From 8b43c0a51a455ea9299be5b9c121c23d26a13f6e Mon Sep 17 00:00:00 2001 From: Tavi Date: Wed, 13 Nov 2024 07:54:08 -0500 Subject: [PATCH] 18: November 2024 ASB Picks Signed-off-by: Tavi --- Container/Dockerfile | 2 +- .../android_external_skia/408442.patch | 48 ++++++ .../android_frameworks_base/408443.patch | 31 ++++ .../android_frameworks_base/408444.patch | 76 ++++++++++ .../android_frameworks_base/408445.patch | 53 +++++++ .../android_frameworks_base/408446.patch | 46 ++++++ .../android_frameworks_base/408447.patch | 82 +++++++++++ .../android_frameworks_base/408448.patch | 137 ++++++++++++++++++ .../408452.patch | 123 ++++++++++++++++ .../408449.patch | 72 +++++++++ .../408450.patch | 33 +++++ .../408451.patch | 90 ++++++++++++ .../408453.patch | 39 +++++ Scripts/LineageOS-18.1/Patch.sh | 17 ++- 14 files changed, 847 insertions(+), 2 deletions(-) create mode 100644 Patches/LineageOS-18.1/android_external_skia/408442.patch create mode 100644 Patches/LineageOS-18.1/android_frameworks_base/408443.patch create mode 100644 Patches/LineageOS-18.1/android_frameworks_base/408444.patch create mode 100644 Patches/LineageOS-18.1/android_frameworks_base/408445.patch create mode 100644 Patches/LineageOS-18.1/android_frameworks_base/408446.patch create mode 100644 Patches/LineageOS-18.1/android_frameworks_base/408447.patch create mode 100644 Patches/LineageOS-18.1/android_frameworks_base/408448.patch create mode 100644 Patches/LineageOS-18.1/android_frameworks_opt_net_wifi/408452.patch create mode 100644 Patches/LineageOS-18.1/android_packages_apps_Settings/408449.patch create mode 100644 Patches/LineageOS-18.1/android_packages_apps_Settings/408450.patch create mode 100644 Patches/LineageOS-18.1/android_packages_apps_Settings/408451.patch create mode 100644 Patches/LineageOS-18.1/android_packages_providers_MediaProvider/408453.patch diff --git a/Container/Dockerfile b/Container/Dockerfile index 04e0b0bb..03107fc3 100644 --- a/Container/Dockerfile +++ b/Container/Dockerfile @@ -7,7 +7,7 @@ ARG username RUN dnf -y update \ # && dnf -y install bash coreutils bzip2 curl java-1.8.0-openjdk java-1.8.0-openjdk-devel unzip zip zlib \ # && dnf -y install @development-tools tini android-tools automake bc bison bzip2-libs ccache - && dnf -y install @development-tools android-tools automake bc bison bzip2 bzip2-libs ccache curl dpkg-dev flex gcc gcc-c++ git git-lfs glibc-devel.{x86_64,i686} gnupg gperf ImageMagick ImageMagick-c++-devel ImageMagick-devel java-1.8.0-openjdk java-1.8.0-openjdk-devel libgcc.{x86_64,i686} libstdc++.{x86_64,i686} libX11-devel.{x86_64,i686} libxml2-devel libXrandr.{x86_64,i686} libXrender.{x86_64,i686} libxslt lz4-libs lzop make maven mesa-libGL-devel.{x86_64,i686} ncurses ncurses-compat-libs ncurses-devel.{x86_64,i686} ninja-build openssl-devel optipng jpegoptim perl perl-Digest-MD5-File perl-Switch pngcrush python python2 python3-virtualenv python3 python3-mako python-mako python-markdown python-networkx readline-devel.{x86_64,i686} rsync schedtool SDL squashfs-tools syslinux-devel unzip wxGTK xml2 xz-lzma-compat zip zlib zlib-devel vim-common vboot-utils mozilla-fira-mono-fonts mozilla-fira-sans-fonts openssl nano htop wget libxcrypt-compat.x86_64 golang \ + && dnf -y install @development-tools android-tools automake bc bison bzip2 bzip2-libs ccache curl dpkg-dev flex gcc gcc-c++ git git-lfs glibc-devel.{x86_64,i686} gnupg gperf ImageMagick ImageMagick-c++-devel ImageMagick-devel java-1.8.0-openjdk java-1.8.0-openjdk-devel libgcc.{x86_64,i686} libstdc++.{x86_64,i686} libX11-devel.{x86_64,i686} libxml2-devel libXrandr.{x86_64,i686} libXrender.{x86_64,i686} libxslt lz4-libs lzop make maven mesa-libGL-devel.{x86_64,i686} ncurses ncurses-compat-libs ncurses-devel.{x86_64,i686} ninja-build openssl-devel optipng jpegoptim perl perl-Digest-MD5-File perl-Switch pngcrush python python2 python3-virtualenv python3 python3-mako python-mako python-markdown python-networkx readline-devel.{x86_64,i686} rsync schedtool SDL squashfs-tools syslinux-devel unzip wxGTK xml2 xz-lzma-compat zip zlib zlib-devel vim-common vboot-utils mozilla-fira-mono-fonts mozilla-fira-sans-fonts openssl nano htop wget libxcrypt-compat.x86_64 golang openssl-devel-engine \ && dnf clean all \ && curl -o /usr/local/bin/repo https://storage.googleapis.com/git-repo-downloads/repo \ && chmod a+x /usr/local/bin/repo \ diff --git a/Patches/LineageOS-18.1/android_external_skia/408442.patch b/Patches/LineageOS-18.1/android_external_skia/408442.patch new file mode 100644 index 00000000..0be252b3 --- /dev/null +++ b/Patches/LineageOS-18.1/android_external_skia/408442.patch @@ -0,0 +1,48 @@ +From cfb96168e5e753a0bdcca4874b012c25a7f7737a Mon Sep 17 00:00:00 2001 +From: Brian Osman +Date: Tue, 27 Aug 2024 14:22:52 -0400 +Subject: [PATCH] RESTRICT AUTOMERGE: Avoid potential overflow when allocating + 3D mask from emboss filter + +Note: the original fix landed after +Iac8b937e516dbfbbcefef54360dd5b7300bacb67 introduced SkMaskBuilder, so +this cherry-pick had to be tweaked to avoid conflicts. Unfortuantely +that means we need RESTRICT AUTOMERGE to prevent this modified version +from flowing through API boundaries into VIC, and we need to manually +cherry-pick it to each API level. + +Bug: 344620577 +Test: N/A -- unclear if even reachable +Reviewed-on: https://skia-review.googlesource.com/c/skia/+/893738 +Commit-Queue: Brian Osman +Reviewed-by: Ben Wagner +(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:2bc38734eec777bf2574d4b38a7fd4fc05f0ecde) +(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:69fc79acf3f05f269c55069ba5e2fbd00e1a76b6) +Merged-In: Ia35860371d45120baca63238e77faa5c0eb25d51 +Change-Id: Ia35860371d45120baca63238e77faa5c0eb25d51 +--- + src/effects/SkEmbossMaskFilter.cpp | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/src/effects/SkEmbossMaskFilter.cpp b/src/effects/SkEmbossMaskFilter.cpp +index 2dcce2b9102..8ea8c08039b 100644 +--- a/src/effects/SkEmbossMaskFilter.cpp ++++ b/src/effects/SkEmbossMaskFilter.cpp +@@ -95,11 +95,13 @@ bool SkEmbossMaskFilter::filterMask(SkMask* dst, const SkMask& src, + + { + uint8_t* alphaPlane = dst->fImage; +- size_t planeSize = dst->computeImageSize(); +- if (0 == planeSize) { +- return false; // too big to allocate, abort ++ size_t totalSize = dst->computeTotalImageSize(); ++ if (totalSize == 0) { ++ return false; // too big to allocate, abort + } +- dst->fImage = SkMask::AllocImage(planeSize * 3); ++ size_t planeSize = dst->computeImageSize(); ++ SkASSERT(planeSize != 0); // if totalSize didn't overflow, this can't either ++ dst->fImage = SkMask::AllocImage(totalSize); + memcpy(dst->fImage, alphaPlane, planeSize); + SkMask::FreeImage(alphaPlane); + } diff --git a/Patches/LineageOS-18.1/android_frameworks_base/408443.patch b/Patches/LineageOS-18.1/android_frameworks_base/408443.patch new file mode 100644 index 00000000..4d4bbaf3 --- /dev/null +++ b/Patches/LineageOS-18.1/android_frameworks_base/408443.patch @@ -0,0 +1,31 @@ +From 3651d27fdb579b51ea8a9b12fc18ca6e495566da Mon Sep 17 00:00:00 2001 +From: Dmitry Dementyev +Date: Tue, 2 Jul 2024 11:02:07 -0700 +Subject: [PATCH] Remove authenticator data if it was disabled. + +Test: manual +Bug: 343440463 +Flag: EXEMPT bugfix +(cherry picked from commit ddfc078af7e89641360b896f99af23a6b371b847) +(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:c2660dcf7fca3f652528d219767f65858bbbe622) +Merged-In: I36bd6bf101da03c9c30a6d3c0080b801e7898bc6 +Change-Id: I36bd6bf101da03c9c30a6d3c0080b801e7898bc6 +--- + .../com/android/server/accounts/AccountManagerService.java | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java +index fb79904a5b3a8..5718071c2bc4e 100644 +--- a/services/core/java/com/android/server/accounts/AccountManagerService.java ++++ b/services/core/java/com/android/server/accounts/AccountManagerService.java +@@ -1165,6 +1165,10 @@ private void validateAccountsInternal( + obsoleteAuthType.add(type); + // And delete it from the TABLE_META + accountsDb.deleteMetaByAuthTypeAndUid(type, uid); ++ } else if (knownUid != null && knownUid != uid) { ++ Slog.w(TAG, "authenticator no longer exist for type " + type); ++ obsoleteAuthType.add(type); ++ accountsDb.deleteMetaByAuthTypeAndUid(type, uid); + } + } + } diff --git a/Patches/LineageOS-18.1/android_frameworks_base/408444.patch b/Patches/LineageOS-18.1/android_frameworks_base/408444.patch new file mode 100644 index 00000000..ac370c57 --- /dev/null +++ b/Patches/LineageOS-18.1/android_frameworks_base/408444.patch @@ -0,0 +1,76 @@ +From 3f5562449aad196198d0d36c312e6461920cebce Mon Sep 17 00:00:00 2001 +From: Jean-Michel Trivi +Date: Mon, 24 Jun 2024 17:29:14 -0700 +Subject: [PATCH] RingtoneManager: allow video ringtone URI + +When checking the MIME type for the default ringtone, also +allow it to refer to video content. + +Bug: 205837340 +Test: see POC + atest android.media.audio.cts.RingtoneManagerTest +(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:a8d2785d69314086dc3b5b2531386fefff079ce7) +Merged-In: Iac9f27f14bae29e0fabc31e05da2357f6f4f16c7 +Change-Id: Iac9f27f14bae29e0fabc31e05da2357f6f4f16c7 +--- + media/java/android/media/RingtoneManager.java | 8 ++++++-- + .../android/providers/settings/SettingsProvider.java | 11 +++++++---- + 2 files changed, 13 insertions(+), 6 deletions(-) + +diff --git a/media/java/android/media/RingtoneManager.java b/media/java/android/media/RingtoneManager.java +index 918a9d8943dde..1e1142387d149 100644 +--- a/media/java/android/media/RingtoneManager.java ++++ b/media/java/android/media/RingtoneManager.java +@@ -833,9 +833,13 @@ public static void setActualDefaultRingtoneUri(Context context, int type, Uri ri + + " ignored: failure to find mimeType (no access from this context?)"); + return; + } +- if (!(mimeType.startsWith("audio/") || mimeType.equals("application/ogg"))) { ++ if (!(mimeType.startsWith("audio/") || mimeType.equals("application/ogg") ++ || mimeType.equals("application/x-flac") ++ // also check for video ringtones ++ || mimeType.startsWith("video/") || mimeType.equals("application/mp4"))) { + Log.e(TAG, "setActualDefaultRingtoneUri for URI:" + ringtoneUri +- + " ignored: associated mimeType:" + mimeType + " is not an audio type"); ++ + " ignored: associated MIME type:" + mimeType ++ + " is not a recognized audio or video type"); + return; + } + } +diff --git a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java +index d3c10574ea134..f58016acd290f 100644 +--- a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java ++++ b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java +@@ -1781,7 +1781,7 @@ private boolean mutateSystemSetting(String name, String value, int runAsUserId, + cacheName = Settings.System.ALARM_ALERT_CACHE; + } + if (cacheName != null) { +- if (!isValidAudioUri(name, value)) { ++ if (!isValidMediaUri(name, value)) { + return false; + } + final File cacheFile = new File( +@@ -1816,7 +1816,7 @@ owningUserId, name, value, null, false, getCallingPackage(), + } + } + +- private boolean isValidAudioUri(String name, String uri) { ++ private boolean isValidMediaUri(String name, String uri) { + if (uri != null) { + Uri audioUri = Uri.parse(uri); + if (Settings.AUTHORITY.equals( +@@ -1834,10 +1834,13 @@ private boolean isValidAudioUri(String name, String uri) { + return false; + } + if (!(mimeType.startsWith("audio/") || mimeType.equals("application/ogg") +- || mimeType.equals("application/x-flac"))) { ++ || mimeType.equals("application/x-flac") ++ // also check for video ringtones ++ || mimeType.startsWith("video/") || mimeType.equals("application/mp4"))) { + Slog.e(LOG_TAG, + "mutateSystemSetting for setting: " + name + " URI: " + audioUri +- + " ignored: associated mimeType: " + mimeType + " is not an audio type"); ++ + " ignored: associated MIME type: " + mimeType ++ + " is not a recognized audio or video type"); + return false; + } + } diff --git a/Patches/LineageOS-18.1/android_frameworks_base/408445.patch b/Patches/LineageOS-18.1/android_frameworks_base/408445.patch new file mode 100644 index 00000000..c02c3460 --- /dev/null +++ b/Patches/LineageOS-18.1/android_frameworks_base/408445.patch @@ -0,0 +1,53 @@ +From 12f53fb98530441d6612b06f07db77db9de2eaf9 Mon Sep 17 00:00:00 2001 +From: Ashish Kumar Gupta +Date: Wed, 31 Jul 2024 16:02:29 +0000 +Subject: [PATCH] Set no data transfer on function switch timeout for accessory + mode + +In case of function switch times out, we will check whether +the last function set was accessory. If this is the case, it is +recommended to set the function to NONE(No data transfer) rather than +setting it to the default USB function. + +Bug: 353712853 +Test: Build the code, flash the device and test it. +Test: atest CtsUsbManagerTestCases +Test: run CtsVerifier tool +Test: atest CtsUsbTests +(cherry picked from commit 7c6ec68537ba8abf798afd9ab7c3e5889841171f) +(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:b032a602cdad00687e1fe089d66a6c4fa6925d79) +Merged-In: I698e9df0333cbb51dd9bd5917a94d81273a2784a +Change-Id: I698e9df0333cbb51dd9bd5917a94d81273a2784a +--- + .../java/com/android/server/usb/UsbDeviceManager.java | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/services/usb/java/com/android/server/usb/UsbDeviceManager.java b/services/usb/java/com/android/server/usb/UsbDeviceManager.java +index a7a51a151b973..8a6731e2e5ee6 100644 +--- a/services/usb/java/com/android/server/usb/UsbDeviceManager.java ++++ b/services/usb/java/com/android/server/usb/UsbDeviceManager.java +@@ -659,7 +659,7 @@ private void updateCurrentAccessory() { + } + } + +- private void notifyAccessoryModeExit() { ++ protected void notifyAccessoryModeExit() { + // make sure accessory mode is off + // and restore default functions + Slog.d(TAG, "exited USB accessory mode"); +@@ -1791,8 +1791,13 @@ public void handleMessage(Message msg) { + * Dont force to default when the configuration is already set to default. + */ + if (msg.arg1 != 1) { +- // Set this since default function may be selected from Developer options +- setEnabledFunctions(mScreenUnlockedFunctions, false); ++ if (mCurrentFunctions == UsbManager.FUNCTION_ACCESSORY) { ++ notifyAccessoryModeExit(); ++ } else { ++ // Set this since default function may be selected from Developer ++ // options ++ setEnabledFunctions(mScreenUnlockedFunctions, false); ++ } + } + break; + case MSG_GADGET_HAL_REGISTERED: diff --git a/Patches/LineageOS-18.1/android_frameworks_base/408446.patch b/Patches/LineageOS-18.1/android_frameworks_base/408446.patch new file mode 100644 index 00000000..78923559 --- /dev/null +++ b/Patches/LineageOS-18.1/android_frameworks_base/408446.patch @@ -0,0 +1,46 @@ +From 67f7515c79ea18e50bb87f8fbe083493a0aac0d6 Mon Sep 17 00:00:00 2001 +From: lpeter +Date: Tue, 6 Aug 2024 09:22:12 +0000 +Subject: [PATCH] Disallow device admin package and protected packages to be + reinstalled as instant. + +We should prevent the following types of apps from being reinstalled with +--install-existing as an instant. +(1)device admin package +(2)protected packages + +Flag: EXEMPT bugfix + +Bug: 341256043 +Test: Manual test +(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:77c5ebbd2a83e060577dd584aed7802452339ca5) +Merged-In: I4e913a12477fd4a64990033eaae533e30863e2a2 +Change-Id: I4e913a12477fd4a64990033eaae533e30863e2a2 +--- + .../java/com/android/server/pm/PackageManagerService.java | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java +index 819a1437a4f1f..c0dd1f1e02f5b 100644 +--- a/services/core/java/com/android/server/pm/PackageManagerService.java ++++ b/services/core/java/com/android/server/pm/PackageManagerService.java +@@ -13390,6 +13390,9 @@ int installExistingPackageAsUser(@Nullable String packageName, @UserIdInt int us + (installFlags & PackageManager.INSTALL_INSTANT_APP) != 0; + final boolean fullApp = + (installFlags & PackageManager.INSTALL_FULL_APP) != 0; ++ final boolean isPackageDeviceAdmin = isPackageDeviceAdmin(packageName, userId); ++ final boolean isProtectedPackage = mProtectedPackages != null ++ && mProtectedPackages.isPackageStateProtected(userId, packageName); + + // writer + synchronized (mLock) { +@@ -13397,7 +13400,8 @@ int installExistingPackageAsUser(@Nullable String packageName, @UserIdInt int us + if (pkgSetting == null) { + return PackageManager.INSTALL_FAILED_INVALID_URI; + } +- if (instantApp && (pkgSetting.isSystem() || isUpdatedSystemApp(pkgSetting))) { ++ if (instantApp && (pkgSetting.isSystem() || isUpdatedSystemApp(pkgSetting) ++ || isPackageDeviceAdmin || isProtectedPackage)) { + return PackageManager.INSTALL_FAILED_INVALID_URI; + } + if (!canViewInstantApps(callingUid, UserHandle.getUserId(callingUid))) { diff --git a/Patches/LineageOS-18.1/android_frameworks_base/408447.patch b/Patches/LineageOS-18.1/android_frameworks_base/408447.patch new file mode 100644 index 00000000..5eedee06 --- /dev/null +++ b/Patches/LineageOS-18.1/android_frameworks_base/408447.patch @@ -0,0 +1,82 @@ +From 527ea3afca9a6ae7d330e5f982f9d22011adab7d Mon Sep 17 00:00:00 2001 +From: Ben Murdoch +Date: Fri, 30 Aug 2024 17:22:59 +0000 +Subject: [PATCH] RESTRICT AUTOMERGE Clear app-provided shortcut icons + +When displaying keyboard shortcuts provided by an app, clear +any icon that may have been set (this is only possible via +reflection, and is not a intended for usage outside of the system). + +Bug: 331180422 +Test: Verify on device +(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:a031e9f221cf87657c42d3ed0ddbe93fc6d7a9c3) +Merged-In: If7e291eb2254c3cbec23673c65e7477e6ad45b09 +Change-Id: If7e291eb2254c3cbec23673c65e7477e6ad45b09 +--- + core/java/android/view/KeyboardShortcutInfo.java | 13 +++++++++++-- + .../systemui/statusbar/KeyboardShortcuts.java | 9 +++++++++ + 2 files changed, 20 insertions(+), 2 deletions(-) + +diff --git a/core/java/android/view/KeyboardShortcutInfo.java b/core/java/android/view/KeyboardShortcutInfo.java +index 2660e74dcb205..2075d77a9871e 100644 +--- a/core/java/android/view/KeyboardShortcutInfo.java ++++ b/core/java/android/view/KeyboardShortcutInfo.java +@@ -29,7 +29,7 @@ + */ + public final class KeyboardShortcutInfo implements Parcelable { + private final CharSequence mLabel; +- private final Icon mIcon; ++ private Icon mIcon; + private final char mBaseCharacter; + private final int mKeycode; + private final int mModifiers; +@@ -115,6 +115,15 @@ public Icon getIcon() { + return mIcon; + } + ++ /** ++ * Removes an icon that was previously set. ++ * ++ * @hide ++ */ ++ public void clearIcon() { ++ mIcon = null; ++ } ++ + /** + * Returns the base keycode that, combined with the modifiers, triggers this shortcut. If the + * base character was set instead, returns {@link KeyEvent#KEYCODE_UNKNOWN}. Valid keycodes are +@@ -165,4 +174,4 @@ public KeyboardShortcutInfo[] newArray(int size) { + return new KeyboardShortcutInfo[size]; + } + }; +-} +\ No newline at end of file ++} +diff --git a/packages/SystemUI/src/com/android/systemui/statusbar/KeyboardShortcuts.java b/packages/SystemUI/src/com/android/systemui/statusbar/KeyboardShortcuts.java +index 7e6ddcfea7620..cc373d3c8b0f1 100644 +--- a/packages/SystemUI/src/com/android/systemui/statusbar/KeyboardShortcuts.java ++++ b/packages/SystemUI/src/com/android/systemui/statusbar/KeyboardShortcuts.java +@@ -378,6 +378,7 @@ private void showKeyboardShortcuts(int deviceId) { + @Override + public void onKeyboardShortcutsReceived( + final List result) { ++ sanitiseShortcuts(result); + result.add(getSystemShortcuts()); + final KeyboardShortcutGroup appShortcuts = getDefaultApplicationShortcuts(); + if (appShortcuts != null) { +@@ -388,6 +389,14 @@ public void onKeyboardShortcutsReceived( + }, deviceId); + } + ++ static void sanitiseShortcuts(List shortcutGroups) { ++ for (KeyboardShortcutGroup group : shortcutGroups) { ++ for (KeyboardShortcutInfo info : group.getItems()) { ++ info.clearIcon(); ++ } ++ } ++ } ++ + private void dismissKeyboardShortcuts() { + if (mKeyboardShortcutsDialog != null) { + mKeyboardShortcutsDialog.dismiss(); diff --git a/Patches/LineageOS-18.1/android_frameworks_base/408448.patch b/Patches/LineageOS-18.1/android_frameworks_base/408448.patch new file mode 100644 index 00000000..a414c20c --- /dev/null +++ b/Patches/LineageOS-18.1/android_frameworks_base/408448.patch @@ -0,0 +1,137 @@ +From e1c64096a439b5d54a5cb6de77242217b1516ca1 Mon Sep 17 00:00:00 2001 +From: Dipankar Bhardwaj +Date: Wed, 21 Aug 2024 14:26:50 +0000 +Subject: [PATCH] Restrict access to directories + +Restricted access to Android/data, Android/obb and Android/sandbox +directories and its sub-directories. Replacing path's pattern match +check with file equality check. + +Test: atest DocumentsClientTest +Bug: 341680936 +Flag: EXEMPT bug fix +(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:22ea85377ad49594e46c57b398fb477d3d12c668) +Merged-In: I8879900e57e1702d11797b81e86d0cc3f55bac22 +Change-Id: I8879900e57e1702d11797b81e86d0cc3f55bac22 +--- + .../ExternalStorageProvider.java | 79 ++++++++++++++++--- + 1 file changed, 68 insertions(+), 11 deletions(-) + +diff --git a/packages/ExternalStorageProvider/src/com/android/externalstorage/ExternalStorageProvider.java b/packages/ExternalStorageProvider/src/com/android/externalstorage/ExternalStorageProvider.java +index 53e17e35953d1..a722c08605083 100644 +--- a/packages/ExternalStorageProvider/src/com/android/externalstorage/ExternalStorageProvider.java ++++ b/packages/ExternalStorageProvider/src/com/android/externalstorage/ExternalStorageProvider.java +@@ -16,8 +16,6 @@ + + package com.android.externalstorage; + +-import static java.util.regex.Pattern.CASE_INSENSITIVE; +- + import android.annotation.NonNull; + import android.annotation.Nullable; + import android.app.usage.StorageStatsManager; +@@ -61,12 +59,15 @@ + import java.io.FileNotFoundException; + import java.io.IOException; + import java.io.PrintWriter; ++import java.nio.file.Files; ++import java.nio.file.Paths; ++import java.util.Arrays; + import java.util.Collections; + import java.util.List; + import java.util.Locale; + import java.util.Objects; + import java.util.UUID; +-import java.util.regex.Pattern; ++import java.util.stream.Collectors; + + /** + * Presents content of the shared (a.k.a. "external") storage. +@@ -89,12 +90,9 @@ public class ExternalStorageProvider extends FileSystemProvider { + private static final Uri BASE_URI = + new Uri.Builder().scheme(ContentResolver.SCHEME_CONTENT).authority(AUTHORITY).build(); + +- /** +- * Regex for detecting {@code /Android/data/}, {@code /Android/obb/} and +- * {@code /Android/sandbox/} along with all their subdirectories and content. +- */ +- private static final Pattern PATTERN_RESTRICTED_ANDROID_SUBTREES = +- Pattern.compile("^Android/(?:data|obb|sandbox)(?:/.+)?", CASE_INSENSITIVE); ++ private static final String PRIMARY_EMULATED_STORAGE_PATH = "/storage/emulated/"; ++ ++ private static final String STORAGE_PATH = "/storage/"; + + private static final String[] DEFAULT_ROOT_PROJECTION = new String[] { + Root.COLUMN_ROOT_ID, Root.COLUMN_FLAGS, Root.COLUMN_ICON, Root.COLUMN_TITLE, +@@ -308,10 +306,69 @@ protected boolean shouldHideDocument(@NonNull String documentId) { + return false; + } + +- final String path = getPathFromDocId(documentId); +- return PATTERN_RESTRICTED_ANDROID_SUBTREES.matcher(path).matches(); ++ try { ++ final RootInfo root = getRootFromDocId(documentId); ++ final String canonicalPath = getPathFromDocId(documentId); ++ return isRestrictedPath(root.rootId, canonicalPath); ++ } catch (Exception e) { ++ return true; ++ } + } + ++ /** ++ * Based on the given root id and path, we restrict path access if file is Android/data or ++ * Android/obb or Android/sandbox or one of their subdirectories. ++ * ++ * @param canonicalPath of the file ++ * @return true if path is restricted ++ */ ++ private boolean isRestrictedPath(String rootId, String canonicalPath) { ++ if (rootId == null || canonicalPath == null) { ++ return true; ++ } ++ ++ final String rootPath; ++ if (rootId.equalsIgnoreCase(ROOT_ID_PRIMARY_EMULATED)) { ++ // Creates "/storage/emulated/" ++ rootPath = PRIMARY_EMULATED_STORAGE_PATH + UserHandle.myUserId(); ++ } else { ++ // Creates "/storage/" ++ rootPath = STORAGE_PATH + rootId; ++ } ++ List restrictedPathList = Arrays.asList( ++ Paths.get(rootPath, "Android", "data"), ++ Paths.get(rootPath, "Android", "obb"), ++ Paths.get(rootPath, "Android", "sandbox")); ++ // We need to identify restricted parent paths which actually exist on the device ++ List validRestrictedPathsToCheck = restrictedPathList.stream().filter( ++ Files::exists).collect(Collectors.toList()); ++ ++ boolean isRestricted = false; ++ java.nio.file.Path filePathToCheck = Paths.get(rootPath, canonicalPath); ++ try { ++ while (filePathToCheck != null) { ++ for (java.nio.file.Path restrictedPath : validRestrictedPathsToCheck) { ++ if (Files.isSameFile(restrictedPath, filePathToCheck)) { ++ isRestricted = true; ++ Log.v(TAG, "Restricting access for path: " + filePathToCheck); ++ break; ++ } ++ } ++ if (isRestricted) { ++ break; ++ } ++ ++ filePathToCheck = filePathToCheck.getParent(); ++ } ++ } catch (Exception e) { ++ Log.w(TAG, "Error in checking file equality check.", e); ++ isRestricted = true; ++ } ++ ++ return isRestricted; ++ } ++ ++ + /** + * Check that the directory is the root of storage or blocked file from tree. + *

diff --git a/Patches/LineageOS-18.1/android_frameworks_opt_net_wifi/408452.patch b/Patches/LineageOS-18.1/android_frameworks_opt_net_wifi/408452.patch new file mode 100644 index 00000000..d0926d9f --- /dev/null +++ b/Patches/LineageOS-18.1/android_frameworks_opt_net_wifi/408452.patch @@ -0,0 +1,123 @@ +From 77dbe1a766a8207f7039b9b55643599e2210b0da Mon Sep 17 00:00:00 2001 +From: Nate Jiang +Date: Thu, 8 Aug 2024 18:13:39 +0000 +Subject: [PATCH] [BACKPORT] Fix security issue by change the field in + WifiConfig + +Flag: EXEMPT bugfix +Bug: 347912017 +Bug: 348352288 +Bug: 346289032 +Test: atest com.android.server.wifi +(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:eca3f190d2a5b6b634224863f5ee5f584babd0dc) +(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:0597dc97b34e1d1609c1e33f9b6e524474a94144) +Merged-In: I8998340ae557660036895dd906808d682b83c6f0 +Change-Id: I8998340ae557660036895dd906808d682b83c6f0 +--- + .../server/wifi/WifiConfigurationUtil.java | 72 ++++++++++++++++++- + 1 file changed, 71 insertions(+), 1 deletion(-) + +diff --git a/service/java/com/android/server/wifi/WifiConfigurationUtil.java b/service/java/com/android/server/wifi/WifiConfigurationUtil.java +index ffa9facf55..6b942735b5 100644 +--- a/service/java/com/android/server/wifi/WifiConfigurationUtil.java ++++ b/service/java/com/android/server/wifi/WifiConfigurationUtil.java +@@ -63,6 +63,11 @@ public class WifiConfigurationUtil { + private static final int SAE_ASCII_MIN_LEN = 1 + ENCLOSING_QUOTES_LEN; + private static final int PSK_SAE_ASCII_MAX_LEN = 63 + ENCLOSING_QUOTES_LEN; + private static final int PSK_SAE_HEX_LEN = 64; ++ private static final int MAX_STRING_LENGTH = 512; ++ ++ // BACKPORT ++ private static final int MAX_NUMBER_OF_OI = 36; ++ private static final long MAX_OI_VALUE = ((long) 1 << 40) - 1; + + @VisibleForTesting + public static final String PASSWORD_MASK = "*"; +@@ -597,7 +602,8 @@ public static boolean validate(WifiConfiguration config, boolean isAdd) { + if (!validateSsid(config.SSID, isAdd)) { + return false; + } +- if (!validateBssid(config.BSSID)) { ++ if (!validateBssid(config.BSSID) || !validateBssid(config.dhcpServer) ++ || !validateBssid(config.defaultGwMacAddress)) { + return false; + } + if (!validateBitSets(config)) { +@@ -606,6 +612,12 @@ public static boolean validate(WifiConfiguration config, boolean isAdd) { + if (!validateKeyMgmt(config.allowedKeyManagement)) { + return false; + } ++ if (!validatePasspoint(config)) { ++ return false; ++ } ++ if (!validateNetworkSelectionStatus(config.getNetworkSelectionStatus())) { ++ return false; ++ } + if (config.allowedKeyManagement.get(WifiConfiguration.KeyMgmt.WPA_PSK) + && !validatePassword(config.preSharedKey, isAdd, false, false)) { + return false; +@@ -651,6 +663,64 @@ public static boolean validate(WifiConfiguration config, boolean isAdd) { + return true; + } + ++ private static boolean validateStringField(String field, int maxLength) { ++ return field == null || field.length() <= maxLength; ++ } ++ ++ private static boolean validatePasspoint(WifiConfiguration config) { ++ if (!validateStringField(config.FQDN, 255)) { ++ return false; ++ } ++ if (!validateStringField(config.providerFriendlyName, 255)) { ++ return false; ++ } ++ if (!validateRoamingConsortiumIds(config.roamingConsortiumIds)) { ++ return false; ++ } ++ if (!validateUpdateIdentifier(config.updateIdentifier)) { ++ return false; ++ } ++ return true; ++ } ++ ++ private static boolean validateUpdateIdentifier(String updateIdentifier) { ++ if (TextUtils.isEmpty(updateIdentifier)) { ++ return true; ++ } ++ try { ++ Integer.valueOf(updateIdentifier); ++ } catch (NumberFormatException e) { ++ return false; ++ } ++ return true; ++ } ++ ++ private static boolean validateNetworkSelectionStatus( ++ WifiConfiguration.NetworkSelectionStatus status) { ++ if (status == null) { ++ return false; ++ } ++ return validateStringField(status.getConnectChoice(), MAX_STRING_LENGTH) ++ && validateBssid(status.getNetworkSelectionBSSID()); ++ } ++ ++ private static boolean validateRoamingConsortiumIds(long[] roamingConsortiumIds) { ++ if (roamingConsortiumIds != null) { ++ if (roamingConsortiumIds.length > MAX_NUMBER_OF_OI) { ++ Log.d(TAG, "too many Roaming Consortium Organization Identifiers in the " ++ + "profile"); ++ return false; ++ } ++ for (long oi : roamingConsortiumIds) { ++ if (oi < 0 || oi > MAX_OI_VALUE) { ++ Log.d(TAG, "Organization Identifiers is out of range"); ++ return false; ++ } ++ } ++ } ++ return true; ++ } ++ + private static boolean validateBssidPattern( + Pair bssidPatternMatcher) { + if (bssidPatternMatcher == null) return true; diff --git a/Patches/LineageOS-18.1/android_packages_apps_Settings/408449.patch b/Patches/LineageOS-18.1/android_packages_apps_Settings/408449.patch new file mode 100644 index 00000000..ef7f715b --- /dev/null +++ b/Patches/LineageOS-18.1/android_packages_apps_Settings/408449.patch @@ -0,0 +1,72 @@ +From 9411c079df368653f34617e2e07487c00b5da4bc Mon Sep 17 00:00:00 2001 +From: Daniel Norman +Date: Wed, 14 Aug 2024 21:15:42 +0000 +Subject: [PATCH] RESTRICT AUTOMERGE Stops hiding a11y services with the same + package+label as an activity. + +Bug: 353700779 +Test: Install poc APKs from the bug, observe issue not reproducible +Test: (automated tests on 'main' branch) +Flag: NONE security fix +(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:fecb99475e019614d6eba07a79ddc7f46b335892) +Merged-In: Ia8d43229d277dd4442173166ae0402f05096da4b +Change-Id: Ia8d43229d277dd4442173166ae0402f05096da4b +--- + .../accessibility/AccessibilitySettings.java | 25 ------------------- + 1 file changed, 25 deletions(-) + +diff --git a/src/com/android/settings/accessibility/AccessibilitySettings.java b/src/com/android/settings/accessibility/AccessibilitySettings.java +index f918046bc37..b2f37c026ff 100644 +--- a/src/com/android/settings/accessibility/AccessibilitySettings.java ++++ b/src/com/android/settings/accessibility/AccessibilitySettings.java +@@ -27,7 +27,6 @@ + import android.content.pm.ActivityInfo; + import android.content.pm.PackageManager; + import android.content.pm.ResolveInfo; +-import android.content.pm.ServiceInfo; + import android.graphics.drawable.Drawable; + import android.hardware.display.ColorDisplayManager; + import android.net.Uri; +@@ -407,17 +406,11 @@ private List getInstalledAccessibilityList(Context context + final List installedShortcutList = + a11yManager.getInstalledAccessibilityShortcutListAsUser(context, + UserHandle.myUserId()); +- +- // Remove duplicate item here, new a ArrayList to copy unmodifiable list result +- // (getInstalledAccessibilityServiceList). + final List installedServiceList = new ArrayList<>( + a11yManager.getInstalledAccessibilityServiceList()); +- installedServiceList.removeIf( +- target -> containsTargetNameInList(installedShortcutList, target)); + + final List activityList = + preferenceHelper.createAccessibilityActivityPreferenceList(installedShortcutList); +- + final List serviceList = + preferenceHelper.createAccessibilityServicePreferenceList(installedServiceList); + +@@ -428,24 +421,6 @@ private List getInstalledAccessibilityList(Context context + return preferenceList; + } + +- private boolean containsTargetNameInList(List shortcutInfos, +- AccessibilityServiceInfo targetServiceInfo) { +- final ServiceInfo serviceInfo = targetServiceInfo.getResolveInfo().serviceInfo; +- final String servicePackageName = serviceInfo.packageName; +- final CharSequence serviceLabel = serviceInfo.loadLabel(getPackageManager()); +- +- for (int i = 0, count = shortcutInfos.size(); i < count; ++i) { +- final ActivityInfo activityInfo = shortcutInfos.get(i).getActivityInfo(); +- final String activityPackageName = activityInfo.packageName; +- final CharSequence activityLabel = activityInfo.loadLabel(getPackageManager()); +- if (servicePackageName.equals(activityPackageName) +- && serviceLabel.equals(activityLabel)) { +- return true; +- } +- } +- return false; +- } +- + private void initializePreBundledServicesMapFromArray(String categoryKey, int key) { + String[] services = getResources().getStringArray(key); + PreferenceCategory category = mCategoryToPrefCategoryMap.get(categoryKey); diff --git a/Patches/LineageOS-18.1/android_packages_apps_Settings/408450.patch b/Patches/LineageOS-18.1/android_packages_apps_Settings/408450.patch new file mode 100644 index 00000000..ad514809 --- /dev/null +++ b/Patches/LineageOS-18.1/android_packages_apps_Settings/408450.patch @@ -0,0 +1,33 @@ +From 57ac15dfd212fd91ef2501248ac6fab1ec3f6bc6 Mon Sep 17 00:00:00 2001 +From: Adam Bookatz +Date: Mon, 22 Jul 2024 17:03:12 -0700 +Subject: [PATCH] startActivityForResult with new Intent + +Rather than use the raw Intent, we make a copy of it. See bug. + +Bug: 330722900 +Flag: EXEMPT bugfix +Test: manual +Test: atest com.android.settings.users.UserSettingsTest + com.android.settings.users.UserDetailsSettingsTest +(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:1189e24e47571eae86634aeaa7dc60b8fe7f4820) +(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:fdb148b6efb16af018a39511001b48286f401512) +Merged-In: Id74e4b7ae261f2916eedaef04a679f83409a4b67 +Change-Id: Id74e4b7ae261f2916eedaef04a679f83409a4b67 +--- + src/com/android/settings/users/AppRestrictionsFragment.java | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/com/android/settings/users/AppRestrictionsFragment.java b/src/com/android/settings/users/AppRestrictionsFragment.java +index 51624ca63b4..e9e60fb319e 100644 +--- a/src/com/android/settings/users/AppRestrictionsFragment.java ++++ b/src/com/android/settings/users/AppRestrictionsFragment.java +@@ -655,7 +655,7 @@ public void onReceive(Context context, Intent intent) { + int requestCode = generateCustomActivityRequestCode( + RestrictionsResultReceiver.this.preference); + AppRestrictionsFragment.this.startActivityForResult( +- restrictionsIntent, requestCode); ++ new Intent(restrictionsIntent), requestCode); + } + } + } diff --git a/Patches/LineageOS-18.1/android_packages_apps_Settings/408451.patch b/Patches/LineageOS-18.1/android_packages_apps_Settings/408451.patch new file mode 100644 index 00000000..c1dd3269 --- /dev/null +++ b/Patches/LineageOS-18.1/android_packages_apps_Settings/408451.patch @@ -0,0 +1,90 @@ +From e02728d51e013033f3cc168e8630d0322ccfd803 Mon Sep 17 00:00:00 2001 +From: Fan Wu +Date: Mon, 22 Jul 2024 16:12:46 +0800 +Subject: [PATCH] [BACKPORT] Checks cross user permission before handling + intent + +Bug: 326057017 + +Test: atest + +Flag: EXEMPT bug fix +(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:d3b3edd45167515579ab156533754e56ac813f35) +(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:0f67d233c1cd653c113df5956f1ed29a42e1d32f) +Merged-In: I3444e55b22b7487f96b0e3e9deb3f844c4c4723a +Change-Id: I3444e55b22b7487f96b0e3e9deb3f844c4c4723a +--- + .../settings/applications/AppInfoBase.java | 38 ++++++++++++++++++- + 1 file changed, 36 insertions(+), 2 deletions(-) + +diff --git a/src/com/android/settings/applications/AppInfoBase.java b/src/com/android/settings/applications/AppInfoBase.java +index 71043400ff8..ef5297acaec 100644 +--- a/src/com/android/settings/applications/AppInfoBase.java ++++ b/src/com/android/settings/applications/AppInfoBase.java +@@ -18,7 +18,9 @@ + + import static com.android.settingslib.RestrictedLockUtils.EnforcedAdmin; + ++import android.Manifest; + import android.app.Activity; ++import android.app.ActivityManager; + import android.app.Dialog; + import android.app.admin.DevicePolicyManager; + import android.app.settings.SettingsEnums; +@@ -38,6 +40,7 @@ + import android.text.TextUtils; + import android.util.Log; + ++import androidx.annotation.VisibleForTesting; + import androidx.appcompat.app.AlertDialog; + import androidx.fragment.app.DialogFragment; + import androidx.fragment.app.Fragment; +@@ -134,8 +137,13 @@ protected String retrieveAppEntry() { + } + } + if (intent != null && intent.hasExtra(Intent.EXTRA_USER_HANDLE)) { +- mUserId = ((UserHandle) intent.getParcelableExtra( +- Intent.EXTRA_USER_HANDLE)).getIdentifier(); ++ mUserId = ((UserHandle) intent.getParcelableExtra(Intent.EXTRA_USER_HANDLE)) ++ .getIdentifier(); ++ if (mUserId != UserHandle.myUserId() && !hasInteractAcrossUsersPerm()) { ++ Log.w(TAG, "Intent not valid."); ++ finish(); ++ return ""; ++ } + } else { + mUserId = UserHandle.myUserId(); + } +@@ -158,6 +166,32 @@ protected String retrieveAppEntry() { + return mPackageName; + } + ++ @VisibleForTesting ++ protected boolean hasInteractAcrossUsersPerm() { ++ Activity activity = getActivity(); ++ if (activity == null) { ++ return false; ++ } ++ String callingPackageName = null; ++ try { ++ callingPackageName = ActivityManager.getService() ++ .getLaunchedFromPackage(activity.getActivityToken()); ++ } catch (Exception e) { ++ return false; ++ } ++ if (TextUtils.isEmpty(callingPackageName)) { ++ Log.w(TAG, "Not able to get calling package name for permission check"); ++ return false; ++ } ++ if (mPm.checkPermission(Manifest.permission.INTERACT_ACROSS_USERS_FULL, callingPackageName) ++ != PackageManager.PERMISSION_GRANTED) { ++ Log.w(TAG, "Package " + callingPackageName + " does not have required permission " ++ + Manifest.permission.INTERACT_ACROSS_USERS_FULL); ++ return false; ++ } ++ return true; ++ } ++ + protected void setIntentAndFinish(boolean appChanged) { + Log.i(TAG, "appChanged=" + appChanged); + Intent intent = new Intent(); diff --git a/Patches/LineageOS-18.1/android_packages_providers_MediaProvider/408453.patch b/Patches/LineageOS-18.1/android_packages_providers_MediaProvider/408453.patch new file mode 100644 index 00000000..db564015 --- /dev/null +++ b/Patches/LineageOS-18.1/android_packages_providers_MediaProvider/408453.patch @@ -0,0 +1,39 @@ +From a062609478ba61d2b015ea4eaee550f7c4a31c9f Mon Sep 17 00:00:00 2001 +From: Omar Eissa +Date: Tue, 27 Aug 2024 13:24:21 +0000 +Subject: [PATCH] Prevent apps from renaming files they don't own + +Malicious apps could rename files in lower file system using +MediaProvider.update even if they don't have access to such files. They +weren't able to update the DB of MediaProvider, but by renaming such +files they could create fake records in MediaProvider DB and then rename +the file to have the same name as their created record, which would +allow them to access these files. + +IMAGES_MEDIA_ID, AUDIO_MEDIA_ID and VIDEO_MEDIA_ID URIs were already +guaraded against this vulnerability and the aim of this fix to fix it +for all other Media URIs. + +Bug: 304280682 +Flag: EXEMPT bug fix +Test: Manual +(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:191ae46fed057cb96f78d8f140f90f0cec50a797) +Merged-In: I91e9966c012fe292cebc0b544f77032613516fac +Change-Id: I91e9966c012fe292cebc0b544f77032613516fac +--- + src/com/android/providers/media/MediaProvider.java | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/com/android/providers/media/MediaProvider.java b/src/com/android/providers/media/MediaProvider.java +index a01ba34c6..c15193414 100644 +--- a/src/com/android/providers/media/MediaProvider.java ++++ b/src/com/android/providers/media/MediaProvider.java +@@ -5351,6 +5351,8 @@ && getCallingPackageTargetSdkVersion() <= Build.VERSION_CODES.Q) { + case IMAGES_MEDIA_ID: + case DOWNLOADS_ID: + case FILES_ID: ++ // Check if the caller has the required permissions to do placement ++ enforceCallingPermission(uri, extras, true); + break; + default: + throw new IllegalArgumentException("Movement of " + uri diff --git a/Scripts/LineageOS-18.1/Patch.sh b/Scripts/LineageOS-18.1/Patch.sh index d390b851..df180ba3 100644 --- a/Scripts/LineageOS-18.1/Patch.sh +++ b/Scripts/LineageOS-18.1/Patch.sh @@ -93,7 +93,7 @@ applyPatch "$DOS_PATCHES_COMMON/android_build/0001-verity-openssl3.patch"; #Fix sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches. awk -i inplace '!/updatable_apex.mk/' target/product/mainline_system.mk; #Disable APEX sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS) -sed -i 's/2024-02-05/2024-10-05/' core/version_defaults.mk; #Bump Security String #R_asb_2024-10 +sed -i 's/2024-02-05/2024-11-05/' core/version_defaults.mk; #Bump Security String #R_asb_2024-11 fi; if enterAndClear "build/soong"; then @@ -132,6 +132,10 @@ awk -i inplace '!/vendor_ramdisk_available/' Android.bp; #fix compile under A11 rm -rfv androidtest; #fix compile under A11 fi; +if enterAndClear "external/skia"; then +applyPatch "$DOS_PATCHES/android_external_skia/408442.patch"; #R_asb_2024-11 Avoid potential overflow when allocating 3D mask from emboss filter +fi; + if enterAndClear "external/sonivox"; then applyPatch "$DOS_PATCHES_COMMON/android_external_sonivox/391896.patch"; #n-asb-2024-05 Fix buffer overrun in eas_wtengine fi; @@ -178,6 +182,12 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/405515.patch"; #R_asb_2024-10 U applyPatch "$DOS_PATCHES/android_frameworks_base/405516.patch"; #R_asb_2024-10 Fail parseUri if end is missing applyPatch "$DOS_PATCHES/android_frameworks_base/405517.patch"; #R_asb_2024-10 Prevent Sharing when FRP enforcement is in effect applyPatch "$DOS_PATCHES/android_frameworks_base/405518.patch"; #R_asb_2024-10 Check whether installerPackageName contains only valid characters +applyPatch "$DOS_PATCHES/android_frameworks_base/408443.patch"; #R_asb_2024-11 Remove authenticator data if it was disabled. +applyPatch "$DOS_PATCHES/android_frameworks_base/408444.patch"; #R_asb_2024-11 RingtoneManager: allow video ringtone URI +applyPatch "$DOS_PATCHES/android_frameworks_base/408445.patch"; #R_asb_2024-11 Set no data transfer on function switch timeout for accessory mode +applyPatch "$DOS_PATCHES/android_frameworks_base/408446.patch"; #R_asb_2024-11 Disallow device admin package and protected packages to be reinstalled as instant. +applyPatch "$DOS_PATCHES/android_frameworks_base/408447.patch"; #R_asb_2024-11 Clear app-provided shortcut icons +applyPatch "$DOS_PATCHES/android_frameworks_base/408448.patch"; #R_asb_2024-11 Restrict access to directories git revert --no-edit 438d9feacfcad73d3ee918541574132928a93644; #Reverts "Allow signature spoofing for microG Companion/Services" in favor of below patch applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS) @@ -254,6 +264,7 @@ fi; fi; if enterAndClear "frameworks/opt/net/wifi"; then +applyPatch "$DOS_PATCHES/android_frameworks_opt_net_wifi/408452.patch"; #R_asb_2024-11 Fix security issue by change the field in WifiConfig applyPatch "$DOS_PATCHES/android_frameworks_opt_net_wifi/0001-Random_MAC.patch"; #Add support for always generating new random MAC (GrapheneOS) fi; @@ -379,6 +390,9 @@ applyPatch "$DOS_PATCHES/android_packages_apps_Settings/403220.patch"; #R_asb_20 applyPatch "$DOS_PATCHES/android_packages_apps_Settings/403221.patch"; #R_asb_2024-09 Ignore fragment attr from ext authenticator resource applyPatch "$DOS_PATCHES/android_packages_apps_Settings/403222.patch"; #R_asb_2024-09 Restrict Settings Homepage prior to provisioning applyPatch "$DOS_PATCHES/android_packages_apps_Settings/405534.patch"; #R_asb_2024-10 FRP bypass defense in App battery usage page +applyPatch "$DOS_PATCHES/android_packages_apps_Settings/408449.patch"; #R_asb_2024-11 Stops hiding a11y services with the same package+label as an activity. +applyPatch "$DOS_PATCHES/android_packages_apps_Settings/408450.patch"; #R_asb_2024-11 startActivityForResult with new Intent +applyPatch "$DOS_PATCHES/android_packages_apps_Settings/408451.patch"; #R_asb_2024-11 Checks cross user permission before handling intent #applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969) applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle-gos.patch"; #Add option to disable captive portal checks (GrapheneOS) applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0003-Remove_SensorsOff_Tile.patch"; #Remove the Sensors Off development tile (DivestOS) @@ -438,6 +452,7 @@ fi; if enterAndClear "packages/providers/MediaProvider"; then applyPatch "$DOS_PATCHES/android_packages_providers_MediaProvider/397544.patch"; #R_asb_2024-07 Prevent insertion in other users storage volumes +applyPatch "$DOS_PATCHES/android_packages_providers_MediaProvider/408453.patch"; #R_asb_2024-11 Prevent apps from renaming files they don't own fi; if enterAndClear "packages/providers/TelephonyProvider"; then