From 0af36393f5381b97c5008814980e999de1579544 Mon Sep 17 00:00:00 2001 From: Tavi Date: Mon, 7 Oct 2024 20:36:29 -0400 Subject: [PATCH] 14.1: October 2024 ASB picks Signed-off-by: Tavi --- .../android_frameworks_base/405038.patch | 27 ++++++++++ .../android_frameworks_base/405039.patch | 32 ++++++++++++ .../android_libcore/405037.patch | 51 +++++++++++++++++++ Scripts/LineageOS-14.1/Patch.sh | 8 ++- 4 files changed, 117 insertions(+), 1 deletion(-) create mode 100644 Patches/LineageOS-14.1/android_frameworks_base/405038.patch create mode 100644 Patches/LineageOS-14.1/android_frameworks_base/405039.patch create mode 100644 Patches/LineageOS-14.1/android_libcore/405037.patch diff --git a/Patches/LineageOS-14.1/android_frameworks_base/405038.patch b/Patches/LineageOS-14.1/android_frameworks_base/405038.patch new file mode 100644 index 00000000..46ccadb5 --- /dev/null +++ b/Patches/LineageOS-14.1/android_frameworks_base/405038.patch @@ -0,0 +1,27 @@ +From 560e0b6265e67b7a1f5e63da097e27485ba65a8f Mon Sep 17 00:00:00 2001 +From: William Loh +Date: Mon, 3 Jun 2024 12:56:47 -0700 +Subject: [PATCH] Fail parseUri if end is missing + +Bug: 318683126 +Test: atest IntentTest +Flag: EXEMPT bugfix +Change-Id: I5f619ced684ff505ce2b7408cd35dd3e9be89dea +--- + core/java/android/content/Intent.java | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/core/java/android/content/Intent.java b/core/java/android/content/Intent.java +index 2142aae2ec74a..6c93c4651cec5 100644 +--- a/core/java/android/content/Intent.java ++++ b/core/java/android/content/Intent.java +@@ -5112,6 +5112,9 @@ public static Intent parseUri(String uri, int flags) throws URISyntaxException { + int eq = uri.indexOf('=', i); + if (eq < 0) eq = i-1; + int semi = uri.indexOf(';', i); ++ if (semi < 0) { ++ throw new URISyntaxException(uri, "uri end not found"); ++ } + String value = eq < semi ? Uri.decode(uri.substring(eq + 1, semi)) : ""; + + // action diff --git a/Patches/LineageOS-14.1/android_frameworks_base/405039.patch b/Patches/LineageOS-14.1/android_frameworks_base/405039.patch new file mode 100644 index 00000000..7d995f72 --- /dev/null +++ b/Patches/LineageOS-14.1/android_frameworks_base/405039.patch @@ -0,0 +1,32 @@ +From 9fa4be80e24143b7b7a382659ccb260f129084c1 Mon Sep 17 00:00:00 2001 +From: Dmitry Dementyev +Date: Thu, 11 Jul 2024 12:39:22 -0700 +Subject: [PATCH] Update AccountManagerService checkKeyIntent. + +Block intents with "content" data scheme. + +Bug: 349780950 +Test: manual +Flag: EXEMPT bugfix +(cherry picked from commit c1e79495a49bd4d3e380136fe4bca7ac1a9ed763) +(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:b43f4aebb065059d7bf9bffc31c7893fff5133a1) +Merged-In: I8b23191d3d60036ca7ddf0ef7dcba6b38fb27b3c +Change-Id: I8b23191d3d60036ca7ddf0ef7dcba6b38fb27b3c +--- + .../com/android/server/accounts/AccountManagerService.java | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java +index 4804050c721f2..56e43b8025c87 100644 +--- a/services/core/java/com/android/server/accounts/AccountManagerService.java ++++ b/services/core/java/com/android/server/accounts/AccountManagerService.java +@@ -4220,6 +4220,9 @@ protected boolean checkKeyIntent(int authUid, Intent intent) { + if (resolveInfo == null) { + return false; + } ++ if ("content".equals(intent.getScheme())) { ++ return false; ++ } + ActivityInfo targetActivityInfo = resolveInfo.activityInfo; + int targetUid = targetActivityInfo.applicationInfo.uid; + if (PackageManager.SIGNATURE_MATCH != pm.checkSignatures(authUid, targetUid)) { diff --git a/Patches/LineageOS-14.1/android_libcore/405037.patch b/Patches/LineageOS-14.1/android_libcore/405037.patch new file mode 100644 index 00000000..8a0b18ef --- /dev/null +++ b/Patches/LineageOS-14.1/android_libcore/405037.patch @@ -0,0 +1,51 @@ +From 25bff2717051677d510eed49e5825123682ea19a Mon Sep 17 00:00:00 2001 +From: Almaz Mingaleev +Date: Wed, 10 Jul 2024 13:38:35 +0100 +Subject: [PATCH] Do not accept zip files with invalid headers. + +According to Section 4.3.6 in [1] non-empty zip file starts with +local file header. 4.3.1 allows empty files, and in such case +file starts with "end of central directory record". + +This aligns ZipFile with libziparchive modulo empty zip files - +libziparchive rejects them. + +Tests are skipped because sc-dev branch uses ART module +prebuilts, but builds tests from sources which leads to presubmit +failures. + +Ignore-AOSP-First: b/309938635#comment1 + +[1] https://pkwaredownloads.blob.core.windows.net/pem/APPNOTE.txt + +Bug: 309938635 +Test: CtsLibcoreTestCases +Test: CtsLibcoreOjTestCases +Change-Id: I545cdd49ec3cc138331145f4716c8148662a478b +Merged-In: I545cdd49ec3cc138331145f4716c8148662a478b +--- + ojluni/src/main/native/zip_util.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/ojluni/src/main/native/zip_util.c b/ojluni/src/main/native/zip_util.c +index 5a2a0b8c538..1ce510e1d10 100644 +--- a/ojluni/src/main/native/zip_util.c ++++ b/ojluni/src/main/native/zip_util.c +@@ -871,6 +871,17 @@ ZIP_Put_In_Cache0(const char *name, ZFILE zfd, char **pmsg, jlong lastModified, + zip->locsig = JNI_TRUE; + else + zip->locsig = JNI_FALSE; ++ ++ // BEGIN Android-changed: do not accept files with invalid header. ++ if (GETSIG(errbuf) != LOCSIG && GETSIG(errbuf) != ENDSIG) { ++ if (pmsg) { ++ *pmsg = strdup("Entry at offset zero has invalid LFH signature."); ++ } ++ ZFILE_Close(zfd); ++ freeZip(zip); ++ return NULL; ++ } ++ // END Android-changed: do not accept files with invalid header. + } + + // This lseek is safe because it happens during construction of the ZipFile diff --git a/Scripts/LineageOS-14.1/Patch.sh b/Scripts/LineageOS-14.1/Patch.sh index 595d6a58..b475b2e0 100644 --- a/Scripts/LineageOS-14.1/Patch.sh +++ b/Scripts/LineageOS-14.1/Patch.sh @@ -82,7 +82,7 @@ sed -i '50i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aap sed -i '296iLOCAL_AAPT_FLAGS += --auto-add-overlay' core/package_internal.mk; awk -i inplace '!/Email/' target/product/core.mk; #Remove Email awk -i inplace '!/Exchange2/' target/product/core.mk; -sed -i 's/2021-06-05/2024-09-05/' core/version_defaults.mk; #Bump Security String #n-asb-2024-09 #XXX +sed -i 's/2021-06-05/2024-10-05/' core/version_defaults.mk; #Bump Security String #n-asb-2024-10 #XXX fi; if enterAndClear "device/qcom/sepolicy"; then @@ -298,6 +298,8 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/393649.patch"; #n-asb-2024-06 A applyPatch "$DOS_PATCHES/android_frameworks_base/396611.patch"; #n-asb-2024-07 Verify UID of incoming Zygote connections. applyPatch "$DOS_PATCHES/android_frameworks_base/399269.patch"; #n-asb-2024-08 Restrict USB poups while setup is in progress applyPatch "$DOS_PATCHES/android_frameworks_base/400926.patch"; #n-asb-2024-09 Sanitized uri scheme by removing scheme delimiter +applyPatch "$DOS_PATCHES/android_frameworks_base/405038.patch"; #n-asb-2024-10 Fail parseUri if end is missing +applyPatch "$DOS_PATCHES/android_frameworks_base/405039.patch"; #n-asb-2024-10 Update AccountManagerService checkKeyIntent. git revert --no-edit 0326bb5e41219cf502727c3aa44ebf2daa19a5b3; #Re-enable doze on devices without gms applyPatch "$DOS_PATCHES/android_frameworks_base/248599.patch"; #Make SET_TIME_ZONE permission match SET_TIME (AOSP) applyPatch "$DOS_PATCHES/android_frameworks_base/0001-Reduced_Resolution.patch"; #Allow reducing resolution to save power TODO: Add 800x480 (DivestOS) @@ -412,6 +414,10 @@ if enterAndClear "hardware/qcom/media-caf/msm8994"; then applyPatch "$DOS_PATCHES/android_hardware_qcom_media/227622.patch"; #n_asb_09-2018-qcom (CAF) fi; +if enterAndClear "libcore"; then +applyPatch "$DOS_PATCHES/android_libcore/405037.patch"; #n-asb-2024-10 Do not accept zip files with invalid headers. +fi; + if enterAndClear "packages/apps/Bluetooth"; then applyPatch "$DOS_PATCHES/android_packages_apps_Bluetooth/332451.patch"; #n-asb-2022-06 Removes app access to BluetoothAdapter#setScanMode by requiring BLUETOOTH_PRIVILEGED permission. applyPatch "$DOS_PATCHES/android_packages_apps_Bluetooth/332452.patch"; #n-asb-2022-06 Removes app access to BluetoothAdapter#setDiscoverableTimeout by requiring BLUETOOTH_PRIVILEGED permission.