O_asb_2021-11

Based off of: https://review.lineageos.org/q/topic:P_asb_2021-11 Missing: https://review.lineageos.org/c/LineageOS/android_packages_apps_Settings/+/318655 Maybe missing: https://review.lineageos.org/c/LineageOS/android_hardware_nxp_nfc/+/318653 Doesn't exist: https://review.lineageos.org/c/LineageOS/android_frameworks_native/+/318652 Untested Signed-off-by: Tad <tad@spotco.us>
2024-10-01 01:35:54 -04:00 · 2021-11-08 17:05:32 -05:00 · 2021-11-08 17:05:32 -05:00 · 9c105b799f
commit 9c105b799f
parent 1ce0093d9f
9 changed files with 315 additions and 2 deletions
--- a/Patches/LineageOS-15.1/android_frameworks_base/318648.patch
+++ b/Patches/LineageOS-15.1/android_frameworks_base/318648.patch
@ -0,0 +1,88 @@
 From 340e98580c8462c961a2d840ddae289bd56f9cd5 Mon Sep 17 00:00:00 2001
 From: Jayant Chowdhary <jchowdhary@google.com>
 Date: Wed, 9 Jun 2021 14:34:54 -0700
 Subject: [PATCH] camera2: Fix exception swallowing in params classes
 createFromParcel
 Do not catch exceptions when we attempt to create the following classes
 from a parcel
 - OutputConfiguration
 - VendorTagDescriptor
 - VendorTagDescriptorCache
 - SessionConfiguration
 This could cause subsequent parcel information to be read incorrectly.
 Bug: 188675581
 Test: Sample app which tries to write invalid data into an
      OutputConfiguration parcel to send in an intent via Broadcast. When read by the receiving app,
      gets an exception (not swallowed).
 Merged-In: I745ca49daa6ca36b1020d518e9f346b52684f2b1
 Change-Id: I745ca49daa6ca36b1020d518e9f346b52684f2b1
 Signed-off-by: Jayant Chowdhary <jchowdhary@google.com>
 (cherry picked from commit 6b0bcd60c81003e6a193aeccf44ee03f188e3984)
 (cherry picked from commit 8a11538146d894264420d5baa554e3968496b020)
 ---
 .../hardware/camera2/params/OutputConfiguration.java      | 8 +-------
 .../hardware/camera2/params/VendorTagDescriptor.java      | 8 +-------
 .../hardware/camera2/params/VendorTagDescriptorCache.java | 8 +-------
 3 files changed, 3 insertions(+), 21 deletions(-)
 diff --git a/core/java/android/hardware/camera2/params/OutputConfiguration.java b/core/java/android/hardware/camera2/params/OutputConfiguration.java
 index 1ee3c933b326..71d69e665411 100644
 --- a/core/java/android/hardware/camera2/params/OutputConfiguration.java
 +++ b/core/java/android/hardware/camera2/params/OutputConfiguration.java
@@ -630,13 +630,7 @@ public int getSurfaceGroupId() {
             new Parcelable.Creator<OutputConfiguration>() {
         @Override
         public OutputConfiguration createFromParcel(Parcel source) {
 -            try {
 -                OutputConfiguration outputConfiguration = new OutputConfiguration(source);
 -                return outputConfiguration;
 -            } catch (Exception e) {
 -                Log.e(TAG, "Exception creating OutputConfiguration from parcel", e);
 -                return null;
 -            }
 +            return new OutputConfiguration(source);
         }
         @Override
 diff --git a/core/java/android/hardware/camera2/params/VendorTagDescriptor.java b/core/java/android/hardware/camera2/params/VendorTagDescriptor.java
 index ea424e594081..893bde1e1430 100644
 --- a/core/java/android/hardware/camera2/params/VendorTagDescriptor.java
 +++ b/core/java/android/hardware/camera2/params/VendorTagDescriptor.java
@@ -36,13 +36,7 @@ private VendorTagDescriptor(Parcel source) {
             new Parcelable.Creator<VendorTagDescriptor>() {
         @Override
         public VendorTagDescriptor createFromParcel(Parcel source) {
 -            try {
 -                VendorTagDescriptor vendorDescriptor = new VendorTagDescriptor(source);
 -                return vendorDescriptor;
 -            } catch (Exception e) {
 -                Log.e(TAG, "Exception creating VendorTagDescriptor from parcel", e);
 -                return null;
 -            }
 +            return new VendorTagDescriptor(source);
         }
         @Override
 diff --git a/core/java/android/hardware/camera2/params/VendorTagDescriptorCache.java b/core/java/android/hardware/camera2/params/VendorTagDescriptorCache.java
 index 1f92f6d9ebf1..423020870869 100644
 --- a/core/java/android/hardware/camera2/params/VendorTagDescriptorCache.java
 +++ b/core/java/android/hardware/camera2/params/VendorTagDescriptorCache.java
@@ -36,13 +36,7 @@ private VendorTagDescriptorCache(Parcel source) {
             new Parcelable.Creator<VendorTagDescriptorCache>() {
         @Override
         public VendorTagDescriptorCache createFromParcel(Parcel source) {
 -            try {
 -                VendorTagDescriptorCache vendorDescriptorCache = new VendorTagDescriptorCache(source);
 -                return vendorDescriptorCache;
 -            } catch (Exception e) {
 -                Log.e(TAG, "Exception creating VendorTagDescriptorCache from parcel", e);
 -                return null;
 -            }
 +            return new VendorTagDescriptorCache(source);
         }
         @Override
--- a/Patches/LineageOS-15.1/android_frameworks_base/318649.patch
+++ b/Patches/LineageOS-15.1/android_frameworks_base/318649.patch
@ -0,0 +1,33 @@
 From d6e2ed21c5c8be3dfb7916626003375f0756514b Mon Sep 17 00:00:00 2001
 From: Hansong Zhang <hsz@google.com>
 Date: Wed, 18 Aug 2021 16:35:00 -0700
 Subject: [PATCH] DO NOT MERGE Bluetooth: Fix formatting in getAlias()
 Bug: 180747689
 Test: manual
 Change-Id: Ic309f4aad116fd424d5d0d0e2016d61be8826b78
 (cherry picked from commit 3bdad2df2e34c948bde80a51ae232c46848dab06)
 ---
 core/java/android/bluetooth/BluetoothDevice.java | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)
 diff --git a/core/java/android/bluetooth/BluetoothDevice.java b/core/java/android/bluetooth/BluetoothDevice.java
 index 3cf80746652e..8916b537ff29 100644
 --- a/core/java/android/bluetooth/BluetoothDevice.java
 +++ b/core/java/android/bluetooth/BluetoothDevice.java
@@ -894,7 +894,14 @@ public String getAlias() {
             return null;
         }
         try {
 -            return service.getRemoteAlias(this);
 +            String alias = service.getRemoteAlias(this);
 +            if (alias == null) {
 +                return getName();
 +            }
 +            return alias
 +                    .replace('\t', ' ')
 +                    .replace('\n', ' ')
 +                    .replace('\r', ' ');
         } catch (RemoteException e) {
             Log.e(TAG, "", e);
         }
--- a/Patches/LineageOS-15.1/android_frameworks_base/318650.patch
+++ b/Patches/LineageOS-15.1/android_frameworks_base/318650.patch
@ -0,0 +1,40 @@
 From 8cc2e34a67e31f4bc08c7fb70cbd2d79fefacd42 Mon Sep 17 00:00:00 2001
 From: Evan Chen <evanxinchen@google.com>
 Date: Thu, 2 Sep 2021 21:57:41 +0000
 Subject: [PATCH] Backporting the change of ag/15629060 to pi-dev
 Bug: 172251622
 Bug: 197035186
 Change-Id: Ic3ffcb622af232473adf8a8c8307cce78227bac0
 Merged-In: I7e2f95fd85e18127dc481f188ace8ad6effc4831
 Test: Manual
 (cherry picked from commit 95ff59db3b99829cc49afeaeb616004394e09b28)
 ---
 .../companiondevicemanager/DeviceChooserActivity.java      | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)
 diff --git a/packages/CompanionDeviceManager/src/com/android/companiondevicemanager/DeviceChooserActivity.java b/packages/CompanionDeviceManager/src/com/android/companiondevicemanager/DeviceChooserActivity.java
 index 34139a8e58e9..06a56095aa0a 100644
 --- a/packages/CompanionDeviceManager/src/com/android/companiondevicemanager/DeviceChooserActivity.java
 +++ b/packages/CompanionDeviceManager/src/com/android/companiondevicemanager/DeviceChooserActivity.java
@@ -64,8 +64,8 @@ public void onCreate(Bundle savedInstanceState) {
             final DeviceFilterPair selectedDevice = getService().mDevicesFound.get(0);
             setTitle(Html.fromHtml(getString(
                     R.string.confirmation_title,
 -                    getCallingAppName(),
 -                    selectedDevice.getDisplayName()), 0));
 +                    Html.escapeHtml(getCallingAppName()),
 +                    Html.escapeHtml(selectedDevice.getDisplayName())), 0));
             mPairButton = findViewById(R.id.button_pair);
             mPairButton.setOnClickListener(v -> onDeviceConfirmed(getService().mSelectedDevice));
             getService().mSelectedDevice = selectedDevice;
@@ -74,7 +74,8 @@ public void onCreate(Bundle savedInstanceState) {
             setContentView(R.layout.device_chooser);
             mPairButton = findViewById(R.id.button_pair);
             mPairButton.setVisibility(View.GONE);
 -            setTitle(Html.fromHtml(getString(R.string.chooser_title, getCallingAppName()), 0));
 +            setTitle(Html.fromHtml(getString(R.string.chooser_title,
 +                    Html.escapeHtml(getCallingAppName())), 0));
             mDeviceListView = findViewById(R.id.device_list);
             final DeviceDiscoveryService.DevicesAdapter adapter = getService().mDevicesAdapter;
             mDeviceListView.setAdapter(adapter);
--- a/Patches/LineageOS-15.1/android_frameworks_base/318651.patch
+++ b/Patches/LineageOS-15.1/android_frameworks_base/318651.patch
@ -0,0 +1,32 @@
 From 42d49fdc6c1fd642ee9cce75091f7a9eeea83649 Mon Sep 17 00:00:00 2001
 From: shubang <shubang@google.com>
 Date: Fri, 13 Aug 2021 15:42:15 -0700
 Subject: [PATCH] TIF: fix issue of using caller-aware methods after
 clearCallingIdentity()
 Bug: 189824175
 Test: atest android.media.tv.cts.TvInputManagerTest
 Change-Id: Iced6c2245c0099bc4bcdaceb51f8cce4dbc0a392
 (cherry picked from commit a2ab2772d70984b1c24d5d4509b9c7a5abea71f9)
 (cherry picked from commit 05363ef193ae231fc7a1fe666de88861e1084b17)
 ---
 .../java/com/android/server/tv/TvInputManagerService.java    | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)
 diff --git a/services/core/java/com/android/server/tv/TvInputManagerService.java b/services/core/java/com/android/server/tv/TvInputManagerService.java
 index d5e59c8dfd6a..e6d2cb50bf52 100644
 --- a/services/core/java/com/android/server/tv/TvInputManagerService.java
 +++ b/services/core/java/com/android/server/tv/TvInputManagerService.java
@@ -1970,10 +1970,9 @@ private void ensureCaptureTvInputPermission() {
         public void requestChannelBrowsable(Uri channelUri, int userId)
                 throws RemoteException {
             final String callingPackageName = getCallingPackageName();
 +            final int resolvedUserId = resolveCallingUserId(Binder.getCallingPid(),
 +                    Binder.getCallingUid(), userId, "requestChannelBrowsable");
             final long identity = Binder.clearCallingIdentity();
 -            final int callingUid = Binder.getCallingUid();
 -            final int resolvedUserId = resolveCallingUserId(Binder.getCallingPid(), callingUid,
 -                userId, "requestChannelBrowsable");
             try {
                 Intent intent = new Intent(TvContract.ACTION_CHANNEL_BROWSABLE_REQUESTED);
                 List<ResolveInfo> list = getContext().getPackageManager()
--- a/Patches/LineageOS-15.1/android_packages_apps_Contacts/318654.patch
+++ b/Patches/LineageOS-15.1/android_packages_apps_Contacts/318654.patch
@ -0,0 +1,26 @@
 From 8cd9ccedaffec38a5845e9f624179995c21fde84 Mon Sep 17 00:00:00 2001
 From: John Shao <johnshao@google.com>
 Date: Wed, 25 Aug 2021 23:29:56 +0000
 Subject: [PATCH] Add permission to start NFC activity to ensure it is from NFC
 stack
 Bug: 191053931
 Test: build
 Change-Id: I41b5ddf464f45e68a4da6ad880cbc9b12e447ec5
 (cherry picked from commit 024c62fa49aa2090daf50657c2b509b9478d8b92)
 ---
 AndroidManifest.xml | 1 +
 1 file changed, 1 insertion(+)
 diff --git a/AndroidManifest.xml b/AndroidManifest.xml
 index 98d7677463..221dd69289 100644
 --- a/AndroidManifest.xml
 +++ b/AndroidManifest.xml
@@ -492,6 +492,7 @@
         <activity
             android:name=".vcard.NfcImportVCardActivity"
 +            android:permission="android.permission.DISPATCH_NFC_MESSAGE"
             android:configChanges="orientation|screenSize|keyboardHidden"
             android:theme="@style/BackgroundOnlyTheme">
             <intent-filter>
--- a/Patches/LineageOS-15.1/android_vendor_nxp_opensource_external_libnfc-nci/318656.patch
+++ b/Patches/LineageOS-15.1/android_vendor_nxp_opensource_external_libnfc-nci/318656.patch
@ -0,0 +1,42 @@
 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: George Chang <georgekgchang@google.com>
 Date: Wed, 7 Nov 2018 22:44:56 +0800
 Subject: [PATCH] Prevent Out of bound error in phNxpNciHal_process_ext_rsp
 Bug: 118152591
 Test: Nfc Enable/Disable, R/W, P2P
 Merged-In: I53bfc1b7eca4c3306f20488dc5fb8ccf9ed0e330
 Change-Id: I53bfc1b7eca4c3306f20488dc5fb8ccf9ed0e330
 (cherry picked from commit 210180d4eb8971f74aa17d1677e97a342c29c7b1)
 ---
 halimpl/pn54x/hal/phNxpNciHal_ext.c | 10 ++++++++++
 1 file changed, 10 insertions(+)
 diff --git a/halimpl/pn54x/hal/phNxpNciHal_ext.c b/halimpl/pn54x/hal/phNxpNciHal_ext.c
 index fff4477b..c0145500 100644
 --- a/halimpl/pn54x/hal/phNxpNciHal_ext.c
 +++ b/halimpl/pn54x/hal/phNxpNciHal_ext.c
@@ -16,6 +16,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 +#include <log/log.h>
 #include <phNxpNciHal_ext.h>
 #include <phNxpNciHal.h>
 #include <phTmlNfc.h>
@@ -119,6 +120,15 @@ NFCSTATUS phNxpNciHal_process_ext_rsp(uint8_t* p_ntf, uint16_t* p_len) {
             phNxpNciHal_parsePacket(p_ntf,*p_len);
     }
 +  if (p_ntf[0] == 0x61 && p_ntf[1] == 0x05 && *p_len < 14) {
 +    if(*p_len <= 6) {
 +      android_errorWriteLog(0x534e4554, "118152591");
 +    }
 +    NXPLOG_NCIHAL_E("RF_INTF_ACTIVATED_NTF length error!");
 +    status = NFCSTATUS_FAILED;
 +    return status;
 +  }
 +
   if (p_ntf[0] == 0x61 && p_ntf[1] == 0x05 && p_ntf[4] == 0x03 &&
       p_ntf[5] == 0x05 && nxpprofile_ctrl.profile_type == EMV_CO_PROFILE) {
     p_ntf[4] = 0xFF;
--- a/Patches/LineageOS-15.1/android_vendor_nxp_opensource_external_libnfc-nci/318657.patch
+++ b/Patches/LineageOS-15.1/android_vendor_nxp_opensource_external_libnfc-nci/318657.patch
@ -0,0 +1,42 @@
 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Alisher Alikhodjaev <alisher@google.com>
 Date: Tue, 4 May 2021 17:46:57 -0700
 Subject: [PATCH] OOBW in phNxpNciHal_process_ext_rsp
 Bug: 181584626
 Bug: 181660091
 Bug: 181660093
 Test: build ok
 Change-Id: I05959cc1bbba12aab896fd93684ce163217e599d
 (cherry picked from commit 528b21d3443efd763313a446624ea985f3d46722)
 ---
 halimpl/pn54x/hal/phNxpNciHal_ext.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)
 diff --git a/halimpl/pn54x/hal/phNxpNciHal_ext.c b/halimpl/pn54x/hal/phNxpNciHal_ext.c
 index 3f356932..fff4477b 100644
 --- a/halimpl/pn54x/hal/phNxpNciHal_ext.c
 +++ b/halimpl/pn54x/hal/phNxpNciHal_ext.c
@@ -273,6 +273,11 @@ NFCSTATUS phNxpNciHal_process_ext_rsp(uint8_t* p_ntf, uint16_t* p_len) {
     }
     if(nxpncihal_ctrl.nci_info.nci_version != NCI_VERSION_2_0)
     {
 +      if (*p_len <= (p_ntf[2] + 2)) {
 +        android_errorWriteLog(0x534e4554, "181660091");
 +        NXPLOG_NCIHAL_E("length error!");
 +        return NFCSTATUS_FAILED;
 +      }
 #if 0 /* this is work around added initially. not required now */
       if (p_ntf[p_ntf[2] + 2] == 0x00) {
         NXPLOG_NCIHAL_D("> Data of ISO-15693");
@@ -291,8 +296,8 @@ NFCSTATUS phNxpNciHal_process_ext_rsp(uint8_t* p_ntf, uint16_t* p_len) {
     icode_send_eof = 0;
   } else if (*p_len == 4 && p_ntf[0] == 0x40 && p_ntf[1] == 0x02 &&
              p_ntf[2] == 0x01 && p_ntf[3] == 0x06) {
 -    NXPLOG_NCIHAL_D("> Deinit for LLCP set_config 0x%x 0x%x 0x%x", p_ntf[21],
 -                    p_ntf[22], p_ntf[23]);
 +    /* NXPLOG_NCIHAL_D("> Deinit for LLCP set_config 0x%x 0x%x 0x%x", p_ntf[21],
 +                    p_ntf[22], p_ntf[23]); */
     p_ntf[0] = 0x40;
     p_ntf[1] = 0x02;
     p_ntf[2] = 0x02;
--- a/Scripts/LineageOS-15.1/Patch.sh
+++ b/Scripts/LineageOS-15.1/Patch.sh
@ -72,6 +72,7 @@ applyPatch "$DOS_PATCHES/android_build/0001-OTA_Keys.patch"; #Add correct keys t
 applyPatch "$DOS_PATCHES/android_build/0002-Enable_fwrapv.patch"; #Use -fwrapv at a minimum (GrapheneOS)
 sed -i '57i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
 sed -i 's/messaging/Silence/' target/product/aosp_base_telephony.mk target/product/treble_common.mk; #Replace the Messaging app with Silence
 sed -i 's/2021-10-05/2021-11-05/' core/version_defaults.mk; #Bump Security String #O_asb_2021-11 #XXX
 fi;
 if enterAndClear "build/soong"; then
@ -106,6 +107,10 @@ applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout
 if [ "$DOS_SENSORS_PERM" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Sensors.patch"; fi; #Permission for sensors access (MSe1969)
 if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0002-Signature_Spoofing.patch"; fi; #Allow packages to spoof their signature (microG)
 if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0003-Harden_Sig_Spoofing.patch"; fi; #Restrict signature spoofing to system apps signed with the platform key
 applyPatch "$DOS_PATCHES/android_frameworks_base/318648.patch"; #O_asb_2021-11
 applyPatch "$DOS_PATCHES/android_frameworks_base/318649.patch";
 applyPatch "$DOS_PATCHES/android_frameworks_base/318650.patch";
 applyPatch "$DOS_PATCHES/android_frameworks_base/318651.patch";
 sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox internal logging service
 sed -i 's/DEFAULT_MAX_FILES_LOWRAM = 300;/DEFAULT_MAX_FILES_LOWRAM = 0;/' services/core/java/com/android/server/DropBoxManagerService.java;
 sed -i 's/(notif.needNotify)/(true)/' location/java/com/android/internal/location/GpsNetInitiatedHandler.java; #Notify the user if their location is requested via SUPL
@ -182,6 +187,7 @@ fi;
 if enterAndClear "packages/apps/Contacts"; then
 applyPatch "$DOS_PATCHES_COMMON/android_packages_apps_Contacts/0001-No_Google_Links.patch"; #Remove Privacy Policy and Terms of Service links (GrapheneOS)
 applyPatch "$DOS_PATCHES_COMMON/android_packages_apps_Contacts/318654.patch"; #O_asb_2021-11
 fi;
 if enterAndClear "packages/apps/LineageParts"; then
@ -271,6 +277,11 @@ if enter "vendor/divested"; then
 if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then echo "PRODUCT_PACKAGES += GmsCore GsfProxy FakeStore" >> packages.mk; fi; #Include microG
 if [ "$DOS_HOSTS_BLOCKING" = false ]; then echo "PRODUCT_PACKAGES += $DOS_HOSTS_BLOCKING_APP" >> packages.mk; fi; #Include blocker app
 fi;
 if enterAndClear "vendor/nxp/opensource/external/libnfc-nci"; then
 applyPatch "$DOS_PATCHES_COMMON/android_packages_apps_Contacts/318656.patch"; #O_asb_2021-11
 applyPatch "$DOS_PATCHES_COMMON/android_packages_apps_Contacts/318657.patch";
 fi;
 #
 #END OF ROM CHANGES
 #
--- a/Scripts/LineageOS-17.1/Functions.sh
+++ b/Scripts/LineageOS-17.1/Functions.sh
@ -95,10 +95,9 @@ patchWorkspace() {
 	touch DOS_PATCHED_FLAG;
 	if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi;
-	source build/envsetup.sh;
+	#source build/envsetup.sh;
 	#repopick -it ten-firewall;
 	#repopick -it Q_tzdb2021a1;
 	repopick -it Q_asb_2021-11;
 	sh "$DOS_SCRIPTS/Patch.sh";
 	sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";