Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2024-12-18 12:24:21 -05:00
Code Issues Packages Projects Releases Wiki Activity

Import Q_asb_2024-04 and R_asb_2024-05 + fixups

Browse Source 
Signed-off-by: Tavi <tavi@divested.dev>
This commit is contained in:
Tavi 2024-05-11 11:06:20 -04:00
parent c31e67b2f8
commit 0dcdeb029a
No known key found for this signature in database
GPG Key ID: E599F62ECBAEAF2E
11 changed files with 342 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Logs/resetWorkspace-LineageOS-16.0.txt
View File

@ -129,7 +129,7 @@ external/gptfdisk b734d58efc09f0925414916cf6ad24e3f29208b5
external/guava 2e52c68711b104ac2e225a9d298bd2de1eed92bb external/guava 2e52c68711b104ac2e225a9d298bd2de1eed92bb
external/guice 628ced18e817a96c11857a51536468a886c6e183 external/guice 628ced18e817a96c11857a51536468a886c6e183
external/hamcrest 6668c743790380cb3e7889c2abb6cd53b720a211 external/hamcrest 6668c743790380cb3e7889c2abb6cd53b720a211
external/hardened_malloc 464bfd4d829927f19fd5d2729a101ee241319d1e external/hardened_malloc 749640c274d54e084505a24fa758bcb5f96a25ef
external/harfbuzz_ng 144ce8bd09cc57d655d44c36670c59582374109f external/harfbuzz_ng 144ce8bd09cc57d655d44c36670c59582374109f
external/honggfuzz f49b65256c6e5ae8b5efb500012d2776ca078d5f external/honggfuzz f49b65256c6e5ae8b5efb500012d2776ca078d5f
external/hyphenation-patterns 68ce780a284aa7e16a1f44e3ed1c81d3135642ec external/hyphenation-patterns 68ce780a284aa7e16a1f44e3ed1c81d3135642ec

2
Logs/resetWorkspace-LineageOS-17.1.txt
View File

@ -78,7 +78,7 @@ external/catch2 bcfbb791d09e390fb545c03ca002e570f764d960
external/cblas 61ee00692011385347a5dd1ad872556899a5cf7a external/cblas 61ee00692011385347a5dd1ad872556899a5cf7a
external/chromium-libpac c98fc96035e6fdc5b84d953d2bd38d2dcd175467 external/chromium-libpac c98fc96035e6fdc5b84d953d2bd38d2dcd175467
external/chromium-trace f4e722b911fcc6f7164026432de62a02ea3460fb external/chromium-trace f4e722b911fcc6f7164026432de62a02ea3460fb
external/chromium-webview 7a167062342c2f6dc6b6a152dd1021735287d0b9 external/chromium-webview 2b59e6725f2fb27a8bf8f4d048f1e6c1271e5144
external/clang 8343f599c9e1dda8e6c1bb779af323a673a052f9 external/clang 8343f599c9e1dda8e6c1bb779af323a673a052f9
external/cldr 4e0bdd442c1e01f5c6147cf6032ce4f8587f4ede external/cldr 4e0bdd442c1e01f5c6147cf6032ce4f8587f4ede
external/cmockery 9199c7bfafefea32d1884182fa655b6e4578c1c4 external/cmockery 9199c7bfafefea32d1884182fa655b6e4578c1c4

4
Patches/LineageOS-16.0/android_packages_apps_Settings/316891059-16.patch
View File

@ -23,7 +23,7 @@ index 78c47edf046..262f220f8ab 100644
import android.content.Context; import android.content.Context;
import android.text.TextUtils; import android.text.TextUtils;
+import androidx.annotation.NonNull; +import android.annotation.NonNull;
+ +
import com.android.internal.annotations.VisibleForTesting; import com.android.internal.annotations.VisibleForTesting;
import com.android.settings.overlay.FeatureFactory; import com.android.settings.overlay.FeatureFactory;
@ -55,7 +55,7 @@ index 78c47edf046..262f220f8ab 100644
- if (isSettingsPackage || isWhitelistedPackage) { - if (isSettingsPackage || isWhitelistedPackage) {
+ final boolean isSettingsPackage = TextUtils.equals(callerPackage, context.getPackageName()) + final boolean isSettingsPackage = TextUtils.equals(callerPackage, context.getPackageName())
+ || TextUtils.equals(getSettingsIntelligencePkgName(), callerPackage); + || TextUtils.equals(getSettingsIntelligencePkgName(), callerPackage);
+ final boolean isAllowlistedPackage = isSignatureAllowlisted(context, callerPackage); + final boolean isAllowlistedPackage = isSignatureWhitelisted(context, callerPackage);
+ if (isSettingsPackage || isAllowlistedPackage) { + if (isSettingsPackage || isAllowlistedPackage) {
return; return;
} }

35
Patches/LineageOS-17.1/android_frameworks_base/389269-backport.patch → Patches/LineageOS-17.1/android_frameworks_base/392204.patch
View File

@ -1,4 +1,4 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From 14e41b9febe8d5eaf1da70e720bc33e708f8966e Mon Sep 17 00:00:00 2001
From: Beverly <beverlyt@google.com> From: Beverly <beverlyt@google.com>
Date: Thu, 18 Jan 2024 20:13:52 +0000 Date: Thu, 18 Jan 2024 20:13:52 +0000
Subject: [PATCH] isUserInLockDown can be true when there are other strong auth Subject: [PATCH] isUserInLockDown can be true when there are other strong auth
@ -13,15 +13,15 @@ Test: manual, atest LockPatternUtilsTest
Merged-In: I5e979a7822dd7254b4579ab28ecf96df1db44179 Merged-In: I5e979a7822dd7254b4579ab28ecf96df1db44179
Change-Id: I5e979a7822dd7254b4579ab28ecf96df1db44179 Change-Id: I5e979a7822dd7254b4579ab28ecf96df1db44179
--- ---
.../internal/widget/LockPatternUtils.java | 4 +-- .../internal/widget/LockPatternUtils.java | 4 +-
.../internal/util/LockPatternUtilsTest.java | 33 ++++++++++++++++--- .../internal/util/LockPatternUtilsTest.java | 40 ++++++++++++++++---
2 files changed, 30 insertions(+), 7 deletions(-) 2 files changed, 37 insertions(+), 7 deletions(-)
diff --git a/core/java/com/android/internal/widget/LockPatternUtils.java b/core/java/com/android/internal/widget/LockPatternUtils.java diff --git a/core/java/com/android/internal/widget/LockPatternUtils.java b/core/java/com/android/internal/widget/LockPatternUtils.java
index 1f49cab98972..2857324d524c 100644 index 1f49cab989723..2857324d524cc 100644
--- a/core/java/com/android/internal/widget/LockPatternUtils.java --- a/core/java/com/android/internal/widget/LockPatternUtils.java
+++ b/core/java/com/android/internal/widget/LockPatternUtils.java +++ b/core/java/com/android/internal/widget/LockPatternUtils.java
@@ -1794,8 +1794,8 @@ public class LockPatternUtils { @@ -1794,8 +1794,8 @@ public boolean isBiometricAllowedForUser(int userId) {
} }
public boolean isUserInLockdown(int userId) { public boolean isUserInLockdown(int userId) {
@ -33,19 +33,20 @@ index 1f49cab98972..2857324d524c 100644
private ICheckCredentialProgressCallback wrapCallback( private ICheckCredentialProgressCallback wrapCallback(
diff --git a/core/tests/utiltests/src/com/android/internal/util/LockPatternUtilsTest.java b/core/tests/utiltests/src/com/android/internal/util/LockPatternUtilsTest.java diff --git a/core/tests/utiltests/src/com/android/internal/util/LockPatternUtilsTest.java b/core/tests/utiltests/src/com/android/internal/util/LockPatternUtilsTest.java
index 9913531cdf13..517160e74ade 100644 index 9913531cdf132..433a35bffeb80 100644
--- a/core/tests/utiltests/src/com/android/internal/util/LockPatternUtilsTest.java --- a/core/tests/utiltests/src/com/android/internal/util/LockPatternUtilsTest.java
+++ b/core/tests/utiltests/src/com/android/internal/util/LockPatternUtilsTest.java +++ b/core/tests/utiltests/src/com/android/internal/util/LockPatternUtilsTest.java
@@ -18,6 +18,8 @@ package com.android.internal.util; @@ -19,6 +19,9 @@
import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_MANAGED; import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_MANAGED;
import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED; import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED;
+import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_NOT_REQUIRED; +import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_NOT_REQUIRED;
+import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN; +import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN;
+
import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertTrue;
@@ -48,12 +50,15 @@ import org.mockito.Mockito; import static org.mockito.Mockito.doReturn;
@@ -48,12 +51,15 @@
@SmallTest @SmallTest
public class LockPatternUtilsTest { public class LockPatternUtilsTest {
@ -61,7 +62,7 @@ index 9913531cdf13..517160e74ade 100644
final Context context = spy(new ContextWrapper(InstrumentationRegistry.getTargetContext())); final Context context = spy(new ContextWrapper(InstrumentationRegistry.getTargetContext()));
final MockContentResolver cr = new MockContentResolver(context); final MockContentResolver cr = new MockContentResolver(context);
@@ -61,13 +66,12 @@ public class LockPatternUtilsTest { @@ -61,13 +67,12 @@ private void configureTest(boolean isSecure, boolean isDemoUser, int deviceDemoM
when(context.getContentResolver()).thenReturn(cr); when(context.getContentResolver()).thenReturn(cr);
Settings.Global.putInt(cr, Settings.Global.DEVICE_DEMO_MODE, deviceDemoMode); Settings.Global.putInt(cr, Settings.Global.DEVICE_DEMO_MODE, deviceDemoMode);
@ -69,7 +70,7 @@ index 9913531cdf13..517160e74ade 100644
- when(ils.havePassword(DEMO_USER_ID)).thenReturn(isSecure); - when(ils.havePassword(DEMO_USER_ID)).thenReturn(isSecure);
- when(ils.getLong("lockscreen.password_type", PASSWORD_QUALITY_UNSPECIFIED, DEMO_USER_ID)) - when(ils.getLong("lockscreen.password_type", PASSWORD_QUALITY_UNSPECIFIED, DEMO_USER_ID))
- .thenReturn((long) PASSWORD_QUALITY_MANAGED); - .thenReturn((long) PASSWORD_QUALITY_MANAGED);
+ when(mLockSettings.getCredentialType(DEMO_USER_ID)).thenReturn(isSecure); + when(mLockSettings.havePassword(DEMO_USER_ID)).thenReturn(isSecure);
+ when(mLockSettings.getLong("lockscreen.password_type", PASSWORD_QUALITY_UNSPECIFIED, + when(mLockSettings.getLong("lockscreen.password_type", PASSWORD_QUALITY_UNSPECIFIED,
+ DEMO_USER_ID)).thenReturn((long) PASSWORD_QUALITY_MANAGED); + DEMO_USER_ID)).thenReturn((long) PASSWORD_QUALITY_MANAGED);
// TODO(b/63758238): stop spying the class under test // TODO(b/63758238): stop spying the class under test
@ -79,25 +80,31 @@ index 9913531cdf13..517160e74ade 100644
doReturn(true).when(mLockPatternUtils).hasSecureLockScreen(); doReturn(true).when(mLockPatternUtils).hasSecureLockScreen();
final UserInfo userInfo = Mockito.mock(UserInfo.class); final UserInfo userInfo = Mockito.mock(UserInfo.class);
@@ -77,6 +81,25 @@ public class LockPatternUtilsTest { @@ -77,6 +82,31 @@ private void configureTest(boolean isSecure, boolean isDemoUser, int deviceDemoM
when(context.getSystemService(Context.USER_SERVICE)).thenReturn(um); when(context.getSystemService(Context.USER_SERVICE)).thenReturn(um);
} }
+ @Test + @Test
+ public void isUserInLockDown() throws Exception { + public void isUserInLockDown() throws Exception {
+ configureTest(true, false, 2); + configureTest(true, false, 2);
+
+ // GIVEN strong auth not required + // GIVEN strong auth not required
+ when(mLockSettings.getStrongAuthForUser(USER_ID)).thenReturn(STRONG_AUTH_NOT_REQUIRED); + when(mLockSettings.getStrongAuthForUser(USER_ID)).thenReturn(STRONG_AUTH_NOT_REQUIRED);
+
+ // THEN user isn't in lockdown + // THEN user isn't in lockdown
+ assertFalse(mLockPatternUtils.isUserInLockdown(USER_ID)); + assertFalse(mLockPatternUtils.isUserInLockdown(USER_ID));
+
+ // GIVEN lockdown + // GIVEN lockdown
+ when(mLockSettings.getStrongAuthForUser(USER_ID)).thenReturn( + when(mLockSettings.getStrongAuthForUser(USER_ID)).thenReturn(
+ STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN); + STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN);
+
+ // THEN user is in lockdown + // THEN user is in lockdown
+ assertTrue(mLockPatternUtils.isUserInLockdown(USER_ID)); + assertTrue(mLockPatternUtils.isUserInLockdown(USER_ID));
+
+ // GIVEN lockdown and lockout + // GIVEN lockdown and lockout
+ when(mLockSettings.getStrongAuthForUser(USER_ID)).thenReturn( + when(mLockSettings.getStrongAuthForUser(USER_ID)).thenReturn(
+ STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN | STRONG_AUTH_REQUIRED_AFTER_LOCKOUT); + STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN | STRONG_AUTH_REQUIRED_AFTER_LOCKOUT);
+
+ // THEN user is in lockdown + // THEN user is in lockdown
+ assertTrue(mLockPatternUtils.isUserInLockdown(USER_ID)); + assertTrue(mLockPatternUtils.isUserInLockdown(USER_ID));
+ } + }

52
Patches/LineageOS-17.1/android_frameworks_base/389014-backport.patch → Patches/LineageOS-17.1/android_frameworks_base/392205.patch
View File

@ -1,4 +1,4 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From f856be82ebd99d0f9f261058cea4fc58c729ad21 Mon Sep 17 00:00:00 2001
From: Tetiana Meronyk <tetianameronyk@google.com> From: Tetiana Meronyk <tetianameronyk@google.com>
Date: Wed, 10 Jan 2024 16:25:13 +0000 Date: Wed, 10 Jan 2024 16:25:13 +0000
Subject: [PATCH] Fix security vulnerability that creates user with no Subject: [PATCH] Fix security vulnerability that creates user with no
@ -6,22 +6,22 @@ Subject: [PATCH] Fix security vulnerability that creates user with no
Bug: 293602970 Bug: 293602970
Test: atest UserManagerTest#testAddUserAccountData_validStringValuesAreSaved_validBundleIsSaved && atest UserManagerTest#testAddUserAccountData_invalidStringValuesAreTruncated_invalidBundleIsDropped Test: atest UserManagerTest#testAddUserAccountData_validStringValuesAreSaved_validBundleIsSaved && atest UserManagerTest#testAddUserAccountData_invalidStringValuesAreTruncated_invalidBundleIsDropped
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:944ea959ab8464c39a8f6a4fc391fb6953e1df89) (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:8dc6feaee7c0a5cea093b5280acaad862921cf3e)
Merged-In: I23c971f671546ac085060add89485cfac6691ca3 Merged-In: I23c971f671546ac085060add89485cfac6691ca3
Change-Id: I23c971f671546ac085060add89485cfac6691ca3 Change-Id: I23c971f671546ac085060add89485cfac6691ca3
--- ---
core/java/android/os/PersistableBundle.java | 37 +++++++ core/java/android/os/PersistableBundle.java | 37 +++++++
core/java/android/os/UserManager.java | 23 +++- core/java/android/os/UserManager.java | 23 +++-
.../app/ConfirmUserCreationActivity.java | 12 +++ .../app/ConfirmUserCreationActivity.java | 12 ++
.../android/server/pm/UserManagerService.java | 29 ++--- .../android/server/pm/UserManagerService.java | 29 +++--
.../android/server/pm/UserManagerTest.java | 102 ++++++++++++++++++ .../android/server/pm/UserManagerTest.java | 103 ++++++++++++++++++
5 files changed, 187 insertions(+), 16 deletions(-) 5 files changed, 188 insertions(+), 16 deletions(-)
diff --git a/core/java/android/os/PersistableBundle.java b/core/java/android/os/PersistableBundle.java diff --git a/core/java/android/os/PersistableBundle.java b/core/java/android/os/PersistableBundle.java
index 3e6312754359..bf584c957aa0 100644 index 3e63127543593..bf584c957aa0b 100644
--- a/core/java/android/os/PersistableBundle.java --- a/core/java/android/os/PersistableBundle.java
+++ b/core/java/android/os/PersistableBundle.java +++ b/core/java/android/os/PersistableBundle.java
@@ -268,6 +268,43 @@ public final class PersistableBundle extends BaseBundle implements Cloneable, Pa @@ -268,6 +268,43 @@ public void saveToXml(XmlSerializer out) throws IOException, XmlPullParserExcept
XmlUtils.writeMapXml(mMap, out, this); XmlUtils.writeMapXml(mMap, out, this);
} }
@ -66,7 +66,7 @@ index 3e6312754359..bf584c957aa0 100644
static class MyReadMapCallback implements XmlUtils.ReadMapCallback { static class MyReadMapCallback implements XmlUtils.ReadMapCallback {
@Override @Override
diff --git a/core/java/android/os/UserManager.java b/core/java/android/os/UserManager.java diff --git a/core/java/android/os/UserManager.java b/core/java/android/os/UserManager.java
index da41478e91a6..fc714923bf41 100644 index da41478e91a66..fc714923bf41d 100644
--- a/core/java/android/os/UserManager.java --- a/core/java/android/os/UserManager.java
+++ b/core/java/android/os/UserManager.java +++ b/core/java/android/os/UserManager.java
@@ -77,6 +77,21 @@ public class UserManager { @@ -77,6 +77,21 @@ public class UserManager {
@ -91,7 +91,7 @@ index da41478e91a6..fc714923bf41 100644
/** /**
* @hide * @hide
* No user restriction. * No user restriction.
@@ -2199,15 +2214,15 @@ public class UserManager { @@ -2199,15 +2214,15 @@ public UserInfo createRestrictedProfile(String name) {
* time, the preferred user name and account information are used by the setup process for that * time, the preferred user name and account information are used by the setup process for that
* user. * user.
* *
@ -112,10 +112,10 @@ index da41478e91a6..fc714923bf41 100644
* @see #USER_CREATION_FAILED_NOT_PERMITTED * @see #USER_CREATION_FAILED_NOT_PERMITTED
* @see #USER_CREATION_FAILED_NO_MORE_USERS * @see #USER_CREATION_FAILED_NO_MORE_USERS
diff --git a/core/java/com/android/internal/app/ConfirmUserCreationActivity.java b/core/java/com/android/internal/app/ConfirmUserCreationActivity.java diff --git a/core/java/com/android/internal/app/ConfirmUserCreationActivity.java b/core/java/com/android/internal/app/ConfirmUserCreationActivity.java
index 03da9bc939ec..74dedc38a922 100644 index 03da9bc939ec5..74dedc38a9227 100644
--- a/core/java/com/android/internal/app/ConfirmUserCreationActivity.java --- a/core/java/com/android/internal/app/ConfirmUserCreationActivity.java
+++ b/core/java/com/android/internal/app/ConfirmUserCreationActivity.java +++ b/core/java/com/android/internal/app/ConfirmUserCreationActivity.java
@@ -110,6 +110,14 @@ public class ConfirmUserCreationActivity extends AlertActivity @@ -110,6 +110,14 @@ private String checkUserCreationRequirements() {
if (cantCreateUser) { if (cantCreateUser) {
setResult(UserManager.USER_CREATION_FAILED_NOT_PERMITTED); setResult(UserManager.USER_CREATION_FAILED_NOT_PERMITTED);
return null; return null;
@ -130,7 +130,7 @@ index 03da9bc939ec..74dedc38a922 100644
} else if (cantCreateAnyMoreUsers) { } else if (cantCreateAnyMoreUsers) {
setResult(UserManager.USER_CREATION_FAILED_NO_MORE_USERS); setResult(UserManager.USER_CREATION_FAILED_NO_MORE_USERS);
return null; return null;
@@ -137,4 +145,8 @@ public class ConfirmUserCreationActivity extends AlertActivity @@ -137,4 +145,8 @@ public void onClick(DialogInterface dialog, int which) {
} }
finish(); finish();
} }
@ -140,7 +140,7 @@ index 03da9bc939ec..74dedc38a922 100644
+ } + }
} }
diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java
index 318c11141cfe..645ee1a2f12e 100644 index 318c11141cfed..645ee1a2f12e5 100644
--- a/services/core/java/com/android/server/pm/UserManagerService.java --- a/services/core/java/com/android/server/pm/UserManagerService.java
+++ b/services/core/java/com/android/server/pm/UserManagerService.java +++ b/services/core/java/com/android/server/pm/UserManagerService.java
@@ -225,8 +225,6 @@ public class UserManagerService extends IUserManager.Stub { @@ -225,8 +225,6 @@ public class UserManagerService extends IUserManager.Stub {
@ -152,7 +152,7 @@ index 318c11141cfe..645ee1a2f12e 100644
private static final long EPOCH_PLUS_30_YEARS = 30L * 365 * 24 * 60 * 60 * 1000L; // ms private static final long EPOCH_PLUS_30_YEARS = 30L * 365 * 24 * 60 * 60 * 1000L; // ms
// Maximum number of managed profiles permitted per user is 1. This cannot be increased // Maximum number of managed profiles permitted per user is 1. This cannot be increased
@@ -2420,16 +2418,18 @@ public class UserManagerService extends IUserManager.Stub { @@ -2420,16 +2418,18 @@ void writeUserLP(UserData userData, OutputStream os)
if (userData.persistSeedData) { if (userData.persistSeedData) {
if (userData.seedAccountName != null) { if (userData.seedAccountName != null) {
serializer.attribute(null, ATTR_SEED_ACCOUNT_NAME, serializer.attribute(null, ATTR_SEED_ACCOUNT_NAME,
@ -174,7 +174,7 @@ index 318c11141cfe..645ee1a2f12e 100644
serializer.endTag(null, TAG_NAME); serializer.endTag(null, TAG_NAME);
} }
synchronized (mRestrictionsLock) { synchronized (mRestrictionsLock) {
@@ -2470,11 +2470,11 @@ public class UserManagerService extends IUserManager.Stub { @@ -2470,11 +2470,11 @@ void writeUserLP(UserData userData, OutputStream os)
serializer.endDocument(); serializer.endDocument();
} }
@ -189,7 +189,7 @@ index 318c11141cfe..645ee1a2f12e 100644
} }
/* /*
@@ -2819,7 +2819,7 @@ public class UserManagerService extends IUserManager.Stub { @@ -2819,7 +2819,7 @@ private UserInfo createUserInternalUnchecked(@Nullable String name, @UserInfoFla
private UserInfo createUserInternalUncheckedNoTracing(@Nullable String name, private UserInfo createUserInternalUncheckedNoTracing(@Nullable String name,
@UserInfoFlag int flags, @UserIdInt int parentId, boolean preCreate, @UserInfoFlag int flags, @UserIdInt int parentId, boolean preCreate,
@Nullable String[] disallowedPackages, @NonNull TimingsTraceLog t) { @Nullable String[] disallowedPackages, @NonNull TimingsTraceLog t) {
@ -198,7 +198,7 @@ index 318c11141cfe..645ee1a2f12e 100644
// First try to use a pre-created user (if available). // First try to use a pre-created user (if available).
// NOTE: currently we don't support pre-created managed profiles // NOTE: currently we don't support pre-created managed profiles
if (!preCreate && (parentId < 0 && !UserInfo.isManagedProfile(flags))) { if (!preCreate && (parentId < 0 && !UserInfo.isManagedProfile(flags))) {
@@ -3877,9 +3877,14 @@ public class UserManagerService extends IUserManager.Stub { @@ -3877,9 +3877,14 @@ public void setSeedAccountData(int userId, String accountName, String accountTyp
Slog.e(LOG_TAG, "No such user for settings seed data u=" + userId); Slog.e(LOG_TAG, "No such user for settings seed data u=" + userId);
return; return;
} }
@ -217,10 +217,19 @@ index 318c11141cfe..645ee1a2f12e 100644
} }
if (persist) { if (persist) {
diff --git a/services/tests/servicestests/src/com/android/server/pm/UserManagerTest.java b/services/tests/servicestests/src/com/android/server/pm/UserManagerTest.java diff --git a/services/tests/servicestests/src/com/android/server/pm/UserManagerTest.java b/services/tests/servicestests/src/com/android/server/pm/UserManagerTest.java
index e9edba58a3dd..331bbb753ebf 100644 index e9edba58a3dd7..69548f839c1e0 100644
--- a/services/tests/servicestests/src/com/android/server/pm/UserManagerTest.java --- a/services/tests/servicestests/src/com/android/server/pm/UserManagerTest.java
+++ b/services/tests/servicestests/src/com/android/server/pm/UserManagerTest.java +++ b/services/tests/servicestests/src/com/android/server/pm/UserManagerTest.java
@@ -24,6 +24,7 @@ import android.content.IntentFilter; @@ -16,6 +16,8 @@
package com.android.server.pm;
+import static org.junit.Assert.assertTrue;
+
import android.app.ActivityManager;
import android.content.BroadcastReceiver;
import android.content.Context;
@@ -24,6 +26,7 @@
import android.content.pm.PackageManager; import android.content.pm.PackageManager;
import android.content.pm.UserInfo; import android.content.pm.UserInfo;
import android.os.Bundle; import android.os.Bundle;
@ -228,7 +237,7 @@ index e9edba58a3dd..331bbb753ebf 100644
import android.os.UserHandle; import android.os.UserHandle;
import android.os.UserManager; import android.os.UserManager;
import android.provider.Settings; import android.provider.Settings;
@@ -601,6 +602,107 @@ public class UserManagerTest extends AndroidTestCase { @@ -601,6 +604,106 @@ public void testConcurrentUserCreate() throws Exception {
assertEquals(canBeCreatedCount, created.get()); assertEquals(canBeCreatedCount, created.get());
} }
@ -331,7 +340,6 @@ index e9edba58a3dd..331bbb753ebf 100644
+ } + }
+ return resultString.toString(); + return resultString.toString();
+ } + }
+
+ +
private boolean isPackageInstalledForUser(String packageName, int userId) { private boolean isPackageInstalledForUser(String packageName, int userId) {
try { try {

2
Patches/LineageOS-17.1/android_packages_apps_Settings/316891059-17.patch
View File

@ -56,7 +56,7 @@ index 63bf420c027..eaadbc2af50 100644
- if (isSettingsPackage || isWhitelistedPackage) { - if (isSettingsPackage || isWhitelistedPackage) {
+ final boolean isSettingsPackage = TextUtils.equals(callerPackage, context.getPackageName()) + final boolean isSettingsPackage = TextUtils.equals(callerPackage, context.getPackageName())
+ || TextUtils.equals(getSettingsIntelligencePkgName(context), callerPackage); + || TextUtils.equals(getSettingsIntelligencePkgName(context), callerPackage);
+ final boolean isAllowlistedPackage = isSignatureAllowlisted(context, callerPackage); + final boolean isAllowlistedPackage = isSignatureWhitelisted(context, callerPackage);
+ if (isSettingsPackage || isAllowlistedPackage) { + if (isSettingsPackage || isAllowlistedPackage) {
return; return;
} }

133
Patches/LineageOS-18.1/android_frameworks_base/392206.patch Normal file
View File

@ -0,0 +1,133 @@
From 402c96a6689e35f11b3de7f86ec010002da7772a Mon Sep 17 00:00:00 2001
From: Jan Tomljanovic <jtomljanovic@google.com>
Date: Fri, 6 Nov 2020 11:28:09 +0000
Subject: [PATCH] Don't try to show the current toast again while it's showing.
By doing this we avoid a few bad things:
- mechanism that hides the current toast by trying to show it again
- delaying the call to hide and remove the current toast from the queue
when it's duration expires (which in the case of repeated calls can
delay this indefinitely)
Test: atest NotificationManagerServiceTest
Test: atest android.widget.cts.ToastTest
Bug: 167672740
Change-Id: Ie4953109314113efae49fa0c5e0c236e6e0dbb23
---
.../NotificationManagerService.java | 13 +++++
.../NotificationManagerServiceTest.java | 53 +++++++++++++++++++
2 files changed, 66 insertions(+)
diff --git a/services/core/java/com/android/server/notification/NotificationManagerService.java b/services/core/java/com/android/server/notification/NotificationManagerService.java
index 32873445b5e6f..11c89bbdf4d94 100755
--- a/services/core/java/com/android/server/notification/NotificationManagerService.java
+++ b/services/core/java/com/android/server/notification/NotificationManagerService.java
@@ -493,6 +493,10 @@ public class NotificationManagerService extends SystemService {
private KeyguardManager mKeyguardManager;
+ // True if the toast that's on top of the queue is being shown at the moment.
+ @GuardedBy("mToastQueue")
+ private boolean mIsCurrentToastShown = false;
+
// The last key in this list owns the hardware.
ArrayList<String> mLights = new ArrayList<>();
@@ -7444,10 +7448,15 @@ public void run() {
@GuardedBy("mToastQueue")
void showNextToastLocked() {
+ if (mIsCurrentToastShown) {
+ return; // Don't show the same toast twice.
+ }
+
ToastRecord record = mToastQueue.get(0);
while (record != null) {
if (record.show()) {
scheduleDurationReachedLocked(record);
+ mIsCurrentToastShown = true;
return;
}
int index = mToastQueue.indexOf(record);
@@ -7463,6 +7472,10 @@ void cancelToastLocked(int index) {
ToastRecord record = mToastQueue.get(index);
record.hide();
+ if (index == 0) {
+ mIsCurrentToastShown = false;
+ }
+
ToastRecord lastToast = mToastQueue.remove(index);
mWindowManagerInternal.removeWindowToken(lastToast.windowToken, false /* removeWindows */,
diff --git a/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java b/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java
index 9ed2b17de4237..3a108144ad66a 100755
--- a/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java
+++ b/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java
@@ -5341,6 +5341,32 @@ public void testDisallowBackgroundCustomToasts() throws Exception {
assertEquals(0, mService.mToastQueue.size());
}
+ @Test
+ public void testDontCallShowToastAgainOnTheSameCustomToast() throws Exception {
+ final String testPackage = "testPackageName";
+ assertEquals(0, mService.mToastQueue.size());
+ mService.isSystemUid = false;
+
+ // package is not suspended
+ when(mPackageManager.isPackageSuspendedForUser(testPackage, UserHandle.getUserId(mUid)))
+ .thenReturn(false);
+
+ setAppInForegroundForToasts(mUid, true);
+
+ Binder token = new Binder();
+ ITransientNotification callback = mock(ITransientNotification.class);
+ INotificationManager nmService = (INotificationManager) mService.mService;
+
+ // first time trying to show the toast, showToast gets called
+ nmService.enqueueToast(testPackage, token, callback, 2000, 0);
+ verify(callback, times(1)).show(any());
+
+ // second time trying to show the same toast, showToast isn't called again (total number of
+ // invocations stays at one)
+ nmService.enqueueToast(testPackage, token, callback, 2000, 0);
+ verify(callback, times(1)).show(any());
+ }
+
@Test
public void testAllowForegroundTextToasts() throws Exception {
final String testPackage = "testPackageName";
@@ -5377,6 +5403,33 @@ public void testAllowBackgroundTextToasts() throws Exception {
assertEquals(1, mService.mToastQueue.size());
}
+ @Test
+ public void testDontCallShowToastAgainOnTheSameTextToast() throws Exception {
+ final String testPackage = "testPackageName";
+ assertEquals(0, mService.mToastQueue.size());
+ mService.isSystemUid = false;
+
+ // package is not suspended
+ when(mPackageManager.isPackageSuspendedForUser(testPackage, UserHandle.getUserId(mUid)))
+ .thenReturn(false);
+
+ setAppInForegroundForToasts(mUid, true);
+
+ Binder token = new Binder();
+ INotificationManager nmService = (INotificationManager) mService.mService;
+
+ // first time trying to show the toast, showToast gets called
+ nmService.enqueueTextToast(testPackage, token, "Text", 2000, 0, null);
+ verify(mStatusBar, times(1))
+ .showToast(anyInt(), any(), any(), any(), any(), anyInt(), any());
+
+ // second time trying to show the same toast, showToast isn't called again (total number of
+ // invocations stays at one)
+ nmService.enqueueTextToast(testPackage, token, "Text", 2000, 0, null);
+ verify(mStatusBar, times(1))
+ .showToast(anyInt(), any(), any(), any(), any(), anyInt(), any());
+ }
+
@Test
public void testTextToastsCallStatusBar() throws Exception {
final String testPackage = "testPackageName";

148
Patches/LineageOS-18.1/android_frameworks_base/392207.patch Normal file
View File

@ -0,0 +1,148 @@
From 29f60871d3789e757b012b5d433bf9d9508b274a Mon Sep 17 00:00:00 2001
From: Valentin Iftime <valiiftime@google.com>
Date: Mon, 16 Oct 2023 09:29:17 +0200
Subject: [PATCH] [BACKPORT] Prioritize system toasts
Insert toasts from system packages at the front of the queue
to ensure that apps can't spam with toast to delay system toasts from showing.
Test: atest NotificationManagerServiceTest
Bug: 293301736
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:67721fcfb3198f220c90c976f870407a0bb8d6c6)
Merged-In: I13547f853476bc88d12026c545aba9f857ce8724
Change-Id: I13547f853476bc88d12026c545aba9f857ce8724
---
.../NotificationManagerService.java | 33 ++++++++-
.../NotificationManagerServiceTest.java | 68 +++++++++++++++++++
2 files changed, 99 insertions(+), 2 deletions(-)
diff --git a/services/core/java/com/android/server/notification/NotificationManagerService.java b/services/core/java/com/android/server/notification/NotificationManagerService.java
index 11c89bbdf4d94..dfc9c135c7da7 100755
--- a/services/core/java/com/android/server/notification/NotificationManagerService.java
+++ b/services/core/java/com/android/server/notification/NotificationManagerService.java
@@ -3042,8 +3042,19 @@ record = mToastQueue.get(index);
mWindowManagerInternal.addWindowToken(windowToken, TYPE_TOAST, displayId);
record = getToastRecord(callingUid, callingPid, pkg, token, text, callback,
duration, windowToken, displayId, textCallback);
- mToastQueue.add(record);
- index = mToastQueue.size() - 1;
+
+ // Insert system toasts at the front of the queue
+ int systemToastInsertIdx = mToastQueue.size();
+ if (isSystemToast) {
+ systemToastInsertIdx = getInsertIndexForSystemToastLocked();
+ }
+ if (systemToastInsertIdx < mToastQueue.size()) {
+ index = systemToastInsertIdx;
+ mToastQueue.add(index, record);
+ } else {
+ mToastQueue.add(record);
+ index = mToastQueue.size() - 1;
+ }
keepProcessAliveForToastIfNeededLocked(callingPid);
}
// If it's at index 0, it's the current toast. It doesn't matter if it's
@@ -3059,6 +3070,24 @@ record = getToastRecord(callingUid, callingPid, pkg, token, text, callback,
}
}
+ @GuardedBy("mToastQueue")
+ private int getInsertIndexForSystemToastLocked() {
+ // If there are other system toasts: insert after the last one
+ int idx = 0;
+ for (ToastRecord r : mToastQueue) {
+ if (idx == 0 && mIsCurrentToastShown) {
+ idx++;
+ continue;
+ }
+ /* BACKPORT: In Android 11, Toastrecord does not have the attribute isSystemToast */
+ if (!isUidSystemOrPhone(r.uid) && !PackageManagerService.PLATFORM_PACKAGE_NAME.equals(r.pkg)) {
+ return idx;
+ }
+ idx++;
+ }
+ return idx;
+ }
+
/**
* Implementation note: Our definition of foreground for toasts is an implementation matter
* and should strike a balance between functionality and anti-abuse effectiveness. We
diff --git a/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java b/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java
index 3a108144ad66a..011c408492fa3 100755
--- a/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java
+++ b/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java
@@ -5510,6 +5510,74 @@ public void testAlwaysAllowSystemToasts() throws Exception {
assertEquals(1, mService.mToastQueue.size());
}
+ @Test
+ public void testPrioritizeSystemToasts() throws Exception {
+ // Insert non-system toasts
+ final String testPackage = "testPackageName";
+ assertEquals(0, mService.mToastQueue.size());
+ mService.isSystemUid = false;
+ mService.isSystemAppId = false;
+ setToastRateIsWithinQuota(true);
+ setIfPackageHasPermissionToAvoidToastRateLimiting(testPackage, false);
+
+ // package is not suspended
+ when(mPackageManager.isPackageSuspendedForUser(testPackage, UserHandle.getUserId(mUid)))
+ .thenReturn(false);
+
+ INotificationManager nmService = (INotificationManager) mService.mService;
+
+ // Enqueue maximum number of toasts for test package
+ for (int i = 0; i < NotificationManagerService.MAX_PACKAGE_TOASTS; i++) {
+ nmService.enqueueTextToast(testPackage, new Binder(), "Text", 2000, 0, null);
+ }
+
+ // Enqueue system toast
+ final String testPackageSystem = "testPackageNameSystem";
+ mService.isSystemUid = true;
+ setIfPackageHasPermissionToAvoidToastRateLimiting(testPackageSystem, false);
+ when(mPackageManager.isPackageSuspendedForUser(testPackageSystem, UserHandle.getUserId(mUid)))
+ .thenReturn(false);
+
+ nmService.enqueueToast(testPackageSystem, new Binder(), new TestableToastCallback(), 2000, 0);
+
+ // System toast is inserted at the front of the queue, behind current showing toast
+ assertEquals(testPackageSystem, mService.mToastQueue.get(1).pkg);
+ }
+
+ @Test
+ public void testPrioritizeSystemToasts_enqueueAfterExistingSystemToast() throws Exception {
+ // Insert system toasts
+ final String testPackageSystem1 = "testPackageNameSystem1";
+ assertEquals(0, mService.mToastQueue.size());
+ mService.isSystemUid = true;
+ setToastRateIsWithinQuota(true);
+ setIfPackageHasPermissionToAvoidToastRateLimiting(testPackageSystem1, false);
+
+ // package is not suspended
+ when(mPackageManager.isPackageSuspendedForUser(testPackageSystem1, UserHandle.getUserId(mUid)))
+ .thenReturn(false);
+
+ INotificationManager nmService = (INotificationManager) mService.mService;
+
+ // Enqueue maximum number of toasts for test package
+ for (int i = 0; i < NotificationManagerService.MAX_PACKAGE_TOASTS; i++) {
+ nmService.enqueueTextToast(testPackageSystem1, new Binder(), "Text", 2000, 0, null);
+ }
+
+ // Enqueue another system toast
+ final String testPackageSystem2 = "testPackageNameSystem2";
+ mService.isSystemUid = true;
+ setIfPackageHasPermissionToAvoidToastRateLimiting(testPackageSystem2, false);
+ when(mPackageManager.isPackageSuspendedForUser(testPackageSystem2, UserHandle.getUserId(mUid)))
+ .thenReturn(false);
+
+ nmService.enqueueToast(testPackageSystem2, new Binder(), new TestableToastCallback(), 2000, 0);
+
+ // System toast is inserted at the back of the queue, after the other system toasts
+ assertEquals(testPackageSystem2,
+ mService.mToastQueue.get(mService.mToastQueue.size() - 1).pkg);
+ }
+
private void setAppInForegroundForToasts(int uid, boolean inForeground) {
int importance = (inForeground) ? IMPORTANCE_FOREGROUND : IMPORTANCE_NONE;
when(mActivityManager.getUidImportance(mUid)).thenReturn(importance);

2
Patches/LineageOS-18.1/android_packages_apps_Settings/316891059-18.patch
View File

@ -56,7 +56,7 @@ index 63bf420c027..eaadbc2af50 100644
- if (isSettingsPackage || isWhitelistedPackage) { - if (isSettingsPackage || isWhitelistedPackage) {
+ final boolean isSettingsPackage = TextUtils.equals(callerPackage, context.getPackageName()) + final boolean isSettingsPackage = TextUtils.equals(callerPackage, context.getPackageName())
+ || TextUtils.equals(getSettingsIntelligencePkgName(context), callerPackage); + || TextUtils.equals(getSettingsIntelligencePkgName(context), callerPackage);
+ final boolean isAllowlistedPackage = isSignatureAllowlisted(context, callerPackage); + final boolean isAllowlistedPackage = isSignatureWhitelisted(context, callerPackage);
+ if (isSettingsPackage || isAllowlistedPackage) { + if (isSettingsPackage || isAllowlistedPackage) {
return; return;
} }

4
Scripts/LineageOS-17.1/Patch.sh
View File

@ -296,8 +296,8 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/391910.patch"; #Q_asb_2024-03 A
applyPatch "$DOS_PATCHES/android_frameworks_base/391911.patch"; #Q_asb_2024-03 Validate package names passed to the installer. applyPatch "$DOS_PATCHES/android_frameworks_base/391911.patch"; #Q_asb_2024-03 Validate package names passed to the installer.
applyPatch "$DOS_PATCHES/android_frameworks_base/391912.patch"; #Q_asb_2024-03 Disallow system apps to be installed/updated as instant. applyPatch "$DOS_PATCHES/android_frameworks_base/391912.patch"; #Q_asb_2024-03 Disallow system apps to be installed/updated as instant.
applyPatch "$DOS_PATCHES/android_frameworks_base/391913.patch"; #Q_asb_2024-03 Close AccountManagerService.session after timeout. applyPatch "$DOS_PATCHES/android_frameworks_base/391913.patch"; #Q_asb_2024-03 Close AccountManagerService.session after timeout.
applyPatch "$DOS_PATCHES/android_frameworks_base/389014-backport.patch"; #S_asb_2024-04 Fix security vulnerability that creates user with no restrictions when accountOptions are too long. applyPatch "$DOS_PATCHES/android_frameworks_base/392204.patch"; #Q_asb_2024-04 isUserInLockDown can be true when there are other strong auth requirements
applyPatch "$DOS_PATCHES/android_frameworks_base/389269-backport.patch"; #P_asb_2024-04 Close isUserInLockDown can be true when there are other strong auth requirements applyPatch "$DOS_PATCHES/android_frameworks_base/392205.patch"; #Q_asb_2024-04 Fix security vulnerability that creates user with no restrictions when accountOptions are too long.
#applyPatch "$DOS_PATCHES/android_frameworks_base/272645.patch"; #ten-bt-sbc-hd-dualchannel: Add CHANNEL_MODE_DUAL_CHANNEL constant (ValdikSS) #applyPatch "$DOS_PATCHES/android_frameworks_base/272645.patch"; #ten-bt-sbc-hd-dualchannel: Add CHANNEL_MODE_DUAL_CHANNEL constant (ValdikSS)
#applyPatch "$DOS_PATCHES/android_frameworks_base/272646-forwardport.patch"; #ten-bt-sbc-hd-dualchannel: Add Dual Channel into Bluetooth Audio Channel Mode developer options menu (ValdikSS) #applyPatch "$DOS_PATCHES/android_frameworks_base/272646-forwardport.patch"; #ten-bt-sbc-hd-dualchannel: Add Dual Channel into Bluetooth Audio Channel Mode developer options menu (ValdikSS)
#applyPatch "$DOS_PATCHES/android_frameworks_base/272647.patch"; #ten-bt-sbc-hd-dualchannel: Allow SBC as HD audio codec in Bluetooth device configuration (ValdikSS) #applyPatch "$DOS_PATCHES/android_frameworks_base/272647.patch"; #ten-bt-sbc-hd-dualchannel: Allow SBC as HD audio codec in Bluetooth device configuration (ValdikSS)

2
Scripts/LineageOS-18.1/Patch.sh
View File

@ -149,6 +149,8 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/385539.patch"; #R_asb_2024-03 C
applyPatch "$DOS_PATCHES/android_frameworks_base/389131.patch"; #R_asb_2024-04 Added limitations for attributions to handle invalid cases applyPatch "$DOS_PATCHES/android_frameworks_base/389131.patch"; #R_asb_2024-04 Added limitations for attributions to handle invalid cases
applyPatch "$DOS_PATCHES/android_frameworks_base/389132.patch"; #R_asb_2024-04 isUserInLockDown can be true when there are other strong auth requirements applyPatch "$DOS_PATCHES/android_frameworks_base/389132.patch"; #R_asb_2024-04 isUserInLockDown can be true when there are other strong auth requirements
applyPatch "$DOS_PATCHES/android_frameworks_base/389133.patch"; #R_asb_2024-04 Fix security vulnerability that creates user with no restrictions when accountOptions are too long. applyPatch "$DOS_PATCHES/android_frameworks_base/389133.patch"; #R_asb_2024-04 Fix security vulnerability that creates user with no restrictions when accountOptions are too long.
applyPatch "$DOS_PATCHES/android_frameworks_base/392206.patch"; #R_asb_2024-05 Don't try to show the current toast again while it's showing.
applyPatch "$DOS_PATCHES/android_frameworks_base/392207.patch"; #R_asb_2024-05 Prioritize system toasts
git revert --no-edit 438d9feacfcad73d3ee918541574132928a93644; #Reverts "Allow signature spoofing for microG Companion/Services" in favor of below patch git revert --no-edit 438d9feacfcad73d3ee918541574132928a93644; #Reverts "Allow signature spoofing for microG Companion/Services" in favor of below patch
applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS)
applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)