15.1 April ASB work + picks
Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
Tad
parent
9ba61642de
commit
26cf500dad
|
|
@ -0,0 +1,97 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Jing Ji <jji@google.com>
|
||||
Date: Thu, 4 Aug 2022 11:36:26 -0700
|
||||
Subject: [PATCH] DO NOT MERGE: Context#startInstrumentation could be started
|
||||
from SHELL only now.
|
||||
|
||||
Or, if an instrumentation starts another instrumentation and so on,
|
||||
and the original instrumentation is started from SHELL, allow all
|
||||
Context#startInstrumentation calls in this chain.
|
||||
|
||||
Otherwise, it'll throw a SecurityException.
|
||||
|
||||
Bug: 237766679
|
||||
Test: atest CtsAppTestCases:InstrumentationTest
|
||||
Merged-In: Ia08f225c21a3933067d066a578ea4af9c23e7d4c
|
||||
Merged-In: I1b76f61c5fd6c9f7e738978592260945a606f40c
|
||||
Merged-In: I3ea7aa27bd776fec546908a37f667f680da9c892
|
||||
Change-Id: I7ca7345b064e8e74f7037b8fa3ed45bb6423e406
|
||||
(cherry picked from commit 8c90891a38ecb5047e115e13baf700a8b486a5d1)
|
||||
Merged-In: I7ca7345b064e8e74f7037b8fa3ed45bb6423e406
|
||||
---
|
||||
.../server/am/ActivityManagerService.java | 34 +++++++++++++++++++
|
||||
.../com/android/server/am/ProcessRecord.java | 4 +++
|
||||
2 files changed, 38 insertions(+)
|
||||
|
||||
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
|
||||
index e6f400c31bde..3feb040b9f47 100644
|
||||
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
|
||||
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
|
||||
@@ -4331,6 +4331,26 @@ public class ActivityManagerService extends IActivityManager.Stub
|
||||
return procState;
|
||||
}
|
||||
|
||||
+ @GuardedBy("this")
|
||||
+ private boolean hasActiveInstrumentationLocked(int pid) {
|
||||
+ if (pid == 0) {
|
||||
+ return false;
|
||||
+ }
|
||||
+ synchronized (mPidsSelfLocked) {
|
||||
+ ProcessRecord process = mPidsSelfLocked.get(pid);
|
||||
+ return process != null && process.getActiveInstrumentation() != null;
|
||||
+ }
|
||||
+ }
|
||||
+ private String getPackageNameByPid(int pid) {
|
||||
+ synchronized (mPidsSelfLocked) {
|
||||
+ final ProcessRecord app = mPidsSelfLocked.get(pid);
|
||||
+ if (app != null && app.info != null) {
|
||||
+ return app.info.packageName;
|
||||
+ }
|
||||
+ return null;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
private boolean isCallerShell() {
|
||||
final int callingUid = Binder.getCallingUid();
|
||||
return callingUid == SHELL_UID || callingUid == ROOT_UID;
|
||||
@@ -20059,6 +20079,8 @@ public class ActivityManagerService extends IActivityManager.Stub
|
||||
IInstrumentationWatcher watcher, IUiAutomationConnection uiAutomationConnection,
|
||||
int userId, String abiOverride) {
|
||||
enforceNotIsolatedCaller("startInstrumentation");
|
||||
+ final int callingUid = Binder.getCallingUid();
|
||||
+ final int callingPid = Binder.getCallingPid();
|
||||
userId = mUserController.handleIncomingUser(Binder.getCallingPid(), Binder.getCallingUid(),
|
||||
userId, false, ALLOW_FULL_ONLY, "startInstrumentation", null);
|
||||
// Refuse possible leaked file descriptors
|
||||
@@ -20107,6 +20129,18 @@ public class ActivityManagerService extends IActivityManager.Stub
|
||||
throw new SecurityException(msg);
|
||||
}
|
||||
|
||||
+ if (!Build.IS_DEBUGGABLE && callingUid != ROOT_UID && callingUid != SHELL_UID
|
||||
+ && callingUid != SYSTEM_UID && !hasActiveInstrumentationLocked(callingPid)) {
|
||||
+ // If it's not debug build and not called from root/shell/system uid, reject it.
|
||||
+ final String msg = "Permission Denial: instrumentation test "
|
||||
+ + className + " from pid=" + callingPid + ", uid=" + callingUid
|
||||
+ + ", pkgName=" + getPackageNameByPid(callingPid)
|
||||
+ + " not allowed because it's not started from SHELL";
|
||||
+ Slog.wtfQuiet(TAG, msg);
|
||||
+ reportStartInstrumentationFailureLocked(watcher, className, msg);
|
||||
+ throw new SecurityException(msg);
|
||||
+ }
|
||||
+
|
||||
ActiveInstrumentation activeInstr = new ActiveInstrumentation(this);
|
||||
activeInstr.mClass = className;
|
||||
String defProcess = ai.processName;;
|
||||
diff --git a/services/core/java/com/android/server/am/ProcessRecord.java b/services/core/java/com/android/server/am/ProcessRecord.java
|
||||
index 7e037eea285c..14edfe89ad0f 100644
|
||||
--- a/services/core/java/com/android/server/am/ProcessRecord.java
|
||||
+++ b/services/core/java/com/android/server/am/ProcessRecord.java
|
||||
@@ -771,4 +771,8 @@ final class ProcessRecord {
|
||||
}
|
||||
return list;
|
||||
}
|
||||
+
|
||||
+ ActiveInstrumentation getActiveInstrumentation() {
|
||||
+ return instr;
|
||||
+ }
|
||||
}
|
||||
|
|
@ -0,0 +1,33 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Kunal Malhotra <malhk@google.com>
|
||||
Date: Mon, 7 Nov 2022 23:33:55 +0000
|
||||
Subject: [PATCH] Checking if package belongs to UID before registering
|
||||
broadcast receiver
|
||||
|
||||
Test: manual testing done on device by installing test APK and checking if receiver can register
|
||||
Bug: 242040055
|
||||
Change-Id: Ia525f218a46f8bf7fff660cec0d6432f09fdf24d
|
||||
Merged-In: Ia525f218a46f8bf7fff660cec0d6432f09fdf24d
|
||||
(cherry picked from commit 790a8d0dd329460bc60456681cb446accf2a27e0)
|
||||
(cherry picked from commit 4f0dc37b896e06086391e71ce471e413215e1130)
|
||||
Merged-In: Ia525f218a46f8bf7fff660cec0d6432f09fdf24d
|
||||
---
|
||||
services/core/java/com/android/server/am/ActiveServices.java | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/services/core/java/com/android/server/am/ActiveServices.java b/services/core/java/com/android/server/am/ActiveServices.java
|
||||
index 67443611cf78..d3f04fe6285d 100644
|
||||
--- a/services/core/java/com/android/server/am/ActiveServices.java
|
||||
+++ b/services/core/java/com/android/server/am/ActiveServices.java
|
||||
@@ -1756,6 +1756,11 @@ public final class ActiveServices {
|
||||
throw new SecurityException("BIND_EXTERNAL_SERVICE failed, " + name +
|
||||
" is not an isolatedProcess");
|
||||
}
|
||||
+ if (AppGlobals.getPackageManager().getPackageUid(callingPackage,
|
||||
+ 0, userId) != callingUid) {
|
||||
+ throw new SecurityException("BIND_EXTERNAL_SERVICE failed, "
|
||||
+ + "calling package not owned by calling UID ");
|
||||
+ }
|
||||
// Run the service under the calling package's application.
|
||||
ApplicationInfo aInfo = AppGlobals.getPackageManager().getApplicationInfo(
|
||||
callingPackage, ActivityManagerService.STOCK_PM_FLAGS, userId);
|
||||
|
|
@ -0,0 +1,71 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Hao Ke <haok@google.com>
|
||||
Date: Mon, 12 Dec 2022 15:49:16 +0000
|
||||
Subject: [PATCH] Fix checkKeyIntentParceledCorrectly's bypass
|
||||
|
||||
The checkKeyIntentParceledCorrectly method was added in checkKeyIntent, which was originaly only invoked when AccountManagerService deserializes the KEY_INTENT value as not NULL. However, due to the self-changing bundle technique in Parcel mismatch problems, the Intent value can change after reparceling; hence would bypass the added checkKeyIntentParceledCorrectly call.
|
||||
|
||||
This CL did the following:
|
||||
|
||||
- Ensure the checkKeyIntent method is also called when result.getParcelable(AccountManager.KEY_INTENT) == null.
|
||||
|
||||
Bug: 260567867
|
||||
Bug: 262230405
|
||||
Test: local test, see b/262230405
|
||||
Test: atest CtsAccountManagerTestCases
|
||||
Merged-In: I7b528f52c41767ae12731838fdd36aa26a8f3477
|
||||
Change-Id: I7b528f52c41767ae12731838fdd36aa26a8f3477
|
||||
(cherry picked from commit 9f623983a8d4ec48d58b0eda56fa461fc6748981)
|
||||
Merged-In: I7b528f52c41767ae12731838fdd36aa26a8f3477
|
||||
---
|
||||
.../server/accounts/AccountManagerService.java | 15 +++++++++------
|
||||
1 file changed, 9 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java
|
||||
index 7b7ef41d5b41..ee56b9e3ad9b 100644
|
||||
--- a/services/core/java/com/android/server/accounts/AccountManagerService.java
|
||||
+++ b/services/core/java/com/android/server/accounts/AccountManagerService.java
|
||||
@@ -3396,8 +3396,7 @@ public class AccountManagerService
|
||||
Bundle.setDefusable(result, true);
|
||||
mNumResults++;
|
||||
Intent intent = null;
|
||||
- if (result != null
|
||||
- && (intent = result.getParcelable(AccountManager.KEY_INTENT)) != null) {
|
||||
+ if (result != null) {
|
||||
if (!checkKeyIntent(
|
||||
Binder.getCallingUid(),
|
||||
result)) {
|
||||
@@ -4757,8 +4756,10 @@ public class AccountManagerService
|
||||
EventLog.writeEvent(0x534e4554, "250588548", authUid, "");
|
||||
return false;
|
||||
}
|
||||
-
|
||||
Intent intent = bundle.getParcelable(AccountManager.KEY_INTENT);
|
||||
+ if (intent == null) {
|
||||
+ return true;
|
||||
+ }
|
||||
// Explicitly set an empty ClipData to ensure that we don't offer to
|
||||
// promote any Uris contained inside for granting purposes
|
||||
if (intent.getClipData() == null) {
|
||||
@@ -4809,7 +4810,10 @@ public class AccountManagerService
|
||||
p.recycle();
|
||||
Intent intent = bundle.getParcelable(AccountManager.KEY_INTENT);
|
||||
Intent simulateIntent = simulateBundle.getParcelable(AccountManager.KEY_INTENT);
|
||||
- return (intent.filterEquals(simulateIntent));
|
||||
+ if (intent == null) {
|
||||
+ return (simulateIntent == null);
|
||||
+ }
|
||||
+ return intent.filterEquals(simulateIntent);
|
||||
}
|
||||
|
||||
private boolean isExportedSystemActivity(ActivityInfo activityInfo) {
|
||||
@@ -4954,8 +4958,7 @@ public class AccountManagerService
|
||||
}
|
||||
}
|
||||
}
|
||||
- if (result != null
|
||||
- && (intent = result.getParcelable(AccountManager.KEY_INTENT)) != null) {
|
||||
+ if (result != null) {
|
||||
if (!checkKeyIntent(
|
||||
Binder.getCallingUid(),
|
||||
result)) {
|
||||
|
|
@ -0,0 +1,34 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Winson Chiu <chiuwinson@google.com>
|
||||
Date: Fri, 6 Jan 2023 21:26:24 +0000
|
||||
Subject: [PATCH] Encode Intent scheme when serializing to URI string RESTRICT
|
||||
AUTOMERGE
|
||||
|
||||
Avoids deserialization error when the scheme contains a
|
||||
reserved character.
|
||||
|
||||
Bug: 261858325
|
||||
|
||||
Test: atest android.content.cts.IntentTest#testEncoding
|
||||
|
||||
Merged-In: Ic34b3f796b762763db5aa7b5d7c109ae70607470
|
||||
Change-Id: Ic34b3f796b762763db5aa7b5d7c109ae70607470
|
||||
(cherry picked from commit 43437b4ee6424933d4e403f0375ef8c1f07986f4)
|
||||
Merged-In: Ic34b3f796b762763db5aa7b5d7c109ae70607470
|
||||
---
|
||||
core/java/android/content/Intent.java | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/core/java/android/content/Intent.java b/core/java/android/content/Intent.java
|
||||
index 08acfb651b18..c0ccd33273e9 100644
|
||||
--- a/core/java/android/content/Intent.java
|
||||
+++ b/core/java/android/content/Intent.java
|
||||
@@ -9494,7 +9494,7 @@ public class Intent implements Parcelable, Cloneable {
|
||||
private void toUriInner(StringBuilder uri, String scheme, String defAction,
|
||||
String defPackage, int flags) {
|
||||
if (scheme != null) {
|
||||
- uri.append("scheme=").append(scheme).append(';');
|
||||
+ uri.append("scheme=").append(Uri.encode(scheme)).append(';');
|
||||
}
|
||||
if (mAction != null && !mAction.equals(defAction)) {
|
||||
uri.append("action=").append(Uri.encode(mAction)).append(';');
|
||||
|
|
@ -0,0 +1,54 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Hui Peng <phui@google.com>
|
||||
Date: Thu, 8 Dec 2022 01:08:11 +0000
|
||||
Subject: [PATCH] Fix OOB access in avdt_scb_hdl_pkt_no_frag
|
||||
|
||||
This is a back port of the following 2 CLs:
|
||||
- Id13b1ebde8f603123c8b7a49922b2f1378ab788f
|
||||
- If0c7b25f2e6cb4531bbb6254e176e8ad1b5c5fb4
|
||||
|
||||
Regression test: I9c87e30ed58e7ad6a34ab7c96b0a8fb06324ad54
|
||||
|
||||
Bug: 142546355 258057241
|
||||
Test: atest net_test_stack_avdtp
|
||||
Ignore-AOSP-First: security
|
||||
Change-Id: Ie1707385d6452ece47915c153f4faaa1c8a287c9
|
||||
(cherry picked from commit b0b968e8c6214e20a5dc3617d66567225df0884f)
|
||||
Merged-In: Ie1707385d6452ece47915c153f4faaa1c8a287c9
|
||||
---
|
||||
stack/avdt/avdt_scb_act.cc | 13 +++++++++----
|
||||
1 file changed, 9 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/stack/avdt/avdt_scb_act.cc b/stack/avdt/avdt_scb_act.cc
|
||||
index ea9c0bceb..865eb30d6 100644
|
||||
--- a/stack/avdt/avdt_scb_act.cc
|
||||
+++ b/stack/avdt/avdt_scb_act.cc
|
||||
@@ -256,19 +256,24 @@ void avdt_scb_hdl_pkt_no_frag(tAVDT_SCB* p_scb, tAVDT_SCB_EVT* p_data) {
|
||||
if (offset > len) goto length_error;
|
||||
p += 2;
|
||||
BE_STREAM_TO_UINT16(ex_len, p);
|
||||
- offset += ex_len * 4;
|
||||
p += ex_len * 4;
|
||||
}
|
||||
|
||||
+ if ((p - p_start) >= len) {
|
||||
+ AVDT_TRACE_WARNING("%s: handling malformatted packet: ex_len too large", __func__);
|
||||
+ osi_free_and_reset((void**)&p_data->p_pkt);
|
||||
+ return;
|
||||
+ }
|
||||
+ offset = p - p_start;
|
||||
+
|
||||
/* adjust length for any padding at end of packet */
|
||||
if (o_p) {
|
||||
/* padding length in last byte of packet */
|
||||
- pad_len = *(p_start + p_data->p_pkt->len);
|
||||
+ pad_len = *(p_start + len - 1);
|
||||
}
|
||||
|
||||
/* do sanity check */
|
||||
- if ((offset > p_data->p_pkt->len) ||
|
||||
- ((pad_len + offset) > p_data->p_pkt->len)) {
|
||||
+ if (pad_len >= (len - offset)) {
|
||||
AVDT_TRACE_WARNING("Got bad media packet");
|
||||
osi_free_and_reset((void**)&p_data->p_pkt);
|
||||
}
|
||||
|
|
@ -0,0 +1,34 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Hui Peng <phui@google.com>
|
||||
Date: Fri, 20 Jan 2023 19:39:30 +0000
|
||||
Subject: [PATCH] Fix an OOB bug in register_notification_rsp
|
||||
|
||||
This is a backport of I901d973a736678d7f3cc816ddf0cbbcbbd1fe93f
|
||||
to rvc-dev.
|
||||
|
||||
Bug: 245916076
|
||||
Test: manual
|
||||
Ignore-AOSP-First: security
|
||||
Change-Id: I37a9f45e707702b2ec52b5a2d572f177f2911765
|
||||
(cherry picked from commit 901e34203c6280d414cbfa3978de04fd6515ffdf)
|
||||
Merged-In: I37a9f45e707702b2ec52b5a2d572f177f2911765
|
||||
---
|
||||
btif/src/btif_rc.cc | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/btif/src/btif_rc.cc b/btif/src/btif_rc.cc
|
||||
index edd073062..1fd1c3c79 100644
|
||||
--- a/btif/src/btif_rc.cc
|
||||
+++ b/btif/src/btif_rc.cc
|
||||
@@ -1877,6 +1877,11 @@ static bt_status_t register_notification_rsp(
|
||||
dump_rc_notification_event_id(event_id));
|
||||
std::unique_lock<std::mutex> lock(btif_rc_cb.lock);
|
||||
|
||||
+ if (event_id > MAX_RC_NOTIFICATIONS) {
|
||||
+ BTIF_TRACE_ERROR("Invalid event id");
|
||||
+ return BT_STATUS_PARM_INVALID;
|
||||
+ }
|
||||
+
|
||||
memset(&(avrc_rsp.reg_notif), 0, sizeof(tAVRC_REG_NOTIF_RSP));
|
||||
|
||||
avrc_rsp.reg_notif.event_id = event_id;
|
||||
|
|
@ -0,0 +1,30 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Alisher Alikhodjaev <alisher@google.com>
|
||||
Date: Tue, 31 Jan 2023 19:04:09 -0800
|
||||
Subject: [PATCH] OOBW in nci_snd_set_routing_cmd()
|
||||
|
||||
Bug: 264879662
|
||||
Test: read a tag, nfc on/off
|
||||
Change-Id: I408cf611fb35e9467d7484165ce48759970b158a
|
||||
(cherry picked from commit 1dd4d2e1b481dd83ca2b222993fdb74ae5306c78)
|
||||
Merged-In: I408cf611fb35e9467d7484165ce48759970b158a
|
||||
---
|
||||
src/nfc/nci/nci_hmsgs.c | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/src/nfc/nci/nci_hmsgs.c b/src/nfc/nci/nci_hmsgs.c
|
||||
index aa4aa94..a840d60 100644
|
||||
--- a/src/nfc/nci/nci_hmsgs.c
|
||||
+++ b/src/nfc/nci/nci_hmsgs.c
|
||||
@@ -597,6 +597,11 @@ uint8_t nci_snd_set_routing_cmd(bool more, uint8_t num_tlv, uint8_t tlv_size,
|
||||
uint8_t* pp;
|
||||
uint8_t size = tlv_size + 2;
|
||||
|
||||
+ if (size < tlv_size)
|
||||
+ {
|
||||
+ return (NCI_STATUS_FAILED);
|
||||
+ }
|
||||
+
|
||||
if (tlv_size == 0) {
|
||||
/* just to terminate routing table
|
||||
* 2 bytes (more=FALSE and num routing entries=0) */
|
||||
|
|
@ -0,0 +1,30 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Alisher Alikhodjaev <alisher@google.com>
|
||||
Date: Tue, 31 Jan 2023 19:04:09 -0800
|
||||
Subject: [PATCH] OOBW in nci_snd_set_routing_cmd()
|
||||
|
||||
Bug: 264879662
|
||||
Test: read a tag, nfc on/off
|
||||
Change-Id: I408cf611fb35e9467d7484165ce48759970b158a
|
||||
(cherry picked from commit 1dd4d2e1b481dd83ca2b222993fdb74ae5306c78)
|
||||
Merged-In: I408cf611fb35e9467d7484165ce48759970b158a
|
||||
---
|
||||
src/nfc/nci/nci_hmsgs.c | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/src/nfc/nci/nci_hmsgs.c b/src/nfc/nci/nci_hmsgs.c
|
||||
index 913fe15c..0701c345 100644
|
||||
--- a/src/nfc/nci/nci_hmsgs.c
|
||||
+++ b/src/nfc/nci/nci_hmsgs.c
|
||||
@@ -718,6 +718,11 @@ uint8_t nci_snd_set_routing_cmd(bool more, uint8_t num_tlv, uint8_t tlv_size,
|
||||
uint8_t* pp;
|
||||
uint8_t size = tlv_size + 2;
|
||||
|
||||
+ if (size < tlv_size)
|
||||
+ {
|
||||
+ return (NCI_STATUS_FAILED);
|
||||
+ }
|
||||
+
|
||||
if (tlv_size == 0) {
|
||||
/* just to terminate routing table
|
||||
* 2 bytes (more=false and num routing entries=0) */
|
||||
|
|
@ -10,10 +10,10 @@ requiring the READ_PHONE_STATE permission.
|
|||
1 file changed, 1 insertion(+), 7 deletions(-)
|
||||
|
||||
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
|
||||
index dd41196e62a4..5821599753bd 100644
|
||||
index f522b20f7ccd..8380e5059b5f 100644
|
||||
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
|
||||
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
|
||||
@@ -7888,13 +7888,7 @@ public class ActivityManagerService extends IActivityManager.Stub
|
||||
@@ -7908,13 +7908,7 @@ public class ActivityManagerService extends IActivityManager.Stub
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -73,7 +73,7 @@ applyPatch "$DOS_PATCHES/android_build/0001-OTA_Keys.patch"; #Add correct keys t
|
|||
applyPatch "$DOS_PATCHES/android_build/0002-Enable_fwrapv.patch"; #Use -fwrapv at a minimum (GrapheneOS)
|
||||
sed -i '57i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
|
||||
awk -i inplace '!/Email/' target/product/core.mk; #Remove Email
|
||||
sed -i 's/2021-10-05/2023-03-05/' core/version_defaults.mk; #Bump Security String #XXX
|
||||
sed -i 's/2021-10-05/2023-04-05/' core/version_defaults.mk; #Bump Security String #XXX
|
||||
fi;
|
||||
|
||||
if enterAndClear "build/soong"; then
|
||||
|
|
@ -174,6 +174,10 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/347051-backport.patch"; #P_asb_
|
|||
applyPatch "$DOS_PATCHES/android_frameworks_base/349330.patch"; #P_asb_2023-02 Correct the behavior of ACTION_PACKAGE_DATA_CLEARED
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/349331.patch"; #P_asb_2023-02 Convert argument to intent in ChooseTypeAndAccountActivity
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/352086.patch"; #n-asb-2023-03 Revoke dev perm if app is upgrading to post 23 and perm has pre23 flag
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/354242-backport.patch"; #P_asb_2023-04 Context#startInstrumentation could be started from SHELL only now.
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/354243.patch"; #P_asb_2023-04 Checking if package belongs to UID before registering broadcast receiver
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/354244-backport.patch"; #P_asb_2023-04 Fix checkKeyIntentParceledCorrectly's bypass
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/354245.patch"; #P_asb_2023-04 Encode Intent scheme when serializing to URI string
|
||||
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0001-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969)
|
||||
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after five failed attempts (GrapheneOS)
|
||||
|
|
@ -391,6 +395,8 @@ applyPatch "$DOS_PATCHES/android_system_bt/349335.patch"; #P_asb_2023-02 Add bou
|
|||
applyPatch "$DOS_PATCHES/android_system_bt/351916.patch"; #P_asb_2023-03 Fix an OOB Write bug in gatt_check_write_long_terminate
|
||||
applyPatch "$DOS_PATCHES/android_system_bt/351917.patch"; #P_asb_2023-03 Fix an OOB access bug in A2DP_BuildMediaPayloadHeaderSbc
|
||||
applyPatch "$DOS_PATCHES/android_system_bt/351918.patch"; #P_asb_2023-03 Fix an OOB write in SDP_AddAttribute
|
||||
applyPatch "$DOS_PATCHES/android_system_bt/354246.patch"; #P_asb_2023-04 Fix OOB access in avdt_scb_hdl_pkt_no_frag
|
||||
applyPatch "$DOS_PATCHES/android_system_bt/354247.patch"; #P_asb_2023-04 Fix an OOB bug in register_notification_rsp
|
||||
fi;
|
||||
|
||||
if enterAndClear "system/core"; then
|
||||
|
|
@ -405,6 +411,7 @@ if enterAndClear "system/nfc"; then
|
|||
applyPatch "$DOS_PATCHES/android_system_nfc/332767.patch"; #P_asb_2022-06 Double Free in ce_t4t_data_cback
|
||||
applyPatch "$DOS_PATCHES/android_system_nfc/332458-backport.patch"; #n-asb-2022-06 Out of Bounds Read in nfa_dm_check_set_config
|
||||
applyPatch "$DOS_PATCHES/android_system_nfc/344180-backport.patch"; #P_asb_2022-11 OOBW in phNxpNciHal_write_unlocked()
|
||||
applyPatch "$DOS_PATCHES/android_system_nfc/353760-backport.patch"; #n-asb-2023-04 OOBW in nci_snd_set_routing_cmd()
|
||||
fi;
|
||||
|
||||
if enterAndClear "system/sepolicy"; then
|
||||
|
|
@ -422,6 +429,7 @@ applyPatch "$DOS_PATCHES/android_vendor_nxp_opensource_external_libnfc-nci/33277
|
|||
applyPatch "$DOS_PATCHES/android_vendor_nxp_opensource_external_libnfc-nci/332458-backport.patch"; #n-asb-2022-06 Out of Bounds Read in nfa_dm_check_set_config
|
||||
applyPatch "$DOS_PATCHES/android_vendor_nxp_opensource_external_libnfc-nci/332459-backport.patch"; #n-asb-2022-06 OOBR in nfc_ncif_proc_ee_discover_req()
|
||||
applyPatch "$DOS_PATCHES/android_vendor_nxp_opensource_external_libnfc-nci/344190-backport.patch"; #P_asb_2022-11 OOBW in phNxpNciHal_write_unlocked()
|
||||
applyPatch "$DOS_PATCHES/android_vendor_nxp_opensource_external_libnfc-nci/353760-backport.patch"; #n-asb-2023-04 OOBW in nci_snd_set_routing_cmd()
|
||||
fi;
|
||||
|
||||
if enterAndClear "vendor/nxp/opensource/packages/apps/Nfc"; then #keep in sync with packages/apps/Nfc
|
||||
|
|
|
|||
|
|
@ -89,6 +89,7 @@ patchWorkspaceReal() {
|
|||
repopick -it P_asb_2023-01 -e 347129;
|
||||
repopick -it P_asb_2023-02 -e 349337;
|
||||
repopick -it P_asb_2023-03;
|
||||
repopick -it P_asb_2023-04;
|
||||
|
||||
sh "$DOS_SCRIPTS/Patch.sh";
|
||||
sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";
|
||||
|
|
|
|||
|
|
@ -97,7 +97,7 @@ applyPatch "$DOS_PATCHES/android_build/0002-Enable_fwrapv.patch"; #Use -fwrapv a
|
|||
sed -i '74i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
|
||||
sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 17/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
|
||||
awk -i inplace '!/Email/' target/product/core.mk; #Remove Email
|
||||
sed -i 's/2022-01-05/2023-03-05/' core/version_defaults.mk; #Bump Security String #P_asb_2023-03 #XXX
|
||||
sed -i 's/2022-01-05/2023-04-05/' core/version_defaults.mk; #Bump Security String #P_asb_2023-04 #XXX
|
||||
fi;
|
||||
|
||||
if enterAndClear "build/soong"; then
|
||||
|
|
|
|||
Loading…
Reference in New Issue