Tad 2021-11-08 17:05:32 -05:00
parent 1ce0093d9f
commit 9c105b799f
9 changed files with 315 additions and 2 deletions

View File

@ -0,0 +1,88 @@
From 340e98580c8462c961a2d840ddae289bd56f9cd5 Mon Sep 17 00:00:00 2001
From: Jayant Chowdhary <jchowdhary@google.com>
Date: Wed, 9 Jun 2021 14:34:54 -0700
Subject: [PATCH] camera2: Fix exception swallowing in params classes
createFromParcel
Do not catch exceptions when we attempt to create the following classes
from a parcel
- OutputConfiguration
- VendorTagDescriptor
- VendorTagDescriptorCache
- SessionConfiguration
This could cause subsequent parcel information to be read incorrectly.
Bug: 188675581
Test: Sample app which tries to write invalid data into an
OutputConfiguration parcel to send in an intent via Broadcast. When read by the receiving app,
gets an exception (not swallowed).
Merged-In: I745ca49daa6ca36b1020d518e9f346b52684f2b1
Change-Id: I745ca49daa6ca36b1020d518e9f346b52684f2b1
Signed-off-by: Jayant Chowdhary <jchowdhary@google.com>
(cherry picked from commit 6b0bcd60c81003e6a193aeccf44ee03f188e3984)
(cherry picked from commit 8a11538146d894264420d5baa554e3968496b020)
---
.../hardware/camera2/params/OutputConfiguration.java | 8 +-------
.../hardware/camera2/params/VendorTagDescriptor.java | 8 +-------
.../hardware/camera2/params/VendorTagDescriptorCache.java | 8 +-------
3 files changed, 3 insertions(+), 21 deletions(-)
diff --git a/core/java/android/hardware/camera2/params/OutputConfiguration.java b/core/java/android/hardware/camera2/params/OutputConfiguration.java
index 1ee3c933b326..71d69e665411 100644
--- a/core/java/android/hardware/camera2/params/OutputConfiguration.java
+++ b/core/java/android/hardware/camera2/params/OutputConfiguration.java
@@ -630,13 +630,7 @@ public int getSurfaceGroupId() {
new Parcelable.Creator<OutputConfiguration>() {
@Override
public OutputConfiguration createFromParcel(Parcel source) {
- try {
- OutputConfiguration outputConfiguration = new OutputConfiguration(source);
- return outputConfiguration;
- } catch (Exception e) {
- Log.e(TAG, "Exception creating OutputConfiguration from parcel", e);
- return null;
- }
+ return new OutputConfiguration(source);
}
@Override
diff --git a/core/java/android/hardware/camera2/params/VendorTagDescriptor.java b/core/java/android/hardware/camera2/params/VendorTagDescriptor.java
index ea424e594081..893bde1e1430 100644
--- a/core/java/android/hardware/camera2/params/VendorTagDescriptor.java
+++ b/core/java/android/hardware/camera2/params/VendorTagDescriptor.java
@@ -36,13 +36,7 @@ private VendorTagDescriptor(Parcel source) {
new Parcelable.Creator<VendorTagDescriptor>() {
@Override
public VendorTagDescriptor createFromParcel(Parcel source) {
- try {
- VendorTagDescriptor vendorDescriptor = new VendorTagDescriptor(source);
- return vendorDescriptor;
- } catch (Exception e) {
- Log.e(TAG, "Exception creating VendorTagDescriptor from parcel", e);
- return null;
- }
+ return new VendorTagDescriptor(source);
}
@Override
diff --git a/core/java/android/hardware/camera2/params/VendorTagDescriptorCache.java b/core/java/android/hardware/camera2/params/VendorTagDescriptorCache.java
index 1f92f6d9ebf1..423020870869 100644
--- a/core/java/android/hardware/camera2/params/VendorTagDescriptorCache.java
+++ b/core/java/android/hardware/camera2/params/VendorTagDescriptorCache.java
@@ -36,13 +36,7 @@ private VendorTagDescriptorCache(Parcel source) {
new Parcelable.Creator<VendorTagDescriptorCache>() {
@Override
public VendorTagDescriptorCache createFromParcel(Parcel source) {
- try {
- VendorTagDescriptorCache vendorDescriptorCache = new VendorTagDescriptorCache(source);
- return vendorDescriptorCache;
- } catch (Exception e) {
- Log.e(TAG, "Exception creating VendorTagDescriptorCache from parcel", e);
- return null;
- }
+ return new VendorTagDescriptorCache(source);
}
@Override

View File

@ -0,0 +1,33 @@
From d6e2ed21c5c8be3dfb7916626003375f0756514b Mon Sep 17 00:00:00 2001
From: Hansong Zhang <hsz@google.com>
Date: Wed, 18 Aug 2021 16:35:00 -0700
Subject: [PATCH] DO NOT MERGE Bluetooth: Fix formatting in getAlias()
Bug: 180747689
Test: manual
Change-Id: Ic309f4aad116fd424d5d0d0e2016d61be8826b78
(cherry picked from commit 3bdad2df2e34c948bde80a51ae232c46848dab06)
---
core/java/android/bluetooth/BluetoothDevice.java | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/core/java/android/bluetooth/BluetoothDevice.java b/core/java/android/bluetooth/BluetoothDevice.java
index 3cf80746652e..8916b537ff29 100644
--- a/core/java/android/bluetooth/BluetoothDevice.java
+++ b/core/java/android/bluetooth/BluetoothDevice.java
@@ -894,7 +894,14 @@ public String getAlias() {
return null;
}
try {
- return service.getRemoteAlias(this);
+ String alias = service.getRemoteAlias(this);
+ if (alias == null) {
+ return getName();
+ }
+ return alias
+ .replace('\t', ' ')
+ .replace('\n', ' ')
+ .replace('\r', ' ');
} catch (RemoteException e) {
Log.e(TAG, "", e);
}

View File

@ -0,0 +1,40 @@
From 8cc2e34a67e31f4bc08c7fb70cbd2d79fefacd42 Mon Sep 17 00:00:00 2001
From: Evan Chen <evanxinchen@google.com>
Date: Thu, 2 Sep 2021 21:57:41 +0000
Subject: [PATCH] Backporting the change of ag/15629060 to pi-dev
Bug: 172251622
Bug: 197035186
Change-Id: Ic3ffcb622af232473adf8a8c8307cce78227bac0
Merged-In: I7e2f95fd85e18127dc481f188ace8ad6effc4831
Test: Manual
(cherry picked from commit 95ff59db3b99829cc49afeaeb616004394e09b28)
---
.../companiondevicemanager/DeviceChooserActivity.java | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/packages/CompanionDeviceManager/src/com/android/companiondevicemanager/DeviceChooserActivity.java b/packages/CompanionDeviceManager/src/com/android/companiondevicemanager/DeviceChooserActivity.java
index 34139a8e58e9..06a56095aa0a 100644
--- a/packages/CompanionDeviceManager/src/com/android/companiondevicemanager/DeviceChooserActivity.java
+++ b/packages/CompanionDeviceManager/src/com/android/companiondevicemanager/DeviceChooserActivity.java
@@ -64,8 +64,8 @@ public void onCreate(Bundle savedInstanceState) {
final DeviceFilterPair selectedDevice = getService().mDevicesFound.get(0);
setTitle(Html.fromHtml(getString(
R.string.confirmation_title,
- getCallingAppName(),
- selectedDevice.getDisplayName()), 0));
+ Html.escapeHtml(getCallingAppName()),
+ Html.escapeHtml(selectedDevice.getDisplayName())), 0));
mPairButton = findViewById(R.id.button_pair);
mPairButton.setOnClickListener(v -> onDeviceConfirmed(getService().mSelectedDevice));
getService().mSelectedDevice = selectedDevice;
@@ -74,7 +74,8 @@ public void onCreate(Bundle savedInstanceState) {
setContentView(R.layout.device_chooser);
mPairButton = findViewById(R.id.button_pair);
mPairButton.setVisibility(View.GONE);
- setTitle(Html.fromHtml(getString(R.string.chooser_title, getCallingAppName()), 0));
+ setTitle(Html.fromHtml(getString(R.string.chooser_title,
+ Html.escapeHtml(getCallingAppName())), 0));
mDeviceListView = findViewById(R.id.device_list);
final DeviceDiscoveryService.DevicesAdapter adapter = getService().mDevicesAdapter;
mDeviceListView.setAdapter(adapter);

View File

@ -0,0 +1,32 @@
From 42d49fdc6c1fd642ee9cce75091f7a9eeea83649 Mon Sep 17 00:00:00 2001
From: shubang <shubang@google.com>
Date: Fri, 13 Aug 2021 15:42:15 -0700
Subject: [PATCH] TIF: fix issue of using caller-aware methods after
clearCallingIdentity()
Bug: 189824175
Test: atest android.media.tv.cts.TvInputManagerTest
Change-Id: Iced6c2245c0099bc4bcdaceb51f8cce4dbc0a392
(cherry picked from commit a2ab2772d70984b1c24d5d4509b9c7a5abea71f9)
(cherry picked from commit 05363ef193ae231fc7a1fe666de88861e1084b17)
---
.../java/com/android/server/tv/TvInputManagerService.java | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/services/core/java/com/android/server/tv/TvInputManagerService.java b/services/core/java/com/android/server/tv/TvInputManagerService.java
index d5e59c8dfd6a..e6d2cb50bf52 100644
--- a/services/core/java/com/android/server/tv/TvInputManagerService.java
+++ b/services/core/java/com/android/server/tv/TvInputManagerService.java
@@ -1970,10 +1970,9 @@ private void ensureCaptureTvInputPermission() {
public void requestChannelBrowsable(Uri channelUri, int userId)
throws RemoteException {
final String callingPackageName = getCallingPackageName();
+ final int resolvedUserId = resolveCallingUserId(Binder.getCallingPid(),
+ Binder.getCallingUid(), userId, "requestChannelBrowsable");
final long identity = Binder.clearCallingIdentity();
- final int callingUid = Binder.getCallingUid();
- final int resolvedUserId = resolveCallingUserId(Binder.getCallingPid(), callingUid,
- userId, "requestChannelBrowsable");
try {
Intent intent = new Intent(TvContract.ACTION_CHANNEL_BROWSABLE_REQUESTED);
List<ResolveInfo> list = getContext().getPackageManager()

View File

@ -0,0 +1,26 @@
From 8cd9ccedaffec38a5845e9f624179995c21fde84 Mon Sep 17 00:00:00 2001
From: John Shao <johnshao@google.com>
Date: Wed, 25 Aug 2021 23:29:56 +0000
Subject: [PATCH] Add permission to start NFC activity to ensure it is from NFC
stack
Bug: 191053931
Test: build
Change-Id: I41b5ddf464f45e68a4da6ad880cbc9b12e447ec5
(cherry picked from commit 024c62fa49aa2090daf50657c2b509b9478d8b92)
---
AndroidManifest.xml | 1 +
1 file changed, 1 insertion(+)
diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index 98d7677463..221dd69289 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -492,6 +492,7 @@
<activity
android:name=".vcard.NfcImportVCardActivity"
+ android:permission="android.permission.DISPATCH_NFC_MESSAGE"
android:configChanges="orientation|screenSize|keyboardHidden"
android:theme="@style/BackgroundOnlyTheme">
<intent-filter>

View File

@ -0,0 +1,42 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: George Chang <georgekgchang@google.com>
Date: Wed, 7 Nov 2018 22:44:56 +0800
Subject: [PATCH] Prevent Out of bound error in phNxpNciHal_process_ext_rsp
Bug: 118152591
Test: Nfc Enable/Disable, R/W, P2P
Merged-In: I53bfc1b7eca4c3306f20488dc5fb8ccf9ed0e330
Change-Id: I53bfc1b7eca4c3306f20488dc5fb8ccf9ed0e330
(cherry picked from commit 210180d4eb8971f74aa17d1677e97a342c29c7b1)
---
halimpl/pn54x/hal/phNxpNciHal_ext.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/halimpl/pn54x/hal/phNxpNciHal_ext.c b/halimpl/pn54x/hal/phNxpNciHal_ext.c
index fff4477b..c0145500 100644
--- a/halimpl/pn54x/hal/phNxpNciHal_ext.c
+++ b/halimpl/pn54x/hal/phNxpNciHal_ext.c
@@ -16,6 +16,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
+#include <log/log.h>
#include <phNxpNciHal_ext.h>
#include <phNxpNciHal.h>
#include <phTmlNfc.h>
@@ -119,6 +120,15 @@ NFCSTATUS phNxpNciHal_process_ext_rsp(uint8_t* p_ntf, uint16_t* p_len) {
phNxpNciHal_parsePacket(p_ntf,*p_len);
}
+ if (p_ntf[0] == 0x61 && p_ntf[1] == 0x05 && *p_len < 14) {
+ if(*p_len <= 6) {
+ android_errorWriteLog(0x534e4554, "118152591");
+ }
+ NXPLOG_NCIHAL_E("RF_INTF_ACTIVATED_NTF length error!");
+ status = NFCSTATUS_FAILED;
+ return status;
+ }
+
if (p_ntf[0] == 0x61 && p_ntf[1] == 0x05 && p_ntf[4] == 0x03 &&
p_ntf[5] == 0x05 && nxpprofile_ctrl.profile_type == EMV_CO_PROFILE) {
p_ntf[4] = 0xFF;

View File

@ -0,0 +1,42 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Alisher Alikhodjaev <alisher@google.com>
Date: Tue, 4 May 2021 17:46:57 -0700
Subject: [PATCH] OOBW in phNxpNciHal_process_ext_rsp
Bug: 181584626
Bug: 181660091
Bug: 181660093
Test: build ok
Change-Id: I05959cc1bbba12aab896fd93684ce163217e599d
(cherry picked from commit 528b21d3443efd763313a446624ea985f3d46722)
---
halimpl/pn54x/hal/phNxpNciHal_ext.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/halimpl/pn54x/hal/phNxpNciHal_ext.c b/halimpl/pn54x/hal/phNxpNciHal_ext.c
index 3f356932..fff4477b 100644
--- a/halimpl/pn54x/hal/phNxpNciHal_ext.c
+++ b/halimpl/pn54x/hal/phNxpNciHal_ext.c
@@ -273,6 +273,11 @@ NFCSTATUS phNxpNciHal_process_ext_rsp(uint8_t* p_ntf, uint16_t* p_len) {
}
if(nxpncihal_ctrl.nci_info.nci_version != NCI_VERSION_2_0)
{
+ if (*p_len <= (p_ntf[2] + 2)) {
+ android_errorWriteLog(0x534e4554, "181660091");
+ NXPLOG_NCIHAL_E("length error!");
+ return NFCSTATUS_FAILED;
+ }
#if 0 /* this is work around added initially. not required now */
if (p_ntf[p_ntf[2] + 2] == 0x00) {
NXPLOG_NCIHAL_D("> Data of ISO-15693");
@@ -291,8 +296,8 @@ NFCSTATUS phNxpNciHal_process_ext_rsp(uint8_t* p_ntf, uint16_t* p_len) {
icode_send_eof = 0;
} else if (*p_len == 4 && p_ntf[0] == 0x40 && p_ntf[1] == 0x02 &&
p_ntf[2] == 0x01 && p_ntf[3] == 0x06) {
- NXPLOG_NCIHAL_D("> Deinit for LLCP set_config 0x%x 0x%x 0x%x", p_ntf[21],
- p_ntf[22], p_ntf[23]);
+ /* NXPLOG_NCIHAL_D("> Deinit for LLCP set_config 0x%x 0x%x 0x%x", p_ntf[21],
+ p_ntf[22], p_ntf[23]); */
p_ntf[0] = 0x40;
p_ntf[1] = 0x02;
p_ntf[2] = 0x02;

View File

@ -72,6 +72,7 @@ applyPatch "$DOS_PATCHES/android_build/0001-OTA_Keys.patch"; #Add correct keys t
applyPatch "$DOS_PATCHES/android_build/0002-Enable_fwrapv.patch"; #Use -fwrapv at a minimum (GrapheneOS)
sed -i '57i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
sed -i 's/messaging/Silence/' target/product/aosp_base_telephony.mk target/product/treble_common.mk; #Replace the Messaging app with Silence
sed -i 's/2021-10-05/2021-11-05/' core/version_defaults.mk; #Bump Security String #O_asb_2021-11 #XXX
fi;
if enterAndClear "build/soong"; then
@ -106,6 +107,10 @@ applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout
if [ "$DOS_SENSORS_PERM" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Sensors.patch"; fi; #Permission for sensors access (MSe1969)
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0002-Signature_Spoofing.patch"; fi; #Allow packages to spoof their signature (microG)
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0003-Harden_Sig_Spoofing.patch"; fi; #Restrict signature spoofing to system apps signed with the platform key
applyPatch "$DOS_PATCHES/android_frameworks_base/318648.patch"; #O_asb_2021-11
applyPatch "$DOS_PATCHES/android_frameworks_base/318649.patch";
applyPatch "$DOS_PATCHES/android_frameworks_base/318650.patch";
applyPatch "$DOS_PATCHES/android_frameworks_base/318651.patch";
sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox internal logging service
sed -i 's/DEFAULT_MAX_FILES_LOWRAM = 300;/DEFAULT_MAX_FILES_LOWRAM = 0;/' services/core/java/com/android/server/DropBoxManagerService.java;
sed -i 's/(notif.needNotify)/(true)/' location/java/com/android/internal/location/GpsNetInitiatedHandler.java; #Notify the user if their location is requested via SUPL
@ -182,6 +187,7 @@ fi;
if enterAndClear "packages/apps/Contacts"; then
applyPatch "$DOS_PATCHES_COMMON/android_packages_apps_Contacts/0001-No_Google_Links.patch"; #Remove Privacy Policy and Terms of Service links (GrapheneOS)
applyPatch "$DOS_PATCHES_COMMON/android_packages_apps_Contacts/318654.patch"; #O_asb_2021-11
fi;
if enterAndClear "packages/apps/LineageParts"; then
@ -271,6 +277,11 @@ if enter "vendor/divested"; then
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then echo "PRODUCT_PACKAGES += GmsCore GsfProxy FakeStore" >> packages.mk; fi; #Include microG
if [ "$DOS_HOSTS_BLOCKING" = false ]; then echo "PRODUCT_PACKAGES += $DOS_HOSTS_BLOCKING_APP" >> packages.mk; fi; #Include blocker app
fi;
if enterAndClear "vendor/nxp/opensource/external/libnfc-nci"; then
applyPatch "$DOS_PATCHES_COMMON/android_packages_apps_Contacts/318656.patch"; #O_asb_2021-11
applyPatch "$DOS_PATCHES_COMMON/android_packages_apps_Contacts/318657.patch";
fi;
#
#END OF ROM CHANGES
#

View File

@ -95,10 +95,9 @@ patchWorkspace() {
touch DOS_PATCHED_FLAG;
if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi;
source build/envsetup.sh;
#source build/envsetup.sh;
#repopick -it ten-firewall;
#repopick -it Q_tzdb2021a1;
repopick -it Q_asb_2021-11;
sh "$DOS_SCRIPTS/Patch.sh";
sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";