mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-10-01 01:35:54 -04:00
ASB cherrypicks
Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
parent
5bc210f135
commit
2651f33e5c
@ -0,0 +1,51 @@
|
|||||||
|
From 82159c4fb4f274c5f0b21c987f44cb48cf3b28a3 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Werner Lemberg <wl@gnu.org>
|
||||||
|
Date: Sat, 19 Mar 2022 06:40:17 +0100
|
||||||
|
Subject: [PATCH] DO NOT MERGE - Cherry-pick two upstream changes
|
||||||
|
|
||||||
|
This cherry picks following two changes:
|
||||||
|
|
||||||
|
0c2bdb01a2e1d24a3e592377a6d0822856e10df2
|
||||||
|
22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5
|
||||||
|
|
||||||
|
Bug: 271680254
|
||||||
|
Test: N/A
|
||||||
|
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:4ffa271ab538f57b65a65d434a2df9d3f8cd2f4a)
|
||||||
|
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:b0f8930701bf19229075cc930ad15813ff5fb07b)
|
||||||
|
Merged-In: I42469df8e8b07221d64e3f8574c4f30110dbda7e
|
||||||
|
Change-Id: I42469df8e8b07221d64e3f8574c4f30110dbda7e
|
||||||
|
|
||||||
|
Change-Id: Ia584ab1f2633a84e5896c09113513c582ce95dad
|
||||||
|
---
|
||||||
|
src/base/ftobjs.c | 11 +++++++++++
|
||||||
|
1 file changed, 11 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/base/ftobjs.c b/src/base/ftobjs.c
|
||||||
|
index 9006b598b..4e1d32aa0 100644
|
||||||
|
--- a/src/base/ftobjs.c
|
||||||
|
+++ b/src/base/ftobjs.c
|
||||||
|
@@ -2118,6 +2118,14 @@
|
||||||
|
FT_Module* cur;
|
||||||
|
FT_Module* limit;
|
||||||
|
|
||||||
|
+ /* only use lower 31 bits together with sign bit */
|
||||||
|
+ if ( face_index > 0 )
|
||||||
|
+ face_index &= 0x7FFFFFFFL;
|
||||||
|
+ else
|
||||||
|
+ {
|
||||||
|
+ face_index &= 0x7FFFFFFFL;
|
||||||
|
+ face_index = -face_index;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
/* test for valid `library' delayed to `FT_Stream_New' */
|
||||||
|
|
||||||
|
@@ -2953,6 +2961,9 @@
|
||||||
|
if ( !face )
|
||||||
|
return FT_THROW( Invalid_Face_Handle );
|
||||||
|
|
||||||
|
+ if ( !face->size )
|
||||||
|
+ return FT_THROW( Invalid_Size_Handle );
|
||||||
|
+
|
||||||
|
if ( !req || req->width < 0 || req->height < 0 ||
|
||||||
|
req->type >= FT_SIZE_REQUEST_TYPE_MAX )
|
||||||
|
return FT_THROW( Invalid_Argument );
|
@ -0,0 +1,37 @@
|
|||||||
|
From f73e2d95da050a0b08e3ed5ae8c04968e8297230 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Alisher Alikhodjaev <alisher@google.com>
|
||||||
|
Date: Tue, 2 May 2023 14:20:57 -0700
|
||||||
|
Subject: [PATCH] OOBW in rw_i93_send_to_upper()
|
||||||
|
|
||||||
|
Bug: 271849189
|
||||||
|
Test: tag r/w
|
||||||
|
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:dc9d09e1698725712628d394bf9be4c9003579e8)
|
||||||
|
Merged-In: I1d55954e56a3f995f8dd48bf484fe9fce02b2ed1
|
||||||
|
Change-Id: I1d55954e56a3f995f8dd48bf484fe9fce02b2ed1
|
||||||
|
|
||||||
|
Change-Id: I9cd9658bf50144092c1cf196fd9272ffbac2fc55
|
||||||
|
---
|
||||||
|
src/nfc/tags/rw_i93.c | 10 ++++++++++
|
||||||
|
1 file changed, 10 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/nfc/tags/rw_i93.c b/src/nfc/tags/rw_i93.c
|
||||||
|
index 3773324..ecf7c37 100644
|
||||||
|
--- a/src/nfc/tags/rw_i93.c
|
||||||
|
+++ b/src/nfc/tags/rw_i93.c
|
||||||
|
@@ -437,6 +437,16 @@ void rw_i93_send_to_upper (BT_HDR *p_resp)
|
||||||
|
case I93_CMD_READ_MULTI_BLOCK:
|
||||||
|
case I93_CMD_GET_MULTI_BLK_SEC:
|
||||||
|
|
||||||
|
+ if (UINT16_MAX - length < BT_HDR_SIZE)
|
||||||
|
+ {
|
||||||
|
+ rw_data.i93_cmd_cmpl.status = NFC_STATUS_FAILED;
|
||||||
|
+ rw_data.i93_cmd_cmpl.command = p_i93->sent_cmd;
|
||||||
|
+ rw_cb.tcb.i93.sent_cmd = 0;
|
||||||
|
+
|
||||||
|
+ event = RW_I93_CMD_CMPL_EVT;
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
/* forward tag data or security status */
|
||||||
|
p_buff = (BT_HDR*) GKI_getbuf ((UINT16) (length + BT_HDR_SIZE));
|
||||||
|
|
148
Patches/LineageOS-14.1/android_frameworks_base/360893.patch
Normal file
148
Patches/LineageOS-14.1/android_frameworks_base/360893.patch
Normal file
@ -0,0 +1,148 @@
|
|||||||
|
From 2f780d815579ec2500046fadd4a3c7b09aa0bf62 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Lucas Lin <lucaslin@google.com>
|
||||||
|
Date: Fri, 3 Mar 2023 08:13:50 +0000
|
||||||
|
Subject: [PATCH] Sanitize VPN label to prevent HTML injection
|
||||||
|
|
||||||
|
This commit will try to sanitize the content of VpnDialog. This
|
||||||
|
commit creates a function which will try to sanitize the VPN
|
||||||
|
label, if the sanitized VPN label is different from the original
|
||||||
|
one, which means the VPN label might contain HTML tag or the VPN
|
||||||
|
label violates the words restriction(may contain some wording
|
||||||
|
which will mislead the user). For this kind of case, show the
|
||||||
|
package name instead of the VPN label to prevent misleading the
|
||||||
|
user.
|
||||||
|
|
||||||
|
The malicious VPN app might be able to add a large number of line
|
||||||
|
breaks with HTML in order to hide the system-displayed text from
|
||||||
|
the user in the connection request dialog. Thus, sanitizing the
|
||||||
|
content of the dialog is needed.
|
||||||
|
|
||||||
|
Bug: 204554636
|
||||||
|
Test: N/A
|
||||||
|
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:2178216b98bf9865edee198f45192f0b883624ab)
|
||||||
|
Merged-In: I8eb890fd2e5797d8d6ab5b12f9c628bc9616081d
|
||||||
|
Change-Id: I8eb890fd2e5797d8d6ab5b12f9c628bc9616081d
|
||||||
|
|
||||||
|
Change-Id: Ieb148594d8e9a6505567f80d78810f687bb6e489
|
||||||
|
---
|
||||||
|
packages/VpnDialogs/res/values/strings.xml | 29 ++++++++++
|
||||||
|
.../com/android/vpndialogs/ConfirmDialog.java | 53 +++++++++++++++++--
|
||||||
|
2 files changed, 77 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/packages/VpnDialogs/res/values/strings.xml b/packages/VpnDialogs/res/values/strings.xml
|
||||||
|
index 406bcc34a1015..7389f765c717d 100644
|
||||||
|
--- a/packages/VpnDialogs/res/values/strings.xml
|
||||||
|
+++ b/packages/VpnDialogs/res/values/strings.xml
|
||||||
|
@@ -50,4 +50,33 @@
|
||||||
|
<xliff:g id="number">%1$s</xliff:g> bytes /
|
||||||
|
<xliff:g id="number">%2$s</xliff:g> packets
|
||||||
|
</string>
|
||||||
|
+
|
||||||
|
+ <!-- Malicious VPN apps may provide very long labels or cunning HTML to trick the system dialogs
|
||||||
|
+ into displaying what they want. The system will attempt to sanitize the label, and if the
|
||||||
|
+ label is deemed dangerous, then this string is used instead. The first argument is the
|
||||||
|
+ first 30 characters of the label, and the second argument is the package name of the app.
|
||||||
|
+ Example : Normally a VPN app may be called "My VPN app" in which case the dialog will read
|
||||||
|
+ "My VPN app wants to set up a VPN connection...". If the label is very long, then, this
|
||||||
|
+ will be used to show "VerylongVPNlabel… (com.my.vpn.app) wants to set up a VPN
|
||||||
|
+ connection...". For this case, the code will refer to sanitized_vpn_label_with_ellipsis.
|
||||||
|
+ -->
|
||||||
|
+ <string name="sanitized_vpn_label_with_ellipsis">
|
||||||
|
+ <xliff:g id="sanitized_vpn_label_with_ellipsis" example="My VPN app">%1$s</xliff:g>… (
|
||||||
|
+ <xliff:g id="sanitized_vpn_label_with_ellipsis" example="com.my.vpn.app">%2$s</xliff:g>)
|
||||||
|
+ </string>
|
||||||
|
+
|
||||||
|
+ <!-- Malicious VPN apps may provide very long labels or cunning HTML to trick the system dialogs
|
||||||
|
+ into displaying what they want. The system will attempt to sanitize the label, and if the
|
||||||
|
+ label is deemed dangerous, then this string is used instead. The first argument is the
|
||||||
|
+ label, and the second argument is the package name of the app.
|
||||||
|
+ Example : Normally a VPN app may be called "My VPN app" in which case the dialog will read
|
||||||
|
+ "My VPN app wants to set up a VPN connection...". If the VPN label contains HTML tag but
|
||||||
|
+ the length is not very long, the dialog will show "VpnLabelWith<br>HtmlTag
|
||||||
|
+ (com.my.vpn.app) wants to set up a VPN connection...". For this case, the code will refer
|
||||||
|
+ to sanitized_vpn_label.
|
||||||
|
+ -->
|
||||||
|
+ <string name="sanitized_vpn_label">
|
||||||
|
+ <xliff:g id="sanitized_vpn_label" example="My VPN app">%1$s</xliff:g> (
|
||||||
|
+ <xliff:g id="sanitized_vpn_label" example="com.my.vpn.app">%2$s</xliff:g>)
|
||||||
|
+ </string>
|
||||||
|
</resources>
|
||||||
|
diff --git a/packages/VpnDialogs/src/com/android/vpndialogs/ConfirmDialog.java b/packages/VpnDialogs/src/com/android/vpndialogs/ConfirmDialog.java
|
||||||
|
index 09339743db5c5..43d18df3a10dd 100644
|
||||||
|
--- a/packages/VpnDialogs/src/com/android/vpndialogs/ConfirmDialog.java
|
||||||
|
+++ b/packages/VpnDialogs/src/com/android/vpndialogs/ConfirmDialog.java
|
||||||
|
@@ -42,10 +42,52 @@ public class ConfirmDialog extends AlertActivity
|
||||||
|
implements DialogInterface.OnClickListener, ImageGetter {
|
||||||
|
private static final String TAG = "VpnConfirm";
|
||||||
|
|
||||||
|
+ // Usually the label represents the app name, 150 code points might be enough to display the app
|
||||||
|
+ // name, and 150 code points won't cover the warning message from VpnDialog.
|
||||||
|
+ static final int MAX_VPN_LABEL_LENGTH = 150;
|
||||||
|
+
|
||||||
|
private String mPackage;
|
||||||
|
|
||||||
|
private IConnectivityManager mService;
|
||||||
|
|
||||||
|
+ private View mView;
|
||||||
|
+
|
||||||
|
+ /**
|
||||||
|
+ * This function will use the string resource to combine the VPN label and the package name.
|
||||||
|
+ *
|
||||||
|
+ * If the VPN label violates the length restriction, the first 30 code points of VPN label and
|
||||||
|
+ * the package name will be returned. Or return the VPN label and the package name directly if
|
||||||
|
+ * the VPN label doesn't violate the length restriction.
|
||||||
|
+ *
|
||||||
|
+ * The result will be something like,
|
||||||
|
+ * - ThisIsAVeryLongVpnAppNameWhich... (com.vpn.app)
|
||||||
|
+ * if the VPN label violates the length restriction.
|
||||||
|
+ * or
|
||||||
|
+ * - VpnLabelWith<br>HtmlTag (com.vpn.app)
|
||||||
|
+ * if the VPN label doesn't violate the length restriction.
|
||||||
|
+ *
|
||||||
|
+ */
|
||||||
|
+ private String getSimplifiedLabel(String vpnLabel, String packageName) {
|
||||||
|
+ if (vpnLabel.codePointCount(0, vpnLabel.length()) > 30) {
|
||||||
|
+ return getString(R.string.sanitized_vpn_label_with_ellipsis,
|
||||||
|
+ vpnLabel.substring(0, vpnLabel.offsetByCodePoints(0, 30)),
|
||||||
|
+ packageName);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return getString(R.string.sanitized_vpn_label, vpnLabel, packageName);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ protected String getSanitizedVpnLabel(String vpnLabel, String packageName) {
|
||||||
|
+ final String sanitizedVpnLabel = Html.escapeHtml(vpnLabel);
|
||||||
|
+ final boolean exceedMaxVpnLabelLength = sanitizedVpnLabel.codePointCount(0,
|
||||||
|
+ sanitizedVpnLabel.length()) > MAX_VPN_LABEL_LENGTH;
|
||||||
|
+ if (exceedMaxVpnLabelLength || !vpnLabel.equals(sanitizedVpnLabel)) {
|
||||||
|
+ return getSimplifiedLabel(sanitizedVpnLabel, packageName);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return sanitizedVpnLabel;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
@Override
|
||||||
|
protected void onCreate(Bundle savedInstanceState) {
|
||||||
|
super.onCreate(savedInstanceState);
|
||||||
|
@@ -68,15 +110,16 @@ protected void onCreate(Bundle savedInstanceState) {
|
||||||
|
finish();
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
- View view = View.inflate(this, R.layout.confirm, null);
|
||||||
|
- ((TextView) view.findViewById(R.id.warning)).setText(
|
||||||
|
- Html.fromHtml(getString(R.string.warning, getVpnLabel()),
|
||||||
|
- this, null /* tagHandler */));
|
||||||
|
+ mView = View.inflate(this, R.layout.confirm, null);
|
||||||
|
+ ((TextView) mView.findViewById(R.id.warning)).setText(
|
||||||
|
+ Html.fromHtml(getString(R.string.warning, getSanitizedVpnLabel(
|
||||||
|
+ getVpnLabel().toString(), mPackage)),
|
||||||
|
+ this /* imageGetter */, null /* tagHandler */));
|
||||||
|
mAlertParams.mTitle = getText(R.string.prompt);
|
||||||
|
mAlertParams.mPositiveButtonText = getText(android.R.string.ok);
|
||||||
|
mAlertParams.mPositiveButtonListener = this;
|
||||||
|
mAlertParams.mNegativeButtonText = getText(android.R.string.cancel);
|
||||||
|
- mAlertParams.mView = view;
|
||||||
|
+ mAlertParams.mView = mView;
|
||||||
|
setupAlert();
|
||||||
|
|
||||||
|
getWindow().setCloseOnTouchOutside(false);
|
84
Patches/LineageOS-14.1/android_frameworks_base/360894.patch
Normal file
84
Patches/LineageOS-14.1/android_frameworks_base/360894.patch
Normal file
@ -0,0 +1,84 @@
|
|||||||
|
From 0459c2c0db0c0187a8d9a3074534a34c1cbf2ccc Mon Sep 17 00:00:00 2001
|
||||||
|
From: Michael Groover <mpgroover@google.com>
|
||||||
|
Date: Fri, 31 Mar 2023 21:31:22 +0000
|
||||||
|
Subject: [PATCH] Limit the number of supported v1 and v2 signers
|
||||||
|
|
||||||
|
The v1 and v2 APK Signature Schemes support multiple signers; this
|
||||||
|
was intended to allow multiple entities to sign an APK. Previously,
|
||||||
|
the platform had no limits placed on the number of signers supported
|
||||||
|
in an APK, but this commit sets a hard limit of 10 supported signers
|
||||||
|
for these signature schemes to ensure a large number of signers
|
||||||
|
does not place undue burden on the platform.
|
||||||
|
|
||||||
|
Bug: 266580022
|
||||||
|
Test: Manually verified the platform only allowed an APK with the
|
||||||
|
maximum number of supported signers.
|
||||||
|
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:6f6ee8a55f37c2b8c0df041b2bd53ec928764597)
|
||||||
|
Merged-In: I6aa86b615b203cdc69d58a593ccf8f18474ca091
|
||||||
|
Change-Id: I6aa86b615b203cdc69d58a593ccf8f18474ca091
|
||||||
|
---
|
||||||
|
.../util/apk/ApkSignatureSchemeV2Verifier.java | 10 ++++++++++
|
||||||
|
core/java/android/util/jar/StrictJarVerifier.java | 11 +++++++++++
|
||||||
|
2 files changed, 21 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java b/core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java
|
||||||
|
index 78d3b7bf81d28..f4631c68832b2 100644
|
||||||
|
--- a/core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java
|
||||||
|
+++ b/core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java
|
||||||
|
@@ -79,6 +79,11 @@ public class ApkSignatureSchemeV2Verifier {
|
||||||
|
public static final String SF_ATTRIBUTE_ANDROID_APK_SIGNED_NAME = "X-Android-APK-Signed";
|
||||||
|
public static final int SF_ATTRIBUTE_ANDROID_APK_SIGNED_ID = 2;
|
||||||
|
|
||||||
|
+ /**
|
||||||
|
+ * The maximum number of signers supported by the v2 APK signature scheme.
|
||||||
|
+ */
|
||||||
|
+ private static final int MAX_V2_SIGNERS = 10;
|
||||||
|
+
|
||||||
|
/**
|
||||||
|
* Returns {@code true} if the provided APK contains an APK Signature Scheme V2 signature.
|
||||||
|
*
|
||||||
|
@@ -219,6 +224,11 @@ private static X509Certificate[][] verify(
|
||||||
|
}
|
||||||
|
while (signers.hasRemaining()) {
|
||||||
|
signerCount++;
|
||||||
|
+ if (signerCount > MAX_V2_SIGNERS) {
|
||||||
|
+ throw new SecurityException(
|
||||||
|
+ "APK Signature Scheme v2 only supports a maximum of " + MAX_V2_SIGNERS
|
||||||
|
+ + " signers");
|
||||||
|
+ }
|
||||||
|
try {
|
||||||
|
ByteBuffer signer = getLengthPrefixedSlice(signers);
|
||||||
|
X509Certificate[] certs = verifySigner(signer, contentDigests, certFactory);
|
||||||
|
diff --git a/core/java/android/util/jar/StrictJarVerifier.java b/core/java/android/util/jar/StrictJarVerifier.java
|
||||||
|
index cb71ecc1da8b3..1ce078704be32 100644
|
||||||
|
--- a/core/java/android/util/jar/StrictJarVerifier.java
|
||||||
|
+++ b/core/java/android/util/jar/StrictJarVerifier.java
|
||||||
|
@@ -70,6 +70,11 @@ class StrictJarVerifier {
|
||||||
|
"SHA1",
|
||||||
|
};
|
||||||
|
|
||||||
|
+ /**
|
||||||
|
+ * The maximum number of signers supported by the JAR signature scheme.
|
||||||
|
+ */
|
||||||
|
+ private static final int MAX_JAR_SIGNERS = 10;
|
||||||
|
+
|
||||||
|
private final String jarName;
|
||||||
|
private final StrictJarManifest manifest;
|
||||||
|
private final HashMap<String, byte[]> metaEntries;
|
||||||
|
@@ -285,10 +290,16 @@ synchronized boolean readCertificates() {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ int signerCount = 0;
|
||||||
|
Iterator<String> it = metaEntries.keySet().iterator();
|
||||||
|
while (it.hasNext()) {
|
||||||
|
String key = it.next();
|
||||||
|
if (key.endsWith(".DSA") || key.endsWith(".RSA") || key.endsWith(".EC")) {
|
||||||
|
+ if (++signerCount > MAX_JAR_SIGNERS) {
|
||||||
|
+ throw new SecurityException(
|
||||||
|
+ "APK Signature Scheme v1 only supports a maximum of " + MAX_JAR_SIGNERS
|
||||||
|
+ + " signers");
|
||||||
|
+ }
|
||||||
|
verifyCertificate(key);
|
||||||
|
it.remove();
|
||||||
|
}
|
99
Patches/LineageOS-14.1/android_frameworks_base/360895.patch
Normal file
99
Patches/LineageOS-14.1/android_frameworks_base/360895.patch
Normal file
@ -0,0 +1,99 @@
|
|||||||
|
From 303a97a99b75bae716c109b810e6bccb732483df Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Andr=C3=A1s=20Kurucz?= <kurucz@google.com>
|
||||||
|
Date: Fri, 21 Apr 2023 09:45:07 +0000
|
||||||
|
Subject: [PATCH] Truncate ShortcutInfo Id
|
||||||
|
|
||||||
|
Creating Conversation with a ShortcutId longer than 65_535 (max unsigned short), we did not save the conversation settings into the notification_policy.xml due to a restriction in FastDataOutput.
|
||||||
|
This put us to a state where the user changing the importance or turning off the notifications for the given conversation had no effect on notification behavior.
|
||||||
|
|
||||||
|
Fixes: 273729476
|
||||||
|
Test: atest ShortcutManagerTest2
|
||||||
|
Test: Create a test app which creates a Conversation with a long shortcutId. Go to the Conversation Settings and turn off Notifications. Post a new Notification to this Conversation and see if it is displayed.
|
||||||
|
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:f31df6234091b5b1de258a01dd4b2d8e5415ee2e)
|
||||||
|
Merged-In: I2617de6f9e8a7dbfd8fbeff589a7d592f00d87c5
|
||||||
|
Change-Id: I2617de6f9e8a7dbfd8fbeff589a7d592f00d87c5
|
||||||
|
---
|
||||||
|
.../java/android/content/pm/ShortcutInfo.java | 20 ++++++++++++++++---
|
||||||
|
.../server/pm/ShortcutManagerTest2.java | 10 ++++++++++
|
||||||
|
2 files changed, 27 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/core/java/android/content/pm/ShortcutInfo.java b/core/java/android/content/pm/ShortcutInfo.java
|
||||||
|
index a854b899a82af..3ac20ff39327b 100644
|
||||||
|
--- a/core/java/android/content/pm/ShortcutInfo.java
|
||||||
|
+++ b/core/java/android/content/pm/ShortcutInfo.java
|
||||||
|
@@ -128,6 +128,12 @@ public final class ShortcutInfo implements Parcelable {
|
||||||
|
public static final int CLONE_REMOVE_FOR_LAUNCHER = CLONE_REMOVE_ICON | CLONE_REMOVE_INTENT
|
||||||
|
| CLONE_REMOVE_RES_NAMES;
|
||||||
|
|
||||||
|
+ /**
|
||||||
|
+ * The maximum length of Shortcut ID. IDs will be truncated at this limit.
|
||||||
|
+ * @hide
|
||||||
|
+ */
|
||||||
|
+ public static final int MAX_ID_LENGTH = 1000;
|
||||||
|
+
|
||||||
|
/** @hide */
|
||||||
|
@IntDef(flag = true,
|
||||||
|
value = {
|
||||||
|
@@ -226,8 +232,7 @@ public final class ShortcutInfo implements Parcelable {
|
||||||
|
|
||||||
|
private ShortcutInfo(Builder b) {
|
||||||
|
mUserId = b.mContext.getUserId();
|
||||||
|
-
|
||||||
|
- mId = Preconditions.checkStringNotEmpty(b.mId, "Shortcut ID must be provided");
|
||||||
|
+ mId = getSafeId(Preconditions.checkStringNotEmpty(b.mId, "Shortcut ID must be provided"));
|
||||||
|
|
||||||
|
// Note we can't do other null checks here because SM.updateShortcuts() takes partial
|
||||||
|
// information.
|
||||||
|
@@ -309,6 +314,14 @@ private static PersistableBundle[] clonePersistableBundle(PersistableBundle[] bu
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ @NonNull
|
||||||
|
+ private static String getSafeId(@NonNull String id) {
|
||||||
|
+ if (id.length() > MAX_ID_LENGTH) {
|
||||||
|
+ return id.substring(0, MAX_ID_LENGTH);
|
||||||
|
+ }
|
||||||
|
+ return id;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
/**
|
||||||
|
* Throws if any of the mandatory fields is not set.
|
||||||
|
*
|
||||||
|
@@ -1602,7 +1615,8 @@ private ShortcutInfo(Parcel source) {
|
||||||
|
final ClassLoader cl = getClass().getClassLoader();
|
||||||
|
|
||||||
|
mUserId = source.readInt();
|
||||||
|
- mId = source.readString();
|
||||||
|
+ mId = getSafeId(Preconditions.checkStringNotEmpty(source.readString(),
|
||||||
|
+ "Shortcut ID must be provided"));
|
||||||
|
mPackageName = source.readString();
|
||||||
|
mActivity = source.readParcelable(cl);
|
||||||
|
mFlags = source.readInt();
|
||||||
|
diff --git a/services/tests/servicestests/src/com/android/server/pm/ShortcutManagerTest2.java b/services/tests/servicestests/src/com/android/server/pm/ShortcutManagerTest2.java
|
||||||
|
index d25923c019cac..6b86ef0e0704c 100644
|
||||||
|
--- a/services/tests/servicestests/src/com/android/server/pm/ShortcutManagerTest2.java
|
||||||
|
+++ b/services/tests/servicestests/src/com/android/server/pm/ShortcutManagerTest2.java
|
||||||
|
@@ -53,6 +53,7 @@
|
||||||
|
import java.io.PrintWriter;
|
||||||
|
import java.io.StringWriter;
|
||||||
|
import java.io.Writer;
|
||||||
|
+import java.util.Collections;
|
||||||
|
import java.util.Locale;
|
||||||
|
|
||||||
|
/**
|
||||||
|
@@ -223,6 +224,15 @@ public void testShortcutInfoMissingMandatoryFields() {
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
+ public void testShortcutIdTruncated() {
|
||||||
|
+ ShortcutInfo si = new ShortcutInfo.Builder(getTestContext(),
|
||||||
|
+ String.join("", Collections.nCopies(Short.MAX_VALUE, "s"))).build();
|
||||||
|
+
|
||||||
|
+ assertTrue(
|
||||||
|
+ "id must be truncated to MAX_ID_LENGTH",
|
||||||
|
+ si.getId().length() <= ShortcutInfo.MAX_ID_LENGTH);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
public void testShortcutInfoParcel() {
|
||||||
|
setCaller(CALLING_PACKAGE_1, USER_10);
|
||||||
|
ShortcutInfo si = parceled(new ShortcutInfo.Builder(mClientContext)
|
46
Patches/LineageOS-14.1/android_system_bt/360892.patch
Normal file
46
Patches/LineageOS-14.1/android_system_bt/360892.patch
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
From fa5c4429ae75e687b87313b79512c4a90f90ee3b Mon Sep 17 00:00:00 2001
|
||||||
|
From: tyiu <tyiu@google.com>
|
||||||
|
Date: Tue, 28 Mar 2023 18:40:51 +0000
|
||||||
|
Subject: [PATCH] Fix gatt_end_operation buffer overflow
|
||||||
|
|
||||||
|
Added boundary check for gatt_end_operation to prevent writing out of
|
||||||
|
boundary.
|
||||||
|
|
||||||
|
Since response of the GATT server is handled in
|
||||||
|
gatt_client_handle_server_rsp() and gatt_process_read_rsp(), the maximum
|
||||||
|
lenth that can be passed into the handlers is bounded by
|
||||||
|
GATT_MAX_MTU_SIZE, which is set to 517, which is greater than
|
||||||
|
GATT_MAX_ATTR_LEN which is set to 512. The fact that there is no spec
|
||||||
|
that gaurentees MTU response to be less than or equal to 512 bytes can
|
||||||
|
cause a buffer overflow when performing memcpy without length check.
|
||||||
|
|
||||||
|
Bug: 261068592
|
||||||
|
Test: No test since not affecting behavior
|
||||||
|
Tag: #security
|
||||||
|
Ignore-AOSP-First: security
|
||||||
|
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:dd7298e982e4bbf0138a490562679c9a4a755200)
|
||||||
|
Merged-In: I49e2797cd9300ee4cd69f2c7fa5f0073db78b873
|
||||||
|
Change-Id: I49e2797cd9300ee4cd69f2c7fa5f0073db78b873
|
||||||
|
---
|
||||||
|
stack/gatt/gatt_utils.c | 8 ++++++++
|
||||||
|
1 file changed, 8 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/stack/gatt/gatt_utils.c b/stack/gatt/gatt_utils.c
|
||||||
|
index 4582b5ae477..e56c1a4e793 100644
|
||||||
|
--- a/stack/gatt/gatt_utils.c
|
||||||
|
+++ b/stack/gatt/gatt_utils.c
|
||||||
|
@@ -2190,6 +2190,14 @@ void gatt_end_operation(tGATT_CLCB *p_clcb, tGATT_STATUS status, void *p_data)
|
||||||
|
cb_data.att_value.handle = p_clcb->s_handle;
|
||||||
|
cb_data.att_value.len = p_clcb->counter;
|
||||||
|
|
||||||
|
+ if (cb_data.att_value.len > GATT_MAX_ATTR_LEN)
|
||||||
|
+ {
|
||||||
|
+ GATT_TRACE_DEBUG ("%s", __func__);
|
||||||
|
+ GATT_TRACE_DEBUG ("Large cb_data.att_value, size=%d",
|
||||||
|
+ cb_data.att_value.len);
|
||||||
|
+ cb_data.att_value.len = GATT_MAX_ATTR_LEN;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (p_data && p_clcb->counter)
|
||||||
|
memcpy (cb_data.att_value.value, p_data, cb_data.att_value.len);
|
||||||
|
}
|
@ -76,7 +76,7 @@ sed -i '50i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aap
|
|||||||
sed -i '296iLOCAL_AAPT_FLAGS += --auto-add-overlay' core/package_internal.mk;
|
sed -i '296iLOCAL_AAPT_FLAGS += --auto-add-overlay' core/package_internal.mk;
|
||||||
awk -i inplace '!/Email/' target/product/core.mk; #Remove Email
|
awk -i inplace '!/Email/' target/product/core.mk; #Remove Email
|
||||||
awk -i inplace '!/Exchange2/' target/product/core.mk;
|
awk -i inplace '!/Exchange2/' target/product/core.mk;
|
||||||
sed -i 's/2021-06-05/2023-06-05/' core/version_defaults.mk; #Bump Security String #n-asb-2023-06 #XXX
|
sed -i 's/2021-06-05/2023-07-05/' core/version_defaults.mk; #Bump Security String #n-asb-2023-07 #XXX
|
||||||
fi;
|
fi;
|
||||||
|
|
||||||
if enterAndClear "device/qcom/sepolicy"; then
|
if enterAndClear "device/qcom/sepolicy"; then
|
||||||
@ -100,6 +100,10 @@ applyPatch "$DOS_PATCHES/android_external_expat/337989-backport.patch"; #n-asb-2
|
|||||||
applyPatch "$DOS_PATCHES/android_external_expat/348649.patch"; #n-asb-2023-02 Fix overeager DTD destruction (fixes #649)
|
applyPatch "$DOS_PATCHES/android_external_expat/348649.patch"; #n-asb-2023-02 Fix overeager DTD destruction (fixes #649)
|
||||||
fi;
|
fi;
|
||||||
|
|
||||||
|
if enterAndClear "external/freetype"; then
|
||||||
|
applyPatch "$DOS_PATCHES/android_external_freetype/360899.patch"; #n-asb-2023-07 Cherry-pick two upstream changes
|
||||||
|
fi;
|
||||||
|
|
||||||
if enterAndClear "external/libavc"; then
|
if enterAndClear "external/libavc"; then
|
||||||
applyPatch "$DOS_PATCHES/android_external_libavc/315711.patch"; #n-asb-2021-09 Decoder: Update check for increment u2_cur_slice_num
|
applyPatch "$DOS_PATCHES/android_external_libavc/315711.patch"; #n-asb-2021-09 Decoder: Update check for increment u2_cur_slice_num
|
||||||
applyPatch "$DOS_PATCHES/android_external_libavc/323462.patch"; #n-asb-2022-02 Move slice increments after completing header parsing
|
applyPatch "$DOS_PATCHES/android_external_libavc/323462.patch"; #n-asb-2022-02 Move slice increments after completing header parsing
|
||||||
@ -120,6 +124,7 @@ applyPatch "$DOS_PATCHES/android_external_libnfc-nci/332460.patch"; #n-asb-2022-
|
|||||||
applyPatch "$DOS_PATCHES/android_external_libnfc-nci/341071.patch"; #n-asb-2022-10 The length of a packet should be non-zero
|
applyPatch "$DOS_PATCHES/android_external_libnfc-nci/341071.patch"; #n-asb-2022-10 The length of a packet should be non-zero
|
||||||
applyPatch "$DOS_PATCHES/android_external_libnfc-nci/343955.patch"; #n-asb-2022-11 OOBW in phNxpNciHal_write_unlocked()
|
applyPatch "$DOS_PATCHES/android_external_libnfc-nci/343955.patch"; #n-asb-2022-11 OOBW in phNxpNciHal_write_unlocked()
|
||||||
applyPatch "$DOS_PATCHES/android_external_libnfc-nci/353760.patch"; #n-asb-2023-04 OOBW in nci_snd_set_routing_cmd()
|
applyPatch "$DOS_PATCHES/android_external_libnfc-nci/353760.patch"; #n-asb-2023-04 OOBW in nci_snd_set_routing_cmd()
|
||||||
|
applyPatch "$DOS_PATCHES/android_external_libnfc-nci/360898.patch"; #n-asb-2023-07 OOBW in rw_i93_send_to_upper()
|
||||||
fi;
|
fi;
|
||||||
|
|
||||||
if enterAndClear "external/sonivox"; then
|
if enterAndClear "external/sonivox"; then
|
||||||
@ -199,6 +204,9 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/355866.patch"; #n-asb-2023-05 C
|
|||||||
applyPatch "$DOS_PATCHES/android_frameworks_base/358732.patch"; #n-asb-2023-06 Prevent RemoteViews crashing SystemUi
|
applyPatch "$DOS_PATCHES/android_frameworks_base/358732.patch"; #n-asb-2023-06 Prevent RemoteViews crashing SystemUi
|
||||||
applyPatch "$DOS_PATCHES/android_frameworks_base/358733.patch"; #n-asb-2023-06 Check key intent for selectors and prohibited flags
|
applyPatch "$DOS_PATCHES/android_frameworks_base/358733.patch"; #n-asb-2023-06 Check key intent for selectors and prohibited flags
|
||||||
applyPatch "$DOS_PATCHES/android_frameworks_base/358734.patch"; #n-asb-2023-06 Handle invalid data during job loading.
|
applyPatch "$DOS_PATCHES/android_frameworks_base/358734.patch"; #n-asb-2023-06 Handle invalid data during job loading.
|
||||||
|
applyPatch "$DOS_PATCHES/android_frameworks_base/360893.patch"; #n-asb-2023-07 Sanitize VPN label to prevent HTML injection
|
||||||
|
applyPatch "$DOS_PATCHES/android_frameworks_base/360894.patch"; #n-asb-2023-07 Limit the number of supported v1 and v2 signers
|
||||||
|
applyPatch "$DOS_PATCHES/android_frameworks_base/360895.patch"; #n-asb-2023-07 Truncate ShortcutInfo Id
|
||||||
git revert --no-edit 0326bb5e41219cf502727c3aa44ebf2daa19a5b3; #Re-enable doze on devices without gms
|
git revert --no-edit 0326bb5e41219cf502727c3aa44ebf2daa19a5b3; #Re-enable doze on devices without gms
|
||||||
applyPatch "$DOS_PATCHES/android_frameworks_base/248599.patch"; #Make SET_TIME_ZONE permission match SET_TIME (AOSP)
|
applyPatch "$DOS_PATCHES/android_frameworks_base/248599.patch"; #Make SET_TIME_ZONE permission match SET_TIME (AOSP)
|
||||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0001-Reduced_Resolution.patch"; #Allow reducing resolution to save power TODO: Add 800x480 (DivestOS)
|
applyPatch "$DOS_PATCHES/android_frameworks_base/0001-Reduced_Resolution.patch"; #Allow reducing resolution to save power TODO: Add 800x480 (DivestOS)
|
||||||
@ -464,6 +472,7 @@ applyPatch "$DOS_PATCHES/android_system_bt/353755.patch"; #n-asb-2023-04 Fix an
|
|||||||
applyPatch "$DOS_PATCHES/android_system_bt/358735.patch"; #n-asb-2023-06 Prevent use-after-free of HID reports
|
applyPatch "$DOS_PATCHES/android_system_bt/358735.patch"; #n-asb-2023-06 Prevent use-after-free of HID reports
|
||||||
applyPatch "$DOS_PATCHES/android_system_bt/358736.patch"; #n-asb-2023-06 Revert "Revert "[RESTRICT AUTOMERGE] Validate buffer length in sdpu_build_uuid_seq""
|
applyPatch "$DOS_PATCHES/android_system_bt/358736.patch"; #n-asb-2023-06 Revert "Revert "[RESTRICT AUTOMERGE] Validate buffer length in sdpu_build_uuid_seq""
|
||||||
applyPatch "$DOS_PATCHES/android_system_bt/358737.patch"; #n-asb-2023-06 Revert "Revert "Fix wrong BR/EDR link key downgrades (P_256->P_192)""
|
applyPatch "$DOS_PATCHES/android_system_bt/358737.patch"; #n-asb-2023-06 Revert "Revert "Fix wrong BR/EDR link key downgrades (P_256->P_192)""
|
||||||
|
applyPatch "$DOS_PATCHES/android_system_bt/360892.patch"; #n-asb-2023-07 Fix gatt_end_operation buffer overflow
|
||||||
applyPatch "$DOS_PATCHES/android_system_bt/229574.patch"; #bt-sbc-hd-dualchannel-nougat: Increase maximum Bluetooth SBC codec bitrate for SBC HD (ValdikSS)
|
applyPatch "$DOS_PATCHES/android_system_bt/229574.patch"; #bt-sbc-hd-dualchannel-nougat: Increase maximum Bluetooth SBC codec bitrate for SBC HD (ValdikSS)
|
||||||
applyPatch "$DOS_PATCHES/android_system_bt/229575.patch"; #bt-sbc-hd-dualchannel-nougat: Explicit SBC Dual Channel (SBC HD) support (ValdikSS)
|
applyPatch "$DOS_PATCHES/android_system_bt/229575.patch"; #bt-sbc-hd-dualchannel-nougat: Explicit SBC Dual Channel (SBC HD) support (ValdikSS)
|
||||||
applyPatch "$DOS_PATCHES/android_system_bt/242134.patch"; #avrc_bld_get_attrs_rsp - fix attribute length position off by one (cprhokie)
|
applyPatch "$DOS_PATCHES/android_system_bt/242134.patch"; #avrc_bld_get_attrs_rsp - fix attribute length position off by one (cprhokie)
|
||||||
|
@ -114,10 +114,11 @@ patchWorkspaceReal() {
|
|||||||
verifyAllPlatformTags;
|
verifyAllPlatformTags;
|
||||||
gpgVerifyGitHead "$DOS_BUILD_BASE/external/chromium-webview";
|
gpgVerifyGitHead "$DOS_BUILD_BASE/external/chromium-webview";
|
||||||
|
|
||||||
#source build/envsetup.sh;
|
source build/envsetup.sh;
|
||||||
#repopick -it eleven-firewall;
|
#repopick -it eleven-firewall;
|
||||||
#repopick -i 314453; #TaskViewTouchController: Null check current animation on drag
|
#repopick -i 314453; #TaskViewTouchController: Null check current animation on drag
|
||||||
#repopick -i 325011; #lineage: Opt-in to shipping full recovery image by default
|
#repopick -i 325011; #lineage: Opt-in to shipping full recovery image by default
|
||||||
|
repopick -it R_asb_2023-07;
|
||||||
|
|
||||||
sh "$DOS_SCRIPTS/Patch.sh";
|
sh "$DOS_SCRIPTS/Patch.sh";
|
||||||
sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";
|
sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";
|
||||||
|
@ -95,6 +95,7 @@ sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aap
|
|||||||
awk -i inplace '!/updatable_apex.mk/' target/product/mainline_system.mk; #Disable APEX
|
awk -i inplace '!/updatable_apex.mk/' target/product/mainline_system.mk; #Disable APEX
|
||||||
sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
|
sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
|
||||||
#sed -i 's/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := true/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := false/' core/product_config.mk; #broken by hardenDefconfig
|
#sed -i 's/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := true/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := false/' core/product_config.mk; #broken by hardenDefconfig
|
||||||
|
sed -i 's/2023-06-05/2023-07-05/' core/version_defaults.mk; #Bump Security String #R_asb_2023-07 #XXX
|
||||||
fi;
|
fi;
|
||||||
|
|
||||||
if enterAndClear "build/soong"; then
|
if enterAndClear "build/soong"; then
|
||||||
|
@ -88,9 +88,10 @@ patchWorkspaceReal() {
|
|||||||
verifyAllPlatformTags;
|
verifyAllPlatformTags;
|
||||||
gpgVerifyGitHead "$DOS_BUILD_BASE/external/chromium-webview";
|
gpgVerifyGitHead "$DOS_BUILD_BASE/external/chromium-webview";
|
||||||
|
|
||||||
#source build/envsetup.sh;
|
source build/envsetup.sh;
|
||||||
#repopick -ift twelve-bt-sbc-hd-dualchannel;
|
#repopick -ift twelve-bt-sbc-hd-dualchannel;
|
||||||
#repopick -it twelve-colors;
|
#repopick -it twelve-colors;
|
||||||
|
repopick -it S_asb_2023-07;
|
||||||
|
|
||||||
sh "$DOS_SCRIPTS/Patch.sh";
|
sh "$DOS_SCRIPTS/Patch.sh";
|
||||||
sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";
|
sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";
|
||||||
|
@ -97,6 +97,7 @@ sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aap
|
|||||||
awk -i inplace '!/updatable_apex.mk/' target/product/generic_system.mk; #Disable APEX
|
awk -i inplace '!/updatable_apex.mk/' target/product/generic_system.mk; #Disable APEX
|
||||||
sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
|
sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
|
||||||
#sed -i 's/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := true/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := false/' core/product_config.mk; #broken by hardenDefconfig
|
#sed -i 's/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := true/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := false/' core/product_config.mk; #broken by hardenDefconfig
|
||||||
|
sed -i 's/2023-06-05/2023-07-05/' core/version_defaults.mk; #Bump Security String #S_asb_2023-07 #XXX
|
||||||
fi;
|
fi;
|
||||||
|
|
||||||
if enterAndClear "build/soong"; then
|
if enterAndClear "build/soong"; then
|
||||||
@ -113,6 +114,10 @@ if enterAndClear "external/conscrypt"; then
|
|||||||
if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_external_conscrypt/0001-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS)
|
if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_external_conscrypt/0001-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS)
|
||||||
fi;
|
fi;
|
||||||
|
|
||||||
|
if enterAndClear "external/freetype"; then
|
||||||
|
git fetch https://github.com/LineageOS/android_external_freetype refs/changes/29/360929/1 && git cherry-pick FETCH_HEAD; #S_asb_2023-07
|
||||||
|
fi;
|
||||||
|
|
||||||
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then
|
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then
|
||||||
if enterAndClear "external/hardened_malloc"; then
|
if enterAndClear "external/hardened_malloc"; then
|
||||||
applyPatch "$DOS_PATCHES/android_external_hardened_malloc/0001-Broken_Cameras-1.patch"; #Workarounds for Pixel 3 SoC era camera driver bugs (GrapheneOS)
|
applyPatch "$DOS_PATCHES/android_external_hardened_malloc/0001-Broken_Cameras-1.patch"; #Workarounds for Pixel 3 SoC era camera driver bugs (GrapheneOS)
|
||||||
@ -421,6 +426,10 @@ if enterAndClear "system/update_engine"; then
|
|||||||
git revert --no-edit a5a18ac5e2a2377fe036fcae93548967a7b40470; #Do not skip payload signature verification
|
git revert --no-edit a5a18ac5e2a2377fe036fcae93548967a7b40470; #Do not skip payload signature verification
|
||||||
fi;
|
fi;
|
||||||
|
|
||||||
|
if enterAndClear "tools/apksig"; then
|
||||||
|
git fetch https://github.com/LineageOS/android_tools_apksig refs/changes/46/360946/1 && git cherry-pick FETCH_HEAD; #S_asb_2023-07
|
||||||
|
fi;
|
||||||
|
|
||||||
if enterAndClear "vendor/lineage"; then
|
if enterAndClear "vendor/lineage"; then
|
||||||
rm build/target/product/security/lineage.x509.pem; #Remove Lineage keys
|
rm build/target/product/security/lineage.x509.pem; #Remove Lineage keys
|
||||||
rm -rf overlay/common/lineage-sdk/packages/LineageSettingsProvider/res/values/defaults.xml; #Remove analytics
|
rm -rf overlay/common/lineage-sdk/packages/LineageSettingsProvider/res/values/defaults.xml; #Remove analytics
|
||||||
|
Loading…
Reference in New Issue
Block a user