Reconcile picks

Signed-off-by: Tavi <tavi@divested.dev>
This commit is contained in:
Tavi 2024-07-17 17:46:20 -04:00
parent 85e5812290
commit 105767c7a7
No known key found for this signature in database
GPG Key ID: E599F62ECBAEAF2E
4 changed files with 12 additions and 12 deletions

View File

@ -1,7 +1,7 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From 74747aa8b26ad278923444b7b18ec9e06e5c471d Mon Sep 17 00:00:00 2001
From: Martijn Coenen <maco@google.com>
Date: Thu, 29 Feb 2024 12:03:05 +0000
Subject: [PATCH] Verify UID of incoming Zygote connections.
Subject: [PATCH] [BACKPORT] Verify UID of incoming Zygote connections.
Only the system UID should be allowed to connect to the Zygote. While
for generic Zygotes this is also covered by SELinux policy, this is not
@ -33,7 +33,7 @@ Change-Id: I3f85a17107849e2cd3e82d6ef15c90b9e2f26532
1 file changed, 3 insertions(+)
diff --git a/core/java/com/android/internal/os/ZygoteConnection.java b/core/java/com/android/internal/os/ZygoteConnection.java
index f537e3e2897b..522da894fd0f 100644
index f537e3e2897b8..522da894fd0f3 100644
--- a/core/java/com/android/internal/os/ZygoteConnection.java
+++ b/core/java/com/android/internal/os/ZygoteConnection.java
@@ -100,6 +100,9 @@ class ZygoteConnection {

View File

@ -1,4 +1,4 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From 3ddd68bfd55611e77af5024b7c917f068689f34a Mon Sep 17 00:00:00 2001
From: Yi-an Chen <theianchen@google.com>
Date: Tue, 23 Apr 2024 21:53:02 +0000
Subject: [PATCH] Fix security vulnerability of non-dynamic permission removal
@ -23,10 +23,10 @@ Change-Id: Id573b75cdcfce3a1df5731ffb00c4228c513e686
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
index b902001cd359..91f24d7295a9 100644
index b902001cd359b..91f24d7295a9b 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@@ -758,7 +758,7 @@ public class PermissionManagerService {
@@ -758,7 +758,7 @@ private void removeDynamicPermission(
if (bp == null) {
return;
}

View File

@ -1,4 +1,4 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From 36218242743fb18b9d23d3ad5cc787cbf1967ed2 Mon Sep 17 00:00:00 2001
From: Brian Delwiche <delwiche@google.com>
Date: Mon, 22 Apr 2024 21:14:56 +0000
Subject: [PATCH] Fix an authentication bypass bug in SMP
@ -20,7 +20,7 @@ Change-Id: I66b1f9a80060f48a604001829db8ea7c96c7b7f8
2 files changed, 13 insertions(+)
diff --git a/stack/smp/smp_act.cc b/stack/smp/smp_act.cc
index f530218fb..05e0b91a4 100644
index f530218fb0..05e0b91a49 100644
--- a/stack/smp/smp_act.cc
+++ b/stack/smp/smp_act.cc
@@ -281,6 +281,7 @@ void smp_send_pair_rsp(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
@ -50,7 +50,7 @@ index f530218fb..05e0b91a4 100644
STREAM_TO_ARRAY(p_cb->rrand, p, BT_OCTET16_LEN);
}
diff --git a/stack/smp/smp_int.h b/stack/smp/smp_int.h
index e0e27a4b2..3ccb4ad6f 100644
index e0e27a4b2a..3ccb4ad6f8 100644
--- a/stack/smp/smp_int.h
+++ b/stack/smp/smp_int.h
@@ -240,6 +240,7 @@ typedef union {

View File

@ -326,8 +326,8 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/394879.patch"; #P_asb_2024-06 A
applyPatch "$DOS_PATCHES/android_frameworks_base/394880.patch"; #P_asb_2024-06 Check hidden API exemptions
applyPatch "$DOS_PATCHES/android_frameworks_base/394881.patch"; #P_asb_2024-06 AccessibilityManagerService: remove uninstalled services from enabled list after service update.
applyPatch "$DOS_PATCHES/android_frameworks_base/394882.patch"; #P_asb_2024-06 Check permissions for CDM shell commands
applyPatch "$DOS_PATCHES/android_frameworks_base/397542.patch"; #R_asb_2024-07 Verify UID of incoming Zygote connections.
applyPatch "$DOS_PATCHES/android_frameworks_base/397543.patch"; #R_asb_2024-07 Fix security vulnerability of non-dynamic permission removal
applyPatch "$DOS_PATCHES/android_frameworks_base/397594.patch"; #P_asb_2024-07 Verify UID of incoming Zygote connections.
applyPatch "$DOS_PATCHES/android_frameworks_base/397595.patch"; #P_asb_2024-07 Fix security vulnerability of non-dynamic permission removal
applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS)
applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
applyPatch "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch"; #Allow SystemUI to directly manage Bluetooth/WiFi (GrapheneOS)
@ -661,7 +661,7 @@ applyPatch "$DOS_PATCHES/android_system_bt/385675.patch"; #P_asb_2024-03 Fix OOB
applyPatch "$DOS_PATCHES/android_system_bt/385676.patch"; #P_asb_2024-03 Fix an OOB bug in smp_proc_sec_req
applyPatch "$DOS_PATCHES/android_system_bt/385677.patch"; #P_asb_2024-03 Reland: Fix an OOB write bug in attp_build_value_cmd
applyPatch "$DOS_PATCHES/android_system_bt/385678.patch"; #P_asb_2024-03 Fix a security bypass issue in access_secure_service_from_temp_bond
applyPatch "$DOS_PATCHES/android_system_bt/397545-backport.patch"; #R_asb_2024-07 Fix an authentication bypass bug in SMP
applyPatch "$DOS_PATCHES/android_system_bt/397596.patch"; #P_asb_2024-07 Fix an authentication bypass bug in SMP
#applyPatch "$DOS_PATCHES_COMMON/android_system_bt/0001-alloc_size.patch"; #Add alloc_size attributes to the allocator (GrapheneOS)
fi;