17.1: Reconcile picks

Signed-off-by: Tavi <tavi@divested.dev>
This commit is contained in:
Tavi 2024-12-17 07:20:04 -05:00
parent ed59b190c7
commit 3fd3dd08c1
No known key found for this signature in database
GPG Key ID: E599F62ECBAEAF2E
27 changed files with 572 additions and 134 deletions

View File

@ -1,4 +1,4 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From 8403f004112570c0974f227e79e82607e12f6c94 Mon Sep 17 00:00:00 2001
From: Brian Osman <brianosman@google.com>
Date: Tue, 27 Aug 2024 14:22:52 -0400
Subject: [PATCH] RESTRICT AUTOMERGE: Avoid potential overflow when allocating
@ -25,7 +25,7 @@ Change-Id: Ia35860371d45120baca63238e77faa5c0eb25d51
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/src/effects/SkEmbossMaskFilter.cpp b/src/effects/SkEmbossMaskFilter.cpp
index ef26520172..94ff73e908 100644
index ef265201727..94ff73e9088 100644
--- a/src/effects/SkEmbossMaskFilter.cpp
+++ b/src/effects/SkEmbossMaskFilter.cpp
@@ -95,11 +95,13 @@ bool SkEmbossMaskFilter::filterMask(SkMask* dst, const SkMask& src,

View File

@ -1,4 +1,4 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From c913dee38cbeaae19c5f12c37aec25654d74b671 Mon Sep 17 00:00:00 2001
From: Dmitry Dementyev <dementyev@google.com>
Date: Thu, 11 Jul 2024 12:39:22 -0700
Subject: [PATCH] Update AccountManagerService checkKeyIntent.
@ -17,10 +17,10 @@ Change-Id: I8b23191d3d60036ca7ddf0ef7dcba6b38fb27b3c
1 file changed, 3 insertions(+)
diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java
index bf577735d037..e8c8b32884e9 100644
index bf577735d0372..e8c8b32884e96 100644
--- a/services/core/java/com/android/server/accounts/AccountManagerService.java
+++ b/services/core/java/com/android/server/accounts/AccountManagerService.java
@@ -4822,6 +4822,9 @@ public class AccountManagerService
@@ -4822,6 +4822,9 @@ protected boolean checkKeyIntent(int authUid, Bundle bundle) {
if (resolveInfo == null) {
return false;
}

View File

@ -1,4 +1,4 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From 4ffd411d62fe0a866c0ed0852260e2834c202630 Mon Sep 17 00:00:00 2001
From: William Loh <wloh@google.com>
Date: Mon, 3 Jun 2024 12:56:47 -0700
Subject: [PATCH] Fail parseUri if end is missing
@ -15,10 +15,10 @@ Change-Id: I5f619ced684ff505ce2b7408cd35dd3e9be89dea
1 file changed, 3 insertions(+)
diff --git a/core/java/android/content/Intent.java b/core/java/android/content/Intent.java
index 72e0fa615b09..0685466bfa74 100644
index 72e0fa615b092..0685466bfa74e 100644
--- a/core/java/android/content/Intent.java
+++ b/core/java/android/content/Intent.java
@@ -6708,6 +6708,9 @@ public class Intent implements Parcelable, Cloneable {
@@ -6708,6 +6708,9 @@ public static Intent parseUri(String uri, @UriFlags int flags) throws URISyntaxE
int eq = uri.indexOf('=', i);
if (eq < 0) eq = i-1;
int semi = uri.indexOf(';', i);

View File

@ -1,8 +1,8 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From d336d741ce6aa201cb81de38153bb367921fdf9d Mon Sep 17 00:00:00 2001
From: Sumedh Sen <sumedhsen@google.com>
Date: Wed, 17 Jul 2024 01:00:55 +0000
Subject: [PATCH] Check whether installerPackageName contains only valid
characters
Subject: [PATCH] [RESTRICT AUTOMERGE] Check whether installerPackageName
contains only valid characters
Bug: 341256391
Bug: 307532206
@ -15,10 +15,10 @@ Change-Id: I74a172c617d6f5b13f0708092156b657b73b5891
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/services/core/java/com/android/server/pm/PackageInstallerService.java b/services/core/java/com/android/server/pm/PackageInstallerService.java
index 8715b183d142..6c77a9575dcb 100644
index 8715b183d142b..6c77a9575dcb5 100644
--- a/services/core/java/com/android/server/pm/PackageInstallerService.java
+++ b/services/core/java/com/android/server/pm/PackageInstallerService.java
@@ -549,12 +549,17 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements
@@ -549,12 +549,17 @@ private int createSessionInternal(SessionParams params, String installerPackageN
params.appLabel = TextUtils.trimToSize(params.appLabel,
PackageItemInfo.MAX_SAFE_LABEL_LENGTH);

View File

@ -1,4 +1,4 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From 90f15826f146b6487064f3a680f129ea50c32f71 Mon Sep 17 00:00:00 2001
From: Dmitry Dementyev <dementyev@google.com>
Date: Tue, 2 Jul 2024 11:02:07 -0700
Subject: [PATCH] Remove authenticator data if it was disabled.
@ -15,10 +15,10 @@ Change-Id: I36bd6bf101da03c9c30a6d3c0080b801e7898bc6
1 file changed, 4 insertions(+)
diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java
index e8c8b32884e9..f99e82f74f6e 100644
index e8c8b32884e96..f99e82f74f6eb 100644
--- a/services/core/java/com/android/server/accounts/AccountManagerService.java
+++ b/services/core/java/com/android/server/accounts/AccountManagerService.java
@@ -1165,6 +1165,10 @@ public class AccountManagerService
@@ -1165,6 +1165,10 @@ private void validateAccountsInternal(
obsoleteAuthType.add(type);
// And delete it from the TABLE_META
accountsDb.deleteMetaByAuthTypeAndUid(type, uid);

View File

@ -1,4 +1,4 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From 52ea93cd8fc8e703ecbad0efef526cd3a7f17617 Mon Sep 17 00:00:00 2001
From: Jean-Michel Trivi <jmtrivi@google.com>
Date: Mon, 24 Jun 2024 17:29:14 -0700
Subject: [PATCH] RingtoneManager: allow video ringtone URI
@ -17,10 +17,10 @@ Change-Id: Iac9f27f14bae29e0fabc31e05da2357f6f4f16c7
2 files changed, 13 insertions(+), 6 deletions(-)
diff --git a/media/java/android/media/RingtoneManager.java b/media/java/android/media/RingtoneManager.java
index ad4751165d30..ea1cddca99d1 100644
index ad4751165d306..ea1cddca99d16 100644
--- a/media/java/android/media/RingtoneManager.java
+++ b/media/java/android/media/RingtoneManager.java
@@ -824,9 +824,13 @@ public class RingtoneManager {
@@ -824,9 +824,13 @@ public static void setActualDefaultRingtoneUri(Context context, int type, Uri ri
+ " ignored: failure to find mimeType (no access from this context?)");
return;
}
@ -37,10 +37,10 @@ index ad4751165d30..ea1cddca99d1 100644
}
}
diff --git a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
index 7cb41275984e..02165eb8a213 100644
index 7cb41275984e4..02165eb8a2137 100644
--- a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
+++ b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
@@ -1734,7 +1734,7 @@ public class SettingsProvider extends ContentProvider {
@@ -1734,7 +1734,7 @@ private boolean mutateSystemSetting(String name, String value, int runAsUserId,
cacheName = Settings.System.ALARM_ALERT_CACHE;
}
if (cacheName != null) {
@ -49,7 +49,7 @@ index 7cb41275984e..02165eb8a213 100644
return false;
}
final File cacheFile = new File(
@@ -1769,7 +1769,7 @@ public class SettingsProvider extends ContentProvider {
@@ -1769,7 +1769,7 @@ owningUserId, name, value, null, false, getCallingPackage(),
}
}
@ -58,7 +58,7 @@ index 7cb41275984e..02165eb8a213 100644
if (uri != null) {
Uri audioUri = Uri.parse(uri);
if (Settings.AUTHORITY.equals(
@@ -1787,10 +1787,13 @@ public class SettingsProvider extends ContentProvider {
@@ -1787,10 +1787,13 @@ private boolean isValidAudioUri(String name, String uri) {
return false;
}
if (!(mimeType.startsWith("audio/") || mimeType.equals("application/ogg")

View File

@ -0,0 +1,144 @@
From 0fd389af4bbeff48cfb1faff5a31803f55003514 Mon Sep 17 00:00:00 2001
From: Ioana Alexandru <aioana@google.com>
Date: Wed, 31 Jul 2024 13:46:30 +0000
Subject: [PATCH] Check more URIs in notifications
Bug: 281044385
Test: presubmit + tested in current release
(cherry picked from commit f47b41a138ebd60f7b518fb6a9d8aa8230488422,
includes changes from commit 57bf60dd7b6a0a0e9785231f8ec25a458fedde64
and commit 47fa2f79584b0a4e9ca7e9c6b237c4e5cf699032)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:e6ed8a4bef3ec5a2517fc80ac88e2fc09b67c226)
Merged-In: I1ce6bebd9452466d005505dc5b99a0fdc0e05e80
Change-Id: I1ce6bebd9452466d005505dc5b99a0fdc0e05e80
---
core/java/android/app/Notification.java | 34 +++++++++++------------
core/java/android/app/Person.java | 17 ++++++++++++
core/java/android/widget/RemoteViews.java | 7 +++++
3 files changed, 41 insertions(+), 17 deletions(-)
diff --git a/core/java/android/app/Notification.java b/core/java/android/app/Notification.java
index e7f226d091d6d..61a355ddbc77d 100644
--- a/core/java/android/app/Notification.java
+++ b/core/java/android/app/Notification.java
@@ -2486,29 +2486,22 @@ public void visitUris(@NonNull Consumer<Uri> visitor) {
ArrayList<Person> people = extras.getParcelableArrayList(EXTRA_PEOPLE_LIST);
if (people != null && !people.isEmpty()) {
for (Person p : people) {
- if (p.getIconUri() != null) {
- visitor.accept(p.getIconUri());
- }
+ p.visitUris(visitor);
}
}
// Extras for MessagingStyle. We visit them even if not isStyle(MessagingStyle), since
// Notification Listeners might use directly (without the isStyle check).
final Person person = extras.getParcelable(EXTRA_MESSAGING_PERSON);
- if (person != null && person.getIconUri() != null) {
- visitor.accept(person.getIconUri());
+ if (person != null) {
+ person.visitUris(visitor);
}
final Parcelable[] messages = extras.getParcelableArray(EXTRA_MESSAGES);
if (!ArrayUtils.isEmpty(messages)) {
for (MessagingStyle.Message message : MessagingStyle.Message
.getMessagesFromBundleArray(messages)) {
- visitor.accept(message.getDataUri());
-
- Person senderPerson = message.getSenderPerson();
- if (senderPerson != null && senderPerson.getIconUri() != null) {
- visitor.accept(senderPerson.getIconUri());
- }
+ message.visitUris(visitor);
}
}
@@ -2516,12 +2509,7 @@ public void visitUris(@NonNull Consumer<Uri> visitor) {
if (!ArrayUtils.isEmpty(historic)) {
for (MessagingStyle.Message message : MessagingStyle.Message
.getMessagesFromBundleArray(historic)) {
- visitor.accept(message.getDataUri());
-
- Person senderPerson = message.getSenderPerson();
- if (senderPerson != null && senderPerson.getIconUri() != null) {
- visitor.accept(senderPerson.getIconUri());
- }
+ message.visitUris(visitor);
}
}
}
@@ -7779,6 +7767,18 @@ static Bundle[] getBundleArrayForMessages(List<Message> messages) {
return bundles;
}
+ /**
+ * See {@link Notification#visitUris(Consumer)}.
+ *
+ * @hide
+ */
+ public void visitUris(@NonNull Consumer<Uri> visitor) {
+ visitor.accept(getDataUri());
+ if (mSender != null) {
+ mSender.visitUris(visitor);
+ }
+ }
+
/**
* @return A list of messages read from the bundles.
*
diff --git a/core/java/android/app/Person.java b/core/java/android/app/Person.java
index b5820ba70020c..f6b9054ef0cc5 100644
--- a/core/java/android/app/Person.java
+++ b/core/java/android/app/Person.java
@@ -24,6 +24,7 @@
import android.os.Parcelable;
import java.util.Objects;
+import java.util.function.Consumer;
/**
* Provides an immutable reference to an entity that appears repeatedly on different surfaces of the
@@ -176,6 +177,22 @@ public void writeToParcel(Parcel dest, @WriteFlags int flags) {
dest.writeBoolean(mIsBot);
}
+ /**
+ * Note all {@link Uri} that are referenced internally, with the expectation that Uri permission
+ * grants will need to be issued to ensure the recipient of this object is able to render its
+ * contents.
+ * See b/281044385 for more context and examples about what happens when this isn't done
+ * correctly.
+ *
+ * @hide
+ */
+ public void visitUris(@NonNull Consumer<Uri> visitor) {
+ visitor.accept(getIconUri());
+ if (mUri != null && !mUri.isEmpty()) {
+ visitor.accept(Uri.parse(mUri));
+ }
+ }
+
/** Builder for the immutable {@link Person} class. */
public static class Builder {
@Nullable private CharSequence mName;
diff --git a/core/java/android/widget/RemoteViews.java b/core/java/android/widget/RemoteViews.java
index c2e591950e25a..9f51fbf025700 100644
--- a/core/java/android/widget/RemoteViews.java
+++ b/core/java/android/widget/RemoteViews.java
@@ -761,6 +761,13 @@ public int getActionTag() {
return SET_REMOTE_VIEW_ADAPTER_LIST_TAG;
}
+ @Override
+ public void visitUris(@NonNull Consumer<Uri> visitor) {
+ for (RemoteViews remoteViews : list) {
+ remoteViews.visitUris(visitor);
+ }
+ }
+
int viewTypeCount;
ArrayList<RemoteViews> list;
}

View File

@ -0,0 +1,82 @@
From dcb0d9a1881ac39d3fb576c6af07b1f7dd1dc7e1 Mon Sep 17 00:00:00 2001
From: Puma Hsu <pumahsu@google.com>
Date: Mon, 9 Mar 2020 16:57:43 +0800
Subject: [PATCH] Fix function setting failed in Developer options
One can select USB function in Settings->System->
Developer options->Default USB configuration without
a cable connected, and the selected function will be
the default function after re-connecting. However, this
function might be restored to NONE due to ENUMERATION_TIMEOUT
if one selected the function without a cable connected.
When the device is not connected to a host, we should not
queue the ENUMERATION_TIMEOUT while switching function.
Fix it by checking connected status and also make it switch
to corresponding function if an user has selected one in the
Default USB configuration.
Bug: 150422683
Test: Switch functions from Default USB configuration for the
both cases cable connecting and disconnecting. And also try it
while there is the secure lock.
Signed-off-by: Puma Hsu <pumahsu@google.com>
Change-Id: I1933c098e47496b8d6813a5a4e295bcf12027401
---
.../com/android/server/usb/UsbDeviceManager.java | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/services/usb/java/com/android/server/usb/UsbDeviceManager.java b/services/usb/java/com/android/server/usb/UsbDeviceManager.java
index 434592f129b36..dd2198106b32b 100644
--- a/services/usb/java/com/android/server/usb/UsbDeviceManager.java
+++ b/services/usb/java/com/android/server/usb/UsbDeviceManager.java
@@ -461,7 +461,6 @@ private static void initRndisAddress() {
abstract static class UsbHandler extends Handler {
// current USB state
- private boolean mConnected;
private boolean mHostConnected;
private boolean mSourcePower;
private boolean mSinkPower;
@@ -489,6 +488,7 @@ abstract static class UsbHandler extends Handler {
private final UsbSettingsManager mSettingsManager;
private NotificationManager mNotificationManager;
+ protected boolean mConnected;
protected long mScreenUnlockedFunctions;
protected boolean mBootCompleted;
protected boolean mCurrentFunctionsApplied;
@@ -1834,7 +1834,8 @@ public void handleMessage(Message msg) {
case MSG_SET_FUNCTIONS_TIMEOUT:
Slog.e(TAG, "Set functions timed out! no reply from usb hal");
if (msg.arg1 != 1) {
- setEnabledFunctions(UsbManager.FUNCTION_NONE, false);
+ // Set this since default function may be selected from Developer options
+ setEnabledFunctions(mScreenUnlockedFunctions, false);
}
break;
case MSG_GET_CURRENT_USB_FUNCTIONS:
@@ -1856,7 +1857,8 @@ public void handleMessage(Message msg) {
* Dont force to default when the configuration is already set to default.
*/
if (msg.arg1 != 1) {
- setEnabledFunctions(UsbManager.FUNCTION_NONE, !isAdbEnabled());
+ // Set this since default function may be selected from Developer options
+ setEnabledFunctions(mScreenUnlockedFunctions, false);
}
break;
case MSG_GADGET_HAL_REGISTERED:
@@ -1957,8 +1959,11 @@ private void setUsbConfig(long config, boolean chargingFunctions) {
SET_FUNCTIONS_TIMEOUT_MS - SET_FUNCTIONS_LEEWAY_MS);
sendMessageDelayed(MSG_SET_FUNCTIONS_TIMEOUT, chargingFunctions,
SET_FUNCTIONS_TIMEOUT_MS);
- sendMessageDelayed(MSG_FUNCTION_SWITCH_TIMEOUT, chargingFunctions,
- SET_FUNCTIONS_TIMEOUT_MS + ENUMERATION_TIME_OUT_MS);
+ if (mConnected) {
+ // Only queue timeout of enumeration when the USB is connected
+ sendMessageDelayed(MSG_FUNCTION_SWITCH_TIMEOUT, chargingFunctions,
+ SET_FUNCTIONS_TIMEOUT_MS + ENUMERATION_TIME_OUT_MS);
+ }
if (DEBUG) Slog.d(TAG, "timeout message queued");
} catch (RemoteException e) {
Slog.e(TAG, "Remoteexception while calling setCurrentUsbFunctions", e);

View File

@ -0,0 +1,53 @@
From b798244c86fbd567b1a8ec17e9d267316be4b28e Mon Sep 17 00:00:00 2001
From: Ashish Kumar Gupta <kumarashishg@google.com>
Date: Wed, 31 Jul 2024 16:02:29 +0000
Subject: [PATCH] Set no data transfer on function switch timeout for accessory
mode
In case of function switch times out, we will check whether
the last function set was accessory. If this is the case, it is
recommended to set the function to NONE(No data transfer) rather than
setting it to the default USB function.
Bug: 353712853
Test: Build the code, flash the device and test it.
Test: atest CtsUsbManagerTestCases
Test: run CtsVerifier tool
Test: atest CtsUsbTests
(cherry picked from commit 7c6ec68537ba8abf798afd9ab7c3e5889841171f)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:b032a602cdad00687e1fe089d66a6c4fa6925d79)
Merged-In: I698e9df0333cbb51dd9bd5917a94d81273a2784a
Change-Id: I698e9df0333cbb51dd9bd5917a94d81273a2784a
---
.../java/com/android/server/usb/UsbDeviceManager.java | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/services/usb/java/com/android/server/usb/UsbDeviceManager.java b/services/usb/java/com/android/server/usb/UsbDeviceManager.java
index dd2198106b32b..19b86b21216a4 100644
--- a/services/usb/java/com/android/server/usb/UsbDeviceManager.java
+++ b/services/usb/java/com/android/server/usb/UsbDeviceManager.java
@@ -673,7 +673,7 @@ private void updateCurrentAccessory() {
}
}
- private void notifyAccessoryModeExit() {
+ protected void notifyAccessoryModeExit() {
// make sure accessory mode is off
// and restore default functions
Slog.d(TAG, "exited USB accessory mode");
@@ -1857,8 +1857,13 @@ public void handleMessage(Message msg) {
* Dont force to default when the configuration is already set to default.
*/
if (msg.arg1 != 1) {
- // Set this since default function may be selected from Developer options
- setEnabledFunctions(mScreenUnlockedFunctions, false);
+ if (mCurrentFunctions == UsbManager.FUNCTION_ACCESSORY) {
+ notifyAccessoryModeExit();
+ } else {
+ // Set this since default function may be selected from Developer
+ // options
+ setEnabledFunctions(mScreenUnlockedFunctions, false);
+ }
}
break;
case MSG_GADGET_HAL_REGISTERED:

View File

@ -1,4 +1,4 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From 07a25bc41ce0a6911255373e096a60f595aca8d8 Mon Sep 17 00:00:00 2001
From: lpeter <lpeter@google.com>
Date: Tue, 6 Aug 2024 09:22:12 +0000
Subject: [PATCH] Disallow device admin package and protected packages to be
@ -21,10 +21,10 @@ Change-Id: I4e913a12477fd4a64990033eaae533e30863e2a2
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index d27b5ad0d646..d304f29ec195 100644
index d27b5ad0d6464..d304f29ec1957 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -13666,6 +13666,9 @@ public class PackageManagerService extends IPackageManager.Stub
@@ -13666,6 +13666,9 @@ int installExistingPackageAsUser(@Nullable String packageName, @UserIdInt int us
(installFlags & PackageManager.INSTALL_INSTANT_APP) != 0;
final boolean fullApp =
(installFlags & PackageManager.INSTALL_FULL_APP) != 0;
@ -34,7 +34,7 @@ index d27b5ad0d646..d304f29ec195 100644
// writer
synchronized (mPackages) {
@@ -13673,7 +13676,8 @@ public class PackageManagerService extends IPackageManager.Stub
@@ -13673,7 +13676,8 @@ int installExistingPackageAsUser(@Nullable String packageName, @UserIdInt int us
if (pkgSetting == null) {
return PackageManager.INSTALL_FAILED_INVALID_URI;
}

View File

@ -1,4 +1,4 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From 3e0d2fe6c935a72da1862cb6c9010f7adc567f58 Mon Sep 17 00:00:00 2001
From: Ben Murdoch <benm@google.com>
Date: Fri, 30 Aug 2024 17:22:59 +0000
Subject: [PATCH] RESTRICT AUTOMERGE Clear app-provided shortcut icons
@ -18,10 +18,10 @@ Change-Id: If7e291eb2254c3cbec23673c65e7477e6ad45b09
2 files changed, 20 insertions(+), 2 deletions(-)
diff --git a/core/java/android/view/KeyboardShortcutInfo.java b/core/java/android/view/KeyboardShortcutInfo.java
index 2660e74dcb20..2075d77a9871 100644
index 2660e74dcb205..2075d77a9871e 100644
--- a/core/java/android/view/KeyboardShortcutInfo.java
+++ b/core/java/android/view/KeyboardShortcutInfo.java
@@ -29,7 +29,7 @@ import android.os.Parcelable;
@@ -29,7 +29,7 @@
*/
public final class KeyboardShortcutInfo implements Parcelable {
private final CharSequence mLabel;
@ -30,7 +30,7 @@ index 2660e74dcb20..2075d77a9871 100644
private final char mBaseCharacter;
private final int mKeycode;
private final int mModifiers;
@@ -115,6 +115,15 @@ public final class KeyboardShortcutInfo implements Parcelable {
@@ -115,6 +115,15 @@ public Icon getIcon() {
return mIcon;
}
@ -46,7 +46,7 @@ index 2660e74dcb20..2075d77a9871 100644
/**
* Returns the base keycode that, combined with the modifiers, triggers this shortcut. If the
* base character was set instead, returns {@link KeyEvent#KEYCODE_UNKNOWN}. Valid keycodes are
@@ -165,4 +174,4 @@ public final class KeyboardShortcutInfo implements Parcelable {
@@ -165,4 +174,4 @@ public KeyboardShortcutInfo[] newArray(int size) {
return new KeyboardShortcutInfo[size];
}
};
@ -54,10 +54,10 @@ index 2660e74dcb20..2075d77a9871 100644
\ No newline at end of file
+}
diff --git a/packages/SystemUI/src/com/android/systemui/statusbar/KeyboardShortcuts.java b/packages/SystemUI/src/com/android/systemui/statusbar/KeyboardShortcuts.java
index 7e6ddcfea762..cc373d3c8b0f 100644
index 7e6ddcfea7620..cc373d3c8b0f1 100644
--- a/packages/SystemUI/src/com/android/systemui/statusbar/KeyboardShortcuts.java
+++ b/packages/SystemUI/src/com/android/systemui/statusbar/KeyboardShortcuts.java
@@ -378,6 +378,7 @@ public final class KeyboardShortcuts {
@@ -378,6 +378,7 @@ private void showKeyboardShortcuts(int deviceId) {
@Override
public void onKeyboardShortcutsReceived(
final List<KeyboardShortcutGroup> result) {
@ -65,7 +65,7 @@ index 7e6ddcfea762..cc373d3c8b0f 100644
result.add(getSystemShortcuts());
final KeyboardShortcutGroup appShortcuts = getDefaultApplicationShortcuts();
if (appShortcuts != null) {
@@ -388,6 +389,14 @@ public final class KeyboardShortcuts {
@@ -388,6 +389,14 @@ public void onKeyboardShortcutsReceived(
}, deviceId);
}

View File

@ -1,7 +1,8 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From bc5e1e951c11a53149083c1b8a2dcc330c9a091d Mon Sep 17 00:00:00 2001
From: Nate Jiang <qiangjiang@google.com>
Date: Thu, 8 Aug 2024 18:13:39 +0000
Subject: [PATCH] Fix security issue by change the field in WifiConfig
Subject: [PATCH] [BACKPORT] Fix security issue by change the field in
WifiConfig
Flag: EXEMPT bugfix
Bug: 347912017
@ -13,14 +14,14 @@ Test: atest com.android.server.wifi
Merged-In: I8998340ae557660036895dd906808d682b83c6f0
Change-Id: I8998340ae557660036895dd906808d682b83c6f0
---
.../server/wifi/WifiConfigurationUtil.java | 72 ++++++++++++++++++-
1 file changed, 71 insertions(+), 1 deletion(-)
.../server/wifi/WifiConfigurationUtil.java | 73 ++++++++++++++++++-
1 file changed, 72 insertions(+), 1 deletion(-)
diff --git a/service/java/com/android/server/wifi/WifiConfigurationUtil.java b/service/java/com/android/server/wifi/WifiConfigurationUtil.java
index b8992a011..98d2cb31a 100644
index b8992a0119..4d484adfb6 100644
--- a/service/java/com/android/server/wifi/WifiConfigurationUtil.java
+++ b/service/java/com/android/server/wifi/WifiConfigurationUtil.java
@@ -82,6 +82,11 @@ public class WifiConfigurationUtil {
@@ -82,6 +82,12 @@ public class WifiConfigurationUtil {
private static final int SAE_ASCII_MIN_LEN = 1 + ENCLOSING_QUOTES_LEN;
private static final int PSK_SAE_ASCII_MAX_LEN = 63 + ENCLOSING_QUOTES_LEN;
private static final int PSK_SAE_HEX_LEN = 64;
@ -29,10 +30,11 @@ index b8992a011..98d2cb31a 100644
+ // BACKPORT
+ private static final int MAX_NUMBER_OF_OI = 36;
+ private static final long MAX_OI_VALUE = ((long) 1 << 40) - 1;
+
@VisibleForTesting
public static final String PASSWORD_MASK = "*";
private static final String MATCH_EMPTY_SSID_PATTERN_PATH = "";
@@ -688,7 +693,8 @@ public class WifiConfigurationUtil {
@@ -688,7 +694,8 @@ public static boolean validate(WifiConfiguration config, boolean isAdd) {
if (!validateSsid(config.SSID, isAdd)) {
return false;
}
@ -42,7 +44,7 @@ index b8992a011..98d2cb31a 100644
return false;
}
if (!validateBitSets(config)) {
@@ -697,6 +703,12 @@ public class WifiConfigurationUtil {
@@ -697,6 +704,12 @@ public static boolean validate(WifiConfiguration config, boolean isAdd) {
if (!validateKeyMgmt(config.allowedKeyManagement)) {
return false;
}
@ -55,7 +57,7 @@ index b8992a011..98d2cb31a 100644
if (config.allowedKeyManagement.get(WifiConfiguration.KeyMgmt.WPA_PSK)
&& !validatePassword(config.preSharedKey, isAdd, false)) {
return false;
@@ -732,6 +744,64 @@ public class WifiConfigurationUtil {
@@ -732,6 +745,64 @@ public static boolean validate(WifiConfiguration config, boolean isAdd) {
return true;
}

View File

@ -1,4 +1,4 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From abc51025abe483fa071a2e1a20db46341e59012b Mon Sep 17 00:00:00 2001
From: Almaz Mingaleev <mingaleev@google.com>
Date: Wed, 10 Jul 2024 13:38:35 +0100
Subject: [PATCH] Do not accept zip files with invalid headers.

View File

@ -1,7 +1,8 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From f9b4d83aff0d3dac5d73676b251fd1e14c5bf682 Mon Sep 17 00:00:00 2001
From: Himanshu Rawat <rwt@google.com>
Date: Mon, 8 Apr 2024 19:44:45 +0000
Subject: [PATCH] Disallow unexpected incoming HID connections 2/2
Subject: [PATCH] BACKPORT: RESTRICT AUTOMERGE Disallow unexpected incoming HID
connections 2/2
HID profile accepted any new incoming HID connection. Even when the
connection policy disabled HID connection, remote devices could initiate
@ -57,22 +58,22 @@ index 7838ff6ce..60fffc2f3 100644
{"virtualUnPlugNative", "([B)Z", (void*)virtualUnPlugNative},
{"setProtocolModeNative", "([BB)Z", (void*)setProtocolModeNative},
diff --git a/src/com/android/bluetooth/hid/HidHostService.java b/src/com/android/bluetooth/hid/HidHostService.java
index c378f8e89..fea167148 100644
index c378f8e89..d49edfa7a 100644
--- a/src/com/android/bluetooth/hid/HidHostService.java
+++ b/src/com/android/bluetooth/hid/HidHostService.java
@@ -157,7 +157,10 @@ public class HidHostService extends ProfileService {
@@ -157,7 +157,10 @@ public void handleMessage(Message msg) {
break;
case MESSAGE_DISCONNECT: {
BluetoothDevice device = (BluetoothDevice) msg.obj;
- if (!disconnectHidNative(Utils.getByteAddress(device))) {
+ int connectionPolicy = getPriority(device);
+ int priority = getPriority(device);
+ boolean reconnectAllowed =
+ connectionPolicy == BluetoothProfile.PRIORITY_ON;
+ priority == BluetoothProfile.PRIORITY_ON;
+ if (!disconnectHidNative(Utils.getByteAddress(device), reconnectAllowed)) {
broadcastConnectionState(device, BluetoothProfile.STATE_DISCONNECTING);
broadcastConnectionState(device, BluetoothProfile.STATE_DISCONNECTED);
break;
@@ -871,7 +874,7 @@ public class HidHostService extends ProfileService {
@@ -871,7 +874,7 @@ public void dump(StringBuilder sb) {
private native boolean connectHidNative(byte[] btAddress);

View File

@ -1,4 +1,4 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From 9702e2c9683d87d5bae2009d30bd13df12ae9dd6 Mon Sep 17 00:00:00 2001
From: Yiling Chuang <emilychuang@google.com>
Date: Mon, 8 Jul 2024 03:09:50 +0000
Subject: [PATCH] RESTRICT AUTOMERGE FRP bypass defense in App battery usage
@ -24,7 +24,7 @@ diff --git a/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetail.java b/
index e8d5f3330f2..d17642053e7 100644
--- a/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetail.java
+++ b/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetail.java
@@ -210,6 +210,11 @@ public class AdvancedPowerUsageDetail extends DashboardFragment implements
@@ -210,6 +210,11 @@ public void onResume() {
initPreference();
}
@ -40,7 +40,7 @@ diff --git a/tests/robotests/src/com/android/settings/fuelgauge/AdvancedPowerUsa
index 8eeac8d26b0..37fa511beeb 100644
--- a/tests/robotests/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetailTest.java
+++ b/tests/robotests/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetailTest.java
@@ -395,4 +395,9 @@ public class AdvancedPowerUsageDetailTest {
@@ -395,4 +395,9 @@ public void testInitPreference_hasCorrectSummary() {
assertThat(mForegroundPreference.getSummary().toString()).isEqualTo("Used for 0 min");
assertThat(mBackgroundPreference.getSummary().toString()).isEqualTo("Active for 0 min");
}

View File

@ -0,0 +1,42 @@
From 38f463ffa95d46bb7a56caefe12f7ed96adbf856 Mon Sep 17 00:00:00 2001
From: Anna Bauza <annabauza@google.com>
Date: Thu, 14 Nov 2024 18:58:26 +0100
Subject: [PATCH] [PATCH] fix: Security Report - Reveal images across users via
EditUserPhotoController
This functionality has implemented tests on t+ branches.
Bug: 296915959
Test: N/A
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:ae74e70c36ec027dd55164880d8b7225be4c85a3)
Merged-In: If79af734432b14be74815a47e1026dc8369a304f
Change-Id: If79af734432b14be74815a47e1026dc8369a304f
---
.../android/settings/users/EditUserPhotoController.java | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/com/android/settings/users/EditUserPhotoController.java b/src/com/android/settings/users/EditUserPhotoController.java
index f1831f7120b..d836d2687bc 100644
--- a/src/com/android/settings/users/EditUserPhotoController.java
+++ b/src/com/android/settings/users/EditUserPhotoController.java
@@ -18,6 +18,7 @@
import android.app.Activity;
import android.content.ClipData;
+import android.content.ContentProvider;
import android.content.ContentResolver;
import android.content.Context;
import android.content.Intent;
@@ -131,6 +132,12 @@ public boolean onActivityResult(int requestCode, int resultCode, Intent data) {
return false;
}
+ final int currentUserId = UserHandle.myUserId();
+ if (currentUserId != ContentProvider.getUserIdFromUri(pictureUri, currentUserId)) {
+ Log.e(TAG, "Invalid pictureUri: " + pictureUri);
+ return false;
+ }
+
switch (requestCode) {
case REQUEST_CODE_CROP_PHOTO:
onPhotoCropped(pictureUri, true);

View File

@ -1,4 +1,4 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From dc193083cea24f184921fbdd46383332f7b26d5a Mon Sep 17 00:00:00 2001
From: Adam Bookatz <bookatz@google.com>
Date: Mon, 22 Jul 2024 17:03:12 -0700
Subject: [PATCH] startActivityForResult with new Intent
@ -22,7 +22,7 @@ diff --git a/src/com/android/settings/users/AppRestrictionsFragment.java b/src/c
index 7cf46b69245..3f06e870a02 100644
--- a/src/com/android/settings/users/AppRestrictionsFragment.java
+++ b/src/com/android/settings/users/AppRestrictionsFragment.java
@@ -649,7 +649,7 @@ public class AppRestrictionsFragment extends SettingsPreferenceFragment implemen
@@ -649,7 +649,7 @@ public void onReceive(Context context, Intent intent) {
int requestCode = generateCustomActivityRequestCode(
RestrictionsResultReceiver.this.preference);
AppRestrictionsFragment.this.startActivityForResult(

View File

@ -1,7 +1,8 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From 99e4f13fcff7a6659d4575c904f3102aa7b4d9e3 Mon Sep 17 00:00:00 2001
From: Fan Wu <cechkahn@google.com>
Date: Mon, 22 Jul 2024 16:12:46 +0800
Subject: [PATCH] Checks cross user permission before handling intent
Subject: [PATCH] RESTRICT AUTOMERGE Checks cross user permission before
handling intent
Bug: 326057017
@ -17,10 +18,10 @@ Change-Id: I3444e55b22b7487f96b0e3e9deb3f844c4c4723a
1 file changed, 36 insertions(+), 2 deletions(-)
diff --git a/src/com/android/settings/applications/AppInfoBase.java b/src/com/android/settings/applications/AppInfoBase.java
index 71043400ff8..ef5297acaec 100644
index 71043400ff8..9d098000fbc 100644
--- a/src/com/android/settings/applications/AppInfoBase.java
+++ b/src/com/android/settings/applications/AppInfoBase.java
@@ -18,7 +18,9 @@ package com.android.settings.applications;
@@ -18,7 +18,9 @@
import static com.android.settingslib.RestrictedLockUtils.EnforcedAdmin;
@ -30,7 +31,7 @@ index 71043400ff8..ef5297acaec 100644
import android.app.Dialog;
import android.app.admin.DevicePolicyManager;
import android.app.settings.SettingsEnums;
@@ -38,6 +40,7 @@ import android.os.UserManager;
@@ -38,6 +40,7 @@
import android.text.TextUtils;
import android.util.Log;
@ -38,7 +39,7 @@ index 71043400ff8..ef5297acaec 100644
import androidx.appcompat.app.AlertDialog;
import androidx.fragment.app.DialogFragment;
import androidx.fragment.app.Fragment;
@@ -134,8 +137,13 @@ public abstract class AppInfoBase extends SettingsPreferenceFragment
@@ -134,8 +137,13 @@ protected String retrieveAppEntry() {
}
}
if (intent != null && intent.hasExtra(Intent.EXTRA_USER_HANDLE)) {
@ -46,7 +47,7 @@ index 71043400ff8..ef5297acaec 100644
- Intent.EXTRA_USER_HANDLE)).getIdentifier();
+ mUserId = ((UserHandle) intent.getParcelableExtra(Intent.EXTRA_USER_HANDLE))
+ .getIdentifier();
+ if (mUserId != UserHandle.myUserId() && !hasInteractAcrossUsersPerm()) {
+ if (mUserId != UserHandle.myUserId() && !hasInteractAcrossUsersPermission()) {
+ Log.w(TAG, "Intent not valid.");
+ finish();
+ return "";
@ -54,12 +55,12 @@ index 71043400ff8..ef5297acaec 100644
} else {
mUserId = UserHandle.myUserId();
}
@@ -158,6 +166,32 @@ public abstract class AppInfoBase extends SettingsPreferenceFragment
@@ -158,6 +166,32 @@ protected String retrieveAppEntry() {
return mPackageName;
}
+ @VisibleForTesting
+ protected boolean hasInteractAcrossUsersPerm() {
+ protected boolean hasInteractAcrossUsersPermission() {
+ Activity activity = getActivity();
+ if (activity == null) {
+ return false;

View File

@ -1,4 +1,4 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From 4a76c7fef797ae930db774cea0df8fecd6742a56 Mon Sep 17 00:00:00 2001
From: Omar Eissa <oeissa@google.com>
Date: Tue, 27 Aug 2024 13:24:21 +0000
Subject: [PATCH] Prevent apps from renaming files they don't own
@ -25,10 +25,10 @@ Change-Id: I91e9966c012fe292cebc0b544f77032613516fac
1 file changed, 2 insertions(+)
diff --git a/src/com/android/providers/media/MediaProvider.java b/src/com/android/providers/media/MediaProvider.java
index 4cd4452d0..6e9845fc6 100644
index 4cd4452d0..6e15836ce 100644
--- a/src/com/android/providers/media/MediaProvider.java
+++ b/src/com/android/providers/media/MediaProvider.java
@@ -4713,6 +4713,8 @@ public class MediaProvider extends ContentProvider {
@@ -4713,6 +4713,8 @@ && getCallingPackageTargetSdkVersion() <= Build.VERSION_CODES.Q) {
case VIDEO_MEDIA_ID:
case IMAGES_MEDIA_ID:
case DOWNLOADS_ID:

View File

@ -0,0 +1,49 @@
From ea63021fbc4a92554c11fc07f1ca7282b41e6641 Mon Sep 17 00:00:00 2001
From: Chris Manton <cmanton@google.com>
Date: Sun, 29 Nov 2020 17:05:05 -0800
Subject: [PATCH] Add privatize option for bluetooth addresses for logging
Toward loggable code
Bug: 163134718
Tag: #refactor
Test: gd/cert/run --host
Change-Id: Id568adb9f9497072a79100202501c4d207e40828
---
main/shim/dumpsys.h | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
create mode 100644 main/shim/dumpsys.h
diff --git a/main/shim/dumpsys.h b/main/shim/dumpsys.h
new file mode 100644
index 00000000000..0dc0bc2fd94
--- /dev/null
+++ b/main/shim/dumpsys.h
@@ -0,0 +1,26 @@
+/*
+ * Copyright 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <string>
+
+constexpr char kPrivateAddressPrefix[] = "xx:xx:xx:xx";
+#define PRIVATE_ADDRESS(addr) \
+ (addr.ToString() \
+ .replace(0, strlen(kPrivateAddressPrefix), kPrivateAddressPrefix) \
+ .c_str())
+

View File

@ -1,4 +1,4 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From b3e6c7b50e9df35dec9b5a00e6d9dccd51f9ebb2 Mon Sep 17 00:00:00 2001
From: Chris Manton <cmanton@google.com>
Date: Sun, 14 Mar 2021 09:52:19 -0700
Subject: [PATCH] Add btif/include/btif_hh::btif_hh_status_text
@ -16,7 +16,7 @@ Change-Id: Iab6a4f33a3e498c33f4870abc5abd59e073d03f2
1 file changed, 20 insertions(+), 1 deletion(-)
diff --git a/btif/include/btif_hh.h b/btif/include/btif_hh.h
index b71d347c1..f33598d2f 100644
index b71d347c1a7..f33598d2f19 100644
--- a/btif/include/btif_hh.h
+++ b/btif/include/btif_hh.h
@@ -46,7 +46,7 @@

View File

@ -1,7 +1,7 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From 26c752cae91c2483bdbc16c49d5f62dffb4a784a Mon Sep 17 00:00:00 2001
From: Himanshu Rawat <rwt@google.com>
Date: Mon, 8 Apr 2024 19:42:21 +0000
Subject: [PATCH] Disallow unexpected incoming HID connections 1/2
Subject: [PATCH] [BACKPORT] Disallow unexpected incoming HID connections 1/2
HID profile accepted any new incoming HID connection. Even when the
connection policy disabled HID connection, remote devices could initiate
@ -21,13 +21,13 @@ Change-Id: I6e9db983e752dd498625078c13b736cd4c668806
---
btif/include/btif_hh.h | 4 +-
btif/include/btif_storage.h | 23 ++++++++++
btif/src/btif_hh.cc | 86 ++++++++++++++++++++++++++++++++++---
btif/src/btif_storage.cc | 53 ++++++++++++++++++++++-
btif/src/btif_hh.cc | 87 ++++++++++++++++++++++++++++++++++---
btif/src/btif_storage.cc | 53 +++++++++++++++++++++-
include/hardware/bt_hh.h | 2 +-
5 files changed, 160 insertions(+), 8 deletions(-)
5 files changed, 161 insertions(+), 8 deletions(-)
diff --git a/btif/include/btif_hh.h b/btif/include/btif_hh.h
index f33598d2f..f93341d89 100644
index f33598d2f19..f93341d89f1 100644
--- a/btif/include/btif_hh.h
+++ b/btif/include/btif_hh.h
@@ -97,6 +97,7 @@ typedef struct {
@ -49,7 +49,7 @@ index f33598d2f..f93341d89 100644
extern void btif_hh_disconnect(RawAddress* bd_addr);
extern void btif_hh_setreport(btif_hh_device_t* p_dev,
diff --git a/btif/include/btif_storage.h b/btif/include/btif_storage.h
index 1c1163d14..362ffdc21 100644
index 1c1163d1428..362ffdc21bb 100644
--- a/btif/include/btif_storage.h
+++ b/btif/include/btif_storage.h
@@ -178,6 +178,29 @@ bt_status_t btif_storage_remove_bonded_device(const RawAddress* remote_bd_addr);
@ -83,10 +83,18 @@ index 1c1163d14..362ffdc21 100644
*
* Function btif_storage_add_hid_device_info
diff --git a/btif/src/btif_hh.cc b/btif/src/btif_hh.cc
index 5c57ee80c..b29b6773e 100644
index 5c57ee80c7a..50ea2d4e386 100644
--- a/btif/src/btif_hh.cc
+++ b/btif/src/btif_hh.cc
@@ -338,6 +338,24 @@ btif_hh_device_t* btif_hh_find_connected_dev_by_handle(uint8_t handle) {
@@ -42,6 +42,7 @@
#include "btif_storage.h"
#include "btif_util.h"
#include "l2c_api.h"
+#include "main/shim/dumpsys.h"
#include "osi/include/log.h"
#include "osi/include/osi.h"
@@ -338,6 +339,24 @@ btif_hh_device_t* btif_hh_find_connected_dev_by_handle(uint8_t handle) {
return NULL;
}
@ -111,7 +119,7 @@ index 5c57ee80c..b29b6773e 100644
/*******************************************************************************
*
* Function btif_hh_find_dev_by_bda
@@ -423,7 +441,8 @@ void btif_hh_start_vup_timer(const RawAddress* bd_addr) {
@@ -423,7 +442,8 @@ void btif_hh_start_vup_timer(const RawAddress* bd_addr) {
*
* Returns true if add successfully, otherwise false.
******************************************************************************/
@ -121,7 +129,7 @@ index 5c57ee80c..b29b6773e 100644
int i;
for (i = 0; i < BTIF_HH_MAX_ADDED_DEV; i++) {
if (btif_hh_cb.added_devices[i].bd_addr == bda) {
@@ -437,6 +456,7 @@ bool btif_hh_add_added_dev(const RawAddress& bda, tBTA_HH_ATTR_MASK attr_mask) {
@@ -437,6 +457,7 @@ bool btif_hh_add_added_dev(const RawAddress& bda, tBTA_HH_ATTR_MASK attr_mask) {
btif_hh_cb.added_devices[i].bd_addr = bda;
btif_hh_cb.added_devices[i].dev_handle = BTA_HH_INVALID_HANDLE;
btif_hh_cb.added_devices[i].attr_mask = attr_mask;
@ -129,7 +137,7 @@ index 5c57ee80c..b29b6773e 100644
return true;
}
}
@@ -715,6 +735,23 @@ void btif_hh_getreport(btif_hh_device_t* p_dev, bthh_report_type_t r_type,
@@ -715,6 +736,23 @@ void btif_hh_getreport(btif_hh_device_t* p_dev, bthh_report_type_t r_type,
*
****************************************************************************/
@ -138,11 +146,11 @@ index 5c57ee80c..b29b6773e 100644
+ * outgoing connection was requested */
+ btif_hh_added_device_t* added_dev = btif_hh_find_added_dev(bda);
+ if (added_dev != nullptr && added_dev->reconnect_allowed) {
+ LOG_VERBOSE(LOG_TAG, "Connection allowed %s", bda.ToString().c_str());
+ LOG_VERBOSE(LOG_TAG, "Connection allowed %s", PRIVATE_ADDRESS(bda));
+ return true;
+ } else if (btif_hh_cb.pending_conn_address == bda) {
+ LOG_VERBOSE(LOG_TAG, "Device connection was pending for: %s, status: %s",
+ bda.ToString().c_str(),
+ PRIVATE_ADDRESS(bda),
+ btif_hh_status_text(btif_hh_cb.status).c_str());
+ return true;
+ }
@ -153,7 +161,7 @@ index 5c57ee80c..b29b6773e 100644
/*******************************************************************************
*
* Function btif_hh_upstreams_evt
@@ -773,9 +810,26 @@ static void btif_hh_upstreams_evt(uint16_t event, char* p_param) {
@@ -773,9 +811,26 @@ static void btif_hh_upstreams_evt(uint16_t event, char* p_param) {
p_data->status);
break;
@ -164,7 +172,7 @@ index 5c57ee80c..b29b6773e 100644
+
+ if (!btif_hh_connection_allowed(p_data->conn.bda)) {
+ LOG_WARN(LOG_TAG, "Reject Incoming HID Connection, device: %s",
+ p_data->conn.bda.ToString().c_str());
+ PRIVATE_ADDRESS(p_data->conn.bda));
+ btif_hh_device_t* p_dev =
+ btif_hh_find_connected_dev_by_handle(p_data->conn.handle);
+ if (p_dev != nullptr) {
@ -181,7 +189,7 @@ index 5c57ee80c..b29b6773e 100644
btif_hh_cb.pending_conn_address = RawAddress::kEmpty;
if (p_data->conn.status == BTA_HH_OK) {
p_dev = btif_hh_find_connected_dev_by_handle(p_data->conn.handle);
@@ -834,6 +888,7 @@ static void btif_hh_upstreams_evt(uint16_t event, char* p_param) {
@@ -834,6 +889,7 @@ static void btif_hh_upstreams_evt(uint16_t event, char* p_param) {
btif_hh_cb.status = (BTIF_HH_STATUS)BTIF_HH_DEV_DISCONNECTED;
}
break;
@ -189,7 +197,7 @@ index 5c57ee80c..b29b6773e 100644
case BTA_HH_CLOSE_EVT:
BTIF_TRACE_DEBUG("BTA_HH_CLOSE_EVT: status = %d, handle = %d",
@@ -986,7 +1041,7 @@ static void btif_hh_upstreams_evt(uint16_t event, char* p_param) {
@@ -986,7 +1042,7 @@ static void btif_hh_upstreams_evt(uint16_t event, char* p_param) {
p_data->dscp_info.version,
p_data->dscp_info.ctry_code, len,
p_data->dscp_info.descriptor.dsc_list);
@ -198,7 +206,7 @@ index 5c57ee80c..b29b6773e 100644
tBTA_HH_DEV_DSCP_INFO dscp_info;
bt_status_t ret;
btif_hh_copy_hid_info(&dscp_info, &p_data->dscp_info);
@@ -1002,6 +1057,8 @@ static void btif_hh_upstreams_evt(uint16_t event, char* p_param) {
@@ -1002,6 +1058,8 @@ static void btif_hh_upstreams_evt(uint16_t event, char* p_param) {
p_data->dscp_info.ssr_min_tout, len,
p_data->dscp_info.descriptor.dsc_list);
@ -207,7 +215,7 @@ index 5c57ee80c..b29b6773e 100644
ASSERTC(ret == BT_STATUS_SUCCESS, "storing hid info failed", ret);
BTIF_TRACE_WARNING("BTA_HH_GET_DSCP_EVT: Called add device");
@@ -1283,6 +1340,13 @@ static bt_status_t init(bthh_callbacks_t* callbacks) {
@@ -1283,6 +1341,13 @@ static bt_status_t init(bthh_callbacks_t* callbacks) {
******************************************************************************/
static bt_status_t connect(RawAddress* bd_addr) {
if (btif_hh_cb.status != BTIF_HH_DEV_CONNECTING) {
@ -221,7 +229,7 @@ index 5c57ee80c..b29b6773e 100644
btif_transfer_context(btif_hh_handle_evt, BTIF_HH_CONNECT_REQ_EVT,
(char*)bd_addr, sizeof(RawAddress), NULL);
return BT_STATUS_SUCCESS;
@@ -1299,7 +1363,7 @@ static bt_status_t connect(RawAddress* bd_addr) {
@@ -1299,7 +1364,7 @@ static bt_status_t connect(RawAddress* bd_addr) {
* Returns bt_status_t
*
******************************************************************************/
@ -230,14 +238,14 @@ index 5c57ee80c..b29b6773e 100644
CHECK_BTHH_INIT();
BTIF_TRACE_EVENT("BTHH: %s", __func__);
btif_hh_device_t* p_dev;
@@ -1309,6 +1373,17 @@ static bt_status_t disconnect(RawAddress* bd_addr) {
@@ -1309,6 +1374,17 @@ static bt_status_t disconnect(RawAddress* bd_addr) {
btif_hh_cb.status);
return BT_STATUS_FAIL;
}
+
+ if (!reconnect_allowed) {
+ LOG_INFO(LOG_TAG, "Incoming reconnections disabled for device %s",
+ bd_addr->ToString().c_str());
+ PRIVATE_ADDRESS((*bd_addr)));
+ btif_hh_added_device_t* added_dev = btif_hh_find_added_dev(*bd_addr);
+ if (added_dev != nullptr && added_dev->reconnect_allowed) {
+ added_dev->reconnect_allowed = false;
@ -248,7 +256,7 @@ index 5c57ee80c..b29b6773e 100644
p_dev = btif_hh_find_connected_dev_by_bda(*bd_addr);
if (p_dev != NULL) {
return btif_transfer_context(btif_hh_handle_evt, BTIF_HH_DISCONNECT_REQ_EVT,
@@ -1440,9 +1515,10 @@ static bt_status_t set_info(RawAddress* bd_addr, bthh_hid_info_t hid_info) {
@@ -1440,9 +1516,10 @@ static bt_status_t set_info(RawAddress* bd_addr, bthh_hid_info_t hid_info) {
(uint8_t*)osi_malloc(dscp_info.descriptor.dl_len);
memcpy(dscp_info.descriptor.dsc_list, &(hid_info.dsc_list), hid_info.dl_len);
@ -261,7 +269,7 @@ index 5c57ee80c..b29b6773e 100644
osi_free_and_reset((void**)&dscp_info.descriptor.dsc_list);
diff --git a/btif/src/btif_storage.cc b/btif/src/btif_storage.cc
index 200ea2c4e..ecbf2b50a 100644
index 200ea2c4e42..ecbf2b50aea 100644
--- a/btif/src/btif_storage.cc
+++ b/btif/src/btif_storage.cc
@@ -89,6 +89,8 @@ using bluetooth::Uuid;
@ -347,7 +355,7 @@ index 200ea2c4e..ecbf2b50a 100644
return BT_STATUS_SUCCESS;
}
diff --git a/include/hardware/bt_hh.h b/include/hardware/bt_hh.h
index b87b129bb..923c62792 100644
index b87b129bb12..923c6279216 100644
--- a/include/hardware/bt_hh.h
+++ b/include/hardware/bt_hh.h
@@ -154,7 +154,7 @@ typedef struct {

View File

@ -1,7 +1,7 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From 6365a211cfc7a25ba9bcd9fbb65a5becc8fa17cf Mon Sep 17 00:00:00 2001
From: Himanshu Rawat <rwt@google.com>
Date: Mon, 8 Apr 2024 19:44:45 +0000
Subject: [PATCH] RESTRICT AUTOMERGE Disallow unexpected incoming HID
Subject: [PATCH] BACKPORT: RESTRICT AUTOMERGE Disallow unexpected incoming HID
connections 2/2
HID profile accepted any new incoming HID connection. Even when the
@ -59,34 +59,34 @@ index b8f4d6530..e4c885b3e 100644
{"virtualUnPlugNative", "([B)Z", (void*)virtualUnPlugNative},
{"setProtocolModeNative", "([BB)Z", (void*)setProtocolModeNative},
diff --git a/src/com/android/bluetooth/hid/HidHostService.java b/src/com/android/bluetooth/hid/HidHostService.java
index bbde61948..a830d07e1 100644
index bbde61948..63f0bc9a9 100644
--- a/src/com/android/bluetooth/hid/HidHostService.java
+++ b/src/com/android/bluetooth/hid/HidHostService.java
@@ -156,7 +156,10 @@ public class HidHostService extends ProfileService {
@@ -156,7 +156,10 @@ public void handleMessage(Message msg) {
break;
case MESSAGE_DISCONNECT: {
BluetoothDevice device = (BluetoothDevice) msg.obj;
- if (!disconnectHidNative(Utils.getByteAddress(device))) {
+ int connectionPolicy = getPriority(device);
+ int priority = getPriority(device);
+ boolean reconnectAllowed =
+ connectionPolicy == BluetoothProfile.PRIORITY_ON;
+ priority == BluetoothProfile.PRIORITY_ON;
+ if (!disconnectHidNative(Utils.getByteAddress(device), reconnectAllowed)) {
broadcastConnectionState(device, BluetoothProfile.STATE_DISCONNECTING);
broadcastConnectionState(device, BluetoothProfile.STATE_DISCONNECTED);
break;
@@ -181,7 +184,10 @@ public class HidHostService extends ProfileService {
@@ -181,7 +184,10 @@ public void handleMessage(Message msg) {
Log.d(TAG, "Incoming HID connection rejected");
}
if (disconnectRemote(device)) {
- disconnectHidNative(Utils.getByteAddress(device));
+ int connectionPolicy = getPriority(device);
+ int priority = getPriority(device);
+ boolean reconnectAllowed =
+ connectionPolicy == BluetoothProfile.PRIORITY_ON;
+ priority == BluetoothProfile.PRIORITY_ON;
+ disconnectHidNative(Utils.getByteAddress(device), reconnectAllowed);
} else {
virtualUnPlugNative(Utils.getByteAddress(device));
}
@@ -906,7 +912,7 @@ public class HidHostService extends ProfileService {
@@ -906,7 +912,7 @@ public void dump(StringBuilder sb) {
private native boolean connectHidNative(byte[] btAddress);

View File

@ -0,0 +1,49 @@
From 41e0ee3735cdd68949edbedf5ff4fd16f8496b73 Mon Sep 17 00:00:00 2001
From: Chris Manton <cmanton@google.com>
Date: Sun, 29 Nov 2020 17:05:05 -0800
Subject: [PATCH] Add privatize option for bluetooth addresses for logging
Toward loggable code
Bug: 163134718
Tag: #refactor
Test: gd/cert/run --host
Change-Id: Id568adb9f9497072a79100202501c4d207e40828
---
main/shim/dumpsys.h | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
create mode 100644 main/shim/dumpsys.h
diff --git a/main/shim/dumpsys.h b/main/shim/dumpsys.h
new file mode 100644
index 000000000..0dc0bc2fd
--- /dev/null
+++ b/main/shim/dumpsys.h
@@ -0,0 +1,26 @@
+/*
+ * Copyright 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <string>
+
+constexpr char kPrivateAddressPrefix[] = "xx:xx:xx:xx";
+#define PRIVATE_ADDRESS(addr) \
+ (addr.ToString() \
+ .replace(0, strlen(kPrivateAddressPrefix), kPrivateAddressPrefix) \
+ .c_str())
+

View File

@ -1,4 +1,4 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From 322c9005d55c5648cd1e6a2cfd25e45d6da73562 Mon Sep 17 00:00:00 2001
From: Chris Manton <cmanton@google.com>
Date: Sun, 14 Mar 2021 09:52:19 -0700
Subject: [PATCH] Add btif/include/btif_hh::btif_hh_status_text

View File

@ -1,4 +1,4 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From 70750edace71473e69cca83023972066e8233d2e Mon Sep 17 00:00:00 2001
From: Himanshu Rawat <rwt@google.com>
Date: Mon, 8 Apr 2024 19:42:21 +0000
Subject: [PATCH] RESTRICT AUTOMERGE Disallow unexpected incoming HID
@ -29,7 +29,7 @@ Change-Id: I6e9db983e752dd498625078c13b736cd4c668806
5 files changed, 160 insertions(+), 8 deletions(-)
diff --git a/btif/include/btif_hh.h b/btif/include/btif_hh.h
index 98dc33383..2aa03fddc 100644
index 98dc33383d..2aa03fddc9 100644
--- a/btif/include/btif_hh.h
+++ b/btif/include/btif_hh.h
@@ -113,6 +113,7 @@ typedef struct {
@ -51,7 +51,7 @@ index 98dc33383..2aa03fddc 100644
extern void btif_hh_disconnect(RawAddress* bd_addr);
extern void btif_hh_service_registration(bool enable);
diff --git a/btif/include/btif_storage.h b/btif/include/btif_storage.h
index b1ada4db6..a32b7b8ff 100755
index b1ada4db61..a32b7b8ffc 100755
--- a/btif/include/btif_storage.h
+++ b/btif/include/btif_storage.h
@@ -201,6 +201,29 @@ bt_status_t btif_storage_is_device_bonded(RawAddress *remote_bd_addr);
@ -85,7 +85,7 @@ index b1ada4db6..a32b7b8ff 100755
*
* Function btif_storage_add_hid_device_info
diff --git a/btif/src/btif_hh.cc b/btif/src/btif_hh.cc
index b5135ff2f..0d184a646 100644
index b5135ff2fe..0d184a6465 100644
--- a/btif/src/btif_hh.cc
+++ b/btif/src/btif_hh.cc
@@ -340,6 +340,24 @@ btif_hh_device_t* btif_hh_find_connected_dev_by_handle(uint8_t handle) {
@ -263,7 +263,7 @@ index b5135ff2f..0d184a646 100644
osi_free_and_reset((void**)&dscp_info.descriptor.dsc_list);
diff --git a/btif/src/btif_storage.cc b/btif/src/btif_storage.cc
index a62d9da6d..db2091d9c 100644
index a62d9da6d3..db2091d9cf 100644
--- a/btif/src/btif_storage.cc
+++ b/btif/src/btif_storage.cc
@@ -91,6 +91,8 @@ using bluetooth::Uuid;
@ -349,7 +349,7 @@ index a62d9da6d..db2091d9c 100644
return BT_STATUS_SUCCESS;
}
diff --git a/include/hardware/bt_hh.h b/include/hardware/bt_hh.h
index c39e3e5b8..c1247cb1c 100644
index c39e3e5b8a..c1247cb1c7 100644
--- a/include/hardware/bt_hh.h
+++ b/include/hardware/bt_hh.h
@@ -151,7 +151,7 @@ typedef struct {

View File

@ -174,7 +174,7 @@ git fetch https://github.com/LineageOS/android_external_pdfium refs/changes/15/3
fi;
if enterAndClear "external/skia"; then
applyPatch "$DOS_PATCHES/android_external_skia/408442.patch"; #R_asb_2024-11 Avoid potential overflow when allocating 3D mask from emboss filter
applyPatch "$DOS_PATCHES/android_external_skia/410984.patch"; #Q_asb_2024-11 Avoid potential overflow when allocating 3D mask from emboss filter
fi;
if enterAndClear "external/sonivox"; then
@ -332,13 +332,16 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/402604.patch"; #Q_asb_2024-08 B
applyPatch "$DOS_PATCHES/android_frameworks_base/402605.patch"; #Q_asb_2024-08 Restrict USB poups while setup is in progress
applyPatch "$DOS_PATCHES/android_frameworks_base/402606.patch"; #Q_asb_2024-08 Hide SAW subwindows
applyPatch "$DOS_PATCHES/android_frameworks_base/403301.patch"; #Q_asb_2024-09 Sanitized uri scheme by removing scheme delimiter
applyPatch "$DOS_PATCHES/android_frameworks_base/405515.patch"; #R_asb_2024-10 Update AccountManagerService checkKeyIntent.
applyPatch "$DOS_PATCHES/android_frameworks_base/405516.patch"; #R_asb_2024-10 Fail parseUri if end is missing
applyPatch "$DOS_PATCHES/android_frameworks_base/405518.patch"; #R_asb_2024-10 Check whether installerPackageName contains only valid characters
applyPatch "$DOS_PATCHES/android_frameworks_base/408443.patch"; #R_asb_2024-11 Remove authenticator data if it was disabled.
applyPatch "$DOS_PATCHES/android_frameworks_base/408444.patch"; #R_asb_2024-11 RingtoneManager: allow video ringtone URI
applyPatch "$DOS_PATCHES/android_frameworks_base/408446-backport.patch"; #R_asb_2024-11 Disallow device admin package and protected packages to be reinstalled as instant.
applyPatch "$DOS_PATCHES/android_frameworks_base/408447.patch"; #R_asb_2024-11 Clear app-provided shortcut icons
applyPatch "$DOS_PATCHES/android_frameworks_base/408524.patch"; #Q_asb_2024-10 Update AccountManagerService checkKeyIntent.
applyPatch "$DOS_PATCHES/android_frameworks_base/408525.patch"; #Q_asb_2024-10 Fail parseUri if end is missing
applyPatch "$DOS_PATCHES/android_frameworks_base/408526.patch"; #Q_asb_2024-10 Check whether installerPackageName contains only valid characters
applyPatch "$DOS_PATCHES/android_frameworks_base/410985.patch"; #Q_asb_2024-11 Remove authenticator data if it was disabled.
applyPatch "$DOS_PATCHES/android_frameworks_base/410986.patch"; #Q_asb_2024-11 RingtoneManager: allow video ringtone URI
applyPatch "$DOS_PATCHES/android_frameworks_base/410987.patch"; #Q_asb_2024-11 Check more URIs in notifications
applyPatch "$DOS_PATCHES/android_frameworks_base/410988.patch"; #Q_asb_2024-11 Fix function setting failed in Developer options
applyPatch "$DOS_PATCHES/android_frameworks_base/410989.patch"; #Q_asb_2024-11 Set no data transfer on function switch timeout for accessory mode
applyPatch "$DOS_PATCHES/android_frameworks_base/410990.patch"; #Q_asb_2024-11 Disallow device admin package and protected packages to be reinstalled as instant.
applyPatch "$DOS_PATCHES/android_frameworks_base/410991.patch"; #Q_asb_2024-11 Clear app-provided shortcut icons
#applyPatch "$DOS_PATCHES/android_frameworks_base/272645.patch"; #ten-bt-sbc-hd-dualchannel: Add CHANNEL_MODE_DUAL_CHANNEL constant (ValdikSS)
#applyPatch "$DOS_PATCHES/android_frameworks_base/272646-forwardport.patch"; #ten-bt-sbc-hd-dualchannel: Add Dual Channel into Bluetooth Audio Channel Mode developer options menu (ValdikSS)
#applyPatch "$DOS_PATCHES/android_frameworks_base/272647.patch"; #ten-bt-sbc-hd-dualchannel: Allow SBC as HD audio codec in Bluetooth device configuration (ValdikSS)
@ -415,7 +418,7 @@ if enterAndClear "frameworks/opt/net/wifi"; then
applyPatch "$DOS_PATCHES/android_frameworks_opt_net_wifi/352562.patch"; #Q_asb_2023-03 Revert "wifi: remove certificates for network factory reset"
applyPatch "$DOS_PATCHES/android_frameworks_opt_net_wifi/355360.patch"; #Q_asb_2023-04 Revert "Revert "wifi: remove certificates for network factory reset""
applyPatch "$DOS_PATCHES/android_frameworks_opt_net_wifi/378139.patch"; #Q_asb_2023-07 Limit the number of Passpoint per App
applyPatch "$DOS_PATCHES/android_frameworks_opt_net_wifi/408452-backport.patch"; #R_asb_2024-11 Fix security issue by change the field in WifiConfig
applyPatch "$DOS_PATCHES/android_frameworks_opt_net_wifi/410992.patch"; #Q_asb_2024-11 Fix security issue by change the field in WifiConfig
applyPatch "$DOS_PATCHES/android_frameworks_opt_net_wifi/0001-constify_JNINativeMethod.patch"; #Constify JNINativeMethod tables (GrapheneOS)
applyPatch "$DOS_PATCHES/android_frameworks_opt_net_wifi/0002-Random_MAC.patch"; #Add support for always generating new random MAC (GrapheneOS)
fi;
@ -462,7 +465,7 @@ applyPatch "$DOS_PATCHES/android_hardware_qcom_audio/0001-Unused-sm8150.patch";
fi;
if enterAndClear "libcore"; then
applyPatch "$DOS_PATCHES/android_libcore/405541.patch"; #R_asb_2024-10 Do not accept zip files with invalid headers.
applyPatch "$DOS_PATCHES/android_libcore/408527.patch"; #Q_asb_2024-10 Do not accept zip files with invalid headers.
applyPatch "$DOS_PATCHES/android_libcore/0001-Exec_Based_Spawning-1.patch"; #Add exec-based spawning support (GrapheneOS)
applyPatch "$DOS_PATCHES/android_libcore/0001-Exec_Based_Spawning-2.patch";
applyPatch "$DOS_PATCHES/android_libcore/0003-Network_Permission.patch"; #Expose the NETWORK permission (GrapheneOS)
@ -476,7 +479,7 @@ fi;
if enterAndClear "packages/apps/Bluetooth"; then
applyPatch "$DOS_PATCHES/android_packages_apps_Bluetooth/378135.patch"; #Q_asb_2023-12 Fix UAF in ~CallbackEnv
applyPatch "$DOS_PATCHES/android_packages_apps_Bluetooth/405835-backport.patch"; #P_asb_2024-10 Disallow unexpected incoming HID connections 2/2
applyPatch "$DOS_PATCHES/android_packages_apps_Bluetooth/408528.patch"; #Q_asb_2024-10 Disallow unexpected incoming HID connections 2/2
#applyPatch "$DOS_PATCHES/android_packages_apps_Bluetooth/272652.patch"; #ten-bt-sbc-hd-dualchannel: SBC Dual Channel (SBC HD Audio) support (ValdikSS)
#applyPatch "$DOS_PATCHES/android_packages_apps_Bluetooth/272653.patch"; #ten-bt-sbc-hd-dualchannel: Assume optional codecs are supported if were supported previously (ValdikSS)
applyPatch "$DOS_PATCHES/android_packages_apps_Bluetooth/0001-constify_JNINativeMethod.patch"; #Constify JNINativeMethod tables (GrapheneOS)
@ -542,9 +545,10 @@ applyPatch "$DOS_PATCHES/android_packages_apps_Settings/403302.patch"; #Q_asb_20
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/403303.patch"; #Q_asb_2024-09 Replace getCallingActivity() with getLaunchedFromPackage()
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/403304.patch"; #Q_asb_2024-09 Ignore fragment attr from ext authenticator resource
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/403305.patch"; #Q_asb_2024-09 Restrict Settings Homepage prior to provisioning
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/405534.patch"; #R_asb_2024-10 FRP bypass defense in App battery usage page
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/408450.patch"; #R_asb_2024-11 startActivityForResult with new Intent
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/408451.patch"; #R_asb_2024-11 Checks cross user permission before handling intent
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/408529.patch"; #Q_asb_2024-10 FRP bypass defense in App battery usage page
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/410993.patch"; #Q_asb_2024-11 fix: Security Report - Reveal images across users via EditUserPhotoController
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/410994.patch"; #Q_asb_2024-11 startActivityForResult with new Intent
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/410995.patch"; #Q_asb_2024-11 Checks cross user permission before handling intent
git revert --no-edit 486980cfecce2ca64267f41462f9371486308e9d; #Don't hide OEM unlock
#applyPatch "$DOS_PATCHES/android_packages_apps_Settings/272651.patch"; #ten-bt-sbc-hd-dualchannel: Add Dual Channel into Bluetooth Audio Channel Mode developer options menu (ValdikSS)
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969)
@ -612,7 +616,7 @@ applyPatch "$DOS_PATCHES/android_packages_providers_MediaProvider/355362.patch";
applyPatch "$DOS_PATCHES/android_packages_providers_MediaProvider/378137.patch"; #Q_asb_2023-09 Canonicalize file path for insertion by legacy apps
applyPatch "$DOS_PATCHES/android_packages_providers_MediaProvider/378138.patch"; #Q_asb_2023-10 Fix path traversal vulnerabilities in MediaProvider
applyPatch "$DOS_PATCHES/android_packages_providers_MediaProvider/399090.patch"; #Q_asb_2024-07 Prevent insertion in other users storage volumes
applyPatch "$DOS_PATCHES/android_packages_providers_MediaProvider/408453-backport.patch"; #R_asb_2024-11
applyPatch "$DOS_PATCHES/android_packages_providers_MediaProvider/410996.patch"; #Q_asb_2024-11 Prevent apps from renaming files they don't own
fi;
if enterAndClear "packages/providers/TelephonyProvider"; then
@ -686,8 +690,9 @@ applyPatch "$DOS_PATCHES/android_system_bt/403314.patch"; #Q_asb_2024-09 Use btm
applyPatch "$DOS_PATCHES/android_system_bt/403315.patch"; #Q_asb_2024-09 Add support for checking security downgrade
applyPatch "$DOS_PATCHES/android_system_bt/403316.patch"; #Q_asb_2024-09 Disallow connect with Secure Connections downgrade
applyPatch "$DOS_PATCHES/android_system_bt/403317.patch"; #Q_asb_2024-09 Disallow connect with key length downgrade
applyPatch "$DOS_PATCHES/android_system_bt/405536.patch"; #R_asb_2024-10 Add btif/include/btif_hh::btif_hh_status_text
applyPatch "$DOS_PATCHES/android_system_bt/405834-backport.patch"; #P_asb_2024-10 Disallow unexpected incoming HID connections 1/2
applyPatch "$DOS_PATCHES/android_system_bt/408530.patch"; #Q_asb_2024-10 Add privatize option for bluetooth addresses for logging
applyPatch "$DOS_PATCHES/android_system_bt/408531.patch"; #Q_asb_2024-10 Add btif/include/btif_hh::btif_hh_status_text
applyPatch "$DOS_PATCHES/android_system_bt/408532.patch"; #Q_asb_2024-10 Disallow unexpected incoming HID connections 1/2
applyPatch "$DOS_PATCHES_COMMON/android_system_bt/0001-alloc_size.patch"; #Add alloc_size attributes to the allocator (GrapheneOS)
#applyPatch "$DOS_PATCHES/android_system_bt/272648.patch"; #ten-bt-sbc-hd-dualchannel: Increase maximum Bluetooth SBC codec bitrate for SBC HD (ValdikSS)
#applyPatch "$DOS_PATCHES/android_system_bt/272649.patch"; #ten-bt-sbc-hd-dualchannel: Explicit SBC Dual Channel (SBC HD) support (ValdikSS)
@ -769,7 +774,8 @@ fi;
if enterAndClear "vendor/qcom/opensource/commonsys/packages/apps/Bluetooth"; then
applyPatch "$DOS_PATCHES/android_vendor_qcom_opensource_packages_apps_Bluetooth/378136.patch"; #Q_asb_2023-12 Fix UAF in ~CallbackEnv
applyPatch "$DOS_PATCHES/android_vendor_qcom_opensource_packages_apps_Bluetooth/405585-backport.patch"; #R_asb_2024-10 Disallow unexpected incoming HID connections 2/2
applyPatch "$DOS_PATCHES/android_vendor_qcom_opensource_packages_apps_Bluetooth/408533.patch"; #Q_asb_2024-10 Disallow unexpected incoming HID connections 2/2
fi;
if enterAndClear "vendor/qcom/opensource/commonsys/system/bt"; then
@ -812,8 +818,9 @@ applyPatch "$DOS_PATCHES/android_vendor_qcom_opensource_system_bt/403324.patch";
applyPatch "$DOS_PATCHES/android_vendor_qcom_opensource_system_bt/403325.patch"; #Q_asb_2024-09 Add support for checking security downgrade
applyPatch "$DOS_PATCHES/android_vendor_qcom_opensource_system_bt/403326.patch"; #Q_asb_2024-09 Disallow connect with Secure Connections downgrade
applyPatch "$DOS_PATCHES/android_vendor_qcom_opensource_system_bt/403327.patch"; #Q_asb_2024-09 Disallow connect with key length downgrade
applyPatch "$DOS_PATCHES/android_vendor_qcom_opensource_system_bt/405583.patch"; #R_asb_2024-10 Add btif/include/btif_hh::btif_hh_status_text
applyPatch "$DOS_PATCHES/android_vendor_qcom_opensource_system_bt/405584.patch"; #R_asb_2024-10 Disallow unexpected incoming HID connections 1/2
applyPatch "$DOS_PATCHES/android_vendor_qcom_opensource_system_bt/408535.patch"; #Q_asb_2024-10 Add privatize option for bluetooth addresses for logging
applyPatch "$DOS_PATCHES/android_vendor_qcom_opensource_system_bt/408535.patch"; #Q_asb_2024-10 Add btif/include/btif_hh::btif_hh_status_text
applyPatch "$DOS_PATCHES/android_vendor_qcom_opensource_system_bt/408536.patch"; #Q_asb_2024-10 Disallow unexpected incoming HID connections 1/2
fi;
if enterAndClear "vendor/lineage"; then