14.1: Import and verify picks

https://review.lineageos.org/q/topic:n-asb-2021-09
https://review.lineageos.org/q/topic:n-asb-2021-10
https://review.lineageos.org/q/topic:n-asb-2021-11
https://review.lineageos.org/q/topic:n-asb-2021-12
https://review.lineageos.org/q/topic:n-asb-2022-01
https://review.lineageos.org/q/topic:n-asb-2022-02
https://review.lineageos.org/q/topic:n-asb-2022-03
https://review.lineageos.org/q/topic:n-asb-2022-04
https://review.lineageos.org/q/topic:n-asb-2022-05
https://review.lineageos.org/q/topic:n-asb-2022-06
https://review.lineageos.org/q/topic:n-asb-2022-07
https://review.lineageos.org/q/topic:n-asb-2022-08
https://review.lineageos.org/q/topic:n-asb-2022-09
https://review.lineageos.org/q/topic:n-asb-2022-10
https://review.lineageos.org/q/topic:n-asb-2022-11
https://review.lineageos.org/q/topic:n-asb-2022-12
https://review.lineageos.org/q/topic:n-asb-2023-01
https://review.lineageos.org/q/topic:n-asb-2023-02
https://review.lineageos.org/q/topic:n-asb-2023-03
https://review.lineageos.org/q/topic:n-asb-2023-04
https://review.lineageos.org/q/topic:n-asb-2023-05
https://review.lineageos.org/q/topic:n-asb-2023-06
https://review.lineageos.org/q/topic:n-asb-2023-07
	accounted for via manifest change:
	https://review.lineageos.org/c/LineageOS/android_external_freetype/+/360899
https://review.lineageos.org/q/topic:n-asb-2023-08
https://review.lineageos.org/q/topic:n-asb-2023-09
https://review.lineageos.org/q/topic:n-asb-2023-10
https://review.lineageos.org/q/topic:n-asb-2023-11
	was missing:
	https://review.lineageos.org/c/LineageOS/android_packages_providers_TelephonyProvider/+/376079
https://review.lineageos.org/q/topic:n-asb-2023-12
https://review.lineageos.org/q/topic:n-asb-2024-01
https://review.lineageos.org/q/topic:n-asb-2024-02
https://review.lineageos.org/q/topic:n-asb-2024-03
https://review.lineageos.org/q/topic:n-asb-2024-04
https://review.lineageos.org/q/topic:n-asb-2024-05

Signed-off-by: Tavi <tavi@divested.dev>
This commit is contained in:
Tavi 2024-05-07 17:45:55 -04:00
parent 2d7a1ea25c
commit 7162b237d3
No known key found for this signature in database
GPG Key ID: E599F62ECBAEAF2E
3 changed files with 543 additions and 1 deletions

View File

@ -0,0 +1,121 @@
From 3d934a327765cdcadc1453c2a5615a83d9162d6f Mon Sep 17 00:00:00 2001
From: Ray Essick <essick@google.com>
Date: Wed, 14 Feb 2024 11:10:41 -0600
Subject: [PATCH] fix buffer overrun in eas_wtengine
avoid a buffer overrun in eas_wtengine.
Check buffer limits during application of gain
Clip calculated length in eas_wtsynth
Bug: 317780080
Test: POC with bug
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:6b66e7665dbcd891ff23081c13ab0b1637bb1dda)
backporting fix from main
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:f9d489385ecb04bbfe06f92d6fb03a69d2734fad)
Merged-In: I3609d6a36d89b26ae7eb3ae84cbe7772f6c3bee0
Change-Id: I3609d6a36d89b26ae7eb3ae84cbe7772f6c3bee0
---
arm-wt-22k/lib_src/eas_wtengine.c | 24 ++++++++++++++++++++++++
arm-wt-22k/lib_src/eas_wtsynth.c | 12 +++++++++++-
2 files changed, 35 insertions(+), 1 deletion(-)
diff --git a/arm-wt-22k/lib_src/eas_wtengine.c b/arm-wt-22k/lib_src/eas_wtengine.c
index 68a0400..fd57672 100644
--- a/arm-wt-22k/lib_src/eas_wtengine.c
+++ b/arm-wt-22k/lib_src/eas_wtengine.c
@@ -95,6 +95,10 @@ void WT_VoiceGain (S_WT_VOICE *pWTVoice, S_WT_INT_FRAME *pWTIntFrame)
ALOGE("b/26366256");
android_errorWriteLog(0x534e4554, "26366256");
return;
+ } else if (numSamples > BUFFER_SIZE_IN_MONO_SAMPLES) {
+ ALOGE("b/317780080 clip numSamples %ld -> %d", numSamples, BUFFER_SIZE_IN_MONO_SAMPLES);
+ android_errorWriteLog(0x534e4554, "317780080");
+ numSamples = BUFFER_SIZE_IN_MONO_SAMPLES;
}
pMixBuffer = pWTIntFrame->pMixBuffer;
pInputBuffer = pWTIntFrame->pAudioBuffer;
@@ -194,6 +198,10 @@ void WT_Interpolate (S_WT_VOICE *pWTVoice, S_WT_INT_FRAME *pWTIntFrame)
ALOGE("b/26366256");
android_errorWriteLog(0x534e4554, "26366256");
return;
+ } else if (numSamples > BUFFER_SIZE_IN_MONO_SAMPLES) {
+ ALOGE("b/317780080 clip numSamples %ld -> %d", numSamples, BUFFER_SIZE_IN_MONO_SAMPLES);
+ android_errorWriteLog(0x534e4554, "317780080");
+ numSamples = BUFFER_SIZE_IN_MONO_SAMPLES;
}
pOutputBuffer = pWTIntFrame->pAudioBuffer;
@@ -293,6 +301,10 @@ void WT_InterpolateNoLoop (S_WT_VOICE *pWTVoice, S_WT_INT_FRAME *pWTIntFrame)
ALOGE("b/26366256");
android_errorWriteLog(0x534e4554, "26366256");
return;
+ } else if (numSamples > BUFFER_SIZE_IN_MONO_SAMPLES) {
+ ALOGE("b/317780080 clip numSamples %ld -> %d", numSamples, BUFFER_SIZE_IN_MONO_SAMPLES);
+ android_errorWriteLog(0x534e4554, "317780080");
+ numSamples = BUFFER_SIZE_IN_MONO_SAMPLES;
}
pOutputBuffer = pWTIntFrame->pAudioBuffer;
@@ -393,6 +405,10 @@ void WT_VoiceFilter (S_FILTER_CONTROL *pFilter, S_WT_INT_FRAME *pWTIntFrame)
ALOGE("b/26366256");
android_errorWriteLog(0x534e4554, "26366256");
return;
+ } else if (numSamples > BUFFER_SIZE_IN_MONO_SAMPLES) {
+ ALOGE("b/317780080 clip numSamples %ld -> %d", numSamples, BUFFER_SIZE_IN_MONO_SAMPLES);
+ android_errorWriteLog(0x534e4554, "317780080");
+ numSamples = BUFFER_SIZE_IN_MONO_SAMPLES;
}
pAudioBuffer = pWTIntFrame->pAudioBuffer;
@@ -461,6 +477,10 @@ void WT_VoiceFilter (S_FILTER_CONTROL *pFilter, S_WT_INT_FRAME *pWTIntFrame)
ALOGE("b/26366256");
android_errorWriteLog(0x534e4554, "26366256");
return;
+ } else if (numSamples > BUFFER_SIZE_IN_MONO_SAMPLES) {
+ ALOGE("b/317780080 clip numSamples %ld -> %d", numSamples, BUFFER_SIZE_IN_MONO_SAMPLES);
+ android_errorWriteLog(0x534e4554, "317780080");
+ numSamples = BUFFER_SIZE_IN_MONO_SAMPLES;
}
pOutputBuffer = pWTIntFrame->pAudioBuffer;
phaseInc = pWTIntFrame->frame.phaseIncrement;
@@ -609,6 +629,10 @@ void WT_InterpolateMono (S_WT_VOICE *pWTVoice, S_WT_INT_FRAME *pWTIntFrame)
ALOGE("b/26366256");
android_errorWriteLog(0x534e4554, "26366256");
return;
+ } else if (numSamples > BUFFER_SIZE_IN_MONO_SAMPLES) {
+ ALOGE("b/317780080 clip numSamples %ld -> %d", numSamples, BUFFER_SIZE_IN_MONO_SAMPLES);
+ android_errorWriteLog(0x534e4554, "317780080");
+ numSamples = BUFFER_SIZE_IN_MONO_SAMPLES;
}
pMixBuffer = pWTIntFrame->pMixBuffer;
diff --git a/arm-wt-22k/lib_src/eas_wtsynth.c b/arm-wt-22k/lib_src/eas_wtsynth.c
index 8488fe2..cc8990f 100644
--- a/arm-wt-22k/lib_src/eas_wtsynth.c
+++ b/arm-wt-22k/lib_src/eas_wtsynth.c
@@ -467,7 +467,12 @@ EAS_BOOL WT_CheckSampleEnd (S_WT_VOICE *pWTVoice, S_WT_INT_FRAME *pWTIntFrame, E
/*lint -e{703} use shift for performance */
numSamples = (EAS_I32) ((numSamples << NUM_PHASE_FRAC_BITS) - pWTVoice->phaseFrac);
if (pWTIntFrame->frame.phaseIncrement) {
- pWTIntFrame->numSamples = 1 + (numSamples / pWTIntFrame->frame.phaseIncrement);
+ EAS_I32 oldMethod = 1 + (numSamples / pWTIntFrame->frame.phaseIncrement);
+ pWTIntFrame->numSamples =
+ (numSamples + pWTIntFrame->frame.phaseIncrement - 1) / pWTIntFrame->frame.phaseIncrement;
+ if (oldMethod != pWTIntFrame->numSamples) {
+ ALOGE("b/317780080 old %ld new %ld", oldMethod, pWTIntFrame->numSamples);
+ }
} else {
pWTIntFrame->numSamples = numSamples;
}
@@ -475,6 +480,11 @@ EAS_BOOL WT_CheckSampleEnd (S_WT_VOICE *pWTVoice, S_WT_INT_FRAME *pWTIntFrame, E
ALOGE("b/26366256");
android_errorWriteLog(0x534e4554, "26366256");
pWTIntFrame->numSamples = 0;
+ } else if (pWTIntFrame->numSamples > BUFFER_SIZE_IN_MONO_SAMPLES) {
+ ALOGE("b/317780080 clip numSamples %ld -> %d",
+ pWTIntFrame->numSamples, BUFFER_SIZE_IN_MONO_SAMPLES);
+ android_errorWriteLog(0x534e4554, "317780080");
+ pWTIntFrame->numSamples = BUFFER_SIZE_IN_MONO_SAMPLES;
}
/* sound will be done this frame */

View File

@ -0,0 +1,419 @@
From e399bfb1393225413dd08c407930dbec02915b9a Mon Sep 17 00:00:00 2001
From: Aishwarya Mallampati <amallampati@google.com>
Date: Wed, 23 Aug 2023 18:30:46 +0000
Subject: [PATCH] DO NOT MERGE Block access to sms/mms db from work profile.
Bug: 289242655
Test: Manually verified work profile cannot access personal sms by
following steps mentioned in b/289242655#comment26
- atest SmsProviderTest
- atest MmsProviderTest
- atest SmsBackupRestoreTest
- QA performed regression testing and confirmed fix is working as intended here: b/294459052#comment30
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:950a7e5a4bf1b38e846fe00642105479efded57d)
Merged-In: Ib1c9ec75f77e8412b53df50f5414caa0e5aaa277
Change-Id: Ib1c9ec75f77e8412b53df50f5414caa0e5aaa277
Change-Id: I7e4cf14fabb2c00e916504ce44816462a8b5215e
---
.../providers/telephony/MmsProvider.java | 36 +++++
.../telephony/MmsSmsDatabaseHelper.java | 150 ++++++++++--------
.../providers/telephony/MmsSmsProvider.java | 36 +++++
.../providers/telephony/SmsProvider.java | 35 ++++
4 files changed, 189 insertions(+), 68 deletions(-)
diff --git a/src/com/android/providers/telephony/MmsProvider.java b/src/com/android/providers/telephony/MmsProvider.java
index ba057828d..7e50535c6 100755
--- a/src/com/android/providers/telephony/MmsProvider.java
+++ b/src/com/android/providers/telephony/MmsProvider.java
@@ -35,6 +35,7 @@
import android.os.FileUtils;
import android.os.ParcelFileDescriptor;
import android.os.UserHandle;
+import android.os.UserManager;
import android.provider.BaseColumns;
import android.provider.Telephony;
import android.provider.Telephony.CanonicalAddressesColumns;
@@ -161,6 +162,16 @@ private Cursor getPdus(int itemCount, int dataCount, String[] data) {
@Override
public Cursor query(Uri uri, String[] projection,
String selection, String[] selectionArgs, String sortOrder) {
+ Cursor emptyCursor = new MatrixCursor((projection == null) ?
+ (new String[] {}) : projection);
+ UserManager userManager = (UserManager) getContext().getSystemService(Context.USER_SERVICE);
+ if ((userManager != null) && (userManager.isManagedProfile(
+ Binder.getCallingUserHandle().getIdentifier()))) {
+ // If work profile is trying to query mms, return empty cursor.
+ Log.e(TAG, "Managed profile is not allowed to query MMS.");
+ return emptyCursor;
+ }
+
// First check if a restricted view of the "pdu" table should be used based on the
// caller's identity. Only system, phone or the default sms app can have full access
// of mms data. For other apps, we present a restricted view which only contains sent
@@ -508,6 +519,15 @@ public Uri insert(Uri uri, ContentValues values) {
if (values != null && values.containsKey(Part._DATA)) {
return null;
}
+
+ UserManager userManager = (UserManager) getContext().getSystemService(Context.USER_SERVICE);
+ if ((userManager != null) && (userManager.isManagedProfile(
+ Binder.getCallingUserHandle().getIdentifier()))) {
+ // If work profile is trying to insert mms, return null.
+ Log.e(TAG, "Managed profile is not allowed to insert MMS.");
+ return null;
+ }
+
final int callerUid = Binder.getCallingUid();
final String callerPkg = getCallingPackage();
int msgBox = Mms.MESSAGE_BOX_ALL;
@@ -787,6 +807,14 @@ private int getMessageBoxByMatch(int match) {
@Override
public int delete(Uri uri, String selection,
String[] selectionArgs) {
+ UserManager userManager = (UserManager) getContext().getSystemService(Context.USER_SERVICE);
+ if ((userManager != null) && (userManager.isManagedProfile(
+ Binder.getCallingUserHandle().getIdentifier()))) {
+ // If work profile is trying to delete mms, return 0.
+ Log.e(TAG, "Managed profile is not allowed to delete MMS.");
+ return 0;
+ }
+
int match = sURLMatcher.match(uri);
if (LOCAL_LOGV) {
Log.v(TAG, "Delete uri=" + uri + ", match=" + match);
@@ -960,6 +988,14 @@ private static int deleteDataRows(SQLiteDatabase db, String table,
@Override
public int update(Uri uri, ContentValues values, String selection, String[] selectionArgs) {
+ UserManager userManager = (UserManager) getContext().getSystemService(Context.USER_SERVICE);
+ if ((userManager != null) && (userManager.isManagedProfile(
+ Binder.getCallingUserHandle().getIdentifier()))) {
+ // If work profile is trying to update mms, return 0.
+ Log.e(TAG, "Managed profile is not allowed to update MMS.");
+ return 0;
+ }
+
// The _data column is filled internally in MmsProvider, so this check is just to avoid
// it from being inadvertently set. This is not supposed to be a protection against
// malicious attack, since sql injection could still be attempted to bypass the check. On
diff --git a/src/com/android/providers/telephony/MmsSmsDatabaseHelper.java b/src/com/android/providers/telephony/MmsSmsDatabaseHelper.java
index 9e5715dd6..64cc50cd0 100644
--- a/src/com/android/providers/telephony/MmsSmsDatabaseHelper.java
+++ b/src/com/android/providers/telephony/MmsSmsDatabaseHelper.java
@@ -636,78 +636,92 @@ private void createThreadIdIndex(SQLiteDatabase db) {
}
}
+ public static String CREATE_ADDR_TABLE_STR =
+ "CREATE TABLE " + MmsProvider.TABLE_ADDR + " (" +
+ Addr._ID + " INTEGER PRIMARY KEY," +
+ Addr.MSG_ID + " INTEGER," +
+ Addr.CONTACT_ID + " INTEGER," +
+ Addr.ADDRESS + " TEXT," +
+ Addr.TYPE + " INTEGER," +
+ Addr.CHARSET + " INTEGER);";
+
+ public static String CREATE_PART_TABLE_STR =
+ "CREATE TABLE " + MmsProvider.TABLE_PART + " (" +
+ Part._ID + " INTEGER PRIMARY KEY AUTOINCREMENT," +
+ Part.MSG_ID + " INTEGER," +
+ Part.SEQ + " INTEGER DEFAULT 0," +
+ Part.CONTENT_TYPE + " TEXT," +
+ Part.NAME + " TEXT," +
+ Part.CHARSET + " INTEGER," +
+ Part.CONTENT_DISPOSITION + " TEXT," +
+ Part.FILENAME + " TEXT," +
+ Part.CONTENT_ID + " TEXT," +
+ Part.CONTENT_LOCATION + " TEXT," +
+ Part.CT_START + " INTEGER," +
+ Part.CT_TYPE + " TEXT," +
+ Part._DATA + " TEXT," +
+ Part.TEXT + " TEXT);";
+
+ public static String CREATE_PDU_TABLE_STR =
+ "CREATE TABLE " + MmsProvider.TABLE_PDU + " (" +
+ Mms._ID + " INTEGER PRIMARY KEY AUTOINCREMENT," +
+ Mms.THREAD_ID + " INTEGER," +
+ Mms.DATE + " INTEGER," +
+ Mms.DATE_SENT + " INTEGER DEFAULT 0," +
+ Mms.MESSAGE_BOX + " INTEGER," +
+ Mms.READ + " INTEGER DEFAULT 0," +
+ Mms.MESSAGE_ID + " TEXT," +
+ Mms.SUBJECT + " TEXT," +
+ Mms.SUBJECT_CHARSET + " INTEGER," +
+ Mms.CONTENT_TYPE + " TEXT," +
+ Mms.CONTENT_LOCATION + " TEXT," +
+ Mms.EXPIRY + " INTEGER," +
+ Mms.MESSAGE_CLASS + " TEXT," +
+ Mms.MESSAGE_TYPE + " INTEGER," +
+ Mms.MMS_VERSION + " INTEGER," +
+ Mms.MESSAGE_SIZE + " INTEGER," +
+ Mms.PRIORITY + " INTEGER," +
+ Mms.READ_REPORT + " INTEGER," +
+ Mms.REPORT_ALLOWED + " INTEGER," +
+ Mms.RESPONSE_STATUS + " INTEGER," +
+ Mms.STATUS + " INTEGER," +
+ Mms.TRANSACTION_ID + " TEXT," +
+ Mms.RETRIEVE_STATUS + " INTEGER," +
+ Mms.RETRIEVE_TEXT + " TEXT," +
+ Mms.RETRIEVE_TEXT_CHARSET + " INTEGER," +
+ Mms.READ_STATUS + " INTEGER," +
+ Mms.CONTENT_CLASS + " INTEGER," +
+ Mms.RESPONSE_TEXT + " TEXT," +
+ Mms.DELIVERY_TIME + " INTEGER," +
+ Mms.DELIVERY_REPORT + " INTEGER," +
+ Mms.LOCKED + " INTEGER DEFAULT 0," +
+ Mms.SUBSCRIPTION_ID + " INTEGER DEFAULT "
+ + SubscriptionManager.INVALID_SUBSCRIPTION_ID + ", " +
+ Mms.SEEN + " INTEGER DEFAULT 0," +
+ Mms.CREATOR + " TEXT," +
+ Mms.TEXT_ONLY + " INTEGER DEFAULT 0);";
+
+ public static String CREATE_RATE_TABLE_STR =
+ "CREATE TABLE " + MmsProvider.TABLE_RATE + " (" +
+ Rate.SENT_TIME + " INTEGER);";
+
+ public static String CREATE_DRM_TABLE_STR =
+ "CREATE TABLE " + MmsProvider.TABLE_DRM + " (" +
+ BaseColumns._ID + " INTEGER PRIMARY KEY," +
+ "_data TEXT);";
+
private void createMmsTables(SQLiteDatabase db) {
// N.B.: Whenever the columns here are changed, the columns in
// {@ref MmsSmsProvider} must be changed to match.
- db.execSQL("CREATE TABLE " + MmsProvider.TABLE_PDU + " (" +
- Mms._ID + " INTEGER PRIMARY KEY AUTOINCREMENT," +
- Mms.THREAD_ID + " INTEGER," +
- Mms.DATE + " INTEGER," +
- Mms.DATE_SENT + " INTEGER DEFAULT 0," +
- Mms.MESSAGE_BOX + " INTEGER," +
- Mms.READ + " INTEGER DEFAULT 0," +
- Mms.MESSAGE_ID + " TEXT," +
- Mms.SUBJECT + " TEXT," +
- Mms.SUBJECT_CHARSET + " INTEGER," +
- Mms.CONTENT_TYPE + " TEXT," +
- Mms.CONTENT_LOCATION + " TEXT," +
- Mms.EXPIRY + " INTEGER," +
- Mms.MESSAGE_CLASS + " TEXT," +
- Mms.MESSAGE_TYPE + " INTEGER," +
- Mms.MMS_VERSION + " INTEGER," +
- Mms.MESSAGE_SIZE + " INTEGER," +
- Mms.PRIORITY + " INTEGER," +
- Mms.READ_REPORT + " INTEGER," +
- Mms.REPORT_ALLOWED + " INTEGER," +
- Mms.RESPONSE_STATUS + " INTEGER," +
- Mms.STATUS + " INTEGER," +
- Mms.TRANSACTION_ID + " TEXT," +
- Mms.RETRIEVE_STATUS + " INTEGER," +
- Mms.RETRIEVE_TEXT + " TEXT," +
- Mms.RETRIEVE_TEXT_CHARSET + " INTEGER," +
- Mms.READ_STATUS + " INTEGER," +
- Mms.CONTENT_CLASS + " INTEGER," +
- Mms.RESPONSE_TEXT + " TEXT," +
- Mms.DELIVERY_TIME + " INTEGER," +
- Mms.DELIVERY_REPORT + " INTEGER," +
- Mms.LOCKED + " INTEGER DEFAULT 0," +
- Mms.SUBSCRIPTION_ID + " INTEGER DEFAULT "
- + SubscriptionManager.INVALID_SUBSCRIPTION_ID + ", " +
- Mms.SEEN + " INTEGER DEFAULT 0," +
- Mms.CREATOR + " TEXT," +
- Mms.TEXT_ONLY + " INTEGER DEFAULT 0" +
- ");");
+ db.execSQL(CREATE_PDU_TABLE_STR);
+
+ db.execSQL(CREATE_ADDR_TABLE_STR);
+
+ db.execSQL(CREATE_PART_TABLE_STR);
+
+ db.execSQL(CREATE_RATE_TABLE_STR);
- db.execSQL("CREATE TABLE " + MmsProvider.TABLE_ADDR + " (" +
- Addr._ID + " INTEGER PRIMARY KEY," +
- Addr.MSG_ID + " INTEGER," +
- Addr.CONTACT_ID + " INTEGER," +
- Addr.ADDRESS + " TEXT," +
- Addr.TYPE + " INTEGER," +
- Addr.CHARSET + " INTEGER);");
-
- db.execSQL("CREATE TABLE " + MmsProvider.TABLE_PART + " (" +
- Part._ID + " INTEGER PRIMARY KEY AUTOINCREMENT," +
- Part.MSG_ID + " INTEGER," +
- Part.SEQ + " INTEGER DEFAULT 0," +
- Part.CONTENT_TYPE + " TEXT," +
- Part.NAME + " TEXT," +
- Part.CHARSET + " INTEGER," +
- Part.CONTENT_DISPOSITION + " TEXT," +
- Part.FILENAME + " TEXT," +
- Part.CONTENT_ID + " TEXT," +
- Part.CONTENT_LOCATION + " TEXT," +
- Part.CT_START + " INTEGER," +
- Part.CT_TYPE + " TEXT," +
- Part._DATA + " TEXT," +
- Part.TEXT + " TEXT);");
-
- db.execSQL("CREATE TABLE " + MmsProvider.TABLE_RATE + " (" +
- Rate.SENT_TIME + " INTEGER);");
-
- db.execSQL("CREATE TABLE " + MmsProvider.TABLE_DRM + " (" +
- BaseColumns._ID + " INTEGER PRIMARY KEY," +
- "_data TEXT);");
+ db.execSQL(CREATE_DRM_TABLE_STR);
// Restricted view of pdu table, only sent/received messages without wap pushes
db.execSQL("CREATE VIEW " + MmsProvider.VIEW_PDU_RESTRICTED + " AS " +
diff --git a/src/com/android/providers/telephony/MmsSmsProvider.java b/src/com/android/providers/telephony/MmsSmsProvider.java
index 7b44583e6..a9914257d 100644
--- a/src/com/android/providers/telephony/MmsSmsProvider.java
+++ b/src/com/android/providers/telephony/MmsSmsProvider.java
@@ -23,12 +23,14 @@
import android.content.UriMatcher;
import android.database.Cursor;
import android.database.DatabaseUtils;
+import android.database.MatrixCursor;
import android.database.sqlite.SQLiteDatabase;
import android.database.sqlite.SQLiteOpenHelper;
import android.database.sqlite.SQLiteQueryBuilder;
import android.net.Uri;
import android.os.Binder;
import android.os.UserHandle;
+import android.os.UserManager;
import android.provider.BaseColumns;
import android.provider.Telephony;
import android.provider.Telephony.CanonicalAddressesColumns;
@@ -335,6 +337,16 @@ public boolean onCreate() {
@Override
public Cursor query(Uri uri, String[] projection,
String selection, String[] selectionArgs, String sortOrder) {
+ Cursor emptyCursor = new MatrixCursor((projection == null) ?
+ (new String[] {}) : projection);
+ UserManager userManager = (UserManager) getContext().getSystemService(Context.USER_SERVICE);
+ if ((userManager != null) && (userManager.isManagedProfile(
+ Binder.getCallingUserHandle().getIdentifier()))) {
+ // If work profile is trying to query mms/sms, return empty cursor.
+ Log.e(LOG_TAG, "Managed profile is not allowed to query MMS/SMS.");
+ return emptyCursor;
+ }
+
// First check if restricted views of the "sms" and "pdu" tables should be used based on the
// caller's identity. Only system, phone or the default sms app can have full access
// of sms/mms data. For other apps, we present a restricted view which only contains sent
@@ -1244,6 +1256,14 @@ public String getType(Uri uri) {
@Override
public int delete(Uri uri, String selection,
String[] selectionArgs) {
+ UserManager userManager = (UserManager) getContext().getSystemService(Context.USER_SERVICE);
+ if ((userManager != null) && (userManager.isManagedProfile(
+ Binder.getCallingUserHandle().getIdentifier()))) {
+ // If work profile is trying to delete mms/sms, return 0.
+ Log.e(LOG_TAG, "Managed profile is not allowed to delete MMS/SMS.");
+ return 0;
+ }
+
SQLiteDatabase db = mOpenHelper.getWritableDatabase();
Context context = getContext();
int affectedRows = 0;
@@ -1300,6 +1320,14 @@ private int deleteConversation(Uri uri, String selection, String[] selectionArgs
@Override
public Uri insert(Uri uri, ContentValues values) {
+ UserManager userManager = (UserManager) getContext().getSystemService(Context.USER_SERVICE);
+ if ((userManager != null) && (userManager.isManagedProfile(
+ Binder.getCallingUserHandle().getIdentifier()))) {
+ // If work profile is trying to insert mms/sms, return null.
+ Log.e(LOG_TAG, "Managed profile is not allowed to insert MMS/SMS.");
+ return null;
+ }
+
if (URI_MATCHER.match(uri) == URI_PENDING_MSG) {
SQLiteDatabase db = mOpenHelper.getWritableDatabase();
long rowId = db.insert(TABLE_PENDING_MSG, null, values);
@@ -1311,6 +1339,14 @@ public Uri insert(Uri uri, ContentValues values) {
@Override
public int update(Uri uri, ContentValues values,
String selection, String[] selectionArgs) {
+ UserManager userManager = (UserManager) getContext().getSystemService(Context.USER_SERVICE);
+ if ((userManager != null) && (userManager.isManagedProfile(
+ Binder.getCallingUserHandle().getIdentifier()))) {
+ // If work profile is trying to update mms/sms, return 0.
+ Log.e(LOG_TAG, "Managed profile is not allowed to update MMS/SMS.");
+ return 0;
+ }
+
final int callerUid = Binder.getCallingUid();
final String callerPkg = getCallingPackage();
SQLiteDatabase db = mOpenHelper.getWritableDatabase();
diff --git a/src/com/android/providers/telephony/SmsProvider.java b/src/com/android/providers/telephony/SmsProvider.java
index 208175645..6fa858751 100644
--- a/src/com/android/providers/telephony/SmsProvider.java
+++ b/src/com/android/providers/telephony/SmsProvider.java
@@ -38,6 +38,7 @@
import android.net.Uri;
import android.os.Binder;
import android.os.UserHandle;
+import android.os.UserManager;
import android.provider.Contacts;
import android.provider.Telephony;
import android.provider.Telephony.MmsSms;
@@ -146,6 +147,16 @@ public static String getSmsTable(boolean accessRestricted) {
@Override
public Cursor query(Uri url, String[] projectionIn, String selection,
String[] selectionArgs, String sort) {
+ Cursor emptyCursor = new MatrixCursor((projectionIn == null) ?
+ (new String[] {}) : projectionIn);
+ UserManager userManager = (UserManager) getContext().getSystemService(Context.USER_SERVICE);
+ if ((userManager != null) && (userManager.isManagedProfile(
+ Binder.getCallingUserHandle().getIdentifier()))) {
+ // If work profile is trying to query sms, return empty cursor.
+ Log.e(TAG, "Managed profile is not allowed to query SMS.");
+ return emptyCursor;
+ }
+
// First check if a restricted view of the "sms" table should be used based on the
// caller's identity. Only system, phone or the default sms app can have full access
// of sms data. For other apps, we present a restricted view which only contains sent
@@ -521,6 +532,14 @@ public Uri insert(Uri url, ContentValues initialValues) {
}
private Uri insertInner(Uri url, ContentValues initialValues, int callerUid, String callerPkg) {
+ UserManager userManager = (UserManager) getContext().getSystemService(Context.USER_SERVICE);
+ if ((userManager != null) && (userManager.isManagedProfile(
+ Binder.getCallingUserHandle().getIdentifier()))) {
+ // If work profile is trying to insert sms, return null.
+ Log.e(TAG, "Managed profile is not allowed to insert SMS.");
+ return null;
+ }
+
ContentValues values;
long rowID;
int type = Sms.MESSAGE_TYPE_ALL;
@@ -1050,6 +1069,14 @@ private static int charToBCD(char c) {
@Override
public int delete(Uri url, String where, String[] whereArgs) {
+ UserManager userManager = (UserManager) getContext().getSystemService(Context.USER_SERVICE);
+ if ((userManager != null) && (userManager.isManagedProfile(
+ Binder.getCallingUserHandle().getIdentifier()))) {
+ // If work profile is trying to delete sms, return 0.
+ Log.e(TAG, "Managed profile is not allowed to delete SMS.");
+ return 0;
+ }
+
int count;
int match = sURLMatcher.match(url);
SQLiteDatabase db = getDBOpenHelper(match).getWritableDatabase();
@@ -1161,6 +1188,14 @@ private int deleteMessageFromIcc(String messageIndexString, int subId) {
@Override
public int update(Uri url, ContentValues values, String where, String[] whereArgs) {
+ UserManager userManager = (UserManager) getContext().getSystemService(Context.USER_SERVICE);
+ if ((userManager != null) && (userManager.isManagedProfile(
+ Binder.getCallingUserHandle().getIdentifier()))) {
+ // If work profile is trying to update sms, return 0.
+ Log.e(TAG, "Managed profile is not allowed to update SMS.");
+ return 0;
+ }
+
final int callerUid = Binder.getCallingUid();
final String callerPkg = getCallingPackage();
int count = 0;

View File

@ -76,7 +76,7 @@ sed -i '50i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aap
sed -i '296iLOCAL_AAPT_FLAGS += --auto-add-overlay' core/package_internal.mk;
awk -i inplace '!/Email/' target/product/core.mk; #Remove Email
awk -i inplace '!/Exchange2/' target/product/core.mk;
sed -i 's/2021-06-05/2024-04-05/' core/version_defaults.mk; #Bump Security String #n-asb-2024-04 #XXX
sed -i 's/2021-06-05/2024-05-05/' core/version_defaults.mk; #Bump Security String #n-asb-2024-05 #XXX
fi;
if enterAndClear "device/qcom/sepolicy"; then
@ -143,6 +143,7 @@ fi;
if enterAndClear "external/sonivox"; then
applyPatch "$DOS_PATCHES/android_external_sonivox/317038.patch"; #n-asb-2021-10 Fix global buffer overflow in WT_InterpolateNoLoop
applyPatch "$DOS_PATCHES/android_external_sonivox/391896.patch"; #n-asb-2024-05 Fix buffer overrun in eas_wtengine
fi;
if enterAndClear "external/sqlite"; then
@ -493,6 +494,7 @@ fi;
if enterAndClear "packages/providers/TelephonyProvider"; then
applyPatch "$DOS_PATCHES/android_packages_providers_TelephonyProvider/343954.patch"; #n-asb-2022-11 Check dir path before updating permissions.
applyPatch "$DOS_PATCHES/android_packages_providers_TelephonyProvider/364040-backport.patch"; #R_asb_2023-08 Update file permissions using canonical path
applyPatch "$DOS_PATCHES/android_packages_providers_TelephonyProvider/376079.patch"; #n-asb-2023-11 Block access to sms/mms db from work profile.
fi;
if enterAndClear "system/bt"; then