From b0800a1479af393d21ea49eb7bd3013c5bc606a5 Mon Sep 17 00:00:00 2001 From: Tad Date: Thu, 7 Sep 2023 21:23:50 -0400 Subject: [PATCH] Churn Signed-off-by: Tad --- .../android_frameworks_av/365698.patch | 2 +- .../android_frameworks_base/365782.patch | 28 +++++++++++ .../android_frameworks_native/365756.patch | 4 +- .../android_packages_apps_Nfc/365757.patch | 48 ------------------- .../365699.patch | 24 +++++----- .../android_system_bt/365694.patch | 4 +- .../android_system_bt/365695.patch | 6 +-- .../android_system_bt/365696.patch | 6 +-- .../android_system_bt/365697.patch | 6 +-- Scripts/LineageOS-14.1/Patch.sh | 4 +- 10 files changed, 56 insertions(+), 76 deletions(-) create mode 100644 Patches/LineageOS-14.1/android_frameworks_base/365782.patch delete mode 100644 Patches/LineageOS-14.1/android_packages_apps_Nfc/365757.patch diff --git a/Patches/LineageOS-14.1/android_frameworks_av/365698.patch b/Patches/LineageOS-14.1/android_frameworks_av/365698.patch index 406b5356..3324e6dd 100644 --- a/Patches/LineageOS-14.1/android_frameworks_av/365698.patch +++ b/Patches/LineageOS-14.1/android_frameworks_av/365698.patch @@ -1,4 +1,4 @@ -From ef4c2b8495ff729d8f70d5f1cbceed6a36ff94a1 Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Shruti Bihani Date: Thu, 6 Jul 2023 08:41:56 +0000 Subject: [PATCH] Fix Segv on unknown address error flagged by fuzzer test. diff --git a/Patches/LineageOS-14.1/android_frameworks_base/365782.patch b/Patches/LineageOS-14.1/android_frameworks_base/365782.patch new file mode 100644 index 00000000..a664fe33 --- /dev/null +++ b/Patches/LineageOS-14.1/android_frameworks_base/365782.patch @@ -0,0 +1,28 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Dmitry Dementyev +Date: Fri, 30 Jun 2023 14:36:44 -0700 +Subject: [PATCH] Update AccountManagerService checkKeyIntentParceledCorrectly. + +Bug: 265798288 +Test: manual +(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:b117b506ec0504ff9eb2fa523e82f1879ecb8cc1) +Merged-In: Iad33851af32a11c99d11bc2b5c76d124c3e97ebb +Change-Id: Iad33851af32a11c99d11bc2b5c76d124c3e97ebb +--- + .../com/android/server/accounts/AccountManagerService.java | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java +index bdbf03eda2f5..9069cd7ffe9c 100644 +--- a/services/core/java/com/android/server/accounts/AccountManagerService.java ++++ b/services/core/java/com/android/server/accounts/AccountManagerService.java +@@ -4282,6 +4282,9 @@ public class AccountManagerService + Bundle simulateBundle = p.readBundle(); + p.recycle(); + Intent intent = bundle.getParcelable(AccountManager.KEY_INTENT); ++ if (intent != null && intent.getClass() != Intent.class) { ++ return false; ++ } + Intent simulateIntent = simulateBundle.getParcelable(AccountManager.KEY_INTENT); + if (intent == null) { + return (simulateIntent == null); diff --git a/Patches/LineageOS-14.1/android_frameworks_native/365756.patch b/Patches/LineageOS-14.1/android_frameworks_native/365756.patch index 91512de8..364f469d 100644 --- a/Patches/LineageOS-14.1/android_frameworks_native/365756.patch +++ b/Patches/LineageOS-14.1/android_frameworks_native/365756.patch @@ -1,4 +1,4 @@ -From d9c5c1006ba8dfaef6f6cf0b264c64ace14f6f10 Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Devin Moore Date: Tue, 25 Apr 2023 00:17:13 +0000 Subject: [PATCH] Allow sensors list to be empty @@ -15,7 +15,7 @@ Change-Id: I091f57de9570b0ace3a8da76f16fe0e83f0aa624 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/libs/gui/SensorManager.cpp b/libs/gui/SensorManager.cpp -index 5a94279ee82..236848a9bfc 100644 +index 5a94279ee8..236848a9bf 100644 --- a/libs/gui/SensorManager.cpp +++ b/libs/gui/SensorManager.cpp @@ -149,11 +149,8 @@ status_t SensorManager::assertStateLocked() { diff --git a/Patches/LineageOS-14.1/android_packages_apps_Nfc/365757.patch b/Patches/LineageOS-14.1/android_packages_apps_Nfc/365757.patch deleted file mode 100644 index 1184cd45..00000000 --- a/Patches/LineageOS-14.1/android_packages_apps_Nfc/365757.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 0c6f4268bd5b6d97f8aeeff1a9cb5100e45fcdb3 Mon Sep 17 00:00:00 2001 -From: Alisher Alikhodjaev -Date: Thu, 1 Jun 2023 13:44:28 -0700 -Subject: [PATCH] Ensure that SecureNFC setting cannot be bypassed - -Bug: 268038643 -Test: ctsverifier -(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:d6d8f79fd8d605b3cb460895a8e3a11bcf0c22b0) -Merged-In: Ic408b3ef9e35b646b728f9b76a0ba8922ed6e25f -Change-Id: Ic408b3ef9e35b646b728f9b76a0ba8922ed6e25f ---- - src/com/android/nfc/NfcService.java | 6 ++++++ - src/com/android/nfc/cardemulation/HostEmulationManager.java | 5 +++-- - 2 files changed, 9 insertions(+), 2 deletions(-) - -diff --git a/src/com/android/nfc/NfcService.java b/src/com/android/nfc/NfcService.java -index 2c0e7c79f..f1d955772 100755 ---- a/src/com/android/nfc/NfcService.java -+++ b/src/com/android/nfc/NfcService.java -@@ -744,6 +744,12 @@ void enforceBeamShareActivityPolicy(Context context, UserHandle uh, - } - } - -+ public boolean isSecureNfcEnabled() { -+ synchronized (NfcService.this) { -+ return mIsSecureNfcEnabled; -+ } -+ } -+ - final class NfcAdapterService extends INfcAdapter.Stub { - /** - * An interface for vendor specific extensions -diff --git a/src/com/android/nfc/cardemulation/HostEmulationManager.java b/src/com/android/nfc/cardemulation/HostEmulationManager.java -index b481130e5..c43d0deb9 100644 ---- a/src/com/android/nfc/cardemulation/HostEmulationManager.java -+++ b/src/com/android/nfc/cardemulation/HostEmulationManager.java -@@ -168,8 +168,9 @@ public void onHostEmulationData(byte[] data) { - // Resolve to default - // Check if resolvedService requires unlock - ApduServiceInfo defaultServiceInfo = resolveInfo.defaultService; -- if (defaultServiceInfo.requiresUnlock() && -- mKeyguard.isKeyguardLocked() && mKeyguard.isKeyguardSecure()) { -+ if ((defaultServiceInfo.requiresUnlock() -+ || NfcService.getInstance().isSecureNfcEnabled()) -+ && mKeyguard.isKeyguardLocked() && mKeyguard.isKeyguardSecure()) { - // Just ignore all future APDUs until next tap - mState = STATE_W4_DEACTIVATE; - launchTapAgain(resolveInfo.defaultService, resolveInfo.category); diff --git a/Patches/LineageOS-14.1/android_packages_services_Telephony/365699.patch b/Patches/LineageOS-14.1/android_packages_services_Telephony/365699.patch index 5c3a3dd0..ef309b88 100644 --- a/Patches/LineageOS-14.1/android_packages_services_Telephony/365699.patch +++ b/Patches/LineageOS-14.1/android_packages_services_Telephony/365699.patch @@ -1,4 +1,4 @@ -From 4ee14083484520e5b8e38573e1da50e2b496167a Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Ashish Kumar Date: Fri, 26 May 2023 14:18:46 +0000 Subject: [PATCH] Fixed leak of cross user data in multiple settings. @@ -25,10 +25,10 @@ Change-Id: I01cf83cc40bbf13497bc6c90f949f5bb62a833d7 3 files changed, 36 insertions(+) diff --git a/src/com/android/phone/GsmUmtsCallForwardOptions.java b/src/com/android/phone/GsmUmtsCallForwardOptions.java -index 99f3599742..f5e7ad295e 100644 +index 99f359974..f5e7ad295 100644 --- a/src/com/android/phone/GsmUmtsCallForwardOptions.java +++ b/src/com/android/phone/GsmUmtsCallForwardOptions.java -@@ -8,6 +8,7 @@ +@@ -8,6 +8,7 @@ import android.app.ActionBar; import android.app.AlertDialog; import android.app.Dialog; import android.content.Context; @@ -36,7 +36,7 @@ index 99f3599742..f5e7ad295e 100644 import android.content.DialogInterface; import android.content.Intent; import android.database.Cursor; -@@ -15,6 +16,8 @@ +@@ -15,6 +16,8 @@ import android.net.ConnectivityManager; import android.net.NetworkInfo; import android.os.Bundle; import android.os.PersistableBundle; @@ -45,7 +45,7 @@ index 99f3599742..f5e7ad295e 100644 import android.preference.Preference; import android.preference.PreferenceScreen; import android.telephony.ServiceState; -@@ -229,6 +232,15 @@ protected void onActivityResult(int requestCode, int resultCode, Intent data) { +@@ -229,6 +232,15 @@ public class GsmUmtsCallForwardOptions extends TimeConsumingPreferenceActivity } Cursor cursor = null; try { @@ -62,7 +62,7 @@ index 99f3599742..f5e7ad295e 100644 NUM_PROJECTION, null, null, null); if ((cursor == null) || (!cursor.moveToFirst())) { diff --git a/src/com/android/phone/settings/VoicemailSettingsActivity.java b/src/com/android/phone/settings/VoicemailSettingsActivity.java -index fea702bf53..1a4b1eea45 100644 +index 1b3f31bb1..e44324cd0 100644 --- a/src/com/android/phone/settings/VoicemailSettingsActivity.java +++ b/src/com/android/phone/settings/VoicemailSettingsActivity.java @@ -17,6 +17,7 @@ @@ -73,7 +73,7 @@ index fea702bf53..1a4b1eea45 100644 import android.content.DialogInterface; import android.content.Intent; import android.database.Cursor; -@@ -24,6 +25,7 @@ +@@ -24,6 +25,7 @@ import android.os.AsyncResult; import android.os.Bundle; import android.os.Handler; import android.os.Message; @@ -81,7 +81,7 @@ index fea702bf53..1a4b1eea45 100644 import android.os.UserHandle; import android.preference.CheckBoxPreference; import android.preference.Preference; -@@ -544,6 +546,17 @@ protected void onActivityResult(int requestCode, int resultCode, Intent data) { +@@ -548,6 +550,17 @@ public class VoicemailSettingsActivity extends PreferenceActivity Cursor cursor = null; try { @@ -100,10 +100,10 @@ index fea702bf53..1a4b1eea45 100644 new String[] { CommonDataKinds.Phone.NUMBER }, null, null, null); if ((cursor == null) || (!cursor.moveToFirst())) { diff --git a/src/com/android/phone/settings/fdn/EditFdnContactScreen.java b/src/com/android/phone/settings/fdn/EditFdnContactScreen.java -index 23ef0bb075..98dbd9480c 100644 +index 23ef0bb07..98dbd9480 100644 --- a/src/com/android/phone/settings/fdn/EditFdnContactScreen.java +++ b/src/com/android/phone/settings/fdn/EditFdnContactScreen.java -@@ -21,6 +21,7 @@ +@@ -21,6 +21,7 @@ import static android.view.Window.PROGRESS_VISIBILITY_ON; import android.app.Activity; import android.content.AsyncQueryHandler; @@ -111,7 +111,7 @@ index 23ef0bb075..98dbd9480c 100644 import android.content.ContentResolver; import android.content.ContentValues; import android.content.Intent; -@@ -29,6 +30,8 @@ +@@ -29,6 +30,8 @@ import android.database.Cursor; import android.net.Uri; import android.os.Bundle; import android.os.Handler; @@ -120,7 +120,7 @@ index 23ef0bb075..98dbd9480c 100644 import android.provider.Contacts.PeopleColumns; import android.provider.Contacts.PhonesColumns; import android.provider.ContactsContract.CommonDataKinds; -@@ -152,6 +155,14 @@ protected void onActivityResult(int requestCode, int resultCode, Intent intent) +@@ -152,6 +155,14 @@ public class EditFdnContactScreen extends Activity { } Cursor cursor = null; try { diff --git a/Patches/LineageOS-14.1/android_system_bt/365694.patch b/Patches/LineageOS-14.1/android_system_bt/365694.patch index 7549fdd5..d9f8d757 100644 --- a/Patches/LineageOS-14.1/android_system_bt/365694.patch +++ b/Patches/LineageOS-14.1/android_system_bt/365694.patch @@ -1,4 +1,4 @@ -From 2ccddcaa7525966043121fcbe6b806246fdec327 Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Brian Delwiche Date: Tue, 18 Apr 2023 23:58:50 +0000 Subject: [PATCH] Fix integer overflow in build_read_multi_rsp @@ -23,7 +23,7 @@ Change-Id: I3a74bdb0d003cb6bf4f282615be8c68836676715 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/stack/gatt/gatt_sr.c b/stack/gatt/gatt_sr.c -index c2cdb885dcf..6457a37589f 100644 +index c2cdb885d..6457a3758 100644 --- a/stack/gatt/gatt_sr.c +++ b/stack/gatt/gatt_sr.c @@ -122,7 +122,8 @@ void gatt_dequeue_sr_cmd (tGATT_TCB *p_tcb) diff --git a/Patches/LineageOS-14.1/android_system_bt/365695.patch b/Patches/LineageOS-14.1/android_system_bt/365695.patch index a4015b1f..cecc69e3 100644 --- a/Patches/LineageOS-14.1/android_system_bt/365695.patch +++ b/Patches/LineageOS-14.1/android_system_bt/365695.patch @@ -1,4 +1,4 @@ -From 6639c1e4ff7b39f7b9b7e5d924ff4c36cab556eb Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Qiyu Hu Date: Wed, 13 Jun 2018 08:08:17 -0700 Subject: [PATCH] Fix reliable write. @@ -21,7 +21,7 @@ Change-Id: I907877608f4672f24c002e630e58bf9133937a5e 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/stack/gatt/gatt_cl.c b/stack/gatt/gatt_cl.c -index 04a027fef55..1033b9324f0 100644 +index 1e8ff1f50..3797d9684 100644 --- a/stack/gatt/gatt_cl.c +++ b/stack/gatt/gatt_cl.c @@ -321,7 +321,7 @@ void gatt_send_queue_write_cancel (tGATT_TCB *p_tcb, tGATT_CLCB *p_clcb, tGATT_E @@ -60,7 +60,7 @@ index 04a027fef55..1033b9324f0 100644 } /******************************************************************************* ** -@@ -653,19 +652,18 @@ void gatt_process_prep_write_rsp (tGATT_TCB *p_tcb, tGATT_CLCB *p_clcb, UINT8 op +@@ -654,19 +653,18 @@ void gatt_process_prep_write_rsp (tGATT_TCB *p_tcb, tGATT_CLCB *p_clcb, UINT8 op memcpy (value.value, p, value.len); diff --git a/Patches/LineageOS-14.1/android_system_bt/365696.patch b/Patches/LineageOS-14.1/android_system_bt/365696.patch index 08258ca0..b9e0f530 100644 --- a/Patches/LineageOS-14.1/android_system_bt/365696.patch +++ b/Patches/LineageOS-14.1/android_system_bt/365696.patch @@ -1,4 +1,4 @@ -From 8e5178ea9e60fc2bbfee12c37bc61d0730327161 Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Brian Delwiche Date: Tue, 11 Apr 2023 23:05:45 +0000 Subject: [PATCH] Fix UAF in gatt_cl.cc @@ -20,10 +20,10 @@ Change-Id: I085ecfa1a9ba098ecbfecbd3cb3e263ae13f9724 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/stack/gatt/gatt_cl.c b/stack/gatt/gatt_cl.c -index 1033b9324f..c78963f9ab 100644 +index 3797d9684..bec320846 100644 --- a/stack/gatt/gatt_cl.c +++ b/stack/gatt/gatt_cl.c -@@ -652,13 +652,18 @@ void gatt_process_prep_write_rsp (tGATT_TCB *p_tcb, tGATT_CLCB *p_clcb, UINT8 op +@@ -653,13 +653,18 @@ void gatt_process_prep_write_rsp (tGATT_TCB *p_tcb, tGATT_CLCB *p_clcb, UINT8 op memcpy (value.value, p, value.len); diff --git a/Patches/LineageOS-14.1/android_system_bt/365697.patch b/Patches/LineageOS-14.1/android_system_bt/365697.patch index e95c39ea..3fa107c7 100644 --- a/Patches/LineageOS-14.1/android_system_bt/365697.patch +++ b/Patches/LineageOS-14.1/android_system_bt/365697.patch @@ -1,4 +1,4 @@ -From 49c2659fc32c183b135d49a88b93a7ebd1f664ed Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Hui Peng Date: Wed, 10 May 2023 23:34:20 +0000 Subject: [PATCH] Fix an integer overflow bug in avdt_msg_asmbl @@ -15,10 +15,10 @@ Change-Id: Iaa4d603921fc4ffb8cfb5783f99ec0963affd6a2 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/stack/avdt/avdt_msg.c b/stack/avdt/avdt_msg.c -index 91a58403e94..83902849b1e 100644 +index acda49858..ce2340d34 100644 --- a/stack/avdt/avdt_msg.c +++ b/stack/avdt/avdt_msg.c -@@ -1448,14 +1448,14 @@ BT_HDR *avdt_msg_asmbl(tAVDT_CCB *p_ccb, BT_HDR *p_buf) +@@ -1455,14 +1455,14 @@ BT_HDR *avdt_msg_asmbl(tAVDT_CCB *p_ccb, BT_HDR *p_buf) * NOTE: The buffer is allocated above at the beginning of the * reassembly, and is always of size BT_DEFAULT_BUFFER_SIZE. */ diff --git a/Scripts/LineageOS-14.1/Patch.sh b/Scripts/LineageOS-14.1/Patch.sh index 3783e2c3..dbbae1e6 100644 --- a/Scripts/LineageOS-14.1/Patch.sh +++ b/Scripts/LineageOS-14.1/Patch.sh @@ -76,7 +76,7 @@ sed -i '50i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aap sed -i '296iLOCAL_AAPT_FLAGS += --auto-add-overlay' core/package_internal.mk; awk -i inplace '!/Email/' target/product/core.mk; #Remove Email awk -i inplace '!/Exchange2/' target/product/core.mk; -sed -i 's/2021-06-05/2023-08-05/' core/version_defaults.mk; #Bump Security String #n-asb-2023-08 #XXX +sed -i 's/2021-06-05/2023-09-05/' core/version_defaults.mk; #Bump Security String #n-asb-2023-09 #XXX fi; if enterAndClear "device/qcom/sepolicy"; then @@ -221,6 +221,7 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/364033-backport.patch"; #R_asb_ applyPatch "$DOS_PATCHES/android_frameworks_base/364036-backport.patch"; #R_asb_2023-08 Verify URI permissions in MediaMetadata applyPatch "$DOS_PATCHES/android_frameworks_base/364037.patch"; #R_asb_2023-08 Use Settings.System.getIntForUser instead of getInt to make sure user specific settings are used applyPatch "$DOS_PATCHES/android_frameworks_base/364038-backport.patch"; #R_asb_2023-08 Resolve StatusHints image exploit across user. +applyPatch "$DOS_PATCHES/android_frameworks_base/365782.patch"; #n-asb-2023-09 Update AccountManagerService checkKeyIntentParceledCorrectly. git revert --no-edit 0326bb5e41219cf502727c3aa44ebf2daa19a5b3; #Re-enable doze on devices without gms applyPatch "$DOS_PATCHES/android_frameworks_base/248599.patch"; #Make SET_TIME_ZONE permission match SET_TIME (AOSP) applyPatch "$DOS_PATCHES/android_frameworks_base/0001-Reduced_Resolution.patch"; #Allow reducing resolution to save power TODO: Add 800x480 (DivestOS) @@ -371,7 +372,6 @@ applyPatch "$DOS_PATCHES/android_packages_apps_Nfc/328308.patch"; #n-asb-2022-04 applyPatch "$DOS_PATCHES/android_packages_apps_Nfc/332455.patch"; #n-asb-2022-06 OOB read in phNciNfc_RecvMfResp() applyPatch "$DOS_PATCHES/android_packages_apps_Nfc/346953.patch"; #n-asb-2023-01 OOBW in Mfc_Transceive() applyPatch "$DOS_PATCHES/android_packages_apps_Nfc/348653.patch"; #n-asb-2023-02 DO NOT MERGE OOBW in phNciNfc_MfCreateXchgDataHdr -applyPatch "$DOS_PATCHES/android_packages_apps_Nfc/365757.patch"; #n-asb-2023-09 Ensure that SecureNFC setting cannot be bypassed fi; if enterAndClear "packages/apps/PackageInstaller"; then