mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-24 15:09:34 -05:00
18.1: July ASB work
Signed-off-by: Tavi <tavi@divested.dev>
This commit is contained in:
parent
30b658da98
commit
837cfbbf48
@ -23,7 +23,7 @@ index eb64db7493cc..31b960716b4b 100644
|
||||
<!-- Allows applications to access information about networks.
|
||||
<p>Protection level: normal
|
||||
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
index 0320c4b20c93..374fa4ea084e 100644
|
||||
index 64a1b5b6bb6a..e2eb882cb14e 100644
|
||||
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
@@ -2650,7 +2650,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
|
||||
|
@ -128,7 +128,7 @@ index 189544f98594..9badc8c4d9c0 100644
|
||||
field public static final String SENSORS = "android.permission-group.SENSORS";
|
||||
field public static final String SMS = "android.permission-group.SMS";
|
||||
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
index 374fa4ea084e..182679b779e9 100644
|
||||
index e2eb882cb14e..cb6caf9e2577 100644
|
||||
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
@@ -2650,7 +2650,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
|
||||
|
@ -17,7 +17,7 @@ As a result, PackageManagerService is no longer modified.
|
||||
1 file changed, 19 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
index eb27a13523ba..0320c4b20c93 100644
|
||||
index 53164c7424d5..64a1b5b6bb6a 100644
|
||||
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
@@ -1462,7 +1462,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
|
||||
|
@ -145,7 +145,7 @@ index 790d7f7ab694..4f7fd039ccd7 100644
|
||||
OsConstants._LINUX_CAPABILITY_VERSION_3, 0);
|
||||
StructCapUserData[] data;
|
||||
diff --git a/core/java/com/android/internal/os/ZygoteConnection.java b/core/java/com/android/internal/os/ZygoteConnection.java
|
||||
index e6a3029c5b2b..5e4518cffb9f 100644
|
||||
index b2c0a6b98273..2c0acd3b2498 100644
|
||||
--- a/core/java/com/android/internal/os/ZygoteConnection.java
|
||||
+++ b/core/java/com/android/internal/os/ZygoteConnection.java
|
||||
@@ -29,6 +29,7 @@ import android.net.Credentials;
|
||||
@ -156,7 +156,7 @@ index e6a3029c5b2b..5e4518cffb9f 100644
|
||||
import android.os.Trace;
|
||||
import android.system.ErrnoException;
|
||||
import android.system.Os;
|
||||
@@ -501,6 +502,13 @@ class ZygoteConnection {
|
||||
@@ -504,6 +505,13 @@ class ZygoteConnection {
|
||||
throw new IllegalStateException("WrapperInit.execApplication unexpectedly returned");
|
||||
} else {
|
||||
if (!isZygote) {
|
||||
|
@ -78,10 +78,10 @@ index a7d9827855a2..aa874ad98a78 100644
|
||||
+ public static native void nativeHandleRuntimeFlags(int runtimeFlags);
|
||||
}
|
||||
diff --git a/core/java/com/android/internal/os/ZygoteConnection.java b/core/java/com/android/internal/os/ZygoteConnection.java
|
||||
index f31616fc88fb..f5044f9ecbb0 100644
|
||||
index b2f65145358a..9fb4ae12922e 100644
|
||||
--- a/core/java/com/android/internal/os/ZygoteConnection.java
|
||||
+++ b/core/java/com/android/internal/os/ZygoteConnection.java
|
||||
@@ -505,7 +505,7 @@ class ZygoteConnection {
|
||||
@@ -508,7 +508,7 @@ class ZygoteConnection {
|
||||
if (SystemProperties.getBoolean("sys.spawn.exec", false) &&
|
||||
(parsedArgs.mRuntimeFlags & ApplicationInfo.FLAG_DEBUGGABLE) == 0) {
|
||||
ExecInit.execApplication(parsedArgs.mNiceName, parsedArgs.mTargetSdkVersion,
|
||||
|
@ -10,10 +10,10 @@ spawning when doing debugging.
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/core/java/com/android/internal/os/ZygoteConnection.java b/core/java/com/android/internal/os/ZygoteConnection.java
|
||||
index 5e4518cffb9f..f31616fc88fb 100644
|
||||
index 2c0acd3b2498..b2f65145358a 100644
|
||||
--- a/core/java/com/android/internal/os/ZygoteConnection.java
|
||||
+++ b/core/java/com/android/internal/os/ZygoteConnection.java
|
||||
@@ -502,7 +502,8 @@ class ZygoteConnection {
|
||||
@@ -505,7 +505,8 @@ class ZygoteConnection {
|
||||
throw new IllegalStateException("WrapperInit.execApplication unexpectedly returned");
|
||||
} else {
|
||||
if (!isZygote) {
|
||||
|
@ -0,0 +1,46 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Martijn Coenen <maco@google.com>
|
||||
Date: Thu, 29 Feb 2024 12:03:05 +0000
|
||||
Subject: [PATCH] Verify UID of incoming Zygote connections.
|
||||
|
||||
Only the system UID should be allowed to connect to the Zygote. While
|
||||
for generic Zygotes this is also covered by SELinux policy, this is not
|
||||
true for App Zygotes: the preload code running in an app zygote could
|
||||
connect to another app zygote socket, if it had access to its (random)
|
||||
socket address.
|
||||
|
||||
On the Java layer, simply check the UID when the connection is made. In
|
||||
the native layer, this check was already present, but it actually didn't
|
||||
work in the case where we receive a new incoming connection on the
|
||||
socket, and receive a 'non-fork' command: in that case, we will simply
|
||||
exit the native loop, and let the Java layer handle the command, without
|
||||
any further UID checking.
|
||||
|
||||
Modified the native logic to drop new connections with a mismatching
|
||||
UID, and to keep serving the existing connection (if it was still
|
||||
there).
|
||||
|
||||
Bug: 319081336
|
||||
Test: manual
|
||||
(cherry picked from commit 2ffc7cb220e4220b7e108c4043a3f0f2a85b6508)
|
||||
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:e397fd3d20c3f409311e411387ec1524ccecf085)
|
||||
Merged-In: I3f85a17107849e2cd3e82d6ef15c90b9e2f26532
|
||||
Change-Id: I3f85a17107849e2cd3e82d6ef15c90b9e2f26532
|
||||
---
|
||||
core/java/com/android/internal/os/ZygoteConnection.java | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/core/java/com/android/internal/os/ZygoteConnection.java b/core/java/com/android/internal/os/ZygoteConnection.java
|
||||
index e6a3029c5b2b..b2c0a6b98273 100644
|
||||
--- a/core/java/com/android/internal/os/ZygoteConnection.java
|
||||
+++ b/core/java/com/android/internal/os/ZygoteConnection.java
|
||||
@@ -98,6 +98,9 @@ class ZygoteConnection {
|
||||
throw ex;
|
||||
}
|
||||
|
||||
+ if (peer.getUid() != Process.SYSTEM_UID) {
|
||||
+ throw new ZygoteSecurityException("Only system UID is allowed to connect to Zygote.");
|
||||
+ }
|
||||
isEof = false;
|
||||
}
|
||||
|
37
Patches/LineageOS-18.1/android_frameworks_base/397451.patch
Normal file
37
Patches/LineageOS-18.1/android_frameworks_base/397451.patch
Normal file
@ -0,0 +1,37 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Yi-an Chen <theianchen@google.com>
|
||||
Date: Tue, 23 Apr 2024 21:53:02 +0000
|
||||
Subject: [PATCH] Fix security vulnerability of non-dynamic permission removal
|
||||
|
||||
The original removePermission() code in PermissionManagerService
|
||||
missed a logical negation operator when handling non-dynamic
|
||||
permissions, causing both
|
||||
testPermissionPermission_nonDynamicPermission_permissionUnchanged and
|
||||
testRemovePermission_dynamicPermission_permissionRemoved tests in
|
||||
DynamicPermissionsTest to fail.
|
||||
|
||||
The corresponding test DynamicPermissionsTest is also updated in the
|
||||
other CL: ag/27073864
|
||||
|
||||
Bug: 321711213
|
||||
Test: DynamicPermissionsTest on sc-dev and tm-dev locally
|
||||
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:35d77a77feef62dc108f6478cb9228cc6044f70d)
|
||||
Merged-In: Id573b75cdcfce3a1df5731ffb00c4228c513e686
|
||||
Change-Id: Id573b75cdcfce3a1df5731ffb00c4228c513e686
|
||||
---
|
||||
.../android/server/pm/permission/PermissionManagerService.java | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
index eb27a13523ba..53164c7424d5 100644
|
||||
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
@@ -641,7 +641,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
|
||||
if (bp == null) {
|
||||
return;
|
||||
}
|
||||
- if (bp.isDynamic()) {
|
||||
+ if (!bp.isDynamic()) {
|
||||
// TODO: switch this back to SecurityException
|
||||
Slog.wtf(TAG, "Not allowed to modify non-dynamic permission "
|
||||
+ permName);
|
@ -17,7 +17,7 @@ Signed-off-by: Tad <tad@spotco.us>
|
||||
create mode 100644 src/com/android/settings/security/CarrierConfig2PreferenceController.java
|
||||
|
||||
diff --git a/res/values/strings.xml b/res/values/strings.xml
|
||||
index 3d2b61cc580..e07fd234aa0 100644
|
||||
index 3d2b61cc580..5a51dd12f10 100644
|
||||
--- a/res/values/strings.xml
|
||||
+++ b/res/values/strings.xml
|
||||
@@ -11981,6 +11981,9 @@
|
||||
|
@ -0,0 +1,51 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Omar Eissa <oeissa@google.com>
|
||||
Date: Mon, 15 Apr 2024 12:04:56 +0000
|
||||
Subject: [PATCH] Prevent insertion in other users storage volumes
|
||||
|
||||
Don't allow file insertion in other users storage volumes.
|
||||
This was already handled if DATA was explicitly set in content values,
|
||||
but was allowed if DATA was generated based on other values like RELATIVE_PATH and DISPLAY_NAME.
|
||||
|
||||
Insertion of files in other users storage volumes can be used by malicious apps
|
||||
to get access to other users files, since the same file would exist in both users MP databases
|
||||
which would lead to MP falsely assuming that the user has access to this file.
|
||||
|
||||
Bug: 294406604
|
||||
Test: atest MediaProviderTests
|
||||
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:df39f8486b25473d0bdbeed896ad917e3c793bf9)
|
||||
Merged-In: Ie219bbdbe28819421040e4c083b65ab47d8ebde6
|
||||
Change-Id: Ie219bbdbe28819421040e4c083b65ab47d8ebde6
|
||||
---
|
||||
src/com/android/providers/media/MediaProvider.java | 1 +
|
||||
tests/src/com/android/providers/media/MediaProviderTest.java | 5 ++---
|
||||
2 files changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/com/android/providers/media/MediaProvider.java b/src/com/android/providers/media/MediaProvider.java
|
||||
index 5b3a8c41e..3b040f9d1 100644
|
||||
--- a/src/com/android/providers/media/MediaProvider.java
|
||||
+++ b/src/com/android/providers/media/MediaProvider.java
|
||||
@@ -2652,6 +2652,7 @@ public class MediaProvider extends ContentProvider {
|
||||
|
||||
FileUtils.sanitizeValues(values, /*rewriteHiddenFileName*/ !isFuseThread());
|
||||
FileUtils.computeDataFromValues(values, volumePath, isFuseThread());
|
||||
+ assertFileColumnsConsistent(match, uri, values);
|
||||
|
||||
// Create result file
|
||||
File res = new File(values.getAsString(MediaColumns.DATA));
|
||||
diff --git a/tests/src/com/android/providers/media/MediaProviderTest.java b/tests/src/com/android/providers/media/MediaProviderTest.java
|
||||
index 83b722e07..b865f28e2 100644
|
||||
--- a/tests/src/com/android/providers/media/MediaProviderTest.java
|
||||
+++ b/tests/src/com/android/providers/media/MediaProviderTest.java
|
||||
@@ -316,9 +316,8 @@ public class MediaProviderTest {
|
||||
@Test
|
||||
public void testInsertionWithInvalidFilePath_throwsIllegalArgumentException() {
|
||||
final ContentValues values = new ContentValues();
|
||||
- values.put(MediaStore.MediaColumns.RELATIVE_PATH, "Android/media/com.example");
|
||||
- values.put(MediaStore.Images.Media.DISPLAY_NAME,
|
||||
- "./../../../../../../../../../../../data/media/test.txt");
|
||||
+ values.put(MediaStore.MediaColumns.RELATIVE_PATH, "Android/media/com.example/");
|
||||
+ values.put(MediaStore.Images.Media.DISPLAY_NAME, "data/media/test.txt");
|
||||
|
||||
assertThrows(
|
||||
IllegalArgumentException.class, () -> sIsolatedResolver.insert(
|
@ -0,0 +1,63 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Brian Delwiche <delwiche@google.com>
|
||||
Date: Mon, 22 Apr 2024 21:14:56 +0000
|
||||
Subject: [PATCH] Fix an authentication bypass bug in SMP
|
||||
|
||||
When pairing with BLE legacy pairing initiated
|
||||
from remote, authentication can be bypassed.
|
||||
This change fixes it.
|
||||
|
||||
Bug: 251514170
|
||||
Test: m com.android.btservices
|
||||
Test: manual run against PoC
|
||||
Ignore-AOSP-First: security
|
||||
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:8a3dbadc71428a30b172a74343be08498c656747)
|
||||
Merged-In: I66b1f9a80060f48a604001829db8ea7c96c7b7f8
|
||||
Change-Id: I66b1f9a80060f48a604001829db8ea7c96c7b7f8
|
||||
---
|
||||
stack/smp/smp_act.cc | 12 ++++++++++++
|
||||
stack/smp/smp_int.h | 1 +
|
||||
2 files changed, 13 insertions(+)
|
||||
|
||||
diff --git a/stack/smp/smp_act.cc b/stack/smp/smp_act.cc
|
||||
index c1f143e92..7edd7bd60 100644
|
||||
--- a/stack/smp/smp_act.cc
|
||||
+++ b/stack/smp/smp_act.cc
|
||||
@@ -284,6 +284,7 @@ void smp_send_pair_rsp(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
|
||||
void smp_send_confirm(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
|
||||
SMP_TRACE_DEBUG("%s", __func__);
|
||||
smp_send_cmd(SMP_OPCODE_CONFIRM, p_cb);
|
||||
+ p_cb->flags |= SMP_PAIR_FLAGS_CMD_CONFIRM_SENT;
|
||||
}
|
||||
|
||||
/*******************************************************************************
|
||||
@@ -665,6 +666,17 @@ void smp_proc_rand(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
|
||||
return;
|
||||
}
|
||||
|
||||
+ if (!((p_cb->loc_auth_req & SMP_SC_SUPPORT_BIT) &&
|
||||
+ (p_cb->peer_auth_req & SMP_SC_SUPPORT_BIT)) &&
|
||||
+ !(p_cb->flags & SMP_PAIR_FLAGS_CMD_CONFIRM_SENT)) {
|
||||
+ // in legacy pairing, the peer should send its rand after
|
||||
+ // we send our confirm
|
||||
+ tSMP_INT_DATA smp_int_data{};
|
||||
+ smp_int_data.status = SMP_INVALID_PARAMETERS;
|
||||
+ smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
/* save the SRand for comparison */
|
||||
STREAM_TO_ARRAY(p_cb->rrand.data(), p, OCTET16_LEN);
|
||||
}
|
||||
diff --git a/stack/smp/smp_int.h b/stack/smp/smp_int.h
|
||||
index 72fdf55a9..e3063c57d 100644
|
||||
--- a/stack/smp/smp_int.h
|
||||
+++ b/stack/smp/smp_int.h
|
||||
@@ -241,6 +241,7 @@ typedef union {
|
||||
(1 << 7) /* used to resolve race condition */
|
||||
#define SMP_PAIR_FLAG_HAVE_LOCAL_PUBL_KEY \
|
||||
(1 << 8) /* used on slave to resolve race condition */
|
||||
+#define SMP_PAIR_FLAGS_CMD_CONFIRM_SENT (1 << 9)
|
||||
|
||||
/* check if authentication requirement need MITM protection */
|
||||
#define SMP_NO_MITM_REQUIRED(x) (((x)&SMP_AUTH_YN_BIT) == 0)
|
@ -0,0 +1,63 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Brian Delwiche <delwiche@google.com>
|
||||
Date: Mon, 22 Apr 2024 21:14:56 +0000
|
||||
Subject: [PATCH] Fix an authentication bypass bug in SMP
|
||||
|
||||
When pairing with BLE legacy pairing initiated
|
||||
from remote, authentication can be bypassed.
|
||||
This change fixes it.
|
||||
|
||||
Bug: 251514170
|
||||
Test: m com.android.btservices
|
||||
Test: manual run against PoC
|
||||
Ignore-AOSP-First: security
|
||||
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:8a3dbadc71428a30b172a74343be08498c656747)
|
||||
Merged-In: I66b1f9a80060f48a604001829db8ea7c96c7b7f8
|
||||
Change-Id: I66b1f9a80060f48a604001829db8ea7c96c7b7f8
|
||||
---
|
||||
stack/smp/smp_act.cc | 12 ++++++++++++
|
||||
stack/smp/smp_int.h | 1 +
|
||||
2 files changed, 13 insertions(+)
|
||||
|
||||
diff --git a/stack/smp/smp_act.cc b/stack/smp/smp_act.cc
|
||||
index c2023e421..546024aef 100755
|
||||
--- a/stack/smp/smp_act.cc
|
||||
+++ b/stack/smp/smp_act.cc
|
||||
@@ -300,6 +300,7 @@ void smp_send_pair_rsp(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
|
||||
void smp_send_confirm(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
|
||||
SMP_TRACE_DEBUG("%s", __func__);
|
||||
smp_send_cmd(SMP_OPCODE_CONFIRM, p_cb);
|
||||
+ p_cb->flags |= SMP_PAIR_FLAGS_CMD_CONFIRM_SENT;
|
||||
}
|
||||
|
||||
/*******************************************************************************
|
||||
@@ -661,6 +662,17 @@ void smp_proc_init(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
|
||||
return;
|
||||
}
|
||||
|
||||
+ if (!((p_cb->loc_auth_req & SMP_SC_SUPPORT_BIT) &&
|
||||
+ (p_cb->peer_auth_req & SMP_SC_SUPPORT_BIT)) &&
|
||||
+ !(p_cb->flags & SMP_PAIR_FLAGS_CMD_CONFIRM_SENT)) {
|
||||
+ // in legacy pairing, the peer should send its rand after
|
||||
+ // we send our confirm
|
||||
+ tSMP_INT_DATA smp_int_data{};
|
||||
+ smp_int_data.status = SMP_INVALID_PARAMETERS;
|
||||
+ smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
/* save the SRand for comparison */
|
||||
STREAM_TO_ARRAY(p_cb->rrand.data(), p, OCTET16_LEN);
|
||||
}
|
||||
diff --git a/stack/smp/smp_int.h b/stack/smp/smp_int.h
|
||||
index 34267ecf7..3cf2a96b4 100644
|
||||
--- a/stack/smp/smp_int.h
|
||||
+++ b/stack/smp/smp_int.h
|
||||
@@ -248,6 +248,7 @@ enum {
|
||||
(1 << 7) /* used to resolve race condition */
|
||||
#define SMP_PAIR_FLAG_HAVE_LOCAL_PUBL_KEY \
|
||||
(1 << 8) /* used on slave to resolve race condition */
|
||||
+#define SMP_PAIR_FLAGS_CMD_CONFIRM_SENT (1 << 9)
|
||||
|
||||
/* check if authentication requirement need MITM protection */
|
||||
#define SMP_NO_MITM_REQUIRED(x) (((x)&SMP_AUTH_YN_BIT) == 0)
|
@ -93,7 +93,7 @@ applyPatch "$DOS_PATCHES_COMMON/android_build/0001-verity-openssl3.patch"; #Fix
|
||||
sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
|
||||
awk -i inplace '!/updatable_apex.mk/' target/product/mainline_system.mk; #Disable APEX
|
||||
sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
|
||||
sed -i 's/2024-02-05/2024-06-05/' core/version_defaults.mk; #Bump Security String #R_asb_2024-06
|
||||
sed -i 's/2024-02-05/2024-07-05/' core/version_defaults.mk; #Bump Security String #X_asb_2024-07
|
||||
fi;
|
||||
|
||||
if enterAndClear "build/soong"; then
|
||||
@ -156,6 +156,8 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/394560.patch"; #R_asb_2024-06 A
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/394561.patch"; #R_asb_2024-06 Check hidden API exemptions
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/394562.patch"; #R_asb_2024-06 AccessibilityManagerService: remove uninstalled services from enabled list after service update.
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/394563.patch"; #R_asb_2024-06 Check permissions for CDM shell commands
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/397450-backport.patch"; #S_asb_2024-07 Verify UID of incoming Zygote connections.
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/397451.patch"; #S_asb_2024-07 Fix security vulnerability of non-dynamic permission removal
|
||||
git revert --no-edit 438d9feacfcad73d3ee918541574132928a93644; #Reverts "Allow signature spoofing for microG Companion/Services" in favor of below patch
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
|
||||
@ -408,6 +410,10 @@ if enterAndClear "packages/providers/DownloadProvider"; then
|
||||
applyPatch "$DOS_PATCHES/android_packages_providers_DownloadProvider/0001-Network_Permission.patch"; #Expose the NETWORK permission (GrapheneOS)
|
||||
fi;
|
||||
|
||||
#if enterAndClear "packages/providers/MediaProvider"; then
|
||||
#applyPatch "$DOS_PATCHES/android_packages_providers_MediaProvider/397453-backport.patch"; #S_asb_2024-07 Prevent insertion in other users storage volumes #XXX
|
||||
#fi;
|
||||
|
||||
if enterAndClear "packages/providers/TelephonyProvider"; then
|
||||
applyPatch "$DOS_PATCHES/android_packages_providers_TelephonyProvider/304614.patch"; #mcc/mnc fix (Sony)
|
||||
applyPatch "$DOS_PATCHES/android_packages_providers_TelephonyProvider/312102.patch"; #mnc fix (Sony)
|
||||
@ -421,6 +427,7 @@ if enterAndClear "system/bt"; then
|
||||
applyPatch "$DOS_PATCHES/android_system_bt/385557.patch"; #R_asb_2024-03 Fix an OOB bug in smp_proc_sec_req
|
||||
applyPatch "$DOS_PATCHES/android_system_bt/385558.patch"; #R_asb_2024-03 Reland: Fix an OOB write bug in attp_build_value_cmd
|
||||
applyPatch "$DOS_PATCHES/android_system_bt/385559.patch"; #R_asb_2024-03 Fix a security bypass issue in access_secure_service_from_temp_bond
|
||||
applyPatch "$DOS_PATCHES/android_system_bt/397454-backport.patch"; #S_asb_2024-07 Fix an authentication bypass bug in SMP
|
||||
git am "$DOS_PATCHES/android_system_bt/a2dp-master-fixes.patch"; #topic (AOSP)
|
||||
applyPatch "$DOS_PATCHES_COMMON/android_system_bt/0001-alloc_size.patch"; #Add alloc_size attributes to the allocator (GrapheneOS)
|
||||
fi;
|
||||
@ -473,6 +480,7 @@ if enterAndClear "vendor/qcom/opensource/commonsys/system/bt"; then
|
||||
applyPatch "$DOS_PATCHES/android_vendor_qcom_opensource_system_bt/385591.patch"; #R_asb_2024-03 Fix an OOB bug in smp_proc_sec_req
|
||||
applyPatch "$DOS_PATCHES/android_vendor_qcom_opensource_system_bt/385592.patch"; #R_asb_2024-03 Reland: Fix an OOB write bug in attp_build_value_cmd
|
||||
applyPatch "$DOS_PATCHES/android_vendor_qcom_opensource_system_bt/385593.patch"; #R_asb_2024-03 Fix a security bypass issue in access_secure_service_from_temp_bond
|
||||
applyPatch "$DOS_PATCHES/android_vendor_qcom_opensource_system_bt/397455.patch"; #S_asb_2024-07 Fix an authentication bypass bug in SMP
|
||||
fi;
|
||||
|
||||
if enterAndClear "vendor/lineage"; then
|
||||
|
Loading…
Reference in New Issue
Block a user