mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-10-01 01:35:54 -04:00
17.1 March ASB work
Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
parent
b4dbe27f23
commit
44fa294eca
36
Patches/LineageOS-17.1/android_external_zlib/351107.patch
Normal file
36
Patches/LineageOS-17.1/android_external_zlib/351107.patch
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Sadaf Ebrahimi <sadafebrahimi@google.com>
|
||||||
|
Date: Tue, 22 Nov 2022 22:00:13 +0000
|
||||||
|
Subject: [PATCH] Fix a bug when getting a gzip header extra field with
|
||||||
|
inflate().
|
||||||
|
|
||||||
|
If the extra field was larger than the space the user provided with
|
||||||
|
inflateGetHeader(), and if multiple calls of inflate() delivered
|
||||||
|
the extra header data, then there could be a buffer overflow of the
|
||||||
|
provided space. This commit assures that provided space is not
|
||||||
|
exceeded.
|
||||||
|
|
||||||
|
Bug: http://b/242299736
|
||||||
|
Test: TreeHugger
|
||||||
|
|
||||||
|
Change-Id: I4eabb3e135c1568e06b2b9740651a3ae11b21140
|
||||||
|
---
|
||||||
|
src/inflate.c | 5 +++--
|
||||||
|
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/inflate.c b/src/inflate.c
|
||||||
|
index ac333e8..cd01857 100644
|
||||||
|
--- a/src/inflate.c
|
||||||
|
+++ b/src/inflate.c
|
||||||
|
@@ -759,8 +759,9 @@ int flush;
|
||||||
|
if (copy > have) copy = have;
|
||||||
|
if (copy) {
|
||||||
|
if (state->head != Z_NULL &&
|
||||||
|
- state->head->extra != Z_NULL) {
|
||||||
|
- len = state->head->extra_len - state->length;
|
||||||
|
+ state->head->extra != Z_NULL &&
|
||||||
|
+ (len = state->head->extra_len - state->length) <
|
||||||
|
+ state->head->extra_max) {
|
||||||
|
zmemcpy(state->head->extra + len, next,
|
||||||
|
len + copy > state->head->extra_max ?
|
||||||
|
state->head->extra_max - len : copy);
|
@ -22,7 +22,7 @@ index 586d9a819d1e..85e86237adf6 100644
|
|||||||
<!-- Allows applications to access information about networks.
|
<!-- Allows applications to access information about networks.
|
||||||
<p>Protection level: normal
|
<p>Protection level: normal
|
||||||
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||||
index 011e19586ed2..245ea111996c 100644
|
index 4c6c1842d93e..8c0729b3506f 100644
|
||||||
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||||
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||||
@@ -1024,7 +1024,7 @@ public class PermissionManagerService {
|
@@ -1024,7 +1024,7 @@ public class PermissionManagerService {
|
||||||
|
@ -100,7 +100,7 @@ index 2cf2b923ef90..ae206c1f5872 100644
|
|||||||
<string name="permlab_readCalendar">Read calendar events and details</string>
|
<string name="permlab_readCalendar">Read calendar events and details</string>
|
||||||
<!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
|
<!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
|
||||||
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||||
index 245ea111996c..4a940dbb7744 100644
|
index 8c0729b3506f..8edb487294e6 100644
|
||||||
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||||
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||||
@@ -1024,7 +1024,7 @@ public class PermissionManagerService {
|
@@ -1024,7 +1024,7 @@ public class PermissionManagerService {
|
||||||
|
@ -25,7 +25,7 @@ index 1bd1396c6d45..a3e1b685a3be 100644
|
|||||||
Process.SYSTEM_UID, userId, delayingPermCallback);
|
Process.SYSTEM_UID, userId, delayingPermCallback);
|
||||||
// Allow app op later as we are holding mPackages
|
// Allow app op later as we are holding mPackages
|
||||||
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||||
index 23af4e6c1c3e..011e19586ed2 100644
|
index ae10b28cd8bb..4c6c1842d93e 100644
|
||||||
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||||
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||||
@@ -1023,6 +1023,10 @@ public class PermissionManagerService {
|
@@ -1023,6 +1023,10 @@ public class PermissionManagerService {
|
||||||
@ -63,7 +63,7 @@ index 23af4e6c1c3e..011e19586ed2 100644
|
|||||||
if (!permissionsState.hasRuntimePermission(bp.name, userId)
|
if (!permissionsState.hasRuntimePermission(bp.name, userId)
|
||||||
&& permissionsState.grantRuntimePermission(bp,
|
&& permissionsState.grantRuntimePermission(bp,
|
||||||
userId) != PERMISSION_OPERATION_FAILURE) {
|
userId) != PERMISSION_OPERATION_FAILURE) {
|
||||||
@@ -2228,7 +2240,7 @@ public class PermissionManagerService {
|
@@ -2233,7 +2245,7 @@ public class PermissionManagerService {
|
||||||
&& (grantedPermissions == null
|
&& (grantedPermissions == null
|
||||||
|| ArrayUtils.contains(grantedPermissions, permission))) {
|
|| ArrayUtils.contains(grantedPermissions, permission))) {
|
||||||
final int flags = permissionsState.getPermissionFlags(permission, userId);
|
final int flags = permissionsState.getPermissionFlags(permission, userId);
|
||||||
@ -72,7 +72,7 @@ index 23af4e6c1c3e..011e19586ed2 100644
|
|||||||
// Installer cannot change immutable permissions.
|
// Installer cannot change immutable permissions.
|
||||||
if ((flags & immutableFlags) == 0) {
|
if ((flags & immutableFlags) == 0) {
|
||||||
grantRuntimePermission(permission, pkg.packageName, false, callingUid,
|
grantRuntimePermission(permission, pkg.packageName, false, callingUid,
|
||||||
@@ -2287,7 +2299,7 @@ public class PermissionManagerService {
|
@@ -2292,7 +2304,7 @@ public class PermissionManagerService {
|
||||||
// to keep the review required permission flag per user while an
|
// to keep the review required permission flag per user while an
|
||||||
// install permission's state is shared across all users.
|
// install permission's state is shared across all users.
|
||||||
if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M
|
if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M
|
||||||
@ -81,7 +81,7 @@ index 23af4e6c1c3e..011e19586ed2 100644
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -2339,7 +2351,8 @@ public class PermissionManagerService {
|
@@ -2344,7 +2356,8 @@ public class PermissionManagerService {
|
||||||
+ permName + " for package " + packageName);
|
+ permName + " for package " + packageName);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -91,7 +91,7 @@ index 23af4e6c1c3e..011e19586ed2 100644
|
|||||||
Slog.w(TAG, "Cannot grant runtime permission to a legacy app");
|
Slog.w(TAG, "Cannot grant runtime permission to a legacy app");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@@ -2426,7 +2439,7 @@ public class PermissionManagerService {
|
@@ -2431,7 +2444,7 @@ public class PermissionManagerService {
|
||||||
// to keep the review required permission flag per user while an
|
// to keep the review required permission flag per user while an
|
||||||
// install permission's state is shared across all users.
|
// install permission's state is shared across all users.
|
||||||
if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M
|
if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M
|
||||||
|
@ -0,0 +1,47 @@
|
|||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Julia Reynolds <juliacr@google.com>
|
||||||
|
Date: Mon, 16 May 2022 15:28:24 -0400
|
||||||
|
Subject: [PATCH] Move service initialization
|
||||||
|
|
||||||
|
Occasionally ILockSettings can fail to be initialized otherwise
|
||||||
|
Fixes: 232714129
|
||||||
|
Test: boot (and eventually bootstress/reboot-long)
|
||||||
|
|
||||||
|
Change-Id: I2f9f9bdba37f4ebfaea56c1a6662f0474ae8a002
|
||||||
|
Merged-In: I2f9f9bdba37f4ebfaea56c1a6662f0474ae8a002
|
||||||
|
(cherry picked from commit 8e278543bd290d4b6c417758554d6dee93a4fe74)
|
||||||
|
(cherry picked from commit caa5a22ea0c401c4eef548fb8161820beda3ff13)
|
||||||
|
Merged-In: I2f9f9bdba37f4ebfaea56c1a6662f0474ae8a002
|
||||||
|
---
|
||||||
|
.../server/notification/NotificationManagerService.java | 4 +---
|
||||||
|
1 file changed, 1 insertion(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/services/core/java/com/android/server/notification/NotificationManagerService.java b/services/core/java/com/android/server/notification/NotificationManagerService.java
|
||||||
|
index 347811d82862..c9831781b543 100755
|
||||||
|
--- a/services/core/java/com/android/server/notification/NotificationManagerService.java
|
||||||
|
+++ b/services/core/java/com/android/server/notification/NotificationManagerService.java
|
||||||
|
@@ -1567,7 +1567,6 @@ public class NotificationManagerService extends SystemService {
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- private LockPatternUtils mLockPatternUtils;
|
||||||
|
private StrongAuthTracker mStrongAuthTracker;
|
||||||
|
|
||||||
|
public NotificationManagerService(Context context) {
|
||||||
|
@@ -1761,7 +1760,6 @@ public class NotificationManagerService extends SystemService {
|
||||||
|
|
||||||
|
mHandler = new WorkerHandler(looper);
|
||||||
|
mRankingThread.start();
|
||||||
|
- mLockPatternUtils = new LockPatternUtils(getContext());
|
||||||
|
mStrongAuthTracker = new StrongAuthTracker(getContext());
|
||||||
|
String[] extractorNames;
|
||||||
|
try {
|
||||||
|
@@ -2059,7 +2057,7 @@ public class NotificationManagerService extends SystemService {
|
||||||
|
mRoleObserver = new RoleObserver(getContext().getSystemService(RoleManager.class),
|
||||||
|
mPackageManager, getContext().getMainExecutor());
|
||||||
|
mRoleObserver.init();
|
||||||
|
- mLockPatternUtils.registerStrongAuthTracker(mStrongAuthTracker);
|
||||||
|
+ new LockPatternUtils(getContext()).registerStrongAuthTracker(mStrongAuthTracker);
|
||||||
|
} else if (phase == SystemService.PHASE_THIRD_PARTY_APPS_CAN_START) {
|
||||||
|
// This observer will force an update when observe is called, causing us to
|
||||||
|
// bind to listener services.
|
38
Patches/LineageOS-17.1/android_frameworks_base/351412.patch
Normal file
38
Patches/LineageOS-17.1/android_frameworks_base/351412.patch
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Alex Johnston <acjohnston@google.com>
|
||||||
|
Date: Tue, 5 Oct 2021 11:44:37 +0000
|
||||||
|
Subject: [PATCH] Stop managed profile owner granting READ_SMS
|
||||||
|
|
||||||
|
Reason: There is only one telephony stack shared
|
||||||
|
between the personal and work profile.
|
||||||
|
|
||||||
|
Bug: 194382185
|
||||||
|
Bug: 189942529
|
||||||
|
Test: build
|
||||||
|
Change-Id: If0d27a317a7c0ee46af371b30208327e5636c7cf
|
||||||
|
(cherry picked from commit 87f37319bf7ee22c6e7c29432b6c9bbce0fdb591)
|
||||||
|
Merged-In: If0d27a317a7c0ee46af371b30208327e5636c7cf
|
||||||
|
---
|
||||||
|
core/java/android/app/admin/DevicePolicyManager.java | 9 +++++++++
|
||||||
|
1 file changed, 9 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
|
||||||
|
index 08e6ff318fbc..5e263b0d05b6 100644
|
||||||
|
--- a/core/java/android/app/admin/DevicePolicyManager.java
|
||||||
|
+++ b/core/java/android/app/admin/DevicePolicyManager.java
|
||||||
|
@@ -8836,6 +8836,15 @@ public class DevicePolicyManager {
|
||||||
|
* {@link android.os.Build.VERSION_CODES#M} the app-op matching the permission is set to
|
||||||
|
* {@link android.app.AppOpsManager#MODE_IGNORED}, but the permission stays granted.
|
||||||
|
*
|
||||||
|
+ * Control over the following permissions are restricted for managed profile owners:
|
||||||
|
+ * <ul>
|
||||||
|
+ * <li>Manifest.permission.READ_SMS</li>
|
||||||
|
+ * </ul>
|
||||||
|
+ * <p>
|
||||||
|
+ * A managed profile owner may not grant these permissions (i.e. call this method with any of
|
||||||
|
+ * the permissions listed above and {@code grantState} of
|
||||||
|
+ * {@code #PERMISSION_GRANT_STATE_GRANTED}), but may deny them.
|
||||||
|
+ *
|
||||||
|
* @param admin Which profile or device owner this request is associated with.
|
||||||
|
* @param packageName The application to grant or revoke a permission to.
|
||||||
|
* @param permission The permission to grant or revoke.
|
@ -0,0 +1,528 @@
|
|||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Wenhao Wang <wenhaowang@google.com>
|
||||||
|
Date: Tue, 30 Aug 2022 11:09:46 -0700
|
||||||
|
Subject: [PATCH] Enable user graularity for lockdown mode
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
The NotificationManagerService registers a LockPatternUtils.StrongAuthTracker
|
||||||
|
to observe the StrongAuth changes of every user.
|
||||||
|
More specifically, it’s the STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN flag.
|
||||||
|
Via this flag, NotificationManagerService can perform the following operations
|
||||||
|
when the user enter or exit lockdown mode:
|
||||||
|
|
||||||
|
Enter lockdown:
|
||||||
|
1. Remove all the notifications belonging to the user.
|
||||||
|
2. Set the local flag to indicate the lockdown is on for the user.
|
||||||
|
The local flag will suppress the user's notifications on the
|
||||||
|
post, remove and update functions.
|
||||||
|
|
||||||
|
Exit lockdown:
|
||||||
|
1. Clear the local flag to indicate the lockdown is off for the user.
|
||||||
|
2. Repost the user’s notifications (suppressed during lockdown mode).
|
||||||
|
|
||||||
|
The CL also updates corresponding tests.
|
||||||
|
|
||||||
|
Bug: 173721373
|
||||||
|
Bug: 250743174
|
||||||
|
Test: atest NotificationManagerServiceTest
|
||||||
|
Test: atest NotificationListenersTest
|
||||||
|
Ignore-AOSP-First: pending fix for a security issue.
|
||||||
|
|
||||||
|
Change-Id: I4f30e56550729db7d673a92d2a1250509713f36d
|
||||||
|
Merged-In: I4f30e56550729db7d673a92d2a1250509713f36d
|
||||||
|
(cherry picked from commit de3b12fca23178d8c821058261572449b67d5967)
|
||||||
|
(cherry picked from commit 5e40f39f5bd4ae769d79ce022a64f1345512b65d)
|
||||||
|
Merged-In: I4f30e56550729db7d673a92d2a1250509713f36d
|
||||||
|
---
|
||||||
|
.../NotificationManagerService.java | 75 ++++++----
|
||||||
|
.../NotificationListenersTest.java | 132 +++++++++++-------
|
||||||
|
.../NotificationManagerServiceTest.java | 72 ++++++++--
|
||||||
|
3 files changed, 191 insertions(+), 88 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/services/core/java/com/android/server/notification/NotificationManagerService.java b/services/core/java/com/android/server/notification/NotificationManagerService.java
|
||||||
|
index c9831781b543..7ae80d927aaa 100755
|
||||||
|
--- a/services/core/java/com/android/server/notification/NotificationManagerService.java
|
||||||
|
+++ b/services/core/java/com/android/server/notification/NotificationManagerService.java
|
||||||
|
@@ -1535,34 +1535,39 @@ public class NotificationManagerService extends SystemService {
|
||||||
|
return (haystack & needle) != 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
- public boolean isInLockDownMode() {
|
||||||
|
- return mIsInLockDownMode;
|
||||||
|
+ // Return whether the user is in lockdown mode.
|
||||||
|
+ // If the flag is not set, we assume the user is not in lockdown.
|
||||||
|
+ public boolean isInLockDownMode(int userId) {
|
||||||
|
+ return mUserInLockDownMode.get(userId, false);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public synchronized void onStrongAuthRequiredChanged(int userId) {
|
||||||
|
boolean userInLockDownModeNext = containsFlag(getStrongAuthForUser(userId),
|
||||||
|
STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN);
|
||||||
|
- mUserInLockDownMode.put(userId, userInLockDownModeNext);
|
||||||
|
- boolean isInLockDownModeNext = mUserInLockDownMode.indexOfValue(true) != -1;
|
||||||
|
|
||||||
|
- if (mIsInLockDownMode == isInLockDownModeNext) {
|
||||||
|
+ // Nothing happens if the lockdown mode of userId keeps the same.
|
||||||
|
+ if (userInLockDownModeNext == isInLockDownMode(userId)) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (isInLockDownModeNext) {
|
||||||
|
- cancelNotificationsWhenEnterLockDownMode();
|
||||||
|
+ // When the lockdown mode is changed, we perform the following steps.
|
||||||
|
+ // If the userInLockDownModeNext is true, all the function calls to
|
||||||
|
+ // notifyPostedLocked and notifyRemovedLocked will not be executed.
|
||||||
|
+ // The cancelNotificationsWhenEnterLockDownMode calls notifyRemovedLocked
|
||||||
|
+ // and postNotificationsWhenExitLockDownMode calls notifyPostedLocked.
|
||||||
|
+ // So we shall call cancelNotificationsWhenEnterLockDownMode before
|
||||||
|
+ // we set mUserInLockDownMode as true.
|
||||||
|
+ // On the other hand, if the userInLockDownModeNext is false, we shall call
|
||||||
|
+ // postNotificationsWhenExitLockDownMode after we put false into mUserInLockDownMode
|
||||||
|
+ if (userInLockDownModeNext) {
|
||||||
|
+ cancelNotificationsWhenEnterLockDownMode(userId);
|
||||||
|
}
|
||||||
|
|
||||||
|
- // When the mIsInLockDownMode is true, both notifyPostedLocked and
|
||||||
|
- // notifyRemovedLocked will be dismissed. So we shall call
|
||||||
|
- // cancelNotificationsWhenEnterLockDownMode before we set mIsInLockDownMode
|
||||||
|
- // as true and call postNotificationsWhenExitLockDownMode after we set
|
||||||
|
- // mIsInLockDownMode as false.
|
||||||
|
- mIsInLockDownMode = isInLockDownModeNext;
|
||||||
|
+ mUserInLockDownMode.put(userId, userInLockDownModeNext);
|
||||||
|
|
||||||
|
- if (!isInLockDownModeNext) {
|
||||||
|
- postNotificationsWhenExitLockDownMode();
|
||||||
|
+ if (!userInLockDownModeNext) {
|
||||||
|
+ postNotificationsWhenExitLockDownMode(userId);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
@@ -7579,11 +7584,14 @@ public class NotificationManagerService extends SystemService {
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- private void cancelNotificationsWhenEnterLockDownMode() {
|
||||||
|
+ private void cancelNotificationsWhenEnterLockDownMode(int userId) {
|
||||||
|
synchronized (mNotificationLock) {
|
||||||
|
int numNotifications = mNotificationList.size();
|
||||||
|
for (int i = 0; i < numNotifications; i++) {
|
||||||
|
NotificationRecord rec = mNotificationList.get(i);
|
||||||
|
+ if (rec.getUser().getIdentifier() != userId) {
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
mListeners.notifyRemovedLocked(rec, REASON_CANCEL_ALL,
|
||||||
|
rec.getStats());
|
||||||
|
}
|
||||||
|
@@ -7591,14 +7599,23 @@ public class NotificationManagerService extends SystemService {
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- private void postNotificationsWhenExitLockDownMode() {
|
||||||
|
+ private void postNotificationsWhenExitLockDownMode(int userId) {
|
||||||
|
synchronized (mNotificationLock) {
|
||||||
|
int numNotifications = mNotificationList.size();
|
||||||
|
+ // Set the delay to spread out the burst of notifications.
|
||||||
|
+ long delay = 0;
|
||||||
|
for (int i = 0; i < numNotifications; i++) {
|
||||||
|
NotificationRecord rec = mNotificationList.get(i);
|
||||||
|
- mListeners.notifyPostedLocked(rec, rec);
|
||||||
|
+ if (rec.getUser().getIdentifier() != userId) {
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
+ mHandler.postDelayed(() -> {
|
||||||
|
+ synchronized (mNotificationLock) {
|
||||||
|
+ mListeners.notifyPostedLocked(rec, rec);
|
||||||
|
+ }
|
||||||
|
+ }, delay);
|
||||||
|
+ delay += 20;
|
||||||
|
}
|
||||||
|
-
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -7777,12 +7794,15 @@ public class NotificationManagerService extends SystemService {
|
||||||
|
* notifications visible to the given listener.
|
||||||
|
*/
|
||||||
|
@GuardedBy("mNotificationLock")
|
||||||
|
- private NotificationRankingUpdate makeRankingUpdateLocked(ManagedServiceInfo info) {
|
||||||
|
+ NotificationRankingUpdate makeRankingUpdateLocked(ManagedServiceInfo info) {
|
||||||
|
final int N = mNotificationList.size();
|
||||||
|
final ArrayList<NotificationListenerService.Ranking> rankings = new ArrayList<>();
|
||||||
|
|
||||||
|
for (int i = 0; i < N; i++) {
|
||||||
|
NotificationRecord record = mNotificationList.get(i);
|
||||||
|
+ if (isInLockDownMode(record.getUser().getIdentifier())) {
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
if (!isVisibleToListener(record.sbn, info)) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
@@ -7818,8 +7838,8 @@ public class NotificationManagerService extends SystemService {
|
||||||
|
rankings.toArray(new NotificationListenerService.Ranking[0]));
|
||||||
|
}
|
||||||
|
|
||||||
|
- boolean isInLockDownMode() {
|
||||||
|
- return mStrongAuthTracker.isInLockDownMode();
|
||||||
|
+ boolean isInLockDownMode(int userId) {
|
||||||
|
+ return mStrongAuthTracker.isInLockDownMode(userId);
|
||||||
|
}
|
||||||
|
|
||||||
|
boolean hasCompanionDevice(ManagedServiceInfo info) {
|
||||||
|
@@ -7854,7 +7874,8 @@ public class NotificationManagerService extends SystemService {
|
||||||
|
ServiceManager.getService(Context.COMPANION_DEVICE_SERVICE));
|
||||||
|
}
|
||||||
|
|
||||||
|
- private boolean isVisibleToListener(StatusBarNotification sbn, ManagedServiceInfo listener) {
|
||||||
|
+ @VisibleForTesting
|
||||||
|
+ boolean isVisibleToListener(StatusBarNotification sbn, ManagedServiceInfo listener) {
|
||||||
|
if (!listener.enabledAndUserMatches(sbn.getUserId())) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
@@ -8454,7 +8475,7 @@ public class NotificationManagerService extends SystemService {
|
||||||
|
@GuardedBy("mNotificationLock")
|
||||||
|
void notifyPostedLocked(NotificationRecord r, NotificationRecord old,
|
||||||
|
boolean notifyAllListeners) {
|
||||||
|
- if (isInLockDownMode()) {
|
||||||
|
+ if (isInLockDownMode(r.getUser().getIdentifier())) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -8520,7 +8541,7 @@ public class NotificationManagerService extends SystemService {
|
||||||
|
@GuardedBy("mNotificationLock")
|
||||||
|
public void notifyRemovedLocked(NotificationRecord r, int reason,
|
||||||
|
NotificationStats notificationStats) {
|
||||||
|
- if (isInLockDownMode()) {
|
||||||
|
+ if (isInLockDownMode(r.getUser().getIdentifier())) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -8575,10 +8596,6 @@ public class NotificationManagerService extends SystemService {
|
||||||
|
*/
|
||||||
|
@GuardedBy("mNotificationLock")
|
||||||
|
public void notifyRankingUpdateLocked(List<NotificationRecord> changedHiddenNotifications) {
|
||||||
|
- if (isInLockDownMode()) {
|
||||||
|
- return;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
boolean isHiddenRankingUpdate = changedHiddenNotifications != null
|
||||||
|
&& changedHiddenNotifications.size() > 0;
|
||||||
|
|
||||||
|
diff --git a/services/tests/uiservicestests/src/com/android/server/notification/NotificationListenersTest.java b/services/tests/uiservicestests/src/com/android/server/notification/NotificationListenersTest.java
|
||||||
|
index 793739bfe8f5..e04339fe5ee9 100644
|
||||||
|
--- a/services/tests/uiservicestests/src/com/android/server/notification/NotificationListenersTest.java
|
||||||
|
+++ b/services/tests/uiservicestests/src/com/android/server/notification/NotificationListenersTest.java
|
||||||
|
@@ -28,6 +28,7 @@ import static org.mockito.Mockito.when;
|
||||||
|
import android.app.INotificationManager;
|
||||||
|
import android.content.pm.IPackageManager;
|
||||||
|
import android.content.pm.PackageManager;
|
||||||
|
+import android.os.UserHandle;
|
||||||
|
import android.service.notification.NotificationStats;
|
||||||
|
import android.service.notification.StatusBarNotification;
|
||||||
|
import android.testing.TestableContext;
|
||||||
|
@@ -40,8 +41,6 @@ import org.mockito.Mock;
|
||||||
|
import org.mockito.MockitoAnnotations;
|
||||||
|
import org.mockito.internal.util.reflection.FieldSetter;
|
||||||
|
|
||||||
|
-import java.util.List;
|
||||||
|
-
|
||||||
|
public class NotificationListenersTest extends UiServiceTestCase {
|
||||||
|
|
||||||
|
@Mock
|
||||||
|
@@ -70,46 +69,65 @@ public class NotificationListenersTest extends UiServiceTestCase {
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testNotifyPostedLockedInLockdownMode() {
|
||||||
|
- NotificationRecord r = mock(NotificationRecord.class);
|
||||||
|
- NotificationRecord old = mock(NotificationRecord.class);
|
||||||
|
-
|
||||||
|
- // before the lockdown mode
|
||||||
|
- when(mNm.isInLockDownMode()).thenReturn(false);
|
||||||
|
- mListeners.notifyPostedLocked(r, old, true);
|
||||||
|
- mListeners.notifyPostedLocked(r, old, false);
|
||||||
|
- verify(mListeners, times(2)).getServices();
|
||||||
|
-
|
||||||
|
- // in the lockdown mode
|
||||||
|
- reset(r);
|
||||||
|
- reset(old);
|
||||||
|
- reset(mListeners);
|
||||||
|
- when(mNm.isInLockDownMode()).thenReturn(true);
|
||||||
|
- mListeners.notifyPostedLocked(r, old, true);
|
||||||
|
- mListeners.notifyPostedLocked(r, old, false);
|
||||||
|
- verify(mListeners, never()).getServices();
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- @Test
|
||||||
|
- public void testnotifyRankingUpdateLockedInLockdownMode() {
|
||||||
|
- List chn = mock(List.class);
|
||||||
|
-
|
||||||
|
- // before the lockdown mode
|
||||||
|
- when(mNm.isInLockDownMode()).thenReturn(false);
|
||||||
|
- mListeners.notifyRankingUpdateLocked(chn);
|
||||||
|
- verify(chn, times(1)).size();
|
||||||
|
-
|
||||||
|
- // in the lockdown mode
|
||||||
|
- reset(chn);
|
||||||
|
- when(mNm.isInLockDownMode()).thenReturn(true);
|
||||||
|
- mListeners.notifyRankingUpdateLocked(chn);
|
||||||
|
- verify(chn, never()).size();
|
||||||
|
+ NotificationRecord r0 = mock(NotificationRecord.class);
|
||||||
|
+ NotificationRecord old0 = mock(NotificationRecord.class);
|
||||||
|
+ UserHandle uh0 = mock(UserHandle.class);
|
||||||
|
+
|
||||||
|
+ NotificationRecord r1 = mock(NotificationRecord.class);
|
||||||
|
+ NotificationRecord old1 = mock(NotificationRecord.class);
|
||||||
|
+ UserHandle uh1 = mock(UserHandle.class);
|
||||||
|
+
|
||||||
|
+ // Neither user0 and user1 is in the lockdown mode
|
||||||
|
+ when(r0.getUser()).thenReturn(uh0);
|
||||||
|
+ when(uh0.getIdentifier()).thenReturn(0);
|
||||||
|
+ when(mNm.isInLockDownMode(0)).thenReturn(false);
|
||||||
|
+
|
||||||
|
+ when(r1.getUser()).thenReturn(uh1);
|
||||||
|
+ when(uh1.getIdentifier()).thenReturn(1);
|
||||||
|
+ when(mNm.isInLockDownMode(1)).thenReturn(false);
|
||||||
|
+
|
||||||
|
+ mListeners.notifyPostedLocked(r0, old0, true);
|
||||||
|
+ mListeners.notifyPostedLocked(r0, old0, false);
|
||||||
|
+ verify(r0, atLeast(2)).getSbn();
|
||||||
|
+
|
||||||
|
+ mListeners.notifyPostedLocked(r1, old1, true);
|
||||||
|
+ mListeners.notifyPostedLocked(r1, old1, false);
|
||||||
|
+ verify(r1, atLeast(2)).getSbn();
|
||||||
|
+
|
||||||
|
+ // Reset
|
||||||
|
+ reset(r0);
|
||||||
|
+ reset(old0);
|
||||||
|
+ reset(r1);
|
||||||
|
+ reset(old1);
|
||||||
|
+
|
||||||
|
+ // Only user 0 is in the lockdown mode
|
||||||
|
+ when(r0.getUser()).thenReturn(uh0);
|
||||||
|
+ when(uh0.getIdentifier()).thenReturn(0);
|
||||||
|
+ when(mNm.isInLockDownMode(0)).thenReturn(true);
|
||||||
|
+
|
||||||
|
+ when(r1.getUser()).thenReturn(uh1);
|
||||||
|
+ when(uh1.getIdentifier()).thenReturn(1);
|
||||||
|
+ when(mNm.isInLockDownMode(1)).thenReturn(false);
|
||||||
|
+
|
||||||
|
+ mListeners.notifyPostedLocked(r0, old0, true);
|
||||||
|
+ mListeners.notifyPostedLocked(r0, old0, false);
|
||||||
|
+ verify(r0, never()).getSbn();
|
||||||
|
+
|
||||||
|
+ mListeners.notifyPostedLocked(r1, old1, true);
|
||||||
|
+ mListeners.notifyPostedLocked(r1, old1, false);
|
||||||
|
+ verify(r1, atLeast(2)).getSbn();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testNotifyRemovedLockedInLockdownMode() throws NoSuchFieldException {
|
||||||
|
StatusBarNotification sbn = mock(StatusBarNotification.class);
|
||||||
|
- NotificationRecord r = mock(NotificationRecord.class);
|
||||||
|
- NotificationStats rs = mock(NotificationStats.class);
|
||||||
|
+ NotificationRecord r0 = mock(NotificationRecord.class);
|
||||||
|
+ NotificationStats rs0 = mock(NotificationStats.class);
|
||||||
|
+ UserHandle uh0 = mock(UserHandle.class);
|
||||||
|
+
|
||||||
|
+ NotificationRecord r1 = mock(NotificationRecord.class);
|
||||||
|
+ NotificationStats rs1 = mock(NotificationStats.class);
|
||||||
|
+ UserHandle uh1 = mock(UserHandle.class);
|
||||||
|
FieldSetter.setField(r,
|
||||||
|
NotificationRecord.class.getDeclaredField("sbn"),
|
||||||
|
sbn);
|
||||||
|
@@ -117,19 +135,31 @@ public class NotificationListenersTest extends UiServiceTestCase {
|
||||||
|
NotificationManagerService.class.getDeclaredField("mHandler"),
|
||||||
|
mock(NotificationManagerService.WorkerHandler.class));
|
||||||
|
|
||||||
|
- // before the lockdown mode
|
||||||
|
- when(mNm.isInLockDownMode()).thenReturn(false);
|
||||||
|
- mListeners.notifyRemovedLocked(r, 0, rs);
|
||||||
|
- mListeners.notifyRemovedLocked(r, 0, rs);
|
||||||
|
- verify(sbn, times(2)).cloneLight();
|
||||||
|
-
|
||||||
|
- // in the lockdown mode
|
||||||
|
- reset(sbn);
|
||||||
|
- reset(r);
|
||||||
|
- reset(rs);
|
||||||
|
- when(mNm.isInLockDownMode()).thenReturn(true);
|
||||||
|
- mListeners.notifyRemovedLocked(r, 0, rs);
|
||||||
|
- mListeners.notifyRemovedLocked(r, 0, rs);
|
||||||
|
- verify(sbn, never()).cloneLight();
|
||||||
|
+ // Neither user0 and user1 is in the lockdown mode
|
||||||
|
+ when(r0.getUser()).thenReturn(uh0);
|
||||||
|
+ when(uh0.getIdentifier()).thenReturn(0);
|
||||||
|
+ when(mNm.isInLockDownMode(0)).thenReturn(false);
|
||||||
|
+ when(r0.getSbn()).thenReturn(sbn);
|
||||||
|
+
|
||||||
|
+ when(r1.getUser()).thenReturn(uh1);
|
||||||
|
+ when(uh1.getIdentifier()).thenReturn(1);
|
||||||
|
+ when(mNm.isInLockDownMode(1)).thenReturn(false);
|
||||||
|
+ when(r1.getSbn()).thenReturn(sbn);
|
||||||
|
+
|
||||||
|
+ mListeners.notifyRemovedLocked(r0, 0, rs0);
|
||||||
|
+ mListeners.notifyRemovedLocked(r0, 0, rs0);
|
||||||
|
+ verify(r0, atLeast(2)).getSbn();
|
||||||
|
+
|
||||||
|
+ mListeners.notifyRemovedLocked(r1, 0, rs1);
|
||||||
|
+ mListeners.notifyRemovedLocked(r1, 0, rs1);
|
||||||
|
+ verify(r1, atLeast(2)).getSbn();
|
||||||
|
+
|
||||||
|
+ // Reset
|
||||||
|
+ reset(r0);
|
||||||
|
+ reset(rs0);
|
||||||
|
+ reset(r1);
|
||||||
|
+ reset(rs1);
|
||||||
|
+
|
||||||
|
+ // Only user 0 is in the lockdown mode
|
||||||
|
}
|
||||||
|
}
|
||||||
|
diff --git a/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java b/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java
|
||||||
|
index 5030e124e4ce..7018b55b278d 100755
|
||||||
|
--- a/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java
|
||||||
|
+++ b/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java
|
||||||
|
@@ -124,6 +124,7 @@ import android.provider.MediaStore;
|
||||||
|
import android.provider.Settings;
|
||||||
|
import android.service.notification.Adjustment;
|
||||||
|
import android.service.notification.NotificationListenerService;
|
||||||
|
+import android.service.notification.NotificationRankingUpdate;
|
||||||
|
import android.service.notification.NotificationStats;
|
||||||
|
import android.service.notification.StatusBarNotification;
|
||||||
|
import android.service.notification.ZenPolicy;
|
||||||
|
@@ -149,6 +150,7 @@ import com.android.server.SystemService;
|
||||||
|
import com.android.server.UiServiceTestCase;
|
||||||
|
import com.android.server.lights.Light;
|
||||||
|
import com.android.server.lights.LightsManager;
|
||||||
|
+import com.android.server.notification.ManagedServices.ManagedServiceInfo;
|
||||||
|
import com.android.server.notification.NotificationManagerService.NotificationAssistants;
|
||||||
|
import com.android.server.notification.NotificationManagerService.NotificationListeners;
|
||||||
|
import com.android.server.pm.PackageManagerService;
|
||||||
|
@@ -255,6 +257,8 @@ public class NotificationManagerServiceTest extends UiServiceTestCase {
|
||||||
|
@Mock
|
||||||
|
AlarmManager mAlarmManager;
|
||||||
|
|
||||||
|
+ private NotificationManagerService.WorkerHandler mWorkerHandler;
|
||||||
|
+
|
||||||
|
// Use a Testable subclass so we can simulate calls from the system without failing.
|
||||||
|
private static class TestableNotificationManagerService extends NotificationManagerService {
|
||||||
|
int countSystemChecks = 0;
|
||||||
|
@@ -264,6 +268,9 @@ public class NotificationManagerServiceTest extends UiServiceTestCase {
|
||||||
|
@Nullable
|
||||||
|
NotificationAssistantAccessGrantedCallback mNotificationAssistantAccessGrantedCallback;
|
||||||
|
|
||||||
|
+ @Nullable
|
||||||
|
+ Boolean mIsVisibleToListenerReturnValue = null;
|
||||||
|
+
|
||||||
|
TestableNotificationManagerService(Context context) {
|
||||||
|
super(context);
|
||||||
|
}
|
||||||
|
@@ -326,6 +333,18 @@ public class NotificationManagerServiceTest extends UiServiceTestCase {
|
||||||
|
void onGranted(ComponentName assistant, int userId, boolean granted);
|
||||||
|
}
|
||||||
|
|
||||||
|
+ protected void setIsVisibleToListenerReturnValue(boolean value) {
|
||||||
|
+ mIsVisibleToListenerReturnValue = value;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ @Override
|
||||||
|
+ boolean isVisibleToListener(StatusBarNotification sbn, ManagedServiceInfo listener) {
|
||||||
|
+ if (mIsVisibleToListenerReturnValue != null) {
|
||||||
|
+ return mIsVisibleToListenerReturnValue;
|
||||||
|
+ }
|
||||||
|
+ return super.isVisibleToListener(sbn, listener);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
@Override
|
||||||
|
protected boolean canLaunchInActivityView(Context context, PendingIntent pendingIntent,
|
||||||
|
String packageName) {
|
||||||
|
@@ -429,7 +448,8 @@ public class NotificationManagerServiceTest extends UiServiceTestCase {
|
||||||
|
when(mAssistants.isAdjustmentAllowed(anyString())).thenReturn(true);
|
||||||
|
|
||||||
|
|
||||||
|
- mService.init(mTestableLooper.getLooper(),
|
||||||
|
+ mWorkerHandler = spy(mService.new WorkerHandler(mTestableLooper.getLooper()));
|
||||||
|
+ mService.init(mWorkerHandler,
|
||||||
|
mPackageManager, mPackageManagerClient, mockLightsManager,
|
||||||
|
mListeners, mAssistants, mConditionProviders,
|
||||||
|
mCompanionMgr, mSnoozeHelper, mUsageStats, mPolicyFile, mActivityManager,
|
||||||
|
@@ -459,6 +479,7 @@ public class NotificationManagerServiceTest extends UiServiceTestCase {
|
||||||
|
clearDeviceConfig();
|
||||||
|
InstrumentationRegistry.getInstrumentation()
|
||||||
|
.getUiAutomation().dropShellPermissionIdentity();
|
||||||
|
+ mWorkerHandler.removeCallbacksAndMessages(null);
|
||||||
|
}
|
||||||
|
|
||||||
|
public void waitForIdle() {
|
||||||
|
@@ -5607,10 +5628,10 @@ public class NotificationManagerServiceTest extends UiServiceTestCase {
|
||||||
|
mStrongAuthTracker.setGetStrongAuthForUserReturnValue(
|
||||||
|
STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN);
|
||||||
|
mStrongAuthTracker.onStrongAuthRequiredChanged(mContext.getUserId());
|
||||||
|
- assertTrue(mStrongAuthTracker.isInLockDownMode());
|
||||||
|
- mStrongAuthTracker.setGetStrongAuthForUserReturnValue(0);
|
||||||
|
+ assertTrue(mStrongAuthTracker.isInLockDownMode(mContext.getUserId()));
|
||||||
|
+ mStrongAuthTracker.setGetStrongAuthForUserReturnValue(mContext.getUserId());
|
||||||
|
mStrongAuthTracker.onStrongAuthRequiredChanged(mContext.getUserId());
|
||||||
|
- assertFalse(mStrongAuthTracker.isInLockDownMode());
|
||||||
|
+ assertFalse(mStrongAuthTracker.isInLockDownMode(mContext.getUserId()));
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
@@ -5626,8 +5647,8 @@ public class NotificationManagerServiceTest extends UiServiceTestCase {
|
||||||
|
// when entering the lockdown mode, cancel the 2 notifications.
|
||||||
|
mStrongAuthTracker.setGetStrongAuthForUserReturnValue(
|
||||||
|
STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN);
|
||||||
|
- mStrongAuthTracker.onStrongAuthRequiredChanged(mContext.getUserId());
|
||||||
|
- assertTrue(mStrongAuthTracker.isInLockDownMode());
|
||||||
|
+ mStrongAuthTracker.onStrongAuthRequiredChanged(0);
|
||||||
|
+ assertTrue(mStrongAuthTracker.isInLockDownMode(0));
|
||||||
|
|
||||||
|
// the notifyRemovedLocked function is called twice due to REASON_LOCKDOWN.
|
||||||
|
ArgumentCaptor<Integer> captor = ArgumentCaptor.forClass(Integer.class);
|
||||||
|
@@ -5636,9 +5657,44 @@ public class NotificationManagerServiceTest extends UiServiceTestCase {
|
||||||
|
|
||||||
|
// exit lockdown mode.
|
||||||
|
mStrongAuthTracker.setGetStrongAuthForUserReturnValue(0);
|
||||||
|
- mStrongAuthTracker.onStrongAuthRequiredChanged(mContext.getUserId());
|
||||||
|
+ mStrongAuthTracker.onStrongAuthRequiredChanged(0);
|
||||||
|
+ assertFalse(mStrongAuthTracker.isInLockDownMode(0));
|
||||||
|
|
||||||
|
// the notifyPostedLocked function is called twice.
|
||||||
|
- verify(mListeners, times(2)).notifyPostedLocked(any(), any());
|
||||||
|
+ verify(mWorkerHandler, times(2)).postDelayed(any(Runnable.class), anyLong());
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ @Test
|
||||||
|
+ public void testMakeRankingUpdateLockedInLockDownMode() {
|
||||||
|
+ // post 2 notifications from a same package
|
||||||
|
+ NotificationRecord pkgA = new NotificationRecord(mContext,
|
||||||
|
+ generateSbn("a", 1000, 9, 0), mTestNotificationChannel);
|
||||||
|
+ mService.addNotification(pkgA);
|
||||||
|
+ NotificationRecord pkgB = new NotificationRecord(mContext,
|
||||||
|
+ generateSbn("a", 1000, 9, 1), mTestNotificationChannel);
|
||||||
|
+ mService.addNotification(pkgB);
|
||||||
|
+
|
||||||
|
+ mService.setIsVisibleToListenerReturnValue(true);
|
||||||
|
+ NotificationRankingUpdate nru = mService.makeRankingUpdateLocked(null);
|
||||||
|
+ assertEquals(2, nru.getRankingMap().getOrderedKeys().length);
|
||||||
|
+
|
||||||
|
+ // when only user 0 entering the lockdown mode, its notification will be suppressed.
|
||||||
|
+ mStrongAuthTracker.setGetStrongAuthForUserReturnValue(
|
||||||
|
+ STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN);
|
||||||
|
+ mStrongAuthTracker.onStrongAuthRequiredChanged(0);
|
||||||
|
+ assertTrue(mStrongAuthTracker.isInLockDownMode(0));
|
||||||
|
+ assertFalse(mStrongAuthTracker.isInLockDownMode(1));
|
||||||
|
+
|
||||||
|
+ nru = mService.makeRankingUpdateLocked(null);
|
||||||
|
+ assertEquals(1, nru.getRankingMap().getOrderedKeys().length);
|
||||||
|
+
|
||||||
|
+ // User 0 exits lockdown mode. Its notification will be resumed.
|
||||||
|
+ mStrongAuthTracker.setGetStrongAuthForUserReturnValue(0);
|
||||||
|
+ mStrongAuthTracker.onStrongAuthRequiredChanged(0);
|
||||||
|
+ assertFalse(mStrongAuthTracker.isInLockDownMode(0));
|
||||||
|
+ assertFalse(mStrongAuthTracker.isInLockDownMode(1));
|
||||||
|
+
|
||||||
|
+ nru = mService.makeRankingUpdateLocked(null);
|
||||||
|
+ assertEquals(2, nru.getRankingMap().getOrderedKeys().length);
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,53 @@
|
|||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Nate Myren <ntmyren@google.com>
|
||||||
|
Date: Fri, 2 Dec 2022 09:44:31 -0800
|
||||||
|
Subject: [PATCH] RESTRICT AUTOMERGE Revoke dev perm if app is upgrading to
|
||||||
|
post 23 and perm has pre23 flag
|
||||||
|
|
||||||
|
If a permission has the "pre23" flag, and an app is upgrading past api
|
||||||
|
23, then we should not assume that a "development" permission remains
|
||||||
|
granted
|
||||||
|
|
||||||
|
Fixes: 259458532
|
||||||
|
Test: atest RevokeSawPermissionTest
|
||||||
|
Change-Id: I214396f455c5ed9e8bac2e50b1525b86475c81c7
|
||||||
|
(cherry picked from commit 2f30a63b11e59f9daf42f51eb85aa91c86f4baf4)
|
||||||
|
Merged-In: I214396f455c5ed9e8bac2e50b1525b86475c81c7
|
||||||
|
---
|
||||||
|
.../server/pm/permission/PermissionManagerService.java | 9 +++++++--
|
||||||
|
1 file changed, 7 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||||
|
index 23af4e6c1c3e..ae10b28cd8bb 100644
|
||||||
|
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||||
|
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||||
|
@@ -671,7 +671,7 @@ public class PermissionManagerService {
|
||||||
|
}
|
||||||
|
final PackageSetting ps = (PackageSetting) newPackage.mExtras;
|
||||||
|
if (grantSignaturePermission(Manifest.permission.SYSTEM_ALERT_WINDOW, newPackage, saw,
|
||||||
|
- ps.getPermissionsState())) {
|
||||||
|
+ ps.getPermissionsState(), true)) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
for (int userId: mUserManagerInt.getUserIds()) {
|
||||||
|
@@ -1836,6 +1836,11 @@ public class PermissionManagerService {
|
||||||
|
|
||||||
|
private boolean grantSignaturePermission(String perm, PackageParser.Package pkg,
|
||||||
|
BasePermission bp, PermissionsState origPermissions) {
|
||||||
|
+ return grantSignaturePermission(perm, pkg, bp, origPermissions, false);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ private boolean grantSignaturePermission(String perm, PackageParser.Package pkg,
|
||||||
|
+ BasePermission bp, PermissionsState origPermissions, boolean isApi23Upgrade) {
|
||||||
|
boolean oemPermission = bp.isOEM();
|
||||||
|
boolean vendorPrivilegedPermission = bp.isVendorPrivileged();
|
||||||
|
boolean privilegedPermission = bp.isPrivileged() || bp.isVendorPrivileged();
|
||||||
|
@@ -2022,7 +2027,7 @@ public class PermissionManagerService {
|
||||||
|
// Any pre-installed system app is allowed to get this permission.
|
||||||
|
allowed = true;
|
||||||
|
}
|
||||||
|
- if (!allowed && bp.isDevelopment()) {
|
||||||
|
+ if (!allowed && bp.isDevelopment() && !(bp.isPre23() && isApi23Upgrade)) {
|
||||||
|
// For development permissions, a development permission
|
||||||
|
// is granted only if it was already granted.
|
||||||
|
allowed = origPermissions.hasInstallPermission(perm);
|
41
Patches/LineageOS-17.1/android_frameworks_base/351415.patch
Normal file
41
Patches/LineageOS-17.1/android_frameworks_base/351415.patch
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Michael Wright <michaelwr@google.com>
|
||||||
|
Date: Mon, 26 Sep 2022 20:37:33 +0100
|
||||||
|
Subject: [PATCH] Reconcile WorkSource parcel and unparcel code.
|
||||||
|
|
||||||
|
Prior to this CL, WorkSources would Parcel their list of WorkChains as
|
||||||
|
-1 if null, or the size of the list followed by the list itself if
|
||||||
|
non-null. When reading it back in, on the other hand, they would check
|
||||||
|
if the size was positive, and only then read the list from the Parcel.
|
||||||
|
This works for all cases except when the WorkSource has an empty but
|
||||||
|
non-null list of WorkChains as the list would get written to the parcel,
|
||||||
|
but then never read on the other side.
|
||||||
|
|
||||||
|
If parceling a list was a no-op when empty this wouldn't be an issue,
|
||||||
|
but it must write at least its size into the parcel to know how many
|
||||||
|
elements to extract. In the empty list case, this single element is left
|
||||||
|
unread as the size is not positive which essentially corrupts any future
|
||||||
|
items read from that same parcelable.
|
||||||
|
|
||||||
|
Bug: 220302519
|
||||||
|
Test: atest android.security.cts.WorkSourceTest#testWorkChainParceling
|
||||||
|
Change-Id: I2fec40dfced420ca38e717059b0e95ee8ef9946a
|
||||||
|
(cherry picked from commit 266b3bddcf14d448c0972db64b42950f76c759e3)
|
||||||
|
Merged-In: I2fec40dfced420ca38e717059b0e95ee8ef9946a
|
||||||
|
---
|
||||||
|
core/java/android/os/WorkSource.java | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/core/java/android/os/WorkSource.java b/core/java/android/os/WorkSource.java
|
||||||
|
index 0b4a56121038..4e7a280aa2c1 100644
|
||||||
|
--- a/core/java/android/os/WorkSource.java
|
||||||
|
+++ b/core/java/android/os/WorkSource.java
|
||||||
|
@@ -114,7 +114,7 @@ public class WorkSource implements Parcelable {
|
||||||
|
mNames = in.createStringArray();
|
||||||
|
|
||||||
|
int numChains = in.readInt();
|
||||||
|
- if (numChains > 0) {
|
||||||
|
+ if (numChains >= 0) {
|
||||||
|
mChains = new ArrayList<>(numChains);
|
||||||
|
in.readParcelableList(mChains, WorkChain.class.getClassLoader());
|
||||||
|
} else {
|
41
Patches/LineageOS-17.1/android_frameworks_base/351436.patch
Normal file
41
Patches/LineageOS-17.1/android_frameworks_base/351436.patch
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Winson Chung <winsonc@google.com>
|
||||||
|
Date: Wed, 11 Jan 2023 18:58:41 +0000
|
||||||
|
Subject: [PATCH] Revert "Ensure that only SysUI can override pending intent
|
||||||
|
launch flags"
|
||||||
|
|
||||||
|
This reverts commit c4d3106e347922610f8c554de3ae238175ed393e.
|
||||||
|
|
||||||
|
Reason for revert: b/264884187, b/264885689
|
||||||
|
|
||||||
|
Change-Id: I9fb0d66327f3f872a92e6b9d682d58489e81e6ba
|
||||||
|
(cherry picked from commit 7bb933f48ff15d8f08d2185005b7b3e212915276)
|
||||||
|
Merged-In: I9fb0d66327f3f872a92e6b9d682d58489e81e6ba
|
||||||
|
---
|
||||||
|
.../com/android/server/am/PendingIntentRecord.java | 11 +++--------
|
||||||
|
1 file changed, 3 insertions(+), 8 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/services/core/java/com/android/server/am/PendingIntentRecord.java b/services/core/java/com/android/server/am/PendingIntentRecord.java
|
||||||
|
index 44d67ed0d642..54504c3c1e24 100644
|
||||||
|
--- a/services/core/java/com/android/server/am/PendingIntentRecord.java
|
||||||
|
+++ b/services/core/java/com/android/server/am/PendingIntentRecord.java
|
||||||
|
@@ -317,16 +317,11 @@ public final class PendingIntentRecord extends IIntentSender.Stub {
|
||||||
|
resolvedType = key.requestResolvedType;
|
||||||
|
}
|
||||||
|
|
||||||
|
- // Apply any launch flags from the ActivityOptions. This is used only by SystemUI
|
||||||
|
- // to ensure that we can launch the pending intent with a consistent launch mode even
|
||||||
|
- // if the provided PendingIntent is immutable (ie. to force an activity to launch into
|
||||||
|
- // a new task, or to launch multiple instances if supported by the app)
|
||||||
|
+ // Apply any launch flags from the ActivityOptions. This is to ensure that the caller
|
||||||
|
+ // can specify a consistent launch mode even if the PendingIntent is immutable
|
||||||
|
final ActivityOptions opts = ActivityOptions.fromBundle(options);
|
||||||
|
if (opts != null) {
|
||||||
|
- // TODO(b/254490217): Move this check into SafeActivityOptions
|
||||||
|
- if (controller.mAtmInternal.isCallerRecents(Binder.getCallingUid())) {
|
||||||
|
- finalIntent.addFlags(opts.getPendingIntentLaunchFlags());
|
||||||
|
- }
|
||||||
|
+ finalIntent.addFlags(opts.getPendingIntentLaunchFlags());
|
||||||
|
}
|
||||||
|
|
||||||
|
// Extract options before clearing calling identity
|
@ -41,7 +41,7 @@ index d91b7f8b8..befc92fb4 100644
|
|||||||
configureRandomizedMacAddress(config);
|
configureRandomizedMacAddress(config);
|
||||||
} else {
|
} else {
|
||||||
diff --git a/service/java/com/android/server/wifi/WifiConfigManager.java b/service/java/com/android/server/wifi/WifiConfigManager.java
|
diff --git a/service/java/com/android/server/wifi/WifiConfigManager.java b/service/java/com/android/server/wifi/WifiConfigManager.java
|
||||||
index fce5758e1..817fb2958 100644
|
index 393a5c395..cb44fb4ab 100644
|
||||||
--- a/service/java/com/android/server/wifi/WifiConfigManager.java
|
--- a/service/java/com/android/server/wifi/WifiConfigManager.java
|
||||||
+++ b/service/java/com/android/server/wifi/WifiConfigManager.java
|
+++ b/service/java/com/android/server/wifi/WifiConfigManager.java
|
||||||
@@ -1113,7 +1113,13 @@ public class WifiConfigManager {
|
@@ -1113,7 +1113,13 @@ public class WifiConfigManager {
|
||||||
|
@ -0,0 +1,250 @@
|
|||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Tad <tad@spotco.us>
|
||||||
|
Date: Tue, 21 Mar 2023 13:01:30 -0400
|
||||||
|
Subject: [PATCH] Revert "[DO NOT MERGE] wifi: remove certificates for network
|
||||||
|
factory reset"
|
||||||
|
|
||||||
|
This reverts commit 5aa2d76b9d820ebe175a5f4c416a873352000c71.
|
||||||
|
|
||||||
|
Change-Id: I3ae8d2ae65006560bd2b5b44a6075ba207707e1b
|
||||||
|
---
|
||||||
|
.../server/wifi/WifiConfigManager.java | 2 +-
|
||||||
|
.../com/android/server/wifi/WifiKeyStore.java | 7 ++---
|
||||||
|
.../wifi/WifiNetworkSuggestionsManager.java | 2 +-
|
||||||
|
.../android/server/wifi/WifiServiceImpl.java | 6 ----
|
||||||
|
.../server/wifi/WifiConfigManagerTest.java | 6 ++--
|
||||||
|
.../android/server/wifi/WifiKeyStoreTest.java | 28 +++----------------
|
||||||
|
.../WifiNetworkSuggestionsManagerTest.java | 2 +-
|
||||||
|
.../server/wifi/WifiServiceImplTest.java | 16 ++++-------
|
||||||
|
8 files changed, 18 insertions(+), 51 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/service/java/com/android/server/wifi/WifiConfigManager.java b/service/java/com/android/server/wifi/WifiConfigManager.java
|
||||||
|
index fce5758e1..393a5c395 100644
|
||||||
|
--- a/service/java/com/android/server/wifi/WifiConfigManager.java
|
||||||
|
+++ b/service/java/com/android/server/wifi/WifiConfigManager.java
|
||||||
|
@@ -1359,7 +1359,7 @@ public class WifiConfigManager {
|
||||||
|
// will remove the enterprise keys when provider is uninstalled. Suggestion enterprise
|
||||||
|
// networks will remove the enterprise keys when suggestion is removed.
|
||||||
|
if (!config.isPasspoint() && !config.fromWifiNetworkSuggestion && config.isEnterprise()) {
|
||||||
|
- mWifiKeyStore.removeKeys(config.enterpriseConfig, false);
|
||||||
|
+ mWifiKeyStore.removeKeys(config.enterpriseConfig);
|
||||||
|
}
|
||||||
|
|
||||||
|
removeConnectChoiceFromAllNetworks(config.configKey());
|
||||||
|
diff --git a/service/java/com/android/server/wifi/WifiKeyStore.java b/service/java/com/android/server/wifi/WifiKeyStore.java
|
||||||
|
index 8e82f4720..c1706a20d 100644
|
||||||
|
--- a/service/java/com/android/server/wifi/WifiKeyStore.java
|
||||||
|
+++ b/service/java/com/android/server/wifi/WifiKeyStore.java
|
||||||
|
@@ -221,11 +221,10 @@ public class WifiKeyStore {
|
||||||
|
* Remove enterprise keys from the network config.
|
||||||
|
*
|
||||||
|
* @param config Config corresponding to the network.
|
||||||
|
- * @param forceRemove remove keys regardless of the key installer.
|
||||||
|
*/
|
||||||
|
- public void removeKeys(WifiEnterpriseConfig config, boolean forceRemove) {
|
||||||
|
+ public void removeKeys(WifiEnterpriseConfig config) {
|
||||||
|
// Do not remove keys that were manually installed by the user
|
||||||
|
- if (forceRemove || config.isAppInstalledDeviceKeyAndCert()) {
|
||||||
|
+ if (config.isAppInstalledDeviceKeyAndCert()) {
|
||||||
|
String client = config.getClientCertificateAlias();
|
||||||
|
// a valid client certificate is configured
|
||||||
|
if (!TextUtils.isEmpty(client)) {
|
||||||
|
@@ -238,7 +237,7 @@ public class WifiKeyStore {
|
||||||
|
}
|
||||||
|
|
||||||
|
// Do not remove CA certs that were manually installed by the user
|
||||||
|
- if (forceRemove || config.isAppInstalledCaCert()) {
|
||||||
|
+ if (config.isAppInstalledCaCert()) {
|
||||||
|
String[] aliases = config.getCaCertificateAliases();
|
||||||
|
// a valid ca certificate is configured
|
||||||
|
if (aliases != null) {
|
||||||
|
diff --git a/service/java/com/android/server/wifi/WifiNetworkSuggestionsManager.java b/service/java/com/android/server/wifi/WifiNetworkSuggestionsManager.java
|
||||||
|
index ae7892cd2..031aec603 100644
|
||||||
|
--- a/service/java/com/android/server/wifi/WifiNetworkSuggestionsManager.java
|
||||||
|
+++ b/service/java/com/android/server/wifi/WifiNetworkSuggestionsManager.java
|
||||||
|
@@ -668,7 +668,7 @@ public class WifiNetworkSuggestionsManager {
|
||||||
|
if (!config.isEnterprise()) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
- mWifiKeyStore.removeKeys(config.enterpriseConfig, false);
|
||||||
|
+ mWifiKeyStore.removeKeys(config.enterpriseConfig);
|
||||||
|
}
|
||||||
|
// Clear the scan cache.
|
||||||
|
removeFromScanResultMatchInfoMap(removingSuggestions);
|
||||||
|
diff --git a/service/java/com/android/server/wifi/WifiServiceImpl.java b/service/java/com/android/server/wifi/WifiServiceImpl.java
|
||||||
|
index 0d6732dd7..d375ba4c8 100644
|
||||||
|
--- a/service/java/com/android/server/wifi/WifiServiceImpl.java
|
||||||
|
+++ b/service/java/com/android/server/wifi/WifiServiceImpl.java
|
||||||
|
@@ -3002,13 +3002,7 @@ public class WifiServiceImpl extends BaseWifiService {
|
||||||
|
List<WifiConfiguration> networks = mClientModeImpl.syncGetConfiguredNetworks(
|
||||||
|
Binder.getCallingUid(), mClientModeImplChannel, Process.WIFI_UID);
|
||||||
|
if (networks != null) {
|
||||||
|
- EventLog.writeEvent(0x534e4554, "231985227", -1,
|
||||||
|
- "Remove certs for factory reset");
|
||||||
|
for (WifiConfiguration config : networks) {
|
||||||
|
- if (config.isEnterprise()) {
|
||||||
|
- mWifiInjector.getWifiKeyStore().removeKeys(
|
||||||
|
- config.enterpriseConfig, true);
|
||||||
|
- }
|
||||||
|
removeNetwork(config.networkId, packageName);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
diff --git a/tests/wifitests/src/com/android/server/wifi/WifiConfigManagerTest.java b/tests/wifitests/src/com/android/server/wifi/WifiConfigManagerTest.java
|
||||||
|
index 71d06fb7e..f5ad049dd 100644
|
||||||
|
--- a/tests/wifitests/src/com/android/server/wifi/WifiConfigManagerTest.java
|
||||||
|
+++ b/tests/wifitests/src/com/android/server/wifi/WifiConfigManagerTest.java
|
||||||
|
@@ -703,7 +703,7 @@ public class WifiConfigManagerTest {
|
||||||
|
verify(mWcmListener, never()).onSavedNetworkAdded(suggestionNetwork.networkId);
|
||||||
|
assertTrue(mWifiConfigManager
|
||||||
|
.removeNetwork(suggestionNetwork.networkId, TEST_CREATOR_UID));
|
||||||
|
- verify(mWifiKeyStore, never()).removeKeys(any(), eq(false));
|
||||||
|
+ verify(mWifiKeyStore, never()).removeKeys(any());
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
@@ -947,7 +947,7 @@ public class WifiConfigManagerTest {
|
||||||
|
assertTrue(mWifiConfigManager.removeNetwork(passpointNetwork.networkId, Process.WIFI_UID));
|
||||||
|
|
||||||
|
// Verify keys are not being removed.
|
||||||
|
- verify(mWifiKeyStore, never()).removeKeys(any(WifiEnterpriseConfig.class), eq(false));
|
||||||
|
+ verify(mWifiKeyStore, never()).removeKeys(any(WifiEnterpriseConfig.class));
|
||||||
|
verifyNetworkRemoveBroadcast(passpointNetwork);
|
||||||
|
// Ensure that the write was not invoked for Passpoint network remove.
|
||||||
|
mContextConfigStoreMockOrder.verify(mWifiConfigStore, never()).write(anyBoolean());
|
||||||
|
@@ -5169,7 +5169,7 @@ public class WifiConfigManagerTest {
|
||||||
|
assertTrue(mWifiConfigManager.removeNetwork(configuration.networkId, TEST_CREATOR_UID));
|
||||||
|
|
||||||
|
// Verify keys are not being removed.
|
||||||
|
- verify(mWifiKeyStore, never()).removeKeys(any(WifiEnterpriseConfig.class), eq(false));
|
||||||
|
+ verify(mWifiKeyStore, never()).removeKeys(any(WifiEnterpriseConfig.class));
|
||||||
|
verifyNetworkRemoveBroadcast(configuration);
|
||||||
|
// Ensure that the write was not invoked for Passpoint network remove.
|
||||||
|
mContextConfigStoreMockOrder.verify(mWifiConfigStore, never()).write(anyBoolean());
|
||||||
|
diff --git a/tests/wifitests/src/com/android/server/wifi/WifiKeyStoreTest.java b/tests/wifitests/src/com/android/server/wifi/WifiKeyStoreTest.java
|
||||||
|
index 3f54c3f85..7649d1ba4 100644
|
||||||
|
--- a/tests/wifitests/src/com/android/server/wifi/WifiKeyStoreTest.java
|
||||||
|
+++ b/tests/wifitests/src/com/android/server/wifi/WifiKeyStoreTest.java
|
||||||
|
@@ -96,7 +96,7 @@ public class WifiKeyStoreTest {
|
||||||
|
public void testRemoveKeysForAppInstalledCerts() {
|
||||||
|
when(mWifiEnterpriseConfig.isAppInstalledDeviceKeyAndCert()).thenReturn(true);
|
||||||
|
when(mWifiEnterpriseConfig.isAppInstalledCaCert()).thenReturn(true);
|
||||||
|
- mWifiKeyStore.removeKeys(mWifiEnterpriseConfig, false);
|
||||||
|
+ mWifiKeyStore.removeKeys(mWifiEnterpriseConfig);
|
||||||
|
|
||||||
|
// Method calls the KeyStore#delete method 4 times, user key, user cert, and 2 CA cert
|
||||||
|
verify(mKeyStore).delete(Credentials.USER_PRIVATE_KEY + USER_CERT_ALIAS, Process.WIFI_UID);
|
||||||
|
@@ -115,7 +115,7 @@ public class WifiKeyStoreTest {
|
||||||
|
public void testRemoveKeysForMixedInstalledCerts1() {
|
||||||
|
when(mWifiEnterpriseConfig.isAppInstalledDeviceKeyAndCert()).thenReturn(true);
|
||||||
|
when(mWifiEnterpriseConfig.isAppInstalledCaCert()).thenReturn(false);
|
||||||
|
- mWifiKeyStore.removeKeys(mWifiEnterpriseConfig, false);
|
||||||
|
+ mWifiKeyStore.removeKeys(mWifiEnterpriseConfig);
|
||||||
|
|
||||||
|
// Method calls the KeyStore#delete method 2 times: user key and user cert
|
||||||
|
verify(mKeyStore).delete(Credentials.USER_PRIVATE_KEY + USER_CERT_ALIAS, Process.WIFI_UID);
|
||||||
|
@@ -131,7 +131,7 @@ public class WifiKeyStoreTest {
|
||||||
|
public void testRemoveKeysForMixedInstalledCerts2() {
|
||||||
|
when(mWifiEnterpriseConfig.isAppInstalledDeviceKeyAndCert()).thenReturn(false);
|
||||||
|
when(mWifiEnterpriseConfig.isAppInstalledCaCert()).thenReturn(true);
|
||||||
|
- mWifiKeyStore.removeKeys(mWifiEnterpriseConfig, false);
|
||||||
|
+ mWifiKeyStore.removeKeys(mWifiEnterpriseConfig);
|
||||||
|
|
||||||
|
// Method calls the KeyStore#delete method 2 times: 2 CA certs
|
||||||
|
verify(mKeyStore).delete(Credentials.CA_CERTIFICATE + USER_CA_CERT_ALIAS[0],
|
||||||
|
@@ -148,27 +148,7 @@ public class WifiKeyStoreTest {
|
||||||
|
public void testRemoveKeysForUserInstalledCerts() {
|
||||||
|
when(mWifiEnterpriseConfig.isAppInstalledDeviceKeyAndCert()).thenReturn(false);
|
||||||
|
when(mWifiEnterpriseConfig.isAppInstalledCaCert()).thenReturn(false);
|
||||||
|
- mWifiKeyStore.removeKeys(mWifiEnterpriseConfig, false);
|
||||||
|
- verifyNoMoreInteractions(mKeyStore);
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- /**
|
||||||
|
- * Verifies that keys and certs are removed when they were not installed by the user
|
||||||
|
- * when forceRemove is true.
|
||||||
|
- */
|
||||||
|
- @Test
|
||||||
|
- public void testForceRemoveKeysForUserInstalledCerts() throws Exception {
|
||||||
|
- when(mWifiEnterpriseConfig.isAppInstalledDeviceKeyAndCert()).thenReturn(false);
|
||||||
|
- when(mWifiEnterpriseConfig.isAppInstalledCaCert()).thenReturn(false);
|
||||||
|
- mWifiKeyStore.removeKeys(mWifiEnterpriseConfig, true);
|
||||||
|
-
|
||||||
|
- // KeyStore#delete() is called three time for user cert, user key, and 2 CA cert.
|
||||||
|
- verify(mKeyStore).delete(Credentials.USER_PRIVATE_KEY + USER_CERT_ALIAS, Process.WIFI_UID);
|
||||||
|
- verify(mKeyStore).delete(Credentials.USER_CERTIFICATE + USER_CERT_ALIAS, Process.WIFI_UID);
|
||||||
|
- verify(mKeyStore).delete(Credentials.CA_CERTIFICATE + USER_CA_CERT_ALIAS[0],
|
||||||
|
- Process.WIFI_UID);
|
||||||
|
- verify(mKeyStore).delete(Credentials.CA_CERTIFICATE + USER_CA_CERT_ALIAS[1],
|
||||||
|
- Process.WIFI_UID);
|
||||||
|
+ mWifiKeyStore.removeKeys(mWifiEnterpriseConfig);
|
||||||
|
verifyNoMoreInteractions(mKeyStore);
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/tests/wifitests/src/com/android/server/wifi/WifiNetworkSuggestionsManagerTest.java b/tests/wifitests/src/com/android/server/wifi/WifiNetworkSuggestionsManagerTest.java
|
||||||
|
index 60dcf153c..ed5bb39ab 100644
|
||||||
|
--- a/tests/wifitests/src/com/android/server/wifi/WifiNetworkSuggestionsManagerTest.java
|
||||||
|
+++ b/tests/wifitests/src/com/android/server/wifi/WifiNetworkSuggestionsManagerTest.java
|
||||||
|
@@ -344,7 +344,7 @@ public class WifiNetworkSuggestionsManagerTest {
|
||||||
|
assertEquals(WifiManager.STATUS_NETWORK_SUGGESTIONS_SUCCESS,
|
||||||
|
mWifiNetworkSuggestionsManager.remove(new ArrayList<>(),
|
||||||
|
TEST_UID_1, TEST_PACKAGE_1));
|
||||||
|
- verify(mWifiKeyStore).removeKeys(any(), eq(false));
|
||||||
|
+ verify(mWifiKeyStore).removeKeys(any());
|
||||||
|
}
|
||||||
|
/**
|
||||||
|
* Verify successful replace (add,remove, add) of network suggestions.
|
||||||
|
diff --git a/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java b/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java
|
||||||
|
index 53d6d7815..fab326858 100644
|
||||||
|
--- a/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java
|
||||||
|
+++ b/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java
|
||||||
|
@@ -260,7 +260,6 @@ public class WifiServiceImplTest {
|
||||||
|
@Mock WifiScoreCard mWifiScoreCard;
|
||||||
|
@Mock PasspointManager mPasspointManager;
|
||||||
|
@Mock IDppCallback mDppCallback;
|
||||||
|
- @Mock WifiKeyStore mWifiKeyStore;
|
||||||
|
|
||||||
|
@Spy FakeWifiLog mLog;
|
||||||
|
|
||||||
|
@@ -402,7 +401,6 @@ public class WifiServiceImplTest {
|
||||||
|
when(mContext.checkPermission(eq(android.Manifest.permission.NETWORK_MANAGED_PROVISIONING),
|
||||||
|
anyInt(), anyInt())).thenReturn(PackageManager.PERMISSION_DENIED);
|
||||||
|
when(mScanRequestProxy.startScan(anyInt(), anyString())).thenReturn(true);
|
||||||
|
- when(mWifiInjector.getWifiKeyStore()).thenReturn(mWifiKeyStore);
|
||||||
|
|
||||||
|
ArgumentCaptor<SoftApCallback> softApCallbackCaptor =
|
||||||
|
ArgumentCaptor.forClass(SoftApCallback.class);
|
||||||
|
@@ -3643,11 +3641,7 @@ public class WifiServiceImplTest {
|
||||||
|
anyInt(), anyInt())).thenReturn(PackageManager.PERMISSION_GRANTED);
|
||||||
|
when(mWifiPermissionsUtil.checkNetworkSettingsPermission(anyInt())).thenReturn(true);
|
||||||
|
final String fqdn = "example.com";
|
||||||
|
- WifiConfiguration openNetwork = WifiConfigurationTestUtil.createOpenNetwork();
|
||||||
|
- openNetwork.networkId = TEST_NETWORK_ID;
|
||||||
|
- WifiConfiguration eapNetwork = WifiConfigurationTestUtil.createEapNetwork(
|
||||||
|
- WifiEnterpriseConfig.Eap.TLS, WifiEnterpriseConfig.Phase2.NONE);
|
||||||
|
- eapNetwork.networkId = TEST_NETWORK_ID + 1;
|
||||||
|
+ WifiConfiguration network = WifiConfigurationTestUtil.createOpenNetwork();
|
||||||
|
PasspointConfiguration config = new PasspointConfiguration();
|
||||||
|
HomeSp homeSp = new HomeSp();
|
||||||
|
homeSp.setFqdn(fqdn);
|
||||||
|
@@ -3655,17 +3649,17 @@ public class WifiServiceImplTest {
|
||||||
|
|
||||||
|
mWifiServiceImpl.mClientModeImplChannel = mAsyncChannel;
|
||||||
|
when(mClientModeImpl.syncGetConfiguredNetworks(anyInt(), any(), anyInt()))
|
||||||
|
- .thenReturn(Arrays.asList(openNetwork, eapNetwork));
|
||||||
|
+ .thenReturn(Arrays.asList(network));
|
||||||
|
when(mClientModeImpl.syncGetPasspointConfigs(any(), anyBoolean()))
|
||||||
|
.thenReturn(Arrays.asList(config));
|
||||||
|
|
||||||
|
+ when(mClientModeImpl.syncGetPasspointConfigs(any())).thenReturn(Arrays.asList(config));
|
||||||
|
+
|
||||||
|
mWifiServiceImpl.factoryReset(TEST_PACKAGE_NAME);
|
||||||
|
mLooper.dispatchAll();
|
||||||
|
|
||||||
|
verify(mWifiApConfigStore).setApConfiguration(null);
|
||||||
|
- verify(mClientModeImpl).syncRemoveNetwork(mAsyncChannel, openNetwork.networkId);
|
||||||
|
- verify(mClientModeImpl).syncRemoveNetwork(mAsyncChannel, eapNetwork.networkId);
|
||||||
|
- verify(mWifiKeyStore).removeKeys(eapNetwork.enterpriseConfig, true);
|
||||||
|
+ verify(mClientModeImpl).syncRemoveNetwork(mAsyncChannel, network.networkId);
|
||||||
|
verify(mClientModeImpl).syncRemovePasspointConfig(mAsyncChannel, true, fqdn);
|
||||||
|
verify(mWifiConfigManager).clearDeletedEphemeralNetworks();
|
||||||
|
verify(mClientModeImpl).clearNetworkRequestUserApprovedAccessPoints();
|
@ -0,0 +1,120 @@
|
|||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Alex Johnston <acjohnston@google.com>
|
||||||
|
Date: Wed, 14 Sep 2022 08:02:27 +0000
|
||||||
|
Subject: [PATCH] DO NOT MERGE Stop managed profile owner granting READ_SMS
|
||||||
|
|
||||||
|
Reason: There is only one telephony stack shared
|
||||||
|
between the personal and work profile.
|
||||||
|
|
||||||
|
This change is a partial cherry-pick of ag/15371816.
|
||||||
|
DPM.canAdminGrantSensorsPermissions did not exist pre-S. Pre-S,
|
||||||
|
the admin was always able to grant permissions incl sensor permissions. The change here will continue to allow granting of permissions unless the admin is on a managed profile and the permission is READ_SMS.
|
||||||
|
|
||||||
|
Bug: 194382185
|
||||||
|
Bug: 189942529
|
||||||
|
Test: manual testing with TestDPC
|
||||||
|
Change-Id: Icc1e59a18c4786635cbc651aefc2561fbbddfdb1
|
||||||
|
(cherry picked from commit 7cd8e7f00cf2d921a2d9b2999cfc85a148c781b9)
|
||||||
|
Merged-In: Icc1e59a18c4786635cbc651aefc2561fbbddfdb1
|
||||||
|
---
|
||||||
|
.../PermissionControllerServiceImpl.java | 14 +++++-
|
||||||
|
.../AdminRestrictedPermissionsUtils.java | 44 +++++++++++++++++++
|
||||||
|
2 files changed, 56 insertions(+), 2 deletions(-)
|
||||||
|
create mode 100644 src/com/android/packageinstaller/permission/utils/AdminRestrictedPermissionsUtils.java
|
||||||
|
|
||||||
|
diff --git a/src/com/android/packageinstaller/permission/service/PermissionControllerServiceImpl.java b/src/com/android/packageinstaller/permission/service/PermissionControllerServiceImpl.java
|
||||||
|
index 57f399275..2121d6e5d 100644
|
||||||
|
--- a/src/com/android/packageinstaller/permission/service/PermissionControllerServiceImpl.java
|
||||||
|
+++ b/src/com/android/packageinstaller/permission/service/PermissionControllerServiceImpl.java
|
||||||
|
@@ -35,6 +35,7 @@ import android.content.pm.PackageInfo;
|
||||||
|
import android.content.pm.PackageManager;
|
||||||
|
import android.os.AsyncTask;
|
||||||
|
import android.os.UserHandle;
|
||||||
|
+import android.os.UserManager;
|
||||||
|
import android.permission.PermissionControllerService;
|
||||||
|
import android.permission.PermissionManager;
|
||||||
|
import android.permission.RuntimePermissionPresentationInfo;
|
||||||
|
@@ -52,6 +53,7 @@ import com.android.packageinstaller.permission.model.AppPermissionUsage.GroupUsa
|
||||||
|
import com.android.packageinstaller.permission.model.AppPermissions;
|
||||||
|
import com.android.packageinstaller.permission.model.Permission;
|
||||||
|
import com.android.packageinstaller.permission.model.PermissionUsages;
|
||||||
|
+import com.android.packageinstaller.permission.utils.AdminRestrictedPermissionsUtils;
|
||||||
|
import com.android.packageinstaller.permission.utils.Utils;
|
||||||
|
|
||||||
|
import org.xmlpull.v1.XmlPullParser;
|
||||||
|
@@ -576,6 +578,8 @@ public final class PermissionControllerServiceImpl extends PermissionControllerS
|
||||||
|
|
||||||
|
AppPermissions app = new AppPermissions(this, pkgInfo, false, true, null);
|
||||||
|
|
||||||
|
+ final boolean isManagedProfile = getSystemService(UserManager.class).isManagedProfile();
|
||||||
|
+
|
||||||
|
int numPerms = expandedPermissions.size();
|
||||||
|
for (int i = 0; i < numPerms; i++) {
|
||||||
|
String permName = expandedPermissions.get(i);
|
||||||
|
@@ -591,8 +595,14 @@ public final class PermissionControllerServiceImpl extends PermissionControllerS
|
||||||
|
|
||||||
|
switch (grantState) {
|
||||||
|
case PERMISSION_GRANT_STATE_GRANTED:
|
||||||
|
- perm.setPolicyFixed(true);
|
||||||
|
- group.grantRuntimePermissions(false, new String[]{permName});
|
||||||
|
+ if (AdminRestrictedPermissionsUtils.mayAdminGrantPermission(perm.getName(),
|
||||||
|
+ isManagedProfile)) {
|
||||||
|
+ perm.setPolicyFixed(true);
|
||||||
|
+ group.grantRuntimePermissions(false, new String[]{permName});
|
||||||
|
+ } else {
|
||||||
|
+ // similar to PERMISSION_GRANT_STATE_DEFAULT
|
||||||
|
+ perm.setPolicyFixed(false);
|
||||||
|
+ }
|
||||||
|
break;
|
||||||
|
case PERMISSION_GRANT_STATE_DENIED:
|
||||||
|
perm.setPolicyFixed(true);
|
||||||
|
diff --git a/src/com/android/packageinstaller/permission/utils/AdminRestrictedPermissionsUtils.java b/src/com/android/packageinstaller/permission/utils/AdminRestrictedPermissionsUtils.java
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000..5bbb37837
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/src/com/android/packageinstaller/permission/utils/AdminRestrictedPermissionsUtils.java
|
||||||
|
@@ -0,0 +1,44 @@
|
||||||
|
+/*
|
||||||
|
+ * Copyright (C) 2022 The Android Open Source Project
|
||||||
|
+ *
|
||||||
|
+ * Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
+ * you may not use this file except in compliance with the License.
|
||||||
|
+ * You may obtain a copy of the License at
|
||||||
|
+ *
|
||||||
|
+ * http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
+ *
|
||||||
|
+ * Unless required by applicable law or agreed to in writing, software
|
||||||
|
+ * distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
+ * See the License for the specific language governing permissions and
|
||||||
|
+ * limitations under the License.
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+package com.android.packageinstaller.permission.utils;
|
||||||
|
+
|
||||||
|
+import android.Manifest;
|
||||||
|
+import android.util.ArraySet;
|
||||||
|
+
|
||||||
|
+/**
|
||||||
|
+ * A class for dealing with permissions that the admin may not grant in certain configurations.
|
||||||
|
+ */
|
||||||
|
+public final class AdminRestrictedPermissionsUtils {
|
||||||
|
+
|
||||||
|
+ /**
|
||||||
|
+ * A set of permissions that the managed Profile Owner cannot grant.
|
||||||
|
+ */
|
||||||
|
+ private static final ArraySet<String> MANAGED_PROFILE_OWNER_RESTRICTED_PERMISSIONS =
|
||||||
|
+ new ArraySet<>();
|
||||||
|
+
|
||||||
|
+ static {
|
||||||
|
+ MANAGED_PROFILE_OWNER_RESTRICTED_PERMISSIONS.add(Manifest.permission.READ_SMS);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /**
|
||||||
|
+ * Returns true if the admin may grant this permission, false otherwise.
|
||||||
|
+ */
|
||||||
|
+ public static boolean mayAdminGrantPermission(String permission, boolean isManagedProfile) {
|
||||||
|
+ return !isManagedProfile
|
||||||
|
+ || !MANAGED_PROFILE_OWNER_RESTRICTED_PERMISSIONS.contains(permission);
|
||||||
|
+ }
|
||||||
|
+}
|
@ -0,0 +1,378 @@
|
|||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Tsung-Mao Fang <tmfang@google.com>
|
||||||
|
Date: Mon, 3 Jan 2022 18:25:04 +0800
|
||||||
|
Subject: [PATCH] FRP bypass defense in the settings app
|
||||||
|
|
||||||
|
Over the last few years, there have been a number of
|
||||||
|
Factory Reset Protection bypass bugs in the SUW flow.
|
||||||
|
It's unlikely to defense all points from individual apps.
|
||||||
|
|
||||||
|
Therefore, we decide to block some critical pages when
|
||||||
|
user doesn't complete the SUW flow.
|
||||||
|
|
||||||
|
Test: Can't open the certain pages in the suw flow.
|
||||||
|
Bug: 258422561
|
||||||
|
Fix: 200746457
|
||||||
|
Bug: 202975040
|
||||||
|
Fix: 213091525
|
||||||
|
Fix: 213090835
|
||||||
|
Fix: 201561699
|
||||||
|
Fix: 213090827
|
||||||
|
Fix: 213090875
|
||||||
|
Change-Id: Ia18f367109df5af7da0a5acad7702898a459d32e
|
||||||
|
Merged-In: Ia18f367109df5af7da0a5acad7702898a459d32e
|
||||||
|
(cherry picked from commit ff5bfb40c8b09ab477efaae6a0199911a0d703dd)
|
||||||
|
Merged-In: Ia18f367109df5af7da0a5acad7702898a459d32e
|
||||||
|
---
|
||||||
|
.../settings/SettingsPreferenceFragment.java | 23 +++++-
|
||||||
|
.../accounts/AccountDashboardFragment.java | 5 ++
|
||||||
|
.../appinfo/AppInfoDashboardFragment.java | 5 ++
|
||||||
|
.../DevelopmentSettingsDashboardFragment.java | 5 ++
|
||||||
|
.../system/ResetDashboardFragment.java | 5 ++
|
||||||
|
.../SettingsPreferenceFragmentTest.java | 74 +++++++++++++++++++
|
||||||
|
.../AccountDashboardFragmentTest.java | 5 ++
|
||||||
|
.../appinfo/AppInfoDashboardFragmentTest.java | 5 ++
|
||||||
|
...elopmentSettingsDashboardFragmentTest.java | 5 ++
|
||||||
|
.../system/ResetDashboardFragmentTest.java | 40 ++++++++++
|
||||||
|
10 files changed, 171 insertions(+), 1 deletion(-)
|
||||||
|
create mode 100644 tests/robotests/src/com/android/settings/system/ResetDashboardFragmentTest.java
|
||||||
|
|
||||||
|
diff --git a/src/com/android/settings/SettingsPreferenceFragment.java b/src/com/android/settings/SettingsPreferenceFragment.java
|
||||||
|
index 6b29b2e1e4..0c537534df 100644
|
||||||
|
--- a/src/com/android/settings/SettingsPreferenceFragment.java
|
||||||
|
+++ b/src/com/android/settings/SettingsPreferenceFragment.java
|
||||||
|
@@ -56,6 +56,8 @@ import com.android.settingslib.core.instrumentation.Instrumentable;
|
||||||
|
import com.android.settingslib.widget.FooterPreferenceMixinCompat;
|
||||||
|
import com.android.settingslib.widget.LayoutPreference;
|
||||||
|
|
||||||
|
+import com.google.android.setupcompat.util.WizardManagerHelper;
|
||||||
|
+
|
||||||
|
import java.util.UUID;
|
||||||
|
|
||||||
|
/**
|
||||||
|
@@ -64,7 +66,7 @@ import java.util.UUID;
|
||||||
|
public abstract class SettingsPreferenceFragment extends InstrumentedPreferenceFragment
|
||||||
|
implements DialogCreatable, HelpResourceProvider, Indexable {
|
||||||
|
|
||||||
|
- private static final String TAG = "SettingsPreference";
|
||||||
|
+ private static final String TAG = "SettingsPreferenceFragment";
|
||||||
|
|
||||||
|
private static final String SAVE_HIGHLIGHTED_KEY = "android:preference_highlighted";
|
||||||
|
|
||||||
|
@@ -128,6 +130,15 @@ public abstract class SettingsPreferenceFragment extends InstrumentedPreferenceF
|
||||||
|
@VisibleForTesting
|
||||||
|
public boolean mPreferenceHighlighted = false;
|
||||||
|
|
||||||
|
+ @Override
|
||||||
|
+ public void onAttach(Context context) {
|
||||||
|
+ if (shouldSkipForInitialSUW() && !WizardManagerHelper.isDeviceProvisioned(getContext())) {
|
||||||
|
+ Log.w(TAG, "Skip " + getClass().getSimpleName() + " before SUW completed.");
|
||||||
|
+ finish();
|
||||||
|
+ }
|
||||||
|
+ super.onAttach(context);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
@Override
|
||||||
|
public void onCreate(Bundle icicle) {
|
||||||
|
super.onCreate(icicle);
|
||||||
|
@@ -264,6 +275,16 @@ public abstract class SettingsPreferenceFragment extends InstrumentedPreferenceF
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ /**
|
||||||
|
+ * Whether UI should be skipped in the initial SUW flow.
|
||||||
|
+ *
|
||||||
|
+ * @return {@code true} when UI should be skipped in the initial SUW flow.
|
||||||
|
+ * {@code false} when UI should not be skipped in the initial SUW flow.
|
||||||
|
+ */
|
||||||
|
+ protected boolean shouldSkipForInitialSUW() {
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
protected void onDataSetChanged() {
|
||||||
|
highlightPreferenceIfNeeded();
|
||||||
|
updateEmptyView();
|
||||||
|
diff --git a/src/com/android/settings/accounts/AccountDashboardFragment.java b/src/com/android/settings/accounts/AccountDashboardFragment.java
|
||||||
|
index 515008af59..627a3177d2 100644
|
||||||
|
--- a/src/com/android/settings/accounts/AccountDashboardFragment.java
|
||||||
|
+++ b/src/com/android/settings/accounts/AccountDashboardFragment.java
|
||||||
|
@@ -67,6 +67,11 @@ public class AccountDashboardFragment extends DashboardFragment {
|
||||||
|
return buildPreferenceControllers(context, this /* parent */, authorities);
|
||||||
|
}
|
||||||
|
|
||||||
|
+ @Override
|
||||||
|
+ protected boolean shouldSkipForInitialSUW() {
|
||||||
|
+ return true;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
private static List<AbstractPreferenceController> buildPreferenceControllers(Context context,
|
||||||
|
SettingsPreferenceFragment parent, String[] authorities) {
|
||||||
|
final List<AbstractPreferenceController> controllers = new ArrayList<>();
|
||||||
|
diff --git a/src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java b/src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java
|
||||||
|
index 9917d352e8..b757380c5d 100755
|
||||||
|
--- a/src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java
|
||||||
|
+++ b/src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java
|
||||||
|
@@ -473,6 +473,11 @@ public class AppInfoDashboardFragment extends DashboardFragment
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ @Override
|
||||||
|
+ protected boolean shouldSkipForInitialSUW() {
|
||||||
|
+ return true;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
private void uninstallPkg(String packageName, boolean allUsers, boolean andDisable) {
|
||||||
|
stopListeningToPackageRemove();
|
||||||
|
// Create new intent to launch Uninstaller activity
|
||||||
|
diff --git a/src/com/android/settings/development/DevelopmentSettingsDashboardFragment.java b/src/com/android/settings/development/DevelopmentSettingsDashboardFragment.java
|
||||||
|
index f18225e8fb..ca46b24a31 100644
|
||||||
|
--- a/src/com/android/settings/development/DevelopmentSettingsDashboardFragment.java
|
||||||
|
+++ b/src/com/android/settings/development/DevelopmentSettingsDashboardFragment.java
|
||||||
|
@@ -181,6 +181,11 @@ public class DevelopmentSettingsDashboardFragment extends RestrictedDashboardFra
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+ @Override
|
||||||
|
+ protected boolean shouldSkipForInitialSUW() {
|
||||||
|
+ return true;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
@Override
|
||||||
|
public View onCreateView(LayoutInflater inflater, ViewGroup container,
|
||||||
|
Bundle savedInstanceState) {
|
||||||
|
diff --git a/src/com/android/settings/system/ResetDashboardFragment.java b/src/com/android/settings/system/ResetDashboardFragment.java
|
||||||
|
index 5243d6a393..aa06691d67 100644
|
||||||
|
--- a/src/com/android/settings/system/ResetDashboardFragment.java
|
||||||
|
+++ b/src/com/android/settings/system/ResetDashboardFragment.java
|
||||||
|
@@ -58,6 +58,11 @@ public class ResetDashboardFragment extends DashboardFragment {
|
||||||
|
return buildPreferenceControllers(context, getSettingsLifecycle());
|
||||||
|
}
|
||||||
|
|
||||||
|
+ @Override
|
||||||
|
+ protected boolean shouldSkipForInitialSUW() {
|
||||||
|
+ return true;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
private static List<AbstractPreferenceController> buildPreferenceControllers(Context context,
|
||||||
|
Lifecycle lifecycle) {
|
||||||
|
final List<AbstractPreferenceController> controllers = new ArrayList<>();
|
||||||
|
diff --git a/tests/robotests/src/com/android/settings/SettingsPreferenceFragmentTest.java b/tests/robotests/src/com/android/settings/SettingsPreferenceFragmentTest.java
|
||||||
|
index cce01550a7..71c531a4c9 100644
|
||||||
|
--- a/tests/robotests/src/com/android/settings/SettingsPreferenceFragmentTest.java
|
||||||
|
+++ b/tests/robotests/src/com/android/settings/SettingsPreferenceFragmentTest.java
|
||||||
|
@@ -23,11 +23,13 @@ import static org.mockito.Mockito.doReturn;
|
||||||
|
import static org.mockito.Mockito.mock;
|
||||||
|
import static org.mockito.Mockito.never;
|
||||||
|
import static org.mockito.Mockito.spy;
|
||||||
|
+import static org.mockito.Mockito.times;
|
||||||
|
import static org.mockito.Mockito.verify;
|
||||||
|
import static org.mockito.Mockito.when;
|
||||||
|
|
||||||
|
import android.content.Context;
|
||||||
|
import android.os.Bundle;
|
||||||
|
+import android.provider.Settings;
|
||||||
|
import android.view.View;
|
||||||
|
|
||||||
|
import androidx.fragment.app.FragmentActivity;
|
||||||
|
@@ -39,6 +41,7 @@ import androidx.preference.PreferenceScreen;
|
||||||
|
import com.android.settings.testutils.FakeFeatureFactory;
|
||||||
|
import com.android.settings.widget.WorkOnlyCategory;
|
||||||
|
|
||||||
|
+import org.junit.After;
|
||||||
|
import org.junit.Before;
|
||||||
|
import org.junit.Test;
|
||||||
|
import org.junit.runner.RunWith;
|
||||||
|
@@ -61,7 +64,9 @@ public class SettingsPreferenceFragmentTest {
|
||||||
|
private PreferenceScreen mPreferenceScreen;
|
||||||
|
private Context mContext;
|
||||||
|
private TestFragment mFragment;
|
||||||
|
+ private TestFragment2 mFragment2;
|
||||||
|
private View mEmptyView;
|
||||||
|
+ private int mInitDeviceProvisionedValue;
|
||||||
|
|
||||||
|
@Before
|
||||||
|
public void setUp() {
|
||||||
|
@@ -69,13 +74,24 @@ public class SettingsPreferenceFragmentTest {
|
||||||
|
FakeFeatureFactory.setupForTest();
|
||||||
|
mContext = RuntimeEnvironment.application;
|
||||||
|
mFragment = spy(new TestFragment());
|
||||||
|
+ mFragment2 = spy(new TestFragment2());
|
||||||
|
doReturn(mActivity).when(mFragment).getActivity();
|
||||||
|
when(mFragment.getContext()).thenReturn(mContext);
|
||||||
|
+ when(mFragment2.getContext()).thenReturn(mContext);
|
||||||
|
|
||||||
|
mEmptyView = new View(mContext);
|
||||||
|
ReflectionHelpers.setField(mFragment, "mEmptyView", mEmptyView);
|
||||||
|
|
||||||
|
doReturn(ITEM_COUNT).when(mPreferenceScreen).getPreferenceCount();
|
||||||
|
+
|
||||||
|
+ mInitDeviceProvisionedValue = Settings.Global.getInt(mContext.getContentResolver(),
|
||||||
|
+ Settings.Global.DEVICE_PROVISIONED, 0);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ @After
|
||||||
|
+ public void tearDown() {
|
||||||
|
+ Settings.Global.putInt(mContext.getContentResolver(),
|
||||||
|
+ Settings.Global.DEVICE_PROVISIONED, mInitDeviceProvisionedValue);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
@@ -187,8 +203,66 @@ public class SettingsPreferenceFragmentTest {
|
||||||
|
verify(workOnlyCategory).setVisible(false);
|
||||||
|
}
|
||||||
|
|
||||||
|
+ @Test
|
||||||
|
+ public void onAttach_shouldNotSkipForSUWAndDeviceIsProvisioned_notCallFinish() {
|
||||||
|
+ Settings.Global.putInt(mContext.getContentResolver(),
|
||||||
|
+ Settings.Global.DEVICE_PROVISIONED, 1);
|
||||||
|
+
|
||||||
|
+ mFragment.onAttach(mContext);
|
||||||
|
+
|
||||||
|
+ verify(mFragment, never()).finish();
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ @Test
|
||||||
|
+ public void onAttach_shouldNotSkipForSUWAndDeviceIsNotProvisioned_notCallFinish() {
|
||||||
|
+ Settings.Global.putInt(mContext.getContentResolver(),
|
||||||
|
+ Settings.Global.DEVICE_PROVISIONED, 0);
|
||||||
|
+
|
||||||
|
+ mFragment.onAttach(mContext);
|
||||||
|
+
|
||||||
|
+ verify(mFragment, never()).finish();
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ @Test
|
||||||
|
+ public void onAttach_shouldSkipForSUWAndDeviceIsDeviceProvisioned_notCallFinish() {
|
||||||
|
+ Settings.Global.putInt(mContext.getContentResolver(),
|
||||||
|
+ Settings.Global.DEVICE_PROVISIONED, 1);
|
||||||
|
+
|
||||||
|
+ mFragment2.onAttach(mContext);
|
||||||
|
+
|
||||||
|
+ verify(mFragment2, never()).finish();
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ @Test
|
||||||
|
+ public void onAttach_shouldSkipForSUWAndDeviceProvisioned_notCallFinish() {
|
||||||
|
+ Settings.Global.putInt(mContext.getContentResolver(),
|
||||||
|
+ Settings.Global.DEVICE_PROVISIONED, 0);
|
||||||
|
+
|
||||||
|
+ mFragment2.onAttach(mContext);
|
||||||
|
+
|
||||||
|
+ verify(mFragment2, times(1)).finish();
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
public static class TestFragment extends SettingsPreferenceFragment {
|
||||||
|
|
||||||
|
+ @Override
|
||||||
|
+ protected boolean shouldSkipForInitialSUW() {
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ @Override
|
||||||
|
+ public int getMetricsCategory() {
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ public static class TestFragment2 extends SettingsPreferenceFragment {
|
||||||
|
+
|
||||||
|
+ @Override
|
||||||
|
+ protected boolean shouldSkipForInitialSUW() {
|
||||||
|
+ return true;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
@Override
|
||||||
|
public int getMetricsCategory() {
|
||||||
|
return 0;
|
||||||
|
diff --git a/tests/robotests/src/com/android/settings/accounts/AccountDashboardFragmentTest.java b/tests/robotests/src/com/android/settings/accounts/AccountDashboardFragmentTest.java
|
||||||
|
index 006087516c..b04d5c7637 100644
|
||||||
|
--- a/tests/robotests/src/com/android/settings/accounts/AccountDashboardFragmentTest.java
|
||||||
|
+++ b/tests/robotests/src/com/android/settings/accounts/AccountDashboardFragmentTest.java
|
||||||
|
@@ -53,4 +53,9 @@ public class AccountDashboardFragmentTest {
|
||||||
|
assertThat(indexRes).isNotNull();
|
||||||
|
assertThat(indexRes.get(0).xmlResId).isEqualTo(mFragment.getPreferenceScreenResId());
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+ @Test
|
||||||
|
+ public void shouldSkipForInitialSUW_returnTrue() {
|
||||||
|
+ assertThat(mFragment.shouldSkipForInitialSUW()).isTrue();
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
diff --git a/tests/robotests/src/com/android/settings/applications/appinfo/AppInfoDashboardFragmentTest.java b/tests/robotests/src/com/android/settings/applications/appinfo/AppInfoDashboardFragmentTest.java
|
||||||
|
index e46cd06afe..5292c60f86 100644
|
||||||
|
--- a/tests/robotests/src/com/android/settings/applications/appinfo/AppInfoDashboardFragmentTest.java
|
||||||
|
+++ b/tests/robotests/src/com/android/settings/applications/appinfo/AppInfoDashboardFragmentTest.java
|
||||||
|
@@ -384,6 +384,11 @@ public final class AppInfoDashboardFragmentTest {
|
||||||
|
.isTrue();
|
||||||
|
}
|
||||||
|
|
||||||
|
+ @Test
|
||||||
|
+ public void shouldSkipForInitialSUW_returnTrue() {
|
||||||
|
+ assertThat(mFragment.shouldSkipForInitialSUW()).isTrue();
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
@Implements(AppUtils.class)
|
||||||
|
public static class ShadowAppUtils {
|
||||||
|
|
||||||
|
diff --git a/tests/robotests/src/com/android/settings/development/DevelopmentSettingsDashboardFragmentTest.java b/tests/robotests/src/com/android/settings/development/DevelopmentSettingsDashboardFragmentTest.java
|
||||||
|
index 83a4880968..d460d13e9e 100644
|
||||||
|
--- a/tests/robotests/src/com/android/settings/development/DevelopmentSettingsDashboardFragmentTest.java
|
||||||
|
+++ b/tests/robotests/src/com/android/settings/development/DevelopmentSettingsDashboardFragmentTest.java
|
||||||
|
@@ -275,6 +275,11 @@ public class DevelopmentSettingsDashboardFragmentTest {
|
||||||
|
verify(controller).onDisableLogPersistDialogRejected();
|
||||||
|
}
|
||||||
|
|
||||||
|
+ @Test
|
||||||
|
+ public void shouldSkipForInitialSUW_returnTrue() {
|
||||||
|
+ assertThat(mDashboard.shouldSkipForInitialSUW()).isTrue();
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
@Implements(EnableDevelopmentSettingWarningDialog.class)
|
||||||
|
public static class ShadowEnableDevelopmentSettingWarningDialog {
|
||||||
|
|
||||||
|
diff --git a/tests/robotests/src/com/android/settings/system/ResetDashboardFragmentTest.java b/tests/robotests/src/com/android/settings/system/ResetDashboardFragmentTest.java
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..c1d47887a7
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/robotests/src/com/android/settings/system/ResetDashboardFragmentTest.java
|
||||||
|
@@ -0,0 +1,40 @@
|
||||||
|
+/*
|
||||||
|
+ * Copyright (C) 2022 The Android Open Source Project
|
||||||
|
+ *
|
||||||
|
+ * Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
+ * you may not use this file except in compliance with the License.
|
||||||
|
+ * You may obtain a copy of the License at
|
||||||
|
+ *
|
||||||
|
+ * http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
+ *
|
||||||
|
+ * Unless required by applicable law or agreed to in writing, software
|
||||||
|
+ * distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
+ * See the License for the specific language governing permissions and
|
||||||
|
+ * limitations under the License.
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+package com.android.settings.system;
|
||||||
|
+
|
||||||
|
+import static com.google.common.truth.Truth.assertThat;
|
||||||
|
+
|
||||||
|
+import org.junit.Before;
|
||||||
|
+import org.junit.Test;
|
||||||
|
+import org.junit.runner.RunWith;
|
||||||
|
+import org.robolectric.RobolectricTestRunner;
|
||||||
|
+
|
||||||
|
+@RunWith(RobolectricTestRunner.class)
|
||||||
|
+public class ResetDashboardFragmentTest {
|
||||||
|
+
|
||||||
|
+ private ResetDashboardFragment mFragment;
|
||||||
|
+
|
||||||
|
+ @Before
|
||||||
|
+ public void setup() {
|
||||||
|
+ mFragment = new ResetDashboardFragment();
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ @Test
|
||||||
|
+ public void shouldSkipForInitialSUW_returnTrue() {
|
||||||
|
+ assertThat(mFragment.shouldSkipForInitialSUW()).isTrue();
|
||||||
|
+ }
|
||||||
|
+}
|
@ -0,0 +1,45 @@
|
|||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Yanting Yang <yantingyang@google.com>
|
||||||
|
Date: Wed, 4 Jan 2023 09:40:38 +0000
|
||||||
|
Subject: [PATCH] Add DISALLOW_APPS_CONTROL check into uninstall app for all
|
||||||
|
users
|
||||||
|
|
||||||
|
Settings App info page supports a "Uninstall for all users" function
|
||||||
|
when multiple users are enabled. It bypasses the restriction of
|
||||||
|
DISALLOW_APPS_CONTROL which breaks the user isolation guideline.
|
||||||
|
|
||||||
|
To fix this vulnerability, we should check the DISALLOW_APPS_CONTROL
|
||||||
|
restriction to provide the "Uninstall for all users" function.
|
||||||
|
|
||||||
|
Bug: 258653813
|
||||||
|
Test: manual & robotests
|
||||||
|
Change-Id: I5d3bbcbaac439c4f7a1e6a9ade7775ff4f2f2ec6
|
||||||
|
Merged-In: I5d3bbcbaac439c4f7a1e6a9ade7775ff4f2f2ec6
|
||||||
|
(cherry picked from commit 86914bedc84474c152e4536fb3cfa2fb488030b8)
|
||||||
|
Merged-In: I5d3bbcbaac439c4f7a1e6a9ade7775ff4f2f2ec6
|
||||||
|
---
|
||||||
|
.../applications/appinfo/AppInfoDashboardFragment.java | 8 +++++++-
|
||||||
|
1 file changed, 7 insertions(+), 1 deletion(-)
|
||||||
|
mode change 100755 => 100644 src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java
|
||||||
|
|
||||||
|
diff --git a/src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java b/src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java
|
||||||
|
old mode 100755
|
||||||
|
new mode 100644
|
||||||
|
index b757380c5d..bbbb7113d5
|
||||||
|
--- a/src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java
|
||||||
|
+++ b/src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java
|
||||||
|
@@ -355,7 +355,13 @@ public class AppInfoDashboardFragment extends DashboardFragment
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
super.onPrepareOptionsMenu(menu);
|
||||||
|
- menu.findItem(UNINSTALL_ALL_USERS_MENU).setVisible(shouldShowUninstallForAll(mAppEntry));
|
||||||
|
+ final MenuItem uninstallAllUsersItem = menu.findItem(UNINSTALL_ALL_USERS_MENU);
|
||||||
|
+ uninstallAllUsersItem.setVisible(
|
||||||
|
+ shouldShowUninstallForAll(mAppEntry) && !mAppsControlDisallowedBySystem);
|
||||||
|
+ if (uninstallAllUsersItem.isVisible()) {
|
||||||
|
+ RestrictedLockUtilsInternal.setMenuItemAsDisabledByAdmin(getActivity(),
|
||||||
|
+ uninstallAllUsersItem, mAppsControlDisallowedAdmin);
|
||||||
|
+ }
|
||||||
|
mUpdatedSysApp = (mAppEntry.info.flags & ApplicationInfo.FLAG_UPDATED_SYSTEM_APP) != 0;
|
||||||
|
final MenuItem uninstallUpdatesItem = menu.findItem(UNINSTALL_UPDATES);
|
||||||
|
final boolean uninstallUpdateDisabled = getContext().getResources().getBoolean(
|
41
Patches/LineageOS-17.1/android_system_bt/351443.patch
Normal file
41
Patches/LineageOS-17.1/android_system_bt/351443.patch
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Hui Peng <phui@google.com>
|
||||||
|
Date: Wed, 28 Dec 2022 00:32:37 +0000
|
||||||
|
Subject: [PATCH] Fix an OOB Write bug in gatt_check_write_long_terminate
|
||||||
|
|
||||||
|
this is the backport of Ifffa2c7f679c4ef72dbdb6b1f3378ca506680084
|
||||||
|
|
||||||
|
Bug: 258652631
|
||||||
|
Test: manual
|
||||||
|
Tag: #security
|
||||||
|
Ignore-AOSP-First: security
|
||||||
|
Change-Id: Ic84122f07cbc198c676d366e39606621b7cb4e66
|
||||||
|
(cherry picked from commit 9b17660bfd6f0f41cb9400ce0236d76c83605e03)
|
||||||
|
Merged-In: Ic84122f07cbc198c676d366e39606621b7cb4e66
|
||||||
|
---
|
||||||
|
stack/gatt/gatt_cl.cc | 5 +++--
|
||||||
|
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/stack/gatt/gatt_cl.cc b/stack/gatt/gatt_cl.cc
|
||||||
|
index 3115317da..db41c5f9f 100644
|
||||||
|
--- a/stack/gatt/gatt_cl.cc
|
||||||
|
+++ b/stack/gatt/gatt_cl.cc
|
||||||
|
@@ -572,7 +572,8 @@ void gatt_process_prep_write_rsp(tGATT_TCB& tcb, tGATT_CLCB* p_clcb,
|
||||||
|
LOG(ERROR) << StringPrintf("value resp op_code = %s len = %d",
|
||||||
|
gatt_dbg_op_name(op_code), len);
|
||||||
|
|
||||||
|
- if (len < GATT_PREP_WRITE_RSP_MIN_LEN) {
|
||||||
|
+ if (len < GATT_PREP_WRITE_RSP_MIN_LEN ||
|
||||||
|
+ len > GATT_PREP_WRITE_RSP_MIN_LEN + sizeof(value.value)) {
|
||||||
|
LOG(ERROR) << "illegal prepare write response length, discard";
|
||||||
|
gatt_end_operation(p_clcb, GATT_INVALID_PDU, &value);
|
||||||
|
return;
|
||||||
|
@@ -581,7 +582,7 @@ void gatt_process_prep_write_rsp(tGATT_TCB& tcb, tGATT_CLCB* p_clcb,
|
||||||
|
STREAM_TO_UINT16(value.handle, p);
|
||||||
|
STREAM_TO_UINT16(value.offset, p);
|
||||||
|
|
||||||
|
- value.len = len - 4;
|
||||||
|
+ value.len = len - GATT_PREP_WRITE_RSP_MIN_LEN;
|
||||||
|
|
||||||
|
memcpy(value.value, p, value.len);
|
||||||
|
|
39
Patches/LineageOS-17.1/android_system_bt/351444.patch
Normal file
39
Patches/LineageOS-17.1/android_system_bt/351444.patch
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Hui Peng <phui@google.com>
|
||||||
|
Date: Mon, 2 Jan 2023 22:05:45 +0000
|
||||||
|
Subject: [PATCH] Fix an OOB access bug in A2DP_BuildMediaPayloadHeaderSbc
|
||||||
|
|
||||||
|
In A2DP_BuildCodecHeaderSbc when p_buf->offset is 0, the
|
||||||
|
`-=` operation on it may result in integer underflow and
|
||||||
|
OOB write with the computed pointer passed to
|
||||||
|
A2DP_BuildMediaPayloadHeaderSbc.
|
||||||
|
|
||||||
|
This is a backport of I45320085b1e458d3b0e0d86162a35aaaae7b34cb
|
||||||
|
Test: atest net_test_stack_a2dp_codecs_native
|
||||||
|
Ignore-AOSP-First: security
|
||||||
|
Tag:#security
|
||||||
|
|
||||||
|
Bug: 186803518
|
||||||
|
Change-Id: I4ff1a1de71884b8de23008b2569fdea3650e85ec
|
||||||
|
(cherry picked from commit a710300216be4a86373a65c6a685aeef8509cfa7)
|
||||||
|
Merged-In: I4ff1a1de71884b8de23008b2569fdea3650e85ec
|
||||||
|
---
|
||||||
|
stack/a2dp/a2dp_sbc.cc | 5 +++++
|
||||||
|
1 file changed, 5 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/stack/a2dp/a2dp_sbc.cc b/stack/a2dp/a2dp_sbc.cc
|
||||||
|
index 4c48993c4..5036eec2e 100644
|
||||||
|
--- a/stack/a2dp/a2dp_sbc.cc
|
||||||
|
+++ b/stack/a2dp/a2dp_sbc.cc
|
||||||
|
@@ -704,6 +704,11 @@ bool A2DP_BuildCodecHeaderSbc(UNUSED_ATTR const uint8_t* p_codec_info,
|
||||||
|
BT_HDR* p_buf, uint16_t frames_per_packet) {
|
||||||
|
uint8_t* p;
|
||||||
|
|
||||||
|
+ // there is a timestamp right following p_buf
|
||||||
|
+ if (p_buf->offset < 4 + A2DP_SBC_MPL_HDR_LEN) {
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
p_buf->offset -= A2DP_SBC_MPL_HDR_LEN;
|
||||||
|
p = (uint8_t*)(p_buf + 1) + p_buf->offset;
|
||||||
|
p_buf->len += A2DP_SBC_MPL_HDR_LEN;
|
75
Patches/LineageOS-17.1/android_system_bt/351445.patch
Normal file
75
Patches/LineageOS-17.1/android_system_bt/351445.patch
Normal file
@ -0,0 +1,75 @@
|
|||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Hui Peng <phui@google.com>
|
||||||
|
Date: Wed, 4 Jan 2023 22:45:13 +0000
|
||||||
|
Subject: [PATCH] Fix an OOB write in SDP_AddAttribute
|
||||||
|
|
||||||
|
When the `attr_pad` becomes full, it is possible
|
||||||
|
that un index of `-1` is computed write
|
||||||
|
a zero byte to `p_val`, rusulting OOB write.
|
||||||
|
|
||||||
|
```
|
||||||
|
p_val[SDP_MAX_PAD_LEN - p_rec->free_pad_ptr - 1] = '\0';
|
||||||
|
```
|
||||||
|
|
||||||
|
This is a backport of I937d22a2df26fca1d7f06b10182c4e713ddfed1b
|
||||||
|
|
||||||
|
Bug: 261867748
|
||||||
|
Test: manual
|
||||||
|
Tag: #security
|
||||||
|
Ignore-AOSP-First: security
|
||||||
|
Change-Id: Ibdda754e628cfc9d1706c14db114919a15d8d6b1
|
||||||
|
(cherry picked from commit cc527a97f78a2999a0156a579e488afe9e3675b2)
|
||||||
|
Merged-In: Ibdda754e628cfc9d1706c14db114919a15d8d6b1
|
||||||
|
---
|
||||||
|
stack/sdp/sdp_db.cc | 20 +++++++++++++++-----
|
||||||
|
1 file changed, 15 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/stack/sdp/sdp_db.cc b/stack/sdp/sdp_db.cc
|
||||||
|
index ea5b84d23..4130ae71a 100644
|
||||||
|
--- a/stack/sdp/sdp_db.cc
|
||||||
|
+++ b/stack/sdp/sdp_db.cc
|
||||||
|
@@ -362,6 +362,11 @@ bool SDP_AddAttribute(uint32_t handle, uint16_t attr_id, uint8_t attr_type,
|
||||||
|
uint16_t xx, yy, zz;
|
||||||
|
tSDP_RECORD* p_rec = &sdp_cb.server_db.record[0];
|
||||||
|
|
||||||
|
+ if (p_val == nullptr) {
|
||||||
|
+ SDP_TRACE_WARNING("Trying to add attribute with p_val == nullptr, skipped");
|
||||||
|
+ return (false);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (sdp_cb.trace_level >= BT_TRACE_LEVEL_DEBUG) {
|
||||||
|
if ((attr_type == UINT_DESC_TYPE) ||
|
||||||
|
(attr_type == TWO_COMP_INT_DESC_TYPE) ||
|
||||||
|
@@ -398,6 +403,13 @@ bool SDP_AddAttribute(uint32_t handle, uint16_t attr_id, uint8_t attr_type,
|
||||||
|
if (p_rec->record_handle == handle) {
|
||||||
|
tSDP_ATTRIBUTE* p_attr = &p_rec->attribute[0];
|
||||||
|
|
||||||
|
+ // error out early, no need to look up
|
||||||
|
+ if (p_rec->free_pad_ptr >= SDP_MAX_PAD_LEN) {
|
||||||
|
+ SDP_TRACE_ERROR("the free pad for SDP record with handle %d is "
|
||||||
|
+ "full, skip adding the attribute", handle);
|
||||||
|
+ return (false);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
/* Found the record. Now, see if the attribute already exists */
|
||||||
|
for (xx = 0; xx < p_rec->num_attributes; xx++, p_attr++) {
|
||||||
|
/* The attribute exists. replace it */
|
||||||
|
@@ -437,15 +449,13 @@ bool SDP_AddAttribute(uint32_t handle, uint16_t attr_id, uint8_t attr_type,
|
||||||
|
attr_len = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if ((attr_len > 0) && (p_val != 0)) {
|
||||||
|
+ if (attr_len > 0) {
|
||||||
|
p_attr->len = attr_len;
|
||||||
|
memcpy(&p_rec->attr_pad[p_rec->free_pad_ptr], p_val, (size_t)attr_len);
|
||||||
|
p_attr->value_ptr = &p_rec->attr_pad[p_rec->free_pad_ptr];
|
||||||
|
p_rec->free_pad_ptr += attr_len;
|
||||||
|
- } else if ((attr_len == 0 &&
|
||||||
|
- p_attr->len !=
|
||||||
|
- 0) || /* if truncate to 0 length, simply don't add */
|
||||||
|
- p_val == 0) {
|
||||||
|
+ } else if (attr_len == 0 && p_attr->len != 0) {
|
||||||
|
+ /* if truncate to 0 length, simply don't add */
|
||||||
|
SDP_TRACE_ERROR(
|
||||||
|
"SDP_AddAttribute fail, length exceed maximum: ID %d: attr_len:%d ",
|
||||||
|
attr_id, attr_len);
|
@ -0,0 +1,41 @@
|
|||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Hui Peng <phui@google.com>
|
||||||
|
Date: Wed, 28 Dec 2022 00:32:37 +0000
|
||||||
|
Subject: [PATCH] Fix an OOB Write bug in gatt_check_write_long_terminate
|
||||||
|
|
||||||
|
this is the backport of Ifffa2c7f679c4ef72dbdb6b1f3378ca506680084
|
||||||
|
|
||||||
|
Bug: 258652631
|
||||||
|
Test: manual
|
||||||
|
Tag: #security
|
||||||
|
Ignore-AOSP-First: security
|
||||||
|
Change-Id: Ic84122f07cbc198c676d366e39606621b7cb4e66
|
||||||
|
(cherry picked from commit 9b17660bfd6f0f41cb9400ce0236d76c83605e03)
|
||||||
|
Merged-In: Ic84122f07cbc198c676d366e39606621b7cb4e66
|
||||||
|
---
|
||||||
|
stack/gatt/gatt_cl.cc | 5 +++--
|
||||||
|
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/stack/gatt/gatt_cl.cc b/stack/gatt/gatt_cl.cc
|
||||||
|
index 73a338b6d..98186daed 100644
|
||||||
|
--- a/stack/gatt/gatt_cl.cc
|
||||||
|
+++ b/stack/gatt/gatt_cl.cc
|
||||||
|
@@ -578,7 +578,8 @@ void gatt_process_prep_write_rsp(tGATT_TCB& tcb, tGATT_CLCB* p_clcb,
|
||||||
|
LOG(ERROR) << StringPrintf("value resp op_code = %s len = %d",
|
||||||
|
gatt_dbg_op_name(op_code), len);
|
||||||
|
|
||||||
|
- if (len < GATT_PREP_WRITE_RSP_MIN_LEN) {
|
||||||
|
+ if (len < GATT_PREP_WRITE_RSP_MIN_LEN ||
|
||||||
|
+ len > GATT_PREP_WRITE_RSP_MIN_LEN + sizeof(value.value)) {
|
||||||
|
LOG(ERROR) << "illegal prepare write response length, discard";
|
||||||
|
gatt_end_operation(p_clcb, GATT_INVALID_PDU, &value);
|
||||||
|
return;
|
||||||
|
@@ -587,7 +588,7 @@ void gatt_process_prep_write_rsp(tGATT_TCB& tcb, tGATT_CLCB* p_clcb,
|
||||||
|
STREAM_TO_UINT16(value.handle, p);
|
||||||
|
STREAM_TO_UINT16(value.offset, p);
|
||||||
|
|
||||||
|
- value.len = len - 4;
|
||||||
|
+ value.len = len - GATT_PREP_WRITE_RSP_MIN_LEN;
|
||||||
|
|
||||||
|
memcpy(value.value, p, value.len);
|
||||||
|
|
@ -0,0 +1,39 @@
|
|||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Hui Peng <phui@google.com>
|
||||||
|
Date: Mon, 2 Jan 2023 22:05:45 +0000
|
||||||
|
Subject: [PATCH] Fix an OOB access bug in A2DP_BuildMediaPayloadHeaderSbc
|
||||||
|
|
||||||
|
In A2DP_BuildCodecHeaderSbc when p_buf->offset is 0, the
|
||||||
|
`-=` operation on it may result in integer underflow and
|
||||||
|
OOB write with the computed pointer passed to
|
||||||
|
A2DP_BuildMediaPayloadHeaderSbc.
|
||||||
|
|
||||||
|
This is a backport of I45320085b1e458d3b0e0d86162a35aaaae7b34cb
|
||||||
|
Test: atest net_test_stack_a2dp_codecs_native
|
||||||
|
Ignore-AOSP-First: security
|
||||||
|
Tag:#security
|
||||||
|
|
||||||
|
Bug: 186803518
|
||||||
|
Change-Id: I4ff1a1de71884b8de23008b2569fdea3650e85ec
|
||||||
|
(cherry picked from commit a710300216be4a86373a65c6a685aeef8509cfa7)
|
||||||
|
Merged-In: I4ff1a1de71884b8de23008b2569fdea3650e85ec
|
||||||
|
---
|
||||||
|
stack/a2dp/a2dp_sbc.cc | 5 +++++
|
||||||
|
1 file changed, 5 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/stack/a2dp/a2dp_sbc.cc b/stack/a2dp/a2dp_sbc.cc
|
||||||
|
index 623ecfac1..393a17ee5 100644
|
||||||
|
--- a/stack/a2dp/a2dp_sbc.cc
|
||||||
|
+++ b/stack/a2dp/a2dp_sbc.cc
|
||||||
|
@@ -881,6 +881,11 @@ bool A2DP_BuildCodecHeaderSbc(UNUSED_ATTR const uint8_t* p_codec_info,
|
||||||
|
BT_HDR* p_buf, uint16_t frames_per_packet) {
|
||||||
|
uint8_t* p;
|
||||||
|
|
||||||
|
+ // there is a timestamp right following p_buf
|
||||||
|
+ if (p_buf->offset < 4 + A2DP_SBC_MPL_HDR_LEN) {
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
p_buf->offset -= A2DP_SBC_MPL_HDR_LEN;
|
||||||
|
p = (uint8_t*)(p_buf + 1) + p_buf->offset;
|
||||||
|
p_buf->len += A2DP_SBC_MPL_HDR_LEN;
|
@ -0,0 +1,78 @@
|
|||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Hui Peng <phui@google.com>
|
||||||
|
Date: Wed, 4 Jan 2023 22:45:13 +0000
|
||||||
|
Subject: [PATCH] Fix an OOB write in SDP_AddAttribute
|
||||||
|
|
||||||
|
When the `attr_pad` becomes full, it is possible
|
||||||
|
that un index of `-1` is computed write
|
||||||
|
a zero byte to `p_val`, rusulting OOB write.
|
||||||
|
|
||||||
|
```
|
||||||
|
p_val[SDP_MAX_PAD_LEN - p_rec->free_pad_ptr - 1] = '\0';
|
||||||
|
```
|
||||||
|
|
||||||
|
This is a backport of I937d22a2df26fca1d7f06b10182c4e713ddfed1b
|
||||||
|
|
||||||
|
Bug: 261867748
|
||||||
|
Test: manual
|
||||||
|
Tag: #security
|
||||||
|
Ignore-AOSP-First: security
|
||||||
|
Change-Id: Ibdda754e628cfc9d1706c14db114919a15d8d6b1
|
||||||
|
(cherry picked from commit cc527a97f78a2999a0156a579e488afe9e3675b2)
|
||||||
|
Merged-In: Ibdda754e628cfc9d1706c14db114919a15d8d6b1
|
||||||
|
---
|
||||||
|
stack/sdp/sdp_db.cc | 23 +++++++++++++++++------
|
||||||
|
1 file changed, 17 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/stack/sdp/sdp_db.cc b/stack/sdp/sdp_db.cc
|
||||||
|
index 65ed52fd9..23e5b53ff 100644
|
||||||
|
--- a/stack/sdp/sdp_db.cc
|
||||||
|
+++ b/stack/sdp/sdp_db.cc
|
||||||
|
@@ -399,6 +399,11 @@ bool SDP_AddAttribute(uint32_t handle, uint16_t attr_id, uint8_t attr_type,
|
||||||
|
uint16_t xx;
|
||||||
|
tSDP_RECORD* p_rec = &sdp_cb.server_db.record[0];
|
||||||
|
|
||||||
|
+ if (p_val == nullptr) {
|
||||||
|
+ SDP_TRACE_WARNING("Trying to add attribute with p_val == nullptr, skipped");
|
||||||
|
+ return (false);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (sdp_cb.trace_level >= BT_TRACE_LEVEL_DEBUG) {
|
||||||
|
if ((attr_type == UINT_DESC_TYPE) ||
|
||||||
|
(attr_type == TWO_COMP_INT_DESC_TYPE) ||
|
||||||
|
@@ -433,7 +438,15 @@ bool SDP_AddAttribute(uint32_t handle, uint16_t attr_id, uint8_t attr_type,
|
||||||
|
/* Find the record in the database */
|
||||||
|
for (xx = 0; xx < sdp_cb.server_db.num_records; xx++, p_rec++) {
|
||||||
|
if (p_rec->record_handle == handle) {
|
||||||
|
- return SDP_AddAttributeToRecord (p_rec, attr_id, attr_type, attr_len, p_val);
|
||||||
|
+
|
||||||
|
+ // error out early, no need to look up
|
||||||
|
+ if (p_rec->free_pad_ptr >= SDP_MAX_PAD_LEN) {
|
||||||
|
+ SDP_TRACE_ERROR("the free pad for SDP record with handle %d is "
|
||||||
|
+ "full, skip adding the attribute", handle);
|
||||||
|
+ return (false);
|
||||||
|
+ } else {
|
||||||
|
+ return SDP_AddAttributeToRecord (p_rec, attr_id, attr_type, attr_len, p_val);
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
@@ -500,15 +513,13 @@ bool SDP_AddAttributeToRecord (tSDP_RECORD *p_rec, uint16_t attr_id,
|
||||||
|
attr_len = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if ((attr_len > 0) && (p_val != 0)) {
|
||||||
|
+ if (attr_len > 0) {
|
||||||
|
p_attr->len = attr_len;
|
||||||
|
memcpy(&p_rec->attr_pad[p_rec->free_pad_ptr], p_val, (size_t)attr_len);
|
||||||
|
p_attr->value_ptr = &p_rec->attr_pad[p_rec->free_pad_ptr];
|
||||||
|
p_rec->free_pad_ptr += attr_len;
|
||||||
|
- } else if ((attr_len == 0 &&
|
||||||
|
- p_attr->len !=
|
||||||
|
- 0) || /* if truncate to 0 length, simply don't add */
|
||||||
|
- p_val == 0) {
|
||||||
|
+ } else if (attr_len == 0 && p_attr->len != 0) {
|
||||||
|
+ /* if truncate to 0 length, simply don't add */
|
||||||
|
SDP_TRACE_ERROR(
|
||||||
|
"SDP_AddAttributeToRecord fail, length exceed maximum: ID %d: attr_len:%d ",
|
||||||
|
attr_id, attr_len);
|
@ -0,0 +1,100 @@
|
|||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Rocky Liao <quic_rjliao@quicinc.com>
|
||||||
|
Date: Mon, 19 Sep 2022 17:39:42 +0800
|
||||||
|
Subject: [PATCH] AVRCP: Fix potential buffer overflow
|
||||||
|
|
||||||
|
There will be buffer overflow if remote response exceeds
|
||||||
|
AVRC_MAX_APP_ATTR_SIZE, add array index check to avoid
|
||||||
|
buffer overflow issue.
|
||||||
|
|
||||||
|
CRs-fixed: 3278869
|
||||||
|
Change-Id: Ia93690e0dc4b28fd01af3a406678d43d426d3be8
|
||||||
|
---
|
||||||
|
btif/src/btif_rc.cc | 24 +++++++++++++++---------
|
||||||
|
1 file changed, 15 insertions(+), 9 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/btif/src/btif_rc.cc b/btif/src/btif_rc.cc
|
||||||
|
index 0b34f7c36..a0e38998f 100644
|
||||||
|
--- a/btif/src/btif_rc.cc
|
||||||
|
+++ b/btif/src/btif_rc.cc
|
||||||
|
@@ -5067,13 +5067,13 @@ static void handle_app_attr_txt_response(tBTA_AV_META_MSG* pmeta_msg,
|
||||||
|
* for standard attributes.
|
||||||
|
*/
|
||||||
|
p_app_settings->num_ext_attrs = 0;
|
||||||
|
- for (xx = 0; xx < p_app_settings->ext_attr_index; xx++) {
|
||||||
|
+ for (xx = 0; xx < p_app_settings->ext_attr_index && xx < AVRC_MAX_APP_ATTR_SIZE; xx++) {
|
||||||
|
osi_free_and_reset((void**)&p_app_settings->ext_attrs[xx].p_str);
|
||||||
|
}
|
||||||
|
p_app_settings->ext_attr_index = 0;
|
||||||
|
|
||||||
|
if (p_dev) {
|
||||||
|
- for (xx = 0; xx < p_app_settings->num_attrs; xx++) {
|
||||||
|
+ for (xx = 0; xx < p_app_settings->num_attrs && xx < AVRC_MAX_APP_ATTR_SIZE; xx++) {
|
||||||
|
attrs[xx] = p_app_settings->attrs[xx].attr_id;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -5086,7 +5086,7 @@ static void handle_app_attr_txt_response(tBTA_AV_META_MSG* pmeta_msg,
|
||||||
|
|
||||||
|
for (xx = 0; xx < p_rsp->num_attr; xx++) {
|
||||||
|
uint8_t x;
|
||||||
|
- for (x = 0; x < p_app_settings->num_ext_attrs; x++) {
|
||||||
|
+ for (x = 0; x < p_app_settings->num_ext_attrs && x < AVRC_MAX_APP_ATTR_SIZE; x++) {
|
||||||
|
if (p_app_settings->ext_attrs[x].attr_id == p_rsp->p_attrs[xx].attr_id) {
|
||||||
|
p_app_settings->ext_attrs[x].charset_id = p_rsp->p_attrs[xx].charset_id;
|
||||||
|
p_app_settings->ext_attrs[x].str_len = p_rsp->p_attrs[xx].str_len;
|
||||||
|
@@ -5096,7 +5096,7 @@ static void handle_app_attr_txt_response(tBTA_AV_META_MSG* pmeta_msg,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- for (xx = 0; xx < p_app_settings->ext_attrs[0].num_val; xx++) {
|
||||||
|
+ for (xx = 0; xx < p_app_settings->ext_attrs[0].num_val && xx < BTRC_MAX_APP_ATTR_SIZE; xx++) {
|
||||||
|
vals[xx] = p_app_settings->ext_attrs[0].ext_attr_val[xx].val;
|
||||||
|
}
|
||||||
|
get_player_app_setting_value_text_cmd(vals, xx, p_dev);
|
||||||
|
@@ -5141,11 +5141,11 @@ static void handle_app_attr_val_txt_response(
|
||||||
|
* for standard attributes.
|
||||||
|
*/
|
||||||
|
p_app_settings->num_ext_attrs = 0;
|
||||||
|
- for (xx = 0; xx < p_app_settings->ext_attr_index; xx++) {
|
||||||
|
+ for (xx = 0; xx < p_app_settings->ext_attr_index && xx < AVRC_MAX_APP_ATTR_SIZE; xx++) {
|
||||||
|
int x;
|
||||||
|
btrc_player_app_ext_attr_t* p_ext_attr = &p_app_settings->ext_attrs[xx];
|
||||||
|
|
||||||
|
- for (x = 0; x < p_ext_attr->num_val; x++)
|
||||||
|
+ for (x = 0; x < p_ext_attr->num_val && x < BTRC_MAX_APP_ATTR_SIZE; x++)
|
||||||
|
osi_free_and_reset((void**)&p_ext_attr->ext_attr_val[x].p_str);
|
||||||
|
p_ext_attr->num_val = 0;
|
||||||
|
osi_free_and_reset((void**)&p_app_settings->ext_attrs[xx].p_str);
|
||||||
|
@@ -5162,11 +5162,17 @@ static void handle_app_attr_val_txt_response(
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if (p_app_settings->ext_val_index >= AVRC_MAX_APP_ATTR_SIZE) {
|
||||||
|
+ BTIF_TRACE_ERROR("%s: ext_val_index is 0x%02x, overflow!",
|
||||||
|
+ __func__, p_app_settings->ext_val_index);
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
for (xx = 0; xx < p_rsp->num_attr; xx++) {
|
||||||
|
uint8_t x;
|
||||||
|
btrc_player_app_ext_attr_t* p_ext_attr;
|
||||||
|
p_ext_attr = &p_app_settings->ext_attrs[p_app_settings->ext_val_index];
|
||||||
|
- for (x = 0; x < p_rsp->num_attr; x++) {
|
||||||
|
+ for (x = 0; x < p_rsp->num_attr && x < BTRC_MAX_APP_ATTR_SIZE; x++) {
|
||||||
|
if (p_ext_attr->ext_attr_val[x].val == p_rsp->p_attrs[xx].attr_id) {
|
||||||
|
p_ext_attr->ext_attr_val[x].charset_id = p_rsp->p_attrs[xx].charset_id;
|
||||||
|
p_ext_attr->ext_attr_val[x].str_len = p_rsp->p_attrs[xx].str_len;
|
||||||
|
@@ -5204,11 +5210,11 @@ static void handle_app_attr_val_txt_response(
|
||||||
|
/* Free the application settings information after sending to
|
||||||
|
* application.
|
||||||
|
*/
|
||||||
|
- for (xx = 0; xx < p_app_settings->ext_attr_index; xx++) {
|
||||||
|
+ for (xx = 0; xx < p_app_settings->ext_attr_index && xx < AVRC_MAX_APP_ATTR_SIZE; xx++) {
|
||||||
|
int x;
|
||||||
|
btrc_player_app_ext_attr_t* p_ext_attr = &p_app_settings->ext_attrs[xx];
|
||||||
|
|
||||||
|
- for (x = 0; x < p_ext_attr->num_val; x++)
|
||||||
|
+ for (x = 0; x < p_ext_attr->num_val && x < BTRC_MAX_APP_ATTR_SIZE; x++)
|
||||||
|
osi_free_and_reset((void**)&p_ext_attr->ext_attr_val[x].p_str);
|
||||||
|
p_ext_attr->num_val = 0;
|
||||||
|
osi_free_and_reset((void**)&p_app_settings->ext_attrs[xx].p_str);
|
@ -97,6 +97,7 @@ sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aap
|
|||||||
awk -i inplace '!/updatable_apex.mk/' target/product/mainline_system.mk; #Disable APEX
|
awk -i inplace '!/updatable_apex.mk/' target/product/mainline_system.mk; #Disable APEX
|
||||||
sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
|
sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
|
||||||
#sed -i 's/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := true/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := false/' core/product_config.mk; #broken by hardenDefconfig
|
#sed -i 's/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := true/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := false/' core/product_config.mk; #broken by hardenDefconfig
|
||||||
|
sed -i 's/2023-02-05/2023-03-05/' core/version_defaults.mk; #Bump Security String #Q_asb_2023-03 #XXX
|
||||||
fi;
|
fi;
|
||||||
|
|
||||||
if enterAndClear "build/soong"; then
|
if enterAndClear "build/soong"; then
|
||||||
@ -131,7 +132,17 @@ sed -i 's/about to delete/unable to delete/' pico/src/com/svox/pico/LangPackUnin
|
|||||||
awk -i inplace '!/deletePackage/' pico/src/com/svox/pico/LangPackUninstaller.java;
|
awk -i inplace '!/deletePackage/' pico/src/com/svox/pico/LangPackUninstaller.java;
|
||||||
fi;
|
fi;
|
||||||
|
|
||||||
|
if enterAndClear "external/zlib"; then
|
||||||
|
applyPatch "$DOS_PATCHES/android_external_zlib/351107.patch"; #n-asb-2023-03 Fix a bug when getting a gzip header extra field with inflate().
|
||||||
|
fi;
|
||||||
|
|
||||||
if enterAndClear "frameworks/base"; then
|
if enterAndClear "frameworks/base"; then
|
||||||
|
applyPatch "$DOS_PATCHES/android_frameworks_base/351411-backport.patch"; #R_asb_2023-03 Move service initialization
|
||||||
|
applyPatch "$DOS_PATCHES/android_frameworks_base/351412.patch"; #R_asb_2023-03 Stop managed profile owner granting READ_SMS
|
||||||
|
applyPatch "$DOS_PATCHES/android_frameworks_base/351413-backport.patch"; #R_asb_2023-03 Enable user graularity for lockdown mode #XXX
|
||||||
|
applyPatch "$DOS_PATCHES/android_frameworks_base/351414-backport.patch"; #R_asb_2023-03 Revoke dev perm if app is upgrading to post 23 and perm has pre23 flag #XXX
|
||||||
|
applyPatch "$DOS_PATCHES/android_frameworks_base/351415.patch"; #R_asb_2023-03 Reconcile WorkSource parcel and unparcel code.
|
||||||
|
applyPatch "$DOS_PATCHES/android_frameworks_base/351436.patch"; #R_asb_2023-03 Revert "Ensure that only SysUI can override pending intent launch flags"
|
||||||
#applyPatch "$DOS_PATCHES/android_frameworks_base/272645.patch"; #ten-bt-sbc-hd-dualchannel: Add CHANNEL_MODE_DUAL_CHANNEL constant (ValdikSS)
|
#applyPatch "$DOS_PATCHES/android_frameworks_base/272645.patch"; #ten-bt-sbc-hd-dualchannel: Add CHANNEL_MODE_DUAL_CHANNEL constant (ValdikSS)
|
||||||
#applyPatch "$DOS_PATCHES/android_frameworks_base/272646-forwardport.patch"; #ten-bt-sbc-hd-dualchannel: Add Dual Channel into Bluetooth Audio Channel Mode developer options menu (ValdikSS)
|
#applyPatch "$DOS_PATCHES/android_frameworks_base/272646-forwardport.patch"; #ten-bt-sbc-hd-dualchannel: Add Dual Channel into Bluetooth Audio Channel Mode developer options menu (ValdikSS)
|
||||||
#applyPatch "$DOS_PATCHES/android_frameworks_base/272647.patch"; #ten-bt-sbc-hd-dualchannel: Allow SBC as HD audio codec in Bluetooth device configuration (ValdikSS)
|
#applyPatch "$DOS_PATCHES/android_frameworks_base/272647.patch"; #ten-bt-sbc-hd-dualchannel: Allow SBC as HD audio codec in Bluetooth device configuration (ValdikSS)
|
||||||
@ -200,6 +211,7 @@ fi;
|
|||||||
fi;
|
fi;
|
||||||
|
|
||||||
if enterAndClear "frameworks/opt/net/wifi"; then
|
if enterAndClear "frameworks/opt/net/wifi"; then
|
||||||
|
applyPatch "$DOS_PATCHES/android_frameworks_opt_net_wifi/351437-backport.patch"; #R_asb_2023-03 Revert "[DO NOT MERGE] wifi: remove certificates for network factory reset"
|
||||||
if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_opt_net_wifi/0001-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS)
|
if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_opt_net_wifi/0001-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS)
|
||||||
applyPatch "$DOS_PATCHES/android_frameworks_opt_net_wifi/0002-Random_MAC.patch"; #Add support for always generating new random MAC (GrapheneOS)
|
applyPatch "$DOS_PATCHES/android_frameworks_opt_net_wifi/0002-Random_MAC.patch"; #Add support for always generating new random MAC (GrapheneOS)
|
||||||
fi;
|
fi;
|
||||||
@ -292,6 +304,7 @@ if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_pa
|
|||||||
fi;
|
fi;
|
||||||
|
|
||||||
if enterAndClear "packages/apps/PermissionController"; then
|
if enterAndClear "packages/apps/PermissionController"; then
|
||||||
|
applyPatch "$DOS_PATCHES/android_packages_apps_PermissionController/351439-backport.patch"; #R_asb_2023-03 Stop managed profile owner granting READ_SMS
|
||||||
applyPatch "$DOS_PATCHES/android_packages_apps_PermissionController/0001-Network_Permission-1.patch"; #Always treat INTERNET as a runtime permission (GrapheneOS)
|
applyPatch "$DOS_PATCHES/android_packages_apps_PermissionController/0001-Network_Permission-1.patch"; #Always treat INTERNET as a runtime permission (GrapheneOS)
|
||||||
applyPatch "$DOS_PATCHES/android_packages_apps_PermissionController/0001-Network_Permission-2.patch"; #Add INTERNET permission toggle (GrapheneOS)
|
applyPatch "$DOS_PATCHES/android_packages_apps_PermissionController/0001-Network_Permission-2.patch"; #Add INTERNET permission toggle (GrapheneOS)
|
||||||
applyPatch "$DOS_PATCHES/android_packages_apps_PermissionController/0001-Sensors_Permission-1.patch"; #Always treat OTHER_SENSORS as a runtime permission (GrapheneOS)
|
applyPatch "$DOS_PATCHES/android_packages_apps_PermissionController/0001-Sensors_Permission-1.patch"; #Always treat OTHER_SENSORS as a runtime permission (GrapheneOS)
|
||||||
@ -300,6 +313,8 @@ fi;
|
|||||||
|
|
||||||
if enterAndClear "packages/apps/Settings"; then
|
if enterAndClear "packages/apps/Settings"; then
|
||||||
git revert --no-edit 486980cfecce2ca64267f41462f9371486308e9d; #Don't hide OEM unlock
|
git revert --no-edit 486980cfecce2ca64267f41462f9371486308e9d; #Don't hide OEM unlock
|
||||||
|
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/351440-backport.patch"; #R_asb_2023-03 FRP bypass defense in the settings app
|
||||||
|
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/351441.patch"; #R_asb_2023-03 Add DISALLOW_APPS_CONTROL check into uninstall app for all users
|
||||||
#applyPatch "$DOS_PATCHES/android_packages_apps_Settings/272651.patch"; #ten-bt-sbc-hd-dualchannel: Add Dual Channel into Bluetooth Audio Channel Mode developer options menu (ValdikSS)
|
#applyPatch "$DOS_PATCHES/android_packages_apps_Settings/272651.patch"; #ten-bt-sbc-hd-dualchannel: Add Dual Channel into Bluetooth Audio Channel Mode developer options menu (ValdikSS)
|
||||||
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969)
|
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969)
|
||||||
#applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle-gos.patch"; #Add option to disable captive portal checks (GrapheneOS) #FIXME: needs work
|
#applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle-gos.patch"; #Add option to disable captive portal checks (GrapheneOS) #FIXME: needs work
|
||||||
@ -356,6 +371,9 @@ applyPatch "$DOS_PATCHES/android_prebuilts_abi-dumps_vndk/0001-protobuf-avi.patc
|
|||||||
fi;
|
fi;
|
||||||
|
|
||||||
if enterAndClear "system/bt"; then
|
if enterAndClear "system/bt"; then
|
||||||
|
applyPatch "$DOS_PATCHES/android_system_bt/351443.patch"; #R_asb_2023-03 Fix an OOB Write bug in gatt_check_write_long_terminate
|
||||||
|
applyPatch "$DOS_PATCHES/android_system_bt/351444.patch"; #R_asb_2023-03 Fix an OOB access bug in A2DP_BuildMediaPayloadHeaderSbc
|
||||||
|
applyPatch "$DOS_PATCHES/android_system_bt/351445.patch"; #R_asb_2023-03 Fix an OOB write in SDP_AddAttribute
|
||||||
applyPatch "$DOS_PATCHES_COMMON/android_system_bt/0001-alloc_size.patch"; #Add alloc_size attributes to the allocator (GrapheneOS)
|
applyPatch "$DOS_PATCHES_COMMON/android_system_bt/0001-alloc_size.patch"; #Add alloc_size attributes to the allocator (GrapheneOS)
|
||||||
#applyPatch "$DOS_PATCHES/android_system_bt/272648.patch"; #ten-bt-sbc-hd-dualchannel: Increase maximum Bluetooth SBC codec bitrate for SBC HD (ValdikSS)
|
#applyPatch "$DOS_PATCHES/android_system_bt/272648.patch"; #ten-bt-sbc-hd-dualchannel: Increase maximum Bluetooth SBC codec bitrate for SBC HD (ValdikSS)
|
||||||
#applyPatch "$DOS_PATCHES/android_system_bt/272649.patch"; #ten-bt-sbc-hd-dualchannel: Explicit SBC Dual Channel (SBC HD) support (ValdikSS)
|
#applyPatch "$DOS_PATCHES/android_system_bt/272649.patch"; #ten-bt-sbc-hd-dualchannel: Explicit SBC Dual Channel (SBC HD) support (ValdikSS)
|
||||||
@ -420,6 +438,13 @@ if enter "vendor/divested"; then
|
|||||||
echo "PRODUCT_PACKAGES += vendor.lineage.trust@1.0-service" >> packages.mk; #Add deny usb service, all of our kernels have the necessary patch
|
echo "PRODUCT_PACKAGES += vendor.lineage.trust@1.0-service" >> packages.mk; #Add deny usb service, all of our kernels have the necessary patch
|
||||||
awk -i inplace '!/speed-profile/' build/target/product/lowram.mk; #breaks compile on some dexpreopt devices
|
awk -i inplace '!/speed-profile/' build/target/product/lowram.mk; #breaks compile on some dexpreopt devices
|
||||||
fi;
|
fi;
|
||||||
|
|
||||||
|
if enterAndClear "vendor/qcom/opensource/commonsys/system/bt"; then
|
||||||
|
applyPatch "$DOS_PATCHES/android_vendor_qcom_opensource_system_bt/351448.patch"; #R_asb_2023-03 Fix an OOB Write bug in gatt_check_write_long_terminate
|
||||||
|
applyPatch "$DOS_PATCHES/android_vendor_qcom_opensource_system_bt/351449.patch"; #R_asb_2023-03 Fix an OOB access bug in A2DP_BuildMediaPayloadHeaderSbc
|
||||||
|
applyPatch "$DOS_PATCHES/android_vendor_qcom_opensource_system_bt/351450.patch"; #R_asb_2023-03 Fix an OOB write in SDP_AddAttribute
|
||||||
|
applyPatch "$DOS_PATCHES/android_vendor_qcom_opensource_system_bt/351451.patch"; #R_asb_2023-03 AVRCP: Fix potential buffer overflow
|
||||||
|
fi;
|
||||||
#
|
#
|
||||||
#END OF ROM CHANGES
|
#END OF ROM CHANGES
|
||||||
#
|
#
|
||||||
|
Loading…
Reference in New Issue
Block a user