diff --git a/Patches/LineageOS-18.1/android_frameworks_base/405359.patch b/Patches/LineageOS-18.1/android_frameworks_base/405515.patch similarity index 84% rename from Patches/LineageOS-18.1/android_frameworks_base/405359.patch rename to Patches/LineageOS-18.1/android_frameworks_base/405515.patch index 06938b45..ebe33039 100644 --- a/Patches/LineageOS-18.1/android_frameworks_base/405359.patch +++ b/Patches/LineageOS-18.1/android_frameworks_base/405515.patch @@ -1,4 +1,4 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From b0aee0b8b81d776e7c3234f7b340a856d138e4c4 Mon Sep 17 00:00:00 2001 From: Dmitry Dementyev Date: Thu, 11 Jul 2024 12:39:22 -0700 Subject: [PATCH] Update AccountManagerService checkKeyIntent. @@ -9,7 +9,7 @@ Bug: 349780950 Test: manual Flag: EXEMPT bugfix (cherry picked from commit c1e79495a49bd4d3e380136fe4bca7ac1a9ed763) -(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:1bcf4f36c171a73990b47136930af1930ccd3ece) +(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:59b2cc4447fbbdea58840f5b9d885d83241ac5f5) Merged-In: I8b23191d3d60036ca7ddf0ef7dcba6b38fb27b3c Change-Id: I8b23191d3d60036ca7ddf0ef7dcba6b38fb27b3c --- @@ -17,10 +17,10 @@ Change-Id: I8b23191d3d60036ca7ddf0ef7dcba6b38fb27b3c 1 file changed, 3 insertions(+) diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java -index 43944b050de4..d55be44f62cd 100644 +index 37a68d3eec76c..fb79904a5b3a8 100644 --- a/services/core/java/com/android/server/accounts/AccountManagerService.java +++ b/services/core/java/com/android/server/accounts/AccountManagerService.java -@@ -4895,6 +4895,9 @@ public class AccountManagerService +@@ -4812,6 +4812,9 @@ protected boolean checkKeyIntent(int authUid, Bundle bundle) { if (resolveInfo == null) { return false; } diff --git a/Patches/LineageOS-19.1/android_frameworks_base/405358.patch b/Patches/LineageOS-18.1/android_frameworks_base/405516.patch similarity index 80% rename from Patches/LineageOS-19.1/android_frameworks_base/405358.patch rename to Patches/LineageOS-18.1/android_frameworks_base/405516.patch index 357e22ac..02036d0f 100644 --- a/Patches/LineageOS-19.1/android_frameworks_base/405358.patch +++ b/Patches/LineageOS-18.1/android_frameworks_base/405516.patch @@ -1,4 +1,4 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From f31bdd9c6658dfb932eea857f17cc2d21124031e Mon Sep 17 00:00:00 2001 From: William Loh Date: Mon, 3 Jun 2024 12:56:47 -0700 Subject: [PATCH] Fail parseUri if end is missing @@ -7,7 +7,7 @@ Bug: 318683126 Test: atest IntentTest Flag: EXEMPT bugfix (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:b85bee508793e31d6fe37fc9cd4e8fa3787113cc) -(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:77c140c674ec1cec011989f4a2c2666949771370) +(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:5d754ed6dd1fd321746f5ec4742831ffd97a9967) Merged-In: I5f619ced684ff505ce2b7408cd35dd3e9be89dea Change-Id: I5f619ced684ff505ce2b7408cd35dd3e9be89dea --- @@ -15,10 +15,10 @@ Change-Id: I5f619ced684ff505ce2b7408cd35dd3e9be89dea 1 file changed, 3 insertions(+) diff --git a/core/java/android/content/Intent.java b/core/java/android/content/Intent.java -index 6224758ce71a..ec67c7239df2 100644 +index 24d59a0826c85..4ea29407f352f 100644 --- a/core/java/android/content/Intent.java +++ b/core/java/android/content/Intent.java -@@ -7322,6 +7322,9 @@ public class Intent implements Parcelable, Cloneable { +@@ -7053,6 +7053,9 @@ public static Intent parseUri(String uri, @UriFlags int flags) throws URISyntaxE int eq = uri.indexOf('=', i); if (eq < 0) eq = i-1; int semi = uri.indexOf(';', i); diff --git a/Patches/LineageOS-19.1/android_frameworks_base/405360-backport.patch b/Patches/LineageOS-18.1/android_frameworks_base/405517.patch similarity index 86% rename from Patches/LineageOS-19.1/android_frameworks_base/405360-backport.patch rename to Patches/LineageOS-18.1/android_frameworks_base/405517.patch index b077f1e3..9df47e9a 100644 --- a/Patches/LineageOS-19.1/android_frameworks_base/405360-backport.patch +++ b/Patches/LineageOS-18.1/android_frameworks_base/405517.patch @@ -1,4 +1,4 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From 1346eac616e21574788efa8bf374d8eb1ee744b7 Mon Sep 17 00:00:00 2001 From: Mark Renouf Date: Thu, 20 Jun 2024 16:37:42 -0400 Subject: [PATCH] Prevent Sharing when FRP enforcement is in effect @@ -11,7 +11,7 @@ adb shell 'am start -a android.intent.action.CHOOSER --eu android.intent.extra.I Bug: 327645387 Test: manual; trigger FRP; attempt to open share sheet using adb -(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:1c7101154d42f804d52d65643a7e79dfee22295a) +(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:5080af26387a18d5638d5a42eadfb8d4d700518c) Merged-In: I1db78ab74babe71b516f601be35cf476b5e43271 Change-Id: I1db78ab74babe71b516f601be35cf476b5e43271 --- @@ -19,10 +19,10 @@ Change-Id: I1db78ab74babe71b516f601be35cf476b5e43271 1 file changed, 8 insertions(+) diff --git a/core/java/com/android/internal/app/ChooserActivity.java b/core/java/com/android/internal/app/ChooserActivity.java -index 9d95a6b346b3..c741029143ec 100644 +index bc80dc9213bea..e259f1d20adb9 100644 --- a/core/java/com/android/internal/app/ChooserActivity.java +++ b/core/java/com/android/internal/app/ChooserActivity.java -@@ -600,6 +600,14 @@ public class ChooserActivity extends ResolverActivity implements +@@ -594,6 +594,14 @@ public void handleMessage(Message msg) { @Override protected void onCreate(Bundle savedInstanceState) { diff --git a/Patches/LineageOS-19.1/android_frameworks_base/405361-backport.patch b/Patches/LineageOS-18.1/android_frameworks_base/405518.patch similarity index 79% rename from Patches/LineageOS-19.1/android_frameworks_base/405361-backport.patch rename to Patches/LineageOS-18.1/android_frameworks_base/405518.patch index a8afe636..0e896ad4 100644 --- a/Patches/LineageOS-19.1/android_frameworks_base/405361-backport.patch +++ b/Patches/LineageOS-18.1/android_frameworks_base/405518.patch @@ -1,13 +1,13 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From 5fe06ebbd23db602bb46ba51a7e40711d7823be6 Mon Sep 17 00:00:00 2001 From: Sumedh Sen -Date: Wed, 17 Jul 2024 17:42:43 +0000 -Subject: [PATCH] Check whether installerPackageName contains only valid - characters +Date: Wed, 17 Jul 2024 01:00:55 +0000 +Subject: [PATCH] [RESTRICT AUTOMERGE] Check whether installerPackageName + contains only valid characters Bug: 341256391 Bug: 307532206 Test: sts-tradefed run sts-dynamic-develop -m CtsSecurityTestCases -t android.security.cts.CVE_2024_0044 -(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:7aa86be3077b0ffa3de2345788c7c711fcfb4fe7) +(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:9b850b6f68e63288f240439601723412324381bb) Merged-In: I74a172c617d6f5b13f0708092156b657b73b5891 Change-Id: I74a172c617d6f5b13f0708092156b657b73b5891 --- @@ -15,10 +15,10 @@ Change-Id: I74a172c617d6f5b13f0708092156b657b73b5891 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/services/core/java/com/android/server/pm/PackageInstallerService.java b/services/core/java/com/android/server/pm/PackageInstallerService.java -index 02515cfdc16a..310c56ef1260 100644 +index 7e67021e3b847..ab8cc4c8d6697 100644 --- a/services/core/java/com/android/server/pm/PackageInstallerService.java +++ b/services/core/java/com/android/server/pm/PackageInstallerService.java -@@ -609,12 +609,17 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements +@@ -580,12 +580,17 @@ private int createSessionInternal(SessionParams params, String installerPackageN params.appLabel = TextUtils.trimToSize(params.appLabel, PackageItemInfo.MAX_SAFE_LABEL_LENGTH); diff --git a/Patches/LineageOS-18.1/android_packages_apps_Bluetooth/405364-backport.patch b/Patches/LineageOS-18.1/android_packages_apps_Bluetooth/405540.patch similarity index 95% rename from Patches/LineageOS-18.1/android_packages_apps_Bluetooth/405364-backport.patch rename to Patches/LineageOS-18.1/android_packages_apps_Bluetooth/405540.patch index 8494df55..6a9e2285 100644 --- a/Patches/LineageOS-18.1/android_packages_apps_Bluetooth/405364-backport.patch +++ b/Patches/LineageOS-18.1/android_packages_apps_Bluetooth/405540.patch @@ -1,4 +1,4 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From 6799e4b038c33ce3fd175749ebdea69379a5489f Mon Sep 17 00:00:00 2001 From: Himanshu Rawat Date: Mon, 8 Apr 2024 19:44:45 +0000 Subject: [PATCH] RESTRICT AUTOMERGE Disallow unexpected incoming HID @@ -61,7 +61,7 @@ diff --git a/src/com/android/bluetooth/hid/HidHostService.java b/src/com/android index 10d414d46..ed35c2908 100644 --- a/src/com/android/bluetooth/hid/HidHostService.java +++ b/src/com/android/bluetooth/hid/HidHostService.java -@@ -161,7 +161,10 @@ public class HidHostService extends ProfileService { +@@ -161,7 +161,10 @@ public void handleMessage(Message msg) { break; case MESSAGE_DISCONNECT: { BluetoothDevice device = (BluetoothDevice) msg.obj; @@ -73,7 +73,7 @@ index 10d414d46..ed35c2908 100644 broadcastConnectionState(device, BluetoothProfile.STATE_DISCONNECTING); broadcastConnectionState(device, BluetoothProfile.STATE_DISCONNECTED); break; -@@ -934,7 +937,7 @@ public class HidHostService extends ProfileService { +@@ -934,7 +937,7 @@ public void dump(StringBuilder sb) { private native boolean connectHidNative(byte[] btAddress); diff --git a/Patches/LineageOS-18.1/android_packages_apps_Settings/405363-backport.patch b/Patches/LineageOS-18.1/android_packages_apps_Settings/405534.patch similarity index 80% rename from Patches/LineageOS-18.1/android_packages_apps_Settings/405363-backport.patch rename to Patches/LineageOS-18.1/android_packages_apps_Settings/405534.patch index b9f18fbc..7f50d430 100644 --- a/Patches/LineageOS-18.1/android_packages_apps_Settings/405363-backport.patch +++ b/Patches/LineageOS-18.1/android_packages_apps_Settings/405534.patch @@ -1,4 +1,4 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From da6ee7b698b7d4c4cbe56c70027904268b72d0f1 Mon Sep 17 00:00:00 2001 From: Yiling Chuang Date: Mon, 8 Jul 2024 03:09:50 +0000 Subject: [PATCH] RESTRICT AUTOMERGE FRP bypass defense in App battery usage @@ -12,7 +12,7 @@ Test: atest SettingsRoboTests + manual test Flag : EXEMPT bugfix (cherry picked from commit 419a6a907902a12a0f565c808fa70092004d6686) -(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:e5d21702863284479af7561e3c833bc2cab2a7d3) +(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:62b0014ed6e69b0abc48a5c18b740f95bc5dc429) Merged-In: I486820ca2afecc02729a56a3c531fb931c1907d0 Change-Id: I486820ca2afecc02729a56a3c531fb931c1907d0 --- @@ -21,24 +21,26 @@ Change-Id: I486820ca2afecc02729a56a3c531fb931c1907d0 2 files changed, 10 insertions(+) diff --git a/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetail.java b/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetail.java -index e8d5f3330f2..4feac32d030 100644 +index e8d5f3330f2..d17642053e7 100644 --- a/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetail.java +++ b/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetail.java -@@ -311,4 +311,9 @@ public class AdvancedPowerUsageDetail extends DashboardFragment implements - mBackgroundActivityPreferenceController.updateSummary( - findPreference(mBackgroundActivityPreferenceController.getPreferenceKey())); +@@ -210,6 +210,11 @@ public void onResume() { + initPreference(); } -+ + + @Override + protected boolean shouldSkipForInitialSUW() { + return true; + } - } ++ + @VisibleForTesting + void initHeader() { + final View appSnippet = mHeaderPreference.findViewById(R.id.entity_header); diff --git a/tests/robotests/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetailTest.java b/tests/robotests/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetailTest.java index 8eeac8d26b0..37fa511beeb 100644 --- a/tests/robotests/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetailTest.java +++ b/tests/robotests/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetailTest.java -@@ -395,4 +395,9 @@ public class AdvancedPowerUsageDetailTest { +@@ -395,4 +395,9 @@ public void testInitPreference_hasCorrectSummary() { assertThat(mForegroundPreference.getSummary().toString()).isEqualTo("Used for 0 min"); assertThat(mBackgroundPreference.getSummary().toString()).isEqualTo("Active for 0 min"); } diff --git a/Patches/LineageOS-18.1/android_system_bt/405535.patch b/Patches/LineageOS-18.1/android_system_bt/405535.patch new file mode 100644 index 00000000..570365f3 --- /dev/null +++ b/Patches/LineageOS-18.1/android_system_bt/405535.patch @@ -0,0 +1,34 @@ +From 2e7c27c2b5d773905ded3e89cbaa424744ddd897 Mon Sep 17 00:00:00 2001 +From: Chris Manton +Date: Sun, 29 Nov 2020 17:05:05 -0800 +Subject: [PATCH] Add privatize option for bluetooth addresses for logging + +Toward loggable code + +Bug: 163134718 +Tag: #refactor +Test: gd/cert/run --host + +Change-Id: Id568adb9f9497072a79100202501c4d207e40828 +--- + main/shim/dumpsys.h | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/main/shim/dumpsys.h b/main/shim/dumpsys.h +index 91c4ea74618..21339463265 100644 +--- a/main/shim/dumpsys.h ++++ b/main/shim/dumpsys.h +@@ -18,6 +18,13 @@ + + #include + #include ++#include ++ ++constexpr char kPrivateAddressPrefix[] = "xx:xx:xx:xx"; ++#define PRIVATE_ADDRESS(addr) \ ++ (addr.ToString() \ ++ .replace(0, strlen(kPrivateAddressPrefix), kPrivateAddressPrefix) \ ++ .c_str()) + + namespace bluetooth { + namespace shim { diff --git a/Patches/LineageOS-18.1/android_system_bt/405536.patch b/Patches/LineageOS-18.1/android_system_bt/405536.patch new file mode 100644 index 00000000..d945ae1e --- /dev/null +++ b/Patches/LineageOS-18.1/android_system_bt/405536.patch @@ -0,0 +1,56 @@ +From 935b7a26fa502de27c0cd3c97a05381319e8f22c Mon Sep 17 00:00:00 2001 +From: Chris Manton +Date: Sun, 14 Mar 2021 09:52:19 -0700 +Subject: [PATCH] Add btif/include/btif_hh::btif_hh_status_text + +Toward loggable code + +Bug: 163134718 +Test: gd/cert/run +Tag: #refactor +BYPASS_LONG_LINES_REASON: Bluetooth likes 120 lines + +Change-Id: Iab6a4f33a3e498c33f4870abc5abd59e073d03f2 +--- + btif/include/btif_hh.h | 21 ++++++++++++++++++++- + 1 file changed, 20 insertions(+), 1 deletion(-) + +diff --git a/btif/include/btif_hh.h b/btif/include/btif_hh.h +index b71d347c1a7..f33598d2f19 100644 +--- a/btif/include/btif_hh.h ++++ b/btif/include/btif_hh.h +@@ -46,7 +46,7 @@ + * Type definitions and return values + ******************************************************************************/ + +-typedef enum { ++typedef enum : unsigned { + BTIF_HH_DISABLED = 0, + BTIF_HH_ENABLED, + BTIF_HH_DISABLING, +@@ -56,6 +56,25 @@ typedef enum { + BTIF_HH_DEV_DISCONNECTED + } BTIF_HH_STATUS; + ++#define CASE_RETURN_TEXT(code) \ ++ case code: \ ++ return #code ++ ++inline std::string btif_hh_status_text(const BTIF_HH_STATUS& status) { ++ switch (status) { ++ CASE_RETURN_TEXT(BTIF_HH_DISABLED); ++ CASE_RETURN_TEXT(BTIF_HH_ENABLED); ++ CASE_RETURN_TEXT(BTIF_HH_DISABLING); ++ CASE_RETURN_TEXT(BTIF_HH_DEV_UNKNOWN); ++ CASE_RETURN_TEXT(BTIF_HH_DEV_CONNECTING); ++ CASE_RETURN_TEXT(BTIF_HH_DEV_CONNECTED); ++ CASE_RETURN_TEXT(BTIF_HH_DEV_DISCONNECTED); ++ default: ++ return std::string("UNKNOWN[%hhu]", status); ++ } ++} ++#undef CASE_RETURN_TEXT ++ + typedef struct { + bthh_connection_state_t dev_status; + uint8_t dev_handle; diff --git a/Patches/LineageOS-18.1/android_system_bt/405364-backport.patch b/Patches/LineageOS-18.1/android_system_bt/405537.patch similarity index 87% rename from Patches/LineageOS-18.1/android_system_bt/405364-backport.patch rename to Patches/LineageOS-18.1/android_system_bt/405537.patch index ae1f6af9..158a347e 100644 --- a/Patches/LineageOS-18.1/android_system_bt/405364-backport.patch +++ b/Patches/LineageOS-18.1/android_system_bt/405537.patch @@ -1,8 +1,7 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From 1017cfa02f11db8d077d5d7a32dd46da7c8b050b Mon Sep 17 00:00:00 2001 From: Himanshu Rawat Date: Mon, 8 Apr 2024 19:42:21 +0000 -Subject: [PATCH] RESTRICT AUTOMERGE Disallow unexpected incoming HID - connections 1/2 +Subject: [PATCH] [BACKPORT] Disallow unexpected incoming HID connections 1/2 HID profile accepted any new incoming HID connection. Even when the connection policy disabled HID connection, remote devices could initiate @@ -22,16 +21,16 @@ Change-Id: I6e9db983e752dd498625078c13b736cd4c668806 --- btif/include/btif_hh.h | 4 +- btif/include/btif_storage.h | 23 ++++++++++ - btif/src/btif_hh.cc | 86 ++++++++++++++++++++++++++++++++++--- - btif/src/btif_storage.cc | 52 +++++++++++++++++++++- + btif/src/btif_hh.cc | 87 ++++++++++++++++++++++++++++++++++--- + btif/src/btif_storage.cc | 53 +++++++++++++++++++++- include/hardware/bt_hh.h | 2 +- - 5 files changed, 159 insertions(+), 8 deletions(-) + 5 files changed, 161 insertions(+), 8 deletions(-) diff --git a/btif/include/btif_hh.h b/btif/include/btif_hh.h -index b71d347c1..ba51aec98 100644 +index f33598d2f19..f93341d89f1 100644 --- a/btif/include/btif_hh.h +++ b/btif/include/btif_hh.h -@@ -78,6 +78,7 @@ typedef struct { +@@ -97,6 +97,7 @@ typedef struct { uint8_t dev_handle; RawAddress bd_addr; tBTA_HH_ATTR_MASK attr_mask; @@ -39,7 +38,7 @@ index b71d347c1..ba51aec98 100644 } btif_hh_added_device_t; /** -@@ -103,7 +104,8 @@ extern btif_hh_cb_t btif_hh_cb; +@@ -122,7 +123,8 @@ extern btif_hh_cb_t btif_hh_cb; extern btif_hh_device_t* btif_hh_find_connected_dev_by_handle(uint8_t handle); extern void btif_hh_remove_device(RawAddress bd_addr); extern bool btif_hh_add_added_dev(const RawAddress& bda, @@ -50,7 +49,7 @@ index b71d347c1..ba51aec98 100644 extern void btif_hh_disconnect(RawAddress* bd_addr); extern void btif_hh_setreport(btif_hh_device_t* p_dev, diff --git a/btif/include/btif_storage.h b/btif/include/btif_storage.h -index 1c1163d14..362ffdc21 100644 +index 1c1163d1428..362ffdc21bb 100644 --- a/btif/include/btif_storage.h +++ b/btif/include/btif_storage.h @@ -178,6 +178,29 @@ bt_status_t btif_storage_remove_bonded_device(const RawAddress* remote_bd_addr); @@ -84,10 +83,18 @@ index 1c1163d14..362ffdc21 100644 * * Function btif_storage_add_hid_device_info diff --git a/btif/src/btif_hh.cc b/btif/src/btif_hh.cc -index 97479e040..41636d368 100644 +index 97479e040ba..25fb151d260 100644 --- a/btif/src/btif_hh.cc +++ b/btif/src/btif_hh.cc -@@ -334,6 +334,24 @@ btif_hh_device_t* btif_hh_find_connected_dev_by_handle(uint8_t handle) { +@@ -42,6 +42,7 @@ + #include "btif_storage.h" + #include "btif_util.h" + #include "l2c_api.h" ++#include "main/shim/dumpsys.h" + #include "osi/include/log.h" + #include "osi/include/osi.h" + +@@ -334,6 +335,24 @@ btif_hh_device_t* btif_hh_find_connected_dev_by_handle(uint8_t handle) { return NULL; } @@ -112,7 +119,7 @@ index 97479e040..41636d368 100644 /******************************************************************************* * * Function btif_hh_find_dev_by_bda -@@ -419,7 +437,8 @@ void btif_hh_start_vup_timer(const RawAddress* bd_addr) { +@@ -419,7 +438,8 @@ void btif_hh_start_vup_timer(const RawAddress* bd_addr) { * * Returns true if add successfully, otherwise false. ******************************************************************************/ @@ -122,7 +129,7 @@ index 97479e040..41636d368 100644 int i; for (i = 0; i < BTIF_HH_MAX_ADDED_DEV; i++) { if (btif_hh_cb.added_devices[i].bd_addr == bda) { -@@ -433,6 +452,7 @@ bool btif_hh_add_added_dev(const RawAddress& bda, tBTA_HH_ATTR_MASK attr_mask) { +@@ -433,6 +453,7 @@ bool btif_hh_add_added_dev(const RawAddress& bda, tBTA_HH_ATTR_MASK attr_mask) { btif_hh_cb.added_devices[i].bd_addr = bda; btif_hh_cb.added_devices[i].dev_handle = BTA_HH_INVALID_HANDLE; btif_hh_cb.added_devices[i].attr_mask = attr_mask; @@ -130,7 +137,7 @@ index 97479e040..41636d368 100644 return true; } } -@@ -712,6 +732,23 @@ void btif_hh_getreport(btif_hh_device_t* p_dev, bthh_report_type_t r_type, +@@ -712,6 +733,23 @@ void btif_hh_getreport(btif_hh_device_t* p_dev, bthh_report_type_t r_type, * ****************************************************************************/ @@ -139,10 +146,10 @@ index 97479e040..41636d368 100644 + * outgoing connection was requested */ + btif_hh_added_device_t* added_dev = btif_hh_find_added_dev(bda); + if (added_dev != nullptr && added_dev->reconnect_allowed) { -+ LOG_VERBOSE("Connection allowed %s", PRIVATE_ADDRESS(bda)); ++ LOG_VERBOSE(LOG_TAG, "Connection allowed %s", PRIVATE_ADDRESS(bda)); + return true; + } else if (btif_hh_cb.pending_conn_address == bda) { -+ LOG_VERBOSE("Device connection was pending for: %s, status: %s", ++ LOG_VERBOSE(LOG_TAG, "Device connection was pending for: %s, status: %s", + PRIVATE_ADDRESS(bda), + btif_hh_status_text(btif_hh_cb.status).c_str()); + return true; @@ -154,7 +161,7 @@ index 97479e040..41636d368 100644 /******************************************************************************* * * Function btif_hh_upstreams_evt -@@ -770,9 +807,26 @@ static void btif_hh_upstreams_evt(uint16_t event, char* p_param) { +@@ -770,9 +808,26 @@ static void btif_hh_upstreams_evt(uint16_t event, char* p_param) { p_data->status); break; @@ -164,7 +171,7 @@ index 97479e040..41636d368 100644 p_data->conn.handle, p_data->conn.status); + + if (!btif_hh_connection_allowed(p_data->conn.bda)) { -+ LOG_WARN("Reject Incoming HID Connection, device: %s", ++ LOG_WARN(LOG_TAG, "Reject Incoming HID Connection, device: %s", + PRIVATE_ADDRESS(p_data->conn.bda)); + btif_hh_device_t* p_dev = + btif_hh_find_connected_dev_by_handle(p_data->conn.handle); @@ -182,7 +189,7 @@ index 97479e040..41636d368 100644 btif_hh_cb.pending_conn_address = RawAddress::kEmpty; if (p_data->conn.status == BTA_HH_OK) { p_dev = btif_hh_find_connected_dev_by_handle(p_data->conn.handle); -@@ -831,6 +885,7 @@ static void btif_hh_upstreams_evt(uint16_t event, char* p_param) { +@@ -831,6 +886,7 @@ static void btif_hh_upstreams_evt(uint16_t event, char* p_param) { btif_hh_cb.status = (BTIF_HH_STATUS)BTIF_HH_DEV_DISCONNECTED; } break; @@ -190,7 +197,7 @@ index 97479e040..41636d368 100644 case BTA_HH_CLOSE_EVT: BTIF_TRACE_DEBUG("BTA_HH_CLOSE_EVT: status = %d, handle = %d", -@@ -983,7 +1038,7 @@ static void btif_hh_upstreams_evt(uint16_t event, char* p_param) { +@@ -983,7 +1039,7 @@ static void btif_hh_upstreams_evt(uint16_t event, char* p_param) { p_data->dscp_info.version, p_data->dscp_info.ctry_code, len, p_data->dscp_info.descriptor.dsc_list); @@ -199,7 +206,7 @@ index 97479e040..41636d368 100644 tBTA_HH_DEV_DSCP_INFO dscp_info; bt_status_t ret; btif_hh_copy_hid_info(&dscp_info, &p_data->dscp_info); -@@ -999,6 +1054,8 @@ static void btif_hh_upstreams_evt(uint16_t event, char* p_param) { +@@ -999,6 +1055,8 @@ static void btif_hh_upstreams_evt(uint16_t event, char* p_param) { p_data->dscp_info.ssr_min_tout, len, p_data->dscp_info.descriptor.dsc_list); @@ -208,7 +215,7 @@ index 97479e040..41636d368 100644 ASSERTC(ret == BT_STATUS_SUCCESS, "storing hid info failed", ret); BTIF_TRACE_WARNING("BTA_HH_GET_DSCP_EVT: Called add device"); -@@ -1280,6 +1337,13 @@ static bt_status_t init(bthh_callbacks_t* callbacks) { +@@ -1280,6 +1338,13 @@ static bt_status_t init(bthh_callbacks_t* callbacks) { ******************************************************************************/ static bt_status_t connect(RawAddress* bd_addr) { if (btif_hh_cb.status != BTIF_HH_DEV_CONNECTING) { @@ -222,7 +229,7 @@ index 97479e040..41636d368 100644 btif_transfer_context(btif_hh_handle_evt, BTIF_HH_CONNECT_REQ_EVT, (char*)bd_addr, sizeof(RawAddress), NULL); return BT_STATUS_SUCCESS; -@@ -1296,7 +1360,7 @@ static bt_status_t connect(RawAddress* bd_addr) { +@@ -1296,7 +1361,7 @@ static bt_status_t connect(RawAddress* bd_addr) { * Returns bt_status_t * ******************************************************************************/ @@ -231,13 +238,13 @@ index 97479e040..41636d368 100644 CHECK_BTHH_INIT(); BTIF_TRACE_EVENT("BTHH: %s", __func__); btif_hh_device_t* p_dev; -@@ -1306,6 +1370,17 @@ static bt_status_t disconnect(RawAddress* bd_addr) { +@@ -1306,6 +1371,17 @@ static bt_status_t disconnect(RawAddress* bd_addr) { btif_hh_cb.status); return BT_STATUS_FAIL; } + + if (!reconnect_allowed) { -+ LOG_INFO("Incoming reconnections disabled for device %s", ++ LOG_INFO(LOG_TAG, "Incoming reconnections disabled for device %s", + PRIVATE_ADDRESS((*bd_addr))); + btif_hh_added_device_t* added_dev = btif_hh_find_added_dev(*bd_addr); + if (added_dev != nullptr && added_dev->reconnect_allowed) { @@ -249,7 +256,7 @@ index 97479e040..41636d368 100644 p_dev = btif_hh_find_connected_dev_by_bda(*bd_addr); if (p_dev != NULL) { return btif_transfer_context(btif_hh_handle_evt, BTIF_HH_DISCONNECT_REQ_EVT, -@@ -1437,9 +1512,10 @@ static bt_status_t set_info(RawAddress* bd_addr, bthh_hid_info_t hid_info) { +@@ -1437,9 +1513,10 @@ static bt_status_t set_info(RawAddress* bd_addr, bthh_hid_info_t hid_info) { (uint8_t*)osi_malloc(dscp_info.descriptor.dl_len); memcpy(dscp_info.descriptor.dsc_list, &(hid_info.dsc_list), hid_info.dl_len); @@ -262,7 +269,7 @@ index 97479e040..41636d368 100644 osi_free_and_reset((void**)&dscp_info.descriptor.dsc_list); diff --git a/btif/src/btif_storage.cc b/btif/src/btif_storage.cc -index 95e4ef071..c8205da09 100644 +index 95e4ef07150..8077ae55547 100644 --- a/btif/src/btif_storage.cc +++ b/btif/src/btif_storage.cc @@ -83,6 +83,8 @@ using bluetooth::Uuid; @@ -325,20 +332,21 @@ index 95e4ef071..c8205da09 100644 /******************************************************************************* * * Function btif_storage_add_hid_device_info -@@ -1425,8 +1471,11 @@ bt_status_t btif_storage_load_bonded_hid_info(void) { +@@ -1425,8 +1471,12 @@ bt_status_t btif_storage_load_bonded_hid_info(void) { RawAddress bd_addr; RawAddress::FromString(name, bd_addr); + + bool reconnect_allowed = false; + btif_storage_get_hid_connection_policy(bd_addr, &reconnect_allowed); ++ // add extracted information to BTA HH - if (btif_hh_add_added_dev(bd_addr, attr_mask)) { + if (btif_hh_add_added_dev(bd_addr, attr_mask, reconnect_allowed)) { BTA_HhAddDev(bd_addr, attr_mask, sub_class, app_id, dscp_info); } } -@@ -1458,6 +1507,7 @@ bt_status_t btif_storage_remove_hid_info(RawAddress* remote_bd_addr) { +@@ -1458,6 +1508,7 @@ bt_status_t btif_storage_remove_hid_info(RawAddress* remote_bd_addr) { btif_config_remove(bdstr, "HidSSRMaxLatency"); btif_config_remove(bdstr, "HidSSRMinTimeout"); btif_config_remove(bdstr, "HidDescriptor"); @@ -347,7 +355,7 @@ index 95e4ef071..c8205da09 100644 return BT_STATUS_SUCCESS; } diff --git a/include/hardware/bt_hh.h b/include/hardware/bt_hh.h -index b87b129bb..923c62792 100644 +index b87b129bb12..923c6279216 100644 --- a/include/hardware/bt_hh.h +++ b/include/hardware/bt_hh.h @@ -154,7 +154,7 @@ typedef struct { diff --git a/Patches/LineageOS-19.1/android_frameworks_base/405359.patch b/Patches/LineageOS-19.1/android_frameworks_base/405507.patch similarity index 84% rename from Patches/LineageOS-19.1/android_frameworks_base/405359.patch rename to Patches/LineageOS-19.1/android_frameworks_base/405507.patch index 06938b45..fd98b376 100644 --- a/Patches/LineageOS-19.1/android_frameworks_base/405359.patch +++ b/Patches/LineageOS-19.1/android_frameworks_base/405507.patch @@ -1,4 +1,4 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From 0ae6d568dabe36c3d303849aee50ce01f58eea11 Mon Sep 17 00:00:00 2001 From: Dmitry Dementyev Date: Thu, 11 Jul 2024 12:39:22 -0700 Subject: [PATCH] Update AccountManagerService checkKeyIntent. @@ -9,7 +9,7 @@ Bug: 349780950 Test: manual Flag: EXEMPT bugfix (cherry picked from commit c1e79495a49bd4d3e380136fe4bca7ac1a9ed763) -(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:1bcf4f36c171a73990b47136930af1930ccd3ece) +(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:2fec744928adb3e30539a1b9f7bff4ca0ec68bcd) Merged-In: I8b23191d3d60036ca7ddf0ef7dcba6b38fb27b3c Change-Id: I8b23191d3d60036ca7ddf0ef7dcba6b38fb27b3c --- @@ -17,10 +17,10 @@ Change-Id: I8b23191d3d60036ca7ddf0ef7dcba6b38fb27b3c 1 file changed, 3 insertions(+) diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java -index 43944b050de4..d55be44f62cd 100644 +index 43944b050de4e..d55be44f62cdc 100644 --- a/services/core/java/com/android/server/accounts/AccountManagerService.java +++ b/services/core/java/com/android/server/accounts/AccountManagerService.java -@@ -4895,6 +4895,9 @@ public class AccountManagerService +@@ -4895,6 +4895,9 @@ protected boolean checkKeyIntent(int authUid, Bundle bundle) { if (resolveInfo == null) { return false; } diff --git a/Patches/LineageOS-18.1/android_frameworks_base/405358.patch b/Patches/LineageOS-19.1/android_frameworks_base/405508.patch similarity index 81% rename from Patches/LineageOS-18.1/android_frameworks_base/405358.patch rename to Patches/LineageOS-19.1/android_frameworks_base/405508.patch index 357e22ac..2f37ca34 100644 --- a/Patches/LineageOS-18.1/android_frameworks_base/405358.patch +++ b/Patches/LineageOS-19.1/android_frameworks_base/405508.patch @@ -1,4 +1,4 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From aa9853f993a575fb59dd2ccc4cfeb54bbaa1ab4d Mon Sep 17 00:00:00 2001 From: William Loh Date: Mon, 3 Jun 2024 12:56:47 -0700 Subject: [PATCH] Fail parseUri if end is missing @@ -7,7 +7,7 @@ Bug: 318683126 Test: atest IntentTest Flag: EXEMPT bugfix (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:b85bee508793e31d6fe37fc9cd4e8fa3787113cc) -(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:77c140c674ec1cec011989f4a2c2666949771370) +(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:a649e8e9abfb16548ccf57d8b740b4bf9ff73ef4) Merged-In: I5f619ced684ff505ce2b7408cd35dd3e9be89dea Change-Id: I5f619ced684ff505ce2b7408cd35dd3e9be89dea --- @@ -15,10 +15,10 @@ Change-Id: I5f619ced684ff505ce2b7408cd35dd3e9be89dea 1 file changed, 3 insertions(+) diff --git a/core/java/android/content/Intent.java b/core/java/android/content/Intent.java -index 6224758ce71a..ec67c7239df2 100644 +index 6224758ce71a4..ec67c7239df25 100644 --- a/core/java/android/content/Intent.java +++ b/core/java/android/content/Intent.java -@@ -7322,6 +7322,9 @@ public class Intent implements Parcelable, Cloneable { +@@ -7322,6 +7322,9 @@ private static Intent parseUriInternal(String uri, @UriFlags int flags) int eq = uri.indexOf('=', i); if (eq < 0) eq = i-1; int semi = uri.indexOf(';', i); diff --git a/Patches/LineageOS-18.1/android_frameworks_base/405360-backport.patch b/Patches/LineageOS-19.1/android_frameworks_base/405509.patch similarity index 86% rename from Patches/LineageOS-18.1/android_frameworks_base/405360-backport.patch rename to Patches/LineageOS-19.1/android_frameworks_base/405509.patch index b077f1e3..7c9237c4 100644 --- a/Patches/LineageOS-18.1/android_frameworks_base/405360-backport.patch +++ b/Patches/LineageOS-19.1/android_frameworks_base/405509.patch @@ -1,4 +1,4 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From eaed3b4cae32cee9b843fb94f4c9c6aa119e9e90 Mon Sep 17 00:00:00 2001 From: Mark Renouf Date: Thu, 20 Jun 2024 16:37:42 -0400 Subject: [PATCH] Prevent Sharing when FRP enforcement is in effect @@ -11,7 +11,7 @@ adb shell 'am start -a android.intent.action.CHOOSER --eu android.intent.extra.I Bug: 327645387 Test: manual; trigger FRP; attempt to open share sheet using adb -(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:1c7101154d42f804d52d65643a7e79dfee22295a) +(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:697997f9cb0d7cf943549ca757ccc85c6c02ab74) Merged-In: I1db78ab74babe71b516f601be35cf476b5e43271 Change-Id: I1db78ab74babe71b516f601be35cf476b5e43271 --- @@ -19,10 +19,10 @@ Change-Id: I1db78ab74babe71b516f601be35cf476b5e43271 1 file changed, 8 insertions(+) diff --git a/core/java/com/android/internal/app/ChooserActivity.java b/core/java/com/android/internal/app/ChooserActivity.java -index 9d95a6b346b3..c741029143ec 100644 +index 9d95a6b346b3b..c741029143eca 100644 --- a/core/java/com/android/internal/app/ChooserActivity.java +++ b/core/java/com/android/internal/app/ChooserActivity.java -@@ -600,6 +600,14 @@ public class ChooserActivity extends ResolverActivity implements +@@ -600,6 +600,14 @@ public void handleMessage(Message msg) { @Override protected void onCreate(Bundle savedInstanceState) { diff --git a/Patches/LineageOS-18.1/android_frameworks_base/405361-backport.patch b/Patches/LineageOS-19.1/android_frameworks_base/405510.patch similarity index 79% rename from Patches/LineageOS-18.1/android_frameworks_base/405361-backport.patch rename to Patches/LineageOS-19.1/android_frameworks_base/405510.patch index a8afe636..0e9bcc7a 100644 --- a/Patches/LineageOS-18.1/android_frameworks_base/405361-backport.patch +++ b/Patches/LineageOS-19.1/android_frameworks_base/405510.patch @@ -1,13 +1,13 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From 183c70e744c8aa6e9f2e74c888785a1811bde781 Mon Sep 17 00:00:00 2001 From: Sumedh Sen -Date: Wed, 17 Jul 2024 17:42:43 +0000 -Subject: [PATCH] Check whether installerPackageName contains only valid - characters +Date: Wed, 17 Jul 2024 01:00:55 +0000 +Subject: [PATCH] [RESTRICT AUTOMERGE] Check whether installerPackageName + contains only valid characters Bug: 341256391 Bug: 307532206 Test: sts-tradefed run sts-dynamic-develop -m CtsSecurityTestCases -t android.security.cts.CVE_2024_0044 -(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:7aa86be3077b0ffa3de2345788c7c711fcfb4fe7) +(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:33d1e985c4a0118a33ea745b2786b2958a03a9b0) Merged-In: I74a172c617d6f5b13f0708092156b657b73b5891 Change-Id: I74a172c617d6f5b13f0708092156b657b73b5891 --- @@ -15,10 +15,10 @@ Change-Id: I74a172c617d6f5b13f0708092156b657b73b5891 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/services/core/java/com/android/server/pm/PackageInstallerService.java b/services/core/java/com/android/server/pm/PackageInstallerService.java -index 02515cfdc16a..310c56ef1260 100644 +index 02515cfdc16ad..310c56ef12601 100644 --- a/services/core/java/com/android/server/pm/PackageInstallerService.java +++ b/services/core/java/com/android/server/pm/PackageInstallerService.java -@@ -609,12 +609,17 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements +@@ -609,12 +609,17 @@ private int createSessionInternal(SessionParams params, String installerPackageN params.appLabel = TextUtils.trimToSize(params.appLabel, PackageItemInfo.MAX_SAFE_LABEL_LENGTH); diff --git a/Scripts/LineageOS-18.1/Patch.sh b/Scripts/LineageOS-18.1/Patch.sh index f8ba4dc8..cdda9e21 100644 --- a/Scripts/LineageOS-18.1/Patch.sh +++ b/Scripts/LineageOS-18.1/Patch.sh @@ -174,10 +174,10 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/399738.patch"; #R_asb_2024-08 B applyPatch "$DOS_PATCHES/android_frameworks_base/399739.patch"; #R_asb_2024-08 Restrict USB poups while setup is in progress applyPatch "$DOS_PATCHES/android_frameworks_base/399740.patch"; #R_asb_2024-08 Hide SAW subwindows applyPatch "$DOS_PATCHES/android_frameworks_base/403218.patch"; #R_asb_2024-09 Sanitized uri scheme by removing scheme delimiter -applyPatch "$DOS_PATCHES/android_frameworks_base/405358.patch"; #T_asb_2024-10 Fail parseUri if end is missing -applyPatch "$DOS_PATCHES/android_frameworks_base/405359.patch"; #T_asb_2024-10 Update AccountManagerService checkKeyIntent. -applyPatch "$DOS_PATCHES/android_frameworks_base/405360-backport.patch"; #T_asb_2024-10 Prevent Sharing when FRP enforcement is in effect -applyPatch "$DOS_PATCHES/android_frameworks_base/405361-backport.patch"; #T_asb_2024-10 Check whether installerPackageName contains only valid characters +applyPatch "$DOS_PATCHES/android_frameworks_base/405515.patch"; #R_asb_2024-10 Update AccountManagerService checkKeyIntent. +applyPatch "$DOS_PATCHES/android_frameworks_base/405516.patch"; #R_asb_2024-10 Fail parseUri if end is missing +applyPatch "$DOS_PATCHES/android_frameworks_base/405517.patch"; #R_asb_2024-10 Prevent Sharing when FRP enforcement is in effect +applyPatch "$DOS_PATCHES/android_frameworks_base/405518.patch"; #R_asb_2024-10 Check whether installerPackageName contains only valid characters git revert --no-edit 438d9feacfcad73d3ee918541574132928a93644; #Reverts "Allow signature spoofing for microG Companion/Services" in favor of below patch applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS) @@ -324,7 +324,7 @@ if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then awk -i inplace '!/LineageAud fi; if enterAndClear "packages/apps/Bluetooth"; then -applyPatch "$DOS_PATCHES/android_packages_apps_Bluetooth/405364-backport.patch"; #T_asb_2024-10 Disallow unexpected incoming HID connections +applyPatch "$DOS_PATCHES/android_packages_apps_Bluetooth/405540.patch"; #R_asb_2024-10 Disallow unexpected incoming HID connections applyPatch "$DOS_PATCHES/android_packages_apps_Bluetooth/0001-constify_JNINativeMethod.patch"; #Constify JNINativeMethod tables (GrapheneOS) fi; @@ -378,7 +378,7 @@ applyPatch "$DOS_PATCHES/android_packages_apps_Settings/403219.patch"; #R_asb_20 applyPatch "$DOS_PATCHES/android_packages_apps_Settings/403220.patch"; #R_asb_2024-09 Replace getCallingActivity() with getLaunchedFromPackage() applyPatch "$DOS_PATCHES/android_packages_apps_Settings/403221.patch"; #R_asb_2024-09 Ignore fragment attr from ext authenticator resource applyPatch "$DOS_PATCHES/android_packages_apps_Settings/403222.patch"; #R_asb_2024-09 Restrict Settings Homepage prior to provisioning -applyPatch "$DOS_PATCHES/android_packages_apps_Settings/405363-backport.patch"; #T_asb_2024-10 FRP bypass defense in App battery usage page +applyPatch "$DOS_PATCHES/android_packages_apps_Settings/405534.patch"; #R_asb_2024-10 FRP bypass defense in App battery usage page #applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969) applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle-gos.patch"; #Add option to disable captive portal checks (GrapheneOS) applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0003-Remove_SensorsOff_Tile.patch"; #Remove the Sensors Off development tile (DivestOS) @@ -461,6 +461,9 @@ applyPatch "$DOS_PATCHES/android_system_bt/385558.patch"; #R_asb_2024-03 Reland: applyPatch "$DOS_PATCHES/android_system_bt/385559.patch"; #R_asb_2024-03 Fix a security bypass issue in access_secure_service_from_temp_bond applyPatch "$DOS_PATCHES/android_system_bt/397545.patch"; #R_asb_2024-07 Fix an authentication bypass bug in SMP applyPatch "$DOS_PATCHES/android_system_bt/399742.patch"; #R_asb_2024-08 Fix heap-buffer overflow in sdp_utils.cc +applyPatch "$DOS_PATCHES/android_system_bt/405535.patch"; #R_asb_2024-10 Add privatize option for bluetooth addresses for logging +applyPatch "$DOS_PATCHES/android_system_bt/405536.patch"; #R_asb_2024-10 Add btif/include/btif_hh::btif_hh_status_text +applyPatch "$DOS_PATCHES/android_system_bt/405537.patch"; #R_asb_2024-10 Disallow unexpected incoming HID connections 1/2 git am "$DOS_PATCHES/android_system_bt/a2dp-master-fixes.patch"; #topic (AOSP) applyPatch "$DOS_PATCHES_COMMON/android_system_bt/0001-alloc_size.patch"; #Add alloc_size attributes to the allocator (GrapheneOS) fi; diff --git a/Scripts/LineageOS-19.1/Patch.sh b/Scripts/LineageOS-19.1/Patch.sh index 014bff43..4a52504c 100644 --- a/Scripts/LineageOS-19.1/Patch.sh +++ b/Scripts/LineageOS-19.1/Patch.sh @@ -95,7 +95,7 @@ applyPatch "$DOS_PATCHES_COMMON/android_build/0001-verity-openssl3.patch"; #Fix sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches. awk -i inplace '!/updatable_apex.mk/' target/product/generic_system.mk; #Disable APEX sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS) -sed -i 's/2024-09-05/2024-10-05/' core/version_defaults.mk; #Bump Security String #x_asb_2024-10 +sed -i 's/2024-09-05/2024-10-05/' core/version_defaults.mk; #Bump Security String #S_asb_2024-10 fi; if enterAndClear "build/soong"; then @@ -135,10 +135,10 @@ fi; if enterAndClear "frameworks/base"; then git revert --no-edit 83fe523914728a3674debba17a6019cb74803045; #Reverts "Allow signature spoofing for microG Companion/Services" in favor of below patch -applyPatch "$DOS_PATCHES/android_frameworks_base/405358.patch"; #T_asb_2024-10 Fail parseUri if end is missing -applyPatch "$DOS_PATCHES/android_frameworks_base/405359.patch"; #T_asb_2024-10 Update AccountManagerService checkKeyIntent. -applyPatch "$DOS_PATCHES/android_frameworks_base/405360-backport.patch"; #T_asb_2024-10 Prevent Sharing when FRP enforcement is in effect -applyPatch "$DOS_PATCHES/android_frameworks_base/405361-backport.patch"; #T_asb_2024-10 Check whether installerPackageName contains only valid characters +applyPatch "$DOS_PATCHES/android_frameworks_base/405507.patch"; #S_asb_2024-10 Update AccountManagerService checkKeyIntent. +applyPatch "$DOS_PATCHES/android_frameworks_base/405508.patch"; #S_asb_2024-10 Fail parseUri if end is missing +applyPatch "$DOS_PATCHES/android_frameworks_base/405509.patch"; #S_asb_2024-10 Prevent Sharing when FRP enforcement is in effect +applyPatch "$DOS_PATCHES/android_frameworks_base/405510.patch"; #S_asb_2024-10 Check whether installerPackageName contains only valid characters applyPatch "$DOS_PATCHES/android_frameworks_base/344888-backport.patch"; #fixup! fw/b: Add support for allowing/disallowing apps on cellular, vpn and wifi networks (CalyxOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)