diff --git a/Patches/LineageOS-15.1/android_frameworks_base/405829-backport.patch b/Patches/LineageOS-15.1/android_frameworks_base/405829-backport.patch new file mode 100644 index 00000000..20ad8f6b --- /dev/null +++ b/Patches/LineageOS-15.1/android_frameworks_base/405829-backport.patch @@ -0,0 +1,32 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Dmitry Dementyev +Date: Thu, 11 Jul 2024 12:39:22 -0700 +Subject: [PATCH] Update AccountManagerService checkKeyIntent. + +Block intents with "content" data scheme. + +Bug: 349780950 +Test: manual +Flag: EXEMPT bugfix +(cherry picked from commit c1e79495a49bd4d3e380136fe4bca7ac1a9ed763) +(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:59b2cc4447fbbdea58840f5b9d885d83241ac5f5) +Merged-In: I8b23191d3d60036ca7ddf0ef7dcba6b38fb27b3c +Change-Id: I8b23191d3d60036ca7ddf0ef7dcba6b38fb27b3c +--- + .../com/android/server/accounts/AccountManagerService.java | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java +index 45c56e41d7fb..95fd335bc11c 100644 +--- a/services/core/java/com/android/server/accounts/AccountManagerService.java ++++ b/services/core/java/com/android/server/accounts/AccountManagerService.java +@@ -4779,6 +4779,9 @@ public class AccountManagerService + if (resolveInfo == null) { + return false; + } ++ if ("content".equals(intent.getScheme())) { ++ return false; ++ } + ActivityInfo targetActivityInfo = resolveInfo.activityInfo; + int targetUid = targetActivityInfo.applicationInfo.uid; + if (!isExportedSystemActivity(targetActivityInfo) diff --git a/Patches/LineageOS-15.1/android_frameworks_base/405830.patch b/Patches/LineageOS-15.1/android_frameworks_base/405830.patch new file mode 100644 index 00000000..942a928c --- /dev/null +++ b/Patches/LineageOS-15.1/android_frameworks_base/405830.patch @@ -0,0 +1,30 @@ +From 036b28bd48fae9e16d8b1b2a8bb629f4221e41c2 Mon Sep 17 00:00:00 2001 +From: William Loh +Date: Mon, 3 Jun 2024 12:56:47 -0700 +Subject: [PATCH] Fail parseUri if end is missing + +Bug: 318683126 +Test: atest IntentTest +Flag: EXEMPT bugfix +(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:b85bee508793e31d6fe37fc9cd4e8fa3787113cc) +(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:5d754ed6dd1fd321746f5ec4742831ffd97a9967) +Merged-In: I5f619ced684ff505ce2b7408cd35dd3e9be89dea +Change-Id: I5f619ced684ff505ce2b7408cd35dd3e9be89dea +--- + core/java/android/content/Intent.java | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/core/java/android/content/Intent.java b/core/java/android/content/Intent.java +index 66c2658f9f132..dbed1b1a8fd31 100644 +--- a/core/java/android/content/Intent.java ++++ b/core/java/android/content/Intent.java +@@ -6277,6 +6277,9 @@ public static Intent parseUri(String uri, @UriFlags int flags) throws URISyntaxE + int eq = uri.indexOf('=', i); + if (eq < 0) eq = i-1; + int semi = uri.indexOf(';', i); ++ if (semi < 0) { ++ throw new URISyntaxException(uri, "uri end not found"); ++ } + String value = eq < semi ? Uri.decode(uri.substring(eq + 1, semi)) : ""; + + // action diff --git a/Patches/LineageOS-15.1/android_libcore/405831.patch b/Patches/LineageOS-15.1/android_libcore/405831.patch new file mode 100644 index 00000000..cb729c45 --- /dev/null +++ b/Patches/LineageOS-15.1/android_libcore/405831.patch @@ -0,0 +1,53 @@ +From b7877b7a39d68acb35c40d1df1b588f067cca800 Mon Sep 17 00:00:00 2001 +From: Almaz Mingaleev +Date: Wed, 10 Jul 2024 13:38:35 +0100 +Subject: [PATCH] Do not accept zip files with invalid headers. + +According to Section 4.3.6 in [1] non-empty zip file starts with +local file header. 4.3.1 allows empty files, and in such case +file starts with "end of central directory record". + +This aligns ZipFile with libziparchive modulo empty zip files - +libziparchive rejects them. + +Tests are skipped because sc-dev branch uses ART module +prebuilts, but builds tests from sources which leads to presubmit +failures. + +Ignore-AOSP-First: b/309938635#comment1 + +[1] https://pkwaredownloads.blob.core.windows.net/pem/APPNOTE.txt + +Bug: 309938635 +Test: CtsLibcoreTestCases +Test: CtsLibcoreOjTestCases +(cherry picked from commit 288a44a1817707110cdf5a3a6ef8377c6e10cce2) +(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:43e428a99aa89a9dfbe93000171721ecbfc31b88) +Merged-In: I545cdd49ec3cc138331145f4716c8148662a478b +Change-Id: I545cdd49ec3cc138331145f4716c8148662a478b +--- + ojluni/src/main/native/zip_util.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/ojluni/src/main/native/zip_util.c b/ojluni/src/main/native/zip_util.c +index e2503e84c2e..1f38b1783f1 100644 +--- a/ojluni/src/main/native/zip_util.c ++++ b/ojluni/src/main/native/zip_util.c +@@ -876,6 +876,17 @@ ZIP_Put_In_Cache0(const char *name, ZFILE zfd, char **pmsg, jlong lastModified, + zip->locsig = JNI_TRUE; + else + zip->locsig = JNI_FALSE; ++ ++ // BEGIN Android-changed: do not accept files with invalid header. ++ if (GETSIG(errbuf) != LOCSIG && GETSIG(errbuf) != ENDSIG) { ++ if (pmsg) { ++ *pmsg = strdup("Entry at offset zero has invalid LFH signature."); ++ } ++ ZFILE_Close(zfd); ++ freeZip(zip); ++ return NULL; ++ } ++ // END Android-changed: do not accept files with invalid header. + } + + // This lseek is safe because it happens during construction of the ZipFile diff --git a/Patches/LineageOS-15.1/android_packages_apps_Settings/405832-backport.patch b/Patches/LineageOS-15.1/android_packages_apps_Settings/405832-backport.patch new file mode 100644 index 00000000..3c8cf0dd --- /dev/null +++ b/Patches/LineageOS-15.1/android_packages_apps_Settings/405832-backport.patch @@ -0,0 +1,52 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Yiling Chuang +Date: Mon, 8 Jul 2024 03:09:50 +0000 +Subject: [PATCH] RESTRICT AUTOMERGE FRP bypass defense in App battery usage + page + +Before the setup flow completion, don't allow the app info page in App battery usage to be launched. + +Bug: 327748846 +Test: atest SettingsRoboTests + manual test +- factory reset + launch app battery usage app info via ADB during Setup -> verify app closes +Flag : EXEMPT bugfix + +(cherry picked from commit 419a6a907902a12a0f565c808fa70092004d6686) +(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:62b0014ed6e69b0abc48a5c18b740f95bc5dc429) +Merged-In: I486820ca2afecc02729a56a3c531fb931c1907d0 +Change-Id: I486820ca2afecc02729a56a3c531fb931c1907d0 +--- + .../android/settings/fuelgauge/AdvancedPowerUsageDetail.java | 5 +++++ + .../settings/fuelgauge/AdvancedPowerUsageDetailTest.java | 5 +++++ + 2 files changed, 10 insertions(+) + +diff --git a/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetail.java b/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetail.java +index 160b52f118d..36b464e0b9c 100644 +--- a/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetail.java ++++ b/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetail.java +@@ -217,6 +217,11 @@ public class AdvancedPowerUsageDetail extends DashboardFragment implements + initPreference(); + } + ++ @Override ++ protected boolean shouldSkipForInitialSUW() { ++ return true; ++ } ++ + @VisibleForTesting + void initAnomalyInfo() { + mAnomalies = getArguments().getParcelableArrayList(EXTRA_ANOMALY_LIST); +diff --git a/tests/robotests/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetailTest.java b/tests/robotests/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetailTest.java +index 54d043c419d..8bbed5de0d0 100644 +--- a/tests/robotests/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetailTest.java ++++ b/tests/robotests/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetailTest.java +@@ -434,4 +434,9 @@ public class AdvancedPowerUsageDetailTest { + verify(mAnomalySummaryPreferenceController).updateAnomalySummaryPreference(mAnomalies); + } + ++ @Test ++ public void shouldSkipForInitialSUW_returnTrue() { ++ assertThat(mFragment.shouldSkipForInitialSUW()).isTrue(); ++ } ++ + } diff --git a/Patches/LineageOS-16.0/android_packages_apps_Settings/405832.patch b/Patches/LineageOS-16.0/android_packages_apps_Settings/405832.patch index d0c8a72d..22a83621 100644 --- a/Patches/LineageOS-16.0/android_packages_apps_Settings/405832.patch +++ b/Patches/LineageOS-16.0/android_packages_apps_Settings/405832.patch @@ -1,4 +1,4 @@ -From 9e4a67d2ae95b69f88b0bdf15ace52870ae93d5e Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Yiling Chuang Date: Mon, 8 Jul 2024 03:09:50 +0000 Subject: [PATCH] RESTRICT AUTOMERGE FRP bypass defense in App battery usage @@ -17,14 +17,14 @@ Merged-In: I486820ca2afecc02729a56a3c531fb931c1907d0 Change-Id: I486820ca2afecc02729a56a3c531fb931c1907d0 --- .../android/settings/fuelgauge/AdvancedPowerUsageDetail.java | 5 +++++ - .../settings/fuelgauge/AdvancedPowerUsageDetailTest.java | 3 +++ - 2 files changed, 8 insertions(+) + .../settings/fuelgauge/AdvancedPowerUsageDetailTest.java | 5 +++++ + 2 files changed, 10 insertions(+) diff --git a/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetail.java b/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetail.java index 683395e773c..d2a34c64886 100644 --- a/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetail.java +++ b/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetail.java -@@ -234,6 +234,11 @@ public void onResume() { +@@ -234,6 +234,11 @@ public class AdvancedPowerUsageDetail extends DashboardFragment implements initPreference(); } @@ -37,15 +37,16 @@ index 683395e773c..d2a34c64886 100644 void initAnomalyInfo() { mAnomalies = getArguments().getParcelableArrayList(EXTRA_ANOMALY_LIST); diff --git a/tests/robotests/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetailTest.java b/tests/robotests/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetailTest.java -index 0be63899785..2de4786763d 100644 +index 0be63899785..485cfd672bf 100644 --- a/tests/robotests/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetailTest.java +++ b/tests/robotests/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetailTest.java -@@ -434,5 +434,8 @@ public void testInitAnomalyInfo_anomalyExisted_updateAnomaly() { - mFragment.initAnomalyInfo(); +@@ -435,4 +435,9 @@ public class AdvancedPowerUsageDetailTest { verify(mAnomalySummaryPreferenceController).updateAnomalySummaryPreference(mAnomalies); + } + ++ @Test + public void shouldSkipForInitialSUW_returnTrue() { + assertThat(mFragment.shouldSkipForInitialSUW()).isTrue(); - } ++ } } diff --git a/Scripts/LineageOS-15.1/Patch.sh b/Scripts/LineageOS-15.1/Patch.sh index 93b6de12..991b7557 100644 --- a/Scripts/LineageOS-15.1/Patch.sh +++ b/Scripts/LineageOS-15.1/Patch.sh @@ -76,7 +76,7 @@ applyPatch "$DOS_PATCHES/android_build/0002-Enable_fwrapv.patch"; #Use -fwrapv a applyPatch "$DOS_PATCHES/android_build/0003-verity-openssl3.patch"; #Fix VB 1.0 failure due to openssl output format change sed -i '57i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches. awk -i inplace '!/Email/' target/product/core.mk; #Remove Email -sed -i 's/2021-10-05/2024-09-05/' core/version_defaults.mk; #Bump Security String #XXX +sed -i 's/2021-10-05/2024-10-05/' core/version_defaults.mk; #Bump Security String #XXX fi; if enterAndClear "build/soong"; then @@ -277,6 +277,8 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/397594.patch"; #P_asb_2024-07 V applyPatch "$DOS_PATCHES/android_frameworks_base/399769-backport.patch"; #P_asb_2024-08 Restrict USB poups while setup is in progress applyPatch "$DOS_PATCHES/android_frameworks_base/399770.patch"; #P_asb_2024-08 Hide SAW subwindows applyPatch "$DOS_PATCHES/android_frameworks_base/401373-backport.patch"; #S_asb_2024-09 Sanitized uri scheme by removing scheme delimiter +applyPatch "$DOS_PATCHES/android_frameworks_base/405829-backport.patch"; #P_asb_2024-10 Update AccountManagerService checkKeyIntent. ++applyPatch "$DOS_PATCHES/android_frameworks_base/405830.patch"; #P_asb_2024-10 Fail parseUri if end is missing applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0001-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS) applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969) applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after five failed attempts (GrapheneOS) @@ -360,6 +362,10 @@ if enterAndClear "hardware/qcom/gps"; then applyPatch "$DOS_PATCHES_COMMON/android_hardware_qcom_gps/0001-rollover.patch"; #Fix week rollover (jlask) fi; +if enterAndClear "libcore"; then +applyPatch "$DOS_PATCHES/android_libcore/405831.patch"; #P_asb_2024-10 Do not accept zip files with invalid headers. +fi; + if enterAndClear "lineage-sdk"; then awk -i inplace '!/WeatherManagerServiceBroker/' lineage/res/res/values/config.xml; #Disable Weather if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then awk -i inplace '!/LineageAudioService/' lineage/res/res/values/config.xml; fi; #Remove AudioFX @@ -428,6 +434,7 @@ applyPatch "$DOS_PATCHES/android_packages_apps_Settings/365973-backport.patch"; applyPatch "$DOS_PATCHES/android_packages_apps_Settings/367639-backport.patch"; #n-asb-2023-10 Restrict ApnEditor settings applyPatch "$DOS_PATCHES/android_packages_apps_Settings/401375-backport.patch"; #S_asb_2024-09 Limit wifi item edit content's max length to 500 applyPatch "$DOS_PATCHES/android_packages_apps_Settings/401377-backport.patch"; #S_asb_2024-09 Ignore fragment attr from ext authenticator resource +applyPatch "$DOS_PATCHES/android_packages_apps_Settings/405832-backport.patch"; #P_asb_2024-10 FRP bypass defense in App battery usage page git revert --no-edit a96df110e84123fe1273bff54feca3b4ca484dcd; #Don't hide OEM unlock applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969) if [ "$DOS_SENSORS_PERM" = true ]; then