mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-24 23:19:31 -05:00
Reconcile picks
Signed-off-by: Tavi <tavi@divested.dev>
This commit is contained in:
parent
85e5812290
commit
105767c7a7
@ -1,7 +1,7 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From 74747aa8b26ad278923444b7b18ec9e06e5c471d Mon Sep 17 00:00:00 2001
|
||||
From: Martijn Coenen <maco@google.com>
|
||||
Date: Thu, 29 Feb 2024 12:03:05 +0000
|
||||
Subject: [PATCH] Verify UID of incoming Zygote connections.
|
||||
Subject: [PATCH] [BACKPORT] Verify UID of incoming Zygote connections.
|
||||
|
||||
Only the system UID should be allowed to connect to the Zygote. While
|
||||
for generic Zygotes this is also covered by SELinux policy, this is not
|
||||
@ -33,7 +33,7 @@ Change-Id: I3f85a17107849e2cd3e82d6ef15c90b9e2f26532
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/core/java/com/android/internal/os/ZygoteConnection.java b/core/java/com/android/internal/os/ZygoteConnection.java
|
||||
index f537e3e2897b..522da894fd0f 100644
|
||||
index f537e3e2897b8..522da894fd0f3 100644
|
||||
--- a/core/java/com/android/internal/os/ZygoteConnection.java
|
||||
+++ b/core/java/com/android/internal/os/ZygoteConnection.java
|
||||
@@ -100,6 +100,9 @@ class ZygoteConnection {
|
@ -1,4 +1,4 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From 3ddd68bfd55611e77af5024b7c917f068689f34a Mon Sep 17 00:00:00 2001
|
||||
From: Yi-an Chen <theianchen@google.com>
|
||||
Date: Tue, 23 Apr 2024 21:53:02 +0000
|
||||
Subject: [PATCH] Fix security vulnerability of non-dynamic permission removal
|
||||
@ -23,10 +23,10 @@ Change-Id: Id573b75cdcfce3a1df5731ffb00c4228c513e686
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
index b902001cd359..91f24d7295a9 100644
|
||||
index b902001cd359b..91f24d7295a9b 100644
|
||||
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
@@ -758,7 +758,7 @@ public class PermissionManagerService {
|
||||
@@ -758,7 +758,7 @@ private void removeDynamicPermission(
|
||||
if (bp == null) {
|
||||
return;
|
||||
}
|
@ -1,4 +1,4 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From 36218242743fb18b9d23d3ad5cc787cbf1967ed2 Mon Sep 17 00:00:00 2001
|
||||
From: Brian Delwiche <delwiche@google.com>
|
||||
Date: Mon, 22 Apr 2024 21:14:56 +0000
|
||||
Subject: [PATCH] Fix an authentication bypass bug in SMP
|
||||
@ -20,7 +20,7 @@ Change-Id: I66b1f9a80060f48a604001829db8ea7c96c7b7f8
|
||||
2 files changed, 13 insertions(+)
|
||||
|
||||
diff --git a/stack/smp/smp_act.cc b/stack/smp/smp_act.cc
|
||||
index f530218fb..05e0b91a4 100644
|
||||
index f530218fb0..05e0b91a49 100644
|
||||
--- a/stack/smp/smp_act.cc
|
||||
+++ b/stack/smp/smp_act.cc
|
||||
@@ -281,6 +281,7 @@ void smp_send_pair_rsp(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
|
||||
@ -50,7 +50,7 @@ index f530218fb..05e0b91a4 100644
|
||||
STREAM_TO_ARRAY(p_cb->rrand, p, BT_OCTET16_LEN);
|
||||
}
|
||||
diff --git a/stack/smp/smp_int.h b/stack/smp/smp_int.h
|
||||
index e0e27a4b2..3ccb4ad6f 100644
|
||||
index e0e27a4b2a..3ccb4ad6f8 100644
|
||||
--- a/stack/smp/smp_int.h
|
||||
+++ b/stack/smp/smp_int.h
|
||||
@@ -240,6 +240,7 @@ typedef union {
|
@ -326,8 +326,8 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/394879.patch"; #P_asb_2024-06 A
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/394880.patch"; #P_asb_2024-06 Check hidden API exemptions
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/394881.patch"; #P_asb_2024-06 AccessibilityManagerService: remove uninstalled services from enabled list after service update.
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/394882.patch"; #P_asb_2024-06 Check permissions for CDM shell commands
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/397542.patch"; #R_asb_2024-07 Verify UID of incoming Zygote connections.
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/397543.patch"; #R_asb_2024-07 Fix security vulnerability of non-dynamic permission removal
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/397594.patch"; #P_asb_2024-07 Verify UID of incoming Zygote connections.
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/397595.patch"; #P_asb_2024-07 Fix security vulnerability of non-dynamic permission removal
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch"; #Allow SystemUI to directly manage Bluetooth/WiFi (GrapheneOS)
|
||||
@ -661,7 +661,7 @@ applyPatch "$DOS_PATCHES/android_system_bt/385675.patch"; #P_asb_2024-03 Fix OOB
|
||||
applyPatch "$DOS_PATCHES/android_system_bt/385676.patch"; #P_asb_2024-03 Fix an OOB bug in smp_proc_sec_req
|
||||
applyPatch "$DOS_PATCHES/android_system_bt/385677.patch"; #P_asb_2024-03 Reland: Fix an OOB write bug in attp_build_value_cmd
|
||||
applyPatch "$DOS_PATCHES/android_system_bt/385678.patch"; #P_asb_2024-03 Fix a security bypass issue in access_secure_service_from_temp_bond
|
||||
applyPatch "$DOS_PATCHES/android_system_bt/397545-backport.patch"; #R_asb_2024-07 Fix an authentication bypass bug in SMP
|
||||
applyPatch "$DOS_PATCHES/android_system_bt/397596.patch"; #P_asb_2024-07 Fix an authentication bypass bug in SMP
|
||||
#applyPatch "$DOS_PATCHES_COMMON/android_system_bt/0001-alloc_size.patch"; #Add alloc_size attributes to the allocator (GrapheneOS)
|
||||
fi;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user