Churn

Signed-off-by: Tad <tad@spotco.us>

Patches/LineageOS-14.1/android_frameworks_av/365698.patch

@@ -1,4 +1,4 @@
-From ef4c2b8495ff729d8f70d5f1cbceed6a36ff94a1 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Shruti Bihani <shrutibihani@google.com>
 Date: Thu, 6 Jul 2023 08:41:56 +0000
 Subject: [PATCH] Fix Segv on unknown address error flagged by fuzzer test.

Patches/LineageOS-14.1/android_frameworks_base/365782.patch

@@ -0,0 +1,28 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Dmitry Dementyev <dementyev@google.com>
+Date: Fri, 30 Jun 2023 14:36:44 -0700
+Subject: [PATCH] Update AccountManagerService checkKeyIntentParceledCorrectly.
+
+Bug: 265798288
+Test: manual
+(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:b117b506ec0504ff9eb2fa523e82f1879ecb8cc1)
+Merged-In: Iad33851af32a11c99d11bc2b5c76d124c3e97ebb
+Change-Id: Iad33851af32a11c99d11bc2b5c76d124c3e97ebb
+---
+ .../com/android/server/accounts/AccountManagerService.java     | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java
+index bdbf03eda2f5..9069cd7ffe9c 100644
+--- a/services/core/java/com/android/server/accounts/AccountManagerService.java
++++ b/services/core/java/com/android/server/accounts/AccountManagerService.java
+@@ -4282,6 +4282,9 @@ public class AccountManagerService
+             Bundle simulateBundle = p.readBundle();
+             p.recycle();
+             Intent intent = bundle.getParcelable(AccountManager.KEY_INTENT);
++            if (intent != null && intent.getClass() != Intent.class) {
++                return false;
++            }
+             Intent simulateIntent = simulateBundle.getParcelable(AccountManager.KEY_INTENT);
+             if (intent == null) {
+                 return (simulateIntent == null);

Patches/LineageOS-14.1/android_frameworks_native/365756.patch

@@ -1,4 +1,4 @@
-From d9c5c1006ba8dfaef6f6cf0b264c64ace14f6f10 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Devin Moore <devinmoore@google.com>
 Date: Tue, 25 Apr 2023 00:17:13 +0000
 Subject: [PATCH] Allow sensors list to be empty
@@ -15,7 +15,7 @@ Change-Id: I091f57de9570b0ace3a8da76f16fe0e83f0aa624
  1 file changed, 2 insertions(+), 5 deletions(-)
 
 diff --git a/libs/gui/SensorManager.cpp b/libs/gui/SensorManager.cpp
-index 5a94279ee82..236848a9bfc 100644
+index 5a94279ee8..236848a9bf 100644
 --- a/libs/gui/SensorManager.cpp
 +++ b/libs/gui/SensorManager.cpp
 @@ -149,11 +149,8 @@ status_t SensorManager::assertStateLocked() {

Patches/LineageOS-14.1/android_packages_apps_Nfc/365757.patch

@@ -1,48 +0,0 @@
-From 0c6f4268bd5b6d97f8aeeff1a9cb5100e45fcdb3 Mon Sep 17 00:00:00 2001
-From: Alisher Alikhodjaev <alisher@google.com>
-Date: Thu, 1 Jun 2023 13:44:28 -0700
-Subject: [PATCH] Ensure that SecureNFC setting cannot be bypassed
-
-Bug: 268038643
-Test: ctsverifier
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:d6d8f79fd8d605b3cb460895a8e3a11bcf0c22b0)
-Merged-In: Ic408b3ef9e35b646b728f9b76a0ba8922ed6e25f
-Change-Id: Ic408b3ef9e35b646b728f9b76a0ba8922ed6e25f
----
- src/com/android/nfc/NfcService.java                         | 6 ++++++
- src/com/android/nfc/cardemulation/HostEmulationManager.java | 5 +++--
- 2 files changed, 9 insertions(+), 2 deletions(-)
-
-diff --git a/src/com/android/nfc/NfcService.java b/src/com/android/nfc/NfcService.java
-index 2c0e7c79f..f1d955772 100755
---- a/src/com/android/nfc/NfcService.java
-+++ b/src/com/android/nfc/NfcService.java
-@@ -744,6 +744,12 @@ void enforceBeamShareActivityPolicy(Context context, UserHandle uh,
-         }
-     }
- 
-+    public boolean isSecureNfcEnabled() {
-+        synchronized (NfcService.this) {
-+            return mIsSecureNfcEnabled;
-+        }
-+    }
-+
-     final class NfcAdapterService extends INfcAdapter.Stub {
-         /**
-          * An interface for vendor specific extensions
-diff --git a/src/com/android/nfc/cardemulation/HostEmulationManager.java b/src/com/android/nfc/cardemulation/HostEmulationManager.java
-index b481130e5..c43d0deb9 100644
---- a/src/com/android/nfc/cardemulation/HostEmulationManager.java
-+++ b/src/com/android/nfc/cardemulation/HostEmulationManager.java
-@@ -168,8 +168,9 @@ public void onHostEmulationData(byte[] data) {
-                     // Resolve to default
-                     // Check if resolvedService requires unlock
-                     ApduServiceInfo defaultServiceInfo = resolveInfo.defaultService;
--                    if (defaultServiceInfo.requiresUnlock() &&
--                            mKeyguard.isKeyguardLocked() && mKeyguard.isKeyguardSecure()) {
-+                    if ((defaultServiceInfo.requiresUnlock()
-+                            || NfcService.getInstance().isSecureNfcEnabled())
-+                          && mKeyguard.isKeyguardLocked() && mKeyguard.isKeyguardSecure()) {
-                         // Just ignore all future APDUs until next tap
-                         mState = STATE_W4_DEACTIVATE;
-                         launchTapAgain(resolveInfo.defaultService, resolveInfo.category);

Patches/LineageOS-14.1/android_packages_services_Telephony/365699.patch

@@ -1,4 +1,4 @@
-From 4ee14083484520e5b8e38573e1da50e2b496167a Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Ashish Kumar <akgaurav@google.com>
 Date: Fri, 26 May 2023 14:18:46 +0000
 Subject: [PATCH] Fixed leak of cross user data in multiple settings.
@@ -25,10 +25,10 @@ Change-Id: I01cf83cc40bbf13497bc6c90f949f5bb62a833d7
  3 files changed, 36 insertions(+)
 
 diff --git a/src/com/android/phone/GsmUmtsCallForwardOptions.java b/src/com/android/phone/GsmUmtsCallForwardOptions.java
-index 99f3599742..f5e7ad295e 100644
+index 99f359974..f5e7ad295 100644
 --- a/src/com/android/phone/GsmUmtsCallForwardOptions.java
 +++ b/src/com/android/phone/GsmUmtsCallForwardOptions.java
-@@ -8,6 +8,7 @@
+@@ -8,6 +8,7 @@ import android.app.ActionBar;
  import android.app.AlertDialog;
  import android.app.Dialog;
  import android.content.Context;
@@ -36,7 +36,7 @@ index 99f3599742..f5e7ad295e 100644
  import android.content.DialogInterface;
  import android.content.Intent;
  import android.database.Cursor;
-@@ -15,6 +16,8 @@
+@@ -15,6 +16,8 @@ import android.net.ConnectivityManager;
  import android.net.NetworkInfo;
  import android.os.Bundle;
  import android.os.PersistableBundle;
@@ -45,7 +45,7 @@ index 99f3599742..f5e7ad295e 100644
  import android.preference.Preference;
  import android.preference.PreferenceScreen;
  import android.telephony.ServiceState;
-@@ -229,6 +232,15 @@ protected void onActivityResult(int requestCode, int resultCode, Intent data) {
+@@ -229,6 +232,15 @@ public class GsmUmtsCallForwardOptions extends TimeConsumingPreferenceActivity
          }
          Cursor cursor = null;
          try {
@@ -62,7 +62,7 @@ index 99f3599742..f5e7ad295e 100644
                  NUM_PROJECTION, null, null, null);
              if ((cursor == null) || (!cursor.moveToFirst())) {
 diff --git a/src/com/android/phone/settings/VoicemailSettingsActivity.java b/src/com/android/phone/settings/VoicemailSettingsActivity.java
-index fea702bf53..1a4b1eea45 100644
+index 1b3f31bb1..e44324cd0 100644
 --- a/src/com/android/phone/settings/VoicemailSettingsActivity.java
 +++ b/src/com/android/phone/settings/VoicemailSettingsActivity.java
 @@ -17,6 +17,7 @@
@@ -73,7 +73,7 @@ index fea702bf53..1a4b1eea45 100644
  import android.content.DialogInterface;
  import android.content.Intent;
  import android.database.Cursor;
-@@ -24,6 +25,7 @@
+@@ -24,6 +25,7 @@ import android.os.AsyncResult;
  import android.os.Bundle;
  import android.os.Handler;
  import android.os.Message;
@@ -81,7 +81,7 @@ index fea702bf53..1a4b1eea45 100644
  import android.os.UserHandle;
  import android.preference.CheckBoxPreference;
  import android.preference.Preference;
-@@ -544,6 +546,17 @@ protected void onActivityResult(int requestCode, int resultCode, Intent data) {
+@@ -548,6 +550,17 @@ public class VoicemailSettingsActivity extends PreferenceActivity
  
              Cursor cursor = null;
              try {
@@ -100,10 +100,10 @@ index fea702bf53..1a4b1eea45 100644
                      new String[] { CommonDataKinds.Phone.NUMBER }, null, null, null);
                  if ((cursor == null) || (!cursor.moveToFirst())) {
 diff --git a/src/com/android/phone/settings/fdn/EditFdnContactScreen.java b/src/com/android/phone/settings/fdn/EditFdnContactScreen.java
-index 23ef0bb075..98dbd9480c 100644
+index 23ef0bb07..98dbd9480 100644
 --- a/src/com/android/phone/settings/fdn/EditFdnContactScreen.java
 +++ b/src/com/android/phone/settings/fdn/EditFdnContactScreen.java
-@@ -21,6 +21,7 @@
+@@ -21,6 +21,7 @@ import static android.view.Window.PROGRESS_VISIBILITY_ON;
  
  import android.app.Activity;
  import android.content.AsyncQueryHandler;
@@ -111,7 +111,7 @@ index 23ef0bb075..98dbd9480c 100644
  import android.content.ContentResolver;
  import android.content.ContentValues;
  import android.content.Intent;
-@@ -29,6 +30,8 @@
+@@ -29,6 +30,8 @@ import android.database.Cursor;
  import android.net.Uri;
  import android.os.Bundle;
  import android.os.Handler;
@@ -120,7 +120,7 @@ index 23ef0bb075..98dbd9480c 100644
  import android.provider.Contacts.PeopleColumns;
  import android.provider.Contacts.PhonesColumns;
  import android.provider.ContactsContract.CommonDataKinds;
-@@ -152,6 +155,14 @@ protected void onActivityResult(int requestCode, int resultCode, Intent intent)
+@@ -152,6 +155,14 @@ public class EditFdnContactScreen extends Activity {
                  }
                  Cursor cursor = null;
                  try {

Patches/LineageOS-14.1/android_system_bt/365694.patch

@@ -1,4 +1,4 @@
-From 2ccddcaa7525966043121fcbe6b806246fdec327 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Brian Delwiche <delwiche@google.com>
 Date: Tue, 18 Apr 2023 23:58:50 +0000
 Subject: [PATCH] Fix integer overflow in build_read_multi_rsp
@@ -23,7 +23,7 @@ Change-Id: I3a74bdb0d003cb6bf4f282615be8c68836676715
  1 file changed, 16 insertions(+), 6 deletions(-)
 
 diff --git a/stack/gatt/gatt_sr.c b/stack/gatt/gatt_sr.c
-index c2cdb885dcf..6457a37589f 100644
+index c2cdb885d..6457a3758 100644
 --- a/stack/gatt/gatt_sr.c
 +++ b/stack/gatt/gatt_sr.c
 @@ -122,7 +122,8 @@ void gatt_dequeue_sr_cmd (tGATT_TCB *p_tcb)

Patches/LineageOS-14.1/android_system_bt/365695.patch

@@ -1,4 +1,4 @@
-From 6639c1e4ff7b39f7b9b7e5d924ff4c36cab556eb Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Qiyu Hu <qiyuh@google.com>
 Date: Wed, 13 Jun 2018 08:08:17 -0700
 Subject: [PATCH] Fix reliable write.
@@ -21,7 +21,7 @@ Change-Id: I907877608f4672f24c002e630e58bf9133937a5e
  1 file changed, 11 insertions(+), 13 deletions(-)
 
 diff --git a/stack/gatt/gatt_cl.c b/stack/gatt/gatt_cl.c
-index 04a027fef55..1033b9324f0 100644
+index 1e8ff1f50..3797d9684 100644
 --- a/stack/gatt/gatt_cl.c
 +++ b/stack/gatt/gatt_cl.c
 @@ -321,7 +321,7 @@ void gatt_send_queue_write_cancel (tGATT_TCB *p_tcb, tGATT_CLCB *p_clcb, tGATT_E
@@ -60,7 +60,7 @@ index 04a027fef55..1033b9324f0 100644
  }
  /*******************************************************************************
  **
-@@ -653,19 +652,18 @@ void gatt_process_prep_write_rsp (tGATT_TCB *p_tcb, tGATT_CLCB *p_clcb, UINT8 op
+@@ -654,19 +653,18 @@ void gatt_process_prep_write_rsp (tGATT_TCB *p_tcb, tGATT_CLCB *p_clcb, UINT8 op
  
      memcpy (value.value, p, value.len);
  

Patches/LineageOS-14.1/android_system_bt/365696.patch

@@ -1,4 +1,4 @@
-From 8e5178ea9e60fc2bbfee12c37bc61d0730327161 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Brian Delwiche <delwiche@google.com>
 Date: Tue, 11 Apr 2023 23:05:45 +0000
 Subject: [PATCH] Fix UAF in gatt_cl.cc
@@ -20,10 +20,10 @@ Change-Id: I085ecfa1a9ba098ecbfecbd3cb3e263ae13f9724
  1 file changed, 6 insertions(+), 1 deletion(-)
 
 diff --git a/stack/gatt/gatt_cl.c b/stack/gatt/gatt_cl.c
-index 1033b9324f..c78963f9ab 100644
+index 3797d9684..bec320846 100644
 --- a/stack/gatt/gatt_cl.c
 +++ b/stack/gatt/gatt_cl.c
-@@ -652,13 +652,18 @@ void gatt_process_prep_write_rsp (tGATT_TCB *p_tcb, tGATT_CLCB *p_clcb, UINT8 op
+@@ -653,13 +653,18 @@ void gatt_process_prep_write_rsp (tGATT_TCB *p_tcb, tGATT_CLCB *p_clcb, UINT8 op
  
      memcpy (value.value, p, value.len);
  

Patches/LineageOS-14.1/android_system_bt/365697.patch

@@ -1,4 +1,4 @@
-From 49c2659fc32c183b135d49a88b93a7ebd1f664ed Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Hui Peng <phui@google.com>
 Date: Wed, 10 May 2023 23:34:20 +0000
 Subject: [PATCH] Fix an integer overflow bug in avdt_msg_asmbl
@@ -15,10 +15,10 @@ Change-Id: Iaa4d603921fc4ffb8cfb5783f99ec0963affd6a2
  1 file changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/stack/avdt/avdt_msg.c b/stack/avdt/avdt_msg.c
-index 91a58403e94..83902849b1e 100644
+index acda49858..ce2340d34 100644
 --- a/stack/avdt/avdt_msg.c
 +++ b/stack/avdt/avdt_msg.c
-@@ -1448,14 +1448,14 @@ BT_HDR *avdt_msg_asmbl(tAVDT_CCB *p_ccb, BT_HDR *p_buf)
+@@ -1455,14 +1455,14 @@ BT_HDR *avdt_msg_asmbl(tAVDT_CCB *p_ccb, BT_HDR *p_buf)
               * NOTE: The buffer is allocated above at the beginning of the
               * reassembly, and is always of size BT_DEFAULT_BUFFER_SIZE.
               */

Scripts/LineageOS-14.1/Patch.sh

@@ -76,7 +76,7 @@ sed -i '50i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aap
 sed -i '296iLOCAL_AAPT_FLAGS += --auto-add-overlay' core/package_internal.mk;
 awk -i inplace '!/Email/' target/product/core.mk; #Remove Email
 awk -i inplace '!/Exchange2/' target/product/core.mk;
-sed -i 's/2021-06-05/2023-08-05/' core/version_defaults.mk; #Bump Security String #n-asb-2023-08 #XXX
+sed -i 's/2021-06-05/2023-09-05/' core/version_defaults.mk; #Bump Security String #n-asb-2023-09 #XXX
 fi;
 
 if enterAndClear "device/qcom/sepolicy"; then
@@ -221,6 +221,7 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/364033-backport.patch"; #R_asb_
 applyPatch "$DOS_PATCHES/android_frameworks_base/364036-backport.patch"; #R_asb_2023-08 Verify URI permissions in MediaMetadata
 applyPatch "$DOS_PATCHES/android_frameworks_base/364037.patch"; #R_asb_2023-08 Use Settings.System.getIntForUser instead of getInt to make sure user specific settings are used
 applyPatch "$DOS_PATCHES/android_frameworks_base/364038-backport.patch"; #R_asb_2023-08 Resolve StatusHints image exploit across user.
+applyPatch "$DOS_PATCHES/android_frameworks_base/365782.patch"; #n-asb-2023-09 Update AccountManagerService checkKeyIntentParceledCorrectly.
 git revert --no-edit 0326bb5e41219cf502727c3aa44ebf2daa19a5b3; #Re-enable doze on devices without gms
 applyPatch "$DOS_PATCHES/android_frameworks_base/248599.patch"; #Make SET_TIME_ZONE permission match SET_TIME (AOSP)
 applyPatch "$DOS_PATCHES/android_frameworks_base/0001-Reduced_Resolution.patch"; #Allow reducing resolution to save power TODO: Add 800x480 (DivestOS)
@@ -371,7 +372,6 @@ applyPatch "$DOS_PATCHES/android_packages_apps_Nfc/328308.patch"; #n-asb-2022-04
 applyPatch "$DOS_PATCHES/android_packages_apps_Nfc/332455.patch"; #n-asb-2022-06 OOB read in phNciNfc_RecvMfResp()
 applyPatch "$DOS_PATCHES/android_packages_apps_Nfc/346953.patch"; #n-asb-2023-01 OOBW in Mfc_Transceive()
 applyPatch "$DOS_PATCHES/android_packages_apps_Nfc/348653.patch"; #n-asb-2023-02 DO NOT MERGE OOBW in phNciNfc_MfCreateXchgDataHdr
-applyPatch "$DOS_PATCHES/android_packages_apps_Nfc/365757.patch"; #n-asb-2023-09 Ensure that SecureNFC setting cannot be bypassed
 fi;
 
 if enterAndClear "packages/apps/PackageInstaller"; then