From ab52996e4fc3e3c5b0676836c2f240fa8a037897 Mon Sep 17 00:00:00 2001 From: Tad Date: Sat, 10 Jun 2023 01:57:58 -0400 Subject: [PATCH] 16.0: switch to upstream topic for May ASB patches They're identical I'll likely eventually pull them back in anyway Signed-off-by: Tad --- .../355765-backport.patch | 81 ---- .../android_frameworks_base/355767.patch | 74 --- .../android_frameworks_base/355865.patch | 62 --- .../android_frameworks_native/355772.patch | 35 -- .../355773-backport.patch | 67 --- .../355774-backport.patch | 71 --- .../355777-backport.patch | 449 ------------------ Scripts/LineageOS-16.0/Functions.sh | 1 + Scripts/LineageOS-16.0/Patch.sh | 7 - 9 files changed, 1 insertion(+), 846 deletions(-) delete mode 100644 Patches/LineageOS-16.0/android_frameworks_base/355765-backport.patch delete mode 100644 Patches/LineageOS-16.0/android_frameworks_base/355767.patch delete mode 100644 Patches/LineageOS-16.0/android_frameworks_base/355865.patch delete mode 100644 Patches/LineageOS-16.0/android_frameworks_native/355772.patch delete mode 100644 Patches/LineageOS-16.0/android_frameworks_native/355773-backport.patch delete mode 100644 Patches/LineageOS-16.0/android_frameworks_native/355774-backport.patch delete mode 100644 Patches/LineageOS-16.0/android_packages_services_Telecomm/355777-backport.patch diff --git a/Patches/LineageOS-16.0/android_frameworks_base/355765-backport.patch b/Patches/LineageOS-16.0/android_frameworks_base/355765-backport.patch deleted file mode 100644 index 11b9d3c1..00000000 --- a/Patches/LineageOS-16.0/android_frameworks_base/355765-backport.patch +++ /dev/null @@ -1,81 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Norman -Date: Thu, 9 Feb 2023 12:28:26 -0800 -Subject: [PATCH] Checks if AccessibilityServiceInfo is within parcelable size. - -- If too large when parsing service XMLs then skip this service. -- If too large when a service attempts to update its own info - then throw an error. - -Bug: 261589597 -Test: atest AccessibilityServiceInfoTest -Change-Id: Iffc0cd48cc713f7904d68059e141cb7de5a4b906 -Merged-In: Iffc0cd48cc713f7904d68059e141cb7de5a4b906 -(cherry picked from commit on googleplex-android-review.googlesource.com host: 553232c29079fbeab28f95307d025c1426aa7142) -Merged-In: Iffc0cd48cc713f7904d68059e141cb7de5a4b906 ---- - .../accessibilityservice/AccessibilityService.java | 4 ++++ - .../accessibilityservice/AccessibilityServiceInfo.java | 10 ++++++++++ - .../accessibility/AccessibilityManagerService.java | 6 ++++++ - 3 files changed, 20 insertions(+) - -diff --git a/core/java/android/accessibilityservice/AccessibilityService.java b/core/java/android/accessibilityservice/AccessibilityService.java -index 6933e5201a21..ef59803e3ede 100644 ---- a/core/java/android/accessibilityservice/AccessibilityService.java -+++ b/core/java/android/accessibilityservice/AccessibilityService.java -@@ -1488,6 +1488,10 @@ public abstract class AccessibilityService extends Service { - IAccessibilityServiceConnection connection = - AccessibilityInteractionClient.getInstance().getConnection(mConnectionId); - if (mInfo != null && connection != null) { -+ if (!mInfo.isWithinParcelableSize()) { -+ throw new IllegalStateException( -+ "Cannot update service info: size is larger than safe parcelable limits."); -+ } - try { - connection.setServiceInfo(mInfo); - mInfo = null; -diff --git a/core/java/android/accessibilityservice/AccessibilityServiceInfo.java b/core/java/android/accessibilityservice/AccessibilityServiceInfo.java -index f85f35889aae..76930d75c5de 100644 ---- a/core/java/android/accessibilityservice/AccessibilityServiceInfo.java -+++ b/core/java/android/accessibilityservice/AccessibilityServiceInfo.java -@@ -29,6 +29,7 @@ import android.content.res.Resources; - import android.content.res.TypedArray; - import android.content.res.XmlResourceParser; - import android.hardware.fingerprint.FingerprintManager; -+import android.os.IBinder; - import android.os.Parcel; - import android.os.Parcelable; - import android.util.AttributeSet; -@@ -766,6 +767,15 @@ public class AccessibilityServiceInfo implements Parcelable { - return 0; - } - -+ /** @hide */ -+ public final boolean isWithinParcelableSize() { -+ final Parcel parcel = Parcel.obtain(); -+ writeToParcel(parcel, 0); -+ final boolean result = parcel.dataSize() <= IBinder.MAX_IPC_SIZE; -+ parcel.recycle(); -+ return result; -+ } -+ - public void writeToParcel(Parcel parcel, int flagz) { - parcel.writeInt(eventTypes); - parcel.writeStringArray(packageNames); -diff --git a/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java b/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java -index 91d1b7576ca7..fd87be3e5649 100644 ---- a/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java -+++ b/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java -@@ -1302,6 +1302,12 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub - AccessibilityServiceInfo accessibilityServiceInfo; - try { - accessibilityServiceInfo = new AccessibilityServiceInfo(resolveInfo, mContext); -+ if (!accessibilityServiceInfo.isWithinParcelableSize()) { -+ Slog.e(LOG_TAG, "Skipping service " -+ + accessibilityServiceInfo.getResolveInfo().getComponentInfo() -+ + " because service info size is larger than safe parcelable limits."); -+ continue; -+ } - mTempAccessibilityServiceInfoList.add(accessibilityServiceInfo); - } catch (XmlPullParserException | IOException xppe) { - Slog.e(LOG_TAG, "Error while initializing AccessibilityServiceInfo", xppe); diff --git a/Patches/LineageOS-16.0/android_frameworks_base/355767.patch b/Patches/LineageOS-16.0/android_frameworks_base/355767.patch deleted file mode 100644 index e4ce68d7..00000000 --- a/Patches/LineageOS-16.0/android_frameworks_base/355767.patch +++ /dev/null @@ -1,74 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Thomas Stuart -Date: Mon, 21 Nov 2022 17:38:21 -0800 -Subject: [PATCH] enforce stricter rules when registering phoneAccounts - -- include disable accounts when looking up accounts for a package to - check if the limit is reached (10) -- put a new limit of 10 supported schemes -- put a new limit of 256 characters per scheme -- put a new limit of 256 characters per address -- ensure the Icon can write to memory w/o throwing an exception - -bug: 259064622 -bug: 256819769 -Test: cts + unit -Change-Id: Ia7d8d00d9de0fb6694ded6a80c40bd55d7fdf7a7 -Merged-In: Ia7d8d00d9de0fb6694ded6a80c40bd55d7fdf7a7 -(cherry picked from commit on googleplex-android-review.googlesource.com host: a66a3156e03fbd1c3a29015db9193d66f2709f98) -Merged-In: Ia7d8d00d9de0fb6694ded6a80c40bd55d7fdf7a7 ---- - .../java/android/telecom/PhoneAccount.java | 19 +++++++++++++++++++ - 1 file changed, 19 insertions(+) - -diff --git a/telecomm/java/android/telecom/PhoneAccount.java b/telecomm/java/android/telecom/PhoneAccount.java -index 8e22221d7876..702b1cf87d7d 100644 ---- a/telecomm/java/android/telecom/PhoneAccount.java -+++ b/telecomm/java/android/telecom/PhoneAccount.java -@@ -439,6 +439,11 @@ public final class PhoneAccount implements Parcelable { - - /** - * Sets the address. See {@link PhoneAccount#getAddress}. -+ *

-+ * Note: The entire URI value is limited to 256 characters. This check is -+ * enforced when registering the PhoneAccount via -+ * {@link TelecomManager#registerPhoneAccount(PhoneAccount)} and will cause an -+ * {@link IllegalArgumentException} to be thrown if URI is over 256. - * - * @param value The address of the phone account. - * @return The builder. -@@ -472,6 +477,10 @@ public final class PhoneAccount implements Parcelable { - - /** - * Sets the icon. See {@link PhoneAccount#getIcon}. -+ *

-+ * Note: An {@link IllegalArgumentException} if the Icon cannot be written to memory. -+ * This check is enforced when registering the PhoneAccount via -+ * {@link TelecomManager#registerPhoneAccount(PhoneAccount)} - * - * @param icon The icon to set. - */ -@@ -505,6 +514,10 @@ public final class PhoneAccount implements Parcelable { - /** - * Specifies an additional URI scheme supported by the {@link PhoneAccount}. - * -+ *

-+ * Each URI scheme is limited to 256 characters. Adding a scheme over 256 characters will -+ * cause an {@link IllegalArgumentException} to be thrown when the account is registered. -+ * - * @param uriScheme The URI scheme. - * @return The builder. - */ -@@ -518,6 +531,12 @@ public final class PhoneAccount implements Parcelable { - /** - * Specifies the URI schemes supported by the {@link PhoneAccount}. - * -+ *

-+ * A max of 10 URI schemes can be added per account. Additionally, each URI scheme is -+ * limited to 256 characters. Adding more than 10 URI schemes or 256 characters on any -+ * scheme will cause an {@link IllegalArgumentException} to be thrown when the account -+ * is registered. -+ * - * @param uriSchemes The URI schemes. - * @return The builder. - */ diff --git a/Patches/LineageOS-16.0/android_frameworks_base/355865.patch b/Patches/LineageOS-16.0/android_frameworks_base/355865.patch deleted file mode 100644 index bff79087..00000000 --- a/Patches/LineageOS-16.0/android_frameworks_base/355865.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Orion Hodson -Date: Thu, 7 Apr 2022 21:42:04 +0100 -Subject: [PATCH] Uri: check authority and scheme as part of determining URI - path - -The interpretation of the path depends on whether the scheme or -authority are specified and should be observed when unparcelling -URIs. - -Bug: 171966843 -Test: atest FrameworksCoreTests:android.net.UriTest -Test: atest com.android.devicehealthchecks.SystemAppCheck -Change-Id: I06981d1c6e387b16df792494523994518848db37 -Merged-In: I06981d1c6e387b16df792494523994518848db37 -(cherry picked from commit f37a94ae920fa5879c557603fc285942ec4b84b1) -(cherry picked from commit on googleplex-android-review.googlesource.com host: c87f0623be4042c39a9b73f7a6e02aa116925e50) -Merged-In: I06981d1c6e387b16df792494523994518848db37 ---- - core/java/android/net/Uri.java | 22 +++++++++++++++------- - 1 file changed, 15 insertions(+), 7 deletions(-) - -diff --git a/core/java/android/net/Uri.java b/core/java/android/net/Uri.java -index 0fb84b723634..af1c0e8e9178 100644 ---- a/core/java/android/net/Uri.java -+++ b/core/java/android/net/Uri.java -@@ -1179,13 +1179,16 @@ public abstract class Uri implements Parcelable, Comparable { - } - - static Uri readFrom(Parcel parcel) { -- return new HierarchicalUri( -- parcel.readString(), -- Part.readFrom(parcel), -- PathPart.readFrom(parcel), -- Part.readFrom(parcel), -- Part.readFrom(parcel) -- ); -+ final String scheme = parcel.readString(); -+ final Part authority = Part.readFrom(parcel); -+ // In RFC3986 the path should be determined based on whether there is a scheme or -+ // authority present (https://www.rfc-editor.org/rfc/rfc3986.html#section-3.3). -+ final boolean hasSchemeOrAuthority = -+ (scheme != null && scheme.length() > 0) || !authority.isEmpty(); -+ final PathPart path = PathPart.readFrom(hasSchemeOrAuthority, parcel); -+ final Part query = Part.readFrom(parcel); -+ final Part fragment = Part.readFrom(parcel); -+ return new HierarchicalUri(scheme, authority, path, query, fragment); - } - - public int describeContents() { -@@ -2240,6 +2243,11 @@ public abstract class Uri implements Parcelable, Comparable { - } - } - -+ static PathPart readFrom(boolean hasSchemeOrAuthority, Parcel parcel) { -+ final PathPart path = readFrom(parcel); -+ return hasSchemeOrAuthority ? makeAbsolute(path) : path; -+ } -+ - /** - * Creates a path from the encoded string. - * diff --git a/Patches/LineageOS-16.0/android_frameworks_native/355772.patch b/Patches/LineageOS-16.0/android_frameworks_native/355772.patch deleted file mode 100644 index f88e0e68..00000000 --- a/Patches/LineageOS-16.0/android_frameworks_native/355772.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Devin Moore -Date: Fri, 17 Feb 2023 17:12:46 +0000 -Subject: [PATCH] Check for malformed Sensor Flattenable - -Test: libsensorserviceaidl_fuzzer with testcase from bug -Bug: 269014004 -Merged-In: I0e255c64243c38876fb657cbf942fc1613363216 -Change-Id: I0e255c64243c38876fb657cbf942fc1613363216 -(cherry picked from commit aeec1802f7befc8fbb18313ad3ac0969c3811870) -Merged-In: I0e255c64243c38876fb657cbf942fc1613363216 -(cherry picked from commit on googleplex-android-review.googlesource.com host: f1aa5fb53437ec2fabc9be00099af836da5f07f2) -Merged-In: I0e255c64243c38876fb657cbf942fc1613363216 ---- - libs/sensor/Sensor.cpp | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/libs/sensor/Sensor.cpp b/libs/sensor/Sensor.cpp -index 2383516c95..f4421c8c65 100644 ---- a/libs/sensor/Sensor.cpp -+++ b/libs/sensor/Sensor.cpp -@@ -576,7 +576,13 @@ bool Sensor::unflattenString8(void const*& buffer, size_t& size, String8& output - return false; - } - outputString8.setTo(static_cast(buffer), len); -+ -+ if (size < FlattenableUtils::align<4>(len)) { -+ ALOGE("Malformed Sensor String8 field. Should be in a 4-byte aligned buffer but is not."); -+ return false; -+ } - FlattenableUtils::advance(buffer, size, FlattenableUtils::align<4>(len)); -+ - return true; - } - diff --git a/Patches/LineageOS-16.0/android_frameworks_native/355773-backport.patch b/Patches/LineageOS-16.0/android_frameworks_native/355773-backport.patch deleted file mode 100644 index b9ffc91b..00000000 --- a/Patches/LineageOS-16.0/android_frameworks_native/355773-backport.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Devin Moore -Date: Fri, 17 Feb 2023 19:35:25 +0000 -Subject: [PATCH] Remove some new memory leaks from SensorManager - -After catching an error in Sensor::unflatten, there are memory leaks -caught by the fuzzer in the same test case. - -Test: libsensorserviceaidl_fuzzer with testcase from bug -Bug: 269014004 -Merged-In: I509cceb41f56ca117d9475f6f6674244560fe582 -Change-Id: I509cceb41f56ca117d9475f6f6674244560fe582 -(cherry picked from commit c95fa0f0e7c7b73746ff850b85a79fc5f92b784e) -Merged-In: I509cceb41f56ca117d9475f6f6674244560fe582 -(cherry picked from commit on googleplex-android-review.googlesource.com host: ceb0d52273256c6a5c5622bf81b0ac4ba106faa1) -Merged-In: I509cceb41f56ca117d9475f6f6674244560fe582 ---- - libs/sensor/ISensorServer.cpp | 12 ++++++++++-- - libs/sensor/SensorManager.cpp | 5 +++++ - 2 files changed, 15 insertions(+), 2 deletions(-) - -diff --git a/libs/sensor/ISensorServer.cpp b/libs/sensor/ISensorServer.cpp -index 5200545a53..b2f1ba2507 100644 ---- a/libs/sensor/ISensorServer.cpp -+++ b/libs/sensor/ISensorServer.cpp -@@ -66,7 +66,11 @@ public: - v.setCapacity(n); - while (n) { - n--; -- reply.read(s); -+ if(reply.read(s) != OK) { -+ ALOGE("Failed to read reply from getSensorList"); -+ v.clear(); -+ break; -+ } - v.add(s); - } - return v; -@@ -84,7 +88,11 @@ public: - v.setCapacity(n); - while (n) { - n--; -- reply.read(s); -+ if(reply.read(s) != OK) { -+ ALOGE("Failed to read reply from getDynamicSensorList"); -+ v.clear(); -+ break; -+ } - v.add(s); - } - return v; -diff --git a/libs/sensor/SensorManager.cpp b/libs/sensor/SensorManager.cpp -index c97e4da9b5..c9b857c60f 100644 ---- a/libs/sensor/SensorManager.cpp -+++ b/libs/sensor/SensorManager.cpp -@@ -162,6 +162,11 @@ status_t SensorManager::assertStateLocked() { - - mSensors = mSensorServer->getSensorList(mOpPackageName); - size_t count = mSensors.size(); -+ if (count == 0) { -+ ALOGE("Failed to get Sensor list"); -+ mSensorServer.clear(); -+ return UNKNOWN_ERROR; -+ } - mSensorList = - static_cast(malloc(count * sizeof(Sensor*))); - LOG_ALWAYS_FATAL_IF(mSensorList == NULL, "mSensorList NULL"); diff --git a/Patches/LineageOS-16.0/android_frameworks_native/355774-backport.patch b/Patches/LineageOS-16.0/android_frameworks_native/355774-backport.patch deleted file mode 100644 index 816fe925..00000000 --- a/Patches/LineageOS-16.0/android_frameworks_native/355774-backport.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Anthony Stange -Date: Tue, 21 Feb 2023 17:57:38 +0000 -Subject: [PATCH] Add removeInstanceForPackageMethod to SensorManager - -In order to ensure that clients don't leak their sensor manager -instance that we currently store in a static map, they need to be able -to remove their instance. Otherwise, this instance is never removed from -the list and will hang around until our SensorManage instance is -destroyed. - -Bug: 269014004 -Test: Run ./libsensorserviceaidl_fuzzer -Change-Id: I52185f74ae8d28b379440235ca6f03c5089081f5 -(cherry picked from commit 9532f7c682fdd4b1e6e553cd6f61fc0cf2555902) -Merged-In: I52185f74ae8d28b379440235ca6f03c5089081f5 -(cherry picked from commit on googleplex-android-review.googlesource.com host: 4521fbf8095439a1c1681b5c709b306a5dc1d1e3) -Merged-In: I52185f74ae8d28b379440235ca6f03c5089081f5 ---- - libs/sensor/SensorManager.cpp | 10 ++++++++++ - libs/sensor/include/sensor/SensorManager.h | 1 + - services/sensorservice/hidl/SensorManager.cpp | 3 +++ - 3 files changed, 14 insertions(+) - -diff --git a/libs/sensor/SensorManager.cpp b/libs/sensor/SensorManager.cpp -index c9b857c60f..d7210b10e0 100644 ---- a/libs/sensor/SensorManager.cpp -+++ b/libs/sensor/SensorManager.cpp -@@ -92,6 +92,16 @@ SensorManager& SensorManager::getInstanceForPackage(const String16& packageName) - return *sensorManager; - } - -+void SensorManager::removeInstanceForPackage(const String16& packageName) { -+ Mutex::Autolock _l(sLock); -+ auto iterator = sPackageInstances.find(packageName); -+ if (iterator != sPackageInstances.end()) { -+ SensorManager* sensorManager = iterator->second; -+ delete sensorManager; -+ sPackageInstances.erase(iterator); -+ } -+} -+ - SensorManager::SensorManager(const String16& opPackageName) - : mSensorList(0), mOpPackageName(opPackageName), mDirectConnectionHandle(1) { - Mutex::Autolock _l(mLock); -diff --git a/libs/sensor/include/sensor/SensorManager.h b/libs/sensor/include/sensor/SensorManager.h -index 23f7a918bb..d6eab17c45 100644 ---- a/libs/sensor/include/sensor/SensorManager.h -+++ b/libs/sensor/include/sensor/SensorManager.h -@@ -54,6 +54,7 @@ class SensorManager : public ASensorManager - { - public: - static SensorManager& getInstanceForPackage(const String16& packageName); -+ static void removeInstanceForPackage(const String16& packageName); - ~SensorManager(); - - ssize_t getSensorList(Sensor const* const** list); -diff --git a/services/sensorservice/hidl/SensorManager.cpp b/services/sensorservice/hidl/SensorManager.cpp -index fee6da1e60..cf2fc448ea 100644 ---- a/services/sensorservice/hidl/SensorManager.cpp -+++ b/services/sensorservice/hidl/SensorManager.cpp -@@ -60,6 +60,9 @@ SensorManager::~SensorManager() { - if (mPollThread.joinable()) { - mPollThread.join(); - } -+ -+ ::android::SensorManager::removeInstanceForPackage( -+ String16(ISensorManager::descriptor)); - } - - // Methods from ::android::frameworks::sensorservice::V1_0::ISensorManager follow. diff --git a/Patches/LineageOS-16.0/android_packages_services_Telecomm/355777-backport.patch b/Patches/LineageOS-16.0/android_packages_services_Telecomm/355777-backport.patch deleted file mode 100644 index ca4f5052..00000000 --- a/Patches/LineageOS-16.0/android_packages_services_Telecomm/355777-backport.patch +++ /dev/null @@ -1,449 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Thomas Stuart -Date: Mon, 21 Nov 2022 17:36:52 -0800 -Subject: [PATCH] enforce stricter rules when registering phoneAccounts - -- include disable accounts when looking up accounts for a package to - check if the limit is reached (10) -- put a new limit of 10 supported schemes -- put a new limit of 256 characters per scheme -- put a new limit of 256 characters per address -- ensure the Icon can write to memory w/o an exception - -bug: 259064622 -bug: 256819769 -Test: cts + unit -Change-Id: I5eb2a127a44d5ec725d0ba39cb0ef478b12013de -Merged-In: I5eb2a127a44d5ec725d0ba39cb0ef478b12013de -(cherry picked from commit on googleplex-android-review.googlesource.com host: 56ef9e15506f71ae555a4535d5c0ac9bd3f587f1) -Merged-In: I5eb2a127a44d5ec725d0ba39cb0ef478b12013de ---- - .../server/telecom/PhoneAccountRegistrar.java | 185 ++++++++++++++++-- - .../server/telecom/TelecomServiceImpl.java | 4 +- - .../tests/PhoneAccountRegistrarTest.java | 101 ++++++++++ - .../telecom/tests/TelecomServiceImplTest.java | 2 +- - 4 files changed, 276 insertions(+), 16 deletions(-) - -diff --git a/src/com/android/server/telecom/PhoneAccountRegistrar.java b/src/com/android/server/telecom/PhoneAccountRegistrar.java -index 0864683be..a077e4a4b 100644 ---- a/src/com/android/server/telecom/PhoneAccountRegistrar.java -+++ b/src/com/android/server/telecom/PhoneAccountRegistrar.java -@@ -17,6 +17,7 @@ - package com.android.server.telecom; - - import android.Manifest; -+import android.annotation.NonNull; - import android.content.ComponentName; - import android.content.Context; - import android.content.Intent; -@@ -28,6 +29,7 @@ import android.graphics.Bitmap; - import android.graphics.BitmapFactory; - import android.graphics.drawable.Icon; - import android.net.Uri; -+import android.os.Binder; - import android.os.Bundle; - import android.os.AsyncTask; - import android.os.PersistableBundle; -@@ -137,9 +139,14 @@ public class PhoneAccountRegistrar { - } - - private static final String FILE_NAME = "phone-account-registrar-state.xml"; -+ public static final String ICON_ERROR_MSG = -+ "Icon cannot be written to memory. Try compressing or downsizing"; - @VisibleForTesting - public static final int EXPECTED_STATE_VERSION = 9; - public static final int MAX_PHONE_ACCOUNT_REGISTRATIONS = 10; -+ public static final int MAX_PHONE_ACCOUNT_EXTRAS_KEY_PAIR_LIMIT = 100; -+ public static final int MAX_PHONE_ACCOUNT_FIELD_CHAR_LIMIT = 256; -+ public static final int MAX_SCHEMES_PER_ACCOUNT = 10; - - /** Keep in sync with the same in SipSettings.java */ - private static final String SIP_SHARED_PREFERENCES = "SIP_PREFERENCES"; -@@ -652,12 +659,25 @@ public class PhoneAccountRegistrar { - return getPhoneAccountHandles(0, null, packageName, false, userHandle); - } - -+ -+ /** -+ * includes disabled, includes crossUserAccess -+ */ -+ public List getAllPhoneAccountHandlesForPackage(UserHandle userHandle, -+ String packageName) { -+ return getPhoneAccountHandles(0, null, packageName, true /* includeDisabled */, userHandle); -+ } -+ -+ - /** - * Performs checks before calling addOrReplacePhoneAccount(PhoneAccount) - * - * @param account The {@code PhoneAccount} to add or replace. -- * @throws SecurityException if package does not have BIND_TELECOM_CONNECTION_SERVICE permission -+ * @throws SecurityException if package does not have BIND_TELECOM_CONNECTION_SERVICE -+ * permission - * @throws IllegalArgumentException if MAX_PHONE_ACCOUNT_REGISTRATIONS are reached -+ * @throws IllegalArgumentException if MAX_PHONE_ACCOUNT_FIELD_CHAR_LIMIT is reached -+ * @throws IllegalArgumentException if writing the Icon to memory will cause an Exception - */ - public void registerPhoneAccount(PhoneAccount account) { - // Enforce the requirement that a connection service for a phone account has the correct -@@ -669,21 +689,155 @@ public class PhoneAccountRegistrar { - throw new SecurityException("PhoneAccount connection service requires " - + "BIND_TELECOM_CONNECTION_SERVICE permission."); - } -- //Enforce an upper bound on the number of PhoneAccount's a package can register. -- // Most apps should only require 1-2. -- if (getPhoneAccountsForPackage( -- account.getAccountHandle().getComponentName().getPackageName(), -- account.getAccountHandle().getUserHandle()).size() -+ enforceCharacterLimit(account); -+ enforceIconSizeLimit(account); -+ enforceMaxPhoneAccountLimit(account); -+ addOrReplacePhoneAccount(account); -+ } -+ -+ /** -+ * Enforce an upper bound on the number of PhoneAccount's a package can register. -+ * Most apps should only require 1-2. * Include disabled accounts. -+ * -+ * @param account to enforce check on -+ * @throws IllegalArgumentException if MAX_PHONE_ACCOUNT_REGISTRATIONS are reached -+ */ -+ private void enforceMaxPhoneAccountLimit(@NonNull PhoneAccount account) { -+ final PhoneAccountHandle accountHandle = account.getAccountHandle(); -+ final UserHandle user = accountHandle.getUserHandle(); -+ final ComponentName componentName = accountHandle.getComponentName(); -+ -+ if (getPhoneAccountHandles(0, null, componentName.getPackageName(), -+ true /* includeDisabled */, user).size() - >= MAX_PHONE_ACCOUNT_REGISTRATIONS) { -- Log.w(this, "Phone account %s reached max registration limit for package", -- account.getAccountHandle()); -+ EventLog.writeEvent(0x534e4554, "259064622", Binder.getCallingUid(), -+ "enforceMaxPhoneAccountLimit"); - throw new IllegalArgumentException( - "Error, cannot register phone account " + account.getAccountHandle() - + " because the limit, " + MAX_PHONE_ACCOUNT_REGISTRATIONS - + ", has been reached"); - } -+ } -+ /** -+ * determine if there will be an issue writing the icon to memory -+ * -+ * @param account to enforce check on -+ * @throws IllegalArgumentException if writing the Icon to memory will cause an Exception -+ */ -+ @VisibleForTesting -+ public void enforceIconSizeLimit(PhoneAccount account) { -+ if (account.getIcon() == null) { -+ return; -+ } -+ String text = ""; -+ // convert the icon into a Base64 String -+ try { -+ text = XmlSerialization.writeIconToBase64String(account.getIcon()); -+ } catch (IOException e) { -+ EventLog.writeEvent(0x534e4554, "259064622", Binder.getCallingUid(), -+ "enforceIconSizeLimit"); -+ throw new IllegalArgumentException(ICON_ERROR_MSG); -+ } -+ } - -- addOrReplacePhoneAccount(account); -+ /** -+ * All {@link PhoneAccount} and{@link PhoneAccountHandle} String and Char-Sequence fields -+ * should be restricted to character limit of MAX_PHONE_ACCOUNT_CHAR_LIMIT to prevent exceptions -+ * when writing large character streams to XML-Serializer. -+ * -+ * @param account to enforce character limit checks on -+ * @throws IllegalArgumentException if MAX_PHONE_ACCOUNT_FIELD_CHAR_LIMIT reached -+ */ -+ public void enforceCharacterLimit(PhoneAccount account) { -+ if (account == null) { -+ return; -+ } -+ PhoneAccountHandle handle = account.getAccountHandle(); -+ -+ String[] fields = -+ {"Package Name", "Class Name", "PhoneAccountHandle Id", "Label", "ShortDescription", -+ "GroupId", "Address", "SubscriptionAddress"}; -+ CharSequence[] args = {handle.getComponentName().getPackageName(), -+ handle.getComponentName().getClassName(), handle.getId(), account.getLabel(), -+ account.getShortDescription(), account.getGroupId(), -+ (account.getAddress() != null ? account.getAddress().toString() : ""), -+ (account.getSubscriptionAddress() != null ? -+ account.getSubscriptionAddress().toString() : "")}; -+ -+ for (int i = 0; i < fields.length; i++) { -+ if (args[i] != null && args[i].length() > MAX_PHONE_ACCOUNT_FIELD_CHAR_LIMIT) { -+ EventLog.writeEvent(0x534e4554, "259064622", Binder.getCallingUid(), -+ "enforceCharacterLimit"); -+ throw new IllegalArgumentException("The PhoneAccount or PhoneAccountHandle" -+ + fields[i] + " field has an invalid character count. PhoneAccount and " -+ + "PhoneAccountHandle String and Char-Sequence fields are limited to " -+ + MAX_PHONE_ACCOUNT_FIELD_CHAR_LIMIT + " characters."); -+ } -+ } -+ -+ // Enforce limits on the URI Schemes provided -+ enforceLimitsOnSchemes(account); -+ -+ // Enforce limit on the PhoneAccount#mExtras -+ Bundle extras = account.getExtras(); -+ if (extras != null) { -+ if (extras.keySet().size() > MAX_PHONE_ACCOUNT_EXTRAS_KEY_PAIR_LIMIT) { -+ EventLog.writeEvent(0x534e4554, "259064622", Binder.getCallingUid(), -+ "enforceCharacterLimit"); -+ throw new IllegalArgumentException("The PhoneAccount#mExtras is limited to " + -+ MAX_PHONE_ACCOUNT_EXTRAS_KEY_PAIR_LIMIT + " (key,value) pairs."); -+ } -+ -+ for (String key : extras.keySet()) { -+ Object value = extras.get(key); -+ -+ if ((key != null && key.length() > MAX_PHONE_ACCOUNT_FIELD_CHAR_LIMIT) || -+ (value instanceof String && -+ ((String) value).length() > MAX_PHONE_ACCOUNT_FIELD_CHAR_LIMIT)) { -+ EventLog.writeEvent(0x534e4554, "259064622", Binder.getCallingUid(), -+ "enforceCharacterLimit"); -+ throw new IllegalArgumentException("The PhoneAccount#mExtras contains a String" -+ + " key or value that has an invalid character count. PhoneAccount and " -+ + "PhoneAccountHandle String and Char-Sequence fields are limited to " -+ + MAX_PHONE_ACCOUNT_FIELD_CHAR_LIMIT + " characters."); -+ } -+ } -+ } -+ } -+ -+ /** -+ * Enforce a character limit on all PA and PAH string or char-sequence fields. -+ * -+ * @param account to enforce check on -+ * @throws IllegalArgumentException if MAX_PHONE_ACCOUNT_FIELD_CHAR_LIMIT reached -+ */ -+ @VisibleForTesting -+ public void enforceLimitsOnSchemes(@NonNull PhoneAccount account) { -+ List schemes = account.getSupportedUriSchemes(); -+ -+ if (schemes == null) { -+ return; -+ } -+ -+ if (schemes.size() > MAX_SCHEMES_PER_ACCOUNT) { -+ EventLog.writeEvent(0x534e4554, "259064622", Binder.getCallingUid(), -+ "enforceLimitsOnSchemes"); -+ throw new IllegalArgumentException( -+ "Error, cannot register phone account " + account.getAccountHandle() -+ + " because the URI scheme limit of " -+ + MAX_SCHEMES_PER_ACCOUNT + " has been reached"); -+ } -+ -+ for (String scheme : schemes) { -+ if (scheme.length() > MAX_PHONE_ACCOUNT_FIELD_CHAR_LIMIT) { -+ EventLog.writeEvent(0x534e4554, "259064622", Binder.getCallingUid(), -+ "enforceLimitsOnSchemes"); -+ throw new IllegalArgumentException( -+ "Error, cannot register phone account " + account.getAccountHandle() -+ + " because the max scheme limit of " -+ + MAX_PHONE_ACCOUNT_FIELD_CHAR_LIMIT + " has been reached"); -+ } -+ } - } - - /** -@@ -1396,17 +1550,20 @@ public class PhoneAccountRegistrar { - protected void writeIconIfNonNull(String tagName, Icon value, XmlSerializer serializer) - throws IOException { - if (value != null) { -- ByteArrayOutputStream stream = new ByteArrayOutputStream(); -- value.writeToStream(stream); -- byte[] iconByteArray = stream.toByteArray(); -- String text = Base64.encodeToString(iconByteArray, 0, iconByteArray.length, 0); -- -+ String text = writeIconToBase64String(value); - serializer.startTag(null, tagName); - serializer.text(text); - serializer.endTag(null, tagName); - } - } - -+ public static String writeIconToBase64String(Icon icon) throws IOException { -+ ByteArrayOutputStream stream = new ByteArrayOutputStream(); -+ icon.writeToStream(stream); -+ byte[] iconByteArray = stream.toByteArray(); -+ return Base64.encodeToString(iconByteArray, 0, iconByteArray.length, 0); -+ } -+ - protected void writeLong(String tagName, long value, XmlSerializer serializer) - throws IOException { - serializer.startTag(null, tagName); -diff --git a/src/com/android/server/telecom/TelecomServiceImpl.java b/src/com/android/server/telecom/TelecomServiceImpl.java -index 8c28a7b6f..74a7d840b 100644 ---- a/src/com/android/server/telecom/TelecomServiceImpl.java -+++ b/src/com/android/server/telecom/TelecomServiceImpl.java -@@ -60,7 +60,9 @@ import com.android.server.telecom.settings.BlockedNumbersActivity; - import java.io.FileDescriptor; - import java.io.PrintWriter; - import java.util.Collections; -+import java.util.HashSet; - import java.util.List; -+import java.util.Set; - - // TODO: Needed for move to system service: import com.android.internal.R; - -@@ -264,7 +266,7 @@ public class TelecomServiceImpl { - try { - Log.startSession("TSI.gPAFP"); - return new ParceledListSlice<>(mPhoneAccountRegistrar -- .getPhoneAccountsForPackage(packageName, callingUserHandle)); -+ .getAllPhoneAccountHandlesForPackage(callingUserHandle, packageName)); - } catch (Exception e) { - Log.e(this, e, "getPhoneAccountsForPackage %s", packageName); - throw e; -diff --git a/tests/src/com/android/server/telecom/tests/PhoneAccountRegistrarTest.java b/tests/src/com/android/server/telecom/tests/PhoneAccountRegistrarTest.java -index f8acb9d2c..b223cdc12 100644 ---- a/tests/src/com/android/server/telecom/tests/PhoneAccountRegistrarTest.java -+++ b/tests/src/com/android/server/telecom/tests/PhoneAccountRegistrarTest.java -@@ -57,6 +57,8 @@ import java.io.BufferedOutputStream; - import java.io.ByteArrayInputStream; - import java.io.ByteArrayOutputStream; - import java.io.File; -+import java.io.IOException; -+import java.io.OutputStream; - import java.util.Arrays; - import java.util.List; - import java.util.Map; -@@ -68,8 +70,18 @@ import static org.junit.Assert.assertNotNull; - import static org.junit.Assert.assertNull; - import static org.junit.Assert.assertTrue; - import static org.junit.Assert.fail; -+import static org.mockito.ArgumentMatchers.any; -+import static org.mockito.ArgumentMatchers.anyObject; -+import static org.mockito.ArgumentMatchers.isA; - import static org.mockito.Matchers.anyInt; - import static org.mockito.Matchers.anyString; -+import static org.mockito.Mockito.clearInvocations; -+import static org.mockito.Mockito.doThrow; -+import static org.mockito.Mockito.mock; -+import static org.mockito.Mockito.never; -+import static org.mockito.Mockito.spy; -+import static org.mockito.Mockito.times; -+import static org.mockito.Mockito.verify; - import static org.mockito.Mockito.when; - - @RunWith(JUnit4.class) -@@ -78,6 +90,9 @@ public class PhoneAccountRegistrarTest extends TelecomTestCase { - private static final int MAX_VERSION = Integer.MAX_VALUE; - private static final String FILE_NAME = "phone-account-registrar-test-1223.xml"; - private static final String TEST_LABEL = "right"; -+ private static final String TEST_ID = "123"; -+ private final String PACKAGE_1 = "PACKAGE_1"; -+ private final String PACKAGE_2 = "PACKAGE_2"; - private PhoneAccountRegistrar mRegistrar; - @Mock private TelecomManager mTelecomManager; - @Mock private DefaultDialerCache mDefaultDialerCache; -@@ -909,6 +924,92 @@ public class PhoneAccountRegistrarTest extends TelecomTestCase { - assertEquals(account1, account2); - } - -+ /** -+ * Ensure an IllegalArgumentException is thrown when adding more than 10 schemes for a single -+ * account -+ */ -+ @Test -+ public void testLimitOnSchemeCount() { -+ PhoneAccountHandle handle = makeQuickAccountHandle(TEST_ID); -+ PhoneAccount.Builder builder = new PhoneAccount.Builder(handle, TEST_LABEL); -+ for (int i = 0; i < PhoneAccountRegistrar.MAX_PHONE_ACCOUNT_REGISTRATIONS + 1; i++) { -+ builder.addSupportedUriScheme(Integer.toString(i)); -+ } -+ try { -+ mRegistrar.enforceLimitsOnSchemes(builder.build()); -+ fail("should have hit exception in enforceLimitOnSchemes"); -+ } catch (IllegalArgumentException e) { -+ // pass test -+ } -+ } -+ -+ /** -+ * Ensure an IllegalArgumentException is thrown when adding more 256 chars for a single -+ * account -+ */ -+ @Test -+ public void testLimitOnSchemeLength() { -+ PhoneAccountHandle handle = makeQuickAccountHandle(TEST_ID); -+ PhoneAccount.Builder builder = new PhoneAccount.Builder(handle, TEST_LABEL); -+ builder.addSupportedUriScheme(generateStringOfLen(257)); -+ try { -+ mRegistrar.enforceLimitsOnSchemes(builder.build()); -+ fail("should have hit exception in enforceLimitOnSchemes"); -+ } catch (IllegalArgumentException e) { -+ // pass test -+ } -+ } -+ -+ /** -+ * Ensure an IllegalArgumentException is thrown when adding an address over the limit -+ */ -+ @Test -+ public void testLimitOnAddress() { -+ String text = generateStringOfLen(100); -+ PhoneAccountHandle handle = makeQuickAccountHandle(TEST_ID); -+ PhoneAccount.Builder builder = new PhoneAccount.Builder(handle,TEST_LABEL) -+ .setAddress(Uri.fromParts(text, text, text)); -+ try { -+ mRegistrar.enforceCharacterLimit(builder.build()); -+ fail("failed to throw IllegalArgumentException"); -+ } catch (IllegalArgumentException e) { -+ // pass test -+ } -+ finally { -+ mRegistrar.unregisterPhoneAccount(handle); -+ } -+ } -+ -+ /** -+ * Ensure an IllegalArgumentException is thrown when an Icon that throws an IOException is given -+ */ -+ @Test -+ public void testLimitOnIcon() throws Exception { -+ Icon mockIcon = mock(Icon.class); -+ // GIVEN -+ PhoneAccount.Builder builder = new PhoneAccount.Builder( -+ makeQuickAccountHandle(TEST_ID), TEST_LABEL).setIcon(mockIcon); -+ try { -+ // WHEN -+ Mockito.doThrow(new IOException()) -+ .when(mockIcon).writeToStream(any(OutputStream.class)); -+ //THEN -+ mRegistrar.enforceIconSizeLimit(builder.build()); -+ fail("failed to throw IllegalArgumentException"); -+ } catch (IllegalArgumentException e) { -+ // pass test -+ assertTrue(e.getMessage().contains(PhoneAccountRegistrar.ICON_ERROR_MSG)); -+ } -+ } -+ -+ private String generateStringOfLen(int len){ -+ StringBuilder sb = new StringBuilder(); -+ for(int i=0; i < len; i++){ -+ sb.append("a"); -+ } -+ return sb.toString(); -+ } -+ - private static ComponentName makeQuickConnectionServiceComponentName() { - return new ComponentName( - "com.android.server.telecom.tests", -diff --git a/tests/src/com/android/server/telecom/tests/TelecomServiceImplTest.java b/tests/src/com/android/server/telecom/tests/TelecomServiceImplTest.java -index 092227b47..521d05aae 100644 ---- a/tests/src/com/android/server/telecom/tests/TelecomServiceImplTest.java -+++ b/tests/src/com/android/server/telecom/tests/TelecomServiceImplTest.java -@@ -362,7 +362,7 @@ public class TelecomServiceImplTest extends TelecomTestCase { - add(SIP_PA_HANDLE_17); - }}; - when(mFakePhoneAccountRegistrar -- .getPhoneAccountsForPackage(anyString(), any(UserHandle.class))) -+ .getAllPhoneAccountHandlesForPackage(any(UserHandle.class), anyString())) - .thenReturn(phoneAccountHandleList); - makeAccountsVisibleToAllUsers(TEL_PA_HANDLE_16, SIP_PA_HANDLE_17); - assertEquals(phoneAccountHandleList, diff --git a/Scripts/LineageOS-16.0/Functions.sh b/Scripts/LineageOS-16.0/Functions.sh index 9c0cd971..0c1f2d6a 100644 --- a/Scripts/LineageOS-16.0/Functions.sh +++ b/Scripts/LineageOS-16.0/Functions.sh @@ -90,6 +90,7 @@ patchWorkspaceReal() { repopick -it P_asb_2023-02 -e 349337; repopick -it P_asb_2023-03; repopick -it P_asb_2023-04; + repopick -it P_asb_2023-05; sh "$DOS_SCRIPTS/Patch.sh"; sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh"; diff --git a/Scripts/LineageOS-16.0/Patch.sh b/Scripts/LineageOS-16.0/Patch.sh index 8edfaa78..ef6e1884 100644 --- a/Scripts/LineageOS-16.0/Patch.sh +++ b/Scripts/LineageOS-16.0/Patch.sh @@ -151,9 +151,6 @@ if [ "$DOS_GRAPHENE_MALLOC" = true ]; then applyPatch "$DOS_PATCHES/android_fram fi; if enterAndClear "frameworks/base"; then -applyPatch "$DOS_PATCHES/android_frameworks_base/355765-backport.patch"; #R_asb_2023-05 Checks if AccessibilityServiceInfo is within parcelable size. -applyPatch "$DOS_PATCHES/android_frameworks_base/355865.patch"; #n-asb-2023-05 Uri: check authority and scheme as part of determining URI path -applyPatch "$DOS_PATCHES/android_frameworks_base/355767.patch"; #R_asb_2023-05 Enforce stricter rules when registering phoneAccounts applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch"; #Allow SystemUI to directly manage Bluetooth/WiFi (GrapheneOS) @@ -195,9 +192,6 @@ rm -rf packages/PrintRecommendationService; #Creates popups to install proprieta fi; if enterAndClear "frameworks/native"; then -applyPatch "$DOS_PATCHES/android_frameworks_native/355772.patch"; #R_asb_2023-05 Check for malformed Sensor Flattenable -applyPatch "$DOS_PATCHES/android_frameworks_native/355773-backport.patch"; #R_asb_2023-05 Remove some new memory leaks from SensorManager -applyPatch "$DOS_PATCHES/android_frameworks_native/355774-backport.patch"; #R_asb_2023-05 Add removeInstanceForPackageMethod to SensorManager applyPatch "$DOS_PATCHES/android_frameworks_native/0001-Sensors.patch"; #Require OTHER_SENSORS permission for sensors (GrapheneOS) fi; @@ -331,7 +325,6 @@ fi; #fi; if enterAndClear "packages/services/Telecomm"; then -applyPatch "$DOS_PATCHES/android_packages_services_Telecomm/355777-backport.patch"; #R_asb_2023-05 enforce stricter rules when registering phoneAccount fi; if enterAndClear "packages/services/Telephony"; then