diff --git a/Patches/LineageOS-18.1/android_frameworks_base/389013.patch b/Patches/LineageOS-18.1/android_frameworks_base/389013.patch deleted file mode 100644 index 0e4b431c..00000000 --- a/Patches/LineageOS-18.1/android_frameworks_base/389013.patch +++ /dev/null @@ -1,117 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Beverly -Date: Thu, 18 Jan 2024 20:13:52 +0000 -Subject: [PATCH] isUserInLockDown can be true when there are other strong auth - requirements - -Bug: 315206668 -Bug: 218495634 -Flag: None -Test: manual, atest LockPatternUtilsTest -(cherry picked from commit d341f1ecdb011d24b17358f115391b3f997cb179) -(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:ce7ca2d9f405c94062504411c886eff93bd7ce15) -Merged-In: I5e979a7822dd7254b4579ab28ecf96df1db44179 -Change-Id: I5e979a7822dd7254b4579ab28ecf96df1db44179 ---- - .../internal/widget/LockPatternUtils.java | 4 +- - .../internal/util/LockPatternUtilsTest.java | 41 ++++++++++++++++--- - 2 files changed, 38 insertions(+), 7 deletions(-) - -diff --git a/core/java/com/android/internal/widget/LockPatternUtils.java b/core/java/com/android/internal/widget/LockPatternUtils.java -index e0a2803ea60b..d0e82ec29c80 100644 ---- a/core/java/com/android/internal/widget/LockPatternUtils.java -+++ b/core/java/com/android/internal/widget/LockPatternUtils.java -@@ -1484,8 +1484,8 @@ public class LockPatternUtils { - } - - public boolean isUserInLockdown(int userId) { -- return getStrongAuthForUser(userId) -- == StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN; -+ return (getStrongAuthForUser(userId) -+ & StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN) != 0; - } - - private static class WrappedCallback extends ICheckCredentialProgressCallback.Stub { -diff --git a/core/tests/utiltests/src/com/android/internal/util/LockPatternUtilsTest.java b/core/tests/utiltests/src/com/android/internal/util/LockPatternUtilsTest.java -index 50e8474e8d52..01494a7659a5 100644 ---- a/core/tests/utiltests/src/com/android/internal/util/LockPatternUtilsTest.java -+++ b/core/tests/utiltests/src/com/android/internal/util/LockPatternUtilsTest.java -@@ -19,6 +19,10 @@ package com.android.internal.util; - import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_MANAGED; - import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED; - -+import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_NOT_REQUIRED; -+import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_LOCKOUT; -+import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN; -+ - import static org.junit.Assert.assertFalse; - import static org.junit.Assert.assertTrue; - import static org.mockito.Mockito.doReturn; -@@ -48,12 +52,15 @@ import org.mockito.Mockito; - @SmallTest - public class LockPatternUtilsTest { - -+ private ILockSettings mLockSettings; -+ private static final int USER_ID = 1; - private static final int DEMO_USER_ID = 5; - - private LockPatternUtils mLockPatternUtils; - - private void configureTest(boolean isSecure, boolean isDemoUser, int deviceDemoMode) - throws Exception { -+ mLockSettings = Mockito.mock(ILockSettings.class); - final Context context = spy(new ContextWrapper(InstrumentationRegistry.getTargetContext())); - - final MockContentResolver cr = new MockContentResolver(context); -@@ -61,15 +68,14 @@ public class LockPatternUtilsTest { - when(context.getContentResolver()).thenReturn(cr); - Settings.Global.putInt(cr, Settings.Global.DEVICE_DEMO_MODE, deviceDemoMode); - -- final ILockSettings ils = Mockito.mock(ILockSettings.class); -- when(ils.getCredentialType(DEMO_USER_ID)).thenReturn( -+ when(mLockSettings.getCredentialType(DEMO_USER_ID)).thenReturn( - isSecure ? LockPatternUtils.CREDENTIAL_TYPE_PASSWORD - : LockPatternUtils.CREDENTIAL_TYPE_NONE); -- when(ils.getLong("lockscreen.password_type", PASSWORD_QUALITY_UNSPECIFIED, DEMO_USER_ID)) -- .thenReturn((long) PASSWORD_QUALITY_MANAGED); -+ when(mLockSettings.getLong("lockscreen.password_type", PASSWORD_QUALITY_UNSPECIFIED, -+ DEMO_USER_ID)).thenReturn((long) PASSWORD_QUALITY_MANAGED); - // TODO(b/63758238): stop spying the class under test - mLockPatternUtils = spy(new LockPatternUtils(context)); -- when(mLockPatternUtils.getLockSettings()).thenReturn(ils); -+ when(mLockPatternUtils.getLockSettings()).thenReturn(mLockSettings); - doReturn(true).when(mLockPatternUtils).hasSecureLockScreen(); - - final UserInfo userInfo = Mockito.mock(UserInfo.class); -@@ -79,6 +85,31 @@ public class LockPatternUtilsTest { - when(context.getSystemService(Context.USER_SERVICE)).thenReturn(um); - } - -+ @Test -+ public void isUserInLockDown() throws Exception { -+ configureTest(true, false, 2); -+ -+ // GIVEN strong auth not required -+ when(mLockSettings.getStrongAuthForUser(USER_ID)).thenReturn(STRONG_AUTH_NOT_REQUIRED); -+ -+ // THEN user isn't in lockdown -+ assertFalse(mLockPatternUtils.isUserInLockdown(USER_ID)); -+ -+ // GIVEN lockdown -+ when(mLockSettings.getStrongAuthForUser(USER_ID)).thenReturn( -+ STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN); -+ -+ // THEN user is in lockdown -+ assertTrue(mLockPatternUtils.isUserInLockdown(USER_ID)); -+ -+ // GIVEN lockdown and lockout -+ when(mLockSettings.getStrongAuthForUser(USER_ID)).thenReturn( -+ STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN | STRONG_AUTH_REQUIRED_AFTER_LOCKOUT); -+ -+ // THEN user is in lockdown -+ assertTrue(mLockPatternUtils.isUserInLockdown(USER_ID)); -+ } -+ - @Test - public void isLockScreenDisabled_isDemoUser_true() throws Exception { - configureTest(false, true, 2); diff --git a/Patches/LineageOS-18.1/android_frameworks_base/389014-backport.patch b/Patches/LineageOS-18.1/android_frameworks_base/389014-backport.patch deleted file mode 100644 index e802abc2..00000000 --- a/Patches/LineageOS-18.1/android_frameworks_base/389014-backport.patch +++ /dev/null @@ -1,345 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Tetiana Meronyk -Date: Wed, 10 Jan 2024 16:25:13 +0000 -Subject: [PATCH] Fix security vulnerability that creates user with no - restrictions when accountOptions are too long. - -Bug: 293602970 -Test: atest UserManagerTest#testAddUserAccountData_validStringValuesAreSaved_validBundleIsSaved && atest UserManagerTest#testAddUserAccountData_invalidStringValuesAreTruncated_invalidBundleIsDropped -(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:944ea959ab8464c39a8f6a4fc391fb6953e1df89) -Merged-In: I23c971f671546ac085060add89485cfac6691ca3 -Change-Id: I23c971f671546ac085060add89485cfac6691ca3 ---- - core/java/android/os/PersistableBundle.java | 37 +++++++ - core/java/android/os/UserManager.java | 23 +++- - .../app/ConfirmUserCreationActivity.java | 12 +++ - .../android/server/pm/UserManagerService.java | 29 ++--- - .../android/server/pm/UserManagerTest.java | 102 ++++++++++++++++++ - 5 files changed, 187 insertions(+), 16 deletions(-) - -diff --git a/core/java/android/os/PersistableBundle.java b/core/java/android/os/PersistableBundle.java -index 7c7e2137aa17..b2adb5eb434c 100644 ---- a/core/java/android/os/PersistableBundle.java -+++ b/core/java/android/os/PersistableBundle.java -@@ -275,6 +275,43 @@ public final class PersistableBundle extends BaseBundle implements Cloneable, Pa - XmlUtils.writeMapXml(mMap, out, this); - } - -+ /** -+ * Checks whether all keys and values are within the given character limit. -+ * Note: Maximum character limit of String that can be saved to XML as part of bundle is 65535. -+ * Otherwise IOException is thrown. -+ * @param limit length of String keys and values in the PersistableBundle, including nested -+ * PersistableBundles to check against. -+ * -+ * @hide -+ */ -+ public boolean isBundleContentsWithinLengthLimit(int limit) { -+ unparcel(); -+ if (mMap == null) { -+ return true; -+ } -+ for (int i = 0; i < mMap.size(); i++) { -+ if (mMap.keyAt(i) != null && mMap.keyAt(i).length() > limit) { -+ return false; -+ } -+ final Object value = mMap.valueAt(i); -+ if (value instanceof String && ((String) value).length() > limit) { -+ return false; -+ } else if (value instanceof String[]) { -+ String[] stringArray = (String[]) value; -+ for (int j = 0; j < stringArray.length; j++) { -+ if (stringArray[j] != null -+ && stringArray[j].length() > limit) { -+ return false; -+ } -+ } -+ } else if (value instanceof PersistableBundle -+ && !((PersistableBundle) value).isBundleContentsWithinLengthLimit(limit)) { -+ return false; -+ } -+ } -+ return true; -+ } -+ - /** @hide */ - static class MyReadMapCallback implements XmlUtils.ReadMapCallback { - @Override -diff --git a/core/java/android/os/UserManager.java b/core/java/android/os/UserManager.java -index 2465b0e41876..9606ce97a3b0 100644 ---- a/core/java/android/os/UserManager.java -+++ b/core/java/android/os/UserManager.java -@@ -91,6 +91,21 @@ public class UserManager { - private Boolean mIsManagedProfileCached; - private Boolean mIsProfileCached; - -+ /** Maximum length of username. -+ * @hide -+ */ -+ public static final int MAX_USER_NAME_LENGTH = 100; -+ -+ /** Maximum length of user property String value. -+ * @hide -+ */ -+ public static final int MAX_ACCOUNT_STRING_LENGTH = 500; -+ -+ /** Maximum length of account options String values. -+ * @hide -+ */ -+ public static final int MAX_ACCOUNT_OPTIONS_LENGTH = 1000; -+ - /** - * User type representing a {@link UserHandle#USER_SYSTEM system} user that is a human user. - * This type of user cannot be created; it can only pre-exist on first boot. -@@ -2974,15 +2989,15 @@ public class UserManager { - * time, the preferred user name and account information are used by the setup process for that - * user. - * -- * @param userName Optional name to assign to the user. -+ * @param userName Optional name to assign to the user. Character limit is 100. - * @param accountName Optional account name that will be used by the setup wizard to initialize -- * the user. -+ * the user. Character limit is 500. - * @param accountType Optional account type for the account to be created. This is required -- * if the account name is specified. -+ * if the account name is specified. Character limit is 500. - * @param accountOptions Optional bundle of data to be passed in during account creation in the - * new user via {@link AccountManager#addAccount(String, String, String[], - * Bundle, android.app.Activity, android.accounts.AccountManagerCallback, -- * Handler)}. -+ * Handler)}. Character limit is 1000. - * @return An Intent that can be launched from an Activity. - * @see #USER_CREATION_FAILED_NOT_PERMITTED - * @see #USER_CREATION_FAILED_NO_MORE_USERS -diff --git a/core/java/com/android/internal/app/ConfirmUserCreationActivity.java b/core/java/com/android/internal/app/ConfirmUserCreationActivity.java -index 03da9bc939ec..74dedc38a922 100644 ---- a/core/java/com/android/internal/app/ConfirmUserCreationActivity.java -+++ b/core/java/com/android/internal/app/ConfirmUserCreationActivity.java -@@ -110,6 +110,14 @@ public class ConfirmUserCreationActivity extends AlertActivity - if (cantCreateUser) { - setResult(UserManager.USER_CREATION_FAILED_NOT_PERMITTED); - return null; -+ } else if (!(isUserPropertyWithinLimit(mUserName, UserManager.MAX_USER_NAME_LENGTH) -+ && isUserPropertyWithinLimit(mAccountName, UserManager.MAX_ACCOUNT_STRING_LENGTH) -+ && isUserPropertyWithinLimit(mAccountType, UserManager.MAX_ACCOUNT_STRING_LENGTH)) -+ || (mAccountOptions != null && !mAccountOptions.isBundleContentsWithinLengthLimit( -+ UserManager.MAX_ACCOUNT_OPTIONS_LENGTH))) { -+ setResult(UserManager.USER_CREATION_FAILED_NOT_PERMITTED); -+ Log.i(TAG, "User properties must not exceed their character limits"); -+ return null; - } else if (cantCreateAnyMoreUsers) { - setResult(UserManager.USER_CREATION_FAILED_NO_MORE_USERS); - return null; -@@ -137,4 +145,8 @@ public class ConfirmUserCreationActivity extends AlertActivity - } - finish(); - } -+ -+ private boolean isUserPropertyWithinLimit(String property, int limit) { -+ return property == null || property.length() <= limit; -+ } - } -diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java -index 4a9d6f6ef5ff..88c4223d0925 100644 ---- a/services/core/java/com/android/server/pm/UserManagerService.java -+++ b/services/core/java/com/android/server/pm/UserManagerService.java -@@ -240,8 +240,6 @@ public class UserManagerService extends IUserManager.Stub { - - private static final int USER_VERSION = 9; - -- private static final int MAX_USER_STRING_LENGTH = 500; -- - private static final long EPOCH_PLUS_30_YEARS = 30L * 365 * 24 * 60 * 60 * 1000L; // ms - - static final int WRITE_USER_MSG = 1; -@@ -2938,16 +2936,18 @@ public class UserManagerService extends IUserManager.Stub { - if (userData.persistSeedData) { - if (userData.seedAccountName != null) { - serializer.attribute(null, ATTR_SEED_ACCOUNT_NAME, -- truncateString(userData.seedAccountName)); -+ truncateString(userData.seedAccountName, -+ UserManager.MAX_ACCOUNT_STRING_LENGTH)); - } - if (userData.seedAccountType != null) { - serializer.attribute(null, ATTR_SEED_ACCOUNT_TYPE, -- truncateString(userData.seedAccountType)); -+ truncateString(userData.seedAccountType, -+ UserManager.MAX_ACCOUNT_STRING_LENGTH)); - } - } - if (userInfo.name != null) { - serializer.startTag(null, TAG_NAME); -- serializer.text(truncateString(userInfo.name)); -+ serializer.text(truncateString(userInfo.name, UserManager.MAX_USER_NAME_LENGTH)); - serializer.endTag(null, TAG_NAME); - } - synchronized (mRestrictionsLock) { -@@ -2987,11 +2987,11 @@ public class UserManagerService extends IUserManager.Stub { - serializer.endDocument(); - } - -- private String truncateString(String original) { -- if (original == null || original.length() <= MAX_USER_STRING_LENGTH) { -+ private String truncateString(String original, int limit) { -+ if (original == null || original.length() <= limit) { - return original; - } -- return original.substring(0, MAX_USER_STRING_LENGTH); -+ return original.substring(0, limit); - } - - /* -@@ -3409,7 +3409,7 @@ public class UserManagerService extends IUserManager.Stub { - @NonNull String userType, @UserInfoFlag int flags, @UserIdInt int parentId, - boolean preCreate, @Nullable String[] disallowedPackages, - @NonNull TimingsTraceAndSlog t) throws UserManager.CheckedUserOperationException { -- String truncatedName = truncateString(name); -+ String truncatedName = truncateString(name, UserManager.MAX_USER_NAME_LENGTH); - final UserTypeDetails userTypeDetails = mUserTypes.get(userType); - if (userTypeDetails == null) { - Slog.e(LOG_TAG, "Cannot create user of invalid user type: " + userType); -@@ -4619,9 +4619,14 @@ public class UserManagerService extends IUserManager.Stub { - Slog.e(LOG_TAG, "No such user for settings seed data u=" + userId); - return; - } -- userData.seedAccountName = truncateString(accountName); -- userData.seedAccountType = truncateString(accountType); -- userData.seedAccountOptions = accountOptions; -+ userData.seedAccountName = truncateString(accountName, -+ UserManager.MAX_ACCOUNT_STRING_LENGTH); -+ userData.seedAccountType = truncateString(accountType, -+ UserManager.MAX_ACCOUNT_STRING_LENGTH); -+ if (accountOptions != null && accountOptions.isBundleContentsWithinLengthLimit( -+ UserManager.MAX_ACCOUNT_OPTIONS_LENGTH)) { -+ userData.seedAccountOptions = accountOptions; -+ } - userData.persistSeedData = persist; - } - if (persist) { -diff --git a/services/tests/servicestests/src/com/android/server/pm/UserManagerTest.java b/services/tests/servicestests/src/com/android/server/pm/UserManagerTest.java -index 44bb58f62253..e7bb3ef42136 100644 ---- a/services/tests/servicestests/src/com/android/server/pm/UserManagerTest.java -+++ b/services/tests/servicestests/src/com/android/server/pm/UserManagerTest.java -@@ -19,6 +19,7 @@ package com.android.server.pm; - import static com.google.common.truth.Truth.assertThat; - import static com.google.common.truth.Truth.assertWithMessage; - -+import static org.junit.Assert.assertTrue; - import static org.junit.Assert.fail; - import static org.junit.Assume.assumeTrue; - import static org.testng.Assert.assertThrows; -@@ -33,6 +34,7 @@ import android.content.pm.PackageManager; - import android.content.pm.UserInfo; - import android.content.res.Resources; - import android.os.Bundle; -+import android.os.PersistableBundle; - import android.os.UserHandle; - import android.os.UserManager; - import android.provider.Settings; -@@ -879,6 +881,106 @@ public final class UserManagerTest { - assertThat(userInfo.name).isEqualTo(newName); - } - -+ @Test -+ public void testAddUserAccountData_validStringValuesAreSaved_validBundleIsSaved() { -+ assumeManagedUsersSupported(); -+ -+ String userName = "User"; -+ String accountName = "accountName"; -+ String accountType = "accountType"; -+ String arrayKey = "StringArrayKey"; -+ String stringKey = "StringKey"; -+ String intKey = "IntKey"; -+ String nestedBundleKey = "PersistableBundleKey"; -+ String value1 = "Value 1"; -+ String value2 = "Value 2"; -+ String value3 = "Value 3"; -+ -+ UserInfo userInfo = mUserManager.createUser(userName, -+ UserManager.USER_TYPE_FULL_SECONDARY, 0); -+ -+ PersistableBundle accountOptions = new PersistableBundle(); -+ String[] stringArray = {value1, value2}; -+ accountOptions.putInt(intKey, 1234); -+ PersistableBundle nested = new PersistableBundle(); -+ nested.putString(stringKey, value3); -+ accountOptions.putPersistableBundle(nestedBundleKey, nested); -+ accountOptions.putStringArray(arrayKey, stringArray); -+ -+ mUserManager.clearSeedAccountData(); -+ mUserManager.setSeedAccountData(mContext.getUserId(), accountName, -+ accountType, accountOptions); -+ -+ //assert userName accountName and accountType were saved correctly -+ assertTrue(mUserManager.getUserInfo(userInfo.id).name.equals(userName)); -+ assertTrue(mUserManager.getSeedAccountName().equals(accountName)); -+ assertTrue(mUserManager.getSeedAccountType().equals(accountType)); -+ -+ //assert bundle with correct values was added -+ assertThat(mUserManager.getSeedAccountOptions().containsKey(arrayKey)).isTrue(); -+ assertThat(mUserManager.getSeedAccountOptions().getPersistableBundle(nestedBundleKey) -+ .getString(stringKey)).isEqualTo(value3); -+ assertThat(mUserManager.getSeedAccountOptions().getStringArray(arrayKey)[0]) -+ .isEqualTo(value1); -+ -+ mUserManager.removeUser(userInfo.id); -+ } -+ -+ @Test -+ public void testAddUserAccountData_invalidStringValuesAreTruncated_invalidBundleIsDropped() { -+ assumeManagedUsersSupported(); -+ -+ String tooLongString = generateLongString(); -+ String userName = "User " + tooLongString; -+ String accountType = "Account Type " + tooLongString; -+ String accountName = "accountName " + tooLongString; -+ String arrayKey = "StringArrayKey"; -+ String stringKey = "StringKey"; -+ String intKey = "IntKey"; -+ String nestedBundleKey = "PersistableBundleKey"; -+ String value1 = "Value 1"; -+ String value2 = "Value 2"; -+ -+ UserInfo userInfo = mUserManager.createUser(userName, -+ UserManager.USER_TYPE_FULL_SECONDARY, 0); -+ -+ PersistableBundle accountOptions = new PersistableBundle(); -+ String[] stringArray = {value1, value2}; -+ accountOptions.putInt(intKey, 1234); -+ PersistableBundle nested = new PersistableBundle(); -+ nested.putString(stringKey, tooLongString); -+ accountOptions.putPersistableBundle(nestedBundleKey, nested); -+ accountOptions.putStringArray(arrayKey, stringArray); -+ mUserManager.clearSeedAccountData(); -+ mUserManager.setSeedAccountData(mContext.getUserId(), accountName, -+ accountType, accountOptions); -+ -+ //assert userName was truncated -+ assertTrue(mUserManager.getUserInfo(userInfo.id).name.length() -+ == UserManager.MAX_USER_NAME_LENGTH); -+ -+ //assert accountName and accountType got truncated -+ assertTrue(mUserManager.getSeedAccountName().length() -+ == UserManager.MAX_ACCOUNT_STRING_LENGTH); -+ assertTrue(mUserManager.getSeedAccountType().length() -+ == UserManager.MAX_ACCOUNT_STRING_LENGTH); -+ -+ //assert bundle with invalid values was dropped -+ assertThat(mUserManager.getSeedAccountOptions() == null).isTrue(); -+ -+ mUserManager.removeUser(userInfo.id); -+ } -+ -+ private String generateLongString() { -+ String partialString = "Test Name Test Name Test Name Test Name Test Name Test Name Test " -+ + "Name Test Name Test Name Test Name "; //String of length 100 -+ StringBuilder resultString = new StringBuilder(); -+ for (int i = 0; i < 600; i++) { -+ resultString.append(partialString); -+ } -+ return resultString.toString(); -+ } -+ - private boolean isPackageInstalledForUser(String packageName, int userId) { - try { - return mPackageManager.getPackageInfoAsUser(packageName, 0, userId) != null; diff --git a/Scripts/LineageOS-18.1/Functions.sh b/Scripts/LineageOS-18.1/Functions.sh index 41c57038..66ba1ce3 100644 --- a/Scripts/LineageOS-18.1/Functions.sh +++ b/Scripts/LineageOS-18.1/Functions.sh @@ -124,6 +124,7 @@ patchWorkspaceReal() { repopick -fit hh-vsync; repopick -fi 311299; #ble: Workaround malformed HCI_BLE_VENDOR_CAP response repopick -it R_asb_2024-03; + repopick -it R_asb_2024-04; sh "$DOS_SCRIPTS/Patch.sh"; sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh"; diff --git a/Scripts/LineageOS-18.1/Patch.sh b/Scripts/LineageOS-18.1/Patch.sh index 311fac8e..d6f10c87 100644 --- a/Scripts/LineageOS-18.1/Patch.sh +++ b/Scripts/LineageOS-18.1/Patch.sh @@ -126,8 +126,6 @@ fi; if enterAndClear "frameworks/base"; then git revert --no-edit 438d9feacfcad73d3ee918541574132928a93644; #Reverts "Allow signature spoofing for microG Companion/Services" in favor of below patch -applyPatch "$DOS_PATCHES/android_frameworks_base/389013.patch"; #S_asb_2024-04 isUserInLockDown can be true when there are other strong auth requirements -applyPatch "$DOS_PATCHES/android_frameworks_base/389014-backport.patch"; #S_asb_2024-04 Fix security vulnerability that creates user with no restrictions when accountOptions are too long. applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch"; #Allow SystemUI to directly manage Bluetooth/WiFi (GrapheneOS)