Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2024-06-26 14:42:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Cherrypicks and CVE-2019-2306 patching

Browse Source
This commit is contained in:
Tad 2021-01-06 13:41:41 -05:00
parent e557ca3710
commit 42b94605f8
17 changed files with 611 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
Patches/Common/android_hardware_qcom_display/CVE-2019-2306-apq8084.patch Normal file
View File

@ -0,0 +1,52 @@
From c2dd39ba6cca75e0a0582f61f784a9432d47ec65 Mon Sep 17 00:00:00 2001
From: Subash Chander <subash@codeaurora.org>
Date: Thu, 24 Jan 2019 15:33:57 +0530
Subject: [PATCH] Gralloc: Validate buffer parameters during importBuffer call
Validate buffer parameters like numInts, numFds, version etc of buffer
handle while importing the buffer
CRs-Fixed: 2337383
Change-Id: Ia1cb1cf05d845b5ef5b2feb476c2c924fa3bbf17
Signed-off-by: Subash Chander <subash@codeaurora.org>
---
libgralloc/gralloc_priv.h | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/libgralloc/gralloc_priv.h b/libgralloc/gralloc_priv.h
index a2c71a420..53c1c056e 100644
--- a/libgralloc/gralloc_priv.h
+++ b/libgralloc/gralloc_priv.h
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2008 The Android Open Source Project
- * Copyright (c) 2011-2014, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2011-2014, 2019 The Linux Foundation. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -257,16 +257,16 @@ struct private_handle_t : public native_handle {
static int validate(const native_handle* h) {
const private_handle_t* hnd = (const private_handle_t*)h;
if (!h || h->version != sizeof(native_handle) ||
- h->numInts != sNumInts || h->numFds != sNumFds ||
- hnd->magic != sMagic)
- {
+ h->numInts != sNumInts || h->numFds != sNumFds) {
ALOGD("Invalid gralloc handle (at %p): "
- "ver(%d/%zu) ints(%d/%d) fds(%d/%d)"
- "magic(%c%c%c%c/%c%c%c%c)",
- h,
- h ? h->version : -1, sizeof(native_handle),
+ "ver(%d/%zu) ints(%d/%d) fds(%d/%d)",
+ h, h ? h->version : -1, sizeof(native_handle),
h ? h->numInts : -1, sNumInts,
- h ? h->numFds : -1, sNumFds,
+ h ? h->numFds : -1, sNumFds);
+ return -EINVAL;
+ }
+ if (hnd->magic != sMagic) {
+ ALOGD("magic(%c%c%c%c/%c%c%c%c)",
hnd ? (((hnd->magic >> 24) & 0xFF)?
((hnd->magic >> 24) & 0xFF) : '-') : '?',
hnd ? (((hnd->magic >> 16) & 0xFF)?

52
Patches/Common/android_hardware_qcom_display/CVE-2019-2306-msm8084.patch Normal file
View File

@ -0,0 +1,52 @@
From 69876c188bfc98081a46423f1285ff9dbee39e00 Mon Sep 17 00:00:00 2001
From: Subash Chander <subash@codeaurora.org>
Date: Thu, 24 Jan 2019 15:33:57 +0530
Subject: [PATCH] Gralloc: Validate buffer parameters during importBuffer call
Validate buffer parameters like numInts, numFds, version etc of buffer
handle while importing the buffer
CRs-Fixed: 2337383
Change-Id: Ia1cb1cf05d845b5ef5b2feb476c2c924fa3bbf17
Signed-off-by: Subash Chander <subash@codeaurora.org>
---
libgralloc/gralloc_priv.h | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/libgralloc/gralloc_priv.h b/libgralloc/gralloc_priv.h
index a2c71a420..53c1c056e 100644
--- a/libgralloc/gralloc_priv.h
+++ b/libgralloc/gralloc_priv.h
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2008 The Android Open Source Project
- * Copyright (c) 2011-2014, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2011-2014, 2019 The Linux Foundation. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -257,16 +257,16 @@ struct private_handle_t : public native_handle {
static int validate(const native_handle* h) {
const private_handle_t* hnd = (const private_handle_t*)h;
if (!h || h->version != sizeof(native_handle) ||
- h->numInts != sNumInts || h->numFds != sNumFds ||
- hnd->magic != sMagic)
- {
+ h->numInts != sNumInts || h->numFds != sNumFds) {
ALOGD("Invalid gralloc handle (at %p): "
- "ver(%d/%zu) ints(%d/%d) fds(%d/%d)"
- "magic(%c%c%c%c/%c%c%c%c)",
- h,
- h ? h->version : -1, sizeof(native_handle),
+ "ver(%d/%zu) ints(%d/%d) fds(%d/%d)",
+ h, h ? h->version : -1, sizeof(native_handle),
h ? h->numInts : -1, sNumInts,
- h ? h->numFds : -1, sNumFds,
+ h ? h->numFds : -1, sNumFds);
+ return -EINVAL;
+ }
+ if (hnd->magic != sMagic) {
+ ALOGD("magic(%c%c%c%c/%c%c%c%c)",
hnd ? (((hnd->magic >> 24) & 0xFF)?
((hnd->magic >> 24) & 0xFF) : '-') : '?',
hnd ? (((hnd->magic >> 16) & 0xFF)?

52
Patches/Common/android_hardware_qcom_display/CVE-2019-2306-msm8916.patch Normal file
View File

@ -0,0 +1,52 @@
From 2facb060edd926529c0da4a6c653ca48d1904fca Mon Sep 17 00:00:00 2001
From: Subash Chander <subash@codeaurora.org>
Date: Thu, 24 Jan 2019 15:33:57 +0530
Subject: [PATCH] Gralloc: Validate buffer parameters during importBuffer call
Validate buffer parameters like numInts, numFds, version etc of buffer
handle while importing the buffer
CRs-Fixed: 2337383
Change-Id: Ia1cb1cf05d845b5ef5b2feb476c2c924fa3bbf17
Signed-off-by: Subash Chander <subash@codeaurora.org>
---
libgralloc/gralloc_priv.h | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/libgralloc/gralloc_priv.h b/libgralloc/gralloc_priv.h
index f13a3d179..66c72713e 100644
--- a/libgralloc/gralloc_priv.h
+++ b/libgralloc/gralloc_priv.h
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2008 The Android Open Source Project
- * Copyright (c) 2011-2014, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2011-2014, 2019 The Linux Foundation. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -266,16 +266,16 @@ struct private_handle_t : public native_handle {
static int validate(const native_handle* h) {
const private_handle_t* hnd = (const private_handle_t*)h;
if (!h || h->version != sizeof(native_handle) ||
- h->numInts != sNumInts() || h->numFds != sNumFds ||
- hnd->magic != sMagic)
- {
+ h->numInts != sNumInts() || h->numFds != sNumFds) {
ALOGD("Invalid gralloc handle (at %p): "
- "ver(%d/%zu) ints(%d/%d) fds(%d/%d)"
- "magic(%c%c%c%c/%c%c%c%c)",
- h,
- h ? h->version : -1, sizeof(native_handle),
+ "ver(%d/%zu) ints(%d/%d) fds(%d/%d)",
+ h, h ? h->version : -1, sizeof(native_handle),
h ? h->numInts : -1, sNumInts(),
- h ? h->numFds : -1, sNumFds,
+ h ? h->numFds : -1, sNumFds);
+ return -EINVAL;
+ }
+ if (hnd->magic != sMagic) {
+ ALOGD("magic(%c%c%c%c/%c%c%c%c)",
hnd ? (((hnd->magic >> 24) & 0xFF)?
((hnd->magic >> 24) & 0xFF) : '-') : '?',
hnd ? (((hnd->magic >> 16) & 0xFF)?

52
Patches/Common/android_hardware_qcom_display/CVE-2019-2306-msm8952.patch Normal file
View File

@ -0,0 +1,52 @@
From 156bf96e589f40654249da8804786cd7da4646bd Mon Sep 17 00:00:00 2001
From: Subash Chander <subash@codeaurora.org>
Date: Thu, 24 Jan 2019 15:33:57 +0530
Subject: [PATCH] Gralloc: Validate buffer parameters during importBuffer call
Validate buffer parameters like numInts, numFds, version etc of buffer
handle while importing the buffer
CRs-Fixed: 2337383
Change-Id: Ia1cb1cf05d845b5ef5b2feb476c2c924fa3bbf17
Signed-off-by: Subash Chander <subash@codeaurora.org>
---
libgralloc/gralloc_priv.h | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/libgralloc/gralloc_priv.h b/libgralloc/gralloc_priv.h
index 026d5c01a..d20e146cf 100755
--- a/libgralloc/gralloc_priv.h
+++ b/libgralloc/gralloc_priv.h
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2008 The Android Open Source Project
- * Copyright (c) 2011-2015, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2011-2015, 2019 The Linux Foundation. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -270,16 +270,16 @@ struct private_handle_t : public native_handle {
static int validate(const native_handle* h) {
const private_handle_t* hnd = (const private_handle_t*)h;
if (!h || h->version != sizeof(native_handle) ||
- h->numInts != sNumInts() || h->numFds != sNumFds ||
- hnd->magic != sMagic)
- {
+ h->numInts != sNumInts() || h->numFds != sNumFds) {
ALOGD("Invalid gralloc handle (at %p): "
- "ver(%d/%zu) ints(%d/%d) fds(%d/%d)"
- "magic(%c%c%c%c/%c%c%c%c)",
- h,
- h ? h->version : -1, sizeof(native_handle),
+ "ver(%d/%zu) ints(%d/%d) fds(%d/%d)",
+ h, h ? h->version : -1, sizeof(native_handle),
h ? h->numInts : -1, sNumInts(),
- h ? h->numFds : -1, sNumFds,
+ h ? h->numFds : -1, sNumFds);
+ return -EINVAL;
+ }
+ if (hnd->magic != sMagic) {
+ ALOGD("magic(%c%c%c%c/%c%c%c%c)",
hnd ? (((hnd->magic >> 24) & 0xFF)?
((hnd->magic >> 24) & 0xFF) : '-') : '?',
hnd ? (((hnd->magic >> 16) & 0xFF)?

51
Patches/Common/android_hardware_qcom_display/CVE-2019-2306-msm8960.patch Normal file
View File

@ -0,0 +1,51 @@
From d3ed71555814de17fc7d1a9f8a8a1f2af5c21c08 Mon Sep 17 00:00:00 2001
From: Subash Chander <subash@codeaurora.org>
Date: Thu, 24 Jan 2019 15:33:57 +0530
Subject: [PATCH] Gralloc: Validate buffer parameters during importBuffer call
Validate buffer parameters like numInts, numFds, version etc of buffer
handle while importing the buffer
CRs-Fixed: 2337383
Change-Id: Ia1cb1cf05d845b5ef5b2feb476c2c924fa3bbf17
Signed-off-by: Subash Chander <subash@codeaurora.org>
---
libgralloc/gralloc_priv.h | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/libgralloc/gralloc_priv.h b/libgralloc/gralloc_priv.h
index 323cc7ac3..99d6b0f96 100644
--- a/libgralloc/gralloc_priv.h
+++ b/libgralloc/gralloc_priv.h
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2008 The Android Open Source Project
- * Copyright (c) 2011-2013, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2011-2013, 2019 The Linux Foundation. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -227,15 +227,16 @@ struct private_handle_t : public native_handle {
static int validate(const native_handle* h) {
const private_handle_t* hnd = (const private_handle_t*)h;
if (!h || h->version != sizeof(native_handle) ||
- h->numInts != sNumInts || h->numFds != sNumFds ||
- hnd->magic != sMagic)
- {
+ h->numInts != sNumInts || h->numFds != sNumFds) {
ALOGD("Invalid gralloc handle (at %p): "
- "ver(%d/%d) ints(%d/%d) fds(%d/%d) magic(%c%c%c%c/%c%c%c%c)",
- h,
- h ? h->version : -1, sizeof(native_handle),
+ "ver(%d/%zu) ints(%d/%d) fds(%d/%d)",
+ h, h ? h->version : -1, sizeof(native_handle),
h ? h->numInts : -1, sNumInts,
- h ? h->numFds : -1, sNumFds,
+ h ? h->numFds : -1, sNumFds);
+ return -EINVAL;
+ }
+ if (hnd->magic != sMagic) {
+ ALOGD("magic(%c%c%c%c/%c%c%c%c)",
hnd ? (((hnd->magic >> 24) & 0xFF)?
((hnd->magic >> 24) & 0xFF) : '-') : '?',
hnd ? (((hnd->magic >> 16) & 0xFF)?

51
Patches/Common/android_hardware_qcom_display/CVE-2019-2306-msm8974.patch Normal file
View File

@ -0,0 +1,51 @@
From dea61e5f9e37af2341e0f43db3b853c2309cb572 Mon Sep 17 00:00:00 2001
From: Subash Chander <subash@codeaurora.org>
Date: Thu, 24 Jan 2019 15:33:57 +0530
Subject: [PATCH] Gralloc: Validate buffer parameters during importBuffer call
Validate buffer parameters like numInts, numFds, version etc of buffer
handle while importing the buffer
CRs-Fixed: 2337383
Change-Id: Ia1cb1cf05d845b5ef5b2feb476c2c924fa3bbf17
Signed-off-by: Subash Chander <subash@codeaurora.org>
---
libgralloc/gralloc_priv.h | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/libgralloc/gralloc_priv.h b/libgralloc/gralloc_priv.h
index 7a021c6c5..cd7b350c1 100644
--- a/libgralloc/gralloc_priv.h
+++ b/libgralloc/gralloc_priv.h
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2008 The Android Open Source Project
- * Copyright (c) 2011-2013, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2011-2013, 2019 The Linux Foundation. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -215,15 +215,16 @@ struct private_handle_t : public native_handle {
static int validate(const native_handle* h) {
const private_handle_t* hnd = (const private_handle_t*)h;
if (!h || h->version != sizeof(native_handle) ||
- h->numInts != sNumInts || h->numFds != sNumFds ||
- hnd->magic != sMagic)
- {
+ h->numInts != sNumInts || h->numFds != sNumFds) {
ALOGD("Invalid gralloc handle (at %p): "
- "ver(%d/%d) ints(%d/%d) fds(%d/%d) magic(%c%c%c%c/%c%c%c%c)",
- h,
- h ? h->version : -1, sizeof(native_handle),
+ "ver(%d/%zu) ints(%d/%d) fds(%d/%d)",
+ h, h ? h->version : -1, sizeof(native_handle),
h ? h->numInts : -1, sNumInts,
- h ? h->numFds : -1, sNumFds,
+ h ? h->numFds : -1, sNumFds);
+ return -EINVAL;
+ }
+ if (hnd->magic != sMagic) {
+ ALOGD("magic(%c%c%c%c/%c%c%c%c)",
hnd ? (((hnd->magic >> 24) & 0xFF)?
((hnd->magic >> 24) & 0xFF) : '-') : '?',
hnd ? (((hnd->magic >> 16) & 0xFF)?

52
Patches/Common/android_hardware_qcom_display/CVE-2019-2306-msm8994.patch Normal file
View File

@ -0,0 +1,52 @@
From e03048729ee817b0769ba883e94f2c1e744842de Mon Sep 17 00:00:00 2001
From: Subash Chander <subash@codeaurora.org>
Date: Thu, 24 Jan 2019 15:33:57 +0530
Subject: [PATCH] Gralloc: Validate buffer parameters during importBuffer call
Validate buffer parameters like numInts, numFds, version etc of buffer
handle while importing the buffer
CRs-Fixed: 2337383
Change-Id: Ia1cb1cf05d845b5ef5b2feb476c2c924fa3bbf17
Signed-off-by: Subash Chander <subash@codeaurora.org>
---
libgralloc/gralloc_priv.h | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/libgralloc/gralloc_priv.h b/libgralloc/gralloc_priv.h
index 0080230f6..609ad68d0 100755
--- a/libgralloc/gralloc_priv.h
+++ b/libgralloc/gralloc_priv.h
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2008 The Android Open Source Project
- * Copyright (c) 2011-2015, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2011-2015, 2019 The Linux Foundation. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -261,16 +261,16 @@ struct private_handle_t : public native_handle {
static int validate(const native_handle* h) {
const private_handle_t* hnd = (const private_handle_t*)h;
if (!h || h->version != sizeof(native_handle) ||
- h->numInts != sNumInts() || h->numFds != sNumFds ||
- hnd->magic != sMagic)
- {
+ h->numInts != sNumInts() || h->numFds != sNumFds) {
ALOGD("Invalid gralloc handle (at %p): "
- "ver(%d/%zu) ints(%d/%d) fds(%d/%d)"
- "magic(%c%c%c%c/%c%c%c%c)",
- h,
- h ? h->version : -1, sizeof(native_handle),
+ "ver(%d/%zu) ints(%d/%d) fds(%d/%d)",
+ h, h ? h->version : -1, sizeof(native_handle),
h ? h->numInts : -1, sNumInts(),
- h ? h->numFds : -1, sNumFds,
+ h ? h->numFds : -1, sNumFds);
+ return -EINVAL;
+ }
+ if (hnd->magic != sMagic) {
+ ALOGD("magic(%c%c%c%c/%c%c%c%c)",
hnd ? (((hnd->magic >> 24) & 0xFF)?
((hnd->magic >> 24) & 0xFF) : '-') : '?',
hnd ? (((hnd->magic >> 16) & 0xFF)?

68
Patches/Common/android_hardware_qcom_display/CVE-2019-2306-msm8996.patch Normal file
View File

@ -0,0 +1,68 @@
From 4c333adc34682eb156c33b9c9a59a54e1a72d931 Mon Sep 17 00:00:00 2001
From: Ramkumar Radhakrishnan <ramkumar@codeaurora.org>
Date: Thu, 20 Sep 2018 13:17:36 -0700
Subject: [PATCH] Gralloc: Validate buffer parameters during importBuffer call
Validate buffer parameters like numInts, numFds, version etc of buffer
handle while importing the buffer
Change-Id: Ia1cb1cf05d845b5ef5b2feb476c2c924fa3bbf17
CRs-Fixed: 2337383
---
gralloc/gr_buf_mgr.cpp | 6 +++++-
gralloc/gr_priv_handle.h | 14 ++++++++------
2 files changed, 13 insertions(+), 7 deletions(-)
diff --git a/gralloc/gr_buf_mgr.cpp b/gralloc/gr_buf_mgr.cpp
index af0018a93..f3c96c999 100644
--- a/gralloc/gr_buf_mgr.cpp
+++ b/gralloc/gr_buf_mgr.cpp
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2011-2018 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2011-2019 The Linux Foundation. All rights reserved.
* Not a Contribution
*
* Copyright (C) 2010 The Android Open Source Project
@@ -227,6 +227,10 @@ void BufferManager::RegisterHandleLocked(const private_handle_t *hnd,
}
gralloc1_error_t BufferManager::ImportHandleLocked(private_handle_t *hnd) {
+ if (private_handle_t::validate(hnd) != 0) {
+ ALOGE("ImportHandleLocked: Invalid handle: %p", hnd);
+ return GRALLOC1_ERROR_BAD_HANDLE;
+ }
ALOGD_IF(DEBUG, "Importing handle:%p id: %" PRIu64, hnd, hnd->id);
int ion_handle = allocator_->ImportBuffer(hnd->fd);
if (ion_handle < 0) {
diff --git a/gralloc/gr_priv_handle.h b/gralloc/gr_priv_handle.h
index e4b521c95..2acb16cc4 100644
--- a/gralloc/gr_priv_handle.h
+++ b/gralloc/gr_priv_handle.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2011-2018, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2011-2019, The Linux Foundation. All rights reserved.
* Not a Contribution
*
* Copyright (C) 2008 The Android Open Source Project
@@ -154,12 +154,14 @@ struct private_handle_t {
static int validate(const native_handle *h) {
const private_handle_t *hnd = (const private_handle_t *)h;
if (!h || h->version != sizeof(native_handle) || h->numInts != NumInts() ||
- h->numFds != kNumFds || hnd->magic != kMagic) {
- ALOGE(
- "Invalid gralloc handle (at %p): ver(%d/%zu) ints(%d/%d) fds(%d/%d) "
- "magic(%c%c%c%c/%c%c%c%c)",
+ h->numFds != kNumFds) {
+ ALOGE("Invalid gralloc handle (at %p): ver(%d/%zu) ints(%d/%d) fds(%d/%d) ",
h, h ? h->version : -1, sizeof(native_handle), h ? h->numInts : -1, NumInts(),
- h ? h->numFds : -1, kNumFds,
+ h ? h->numFds : -1, kNumFds);
+ return -EINVAL;
+ }
+ if (hnd->magic != kMagic) {
+ ALOGE("magic(%c%c%c%c/%c%c%c%c)",
hnd ? (((hnd->magic >> 24) & 0xFF) ? ((hnd->magic >> 24) & 0xFF) : '-') : '?',
hnd ? (((hnd->magic >> 16) & 0xFF) ? ((hnd->magic >> 16) & 0xFF) : '-') : '?',
hnd ? (((hnd->magic >> 8) & 0xFF) ? ((hnd->magic >> 8) & 0xFF) : '-') : '?',

68
Patches/Common/android_hardware_qcom_display/CVE-2019-2306-msm8998.patch Normal file
View File

@ -0,0 +1,68 @@
From 63a4f959f0062a618ee0f513f3f05964b9f054d0 Mon Sep 17 00:00:00 2001
From: Ramkumar Radhakrishnan <ramkumar@codeaurora.org>
Date: Thu, 20 Sep 2018 13:17:36 -0700
Subject: [PATCH] Gralloc: Validate buffer parameters during importBuffer call
Validate buffer parameters like numInts, numFds, version etc of buffer
handle while importing the buffer
Change-Id: Ia1cb1cf05d845b5ef5b2feb476c2c924fa3bbf17
CRs-Fixed: 2337383
---
gralloc/gr_buf_mgr.cpp | 6 +++++-
gralloc/gr_priv_handle.h | 14 ++++++++------
2 files changed, 13 insertions(+), 7 deletions(-)
diff --git a/gralloc/gr_buf_mgr.cpp b/gralloc/gr_buf_mgr.cpp
index af0018a93..f3c96c999 100644
--- a/gralloc/gr_buf_mgr.cpp
+++ b/gralloc/gr_buf_mgr.cpp
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2011-2018 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2011-2019 The Linux Foundation. All rights reserved.
* Not a Contribution
*
* Copyright (C) 2010 The Android Open Source Project
@@ -227,6 +227,10 @@ void BufferManager::RegisterHandleLocked(const private_handle_t *hnd,
}
gralloc1_error_t BufferManager::ImportHandleLocked(private_handle_t *hnd) {
+ if (private_handle_t::validate(hnd) != 0) {
+ ALOGE("ImportHandleLocked: Invalid handle: %p", hnd);
+ return GRALLOC1_ERROR_BAD_HANDLE;
+ }
ALOGD_IF(DEBUG, "Importing handle:%p id: %" PRIu64, hnd, hnd->id);
int ion_handle = allocator_->ImportBuffer(hnd->fd);
if (ion_handle < 0) {
diff --git a/gralloc/gr_priv_handle.h b/gralloc/gr_priv_handle.h
index e4b521c95..2acb16cc4 100644
--- a/gralloc/gr_priv_handle.h
+++ b/gralloc/gr_priv_handle.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2011-2018, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2011-2019, The Linux Foundation. All rights reserved.
* Not a Contribution
*
* Copyright (C) 2008 The Android Open Source Project
@@ -154,12 +154,14 @@ struct private_handle_t {
static int validate(const native_handle *h) {
const private_handle_t *hnd = (const private_handle_t *)h;
if (!h || h->version != sizeof(native_handle) || h->numInts != NumInts() ||
- h->numFds != kNumFds || hnd->magic != kMagic) {
- ALOGE(
- "Invalid gralloc handle (at %p): ver(%d/%zu) ints(%d/%d) fds(%d/%d) "
- "magic(%c%c%c%c/%c%c%c%c)",
+ h->numFds != kNumFds) {
+ ALOGE("Invalid gralloc handle (at %p): ver(%d/%zu) ints(%d/%d) fds(%d/%d) ",
h, h ? h->version : -1, sizeof(native_handle), h ? h->numInts : -1, NumInts(),
- h ? h->numFds : -1, kNumFds,
+ h ? h->numFds : -1, kNumFds);
+ return -EINVAL;
+ }
+ if (hnd->magic != kMagic) {
+ ALOGE("magic(%c%c%c%c/%c%c%c%c)",
hnd ? (((hnd->magic >> 24) & 0xFF) ? ((hnd->magic >> 24) & 0xFF) : '-') : '?',
hnd ? (((hnd->magic >> 16) & 0xFF) ? ((hnd->magic >> 16) & 0xFF) : '-') : '?',
hnd ? (((hnd->magic >> 8) & 0xFF) ? ((hnd->magic >> 8) & 0xFF) : '-') : '?',

2
Scripts/LineageOS-14.1/Functions.sh
View File

@ -120,7 +120,7 @@ patchWorkspace() {
source build/envsetup.sh;
repopick -it n_asb_09-2018-qcom;
#repopick -it bt-sbc-hd-dualchannel-nougat;
repopick -it ibss-mode-nougat;
repopick -it n-asb-2021-01;
export DOS_GRAPHENE_MALLOC=false; #patches apply, compile fails

26
Scripts/LineageOS-14.1/Patch.sh
View File

@ -122,6 +122,32 @@ enterAndClear "hardware/ti/wlan";
git apply "$DOS_PATCHES/android_hardware_ti_wlan/209209.patch"; #wl12xx: Update SR and MR firmwares versions
git apply "$DOS_PATCHES/android_hardware_ti_wlan/209210.patch"; #wl12xx: Update SR PLT firmwares
enterAndClear "hardware/qcom/display";
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8084.patch" --directory msm8084;
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8916.patch" --directory msm8226;
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8960.patch" --directory msm8960;
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8974.patch" --directory msm8974;
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8994.patch" --directory msm8994;
#missing msm8909, msm8996, msm8998
enterAndClear "hardware/qcom/display-caf/apq8084";
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-apq8084.patch";
enterAndClear "hardware/qcom/display-caf/msm8916";
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8916.patch";
enterAndClear "hardware/qcom/display-caf/msm8952";
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8952.patch";
enterAndClear "hardware/qcom/display-caf/msm8960";
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8960.patch";
enterAndClear "hardware/qcom/display-caf/msm8974";
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8974.patch";
enterAndClear "hardware/qcom/display-caf/msm8994";
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8994.patch";
enterAndClear "hardware/qcom/gps";
git apply "$DOS_PATCHES/android_hardware_qcom_gps/0001-rollover.patch"; #fix week rollover

4
Scripts/LineageOS-15.1/Functions.sh
View File

@ -81,7 +81,6 @@ buildAll() {
buildDevice d855;
buildDevice FP2;
buildDevice ham;
buildDevice klte;
buildDevice m8;
buildDevice victara;
@ -111,7 +110,8 @@ export -f buildAll;
patchWorkspace() {
if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi;
#source build/envsetup.sh;
source build/envsetup.sh;
repopick -it O_asb_2021-01;
export DOS_GRAPHENE_MALLOC=false; #patches apply, compile fails

29
Scripts/LineageOS-15.1/Patch.sh
View File

@ -104,6 +104,9 @@ if [ "$DOS_MICROG_INCLUDED" != "FULL" ]; then rm -rf packages/CompanionDeviceMan
rm -rf packages/Osu packages/Osu2; #Automatic Wi-Fi connection non-sense
rm -rf packages/PrintRecommendationService; #Creates popups to install proprietary print apps
enterAndClear "frameworks/minikin";
git pull "https://github.com/LineageOS/android_frameworks_minikin" refs/changes/11/300511/1; #O_asb_2021-01
if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then
enterAndClear "frameworks/opt/net/ims";
patch -p1 < "$DOS_PATCHES/android_frameworks_opt_net_ims/0001-Fix_Calling.patch"; #Fix calling when IMS is removed
@ -117,6 +120,32 @@ awk -i inplace '!/mPermissionReviewRequired = Build.PERMISSIONS_REVIEW_REQUIRED/
awk -i inplace '!/\|\| context.getResources\(\).getBoolean\(/' service/java/com/android/server/wifi/WifiServiceImpl.java;
awk -i inplace '!/com.android.internal.R.bool.config_permissionReviewRequired/' service/java/com/android/server/wifi/WifiServiceImpl.java;
enterAndClear "hardware/qcom/display";
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8084.patch" --directory msm8084;
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8916.patch" --directory msm8226;
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8960.patch" --directory msm8960;
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8974.patch" --directory msm8974;
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8994.patch" --directory msm8994;
#TODO: missing msm8909, msm8996, msm8998, sdm845
enterAndClear "hardware/qcom/display-caf/apq8084";
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-apq8084.patch";
enterAndClear "hardware/qcom/display-caf/msm8916";
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8916.patch";
enterAndClear "hardware/qcom/display-caf/msm8952";
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8952.patch";
enterAndClear "hardware/qcom/display-caf/msm8960";
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8960.patch";
enterAndClear "hardware/qcom/display-caf/msm8974";
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8974.patch";
enterAndClear "hardware/qcom/display-caf/msm8994";
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8994.patch";
enterAndClear "hardware/qcom/gps";
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_gps/0001-rollover.patch"; #fix week rollover

1
Scripts/LineageOS-16.0/Functions.sh
View File

@ -132,7 +132,6 @@ patchWorkspace() {
repopick -it hh-p-sepolicy;
repopick -i 232948; #wahoo: liblight: close fd
#repopick -it pie-firewall;
#repopick -it CVE-2019-2306_P;
repopick -it P_asb_2021-01;
source "$DOS_SCRIPTS/Patch.sh";

32
Scripts/LineageOS-16.0/Patch.sh
View File

@ -117,6 +117,38 @@ enterAndClear "frameworks/opt/net/ims";
patch -p1 < "$DOS_PATCHES/android_frameworks_opt_net_ims/0001-Fix_Calling.patch"; #Fix calling when IMS is removed
fi
enterAndClear "hardware/qcom/display";
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8084.patch" --directory msm8084;
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8916.patch" --directory msm8226;
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8960.patch" --directory msm8960;
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8974.patch" --directory msm8974;
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8994.patch" --directory msm8994;
#TODO: missing msm8909, msm8996, msm8998, sdm845, sdm8150
enterAndClear "hardware/qcom/display-caf/apq8084";
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-apq8084.patch";
enterAndClear "hardware/qcom/display-caf/msm8916";
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8916.patch";
enterAndClear "hardware/qcom/display-caf/msm8952";
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8952.patch";
enterAndClear "hardware/qcom/display-caf/msm8960";
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8960.patch";
enterAndClear "hardware/qcom/display-caf/msm8974";
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8974.patch";
enterAndClear "hardware/qcom/display-caf/msm8994";
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8994.patch";
enterAndClear "hardware/qcom/display-caf/msm8996";
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8996.patch";
enterAndClear "hardware/qcom/display-caf/msm8998";
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8998.patch";
if enter "kernel/wireguard"; then
if [ "$DOS_WIREGUARD_INCLUDED" = false ]; then rm Android.mk; fi;
#Remove system information from HTTP requests

1
Scripts/LineageOS-17.1/Functions.sh
View File

@ -128,7 +128,6 @@ patchWorkspace() {
source build/envsetup.sh;
repopick -i 271361; #releasetools: python3 fix, 287339 (alt)
#repopick -it ten-firewall;
#repopick -it CVE-2019-2306;
repopick -it Q_asb_2021-01;
source "$DOS_SCRIPTS/Patch.sh";

24
Scripts/LineageOS-17.1/Patch.sh
View File

@ -116,6 +116,29 @@ enterAndClear "frameworks/opt/net/ims";
patch -p1 < "$DOS_PATCHES/android_frameworks_opt_net_ims/0001-Fix_Calling.patch"; #Fix calling when IMS is removed
fi
enterAndClear "hardware/qcom/display";
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8084.patch" --directory msm8084;
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8916.patch" --directory msm8226;
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8960.patch" --directory msm8960;
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8974.patch" --directory msm8974;
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8994.patch" --directory msm8994;
#TODO: missing msm8909, msm8996, msm8998, sdm845, sdm8150
enterAndClear "hardware/qcom-caf/apq8084/display";
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-apq8084.patch";
enterAndClear "hardware/qcomcaf/msm8952/display";
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8952.patch";
enterAndClear "hardware/qcomy-caf/msm8960/display";
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8960.patch";
enterAndClear "hardware/qcom-caf/msm8974/display";
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8974.patch";
enterAndClear "hardware/qcom-caf/msm8994/display";
git apply "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8994.patch";
enterAndClear "hardware/qcom-caf/msm8996/audio";
patch -p1 < "$DOS_PATCHES/android_hardware_qcom_audio/0001-Unused-8996.patch"; #audio_extn: Fix unused parameter warning in utils.c
@ -223,7 +246,6 @@ enterAndClear "device/asus/flox";
git revert --no-edit f638a192cbef0045b6235fdd8fe28ee500ff7527; #conflict
compressRamdisks;
rm -rf bdAddrLoader; #duplicate with mako
echo "/dev/block/platform/msm_sdcc\.1/by-name/misc u:object_r:misc_block_device:s0" >> sepolicy/file_contexts;
#enterAndClear "device/cyanogen/msm8916-common";
#awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' BoardConfigCommon.mk; #broken releasetools