mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-25 07:29:24 -05:00
Tweaks
- 20.0: pick fixes for the deny usb toggle - 20.0: pull in a patch from GrapheneOS removing a package list leak Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
parent
ac3dc319c7
commit
807a08210a
@ -59,6 +59,9 @@ nojit
|
||||
9 https://github.com/GrapheneOS/platform_build/commit/5b9927197e63593b9220d1a9280021252ef205e9
|
||||
9 https://github.com/GrapheneOS/platform_build/commit/e36c7aefaa78a1ed5b94c7f51d29277008eea232
|
||||
|
||||
[implemented] package leak
|
||||
13 https://github.com/GrapheneOS/platform_frameworks_base/commit/28761ffa183eb719dc991a3ce9afa422fb43c16e
|
||||
|
||||
[implemented] auto-var-init
|
||||
10 https://github.com/GrapheneOS/platform_build_soong/commit/e1b0c965952c47663d4266293b5d0e3f95121260
|
||||
10 https://github.com/GrapheneOS-Archive/platform_prebuilts_abi-dumps_vndk/commit/f2bd5eaae6a72a07c6be92cbaf2f9defa30fcf38
|
||||
|
@ -0,0 +1,52 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
|
||||
Date: Sat, 5 Nov 2022 12:54:52 +0200
|
||||
Subject: [PATCH] don't leak device-wide package list to apps when work profile
|
||||
is present
|
||||
|
||||
If the primary user had a work profile, then apps installed in primary user could see packages that
|
||||
were installed only in secondary user(s). They couldn't see which secondary user had which apps,
|
||||
only presence of such packages was revealed.
|
||||
|
||||
This special handling of MATCH_UNINSTALLED_PACKAGES flag was added in October 2016 for compatibility
|
||||
with legacy launchers. It is not needed anymore, at least for popular third party launchers.
|
||||
|
||||
Note that apps in owner user can still see apps in work profile of owner user, it's part of a public
|
||||
API. Also, apps that are not installed in primary user are visible in Settings -> Apps, with
|
||||
"Not installed for this user" subtitle.
|
||||
|
||||
See commit 0d1fd8d09163566d2c7eb72037f63b6404ada642 and issue report
|
||||
https://github.com/GrapheneOS/os-issue-tracker/issues/1634 for more details.
|
||||
---
|
||||
.../java/com/android/server/pm/ComputerEngine.java | 12 ------------
|
||||
1 file changed, 12 deletions(-)
|
||||
|
||||
diff --git a/services/core/java/com/android/server/pm/ComputerEngine.java b/services/core/java/com/android/server/pm/ComputerEngine.java
|
||||
index 259ca655d2b9..1845d7b1cbcf 100644
|
||||
--- a/services/core/java/com/android/server/pm/ComputerEngine.java
|
||||
+++ b/services/core/java/com/android/server/pm/ComputerEngine.java
|
||||
@@ -2845,24 +2845,12 @@ public class ComputerEngine implements Computer {
|
||||
* Update given flags when being used to request {@link PackageInfo}.
|
||||
*/
|
||||
public final long updateFlagsForPackage(long flags, int userId) {
|
||||
- final boolean isCallerSystemUser = UserHandle.getCallingUserId()
|
||||
- == UserHandle.USER_SYSTEM;
|
||||
if ((flags & PackageManager.MATCH_ANY_USER) != 0) {
|
||||
// require the permission to be held; the calling uid and given user id referring
|
||||
// to the same user is not sufficient
|
||||
enforceCrossUserPermission(Binder.getCallingUid(), userId, false, false,
|
||||
!isRecentsAccessingChildProfiles(Binder.getCallingUid(), userId),
|
||||
"MATCH_ANY_USER flag requires INTERACT_ACROSS_USERS permission");
|
||||
- } else if ((flags & PackageManager.MATCH_UNINSTALLED_PACKAGES) != 0
|
||||
- && isCallerSystemUser
|
||||
- && mUserManager.hasProfile(UserHandle.USER_SYSTEM)) {
|
||||
- // If the caller wants all packages and has a profile associated with it,
|
||||
- // then match all users. This is to make sure that launchers that need to access
|
||||
- //work
|
||||
- // profile apps don't start breaking. TODO: Remove this hack when launchers stop
|
||||
- //using
|
||||
- // MATCH_UNINSTALLED_PACKAGES to query apps in other profiles. b/31000380
|
||||
- flags |= PackageManager.MATCH_ANY_USER;
|
||||
}
|
||||
return updateFlags(flags, userId);
|
||||
}
|
@ -1 +1 @@
|
||||
Subproject commit 073a081f055e3ef0e5a9153417b3bf0fd35d7105
|
||||
Subproject commit f754766d7c1715518507f5502462a0197a01a2ab
|
@ -102,9 +102,9 @@ patchWorkspace() {
|
||||
gpgVerifyGitTag "$DOS_BUILD_BASE/external/SecureCamera";
|
||||
gpgVerifyGitHead "$DOS_BUILD_BASE/external/chromium-webview";
|
||||
|
||||
#source build/envsetup.sh;
|
||||
#repopick -i 343790; #usb: have enableUsbDataSignal() call queryPortStatus() if successful
|
||||
#repopick -i 343791; #UsbManager: enableUsbDataSignal: return early if HAL version is too old
|
||||
source build/envsetup.sh;
|
||||
repopick -i 343790; #usb: have enableUsbDataSignal() call queryPortStatus() if successful
|
||||
repopick -i 343791; #UsbManager: enableUsbDataSignal: return early if HAL version is too old
|
||||
|
||||
sh "$DOS_SCRIPTS/Patch.sh";
|
||||
sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";
|
||||
|
@ -176,6 +176,7 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/0023-Skip_Screen_Animation.patc
|
||||
#applyPatch "$DOS_PATCHES/android_frameworks_base/0025-Monet_Toggle.patch"; #Make monet based theming user configurable (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0026-Crash_Details.patch"; #Add an option to show the details of an application error to the user (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0027-Installer_Glitch.patch"; #Make sure PackageInstaller UI returns a result (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0028-Remove_Legacy_Package_Query.patch"; #Don't leak device-wide package list to apps when work profile is present (GrapheneOS)
|
||||
hardenLocationConf services/core/java/com/android/server/location/gnss/gps_debug.conf; #Harden the default GPS config
|
||||
changeDefaultDNS; #Change the default DNS servers
|
||||
sed -i 's/DEFAULT_USE_COMPACTION = false;/DEFAULT_USE_COMPACTION = true;/' services/core/java/com/android/server/am/CachedAppOptimizer.java; #Enable app compaction by default (GrapheneOS)
|
||||
|
@ -31,3 +31,6 @@ chmod -v 700 Patches/Linux/*.sh;
|
||||
#PrebuiltApps has its own fix_permissions.sh
|
||||
#Patches/Wallpapers has its own fix_permissions.sh
|
||||
setStrict Scripts;
|
||||
setRelaxed Repos/firmware;
|
||||
setRelaxed Repos/firmware-empty;
|
||||
setRelaxed Repos/firmware-19.1;
|
||||
|
Loading…
Reference in New Issue
Block a user