mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-28 17:09:39 -05:00
15.1 February ASB work + Picks
Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
parent
2993b459f0
commit
b2913e8170
33
Patches/LineageOS-15.1/android_external_expat/348649.patch
Normal file
33
Patches/LineageOS-15.1/android_external_expat/348649.patch
Normal file
@ -0,0 +1,33 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Sadaf Ebrahimi <sadafebrahimi@google.com>
|
||||
Date: Wed, 16 Nov 2022 16:31:05 +0000
|
||||
Subject: [PATCH] Fix overeager DTD destruction (fixes #649)
|
||||
|
||||
Bug: http://b/255449293
|
||||
Test: TreeHugger
|
||||
Change-Id: I15ba529c07a6b868484bd5972be154c07cd97cc6
|
||||
(cherry picked from commit eb8f10fb1f4eb13c5a2ba1edbfd64b5f2a50ff4a)
|
||||
Merged-In: I15ba529c07a6b868484bd5972be154c07cd97cc6
|
||||
---
|
||||
lib/xmlparse.c | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/lib/xmlparse.c b/lib/xmlparse.c
|
||||
index 7b25a0b8..ee71adad 100644
|
||||
--- a/lib/xmlparse.c
|
||||
+++ b/lib/xmlparse.c
|
||||
@@ -855,6 +855,14 @@ parserCreate(const XML_Char *encodingName,
|
||||
parserInit(parser, encodingName);
|
||||
|
||||
if (encodingName && !protocolEncodingName) {
|
||||
+ if (dtd) {
|
||||
+ // We need to stop the upcoming call to XML_ParserFree from happily
|
||||
+ // destroying parser->m_dtd because the DTD is shared with the parent
|
||||
+ // parser and the only guard that keeps XML_ParserFree from destroying
|
||||
+ // parser->m_dtd is parser->m_isParamEntity but it will be set to
|
||||
+ // XML_TRUE only later in XML_ExternalEntityParserCreate (or not at all).
|
||||
+ _dtd = NULL;
|
||||
+ }
|
||||
XML_ParserFree(parser);
|
||||
return NULL;
|
||||
}
|
57
Patches/LineageOS-15.1/android_frameworks_base/349330.patch
Normal file
57
Patches/LineageOS-15.1/android_frameworks_base/349330.patch
Normal file
@ -0,0 +1,57 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Jackal Guo <jackalguo@google.com>
|
||||
Date: Tue, 25 Oct 2022 15:03:55 +0800
|
||||
Subject: [PATCH] Correct the behavior of ACTION_PACKAGE_DATA_CLEARED
|
||||
|
||||
This action should be only broadcasted when the user data is cleared
|
||||
successfully. Broadcasting this action when failed case may result in
|
||||
unexpected result.
|
||||
|
||||
Bug: 240267890
|
||||
Test: manually using the PoC in the buganizer to ensure the symptom
|
||||
no longer exists.
|
||||
Change-Id: I0bb612627c81a2f2d7e3dbf53ea891ee49cf734b
|
||||
(cherry picked from commit 8b2e092146c7ab5c2952818dab6dcb6af9c417ce)
|
||||
Merged-In: I0bb612627c81a2f2d7e3dbf53ea891ee49cf734b
|
||||
---
|
||||
.../server/am/ActivityManagerService.java | 26 ++++++++++---------
|
||||
1 file changed, 14 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
|
||||
index 6029b8ceb691..e6f400c31bde 100644
|
||||
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
|
||||
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
|
||||
@@ -6075,19 +6075,21 @@ public class ActivityManagerService extends IActivityManager.Stub
|
||||
finishForceStopPackageLocked(packageName, appInfo.uid);
|
||||
}
|
||||
}
|
||||
- final Intent intent = new Intent(Intent.ACTION_PACKAGE_DATA_CLEARED,
|
||||
- Uri.fromParts("package", packageName, null));
|
||||
- intent.addFlags(Intent.FLAG_RECEIVER_INCLUDE_BACKGROUND);
|
||||
- intent.putExtra(Intent.EXTRA_UID, (appInfo != null) ? appInfo.uid : -1);
|
||||
- intent.putExtra(Intent.EXTRA_USER_HANDLE, resolvedUserId);
|
||||
- if (isInstantApp) {
|
||||
- intent.putExtra(Intent.EXTRA_PACKAGE_NAME, packageName);
|
||||
- broadcastIntentInPackage("android", SYSTEM_UID, intent, null, null, 0,
|
||||
- null, null, permission.ACCESS_INSTANT_APPS, null, false, false,
|
||||
+ if (succeeded) {
|
||||
+ final Intent intent = new Intent(Intent.ACTION_PACKAGE_DATA_CLEARED,
|
||||
+ Uri.fromParts("package", packageName, null /* fragment */));
|
||||
+ intent.addFlags(Intent.FLAG_RECEIVER_INCLUDE_BACKGROUND);
|
||||
+ intent.putExtra(Intent.EXTRA_UID, (appInfo != null) ? appInfo.uid : -1);
|
||||
+ intent.putExtra(Intent.EXTRA_USER_HANDLE, resolvedUserId);
|
||||
+ if (isInstantApp) {
|
||||
+ intent.putExtra(Intent.EXTRA_PACKAGE_NAME, packageName);
|
||||
+ }
|
||||
+ broadcastIntentInPackage("android", SYSTEM_UID,
|
||||
+ intent, null /* resolvedType */, null /* resultTo */,
|
||||
+ 0 /* resultCode */, null /* resultData */, null /* resultExtras */,
|
||||
+ isInstantApp ? permission.ACCESS_INSTANT_APPS : null,
|
||||
+ null /* bOptions */, false /* serialized */, false /* sticky */,
|
||||
resolvedUserId);
|
||||
- } else {
|
||||
- broadcastIntentInPackage("android", SYSTEM_UID, intent, null, null, 0,
|
||||
- null, null, null, null, false, false, resolvedUserId);
|
||||
}
|
||||
|
||||
if (observer != null) {
|
27
Patches/LineageOS-15.1/android_frameworks_base/349331.patch
Normal file
27
Patches/LineageOS-15.1/android_frameworks_base/349331.patch
Normal file
@ -0,0 +1,27 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Dmitry Dementyev <dementyev@google.com>
|
||||
Date: Tue, 22 Nov 2022 22:54:01 +0000
|
||||
Subject: [PATCH] Convert argument to intent in ChooseTypeAndAccountActivity
|
||||
|
||||
Bug: 244154558
|
||||
Test: manual
|
||||
Change-Id: I5a86639cd571e14e9a9f5d5ded631b5a7c08db7e
|
||||
(cherry picked from commit ede0a767c26f144e38b4a0c1c2f530b05ffd29a8)
|
||||
Merged-In: I5a86639cd571e14e9a9f5d5ded631b5a7c08db7e
|
||||
---
|
||||
core/java/android/accounts/ChooseTypeAndAccountActivity.java | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/core/java/android/accounts/ChooseTypeAndAccountActivity.java b/core/java/android/accounts/ChooseTypeAndAccountActivity.java
|
||||
index 887ba18822f8..96f23a314e7b 100644
|
||||
--- a/core/java/android/accounts/ChooseTypeAndAccountActivity.java
|
||||
+++ b/core/java/android/accounts/ChooseTypeAndAccountActivity.java
|
||||
@@ -407,7 +407,7 @@ public class ChooseTypeAndAccountActivity extends Activity
|
||||
mExistingAccounts = AccountManager.get(this).getAccountsForPackage(mCallingPackage,
|
||||
mCallingUid);
|
||||
intent.setFlags(intent.getFlags() & ~Intent.FLAG_ACTIVITY_NEW_TASK);
|
||||
- startActivityForResult(intent, REQUEST_ADD_ACCOUNT);
|
||||
+ startActivityForResult(new Intent(intent), REQUEST_ADD_ACCOUNT);
|
||||
return;
|
||||
}
|
||||
} catch (OperationCanceledException e) {
|
@ -0,0 +1,47 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Brian Delwiche <delwiche@google.com>
|
||||
Date: Tue, 8 Nov 2022 23:32:46 +0000
|
||||
Subject: [PATCH] Fix OPP comparison
|
||||
|
||||
isBluetoothShareUri_correctlyCheckUri (under
|
||||
com.android.bluetooth.opp.BluetoothOppUtilityTest) is failing
|
||||
on null input due to an incorrect comparison in
|
||||
isBluetoothShareUri. Change the comparison to one which can
|
||||
cope with null input.
|
||||
|
||||
Bug: 257190999
|
||||
Test: atest: BluetoothOppUtilityTest
|
||||
Tag: #security
|
||||
Ignore-AOSP-First: Security
|
||||
Change-Id: Ia6a08e7092c2084e1816b782317c13254e78719b
|
||||
(cherry picked from commit 90dc6fcdcba6c0c2b0f9bdaad28457a81c9af4ba)
|
||||
Merged-In: Ia6a08e7092c2084e1816b782317c13254e78719b
|
||||
---
|
||||
src/com/android/bluetooth/opp/BluetoothOppUtility.java | 5 +++--
|
||||
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/com/android/bluetooth/opp/BluetoothOppUtility.java b/src/com/android/bluetooth/opp/BluetoothOppUtility.java
|
||||
index f366cca25..0f55f16e6 100644
|
||||
--- a/src/com/android/bluetooth/opp/BluetoothOppUtility.java
|
||||
+++ b/src/com/android/bluetooth/opp/BluetoothOppUtility.java
|
||||
@@ -54,6 +54,7 @@ import java.io.File;
|
||||
import java.io.IOException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
+import java.util.Objects;
|
||||
import java.util.concurrent.ConcurrentHashMap;
|
||||
|
||||
/**
|
||||
@@ -69,10 +70,10 @@ public class BluetoothOppUtility {
|
||||
|
||||
public static boolean isBluetoothShareUri(Uri uri) {
|
||||
if (uri.toString().startsWith(BluetoothShare.CONTENT_URI.toString())
|
||||
- && !uri.getAuthority().equals(BluetoothShare.CONTENT_URI.getAuthority())) {
|
||||
+ && !Objects.equals(uri.getAuthority(), BluetoothShare.CONTENT_URI.getAuthority())) {
|
||||
EventLog.writeEvent(0x534e4554, "225880741", -1, "");
|
||||
}
|
||||
- return uri.getAuthority().equals(BluetoothShare.CONTENT_URI.getAuthority());
|
||||
+ return Objects.equals(uri.getAuthority(), BluetoothShare.CONTENT_URI.getAuthority());
|
||||
}
|
||||
|
||||
public static BluetoothOppTransferInfo queryRecord(Context context, Uri uri) {
|
@ -0,0 +1,31 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Alisher Alikhodjaev <alisher@google.com>
|
||||
Date: Tue, 22 Nov 2022 15:49:11 -0800
|
||||
Subject: [PATCH] DO NOT MERGE OOBW in phNciNfc_MfCreateXchgDataHdr
|
||||
|
||||
Bug: 246932269
|
||||
Test: Build ok
|
||||
Change-Id: I4dcd18da8b5145e218d070414da8997aff181364
|
||||
(cherry picked from commit 2e4dfa6c92de30907851914add6485f8b7920968)
|
||||
Merged-In: I4dcd18da8b5145e218d070414da8997aff181364
|
||||
---
|
||||
nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.c | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.c b/nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.c
|
||||
index cf5aafb6..3c01b2ab 100755
|
||||
--- a/nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.c
|
||||
+++ b/nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.c
|
||||
@@ -1549,6 +1549,12 @@ phNciNfc_MfCreateXchgDataHdr(phNciNfc_TransceiveInfo_t tTranscvInfo,
|
||||
NFCSTATUS status = NFCSTATUS_SUCCESS;
|
||||
uint8_t i = 0;
|
||||
|
||||
+ if (tTranscvInfo.tSendData.wLen > (MAX_BUFF_SIZE - 1))
|
||||
+ {
|
||||
+ android_errorWriteLog(0x534e4554, "246932269");
|
||||
+ return NFCSTATUS_FAILED;
|
||||
+ }
|
||||
+
|
||||
buff[i++] = phNciNfc_e_MfRawDataXchgHdr;
|
||||
memcpy(&buff[i],tTranscvInfo.tSendData.pBuff,tTranscvInfo.tSendData.wLen);
|
||||
*buffSz = i + tTranscvInfo.tSendData.wLen;
|
@ -0,0 +1,65 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Brian Delwiche <delwiche@google.com>
|
||||
Date: Fri, 2 Dec 2022 00:41:24 +0000
|
||||
Subject: [PATCH] Report failure when not able to connect to AVRCP
|
||||
|
||||
A crash may occur when creating a bluetooth AVRCP connection to a
|
||||
device.
|
||||
|
||||
The code fails to check a return value from an AVRCP function
|
||||
being used to index into an array. The return value may exceed the
|
||||
size of the array causing memory outside the bounds of the array to be
|
||||
accessed leading to memory corruption and a crash.
|
||||
|
||||
The fix is to ensure the return value is within the bounds of the
|
||||
array before accessing the array contents. If the return value is
|
||||
not within the bounds of the array report it as a failure to the
|
||||
bluetooth stack.
|
||||
|
||||
This change is relevant for android automotive because the IVI
|
||||
(in-vehicle infotainment system) acts as the an AVRCP controller
|
||||
which still executes this code.
|
||||
|
||||
Note: this is a backport of b/214569798, inducted as a non-security
|
||||
issue. Per b/226927612 it has been found to have security impact
|
||||
and should be backported to earlier branches.
|
||||
|
||||
Bug: 226927612
|
||||
Test: Manual - set return value to be out of bounds, verify no crash
|
||||
Tag: #security
|
||||
Ignore-AOSP-First: Security
|
||||
Change-Id: I03f89f894c759b85e555a024435b625397ef7e5c
|
||||
Merged-In: I03f89f894c759b85e555a024435b625397ef7e5c
|
||||
(cherry picked from commit 86112bf0535f3f5a4c6a0a137e67b0eebd9bbdf5)
|
||||
Merged-In: I03f89f894c759b85e555a024435b625397ef7e5c
|
||||
---
|
||||
bta/av/bta_av_act.cc | 16 +++++++++++++++-
|
||||
1 file changed, 15 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/bta/av/bta_av_act.cc b/bta/av/bta_av_act.cc
|
||||
index 541d68303..2043b75cf 100644
|
||||
--- a/bta/av/bta_av_act.cc
|
||||
+++ b/bta/av/bta_av_act.cc
|
||||
@@ -1826,7 +1826,21 @@ void bta_av_rc_disc_done(UNUSED_ATTR tBTA_AV_DATA* p_data) {
|
||||
if (p_lcb) {
|
||||
rc_handle = bta_av_rc_create(p_cb, AVCT_INT,
|
||||
(uint8_t)(p_scb->hdi + 1), p_lcb->lidx);
|
||||
- p_cb->rcb[rc_handle].peer_features = peer_features;
|
||||
+ if (rc_handle < BTA_AV_NUM_RCB) {
|
||||
+ p_cb->rcb[rc_handle].peer_features = peer_features;
|
||||
+ } else {
|
||||
+ /* cannot create valid rc_handle for current device. report failure
|
||||
+ */
|
||||
+ APPL_TRACE_ERROR("%s: no link resources available", __func__);
|
||||
+ p_scb->use_rc = false;
|
||||
+ tBTA_AV_RC_OPEN rc_open;
|
||||
+ rc_open.peer_addr = p_scb->PeerAddress();
|
||||
+ rc_open.peer_features = 0;
|
||||
+ rc_open.status = BTA_AV_FAIL_RESOURCES;
|
||||
+ tBTA_AV bta_av_data;
|
||||
+ bta_av_data.rc_open = rc_open;
|
||||
+ (*p_cb->p_cback)(BTA_AV_RC_OPEN_EVT, &bta_av_data);
|
||||
+ }
|
||||
} else {
|
||||
APPL_TRACE_ERROR("can not find LCB!!");
|
||||
}
|
32
Patches/LineageOS-15.1/android_system_bt/349335.patch
Normal file
32
Patches/LineageOS-15.1/android_system_bt/349335.patch
Normal file
@ -0,0 +1,32 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Brian Delwiche <delwiche@google.com>
|
||||
Date: Tue, 27 Sep 2022 22:05:08 +0000
|
||||
Subject: [PATCH] Add bounds check in avdt_scb_act.cc
|
||||
|
||||
Bug: 242535997
|
||||
Test: BT unit tests, validated against researcher POC
|
||||
Tag: #security
|
||||
Ignore-AOSP-First: Security
|
||||
Change-Id: I3b982e5d447cb98ad269b3da3d7d591819b2e4e4
|
||||
(cherry picked from commit eca4a3cdb0da240496341f546a57397434ec85dd)
|
||||
Merged-In: I3b982e5d447cb98ad269b3da3d7d591819b2e4e4
|
||||
---
|
||||
stack/avdt/avdt_scb_act.cc | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/stack/avdt/avdt_scb_act.cc b/stack/avdt/avdt_scb_act.cc
|
||||
index 5e0e98d80..ea9c0bceb 100644
|
||||
--- a/stack/avdt/avdt_scb_act.cc
|
||||
+++ b/stack/avdt/avdt_scb_act.cc
|
||||
@@ -957,6 +957,11 @@ void avdt_scb_hdl_write_req(tAVDT_SCB* p_scb, tAVDT_SCB_EVT* p_data) {
|
||||
|
||||
/* Build a media packet, and add an RTP header if required. */
|
||||
if (add_rtp_header) {
|
||||
+ if (p_data->apiwrite.p_buf->offset < AVDT_MEDIA_HDR_SIZE) {
|
||||
+ android_errorWriteWithInfoLog(0x534e4554, "242535997", -1, NULL, 0);
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
ssrc = avdt_scb_gen_ssrc(p_scb);
|
||||
|
||||
p_data->apiwrite.p_buf->len += AVDT_MEDIA_HDR_SIZE;
|
@ -0,0 +1,31 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Alisher Alikhodjaev <alisher@google.com>
|
||||
Date: Tue, 22 Nov 2022 15:49:11 -0800
|
||||
Subject: [PATCH] DO NOT MERGE OOBW in phNciNfc_MfCreateXchgDataHdr
|
||||
|
||||
Bug: 246932269
|
||||
Test: Build ok
|
||||
Change-Id: I4dcd18da8b5145e218d070414da8997aff181364
|
||||
(cherry picked from commit 2e4dfa6c92de30907851914add6485f8b7920968)
|
||||
Merged-In: I4dcd18da8b5145e218d070414da8997aff181364
|
||||
---
|
||||
nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.c | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.c b/nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.c
|
||||
index 8e9399ef..8338bd34 100644
|
||||
--- a/nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.c
|
||||
+++ b/nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.c
|
||||
@@ -1561,6 +1561,12 @@ phNciNfc_MfCreateXchgDataHdr(phNciNfc_TransceiveInfo_t tTranscvInfo,
|
||||
NFCSTATUS status = NFCSTATUS_SUCCESS;
|
||||
uint8_t i = 0;
|
||||
|
||||
+ if (tTranscvInfo.tSendData.wLen > (MAX_BUFF_SIZE - 1))
|
||||
+ {
|
||||
+ android_errorWriteLog(0x534e4554, "246932269");
|
||||
+ return NFCSTATUS_FAILED;
|
||||
+ }
|
||||
+
|
||||
buff[i++] = phNciNfc_e_MfRawDataXchgHdr;
|
||||
memcpy(&buff[i],tTranscvInfo.tSendData.pBuff,tTranscvInfo.tSendData.wLen);
|
||||
*buffSz = i + tTranscvInfo.tSendData.wLen;
|
@ -73,7 +73,7 @@ applyPatch "$DOS_PATCHES/android_build/0001-OTA_Keys.patch"; #Add correct keys t
|
||||
applyPatch "$DOS_PATCHES/android_build/0002-Enable_fwrapv.patch"; #Use -fwrapv at a minimum (GrapheneOS)
|
||||
sed -i '57i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
|
||||
awk -i inplace '!/Email/' target/product/core.mk; #Remove Email
|
||||
sed -i 's/2021-10-05/2023-01-05/' core/version_defaults.mk; #Bump Security String #XXX
|
||||
sed -i 's/2021-10-05/2023-02-05/' core/version_defaults.mk; #Bump Security String #XXX
|
||||
fi;
|
||||
|
||||
if enterAndClear "build/soong"; then
|
||||
@ -105,6 +105,7 @@ if enterAndClear "external/expat"; then
|
||||
applyPatch "$DOS_PATCHES/android_external_expat/337987.patch"; #Q_asb_2022-09 Prevent XML_GetBuffer signed integer overflow
|
||||
applyPatch "$DOS_PATCHES/android_external_expat/337988-backport.patch"; #n-asb-2022-09 Prevent integer overflow in function doProlog
|
||||
applyPatch "$DOS_PATCHES/android_external_expat/337989-backport.patch"; #n-asb-2022-09 Prevent more integer overflows
|
||||
applyPatch "$DOS_PATCHES/android_external_expat/348649.patch"; #n-asb-2023-02 Fix overeager DTD destruction (fixes #649)
|
||||
fi;
|
||||
|
||||
#if [ "$DOS_GRAPHENE_MALLOC_BROKEN" = true ]; then
|
||||
@ -166,6 +167,8 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/347047-backport.patch"; #P_asb_
|
||||
#applyPatch "$DOS_PATCHES/android_frameworks_base/347048-backport.patch"; #P_asb_2023-01 Revert "Revert "RESTRICT AUTOMERGE Validate permission tree size..." #XXX: uncertain backport
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/347049-backport.patch"; #P_asb_2023-01 [SettingsProvider] key size limit for mutating settings
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/347051-backport.patch"; #P_asb_2023-01 Add protections agains use-after-free issues if cancel() or queue() is called after a device connection has been closed.
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/349330.patch"; #P_asb_2023-02 Correct the behavior of ACTION_PACKAGE_DATA_CLEARED
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/349331.patch"; #P_asb_2023-02 Convert argument to intent in ChooseTypeAndAccountActivity
|
||||
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0001-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969)
|
||||
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after three failed attempts (GrapheneOS)
|
||||
@ -254,6 +257,7 @@ if enterAndClear "packages/apps/Bluetooth"; then
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Bluetooth/332758-backport.patch"; #P_asb_2022-06 Removes app access to BluetoothAdapter#setScanMode by requiring BLUETOOTH_PRIVILEGED permission.
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Bluetooth/332759-backport.patch"; #P_asb_2022-06 Removes app access to BluetoothAdapter#setDiscoverableTimeout by requiring BLUETOOTH_PRIVILEGED permission.
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Bluetooth/345907-backport.patch"; #P_asb_2022-12 Fix URI check in BluetoothOppUtility.java
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Bluetooth/349332-backport.patch"; #P_asb_2023-02 Fix OPP comparison
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/apps/Contacts"; then
|
||||
@ -285,6 +289,7 @@ if enterAndClear "packages/apps/Nfc"; then
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Nfc/328346.patch"; #P_asb_2022-04 Do not set default contactless application without user interaction
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Nfc/332455-backport.patch"; #n-asb-2022-06 OOB read in phNciNfc_RecvMfResp()
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Nfc/346953-backport.patch"; #n-asb-2023-01 OOBW in Mfc_Transceive()
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Nfc/348653.patch"; #n-asb-2023-02 OOBW in phNciNfc_MfCreateXchgDataHdr
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/apps/Settings"; then
|
||||
@ -375,6 +380,8 @@ applyPatch "$DOS_PATCHES/android_system_bt/345917.patch"; #P_asb_2022-12 Add len
|
||||
applyPatch "$DOS_PATCHES/android_system_bt/345918.patch"; #P_asb_2022-12 Fix integer overflow when parsing avrc response
|
||||
applyPatch "$DOS_PATCHES/android_system_bt/347127.patch"; #P_asb_2023-01 Once AT command is retrieved, return from method.
|
||||
applyPatch "$DOS_PATCHES/android_system_bt/347128.patch"; #P_asb_2023-01 AVRC: Validating msg size before accessing fields
|
||||
#applyPatch "$DOS_PATCHES/android_system_bt/349334-backport.patch"; #P_asb_2023-02 Report failure when not able to connect to AVRCP XXX: doesn't compile
|
||||
applyPatch "$DOS_PATCHES/android_system_bt/349335.patch"; #P_asb_2023-02 Add bounds check in avdt_scb_act.cc
|
||||
fi;
|
||||
|
||||
if enterAndClear "system/core"; then
|
||||
@ -412,6 +419,7 @@ if enterAndClear "vendor/nxp/opensource/packages/apps/Nfc"; then #keep in sync w
|
||||
applyPatch "$DOS_PATCHES/android_vendor_nxp_opensource_packages_apps_Nfc/252808-backport.patch"; #n-asb-2019-08 Prevent OOB write in Mfc_Transceive
|
||||
applyPatch "$DOS_PATCHES/android_vendor_nxp_opensource_packages_apps_Nfc/328348-backport.patch"; #P_asb_2022-04 Do not set default contactless application without user interaction
|
||||
applyPatch "$DOS_PATCHES/android_vendor_nxp_opensource_packages_apps_Nfc/346953-backport.patch"; #n-asb-2023-01 OOBW in Mfc_Transceive()
|
||||
applyPatch "$DOS_PATCHES/android_vendor_nxp_opensource_packages_apps_Nfc/348653.patch"; #n-asb-2023-02 OOBW in phNciNfc_MfCreateXchgDataHdr
|
||||
fi;
|
||||
|
||||
if enterAndClear "vendor/lineage"; then
|
||||
|
@ -87,6 +87,7 @@ patchWorkspace() {
|
||||
repopick -it P_asb_2022-11 -e 344200;
|
||||
repopick -it P_asb_2022-12 -e 345931;
|
||||
repopick -it P_asb_2023-01 -e 347129;
|
||||
repopick -it P_asb_2023-02 -e 349337;
|
||||
|
||||
sh "$DOS_SCRIPTS/Patch.sh";
|
||||
sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";
|
||||
|
@ -97,7 +97,7 @@ applyPatch "$DOS_PATCHES/android_build/0002-Enable_fwrapv.patch"; #Use -fwrapv a
|
||||
sed -i '74i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
|
||||
sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 17/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
|
||||
awk -i inplace '!/Email/' target/product/core.mk; #Remove Email
|
||||
sed -i 's/2022-01-05/2023-01-05/' core/version_defaults.mk; #Bump Security String #P_asb_2023-01 #XXX
|
||||
sed -i 's/2022-01-05/2023-02-05/' core/version_defaults.mk; #Bump Security String #P_asb_2023-02 #XXX
|
||||
fi;
|
||||
|
||||
if enterAndClear "build/soong"; then
|
||||
|
Loading…
Reference in New Issue
Block a user