mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-10-01 01:35:54 -04:00
14/15 extra March patch
Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
parent
fe80137df9
commit
790eeebc90
34
Patches/LineageOS-14.1/android_frameworks_base/352086.patch
Normal file
34
Patches/LineageOS-14.1/android_frameworks_base/352086.patch
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
From 5d17459a966adff163bad35c2bd07168767110dc Mon Sep 17 00:00:00 2001
|
||||||
|
From: Nate Myren <ntmyren@google.com>
|
||||||
|
Date: Fri, 2 Dec 2022 09:44:31 -0800
|
||||||
|
Subject: [PATCH] RESTRICT AUTOMERGE Revoke dev perm if app is upgrading to
|
||||||
|
post 23 and perm has pre23 flag
|
||||||
|
|
||||||
|
If a permission has the "pre23" flag, and an app is upgrading past api
|
||||||
|
23, then we should not assume that a "development" permission remains
|
||||||
|
granted
|
||||||
|
|
||||||
|
Fixes: 259458532
|
||||||
|
Test: atest RevokeSawPermissionTest
|
||||||
|
Change-Id: I214396f455c5ed9e8bac2e50b1525b86475c81c7
|
||||||
|
(cherry picked from commit 2f30a63b11e59f9daf42f51eb85aa91c86f4baf4)
|
||||||
|
Merged-In: I214396f455c5ed9e8bac2e50b1525b86475c81c7
|
||||||
|
---
|
||||||
|
.../java/com/android/server/pm/PackageManagerService.java | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
|
||||||
|
index 915c40e5400e8..ebacb3c2c8950 100644
|
||||||
|
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
|
||||||
|
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
|
||||||
|
@@ -10573,8 +10573,8 @@ && isSystemApp(pkg)) {
|
||||||
|
// Any pre-installed system app is allowed to get this permission.
|
||||||
|
allowed = true;
|
||||||
|
}
|
||||||
|
- if (!allowed && (bp.protectionLevel
|
||||||
|
- & PermissionInfo.PROTECTION_FLAG_DEVELOPMENT) != 0) {
|
||||||
|
+ if (!allowed && (bp.protectionLevel & PermissionInfo.PROTECTION_FLAG_DEVELOPMENT) != 0
|
||||||
|
+ && (bp.protectionLevel & PermissionInfo.PROTECTION_FLAG_PRE23) == 0) {
|
||||||
|
// For development permissions, a development permission
|
||||||
|
// is granted only if it was already granted.
|
||||||
|
allowed = origPermissions.hasInstallPermission(perm);
|
34
Patches/LineageOS-15.1/android_frameworks_base/352086.patch
Normal file
34
Patches/LineageOS-15.1/android_frameworks_base/352086.patch
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
From 5d17459a966adff163bad35c2bd07168767110dc Mon Sep 17 00:00:00 2001
|
||||||
|
From: Nate Myren <ntmyren@google.com>
|
||||||
|
Date: Fri, 2 Dec 2022 09:44:31 -0800
|
||||||
|
Subject: [PATCH] RESTRICT AUTOMERGE Revoke dev perm if app is upgrading to
|
||||||
|
post 23 and perm has pre23 flag
|
||||||
|
|
||||||
|
If a permission has the "pre23" flag, and an app is upgrading past api
|
||||||
|
23, then we should not assume that a "development" permission remains
|
||||||
|
granted
|
||||||
|
|
||||||
|
Fixes: 259458532
|
||||||
|
Test: atest RevokeSawPermissionTest
|
||||||
|
Change-Id: I214396f455c5ed9e8bac2e50b1525b86475c81c7
|
||||||
|
(cherry picked from commit 2f30a63b11e59f9daf42f51eb85aa91c86f4baf4)
|
||||||
|
Merged-In: I214396f455c5ed9e8bac2e50b1525b86475c81c7
|
||||||
|
---
|
||||||
|
.../java/com/android/server/pm/PackageManagerService.java | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
|
||||||
|
index 915c40e5400e8..ebacb3c2c8950 100644
|
||||||
|
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
|
||||||
|
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
|
||||||
|
@@ -10573,8 +10573,8 @@ && isSystemApp(pkg)) {
|
||||||
|
// Any pre-installed system app is allowed to get this permission.
|
||||||
|
allowed = true;
|
||||||
|
}
|
||||||
|
- if (!allowed && (bp.protectionLevel
|
||||||
|
- & PermissionInfo.PROTECTION_FLAG_DEVELOPMENT) != 0) {
|
||||||
|
+ if (!allowed && (bp.protectionLevel & PermissionInfo.PROTECTION_FLAG_DEVELOPMENT) != 0
|
||||||
|
+ && (bp.protectionLevel & PermissionInfo.PROTECTION_FLAG_PRE23) == 0) {
|
||||||
|
// For development permissions, a development permission
|
||||||
|
// is granted only if it was already granted.
|
||||||
|
allowed = origPermissions.hasInstallPermission(perm);
|
@ -182,6 +182,7 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/346950.patch"; #n-asb-2023-01 T
|
|||||||
applyPatch "$DOS_PATCHES/android_frameworks_base/346951.patch"; #n-asb-2023-01 Fix conditionId string trimming in AutomaticZenRule
|
applyPatch "$DOS_PATCHES/android_frameworks_base/346951.patch"; #n-asb-2023-01 Fix conditionId string trimming in AutomaticZenRule
|
||||||
applyPatch "$DOS_PATCHES/android_frameworks_base/348650.patch"; #n-asb-2023-02 Correct the behavior of ACTION_PACKAGE_DATA_CLEARED
|
applyPatch "$DOS_PATCHES/android_frameworks_base/348650.patch"; #n-asb-2023-02 Correct the behavior of ACTION_PACKAGE_DATA_CLEARED
|
||||||
applyPatch "$DOS_PATCHES/android_frameworks_base/348651.patch"; #n-asb-2023-02 Convert argument to intent in ChooseTypeAndAccountActivity
|
applyPatch "$DOS_PATCHES/android_frameworks_base/348651.patch"; #n-asb-2023-02 Convert argument to intent in ChooseTypeAndAccountActivity
|
||||||
|
applyPatch "$DOS_PATCHES/android_frameworks_base/352086.patch"; #n-asb-2023-03 Revoke dev perm if app is upgrading to post 23 and perm has pre23 flag
|
||||||
git revert --no-edit 0326bb5e41219cf502727c3aa44ebf2daa19a5b3; #Re-enable doze on devices without gms
|
git revert --no-edit 0326bb5e41219cf502727c3aa44ebf2daa19a5b3; #Re-enable doze on devices without gms
|
||||||
applyPatch "$DOS_PATCHES/android_frameworks_base/248599.patch"; #Make SET_TIME_ZONE permission match SET_TIME (AOSP)
|
applyPatch "$DOS_PATCHES/android_frameworks_base/248599.patch"; #Make SET_TIME_ZONE permission match SET_TIME (AOSP)
|
||||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0001-Reduced_Resolution.patch"; #Allow reducing resolution to save power TODO: Add 800x480 (DivestOS)
|
applyPatch "$DOS_PATCHES/android_frameworks_base/0001-Reduced_Resolution.patch"; #Allow reducing resolution to save power TODO: Add 800x480 (DivestOS)
|
||||||
|
@ -173,6 +173,7 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/347049-backport.patch"; #P_asb_
|
|||||||
applyPatch "$DOS_PATCHES/android_frameworks_base/347051-backport.patch"; #P_asb_2023-01 Add protections agains use-after-free issues if cancel() or queue() is called after a device connection has been closed.
|
applyPatch "$DOS_PATCHES/android_frameworks_base/347051-backport.patch"; #P_asb_2023-01 Add protections agains use-after-free issues if cancel() or queue() is called after a device connection has been closed.
|
||||||
applyPatch "$DOS_PATCHES/android_frameworks_base/349330.patch"; #P_asb_2023-02 Correct the behavior of ACTION_PACKAGE_DATA_CLEARED
|
applyPatch "$DOS_PATCHES/android_frameworks_base/349330.patch"; #P_asb_2023-02 Correct the behavior of ACTION_PACKAGE_DATA_CLEARED
|
||||||
applyPatch "$DOS_PATCHES/android_frameworks_base/349331.patch"; #P_asb_2023-02 Convert argument to intent in ChooseTypeAndAccountActivity
|
applyPatch "$DOS_PATCHES/android_frameworks_base/349331.patch"; #P_asb_2023-02 Convert argument to intent in ChooseTypeAndAccountActivity
|
||||||
|
applyPatch "$DOS_PATCHES/android_frameworks_base/352086.patch"; #n-asb-2023-03 Revoke dev perm if app is upgrading to post 23 and perm has pre23 flag
|
||||||
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0001-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
|
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0001-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
|
||||||
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969)
|
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969)
|
||||||
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after three failed attempts (GrapheneOS)
|
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after three failed attempts (GrapheneOS)
|
||||||
|
Loading…
Reference in New Issue
Block a user