Reconcile

Signed-off-by: Tavi <tavi@divested.dev>
This commit is contained in:
Tavi 2024-05-11 12:29:37 -04:00
parent 0dcdeb029a
commit 151caed4da
No known key found for this signature in database
GPG Key ID: E599F62ECBAEAF2E
4 changed files with 57 additions and 32 deletions

View File

@ -1,4 +1,4 @@
From 14e41b9febe8d5eaf1da70e720bc33e708f8966e Mon Sep 17 00:00:00 2001
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Beverly <beverlyt@google.com>
Date: Thu, 18 Jan 2024 20:13:52 +0000
Subject: [PATCH] isUserInLockDown can be true when there are other strong auth
@ -18,10 +18,10 @@ Change-Id: I5e979a7822dd7254b4579ab28ecf96df1db44179
2 files changed, 37 insertions(+), 7 deletions(-)
diff --git a/core/java/com/android/internal/widget/LockPatternUtils.java b/core/java/com/android/internal/widget/LockPatternUtils.java
index 1f49cab989723..2857324d524cc 100644
index 1f49cab98972..2857324d524c 100644
--- a/core/java/com/android/internal/widget/LockPatternUtils.java
+++ b/core/java/com/android/internal/widget/LockPatternUtils.java
@@ -1794,8 +1794,8 @@ public boolean isBiometricAllowedForUser(int userId) {
@@ -1794,8 +1794,8 @@ public class LockPatternUtils {
}
public boolean isUserInLockdown(int userId) {
@ -33,10 +33,10 @@ index 1f49cab989723..2857324d524cc 100644
private ICheckCredentialProgressCallback wrapCallback(
diff --git a/core/tests/utiltests/src/com/android/internal/util/LockPatternUtilsTest.java b/core/tests/utiltests/src/com/android/internal/util/LockPatternUtilsTest.java
index 9913531cdf132..433a35bffeb80 100644
index 9913531cdf13..433a35bffeb8 100644
--- a/core/tests/utiltests/src/com/android/internal/util/LockPatternUtilsTest.java
+++ b/core/tests/utiltests/src/com/android/internal/util/LockPatternUtilsTest.java
@@ -19,6 +19,9 @@
@@ -19,6 +19,9 @@ package com.android.internal.util;
import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_MANAGED;
import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED;
@ -46,7 +46,7 @@ index 9913531cdf132..433a35bffeb80 100644
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import static org.mockito.Mockito.doReturn;
@@ -48,12 +51,15 @@
@@ -48,12 +51,15 @@ import org.mockito.Mockito;
@SmallTest
public class LockPatternUtilsTest {
@ -62,7 +62,7 @@ index 9913531cdf132..433a35bffeb80 100644
final Context context = spy(new ContextWrapper(InstrumentationRegistry.getTargetContext()));
final MockContentResolver cr = new MockContentResolver(context);
@@ -61,13 +67,12 @@ private void configureTest(boolean isSecure, boolean isDemoUser, int deviceDemoM
@@ -61,13 +67,12 @@ public class LockPatternUtilsTest {
when(context.getContentResolver()).thenReturn(cr);
Settings.Global.putInt(cr, Settings.Global.DEVICE_DEMO_MODE, deviceDemoMode);
@ -80,7 +80,7 @@ index 9913531cdf132..433a35bffeb80 100644
doReturn(true).when(mLockPatternUtils).hasSecureLockScreen();
final UserInfo userInfo = Mockito.mock(UserInfo.class);
@@ -77,6 +82,31 @@ private void configureTest(boolean isSecure, boolean isDemoUser, int deviceDemoM
@@ -77,6 +82,31 @@ public class LockPatternUtilsTest {
when(context.getSystemService(Context.USER_SERVICE)).thenReturn(um);
}

View File

@ -1,4 +1,4 @@
From f856be82ebd99d0f9f261058cea4fc58c729ad21 Mon Sep 17 00:00:00 2001
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Tetiana Meronyk <tetianameronyk@google.com>
Date: Wed, 10 Jan 2024 16:25:13 +0000
Subject: [PATCH] Fix security vulnerability that creates user with no
@ -18,10 +18,10 @@ Change-Id: I23c971f671546ac085060add89485cfac6691ca3
5 files changed, 188 insertions(+), 16 deletions(-)
diff --git a/core/java/android/os/PersistableBundle.java b/core/java/android/os/PersistableBundle.java
index 3e63127543593..bf584c957aa0b 100644
index 3e6312754359..bf584c957aa0 100644
--- a/core/java/android/os/PersistableBundle.java
+++ b/core/java/android/os/PersistableBundle.java
@@ -268,6 +268,43 @@ public void saveToXml(XmlSerializer out) throws IOException, XmlPullParserExcept
@@ -268,6 +268,43 @@ public final class PersistableBundle extends BaseBundle implements Cloneable, Pa
XmlUtils.writeMapXml(mMap, out, this);
}
@ -66,7 +66,7 @@ index 3e63127543593..bf584c957aa0b 100644
static class MyReadMapCallback implements XmlUtils.ReadMapCallback {
@Override
diff --git a/core/java/android/os/UserManager.java b/core/java/android/os/UserManager.java
index da41478e91a66..fc714923bf41d 100644
index da41478e91a6..fc714923bf41 100644
--- a/core/java/android/os/UserManager.java
+++ b/core/java/android/os/UserManager.java
@@ -77,6 +77,21 @@ public class UserManager {
@ -91,7 +91,7 @@ index da41478e91a66..fc714923bf41d 100644
/**
* @hide
* No user restriction.
@@ -2199,15 +2214,15 @@ public UserInfo createRestrictedProfile(String name) {
@@ -2199,15 +2214,15 @@ public class UserManager {
* time, the preferred user name and account information are used by the setup process for that
* user.
*
@ -112,10 +112,10 @@ index da41478e91a66..fc714923bf41d 100644
* @see #USER_CREATION_FAILED_NOT_PERMITTED
* @see #USER_CREATION_FAILED_NO_MORE_USERS
diff --git a/core/java/com/android/internal/app/ConfirmUserCreationActivity.java b/core/java/com/android/internal/app/ConfirmUserCreationActivity.java
index 03da9bc939ec5..74dedc38a9227 100644
index 03da9bc939ec..74dedc38a922 100644
--- a/core/java/com/android/internal/app/ConfirmUserCreationActivity.java
+++ b/core/java/com/android/internal/app/ConfirmUserCreationActivity.java
@@ -110,6 +110,14 @@ private String checkUserCreationRequirements() {
@@ -110,6 +110,14 @@ public class ConfirmUserCreationActivity extends AlertActivity
if (cantCreateUser) {
setResult(UserManager.USER_CREATION_FAILED_NOT_PERMITTED);
return null;
@ -130,7 +130,7 @@ index 03da9bc939ec5..74dedc38a9227 100644
} else if (cantCreateAnyMoreUsers) {
setResult(UserManager.USER_CREATION_FAILED_NO_MORE_USERS);
return null;
@@ -137,4 +145,8 @@ public void onClick(DialogInterface dialog, int which) {
@@ -137,4 +145,8 @@ public class ConfirmUserCreationActivity extends AlertActivity
}
finish();
}
@ -140,7 +140,7 @@ index 03da9bc939ec5..74dedc38a9227 100644
+ }
}
diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java
index 318c11141cfed..645ee1a2f12e5 100644
index 318c11141cfe..645ee1a2f12e 100644
--- a/services/core/java/com/android/server/pm/UserManagerService.java
+++ b/services/core/java/com/android/server/pm/UserManagerService.java
@@ -225,8 +225,6 @@ public class UserManagerService extends IUserManager.Stub {
@ -152,7 +152,7 @@ index 318c11141cfed..645ee1a2f12e5 100644
private static final long EPOCH_PLUS_30_YEARS = 30L * 365 * 24 * 60 * 60 * 1000L; // ms
// Maximum number of managed profiles permitted per user is 1. This cannot be increased
@@ -2420,16 +2418,18 @@ void writeUserLP(UserData userData, OutputStream os)
@@ -2420,16 +2418,18 @@ public class UserManagerService extends IUserManager.Stub {
if (userData.persistSeedData) {
if (userData.seedAccountName != null) {
serializer.attribute(null, ATTR_SEED_ACCOUNT_NAME,
@ -174,7 +174,7 @@ index 318c11141cfed..645ee1a2f12e5 100644
serializer.endTag(null, TAG_NAME);
}
synchronized (mRestrictionsLock) {
@@ -2470,11 +2470,11 @@ void writeUserLP(UserData userData, OutputStream os)
@@ -2470,11 +2470,11 @@ public class UserManagerService extends IUserManager.Stub {
serializer.endDocument();
}
@ -189,7 +189,7 @@ index 318c11141cfed..645ee1a2f12e5 100644
}
/*
@@ -2819,7 +2819,7 @@ private UserInfo createUserInternalUnchecked(@Nullable String name, @UserInfoFla
@@ -2819,7 +2819,7 @@ public class UserManagerService extends IUserManager.Stub {
private UserInfo createUserInternalUncheckedNoTracing(@Nullable String name,
@UserInfoFlag int flags, @UserIdInt int parentId, boolean preCreate,
@Nullable String[] disallowedPackages, @NonNull TimingsTraceLog t) {
@ -198,7 +198,7 @@ index 318c11141cfed..645ee1a2f12e5 100644
// First try to use a pre-created user (if available).
// NOTE: currently we don't support pre-created managed profiles
if (!preCreate && (parentId < 0 && !UserInfo.isManagedProfile(flags))) {
@@ -3877,9 +3877,14 @@ public void setSeedAccountData(int userId, String accountName, String accountTyp
@@ -3877,9 +3877,14 @@ public class UserManagerService extends IUserManager.Stub {
Slog.e(LOG_TAG, "No such user for settings seed data u=" + userId);
return;
}
@ -217,7 +217,7 @@ index 318c11141cfed..645ee1a2f12e5 100644
}
if (persist) {
diff --git a/services/tests/servicestests/src/com/android/server/pm/UserManagerTest.java b/services/tests/servicestests/src/com/android/server/pm/UserManagerTest.java
index e9edba58a3dd7..69548f839c1e0 100644
index e9edba58a3dd..69548f839c1e 100644
--- a/services/tests/servicestests/src/com/android/server/pm/UserManagerTest.java
+++ b/services/tests/servicestests/src/com/android/server/pm/UserManagerTest.java
@@ -16,6 +16,8 @@
@ -229,7 +229,7 @@ index e9edba58a3dd7..69548f839c1e0 100644
import android.app.ActivityManager;
import android.content.BroadcastReceiver;
import android.content.Context;
@@ -24,6 +26,7 @@
@@ -24,6 +26,7 @@ import android.content.IntentFilter;
import android.content.pm.PackageManager;
import android.content.pm.UserInfo;
import android.os.Bundle;
@ -237,7 +237,7 @@ index e9edba58a3dd7..69548f839c1e0 100644
import android.os.UserHandle;
import android.os.UserManager;
import android.provider.Settings;
@@ -601,6 +604,106 @@ public void testConcurrentUserCreate() throws Exception {
@@ -601,6 +604,106 @@ public class UserManagerTest extends AndroidTestCase {
assertEquals(canBeCreatedCount, created.get());
}

View File

@ -1,8 +1,33 @@
From e9260ee4913c64be7c2dd9fd4fd433be80db04f3 Mon Sep 17 00:00:00 2001
From: Valentin Iftime <valiiftime@google.com>
Date: Mon, 16 Oct 2023 09:29:17 +0200
Subject: [PATCH] Prioritize system toasts
Insert toasts from system packages at the front of the queue
to ensure that apps can't spam with toast to delay system toasts from showing.
Also increase Clipboard paste warning toasts length to LENGTH_LONG.
Test: atest NotificationManagerServiceTest
Bug: 293301736
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:58d89b491668663963e66906196fd93b9c73ee80)
Merged-In: I13547f853476bc88d12026c545aba9f857ce8724
Change-Id: I13547f853476bc88d12026c545aba9f857ce8724
---
.../server/clipboard/ClipboardService.java | 4 +-
.../NotificationManagerService.java | 32 ++++++++-
.../NotificationManagerServiceTest.java | 68 +++++++++++++++++++
3 files changed, 100 insertions(+), 4 deletions(-)
diff --git a/services/core/java/com/android/server/clipboard/ClipboardService.java b/services/core/java/com/android/server/clipboard/ClipboardService.java
index 6f9a17682dd7..638c4a916a15 100644
index 6f9a17682dd7b..20157dd60b63b 100644
--- a/services/core/java/com/android/server/clipboard/ClipboardService.java
+++ b/services/core/java/com/android/server/clipboard/ClipboardService.java
@@ -1193,7 +1193,7 @@ public class ClipboardService extends SystemService {
@@ -1189,11 +1189,11 @@ private void showAccessNotificationLocked(String callingPackage, int uid, @UserI
.getDrawable(R.drawable.ic_safety_protection);
toastToShow = Toast.makeCustomToastWithIcon(getContext(),
UiThread.get().getLooper(), message,
- Toast.LENGTH_SHORT, safetyProtectionIcon);
+ Toast.LENGTH_LONG, safetyProtectionIcon);
} else {
toastToShow = Toast.makeText(
getContext(), UiThread.get().getLooper(), message,
@ -12,10 +37,10 @@ index 6f9a17682dd7..638c4a916a15 100644
toastToShow.show();
} catch (PackageManager.NameNotFoundException e) {
diff --git a/services/core/java/com/android/server/notification/NotificationManagerService.java b/services/core/java/com/android/server/notification/NotificationManagerService.java
index a59e2dbfe0f2..1c8c85cf8d29 100755
index a59e2dbfe0f28..1c8c85cf8d291 100755
--- a/services/core/java/com/android/server/notification/NotificationManagerService.java
+++ b/services/core/java/com/android/server/notification/NotificationManagerService.java
@@ -3369,8 +3369,19 @@ public class NotificationManagerService extends SystemService {
@@ -3369,8 +3369,19 @@ record = mToastQueue.get(index);
null /* options */);
record = getToastRecord(callingUid, callingPid, pkg, isSystemToast, token,
text, callback, duration, windowToken, displayId, textCallback);
@ -37,7 +62,7 @@ index a59e2dbfe0f2..1c8c85cf8d29 100755
keepProcessAliveForToastIfNeededLocked(callingPid);
}
// If it's at index 0, it's the current toast. It doesn't matter if it's
@@ -3386,6 +3397,23 @@ public class NotificationManagerService extends SystemService {
@@ -3386,6 +3397,23 @@ record = getToastRecord(callingUid, callingPid, pkg, isSystemToast, token,
}
}
@ -62,10 +87,10 @@ index a59e2dbfe0f2..1c8c85cf8d29 100755
boolean isAppRenderedToast, boolean isSystemToast) {
final boolean isPackageSuspended = isPackagePaused(pkg);
diff --git a/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java b/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java
index 7a3754e4e5fa..4f0a7ca0ad51 100755
index 7a3754e4e5fa9..4f0a7ca0ad51f 100755
--- a/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java
+++ b/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java
@@ -7117,6 +7117,74 @@ public class NotificationManagerServiceTest extends UiServiceTestCase {
@@ -7117,6 +7117,74 @@ public void testLimitNumberOfQueuedToastsFromPackage() throws Exception {
assertEquals(NotificationManagerService.MAX_PACKAGE_TOASTS, mService.mToastQueue.size());
}

View File

@ -134,7 +134,7 @@ git am $DOS_PATCHES/ASB-2023-10/av-*.patch;
fi;
if enterAndClear "frameworks/base"; then
applyPatch "$DOS_PATCHES/android_frameworks_base/293301736-20.patch"; #x-asb_2024-05 Prioritize system toasts
applyPatch "$DOS_PATCHES/android_frameworks_base/392225.patch"; #T_asb_2024-05 Prioritize system toasts
git revert --no-edit d36faad3267522c6d3ff91ba9dcca8f6274bccd1; #Reverts "JobScheduler: Respect allow-in-power-save perm" in favor of below patch
git revert --no-edit 90d6826548189ca850d91692e71fcc1be426f453; #Reverts "Remove sensitive info from SUPL requests" in favor of below patch
git revert --no-edit 6d2955f0bd55e9938d5d49415182c27b50900b95; #Reverts "Allow signature spoofing for microG Companion/Services" in favor of below patch