15.1: April ASB work

Signed-off-by: Tavi <tavi@divested.dev>

Scripts/Common/Fix_CVE_Patchers.sh

@@ -63,7 +63,7 @@ commentPatches android_kernel_google_msm-4.9.sh "CVE-2019-19319" "CVE-2020-0067"
 commentPatches android_kernel_google_redbull.sh "CVE-2018-5873" "CVE-2021-3444" "CVE-2021-3600";
 commentPatches android_kernel_google_sunfish.sh "CVE-2021-30324";
 commentPatches android_kernel_google_wahoo.sh "0008-Graphene-Kernel_Hardening-canaries/4.4/0002.patch" "CVE-2019-14047/ANY/0002.patch" "CVE-2019-19319" "CVE-2020-1749" "CVE-2020-8992" "CVE-2020-16166" "CVE-2021-30324";
-commentPatches android_kernel_google_yellowstone.sh "0001-LinuxIncrementals/3.10/3.10.0098-0099.patch" "CVE-2018-9514";
+commentPatches android_kernel_google_yellowstone.sh "0001-LinuxIncrementals/3.10/3.10.0098-0099.patch" "CVE-2018-9514" "CVE-2021-47122";
 commentPatches android_kernel_huawei_angler.sh "CVE-2014-8559";
 commentPatches android_kernel_htc_flounder.sh "CVE-2018-9514" "CVE-2018-14614/3.4";
 commentPatches android_kernel_htc_msm8960.sh "CVE-2018-10876" "CVE-2021-0695" "CVE-2021-Misc2/3.4/0055.patch" "CVE-2021-Misc2/3.4/0056.patch";

Scripts/LineageOS-15.1/Patch.sh

@@ -74,7 +74,7 @@ applyPatch "$DOS_PATCHES/android_build/0002-Enable_fwrapv.patch"; #Use -fwrapv a
 applyPatch "$DOS_PATCHES/android_build/0003-verity-openssl3.patch"; #Fix VB 1.0 failure due to openssl output format change
 sed -i '57i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
 awk -i inplace '!/Email/' target/product/core.mk; #Remove Email
-sed -i 's/2021-10-05/2024-03-05/' core/version_defaults.mk; #Bump Security String #XXX
+sed -i 's/2021-10-05/2024-04-05/' core/version_defaults.mk; #Bump Security String #XXX
 fi;
 
 if enterAndClear "build/soong"; then
@@ -240,6 +240,7 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/379136.patch"; #R_asb_2024-01 F
 applyPatch "$DOS_PATCHES/android_frameworks_base/385672.patch"; #P_asb_2024-03 Resolve custom printer icon boundary exploit.
 applyPatch "$DOS_PATCHES/android_frameworks_base/385673.patch"; #P_asb_2024-03 Disallow system apps to be installed/updated as instant.
 applyPatch "$DOS_PATCHES/android_frameworks_base/385674.patch"; #P_asb_2024-03 Close AccountManagerService.session after timeout.
+applyPatch "$DOS_PATCHES/android_frameworks_base/389014-backport.patch"; #S_asb_2024-04 Fix security vulnerability that creates user with no restrictions when accountOptions are too long.
 applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0001-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
 applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969)
 applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after five failed attempts (GrapheneOS)

Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_google_yellowstone.sh

@@ -460,7 +460,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-47114/4.4/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-47117/3.18/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-47118/3.18/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-47121/3.18/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-47122/3.18/0001.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-47122/3.18/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-47145/3.18/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-47149/3.18/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-47153/3.18/0001.patch