Reconile picks

18.1:
gains working backport for system/bt

19.1: no effective change

Signed-off-by: Tavi <tavi@divested.dev>

Patches/LineageOS-18.1/android_frameworks_base/405515.patch

@@ -1,4 +1,4 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From b0aee0b8b81d776e7c3234f7b340a856d138e4c4 Mon Sep 17 00:00:00 2001
 From: Dmitry Dementyev <dementyev@google.com>
 Date: Thu, 11 Jul 2024 12:39:22 -0700
 Subject: [PATCH] Update AccountManagerService checkKeyIntent.
@@ -9,7 +9,7 @@ Bug: 349780950
 Test: manual
 Flag: EXEMPT bugfix
 (cherry picked from commit c1e79495a49bd4d3e380136fe4bca7ac1a9ed763)
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:1bcf4f36c171a73990b47136930af1930ccd3ece)
+(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:59b2cc4447fbbdea58840f5b9d885d83241ac5f5)
 Merged-In: I8b23191d3d60036ca7ddf0ef7dcba6b38fb27b3c
 Change-Id: I8b23191d3d60036ca7ddf0ef7dcba6b38fb27b3c
 ---
@@ -17,10 +17,10 @@ Change-Id: I8b23191d3d60036ca7ddf0ef7dcba6b38fb27b3c
  1 file changed, 3 insertions(+)
 
 diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java
-index 43944b050de4..d55be44f62cd 100644
+index 37a68d3eec76c..fb79904a5b3a8 100644
 --- a/services/core/java/com/android/server/accounts/AccountManagerService.java
 +++ b/services/core/java/com/android/server/accounts/AccountManagerService.java
-@@ -4895,6 +4895,9 @@ public class AccountManagerService
+@@ -4812,6 +4812,9 @@ protected boolean checkKeyIntent(int authUid, Bundle bundle) {
                  if (resolveInfo == null) {
                      return false;
                  }

Patches/LineageOS-18.1/android_frameworks_base/405516.patch

@@ -1,4 +1,4 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From f31bdd9c6658dfb932eea857f17cc2d21124031e Mon Sep 17 00:00:00 2001
 From: William Loh <wloh@google.com>
 Date: Mon, 3 Jun 2024 12:56:47 -0700
 Subject: [PATCH] Fail parseUri if end is missing
@@ -7,7 +7,7 @@ Bug: 318683126
 Test: atest IntentTest
 Flag: EXEMPT bugfix
 (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:b85bee508793e31d6fe37fc9cd4e8fa3787113cc)
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:77c140c674ec1cec011989f4a2c2666949771370)
+(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:5d754ed6dd1fd321746f5ec4742831ffd97a9967)
 Merged-In: I5f619ced684ff505ce2b7408cd35dd3e9be89dea
 Change-Id: I5f619ced684ff505ce2b7408cd35dd3e9be89dea
 ---
@@ -15,10 +15,10 @@ Change-Id: I5f619ced684ff505ce2b7408cd35dd3e9be89dea
  1 file changed, 3 insertions(+)
 
 diff --git a/core/java/android/content/Intent.java b/core/java/android/content/Intent.java
-index 6224758ce71a..ec67c7239df2 100644
+index 24d59a0826c85..4ea29407f352f 100644
 --- a/core/java/android/content/Intent.java
 +++ b/core/java/android/content/Intent.java
-@@ -7322,6 +7322,9 @@ public class Intent implements Parcelable, Cloneable {
+@@ -7053,6 +7053,9 @@ public static Intent parseUri(String uri, @UriFlags int flags) throws URISyntaxE
                  int eq = uri.indexOf('=', i);
                  if (eq < 0) eq = i-1;
                  int semi = uri.indexOf(';', i);

Patches/LineageOS-18.1/android_frameworks_base/405517.patch

@@ -1,4 +1,4 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From 1346eac616e21574788efa8bf374d8eb1ee744b7 Mon Sep 17 00:00:00 2001
 From: Mark Renouf <mrenouf@google.com>
 Date: Thu, 20 Jun 2024 16:37:42 -0400
 Subject: [PATCH] Prevent Sharing when FRP enforcement is in effect
@@ -11,7 +11,7 @@ adb shell 'am start -a android.intent.action.CHOOSER --eu android.intent.extra.I
 
 Bug: 327645387
 Test: manual; trigger FRP; attempt to open share sheet using adb
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:1c7101154d42f804d52d65643a7e79dfee22295a)
+(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:5080af26387a18d5638d5a42eadfb8d4d700518c)
 Merged-In: I1db78ab74babe71b516f601be35cf476b5e43271
 Change-Id: I1db78ab74babe71b516f601be35cf476b5e43271
 ---
@@ -19,10 +19,10 @@ Change-Id: I1db78ab74babe71b516f601be35cf476b5e43271
  1 file changed, 8 insertions(+)
 
 diff --git a/core/java/com/android/internal/app/ChooserActivity.java b/core/java/com/android/internal/app/ChooserActivity.java
-index 9d95a6b346b3..c741029143ec 100644
+index bc80dc9213bea..e259f1d20adb9 100644
 --- a/core/java/com/android/internal/app/ChooserActivity.java
 +++ b/core/java/com/android/internal/app/ChooserActivity.java
-@@ -600,6 +600,14 @@ public class ChooserActivity extends ResolverActivity implements
+@@ -594,6 +594,14 @@ public void handleMessage(Message msg) {
  
      @Override
      protected void onCreate(Bundle savedInstanceState) {

Patches/LineageOS-18.1/android_frameworks_base/405518.patch

@@ -1,13 +1,13 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From 5fe06ebbd23db602bb46ba51a7e40711d7823be6 Mon Sep 17 00:00:00 2001
 From: Sumedh Sen <sumedhsen@google.com>
-Date: Wed, 17 Jul 2024 17:42:43 +0000
-Subject: [PATCH] Check whether installerPackageName contains only valid
- characters
+Date: Wed, 17 Jul 2024 01:00:55 +0000
+Subject: [PATCH] [RESTRICT AUTOMERGE] Check whether installerPackageName
+ contains only valid characters
 
 Bug: 341256391
 Bug: 307532206
 Test: sts-tradefed run sts-dynamic-develop -m CtsSecurityTestCases -t android.security.cts.CVE_2024_0044
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:7aa86be3077b0ffa3de2345788c7c711fcfb4fe7)
+(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:9b850b6f68e63288f240439601723412324381bb)
 Merged-In: I74a172c617d6f5b13f0708092156b657b73b5891
 Change-Id: I74a172c617d6f5b13f0708092156b657b73b5891
 ---
@@ -15,10 +15,10 @@ Change-Id: I74a172c617d6f5b13f0708092156b657b73b5891
  1 file changed, 6 insertions(+), 1 deletion(-)
 
 diff --git a/services/core/java/com/android/server/pm/PackageInstallerService.java b/services/core/java/com/android/server/pm/PackageInstallerService.java
-index 02515cfdc16a..310c56ef1260 100644
+index 7e67021e3b847..ab8cc4c8d6697 100644
 --- a/services/core/java/com/android/server/pm/PackageInstallerService.java
 +++ b/services/core/java/com/android/server/pm/PackageInstallerService.java
-@@ -609,12 +609,17 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements
+@@ -580,12 +580,17 @@ private int createSessionInternal(SessionParams params, String installerPackageN
          params.appLabel = TextUtils.trimToSize(params.appLabel,
                  PackageItemInfo.MAX_SAFE_LABEL_LENGTH);
  

Patches/LineageOS-18.1/android_packages_apps_Bluetooth/405540.patch

@@ -1,4 +1,4 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From 6799e4b038c33ce3fd175749ebdea69379a5489f Mon Sep 17 00:00:00 2001
 From: Himanshu Rawat <rwt@google.com>
 Date: Mon, 8 Apr 2024 19:44:45 +0000
 Subject: [PATCH] RESTRICT AUTOMERGE Disallow unexpected incoming HID
@@ -61,7 +61,7 @@ diff --git a/src/com/android/bluetooth/hid/HidHostService.java b/src/com/android
 index 10d414d46..ed35c2908 100644
 --- a/src/com/android/bluetooth/hid/HidHostService.java
 +++ b/src/com/android/bluetooth/hid/HidHostService.java
-@@ -161,7 +161,10 @@ public class HidHostService extends ProfileService {
+@@ -161,7 +161,10 @@ public void handleMessage(Message msg) {
                  break;
                  case MESSAGE_DISCONNECT: {
                      BluetoothDevice device = (BluetoothDevice) msg.obj;
@@ -73,7 +73,7 @@ index 10d414d46..ed35c2908 100644
                          broadcastConnectionState(device, BluetoothProfile.STATE_DISCONNECTING);
                          broadcastConnectionState(device, BluetoothProfile.STATE_DISCONNECTED);
                          break;
-@@ -934,7 +937,7 @@ public class HidHostService extends ProfileService {
+@@ -934,7 +937,7 @@ public void dump(StringBuilder sb) {
  
      private native boolean connectHidNative(byte[] btAddress);
  

Patches/LineageOS-18.1/android_packages_apps_Settings/405534.patch

@@ -1,4 +1,4 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From da6ee7b698b7d4c4cbe56c70027904268b72d0f1 Mon Sep 17 00:00:00 2001
 From: Yiling Chuang <emilychuang@google.com>
 Date: Mon, 8 Jul 2024 03:09:50 +0000
 Subject: [PATCH] RESTRICT AUTOMERGE FRP bypass defense in App battery usage
@@ -12,7 +12,7 @@ Test: atest SettingsRoboTests + manual test
 Flag : EXEMPT bugfix
 
 (cherry picked from commit 419a6a907902a12a0f565c808fa70092004d6686)
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:e5d21702863284479af7561e3c833bc2cab2a7d3)
+(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:62b0014ed6e69b0abc48a5c18b740f95bc5dc429)
 Merged-In: I486820ca2afecc02729a56a3c531fb931c1907d0
 Change-Id: I486820ca2afecc02729a56a3c531fb931c1907d0
 ---
@@ -21,24 +21,26 @@ Change-Id: I486820ca2afecc02729a56a3c531fb931c1907d0
  2 files changed, 10 insertions(+)
 
 diff --git a/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetail.java b/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetail.java
-index e8d5f3330f2..4feac32d030 100644
+index e8d5f3330f2..d17642053e7 100644
 --- a/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetail.java
 +++ b/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetail.java
-@@ -311,4 +311,9 @@ public class AdvancedPowerUsageDetail extends DashboardFragment implements
-         mBackgroundActivityPreferenceController.updateSummary(
-                 findPreference(mBackgroundActivityPreferenceController.getPreferenceKey()));
+@@ -210,6 +210,11 @@ public void onResume() {
+         initPreference();
      }
-+
+ 
 +    @Override
 +    protected boolean shouldSkipForInitialSUW() {
 +        return true;
 +    }
- }
++
+     @VisibleForTesting
+     void initHeader() {
+         final View appSnippet = mHeaderPreference.findViewById(R.id.entity_header);
 diff --git a/tests/robotests/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetailTest.java b/tests/robotests/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetailTest.java
 index 8eeac8d26b0..37fa511beeb 100644
 --- a/tests/robotests/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetailTest.java
 +++ b/tests/robotests/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetailTest.java
-@@ -395,4 +395,9 @@ public class AdvancedPowerUsageDetailTest {
+@@ -395,4 +395,9 @@ public void testInitPreference_hasCorrectSummary() {
          assertThat(mForegroundPreference.getSummary().toString()).isEqualTo("Used for 0 min");
          assertThat(mBackgroundPreference.getSummary().toString()).isEqualTo("Active for 0 min");
      }

Patches/LineageOS-18.1/android_system_bt/405535.patch

@@ -0,0 +1,34 @@
+From 2e7c27c2b5d773905ded3e89cbaa424744ddd897 Mon Sep 17 00:00:00 2001
+From: Chris Manton <cmanton@google.com>
+Date: Sun, 29 Nov 2020 17:05:05 -0800
+Subject: [PATCH] Add privatize option for bluetooth addresses for logging
+
+Toward loggable code
+
+Bug: 163134718
+Tag: #refactor
+Test: gd/cert/run --host
+
+Change-Id: Id568adb9f9497072a79100202501c4d207e40828
+---
+ main/shim/dumpsys.h | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/main/shim/dumpsys.h b/main/shim/dumpsys.h
+index 91c4ea74618..21339463265 100644
+--- a/main/shim/dumpsys.h
++++ b/main/shim/dumpsys.h
+@@ -18,6 +18,13 @@
+ 
+ #include <functional>
+ #include <list>
++#include <string>
++
++constexpr char kPrivateAddressPrefix[] = "xx:xx:xx:xx";
++#define PRIVATE_ADDRESS(addr)                                            \
++  (addr.ToString()                                                       \
++       .replace(0, strlen(kPrivateAddressPrefix), kPrivateAddressPrefix) \
++       .c_str())
+ 
+ namespace bluetooth {
+ namespace shim {

Patches/LineageOS-18.1/android_system_bt/405536.patch

@@ -0,0 +1,56 @@
+From 935b7a26fa502de27c0cd3c97a05381319e8f22c Mon Sep 17 00:00:00 2001
+From: Chris Manton <cmanton@google.com>
+Date: Sun, 14 Mar 2021 09:52:19 -0700
+Subject: [PATCH] Add btif/include/btif_hh::btif_hh_status_text
+
+Toward loggable code
+
+Bug: 163134718
+Test: gd/cert/run
+Tag: #refactor
+BYPASS_LONG_LINES_REASON: Bluetooth likes 120 lines
+
+Change-Id: Iab6a4f33a3e498c33f4870abc5abd59e073d03f2
+---
+ btif/include/btif_hh.h | 21 ++++++++++++++++++++-
+ 1 file changed, 20 insertions(+), 1 deletion(-)
+
+diff --git a/btif/include/btif_hh.h b/btif/include/btif_hh.h
+index b71d347c1a7..f33598d2f19 100644
+--- a/btif/include/btif_hh.h
++++ b/btif/include/btif_hh.h
+@@ -46,7 +46,7 @@
+  *  Type definitions and return values
+  ******************************************************************************/
+ 
+-typedef enum {
++typedef enum : unsigned {
+   BTIF_HH_DISABLED = 0,
+   BTIF_HH_ENABLED,
+   BTIF_HH_DISABLING,
+@@ -56,6 +56,25 @@ typedef enum {
+   BTIF_HH_DEV_DISCONNECTED
+ } BTIF_HH_STATUS;
+ 
++#define CASE_RETURN_TEXT(code) \
++  case code:                   \
++    return #code
++
++inline std::string btif_hh_status_text(const BTIF_HH_STATUS& status) {
++  switch (status) {
++    CASE_RETURN_TEXT(BTIF_HH_DISABLED);
++    CASE_RETURN_TEXT(BTIF_HH_ENABLED);
++    CASE_RETURN_TEXT(BTIF_HH_DISABLING);
++    CASE_RETURN_TEXT(BTIF_HH_DEV_UNKNOWN);
++    CASE_RETURN_TEXT(BTIF_HH_DEV_CONNECTING);
++    CASE_RETURN_TEXT(BTIF_HH_DEV_CONNECTED);
++    CASE_RETURN_TEXT(BTIF_HH_DEV_DISCONNECTED);
++    default:
++      return std::string("UNKNOWN[%hhu]", status);
++  }
++}
++#undef CASE_RETURN_TEXT
++
+ typedef struct {
+   bthh_connection_state_t dev_status;
+   uint8_t dev_handle;

Patches/LineageOS-18.1/android_system_bt/405537.patch

@@ -1,8 +1,7 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From 1017cfa02f11db8d077d5d7a32dd46da7c8b050b Mon Sep 17 00:00:00 2001
 From: Himanshu Rawat <rwt@google.com>
 Date: Mon, 8 Apr 2024 19:42:21 +0000
-Subject: [PATCH] RESTRICT AUTOMERGE Disallow unexpected incoming HID
- connections 1/2
+Subject: [PATCH] [BACKPORT] Disallow unexpected incoming HID connections 1/2
 
 HID profile accepted any new incoming HID connection. Even when the
 connection policy disabled HID connection, remote devices could initiate
@@ -22,16 +21,16 @@ Change-Id: I6e9db983e752dd498625078c13b736cd4c668806
 ---
  btif/include/btif_hh.h      |  4 +-
  btif/include/btif_storage.h | 23 ++++++++++
- btif/src/btif_hh.cc         | 86 ++++++++++++++++++++++++++++++++++---
- btif/src/btif_storage.cc    | 52 +++++++++++++++++++++-
+ btif/src/btif_hh.cc         | 87 ++++++++++++++++++++++++++++++++++---
+ btif/src/btif_storage.cc    | 53 +++++++++++++++++++++-
  include/hardware/bt_hh.h    |  2 +-
- 5 files changed, 159 insertions(+), 8 deletions(-)
+ 5 files changed, 161 insertions(+), 8 deletions(-)
 
 diff --git a/btif/include/btif_hh.h b/btif/include/btif_hh.h
-index b71d347c1..ba51aec98 100644
+index f33598d2f19..f93341d89f1 100644
 --- a/btif/include/btif_hh.h
 +++ b/btif/include/btif_hh.h
-@@ -78,6 +78,7 @@ typedef struct {
+@@ -97,6 +97,7 @@ typedef struct {
    uint8_t dev_handle;
    RawAddress bd_addr;
    tBTA_HH_ATTR_MASK attr_mask;
@@ -39,7 +38,7 @@ index b71d347c1..ba51aec98 100644
  } btif_hh_added_device_t;
  
  /**
-@@ -103,7 +104,8 @@ extern btif_hh_cb_t btif_hh_cb;
+@@ -122,7 +123,8 @@ extern btif_hh_cb_t btif_hh_cb;
  extern btif_hh_device_t* btif_hh_find_connected_dev_by_handle(uint8_t handle);
  extern void btif_hh_remove_device(RawAddress bd_addr);
  extern bool btif_hh_add_added_dev(const RawAddress& bda,
@@ -50,7 +49,7 @@ index b71d347c1..ba51aec98 100644
  extern void btif_hh_disconnect(RawAddress* bd_addr);
  extern void btif_hh_setreport(btif_hh_device_t* p_dev,
 diff --git a/btif/include/btif_storage.h b/btif/include/btif_storage.h
-index 1c1163d14..362ffdc21 100644
+index 1c1163d1428..362ffdc21bb 100644
 --- a/btif/include/btif_storage.h
 +++ b/btif/include/btif_storage.h
 @@ -178,6 +178,29 @@ bt_status_t btif_storage_remove_bonded_device(const RawAddress* remote_bd_addr);
@@ -84,10 +83,18 @@ index 1c1163d14..362ffdc21 100644
   *
   * Function         btif_storage_add_hid_device_info
 diff --git a/btif/src/btif_hh.cc b/btif/src/btif_hh.cc
-index 97479e040..41636d368 100644
+index 97479e040ba..25fb151d260 100644
 --- a/btif/src/btif_hh.cc
 +++ b/btif/src/btif_hh.cc
-@@ -334,6 +334,24 @@ btif_hh_device_t* btif_hh_find_connected_dev_by_handle(uint8_t handle) {
+@@ -42,6 +42,7 @@
+ #include "btif_storage.h"
+ #include "btif_util.h"
+ #include "l2c_api.h"
++#include "main/shim/dumpsys.h"
+ #include "osi/include/log.h"
+ #include "osi/include/osi.h"
+ 
+@@ -334,6 +335,24 @@ btif_hh_device_t* btif_hh_find_connected_dev_by_handle(uint8_t handle) {
    return NULL;
  }
  
@@ -112,7 +119,7 @@ index 97479e040..41636d368 100644
  /*******************************************************************************
   *
   * Function         btif_hh_find_dev_by_bda
-@@ -419,7 +437,8 @@ void btif_hh_start_vup_timer(const RawAddress* bd_addr) {
+@@ -419,7 +438,8 @@ void btif_hh_start_vup_timer(const RawAddress* bd_addr) {
   *
   * Returns          true if add successfully, otherwise false.
   ******************************************************************************/
@@ -122,7 +129,7 @@ index 97479e040..41636d368 100644
    int i;
    for (i = 0; i < BTIF_HH_MAX_ADDED_DEV; i++) {
      if (btif_hh_cb.added_devices[i].bd_addr == bda) {
-@@ -433,6 +452,7 @@ bool btif_hh_add_added_dev(const RawAddress& bda, tBTA_HH_ATTR_MASK attr_mask) {
+@@ -433,6 +453,7 @@ bool btif_hh_add_added_dev(const RawAddress& bda, tBTA_HH_ATTR_MASK attr_mask) {
        btif_hh_cb.added_devices[i].bd_addr = bda;
        btif_hh_cb.added_devices[i].dev_handle = BTA_HH_INVALID_HANDLE;
        btif_hh_cb.added_devices[i].attr_mask = attr_mask;
@@ -130,7 +137,7 @@ index 97479e040..41636d368 100644
        return true;
      }
    }
-@@ -712,6 +732,23 @@ void btif_hh_getreport(btif_hh_device_t* p_dev, bthh_report_type_t r_type,
+@@ -712,6 +733,23 @@ void btif_hh_getreport(btif_hh_device_t* p_dev, bthh_report_type_t r_type,
   *
   ****************************************************************************/
  
@@ -139,10 +146,10 @@ index 97479e040..41636d368 100644
 +   * outgoing connection was requested */
 +  btif_hh_added_device_t* added_dev = btif_hh_find_added_dev(bda);
 +  if (added_dev != nullptr && added_dev->reconnect_allowed) {
-+    LOG_VERBOSE("Connection allowed %s", PRIVATE_ADDRESS(bda));
++    LOG_VERBOSE(LOG_TAG, "Connection allowed %s", PRIVATE_ADDRESS(bda));
 +    return true;
 +  } else if (btif_hh_cb.pending_conn_address == bda) {
-+    LOG_VERBOSE("Device connection was pending for: %s, status: %s",
++    LOG_VERBOSE(LOG_TAG, "Device connection was pending for: %s, status: %s",
 +                PRIVATE_ADDRESS(bda),
 +                btif_hh_status_text(btif_hh_cb.status).c_str());
 +    return true;
@@ -154,7 +161,7 @@ index 97479e040..41636d368 100644
  /*******************************************************************************
   *
   * Function         btif_hh_upstreams_evt
-@@ -770,9 +807,26 @@ static void btif_hh_upstreams_evt(uint16_t event, char* p_param) {
+@@ -770,9 +808,26 @@ static void btif_hh_upstreams_evt(uint16_t event, char* p_param) {
              p_data->status);
        break;
  
@@ -164,7 +171,7 @@ index 97479e040..41636d368 100644
                           p_data->conn.handle, p_data->conn.status);
 +
 +      if (!btif_hh_connection_allowed(p_data->conn.bda)) {
-+        LOG_WARN("Reject Incoming HID Connection, device: %s",
++        LOG_WARN(LOG_TAG, "Reject Incoming HID Connection, device: %s",
 +                 PRIVATE_ADDRESS(p_data->conn.bda));
 +        btif_hh_device_t* p_dev =
 +            btif_hh_find_connected_dev_by_handle(p_data->conn.handle);
@@ -182,7 +189,7 @@ index 97479e040..41636d368 100644
        btif_hh_cb.pending_conn_address = RawAddress::kEmpty;
        if (p_data->conn.status == BTA_HH_OK) {
          p_dev = btif_hh_find_connected_dev_by_handle(p_data->conn.handle);
-@@ -831,6 +885,7 @@ static void btif_hh_upstreams_evt(uint16_t event, char* p_param) {
+@@ -831,6 +886,7 @@ static void btif_hh_upstreams_evt(uint16_t event, char* p_param) {
          btif_hh_cb.status = (BTIF_HH_STATUS)BTIF_HH_DEV_DISCONNECTED;
        }
        break;
@@ -190,7 +197,7 @@ index 97479e040..41636d368 100644
  
      case BTA_HH_CLOSE_EVT:
        BTIF_TRACE_DEBUG("BTA_HH_CLOSE_EVT: status = %d, handle = %d",
-@@ -983,7 +1038,7 @@ static void btif_hh_upstreams_evt(uint16_t event, char* p_param) {
+@@ -983,7 +1039,7 @@ static void btif_hh_upstreams_evt(uint16_t event, char* p_param) {
                                  p_data->dscp_info.version,
                                  p_data->dscp_info.ctry_code, len,
                                  p_data->dscp_info.descriptor.dsc_list);
@@ -199,7 +206,7 @@ index 97479e040..41636d368 100644
            tBTA_HH_DEV_DSCP_INFO dscp_info;
            bt_status_t ret;
            btif_hh_copy_hid_info(&dscp_info, &p_data->dscp_info);
-@@ -999,6 +1054,8 @@ static void btif_hh_upstreams_evt(uint16_t event, char* p_param) {
+@@ -999,6 +1055,8 @@ static void btif_hh_upstreams_evt(uint16_t event, char* p_param) {
                p_data->dscp_info.ssr_min_tout, len,
                p_data->dscp_info.descriptor.dsc_list);
  
@@ -208,7 +215,7 @@ index 97479e040..41636d368 100644
            ASSERTC(ret == BT_STATUS_SUCCESS, "storing hid info failed", ret);
            BTIF_TRACE_WARNING("BTA_HH_GET_DSCP_EVT: Called add device");
  
-@@ -1280,6 +1337,13 @@ static bt_status_t init(bthh_callbacks_t* callbacks) {
+@@ -1280,6 +1338,13 @@ static bt_status_t init(bthh_callbacks_t* callbacks) {
   ******************************************************************************/
  static bt_status_t connect(RawAddress* bd_addr) {
    if (btif_hh_cb.status != BTIF_HH_DEV_CONNECTING) {
@@ -222,7 +229,7 @@ index 97479e040..41636d368 100644
      btif_transfer_context(btif_hh_handle_evt, BTIF_HH_CONNECT_REQ_EVT,
                            (char*)bd_addr, sizeof(RawAddress), NULL);
      return BT_STATUS_SUCCESS;
-@@ -1296,7 +1360,7 @@ static bt_status_t connect(RawAddress* bd_addr) {
+@@ -1296,7 +1361,7 @@ static bt_status_t connect(RawAddress* bd_addr) {
   * Returns         bt_status_t
   *
   ******************************************************************************/
@@ -231,13 +238,13 @@ index 97479e040..41636d368 100644
    CHECK_BTHH_INIT();
    BTIF_TRACE_EVENT("BTHH: %s", __func__);
    btif_hh_device_t* p_dev;
-@@ -1306,6 +1370,17 @@ static bt_status_t disconnect(RawAddress* bd_addr) {
+@@ -1306,6 +1371,17 @@ static bt_status_t disconnect(RawAddress* bd_addr) {
                         btif_hh_cb.status);
      return BT_STATUS_FAIL;
    }
 +
 +  if (!reconnect_allowed) {
-+    LOG_INFO("Incoming reconnections disabled for device %s",
++    LOG_INFO(LOG_TAG, "Incoming reconnections disabled for device %s",
 +             PRIVATE_ADDRESS((*bd_addr)));
 +    btif_hh_added_device_t* added_dev = btif_hh_find_added_dev(*bd_addr);
 +    if (added_dev != nullptr && added_dev->reconnect_allowed) {
@@ -249,7 +256,7 @@ index 97479e040..41636d368 100644
    p_dev = btif_hh_find_connected_dev_by_bda(*bd_addr);
    if (p_dev != NULL) {
      return btif_transfer_context(btif_hh_handle_evt, BTIF_HH_DISCONNECT_REQ_EVT,
-@@ -1437,9 +1512,10 @@ static bt_status_t set_info(RawAddress* bd_addr, bthh_hid_info_t hid_info) {
+@@ -1437,9 +1513,10 @@ static bt_status_t set_info(RawAddress* bd_addr, bthh_hid_info_t hid_info) {
        (uint8_t*)osi_malloc(dscp_info.descriptor.dl_len);
    memcpy(dscp_info.descriptor.dsc_list, &(hid_info.dsc_list), hid_info.dl_len);
  
@@ -262,7 +269,7 @@ index 97479e040..41636d368 100644
  
    osi_free_and_reset((void**)&dscp_info.descriptor.dsc_list);
 diff --git a/btif/src/btif_storage.cc b/btif/src/btif_storage.cc
-index 95e4ef071..c8205da09 100644
+index 95e4ef07150..8077ae55547 100644
 --- a/btif/src/btif_storage.cc
 +++ b/btif/src/btif_storage.cc
 @@ -83,6 +83,8 @@ using bluetooth::Uuid;
@@ -325,20 +332,21 @@ index 95e4ef071..c8205da09 100644
  /*******************************************************************************
   *
   * Function         btif_storage_add_hid_device_info
-@@ -1425,8 +1471,11 @@ bt_status_t btif_storage_load_bonded_hid_info(void) {
+@@ -1425,8 +1471,12 @@ bt_status_t btif_storage_load_bonded_hid_info(void) {
  
      RawAddress bd_addr;
      RawAddress::FromString(name, bd_addr);
 +
 +    bool reconnect_allowed = false;
 +    btif_storage_get_hid_connection_policy(bd_addr, &reconnect_allowed);
++
      // add extracted information to BTA HH
 -    if (btif_hh_add_added_dev(bd_addr, attr_mask)) {
 +    if (btif_hh_add_added_dev(bd_addr, attr_mask, reconnect_allowed)) {
        BTA_HhAddDev(bd_addr, attr_mask, sub_class, app_id, dscp_info);
      }
    }
-@@ -1458,6 +1507,7 @@ bt_status_t btif_storage_remove_hid_info(RawAddress* remote_bd_addr) {
+@@ -1458,6 +1508,7 @@ bt_status_t btif_storage_remove_hid_info(RawAddress* remote_bd_addr) {
    btif_config_remove(bdstr, "HidSSRMaxLatency");
    btif_config_remove(bdstr, "HidSSRMinTimeout");
    btif_config_remove(bdstr, "HidDescriptor");
@@ -347,7 +355,7 @@ index 95e4ef071..c8205da09 100644
    return BT_STATUS_SUCCESS;
  }
 diff --git a/include/hardware/bt_hh.h b/include/hardware/bt_hh.h
-index b87b129bb..923c62792 100644
+index b87b129bb12..923c6279216 100644
 --- a/include/hardware/bt_hh.h
 +++ b/include/hardware/bt_hh.h
 @@ -154,7 +154,7 @@ typedef struct {

Patches/LineageOS-19.1/android_frameworks_base/405507.patch

@@ -1,4 +1,4 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From 0ae6d568dabe36c3d303849aee50ce01f58eea11 Mon Sep 17 00:00:00 2001
 From: Dmitry Dementyev <dementyev@google.com>
 Date: Thu, 11 Jul 2024 12:39:22 -0700
 Subject: [PATCH] Update AccountManagerService checkKeyIntent.
@@ -9,7 +9,7 @@ Bug: 349780950
 Test: manual
 Flag: EXEMPT bugfix
 (cherry picked from commit c1e79495a49bd4d3e380136fe4bca7ac1a9ed763)
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:1bcf4f36c171a73990b47136930af1930ccd3ece)
+(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:2fec744928adb3e30539a1b9f7bff4ca0ec68bcd)
 Merged-In: I8b23191d3d60036ca7ddf0ef7dcba6b38fb27b3c
 Change-Id: I8b23191d3d60036ca7ddf0ef7dcba6b38fb27b3c
 ---
@@ -17,10 +17,10 @@ Change-Id: I8b23191d3d60036ca7ddf0ef7dcba6b38fb27b3c
  1 file changed, 3 insertions(+)
 
 diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java
-index 43944b050de4..d55be44f62cd 100644
+index 43944b050de4e..d55be44f62cdc 100644
 --- a/services/core/java/com/android/server/accounts/AccountManagerService.java
 +++ b/services/core/java/com/android/server/accounts/AccountManagerService.java
-@@ -4895,6 +4895,9 @@ public class AccountManagerService
+@@ -4895,6 +4895,9 @@ protected boolean checkKeyIntent(int authUid, Bundle bundle) {
                  if (resolveInfo == null) {
                      return false;
                  }

Patches/LineageOS-19.1/android_frameworks_base/405508.patch

@@ -1,4 +1,4 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From aa9853f993a575fb59dd2ccc4cfeb54bbaa1ab4d Mon Sep 17 00:00:00 2001
 From: William Loh <wloh@google.com>
 Date: Mon, 3 Jun 2024 12:56:47 -0700
 Subject: [PATCH] Fail parseUri if end is missing
@@ -7,7 +7,7 @@ Bug: 318683126
 Test: atest IntentTest
 Flag: EXEMPT bugfix
 (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:b85bee508793e31d6fe37fc9cd4e8fa3787113cc)
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:77c140c674ec1cec011989f4a2c2666949771370)
+(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:a649e8e9abfb16548ccf57d8b740b4bf9ff73ef4)
 Merged-In: I5f619ced684ff505ce2b7408cd35dd3e9be89dea
 Change-Id: I5f619ced684ff505ce2b7408cd35dd3e9be89dea
 ---
@@ -15,10 +15,10 @@ Change-Id: I5f619ced684ff505ce2b7408cd35dd3e9be89dea
  1 file changed, 3 insertions(+)
 
 diff --git a/core/java/android/content/Intent.java b/core/java/android/content/Intent.java
-index 6224758ce71a..ec67c7239df2 100644
+index 6224758ce71a4..ec67c7239df25 100644
 --- a/core/java/android/content/Intent.java
 +++ b/core/java/android/content/Intent.java
-@@ -7322,6 +7322,9 @@ public class Intent implements Parcelable, Cloneable {
+@@ -7322,6 +7322,9 @@ private static Intent parseUriInternal(String uri, @UriFlags int flags)
                  int eq = uri.indexOf('=', i);
                  if (eq < 0) eq = i-1;
                  int semi = uri.indexOf(';', i);

Patches/LineageOS-19.1/android_frameworks_base/405509.patch

@@ -1,4 +1,4 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From eaed3b4cae32cee9b843fb94f4c9c6aa119e9e90 Mon Sep 17 00:00:00 2001
 From: Mark Renouf <mrenouf@google.com>
 Date: Thu, 20 Jun 2024 16:37:42 -0400
 Subject: [PATCH] Prevent Sharing when FRP enforcement is in effect
@@ -11,7 +11,7 @@ adb shell 'am start -a android.intent.action.CHOOSER --eu android.intent.extra.I
 
 Bug: 327645387
 Test: manual; trigger FRP; attempt to open share sheet using adb
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:1c7101154d42f804d52d65643a7e79dfee22295a)
+(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:697997f9cb0d7cf943549ca757ccc85c6c02ab74)
 Merged-In: I1db78ab74babe71b516f601be35cf476b5e43271
 Change-Id: I1db78ab74babe71b516f601be35cf476b5e43271
 ---
@@ -19,10 +19,10 @@ Change-Id: I1db78ab74babe71b516f601be35cf476b5e43271
  1 file changed, 8 insertions(+)
 
 diff --git a/core/java/com/android/internal/app/ChooserActivity.java b/core/java/com/android/internal/app/ChooserActivity.java
-index 9d95a6b346b3..c741029143ec 100644
+index 9d95a6b346b3b..c741029143eca 100644
 --- a/core/java/com/android/internal/app/ChooserActivity.java
 +++ b/core/java/com/android/internal/app/ChooserActivity.java
-@@ -600,6 +600,14 @@ public class ChooserActivity extends ResolverActivity implements
+@@ -600,6 +600,14 @@ public void handleMessage(Message msg) {
  
      @Override
      protected void onCreate(Bundle savedInstanceState) {

Patches/LineageOS-19.1/android_frameworks_base/405510.patch

@@ -1,13 +1,13 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From 183c70e744c8aa6e9f2e74c888785a1811bde781 Mon Sep 17 00:00:00 2001
 From: Sumedh Sen <sumedhsen@google.com>
-Date: Wed, 17 Jul 2024 17:42:43 +0000
-Subject: [PATCH] Check whether installerPackageName contains only valid
- characters
+Date: Wed, 17 Jul 2024 01:00:55 +0000
+Subject: [PATCH] [RESTRICT AUTOMERGE] Check whether installerPackageName
+ contains only valid characters
 
 Bug: 341256391
 Bug: 307532206
 Test: sts-tradefed run sts-dynamic-develop -m CtsSecurityTestCases -t android.security.cts.CVE_2024_0044
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:7aa86be3077b0ffa3de2345788c7c711fcfb4fe7)
+(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:33d1e985c4a0118a33ea745b2786b2958a03a9b0)
 Merged-In: I74a172c617d6f5b13f0708092156b657b73b5891
 Change-Id: I74a172c617d6f5b13f0708092156b657b73b5891
 ---
@@ -15,10 +15,10 @@ Change-Id: I74a172c617d6f5b13f0708092156b657b73b5891
  1 file changed, 6 insertions(+), 1 deletion(-)
 
 diff --git a/services/core/java/com/android/server/pm/PackageInstallerService.java b/services/core/java/com/android/server/pm/PackageInstallerService.java
-index 02515cfdc16a..310c56ef1260 100644
+index 02515cfdc16ad..310c56ef12601 100644
 --- a/services/core/java/com/android/server/pm/PackageInstallerService.java
 +++ b/services/core/java/com/android/server/pm/PackageInstallerService.java
-@@ -609,12 +609,17 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements
+@@ -609,12 +609,17 @@ private int createSessionInternal(SessionParams params, String installerPackageN
          params.appLabel = TextUtils.trimToSize(params.appLabel,
                  PackageItemInfo.MAX_SAFE_LABEL_LENGTH);
  

Scripts/LineageOS-18.1/Patch.sh

@@ -174,10 +174,10 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/399738.patch"; #R_asb_2024-08 B
 applyPatch "$DOS_PATCHES/android_frameworks_base/399739.patch"; #R_asb_2024-08 Restrict USB poups while setup is in progress
 applyPatch "$DOS_PATCHES/android_frameworks_base/399740.patch"; #R_asb_2024-08 Hide SAW subwindows
 applyPatch "$DOS_PATCHES/android_frameworks_base/403218.patch"; #R_asb_2024-09 Sanitized uri scheme by removing scheme delimiter
-applyPatch "$DOS_PATCHES/android_frameworks_base/405358.patch"; #T_asb_2024-10 Fail parseUri if end is missing
-applyPatch "$DOS_PATCHES/android_frameworks_base/405359.patch"; #T_asb_2024-10 Update AccountManagerService checkKeyIntent.
-applyPatch "$DOS_PATCHES/android_frameworks_base/405360-backport.patch"; #T_asb_2024-10 Prevent Sharing when FRP enforcement is in effect
-applyPatch "$DOS_PATCHES/android_frameworks_base/405361-backport.patch"; #T_asb_2024-10 Check whether installerPackageName contains only valid characters
+applyPatch "$DOS_PATCHES/android_frameworks_base/405515.patch"; #R_asb_2024-10 Update AccountManagerService checkKeyIntent.
+applyPatch "$DOS_PATCHES/android_frameworks_base/405516.patch"; #R_asb_2024-10 Fail parseUri if end is missing
+applyPatch "$DOS_PATCHES/android_frameworks_base/405517.patch"; #R_asb_2024-10 Prevent Sharing when FRP enforcement is in effect
+applyPatch "$DOS_PATCHES/android_frameworks_base/405518.patch"; #R_asb_2024-10 Check whether installerPackageName contains only valid characters
 git revert --no-edit 438d9feacfcad73d3ee918541574132928a93644; #Reverts "Allow signature spoofing for microG Companion/Services" in favor of below patch
 applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
@@ -324,7 +324,7 @@ if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then awk -i inplace '!/LineageAud
 fi;
 
 if enterAndClear "packages/apps/Bluetooth"; then
-applyPatch "$DOS_PATCHES/android_packages_apps_Bluetooth/405364-backport.patch"; #T_asb_2024-10 Disallow unexpected incoming HID connections
+applyPatch "$DOS_PATCHES/android_packages_apps_Bluetooth/405540.patch"; #R_asb_2024-10 Disallow unexpected incoming HID connections
 applyPatch "$DOS_PATCHES/android_packages_apps_Bluetooth/0001-constify_JNINativeMethod.patch"; #Constify JNINativeMethod tables (GrapheneOS)
 fi;
 
@@ -378,7 +378,7 @@ applyPatch "$DOS_PATCHES/android_packages_apps_Settings/403219.patch"; #R_asb_20
 applyPatch "$DOS_PATCHES/android_packages_apps_Settings/403220.patch"; #R_asb_2024-09 Replace getCallingActivity() with getLaunchedFromPackage()
 applyPatch "$DOS_PATCHES/android_packages_apps_Settings/403221.patch"; #R_asb_2024-09 Ignore fragment attr from ext authenticator resource
 applyPatch "$DOS_PATCHES/android_packages_apps_Settings/403222.patch"; #R_asb_2024-09 Restrict Settings Homepage prior to provisioning
-applyPatch "$DOS_PATCHES/android_packages_apps_Settings/405363-backport.patch"; #T_asb_2024-10 FRP bypass defense in App battery usage page
+applyPatch "$DOS_PATCHES/android_packages_apps_Settings/405534.patch"; #R_asb_2024-10 FRP bypass defense in App battery usage page
 #applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969)
 applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle-gos.patch"; #Add option to disable captive portal checks (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0003-Remove_SensorsOff_Tile.patch"; #Remove the Sensors Off development tile (DivestOS)
@@ -461,6 +461,9 @@ applyPatch "$DOS_PATCHES/android_system_bt/385558.patch"; #R_asb_2024-03 Reland:
 applyPatch "$DOS_PATCHES/android_system_bt/385559.patch"; #R_asb_2024-03 Fix a security bypass issue in access_secure_service_from_temp_bond
 applyPatch "$DOS_PATCHES/android_system_bt/397545.patch"; #R_asb_2024-07 Fix an authentication bypass bug in SMP
 applyPatch "$DOS_PATCHES/android_system_bt/399742.patch"; #R_asb_2024-08 Fix heap-buffer overflow in sdp_utils.cc
+applyPatch "$DOS_PATCHES/android_system_bt/405535.patch"; #R_asb_2024-10 Add privatize option for bluetooth addresses for logging
+applyPatch "$DOS_PATCHES/android_system_bt/405536.patch"; #R_asb_2024-10 Add btif/include/btif_hh::btif_hh_status_text
+applyPatch "$DOS_PATCHES/android_system_bt/405537.patch"; #R_asb_2024-10 Disallow unexpected incoming HID connections 1/2
 git am "$DOS_PATCHES/android_system_bt/a2dp-master-fixes.patch"; #topic (AOSP)
 applyPatch "$DOS_PATCHES_COMMON/android_system_bt/0001-alloc_size.patch"; #Add alloc_size attributes to the allocator (GrapheneOS)
 fi;

Scripts/LineageOS-19.1/Patch.sh

@@ -95,7 +95,7 @@ applyPatch "$DOS_PATCHES_COMMON/android_build/0001-verity-openssl3.patch"; #Fix
 sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
 awk -i inplace '!/updatable_apex.mk/' target/product/generic_system.mk; #Disable APEX
 sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
-sed -i 's/2024-09-05/2024-10-05/' core/version_defaults.mk; #Bump Security String #x_asb_2024-10
+sed -i 's/2024-09-05/2024-10-05/' core/version_defaults.mk; #Bump Security String #S_asb_2024-10
 fi;
 
 if enterAndClear "build/soong"; then
@@ -135,10 +135,10 @@ fi;
 
 if enterAndClear "frameworks/base"; then
 git revert --no-edit 83fe523914728a3674debba17a6019cb74803045; #Reverts "Allow signature spoofing for microG Companion/Services" in favor of below patch
-applyPatch "$DOS_PATCHES/android_frameworks_base/405358.patch"; #T_asb_2024-10 Fail parseUri if end is missing
-applyPatch "$DOS_PATCHES/android_frameworks_base/405359.patch"; #T_asb_2024-10 Update AccountManagerService checkKeyIntent.
-applyPatch "$DOS_PATCHES/android_frameworks_base/405360-backport.patch"; #T_asb_2024-10 Prevent Sharing when FRP enforcement is in effect
-applyPatch "$DOS_PATCHES/android_frameworks_base/405361-backport.patch"; #T_asb_2024-10 Check whether installerPackageName contains only valid characters
+applyPatch "$DOS_PATCHES/android_frameworks_base/405507.patch"; #S_asb_2024-10 Update AccountManagerService checkKeyIntent.
+applyPatch "$DOS_PATCHES/android_frameworks_base/405508.patch"; #S_asb_2024-10 Fail parseUri if end is missing
+applyPatch "$DOS_PATCHES/android_frameworks_base/405509.patch"; #S_asb_2024-10 Prevent Sharing when FRP enforcement is in effect
+applyPatch "$DOS_PATCHES/android_frameworks_base/405510.patch"; #S_asb_2024-10 Check whether installerPackageName contains only valid characters
 applyPatch "$DOS_PATCHES/android_frameworks_base/344888-backport.patch"; #fixup! fw/b: Add support for allowing/disallowing apps on cellular, vpn and wifi networks (CalyxOS)
 applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)