15.1: October 2024 ASB work

Signed-off-by: Tavi <tavi@divested.dev>

Patches/LineageOS-15.1/android_frameworks_base/405829-backport.patch

@@ -0,0 +1,32 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Dmitry Dementyev <dementyev@google.com>
+Date: Thu, 11 Jul 2024 12:39:22 -0700
+Subject: [PATCH] Update AccountManagerService checkKeyIntent.
+
+Block intents with "content" data scheme.
+
+Bug: 349780950
+Test: manual
+Flag: EXEMPT bugfix
+(cherry picked from commit c1e79495a49bd4d3e380136fe4bca7ac1a9ed763)
+(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:59b2cc4447fbbdea58840f5b9d885d83241ac5f5)
+Merged-In: I8b23191d3d60036ca7ddf0ef7dcba6b38fb27b3c
+Change-Id: I8b23191d3d60036ca7ddf0ef7dcba6b38fb27b3c
+---
+ .../com/android/server/accounts/AccountManagerService.java     | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java
+index 45c56e41d7fb..95fd335bc11c 100644
+--- a/services/core/java/com/android/server/accounts/AccountManagerService.java
++++ b/services/core/java/com/android/server/accounts/AccountManagerService.java
+@@ -4779,6 +4779,9 @@ public class AccountManagerService
+                 if (resolveInfo == null) {
+                     return false;
+                 }
++                if ("content".equals(intent.getScheme())) {
++                    return false;
++                }
+                 ActivityInfo targetActivityInfo = resolveInfo.activityInfo;
+                 int targetUid = targetActivityInfo.applicationInfo.uid;
+                 if (!isExportedSystemActivity(targetActivityInfo)

Patches/LineageOS-15.1/android_frameworks_base/405830.patch

@@ -0,0 +1,30 @@
+From 036b28bd48fae9e16d8b1b2a8bb629f4221e41c2 Mon Sep 17 00:00:00 2001
+From: William Loh <wloh@google.com>
+Date: Mon, 3 Jun 2024 12:56:47 -0700
+Subject: [PATCH] Fail parseUri if end is missing
+
+Bug: 318683126
+Test: atest IntentTest
+Flag: EXEMPT bugfix
+(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:b85bee508793e31d6fe37fc9cd4e8fa3787113cc)
+(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:5d754ed6dd1fd321746f5ec4742831ffd97a9967)
+Merged-In: I5f619ced684ff505ce2b7408cd35dd3e9be89dea
+Change-Id: I5f619ced684ff505ce2b7408cd35dd3e9be89dea
+---
+ core/java/android/content/Intent.java | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/core/java/android/content/Intent.java b/core/java/android/content/Intent.java
+index 66c2658f9f132..dbed1b1a8fd31 100644
+--- a/core/java/android/content/Intent.java
++++ b/core/java/android/content/Intent.java
+@@ -6277,6 +6277,9 @@ public static Intent parseUri(String uri, @UriFlags int flags) throws URISyntaxE
+                 int eq = uri.indexOf('=', i);
+                 if (eq < 0) eq = i-1;
+                 int semi = uri.indexOf(';', i);
++                if (semi < 0) {
++                    throw new URISyntaxException(uri, "uri end not found");
++                }
+                 String value = eq < semi ? Uri.decode(uri.substring(eq + 1, semi)) : "";
+ 
+                 // action

Patches/LineageOS-15.1/android_libcore/405831.patch

@@ -0,0 +1,53 @@
+From b7877b7a39d68acb35c40d1df1b588f067cca800 Mon Sep 17 00:00:00 2001
+From: Almaz Mingaleev <mingaleev@google.com>
+Date: Wed, 10 Jul 2024 13:38:35 +0100
+Subject: [PATCH] Do not accept zip files with invalid headers.
+
+According to Section 4.3.6 in [1] non-empty zip file starts with
+local file header. 4.3.1 allows empty files, and in such case
+file starts with "end of central directory record".
+
+This aligns ZipFile with libziparchive modulo empty zip files -
+libziparchive rejects them.
+
+Tests are skipped because sc-dev branch uses ART module
+prebuilts, but builds tests from sources which leads to presubmit
+failures.
+
+Ignore-AOSP-First: b/309938635#comment1
+
+[1] https://pkwaredownloads.blob.core.windows.net/pem/APPNOTE.txt
+
+Bug: 309938635
+Test: CtsLibcoreTestCases
+Test: CtsLibcoreOjTestCases
+(cherry picked from commit 288a44a1817707110cdf5a3a6ef8377c6e10cce2)
+(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:43e428a99aa89a9dfbe93000171721ecbfc31b88)
+Merged-In: I545cdd49ec3cc138331145f4716c8148662a478b
+Change-Id: I545cdd49ec3cc138331145f4716c8148662a478b
+---
+ ojluni/src/main/native/zip_util.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/ojluni/src/main/native/zip_util.c b/ojluni/src/main/native/zip_util.c
+index e2503e84c2e..1f38b1783f1 100644
+--- a/ojluni/src/main/native/zip_util.c
++++ b/ojluni/src/main/native/zip_util.c
+@@ -876,6 +876,17 @@ ZIP_Put_In_Cache0(const char *name, ZFILE zfd, char **pmsg, jlong lastModified,
+             zip->locsig = JNI_TRUE;
+         else
+             zip->locsig = JNI_FALSE;
++
++        // BEGIN Android-changed: do not accept files with invalid header.
++        if (GETSIG(errbuf) != LOCSIG && GETSIG(errbuf) != ENDSIG) {
++            if (pmsg) {
++                *pmsg = strdup("Entry at offset zero has invalid LFH signature.");
++            }
++            ZFILE_Close(zfd);
++            freeZip(zip);
++            return NULL;
++        }
++        // END Android-changed: do not accept files with invalid header.
+     }
+ 
+     // This lseek is safe because it happens during construction of the ZipFile

Patches/LineageOS-15.1/android_packages_apps_Settings/405832-backport.patch

@@ -0,0 +1,52 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Yiling Chuang <emilychuang@google.com>
+Date: Mon, 8 Jul 2024 03:09:50 +0000
+Subject: [PATCH] RESTRICT AUTOMERGE FRP bypass defense in App battery usage
+ page
+
+Before the setup flow completion, don't allow the app info page in App battery usage to be launched.
+
+Bug: 327748846
+Test: atest SettingsRoboTests + manual test
+- factory reset + launch app battery usage app info via ADB during Setup -> verify app closes
+Flag : EXEMPT bugfix
+
+(cherry picked from commit 419a6a907902a12a0f565c808fa70092004d6686)
+(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:62b0014ed6e69b0abc48a5c18b740f95bc5dc429)
+Merged-In: I486820ca2afecc02729a56a3c531fb931c1907d0
+Change-Id: I486820ca2afecc02729a56a3c531fb931c1907d0
+---
+ .../android/settings/fuelgauge/AdvancedPowerUsageDetail.java | 5 +++++
+ .../settings/fuelgauge/AdvancedPowerUsageDetailTest.java     | 5 +++++
+ 2 files changed, 10 insertions(+)
+
+diff --git a/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetail.java b/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetail.java
+index 160b52f118d..36b464e0b9c 100644
+--- a/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetail.java
++++ b/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetail.java
+@@ -217,6 +217,11 @@ public class AdvancedPowerUsageDetail extends DashboardFragment implements
+         initPreference();
+     }
+ 
++    @Override
++    protected boolean shouldSkipForInitialSUW() {
++        return true;
++    }
++
+     @VisibleForTesting
+     void initAnomalyInfo() {
+         mAnomalies = getArguments().getParcelableArrayList(EXTRA_ANOMALY_LIST);
+diff --git a/tests/robotests/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetailTest.java b/tests/robotests/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetailTest.java
+index 54d043c419d..8bbed5de0d0 100644
+--- a/tests/robotests/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetailTest.java
++++ b/tests/robotests/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetailTest.java
+@@ -434,4 +434,9 @@ public class AdvancedPowerUsageDetailTest {
+         verify(mAnomalySummaryPreferenceController).updateAnomalySummaryPreference(mAnomalies);
+     }
+ 
++    @Test
++    public void shouldSkipForInitialSUW_returnTrue() {
++        assertThat(mFragment.shouldSkipForInitialSUW()).isTrue();
++    }
++
+ }

Patches/LineageOS-16.0/android_packages_apps_Settings/405832.patch

@@ -1,4 +1,4 @@
-From 9e4a67d2ae95b69f88b0bdf15ace52870ae93d5e Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Yiling Chuang <emilychuang@google.com>
 Date: Mon, 8 Jul 2024 03:09:50 +0000
 Subject: [PATCH] RESTRICT AUTOMERGE FRP bypass defense in App battery usage
@@ -17,14 +17,14 @@ Merged-In: I486820ca2afecc02729a56a3c531fb931c1907d0
 Change-Id: I486820ca2afecc02729a56a3c531fb931c1907d0
 ---
  .../android/settings/fuelgauge/AdvancedPowerUsageDetail.java | 5 +++++
- .../settings/fuelgauge/AdvancedPowerUsageDetailTest.java     | 3 +++
- 2 files changed, 8 insertions(+)
+ .../settings/fuelgauge/AdvancedPowerUsageDetailTest.java     | 5 +++++
+ 2 files changed, 10 insertions(+)
 
 diff --git a/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetail.java b/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetail.java
 index 683395e773c..d2a34c64886 100644
 --- a/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetail.java
 +++ b/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetail.java
-@@ -234,6 +234,11 @@ public void onResume() {
+@@ -234,6 +234,11 @@ public class AdvancedPowerUsageDetail extends DashboardFragment implements
          initPreference();
      }
  
@@ -37,15 +37,16 @@ index 683395e773c..d2a34c64886 100644
      void initAnomalyInfo() {
          mAnomalies = getArguments().getParcelableArrayList(EXTRA_ANOMALY_LIST);
 diff --git a/tests/robotests/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetailTest.java b/tests/robotests/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetailTest.java
-index 0be63899785..2de4786763d 100644
+index 0be63899785..485cfd672bf 100644
 --- a/tests/robotests/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetailTest.java
 +++ b/tests/robotests/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetailTest.java
-@@ -434,5 +434,8 @@ public void testInitAnomalyInfo_anomalyExisted_updateAnomaly() {
-         mFragment.initAnomalyInfo();
+@@ -435,4 +435,9 @@ public class AdvancedPowerUsageDetailTest {
  
          verify(mAnomalySummaryPreferenceController).updateAnomalySummaryPreference(mAnomalies);
+     }
 +
++    @Test
 +    public void shouldSkipForInitialSUW_returnTrue() {
 +        assertThat(mFragment.shouldSkipForInitialSUW()).isTrue();
-     }
++    }
  }

Scripts/LineageOS-15.1/Patch.sh

@@ -76,7 +76,7 @@ applyPatch "$DOS_PATCHES/android_build/0002-Enable_fwrapv.patch"; #Use -fwrapv a
 applyPatch "$DOS_PATCHES/android_build/0003-verity-openssl3.patch"; #Fix VB 1.0 failure due to openssl output format change
 sed -i '57i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
 awk -i inplace '!/Email/' target/product/core.mk; #Remove Email
-sed -i 's/2021-10-05/2024-09-05/' core/version_defaults.mk; #Bump Security String #XXX
+sed -i 's/2021-10-05/2024-10-05/' core/version_defaults.mk; #Bump Security String #XXX
 fi;
 
 if enterAndClear "build/soong"; then
@@ -277,6 +277,8 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/397594.patch"; #P_asb_2024-07 V
 applyPatch "$DOS_PATCHES/android_frameworks_base/399769-backport.patch"; #P_asb_2024-08 Restrict USB poups while setup is in progress
 applyPatch "$DOS_PATCHES/android_frameworks_base/399770.patch"; #P_asb_2024-08 Hide SAW subwindows
 applyPatch "$DOS_PATCHES/android_frameworks_base/401373-backport.patch"; #S_asb_2024-09 Sanitized uri scheme by removing scheme delimiter
+applyPatch "$DOS_PATCHES/android_frameworks_base/405829-backport.patch"; #P_asb_2024-10 Update AccountManagerService checkKeyIntent.
++applyPatch "$DOS_PATCHES/android_frameworks_base/405830.patch"; #P_asb_2024-10 Fail parseUri if end is missing
 applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0001-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
 applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969)
 applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after five failed attempts (GrapheneOS)
@@ -360,6 +362,10 @@ if enterAndClear "hardware/qcom/gps"; then
 applyPatch "$DOS_PATCHES_COMMON/android_hardware_qcom_gps/0001-rollover.patch"; #Fix week rollover (jlask)
 fi;
 
+if enterAndClear "libcore"; then
+applyPatch "$DOS_PATCHES/android_libcore/405831.patch"; #P_asb_2024-10 Do not accept zip files with invalid headers.
+fi;
+
 if enterAndClear "lineage-sdk"; then
 awk -i inplace '!/WeatherManagerServiceBroker/' lineage/res/res/values/config.xml; #Disable Weather
 if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then awk -i inplace '!/LineageAudioService/' lineage/res/res/values/config.xml; fi; #Remove AudioFX
@@ -428,6 +434,7 @@ applyPatch "$DOS_PATCHES/android_packages_apps_Settings/365973-backport.patch";
 applyPatch "$DOS_PATCHES/android_packages_apps_Settings/367639-backport.patch"; #n-asb-2023-10 Restrict ApnEditor settings
 applyPatch "$DOS_PATCHES/android_packages_apps_Settings/401375-backport.patch"; #S_asb_2024-09 Limit wifi item edit content's max length to 500
 applyPatch "$DOS_PATCHES/android_packages_apps_Settings/401377-backport.patch"; #S_asb_2024-09 Ignore fragment attr from ext authenticator resource
+applyPatch "$DOS_PATCHES/android_packages_apps_Settings/405832-backport.patch"; #P_asb_2024-10 FRP bypass defense in App battery usage page
 git revert --no-edit a96df110e84123fe1273bff54feca3b4ca484dcd; #Don't hide OEM unlock
 applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969)
 if [ "$DOS_SENSORS_PERM" = true ]; then