Signed-off-by: Tavi <tavi@divested.dev>
This commit is contained in:
Tavi 2024-04-04 14:41:28 -04:00
parent 450ad03159
commit 97ce53667f
No known key found for this signature in database
GPG Key ID: E599F62ECBAEAF2E
21 changed files with 11 additions and 25 deletions

View File

@ -11,7 +11,7 @@ Subject: [PATCH] perform additional boot-time checks on system package updates
create mode 100644 services/core/java/com/android/server/pm/PackageVerityExt.java
diff --git a/services/core/java/com/android/server/pm/InstallPackageHelper.java b/services/core/java/com/android/server/pm/InstallPackageHelper.java
index a56ac9de6ebe..7d1eca4df94a 100644
index 0ec70238ff64..adf3e172d192 100644
--- a/services/core/java/com/android/server/pm/InstallPackageHelper.java
+++ b/services/core/java/com/android/server/pm/InstallPackageHelper.java
@@ -3827,6 +3827,13 @@ final class InstallPackageHelper {

View File

@ -38,10 +38,10 @@ Such ops are being constructed due to another bug.
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/services/core/java/com/android/server/appop/AppOpsService.java b/services/core/java/com/android/server/appop/AppOpsService.java
index 20f0c17bb9d9..748ff6bc0d0d 100644
index 6fde3b531fbb..2d26cc53832f 100644
--- a/services/core/java/com/android/server/appop/AppOpsService.java
+++ b/services/core/java/com/android/server/appop/AppOpsService.java
@@ -5193,15 +5193,13 @@ public class AppOpsService extends IAppOpsService.Stub {
@@ -5231,15 +5231,13 @@ public class AppOpsService extends IAppOpsService.Stub {
String lastPkg = null;
for (int i=0; i<allOps.size(); i++) {
AppOpsManager.PackageOps pkg = allOps.get(i);

View File

@ -15,10 +15,10 @@ crashes.
1 file changed, 3 insertions(+)
diff --git a/services/core/java/com/android/server/appop/AppOpsService.java b/services/core/java/com/android/server/appop/AppOpsService.java
index 748ff6bc0d0d..f8feeaad0fa7 100644
index 2d26cc53832f..425b36da5ed9 100644
--- a/services/core/java/com/android/server/appop/AppOpsService.java
+++ b/services/core/java/com/android/server/appop/AppOpsService.java
@@ -5193,6 +5193,9 @@ public class AppOpsService extends IAppOpsService.Stub {
@@ -5231,6 +5231,9 @@ public class AppOpsService extends IAppOpsService.Stub {
String lastPkg = null;
for (int i=0; i<allOps.size(); i++) {
AppOpsManager.PackageOps pkg = allOps.get(i);

@ -1 +1 @@
Subproject commit f30d8d85e75c2e0e2d983ace0971b954b7a759d7
Subproject commit c3f6f9630e168a421f79c67b1a024c8914198f99

View File

@ -55,8 +55,8 @@ commentPatches android_kernel_google_bonito.sh "CVE-2020-0067";
commentPatches android_kernel_google_coral.sh "CVE-2019-19319" "CVE-2020-1749" "CVE-2020-8992" "CVE-2021-30324";
commentPatches android_kernel_google_dragon.sh "0006-AndroidHardening-Kernel_Hardening/3.18/0026.patch" "0008-Graphene-Kernel_Hardening-ro" "CVE-2015-4167" "CVE-2017-15951" "CVE-2016-1237" "CVE-2016-6198" "CVE-2017-7374" "CVE-2018-17972" "CVE-2019-2214" "CVE-2021-39715/ANY/0001.patch";
commentPatches android_kernel_google_crosshatch.sh "CVE-2020-0067";
commentPatches android_kernel_google_gs101_private_gs-google.sh "CVE-2021-29648/^5.11/0001.patch" "CVE-2023-6817/5.10/0002.patch" "CVE-2023-52462/5.10/0002.patch";
commentPatches android_kernel_google_gs201_private_gs-google.sh "CVE-2021-29648/^5.11/0001.patch" "CVE-2023-6817/5.10/0002.patch" "CVE-2023-52462/5.10/0002.patch";
commentPatches android_kernel_google_gs101_private_gs-google.sh "CVE-2021-29648/^5.11/0001.patch" "CVE-2023-6817/5.10/0002.patch" "CVE-2023-52462/5.10/0002.patch" "CVE-2024-26733/5.10/0002.patch";
commentPatches android_kernel_google_gs201_private_gs-google.sh "CVE-2021-29648/^5.11/0001.patch" "CVE-2023-6817/5.10/0002.patch" "CVE-2023-52462/5.10/0002.patch" "CVE-2024-26733/5.10/0002.patch";
commentPatches android_kernel_google_marlin.sh "0001-LinuxIncrementals/3.18/3.18.0098-0099.patch" "0006-AndroidHardening-Kernel_Hardening/3.18/0048.patch" "0006-AndroidHardening-Kernel_Hardening/3.18/0049.patch" "0008-Graphene-Kernel_Hardening-canaries/4.4/0002.patch" "CVE-2017-13162/3.18/0001.patch" "CVE-2017-14883" "CVE-2017-15951" "CVE-2018-17972" "CVE-2019-16746" "CVE-2020-0427" "CVE-2020-14381" "CVE-2020-16166" "CVE-2021-39715/ANY/0001.patch" "CVE-2022-42896/4.9";
commentPatches android_kernel_google_msm.sh "CVE-2017-11015/prima" "CVE-2021-Misc2/ANY/0031.patch";
commentPatches android_kernel_google_msm-4.9.sh "CVE-2019-19319" "CVE-2020-0067" "CVE-2020-1749" "CVE-2020-8992" "CVE-2021-30324" "CVE-2021-45469";

View File

@ -544,7 +544,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26635/^6.7/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26636/^6.7/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26645/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26651/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26659/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26663/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26675/^6.8/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26679/^6.8/0002.patch

View File

@ -633,7 +633,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26635/^6.7/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26636/^6.7/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26645/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26651/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26659/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26663/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26675/^6.8/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26679/^6.8/0002.patch

View File

@ -130,7 +130,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26636/4.19/0003.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26643/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26645/4.19/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26654/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26659/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26663/4.19/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26664/4.19/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26671/4.19/0002.patch

View File

@ -130,7 +130,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26636/4.19/0003.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26643/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26645/4.19/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26654/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26659/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26663/4.19/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26664/4.19/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26671/4.19/0002.patch

View File

@ -309,7 +309,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26644/5.10/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26645/5.10/0003.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26651/5.10/0003.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26654/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26659/5.10/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26663/5.10/0003.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26664/5.10/0003.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26665/5.10/0002.patch
@ -330,7 +329,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26710/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26712/5.10/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26720/5.10/0004.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26722/5.10/0003.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26733/5.10/0002.patch
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26733/5.10/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26735/5.10/0003.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26736/5.10/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26743/5.10/0002.patch

View File

@ -307,7 +307,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26644/5.10/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26645/5.10/0003.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26651/5.10/0003.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26654/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26659/5.10/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26663/5.10/0003.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26664/5.10/0003.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26665/5.10/0002.patch
@ -328,7 +327,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26710/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26712/5.10/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26720/5.10/0004.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26722/5.10/0003.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26733/5.10/0002.patch
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26733/5.10/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26735/5.10/0003.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26736/5.10/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26743/5.10/0002.patch

View File

@ -111,7 +111,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26635/^6.7/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26636/^6.7/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26645/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26651/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26659/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26663/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26675/^6.8/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26679/^6.8/0002.patch

View File

@ -280,7 +280,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26643/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26645/4.19/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26651/4.19/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26654/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26659/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26663/4.19/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26664/4.19/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26671/4.19/0002.patch

View File

@ -149,7 +149,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26643/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26645/4.19/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26651/4.19/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26654/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26659/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26663/4.19/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26664/4.19/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26671/4.19/0002.patch

View File

@ -600,7 +600,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26635/^6.7/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26636/^6.7/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26645/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26651/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26659/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26663/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26675/^6.8/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26679/^6.8/0002.patch

View File

@ -128,7 +128,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26636/4.19/0003.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26643/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26645/4.19/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26654/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26659/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26663/4.19/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26664/4.19/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26671/4.19/0002.patch

View File

@ -95,7 +95,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26643/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26645/5.4/0005.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26651/5.4/0005.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26654/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26659/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26663/5.4/0005.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26664/5.4/0005.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26671/5.4/0005.patch

View File

@ -121,7 +121,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26635/^6.7/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26636/^6.7/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26645/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26651/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26659/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26663/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26675/^6.8/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26679/^6.8/0002.patch

View File

@ -130,7 +130,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26636/4.19/0003.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26643/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26645/4.19/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26654/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26659/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26663/4.19/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26664/4.19/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26671/4.19/0002.patch

View File

@ -126,7 +126,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26635/^6.7/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26636/^6.7/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26645/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26651/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26659/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26663/^6.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26675/^6.8/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26679/^6.8/0002.patch

View File

@ -97,6 +97,7 @@ applyPatch "$DOS_PATCHES/android_build/0004-Selective_APEX.patch"; #Only enable
sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_util.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
#sed -i 's/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := true/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := false/' core/product_config.mk; #broken by hardenDefconfig
sed -i 's/2024-03-05/2024-04-05/' core/version_defaults.mk; #Bump Security String #T_asb_2024-04
fi;
if enterAndClear "build/soong"; then