/com/android/server/wm/WindowState.java
+++ b/services/core/java/com/android/server/wm/WindowState.java
@@ -2635,8 +2635,9 @@ boolean hideLw(boolean doAnimation, boolean requestAnim) {
}
void setForceHideNonSystemOverlayWindowIfNeeded(boolean forceHide) {
+ final int baseType = getBaseType();
if (mOwnerCanAddInternalSystemWindow
- || (!isSystemAlertWindowType(mAttrs.type) && mAttrs.type != TYPE_TOAST)) {
+ || (!isSystemAlertWindowType(baseType) && baseType != TYPE_TOAST)) {
return;
}
if (mForceHideNonSystemOverlayWindow == forceHide) {

View File

@ -0,0 +1,63 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Brian Delwiche <delwiche@google.com>
Date: Mon, 22 Apr 2024 16:43:29 +0000
Subject: [PATCH] Fix heap-buffer overflow in sdp_utils.cc
Fuzzer identifies a case where sdpu_compare_uuid_with_attr crashes with
an out of bounds comparison. Although the bug claims this is due to a
comparison of a uuid with a smaller data field thana the discovery
attribute, my research suggests that this instead stems from a
comparison of a 128 bit UUID with a discovery attribute of some other,
invalid size.
Add checks for discovery attribute size.
Bug: 287184435
Test: atest bluetooth_test_gd_unit, net_test_stack_sdp
Tag: #security
Ignore-AOSP-First: Security
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:99210e2f251e2189c1eede15942c832e017404c2)
Merged-In: Ib536cbeac454efbf6af3d713c05c8e3e077e069b
Change-Id: Ib536cbeac454efbf6af3d713c05c8e3e077e069b
---
stack/sdp/sdp_utils.cc | 27 ++++++++++++++++++++++-----
1 file changed, 22 insertions(+), 5 deletions(-)
diff --git a/stack/sdp/sdp_utils.cc b/stack/sdp/sdp_utils.cc
index e126e7cdd..58d1065a9 100644
--- a/stack/sdp/sdp_utils.cc
+++ b/stack/sdp/sdp_utils.cc
@@ -731,11 +731,28 @@ bool sdpu_compare_uuid_with_attr(tBT_UUID* p_btuuid, tSDP_DISC_ATTR* p_attr) {
/* Since both UUIDs are compressed, lengths must match */
if (p_btuuid->len != attr_len) return (false);
- if (p_btuuid->len == 2)
- return (bool)(p_btuuid->uu.uuid16 == p_attr->attr_value.v.u16);
- else if (p_btuuid->len == 4)
- return (bool)(p_btuuid->uu.uuid32 == p_attr->attr_value.v.u32);
- else if (!memcmp(p_btuuid->uu.uuid128, (void*)p_attr->attr_value.v.array,
+ if (len == 2) {
+ if (SDP_DISC_ATTR_LEN(p_attr->attr_len_type) == Uuid::kNumBytes16) {
+ return (bool)(p_btuuid->uu.uuid16 == p_attr->attr_value.v.u16);
+ } else {
+ LOG(ERROR) << "invalid length for discovery attribute";
+ return (false);
+ }
+ }
+ if (len == 4) {
+ if (SDP_DISC_ATTR_LEN(p_attr->attr_len_type) == Uuid::kNumBytes32) {
+ return (bool)(p_btuuid->uu.uuid32 == p_attr->attr_value.v.u32);
+ } else {
+ LOG(ERROR) << "invalid length for discovery attribute";
+ return (false);
+ }
+ }
+
+ if (SDP_DISC_ATTR_LEN(p_attr->attr_len_type) != Uuid::kNumBytes128) {
+ LOG(ERROR) << "invalid length for discovery attribute";
+ return (false);
+ }
+ if (!memcmp(p_btuuid->uu.uuid128, (void*)p_attr->attr_value.v.array,
MAX_UUID_SIZE))
return (true);

View File

@ -76,7 +76,7 @@ applyPatch "$DOS_PATCHES/android_build/0002-Enable_fwrapv.patch"; #Use -fwrapv a
applyPatch "$DOS_PATCHES/android_build/0003-verity-openssl3.patch"; #Fix VB 1.0 failure due to openssl output format change applyPatch "$DOS_PATCHES/android_build/0003-verity-openssl3.patch"; #Fix VB 1.0 failure due to openssl output format change
sed -i '57i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches. sed -i '57i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
awk -i inplace '!/Email/' target/product/core.mk; #Remove Email awk -i inplace '!/Email/' target/product/core.mk; #Remove Email
sed -i 's/2021-10-05/2024-07-05/' core/version_defaults.mk; #Bump Security String #XXX sed -i 's/2021-10-05/2024-08-05/' core/version_defaults.mk; #Bump Security String #XXX
fi; fi;
if enterAndClear "build/soong"; then if enterAndClear "build/soong"; then
@ -171,6 +171,7 @@ applyPatch "$DOS_PATCHES/android_frameworks_av/373949.patch"; #R_asb_2023-11 Fix
applyPatch "$DOS_PATCHES/android_frameworks_av/381886.patch"; #R_asb_2024-02 Update mtp packet buffer applyPatch "$DOS_PATCHES/android_frameworks_av/381886.patch"; #R_asb_2024-02 Update mtp packet buffer
applyPatch "$DOS_PATCHES/android_frameworks_av/385670.patch"; #P_asb_2024-03 Validate OMX Params for VPx encoders applyPatch "$DOS_PATCHES/android_frameworks_av/385670.patch"; #P_asb_2024-03 Validate OMX Params for VPx encoders
applyPatch "$DOS_PATCHES/android_frameworks_av/385671.patch"; #P_asb_2024-03 Fix out of bounds read and write in onQueueFilled in outQueue applyPatch "$DOS_PATCHES/android_frameworks_av/385671.patch"; #P_asb_2024-03 Fix out of bounds read and write in onQueueFilled in outQueue
applyPatch "$DOS_PATCHES/android_frameworks_av/399771.patch"; #P_asb_2024-08 StagefrightRecoder: Disabling B-frame support
fi; fi;
if enterAndClear "frameworks/base"; then if enterAndClear "frameworks/base"; then
@ -266,6 +267,8 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/394880.patch"; #P_asb_2024-06 C
applyPatch "$DOS_PATCHES/android_frameworks_base/394881-backport.patch"; #P_asb_2024-06 AccessibilityManagerService: remove uninstalled services from enabled list after service update. applyPatch "$DOS_PATCHES/android_frameworks_base/394881-backport.patch"; #P_asb_2024-06 AccessibilityManagerService: remove uninstalled services from enabled list after service update.
applyPatch "$DOS_PATCHES/android_frameworks_base/394882.patch"; #P_asb_2024-06 Check permissions for CDM shell commands applyPatch "$DOS_PATCHES/android_frameworks_base/394882.patch"; #P_asb_2024-06 Check permissions for CDM shell commands
applyPatch "$DOS_PATCHES/android_frameworks_base/397594.patch"; #P_asb_2024-07 Verify UID of incoming Zygote connections. applyPatch "$DOS_PATCHES/android_frameworks_base/397594.patch"; #P_asb_2024-07 Verify UID of incoming Zygote connections.
applyPatch "$DOS_PATCHES/android_frameworks_base/399769-backport.patch"; #P_asb_2024-08 Restrict USB poups while setup is in progress
applyPatch "$DOS_PATCHES/android_frameworks_base/399770.patch"; #P_asb_2024-08 Hide SAW subwindows
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0001-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS) applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0001-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969) applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969)
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after five failed attempts (GrapheneOS) applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after five failed attempts (GrapheneOS)
@ -543,6 +546,7 @@ applyPatch "$DOS_PATCHES/android_system_bt/381895.patch"; #R_asb_2024-02 Fix an
applyPatch "$DOS_PATCHES/android_system_bt/385677.patch"; #P_asb_2024-03 Reland: Fix an OOB write bug in attp_build_value_cmd applyPatch "$DOS_PATCHES/android_system_bt/385677.patch"; #P_asb_2024-03 Reland: Fix an OOB write bug in attp_build_value_cmd
applyPatch "$DOS_PATCHES/android_system_bt/385678.patch"; #P_asb_2024-03 Fix a security bypass issue in access_secure_service_from_temp_bond applyPatch "$DOS_PATCHES/android_system_bt/385678.patch"; #P_asb_2024-03 Fix a security bypass issue in access_secure_service_from_temp_bond
applyPatch "$DOS_PATCHES/android_system_bt/397596.patch"; #P_asb_2024-07 Fix an authentication bypass bug in SMP applyPatch "$DOS_PATCHES/android_system_bt/397596.patch"; #P_asb_2024-07 Fix an authentication bypass bug in SMP
applyPatch "$DOS_PATCHES/android_system_bt/399772-backport.patch"; #P_asb_2024-08 Fix heap-buffer overflow in sdp_utils.cc #XXX
fi; fi;
if enterAndClear "system/ca-certificates"; then if enterAndClear "system/ca-certificates"; then