diff --git a/Patches/Common/android_external_webp/CVE-2023-4863.patch b/Patches/Common/android_external_webp/CVE-2023-4863.patch
deleted file mode 100644
index 64f842b1..00000000
--- a/Patches/Common/android_external_webp/CVE-2023-4863.patch
+++ /dev/null
@@ -1,359 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Vincent Rabaud <vrabaud@google.com>
-Date: Thu, 7 Sep 2023 21:16:03 +0200
-Subject: [PATCH] Fix OOB write in BuildHuffmanTable.
-
-First, BuildHuffmanTable is called to check if the data is valid.
-If it is and the table is not big enough, more memory is allocated.
-
-This will make sure that valid (but unoptimized because of unbalanced
-codes) streams are still decodable.
-
-Bug: chromium:1479274
-Change-Id: I31c36dbf3aa78d35ecf38706b50464fd3d375741
-(cherry picked from commit 902bc9190331343b2017211debcec8d2ab87e17a)
-(cherry picked from commit 2af26267cdfcb63a88e5c74a85927a12d6ca1d76)
----
- src/dec/vp8l_dec.c        | 46 ++++++++++---------
- src/dec/vp8li_dec.h       |  2 +-
- src/utils/huffman_utils.c | 97 +++++++++++++++++++++++++++++++--------
- src/utils/huffman_utils.h | 27 +++++++++--
- 4 files changed, 129 insertions(+), 43 deletions(-)
-
-diff --git a/src/dec/vp8l_dec.c b/src/dec/vp8l_dec.c
-index 93615d4e..0d38314d 100644
---- a/src/dec/vp8l_dec.c
-+++ b/src/dec/vp8l_dec.c
-@@ -253,11 +253,11 @@ static int ReadHuffmanCodeLengths(
-   int symbol;
-   int max_symbol;
-   int prev_code_len = DEFAULT_CODE_LENGTH;
--  HuffmanCode table[1 << LENGTHS_TABLE_BITS];
-+  HuffmanTables tables;
- 
--  if (!VP8LBuildHuffmanTable(table, LENGTHS_TABLE_BITS,
--                             code_length_code_lengths,
--                             NUM_CODE_LENGTH_CODES)) {
-+  if (!VP8LHuffmanTablesAllocate(1 << LENGTHS_TABLE_BITS, &tables) ||
-+      !VP8LBuildHuffmanTable(&tables, LENGTHS_TABLE_BITS,
-+                             code_length_code_lengths, NUM_CODE_LENGTH_CODES)) {
-     goto End;
-   }
- 
-@@ -277,7 +277,7 @@ static int ReadHuffmanCodeLengths(
-     int code_len;
-     if (max_symbol-- == 0) break;
-     VP8LFillBitWindow(br);
--    p = &table[VP8LPrefetchBits(br) & LENGTHS_TABLE_MASK];
-+    p = &tables.curr_segment->start[VP8LPrefetchBits(br) & LENGTHS_TABLE_MASK];
-     VP8LSetBitPos(br, br->bit_pos_ + p->bits);
-     code_len = p->value;
-     if (code_len < kCodeLengthLiterals) {
-@@ -300,6 +300,7 @@ static int ReadHuffmanCodeLengths(
-   ok = 1;
- 
-  End:
-+  VP8LHuffmanTablesDeallocate(&tables);
-   if (!ok) dec->status_ = VP8_STATUS_BITSTREAM_ERROR;
-   return ok;
- }
-@@ -307,7 +308,8 @@ static int ReadHuffmanCodeLengths(
- // 'code_lengths' is pre-allocated temporary buffer, used for creating Huffman
- // tree.
- static int ReadHuffmanCode(int alphabet_size, VP8LDecoder* const dec,
--                           int* const code_lengths, HuffmanCode* const table) {
-+                           int* const code_lengths,
-+                           HuffmanTables* const table) {
-   int ok = 0;
-   int size = 0;
-   VP8LBitReader* const br = &dec->br_;
-@@ -362,8 +364,7 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int xsize, int ysize,
-   VP8LMetadata* const hdr = &dec->hdr_;
-   uint32_t* huffman_image = NULL;
-   HTreeGroup* htree_groups = NULL;
--  HuffmanCode* huffman_tables = NULL;
--  HuffmanCode* huffman_table = NULL;
-+  HuffmanTables* huffman_tables = &hdr->huffman_tables_;
-   int num_htree_groups = 1;
-   int num_htree_groups_max = 1;
-   int max_alphabet_size = 0;
-@@ -372,6 +373,10 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int xsize, int ysize,
-   int* mapping = NULL;
-   int ok = 0;
- 
-+  // Check the table has been 0 initialized (through InitMetadata).
-+  assert(huffman_tables->root.start == NULL);
-+  assert(huffman_tables->curr_segment == NULL);
-+
-   if (allow_recursion && VP8LReadBits(br, 1)) {
-     // use meta Huffman codes.
-     const int huffman_precision = VP8LReadBits(br, 3) + 2;
-@@ -434,16 +439,15 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int xsize, int ysize,
- 
-   code_lengths = (int*)WebPSafeCalloc((uint64_t)max_alphabet_size,
-                                       sizeof(*code_lengths));
--  huffman_tables = (HuffmanCode*)WebPSafeMalloc(num_htree_groups * table_size,
--                                                sizeof(*huffman_tables));
-   htree_groups = VP8LHtreeGroupsNew(num_htree_groups);
- 
--  if (htree_groups == NULL || code_lengths == NULL || huffman_tables == NULL) {
-+  if (htree_groups == NULL || code_lengths == NULL ||
-+      !VP8LHuffmanTablesAllocate(num_htree_groups * table_size,
-+                                 huffman_tables)) {
-     dec->status_ = VP8_STATUS_OUT_OF_MEMORY;
-     goto Error;
-   }
- 
--  huffman_table = huffman_tables;
-   for (i = 0; i < num_htree_groups_max; ++i) {
-     // If the index "i" is unused in the Huffman image, just make sure the
-     // coefficients are valid but do not store them.
-@@ -468,19 +472,20 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int xsize, int ysize,
-       int max_bits = 0;
-       for (j = 0; j < HUFFMAN_CODES_PER_META_CODE; ++j) {
-         int alphabet_size = kAlphabetSize[j];
--        htrees[j] = huffman_table;
-         if (j == 0 && color_cache_bits > 0) {
-           alphabet_size += (1 << color_cache_bits);
-         }
--        size = ReadHuffmanCode(alphabet_size, dec, code_lengths, huffman_table);
-+        size =
-+            ReadHuffmanCode(alphabet_size, dec, code_lengths, huffman_tables);
-+        htrees[j] = huffman_tables->curr_segment->curr_table;
-         if (size == 0) {
-           goto Error;
-         }
-         if (is_trivial_literal && kLiteralMap[j] == 1) {
--          is_trivial_literal = (huffman_table->bits == 0);
-+          is_trivial_literal = (htrees[j]->bits == 0);
-         }
--        total_size += huffman_table->bits;
--        huffman_table += size;
-+        total_size += htrees[j]->bits;
-+        huffman_tables->curr_segment->curr_table += size;
-         if (j <= ALPHA) {
-           int local_max_bits = code_lengths[0];
-           int k;
-@@ -515,14 +520,13 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int xsize, int ysize,
-   hdr->huffman_image_ = huffman_image;
-   hdr->num_htree_groups_ = num_htree_groups;
-   hdr->htree_groups_ = htree_groups;
--  hdr->huffman_tables_ = huffman_tables;
- 
-  Error:
-   WebPSafeFree(code_lengths);
-   WebPSafeFree(mapping);
-   if (!ok) {
-     WebPSafeFree(huffman_image);
--    WebPSafeFree(huffman_tables);
-+    VP8LHuffmanTablesDeallocate(huffman_tables);
-     VP8LHtreeGroupsFree(htree_groups);
-   }
-   return ok;
-@@ -1354,7 +1358,7 @@ static void ClearMetadata(VP8LMetadata* const hdr) {
-   assert(hdr != NULL);
- 
-   WebPSafeFree(hdr->huffman_image_);
--  WebPSafeFree(hdr->huffman_tables_);
-+  VP8LHuffmanTablesDeallocate(&hdr->huffman_tables_);
-   VP8LHtreeGroupsFree(hdr->htree_groups_);
-   VP8LColorCacheClear(&hdr->color_cache_);
-   VP8LColorCacheClear(&hdr->saved_color_cache_);
-@@ -1670,7 +1674,7 @@ int VP8LDecodeImage(VP8LDecoder* const dec) {
-   // Sanity checks.
-   if (dec == NULL) return 0;
- 
--  assert(dec->hdr_.huffman_tables_ != NULL);
-+  assert(dec->hdr_.huffman_tables_.root.start != NULL);
-   assert(dec->hdr_.htree_groups_ != NULL);
-   assert(dec->hdr_.num_htree_groups_ > 0);
- 
-diff --git a/src/dec/vp8li_dec.h b/src/dec/vp8li_dec.h
-index 72b2e861..32540a4b 100644
---- a/src/dec/vp8li_dec.h
-+++ b/src/dec/vp8li_dec.h
-@@ -51,7 +51,7 @@ typedef struct {
-   uint32_t*       huffman_image_;
-   int             num_htree_groups_;
-   HTreeGroup*     htree_groups_;
--  HuffmanCode*    huffman_tables_;
-+  HuffmanTables   huffman_tables_;
- } VP8LMetadata;
- 
- typedef struct VP8LDecoder VP8LDecoder;
-diff --git a/src/utils/huffman_utils.c b/src/utils/huffman_utils.c
-index 0cba0fbb..9efd6283 100644
---- a/src/utils/huffman_utils.c
-+++ b/src/utils/huffman_utils.c
-@@ -177,21 +177,24 @@ static int BuildHuffmanTable(HuffmanCode* const root_table, int root_bits,
-       if (num_open < 0) {
-         return 0;
-       }
--      if (root_table == NULL) continue;
-       for (; count[len] > 0; --count[len]) {
-         HuffmanCode code;
-         if ((key & mask) != low) {
--          table += table_size;
-+          if (root_table != NULL) table += table_size;
-           table_bits = NextTableBitSize(count, len, root_bits);
-           table_size = 1 << table_bits;
-           total_size += table_size;
-           low = key & mask;
--          root_table[low].bits = (uint8_t)(table_bits + root_bits);
--          root_table[low].value = (uint16_t)((table - root_table) - low);
-+          if (root_table != NULL) {
-+            root_table[low].bits = (uint8_t)(table_bits + root_bits);
-+            root_table[low].value = (uint16_t)((table - root_table) - low);
-+          }
-+        }
-+        if (root_table != NULL) {
-+          code.bits = (uint8_t)(len - root_bits);
-+          code.value = (uint16_t)sorted[symbol++];
-+          ReplicateValue(&table[key >> root_bits], step, table_size, code);
-         }
--        code.bits = (uint8_t)(len - root_bits);
--        code.value = (uint16_t)sorted[symbol++];
--        ReplicateValue(&table[key >> root_bits], step, table_size, code);
-         key = GetNextKey(key, len);
-       }
-     }
-@@ -211,25 +214,83 @@ static int BuildHuffmanTable(HuffmanCode* const root_table, int root_bits,
-   ((1 << MAX_CACHE_BITS) + NUM_LITERAL_CODES + NUM_LENGTH_CODES)
- // Cut-off value for switching between heap and stack allocation.
- #define SORTED_SIZE_CUTOFF 512
--int VP8LBuildHuffmanTable(HuffmanCode* const root_table, int root_bits,
-+int VP8LBuildHuffmanTable(HuffmanTables* const root_table, int root_bits,
-                           const int code_lengths[], int code_lengths_size) {
--  int total_size;
-+  const int total_size =
-+      BuildHuffmanTable(NULL, root_bits, code_lengths, code_lengths_size, NULL);
-   assert(code_lengths_size <= MAX_CODE_LENGTHS_SIZE);
--  if (root_table == NULL) {
--    total_size = BuildHuffmanTable(NULL, root_bits,
--                                   code_lengths, code_lengths_size, NULL);
--  } else if (code_lengths_size <= SORTED_SIZE_CUTOFF) {
-+  if (total_size == 0 || root_table == NULL) return total_size;
-+
-+  if (root_table->curr_segment->curr_table + total_size >=
-+      root_table->curr_segment->start + root_table->curr_segment->size) {
-+    // If 'root_table' does not have enough memory, allocate a new segment.
-+    // The available part of root_table->curr_segment is left unused because we
-+    // need a contiguous buffer.
-+    const int segment_size = root_table->curr_segment->size;
-+    struct HuffmanTablesSegment* next =
-+        (HuffmanTablesSegment*)WebPSafeMalloc(1, sizeof(*next));
-+    if (next == NULL) return 0;
-+    // Fill the new segment.
-+    // We need at least 'total_size' but if that value is small, it is better to
-+    // allocate a big chunk to prevent more allocations later. 'segment_size' is
-+    // therefore chosen (any other arbitrary value could be chosen).
-+    next->size = total_size > segment_size ? total_size : segment_size;
-+    next->start =
-+        (HuffmanCode*)WebPSafeMalloc(next->size, sizeof(*next->start));
-+    if (next->start == NULL) {
-+      WebPSafeFree(next);
-+      return 0;
-+    }
-+    next->curr_table = next->start;
-+    next->next = NULL;
-+    // Point to the new segment.
-+    root_table->curr_segment->next = next;
-+    root_table->curr_segment = next;
-+  }
-+  if (code_lengths_size <= SORTED_SIZE_CUTOFF) {
-     // use local stack-allocated array.
-     uint16_t sorted[SORTED_SIZE_CUTOFF];
--    total_size = BuildHuffmanTable(root_table, root_bits,
--                                   code_lengths, code_lengths_size, sorted);
--  } else {   // rare case. Use heap allocation.
-+    BuildHuffmanTable(root_table->curr_segment->curr_table, root_bits,
-+                      code_lengths, code_lengths_size, sorted);
-+  } else {  // rare case. Use heap allocation.
-     uint16_t* const sorted =
-         (uint16_t*)WebPSafeMalloc(code_lengths_size, sizeof(*sorted));
-     if (sorted == NULL) return 0;
--    total_size = BuildHuffmanTable(root_table, root_bits,
--                                   code_lengths, code_lengths_size, sorted);
-+    BuildHuffmanTable(root_table->curr_segment->curr_table, root_bits,
-+                      code_lengths, code_lengths_size, sorted);
-     WebPSafeFree(sorted);
-   }
-   return total_size;
- }
-+
-+int VP8LHuffmanTablesAllocate(int size, HuffmanTables* huffman_tables) {
-+  // Have 'segment' point to the first segment for now, 'root'.
-+  HuffmanTablesSegment* const root = &huffman_tables->root;
-+  huffman_tables->curr_segment = root;
-+  // Allocate root.
-+  root->start = (HuffmanCode*)WebPSafeMalloc(size, sizeof(*root->start));
-+  if (root->start == NULL) return 0;
-+  root->curr_table = root->start;
-+  root->next = NULL;
-+  root->size = size;
-+  return 1;
-+}
-+
-+void VP8LHuffmanTablesDeallocate(HuffmanTables* const huffman_tables) {
-+  HuffmanTablesSegment *current, *next;
-+  if (huffman_tables == NULL) return;
-+  // Free the root node.
-+  current = &huffman_tables->root;
-+  next = current->next;
-+  WebPSafeFree(current->start);
-+  current->start = NULL;
-+  current->next = NULL;
-+  current = next;
-+  // Free the following nodes.
-+  while (current != NULL) {
-+    next = current->next;
-+    WebPSafeFree(current->start);
-+    WebPSafeFree(current);
-+    current = next;
-+  }
-+}
-diff --git a/src/utils/huffman_utils.h b/src/utils/huffman_utils.h
-index 13b7ad1a..98415c53 100644
---- a/src/utils/huffman_utils.h
-+++ b/src/utils/huffman_utils.h
-@@ -43,6 +43,29 @@ typedef struct {
-                     // or non-literal symbol otherwise
- } HuffmanCode32;
- 
-+// Contiguous memory segment of HuffmanCodes.
-+typedef struct HuffmanTablesSegment {
-+  HuffmanCode* start;
-+  // Pointer to where we are writing into the segment. Starts at 'start' and
-+  // cannot go beyond 'start' + 'size'.
-+  HuffmanCode* curr_table;
-+  // Pointer to the next segment in the chain.
-+  struct HuffmanTablesSegment* next;
-+  int size;
-+} HuffmanTablesSegment;
-+
-+// Chained memory segments of HuffmanCodes.
-+typedef struct HuffmanTables {
-+  HuffmanTablesSegment root;
-+  // Currently processed segment. At first, this is 'root'.
-+  HuffmanTablesSegment* curr_segment;
-+} HuffmanTables;
-+
-+// Allocates a HuffmanTables with 'size' contiguous HuffmanCodes. Returns 0 on
-+// memory allocation error, 1 otherwise.
-+int VP8LHuffmanTablesAllocate(int size, HuffmanTables* huffman_tables);
-+void VP8LHuffmanTablesDeallocate(HuffmanTables* const huffman_tables);
-+
- #define HUFFMAN_PACKED_BITS 6
- #define HUFFMAN_PACKED_TABLE_SIZE (1u << HUFFMAN_PACKED_BITS)
- 
-@@ -78,9 +101,7 @@ void VP8LHtreeGroupsFree(HTreeGroup* const htree_groups);
- // the huffman table.
- // Returns built table size or 0 in case of error (invalid tree or
- // memory error).
--// If root_table is NULL, it returns 0 if a lookup cannot be built, something
--// > 0 otherwise (but not the table size).
--int VP8LBuildHuffmanTable(HuffmanCode* const root_table, int root_bits,
-+int VP8LBuildHuffmanTable(HuffmanTables* const root_table, int root_bits,
-                           const int code_lengths[], int code_lengths_size);
- 
- #ifdef __cplusplus
diff --git a/Patches/LineageOS-14.1/android_external_aac/364027-backport.patch b/Patches/LineageOS-14.1/android_external_aac/364027-backport.patch
deleted file mode 100644
index 587612e0..00000000
--- a/Patches/LineageOS-14.1/android_external_aac/364027-backport.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Fraunhofer IIS FDK <audio-fdk@iis.fraunhofer.de>
-Date: Tue, 30 May 2023 16:39:32 +0200
-Subject: [PATCH] Increase patchParam array size by one and fix out-of-bounce
- write in resetLppTransposer().
-
-Bug: 279766766
-Test: see POC
-(cherry picked from commit f682b8787eb312b9f8997dac4c2c18bb779cf0df)
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:451762ca48e7fb30a0ce77a8962813a3419ec420)
-Merged-In: I206973e0bb21140865efffd930e39f920f477359
-Change-Id: I206973e0bb21140865efffd930e39f920f477359
----
- libSBRdec/src/lpp_tran.h | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/libSBRdec/src/lpp_tran.h b/libSBRdec/src/lpp_tran.h
-index 003a547..c363880 100644
---- a/libSBRdec/src/lpp_tran.h
-+++ b/libSBRdec/src/lpp_tran.h
-@@ -2,7 +2,7 @@
- /* -----------------------------------------------------------------------------------------------------------
- Software License for The Fraunhofer FDK AAC Codec Library for Android
- 
--� Copyright  1995 - 2013 Fraunhofer-Gesellschaft zur F�rderung der angewandten Forschung e.V.
-+� Copyright  1995 - 2023 Fraunhofer-Gesellschaft zur F�rderung der angewandten Forschung e.V.
-   All rights reserved.
- 
-  1.    INTRODUCTION
-@@ -175,7 +175,7 @@ typedef struct {
-   UCHAR  lbStopPatching;              /*!< first band that won't be patched anymore*/
-   UCHAR  bwBorders[MAX_NUM_NOISE_VALUES]; /*!< spectral bands with different inverse filtering levels */
- 
--  PATCH_PARAM    patchParam[MAX_NUM_PATCHES]; /*!< new parameter set for patching */
-+  PATCH_PARAM    patchParam[MAX_NUM_PATCHES + 1]; /*!< new parameter set for patching */
-   WHITENING_FACTORS whFactors;                /*!< the pole moving factors for certain whitening levels as indicated
-                                                    in the bitstream depending on the crossover frequency */
-   UCHAR  overlap;                             /*!< Overlap size */
diff --git a/Patches/LineageOS-14.1/android_external_freetype/360899.patch b/Patches/LineageOS-14.1/android_external_freetype/360899.patch
deleted file mode 100644
index c90467e0..00000000
--- a/Patches/LineageOS-14.1/android_external_freetype/360899.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Werner Lemberg <wl@gnu.org>
-Date: Sat, 19 Mar 2022 06:40:17 +0100
-Subject: [PATCH] DO NOT MERGE - Cherry-pick two upstream changes
-
-This cherry picks following two changes:
-
-0c2bdb01a2e1d24a3e592377a6d0822856e10df2
-22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5
-
-Bug: 271680254
-Test: N/A
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:4ffa271ab538f57b65a65d434a2df9d3f8cd2f4a)
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:b0f8930701bf19229075cc930ad15813ff5fb07b)
-Merged-In: I42469df8e8b07221d64e3f8574c4f30110dbda7e
-Change-Id: I42469df8e8b07221d64e3f8574c4f30110dbda7e
-
-Change-Id: Ia584ab1f2633a84e5896c09113513c582ce95dad
----
- src/base/ftobjs.c | 11 +++++++++++
- 1 file changed, 11 insertions(+)
-
-diff --git a/src/base/ftobjs.c b/src/base/ftobjs.c
-index 9006b598b..4e1d32aa0 100644
---- a/src/base/ftobjs.c
-+++ b/src/base/ftobjs.c
-@@ -2118,6 +2118,14 @@
-     FT_Module*   cur;
-     FT_Module*   limit;
- 
-+    /* only use lower 31 bits together with sign bit */
-+    if ( face_index > 0 )
-+      face_index &= 0x7FFFFFFFL;
-+    else
-+    {
-+      face_index &= 0x7FFFFFFFL;
-+      face_index  = -face_index;
-+    }
- 
-     /* test for valid `library' delayed to `FT_Stream_New' */
- 
-@@ -2953,6 +2961,9 @@
-     if ( !face )
-       return FT_THROW( Invalid_Face_Handle );
- 
-+    if ( !face->size )
-+      return FT_THROW( Invalid_Size_Handle );
-+
-     if ( !req || req->width < 0 || req->height < 0 ||
-          req->type >= FT_SIZE_REQUEST_TYPE_MAX )
-       return FT_THROW( Invalid_Argument );
diff --git a/Patches/LineageOS-15.1/android_external_aac/364027-backport.patch b/Patches/LineageOS-15.1/android_external_aac/364027-backport.patch
deleted file mode 100644
index 587612e0..00000000
--- a/Patches/LineageOS-15.1/android_external_aac/364027-backport.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Fraunhofer IIS FDK <audio-fdk@iis.fraunhofer.de>
-Date: Tue, 30 May 2023 16:39:32 +0200
-Subject: [PATCH] Increase patchParam array size by one and fix out-of-bounce
- write in resetLppTransposer().
-
-Bug: 279766766
-Test: see POC
-(cherry picked from commit f682b8787eb312b9f8997dac4c2c18bb779cf0df)
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:451762ca48e7fb30a0ce77a8962813a3419ec420)
-Merged-In: I206973e0bb21140865efffd930e39f920f477359
-Change-Id: I206973e0bb21140865efffd930e39f920f477359
----
- libSBRdec/src/lpp_tran.h | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/libSBRdec/src/lpp_tran.h b/libSBRdec/src/lpp_tran.h
-index 003a547..c363880 100644
---- a/libSBRdec/src/lpp_tran.h
-+++ b/libSBRdec/src/lpp_tran.h
-@@ -2,7 +2,7 @@
- /* -----------------------------------------------------------------------------------------------------------
- Software License for The Fraunhofer FDK AAC Codec Library for Android
- 
--� Copyright  1995 - 2013 Fraunhofer-Gesellschaft zur F�rderung der angewandten Forschung e.V.
-+� Copyright  1995 - 2023 Fraunhofer-Gesellschaft zur F�rderung der angewandten Forschung e.V.
-   All rights reserved.
- 
-  1.    INTRODUCTION
-@@ -175,7 +175,7 @@ typedef struct {
-   UCHAR  lbStopPatching;              /*!< first band that won't be patched anymore*/
-   UCHAR  bwBorders[MAX_NUM_NOISE_VALUES]; /*!< spectral bands with different inverse filtering levels */
- 
--  PATCH_PARAM    patchParam[MAX_NUM_PATCHES]; /*!< new parameter set for patching */
-+  PATCH_PARAM    patchParam[MAX_NUM_PATCHES + 1]; /*!< new parameter set for patching */
-   WHITENING_FACTORS whFactors;                /*!< the pole moving factors for certain whitening levels as indicated
-                                                    in the bitstream depending on the crossover frequency */
-   UCHAR  overlap;                             /*!< Overlap size */
diff --git a/Patches/LineageOS-16.0/android_external_freetype/360951.patch b/Patches/LineageOS-16.0/android_external_freetype/360951.patch
deleted file mode 100644
index b6282274..00000000
--- a/Patches/LineageOS-16.0/android_external_freetype/360951.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Werner Lemberg <wl@gnu.org>
-Date: Sat, 19 Mar 2022 06:40:17 +0100
-Subject: [PATCH] DO NOT MERGE - Cherry-pick two upstream changes
-
-This cherry picks following two changes:
-
-0c2bdb01a2e1d24a3e592377a6d0822856e10df2
-22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5
-
-Bug: 271680254
-Test: N/A
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:4ffa271ab538f57b65a65d434a2df9d3f8cd2f4a)
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:b0f8930701bf19229075cc930ad15813ff5fb07b)
-Merged-In: I42469df8e8b07221d64e3f8574c4f30110dbda7e
-Change-Id: I42469df8e8b07221d64e3f8574c4f30110dbda7e
----
- src/base/ftobjs.c | 12 ++++++++++++
- 1 file changed, 12 insertions(+)
-
-diff --git a/src/base/ftobjs.c b/src/base/ftobjs.c
-index 8d07e35ae..fda7e21de 100644
---- a/src/base/ftobjs.c
-+++ b/src/base/ftobjs.c
-@@ -2345,6 +2345,15 @@
- #endif
- 
- 
-+    /* only use lower 31 bits together with sign bit */
-+    if ( face_index > 0 )
-+      face_index &= 0x7FFFFFFFL;
-+    else
-+    {
-+      face_index &= 0x7FFFFFFFL;
-+      face_index  = -face_index;
-+    }
-+
- #ifdef FT_DEBUG_LEVEL_TRACE
-     FT_TRACE3(( "FT_Open_Face: " ));
-     if ( face_index < 0 )
-@@ -3200,6 +3209,9 @@
-     if ( !face )
-       return FT_THROW( Invalid_Face_Handle );
- 
-+    if ( !face->size )
-+      return FT_THROW( Invalid_Size_Handle );
-+
-     if ( !req || req->width < 0 || req->height < 0 ||
-          req->type >= FT_SIZE_REQUEST_TYPE_MAX )
-       return FT_THROW( Invalid_Argument );
diff --git a/Patches/LineageOS-16.0/android_external_freetype/364028-backport.patch b/Patches/LineageOS-16.0/android_external_freetype/364028-backport.patch
deleted file mode 100644
index ef412bcf..00000000
--- a/Patches/LineageOS-16.0/android_external_freetype/364028-backport.patch
+++ /dev/null
@@ -1,367 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Seigo Nonaka <nona@google.com>
-Date: Tue, 2 May 2023 10:01:38 +0900
-Subject: [PATCH] Cherrypick following three changes
-
-[cherrypick 545bf3a27] [sfnt, truetype] Add `size_reset` to `MetricsVariations`.
-[cherrypick daad10810] [truetype] tt_size_reset_height to take FT_Size
-[cherrypick 51ad7b243] [services] FT_Size_Reset_Func to return FT_Error
-
-Bug: 278221085
-Test: TreeHugger
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:9fe9411db4b7e715a39c0ccf48d1e0328f1d8e7c)
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:8d63b0bfcbaba361543fd9394b8d86907f52c97d)
-Merged-In: I7e839b2a36e35c27974a82cc76e853996a7c7688
-Change-Id: I7e839b2a36e35c27974a82cc76e853996a7c7688
----
- include/freetype/internal/services/svmetric.h |  8 ++-
- include/freetype/internal/tttypes.h           | 10 ++-
- src/cff/cffdrivr.c                            |  9 ++-
- src/cff/cffobjs.c                             |  6 +-
- src/sfnt/sfobjs.c                             | 14 ++--
- src/sfnt/ttmtx.c                              |  2 +-
- src/truetype/ttdriver.c                       |  7 +-
- src/truetype/ttgxvar.c                        | 23 ++++---
- src/truetype/ttobjs.c                         | 68 +++++++++++--------
- src/truetype/ttobjs.h                         |  6 +-
- 10 files changed, 98 insertions(+), 55 deletions(-)
-
-diff --git a/include/freetype/internal/services/svmetric.h b/include/freetype/internal/services/svmetric.h
-index abaacddbb..2e8a2e6b3 100644
---- a/include/freetype/internal/services/svmetric.h
-+++ b/include/freetype/internal/services/svmetric.h
-@@ -77,6 +77,9 @@ FT_BEGIN_HEADER
-   typedef void
-   (*FT_Metrics_Adjust_Func)( FT_Face  face );
- 
-+  typedef FT_Error
-+  (*FT_Size_Reset_Func)( FT_Size  size );
-+
- 
-   FT_DEFINE_SERVICE( MetricsVariations )
-   {
-@@ -90,6 +93,7 @@ FT_BEGIN_HEADER
-     FT_VOrg_Adjust_Func      vorg_adjust;
- 
-     FT_Metrics_Adjust_Func   metrics_adjust;
-+    FT_Size_Reset_Func       size_reset;
-   };
- 
- 
-@@ -103,7 +107,8 @@ FT_BEGIN_HEADER
-                                                 tsb_adjust_,       \
-                                                 bsb_adjust_,       \
-                                                 vorg_adjust_,      \
--                                                metrics_adjust_  ) \
-+                                                metrics_adjust_,   \
-+                                                size_reset_      ) \
-   static const FT_Service_MetricsVariationsRec  class_ =           \
-   {                                                                \
-     hadvance_adjust_,                                              \
-@@ -114,6 +119,7 @@ FT_BEGIN_HEADER
-     bsb_adjust_,                                                   \
-     vorg_adjust_,                                                  \
--    metrics_adjust_                                                \
-+    metrics_adjust_,                                                \
-+    size_reset_                                                    \
-   };
- 
- #else /* FT_CONFIG_OPTION_PIC */
-diff --git a/include/freetype/internal/tttypes.h b/include/freetype/internal/tttypes.h
-index 10dd336a8..422a680de 100644
---- a/include/freetype/internal/tttypes.h
-+++ b/include/freetype/internal/tttypes.h
-@@ -1437,8 +1437,14 @@ FT_BEGIN_HEADER
-     void*                 mm;
- 
-     /* a typeless pointer to the FT_Service_MetricsVariationsRec table */
--    /* used to handle the HVAR, VVAR, and MVAR OpenType tables         */
--    void*                 var;
-+    /* used to handle the HVAR, VVAR, and MVAR OpenType tables by the  */
-+    /* "truetype" driver                                               */
-+    void*                 tt_var;
-+
-+    /* a typeless pointer to the FT_Service_MetricsVariationsRec table */
-+    /* used to handle the HVAR, VVAR, and MVAR OpenType tables by this */
-+    /* TT_Face's driver                                                */
-+    void*                 face_var;
- #endif
- 
-     /* a typeless pointer to the PostScript Aux service */
---- a/src/cff/cffdrivr.c
-+++ b/src/cff/cffdrivr.c
-@@ -933,7 +933,8 @@
-                        FT_UInt   gindex,
-                        FT_Int   *avalue )
-   {
--    FT_Service_MetricsVariations  var = (FT_Service_MetricsVariations)face->var;
-+    FT_Service_MetricsVariations
-+      var = (FT_Service_MetricsVariations)face->tt_var;
- 
- 
-     return var->hadvance_adjust( FT_FACE( face ), gindex, avalue );
-@@ -943,7 +944,8 @@
-   static void
-   cff_metrics_adjust( CFF_Face  face )
-   {
--    FT_Service_MetricsVariations  var = (FT_Service_MetricsVariations)face->var;
-+    FT_Service_MetricsVariations
-+      var = (FT_Service_MetricsVariations)face->tt_var;
- 
- 
-     var->metrics_adjust( FT_FACE( face ) );
-@@ -962,7 +964,8 @@
-     (FT_BSB_Adjust_Func)     NULL,                   /* bsb_adjust      */
-     (FT_VOrg_Adjust_Func)    NULL,                   /* vorg_adjust     */
- 
--    (FT_Metrics_Adjust_Func) cff_metrics_adjust      /* metrics_adjust  */
-+    (FT_Metrics_Adjust_Func) cff_metrics_adjust,     /* metrics_adjust  */
-+    (FT_Size_Reset_Func)     NULL                    /* size_reset      */
-   )
- #endif
- 
---- a/src/cff/cffobjs.c
-+++ b/src/cff/cffobjs.c
-@@ -710,8 +710,10 @@
- 
- #ifdef TT_CONFIG_OPTION_GX_VAR_SUPPORT
-       {
--        FT_Service_MultiMasters       mm  = (FT_Service_MultiMasters)face->mm;
--        FT_Service_MetricsVariations  var = (FT_Service_MetricsVariations)face->var;
-+        FT_Service_MultiMasters
-+          mm = (FT_Service_MultiMasters)face->mm;
-+        FT_Service_MetricsVariations
-+          var = (FT_Service_MetricsVariations)face->face_var;
- 
-         FT_UInt  instance_index = (FT_UInt)face_index >> 16;
- 
---- a/src/sfnt/sfobjs.c
-+++ b/src/sfnt/sfobjs.c
-@@ -896,17 +896,23 @@
-                                         0 );
-     }
- 
--    if ( !face->var )
-+    if ( !face->tt_var )
-     {
-       /* we want the metrics variations interface */
-       /* from the `truetype' module only          */
-       FT_Module  tt_module = FT_Get_Module( library, "truetype" );
- 
- 
--      face->var = ft_module_get_service( tt_module,
--                                         FT_SERVICE_ID_METRICS_VARIATIONS,
--                                         0 );
-+      face->tt_var = ft_module_get_service( tt_module,
-+                                            FT_SERVICE_ID_METRICS_VARIATIONS,
-+                                            0 );
-     }
-+
-+    if ( !face->face_var )
-+      face->face_var = ft_module_get_service(
-+                         &face->root.driver->root,
-+                         FT_SERVICE_ID_METRICS_VARIATIONS,
-+                         0 );
- #endif
- 
-     FT_TRACE2(( "SFNT driver\n" ));
---- a/src/sfnt/ttmtx.c
-+++ b/src/sfnt/ttmtx.c
-@@ -229,7 +229,7 @@
- 
- #ifdef TT_CONFIG_OPTION_GX_VAR_SUPPORT
-     FT_Service_MetricsVariations  var =
--      (FT_Service_MetricsVariations)face->var;
-+      (FT_Service_MetricsVariations)face->tt_var;
- #endif
- 
- 
---- a/src/truetype/ttdriver.c
-+++ b/src/truetype/ttdriver.c
-@@ -304,7 +304,7 @@
-       /* use the scaled metrics, even when tt_size_reset fails */
-       FT_Select_Metrics( size->face, strike_index );
- 
--      tt_size_reset( ttsize, 0 ); /* ignore return value */
-+      tt_size_reset( ttsize ); /* ignore return value */
-     }
-     else
-     {
-@@ -356,7 +356,7 @@
- 
-     if ( FT_IS_SCALABLE( size->face ) )
-     {
--      error = tt_size_reset( ttsize, 0 );
-+      error = tt_size_reset( ttsize );
- 
- #ifdef TT_USE_BYTECODE_INTERPRETER
-       /* for the `MPS' bytecode instruction we need the point size */
-@@ -516,7 +516,8 @@
-     (FT_BSB_Adjust_Func)     NULL,                   /* bsb_adjust      */
-     (FT_VOrg_Adjust_Func)    NULL,                   /* vorg_adjust     */
- 
--    (FT_Metrics_Adjust_Func) tt_apply_mvar           /* metrics_adjust  */
-+    (FT_Metrics_Adjust_Func) tt_apply_mvar,          /* metrics_adjust  */
-+    (FT_Size_Reset_Func)     tt_size_reset_height    /* size_reset      */
-   )
- 
- #endif /* TT_CONFIG_OPTION_GX_VAR_SUPPORT */
---- a/src/truetype/ttgxvar.c
-+++ b/src/truetype/ttgxvar.c
-@@ -1283,15 +1283,14 @@
- 
- 
-   static FT_Error
--  tt_size_reset_iterator( FT_ListNode  node,
-+  ft_size_reset_iterator( FT_ListNode  node,
-                           void*        user )
-   {
--    TT_Size  size = (TT_Size)node->data;
-+    FT_Size                       size = (FT_Size)node->data;
-+    FT_Service_MetricsVariations  var  = (FT_Service_MetricsVariations)user;
- 
--    FT_UNUSED( user );
- 
--
--    tt_size_reset( size, 1 );
-+    var->size_reset( size );
- 
-     return FT_Err_Ok;
-   }
-@@ -1352,6 +1351,9 @@
- 
-     /* adjust all derived values */
-     {
-+      FT_Service_MetricsVariations  var =
-+        (FT_Service_MetricsVariations)face->face_var;
-+
-       FT_Face  root = &face->root;
- 
- 
-@@ -1378,11 +1380,12 @@
-                                   face->postscript.underlineThickness / 2;
-       root->underline_thickness = face->postscript.underlineThickness;
- 
--      /* iterate over all FT_Size objects and call `tt_size_reset' */
--      /* to propagate the metrics changes                          */
--      FT_List_Iterate( &root->sizes_list,
--                       tt_size_reset_iterator,
--                       NULL );
-+      /* iterate over all FT_Size objects and call `var->size_reset' */
-+      /* to propagate the metrics changes                            */
-+      if ( var && var->size_reset )
-+        FT_List_Iterate( &root->sizes_list,
-+                         ft_size_reset_iterator,
-+                         (void*)var );
-     }
-   }
- 
---- a/src/truetype/ttobjs.c
-+++ b/src/truetype/ttobjs.c
-@@ -1234,37 +1234,29 @@
-   /*************************************************************************/
-   /*                                                                       */
-   /* <Function>                                                            */
--  /*    tt_size_reset                                                      */
-+  /*   tt_size_reset_height                                                */
-   /*                                                                       */
-   /* <Description>                                                         */
--  /*    Reset a TrueType size when resolutions and character dimensions    */
--  /*    have been changed.                                                 */
-+  /*   Recompute a TrueType size's ascender, descender, and height         */
-+  /*   when resolutions and character dimensions have been changed.        */
-+  /*   Used for variation fonts as an iterator function.                   */
-   /*                                                                       */
-   /* <Input>                                                               */
--  /*    size        :: A handle to the target size object.                 */
--  /*                                                                       */
--  /*    only_height :: Only recompute ascender, descender, and height;     */
--  /*                   this flag is used for variation fonts where         */
--  /*                   `tt_size_reset' is used as an iterator function.    */
-+  /*   ft_size ::                                                          */
-+  /*     A handle to the target TT_Size object. This function will be called*/
-+  /*     through a `FT_Size_Reset_Func` pointer which takes `FT_Size`. This*/
-+  /*     function must take `FT_Size` as a result. The passed `FT_Size` is */
-+  /*     expected to point to a `TT_Size`.                                 */
-   /*                                                                       */
-   FT_LOCAL_DEF( FT_Error )
--  tt_size_reset( TT_Size  size,
--                 FT_Bool  only_height )
-+  tt_size_reset_height( FT_Size  ft_size )
-   {
--    TT_Face           face;
--    FT_Size_Metrics*  size_metrics;
--
--
--    face = (TT_Face)size->root.face;
--
--    /* nothing to do for CFF2 */
--    if ( face->is_cff2 )
--      return FT_Err_Ok;
-+    TT_Size           size         = (TT_Size)ft_size;
-+    TT_Face           face         = (TT_Face)size->root.face;
-+    FT_Size_Metrics*  size_metrics = &size->hinted_metrics;
- 
-     size->ttmetrics.valid = FALSE;
- 
--    size_metrics = &size->hinted_metrics;
--
-     /* copy the result from base layer */
-     *size_metrics = size->root.metrics;
- 
-@@ -1291,12 +1283,34 @@
- 
-     size->ttmetrics.valid = TRUE;
- 
--    if ( only_height )
--    {
--      /* we must not recompute the scaling values here since       */
--      /* `tt_size_reset' was already called (with only_height = 0) */
--      return FT_Err_Ok;
--    }
-+    return FT_Err_Ok;
-+  }
-+
-+
-+  /**************************************************************************
-+   *
-+   * @Function:
-+   *   tt_size_reset
-+   *
-+   * @Description:
-+   *   Reset a TrueType size when resolutions and character dimensions
-+   *   have been changed.
-+   *
-+   * @Input:
-+   *   size ::
-+   *     A handle to the target size object.
-+   */
-+  FT_LOCAL_DEF( FT_Error )
-+  tt_size_reset( TT_Size  size )
-+  {
-+    FT_Error          error;
-+    TT_Face           face         = (TT_Face)size->root.face;
-+    FT_Size_Metrics*  size_metrics = &size->hinted_metrics;
-+
-+
-+    error = tt_size_reset_height( (FT_Size)size );
-+    if ( error )
-+      return error;
- 
-     if ( face->header.Flags & 8 )
-     {
---- a/src/truetype/ttobjs.h
-+++ b/src/truetype/ttobjs.h
-@@ -390,8 +390,10 @@ FT_BEGIN_HEADER
- #endif /* TT_USE_BYTECODE_INTERPRETER */
- 
-   FT_LOCAL( FT_Error )
--  tt_size_reset( TT_Size  size,
--                 FT_Bool  only_height );
-+  tt_size_reset_height( FT_Size  size );
-+
-+  FT_LOCAL( FT_Error )
-+  tt_size_reset( TT_Size  size );
- 
- 
-   /*************************************************************************/
diff --git a/Patches/LineageOS-16.0/android_frameworks_av/365962.patch b/Patches/LineageOS-16.0/android_frameworks_av/365962.patch
deleted file mode 100644
index 77074939..00000000
--- a/Patches/LineageOS-16.0/android_frameworks_av/365962.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Shruti Bihani <shrutibihani@google.com>
-Date: Thu, 6 Jul 2023 08:41:56 +0000
-Subject: [PATCH] Fix Segv on unknown address error flagged by fuzzer test.
-
-The error is thrown when the destructor tries to free pointer memory.
-This is happening for cases where the pointer was not initialized. Initializing it to a default value fixes the error.
-
-Bug: 245135112
-Test: Build mtp_host_property_fuzzer and run on the target device
-(cherry picked from commit 3afa6e80e8568fe63f893fa354bc79ef91d3dcc0)
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:d44311374e41a26b28db56794c9a7890a13a6972)
-Merged-In: I255cd68b7641e96ac47ab81479b9b46b78c15580
-Change-Id: I255cd68b7641e96ac47ab81479b9b46b78c15580
----
- media/mtp/MtpProperty.h | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/media/mtp/MtpProperty.h b/media/mtp/MtpProperty.h
-index bfd5f7f59a..1eb8874af1 100644
---- a/media/mtp/MtpProperty.h
-+++ b/media/mtp/MtpProperty.h
-@@ -26,6 +26,9 @@ namespace android {
- class MtpDataPacket;
- 
- struct MtpPropertyValue {
-+    // pointer str initialized to NULL so that free operation
-+    // is not called for pre-assigned value
-+    MtpPropertyValue() : str (NULL) {}
-     union {
-         int8_t          i8;
-         uint8_t         u8;
diff --git a/Patches/LineageOS-16.0/android_frameworks_base/360953-backport.patch b/Patches/LineageOS-16.0/android_frameworks_base/360953-backport.patch
deleted file mode 100644
index 54fd089c..00000000
--- a/Patches/LineageOS-16.0/android_frameworks_base/360953-backport.patch
+++ /dev/null
@@ -1,145 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Lucas Lin <lucaslin@google.com>
-Date: Fri, 3 Mar 2023 08:13:50 +0000
-Subject: [PATCH] Sanitize VPN label to prevent HTML injection
-
-This commit will try to sanitize the content of VpnDialog. This
-commit creates a function which will try to sanitize the VPN
-label, if the sanitized VPN label is different from the original
-one, which means the VPN label might contain HTML tag or the VPN
-label violates the words restriction(may contain some wording
-which will mislead the user). For this kind of case, show the
-package name instead of the VPN label to prevent misleading the
-user.
-
-The malicious VPN app might be able to add a large number of line
-breaks with HTML in order to hide the system-displayed text from
-the user in the connection request dialog. Thus, sanitizing the
-content of the dialog is needed.
-
-Bug: 204554636
-Test: N/A
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:2178216b98bf9865edee198f45192f0b883624ab)
-Merged-In: I8eb890fd2e5797d8d6ab5b12f9c628bc9616081d
-Change-Id: I8eb890fd2e5797d8d6ab5b12f9c628bc9616081d
----
- packages/VpnDialogs/res/values/strings.xml    | 28 ++++++++++
- .../com/android/vpndialogs/ConfirmDialog.java | 53 +++++++++++++++++--
- 2 files changed, 76 insertions(+), 5 deletions(-)
-
-diff --git a/packages/VpnDialogs/res/values/strings.xml b/packages/VpnDialogs/res/values/strings.xml
-index 443a9bc33b90..b4166f0bedfd 100644
---- a/packages/VpnDialogs/res/values/strings.xml
-+++ b/packages/VpnDialogs/res/values/strings.xml
-@@ -89,4 +89,32 @@
-          without any consequences. [CHAR LIMIT=20] -->
-     <string name="dismiss">Dismiss</string>
- 
-+    <!-- Malicious VPN apps may provide very long labels or cunning HTML to trick the system dialogs
-+         into displaying what they want. The system will attempt to sanitize the label, and if the
-+         label is deemed dangerous, then this string is used instead. The first argument is the
-+         first 30 characters of the label, and the second argument is the package name of the app.
-+         Example : Normally a VPN app may be called "My VPN app" in which case the dialog will read
-+         "My VPN app wants to set up a VPN connection...". If the label is very long, then, this
-+         will be used to show "VerylongVPNlabel… (com.my.vpn.app) wants to set up a VPN
-+         connection...". For this case, the code will refer to sanitized_vpn_label_with_ellipsis.
-+    -->
-+    <string name="sanitized_vpn_label_with_ellipsis">
-+        <xliff:g id="sanitized_vpn_label_with_ellipsis" example="My VPN app">%1$s</xliff:g>… (
-+        <xliff:g id="sanitized_vpn_label_with_ellipsis" example="com.my.vpn.app">%2$s</xliff:g>)
-+    </string>
-+
-+    <!-- Malicious VPN apps may provide very long labels or cunning HTML to trick the system dialogs
-+         into displaying what they want. The system will attempt to sanitize the label, and if the
-+         label is deemed dangerous, then this string is used instead. The first argument is the
-+         label, and the second argument is the package name of the app.
-+         Example : Normally a VPN app may be called "My VPN app" in which case the dialog will read
-+         "My VPN app wants to set up a VPN connection...". If the VPN label contains HTML tag but
-+         the length is not very long, the dialog will show "VpnLabelWith&lt;br&gt;HtmlTag
-+         (com.my.vpn.app) wants to set up a VPN connection...". For this case, the code will refer
-+         to sanitized_vpn_label.
-+    -->
-+    <string name="sanitized_vpn_label">
-+        <xliff:g id="sanitized_vpn_label" example="My VPN app">%1$s</xliff:g> (
-+        <xliff:g id="sanitized_vpn_label" example="com.my.vpn.app">%2$s</xliff:g>)
-+    </string>
- </resources>
-diff --git a/packages/VpnDialogs/src/com/android/vpndialogs/ConfirmDialog.java b/packages/VpnDialogs/src/com/android/vpndialogs/ConfirmDialog.java
-index 09339743db5c..43d18df3a10d 100644
---- a/packages/VpnDialogs/src/com/android/vpndialogs/ConfirmDialog.java
-+++ b/packages/VpnDialogs/src/com/android/vpndialogs/ConfirmDialog.java
-@@ -42,10 +42,52 @@ public class ConfirmDialog extends AlertActivity
-         implements DialogInterface.OnClickListener, ImageGetter {
-     private static final String TAG = "VpnConfirm";
- 
-+    // Usually the label represents the app name, 150 code points might be enough to display the app
-+    // name, and 150 code points won't cover the warning message from VpnDialog.
-+    static final int MAX_VPN_LABEL_LENGTH = 150;
-+
-     private String mPackage;
- 
-     private IConnectivityManager mService;
- 
-+    private View mView;
-+
-+    /**
-+     * This function will use the string resource to combine the VPN label and the package name.
-+     *
-+     * If the VPN label violates the length restriction, the first 30 code points of VPN label and
-+     * the package name will be returned. Or return the VPN label and the package name directly if
-+     * the VPN label doesn't violate the length restriction.
-+     *
-+     * The result will be something like,
-+     * - ThisIsAVeryLongVpnAppNameWhich... (com.vpn.app)
-+     *   if the VPN label violates the length restriction.
-+     * or
-+     * - VpnLabelWith&lt;br&gt;HtmlTag (com.vpn.app)
-+     *   if the VPN label doesn't violate the length restriction.
-+     *
-+     */
-+    private String getSimplifiedLabel(String vpnLabel, String packageName) {
-+        if (vpnLabel.codePointCount(0, vpnLabel.length()) > 30) {
-+            return getString(R.string.sanitized_vpn_label_with_ellipsis,
-+                vpnLabel.substring(0, vpnLabel.offsetByCodePoints(0, 30)),
-+                packageName);
-+        }
-+
-+        return getString(R.string.sanitized_vpn_label, vpnLabel, packageName);
-+    }
-+
-+    protected String getSanitizedVpnLabel(String vpnLabel, String packageName) {
-+        final String sanitizedVpnLabel = Html.escapeHtml(vpnLabel);
-+        final boolean exceedMaxVpnLabelLength = sanitizedVpnLabel.codePointCount(0,
-+            sanitizedVpnLabel.length()) > MAX_VPN_LABEL_LENGTH;
-+        if (exceedMaxVpnLabelLength || !vpnLabel.equals(sanitizedVpnLabel)) {
-+            return getSimplifiedLabel(sanitizedVpnLabel, packageName);
-+        }
-+
-+        return sanitizedVpnLabel;
-+    }
-+
-     @Override
-     protected void onCreate(Bundle savedInstanceState) {
-         super.onCreate(savedInstanceState);
-@@ -68,15 +110,16 @@ public class ConfirmDialog extends AlertActivity
-             finish();
-             return;
-         }
--        View view = View.inflate(this, R.layout.confirm, null);
--        ((TextView) view.findViewById(R.id.warning)).setText(
--                Html.fromHtml(getString(R.string.warning, getVpnLabel()),
--                        this, null /* tagHandler */));
-+        mView = View.inflate(this, R.layout.confirm, null);
-+        ((TextView) mView.findViewById(R.id.warning)).setText(
-+                Html.fromHtml(getString(R.string.warning, getSanitizedVpnLabel(
-+                    getVpnLabel().toString(), mPackage)),
-+                    this /* imageGetter */, null /* tagHandler */));
-         mAlertParams.mTitle = getText(R.string.prompt);
-         mAlertParams.mPositiveButtonText = getText(android.R.string.ok);
-         mAlertParams.mPositiveButtonListener = this;
-         mAlertParams.mNegativeButtonText = getText(android.R.string.cancel);
--        mAlertParams.mView = view;
-+        mAlertParams.mView = mView;
-         setupAlert();
- 
-         getWindow().setCloseOnTouchOutside(false);
diff --git a/Patches/LineageOS-16.0/android_frameworks_base/360954.patch b/Patches/LineageOS-16.0/android_frameworks_base/360954.patch
deleted file mode 100644
index 449a4d66..00000000
--- a/Patches/LineageOS-16.0/android_frameworks_base/360954.patch
+++ /dev/null
@@ -1,84 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Michael Groover <mpgroover@google.com>
-Date: Fri, 31 Mar 2023 21:31:22 +0000
-Subject: [PATCH] Limit the number of supported v1 and v2 signers
-
-The v1 and v2 APK Signature Schemes support multiple signers; this
-was intended to allow multiple entities to sign an APK. Previously,
-the platform had no limits placed on the number of signers supported
-in an APK, but this commit sets a hard limit of 10 supported signers
-for these signature schemes to ensure a large number of signers
-does not place undue burden on the platform.
-
-Bug: 266580022
-Test: Manually verified the platform only allowed an APK with the
-       maximum number of supported signers.
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:6f6ee8a55f37c2b8c0df041b2bd53ec928764597)
-Merged-In: I6aa86b615b203cdc69d58a593ccf8f18474ca091
-Change-Id: I6aa86b615b203cdc69d58a593ccf8f18474ca091
----
- .../util/apk/ApkSignatureSchemeV2Verifier.java        | 10 ++++++++++
- core/java/android/util/jar/StrictJarVerifier.java     | 11 +++++++++++
- 2 files changed, 21 insertions(+)
-
-diff --git a/core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java b/core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java
-index 533d72590f0a..d5f6ebe8c2e9 100644
---- a/core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java
-+++ b/core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java
-@@ -83,6 +83,11 @@ public class ApkSignatureSchemeV2Verifier {
- 
-     private static final int APK_SIGNATURE_SCHEME_V2_BLOCK_ID = 0x7109871a;
- 
-+    /**
-+     * The maximum number of signers supported by the v2 APK signature scheme.
-+     */
-+    private static final int MAX_V2_SIGNERS = 10;
-+
-     /**
-      * Returns {@code true} if the provided APK contains an APK Signature Scheme V2 signature.
-      *
-@@ -188,6 +193,11 @@ public class ApkSignatureSchemeV2Verifier {
-         }
-         while (signers.hasRemaining()) {
-             signerCount++;
-+            if (signerCount > MAX_V2_SIGNERS) {
-+                throw new SecurityException(
-+                        "APK Signature Scheme v2 only supports a maximum of " + MAX_V2_SIGNERS
-+                                + " signers");
-+            }
-             try {
-                 ByteBuffer signer = getLengthPrefixedSlice(signers);
-                 X509Certificate[] certs = verifySigner(signer, contentDigests, certFactory);
-diff --git a/core/java/android/util/jar/StrictJarVerifier.java b/core/java/android/util/jar/StrictJarVerifier.java
-index 45254908c5c9..a6aca330d323 100644
---- a/core/java/android/util/jar/StrictJarVerifier.java
-+++ b/core/java/android/util/jar/StrictJarVerifier.java
-@@ -78,6 +78,11 @@ class StrictJarVerifier {
-         "SHA1",
-     };
- 
-+    /**
-+     * The maximum number of signers supported by the JAR signature scheme.
-+     */
-+    private static final int MAX_JAR_SIGNERS = 10;
-+
-     private final String jarName;
-     private final StrictJarManifest manifest;
-     private final HashMap<String, byte[]> metaEntries;
-@@ -293,10 +298,16 @@ class StrictJarVerifier {
-             return false;
-         }
- 
-+        int signerCount = 0;
-         Iterator<String> it = metaEntries.keySet().iterator();
-         while (it.hasNext()) {
-             String key = it.next();
-             if (key.endsWith(".DSA") || key.endsWith(".RSA") || key.endsWith(".EC")) {
-+                if (++signerCount > MAX_JAR_SIGNERS) {
-+                    throw new SecurityException(
-+                            "APK Signature Scheme v1 only supports a maximum of " + MAX_JAR_SIGNERS
-+                                    + " signers");
-+                }
-                 verifyCertificate(key);
-                 it.remove();
-             }
diff --git a/Patches/LineageOS-16.0/android_frameworks_base/360955-backport.patch b/Patches/LineageOS-16.0/android_frameworks_base/360955-backport.patch
deleted file mode 100644
index 16178028..00000000
--- a/Patches/LineageOS-16.0/android_frameworks_base/360955-backport.patch
+++ /dev/null
@@ -1,1034 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Bill Yi <byi@google.com>
-Date: Tue, 4 Apr 2023 10:14:08 -0700
-Subject: [PATCH] Import translations. DO NOT MERGE ANYWHERE
-
-BUG:204554636
-
-Auto-generated-cl: translation import
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:2fe87df11e447755351c1934bcbae5f2f870950d)
-Merged-In: I1720c67e4361d9019b12fa5a510cd34918dfedb4
-Change-Id: I1720c67e4361d9019b12fa5a510cd34918dfedb4
----
- packages/VpnDialogs/res/values-af/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-am/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-ar/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-as/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-az/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-b+sr+Latn/strings.xml | 2 ++
- packages/VpnDialogs/res/values-be/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-bg/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-bn/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-bs/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-ca/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-cs/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-da/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-de/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-el/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-en-rAU/strings.xml    | 2 ++
- packages/VpnDialogs/res/values-en-rCA/strings.xml    | 2 ++
- packages/VpnDialogs/res/values-en-rGB/strings.xml    | 2 ++
- packages/VpnDialogs/res/values-en-rIN/strings.xml    | 2 ++
- packages/VpnDialogs/res/values-en-rXC/strings.xml    | 2 ++
- packages/VpnDialogs/res/values-es-rUS/strings.xml    | 2 ++
- packages/VpnDialogs/res/values-es/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-et/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-eu/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-fa/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-fi/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-fr-rCA/strings.xml    | 2 ++
- packages/VpnDialogs/res/values-fr/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-gl/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-gu/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-hi/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-hr/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-hu/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-hy/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-in/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-is/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-it/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-iw/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-ja/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-ka/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-kk/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-km/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-kn/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-ko/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-ky/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-lo/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-lt/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-lv/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-mk/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-ml/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-mn/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-mr/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-ms/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-my/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-nb/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-ne/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-nl/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-or/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-pa/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-pl/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-pt-rBR/strings.xml    | 2 ++
- packages/VpnDialogs/res/values-pt-rPT/strings.xml    | 2 ++
- packages/VpnDialogs/res/values-pt/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-ro/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-ru/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-si/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-sk/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-sl/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-sq/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-sr/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-sv/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-sw/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-ta/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-te/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-th/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-tl/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-tr/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-uk/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-ur/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-uz/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-vi/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-zh-rCN/strings.xml    | 2 ++
- packages/VpnDialogs/res/values-zh-rHK/strings.xml    | 2 ++
- packages/VpnDialogs/res/values-zh-rTW/strings.xml    | 2 ++
- packages/VpnDialogs/res/values-zu/strings.xml        | 2 ++
- 85 files changed, 170 insertions(+)
-
-diff --git a/packages/VpnDialogs/res/values-af/strings.xml b/packages/VpnDialogs/res/values-af/strings.xml
-index ac82b0e0009a..b2718fd83e4f 100644
---- a/packages/VpnDialogs/res/values-af/strings.xml
-+++ b/packages/VpnDialogs/res/values-af/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Ontkoppel"</string>
-     <string name="open_app" msgid="3717639178595958667">"Maak program oop"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Maak toe"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g> … ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-am/strings.xml b/packages/VpnDialogs/res/values-am/strings.xml
-index 103f101b8262..aa92dd708051 100644
---- a/packages/VpnDialogs/res/values-am/strings.xml
-+++ b/packages/VpnDialogs/res/values-am/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"አለያይ"</string>
-     <string name="open_app" msgid="3717639178595958667">"መተግበሪያን ክፈት"</string>
-     <string name="dismiss" msgid="6192859333764711227">"አሰናብት"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-ar/strings.xml b/packages/VpnDialogs/res/values-ar/strings.xml
-index 808cde906d2f..20057c66750c 100644
---- a/packages/VpnDialogs/res/values-ar/strings.xml
-+++ b/packages/VpnDialogs/res/values-ar/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"قطع الاتصال"</string>
-     <string name="open_app" msgid="3717639178595958667">"فتح التطبيق"</string>
-     <string name="dismiss" msgid="6192859333764711227">"تجاهل"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-as/strings.xml b/packages/VpnDialogs/res/values-as/strings.xml
-index 45d8458f4d45..9d05505b1fa8 100644
---- a/packages/VpnDialogs/res/values-as/strings.xml
-+++ b/packages/VpnDialogs/res/values-as/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"সংযোগ বিচ্ছিন্ন কৰক"</string>
-     <string name="open_app" msgid="3717639178595958667">"এপ্ খোলক"</string>
-     <string name="dismiss" msgid="6192859333764711227">"অগ্ৰাহ্য কৰক"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-az/strings.xml b/packages/VpnDialogs/res/values-az/strings.xml
-index 2bdf23ee2aa0..47cdeee180ed 100644
---- a/packages/VpnDialogs/res/values-az/strings.xml
-+++ b/packages/VpnDialogs/res/values-az/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Əlaqəni kəs"</string>
-     <string name="open_app" msgid="3717639178595958667">"Tətbiqi açın"</string>
-     <string name="dismiss" msgid="6192859333764711227">"İmtina edin"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-b+sr+Latn/strings.xml b/packages/VpnDialogs/res/values-b+sr+Latn/strings.xml
-index f40e40670bf3..ea8e60d36ba5 100644
---- a/packages/VpnDialogs/res/values-b+sr+Latn/strings.xml
-+++ b/packages/VpnDialogs/res/values-b+sr+Latn/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Prekini vezu"</string>
-     <string name="open_app" msgid="3717639178595958667">"Otvori aplikaciju"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Odbaci"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-be/strings.xml b/packages/VpnDialogs/res/values-be/strings.xml
-index 0903c8ece36b..914a1638b14a 100644
---- a/packages/VpnDialogs/res/values-be/strings.xml
-+++ b/packages/VpnDialogs/res/values-be/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Адключыцца"</string>
-     <string name="open_app" msgid="3717639178595958667">"Адкрыць праграму"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Адхіліць"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-bg/strings.xml b/packages/VpnDialogs/res/values-bg/strings.xml
-index 9ac853d2016f..e1aa242496de 100644
---- a/packages/VpnDialogs/res/values-bg/strings.xml
-+++ b/packages/VpnDialogs/res/values-bg/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Изключване"</string>
-     <string name="open_app" msgid="3717639178595958667">"Към приложението"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Отхвърляне"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… (<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> (<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-bn/strings.xml b/packages/VpnDialogs/res/values-bn/strings.xml
-index 2defd8184c5e..4aadfdd022f9 100644
---- a/packages/VpnDialogs/res/values-bn/strings.xml
-+++ b/packages/VpnDialogs/res/values-bn/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"সংযোগ বিচ্ছিন্ন করুন"</string>
-     <string name="open_app" msgid="3717639178595958667">"অ্যাপটি খুলুন"</string>
-     <string name="dismiss" msgid="6192859333764711227">"খারিজ করুন"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-bs/strings.xml b/packages/VpnDialogs/res/values-bs/strings.xml
-index 56812d59e106..c8537ca6de17 100644
---- a/packages/VpnDialogs/res/values-bs/strings.xml
-+++ b/packages/VpnDialogs/res/values-bs/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Prekini vezu"</string>
-     <string name="open_app" msgid="3717639178595958667">"Otvori aplikaciju"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Odbaci"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-ca/strings.xml b/packages/VpnDialogs/res/values-ca/strings.xml
-index 97738c316f4b..1702e553f6e3 100644
---- a/packages/VpnDialogs/res/values-ca/strings.xml
-+++ b/packages/VpnDialogs/res/values-ca/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Desconnecta"</string>
-     <string name="open_app" msgid="3717639178595958667">"Obre l\'aplicació"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Ignora"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-cs/strings.xml b/packages/VpnDialogs/res/values-cs/strings.xml
-index 5cc809c7cb02..909cd2982b27 100644
---- a/packages/VpnDialogs/res/values-cs/strings.xml
-+++ b/packages/VpnDialogs/res/values-cs/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Odpojit"</string>
-     <string name="open_app" msgid="3717639178595958667">"Do aplikace"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Zavřít"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> (<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-da/strings.xml b/packages/VpnDialogs/res/values-da/strings.xml
-index 7641158af3da..f8985bd263f3 100644
---- a/packages/VpnDialogs/res/values-da/strings.xml
-+++ b/packages/VpnDialogs/res/values-da/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Fjern tilknytning"</string>
-     <string name="open_app" msgid="3717639178595958667">"Åbn app"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Luk"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-de/strings.xml b/packages/VpnDialogs/res/values-de/strings.xml
-index 0f1e00980439..d75736315767 100644
---- a/packages/VpnDialogs/res/values-de/strings.xml
-+++ b/packages/VpnDialogs/res/values-de/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Verbindung trennen"</string>
-     <string name="open_app" msgid="3717639178595958667">"App öffnen"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Schließen"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… (<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> (<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-el/strings.xml b/packages/VpnDialogs/res/values-el/strings.xml
-index 78bcc43ff609..13df0dda440d 100644
---- a/packages/VpnDialogs/res/values-el/strings.xml
-+++ b/packages/VpnDialogs/res/values-el/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Αποσύνδεση"</string>
-     <string name="open_app" msgid="3717639178595958667">"Άνοιγμα εφαρμογής"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Παράβλεψη"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-en-rAU/strings.xml b/packages/VpnDialogs/res/values-en-rAU/strings.xml
-index 6ed50a7668ae..0fb49a1ad7e7 100644
---- a/packages/VpnDialogs/res/values-en-rAU/strings.xml
-+++ b/packages/VpnDialogs/res/values-en-rAU/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Disconnect"</string>
-     <string name="open_app" msgid="3717639178595958667">"Open app"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Dismiss"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-en-rCA/strings.xml b/packages/VpnDialogs/res/values-en-rCA/strings.xml
-index 6ed50a7668ae..0fb49a1ad7e7 100644
---- a/packages/VpnDialogs/res/values-en-rCA/strings.xml
-+++ b/packages/VpnDialogs/res/values-en-rCA/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Disconnect"</string>
-     <string name="open_app" msgid="3717639178595958667">"Open app"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Dismiss"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-en-rGB/strings.xml b/packages/VpnDialogs/res/values-en-rGB/strings.xml
-index 6ed50a7668ae..0fb49a1ad7e7 100644
---- a/packages/VpnDialogs/res/values-en-rGB/strings.xml
-+++ b/packages/VpnDialogs/res/values-en-rGB/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Disconnect"</string>
-     <string name="open_app" msgid="3717639178595958667">"Open app"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Dismiss"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-en-rIN/strings.xml b/packages/VpnDialogs/res/values-en-rIN/strings.xml
-index 6ed50a7668ae..0fb49a1ad7e7 100644
---- a/packages/VpnDialogs/res/values-en-rIN/strings.xml
-+++ b/packages/VpnDialogs/res/values-en-rIN/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Disconnect"</string>
-     <string name="open_app" msgid="3717639178595958667">"Open app"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Dismiss"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-en-rXC/strings.xml b/packages/VpnDialogs/res/values-en-rXC/strings.xml
-index 9d010e63518f..2fb8403a6920 100644
---- a/packages/VpnDialogs/res/values-en-rXC/strings.xml
-+++ b/packages/VpnDialogs/res/values-en-rXC/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"‎‏‎‎‎‎‎‏‎‏‏‏‎‎‎‎‎‎‏‎‎‏‎‎‎‎‏‏‏‏‏‎‎‏‏‎‏‎‏‏‏‏‎‏‏‎‎‏‎‎‏‏‎‎‏‎‏‏‏‏‏‏‏‏‏‏‎‏‏‎‎‎‎‏‏‎‏‏‎‏‎‏‏‎‏‎‏‏‏‏‎‎‎‎Disconnect‎‏‎‎‏‎"</string>
-     <string name="open_app" msgid="3717639178595958667">"‎‏‎‎‎‎‎‏‎‏‏‏‎‎‎‎‎‎‏‎‎‏‎‎‎‎‏‏‏‏‏‏‎‏‏‎‎‏‏‏‎‎‏‎‏‏‏‏‎‏‏‎‏‎‏‎‎‏‎‎‎‏‎‏‏‎‏‎‎‏‏‎‏‎‎‏‎‎‏‎‏‏‏‏‏‏‏‏‎‎‎‏‎‏‏‎Open app‎‏‎‎‏‎"</string>
-     <string name="dismiss" msgid="6192859333764711227">"‎‏‎‎‎‎‎‏‎‏‏‏‎‎‎‎‎‎‏‎‎‏‎‎‎‎‏‏‏‏‏‏‏‏‎‏‎‏‎‏‏‏‏‏‎‎‎‏‎‏‏‏‎‏‎‎‏‏‎‎‎‎‎‎‏‎‏‏‏‏‎‏‎‎‎‎‎‎‏‎‎‎‎‎‎‎‏‏‎‎‏‏‏‎‏‏‎Dismiss‎‏‎‎‏‎"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"‎‏‎‎‎‎‎‏‎‏‏‏‎‎‎‎‎‎‏‎‎‏‎‎‎‎‏‏‏‏‏‏‏‏‏‎‎‎‎‏‎‏‎‏‎‏‏‏‏‏‏‎‎‏‎‏‏‎‏‎‏‏‎‎‏‎‏‏‎‏‏‏‏‏‎‎‏‎‎‏‏‎‏‏‎‏‎‏‏‎‎‏‏‎‏‏‎‎‏‎‎‏‏‎<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>‎‏‎‎‏‏‏‎… ( ‎‏‎‎‏‏‎<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>‎‏‎‎‏‏‏‎)‎‏‎‎‏‎"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"‎‏‎‎‎‎‎‏‎‏‏‏‎‎‎‎‎‎‏‎‎‏‎‎‎‎‏‏‏‏‏‎‏‏‏‎‏‎‎‎‎‎‏‏‎‏‏‏‏‎‏‎‏‏‎‎‎‎‎‎‏‎‎‏‎‏‏‎‎‏‏‎‏‎‎‏‎‎‏‎‏‏‏‎‏‎‏‏‎‎‏‏‏‎‎‎‏‎‎‏‏‎<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g>‎‏‎‎‏‏‏‎ ( ‎‏‎‎‏‏‎<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>‎‏‎‎‏‏‏‎)‎‏‎‎‏‎"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-es-rUS/strings.xml b/packages/VpnDialogs/res/values-es-rUS/strings.xml
-index 21cfc042e707..4917d6158bba 100644
---- a/packages/VpnDialogs/res/values-es-rUS/strings.xml
-+++ b/packages/VpnDialogs/res/values-es-rUS/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Desconectar"</string>
-     <string name="open_app" msgid="3717639178595958667">"Abrir app"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Descartar"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-es/strings.xml b/packages/VpnDialogs/res/values-es/strings.xml
-index 372147f2479a..6efb545a97ed 100644
---- a/packages/VpnDialogs/res/values-es/strings.xml
-+++ b/packages/VpnDialogs/res/values-es/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Desconectar"</string>
-     <string name="open_app" msgid="3717639178595958667">"Abrir aplicación"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Cerrar"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-et/strings.xml b/packages/VpnDialogs/res/values-et/strings.xml
-index c328cd725396..b15c130f0d70 100644
---- a/packages/VpnDialogs/res/values-et/strings.xml
-+++ b/packages/VpnDialogs/res/values-et/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Katkesta ühendus"</string>
-     <string name="open_app" msgid="3717639178595958667">"Ava rakendus"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Loobu"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-eu/strings.xml b/packages/VpnDialogs/res/values-eu/strings.xml
-index a3b7716e91d3..a07237366c29 100644
---- a/packages/VpnDialogs/res/values-eu/strings.xml
-+++ b/packages/VpnDialogs/res/values-eu/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Deskonektatu"</string>
-     <string name="open_app" msgid="3717639178595958667">"Ireki aplikazioa"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Baztertu"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… (<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> (<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-fa/strings.xml b/packages/VpnDialogs/res/values-fa/strings.xml
-index 56f847c15827..30e7493141c6 100644
---- a/packages/VpnDialogs/res/values-fa/strings.xml
-+++ b/packages/VpnDialogs/res/values-fa/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"قطع اتصال"</string>
-     <string name="open_app" msgid="3717639178595958667">"باز کردن برنامه"</string>
-     <string name="dismiss" msgid="6192859333764711227">"رد کردن"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-fi/strings.xml b/packages/VpnDialogs/res/values-fi/strings.xml
-index 91c918af09c3..40d4a9feb4a1 100644
---- a/packages/VpnDialogs/res/values-fi/strings.xml
-+++ b/packages/VpnDialogs/res/values-fi/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Katkaise yhteys"</string>
-     <string name="open_app" msgid="3717639178595958667">"Avaa sovellus"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Hylkää"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… (<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> (<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-fr-rCA/strings.xml b/packages/VpnDialogs/res/values-fr-rCA/strings.xml
-index aa86c7ca8a7f..2bcf6b2ed382 100644
---- a/packages/VpnDialogs/res/values-fr-rCA/strings.xml
-+++ b/packages/VpnDialogs/res/values-fr-rCA/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Déconnecter"</string>
-     <string name="open_app" msgid="3717639178595958667">"Ouvrir l\'application"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Ignorer"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-fr/strings.xml b/packages/VpnDialogs/res/values-fr/strings.xml
-index 71801197ddf2..820c8f98c806 100644
---- a/packages/VpnDialogs/res/values-fr/strings.xml
-+++ b/packages/VpnDialogs/res/values-fr/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Déconnecter"</string>
-     <string name="open_app" msgid="3717639178595958667">"Ouvrir l\'application"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Ignorer"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… (<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> (<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-gl/strings.xml b/packages/VpnDialogs/res/values-gl/strings.xml
-index 8a66d081a71b..765e7f7336e2 100644
---- a/packages/VpnDialogs/res/values-gl/strings.xml
-+++ b/packages/VpnDialogs/res/values-gl/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Desconectar"</string>
-     <string name="open_app" msgid="3717639178595958667">"Abrir aplicación"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Ignorar"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… (<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> (<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-gu/strings.xml b/packages/VpnDialogs/res/values-gu/strings.xml
-index 961711c57c3d..6faeb8758d0b 100644
---- a/packages/VpnDialogs/res/values-gu/strings.xml
-+++ b/packages/VpnDialogs/res/values-gu/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"ડિસ્કનેક્ટ કરો"</string>
-     <string name="open_app" msgid="3717639178595958667">"ઍપ ખોલો"</string>
-     <string name="dismiss" msgid="6192859333764711227">"છોડી દો"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-hi/strings.xml b/packages/VpnDialogs/res/values-hi/strings.xml
-index 5560a855627f..0e28c2b063d7 100644
---- a/packages/VpnDialogs/res/values-hi/strings.xml
-+++ b/packages/VpnDialogs/res/values-hi/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"डिस्‍कनेक्‍ट करें"</string>
-     <string name="open_app" msgid="3717639178595958667">"ऐप खोलें"</string>
-     <string name="dismiss" msgid="6192859333764711227">"खारिज करें"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-hr/strings.xml b/packages/VpnDialogs/res/values-hr/strings.xml
-index aa9e436f56e7..7d68f0ab4f44 100644
---- a/packages/VpnDialogs/res/values-hr/strings.xml
-+++ b/packages/VpnDialogs/res/values-hr/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Prekini vezu"</string>
-     <string name="open_app" msgid="3717639178595958667">"Otvori aplikaciju"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Odbaci"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… (<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> (<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-hu/strings.xml b/packages/VpnDialogs/res/values-hu/strings.xml
-index 703aa792f3c3..97d3946418b4 100644
---- a/packages/VpnDialogs/res/values-hu/strings.xml
-+++ b/packages/VpnDialogs/res/values-hu/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Kapcsolat bontása"</string>
-     <string name="open_app" msgid="3717639178595958667">"Alkalmazás indítása"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Bezárás"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-hy/strings.xml b/packages/VpnDialogs/res/values-hy/strings.xml
-index c296c8547283..84eace72bb3c 100644
---- a/packages/VpnDialogs/res/values-hy/strings.xml
-+++ b/packages/VpnDialogs/res/values-hy/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Անջատել"</string>
-     <string name="open_app" msgid="3717639178595958667">"Բացել հավելվածը"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Փակել"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-in/strings.xml b/packages/VpnDialogs/res/values-in/strings.xml
-index 18ef372a8cda..1782b696805b 100644
---- a/packages/VpnDialogs/res/values-in/strings.xml
-+++ b/packages/VpnDialogs/res/values-in/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Putuskan sambungan"</string>
-     <string name="open_app" msgid="3717639178595958667">"Buka aplikasi"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Tutup"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-is/strings.xml b/packages/VpnDialogs/res/values-is/strings.xml
-index 70fb40fc467c..af87d13e7aaf 100644
---- a/packages/VpnDialogs/res/values-is/strings.xml
-+++ b/packages/VpnDialogs/res/values-is/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Aftengja"</string>
-     <string name="open_app" msgid="3717639178595958667">"Opna forrit"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Hunsa"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-it/strings.xml b/packages/VpnDialogs/res/values-it/strings.xml
-index 2602493faf00..5689acbea102 100644
---- a/packages/VpnDialogs/res/values-it/strings.xml
-+++ b/packages/VpnDialogs/res/values-it/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Disconnetti"</string>
-     <string name="open_app" msgid="3717639178595958667">"Apri app"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Ignora"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… (<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> (<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-iw/strings.xml b/packages/VpnDialogs/res/values-iw/strings.xml
-index 55ac85f2c76a..96233bfa5fdf 100644
---- a/packages/VpnDialogs/res/values-iw/strings.xml
-+++ b/packages/VpnDialogs/res/values-iw/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"נתק"</string>
-     <string name="open_app" msgid="3717639178595958667">"לאפליקציה"</string>
-     <string name="dismiss" msgid="6192859333764711227">"סגירה"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-ja/strings.xml b/packages/VpnDialogs/res/values-ja/strings.xml
-index 8480692e9dd3..32898a3a1ce2 100644
---- a/packages/VpnDialogs/res/values-ja/strings.xml
-+++ b/packages/VpnDialogs/res/values-ja/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"切断"</string>
-     <string name="open_app" msgid="3717639178595958667">"アプリを開く"</string>
-     <string name="dismiss" msgid="6192859333764711227">"閉じる"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>…（<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>）"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g>（<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>）"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-ka/strings.xml b/packages/VpnDialogs/res/values-ka/strings.xml
-index e5a07532c32e..0cc59d21a1da 100644
---- a/packages/VpnDialogs/res/values-ka/strings.xml
-+++ b/packages/VpnDialogs/res/values-ka/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"კავშირის გაწყვეტა"</string>
-     <string name="open_app" msgid="3717639178595958667">"გახსენით აპი"</string>
-     <string name="dismiss" msgid="6192859333764711227">"დახურვა"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-kk/strings.xml b/packages/VpnDialogs/res/values-kk/strings.xml
-index 79f79c34e1b4..d702f3f4a424 100644
---- a/packages/VpnDialogs/res/values-kk/strings.xml
-+++ b/packages/VpnDialogs/res/values-kk/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Ажырату"</string>
-     <string name="open_app" msgid="3717639178595958667">"Қолданбаны ашу"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Жабу"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-km/strings.xml b/packages/VpnDialogs/res/values-km/strings.xml
-index 06f34dbf2733..60627104f3f4 100644
---- a/packages/VpnDialogs/res/values-km/strings.xml
-+++ b/packages/VpnDialogs/res/values-km/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"ផ្ដាច់"</string>
-     <string name="open_app" msgid="3717639178595958667">"បើកកម្មវិធី"</string>
-     <string name="dismiss" msgid="6192859333764711227">"បដិសេធ"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-kn/strings.xml b/packages/VpnDialogs/res/values-kn/strings.xml
-index 040cd6c5aeda..254d64de3bdf 100644
---- a/packages/VpnDialogs/res/values-kn/strings.xml
-+++ b/packages/VpnDialogs/res/values-kn/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"ಸಂಪರ್ಕ ಕಡಿತಗೊಳಿಸು"</string>
-     <string name="open_app" msgid="3717639178595958667">"ಅಪ್ಲಿಕೇಶನ್ ತೆರೆಯಿರಿ"</string>
-     <string name="dismiss" msgid="6192859333764711227">"ವಜಾಗೊಳಿಸಿ"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-ko/strings.xml b/packages/VpnDialogs/res/values-ko/strings.xml
-index 6ad497680ae7..d2281938176a 100644
---- a/packages/VpnDialogs/res/values-ko/strings.xml
-+++ b/packages/VpnDialogs/res/values-ko/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"연결 끊기"</string>
-     <string name="open_app" msgid="3717639178595958667">"앱 열기"</string>
-     <string name="dismiss" msgid="6192859333764711227">"닫기"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>…(<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g>(<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-ky/strings.xml b/packages/VpnDialogs/res/values-ky/strings.xml
-index 4e2f698bb1e5..452176674571 100644
---- a/packages/VpnDialogs/res/values-ky/strings.xml
-+++ b/packages/VpnDialogs/res/values-ky/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Ажыратуу"</string>
-     <string name="open_app" msgid="3717639178595958667">"Колдонмону ачуу"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Четке кагуу"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-lo/strings.xml b/packages/VpnDialogs/res/values-lo/strings.xml
-index c591308480c1..1b851e127abd 100644
---- a/packages/VpnDialogs/res/values-lo/strings.xml
-+++ b/packages/VpnDialogs/res/values-lo/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"ຕັດການເຊື່ອມຕໍ່"</string>
-     <string name="open_app" msgid="3717639178595958667">"ເປີດແອັບ"</string>
-     <string name="dismiss" msgid="6192859333764711227">"ປິດໄວ້"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-lt/strings.xml b/packages/VpnDialogs/res/values-lt/strings.xml
-index 8846310730ce..e8e20a8d218d 100644
---- a/packages/VpnDialogs/res/values-lt/strings.xml
-+++ b/packages/VpnDialogs/res/values-lt/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Atsijungti"</string>
-     <string name="open_app" msgid="3717639178595958667">"Atidaryti programą"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Atsisakyti"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… (<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> (<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-lv/strings.xml b/packages/VpnDialogs/res/values-lv/strings.xml
-index 07625b6173c6..af19f4dce065 100644
---- a/packages/VpnDialogs/res/values-lv/strings.xml
-+++ b/packages/VpnDialogs/res/values-lv/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Pārtraukt savienojumu"</string>
-     <string name="open_app" msgid="3717639178595958667">"Atvērt lietotni"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Nerādīt"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-mk/strings.xml b/packages/VpnDialogs/res/values-mk/strings.xml
-index b5a64f213066..4db7e4a50241 100644
---- a/packages/VpnDialogs/res/values-mk/strings.xml
-+++ b/packages/VpnDialogs/res/values-mk/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Исклучи"</string>
-     <string name="open_app" msgid="3717639178595958667">"Отвори ја апликацијата"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Отфрли"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-ml/strings.xml b/packages/VpnDialogs/res/values-ml/strings.xml
-index 680d0ef539b7..9d3bba43f84c 100644
---- a/packages/VpnDialogs/res/values-ml/strings.xml
-+++ b/packages/VpnDialogs/res/values-ml/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"വിച്ഛേദിക്കുക"</string>
-     <string name="open_app" msgid="3717639178595958667">"ആപ്പ് തുറക്കുക"</string>
-     <string name="dismiss" msgid="6192859333764711227">"നിരസിക്കുക"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-mn/strings.xml b/packages/VpnDialogs/res/values-mn/strings.xml
-index 9aa104aff5ab..15f56b155053 100644
---- a/packages/VpnDialogs/res/values-mn/strings.xml
-+++ b/packages/VpnDialogs/res/values-mn/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Салгах"</string>
-     <string name="open_app" msgid="3717639178595958667">"Апп нээх"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Хаах"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-mr/strings.xml b/packages/VpnDialogs/res/values-mr/strings.xml
-index 318f854340e2..d8fbe904043d 100644
---- a/packages/VpnDialogs/res/values-mr/strings.xml
-+++ b/packages/VpnDialogs/res/values-mr/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"‍डिस्कनेक्ट करा"</string>
-     <string name="open_app" msgid="3717639178595958667">"अ‍ॅप उघडा"</string>
-     <string name="dismiss" msgid="6192859333764711227">"डिसमिस करा"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-ms/strings.xml b/packages/VpnDialogs/res/values-ms/strings.xml
-index b489f2edabc0..a7de3f166303 100644
---- a/packages/VpnDialogs/res/values-ms/strings.xml
-+++ b/packages/VpnDialogs/res/values-ms/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Putuskan sambungan"</string>
-     <string name="open_app" msgid="3717639178595958667">"Buka apl"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Ketepikan"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-my/strings.xml b/packages/VpnDialogs/res/values-my/strings.xml
-index 9d60ff42a7cd..52675b6092ac 100644
---- a/packages/VpnDialogs/res/values-my/strings.xml
-+++ b/packages/VpnDialogs/res/values-my/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"ချိတ်ဆက်ခြင်းရပ်ရန်"</string>
-     <string name="open_app" msgid="3717639178595958667">"အက်ပ်ကို ဖွင့်ရန်"</string>
-     <string name="dismiss" msgid="6192859333764711227">"ပယ်ရန်"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-nb/strings.xml b/packages/VpnDialogs/res/values-nb/strings.xml
-index be572d4408f8..bad15e913938 100644
---- a/packages/VpnDialogs/res/values-nb/strings.xml
-+++ b/packages/VpnDialogs/res/values-nb/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Koble fra"</string>
-     <string name="open_app" msgid="3717639178595958667">"Åpne appen"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Lukk"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-ne/strings.xml b/packages/VpnDialogs/res/values-ne/strings.xml
-index b716c35cfad4..ac21dd1713d1 100644
---- a/packages/VpnDialogs/res/values-ne/strings.xml
-+++ b/packages/VpnDialogs/res/values-ne/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"विच्छेदन गर्नुहोस्"</string>
-     <string name="open_app" msgid="3717639178595958667">"अनुप्रयोग खोल्नुहोस्"</string>
-     <string name="dismiss" msgid="6192859333764711227">"खारेज गर्नुहोस्"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-nl/strings.xml b/packages/VpnDialogs/res/values-nl/strings.xml
-index 8073b09e203c..ab77d5e9f218 100644
---- a/packages/VpnDialogs/res/values-nl/strings.xml
-+++ b/packages/VpnDialogs/res/values-nl/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Verbinding verbreken"</string>
-     <string name="open_app" msgid="3717639178595958667">"App openen"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Sluiten"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… (<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> (<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-or/strings.xml b/packages/VpnDialogs/res/values-or/strings.xml
-index f1122ebd4386..40ad247433de 100644
---- a/packages/VpnDialogs/res/values-or/strings.xml
-+++ b/packages/VpnDialogs/res/values-or/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"ବିଚ୍ଛିନ୍ନ କରନ୍ତୁ"</string>
-     <string name="open_app" msgid="3717639178595958667">"ଆପ୍‌ ଖୋଲନ୍ତୁ"</string>
-     <string name="dismiss" msgid="6192859333764711227">"ଖାରଜ କରନ୍ତୁ"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-pa/strings.xml b/packages/VpnDialogs/res/values-pa/strings.xml
-index 1815f4fb0d25..a3b6e04061c1 100644
---- a/packages/VpnDialogs/res/values-pa/strings.xml
-+++ b/packages/VpnDialogs/res/values-pa/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"ਡਿਸਕਨੈਕਟ ਕਰੋ"</string>
-     <string name="open_app" msgid="3717639178595958667">"ਐਪ ਖੋਲ੍ਹੋ"</string>
-     <string name="dismiss" msgid="6192859333764711227">"ਖਾਰਜ ਕਰੋ"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-pl/strings.xml b/packages/VpnDialogs/res/values-pl/strings.xml
-index d5201d7fbdf5..3af093ae9841 100644
---- a/packages/VpnDialogs/res/values-pl/strings.xml
-+++ b/packages/VpnDialogs/res/values-pl/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Rozłącz"</string>
-     <string name="open_app" msgid="3717639178595958667">"Otwórz aplikację"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Zamknij"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… (<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> (<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-pt-rBR/strings.xml b/packages/VpnDialogs/res/values-pt-rBR/strings.xml
-index 75c140617cf5..8c1ae840aa15 100644
---- a/packages/VpnDialogs/res/values-pt-rBR/strings.xml
-+++ b/packages/VpnDialogs/res/values-pt-rBR/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Desconectar"</string>
-     <string name="open_app" msgid="3717639178595958667">"Abrir app"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Dispensar"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… (<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> (<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-pt-rPT/strings.xml b/packages/VpnDialogs/res/values-pt-rPT/strings.xml
-index 01beddbab4e4..34980dc30916 100644
---- a/packages/VpnDialogs/res/values-pt-rPT/strings.xml
-+++ b/packages/VpnDialogs/res/values-pt-rPT/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Desligar"</string>
-     <string name="open_app" msgid="3717639178595958667">"Abrir aplicação"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Ignorar"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-pt/strings.xml b/packages/VpnDialogs/res/values-pt/strings.xml
-index 75c140617cf5..8c1ae840aa15 100644
---- a/packages/VpnDialogs/res/values-pt/strings.xml
-+++ b/packages/VpnDialogs/res/values-pt/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Desconectar"</string>
-     <string name="open_app" msgid="3717639178595958667">"Abrir app"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Dispensar"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… (<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> (<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-ro/strings.xml b/packages/VpnDialogs/res/values-ro/strings.xml
-index 4e60df2eca8e..11137cce96b5 100644
---- a/packages/VpnDialogs/res/values-ro/strings.xml
-+++ b/packages/VpnDialogs/res/values-ro/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Deconectați"</string>
-     <string name="open_app" msgid="3717639178595958667">"Deschideți aplicația"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Închideți"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… (<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> (<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-ru/strings.xml b/packages/VpnDialogs/res/values-ru/strings.xml
-index f8fcfb83aa9a..84a71d25cc16 100644
---- a/packages/VpnDialogs/res/values-ru/strings.xml
-+++ b/packages/VpnDialogs/res/values-ru/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Разъединить"</string>
-     <string name="open_app" msgid="3717639178595958667">"Открыть приложение"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Закрыть"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… (<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> (<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-si/strings.xml b/packages/VpnDialogs/res/values-si/strings.xml
-index bb97a5d86c5f..e1dbf9774839 100644
---- a/packages/VpnDialogs/res/values-si/strings.xml
-+++ b/packages/VpnDialogs/res/values-si/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"විසන්ධි කරන්න"</string>
-     <string name="open_app" msgid="3717639178595958667">"යෙදුම විවෘත කරන්න"</string>
-     <string name="dismiss" msgid="6192859333764711227">"ඉවතලන්න"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-sk/strings.xml b/packages/VpnDialogs/res/values-sk/strings.xml
-index 00029641e57b..f5c42280fb86 100644
---- a/packages/VpnDialogs/res/values-sk/strings.xml
-+++ b/packages/VpnDialogs/res/values-sk/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Odpojiť"</string>
-     <string name="open_app" msgid="3717639178595958667">"Otvoriť aplikáciu"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Zrušiť"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-sl/strings.xml b/packages/VpnDialogs/res/values-sl/strings.xml
-index d5014fa34394..62bdd03cbe67 100644
---- a/packages/VpnDialogs/res/values-sl/strings.xml
-+++ b/packages/VpnDialogs/res/values-sl/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Prekini povezavo"</string>
-     <string name="open_app" msgid="3717639178595958667">"Odpri aplikacijo"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Opusti"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g> … (<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> (<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-sq/strings.xml b/packages/VpnDialogs/res/values-sq/strings.xml
-index 4a96e7b92212..50ad7cf02c8e 100644
---- a/packages/VpnDialogs/res/values-sq/strings.xml
-+++ b/packages/VpnDialogs/res/values-sq/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Shkëputu"</string>
-     <string name="open_app" msgid="3717639178595958667">"Hap aplikacionin"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Largoje"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-sr/strings.xml b/packages/VpnDialogs/res/values-sr/strings.xml
-index 8ce8060e333d..3bc65413b728 100644
---- a/packages/VpnDialogs/res/values-sr/strings.xml
-+++ b/packages/VpnDialogs/res/values-sr/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Прекини везу"</string>
-     <string name="open_app" msgid="3717639178595958667">"Отвори апликацију"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Одбаци"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-sv/strings.xml b/packages/VpnDialogs/res/values-sv/strings.xml
-index 16b6a31d7d1a..fee6f971824d 100644
---- a/packages/VpnDialogs/res/values-sv/strings.xml
-+++ b/packages/VpnDialogs/res/values-sv/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Koppla från"</string>
-     <string name="open_app" msgid="3717639178595958667">"Öppna appen"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Ignorera"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… (<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> (<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-sw/strings.xml b/packages/VpnDialogs/res/values-sw/strings.xml
-index ea2688438b7a..3e696f20fabe 100644
---- a/packages/VpnDialogs/res/values-sw/strings.xml
-+++ b/packages/VpnDialogs/res/values-sw/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Tenganisha"</string>
-     <string name="open_app" msgid="3717639178595958667">"Fungua programu"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Ondoa"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-ta/strings.xml b/packages/VpnDialogs/res/values-ta/strings.xml
-index 3b4cc571d860..8cdffc8579eb 100644
---- a/packages/VpnDialogs/res/values-ta/strings.xml
-+++ b/packages/VpnDialogs/res/values-ta/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"தொடர்பைத் துண்டி"</string>
-     <string name="open_app" msgid="3717639178595958667">"பயன்பாட்டைத் திற"</string>
-     <string name="dismiss" msgid="6192859333764711227">"நிராகரி"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-te/strings.xml b/packages/VpnDialogs/res/values-te/strings.xml
-index 864c926bc615..416f2e399240 100644
---- a/packages/VpnDialogs/res/values-te/strings.xml
-+++ b/packages/VpnDialogs/res/values-te/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"డిస్‌కనెక్ట్ చేయి"</string>
-     <string name="open_app" msgid="3717639178595958667">"యాప్‌ని తెరవండి"</string>
-     <string name="dismiss" msgid="6192859333764711227">"తీసివేయండి"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-th/strings.xml b/packages/VpnDialogs/res/values-th/strings.xml
-index 333ff5fefacc..14e2b7fcb8c9 100644
---- a/packages/VpnDialogs/res/values-th/strings.xml
-+++ b/packages/VpnDialogs/res/values-th/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"ยกเลิกการเชื่อมต่อ"</string>
-     <string name="open_app" msgid="3717639178595958667">"เปิดแอป"</string>
-     <string name="dismiss" msgid="6192859333764711227">"ปิด"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-tl/strings.xml b/packages/VpnDialogs/res/values-tl/strings.xml
-index 9c01c32d0d0d..b79e262ffce9 100644
---- a/packages/VpnDialogs/res/values-tl/strings.xml
-+++ b/packages/VpnDialogs/res/values-tl/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Idiskonekta"</string>
-     <string name="open_app" msgid="3717639178595958667">"Buksan ang app"</string>
-     <string name="dismiss" msgid="6192859333764711227">"I-dismiss"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-tr/strings.xml b/packages/VpnDialogs/res/values-tr/strings.xml
-index 8665a47e6633..309d116d7715 100644
---- a/packages/VpnDialogs/res/values-tr/strings.xml
-+++ b/packages/VpnDialogs/res/values-tr/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Bağlantıyı kes"</string>
-     <string name="open_app" msgid="3717639178595958667">"Uygulamayı aç"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Kapat"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-uk/strings.xml b/packages/VpnDialogs/res/values-uk/strings.xml
-index 8f91abf990b3..fe726049974a 100644
---- a/packages/VpnDialogs/res/values-uk/strings.xml
-+++ b/packages/VpnDialogs/res/values-uk/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Від’єднати"</string>
-     <string name="open_app" msgid="3717639178595958667">"Відкрити додаток"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Закрити"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-ur/strings.xml b/packages/VpnDialogs/res/values-ur/strings.xml
-index db0c2971a64c..d2ee5a8d0aa9 100644
---- a/packages/VpnDialogs/res/values-ur/strings.xml
-+++ b/packages/VpnDialogs/res/values-ur/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"منقطع کریں"</string>
-     <string name="open_app" msgid="3717639178595958667">"ایپ کھولیں"</string>
-     <string name="dismiss" msgid="6192859333764711227">"برخاست کریں"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-uz/strings.xml b/packages/VpnDialogs/res/values-uz/strings.xml
-index 5a348a0610d3..854417691e30 100644
---- a/packages/VpnDialogs/res/values-uz/strings.xml
-+++ b/packages/VpnDialogs/res/values-uz/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Aloqani uzish"</string>
-     <string name="open_app" msgid="3717639178595958667">"Ilovani ochish"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Yopish"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-vi/strings.xml b/packages/VpnDialogs/res/values-vi/strings.xml
-index 097c9aeee013..d74151a819e1 100644
---- a/packages/VpnDialogs/res/values-vi/strings.xml
-+++ b/packages/VpnDialogs/res/values-vi/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Ngắt kết nối"</string>
-     <string name="open_app" msgid="3717639178595958667">"Mở ứng dụng"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Loại bỏ"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… (<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> (<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-zh-rCN/strings.xml b/packages/VpnDialogs/res/values-zh-rCN/strings.xml
-index 7e528bdfb04a..92e10fd9fe16 100644
---- a/packages/VpnDialogs/res/values-zh-rCN/strings.xml
-+++ b/packages/VpnDialogs/res/values-zh-rCN/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"断开连接"</string>
-     <string name="open_app" msgid="3717639178595958667">"打开应用"</string>
-     <string name="dismiss" msgid="6192859333764711227">"关闭"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>…(<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> (<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-zh-rHK/strings.xml b/packages/VpnDialogs/res/values-zh-rHK/strings.xml
-index f70cd5115e72..9c61128c2e45 100644
---- a/packages/VpnDialogs/res/values-zh-rHK/strings.xml
-+++ b/packages/VpnDialogs/res/values-zh-rHK/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"中斷連線"</string>
-     <string name="open_app" msgid="3717639178595958667">"開啟應用程式"</string>
-     <string name="dismiss" msgid="6192859333764711227">"關閉"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-zh-rTW/strings.xml b/packages/VpnDialogs/res/values-zh-rTW/strings.xml
-index edd8e61d5555..234635091f11 100644
---- a/packages/VpnDialogs/res/values-zh-rTW/strings.xml
-+++ b/packages/VpnDialogs/res/values-zh-rTW/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"中斷連線"</string>
-     <string name="open_app" msgid="3717639178595958667">"開啟應用程式"</string>
-     <string name="dismiss" msgid="6192859333764711227">"關閉"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… (<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> (<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-zu/strings.xml b/packages/VpnDialogs/res/values-zu/strings.xml
-index 4ab1225e6fc6..6c7d0471efac 100644
---- a/packages/VpnDialogs/res/values-zu/strings.xml
-+++ b/packages/VpnDialogs/res/values-zu/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Ayixhumekile kwi-inthanethi"</string>
-     <string name="open_app" msgid="3717639178595958667">"Vula uhlelo lokusebenza"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Cashisa"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
diff --git a/Patches/LineageOS-16.0/android_frameworks_base/360959-backport.patch b/Patches/LineageOS-16.0/android_frameworks_base/360959-backport.patch
deleted file mode 100644
index 2a314156..00000000
--- a/Patches/LineageOS-16.0/android_frameworks_base/360959-backport.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Aaron Liu <aaronjli@google.com>
-Date: Tue, 28 Mar 2023 13:15:04 -0700
-Subject: [PATCH] DO NOT MERGE Dismiss keyguard when simpin auth'd and...
-
-security method is none. This is mostly to fix the case where we auth
-sim pin in the set up wizard and it goes straight to keyguard instead of
-the setup wizard activity.
-
-This works with the prevent bypass keyguard flag because the device
-should be noe secure in this case.
-
-Fixes: 222446076
-Test: turn locked sim on, which opens the sim pin screen. Auth the
-screen and observe that keyguard is not shown.
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:48fa9bef3451e4a358c941af5b230f99881c5cb6)
-Cherry-picking this CL as a security fix
-
-Bug: 222446076
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:09f004722284ef6b9790ddf9338a1708b3f0833c)
-Merged-In: If4360dd6ae2e5f79b43eaf1a29687ac9cc4b6101
-Change-Id: If4360dd6ae2e5f79b43eaf1a29687ac9cc4b6101
----
- .../src/com/android/keyguard/KeyguardSecurityContainer.java     | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/packages/SystemUI/src/com/android/keyguard/KeyguardSecurityContainer.java b/packages/SystemUI/src/com/android/keyguard/KeyguardSecurityContainer.java
-index 6a71cf84759c..bb205956e932 100644
---- a/packages/SystemUI/src/com/android/keyguard/KeyguardSecurityContainer.java
-+++ b/packages/SystemUI/src/com/android/keyguard/KeyguardSecurityContainer.java
-@@ -351,7 +351,7 @@ public class KeyguardSecurityContainer extends FrameLayout implements KeyguardSe
-                 case SimPuk:
-                     // Shortcut for SIM PIN/PUK to go to directly to user's security screen or home
-                     SecurityMode securityMode = mSecurityModel.getSecurityMode(targetUserId);
--                    if (securityMode == SecurityMode.None && mLockPatternUtils.isLockScreenDisabled(
-+                    if (securityMode == SecurityMode.None || mLockPatternUtils.isLockScreenDisabled(
-                             KeyguardUpdateMonitor.getCurrentUser())) {
-                         finish = true;
-                     } else {
diff --git a/Patches/LineageOS-16.0/android_frameworks_base/360962-backport.patch b/Patches/LineageOS-16.0/android_frameworks_base/360962-backport.patch
deleted file mode 100644
index d519547c..00000000
--- a/Patches/LineageOS-16.0/android_frameworks_base/360962-backport.patch
+++ /dev/null
@@ -1,99 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Andr=C3=A1s=20Kurucz?= <kurucz@google.com>
-Date: Fri, 21 Apr 2023 09:45:07 +0000
-Subject: [PATCH] Truncate ShortcutInfo Id
-
-Creating Conversation with a ShortcutId longer than 65_535 (max unsigned short), we did not save the conversation settings into the notification_policy.xml due to a restriction in FastDataOutput.
-This put us to a state where the user changing the importance or turning off the notifications for the given conversation had no effect on notification behavior.
-
-Fixes: 273729476
-Test: atest ShortcutManagerTest2
-Test: Create a test app which creates a Conversation with a long shortcutId. Go to the Conversation Settings and turn off Notifications. Post a new Notification to this Conversation and see if it is displayed.
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:f31df6234091b5b1de258a01dd4b2d8e5415ee2e)
-Merged-In: I2617de6f9e8a7dbfd8fbeff589a7d592f00d87c5
-Change-Id: I2617de6f9e8a7dbfd8fbeff589a7d592f00d87c5
----
- .../java/android/content/pm/ShortcutInfo.java | 20 ++++++++++++++++---
- .../server/pm/ShortcutManagerTest2.java       | 10 ++++++++++
- 2 files changed, 27 insertions(+), 3 deletions(-)
-
-diff --git a/core/java/android/content/pm/ShortcutInfo.java b/core/java/android/content/pm/ShortcutInfo.java
-index ea476b0abf33..cddad1798219 100644
---- a/core/java/android/content/pm/ShortcutInfo.java
-+++ b/core/java/android/content/pm/ShortcutInfo.java
-@@ -214,6 +214,12 @@ public final class ShortcutInfo implements Parcelable {
-      */
-     public static final int DISABLED_REASON_OTHER_RESTORE_ISSUE = 103;
- 
-+    /**
-+     * The maximum length of Shortcut ID. IDs will be truncated at this limit.
-+     * @hide
-+     */
-+    public static final int MAX_ID_LENGTH = 1000;
-+
-     /** @hide */
-     @IntDef(prefix = { "DISABLED_REASON_" }, value = {
-             DISABLED_REASON_NOT_DISABLED,
-@@ -380,8 +386,7 @@ public final class ShortcutInfo implements Parcelable {
- 
-     private ShortcutInfo(Builder b) {
-         mUserId = b.mContext.getUserId();
--
--        mId = Preconditions.checkStringNotEmpty(b.mId, "Shortcut ID must be provided");
-+        mId = getSafeId(Preconditions.checkStringNotEmpty(b.mId, "Shortcut ID must be provided"));
- 
-         // Note we can't do other null checks here because SM.updateShortcuts() takes partial
-         // information.
-@@ -463,6 +468,14 @@ public final class ShortcutInfo implements Parcelable {
-         return ret;
-     }
- 
-+    @NonNull
-+    private static String getSafeId(@NonNull String id) {
-+        if (id.length() > MAX_ID_LENGTH) {
-+            return id.substring(0, MAX_ID_LENGTH);
-+        }
-+        return id;
-+    }
-+
-     /**
-      * Throws if any of the mandatory fields is not set.
-      *
-@@ -1851,7 +1864,8 @@ public final class ShortcutInfo implements Parcelable {
-         final ClassLoader cl = getClass().getClassLoader();
- 
-         mUserId = source.readInt();
--        mId = source.readString();
-+        mId = getSafeId(Preconditions.checkStringNotEmpty(source.readString(),
-+                "Shortcut ID must be provided"));
-         mPackageName = source.readString();
-         mActivity = source.readParcelable(cl);
-         mFlags = source.readInt();
-diff --git a/services/tests/servicestests/src/com/android/server/pm/ShortcutManagerTest2.java b/services/tests/servicestests/src/com/android/server/pm/ShortcutManagerTest2.java
-index fcdadaccd2ac..464f563640c1 100644
---- a/services/tests/servicestests/src/com/android/server/pm/ShortcutManagerTest2.java
-+++ b/services/tests/servicestests/src/com/android/server/pm/ShortcutManagerTest2.java
-@@ -53,6 +53,7 @@ import java.io.IOException;
- import java.io.PrintWriter;
- import java.io.StringWriter;
- import java.io.Writer;
-+import java.util.Collections;
- import java.util.Locale;
- 
- /**
-@@ -223,6 +224,15 @@ public class ShortcutManagerTest2 extends BaseShortcutManagerTest {
-                 });
-     }
- 
-+    public void testShortcutIdTruncated() {
-+        ShortcutInfo si = new ShortcutInfo.Builder(getTestContext(),
-+                String.join("", Collections.nCopies(Short.MAX_VALUE, "s"))).build();
-+
-+        assertTrue(
-+                "id must be truncated to MAX_ID_LENGTH",
-+                si.getId().length() <= ShortcutInfo.MAX_ID_LENGTH);
-+    }
-+
-     public void testShortcutInfoParcel() {
-         setCaller(CALLING_PACKAGE_1, USER_10);
-         ShortcutInfo si = parceled(new ShortcutInfo.Builder(mClientContext)
diff --git a/Patches/LineageOS-16.0/android_frameworks_base/360963-backport.patch b/Patches/LineageOS-16.0/android_frameworks_base/360963-backport.patch
deleted file mode 100644
index c6315db0..00000000
--- a/Patches/LineageOS-16.0/android_frameworks_base/360963-backport.patch
+++ /dev/null
@@ -1,128 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Ioana Alexandru <aioana@google.com>
-Date: Thu, 27 Apr 2023 12:36:05 +0000
-Subject: [PATCH] Visit URIs in landscape/portrait custom remote views.
-
-Bug: 277740848
-Test: atest RemoteViewsTest NotificationManagerServiceTest & tested with POC from bug
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:e8acb2f660bdb03616989852f9dbbf1726f8237e)
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:43e1ae4e0d408604b9e3c18ac0e9bf87529b92a8)
-Merged-In: I7d3d35df0ec38945019f71755bed8797b7af4517
-Change-Id: I7d3d35df0ec38945019f71755bed8797b7af4517
----
- core/java/android/widget/RemoteViews.java     |  6 ++
- .../src/android/widget/RemoteViewsTest.java   | 65 +++++++++++++++++++
- 2 files changed, 71 insertions(+)
-
-diff --git a/core/java/android/widget/RemoteViews.java b/core/java/android/widget/RemoteViews.java
-index 4865dab6056a..10053dddb0fb 100644
---- a/core/java/android/widget/RemoteViews.java
-+++ b/core/java/android/widget/RemoteViews.java
-@@ -543,6 +543,12 @@ public class RemoteViews implements Parcelable, Filter {
-                 mActions.get(i).visitUris(visitor);
-             }
-         }
-+        if (mLandscape != null) {
-+            mLandscape.visitUris(visitor);
-+        }
-+        if (mPortrait != null) {
-+            mPortrait.visitUris(visitor);
-+        }
-     }
- 
-     private static void visitIconUri(Icon icon, @NonNull Consumer<Uri> visitor) {
-diff --git a/core/tests/coretests/src/android/widget/RemoteViewsTest.java b/core/tests/coretests/src/android/widget/RemoteViewsTest.java
-index 70cf097f42a3..7d2e07ecbd71 100644
---- a/core/tests/coretests/src/android/widget/RemoteViewsTest.java
-+++ b/core/tests/coretests/src/android/widget/RemoteViewsTest.java
-@@ -19,6 +19,10 @@ package android.widget;
- import static org.junit.Assert.assertEquals;
- import static org.junit.Assert.assertSame;
- import static org.junit.Assert.assertTrue;
-+import static org.mockito.ArgumentMatchers.eq;
-+import static org.mockito.Mockito.spy;
-+import static org.mockito.Mockito.times;
-+import static org.mockito.Mockito.verify;
- 
- import android.app.PendingIntent;
- import android.content.Context;
-@@ -26,6 +30,8 @@ import android.content.Intent;
- import android.graphics.Bitmap;
- import android.graphics.drawable.BitmapDrawable;
- import android.graphics.drawable.Drawable;
-+import android.graphics.drawable.Icon;
-+import android.net.Uri;
- import android.os.AsyncTask;
- import android.os.Binder;
- import android.os.Parcel;
-@@ -46,6 +52,7 @@ import org.junit.runner.RunWith;
- import java.util.ArrayList;
- import java.util.Arrays;
- import java.util.concurrent.CountDownLatch;
-+import java.util.function.Consumer;
- 
- /**
-  * Tests for RemoteViews.
-@@ -444,4 +451,62 @@ public class RemoteViewsTest {
-         }
-         return found[0];
-     }
-+
-+
-+    @Test
-+    public void visitUris() {
-+        RemoteViews views = new RemoteViews(mPackage, R.layout.remote_views_test);
-+
-+        final Uri imageUri = Uri.parse("content://media/image");
-+        final Icon icon1 = Icon.createWithContentUri("content://media/icon1");
-+        final Icon icon2 = Icon.createWithContentUri("content://media/icon2");
-+        final Icon icon3 = Icon.createWithContentUri("content://media/icon3");
-+        final Icon icon4 = Icon.createWithContentUri("content://media/icon4");
-+        views.setImageViewUri(R.id.image, imageUri);
-+        views.setTextViewCompoundDrawables(R.id.text, icon1, icon2, icon3, icon4);
-+
-+        Consumer<Uri> visitor = (Consumer<Uri>) spy(Consumer.class);
-+        views.visitUris(visitor);
-+        verify(visitor, times(1)).accept(eq(imageUri));
-+        verify(visitor, times(1)).accept(eq(icon1.getUri()));
-+        verify(visitor, times(1)).accept(eq(icon2.getUri()));
-+        verify(visitor, times(1)).accept(eq(icon3.getUri()));
-+        verify(visitor, times(1)).accept(eq(icon4.getUri()));
-+    }
-+
-+    @Test
-+    public void visitUris_separateOrientation() {
-+        final RemoteViews landscape = new RemoteViews(mPackage, R.layout.remote_views_test);
-+        final Uri imageUriL = Uri.parse("content://landscape/image");
-+        final Icon icon1L = Icon.createWithContentUri("content://landscape/icon1");
-+        final Icon icon2L = Icon.createWithContentUri("content://landscape/icon2");
-+        final Icon icon3L = Icon.createWithContentUri("content://landscape/icon3");
-+        final Icon icon4L = Icon.createWithContentUri("content://landscape/icon4");
-+        landscape.setImageViewUri(R.id.image, imageUriL);
-+        landscape.setTextViewCompoundDrawables(R.id.text, icon1L, icon2L, icon3L, icon4L);
-+
-+        final RemoteViews portrait = new RemoteViews(mPackage, 33);
-+        final Uri imageUriP = Uri.parse("content://portrait/image");
-+        final Icon icon1P = Icon.createWithContentUri("content://portrait/icon1");
-+        final Icon icon2P = Icon.createWithContentUri("content://portrait/icon2");
-+        final Icon icon3P = Icon.createWithContentUri("content://portrait/icon3");
-+        final Icon icon4P = Icon.createWithContentUri("content://portrait/icon4");
-+        portrait.setImageViewUri(R.id.image, imageUriP);
-+        portrait.setTextViewCompoundDrawables(R.id.text, icon1P, icon2P, icon3P, icon4P);
-+
-+        RemoteViews views = new RemoteViews(landscape, portrait);
-+
-+        Consumer<Uri> visitor = (Consumer<Uri>) spy(Consumer.class);
-+        views.visitUris(visitor);
-+        verify(visitor, times(1)).accept(eq(imageUriL));
-+        verify(visitor, times(1)).accept(eq(icon1L.getUri()));
-+        verify(visitor, times(1)).accept(eq(icon2L.getUri()));
-+        verify(visitor, times(1)).accept(eq(icon3L.getUri()));
-+        verify(visitor, times(1)).accept(eq(icon4L.getUri()));
-+        verify(visitor, times(1)).accept(eq(imageUriP));
-+        verify(visitor, times(1)).accept(eq(icon1P.getUri()));
-+        verify(visitor, times(1)).accept(eq(icon2P.getUri()));
-+        verify(visitor, times(1)).accept(eq(icon3P.getUri()));
-+        verify(visitor, times(1)).accept(eq(icon4P.getUri()));
-+    }
- }
diff --git a/Patches/LineageOS-16.0/android_frameworks_base/364029.patch b/Patches/LineageOS-16.0/android_frameworks_base/364029.patch
deleted file mode 100644
index 68ed7d90..00000000
--- a/Patches/LineageOS-16.0/android_frameworks_base/364029.patch
+++ /dev/null
@@ -1,109 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Jing Ji <jji@google.com>
-Date: Tue, 25 Oct 2022 22:39:52 -0700
-Subject: [PATCH] DO NOT MERGE: ActivityManager#killBackgroundProcesses can
- kill caller's own app only
-
-unless it's a system app.
-
-Bug: 239423414
-Bug: 223376078
-Test: atest CtsAppTestCases:ActivityManagerTest
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:8b382775b258220466a977453905797521e159de)
-Merged-In: Iac6baa889965b8ffecd9a43179a4c96632ad1d02
-Change-Id: Iac6baa889965b8ffecd9a43179a4c96632ad1d02
----
- core/java/android/app/ActivityManager.java    |  3 ++
- core/res/AndroidManifest.xml                  |  6 +++-
- .../server/am/ActivityManagerService.java     | 32 +++++++++++++++++--
- 3 files changed, 38 insertions(+), 3 deletions(-)
-
-diff --git a/core/java/android/app/ActivityManager.java b/core/java/android/app/ActivityManager.java
-index 83630f4c3693..51411c9e208e 100644
---- a/core/java/android/app/ActivityManager.java
-+++ b/core/java/android/app/ActivityManager.java
-@@ -3615,6 +3615,9 @@ public class ActivityManager {
-      * processes to reclaim memory; the system will take care of restarting
-      * these processes in the future as needed.
-      *
-+     * <p class="note">Third party applications can only use this API to kill their own processes.
-+     * </p>
-+     *
-      * @param packageName The name of the package whose processes are to
-      * be killed.
-      */
-diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
-index 0aafab66dabd..d23501a86b79 100644
---- a/core/res/AndroidManifest.xml
-+++ b/core/res/AndroidManifest.xml
-@@ -2092,7 +2092,11 @@
-         android:protectionLevel="normal" />
- 
-     <!-- Allows an application to call
--        {@link android.app.ActivityManager#killBackgroundProcesses}.
-+         {@link android.app.ActivityManager#killBackgroundProcesses}.
-+
-+         <p class="note">Third party applications can only use this API to kill their own
-+         processes.</p>
-+
-          <p>Protection level: normal
-     -->
-     <permission android:name="android.permission.KILL_BACKGROUND_PROCESSES"
-diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
-index f522b20f7ccd..44761a523abb 100644
---- a/services/core/java/com/android/server/am/ActivityManagerService.java
-+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
-@@ -6810,8 +6810,20 @@ public class ActivityManagerService extends IActivityManager.Stub
-             Slog.w(TAG, msg);
-             throw new SecurityException(msg);
-         }
-+        final int callingUid = Binder.getCallingUid();
-+        final int callingPid = Binder.getCallingPid();
-+        final int callingAppId = UserHandle.getAppId(callingUid);
- 
--        userId = mUserController.handleIncomingUser(Binder.getCallingPid(), Binder.getCallingUid(),
-+        ProcessRecord proc;
-+        synchronized (mPidsSelfLocked) {
-+            proc = mPidsSelfLocked.get(callingPid);
-+        }
-+        final boolean hasKillAllPermission = PERMISSION_GRANTED == checkPermission(
-+                android.Manifest.permission.FORCE_STOP_PACKAGES, callingPid, callingUid)
-+                || UserHandle.isCore(callingUid)
-+                || (proc != null && proc.info.isSystemApp());
-+
-+        userId = mUserController.handleIncomingUser(callingPid, callingUid,
-                 userId, true, ALLOW_FULL_ONLY, "killBackgroundProcesses", null);
-         final int[] userIds = mUserController.expandUserId(userId);
- 
-@@ -6826,7 +6838,7 @@ public class ActivityManagerService extends IActivityManager.Stub
-                                     targetUserId));
-                 } catch (RemoteException e) {
-                 }
--                if (appId == -1) {
-+                if (appId == -1 || (!hasKillAllPermission && appId != callingAppId)) {
-                     Slog.w(TAG, "Invalid packageName: " + packageName);
-                     return;
-                 }
-@@ -6851,6 +6863,22 @@ public class ActivityManagerService extends IActivityManager.Stub
-             throw new SecurityException(msg);
-         }
- 
-+        final int callingUid = Binder.getCallingUid();
-+        final int callingPid = Binder.getCallingPid();
-+
-+        ProcessRecord proc;
-+        synchronized (mPidsSelfLocked) {
-+            proc = mPidsSelfLocked.get(callingPid);
-+        }
-+        if (callingUid >= FIRST_APPLICATION_UID
-+                && (proc == null || !proc.info.isSystemApp())) {
-+            final String msg = "Permission Denial: killAllBackgroundProcesses() from pid="
-+                    + callingPid + ", uid=" + callingUid + " is not allowed";
-+            Slog.w(TAG, msg);
-+            // Silently return to avoid existing apps from crashing.
-+            return;
-+        }
-+
-         final long callingId = Binder.clearCallingIdentity();
-         try {
-             synchronized (this) {
diff --git a/Patches/LineageOS-16.0/android_frameworks_base/364031-backport.patch b/Patches/LineageOS-16.0/android_frameworks_base/364031-backport.patch
deleted file mode 100644
index e0fd81b1..00000000
--- a/Patches/LineageOS-16.0/android_frameworks_base/364031-backport.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Ioana Alexandru <aioana@google.com>
-Date: Thu, 27 Apr 2023 14:55:28 +0000
-Subject: [PATCH] Verify URI permissions for notification shortcutIcon.
-
-Bug: 277593270
-Test: atest NotificationManagerServiceTest
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:47e661cbf37e1dedf676f482ac07ffc433c92d0b)
-Merged-In: I1efaa1301bca36895ad4322a919d7421156a60df
-Change-Id: I1efaa1301bca36895ad4322a919d7421156a60df
----
- core/java/android/app/Notification.java | 20 ++++++++++++++++++++
- 1 file changed, 20 insertions(+)
-
-diff --git a/core/java/android/app/Notification.java b/core/java/android/app/Notification.java
-index 21bc17172b1f..d8e7d0199615 100644
---- a/core/java/android/app/Notification.java
-+++ b/core/java/android/app/Notification.java
-@@ -17,6 +17,7 @@
- package android.app;
- 
- import static com.android.internal.util.NotificationColorUtil.satisfiesTextContrast;
-+import static android.graphics.drawable.Icon.TYPE_URI;
- 
- import android.annotation.ColorInt;
- import android.annotation.DrawableRes;
-@@ -2329,6 +2330,14 @@ public class Notification implements Parcelable
-         }
-     }
- 
-+    private static void visitIconUri(@NonNull Consumer<Uri> visitor, @Nullable Icon icon) {
-+        if (icon == null) return;
-+        final int iconType = icon.getType();
-+        if (iconType == TYPE_URI /*|| iconType == TYPE_URI_ADAPTIVE_BITMAP*/) {
-+            visitor.accept(icon.getUri());
-+        }
-+    }
-+
-     /**
-      * Note all {@link Uri} that are referenced internally, with the expectation
-      * that Uri permission grants will need to be issued to ensure the recipient
-@@ -2344,7 +2353,18 @@ public class Notification implements Parcelable
-         if (bigContentView != null) bigContentView.visitUris(visitor);
-         if (headsUpContentView != null) headsUpContentView.visitUris(visitor);
- 
-+        visitIconUri(visitor, mSmallIcon);
-+        visitIconUri(visitor, mLargeIcon);
-+
-+        if (actions != null) {
-+            for (Action action : actions) {
-+                visitIconUri(visitor, action.getIcon());
-+            }
-+        }
-+
-         if (extras != null) {
-+            visitIconUri(visitor, extras.getParcelable(EXTRA_LARGE_ICON_BIG));
-+
-             visitor.accept(extras.getParcelable(EXTRA_AUDIO_CONTENTS_URI));
-             visitor.accept(extras.getParcelable(EXTRA_BACKGROUND_IMAGE_URI));
-         }
diff --git a/Patches/LineageOS-16.0/android_frameworks_base/364032-backport.patch b/Patches/LineageOS-16.0/android_frameworks_base/364032-backport.patch
deleted file mode 100644
index b301b91d..00000000
--- a/Patches/LineageOS-16.0/android_frameworks_base/364032-backport.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Beverly <beverlyt@google.com>
-Date: Mon, 8 May 2023 16:33:12 +0000
-Subject: [PATCH] On device lockdown, always show the keyguard
-
-Manual test steps:
-1. Enable app pinning and disable "Ask for PIN before unpinning" setting
-2. Pin an app (ie: Settings)
-3. Lockdown from the power menu
-Observe: user is brought to the keyguard, primary auth is required
-to enter the device. After entering credential, the device is still in
-app pinning mode.
-
-Test: atest KeyguardViewMediatorTest
-Test: manual steps outlined above
-Bug: 218495634
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:b23c2d5fb6630ea0da503b937f62880594b13e94)
-Merged-In: I9a7c5e1acadabd4484e58573331f98dba895f2a2
-Change-Id: I9a7c5e1acadabd4484e58573331f98dba895f2a2
----
- .../systemui/keyguard/KeyguardViewMediator.java        | 10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
-
-diff --git a/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java b/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java
-index bac481c8e478..f0d389c15228 100644
---- a/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java
-+++ b/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java
-@@ -586,6 +586,13 @@ public class KeyguardViewMediator extends SystemUI {
-                 notifyHasLockscreenWallpaperChanged(hasLockscreenWallpaper);
-             }
-         }
-+
-+        @Override
-+        public void onStrongAuthStateChanged(int userId) {
-+            if (mLockPatternUtils.isUserInLockdown(KeyguardUpdateMonitor.getCurrentUser())) {
-+                doKeyguardLocked(null);
-+            }
-+        }
-     };
- 
-     ViewMediatorCallback mViewMediatorCallback = new ViewMediatorCallback() {
-@@ -1341,7 +1348,8 @@ public class KeyguardViewMediator extends SystemUI {
-         }
- 
-         // if another app is disabling us, don't show
--        if (!mExternallyEnabled) {
-+        if (!mExternallyEnabled
-+            && !mLockPatternUtils.isUserInLockdown(KeyguardUpdateMonitor.getCurrentUser())) {
-             if (DEBUG) Log.d(TAG, "doKeyguard: not showing because externally disabled");
- 
-             // note: we *should* set mNeedToReshowWhenReenabled=true here, but that makes
diff --git a/Patches/LineageOS-16.0/android_frameworks_base/364033-backport.patch b/Patches/LineageOS-16.0/android_frameworks_base/364033-backport.patch
deleted file mode 100644
index 0da689c9..00000000
--- a/Patches/LineageOS-16.0/android_frameworks_base/364033-backport.patch
+++ /dev/null
@@ -1,242 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Pavel Grafov <pgrafov@google.com>
-Date: Wed, 5 Apr 2023 15:15:41 +0000
-Subject: [PATCH] Ensure policy has no absurdly long strings
-
-The following APIs now enforce limits and throw IllegalArgumentException
-when limits are violated:
-* DPM.setTrustAgentConfiguration() limits agent packgage name,
-  component name, and strings within configuration bundle.
-* DPM.setPermittedAccessibilityServices() limits package names.
-* DPM.setPermittedInputMethods() limits package names.
-* DPM.setAccountManagementDisabled() limits account name.
-* DPM.setLockTaskPackages() limits package names.
-* DPM.setAffiliationIds() limits id.
-* DPM.transferOwnership() limits strings inside the bundle.
-
-Package names are limited at 223, because they become directory names
-and it is a filesystem restriction, see FrameworkParsingPackageUtils.
-
-All other strings are limited at 65535, because longer ones break binary
-XML serializer.
-
-The following APIs silently truncate strings that are long beyond reason:
-* DPM.setShortSupportMessage() truncates message at 200.
-* DPM.setLongSupportMessage() truncates message at 20000.
-* DPM.setOrganizationName() truncates org name at 200.
-
-Bug: 260729089
-Test: atest com.android.server.devicepolicy
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:bb7e82ceaa6d16267e7b0e14563161b506d26be8)
-Merged-In: Idcf54e408722f164d16bf2f24a00cd1f5b626d23
-Change-Id: Idcf54e408722f164d16bf2f24a00cd1f5b626d23
----
- .../app/admin/DevicePolicyManager.java        |  3 +-
- .../DevicePolicyManagerService.java           | 91 ++++++++++++++++++-
- 2 files changed, 90 insertions(+), 4 deletions(-)
-
-diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
-index 485ce78c3320..28b7ccb7b946 100644
---- a/core/java/android/app/admin/DevicePolicyManager.java
-+++ b/core/java/android/app/admin/DevicePolicyManager.java
-@@ -8100,7 +8100,8 @@ public class DevicePolicyManager {
- 
-     /**
-      * Called by a device admin to set the long support message. This will be displayed to the user
--     * in the device administators settings screen.
-+     * in the device administrators settings screen. If the message is longer than 20000 characters
-+     * it may be truncated.
-      * <p>
-      * If the long support message needs to be localized, it is the responsibility of the
-      * {@link DeviceAdminReceiver} to listen to the {@link Intent#ACTION_LOCALE_CHANGED} broadcast
-diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
-index d7539e11bea9..2fd54b4981af 100644
---- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
-+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
-@@ -250,6 +250,7 @@ import java.lang.reflect.Constructor;
- import java.nio.charset.StandardCharsets;
- import java.text.DateFormat;
- import java.time.LocalDate;
-+import java.util.ArrayDeque;
- import java.util.ArrayList;
- import java.util.Arrays;
- import java.util.Collection;
-@@ -260,6 +261,7 @@ import java.util.List;
- import java.util.Map;
- import java.util.Map.Entry;
- import java.util.Objects;
-+import java.util.Queue;
- import java.util.Set;
- import java.util.concurrent.CountDownLatch;
- import java.util.concurrent.TimeUnit;
-@@ -325,6 +327,15 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
- 
-     private static final int REQUEST_EXPIRE_PASSWORD = 5571;
- 
-+    // Binary XML serializer doesn't support longer strings
-+    private static final int MAX_POLICY_STRING_LENGTH = 65535;
-+    // FrameworkParsingPackageUtils#MAX_FILE_NAME_SIZE, Android packages are used in dir names.
-+    private static final int MAX_PACKAGE_NAME_LENGTH = 223;
-+
-+    private static final int MAX_LONG_SUPPORT_MESSAGE_LENGTH = 20000;
-+    private static final int MAX_SHORT_SUPPORT_MESSAGE_LENGTH = 200;
-+    private static final int MAX_ORG_NAME_LENGTH = 200;
-+
-     private static final long MS_PER_DAY = TimeUnit.DAYS.toMillis(1);
- 
-     private static final long EXPIRATION_GRACE_PERIOD_MS = 5 * MS_PER_DAY; // 5 days, in ms
-@@ -8284,6 +8295,12 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
-         }
-         Preconditions.checkNotNull(admin, "admin is null");
-         Preconditions.checkNotNull(agent, "agent is null");
-+        enforceMaxPackageNameLength(agent.getPackageName());
-+        final String agentAsString = agent.flattenToString();
-+        enforceMaxStringLength(agentAsString, "agent name");
-+        if (args != null) {
-+            enforceMaxStringLength(args, "args");
-+        }
-         final int userHandle = UserHandle.getCallingUserId();
-         synchronized (getLockObject()) {
-             ActiveAdmin ap = getActiveAdminForCallerLocked(admin,
-@@ -8486,6 +8503,10 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
-         Preconditions.checkNotNull(who, "ComponentName is null");
- 
-         if (packageList != null) {
-+            for (String pkg : (List<String>) packageList) {
-+                enforceMaxPackageNameLength(pkg);
-+            }
-+
-             int userId = UserHandle.getCallingUserId();
-             List<AccessibilityServiceInfo> enabledServices = null;
-             long id = mInjector.binderClearCallingIdentity();
-@@ -8668,6 +8689,10 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
- 
-         final int callingUserId = mInjector.userHandleGetCallingUserId();
-         if (packageList != null) {
-+            for (String pkg : (List<String>) packageList) {
-+                enforceMaxPackageNameLength(pkg);
-+            }
-+
-             // InputMethodManager fetches input methods for current user.
-             // So this can only be set when calling user is the current user
-             // or parent is current user in case of managed profiles.
-@@ -9608,6 +9633,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
-             return;
-         }
-         Preconditions.checkNotNull(who, "ComponentName is null");
-+        enforceMaxStringLength(accountType, "account type");
-         synchronized (getLockObject()) {
-             ActiveAdmin ap = getActiveAdminForCallerLocked(who,
-                     DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
-@@ -9871,6 +9897,9 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
-             throws SecurityException {
-         Preconditions.checkNotNull(who, "ComponentName is null");
-         Preconditions.checkNotNull(packages, "packages is null");
-+        for (String pkg : packages) {
-+            enforceMaxPackageNameLength(pkg);
-+        }
- 
-         synchronized (getLockObject()) {
-             enforceCanCallLockTaskLocked(who);
-@@ -11249,6 +11278,9 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
-         if (!mHasFeature) {
-             return;
-         }
-+
-+        message = truncateIfLonger(message, MAX_LONG_SUPPORT_MESSAGE_LENGTH);
-+
-         Preconditions.checkNotNull(who, "ComponentName is null");
-         final int userHandle = mInjector.userHandleGetCallingUserId();
-         synchronized (getLockObject()) {
-@@ -11280,6 +11312,8 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
-             return;
-         }
-         Preconditions.checkNotNull(who, "ComponentName is null");
-+        message = truncateIfLonger(message, MAX_SHORT_SUPPORT_MESSAGE_LENGTH);
-+
-         final int userHandle = mInjector.userHandleGetCallingUserId();
-         synchronized (getLockObject()) {
-             ActiveAdmin admin = getActiveAdminForUidLocked(who,
-@@ -11408,6 +11442,8 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
-         Preconditions.checkNotNull(who, "ComponentName is null");
-         final int userHandle = mInjector.userHandleGetCallingUserId();
- 
-+        text = truncateIfLonger(text, MAX_ORG_NAME_LENGTH);
-+
-         synchronized (getLockObject()) {
-             ActiveAdmin admin = getActiveAdminForCallerLocked(who,
-                     DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
-@@ -11572,9 +11608,8 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
-             throw new IllegalArgumentException("ids must not be null");
-         }
-         for (String id : ids) {
--            if (TextUtils.isEmpty(id)) {
--                throw new IllegalArgumentException("ids must not contain empty string");
--            }
-+            Preconditions.checkArgument(!TextUtils.isEmpty(id), "ids must not have empty string");
-+            enforceMaxStringLength(id, "affiliation id");
-         }
- 
-         final Set<String> affiliationIds = new ArraySet<>(ids);
-@@ -12740,6 +12775,9 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
- 
-         Preconditions.checkNotNull(admin, "Admin cannot be null.");
-         Preconditions.checkNotNull(target, "Target cannot be null.");
-+        if (bundle != null) {
-+            enforceMaxStringLength(bundle, "bundle");
-+        }
- 
-         enforceProfileOrDeviceOwner(admin);
- 
-@@ -13194,4 +13232,51 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
-     private static String getManagedProvisioningPackage(Context context) {
-         return context.getResources().getString(R.string.config_managed_provisioning_package);
-     }
-+
-+    /**
-+     * Truncates char sequence to maximum length, nulls are ignored.
-+     */
-+    private static CharSequence truncateIfLonger(CharSequence input, int maxLength) {
-+        return input == null || input.length() <= maxLength
-+                ? input
-+                : input.subSequence(0, maxLength);
-+    }
-+
-+    /**
-+     * Throw if string argument is too long to be serialized.
-+     */
-+    private static void enforceMaxStringLength(String str, String argName) {
-+        Preconditions.checkArgument(
-+                str.length() <= MAX_POLICY_STRING_LENGTH, argName + " loo long");
-+    }
-+
-+    private static void enforceMaxPackageNameLength(String pkg) {
-+        Preconditions.checkArgument(
-+                pkg.length() <= MAX_PACKAGE_NAME_LENGTH, "Package name too long");
-+    }
-+
-+    /**
-+     * Throw if persistable bundle contains any string that we can't serialize.
-+     */
-+    private static void enforceMaxStringLength(PersistableBundle bundle, String argName) {
-+        // Persistable bundles can have other persistable bundles as values, traverse with a queue.
-+        Queue<PersistableBundle> queue = new ArrayDeque<>();
-+        queue.add(bundle);
-+        while (!queue.isEmpty()) {
-+            PersistableBundle current = queue.remove();
-+            for (String key : current.keySet()) {
-+                enforceMaxStringLength(key, "key in " + argName);
-+                Object value = current.get(key);
-+                if (value instanceof String) {
-+                    enforceMaxStringLength((String) value, "string value in " + argName);
-+                } else if (value instanceof String[]) {
-+                    for (String str : (String[]) value) {
-+                        enforceMaxStringLength(str, "string value in " + argName);
-+                    }
-+                } else if (value instanceof PersistableBundle) {
-+                    queue.add((PersistableBundle) value);
-+                }
-+            }
-+        }
-+    }
- }
diff --git a/Patches/LineageOS-16.0/android_frameworks_base/364034.patch b/Patches/LineageOS-16.0/android_frameworks_base/364034.patch
deleted file mode 100644
index a23cf16a..00000000
--- a/Patches/LineageOS-16.0/android_frameworks_base/364034.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Ioana Alexandru <aioana@google.com>
-Date: Fri, 12 May 2023 15:41:09 +0000
-Subject: [PATCH] Implement visitUris for RemoteViews ViewGroupActionAdd.
-
-This is to prevent a vulnerability where notifications can show
-resources belonging to other users, since the URI in the nested views
-was not being checked.
-
-Bug: 277740082
-Test: atest RemoteViewsTest NotificationVisitUrisTest
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:850fd984e5f346645b5a941ed7307387c7e4c4de)
-Merged-In: I5c71f0bad0a6f6361eb5ceffe8d1e47e936d78f8
-Change-Id: I5c71f0bad0a6f6361eb5ceffe8d1e47e936d78f8
----
- core/java/android/widget/RemoteViews.java     |  5 ++++
- .../src/android/widget/RemoteViewsTest.java   | 24 +++++++++++++++++++
- 2 files changed, 29 insertions(+)
-
-diff --git a/core/java/android/widget/RemoteViews.java b/core/java/android/widget/RemoteViews.java
-index 10053dddb0fb..b36d27fc3b3b 100644
---- a/core/java/android/widget/RemoteViews.java
-+++ b/core/java/android/widget/RemoteViews.java
-@@ -1672,6 +1672,11 @@ public class RemoteViews implements Parcelable, Filter {
-         public int getActionTag() {
-             return VIEW_GROUP_ACTION_ADD_TAG;
-         }
-+
-+        @Override
-+        public final void visitUris(@NonNull Consumer<Uri> visitor) {
-+            mNestedViews.visitUris(visitor);
-+        }
-     }
- 
-     /**
-diff --git a/core/tests/coretests/src/android/widget/RemoteViewsTest.java b/core/tests/coretests/src/android/widget/RemoteViewsTest.java
-index 7d2e07ecbd71..1123988e9512 100644
---- a/core/tests/coretests/src/android/widget/RemoteViewsTest.java
-+++ b/core/tests/coretests/src/android/widget/RemoteViewsTest.java
-@@ -474,6 +474,30 @@ public class RemoteViewsTest {
-         verify(visitor, times(1)).accept(eq(icon4.getUri()));
-     }
- 
-+    @Test
-+    public void visitUris_nestedViews() {
-+        final RemoteViews outer = new RemoteViews(mPackage, R.layout.remote_views_test);
-+
-+        final RemoteViews inner = new RemoteViews(mPackage, 33);
-+        final Uri imageUriI = Uri.parse("content://inner/image");
-+        final Icon icon1 = Icon.createWithContentUri("content://inner/icon1");
-+        final Icon icon2 = Icon.createWithContentUri("content://inner/icon2");
-+        final Icon icon3 = Icon.createWithContentUri("content://inner/icon3");
-+        final Icon icon4 = Icon.createWithContentUri("content://inner/icon4");
-+        inner.setImageViewUri(R.id.image, imageUriI);
-+        inner.setTextViewCompoundDrawables(R.id.text, icon1, icon2, icon3, icon4);
-+
-+        outer.addView(R.id.layout, inner);
-+
-+        Consumer<Uri> visitor = (Consumer<Uri>) spy(Consumer.class);
-+        outer.visitUris(visitor);
-+        verify(visitor, times(1)).accept(eq(imageUriI));
-+        verify(visitor, times(1)).accept(eq(icon1.getUri()));
-+        verify(visitor, times(1)).accept(eq(icon2.getUri()));
-+        verify(visitor, times(1)).accept(eq(icon3.getUri()));
-+        verify(visitor, times(1)).accept(eq(icon4.getUri()));
-+    }
-+
-     @Test
-     public void visitUris_separateOrientation() {
-         final RemoteViews landscape = new RemoteViews(mPackage, R.layout.remote_views_test);
diff --git a/Patches/LineageOS-16.0/android_frameworks_base/364035-backport.patch b/Patches/LineageOS-16.0/android_frameworks_base/364035-backport.patch
deleted file mode 100644
index 3e43c08c..00000000
--- a/Patches/LineageOS-16.0/android_frameworks_base/364035-backport.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Ioana Alexandru <aioana@google.com>
-Date: Mon, 15 May 2023 16:15:55 +0000
-Subject: [PATCH] Check URIs in notification public version.
-
-Bug: 276294099
-Test: atest NotificationManagerServiceTest NotificationVisitUrisTest
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:9663d493142b59c65311bc09d48427d3bdde0222)
-Merged-In: I670198b213abb2cb29a9865eb9d1e897700508b4
-Change-Id: I670198b213abb2cb29a9865eb9d1e897700508b4
----
- core/java/android/app/Notification.java | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/core/java/android/app/Notification.java b/core/java/android/app/Notification.java
-index d8e7d0199615..b2daecc659cc 100644
---- a/core/java/android/app/Notification.java
-+++ b/core/java/android/app/Notification.java
-@@ -2346,6 +2346,10 @@ public class Notification implements Parcelable
-      * @hide
-      */
-     public void visitUris(@NonNull Consumer<Uri> visitor) {
-+        if (publicVersion != null) {
-+            publicVersion.visitUris(visitor);
-+        }
-+
-         visitor.accept(sound);
- 
-         if (tickerView != null) tickerView.visitUris(visitor);
diff --git a/Patches/LineageOS-16.0/android_frameworks_base/364036-backport.patch b/Patches/LineageOS-16.0/android_frameworks_base/364036-backport.patch
deleted file mode 100644
index 0c3ded3b..00000000
--- a/Patches/LineageOS-16.0/android_frameworks_base/364036-backport.patch
+++ /dev/null
@@ -1,125 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Michael Mikhail <michaelmikhil@google.com>
-Date: Fri, 28 Apr 2023 16:17:16 +0000
-Subject: [PATCH] Verify URI permissions in MediaMetadata
-
-Add a check for URI permission to make sure that user can access the URI
-set in MediaMetadata. If permission is denied, clear the URI string set
-in metadata.
-
-Bug: 271851153
-Test: atest MediaSessionTest
-Test: Verified by POC app attached in bug, image of second user is not
-the UMO background of the first user.
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:f95b7fc61d6b3bf49420ded0357bec031f8cbdcf)
-Merged-In: I384f8e230c909d8fc8e5f147e2fd3558fec44626
-Change-Id: I384f8e230c909d8fc8e5f147e2fd3558fec44626
----
- .../server/media/MediaSessionRecord.java      | 54 +++++++++++++++----
- 1 file changed, 45 insertions(+), 9 deletions(-)
-
-diff --git a/services/core/java/com/android/server/media/MediaSessionRecord.java b/services/core/java/com/android/server/media/MediaSessionRecord.java
-index 442354bbb6b9..01d09178f7dd 100644
---- a/services/core/java/com/android/server/media/MediaSessionRecord.java
-+++ b/services/core/java/com/android/server/media/MediaSessionRecord.java
-@@ -16,7 +16,11 @@
- 
- package com.android.server.media;
- 
-+import android.app.ActivityManager;
-+import android.app.IActivityManager;
- import android.app.PendingIntent;
-+import android.content.ContentProvider;
-+import android.content.ContentResolver;
- import android.content.Context;
- import android.content.Intent;
- import android.content.pm.ParceledListSlice;
-@@ -49,6 +53,7 @@ import android.os.Process;
- import android.os.RemoteException;
- import android.os.ResultReceiver;
- import android.os.SystemClock;
-+import android.text.TextUtils;
- import android.util.Log;
- import android.util.Slog;
- import android.view.KeyEvent;
-@@ -64,6 +69,10 @@ import java.util.ArrayList;
-  */
- public class MediaSessionRecord implements IBinder.DeathRecipient {
-     private static final String TAG = "MediaSessionRecord";
-+    private static final String[] ART_URIS = new String[] {
-+            MediaMetadata.METADATA_KEY_ALBUM_ART_URI,
-+            MediaMetadata.METADATA_KEY_ART_URI,
-+            MediaMetadata.METADATA_KEY_DISPLAY_ICON_URI};
-     private static final boolean DEBUG = Log.isLoggable(TAG, Log.DEBUG);
- 
-     /**
-@@ -83,6 +92,7 @@ public class MediaSessionRecord implements IBinder.DeathRecipient {
-     private final SessionStub mSession;
-     private final SessionCb mSessionCb;
-     private final MediaSessionService mService;
-+    final IActivityManager mAm;
-     private final Context mContext;
- 
-     private final Object mLock = new Object();
-@@ -133,6 +143,7 @@ public class MediaSessionRecord implements IBinder.DeathRecipient {
-         mAudioManager = (AudioManager) mContext.getSystemService(Context.AUDIO_SERVICE);
-         mAudioManagerInternal = LocalServices.getService(AudioManagerInternal.class);
-         mAudioAttrs = new AudioAttributes.Builder().setUsage(AudioAttributes.USAGE_MEDIA).build();
-+        mAm = ActivityManager.getService();
-     }
- 
-     /**
-@@ -792,19 +803,44 @@ public class MediaSessionRecord implements IBinder.DeathRecipient {
-         @Override
-         public void setMetadata(MediaMetadata metadata) {
-             synchronized (mLock) {
--                MediaMetadata temp = metadata == null ? null : new MediaMetadata.Builder(metadata)
--                        .build();
--                // This is to guarantee that the underlying bundle is unparceled
--                // before we set it to prevent concurrent reads from throwing an
--                // exception
--                if (temp != null) {
--                    temp.size();
--                }
--                mMetadata = temp;
-+                mMetadata = sanitizeMediaMetadata(metadata);
-             }
-             mHandler.post(MessageHandler.MSG_UPDATE_METADATA);
-         }
- 
-+
-+        private MediaMetadata sanitizeMediaMetadata(MediaMetadata metadata) {
-+            if (metadata == null) {
-+                return null;
-+            }
-+            MediaMetadata.Builder metadataBuilder = new MediaMetadata.Builder(metadata);
-+            for (String key: ART_URIS) {
-+                String uriString = metadata.getString(key);
-+                if (TextUtils.isEmpty(uriString)) {
-+                    continue;
-+                }
-+                Uri uri = Uri.parse(uriString);
-+                if (!ContentResolver.SCHEME_CONTENT.equals(uri.getScheme())) {
-+                    continue;
-+                }
-+                try {
-+                    mAm.checkGrantUriPermission(getUid(),
-+                            getPackageName(),
-+                            ContentProvider.getUriWithoutUserId(uri),
-+                            Intent.FLAG_GRANT_READ_URI_PERMISSION,
-+                            ContentProvider.getUserIdFromUri(uri, getUserId()));
-+                } catch (RemoteException | SecurityException e) {
-+                    metadataBuilder.putString(key, null);
-+                }
-+            }
-+            MediaMetadata sanitizedMetadata = metadataBuilder.build();
-+            // sanitizedMetadata.size() guarantees that the underlying bundle is unparceled
-+            // before we set it to prevent concurrent reads from throwing an
-+            // exception
-+            sanitizedMetadata.size();
-+            return sanitizedMetadata;
-+        }
-+
-         @Override
-         public void setPlaybackState(PlaybackState state) {
-             int oldState = mPlaybackState == null
diff --git a/Patches/LineageOS-16.0/android_frameworks_base/364037.patch b/Patches/LineageOS-16.0/android_frameworks_base/364037.patch
deleted file mode 100644
index 31116ace..00000000
--- a/Patches/LineageOS-16.0/android_frameworks_base/364037.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Chandru S <chandruis@google.com>
-Date: Tue, 16 May 2023 10:41:07 -0700
-Subject: [PATCH] Use Settings.System.getIntForUser instead of getInt to make
- sure user specific settings are used
-
-Bug: 265431505
-Test: atest KeyguardViewMediatorTest
-(cherry picked from commit 625e009fc195ba5d658ca2d78ebb23d2770cc6c4)
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:ce6510deba06bcb72a0e468294b483fc4ac4be17)
-Merged-In: I66a660c091c90a957a0fd1e144c013840db3f47e
-Change-Id: I66a660c091c90a957a0fd1e144c013840db3f47e
----
- .../systemui/keyguard/KeyguardViewMediator.java     | 13 ++++++++-----
- 1 file changed, 8 insertions(+), 5 deletions(-)
-
-diff --git a/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java b/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java
-index f0d389c15228..820c7eac715a 100644
---- a/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java
-+++ b/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java
-@@ -935,9 +935,9 @@ public class KeyguardViewMediator extends SystemUI {
-         final ContentResolver cr = mContext.getContentResolver();
- 
-         // From SecuritySettings
--        final long lockAfterTimeout = Settings.Secure.getInt(cr,
-+        final long lockAfterTimeout = Settings.Secure.getIntForUser(cr,
-                 Settings.Secure.LOCK_SCREEN_LOCK_AFTER_TIMEOUT,
--                KEYGUARD_LOCK_AFTER_DELAY_DEFAULT);
-+                KEYGUARD_LOCK_AFTER_DELAY_DEFAULT, userId);
- 
-         // From DevicePolicyAdmin
-         final long policyTimeout = mLockPatternUtils.getDevicePolicyManager()
-@@ -949,8 +949,8 @@ public class KeyguardViewMediator extends SystemUI {
-             timeout = lockAfterTimeout;
-         } else {
-             // From DisplaySettings
--            long displayTimeout = Settings.System.getInt(cr, SCREEN_OFF_TIMEOUT,
--                    KEYGUARD_DISPLAY_TIMEOUT_DELAY_DEFAULT);
-+            long displayTimeout = Settings.System.getIntForUser(cr, SCREEN_OFF_TIMEOUT,
-+                    KEYGUARD_DISPLAY_TIMEOUT_DELAY_DEFAULT, userId);
- 
-             // policy in effect. Make sure we don't go beyond policy limit.
-             displayTimeout = Math.max(displayTimeout, 0); // ignore negative values
-@@ -1792,7 +1792,10 @@ public class KeyguardViewMediator extends SystemUI {
-     private void playSound(int soundId) {
-         if (soundId == 0) return;
-         final ContentResolver cr = mContext.getContentResolver();
--        if (Settings.System.getInt(cr, Settings.System.LOCKSCREEN_SOUNDS_ENABLED, 1) == 1) {
-+        int lockscreenSoundsEnabled = Settings.System.getIntForUser(cr,
-+                Settings.System.LOCKSCREEN_SOUNDS_ENABLED, 1,
-+                KeyguardUpdateMonitor.getCurrentUser());
-+        if (lockscreenSoundsEnabled == 1) {
- 
-             mLockSounds.stop(mLockSoundStreamId);
-             // Init mAudioManager
diff --git a/Patches/LineageOS-16.0/android_frameworks_base/364038-backport.patch b/Patches/LineageOS-16.0/android_frameworks_base/364038-backport.patch
deleted file mode 100644
index 3119d33f..00000000
--- a/Patches/LineageOS-16.0/android_frameworks_base/364038-backport.patch
+++ /dev/null
@@ -1,126 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Pranav Madapurmath <pmadapurmath@google.com>
-Date: Thu, 25 May 2023 21:58:19 +0000
-Subject: [PATCH] Resolve StatusHints image exploit across user.
-
-Because of the INTERACT_ACROSS_USERS permission, an app that implements
-a ConnectionService can upload an image icon belonging to another user
-by setting it in the StatusHints. Validating the construction of the
-StatusHints on the calling user would prevent a malicious app from
-registering a connection service with the embedded image icon from a
-different user.
-
-From additional feedback, this CL also addresses potential
-vulnerabilities in an app being able to directly invoke the binder for a
-means to manipulate the contents of the bundle that are passed with it.
-The targeted points of entry are in ConnectionServiceWrapper for the
-following APIs: handleCreateConnectionComplete, setStatusHints,
-addConferenceCall, and addExistingConnection.
-
-Fixes: 280797684
-Test: Manual (verified that original exploit is no longer an issue).
-Test: Unit test for validating image in StatusHints constructor.
-Test: Unit tests to address vulnerabilities via the binder.
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:48223d6034907349c6a3fab3018c1b37d86367af)
-Merged-In: I6e70e238b3a5ace1cab41ec5796a6bb4d79769f2
-Change-Id: I6e70e238b3a5ace1cab41ec5796a6bb4d79769f2
----
- .../java/android/telecom/StatusHints.java     | 53 ++++++++++++++++++-
- 1 file changed, 51 insertions(+), 2 deletions(-)
-
-diff --git a/telecomm/java/android/telecom/StatusHints.java b/telecomm/java/android/telecom/StatusHints.java
-index 453f408bedba..c75bd2781f9f 100644
---- a/telecomm/java/android/telecom/StatusHints.java
-+++ b/telecomm/java/android/telecom/StatusHints.java
-@@ -16,14 +16,19 @@
- 
- package android.telecom;
- 
-+import android.annotation.Nullable;
- import android.annotation.SystemApi;
- import android.content.ComponentName;
- import android.content.Context;
- import android.graphics.drawable.Drawable;
- import android.graphics.drawable.Icon;
-+import android.os.Binder;
- import android.os.Bundle;
- import android.os.Parcel;
- import android.os.Parcelable;
-+import android.os.UserHandle;
-+
-+import com.android.internal.annotations.VisibleForTesting;
- 
- import java.util.Objects;
- 
-@@ -33,7 +38,7 @@ import java.util.Objects;
- public final class StatusHints implements Parcelable {
- 
-     private final CharSequence mLabel;
--    private final Icon mIcon;
-+    private Icon mIcon;
-     private final Bundle mExtras;
- 
-     /**
-@@ -48,10 +53,30 @@ public final class StatusHints implements Parcelable {
- 
-     public StatusHints(CharSequence label, Icon icon, Bundle extras) {
-         mLabel = label;
--        mIcon = icon;
-+        mIcon = validateAccountIconUserBoundary(icon, Binder.getCallingUserHandle());
-         mExtras = extras;
-     }
- 
-+    /**
-+     * @param icon
-+     * @hide
-+     */
-+    @VisibleForTesting
-+    public StatusHints(@Nullable Icon icon) {
-+        mLabel = null;
-+        mExtras = null;
-+        mIcon = icon;
-+    }
-+
-+    /**
-+     *
-+     * @param icon
-+     * @hide
-+     */
-+    public void setIcon(@Nullable Icon icon) {
-+        mIcon = icon;
-+    }
-+
-     /**
-      * @return A package used to load the icon.
-      *
-@@ -112,6 +137,30 @@ public final class StatusHints implements Parcelable {
-         return 0;
-     }
- 
-+    /**
-+     * Validates the StatusHints image icon to see if it's not in the calling user space.
-+     * Invalidates the icon if so, otherwise returns back the original icon.
-+     *
-+     * @param icon
-+     * @return icon (validated)
-+     * @hide
-+     */
-+    public static Icon validateAccountIconUserBoundary(Icon icon, UserHandle callingUserHandle) {
-+        // Refer to Icon#getUriString for context. The URI string is invalid for icons of
-+        // incompatible types.
-+        if (icon != null && (icon.getType() == Icon.TYPE_URI
-+                /*|| icon.getType() == Icon.TYPE_URI_ADAPTIVE_BITMAP*/)) {
-+            String encodedUser = icon.getUri().getEncodedUserInfo();
-+            // If there is no encoded user, the URI is calling into the calling user space
-+            if (encodedUser != null) {
-+                int userId = Integer.parseInt(encodedUser);
-+                // Do not try to save the icon if the user id isn't in the calling user space.
-+                if (userId != callingUserHandle.getIdentifier()) return null;
-+            }
-+        }
-+        return icon;
-+    }
-+
-     @Override
-     public void writeToParcel(Parcel out, int flags) {
-         out.writeCharSequence(mLabel);
diff --git a/Patches/LineageOS-16.0/android_frameworks_base/365966-backport.patch b/Patches/LineageOS-16.0/android_frameworks_base/365966-backport.patch
deleted file mode 100644
index 086d1d86..00000000
--- a/Patches/LineageOS-16.0/android_frameworks_base/365966-backport.patch
+++ /dev/null
@@ -1,109 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Mat=C3=ADas=20Hern=C3=A1ndez?= <matiashe@google.com>
-Date: Thu, 15 Jun 2023 18:31:34 +0200
-Subject: [PATCH] Forbid granting access to NLSes with too-long component names
-
-This makes the limitation, which was previously only checked on the Settings UI, enforced everywhere.
-
-Fixes: 260570119
-Fixes: 286043036
-Test: atest + manually
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:dc71156a29427c8b228129f5b1368392f297835b)
-Merged-In: I4c25d80978cb37a8fa1531f5045259d25ac64692
-Change-Id: I4c25d80978cb37a8fa1531f5045259d25ac64692
----
- .../java/android/app/NotificationManager.java |  6 ++++
- .../NotificationManagerService.java           |  5 ++++
- .../android/server/vr/VrManagerService.java   |  6 +++-
- .../NotificationManagerServiceTest.java       | 28 +++++++++++++++++++
- 4 files changed, 44 insertions(+), 1 deletion(-)
-
-diff --git a/core/java/android/app/NotificationManager.java b/core/java/android/app/NotificationManager.java
-index f6dc5d15f385..32f40a805502 100644
---- a/core/java/android/app/NotificationManager.java
-+++ b/core/java/android/app/NotificationManager.java
-@@ -308,6 +308,12 @@ public class NotificationManager {
-      */
-     public static final int IMPORTANCE_MAX = 5;
- 
-+    /**
-+     * Maximum length of the component name of a registered NotificationListenerService.
-+     * @hide
-+     */
-+    public static int MAX_SERVICE_COMPONENT_NAME_LENGTH = 500;
-+
-     private static INotificationManager sService;
- 
-     /** @hide */
-diff --git a/services/core/java/com/android/server/notification/NotificationManagerService.java b/services/core/java/com/android/server/notification/NotificationManagerService.java
-index 0ac51524a648..ca0ec012fb60 100755
---- a/services/core/java/com/android/server/notification/NotificationManagerService.java
-+++ b/services/core/java/com/android/server/notification/NotificationManagerService.java
-@@ -3540,6 +3540,11 @@ public class NotificationManagerService extends SystemService {
-                 boolean granted) throws RemoteException {
-             Preconditions.checkNotNull(listener);
-             checkCallerIsSystemOrShell();
-+            if (granted && listener.flattenToString().length()
-+                    > NotificationManager.MAX_SERVICE_COMPONENT_NAME_LENGTH) {
-+                throw new IllegalArgumentException(
-+                        "Component name too long: " + listener.flattenToString());
-+            }
-             final long identity = Binder.clearCallingIdentity();
-             try {
-                 if (mAllowedManagedServicePackages.test(listener.getPackageName())) {
-diff --git a/services/core/java/com/android/server/vr/VrManagerService.java b/services/core/java/com/android/server/vr/VrManagerService.java
-index faa197e984cf..87f66de5c704 100644
---- a/services/core/java/com/android/server/vr/VrManagerService.java
-+++ b/services/core/java/com/android/server/vr/VrManagerService.java
-@@ -1055,7 +1055,11 @@ public class VrManagerService extends SystemService
- 
-         for (ComponentName c : possibleServices) {
-             if (Objects.equals(c.getPackageName(), pkg)) {
--                nm.setNotificationListenerAccessGrantedForUser(c, userId, true);
-+                try {
-+                    nm.setNotificationListenerAccessGrantedForUser(c, userId, true);
-+                } catch (Exception e) {
-+                    Slog.w(TAG, "Could not grant NLS access to package " + pkg, e);
-+                }
-             }
-         }
-     }
-diff --git a/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java b/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java
-index 9592e1905b54..e073e6767da6 100644
---- a/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java
-+++ b/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java
-@@ -2021,6 +2021,34 @@ public class NotificationManagerServiceTest extends UiServiceTestCase {
-                 any(), anyInt(), anyBoolean(), anyBoolean());
-     }
- 
-+    @Test
-+    public void testSetListenerAccessForUser_grantWithNameTooLong_throws() throws Exception {
-+        UserHandle user = UserHandle.of(mContext.getUserId() + 10);
-+        ComponentName c = new ComponentName("com.example.package",
-+                com.google.common.base.Strings.repeat("Blah", 150));
-+
-+        try {
-+            mBinderService.setNotificationListenerAccessGrantedForUser(c, user.getIdentifier(),
-+                    /* enabled= */ true);
-+            fail("Should've thrown IllegalArgumentException");
-+        } catch (IllegalArgumentException e) {
-+            // Good!
-+        }
-+    }
-+
-+    @Test
-+    public void testSetListenerAccessForUser_revokeWithNameTooLong_okay() throws Exception {
-+        UserHandle user = UserHandle.of(mContext.getUserId() + 10);
-+        ComponentName c = new ComponentName("com.example.package",
-+                com.google.common.base.Strings.repeat("Blah", 150));
-+
-+        mBinderService.setNotificationListenerAccessGrantedForUser(
-+                c, user.getIdentifier(), /* enabled= */ false);
-+
-+        verify(mListeners).setPackageOrComponentEnabled(
-+                c.flattenToString(), user.getIdentifier(), true, /* enabled= */ false);
-+    }
-+
-     @Test
-     public void testSetAssistantAccessForUser() throws Exception {
-         UserHandle user = UserHandle.of(10);
diff --git a/Patches/LineageOS-16.0/android_frameworks_base/365967.patch b/Patches/LineageOS-16.0/android_frameworks_base/365967.patch
deleted file mode 100644
index 02e2c7d5..00000000
--- a/Patches/LineageOS-16.0/android_frameworks_base/365967.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Dmitry Dementyev <dementyev@google.com>
-Date: Fri, 30 Jun 2023 14:36:44 -0700
-Subject: [PATCH] Update AccountManagerService checkKeyIntentParceledCorrectly.
-
-Bug: 265798288
-Test: manual
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:b117b506ec0504ff9eb2fa523e82f1879ecb8cc1)
-Merged-In: Iad33851af32a11c99d11bc2b5c76d124c3e97ebb
-Change-Id: Iad33851af32a11c99d11bc2b5c76d124c3e97ebb
----
- .../com/android/server/accounts/AccountManagerService.java     | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java
-index 36732273ab6f..ec15113c2c78 100644
---- a/services/core/java/com/android/server/accounts/AccountManagerService.java
-+++ b/services/core/java/com/android/server/accounts/AccountManagerService.java
-@@ -4827,6 +4827,9 @@ public class AccountManagerService
-             Bundle simulateBundle = p.readBundle();
-             p.recycle();
-             Intent intent = bundle.getParcelable(AccountManager.KEY_INTENT);
-+            if (intent != null && intent.getClass() != Intent.class) {
-+                return false;
-+            }
-             Intent simulateIntent = simulateBundle.getParcelable(AccountManager.KEY_INTENT);
-             if (intent == null) {
-                 return (simulateIntent == null);
diff --git a/Patches/LineageOS-16.0/android_frameworks_native/365969-backport.patch b/Patches/LineageOS-16.0/android_frameworks_native/365969-backport.patch
deleted file mode 100644
index 6f19c8f7..00000000
--- a/Patches/LineageOS-16.0/android_frameworks_native/365969-backport.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Devin Moore <devinmoore@google.com>
-Date: Tue, 25 Apr 2023 00:17:13 +0000
-Subject: [PATCH] Allow sensors list to be empty
-
-Test: atest VtsHalSensorManagerV1_0TargetTest
-Bug: 278013275
-Bug: 269014004
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:49600b10aa5675d4e7e985203d69f252ead13e45)
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:7057a9f08d98bfec8ffbabcf00f2885d3909c6c9)
-Merged-In: I091f57de9570b0ace3a8da76f16fe0e83f0aa624
-Change-Id: I091f57de9570b0ace3a8da76f16fe0e83f0aa624
----
- libs/sensor/SensorManager.cpp | 7 ++-----
- 1 file changed, 2 insertions(+), 5 deletions(-)
-
-diff --git a/libs/sensor/SensorManager.cpp b/libs/sensor/SensorManager.cpp
-index d7210b10e0..35802db95c 100644
---- a/libs/sensor/SensorManager.cpp
-+++ b/libs/sensor/SensorManager.cpp
-@@ -172,11 +172,8 @@ status_t SensorManager::assertStateLocked() {
- 
-         mSensors = mSensorServer->getSensorList(mOpPackageName);
-         size_t count = mSensors.size();
--        if (count == 0) {
--            ALOGE("Failed to get Sensor list");
--            mSensorServer.clear();
--            return UNKNOWN_ERROR;
--        }
-+        // If count is 0, mSensorList will be non-null. This is old
-+        // existing behavior and callers expect this.
-         mSensorList =
-                 static_cast<Sensor const**>(malloc(count * sizeof(Sensor*)));
-         LOG_ALWAYS_FATAL_IF(mSensorList == NULL, "mSensorList NULL");
diff --git a/Patches/LineageOS-16.0/android_packages_apps_Nfc/365970.patch b/Patches/LineageOS-16.0/android_packages_apps_Nfc/365970.patch
deleted file mode 100644
index 0c62ae51..00000000
--- a/Patches/LineageOS-16.0/android_packages_apps_Nfc/365970.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Alisher Alikhodjaev <alisher@google.com>
-Date: Thu, 1 Jun 2023 13:44:28 -0700
-Subject: [PATCH] Ensure that SecureNFC setting cannot be bypassed
-
-Bug: 268038643
-Test: ctsverifier
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:d6d8f79fd8d605b3cb460895a8e3a11bcf0c22b0)
-Merged-In: Ic408b3ef9e35b646b728f9b76a0ba8922ed6e25f
-Change-Id: Ic408b3ef9e35b646b728f9b76a0ba8922ed6e25f
----
- src/com/android/nfc/NfcService.java                         | 6 ++++++
- src/com/android/nfc/cardemulation/HostEmulationManager.java | 5 +++--
- 2 files changed, 9 insertions(+), 2 deletions(-)
-
-diff --git a/src/com/android/nfc/NfcService.java b/src/com/android/nfc/NfcService.java
-index 059d1826..a92e0456 100644
---- a/src/com/android/nfc/NfcService.java
-+++ b/src/com/android/nfc/NfcService.java
-@@ -830,6 +830,12 @@ public class NfcService implements DeviceHostListener {
-         }
-     }
- 
-+    public boolean isSecureNfcEnabled() {
-+        synchronized (NfcService.this) {
-+            return mIsSecureNfcEnabled;
-+        }
-+    }
-+
-     final class NfcAdapterService extends INfcAdapter.Stub {
-         /**
-          * An interface for vendor specific extensions
-diff --git a/src/com/android/nfc/cardemulation/HostEmulationManager.java b/src/com/android/nfc/cardemulation/HostEmulationManager.java
-index 0a5ce363..739b3ffd 100644
---- a/src/com/android/nfc/cardemulation/HostEmulationManager.java
-+++ b/src/com/android/nfc/cardemulation/HostEmulationManager.java
-@@ -169,8 +169,9 @@ public class HostEmulationManager {
-                     // Resolve to default
-                     // Check if resolvedService requires unlock
-                     ApduServiceInfo defaultServiceInfo = resolveInfo.defaultService;
--                    if (defaultServiceInfo.requiresUnlock() &&
--                            mKeyguard.isKeyguardLocked() && mKeyguard.isKeyguardSecure()) {
-+                    if ((defaultServiceInfo.requiresUnlock()
-+                            || NfcService.getInstance().isSecureNfcEnabled())
-+                          && mKeyguard.isKeyguardLocked() && mKeyguard.isKeyguardSecure()) {
-                         // Just ignore all future APDUs until next tap
-                         mState = STATE_W4_DEACTIVATE;
-                         launchTapAgain(resolveInfo.defaultService, resolveInfo.category);
diff --git a/Patches/LineageOS-16.0/android_packages_apps_Settings/365973-backport.patch b/Patches/LineageOS-16.0/android_packages_apps_Settings/365973-backport.patch
deleted file mode 100644
index f00b64fd..00000000
--- a/Patches/LineageOS-16.0/android_packages_apps_Settings/365973-backport.patch
+++ /dev/null
@@ -1,209 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Taran Singh <tarandeep@google.com>
-Date: Fri, 19 May 2023 23:17:47 +0000
-Subject: [PATCH] DO NOT MERGE: Prevent non-system IME from becoming device
- admin
-
-Currently selected IME can inject KeyEvent on DeviceAdminAdd screen to
-activate itself as device admin and cause various DoS attacks.
-
-This CL ensures KeyEvent on "Activate" button can only come from system
-apps.
-
-Bug: 280793427
-Test: atest DeviceAdminActivationTest
-(cherry picked from commit 70a501d02e0a6aefd874767a15378ba998759373)
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:0ee3b96e59f3e5699c919af3642130fb33cd263b)
-Merged-In: I6470d1684d707f4b1e86f8b456be0b4e0af5f188
-Change-Id: I6470d1684d707f4b1e86f8b456be0b4e0af5f188
----
- src/com/android/settings/DeviceAdminAdd.java | 120 ++++++++++---------
- 1 file changed, 64 insertions(+), 56 deletions(-)
-
-diff --git a/src/com/android/settings/DeviceAdminAdd.java b/src/com/android/settings/DeviceAdminAdd.java
-index fb21deb661..10d170ab6b 100644
---- a/src/com/android/settings/DeviceAdminAdd.java
-+++ b/src/com/android/settings/DeviceAdminAdd.java
-@@ -49,6 +49,8 @@ import android.text.TextUtils.TruncateAt;
- import android.util.EventLog;
- import android.util.Log;
- import android.view.Display;
-+import android.view.KeyEvent;
-+import android.view.LayoutInflater;
- import android.view.View;
- import android.view.ViewGroup;
- import android.view.ViewTreeObserver;
-@@ -133,7 +135,7 @@ public class DeviceAdminAdd extends Activity {
-         mAppOps = (AppOpsManager)getSystemService(Context.APP_OPS_SERVICE);
-         PackageManager packageManager = getPackageManager();
- 
--        if ((getIntent().getFlags()&Intent.FLAG_ACTIVITY_NEW_TASK) != 0) {
-+        if ((getIntent().getFlags() & Intent.FLAG_ACTIVITY_NEW_TASK) != 0) {
-             Log.w(TAG, "Cannot start ADD_DEVICE_ADMIN as a new task");
-             finish();
-             return;
-@@ -143,7 +145,7 @@ public class DeviceAdminAdd extends Activity {
-                 EXTRA_CALLED_FROM_SUPPORT_DIALOG, false);
- 
-         String action = getIntent().getAction();
--        ComponentName who = (ComponentName)getIntent().getParcelableExtra(
-+        ComponentName who = (ComponentName) getIntent().getParcelableExtra(
-                 DevicePolicyManager.EXTRA_DEVICE_ADMIN);
-         if (who == null) {
-             String packageName = getIntent().getStringExtra(EXTRA_DEVICE_ADMIN_PACKAGE_NAME);
-@@ -201,7 +203,7 @@ public class DeviceAdminAdd extends Activity {
-                     PackageManager.GET_DISABLED_UNTIL_USED_COMPONENTS);
-             int count = avail == null ? 0 : avail.size();
-             boolean found = false;
--            for (int i=0; i<count; i++) {
-+            for (int i = 0; i < count; i++) {
-                 ResolveInfo ri = avail.get(i);
-                 if (ai.packageName.equals(ri.activityInfo.packageName)
-                         && ai.name.equals(ri.activityInfo.name)) {
-@@ -284,12 +286,12 @@ public class DeviceAdminAdd extends Activity {
- 
-         setContentView(R.layout.device_admin_add);
- 
--        mAdminIcon = (ImageView)findViewById(R.id.admin_icon);
--        mAdminName = (TextView)findViewById(R.id.admin_name);
--        mAdminDescription = (TextView)findViewById(R.id.admin_description);
-+        mAdminIcon = (ImageView) findViewById(R.id.admin_icon);
-+        mAdminName = (TextView) findViewById(R.id.admin_name);
-+        mAdminDescription = (TextView) findViewById(R.id.admin_description);
-         mProfileOwnerWarning = (TextView) findViewById(R.id.profile_owner_warning);
- 
--        mAddMsg = (TextView)findViewById(R.id.add_msg);
-+        mAddMsg = (TextView) findViewById(R.id.add_msg);
-         mAddMsgExpander = (ImageView) findViewById(R.id.add_msg_expander);
-         final View.OnClickListener onClickListener = new View.OnClickListener() {
-             @Override
-@@ -312,7 +314,7 @@ public class DeviceAdminAdd extends Activity {
-                         mAddMsgExpander.setVisibility(hideMsgExpander ? View.GONE : View.VISIBLE);
-                         if (hideMsgExpander) {
-                             mAddMsg.setOnClickListener(null);
--                            ((View)mAddMsgExpander.getParent()).invalidate();
-+                            ((View) mAddMsgExpander.getParent()).invalidate();
-                         }
-                         mAddMsg.getViewTreeObserver().removeOnGlobalLayoutListener(this);
-                     }
-@@ -330,7 +332,7 @@ public class DeviceAdminAdd extends Activity {
-         mCancelButton.setOnClickListener(new View.OnClickListener() {
-             public void onClick(View v) {
-                 EventLog.writeEvent(EventLogTags.EXP_DET_DEVICE_ADMIN_DECLINED_BY_USER,
--                    mDeviceAdmin.getActivityInfo().applicationInfo.uid);
-+                        mDeviceAdmin.getActivityInfo().applicationInfo.uid);
-                 finish();
-             }
-         });
-@@ -350,58 +352,64 @@ public class DeviceAdminAdd extends Activity {
- 
-         final View restrictedAction = findViewById(R.id.restricted_action);
-         restrictedAction.setFilterTouchesWhenObscured(true);
--        restrictedAction.setOnClickListener(new View.OnClickListener() {
--            public void onClick(View v) {
--                if (!mActionButton.isEnabled()) {
--                    showPolicyTransparencyDialogIfRequired();
--                    return;
--                }
--                if (mAdding) {
--                    addAndFinish();
--                } else if (isManagedProfile(mDeviceAdmin)
--                        && mDeviceAdmin.getComponent().equals(mDPM.getProfileOwner())) {
--                    final int userId = UserHandle.myUserId();
--                    UserDialogs.createRemoveDialog(DeviceAdminAdd.this, userId,
--                            new DialogInterface.OnClickListener() {
--                                @Override
--                                public void onClick(DialogInterface dialog, int which) {
--                                    UserManager um = UserManager.get(DeviceAdminAdd.this);
--                                    um.removeUser(userId);
--                                    finish();
--                                }
-+
-+        final View.OnClickListener restrictedActionClickListener = v -> {
-+            if (!mActionButton.isEnabled()) {
-+                showPolicyTransparencyDialogIfRequired();
-+                return;
-+            }
-+            if (mAdding) {
-+                addAndFinish();
-+            } else if (isManagedProfile(mDeviceAdmin)
-+                    && mDeviceAdmin.getComponent().equals(mDPM.getProfileOwner())) {
-+                final int userId = UserHandle.myUserId();
-+                UserDialogs.createRemoveDialog(DeviceAdminAdd.this, userId,
-+                        new DialogInterface.OnClickListener() {
-+                            @Override
-+                            public void onClick(DialogInterface dialog, int which) {
-+                                UserManager um = UserManager.get(DeviceAdminAdd.this);
-+                                um.removeUser(userId);
-+                                finish();
-                             }
--                    ).show();
--                } else if (mUninstalling) {
--                    mDPM.uninstallPackageWithActiveAdmins(mDeviceAdmin.getPackageName());
--                    finish();
--                } else if (!mWaitingForRemoveMsg) {
--                    try {
--                        // Don't allow the admin to put a dialog up in front
--                        // of us while we interact with the user.
--                        ActivityManager.getService().stopAppSwitches();
--                    } catch (RemoteException e) {
--                    }
--                    mWaitingForRemoveMsg = true;
--                    mDPM.getRemoveWarning(mDeviceAdmin.getComponent(),
--                            new RemoteCallback(new RemoteCallback.OnResultListener() {
--                                @Override
--                                public void onResult(Bundle result) {
--                                    CharSequence msg = result != null
--                                            ? result.getCharSequence(
--                                            DeviceAdminReceiver.EXTRA_DISABLE_WARNING)
--                                            : null;
--                                    continueRemoveAction(msg);
--                                }
--                            }, mHandler));
--                    // Don't want to wait too long.
--                    getWindow().getDecorView().getHandler().postDelayed(new Runnable() {
--                        @Override public void run() {
--                            continueRemoveAction(null);
-                         }
--                    }, 2*1000);
-+                ).show();
-+            } else if (mUninstalling) {
-+                mDPM.uninstallPackageWithActiveAdmins(mDeviceAdmin.getPackageName());
-+                finish();
-+            } else if (!mWaitingForRemoveMsg) {
-+                try {
-+                    // Don't allow the admin to put a dialog up in front
-+                    // of us while we interact with the user.
-+                    ActivityManager.getService().stopAppSwitches();
-+                } catch (RemoteException e) {
-                 }
-+                mWaitingForRemoveMsg = true;
-+                mDPM.getRemoveWarning(mDeviceAdmin.getComponent(),
-+                        new RemoteCallback(new RemoteCallback.OnResultListener() {
-+                            @Override
-+                            public void onResult(Bundle result) {
-+                                CharSequence msg = result != null
-+                                        ? result.getCharSequence(
-+                                        DeviceAdminReceiver.EXTRA_DISABLE_WARNING)
-+                                        : null;
-+                                continueRemoveAction(msg);
-+                            }
-+                        }, mHandler));
-+                // Don't want to wait too long.
-+                getWindow().getDecorView().getHandler().postDelayed(
-+                        () -> continueRemoveAction(null), 2 * 1000);
-+            }
-+        };
-+        restrictedAction.setOnKeyListener((view, keyCode, keyEvent) -> {
-+            if ((keyEvent.getFlags() & KeyEvent.FLAG_FROM_SYSTEM) == 0) {
-+                Log.e(TAG, "Can not activate device-admin with KeyEvent from non-system app.");
-+                // Consume event to suppress click.
-+                return true;
-             }
-+            // Fallback to view click handler.
-+            return false;
-         });
-+        restrictedAction.setOnClickListener(restrictedActionClickListener);
-     }
- 
-     /**
diff --git a/Patches/LineageOS-16.0/android_packages_apps_Trebuchet/365974.patch b/Patches/LineageOS-16.0/android_packages_apps_Trebuchet/365974.patch
deleted file mode 100644
index b2c9716c..00000000
--- a/Patches/LineageOS-16.0/android_packages_apps_Trebuchet/365974.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Pinyao Ting <pinyaoting@google.com>
-Date: Thu, 1 Jun 2023 18:12:44 -0700
-Subject: [PATCH] Fix permission issue in legacy shortcut
-
-When building legacy shortcut, Launcher calls
-PackageManager#resolveActivity to retrieve necessary permission to
-launch the intent.
-
-However, when the source app wraps an arbitrary intent within
-Intent#createChooser, the existing logic will fail because launching
-Chooser doesn't require additional permission.
-
-This CL fixes the security vulnerability by performing the permission
-check against the intent that is wrapped within.
-
-Bug: 270152142
-Test: manual
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:c53818a16b4322a823497726ac7e7a44501b4442)
-Merged-In: If35344c08975e35085c7c2b9b814a3c457a144b0
-Change-Id: If35344c08975e35085c7c2b9b814a3c457a144b0
----
- .../android/launcher3/util/PackageManagerHelper.java | 12 ++++++++++++
- 1 file changed, 12 insertions(+)
-
-diff --git a/src/com/android/launcher3/util/PackageManagerHelper.java b/src/com/android/launcher3/util/PackageManagerHelper.java
-index 0b3b632c02..4eac947fd0 100644
---- a/src/com/android/launcher3/util/PackageManagerHelper.java
-+++ b/src/com/android/launcher3/util/PackageManagerHelper.java
-@@ -116,6 +116,18 @@ public class PackageManagerHelper {
-      * any permissions
-      */
-     public boolean hasPermissionForActivity(Intent intent, String srcPackage) {
-+        // b/270152142
-+        if (Intent.ACTION_CHOOSER.equals(intent.getAction())) {
-+            final Bundle extras = intent.getExtras();
-+            if (extras == null) {
-+                return true;
-+            }
-+            // If given intent is ACTION_CHOOSER, verify srcPackage has permission over EXTRA_INTENT
-+            intent = (Intent) extras.getParcelable(Intent.EXTRA_INTENT);
-+            if (intent == null) {
-+                return true;
-+            }
-+        }
-         ResolveInfo target = mPm.resolveActivity(intent, 0);
-         if (target == null) {
-             // Not a valid target
diff --git a/Patches/LineageOS-16.0/android_packages_providers_TelephonyProvider/364040-backport.patch b/Patches/LineageOS-16.0/android_packages_providers_TelephonyProvider/364040-backport.patch
deleted file mode 100644
index e68278ce..00000000
--- a/Patches/LineageOS-16.0/android_packages_providers_TelephonyProvider/364040-backport.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Aishwarya Mallampati <amallampati@google.com>
-Date: Wed, 10 May 2023 21:54:43 +0000
-Subject: [PATCH] Update file permissions using canonical path
-
-Bug: 264880895
-Bug: 264880689
-Test: atest android.telephonyprovider.cts.MmsPartTest
-      atest CtsTelephonyTestCases
-      Sanity check - sending and receiving sms and mms manually
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:6743638a096c32627f398efd2ea78f08b8a2db8c)
-Merged-In: I8dd888ea31ec07c9f0de38eb8e8170d3ed255686
-Change-Id: I8dd888ea31ec07c9f0de38eb8e8170d3ed255686
----
- src/com/android/providers/telephony/MmsProvider.java | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/src/com/android/providers/telephony/MmsProvider.java b/src/com/android/providers/telephony/MmsProvider.java
-index 6ba775ba..7546c246 100644
---- a/src/com/android/providers/telephony/MmsProvider.java
-+++ b/src/com/android/providers/telephony/MmsProvider.java
-@@ -819,15 +819,16 @@ public class MmsProvider extends ContentProvider {
-                 String path = getContext().getDir(PARTS_DIR_NAME, 0).getPath() + '/' +
-                         uri.getPathSegments().get(1);
-                 try {
-+                    File canonicalFile = new File(path).getCanonicalFile();
-                     String partsDirPath = getContext().getDir(PARTS_DIR_NAME, 0).getCanonicalPath();
--                    if (!new File(path).getCanonicalPath().startsWith(partsDirPath)) {
-+                    if (!canonicalFile.getPath().startsWith(partsDirPath + '/')) {
-                         EventLog.writeEvent(0x534e4554, "240685104",
-                                 Binder.getCallingUid(), (TAG + " update: path " + path +
-                                         " does not start with " + partsDirPath));
-                         return 0;
-                     }
-                     // Reset the file permission back to read for everyone but me.
--                    Os.chmod(path, 0644);
-+                    Os.chmod(canonicalFile.getPath(), 0644);
-                     if (LOCAL_LOGV) {
-                         Log.d(TAG, "MmsProvider.update chmod is successful for path: " + path);
-                     }
diff --git a/Patches/LineageOS-16.0/android_packages_services_Telecomm/364041-backport.patch b/Patches/LineageOS-16.0/android_packages_services_Telecomm/364041-backport.patch
deleted file mode 100644
index f57214b6..00000000
--- a/Patches/LineageOS-16.0/android_packages_services_Telecomm/364041-backport.patch
+++ /dev/null
@@ -1,706 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Pranav Madapurmath <pmadapurmath@google.com>
-Date: Thu, 25 May 2023 20:49:21 +0000
-Subject: [PATCH] Resolve StatusHints image exploit across user.
-
-Because of the INTERACT_ACROSS_USERS permission, an app that implements
-a ConnectionService can upload an image icon belonging to another user
-by setting it in the StatusHints. Validating the construction of the
-StatusHints on the calling user would prevent a malicious app from
-registering a connection service with the embedded image icon from a
-different user.
-
-From additional feedback, this CL also addresses potential
-vulnerabilities in an app being able to directly invoke the binder for a
-means to manipulate the contents of the bundle that are passed with it.
-The targeted points of entry are in ConnectionServiceWrapper for the
-following APIs: handleCreateConnectionComplete, setStatusHints,
-addConferenceCall, and addExistingConnection.
-
-Fixes: 280797684
-Test: Manual (verified that original exploit is no longer an issue).
-Test: Unit test for validating image in StatusHints constructor.
-Test: Unit tests to address vulnerabilities via the binder.
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:49d19dd265bee669b230efa29bf98c83650efea6)
-Merged-In: Ie1f6a8866d31d5f1099dd0630cf8e9ee782d389c
-Change-Id: Ie1f6a8866d31d5f1099dd0630cf8e9ee782d389c
----
- .../telecom/ConnectionServiceWrapper.java     |  32 ++++
- .../server/telecom/tests/BasicCallTests.java  | 165 +++++++++++++++++-
- .../server/telecom/tests/CallExtrasTest.java  |   6 +-
- .../tests/ConnectionServiceFixture.java       |  21 ++-
- .../telecom/tests/TelecomSystemTest.java      |  63 +++++--
- .../server/telecom/tests/VideoCallTests.java  |  16 +-
- 6 files changed, 264 insertions(+), 39 deletions(-)
-
-diff --git a/src/com/android/server/telecom/ConnectionServiceWrapper.java b/src/com/android/server/telecom/ConnectionServiceWrapper.java
-index 6dd9a3a08..1b86842af 100644
---- a/src/com/android/server/telecom/ConnectionServiceWrapper.java
-+++ b/src/com/android/server/telecom/ConnectionServiceWrapper.java
-@@ -19,6 +19,7 @@ package com.android.server.telecom;
- import android.app.AppOpsManager;
- import android.content.ComponentName;
- import android.content.Context;
-+import android.graphics.drawable.Icon;
- import android.net.Uri;
- import android.os.Binder;
- import android.os.Bundle;
-@@ -73,10 +74,17 @@ public class ConnectionServiceWrapper extends ServiceBinder implements
-         public void handleCreateConnectionComplete(String callId, ConnectionRequest request,
-                 ParcelableConnection connection, Session.Info sessionInfo) {
-             Log.startSession(sessionInfo, LogUtils.Sessions.CSW_HANDLE_CREATE_CONNECTION_COMPLETE);
-+            UserHandle callingUserHandle = Binder.getCallingUserHandle();
-             long token = Binder.clearCallingIdentity();
-             try {
-                 synchronized (mLock) {
-                     logIncoming("handleCreateConnectionComplete %s", callId);
-+                    // Check status hints image for cross user access
-+                    if (connection.getStatusHints() != null) {
-+                        Icon icon = connection.getStatusHints().getIcon();
-+                        connection.getStatusHints().setIcon(StatusHints.
-+                                validateAccountIconUserBoundary(icon, callingUserHandle));
-+                    }
-                     ConnectionServiceWrapper.this
-                             .handleCreateConnectionComplete(callId, request, connection);
- 
-@@ -415,6 +423,15 @@ public class ConnectionServiceWrapper extends ServiceBinder implements
-         public void addConferenceCall(String callId, ParcelableConference parcelableConference,
-                 Session.Info sessionInfo) {
-             Log.startSession(sessionInfo, LogUtils.Sessions.CSW_ADD_CONFERENCE_CALL);
-+
-+            UserHandle callingUserHandle = Binder.getCallingUserHandle();
-+            // Check status hints image for cross user access
-+            if (parcelableConference.getStatusHints() != null) {
-+                Icon icon = parcelableConference.getStatusHints().getIcon();
-+                parcelableConference.getStatusHints().setIcon(StatusHints.
-+                        validateAccountIconUserBoundary(icon, callingUserHandle));
-+            }
-+
-             long token = Binder.clearCallingIdentity();
-             try {
-                 synchronized (mLock) {
-@@ -637,10 +654,17 @@ public class ConnectionServiceWrapper extends ServiceBinder implements
-         public void setStatusHints(String callId, StatusHints statusHints,
-                 Session.Info sessionInfo) {
-             Log.startSession(sessionInfo, "CSW.sSH");
-+            UserHandle callingUserHandle = Binder.getCallingUserHandle();
-             long token = Binder.clearCallingIdentity();
-             try {
-                 synchronized (mLock) {
-                     logIncoming("setStatusHints %s %s", callId, statusHints);
-+                    // Check status hints image for cross user access
-+                    if (statusHints != null) {
-+                        Icon icon = statusHints.getIcon();
-+                        statusHints.setIcon(StatusHints.validateAccountIconUserBoundary(
-+                                icon, callingUserHandle));
-+                    }
-                     Call call = mCallIdMapper.getCall(callId);
-                     if (call != null) {
-                         call.setStatusHints(statusHints);
-@@ -819,6 +843,14 @@ public class ConnectionServiceWrapper extends ServiceBinder implements
-                         } else {
-                             connectIdToCheck = callId;
-                         }
-+
-+                        // Check status hints image for cross user access
-+                        if (connection.getStatusHints() != null) {
-+                            Icon icon = connection.getStatusHints().getIcon();
-+                            connection.getStatusHints().setIcon(StatusHints.
-+                                    validateAccountIconUserBoundary(icon, userHandle));
-+                        }
-+
-                         // Check to see if this Connection has already been added.
-                         Call alreadyAddedConnection = mCallsManager
-                                 .getAlreadyAddedConnection(connectIdToCheck);
-diff --git a/tests/src/com/android/server/telecom/tests/BasicCallTests.java b/tests/src/com/android/server/telecom/tests/BasicCallTests.java
-index e304d3416..190604a75 100644
---- a/tests/src/com/android/server/telecom/tests/BasicCallTests.java
-+++ b/tests/src/com/android/server/telecom/tests/BasicCallTests.java
-@@ -16,9 +16,12 @@
- 
- package com.android.server.telecom.tests;
- 
-+import static com.android.server.telecom.tests.ConnectionServiceFixture.STATUS_HINTS_EXTRA;
-+
- import static org.junit.Assert.assertEquals;
- import static org.junit.Assert.assertFalse;
- import static org.junit.Assert.assertNull;
-+import static org.junit.Assert.assertNotNull;
- import static org.junit.Assert.assertTrue;
- import static org.mockito.Matchers.any;
- import static org.mockito.Matchers.anyInt;
-@@ -34,6 +37,8 @@ import static org.mockito.Mockito.when;
- 
- import android.content.Context;
- import android.content.IContentProvider;
-+import android.content.Intent;
-+import android.graphics.drawable.Icon;
- import android.media.AudioManager;
- import android.net.Uri;
- import android.os.Bundle;
-@@ -50,12 +55,15 @@ import android.telecom.Log;
- import android.telecom.ParcelableCall;
- import android.telecom.PhoneAccount;
- import android.telecom.PhoneAccountHandle;
-+import android.telecom.StatusHints;
- import android.telecom.TelecomManager;
- import android.telecom.VideoProfile;
- import android.support.test.filters.FlakyTest;
- import android.test.suitebuilder.annotation.LargeTest;
- import android.test.suitebuilder.annotation.MediumTest;
- 
-+import androidx.test.filters.SmallTest;
-+
- import com.android.internal.telecom.IInCallAdapter;
- import com.android.internal.telephony.CallerInfo;
- 
-@@ -179,7 +187,7 @@ public class BasicCallTests extends TelecomSystemTest {
-     @Test
-     public void testTelecomManagerAcceptRingingVideoCall() throws Exception {
-         IdPair ids = startIncomingPhoneCall("650-555-1212", mPhoneAccountA0.getAccountHandle(),
--                VideoProfile.STATE_BIDIRECTIONAL, mConnectionServiceFixtureA);
-+                VideoProfile.STATE_BIDIRECTIONAL, mConnectionServiceFixtureA, null);
- 
-         assertEquals(Call.STATE_RINGING, mInCallServiceFixtureX.getCall(ids.mCallId).getState());
-         assertEquals(Call.STATE_RINGING, mInCallServiceFixtureY.getCall(ids.mCallId).getState());
-@@ -208,7 +216,7 @@ public class BasicCallTests extends TelecomSystemTest {
-     @Test
-     public void testTelecomManagerAcceptRingingVideoCallAsAudio() throws Exception {
-         IdPair ids = startIncomingPhoneCall("650-555-1212", mPhoneAccountA0.getAccountHandle(),
--                VideoProfile.STATE_BIDIRECTIONAL, mConnectionServiceFixtureA);
-+                VideoProfile.STATE_BIDIRECTIONAL, mConnectionServiceFixtureA, null);
- 
-         assertEquals(Call.STATE_RINGING, mInCallServiceFixtureX.getCall(ids.mCallId).getState());
-         assertEquals(Call.STATE_RINGING, mInCallServiceFixtureY.getCall(ids.mCallId).getState());
-@@ -236,7 +244,7 @@ public class BasicCallTests extends TelecomSystemTest {
-     @Test
-     public void testTelecomManagerAcceptRingingInvalidVideoState() throws Exception {
-         IdPair ids = startIncomingPhoneCall("650-555-1212", mPhoneAccountA0.getAccountHandle(),
--                VideoProfile.STATE_BIDIRECTIONAL, mConnectionServiceFixtureA);
-+                VideoProfile.STATE_BIDIRECTIONAL, mConnectionServiceFixtureA, null);
- 
-         assertEquals(Call.STATE_RINGING, mInCallServiceFixtureX.getCall(ids.mCallId).getState());
-         assertEquals(Call.STATE_RINGING, mInCallServiceFixtureY.getCall(ids.mCallId).getState());
-@@ -629,13 +637,13 @@ public class BasicCallTests extends TelecomSystemTest {
-     @MediumTest
-     @Test
-     public void testBasicConferenceCall() throws Exception {
--        makeConferenceCall();
-+        makeConferenceCall(null, null);
-     }
- 
-     @MediumTest
-     @Test
-     public void testAddCallToConference1() throws Exception {
--        ParcelableCall conferenceCall = makeConferenceCall();
-+        ParcelableCall conferenceCall = makeConferenceCall(null, null);
-         IdPair callId3 = startAndMakeActiveOutgoingCall("650-555-1214",
-                 mPhoneAccountA0.getAccountHandle(), mConnectionServiceFixtureA);
-         // testAddCallToConference{1,2} differ in the order of arguments to InCallAdapter#conference
-@@ -653,7 +661,7 @@ public class BasicCallTests extends TelecomSystemTest {
-     @MediumTest
-     @Test
-     public void testAddCallToConference2() throws Exception {
--        ParcelableCall conferenceCall = makeConferenceCall();
-+        ParcelableCall conferenceCall = makeConferenceCall(null, null);
-         IdPair callId3 = startAndMakeActiveOutgoingCall("650-555-1214",
-                 mPhoneAccountA0.getAccountHandle(), mConnectionServiceFixtureA);
-         mInCallServiceFixtureX.getInCallAdapter()
-@@ -909,7 +917,7 @@ public class BasicCallTests extends TelecomSystemTest {
-     public void testOutgoingCallSelectPhoneAccountVideo() throws Exception {
-         startOutgoingPhoneCallPendingCreateConnection("650-555-1212",
-                 null, mConnectionServiceFixtureA,
--                Process.myUserHandle(), VideoProfile.STATE_BIDIRECTIONAL);
-+                Process.myUserHandle(), VideoProfile.STATE_BIDIRECTIONAL, null);
-         com.android.server.telecom.Call call = mTelecomSystem.getCallsManager().getCalls()
-                 .iterator().next();
-         assert(call.isVideoCallingSupported());
-@@ -932,7 +940,7 @@ public class BasicCallTests extends TelecomSystemTest {
-     public void testOutgoingCallSelectPhoneAccountNoVideo() throws Exception {
-         startOutgoingPhoneCallPendingCreateConnection("650-555-1212",
-                 null, mConnectionServiceFixtureA,
--                Process.myUserHandle(), VideoProfile.STATE_BIDIRECTIONAL);
-+                Process.myUserHandle(), VideoProfile.STATE_BIDIRECTIONAL, null);
-         com.android.server.telecom.Call call = mTelecomSystem.getCallsManager().getCalls()
-                 .iterator().next();
-         assert(call.isVideoCallingSupported());
-@@ -1134,4 +1142,145 @@ public class BasicCallTests extends TelecomSystemTest {
-         assertTrue(muteValues.get(0));
-         assertFalse(muteValues.get(1));
-     }
-+
-+    /**
-+     * Verifies that StatusHints image is validated in ConnectionServiceWrapper#addConferenceCall
-+     * when the image doesn't belong to the calling user. Simulates a scenario where an app
-+     * could manipulate the contents of the bundle and send it via the binder to upload an image
-+     * from another user.
-+     *
-+     * @throws Exception
-+     */
-+    @SmallTest
-+    @Test
-+    public void testValidateStatusHintsImage_addConferenceCall() throws Exception {
-+        Intent callIntent1 = new Intent();
-+        // Stub intent for call2
-+        Intent callIntent2 = new Intent();
-+        Bundle callExtras1 = new Bundle();
-+        Icon icon = Icon.createWithContentUri("content://10@media/external/images/media/");
-+        // Load StatusHints extra into TelecomManager.EXTRA_OUTGOING_CALL_EXTRAS to be processed
-+        // as the call extras. This will be leveraged in ConnectionServiceFixture to set the
-+        // StatusHints for the given connection.
-+        StatusHints statusHints = new StatusHints(icon);
-+        assertNotNull(statusHints.getIcon());
-+        callExtras1.putParcelable(STATUS_HINTS_EXTRA, statusHints);
-+        callIntent1.putExtra(TelecomManager.EXTRA_OUTGOING_CALL_EXTRAS, callExtras1);
-+
-+        // Start conference call to invoke ConnectionServiceWrapper#addConferenceCall.
-+        // Note that the calling user would be User 0.
-+        ParcelableCall conferenceCall = makeConferenceCall(callIntent1, callIntent2);
-+
-+        // Ensure that StatusHints was set.
-+        assertNotNull(mInCallServiceFixtureX.getCall(mInCallServiceFixtureX.mLatestCallId)
-+                .getStatusHints());
-+        // Ensure that the StatusHints image icon was disregarded.
-+        assertNull(mInCallServiceFixtureX.getCall(mInCallServiceFixtureX.mLatestCallId)
-+                .getStatusHints().getIcon());
-+    }
-+
-+    /**
-+     * Verifies that StatusHints image is validated in
-+     * ConnectionServiceWrapper#handleCreateConnectionComplete when the image doesn't belong to the
-+     * calling user. Simulates a scenario where an app could manipulate the contents of the
-+     * bundle and send it via the binder to upload an image from another user.
-+     *
-+     * @throws Exception
-+     */
-+    @SmallTest
-+    @Test
-+    public void testValidateStatusHintsImage_handleCreateConnectionComplete() throws Exception {
-+        Bundle extras = new Bundle();
-+        Icon icon = Icon.createWithContentUri("content://10@media/external/images/media/");
-+        // Load the bundle with the test extra in order to simulate an app directly invoking the
-+        // binder on ConnectionServiceWrapper#handleCreateConnectionComplete.
-+        StatusHints statusHints = new StatusHints(icon);
-+        assertNotNull(statusHints.getIcon());
-+        extras.putParcelable(STATUS_HINTS_EXTRA, statusHints);
-+
-+        // Start incoming call with StatusHints extras
-+        // Note that the calling user in ConnectionServiceWrapper#handleCreateConnectionComplete
-+        // would be User 0.
-+        IdPair ids = startIncomingPhoneCallWithExtras("650-555-1212",
-+                mPhoneAccountA0.getAccountHandle(), mConnectionServiceFixtureA, extras);
-+
-+        // Ensure that StatusHints was set.
-+        assertNotNull(mInCallServiceFixtureX.getCall(ids.mCallId).getStatusHints());
-+        // Ensure that the StatusHints image icon was disregarded.
-+        assertNull(mInCallServiceFixtureX.getCall(ids.mCallId).getStatusHints().getIcon());
-+    }
-+
-+    /**
-+     * Verifies that StatusHints image is validated in ConnectionServiceWrapper#setStatusHints
-+     * when the image doesn't belong to the calling user. Simulates a scenario where an app
-+     * could manipulate the contents of the bundle and send it via the binder to upload an image
-+     * from another user.
-+     *
-+     * @throws Exception
-+     */
-+    @SmallTest
-+    @Test
-+    public void testValidateStatusHintsImage_setStatusHints() throws Exception {
-+        IdPair outgoing = startAndMakeActiveOutgoingCall("650-555-1214",
-+                mPhoneAccountA0.getAccountHandle(), mConnectionServiceFixtureA);
-+
-+        // Modify existing connection with StatusHints image exploit
-+        Icon icon = Icon.createWithContentUri("content://10@media/external/images/media/");
-+        StatusHints statusHints = new StatusHints(icon);
-+        assertNotNull(statusHints.getIcon());
-+        ConnectionServiceFixture.ConnectionInfo connectionInfo = mConnectionServiceFixtureA
-+                .mConnectionById.get(outgoing.mConnectionId);
-+        connectionInfo.statusHints = statusHints;
-+
-+        // Invoke ConnectionServiceWrapper#setStatusHints.
-+        // Note that the calling user would be User 0.
-+        mConnectionServiceFixtureA.sendSetStatusHints(outgoing.mConnectionId);
-+        waitForHandlerAction(mConnectionServiceFixtureA.mConnectionServiceDelegate.getHandler(),
-+                TEST_TIMEOUT);
-+
-+        // Ensure that StatusHints was set.
-+        assertNotNull(mInCallServiceFixtureX.getCall(outgoing.mCallId).getStatusHints());
-+        // Ensure that the StatusHints image icon was disregarded.
-+        assertNull(mInCallServiceFixtureX.getCall(outgoing.mCallId)
-+                .getStatusHints().getIcon());
-+    }
-+
-+    /**
-+     * Verifies that StatusHints image is validated in
-+     * ConnectionServiceWrapper#addExistingConnection when the image doesn't belong to the calling
-+     * user. Simulates a scenario where an app could manipulate the contents of the bundle and
-+     * send it via the binder to upload an image from another user.
-+     *
-+     * @throws Exception
-+     */
-+    @SmallTest
-+    @Test
-+    public void testValidateStatusHintsImage_addExistingConnection() throws Exception {
-+        IdPair outgoing = startAndMakeActiveOutgoingCall("650-555-1214",
-+                mPhoneAccountA0.getAccountHandle(), mConnectionServiceFixtureA);
-+        Connection existingConnection = mConnectionServiceFixtureA.mLatestConnection;
-+
-+        // Modify existing connection with StatusHints image exploit
-+        Icon icon = Icon.createWithContentUri("content://10@media/external/images/media/");
-+        StatusHints modifiedStatusHints = new StatusHints(icon);
-+        assertNotNull(modifiedStatusHints.getIcon());
-+        ConnectionServiceFixture.ConnectionInfo connectionInfo = mConnectionServiceFixtureA
-+                .mConnectionById.get(outgoing.mConnectionId);
-+        connectionInfo.statusHints = modifiedStatusHints;
-+
-+        // Invoke ConnectionServiceWrapper#addExistingConnection.
-+        // Note that the calling user would be User 0.
-+        mConnectionServiceFixtureA.sendAddExistingConnection(outgoing.mConnectionId);
-+        waitForHandlerAction(mConnectionServiceFixtureA.mConnectionServiceDelegate.getHandler(),
-+                TEST_TIMEOUT);
-+
-+        // Ensure that StatusHints was set. Due to test setup, the ParcelableConnection object that
-+        // is passed into sendAddExistingConnection is instantiated on invocation. The call's
-+        // StatusHints are not updated at the time of completion, so instead, we can verify that
-+        // the ParcelableConnection object was modified.
-+        assertNotNull(mConnectionServiceFixtureA.mLatestParcelableConnection.getStatusHints());
-+        // Ensure that the StatusHints image icon was disregarded.
-+        assertNull(mConnectionServiceFixtureA.mLatestParcelableConnection
-+                .getStatusHints().getIcon());
-+    }
- }
-diff --git a/tests/src/com/android/server/telecom/tests/CallExtrasTest.java b/tests/src/com/android/server/telecom/tests/CallExtrasTest.java
-index 44578c519..219a81e63 100644
---- a/tests/src/com/android/server/telecom/tests/CallExtrasTest.java
-+++ b/tests/src/com/android/server/telecom/tests/CallExtrasTest.java
-@@ -357,7 +357,7 @@ public class CallExtrasTest extends TelecomSystemTest {
-     @LargeTest
-     @Test
-     public void testConferenceSetExtras() throws Exception {
--        ParcelableCall call = makeConferenceCall();
-+        ParcelableCall call = makeConferenceCall(null, null);
-         String conferenceId = call.getId();
- 
-         Conference conference = mConnectionServiceFixtureA.mLatestConference;
-@@ -400,7 +400,7 @@ public class CallExtrasTest extends TelecomSystemTest {
-     @LargeTest
-     @Test
-     public void testConferenceExtraOperations() throws Exception {
--        ParcelableCall call = makeConferenceCall();
-+        ParcelableCall call = makeConferenceCall(null, null);
-         String conferenceId = call.getId();
-         Conference conference = mConnectionServiceFixtureA.mLatestConference;
-         assertNotNull(conference);
-@@ -436,7 +436,7 @@ public class CallExtrasTest extends TelecomSystemTest {
-     @LargeTest
-     @Test
-     public void testConferenceICS() throws Exception {
--        ParcelableCall call = makeConferenceCall();
-+        ParcelableCall call = makeConferenceCall(null, null);
-         String conferenceId = call.getId();
-         Conference conference = mConnectionServiceFixtureA.mLatestConference;
- 
-diff --git a/tests/src/com/android/server/telecom/tests/ConnectionServiceFixture.java b/tests/src/com/android/server/telecom/tests/ConnectionServiceFixture.java
-index 3154b7d0d..f91863fbe 100644
---- a/tests/src/com/android/server/telecom/tests/ConnectionServiceFixture.java
-+++ b/tests/src/com/android/server/telecom/tests/ConnectionServiceFixture.java
-@@ -67,6 +67,7 @@ public class ConnectionServiceFixture implements TestFixture<IConnectionService>
-     static int INVALID_VIDEO_STATE = -1;
-     public CountDownLatch mExtrasLock = new CountDownLatch(1);
-     static int NOT_SPECIFIED = 0;
-+    public static final String STATUS_HINTS_EXTRA = "updateStatusHints";
- 
-     /**
-      * Implementation of ConnectionService that performs no-ops for tasks normally meant for
-@@ -101,6 +102,11 @@ public class ConnectionServiceFixture implements TestFixture<IConnectionService>
-             if (mProperties != NOT_SPECIFIED) {
-                 fakeConnection.setConnectionProperties(mProperties);
-             }
-+            // Testing for StatusHints image icon cross user access
-+            if (request.getExtras() != null) {
-+                fakeConnection.setStatusHints(
-+                        request.getExtras().getParcelable(STATUS_HINTS_EXTRA));
-+            }
- 
-             return fakeConnection;
-         }
-@@ -117,6 +123,11 @@ public class ConnectionServiceFixture implements TestFixture<IConnectionService>
-             if (mProperties != NOT_SPECIFIED) {
-                 fakeConnection.setConnectionProperties(mProperties);
-             }
-+            // Testing for StatusHints image icon cross user access
-+            if (request.getExtras() != null) {
-+                fakeConnection.setStatusHints(
-+                        request.getExtras().getParcelable(STATUS_HINTS_EXTRA));
-+            }
-             return fakeConnection;
-         }
- 
-@@ -133,6 +144,12 @@ public class ConnectionServiceFixture implements TestFixture<IConnectionService>
-                 Conference fakeConference = new FakeConference();
-                 fakeConference.addConnection(cxn1);
-                 fakeConference.addConnection(cxn2);
-+                if (cxn1.getStatusHints() != null || cxn2.getStatusHints() != null) {
-+                    // For testing purposes, pick one of the status hints that isn't null.
-+                    StatusHints statusHints = cxn1.getStatusHints() != null
-+                            ? cxn1.getStatusHints() : cxn2.getStatusHints();
-+                    fakeConference.setStatusHints(statusHints);
-+                }
-                 mLatestConference = fakeConference;
-                 addConference(fakeConference);
-             } else {
-@@ -438,6 +455,7 @@ public class ConnectionServiceFixture implements TestFixture<IConnectionService>
- 
-     public String mLatestConnectionId;
-     public Connection mLatestConnection;
-+    public ParcelableConnection mLatestParcelableConnection;
-     public Conference mLatestConference;
-     public final Set<IConnectionServiceAdapter> mConnectionServiceAdapters = new HashSet<>();
-     public final Map<String, ConnectionInfo> mConnectionById = new HashMap<>();
-@@ -672,7 +690,7 @@ public class ConnectionServiceFixture implements TestFixture<IConnectionService>
-     }
- 
-     private ParcelableConnection parcelable(ConnectionInfo c) {
--        return new ParcelableConnection(
-+        mLatestParcelableConnection = new ParcelableConnection(
-                 c.request.getAccountHandle(),
-                 c.state,
-                 c.capabilities,
-@@ -692,5 +710,6 @@ public class ConnectionServiceFixture implements TestFixture<IConnectionService>
-                 c.disconnectCause,
-                 c.conferenceableConnectionIds,
-                 c.extras);
-+        return mLatestParcelableConnection;
-     }
- }
-diff --git a/tests/src/com/android/server/telecom/tests/TelecomSystemTest.java b/tests/src/com/android/server/telecom/tests/TelecomSystemTest.java
-index 4cf76444a..c98b7e699 100644
---- a/tests/src/com/android/server/telecom/tests/TelecomSystemTest.java
-+++ b/tests/src/com/android/server/telecom/tests/TelecomSystemTest.java
-@@ -374,12 +374,13 @@ public class TelecomSystemTest extends TelecomTestCase {
-         super.tearDown();
-     }
- 
--    protected ParcelableCall makeConferenceCall() throws Exception {
--        IdPair callId1 = startAndMakeActiveOutgoingCall("650-555-1212",
--                mPhoneAccountA0.getAccountHandle(), mConnectionServiceFixtureA);
-+    protected ParcelableCall makeConferenceCall(
-+            Intent callIntentExtras1, Intent callIntentExtras2) throws Exception {
-+        IdPair callId1 = startAndMakeActiveOutgoingCallWithExtras("650-555-1212",
-+                mPhoneAccountA0.getAccountHandle(), mConnectionServiceFixtureA, callIntentExtras1);
- 
--        IdPair callId2 = startAndMakeActiveOutgoingCall("650-555-1213",
--                mPhoneAccountA0.getAccountHandle(), mConnectionServiceFixtureA);
-+        IdPair callId2 = startAndMakeActiveOutgoingCallWithExtras("650-555-1213",
-+                mPhoneAccountA0.getAccountHandle(), mConnectionServiceFixtureA, callIntentExtras2);
- 
-         IInCallAdapter inCallAdapter = mInCallServiceFixtureX.getInCallAdapter();
-         inCallAdapter.conference(callId1.mCallId, callId2.mCallId);
-@@ -582,17 +583,17 @@ public class TelecomSystemTest extends TelecomTestCase {
-             throws Exception {
- 
-         return startOutgoingPhoneCall(number, phoneAccountHandle, connectionServiceFixture,
--                initiatingUser, VideoProfile.STATE_AUDIO_ONLY);
-+                initiatingUser, VideoProfile.STATE_AUDIO_ONLY, null);
-     }
- 
-     protected IdPair startOutgoingPhoneCall(String number, PhoneAccountHandle phoneAccountHandle,
-             ConnectionServiceFixture connectionServiceFixture, UserHandle initiatingUser,
--            int videoState) throws Exception {
-+            int videoState, Intent callIntentExtras) throws Exception {
-         int startingNumConnections = connectionServiceFixture.mConnectionById.size();
-         int startingNumCalls = mInCallServiceFixtureX.mCallById.size();
- 
-         startOutgoingPhoneCallPendingCreateConnection(number, phoneAccountHandle,
--                connectionServiceFixture, initiatingUser, videoState);
-+                connectionServiceFixture, initiatingUser, videoState, callIntentExtras);
- 
-         verify(connectionServiceFixture.getTestDouble(), timeout(TEST_TIMEOUT))
-                 .createConnectionComplete(anyString(), any());
-@@ -631,7 +632,7 @@ public class TelecomSystemTest extends TelecomTestCase {
-         mIsEmergencyCall = true;
-         // Call will not use the ordered broadcaster, since it is an Emergency Call
-         startOutgoingPhoneCallWaitForBroadcaster(number, phoneAccountHandle,
--                connectionServiceFixture, initiatingUser, videoState, true /*isEmergency*/);
-+                connectionServiceFixture, initiatingUser, videoState, true /*isEmergency*/, null);
- 
-         return outgoingCallCreateConnectionComplete(startingNumConnections, startingNumCalls,
-                 phoneAccountHandle, connectionServiceFixture);
-@@ -640,7 +641,7 @@ public class TelecomSystemTest extends TelecomTestCase {
-     protected void startOutgoingPhoneCallWaitForBroadcaster(String number,
-             PhoneAccountHandle phoneAccountHandle,
-             ConnectionServiceFixture connectionServiceFixture, UserHandle initiatingUser,
--            int videoState, boolean isEmergency) throws Exception {
-+            int videoState, boolean isEmergency, Intent actionCallIntent) throws Exception {
-         reset(connectionServiceFixture.getTestDouble(), mInCallServiceFixtureX.getTestDouble(),
-                 mInCallServiceFixtureY.getTestDouble());
- 
-@@ -653,7 +654,9 @@ public class TelecomSystemTest extends TelecomTestCase {
- 
-         boolean hasInCallAdapter = mInCallServiceFixtureX.mInCallAdapter != null;
- 
--        Intent actionCallIntent = new Intent();
-+        if (actionCallIntent == null) {
-+            actionCallIntent = new Intent();
-+        }
-         actionCallIntent.setData(Uri.parse("tel:" + number));
-         actionCallIntent.putExtra(Intent.EXTRA_PHONE_NUMBER, number);
-         if(isEmergency) {
-@@ -699,9 +702,9 @@ public class TelecomSystemTest extends TelecomTestCase {
-     protected String startOutgoingPhoneCallPendingCreateConnection(String number,
-             PhoneAccountHandle phoneAccountHandle,
-             ConnectionServiceFixture connectionServiceFixture, UserHandle initiatingUser,
--            int videoState) throws Exception {
-+            int videoState, Intent callIntentExtras) throws Exception {
-         startOutgoingPhoneCallWaitForBroadcaster(number,phoneAccountHandle,
--                connectionServiceFixture, initiatingUser, videoState, false /*isEmergency*/);
-+                connectionServiceFixture, initiatingUser, videoState, false /*isEmergency*/, callIntentExtras);
- 
-         ArgumentCaptor<Intent> newOutgoingCallIntent =
-                 ArgumentCaptor.forClass(Intent.class);
-@@ -798,14 +801,24 @@ public class TelecomSystemTest extends TelecomTestCase {
-             PhoneAccountHandle phoneAccountHandle,
-             final ConnectionServiceFixture connectionServiceFixture) throws Exception {
-         return startIncomingPhoneCall(number, phoneAccountHandle, VideoProfile.STATE_AUDIO_ONLY,
--                connectionServiceFixture);
-+                connectionServiceFixture, null);
-+    }
-+
-+    protected IdPair startIncomingPhoneCallWithExtras(
-+            String number,
-+            PhoneAccountHandle phoneAccountHandle,
-+            final ConnectionServiceFixture connectionServiceFixture,
-+            Bundle extras) throws Exception {
-+        return startIncomingPhoneCall(number, phoneAccountHandle, VideoProfile.STATE_AUDIO_ONLY,
-+                connectionServiceFixture, extras);
-     }
- 
-     protected IdPair startIncomingPhoneCall(
-             String number,
-             PhoneAccountHandle phoneAccountHandle,
-             int videoState,
--            final ConnectionServiceFixture connectionServiceFixture) throws Exception {
-+            final ConnectionServiceFixture connectionServiceFixture,
-+            Bundle extras) throws Exception {
-         reset(connectionServiceFixture.getTestDouble(), mInCallServiceFixtureX.getTestDouble(),
-                 mInCallServiceFixtureY.getTestDouble());
- 
-@@ -822,7 +835,9 @@ public class TelecomSystemTest extends TelecomTestCase {
-                 new IncomingCallAddedListener(incomingCallAddedLatch);
-         mTelecomSystem.getCallsManager().addListener(callAddedListener);
- 
--        Bundle extras = new Bundle();
-+        if (extras == null) {
-+            extras = new Bundle();
-+        }
-         extras.putParcelable(
-                 TelecomManager.EXTRA_INCOMING_CALL_ADDRESS,
-                 Uri.fromParts(PhoneAccount.SCHEME_TEL, number, null));
-@@ -916,7 +931,16 @@ public class TelecomSystemTest extends TelecomTestCase {
-             PhoneAccountHandle phoneAccountHandle,
-             ConnectionServiceFixture connectionServiceFixture) throws Exception {
-         return startAndMakeActiveOutgoingCall(number, phoneAccountHandle, connectionServiceFixture,
--                VideoProfile.STATE_AUDIO_ONLY);
-+                VideoProfile.STATE_AUDIO_ONLY, null);
-+    }
-+
-+    protected IdPair startAndMakeActiveOutgoingCallWithExtras(
-+            String number,
-+            PhoneAccountHandle phoneAccountHandle,
-+            ConnectionServiceFixture connectionServiceFixture,
-+            Intent callIntentExtras) throws Exception {
-+        return startAndMakeActiveOutgoingCall(number, phoneAccountHandle, connectionServiceFixture,
-+                VideoProfile.STATE_AUDIO_ONLY, callIntentExtras);
-     }
- 
-     // A simple outgoing call, verifying that the appropriate connection service is contacted,
-@@ -924,9 +948,10 @@ public class TelecomSystemTest extends TelecomTestCase {
-     protected IdPair startAndMakeActiveOutgoingCall(
-             String number,
-             PhoneAccountHandle phoneAccountHandle,
--            ConnectionServiceFixture connectionServiceFixture, int videoState) throws Exception {
-+            ConnectionServiceFixture connectionServiceFixture, int videoState,
-+            Intent callIntentExtras) throws Exception {
-         IdPair ids = startOutgoingPhoneCall(number, phoneAccountHandle, connectionServiceFixture,
--                Process.myUserHandle(), videoState);
-+                Process.myUserHandle(), videoState, callIntentExtras);
- 
-         connectionServiceFixture.sendSetDialing(ids.mConnectionId);
-         if (phoneAccountHandle != mPhoneAccountSelfManaged.getAccountHandle()) {
-diff --git a/tests/src/com/android/server/telecom/tests/VideoCallTests.java b/tests/src/com/android/server/telecom/tests/VideoCallTests.java
-index 97e71d18b..84beedc0f 100644
---- a/tests/src/com/android/server/telecom/tests/VideoCallTests.java
-+++ b/tests/src/com/android/server/telecom/tests/VideoCallTests.java
-@@ -105,7 +105,7 @@ public class VideoCallTests extends TelecomSystemTest {
-         // Start an incoming video call.
-         IdPair ids = startAndMakeActiveOutgoingCall("650-555-1212",
-                 mPhoneAccountA0.getAccountHandle(), mConnectionServiceFixtureA,
--                VideoProfile.STATE_BIDIRECTIONAL);
-+                VideoProfile.STATE_BIDIRECTIONAL, null);
- 
-         verifyAudioRoute(CallAudioState.ROUTE_SPEAKER);
-     }
-@@ -121,7 +121,7 @@ public class VideoCallTests extends TelecomSystemTest {
-         // Start an incoming video call.
-         IdPair ids = startAndMakeActiveOutgoingCall("650-555-1212",
-                 mPhoneAccountA0.getAccountHandle(), mConnectionServiceFixtureA,
--                VideoProfile.STATE_TX_ENABLED);
-+                VideoProfile.STATE_TX_ENABLED, null);
- 
-         verifyAudioRoute(CallAudioState.ROUTE_SPEAKER);
-     }
-@@ -137,7 +137,7 @@ public class VideoCallTests extends TelecomSystemTest {
-         // Start an incoming video call.
-         IdPair ids = startAndMakeActiveOutgoingCall("650-555-1212",
-                 mPhoneAccountA0.getAccountHandle(), mConnectionServiceFixtureA,
--                VideoProfile.STATE_AUDIO_ONLY);
-+                VideoProfile.STATE_AUDIO_ONLY, null);
- 
-         verifyAudioRoute(CallAudioState.ROUTE_EARPIECE);
-     }
-@@ -165,7 +165,7 @@ public class VideoCallTests extends TelecomSystemTest {
-     @Test
-     public void testIncomingVideoCallMissedCheckVideoHistory() throws Exception {
-         IdPair ids = startIncomingPhoneCall("650-555-1212", mPhoneAccountA0.getAccountHandle(),
--                VideoProfile.STATE_BIDIRECTIONAL, mConnectionServiceFixtureA);
-+                VideoProfile.STATE_BIDIRECTIONAL, mConnectionServiceFixtureA, null);
-         com.android.server.telecom.Call call = mTelecomSystem.getCallsManager().getCalls()
-                 .iterator().next();
- 
-@@ -182,7 +182,7 @@ public class VideoCallTests extends TelecomSystemTest {
-     @Test
-     public void testIncomingVideoCallRejectedCheckVideoHistory() throws Exception {
-         IdPair ids = startIncomingPhoneCall("650-555-1212", mPhoneAccountA0.getAccountHandle(),
--                VideoProfile.STATE_BIDIRECTIONAL, mConnectionServiceFixtureA);
-+                VideoProfile.STATE_BIDIRECTIONAL, mConnectionServiceFixtureA, null);
-         com.android.server.telecom.Call call = mTelecomSystem.getCallsManager().getCalls()
-                 .iterator().next();
- 
-@@ -201,7 +201,7 @@ public class VideoCallTests extends TelecomSystemTest {
-     public void testOutgoingVideoCallCanceledCheckVideoHistory() throws Exception {
-         IdPair ids = startOutgoingPhoneCall("650-555-1212", mPhoneAccountA0.getAccountHandle(),
-                 mConnectionServiceFixtureA, Process.myUserHandle(),
--                VideoProfile.STATE_BIDIRECTIONAL);
-+                VideoProfile.STATE_BIDIRECTIONAL, null);
-         com.android.server.telecom.Call call = mTelecomSystem.getCallsManager().getCalls()
-                 .iterator().next();
- 
-@@ -219,7 +219,7 @@ public class VideoCallTests extends TelecomSystemTest {
-     public void testOutgoingVideoCallRejectedCheckVideoHistory() throws Exception {
-         IdPair ids = startOutgoingPhoneCall("650-555-1212", mPhoneAccountA0.getAccountHandle(),
-                 mConnectionServiceFixtureA, Process.myUserHandle(),
--                VideoProfile.STATE_BIDIRECTIONAL);
-+                VideoProfile.STATE_BIDIRECTIONAL, null);
-         com.android.server.telecom.Call call = mTelecomSystem.getCallsManager().getCalls()
-                 .iterator().next();
- 
-@@ -237,7 +237,7 @@ public class VideoCallTests extends TelecomSystemTest {
-     public void testOutgoingVideoCallAnsweredAsAudio() throws Exception {
-         IdPair ids = startOutgoingPhoneCall("650-555-1212", mPhoneAccountA0.getAccountHandle(),
-                 mConnectionServiceFixtureA, Process.myUserHandle(),
--                VideoProfile.STATE_BIDIRECTIONAL);
-+                VideoProfile.STATE_BIDIRECTIONAL, null);
-         com.android.server.telecom.Call call = mTelecomSystem.getCallsManager().getCalls()
-                 .iterator().next();
- 
diff --git a/Patches/LineageOS-16.0/android_packages_services_Telephony/365978-backport.patch b/Patches/LineageOS-16.0/android_packages_services_Telephony/365978-backport.patch
deleted file mode 100644
index 369aaed8..00000000
--- a/Patches/LineageOS-16.0/android_packages_services_Telephony/365978-backport.patch
+++ /dev/null
@@ -1,138 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Ashish Kumar <akgaurav@google.com>
-Date: Fri, 26 May 2023 14:18:46 +0000
-Subject: [PATCH] RESTRICT AUTOMERGE Fixed leak of cross user data in multiple
- settings.
-
-  - Any app is allowed to receive GET_CONTENT intent. Using this, an user puts back in the intent an uri with data of another user.
-  - Telephony service has INTERACT_ACROSS_USER permission. Using this, it reads and shows the deta to the evil user.
-
-Fix: When telephony service gets the intent result, it checks if the uri is from the current user or not.
-
-Bug: b/256591023 , b/256819787
-
-Test: The malicious behaviour was not being reproduced. Unable to import contact from other users data.
-Test2: Able to import contact from the primary user or uri with no user id
-(These settings are not available for secondary users)
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:36e10a6d0d7b9efc543f8004729fa85751f4f70d)
-Merged-In: I1e3a643f17948153aecc1d0df9ffd9619ad678c1
-Change-Id: I1e3a643f17948153aecc1d0df9ffd9619ad678c1
----
- .../android/phone/GsmUmtsCallForwardOptions.java   | 12 ++++++++++++
- .../phone/settings/VoicemailSettingsActivity.java  | 14 ++++++++++++++
- .../phone/settings/fdn/EditFdnContactScreen.java   | 13 +++++++++++++
- 3 files changed, 39 insertions(+)
-
-diff --git a/src/com/android/phone/GsmUmtsCallForwardOptions.java b/src/com/android/phone/GsmUmtsCallForwardOptions.java
-index 77cc6cca6..aa1c797d4 100644
---- a/src/com/android/phone/GsmUmtsCallForwardOptions.java
-+++ b/src/com/android/phone/GsmUmtsCallForwardOptions.java
-@@ -5,9 +5,12 @@ import com.android.internal.telephony.CommandsInterface;
- import com.android.internal.telephony.Phone;
- 
- import android.app.ActionBar;
-+import android.content.ContentProvider;
- import android.content.Intent;
- import android.database.Cursor;
- import android.os.Bundle;
-+import android.os.Process;
-+import android.os.UserHandle;
- import android.preference.Preference;
- import android.preference.PreferenceScreen;
- import android.telephony.CarrierConfigManager;
-@@ -156,6 +159,15 @@ public class GsmUmtsCallForwardOptions extends TimeConsumingPreferenceActivity {
-         }
-         Cursor cursor = null;
-         try {
-+            // check if the URI returned by the user belongs to the user
-+            final int currentUser = UserHandle.getUserId(Process.myUid());
-+            if (currentUser
-+                    != ContentProvider.getUserIdFromUri(data.getData(), currentUser)) {
-+
-+                Log.w(LOG_TAG, "onActivityResult: Contact data of different user, "
-+                        + "cannot access");
-+                return;
-+            }
-             cursor = getContentResolver().query(data.getData(),
-                 NUM_PROJECTION, null, null, null);
-             if ((cursor == null) || (!cursor.moveToFirst())) {
-diff --git a/src/com/android/phone/settings/VoicemailSettingsActivity.java b/src/com/android/phone/settings/VoicemailSettingsActivity.java
-index 0f58d195b..af9a746ed 100644
---- a/src/com/android/phone/settings/VoicemailSettingsActivity.java
-+++ b/src/com/android/phone/settings/VoicemailSettingsActivity.java
-@@ -17,6 +17,7 @@
- package com.android.phone.settings;
- 
- import android.app.Dialog;
-+import android.content.ContentProvider;
- import android.content.DialogInterface;
- import android.content.Intent;
- import android.database.Cursor;
-@@ -25,6 +26,8 @@ import android.os.Bundle;
- import android.os.Handler;
- import android.os.Message;
- import android.os.PersistableBundle;
-+import android.os.Process;
-+import android.os.UserHandle;
- import android.os.UserManager;
- import android.preference.Preference;
- import android.preference.PreferenceActivity;
-@@ -522,6 +525,17 @@ public class VoicemailSettingsActivity extends PreferenceActivity
- 
-             Cursor cursor = null;
-             try {
-+                // check if the URI returned by the user belongs to the user
-+                final int currentUser = UserHandle.getUserId(Process.myUid());
-+                if (currentUser
-+                        != ContentProvider.getUserIdFromUri(data.getData(), currentUser)) {
-+
-+                    if (DBG) {
-+                        log("onActivityResult: Contact data of different user, "
-+                                + "cannot access");
-+                    }
-+                    return;
-+                }
-                 cursor = getContentResolver().query(data.getData(),
-                     new String[] { CommonDataKinds.Phone.NUMBER }, null, null, null);
-                 if ((cursor == null) || (!cursor.moveToFirst())) {
-diff --git a/src/com/android/phone/settings/fdn/EditFdnContactScreen.java b/src/com/android/phone/settings/fdn/EditFdnContactScreen.java
-index 921e947e4..e733e82bb 100644
---- a/src/com/android/phone/settings/fdn/EditFdnContactScreen.java
-+++ b/src/com/android/phone/settings/fdn/EditFdnContactScreen.java
-@@ -18,9 +18,12 @@ package com.android.phone.settings.fdn;
- 
- import static android.view.Window.PROGRESS_VISIBILITY_OFF;
- import static android.view.Window.PROGRESS_VISIBILITY_ON;
-+import static android.app.Activity.RESULT_OK;
-+
- 
- import android.app.Activity;
- import android.content.AsyncQueryHandler;
-+import android.content.ContentProvider;
- import android.content.ContentResolver;
- import android.content.ContentValues;
- import android.content.Intent;
-@@ -29,6 +32,8 @@ import android.database.Cursor;
- import android.net.Uri;
- import android.os.Bundle;
- import android.os.Handler;
-+import android.os.Process;
-+import android.os.UserHandle;
- import android.provider.Contacts.PeopleColumns;
- import android.provider.Contacts.PhonesColumns;
- import android.provider.ContactsContract.CommonDataKinds;
-@@ -154,6 +159,14 @@ public class EditFdnContactScreen extends Activity {
-                 }
-                 Cursor cursor = null;
-                 try {
-+                    // check if the URI returned by the user belongs to the user
-+                    final int currentUser = UserHandle.getUserId(Process.myUid());
-+                    if (currentUser
-+                            != ContentProvider.getUserIdFromUri(intent.getData(), currentUser)) {
-+                        Log.w(LOG_TAG, "onActivityResult: Contact data of different user, "
-+                                + "cannot access");
-+                        return;
-+                    }
-                     cursor = getContentResolver().query(intent.getData(),
-                         NUM_PROJECTION, null, null, null);
-                     if ((cursor == null) || (!cursor.moveToFirst())) {
diff --git a/Patches/LineageOS-16.0/android_system_bt/360969.patch b/Patches/LineageOS-16.0/android_system_bt/360969.patch
deleted file mode 100644
index 6dd75430..00000000
--- a/Patches/LineageOS-16.0/android_system_bt/360969.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: tyiu <tyiu@google.com>
-Date: Tue, 28 Mar 2023 18:40:51 +0000
-Subject: [PATCH] Fix gatt_end_operation buffer overflow
-
-Added boundary check for gatt_end_operation to prevent writing out of
-boundary.
-
-Since response of the GATT server is handled in
-gatt_client_handle_server_rsp() and gatt_process_read_rsp(), the maximum
-lenth that can be passed into the handlers is bounded by
-GATT_MAX_MTU_SIZE, which is set to 517, which is greater than
-GATT_MAX_ATTR_LEN which is set to 512. The fact that there is no spec
-that gaurentees MTU response to be less than or equal to 512 bytes can
-cause a buffer overflow when performing memcpy without length check.
-
-Bug: 261068592
-Test: No test since not affecting behavior
-Tag: #security
-Ignore-AOSP-First: security
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:dd7298e982e4bbf0138a490562679c9a4a755200)
-Merged-In: I49e2797cd9300ee4cd69f2c7fa5f0073db78b873
-Change-Id: I49e2797cd9300ee4cd69f2c7fa5f0073db78b873
----
- stack/gatt/gatt_utils.cc | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/stack/gatt/gatt_utils.cc b/stack/gatt/gatt_utils.cc
-index 9e8d3b930..52891efc4 100644
---- a/stack/gatt/gatt_utils.cc
-+++ b/stack/gatt/gatt_utils.cc
-@@ -1193,6 +1193,13 @@ void gatt_end_operation(tGATT_CLCB* p_clcb, tGATT_STATUS status, void* p_data) {
-       cb_data.att_value.handle = p_clcb->s_handle;
-       cb_data.att_value.len = p_clcb->counter;
- 
-+      if (cb_data.att_value.len > GATT_MAX_ATTR_LEN) {
-+        LOG(WARNING) << __func__
-+                     << StringPrintf(" Large cb_data.att_value, size=%d",
-+                                     cb_data.att_value.len);
-+        cb_data.att_value.len = GATT_MAX_ATTR_LEN;
-+      }
-+
-       if (p_data && p_clcb->counter)
-         memcpy(cb_data.att_value.value, p_data, cb_data.att_value.len);
-     }
diff --git a/Patches/LineageOS-16.0/android_system_bt/365979.patch b/Patches/LineageOS-16.0/android_system_bt/365979.patch
deleted file mode 100644
index c1572aa0..00000000
--- a/Patches/LineageOS-16.0/android_system_bt/365979.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Hui Peng <phui@google.com>
-Date: Tue, 16 May 2023 21:24:07 +0000
-Subject: [PATCH] Fix an integer overflow bug in avdt_msg_asmbl
-
-This is a backport of
-Iaa4d603921fc4ffb8cfb5783f99ec0963affd6a2
-to rvc-dev
-
-Bug: 280633699
-Test: manual
-Ignore-AOSP-First: security
-Tag: #security
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:26347d4bdba646bbba4d27337d2888a04de42639)
-Merged-In: Iaa4d603921fc4ffb8cfb5783f99ec0963affd6a2
-Change-Id: Iaa4d603921fc4ffb8cfb5783f99ec0963affd6a2
----
- stack/avdt/avdt_msg.cc | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/stack/avdt/avdt_msg.cc b/stack/avdt/avdt_msg.cc
-index 453e18642..3576b74e6 100644
---- a/stack/avdt/avdt_msg.cc
-+++ b/stack/avdt/avdt_msg.cc
-@@ -1261,14 +1261,14 @@ BT_HDR* avdt_msg_asmbl(AvdtpCcb* p_ccb, BT_HDR* p_buf) {
-        * NOTE: The buffer is allocated above at the beginning of the
-        * reassembly, and is always of size BT_DEFAULT_BUFFER_SIZE.
-        */
--      uint16_t buf_len = BT_DEFAULT_BUFFER_SIZE - sizeof(BT_HDR);
-+      size_t buf_len = BT_DEFAULT_BUFFER_SIZE - sizeof(BT_HDR);
- 
-       /* adjust offset and len of fragment for header byte */
-       p_buf->offset += AVDT_LEN_TYPE_CONT;
-       p_buf->len -= AVDT_LEN_TYPE_CONT;
- 
-       /* verify length */
--      if ((p_ccb->p_rx_msg->offset + p_buf->len) > buf_len) {
-+      if (((size_t) p_ccb->p_rx_msg->offset + (size_t) p_buf->len) > buf_len) {
-         /* won't fit; free everything */
-         AVDT_TRACE_WARNING("%s: Fragmented message too big!", __func__);
-         osi_free_and_reset((void**)&p_ccb->p_rx_msg);
diff --git a/Patches/LineageOS-16.0/android_system_bt/365980.patch b/Patches/LineageOS-16.0/android_system_bt/365980.patch
deleted file mode 100644
index e07747c5..00000000
--- a/Patches/LineageOS-16.0/android_system_bt/365980.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Brian Delwiche <delwiche@google.com>
-Date: Fri, 19 May 2023 19:17:16 +0000
-Subject: [PATCH] Fix integer overflow in build_read_multi_rsp
-
-Local variables tracking structure size in build_read_multi_rsp are of
-uint16 type but accept a full uint16 range from function arguments while
-appending a fixed-length offset.  This can lead to an integer overflow
-and unexpected behavior.
-
-Change the locals to size_t, and add a check during reasssignment.
-
-Bug: 273966636
-Test: atest bluetooth_test_gd_unit, net_test_stack_btm
-Tag: #security
-Ignore-AOSP-First: Security
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:53f64274cbf2268ad6db5af9c61ceead9ef64fb0)
-Merged-In: Iff252f0dd06aac9776e8548631e0b700b3ed85b9
-Change-Id: Iff252f0dd06aac9776e8548631e0b700b3ed85b9
----
- stack/gatt/gatt_sr.cc | 17 ++++++++++++-----
- 1 file changed, 12 insertions(+), 5 deletions(-)
-
-diff --git a/stack/gatt/gatt_sr.cc b/stack/gatt/gatt_sr.cc
-index b9921fee6..d4e3c046b 100644
---- a/stack/gatt/gatt_sr.cc
-+++ b/stack/gatt/gatt_sr.cc
-@@ -113,7 +113,8 @@ void gatt_dequeue_sr_cmd(tGATT_TCB& tcb) {
-  ******************************************************************************/
- static bool process_read_multi_rsp(tGATT_SR_CMD* p_cmd, tGATT_STATUS status,
-                                    tGATTS_RSP* p_msg, uint16_t mtu) {
--  uint16_t ii, total_len, len;
-+  uint16_t ii;
-+  size_t total_len, len;
-   uint8_t* p;
-   bool is_overflow = false;
- 
-@@ -168,16 +169,22 @@ static bool process_read_multi_rsp(tGATT_SR_CMD* p_cmd, tGATT_STATUS status,
-             len = p_rsp->attr_value.len - (total_len - mtu);
-             is_overflow = true;
-             VLOG(1) << StringPrintf(
--                "multi read overflow available len=%d val_len=%d", len,
-+                "multi read overflow available len=%zu val_len=%d", len,
-                 p_rsp->attr_value.len);
-           } else {
-             len = p_rsp->attr_value.len;
-           }
- 
-           if (p_rsp->attr_value.handle == p_cmd->multi_req.handles[ii]) {
--            memcpy(p, p_rsp->attr_value.value, len);
--            if (!is_overflow) p += len;
--            p_buf->len += len;
-+            // check for possible integer overflow
-+            if (p_buf->len + len <= UINT16_MAX) {
-+              memcpy(p, p_rsp->attr_value.value, len);
-+              if (!is_overflow) p += len;
-+              p_buf->len += len;
-+            } else {
-+              p_cmd->status = GATT_NOT_FOUND;
-+              break;
-+            }
-           } else {
-             p_cmd->status = GATT_NOT_FOUND;
-             break;
diff --git a/Patches/LineageOS-16.0/android_system_bt/365981.patch b/Patches/LineageOS-16.0/android_system_bt/365981.patch
deleted file mode 100644
index 21cf69d7..00000000
--- a/Patches/LineageOS-16.0/android_system_bt/365981.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Brian Delwiche <delwiche@google.com>
-Date: Thu, 27 Apr 2023 20:43:58 +0000
-Subject: [PATCH] Fix potential abort in btu_av_act.cc
-
-Partner analysis shows that bta_av_rc_msg does not respect handling
-established for a null browse packet, instead dispatching the null
-pointer to bta_av_rc_free_browse_msg.  Strictly speaking this does
-not cause a UAF, as osi_free_and_reset will find the null and abort,
-but it will lead to improper program termination.
-
-Handle the case instead.
-
-Bug: 269253349
-Test: atest bluetooth_test_gd_unit
-Tag: #security
-Ignore-AOSP-First: Security
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:91f6d6215c101acc99a7397c5fb5a12fe6d7b8e9)
-Merged-In: I4df7045798b663fbefd7434288dc9383216171a7
-Change-Id: I4df7045798b663fbefd7434288dc9383216171a7
----
- bta/av/bta_av_act.cc | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/bta/av/bta_av_act.cc b/bta/av/bta_av_act.cc
-index 112645ecf..0cd7b5d00 100644
---- a/bta/av/bta_av_act.cc
-+++ b/bta/av/bta_av_act.cc
-@@ -997,7 +997,10 @@ void bta_av_rc_msg(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
-     av.remote_cmd.rc_handle = p_data->rc_msg.handle;
-     (*p_cb->p_cback)(evt, &av);
-     /* If browsing message, then free the browse message buffer */
--    bta_av_rc_free_browse_msg(p_cb, p_data);
-+    if (p_data->rc_msg.opcode == AVRC_OP_BROWSE &&
-+        p_data->rc_msg.msg.browse.p_browse_pkt != NULL) {
-+      bta_av_rc_free_browse_msg(p_cb, p_data);
-+    }
-   }
- }
- 
diff --git a/Patches/LineageOS-16.0/android_system_bt/365982-prereq.patch b/Patches/LineageOS-16.0/android_system_bt/365982-prereq.patch
deleted file mode 100644
index b2a5a4b0..00000000
--- a/Patches/LineageOS-16.0/android_system_bt/365982-prereq.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Qiyu Hu <qiyuh@google.com>
-Date: Wed, 13 Jun 2018 08:08:17 -0700
-Subject: [PATCH] Fix reliable write.
-
-We cannot simply assume the write is terminated in reliable write. When
-the reliable write value is longer than MTU allows, the current
-implementation can only send whatever MTU allows and naively set the
-status to GATT_SUCCESS, in the name of "application should verify handle
-offset and value are matched or not". That's why MTU negotiation is a
-workaround as people mention in b/37031096, which just fits all the write
-value into a single request.
-
-This also blocks our test on CtsVerifier.
-
-Bug: 37031096
-Test: Manual test and confirm that we don't simply send partial value
-Change-Id: I907877608f4672f24c002e630e58bf9133937a5e
----
- stack/gatt/gatt_cl.cc | 21 ++++++++++-----------
- 1 file changed, 10 insertions(+), 11 deletions(-)
-
-diff --git a/stack/gatt/gatt_cl.cc b/stack/gatt/gatt_cl.cc
-index f8d5bab92..16a7171f6 100644
---- a/stack/gatt/gatt_cl.cc
-+++ b/stack/gatt/gatt_cl.cc
-@@ -297,7 +297,7 @@ void gatt_send_queue_write_cancel(tGATT_TCB& tcb, tGATT_CLCB* p_clcb,
- bool gatt_check_write_long_terminate(tGATT_TCB& tcb, tGATT_CLCB* p_clcb,
-                                      tGATT_VALUE* p_rsp_value) {
-   tGATT_VALUE* p_attr = (tGATT_VALUE*)p_clcb->p_attr_buf;
--  bool exec = false;
-+  bool terminate = false;
-   tGATT_EXEC_FLAG flag = GATT_PREP_WRITE_EXEC;
- 
-   VLOG(1) << __func__;
-@@ -310,19 +310,18 @@ bool gatt_check_write_long_terminate(tGATT_TCB& tcb, tGATT_CLCB* p_clcb,
-       /* data does not match    */
-       p_clcb->status = GATT_ERROR;
-       flag = GATT_PREP_WRITE_CANCEL;
--      exec = true;
-+      terminate = true;
-     } else /* response checking is good */
-     {
-       p_clcb->status = GATT_SUCCESS;
-       /* update write offset and check if end of attribute value */
--      if ((p_attr->offset += p_rsp_value->len) >= p_attr->len) exec = true;
-+      if ((p_attr->offset += p_rsp_value->len) >= p_attr->len) terminate = true;
-     }
-   }
--  if (exec) {
-+  if (terminate && p_clcb->op_subtype != GATT_WRITE_PREPARE) {
-     gatt_send_queue_write_cancel(tcb, p_clcb, flag);
--    return true;
-   }
--  return false;
-+  return terminate;
- }
- 
- /** Send prepare write */
-@@ -587,15 +586,15 @@ void gatt_process_prep_write_rsp(tGATT_TCB& tcb, tGATT_CLCB* p_clcb,
- 
-   memcpy(value.value, p, value.len);
- 
-+  if (!gatt_check_write_long_terminate(tcb, p_clcb, &value)) {
-+    gatt_send_prepare_write(tcb, p_clcb);
-+    return;
-+  }
-+
-   if (p_clcb->op_subtype == GATT_WRITE_PREPARE) {
--    p_clcb->status = GATT_SUCCESS;
-     /* application should verify handle offset
-        and value are matched or not */
--
-     gatt_end_operation(p_clcb, p_clcb->status, &value);
--  } else if (p_clcb->op_subtype == GATT_WRITE) {
--    if (!gatt_check_write_long_terminate(tcb, p_clcb, &value))
--      gatt_send_prepare_write(tcb, p_clcb);
-   }
- }
- /*******************************************************************************
diff --git a/Patches/LineageOS-16.0/android_system_bt/365982.patch b/Patches/LineageOS-16.0/android_system_bt/365982.patch
deleted file mode 100644
index 7bb1170f..00000000
--- a/Patches/LineageOS-16.0/android_system_bt/365982.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Brian Delwiche <delwiche@google.com>
-Date: Thu, 1 Jun 2023 23:57:58 +0000
-Subject: [PATCH] Fix UAF in gatt_cl.cc
-
-gatt_cl.cc accesses a header field after the buffer holding it may have
-been freed.
-
-Track the relevant state as a local variable instead.
-
-Bug: 274617156
-Test: atest: bluetooth, validated against fuzzer
-Tag: #security
-Ignore-AOSP-First: Security
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:d7a7f7f3311202065de4b2c17b49994053dd1244)
-Merged-In: I085ecfa1a9ba098ecbfecbd3cb3e263ae13f9724
-Change-Id: I085ecfa1a9ba098ecbfecbd3cb3e263ae13f9724
----
- stack/gatt/gatt_cl.cc | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/stack/gatt/gatt_cl.cc b/stack/gatt/gatt_cl.cc
-index 16a7171f6..5e4837020 100644
---- a/stack/gatt/gatt_cl.cc
-+++ b/stack/gatt/gatt_cl.cc
-@@ -586,12 +586,17 @@ void gatt_process_prep_write_rsp(tGATT_TCB& tcb, tGATT_CLCB* p_clcb,
- 
-   memcpy(value.value, p, value.len);
- 
-+  bool subtype_is_write_prepare = (p_clcb->op_subtype == GATT_WRITE_PREPARE);
-+
-   if (!gatt_check_write_long_terminate(tcb, p_clcb, &value)) {
-     gatt_send_prepare_write(tcb, p_clcb);
-     return;
-   }
- 
--  if (p_clcb->op_subtype == GATT_WRITE_PREPARE) {
-+  // We now know that we have not terminated, or else we would have returned
-+  // early.  We free the buffer only if the subtype is not equal to
-+  // GATT_WRITE_PREPARE, so checking here is adequate to prevent UAF.
-+  if (subtype_is_write_prepare) {
-     /* application should verify handle offset
-        and value are matched or not */
-     gatt_end_operation(p_clcb, p_clcb->status, &value);
diff --git a/Patches/LineageOS-16.0/android_system_nfc/360972.patch b/Patches/LineageOS-16.0/android_system_nfc/360972.patch
deleted file mode 100644
index b0624a9b..00000000
--- a/Patches/LineageOS-16.0/android_system_nfc/360972.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Alisher Alikhodjaev <alisher@google.com>
-Date: Tue, 2 May 2023 14:20:57 -0700
-Subject: [PATCH] OOBW in rw_i93_send_to_upper()
-
-Bug: 271849189
-Test: tag r/w
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:dc9d09e1698725712628d394bf9be4c9003579e8)
-Merged-In: I1d55954e56a3f995f8dd48bf484fe9fce02b2ed1
-Change-Id: I1d55954e56a3f995f8dd48bf484fe9fce02b2ed1
----
- src/nfc/tags/rw_i93.cc | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/src/nfc/tags/rw_i93.cc b/src/nfc/tags/rw_i93.cc
-index acf28a6..232a4dd 100644
---- a/src/nfc/tags/rw_i93.cc
-+++ b/src/nfc/tags/rw_i93.cc
-@@ -507,6 +507,15 @@ void rw_i93_send_to_upper(NFC_HDR* p_resp) {
-     case I93_CMD_GET_MULTI_BLK_SEC:
-     case I93_CMD_EXT_GET_MULTI_BLK_SEC:
- 
-+      if (UINT16_MAX - length < NFC_HDR_SIZE) {
-+        rw_data.i93_cmd_cmpl.status = NFC_STATUS_FAILED;
-+        rw_data.i93_cmd_cmpl.command = p_i93->sent_cmd;
-+        rw_cb.tcb.i93.sent_cmd = 0;
-+
-+        event = RW_I93_CMD_CMPL_EVT;
-+        break;
-+      }
-+
-       /* forward tag data or security status */
-       p_buff = (NFC_HDR*)GKI_getbuf((uint16_t)(length + NFC_HDR_SIZE));
- 
diff --git a/Patches/LineageOS-16.0/android_tools_apksig/360973-backport-prereq.patch b/Patches/LineageOS-16.0/android_tools_apksig/360973-backport-prereq.patch
deleted file mode 100644
index c51361d8..00000000
--- a/Patches/LineageOS-16.0/android_tools_apksig/360973-backport-prereq.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Khaled Abdelmohsen <khelmy@google.com>
-Date: Mon, 24 Feb 2020 16:59:21 +0000
-Subject: [PATCH] Create source stamp verifier
-
-Bug: 148005911
-Test: gradlew test
-Change-Id: I7008c9567ad5e8b63e7f6ba192d38b10c5c9a2dc
-Merged-In: I7008c9567ad5e8b63e7f6ba192d38b10c5c9a2dc
-(cherry picked from commit a3970357d65d59b70c6ccf2c5c55000cb4310953)
----
- .../internal/apk/ApkSigningBlockUtils.java     | 18 ++++++++++++++++++
- 1 file changed, 18 insertions(+)
-
-diff --git a/src/main/java/com/android/apksig/internal/apk/ApkSigningBlockUtils.java b/src/main/java/com/android/apksig/internal/apk/ApkSigningBlockUtils.java
-index 2330f6d..f15597b 100644
---- a/src/main/java/com/android/apksig/internal/apk/ApkSigningBlockUtils.java
-+++ b/src/main/java/com/android/apksig/internal/apk/ApkSigningBlockUtils.java
-@@ -998,6 +998,20 @@ public class ApkSigningBlockUtils {
-             return false;
-         }
- 
-+        public boolean containsWarnings() {
-+            if (!mWarnings.isEmpty()) {
-+                return true;
-+            }
-+            if (!signers.isEmpty()) {
-+                for (SignerInfo signer : signers) {
-+                    if (signer.containsWarnings()) {
-+                        return true;
-+                    }
-+                }
-+            }
-+            return false;
-+        }
-+
-         public void addError(ApkVerifier.Issue msg, Object... parameters) {
-             mErrors.add(new ApkVerifier.IssueWithParams(msg, parameters));
-         }
-@@ -1042,6 +1056,10 @@ public class ApkSigningBlockUtils {
-                 return !mErrors.isEmpty();
-             }
- 
-+            public boolean containsWarnings() {
-+                return !mWarnings.isEmpty();
-+            }
-+
-             public List<ApkVerifier.IssueWithParams> getErrors() {
-                 return mErrors;
-             }
diff --git a/Patches/LineageOS-16.0/android_tools_apksig/360973-backport.patch b/Patches/LineageOS-16.0/android_tools_apksig/360973-backport.patch
deleted file mode 100644
index 6cd6b283..00000000
--- a/Patches/LineageOS-16.0/android_tools_apksig/360973-backport.patch
+++ /dev/null
@@ -1,1444 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Michael Groover <mpgroover@google.com>
-Date: Fri, 31 Mar 2023 14:30:21 -0500
-Subject: [PATCH] Limit the number of supported v1 and v2 signers
-
-The v1 and v2 APK Signature Schemes support multiple signers; this
-was intended to allow multiple entities to sign an APK. Previously,
-there were no limits placed on the number of signers that could
-sign an APK, but this commit sets a hard limit of 10 supported
-signers for these signature schemes to ensure a large number of
-signers does not place undue burden on the platform.
-
-Bug: 266580022
-Test: gradlew test
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:ea0632935646f2f6bf5822a5e9c97885269780bd)
-Merged-In: I77f4218599511ff4f9f3790e4942a329d5a18da4
-Change-Id: I77f4218599511ff4f9f3790e4942a329d5a18da4
-
-Change-Id: I604ce656e6dcd750e664adcb814c5c66f7b80ce1
----
- .../java/com/android/apksig/ApkVerifier.java  |  29 +++++
- .../internal/apk/v1/V1SchemeSigner.java       |   7 ++
- .../internal/apk/v1/V1SchemeVerifier.java     |   7 ++
- .../internal/apk/v2/V2SchemeSigner.java       |   6 ++
- .../internal/apk/v2/V2SchemeVerifier.java     |   4 +
- .../com/android/apksig/ApkSignerTest.java     | 100 ++++++++++++++++++
- .../com/android/apksig/ApkVerifierTest.java   |  31 ++++++
- .../com/android/apksig/v1-only-10-signers.apk | Bin 0 -> 18389 bytes
- .../com/android/apksig/v1-only-11-signers.apk | Bin 0 -> 22297 bytes
- .../com/android/apksig/v2-only-10-signers.apk | Bin 0 -> 20688 bytes
- .../com/android/apksig/v2-only-11-signers.apk | Bin 0 -> 24784 bytes
- 11 files changed, 184 insertions(+)
- create mode 100644 src/test/resources/com/android/apksig/v1-only-10-signers.apk
- create mode 100644 src/test/resources/com/android/apksig/v1-only-11-signers.apk
- create mode 100644 src/test/resources/com/android/apksig/v2-only-10-signers.apk
- create mode 100644 src/test/resources/com/android/apksig/v2-only-11-signers.apk
-
-diff --git a/src/main/java/com/android/apksig/ApkVerifier.java b/src/main/java/com/android/apksig/ApkVerifier.java
-index 5e458ef..62b132a 100644
---- a/src/main/java/com/android/apksig/ApkVerifier.java
-+++ b/src/main/java/com/android/apksig/ApkVerifier.java
-@@ -620,6 +620,15 @@ public class ApkVerifier {
-         }
- 
-         private void mergeFrom(ApkSigningBlockUtils.Result source) {
-+            if (source == null) {
-+                return;
-+            }
-+            if (source.containsErrors()) {
-+                mErrors.addAll(source.getErrors());
-+            }
-+            if (source.containsWarnings()) {
-+                mWarnings.addAll(source.getWarnings());
-+            }
-             switch (source.signatureSchemeVersion) {
-                 case ApkSigningBlockUtils.VERSION_APK_SIGNATURE_SCHEME_V2:
-                     mVerifiedUsingV2Scheme = source.verified;
-@@ -897,6 +906,16 @@ public class ApkVerifier {
-          */
-         JAR_SIG_NO_SIGNATURES("No JAR signatures"),
- 
-+        /**
-+         * APK signature scheme v1 has exceeded the maximum number of jar signers.
-+         * <ul>
-+         * <li>Parameter 1: maximum allowed signers ({@code Integer})</li>
-+         * <li>Parameter 2: total number of signers ({@code Integer})</li>
-+         * </ul>
-+         */
-+        JAR_SIG_MAX_SIGNATURES_EXCEEDED(
-+                "APK Signature Scheme v1 only supports a maximum of %1$d signers, found %2$d"),
-+
-         /**
-          * APK does not contain any entries covered by JAR signatures.
-          */
-@@ -1325,6 +1344,16 @@ public class ApkVerifier {
-                 "APK Signature Scheme v2 signature %1$s indicates the APK is signed using %2$s but "
-                         + "no such signature was found. Signature stripped?"),
- 
-+        /**
-+         * APK signature scheme v2 has exceeded the maximum number of signers.
-+         * <ul>
-+         * <li>Parameter 1: maximum allowed signers ({@code Integer})</li>
-+         * <li>Parameter 2: total number of signers ({@code Integer})</li>
-+         * </ul>
-+         */
-+        V2_SIG_MAX_SIGNATURES_EXCEEDED(
-+                "APK Signature Scheme V2 only supports a maximum of %1$d signers, found %2$d"),
-+
-         /**
-          * APK Signature Scheme v2 signature contains no signers.
-          */
-diff --git a/src/main/java/com/android/apksig/internal/apk/v1/V1SchemeSigner.java b/src/main/java/com/android/apksig/internal/apk/v1/V1SchemeSigner.java
-index f900211..05721ed 100644
---- a/src/main/java/com/android/apksig/internal/apk/v1/V1SchemeSigner.java
-+++ b/src/main/java/com/android/apksig/internal/apk/v1/V1SchemeSigner.java
-@@ -246,9 +246,16 @@ public abstract class V1SchemeSigner {
-             String createdBy)
-                     throws NoSuchAlgorithmException, ApkFormatException, InvalidKeyException,
-                             CertificateException, SignatureException {
-+
-+        int MAX_APK_SIGNERS = 10;
-         if (signerConfigs.isEmpty()) {
-             throw new IllegalArgumentException("At least one signer config must be provided");
-         }
-+        if (signerConfigs.size() > MAX_APK_SIGNERS) {
-+            throw new IllegalArgumentException(
-+                    "APK Signature Scheme v1 only supports a maximum of " + MAX_APK_SIGNERS + ", "
-+                            + signerConfigs.size() + " provided");
-+        }
-         OutputManifestFile manifest =
-                 generateManifestFile(
-                         jarEntryDigestAlgorithm, jarEntryDigests, sourceManifestBytes);
-diff --git a/src/main/java/com/android/apksig/internal/apk/v1/V1SchemeVerifier.java b/src/main/java/com/android/apksig/internal/apk/v1/V1SchemeVerifier.java
-index a828bcc..8e49dd3 100644
---- a/src/main/java/com/android/apksig/internal/apk/v1/V1SchemeVerifier.java
-+++ b/src/main/java/com/android/apksig/internal/apk/v1/V1SchemeVerifier.java
-@@ -16,6 +16,7 @@
- 
- package com.android.apksig.internal.apk.v1;
- 
-+
- import com.android.apksig.ApkVerifier.Issue;
- import com.android.apksig.ApkVerifier.IssueWithParams;
- import com.android.apksig.apk.ApkFormatException;
-@@ -249,6 +250,7 @@ public abstract class V1SchemeVerifier {
-             // * All JAR entries listed in JAR manifest are present in the APK.
- 
-             // Identify signers
-+            int MAX_APK_SIGNERS = 10;
-             List<Signer> signers = new ArrayList<>(sigBlockEntries.size());
-             for (CentralDirectoryRecord sigBlockEntry : sigBlockEntries) {
-                 String sigBlockEntryName = sigBlockEntry.getName();
-@@ -277,6 +279,11 @@ public abstract class V1SchemeVerifier {
-                 result.addError(Issue.JAR_SIG_NO_SIGNATURES);
-                 return;
-             }
-+            if (signers.size() > MAX_APK_SIGNERS) {
-+                result.addError(Issue.JAR_SIG_MAX_SIGNATURES_EXCEEDED, MAX_APK_SIGNERS,
-+                        signers.size());
-+                return;
-+            }
- 
-             // Verify each signer's signature block file .(RSA|DSA|EC) against the corresponding
-             // signature file .SF. Any error encountered for any signer terminates verification, to
-diff --git a/src/main/java/com/android/apksig/internal/apk/v2/V2SchemeSigner.java b/src/main/java/com/android/apksig/internal/apk/v2/V2SchemeSigner.java
-index 6d001e7..375ff91 100644
---- a/src/main/java/com/android/apksig/internal/apk/v2/V2SchemeSigner.java
-+++ b/src/main/java/com/android/apksig/internal/apk/v2/V2SchemeSigner.java
-@@ -161,6 +161,12 @@ public abstract class V2SchemeSigner {
-                     throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
-         // FORMAT:
-         // * length-prefixed sequence of length-prefixed signer blocks.
-+        int MAX_APK_SIGNERS = 10;
-+        if (signerConfigs.size() > MAX_APK_SIGNERS) {
-+            throw new IllegalArgumentException(
-+                    "APK Signature Scheme v2 only supports a maximum of " + MAX_APK_SIGNERS + ", "
-+                            + signerConfigs.size() + " provided");
-+        }
- 
-         List<byte[]> signerBlocks = new ArrayList<>(signerConfigs.size());
-         int signerNumber = 0;
-diff --git a/src/main/java/com/android/apksig/internal/apk/v2/V2SchemeVerifier.java b/src/main/java/com/android/apksig/internal/apk/v2/V2SchemeVerifier.java
-index e1be06e..39b205b 100644
---- a/src/main/java/com/android/apksig/internal/apk/v2/V2SchemeVerifier.java
-+++ b/src/main/java/com/android/apksig/internal/apk/v2/V2SchemeVerifier.java
-@@ -180,6 +180,7 @@ public abstract class V2SchemeVerifier {
-             int maxSdkVersion,
-             ApkSigningBlockUtils.Result result) throws NoSuchAlgorithmException {
-         ByteBuffer signers;
-+        int MAX_APK_SIGNERS = 10;
-         try {
-             signers = ApkSigningBlockUtils.getLengthPrefixedSlice(apkSignatureSchemeV2Block);
-         } catch (ApkFormatException e) {
-@@ -221,6 +222,9 @@ public abstract class V2SchemeVerifier {
-                 return;
-             }
-         }
-+        if (signerCount > MAX_APK_SIGNERS) {
-+            result.addError(Issue.V2_SIG_MAX_SIGNATURES_EXCEEDED, MAX_APK_SIGNERS, signerCount);
-+        }
-     }
- 
-     /**
-diff --git a/src/test/java/com/android/apksig/ApkSignerTest.java b/src/test/java/com/android/apksig/ApkSignerTest.java
-index 80f35ba..ccdb02a 100644
---- a/src/test/java/com/android/apksig/ApkSignerTest.java
-+++ b/src/test/java/com/android/apksig/ApkSignerTest.java
-@@ -339,6 +339,106 @@ public class ApkSignerTest {
-         } catch (ApkFormatException expected) {}
-     }
- 
-+    @Test
-+    public void testV1SigningAllowedWithMaximumNumberOfSigners() throws Exception {
-+        // The APK Signature Scheme v1 supports a maximum of 10 signers; this test verifies a
-+        // signing config with the maximum number of signers is allowed to sign the APK.
-+        List<ApkSigner.SignerConfig> signers = List.of(
-+                getDefaultSignerConfigFromResources("dsa-1024"),
-+                getDefaultSignerConfigFromResources("dsa-2048"),
-+                getDefaultSignerConfigFromResources("dsa-3072"),
-+                getDefaultSignerConfigFromResources("rsa-1024"),
-+                getDefaultSignerConfigFromResources("rsa-2048"),
-+                getDefaultSignerConfigFromResources("rsa-3072"),
-+                getDefaultSignerConfigFromResources("rsa-4096"),
-+                getDefaultSignerConfigFromResources("rsa-8192"),
-+                getDefaultSignerConfigFromResources("ec-p256"),
-+                getDefaultSignerConfigFromResources("ec-p384")
-+        );
-+        sign("original.apk",
-+                new ApkSigner.Builder(signers)
-+                        .setV1SigningEnabled(true)
-+                        .setV2SigningEnabled(false)
-+                        .setV3SigningEnabled(false)
-+                        .setV4SigningEnabled(false));
-+    }
-+
-+    @Test
-+    public void testV1SigningRejectedWithMoreThanMaximumNumberOfSigners() throws Exception {
-+        // This test ensures a v1 signing config with more than the maximum supported number
-+        // of signers will fail to sign.
-+        List<ApkSigner.SignerConfig> signers = List.of(
-+                getDefaultSignerConfigFromResources("dsa-1024"),
-+                getDefaultSignerConfigFromResources("dsa-2048"),
-+                getDefaultSignerConfigFromResources("dsa-3072"),
-+                getDefaultSignerConfigFromResources("rsa-1024"),
-+                getDefaultSignerConfigFromResources("rsa-2048"),
-+                getDefaultSignerConfigFromResources("rsa-3072"),
-+                getDefaultSignerConfigFromResources("rsa-4096"),
-+                getDefaultSignerConfigFromResources("rsa-8192"),
-+                getDefaultSignerConfigFromResources("ec-p256"),
-+                getDefaultSignerConfigFromResources("ec-p384"),
-+                getDefaultSignerConfigFromResources("ec-p521")
-+        );
-+        assertThrows(IllegalArgumentException.class, () ->
-+            sign("original.apk",
-+                    new ApkSigner.Builder(signers)
-+                            .setV1SigningEnabled(true)
-+                            .setV2SigningEnabled(false)
-+                            .setV3SigningEnabled(false)
-+                            .setV4SigningEnabled(false)));
-+    }
-+
-+    @Test
-+    public void testV2SigningAllowedWithMaximumNumberOfSigners() throws Exception {
-+        // The APK Signature Scheme v2 supports a maximum of 10 signers; this test verifies a
-+        // signing config with the maximum number of signers is allowed to sign the APK.
-+        List<ApkSigner.SignerConfig> signers = List.of(
-+                getDefaultSignerConfigFromResources("dsa-1024"),
-+                getDefaultSignerConfigFromResources("dsa-2048"),
-+                getDefaultSignerConfigFromResources("dsa-3072"),
-+                getDefaultSignerConfigFromResources("rsa-1024"),
-+                getDefaultSignerConfigFromResources("rsa-2048"),
-+                getDefaultSignerConfigFromResources("rsa-3072"),
-+                getDefaultSignerConfigFromResources("rsa-4096"),
-+                getDefaultSignerConfigFromResources("rsa-8192"),
-+                getDefaultSignerConfigFromResources("ec-p256"),
-+                getDefaultSignerConfigFromResources("ec-p384")
-+        );
-+        sign("original.apk",
-+                new ApkSigner.Builder(signers)
-+                        .setV1SigningEnabled(false)
-+                        .setV2SigningEnabled(true)
-+                        .setV3SigningEnabled(false)
-+                        .setV4SigningEnabled(false));
-+    }
-+
-+    @Test
-+    public void testV2SigningRejectedWithMoreThanMaximumNumberOfSigners() throws Exception {
-+        // This test ensures a v2 signing config with more than the maximum supported number
-+        // of signers will fail to sign.
-+        List<ApkSigner.SignerConfig> signers = List.of(
-+                getDefaultSignerConfigFromResources("dsa-1024"),
-+                getDefaultSignerConfigFromResources("dsa-2048"),
-+                getDefaultSignerConfigFromResources("dsa-3072"),
-+                getDefaultSignerConfigFromResources("rsa-1024"),
-+                getDefaultSignerConfigFromResources("rsa-2048"),
-+                getDefaultSignerConfigFromResources("rsa-3072"),
-+                getDefaultSignerConfigFromResources("rsa-4096"),
-+                getDefaultSignerConfigFromResources("rsa-8192"),
-+                getDefaultSignerConfigFromResources("ec-p256"),
-+                getDefaultSignerConfigFromResources("ec-p384"),
-+                getDefaultSignerConfigFromResources("ec-p521")
-+        );
-+        assertThrows(IllegalArgumentException.class, () ->
-+                sign("original.apk",
-+                        new ApkSigner.Builder(signers)
-+                                .setV1SigningEnabled(false)
-+                                .setV2SigningEnabled(true)
-+                                .setV3SigningEnabled(false)
-+                                .setV4SigningEnabled(false)));
-+    }
-+
-     @Test
-     public void testWeirdZipCompressionMethod() throws Exception {
-         // Any ZIP compression method other than STORED is treated as DEFLATED by Android.
-diff --git a/src/test/java/com/android/apksig/ApkVerifierTest.java b/src/test/java/com/android/apksig/ApkVerifierTest.java
-index 6f6c04d..0546f0f 100644
---- a/src/test/java/com/android/apksig/ApkVerifierTest.java
-+++ b/src/test/java/com/android/apksig/ApkVerifierTest.java
-@@ -239,6 +239,20 @@ public class ApkVerifierTest {
-                 "v1-only-with-dsa-sha256-2.16.840.1.101.3.4.3.2-%s.apk", DSA_KEY_NAMES);
-     }
- 
-+    @Test
-+    public void testV1MaxSupportedSignersAccepted() throws Exception {
-+        // The APK Signature Scheme V1 supports a maximum of 10 signers; this test ensures an
-+        // APK signed with that many signers successfully verifies.
-+        assertVerified(verify("v1-only-10-signers.apk"));
-+    }
-+
-+    @Test
-+    public void testV1MoreThanMaxSupportedSignersRejected() throws Exception {
-+        // This test ensure an APK signed with more than the supported number of signers fails
-+        // to verify.
-+        assertVerificationFailure("v1-only-11-signers.apk", Issue.JAR_SIG_MAX_SIGNATURES_EXCEEDED);
-+    }
-+
-     @Test
-     public void testV2StrippedRejected() throws Exception {
-         // APK signed with v1 and v2 schemes, but v2 signature was stripped from the file (by using
-@@ -471,6 +485,23 @@ public class ApkVerifierTest {
-                 Issue.V2_SIG_NO_SUPPORTED_SIGNATURES);
-     }
- 
-+    @Test
-+    public void testV2MaxSupportedSignersAccepted() throws Exception {
-+        // The APK Signature Scheme v2 supports a maximum of 10 signers; this test ensures an
-+        // APK signed with that many signers successfully verifies.
-+        assertVerified(verifyForMinSdkVersion("v2-only-10-signers.apk", AndroidSdkVersion.N));
-+    }
-+
-+    @Test
-+    public void testV2MoreThanMaxSupportedSignersRejected() throws Exception {
-+        // This test ensure an APK signed with more than the supported number of signers fails
-+        // to verify.
-+        assertVerificationFailure(
-+                verifyForMinSdkVersion("v2-only-11-signers.apk", AndroidSdkVersion.N),
-+                Issue.V2_SIG_MAX_SIGNATURES_EXCEEDED);
-+    }
-+
-+
-     @Test
-     public void testCorrectCertUsedFromPkcs7SignedDataCertsSet() throws Exception {
-         // Obtained by prepending the rsa-1024 certificate to the PKCS#7 SignedData certificates set
-diff --git a/src/test/resources/com/android/apksig/v1-only-10-signers.apk b/src/test/resources/com/android/apksig/v1-only-10-signers.apk
-new file mode 100644
-index 0000000000000000000000000000000000000000..198beeb651079d24338984de7f32e8e0c7b4ff78
-GIT binary patch
-literal 18389
-zcmeIabyQr-5-&VB!9s#da0$WP-9mssa0%}2?(P=c-Q9x+_rcwQ1ef3rZ*nxrJ?DJq
-ze($fh*6mrnT4wfd*RI{w)m>FR(&7-1Z~y=-0F($h2tN);c|rgH-!c*a5@4-oV_|2l
-zqh~{-Wo@JLFaQ960}y`s77X-zFaR!~0#t&2{A&VrzWluoDp5dL5R{RT<&4ao2>2~6
-z3G^+j2?XV20R+^l-C3Pwot2#}1f71Jt(~m|Js&#jx?>4C1G=-iGYBlq^$2VoEC_53
-zt@ZTO00ew%o)K%FW#53-JWD_gf?qp8pg*)hH~66qy4kPoZ*+kZfOUZb03M*K7Qh^!
-z3$O-Q0E|E-4XAAi`q%*U06G9WP`?qt7T^Tx*8!C_pwbr9V-D*1^>^RE{@+dnpmzmg
-z1wal|etVbS(zo}?1S-Gv|B^soko;Z;l`x<T38`gkYYl*gwz0J~GB^0;8Y)o#?-<`I
-z1fcfs2^Ln%(o(}*%S;c13yusx27U4SZ@;xsLG5q%`_>2ftpt|<XoAY$`=mj2Hc<Zm
-zn|>MCpo>A}FT?bo@b%1<`2XAce2@R_8U6`h%UVg`{|5gXPozQeiVA>*{dQkMj_=XF
-zNgKbpuC;}cuB4W^k-nadEsdj@X_#D-ISM~2cT+N(KS>Xtw@xotFe)sC3HVC_Ar$cE
-zuf4#9;5c+rG__J<Tf#rU!NFmmx&qKNIxwW)NuRu+@U%Gsc12fGW9~WjZY{eU>gc~9
-zjNnItmF|v*EztbP!{M@O@oXf}P3Km^l{7qXMTj1NhYZt2zQ%bReI<<h%n$kFn?+*v
-z=P+HKS0Z-=`h|-^7~C}#0Z1&@_enzqUnq7R^W&U&RCUuPPO0mp94m=(&i1wAT{+qf
-zu+46oi551?DXbM-{F{(;8qZ9RpS<tH+0A)viNWmdY#3=Y-Uf8rzwWI$98(}pr?Ux*
-zBfB>yZX7jzat(dIt3q2LBw{RHDL6tCdzd{E$f8q6F0uQl<Igx`a{uClQ$^#=;mK>-
-zaX|r-Xy%Ll`fY~-?!0-IqAg3qJ5N{>-Etd@HE8o)iZaUTffbX*^7T4_SKGzb5p`*4
-z9~=$dnC-IE5W8qQrAFT^v&#2z2Oj%2Pgc<PymB2tIB6N+(IYAZLiD}Z)4Pd{T3*_|
-z@~zih`lRz#c6VUc^yE(W;=}a-Z_QmGrs|{%e~TnnhoIXE52VvBU{DKLE{L6o5FC;p
-z(h1e+(0aj(_dR=yWD4iCSLa~Ty1Q5U&bn$mb>){G=Xpz4wRfXw$Y`PWF>e{xHxbDn
-z3>eCk7#2(VDcpr+d*h--r<G+zw<n)**u@}VIK9_(KCdO|eKCc5vLzAzsh^&ClK4ey
-zeJwSI)mHE1X7BJeuV|dq&3iiLl5I}5Nfjm)`#Fxm@DV?HyI}i%!zQ;|D~0m4ui_|Y
-z10v=7+t*fc8W+wLu2ad;Uud0e>hDO84x#WYj&?Pq#bICpC+b@EpfMW={ZGRd9yDxq
-zOtoxmKuShe&oL}U(hxLUdsoc$S&fo<n5L7apJrW13pI5Yjpn^nDaomUMcaLsm(0Ax
-zl<K=AW_X;D6>wqt)cdp8*DS|(Uq1_f%?i|%Ka=kAA%OLMBemAf${9_D7@M?FZ*kG`
-z*qrK?=)`WoGtX;@px}YVW6(nG6XIY_>*naNzVJrds)R|7{RtT#7GN_!oQ&V?2GLWE
-z;GSL=ZLC`f;uHSa=Uk`*!Wu|wQJl_p?D_bY@A;RBSE9HHJ*xvF76tGKEF#li!vJ@L
-z8Tw!uf<p;0kb^g(2K(%EpELw53gQt(1icSY!pMW0_8LSlhtMJcw+?%kgBC=oGR0{w
-zyS~+!vVg>Z52@huHWnx50Jh{TASV5#$x9rwQ4_>#?TUApG9$%13z2#$sI0qA$?FdE
-zX&qM<L=#NC_*%`q1-y^MyF5`hSH(p$Pl;BfLermLmso>)?{2qae8!4mrpjf04G{O0
-zJ1{;~FBu7ej7oYu=e@H?zB8%q;1g`e=Bdncp}x`>){1YqgEUm$#?7bNid{?*9@N{5
-z8D1(H#9$bm*}i<yw3fM0)nH*2PYrtjX{W5V(v<676<~d+_xZEOOSi)Ys&p?1RTIVv
-zH#NDF(h0OUN)D`9-n8uQB2JTcJ#SL1>$^%AhiKwlCAegATGPE+k`1du+0%lL7D#wj
-zha@Szd_HVAdMOmj=TKRsCeyI7jPSYW=-mk64v87nQjF&JWX8_dt>0z~CtVVHms>@R
-zvBLzuL?%gPkGJW?d4o~F?c$hm)MrIUyNbU#0(fE@^&ICIci_eAo0{E?s-dlzIiM4b
-zYaSIIGSB*rrkqjb+Gl0>-b`_Ezx7TZN2TLD$@f`nSpl_&F`1%gkUR60jLJAUXXvFa
-z^=WXqfpMK-c2Euxc^XY`;+~8h!nmw_YEmSbO;jTbZ-ZQ>3x7a%D$^9CEw~hD$;9`^
-zb|&(2)?mt5#*r+z?3ES(K6B9!7gvKJqnj9~1-8XSItfXQPn<MlrTfS5u$3Dn%BC0*
-zQ=ey%d!E1u#EPCBw|$eL*{Og;_-~5q4;cc@{h%fxhXwlrDH=%Qc!KgbB`PT_$4@Qx
-zR)khamY<rQj)93rR>TY_ZsE-bfc(t)<k3q9$A?HHhlKm9bPW_G9BM@JlDxy9pnW{-
-zopYEG%ESdrVkc`gaqsg$e=X+j(CDI?m}BW^(s(TbI+@f%^_NoiK}y1-)l>&@bwyH$
-zQ^cY}e%Rh0aLwCgB3DuBUo{T9YDD-><jk%lU=UA`Z3nIymWBym)!7{r)obX9#Z6~?
-ziaSAkr0cBf^RQ3~9vgGCy?9HQ<i1Pf1vW-haRPo^Wec?ZWC?#;P6u4tkMd{#jC)Gh
-zaiH;hM{GV|EygsfHDxHpry-=LxfGYzZtr7xwo}u<)$|?R#Z!{bW@F6eOi!z;kue81
-zk^0eOR``2q>DAsCHtacvth}w=EHpbhPv+rBt>r1oUp46OY<vVW$AJYg*btP_{*sL#
-zeli+rztviwG(I)F1rGKBYchh^CqX$fC~7Qn#WOyPF>~05J~q)WC@Qwy6DKp$iXUY{
-z!G|m_jPLzN&%~gpprGhgjX^3}k>hM^=oHg^KEEw0r36G@L@30oxdcJw1Sd9`U=%w<
-z#83%@jV>p|VT8~yL`2E3Aw<NiE+@%QL@I>g%=i0ANtpFul`KPsA_Su0g_TiS3@iJ*
-zVb0HZxnwYeAA)OmqY18eM(s~apImPF&AG9o4Y*|P$8)YPlmx)nn@@SL?sX01M%OKB
-z2RiD0U3EW9^;cwAFe#}wce8!@==wQVv8r~W4ktl9J+3xwIHER1gGX#V>7=~$DF5hn
-z+HmsMR-l!?WO(F;D^~uvBqH9aGu8k#?Gnq%2+6=G&qC_u)#7HNlUwlt_Bfm`EBagZ
-z;mKKPk~TjNS^MRIpqXp$L+Fhgw98!zp&_-?DalLM)bQNbW3E%{qVNq&Xn3hyS4&p<
-z={0>lg(J%^!reBSxXK(fa7P-WWpCflxU!=UFwt7pPR-FW3N)#r)3mgn33V+6=J%S_
-zt0pfdRZOlO`qnPYJla23ztK(a%qnOOS+Hpe%VXzqb>+(sX{huA+YVhL7LSv>+TU?q
-zG#THmORYS_j;(g_-B>5_JEBf5vN>9aMR-b?TnAD2$YamStQgYfmQrwkC7U)^x3Rb^
-zrWNgwo=$f>`lw0?IbK$EF>=zNkIaxCVo-Lz{G^uMg~4T?H+5quvF*{V=s0KQ^iU{&
-zzoC_spD4eSkKM9;EoT!=l}zK2%GK1$(<|MJijG6?TB%D(=;o=a)!745>_`ks!i|E(
-zz3D|mkpaR6|M&pab7*bES+uX7sIb))*mR5x529~0hi(v{IV6ZqyikJm&F=1aPbqH&
-z-)h}!7ZT%cB?#@3La-dP5K)oN;2l`Y)xXcM7g#Xrl=0El++~selr#`2ORuskYMGd*
-zgr#)GHx13)+t6l!%FWi`y4z(UUS5gaYksKrJgDOB1Z?XaeHl$29SL!}s=q~a9OQ3{
-z&)-GoA7>y2IwrRN%|QQV1~L)~7TEx8eW;=SVg~w!jla%7Q@TIQK=K0_LGq#hFawD<
-z^P`9}Av02I>TBz2ujwk~$J>74o95<(c*|m+(P4v5H3Z$^?+txtI+RH@#Dz=I9n>fS
-zO@<C_z1Hln58cz_?~mRC4ekGKt(mL`8r^?Wn#NvIa_A6RQX-Bn8_Ns#MIM=mi2wa{
-zy7yu%&qH&A>CM1I6hoZIJbSu#_O1Rh!)^!z*M<wLajxdF>jKO~7ThBX*Y;9(@hrN>
-zpyBEU0x5A%<5Q{D8aDMvD&=>I%vM^u*0r8<xJ&i+S;E{7lyN6Za-~HYO<z}QVWQJZ
-zIMtf&fCk+8!^dPPGx%m4Uo>yDzSu=%H$k-4QXQ79BWtzttSr)QuB}K;pKKYdnD5jj
-zx9L$DX!?il4n`=-%HzGiZCv|WL-t@RnYM|P__|bq{Q7!Ee%X2nNa^@2Uv^S?+L~*Y
-z`qN?Y>b^mJgvtEK6`G+Mv3-ENQFYnDAjCyHE&ims{cAz<AP<Fc`nj2E{f*{`xhsD5
-zn0n1BRhvy4b24Fnc8}V0Lzd%~e$_Qu3b!mCHCh>4dxyPKp=%`n5~$kJ51%ZxD<<j7
-z!#|vJRgNr;9%a4`7}!sDXbH`-$ftPVs-9Y}=>`TxLu5U@w}@GCf9NZhM_aS<gHnxn
-zPqj!nRG-sWeZAf@|JbX6yDvK`r=8wnym?)PMICy$^*;ZBr&*J<*KC-!m}PT?)&1*&
-z_!aPRfo9V{L08hi@nWZcO}&YDL~lPjZ+hc+X|^9@%hkF+D>ybUw(wkj&~e?Ag=gh4
-zIv`sh>o&E2y$9xcgu0P8Fp=IKSg*g&5mTcm-D4vbua*4(OxpHWMFhvUWrHw9xR6S9
-zbGO;fN$+PcQCl#uaA7|-?~cPS-mFxAt(xbo-M_0(JtnK*j<^?(5B%IfW%Tu=n_45n
-zEdXJ<ro}#?eX*;r2k@4zsXKggu#UG#=l%7;lgopR>vXh3)%(%Z_KU-#u>y8la`VV%
-zT-&JQ%uYR_K@)FBJYtmF?nUlmX6mQiufE)>6gUP%`O4f&hRYWP>~~ChFq9-U^!wTE
-za`k!&a&hCky$vWk53^RbwK0EtN=1H-57WTYCTEZ6NMKIPG**AvG?dL4a-+O7`No5L
-z`u2p8q^dYyo?>+dXcjtTK}&m;Z%lf)HqBYNzVCNF_0Zqp2MmhC66f6I4dE`KAE}dp
-z3tzjzdAFDl^_k?O^i1O<d7gzyX`W+HTT%b+WwDz3W@_VxhxcG#{@z1-ZFDF(lzVKr
-zUh1&Mt0N{OV0a8^Dy1pS*2|#gODE!P$Iq*400>?PWzB~VUv!@7Je#}K_3DzxN)tO5
-z)zE0GH}dN*r^6zIaEh#92=Vn&g0P3;B7o|kDuEsf4SkHV=BkGA@uH*?yEuROR*fh1
-zx-*7(O8$kNGi`c+7!M`SvyZk$b*p)T(TI?VsMa%isgG<9MV-^ZXfF=-73FC67Hu?H
-zirG<dvkKiB*z7B{blUiJo>q`BNPkixB8X=*Bt`Qc9O@eQw1#9G<=uMnye!QqJUTvT
-zasF&)hUKY`*%1E0?m5fSC`V^|6cH!X_9hl~;=+5m+o!eArFYhQ?TdSiQ{}yT6!FVT
-z46*CIVewh?|BZHGq+@0HpLY2-+T{qcOwJm#c_;<t|5)Gt!bXsGF^e^li-tk>Kh<M?
-zR-r{sf(%7uawR~J;prRfJt_crRvFw)1c6F~svMk!4DO8zCtQSRC^#NSSOO=5<}WOn
-zHN}S#DX*MEfDldvMiNK?Ok_VuT#vY2=e}&X9N|84;YXJV6jI%~*(fsxfB7=rZ^M&n
-zBSIRGVG6+<wM}c|<{3@LhRVnHsno*@5buWxp&S@BtZk(w4S*9C^c9$ZgJ4a<6e50?
-zoG}E21Y!45$r9%|I(UGQX^=#4MYcB(DI>^>%nw?o5H%Qnsy)cQi*F(du2DMWk&>6E
-z%Uhfe-E`(r0V25reE__QAWVuX`2|bxVkjLcX~)Lbd@wM$BvH{dEx3)ElL1TzQB8I?
-z!E)_^$Ni`1c6FDdPhvakm5jBlTCZynq;pG&LLO&D3HO@FPZd3?g`LBmlt0&s-Ugmm
-z<`mIjjVhn^(GWdktlVBb;~`VvVB$os3)qp*#7FZ<shI6I)0j9_Z774YwrjcVPd07=
-zW^3W>3QAUBJ{V`33-M&1d0Rc!g!jc7sXI_^jT>2u5bEk{eU@F0Q@phjBU%}0#i;q1
-ze>N^%ygKhFW-{_Lz{Bb!;)QgAAbK^H99PX|)CoP$QZfYz^hi7tKfbBn*_$Ku>Ji&D
-zHb^85nR2?fEjZ2wzV==#&iP61jIZ+b{G`R5dFD+=TCaz*9VZ5s<6%dS1C`&8Ao)4D
-zoDE)e#7V13Ix-ff^i3yZ30XZTU#0=WKc@Ls(Iz=TKTKW-`6QY}NoV?5H93tVS<$>w
-zm9NrCs;^jfNXIIWH0zzIbBS5HWqnG!tNCJB6r<0Mn));)V}TI-!a5rXe>o~|u;;pe
-zpk%`c1C{jt3Cox|_3?RtfFSEpj1gHnWdlpPqoyIt7o2SFyb+xEQhWV~>2V?v2hQLs
-zbif$2>##f0n3n8{N)BrqVTQXwNzr*Rvyqx(I<`p9<zj&|IR!3lV9xq2S$IQ+C9%Qe
-z)90~rJ+7i|tF2`-wRDa3Z<qF*saArh;`RKXo@wNkp$e;{d_?uV4fDa|I*OdOK+|Nt
-zj3h&E65ar>Pd<=XKy0H!z)%Cq86zc&I~rFOr|vTg5d-)s-J>|)QD>fDZ^%3!2rAfq
-zXDLRX*6$*H*|Wq*T?Nxv6qgZ3J;MztsPEzu_nwv=L#J-CN$Zu=qDy;Af`>k>+O4ER
-zTI_yE@xrBkZaywA1t-3NZKF%oW`e_x<oc7eR}GWONv~2(LP}6HB6sr?Ib86-G+HkP
-z8&*nc+U^u8O$v(_Z>*AIfk{T~0|mCMmr8=usYfR8`tWog4OmIcZl|+x`xoS;6b)QQ
-zO{^TBwI~nhZlI-VZ#PMOaWIs-HmI0*e=gIanwbAeUd4xppf91or_%F%p9g}?^;~FE
-z{*^LQ-M~Dj_43NH&4%QzSm8KY%>82iGZO-d_x(GhLm@Y?oYhT1_AmiBY_mc&)gT8F
-zj0?-v1BfST8FrFP7gsZq&b|qh{XE)qd3MJ!dm%OT6o~RV-kJ|O*0_wmf=?5_#xT{i
-z+MFaDay%}RDH@HdmyO*QAF;e$LxT~+Z=BHVPuWzj+s1SOa?BAfs91gx3k3@L<k`$T
-z!Eji%H^LO84y03{o$T!SFy8;kivNZ@Nq>v7x4~4UcAWZ%(<JKMfcggb^}d<uW?LTA
-zYVL{Y;>i{-(xE!GnAh-KrW~~5+J`gR%b8TeR|^(m^-L1(D2g^NMpmPcT!?di!lfn-
-zTn1qmA74+7GN<T`*RdBJ<+y7HjE_O%8JWya_QZ1JFa~^i<uNEyR5u}<-R?M{-hf?O
-zhI%y~{_&h)+~7P;^dPRok>8u3qI<W8j&`>K^w3;e7=T3;CP0}yCZQQy9Jk+*vxif~
-z7qKaYa@2@4ZIM@(syq;9Fi(=NMMk~%I_+XB<xWcv1tm-RK~@9xf@8w1Li5ox!36|!
-z*j)p6+|et*_NQkA2!Kfs@%OV}upd1pKKPB#`>jBrJtE_lu^e|qQckvWyqi*yUm=Sb
-z_BWVi31p4pTI1u5d$Ck^7pvf9annwl&r|<0{{xBl*x_64oX%qVHww=Z<SVY>_|`;;
-zuaBZ0J<8W;pZE|Fe7(=Wh)F<wJ}S&B?FfTgrg`xpFE57WQcUU=`q0^rL*QhGcZx5l
-z>EqLgHndCnvbP>nq{ETS&64)yR=wBm50I`x$*QnBQa>7DzTZiHb7TBr%Muo(mS$jP
-z`Jbx)H>w^y7?)=lWDVp5+1&q<i^75+Ll%R<58Ftw&Ws>2km2fY4Ou!~{3tp|$nZ43
-zZ6n#b+lDV4=1++rXjqUy+sHbqAqi*!e{g8mU-yywh5e0CB6<4XZ6nF@(4qCe+eRvI
-zM?rU(?rX{>VrKR*GFCBi(pON0VARNS98hp&Cc1^Kavng@`ZZCm&EzDhovGTIcjQvv
-z;=i36u*sJ)b?>t-PPE2%kHs36Ug}-8X)g3ly^b4<+bhR_!Mwui122vKWx?D)WSUgT
-zIL}wJ@H+FWe8lOa;WQ)p-&s|V0QyqU5Uil>TR9c{y!Eu(=p7MF7D}}m+s4%$FGe{#
-z$;E^6iB;O{L9huQDep41Q4-H7A5bM+C!SW#x$}l#k$$7$mhxeNQ^~f@udLBzc2;L}
-z_DLu<gp(=1FD?WoJq$dD0yMe<gkpxC6pJCSIIZGqbJg6*k+HRV39U-mi<RgX%84H=
-zwU?6$D~}RUg+9t}x?2oeq%PdQ;dQen*&FAPH19d`l1MJEbE0*+Du@2J>*e2MNaKG(
-z^lyY{*tuAK7bHYnAR+p}to{cZf03dp%^#&`0whJT|0G43ASt3jhNt~aind{wC|!&u
-z$mIWx6rn?J`uF&6lKJO-GscJzl!3*V5NN;DB>;?dKAA$X&_y;P80tY{i4S^a48};z
-zS&ae_QZhmjmsLBlGS}=h(lpLuB>t%~Sbu%kDYxA~!~JsJIbG|rY(ExkMCEz8&C$E~
-zx6fnMif;`)o}ViFRY4~fHPF0y`kOdW$NVBrg(;4*$wBK8;+Kkblt)qzk6Bh6G|PN=
-zB&9<{S_IPs*21$)ItDdfhV@YbtHpR*k7FeUZ!y2OTq1$%KZS-+B!fC1n!>3c;ys(n
-zIq7Q@8~mWB_=q^3XqV&?Uw67U!x(`D%Rs^K{>>FNC2iWN&22d(@UZQb|0%aJ2Jd}S
-zq}CiSMQPY6?+~NuKE2^SWKWnESDmGBICyA*j~^~2L<r|7doaQ&<<mGLWsdY1U8TfB
-zEV6o)jg+j(p*zjYK5|}Cgh>T8eVKx2C+nc2@=N{ePks^k8zoO$2(E&OCuKf<RUSV}
-z?SO`R1p6=46eHXJJTCvr<AU6&XTc1TuK2%FQ{TAwi-08!^%PERj$Ne2N2MC^qsWGU
-zG6V{7HenkWEslXeGK|hEMtBrrN*^#*0m5}}vYuLK$xuo!B?~Y{6k-$<^3Eu_BbcQ(
-z22}_jXW2aAM&_#M7;#{+;4r^d(g#%0omS+N?V)3;CSdjjonj|pVdCImCt>3xB#8!{
-zCSl?zVI~PSD4oY(!B$lINa|_p>P(sIYDsIq)z)lqCu*?GZ!ukkj6R$u4jG|)yKFw_
-zG`6;s#dtEJ3*<1qdt*HE=p?DEr2B;yQC@Xo?i^@lXFnluo@RzD@z7RmCn(h0HnS{c
-zK5~8hFt{teYb}cwZq|0<5HDPQU)4XvsNH&8@*Y?7vjG9TZ3q>92xds%Wi=1H2JS)h
-z6i|(AsYBmK@3Q?i5&DF{NDuu9L?!e-oFgBcud)(i0v6UIaR8DHnGZj9G-2oC^?c=?
-zszIL}US$3KM1~?0yWM!0xIIprS>*z-XszC&NPj5RZ4jSU-X*{Dd|0K-AFAMs_BM2W
-zZYYuJtng+`5tcZK`}IBjvZ1lZ(Pm#qZT-q(>;A&xR;Q~==Sm?DG+GBy{c}VdMI5Fw
-zKu<A95WfnC^Mo1(_;FG~h$r#GMf1mgt;EuRB=b#eibXr!4Z?aHp{OU@u*~<rO6Sbi
-zZTYNy(->fYr+Va3Y5w8C`^e@#UqX+epoP6{b%1P7WP+VOmeJ+~X|_X16UG;=XV#OP
-zR`le@p^cCGL87gkSa|AY=N#)(g-sp*pbr0IF~rP3|37W`Z?qwv#7Dn8ketGRyrX}~
-z#b0DqU;hVXxC4^a2^f%XK+qjRodxL2^0Y@zADv7@0UE;GSD*(<GIRwo36mGXst;VB
-zOoWW=tv~B3>DW#6V9cMgT8;U$tR`S%VgDej*jU2f%PJF)1zA%E24@gtN-kRJ>&O^d
-zobCD45vion@NT`CV8$B-r<JP_*V@=^%)>o(Ak|&mWB8`C;aK=Z@^)$Ohg^;4!{sIi
-z4koKRZ2eV>rqLaGKKW54<5U_Qcm?#kkhC9J<nIUkgu*=W_2cV}^;c%CouH54r`5gO
-z?aLdnXF8qspoE6b^7}9IIAUAfE5GVgin@KOI~rdS2q{LVQU{)y{p$1^?XGgA(xxJM
-zRGZ;pZ&PS@a_HKqk}4$EvyE@LHzauaK|w!?4%y^WnI}vRUxMG1XJXVbuQetE>jfPq
-zlRX_f{oVb-{2AFm{k;vw;A#N5A_+}dTwhUz+tD!#^_w>~sd0mk)mZr^dFqz~;>N*E
-zc<cMusSUi$%R<M~4f$J#4W==l9|tzN3ijka-tC1hrUg)m6>Iq6pySxxZ5<Zc6wg<C
-zgnY`B-fY|RomV_4F45;q8+X!=^Q(aO>0V1+eaDjC1*B4Hygw<i<nQbWfezd9r0C+q
-zQ<WejhYW>;4B=CNj_WZGOb>tg#QaRPk#^Ct@=ohs{&_eI=SPP^lEXPR!Cu$$!P1eD
-zkFr9$+2>OukEav|>bLZ}=Jf;eE_Iv(r*RsL>MY%wH`t09=~QZEM;5&5`Hm-R7yG@5
-z`?+<pQZ6b&Uz5|)ZV6~!zbbR<ZM}*mgPws)$+_JG!iSW|*gmktF4YZnJ)YObwjI28
-zZvg*?$>E1Zo(w2<;(wmYe;Yf&^`zmR1mw941mz!W%YU#DQ~_-{jed-s$OXkt<o;vq
-zga#;fA|0g9pJLE4(lgLoF`Ol0Z!GGe-Xo2}$oKUjPLi9xH2gHugFDbM)cH;>rNBg2
-zQ(KFG9B5*wuW4#(XsB&$u8l<sG|@KI)G|c+qCGR&Rp4vNHu`QzGV~6C&x+<3*CqT@
-zvP8I{r3Yr9=7jQ>+^8s#5fqC@UCVc2Y6O|<11+s=-44KogAR_t{H3S#9+tgwTzq2t
-zqvMgiq-p035fPSh`pg>k4YzxIk6lhqMODvku^$Ru%u+Nt0*s=cOKBbTJGAXx2ixDY
-zP^sH{TsIQ$I6QK+m_N4(VMRw%&Ck!z@#rnG%i`=s)#z!#lSN+~d(Twcq1mk{h7^Xd
-zHTTNN4+Y6lx!m2-!>HN0*2!@yLMj3dh2gm}IfMGwfxtQSv4hwy0$SaQgOJD-=*<XL
-z-mhgel**j!BIl2DHa*X_Xt-ZmDDpO#M#*TLDHj&y!@IC3+e$W8RJygkCVxai6zR6`
-z_CUkm6S8o0O9@Jh^0N9ZFkxHwm%xOsMB5OkU21(*xE7$y;?OL5A#t+B-%L>|z6?Iz
-zNyjb&BW99PUGXkb8j9&NR}(vz`&;|uWSn#wQrE35GDIK7q?W@HvuAJ1ZmR9{xjbwg
-z<!8lf@oaguLK2S(FUl2O*EF7VTDU-1?Sw?sP1jkJS!xvQR9}b*f|rkR1#F3H7|)gT
-zr+uzleOQ@Hvb)?oTHC0gqgo`m&1!r1lKA|hb>HN!*j`uBxa7g<{NfGt63ULm?L!E*
-z!4k!WC6cAO2W2f&R!w`Yd(`Jbfld6L2I^!7eZ^&`LdX65i!3yc7I>DTjRE=Na~t48
-z<>NLPG%$>I3XbgXOc_T#C#TxHnld8E>i$w??{lZeIwg7Ez2m`@jrn>_&CVuc-BEQ>
-zigArOFdNuPEh&zejM?I~1ALJni-1~@r%;3Il@cvIK_`wv?DNF}`tqUhfq!en$~4_-
-zRZHi-`_oP?x)E7^8(WKQI#$sau8Fq`yc?U~QELt81J8`$eWTSEB(z+5HWM(8Gk4oX
-zJAEWfkX$z-rdVt53(plxU1YDYm%)e2lRaWscx1&K`v=<um2N|Xeexe~pOVv@nat&j
-za!<}p+ncZ5mhC}p;qMq)2OcT0v5M}-wz>!`Uev4+J-or|pIzd@ML~M?3UiBWzH+2S
-zOx#ogWqETr!Af}MDB$8`nWCIkt!(Jdalm}3ClAe-^u>sK8rL@cdi&Ak%{!Xu=sXis
-z*$Zx>N2@V4?#tX%cv2kwT}X?MH%!N!-O_nIb9)g=D&4)tGa`jhs)NlSkF+Dfe=|EX
-z(Xs!}9Qd#HSy}oaY#gAF{XkIukJ<SbHiBknvlu73g&>?B8`pPsInNCC3=3^sT#2nF
-z42?{1>@G4$3$le_jTMW-U&BtJ7mnKXa_knp$}%je@n<%bi^&2`56@@Fuifno0rwy5
-zZ?<k*M^1s9M_i|16hxIBSsYB1^GT3$kUcqpcaSnd-dfTxvBBQJhBQu;WGq_(pwYZN
-zwI5+KCEzL$WdLBWz1(y=w4^a5P(L8wNyLzCD_(8hs=}fzoMw)`MkYjPL-^Ev>9=^n
-z77i75#;?czq=qN3J!8zd(O>D_#QM1sf?*)bRnuK-5V-99<w;BSXH-n^s+pCi*`G2Z
-z9r7c|p7!Nv8LeI>c_eT<k<+dY)lu^t^w)fx=0ec)7m$EABJHOU0Mm63Z>?Bb#S+oi
-zW;Erlep78mTpK1Qt`^2frV*LTAqi}R!5Vt#K;ckhs8FGGFv)-uJNzOXZ?;UZ#qxv?
-zocHX#>*%bOa&A+~4v#l&=2}?J>HbhMwxFf)8o{RV(&|gGCxVIk-X}w!p=acaRrfLz
-zje4-k6(WV{gU9A)gI|cEHkYTl9x)$973xRWNwkzDG0dBNnS8}a5i}R7zl<cL!jeZ~
-zC0p7pqfX%d$cQrX{GPez@wHJ{hm`|{_F!&x{5iKM{^N&XJI>&g*(mmIR<nKcCZ$P(
-zJJ02<$9Wbr%<;NtF19;A8{X&mt<u_D3^fP0T+M=Qo1?Kgq~>YXKG9O+$j6IYun=ZS
-zWj7)`^rHuUk$z`o7#OL>Ht~x@gYjybtyO*-pJh!t-P(KiCg3YiWYRI}i?r)sEiMNp
-zlB#ei+P$6vpgFknI3R$zsXi2ioko^kTL%?$T8z9^F$u=rGCex+e>3A$aZ#C~qdFj^
-z7-Ld6zb^VR_kog)O}t8@t9pr2B-_mt<FFC8pAOGy!OETTXzxHu?oHZBN?6w}3P8~y
-z+3UD^zdw67yoD{<uPnD9$V8-Os>_%%XFt9b3)LZ$9w*BtLrMHAq35b?D!h*%;V3xg
-zD74&sNcaa50{GYPbr|mR(#6;OjlQh+qas$Pp@mJX1t(@D(0x8t8%OY6ZBL{<kzoS_
-z93D{&uj&h)83+V*;~zRcNAY<fV9JCNQ8NmZeQXvUN+kJ|%+WpJt@#4H_|>&7{#_lM
-zxGd4z%<-*ie3y=M;nooRGc<jZ2RoTX3)vG~7-uO)cYDW=V!`I`NOEU@FuF8k6XOBh
-zY~;7JB8*QHrrQfRIu>3vpDbQ?SyQ-olN-+y!R@$j>)6`$=BK4l=(zL@h3mSTf+>+W
-zn6@z&+?SYVeyno!g^!3KRznxn+wed52!@72ZgOoIuA|9_jJ+y`%4OzZd-^~+_MVHk
-zw&aVcN!hW|GxN^;phUMFl^iCwUF@;8N|Oc`M)$<mu=Yr-$#4*Jwz;sY(IW1<cszG0
-z3X9y6Q-LA5Hl!_2z(PkWNC;&|jBT&Of^y1m)EGGu{5YnB7ELZthdtx%BK_f7PE_?&
-zY~CzoXepI61Qjm3C&<|Ly>di}UD=w*VO<|H>bC?Vvc?-j-Fa@4b=HbnYTtK#6V|cp
-z8|6Hd4er{_zaVu;KTWS%R6^6c37JcRjL)`GM6P4G3BG$zm!;*LYH5*FgO;u(7bj25
-z!?P9ZMSUJAtH$v_tT0$h;$`xsk#LWT+C0;TlDGmJ)tihO{rFG<ZMU^FVGlb*c~CCf
-zbE|Wg)TC0x5~ER9zxG=9_8ql=U4BAmKm~xmD7M8ercI&Ro>u3G7TStKNz9ol3B2>j
-zYU>V<qP=q^cgiF1%HqQVZzli_!J2n-e80s&!s2{2atx)?p&B2i9J_guCUKVp@u599
-zaW8{+Q4HsEVu@DUnM+DE%0mj;SlPqCDgRJ#yn2WfMLf)zp+rKz$%ni*HCAMZ#+N}U
-zweFLg^!bSW^vN<`UpkNO6=X9``K0a|X)Jj~hsnSJ8YO_-+Gh@Jql4Q?j_gj}QR<`X
-zA@D4c6^dzR*W%KdRkGEniVvNk{@oohUosp0YCh3cCFr*Hl#`LLn(Dr}vC1zXsO=_?
-zgAp~j>#fh%c!ebAU-o6MI%)zXYbI)pY?IJ*&$9b-6i<UP!HC0WCLz3*9sGhE*)i|^
-zlXw!f?aeTq=RA(<uWK7|E}ttFQ7gQAD-Ij|5kc)yAuv0pmxdZg8G14msri|J(%2;b
-z>_XD5@JsB$XR;Y!RDM_GL9|D79~WK(%)rw*xD2u9){B5YYmr*erTT)yIjG>lddNfB
-zJbhV76KGCj+oLQZ=C?Q)OcV(5DQjHuyjOmL7msnFw~lkksn`FVEEco1F>shS?LOY&
-z(xlajIVIX|;Bt#j=lRham=n8fGY<GulEz?S&Cc?}kfFY^2--uUh*xVc$mDPf&G`0#
-z=wu(!XW}f^n)k6);^2z8td*(Wad)Jw_rf*l`nxa{CF9QV%BkgWXYyPI`}QkOUk+l-
-zo-ONhOd8-Bs<|ge1&2N2|GjDWKX#P=i&px#J4(f;mK6=4I9S-9qm{nxD1Tw&w>68L
-z6VoI-YTC+OPiO~@a2-OLneHCzFoD$hfKob%a#hTiF#fuNcv3$R1Ruu_Y3L@sA4o-#
-zDiL~E5J;T`^$KHxs+fYY$kXy|IJV9??wyYATU`ztF5U5k_=zG_ZKKUT_{jj^)L%bS
-z^?#`i&Ib5A8i{HhB2|UR2mQ>F4*^>24h9mA;xmU3m?9zEVm-1igyj|bEPO8DA>2LY
-z2xD21fS|HJy4}oY^z|qd*qh*V_B|8N0Er8}S0^%TI<OJFs}fd_*)4b{GLT#~7zQWI
-zcl1Hvs2&ThHZLQ=bvsy2nb@E{LN*B}dN5`HZPI({X;booNi&UJsFYor;}d&P7?2Cy
-zayrx6>aK|Px=`&*>?@5;fDbZr+EV1Y)=BQ6%yAsLx5QoCzY0HFquez&9oahEoomIj
-zPreA1Z3Je3FMi1n=w(?9jUe`BA0{$8Q3h{_1M1-K(mJ9X;;?_dCrVh6;k)Ow3(5B;
-zOfByYgX)Hc-_#@b!b}xpSyxbbE1IMpy3>{}|HgHH{)ludE3PPN4pTlf`7nlri0<i7
-z63)|pC}4|xX9`u?$Pqy+ehqIu<OkZ}+&*X8ii0IF9$5gP*VRCmfNV!EZJ*aC0)BFl
-z!;FN+S^r4)RtSc#RLdl^p}^pe7gcvp8pyXBUZJxSyh>P$i^J-2NUfmtIJM#TJc*<m
-zCz88ttS)d>zrdpO3FLLv-)mOd)=SGR+1p1Np2s;|*a?kmf}dy{o5ySpWgWz?7)w9j
-z^T=v<WkrE12f%aPF87s`7W6mOy`*z4<Y_wF@V_QZ%a0dEtFsEWMD_$D70o0@)<3mP
-zNJqAYoog(rOQeDEcqjBa_#K*Cm1$>?^3y_h3KIfUf(BoF2$D8{F0wW<EC6SP8};hT
-z<gPePS^E>j`-pfg`wf-H&BdXu;h9C=-AgA4nh(>wxnDS~W(xf`i&7mX@brTki^n@S
-zqnjNl-{9DU3)P5gyM~$o(dxfe+T(@#if-uyFit}?x}A_U5O2aja#%k@FXKAGd9B(V
-z&DI5BFqhCyNi!8L)+x@8;ajx0_aQ7lm^P`(#!Nv5&wy*kZl8@iYL?*a4IUy23CXe`
-zRce-{lH9G2=!%YDH&jk!s@m#Y@4`|K+SEx)&_Ds|ImdLLJaqrC6~+Vynw7LDV|)-I
-z*WKq=T@%Bi`mYZQc8p+g%<oH$yctSD)@E#gZaI>YVQEO?2z}YIGauj5(-+oumR7za
-zO)Ov@*F}*oK1t*c6RRhTMrwrDA*OH7o^Ss$Gi^rv3Po~G7#B*y_|uaKPt#czEjFpt
-z&3&~IJncPR6UEAkY30eN`Yh&80twDWA<zQlJ>v2Lb;+G3!g@@#{dA=r)K$-?-`Nx|
-z4CG$C(bsvxx1mYAE@y8l+3#BKoej88Zd^CzfXcZLtaaalUE%0|WDd;$JW)-oAK60;
-zmscMF16Hi%b3Z2W6M*>~uSgzUAchKwJFMPSsLLPa&+lic<K_kEL8?#it7sWi?3W;B
-ze_C_PM2nNR<Ebv0&gV&xZ>{G*bhD{{NDox^DBfM28o^lm7%#kf7*`5kpoXpDb0Hw?
-z#V)?1j|?=sD_uVkUI}v3t+A<F9nJ1LOQo+vvztE0zu8~M;`*BIt4ZA5@$AmN&^xhW
-z%8YifF22`*^UeKO*jCn^;8dR(x$+J>)$;vJLqdUGH9}iNWs00w&~R=-7F)5AV5!pp
-zP{JxswSB^;lpSVhgV{Y-E;xb|nOgBRH>HiiNoP3rc2Mx^!*HiiXQzPs9@i16Q)oyw
-zLNdxG-M7tH%hh`rNkX+T6oPz<_^^+B7Sxi)RRLaMFT@Uotw+?l<YSC0YbA=V2W5I%
-ztw?2RwACuS#U7-KtlcF)@SQ6w9eFcRa=49@%)LnUDyj4vJI^rF17BfaXn$!<n>2d=
-zT4;O2>bxg-h=Gde0qRGUDKus_dJhWrc?a^g|DZA@`QM6(2+PXRNQ&qUNs9aO0X$cm
-zK6`vsqH-^7Y!rauWieJ}Mx<`)`Ygdxz{tRuw@^Mp^m29&{wNyYy@HHk?1$MKa}`{O
-zRfS3q3F&R@_<)qA-#i~49K;vusopSvY3Q6I6cZK$R_Q)dMIugt8Cebq$q=k{LTNHM
-zIyk<rmSLWnioI@c*6Ph$O4xZIy>^?mso*+!TDGUu?AW_c3OBTz(>JF#^#RE0VLJf<
-zd^SU%LeoEiI&%vIW9J=Fr$!>FE7jKVb!y>~bN=wjH3TV5RWkCC7;DW|dpH=pCt2K%
-z_u1w3x*JJeg7?sVFgm%{q50dLmjl@^#-1;VET{NOEk)db*aZd-2l)FxX8`f;yY!!b
-z)$r|lR1j<bI4u6%dE9T#oIg_q$i4FyN5_8#`2H~Bw`041CIgVZ{_YU(?-%~vNufV4
-zEPnD`wAXhh7k@_h`Iz3H2qz#0{Shzr2Lh<_GsO2nX5Yr!pNSgjCy3u%06!!Ad{XC6
-z1ly;7h45by5dxy=hv)ch)%Y_JKL>RGNyIqF%JZKH{~tvBI1n6gzk~QQ`0i&KevUNz
-zlZKWTe*qvY_%p!Yzl$dP{{;9Jy7V)`&v80`k^oNlR|x-1!;f6RBmN2D*VvAqN%%RC
-z;ZG8DN&W)hzoB4&>?eR<J=Q-{@UwgNPYRG<{sq84Q}ClqY`yvp;M?l^Z)D<UAJCs9
-z(189H<d5O_2Lh<_^Hco&VDO{+3F0^F@6QN7n>zm_Vu=2)5dJG7*x7%A_#46edGGQk
-w5uTv`>G**YzwcyzevY42;-3(veBVKQry!-pp+HkF0DuYlkbr8*{NGyt2buzz&Hw-a
-
-literal 0
-HcmV?d00001
-
-diff --git a/src/test/resources/com/android/apksig/v1-only-11-signers.apk b/src/test/resources/com/android/apksig/v1-only-11-signers.apk
-new file mode 100644
-index 0000000000000000000000000000000000000000..95e6c61e2f6f1b75c0941c21a8e728d60821894a
-GIT binary patch
-literal 22297
-zcmeIaWpo@#5-uv1EV3*nTMQO6Gc&U+W@fUOEoLT*(PCz1W@bi<S-S1not+u)%)Z%o
-zf8BF7`{YUJ>aU`sGBPS6BU45k6bu>&2nq<0@YwL`2c^A0fq;Hwcpxw!TLU{Q2U|S@
-zJ1QMpJH3}dARrJR*k8T{23!vegbh><C;=D$BLO-|f2{*bBtYf|WCR2S6H6CdUTbSy
-zLn~Wceg%0TTuSwxtgh0oimn#iF8{99u2$UM=&stHINYwlo~)j)xK@@1xb{v~xc0`j
-z1_l~HxICL)5u0A6KY%v9N&pSqe{=vq|Ih~9;16xU&HmB;K^F)va5o4LkSCz317r!L
-z4`d5u1!Mv!sQ_(jz{d{A07wtW0nl#(WDn#5=+^_3c7W0z&|?Yc`NwrX!2aJ(xPWH`
-zU<Hr@p#1SHf21GJlL1iv=>H`Fz99Uy4k#f384OIv-rg1n0>aMT*2L22m)}qT`hUgv
-zQNabYe@#$OI@Z=&mO2&&09+6RAOye{zh3*JjSOi2xZjUHupcFe1dukM{IyR8P-g+;
-z|G(*%ferXEp!{W+{wI6`OBLS#_CCMI|M4IG6TXhE3g7<?{tuqW0OS=J2ny=Qeeu|S
-zkM={_crEp9txWVKbu3K`4eacxoGr}56q+oNc#%1qQdj~AdwG2H`Z$7-p+1^{km3p;
-zfgp-_g9t#g>7{Dxq{g*`M?*tHqanKip=foY$;irFy#MHBcQ)D`Q$dM-<lMKn>UyeY
-z_#Q8U7amHcCjqKJyPk{9b;Ii2*cW%bM+rBg@Goluv_KyaAiGI6+0SF{1hL=wBh-s6
-z6KEnrc6;3kJ>eP_E(@S>R+k6DGu=NY4;SowJao>Fci~dkPoKJ^td(}Iz|Xll)=h9@
-z>oCH!cxc97+AaHNtK=Hc1h3b4Wq$tVQy11@j)*lHqsM3CNR!F7QTOBfzUtEnC4vkZ
-zyRdlTXH$a4aq~C#5YLBd)a3#~rs5U+V^ndc*<)Xr^lC{Y4qx>G=!eao-(Rq+X^EX)
-zh)_@R^O?mk-VD_3I~8!|ExH!%SsOojL7C~7*`aMhSRQ^XC9fJ>Gg~g(s^ufwFSd=S
-zO;3+@HWITqWU3}`)pbdWd0J&w?C1P)?$<nBPTNc7HVAvsGRS3sUpNZd|Nh9}Aueil
-zW&h5vPJg9cPfGr9@X-9?N&hDLevrHR=?l90v@36mBu6K|`x+OR%OTK^4uV1uD?T0w
-z7%!L$vdgLMk~jA!))vWB_IvNHq2w(O?~H>j^#sa_orBMd)@~ZI<LL+}q0g~WbX&V{
-zBrisEr7CpGB?BKl1m*kUV}xf_<%RdB-?2Hw!lJo+(*Jy2L)iCz2K!=9BD{TomT{Wk
-zeQR9}C7aD&-}G+Z$Ue7ly!68-8pe`+c9v;11~tb8wxRGbe_DrN#{uIe_eUG0vd!<}
-zNLPbGWykyXHt||FpUd55Qet+fKikzk5uKfaf3P|`)RGa0gaW$I)Nuri*)I_PY1qO5
-zhOM5tj-4Gq$><w6hs8=71BPqgnx!GLNpdg4Z1U{etQ#4Drk<klJW{oioN6ePL)p9(
-z#ubJ%zZFsA^RHQfH|B4B)<wT(Im>=u7yO>}MO*PorrQ@6%12CkvxAvEh8Qj`dArW)
-zrscIc%{|G5)rf16+ZtBM6NSsDg~T_+$&%XL*=cJ@OxLD_L4oxRF%JgNZhkm1uloa>
-zmj>=Ltv<>`j|ylz&eeJ@_z7M$7^N^)R|n=|0_i8-Rf4rBPCT!wFA>XpA8@TAGejUq
-z4+QD@q3D7`@z4;0x1)yo9rWKc1TFJ_z>f&}6rzHb2R-XOgjxowLkMCUCYys2M6Nc&
-zZYjUD*O<BlPlp4h<SP}26?+0zaupbxL25>dWif6BcduJ6i!L`-e6SR0kc!NF=#sMK
-zM4R4uXN5n-(1)Yb+*iQ;N^r;(^>9~QH1`&NO*%9K@xH_s#OH9o18p56ijg9hQ3Ocb
-zPvOM$QnO?%1S~4~^_u(1D&@(nrjv)i1Cy&F&z15{YeXlZ;R(!GbssyQVlQqvRdC4Q
-zD0XC}Xb6pNd~W~tebZ*<Qe}gcO#&s<37CVb##&RZM`fVxslocXC#m~s14V{6sJa<_
-zxx0qK#kVPxcycz3dG7S=o+5TL*<P_!+q&)&`eCYgHwg~8oYoBQmK5X4P}cO|vn4{V
-zjbTZ0Z{O%`XK$rK#T*K&v=k~9rZFB@J%a}U>|s%pnvdi8y_s=~wOfzbg2}gdK4msh
-z6ReP5ND&CrSQG5}u*A>`I9;8;p7q<%P;cPujsd-~k3z&c#~yqy@=$%aT{*lLyD;iP
-z<(5bB0fB4lL0iG3Vsl*;rY}=m+<&Xf*IDH}Px4dNW>#R$X>6wO71+UI1-&X(&K2r6
-z*Sd7*+%NH6VGiI<5qVloV)1V#P9a^_+MARK=aV#u!`r}CX~JI+TuQb1sS9rTS~770
-zFhApaf7W97x{4)PaN8%tH~P+1OI%z7l9*;{l6tf)KGH=%dUEQbAuA&wmW!p#BuPHi
-zgn;roi^S^!k}pp9>b&iT49(93Cc*qrT>p|Gz}ydL;;~t=E)k&sG>#V_|4^cmf(pEp
-zqEbTC0`k0+v@~=KRPsU=qvBRRJV0RU>~CJZ^{{;Lg>ncvzsppElS3m%q^u}94e>iB
-zKs|j9GeMfVVM^*^t|I6|{1TwU*b^F4R2_RR6GN1sgG(cqcB)A#?HHsYI9^3@5?@;+
-z4L3s|JnWC@6OC=zAs4xUR7ci0;-(ehH<dHLmWW0$MZEuI)A(DM;9af5Iewj%foS~f
-z*Y@}exL2C4+I~+fmEeg9XZsr|ykw6<d~e_h{PGKs^Gf?s`*v%X$1<AHmE))Y)^+Sl
-zyv`FX!~@aAz|C0mtk%@wRNsb>-sW%E+zv<eW!WxGgLkt}G&gSvyP8eWn=`#^?#3pZ
-z+=c4KQ<!0%Wn?z`Vp%X3oU-!v4zo}kXuKFlB6U`0$p4{1e`Vw9alZf*fWgLqjPj>!
-z1n`sISXWACYufbE_;GZof3*5*5bHD`M+QYrM6P)ygwbb?_|nED`3FVCb$DTAM%wTq
-zO)2>j=Y{cns`p9?iV6yf+0YuIpcXpM#)L>UKj!h@qfkkN^MeD2yIV-)S50(bkqbt0
-zfP)K_fZgtPfg6Dh4TFP|3>$`n%j$NK427eB9m)K3oScka2VB84Y%GK;99~!vr9-!N
-z%pLam9XE#@n&3-tHFpf|{lU27<+nGtd;SaVtSE!7na2t2TT3N@Fm;wQp3FzxgSj!a
-z%er5j^}la;oTddR(=C~m)LFXQlfJsG=PFm$Ox0o~YG%aOq>n_@q-t@AZY5uoeLKrP
-z6G<OQ`QAEe6CfELx$TCLKPd_K;qo)aASLw*)7lu};5gS(+U?!)Zjy_8@d@T6v>!97
-z6zj<JybNKRzo)$8>R`~^z0WDc_5;f8;YWdCjmsIyTer0ET#*U4nJr<M1_qQ5X&iSe
-zHijA1{k?@_tM9|zx0^UhowTsW8e`-iKh3$Zq7E`pTi47iP}B1@siRW0v|b5xuYAex
-zv#3)~SxzpW-aPfIS(<xwMAUrH&*;i3XbxGjYYNL_<#2Q3$q#9$@CV)x-6Rl?m%KYZ
-za9cK;JgiNtIK_;sa`oHZBJ@9_OewNETZ)5yOP*2-TKmf7$jqo5(&nC8@O&qqzEHcp
-zyeg^_<CKv>b3Xp6P7XF%T6r^e(O`%`mmgwOdcFFlhSinM^_V+tdpN1>)xGFEXYTS;
-zApf|bm53KV{~Hghb;oATE{Zy_)+>dZxs8{1hBpNbo58(Gw~D~STXmbO7x=ibSfs=U
-zC97xin}#AI*lpg)K?+0&UATFa?_S7IRppp8^mH%6V%ozGun=q#_!r(t!G;!3Pu!Q}
-zkNi?P&$@*K*n5crheV)ECoT9CL~|cbY!&K0eRbqpGU<}@)zv;^l4(yKjFhKUI~2A~
-zN>ag4x#F3HnD-++Go+meH%(G~*HUzzBC|0?M*J?@s!7qx`OcDxHW;?yV*xs<>&7YS
-zKVLq76`lV$1JThiu>5ZZ`a3g_m57PhHo)|u1pkv6=odErV+NYh|HBNVIQTV4G4wyo
-zK;q53Na73#^px6$y861C`YQPe_B%YYoa~@dOpaeW?NBL(AvyzmAfC*JGbx5Sus`+$
-zH3~rxqe9qjHU}6&^!5e>p!PyQ1jueS6Zb-(2JFgEIZ8?npF&7V#M5MBcw@iMBNh@0
-zc)ri@S&rj+X>Kro7@Uftix*mC&G5;7G+d=S458!Lc4aor)n0X5f}F~Ner4j=U+F2H
-zNA(;s-q?mEBIs>=E8SYnq8Uk{Dyz(BqoZ$I<F$ajQs<Z@$mv8Lf3c$Qtw^is`$i39
-zOhyU2M$^-%5oi9$IdSS7js@F}_JhujLqv8HXlo6{Y3UY%PAk{iGWG7}n&j-op3$1+
-zL2XK#0lATOK<MF6gtENihfj}<o8PO6U+g8*cj1#nzA2I1-_I$o+OCX}JHN}9pH`i<
-z<(Q{zKP}!kHmZv-TO7MXG1ee(3{*6!Dm@tjy-A?Pnbvd^;kOL(RGOq+n5#0}ZjM;E
-z<7JJl)2>vv+qJVK77SqZtjREDI&T?J-<1F8p2ej>EoblObaW|j4<AqhUh^%w-CDPN
-znzk%F`kJF+Y-Ri`QzUTkIK!zWG|MXg;|oXC%vN>JXiyAj*4t;R*cFeL{xU_BO&fo3
-z^@vXt%jCm#IgM5KTfK{~eOlPZ^5Y7+87-!}_mvowp{IMF@?W@`wTb#HMyQLKcGs9a
-zzAuU2jlM2X?HVcROBy-f91Lt~HW7>&9LMC%ZlABr51{S2*$!j{$K}NpUMmhcZ<#Z3
-zt-ZzsX7gn|rVVWMLf(&2HgbPSqIDdtGdyOCtyY%lwG&Oy$$lA4-VacR1HrLp0X2uc
-zkxp~>u-nhc7@#xLSTeG5Wj(j-iN`74t<V%v&-<)9aA-(5A+O{Cca(rLy52xx^8KQR
-zQY*qe5O%h@#WAsCxx2p?NQ$PZCwzCPmb*yr)BVYt+mr4443ty#=kc_To71z20#<4g
-z%gA>e`^b}wF1?{aQ&MA|v8rv)LQk=Cb+aCKJCAAw&Vf;Wa?g_Ciba9PoztFlCCLo~
-z{tky6eO~+=oH*`Mfu+}BwyO4amQt4#B-c2Q4P0#sj&RPnmIMqFb+=8!+4La~sw>lC
-zo}9Cf7xaXc#rcXKH|9nyLWixWsqgYliB30X*(<h={jX<U20HymgW@s7*$=rxI7?{9
-zYUQBAHy^NMmlLDb3F~F%8mCF}tjxaUIR~{B4IJJUYk2IYHEw(Q4E5(9y>!&Xgpz=J
-z#DyEAjcAdbF_?^o#}cKHn^WzP1~uQh5cD{&Z)^gAa)YXBzeMloz0-TQ@Tl+It%#8>
-zdM&J_)mCTXKTt-4fd}dmSxpz>=dA+j2+n~E-bqmcF&rBD8fD8-1?lTeP9u7AO)90q
-zm3H41%Q&O>-r+NKMxZDcIoG>-dz0FYJpLFsuq0&LxxBPj7N?@F*<h6SC&$VP)JMy9
-z+Dyf)$k<th?hP!C6*_utyn1iT3F&0o)$nl>Sd58Ke1?X*2irH{?W25brv@0s8D==K
-zQm98-kLtgcY^DZCPcHiQkjG9jGLOy<f;2WfvphnEw+N@rl})W8oq3RoH!-Sdbkw*m
-z5$9<XZy|;%f&Mqzg`S3)?tj|l?`RkOoU|}|fbsARkpJ!d_7^q+w2MWYE6Y+KW}lrj
-zQeCgcr|8*S8__3xKU9>!_zJ{o#o5IxZI&DfjXX5M%xO~jVx(EYN(F*a%9>j2%;X#m
-zG}P&uTvN5Ye5wus#;VKIOY<?8hrY+YTNm!L$FWDZHtKc(sCT4IAg?}flr)H)2KX#M
-zNat{1u*63|YEaWg;4kYcq_7|XzCdBzyfg`KG9VJa52WeZW+Kpl`GCCfug4^KTLi{~
-z7s>v084d#csvn&P5||Uh*Yq@4G=x|VNSUO)QzS$JoD`XEA#8J-FN|T*HV?>Bf9`eg
-z?OR$MIj=V>uWd8y?>B&Sd@gyuNkg4TE#-b7-oLQb`8+M%(c!B=ZFBgBZoj0`G`Wd6
-zC%M)_h91rS#q5YU@Ub9vF=$Dmro5#8@By4Bw-{g4gH?bS<8$66vxhy;ofJ%455JKt
-zr}~tMLyN7obQgiH{l!H4?Lds1eU`bK4#OsHS6wd+6)>${OT<!(2|~RGKg!{$ht=)U
-zXW#UgcT0y`7UN(qLO~w(?^-sa5BkYDqu9HO4jf-*s&Zh6zTWRlw4FP)aD_@DfxEd0
-zj&CH<3J6*X93+dfL$-3Aw}{JZ?teuw_7}`g<i-5(5humqk=F07Jokc0Bm=@-#IY>Y
-zy%chYcJF)ch;LrfZReSk9Q8T-+3b{M&yG_`3iBdIim8+S+QX(SU8&<f5w>-BwFKro
-zyYbBXSGtBAf=^m7vzGE<MrNZ?TP&}ppQZJL*F^Z);zzl`Uly(fVmd0N3MYhImxGBq
-zse3CFc3id2<Ld%&X!z_ut{8@`XvW>Xj?g0oC6R>4^gz3VWR8PZLK141)f}GdY*M&0
-zG0A9}6!$kWsBlH=;+!o-ExU1Wxa~<b#0U3W9Elg=gi-6e>DVINmN<+!;+PdhVRAaO
-ztH##BqFQt@y+_;7ecT<D^UbvY-XWJ))YHxu+`D)jhKgQjA8B-&j7ICBWvJRnlD8B&
-z-ez^sDvIXQLS#<BK6Iag%Dq2eY%%Hmt|0>LqA5W7;;{SKB=q{AICCC{^?L<&e#yHf
-z?WLYTg`jSNMj*HRv@b_YFWoF+_LRznj5<U+g+!+U_gImJG^uJg&DwdIVjDH2`b;8d
-zPwVZtbHp9&&$t&aFk_$0W{s^@$Z~470ur>BCylgco{P*dJ}Xy2Hr`x4?=24r?ztH^
-zT0O#8>}0q#^^s7sZ%wJVNJS4UyetIBd!W=w7&#YRK`X1~nOBhKiQ0<hWoR57zJJr~
-zhLrgFRpY?<q^{$+xMjvMqRIT4$)@K>z7lj<p3=psi~*GzIlDsIN~{UqqK7r+rodw{
-z@mAP^I4Q{Zgbt#m{0equ+^$rlL>0~6J8j1@@?dU&MZS3Q!zCopg9K9S8!DjZKAO4o
-zQP<Dn>AiY~$4|QPKG-cJYlgjpv8P^7O*$h21UiSGUn1|LjpyBPigBbl*d{tVa<V>!
-z$$q>~ywrIsWeO97=LmP6DE&HNsGTkocS;S6$fi76&pq})nVoB?hS2LNA*PGHH6A|V
-zEUwPB*5KT7IO1ZZ^|gAxboTfak0&rjZHMr^&^7uuHCaw_<y0i<#a#A^V=zT&#H$aO
-zH5$!29xiL|>*7teE1@hNKXK}ieM^LM!RufBW{@QR=rfczOU?=1R*96Pe}@|{x_72+
-z>*-GPrAVf{+)TI?gT0(B2{`Rlun@MmCl5mt%Y<!3$t97806o7=(zL#+k<Jh}75t<R
-zx6Zz2EKwfRQjSp{NnB(~H3w`MGcP!9^rjpg@{>B6@^0)%qD+Ag)Hh^}gdt+RfqFcD
-z%!XWKFc|{Qfc*s+2s8Qa87R#HT;%=o7S@gs_Dr4#0xAdyU#l{7@3Of>++$Wh?`S9f
-zwcC@=a`_u68;mkSW7{4B`JlXB_foA%W?is44}${1aRGbISay#07%^y;pO+m<aoV3J
-zYW*-k0~&B37+!&{w5@@lA&Ot4>&GK_+Be>d$M<6<c*0{meX`D4?L?C-k_|lQnK7Gl
-zPm*guaOlVstn@|R6c(mAzALS1Ged*a$9XnC{o=sbBSe;Xc-GO!(sD|?7YE|f!(Il|
-z?nx8<ih2KfOZE~g1BDI74tvM<J?h0nzGTJSEnp<75i;W~+S7yGS;d5Z;03+2St<mr
-z%?F>k!fV!|_mZS&kIP5o95UDEnQ;kUQs)N`@5zNfQAdnPKf(Xe4fA_j^2b8Pzr0z3
-z{FE|uj7<Mi_J2p&R}mrB4FmjvYyhwOpK?)<AK=QO)BA%VDZ27CNEG0t`b$@qo;NR&
-z9y|gJ)jthMmY%keTc^cKd{8PTcz_{UOED|~!507m;r0(p^0;uI5nL$G@OOqJaULp!
-z;qMGdCC(^_PV-}J`6TqrUV8dUdUo1!iV(DFMYfZV9GOY(VH@lx;MD$2<ePIj$r@Mc
-z_LiNwl#e)43xjs~(&irhw#7-dI395rBQh&}t9H$WerfmdL-9vtXprc482upMVt#pL
-zZooHBuApD!sa_Jv{H_>r`D#2%Px4oO6?h;+X$VkefB{!V0kdd3>puR3PnCsKrNOd&
-z_r#4>#!7heqIzMIK7SHy#zVxtN@<eJb;&cT7Os~-t?{|*0e6{pyWx@iWr<zIzSh6A
-z(QJO+VtgJr6cg0NoYxN<6rC0lhD`|ql^GO`*k3`sEc8|hev_IGRvez)s+?{?*Qul1
-zr)P!M=^(B<Am)t(boj?trZjrg@K)vwv$PRi&NWnmj8+Ad4u^~pm0D*iQZ(?t`@;NB
-z5z_jf4E-G$x~7A}Jp#xOJ3xm1;8*__8~-6hMt>BdE`SgL{J(!KM412~qC$Y7{-+S_
-zL#>dznoJQZ{v9Dgh1d<~4cH|P$ot`q5yCA6jy1#8CDq3Tn&^5ngJh+TV1hf`3(u4g
-z^v)ERo`Agy2{fc+>|=aZ&D7dLv&&f1B$J7FdquF})`&}Phmn@Y?c(PQo!ipmIN&ig
-z#4@`x*#s%XIE~^*V^73ORsTweq@o5YvA6$}Cd$}fq^U5~Sw1CbD?<EMxt9D)`sFpt
-zhK*{K=L6xlVSF9jSzKGec?LbBYH#DZD87y24|}f@B}P){zjs~2gBZSr097UizaE~!
-zsvG9Mn#sB7ZxkJhHc)<rn@n;@c1@_gJes4Az<{FrNcTzXj*^@@{nGBS3~cnYjV$1j
-zQx%Q-xhYa-f&1gPuuJY?dh=r@<71%SFmH}pYr$}k&;nn7Y;w?$6mOUqzM6Z=>;2Xo
-zRt;_@mNl`}wiotdt@6+>G<z%l)RMu)>`95p&PA(k5$X>L$-?(~i_7kNBo#tW!7VYp
-zwPs@c+b69DFq**sLB{@Vf~9Bq-<r$cT5}0PsNZ4)h*#pDsi_}a{6)f&J9`Ufb|-Gq
-z5~9*fc#-6b0hs`aARDg@m>SE7F9lMMj2;GwfZP|DnGbKvhq$)}LNb)xTg3{P9*F=6
-ziKHuv<_vO0%%~E!exAh(dTgPRh8_zF0~-B%1#Ms@&1HE$@ewMzdLnv%&?ROv209iN
-zW-=yLVzO}1WimRJ3VJesgUWR*22^>4ucU#lzTS+bzK)Epl&*Gz2Y!QnevA1ASj_1x
-zLC6@5)T-r>%f#kN7X8JT{wSO2lbGq)tBa(nivA8YoTB>F!u6<ygX0w6b-D$D#7kST
-z1HV9D+uW+O<=FlC%g~|tp{+bhxJBEAQ-WaGbLGG=y>9Dy$tP^>bt7CD`w$A85cH7#
-z+bS*?E$ow+nNbavl}<xngWHbBB!~-K69d#YpcN3u(9S&2eyS>Pi5M8K1cC5&#J;?k
-zF?e0C_lp%r>PGzzA0q3Xr@ksPusTeJi92GoSyU{I7H!s96&Vhvxewt`E4t=)U5}`h
-z27njr=<Y-0=Z4~|&kOFx7Ga1JdfY$Lt{R(qp6&K`*3_*nw;nGo?{&GkcC8h1L7;Tv
-z*CE1T&7m`tg7p>yB=NgoI9I4~pg%h~sCXkU+4zN1$W5ih*-M@i(fxDdCe|8;8!Pj3
-zv#H14cXq=$lrnVty+`WX6n*xM6YmDLJ&mCxqZ>Mm?$!Ep=8y`aEhPo*PVZORGergQ
-zLAh*&Y7VqfCkeFc3ze%Dg`}1(oAo)%UeLBx4?rBjfALDmNJslWb@+GGq4Sq_p9=wU
-z3ISLj{kIwK2N!>lRYToBXv2dlzyhc%V0D1s15}e~)Q{<HuYw^ev5*o3sHGoYFSumr
-z8eB5EcQ6J&Dh)j?9jy&r^Bd}**$j<5{q~+-U<K#Vc>kmxo_?8juZS?#SpTFzPDa(b
-z_UZm{9;wv1@!|IQ`SJ1T`SE^IvDCTl`S#9n?7^O*e4AQtAT0KI6=ESKr4u1k2!q{T
-zCcwf)_rqWq<{o$hYU=#=or#@D`J<4R%Oi!;EA<DnS)9=@>ce>fE6#X|=V)UO4YM|N
-z80kLI_#ML(WGXC<F#R~gd&C=_Fj*4kj+(+lWhz2buqT?PW<~nP-uNMUXRY!Z=&LH%
-znVI?zqw3VSx_R7^t;{opSJxr_I3b*eptbG^r>JV5YP8R7^Q=NZVV_|2y{Y1VQK<K4
-zjW+}LHPE9?1jGsMVw@kdn~qO}|H`A=71>Y`*zvW(cOYovY;87=S+?~gqe%sxo1+2W
-z#->I<$^XPPqRvECF8QeX(@Vw(iw6C5qq3%){PH!r(b(DWbKyC0aNQ^;r_-20HrT5&
-zF^P~ye&>#s(e@38zNp$W*>d@O!4|iZbej51`m;J1yg%Km2FY}*sg?ob(s}GCeHDeD
-z208`m8Ei!5J)xsv$K*+Zkv|M3lO~NZ2aE(B#KpWWG%KDqA+8EoC0#j#BL+h)=(9cb
-z$n>jA()5QE%A>)E9cI=hi}mXfN%ECEP1}p?;Zv8e4U?obCHk~B*W@kW*GeQT;wASj
-zrib3<;#`x-Z7-t3(JJsH>@>!jBGj>s23kG2G0GrrlJM>A!x1*Eb(e|Wr5(L`KDUN4
-zuft5p8GldgsoWLm>8Al_Ep*g#S691L&|JuPa(2VA#W(+9e)z+So*W>6;(yDRe>Z@F
-z<4waeAz=CP3n2f&!Tc{a0xAHj)8vl<6uE!^iroJgK%oT)pvVBI^tWjLoFlH1Ft?Wt
-zke}fvAr<@k;igH<NsZgbda(yPhr47IQVY!VwRLrHNk+|#4Yke9jg56pEp;)7M$L51
-zwRMc)cXa2by9@lxS;l3DB}1QJd2FbDS-*sNOPmBfyz;_0sy(H;lN%K!G=^mLs&6eD
-zrh%KeHQ3V1(&IF`bkfN-l)v(p*3-IAfrCf%cziOlk0|}RAtJ(B!H`kQvElKE=e66#
-zrKs}VBj!t?t3|3dTcAk{qO{K0fK%JieX!$03x%em=Y1o=fzvBnizT962s0{*dVYR>
-zj%QzyLl%1<vQ}@)2YJ-xiBAkQo!ULhqVQp`dkbVP{z&l7s%0M5o+izoYh0XXBBUdr
-zk?0UrN$51c4}MwDoH&W=#--LTKM9FkgV>E==KfwvMXt)uDs=t2VAuO@kBXDjN}0RC
-zJW5XMO0}>kAI6nQ)n2l(yu!Uzgya<-PN>Jq#}ftTNWjY3JvAsP%G>6j(FyzdzeFc=
-zC)tO9A5t2sL${2|Ef3G5780ab;l7PlGK``@Fl#UMg3RGb^q=uciaO_3^P}_iNj`TS
-z9J7#=?oM!()>6)xyPG<=J>EMeA!eu1lD=<kk;9LkkX{W-%AS8LeW-FU<nXk2R-6~F
-z`C!kj6OwdRcvGe%Qr&pbW#tNLa}W|yJ6mg2YOPgpP<1294^lS45x6I=Wx7x@kiK5K
-z@v=6Z>~On#wz*wSL$QqenAIjrN^pJCdTjPo?5MA7TJqv@eIo|3f^;D9_!5F?wDNJ=
-z8s1vdle~r@tGc7cBWk^nZx^SxfilI(P<hp*(D^w3CJV*01%|0;dr<NG+HUlv;&q=G
-z0-z;kpovefRIxO3a;hw=$Rm<%o^RET*1J5n$VvL2olj=$EVrtw4|eHm&#H=2O{*<O
-zvqxJgCB@-V&|AC@M&BpO!y=dGDOF>8r^d)k(TF1v`0iLi+`bgP@a~P-m}l5*=;%H7
-zv>)W6nh@u=v9#D{U=;0eOi3+qZ|{OcZ8o3|zB7UGi_u(?&~feEO+-7-JnRte@|7@y
-zciWAaVXk>DyjK3^Du0K$3Nlib;u*`tB`@kcFx1Ac@)#oMoB#UwmW1lcY$0Emb9!Oc
-z(Q@;#^ay+p=fK$Z%b5xbv+!YDt1I8~P4y=Ji`a*O`4tXqBzQ71^gZImim_@@adQcz
-z)!mUq8^O7=z?+NJk7djnrNd9ogO)43c_^kt@5emSIreF{I?iq%WT|Fj^32TTZ#eN^
-zZ6-80Z*$XNh_DO~!K~^Z7|y$TWb%3!jv`dldiqS~gbKmchnfM)($2X5&FsuT!}>pu
-z;NLQ}vJ695*Z^_+UjX^vX6Ikn2$-EMVqIvKg0On+++-bc-WeSk7uvbH5!g%_o0wra
-z+<YY}$QFb$RW1$}fto=r9CzqrJ1ip0GA^kOU^G{V%^IB@S^TQF`E)Qmdi>(}u=m(H
-zb~(y^#&HS!5x=4{i;aPNF&Rt&tT*S&6PTQUkB$r}Ca@S(NaIw=*HvpE2oxVL-B+kg
-z3FvY-IUryWZ+HDp9T{{9<Y<H^iCE%&<-6TSbtsgj%gk{R1U%R_*!G@V|K%H&aPY7z
-zUIW%Q)m&dXzD|5@3{ZJCvqe;aHU7eM*YwmH1S0=@d(o1;j*JdcIk)yUyZvjVQ+_1z
-z+x{FKla1SC&qPia66%fNT1u{yf$I8M4p{8~J_#5Tq5&#CV11A9*7B7N3?V~ZdUMVy
-zu__CKnlJ@%jWBv*t;k$9$<angjNz9~BsLAYay4ovv#-#ir#pfP7OS{>OmBEVxUW9B
-zjnC_-<~F4saQRSYZieMt9uKEr@>`p3;_jNRY><k+;ZHL3xfouDm{TlPKgvup>BT5h
-ziWH;`o>-g@elLvNT$b*3#&{N0Xc*xj(NdaBw`j35O-BDQXd%>a6<$D%DUZ-b{#%cn
-zCa%XTJ<=HBGh^?oh)GzdjT4&gP;OPiHK#DnYxIZ%dvNM}6l)K&#j$0R%Cymw*XrKu
-zB9jIBWNi!w%agwyHzH1}j4lUV^~obgGk@Fecw7#VWxB0zjPxYJ`SKnVsD(=DgAf<(
-z_=$g{|5Yg(TAHa{!ZQ9)f`)c$rT_N2yjhofN8iyDOvQy<23lQ_ZXMb3>X#%UH4bG5
-zkr^NqCl4+sSYUVcm!h!C$Zz+yLB;G=V^V5n!I*pIXBPotb1vmK6{&jagVM^eW`&De
-z!lbz`<SZ=Wm0I0ZE964i?&fHxjo1S;A6%AfJjl<EPNWsY(l1iOx(|_nl#Non&#R6H
-zvJb;sSW^5;a|?pZgsNw{P04eP6IwBloib^$vh2R9h=0fP+OSW9@#V)G2VozFP*@BJ
-zk0!*05rL^i^H`KAzUOW9V}2eNvbhW`Y+^3Buqc7(_pRJMgXwO2Bjbet70BoGie!9O
-zSMbh=FQ^CS)EN=U_dTCE15!lw_^AAAv*2(NVS5T&&y<h$dyrzXdwZOxT4-^3e5uUI
-zy(%2n&TGNe5S%L%L$enLxn(Q)3v9^G()1pV&h?_fma>GobEA;@RK!!0fjulFkJLi+
-zZxd%b3fMZA$eJ&f@4Ib3di0Q(F5*KUc<k%hJM`tJr+(CP?Hvx+_b>-mA#^ftV=Q<s
-zvCOQmbn}CWh$YZK6*kxoIH?ClK_W4`w+`3Srbocs5Jl#&@U*{tA)5Ha!Ch0bV{TS@
-zuJX>ZD?cd7{Xi{;!Tk_(qOHQL!Ij=4Nd(Ffo;d{?biqCsY9mI-<M0F5Q>xN3=k&~%
-zkX$>WmN&qm<K={S@?)m<_hCUfrC1vDY>EDCGXl$IH^?Ji2@a6~&@C7025NR<D_?a~
-zN*aO+S3MHt?EA@_k>b|&rgE6KCQJsbf$?oWOdua1+GSm}B7bx2zkdkpT=k3kJe&>U
-z*2B9beM&n^t6o$>)wc_lONfBOvQ|W*XT1w@_)L?f^Eu7hD!CdZLq{QAk${V9FV36t
-zI#OPP?S(*TsD{wnY^M?Lh=bBH)0do}9241xm=g8;R08F&^;_Z*W{B#LLblgl*CCNv
-zg^)E`qrPFyz5b&tC7(lnVpm`}5N}aji$iRiQk5gM-WfH74V#MSXNqKyt}~mxrw<=H
-zy4G@MJipvoMZa)&0YSssa_>$aw-`xSU2jBAAXPY3;XsyQHZM~p9TLL5bOa|IedS&j
-z#ad4)(P_JKO^rc%Nky3`eHpyu9S%;=43Ykr0C{CBkvL!$ohMdpLkwqn8<bk(G0je!
-z4>v%YBKMv2^Y~FgHvNom+M$Woig!$y95hg)#3-lkl~ddJ(0;NrtBX&R=J-|!43lKJ
-za{AT1xJ+iHd=;|tOIK(>PiO2-W}|;~J9TBEers<TF(I?LzSx6JegSSx4@o?vu+dXr
-zUA`6>yh1?f&QVp=6jIh))CBP^p81h=&w3PBgDUQr(>jB|hn54Jf*kn?pW}-JLXG|1
-zFg-*r=Pi+%Myy*z<swQYSt)U-n0i=^SEVo6v3*pOSgH`yY4FYO_*5pQdFPjs9|cJ<
-zhu+D51*Y)7D+{7Nqp4qdA2<g?<K#Nbnp-CX@~%aCNuOc|i+xDRllhd3ym|Jvg6fMU
-zm3^<Okf{IiP%!=%(DtlJ<?BAhDee#SOMSKMD=vKjvho;=wx**a-09B=PPb;QHjJq;
-z4uiLQG<t|<VvrXO*%oXtmxPVM1lnC?ry;}rr4iJp_z`5AkO(BuOU*crUr>qbQRm{V
-zH=B<!)#9OxIc!xaWH~!ixB8%)^aETOic+u_xD_;VI5W9!gZ&0nXK#nl=C4)_*`|#?
-z7;AW>L<NVv;{3J8>EA5M|Aj35U5irrt#x?=AQ%?v=a8iz7UeH&{PE7B;KDEsgPgwh
-z)EnA~C0GlaZlQm~Jc28IJ*bjFs9G7j6UJLxkU-=w1ncV@osMeO7fmFTTmjq51WWXp
-z-=HuysFEQVgCsrQj&1Ln?b+q*xz+Ww;no93fEPbf-9E-5+FuR`T2thmdH|^|2n*2q
-zcqFoIh;$_!55zlb9#{y`CrB{pkLzp#z{+^g%XJ8Tpw@S&^DwzUFX0}sXK1U+xVRMq
-zF&!4Z<09kWz+%A}tVd>Eff6@7WEXNQdQcI48xl5P*)1O~<iI$p(Tpw_pJ;<XkUf{&
-z>_{U)^gEd@8CbyU!I}h<Jn6rV+GX_CQK#kw6J?sbS1Y}>#3AthXhb6L$o`qyUVlxv
-z&z0g}>R4rB3S@|p-Tq^)Tdm{~(gNG5M@#(8Gg<i6Ci$VI`Pkm+;X>;N$CR5;`Nq+&
-zAj>=XfqhKNp%DZ=tRwgq7pfo)@uPY;ht$qUr&z4(&-jUJay-xM4k7tIcxh!lVc<Ow
-zFuMjM-soxkOj}B7Qo_lap$BaliehfZi)Tc8S@A_t3+RfWDW|c7_%v^ald;|ofRDB)
-zcBN9JkDcMR;#70jfkjh~<o182E<afj<&p=&^S&GG=9BO2qwe=^$K@pvI{lj1I3Ez{
-z(F#iUonn=cI&?I+{-*NjO#{h(0~snSE?MGcd^|?CQ(8H-=cOI5*F_}FB)-CJV^x8h
-z<_!k9?-y=2!=q-EeS`GelA~kzkwvV_rGwD;CYY(liAD70Q05_=@`;S=BhRc3H)bU8
-zG9Va^$JPFlZv_KQwWKtk3%Q!Ewgc|*((@ApQEF|1tr5I{iG(u=5DYKv6EhHOp%xm8
-zYLloSJ!J(%f@M+ME6uxtRNoeQd^E#F#%=J!0VQk$(nrumfC9o=<3zsOnLZS!D(!d!
-z_Z*R+<G8K%y1P8QH!`=(eR%64K@~mAox8(sGgla}Ta@NB^}#Txv3RnRJ*L@-Tnx)D
-zT%cN9*Dcg+6s7Kah2w`%KjA&SK>AtmM)wQi27+BkFgDwFsHGfdSR(2@F)ZDnMhl4@
-z<Ww`^qFv&wXnsY@N6}&V!PLo>b{0x<AB;E-9FAEyqvmn1#6G|w5fZNQQ>0~Ct0+AB
-z3a{z$_kia_rfF;}^ewIQqRd>h1PvA-U$f2jD?$v6*q}|Zq1ea>(<cPMaXhV)bx(~5
-z8;YD39GF01Sw4R=@u4dT*_^W*b<dHM3`>Wfgze9kpR1Rmr7f)K`c@%JlvKbtsgER6
-ze38T(CR&FV1K$XvM?l+=z1XocH)}yah9tQlhz%}b+WuzB%Y2?mhebMV_gG`>gYFTx
-znQ}$>tm<@BT^3_IU*czz5D31qUU5af+LSIcK?8=G0h(`}l$D6HvUbHwgSj_ihI(&!
-zwzUbi6dcVZ2i)p>vVopc8n?{Zz;kZ+YdrR#*4PGK8AHDUy-`o98#{svSJWH>9xdO@
-z=X_1(#Rc{~Uz0q$feRH7ciMO=*Hk>qUp&sz#Lf#e0Mne}RnsvlKQ4jGZr^mzM2S~)
-z;HoN_&F4x~Y^`I1bGNH|$@rq_S$w!LGlsTVpCGt#8vhNZKm$|F_l8f<n^pY45Mk8f
-z>D$(Y;98Koezjfg#&~xBRT^zAio@(R&cpE*2FLddKW&1Z&Ua6ag+58;GZxfCwF!Mj
-z>|)OoVS8Cm{4@O)B&r9j6sym34T%K?Rj_Rl6{!lMK_j_|SuDjS{NG##M<s0H)jOtq
-zzp+9NZ!>!2Dg;LmAy6udaFW{@U37(G?gs^noQAuEes&3b?sXfJzJvf{!6PPb(wAz+
-zSgkrjOBSe!{m9R=j05$`V?`-xS{dja_FnW<&~{9tTQSzOqDG?Ven_sj)rLr}T34go
-zNAyLe$kszLn&(<o<;;hHoXvf#WZ`|9cS(i+#PwGT1CTX3x(-rX>g4ff5rO?}o9o`-
-zVLA%@7x4c=WwOw+{x8b+Z<+Zf8nsV6Z~!wOkpIoh|Amb|RA#&j1F|_*;0QVrZAc~I
-zkV;iAtnRTYU!{SlBc>{!BN^Rlg&)3almU8{x#&UysUd}b0G-|%37%^2=$z}Q(`a4l
-z?bx12>6-g#o5vpCCN8ZuY9UKk{d=f&WP}J`KU|wgAY33XA3Qv5)C3m(b_*c{g!XPP
-z{pYt(?OTZvku1BMgzyZ$MqnUbJg5N?JO&)9uy3E)Z><o3?qk?PbcH+HLuYY?n05hS
-zlp)5k!5ng4SUz%mWcVnuWY8DEVvfrQg5ZQ|AFj{#xC5<mH(oVg_DF@Wp?bd?d0>74
-z1x6<;T-S%2$kmyzo1SxQQ9$tLbe!NOwev-lf#9k?ru%9{100RtbzPZMT!rO`Q%+>-
-z!@!3~f&<~|4D+^@!@9Ms;@f*{RB6)4w_48%7IB{bwUolEM{CY(I%30@dsXoXb?IA}
-z>)*KN2vaD->{4A<)4A*3x9RK~shwTs*5>-OY{lQ>?P@3t!5c+JD|l>!FIKH*C-8@G
-zLPYqJ$)j9<zpV<N%gJ}@&(ONQ{y4PUt-B_zSnoFwPH2--5BKgYR(*Mb)42_;o|DH4
-zq9XC5zZ?_8q^R4T8NsU1x`yi7cB9JPz+}?u%mT4-g!AEHM|XGdq7Mke`}Yr3&S`{N
-z+I$*l8#OxkPSwgRK?b5$LcRlOT=4hvt8kYE5a~xx&P(>zo}7!l!u6@QHf^Jaoi3Je
-zi#yu8+aV<<Tky#vEaocTG>tG@^~+PXnI+!3L}m*O5%cm}w)9i9KJkPu-sNbd7n<-3
-zJAOWaZ6#F1K@z7dfZfioR5T`qO|<ktWGk+ILlj4AO9C1Ke|Xmidyx4Sr^r4gPK_d2
-z7^v6I(E_`wZ+kHD=A@W2&*#7>d6y4g)rF{*YJUaYRw^?TN_VpmYQk*=f5Gaxfo^{O
-zrO7hvM9Tgyzu`vFW|r)PD`cT4yUf7^C!PshgQH7`?zGBaDQ&=(ERsi`CD-#6oVw6j
-zZ+);@EdJU)C31mLd+KFWX|9F3uWFR-!a>EzdKG#((p35FY&||I>Ud{!iP`q`Q(4bj
-z9N;_oQGSegVA$9erx7!3>`RjcTKVo3e>`C%<ZdLm+4^O5tO9ac;=S*<7S<P!;wzlh
-zZ{uVzQ1V*s_b?lVOTzdkC1{c#Ld->XDsg+wn=3vzN5@v58OX0UIf>HMZRJ`S^u@s}
-zE29|F$0cpnHRtr-irI!@5kn&qkGc<LX!{-I8G_kv`VfvrXThJmOTL|k^n(mAgIH9m
-zo5$L>0wLyu&OFLX*o;{cx@f}R^lOcN(5y%hf|7VF4Y}i!LXFs1s(k+?)9SFHfMLYK
-z9RKxFd5|7Bx9BpN0+Cuc9t@K+Y(eQ(n0;q>4a#2Z@e}`Q{_M_9qBVVJ&*9AaNG~dG
-z043u`@%xeB`s#2lhf&?5_l_Be!1H&U`z$`2Bj;SLO`e)?iL*9j@#tKa)t~DmFXI>N
-zkw+%w?sU3*oX&`M1Y6JSRJ>K3)2}$rtcsN%qF3?IsELE@aCUg-edBU^kMqt3v}U4h
-z$0x#MjHFu{>Tm9h3oSeQxW?#qZG+2V+k^U<NDTHJG6jKpNZrfP^r-ysMiGzqX|L%=
-zSqJ$adZ1c`;)ng(vxTKl8Kr$WRb$n>y*Xo%%bWbj)Oud(yLPF3+@brSw1E(Yqw+*v
-zxMw=vg4=krU~joz`%;9z6}aDSD?=Ss7yu@yiTu*mCdjiF`APN_w)`0`6`U3i1K2C(
-zm7Jlst++SFa%6go0zZoY1L*jZZyS>No3Dkm9y#J!d6rlrNQA}G3KS9>#j!0gL{ar|
-zp%G~`DQ>b{Xq(ekTOR5myK?q>8vXTMAZz3)@~sTE0jHoy%2lz|Pw&e<nJ%u}^r8Bi
-zlRv147rEjeD;nb;e(#Ad$m64WbYvmNQV-7K7v1iz*RW#oE0<fqvP5=qB6F@0v}Vi7
-zP^L4w3=#jpZ%x1$fhWR?2rb0vqkR6J&jU=@Vaa`H$w{6Fb7z9Ccq>b5{^`zy75y2B
-zj5d*w%(mkb?)=8?jroLb$`c8vm~nAO-`x2ljdL+{MF9=glvN=z)Ax5C?~aO``qxLZ
-z={wBlorNDu+e>H$lcofc4-!<^Xee~&-nr)apC_fND)mevOTE>^7xe607;1nfMMZiw
-zhjD?%sv;W~u_QAV6AWr&vsmU^bXRe>aD2F#$tFN;Q>mlrP>P^GV!1jy%ez)Yb-{?<
-ziBMW$xp8lVFCKb|_2YC>AnvVG0e!E=xr53z-}fn+b&dN-iQVeE_L%*e+=LAy>Gu<W
-zBX-Cz3rbSUr5KLkQ%k;^iw%_}4lpWp_+fd|H3;S7mp0Cg)a0UZ-Q}2oBS@Z8N{{BP
-zyQD-C=%UGe;}Nx75fVdGh0Cy)zNTQF#tLgb?LprM@&cX(upQ-Ihs>ciuFO-)s!%hD
-z*ZxSBwsaCWbm5A4&92m!>nGCMK-VaO=wW^i6~Yr!3ikMfs}O<vTc40Nw~+XI1p78?
-ztg%i5TL&}Q%)5XKbEp+9?}%YDk@w#***9K3XtmBK7;9HQb*?d`dKXz7s3%=qB$6_u
-zcIQ7StBz)#ct@Omx(jZ?!5-Bb&lY+Hp{(tzzQ7bwaVB>YDeaq$Ku|`u+*1n`3@lOQ
-z$seRyAC%#L+MVsO=@6t26NXRUYHXpCbKMg>r3*rH(EU(0KMTW5_rBpHK9tx*{N>P^
-z%9Ffj<C>8-3J@vp)OL^`+qo2eOeSjVd3>_V@F}Tgd{~;~<Y!x<Nq|#O+<2f-7<AT`
-zn&8sJ;^TK1_xv*<DM!A09~^weZxi31&2KU2*!Ct5L0G*O+llLp^o-SB4;=*Glp0Mj
-zm@X^Y^r;S6$ueJ*r<7S%Qp}<mw}d;kppvc53F#iX<WDX|e#UQX$MIu4GN1b9^{z8U
-z4vK2G=&atYF;*De0j(6McPwM+0QdWp91VjCBdvm1HO4X5kpqlp1Y#`O4W<-j0}IhC
-zV<pFI(Ps#VL1r6!8PrNm?iz(Cwx}9H$T28J5V$hW59mN>?<HwSP13?7k7wLpFZrwX
-zE6D<-WD7!{T$GN32Fx5W<burhm^0PS`~$T8^TEMy5ozV<#i&@ZgEhRDb(m#Y#%s7&
-zb-wq-M*6%OlfN1XyjsY;9?{@pf8i}T0_K}lPo-XLZ?BQuX@CfUm^Wo05bJr}piePV
-zh6?kRWKP@pe8*<^VEVymPOD8mlrwbHc2lIhbigpxi_pcuT?514WuX|n5$$Rzm?i}-
-zmx7brI~ts-7udTuN=USskuc&k2fEF#v(L&M-S{!(!fxTppx$Cd&HFjk@&H_NM5+B6
-zpK7%y^pjlnLYdh+EJZ8uXfa730%)%I`B^1W=`73>B6pXIu932g14k>oUOA5u`pHa8
-zy}(m^>DolJYhF2~4{Nk2Ve^y2kLZ~BCOwz(gMC(yZ^Uw>;bs@}$=M}>g@vW>k`n{J
-z5g?b;H}*X9OW{q;*84xQdE#2JpDC<1mi2;m`^D@_6i&**_&?#f*v!AsGnM+;_7e`g
-zl~blN%=Zr{by@R(BW$_E7tF77gzKl%?R-FIC`lUg{GeQg@`-3#T7%KcAuiQ-xg4@*
-zRr`4qe;ba(_~ObOQTbpS<<{^$FzUK}|9+^7SXlik8Hh(*eP`*{)B3C_r<9fK>J1oO
-ziKV{JwoA2f4ks#ZG%iDaX*tdMmO=g?(r)qfTJ_4A`vnhQ+-=fr3T0e6{nH2TQ_Mbu
-zEICo-Yn5)#ag!u!@rbT9bn=iVZ6{qoRX#X+Sr!3p?@r{UDh3OfLD<g@(UGnXooJ+3
-z=gJay<_1e-ynD9wi<ac~1LMNoY;7Nazd6lam||Ux$ilCScJ%<VSy?Gmb{x-sY%^kK
-z7IHSAFNTY&TT;SF!}>z@R^VwjL1>;MDP?m)N0a0R^Yp8<1nwMssP4)Iq)WIYl5t9Y
-zodZ5g=ci*tg|bW?EK4+zG{#E7f<3Lup^$1&;^u8oDx%{d@P^`$VDMNpkTAdL58Th1
-z>L@z>?o}PNlOm?_RAYLr?Q@Yh>uTRofS;|i)wU($`#+gduJ&1qmtD-#LBC&S7>|P@
-zK_o)_TB1J!ay8r)5IYb4tqRrfPz{6ZE9nWYD~F+(V9#L{S*P>95xr1+RJ1FCc$_^Z
-z82iih0Nn!Up)n4dhO0hSrR)>e$}OY~8@t18?&J3`4bQmCT*)rA>u<|v)69853t5fw
-zwQJjOxADuJ{#J|qR-^(LpwVb9PxQ{L9zNS1Oudx{W6C`Y&xo0_Qp*^d_T9>9rJ6Q(
-z$Hpsn5VHQO)UTQG^kbq8zMA{y-!ZI!b|Wnxw<H|P)Ne3v@uc4biVX68i=R32=4?Sf
-zW6n?Sh&hrS?i1ClI#b$$AeA<?T5jobX<DYqB^U6qsLeO%D?k84ago)<=*boSlALV0
-zf)V-Vgl^2Ir>eQ)MhUx7BtsvW;*(3B4UJs=y=;0UIe}`FgXLRk$uJ@@cyP9~QD?t-
-zXN?8NZJ8Toq8-4QMn8_;`t|e!feDN8XTVMsSwO7#ADq3Cyi%e<g7OMfl0pW<lHz_m
-zKwcY7>z?0LC_KJ3Hu6DoGnuL~!cjJLuS+l$(9_Z9EtQSolg=N(oW%h7tRbM8`lI*7
-z-USz8R3g)Yf%%v^zrd#(HZO(;2l0e@X*LX^8-LCbhz*McuJD+vBozOM9$5wkMi;De
-zL2foQJ~X+d@zpXd4Rg!UqSc4{8(!Cm%;sa(u9DmIW$BShvvc1u5%lnCPXB_zO!O$T
-zr~MS@=({;wHL8Ir<hjRDU{>xiO-gve+Hbmgel9H>3ZJ9f-9q5g)g>ce2>{PacO)33
-zH$~im``zvRmOEiyqR;SgFe-`nsio8b>0tKz3B+ZgRlw%om52v`p$`lK4fNM%3j%oe
-zyY%lT4gUB&GJv)JI_vCr$4UK&MEot417Z{Z<m9uT0e*j$4j@|ecgYCgY5v_ARKNc4
-z*GK*P%}GBV^>3;8&F{7<{qEqMpAmjOW#%`83jl-uwb|)k2!P7Z5PwYsCHzki{|sLH
-zH-w)Kn)r<f`?r6F@Lv%T0$|J^{>MMpJANkO=l#gP5itpHT>Lx2{|6C&90)Ghzk~Q~
-z=h)9Q{Jc%-HyYaB{|SH~|IYw_{VbYs{vF`Q#+#oJe%@vB8wsFze}?d%Y4{@-a0z}w
-z_{YYCpGo*R3ja3}3<>`P;J=|@nD{4ve}r5AOu^5w#lKO2NctxL|Cxe63g$7{?*M+R
-z8~ue${2aab8wvD)Q!W2B9RGy?sQmmd{(3M3)BFVS&$y+Z5q=KR`HhGP+CM}1uZZAc
-z{R!eP1oP)rx8I2H2OKl`2TuID2KV#-_-jts@cabvPuK3x2tWHVe<Pxv_s<aigcCpO
-i<=-I4rGE$UJ1s3E4i1?Afq*appF%)Q?Z=s;K>r6zF#x^*
-
-literal 0
-HcmV?d00001
-
-diff --git a/src/test/resources/com/android/apksig/v2-only-10-signers.apk b/src/test/resources/com/android/apksig/v2-only-10-signers.apk
-new file mode 100644
-index 0000000000000000000000000000000000000000..ad34c14ced8a53dd4c5cbe18a147de6e99264bda
-GIT binary patch
-literal 20688
-zcmeHv1z1(hy8kXxK)NJ0-MHy)6r>SQx<R^;lrCu`1*E${LIk8Fq$NZNK|oSckPzf9
-z^mvbcpXWRObI-lc|K8_uc-}p0X3xx8`<>q#^Uh*a<e@Nh5C|0nBq~9wCw<C(P!Q;X
-zus|@7lbN%<tCNYDGrN(Kv&ok}5C{Uo`1&mvXb%RFfvSKUX#6b!m5kr7fgBGYDS)uC
-z)h+Ej;1UiFaC3VnxRkmY2+pR{mD5?#S>4$J?+osI*7*$H{h+hHD-qrq+LhCl1-G{|
-zgS)ud!(A+#%*^yaaPbAdm<7Lzi-8vW%76m=TLm!aPi5c+Kb3)-eJfu)7X%J|4grCD
-zflDKh9mo{q1hNNN0y#TSb^!jIL1rKmkSkDc3335>0QDw7?hNEEK#d(x^R3;*VE?xh
-z9GEMB6(DsWznII5bTOaYKz>pGH347He!m8C6o6nbBNrDZ5Hhl}i<70@ov(dZf%@-b
-zTwK6`^7n*_YUJQxU}t1&28;{A24MqVd~bVE#s|t5_q(WrUE~l2kRgzNuTuf8`2qT`
-zrmw&TIs^GvnEuuHW_Fqq|LT2y9RK1s{MGnIPMVVc&iEHRQ32!?AB2i}abGIIA4j{8
-zHVHdZCwog%MI$>)b2Dcbc6VEwDD@^gJPCY}rZoN#+HUaxlOEx4d{icD2qRn?4}vS}
-z50OR}G)Xr!N>6Nwet?dSPK56bA~5J6Qc+deBWLn+-X3}$U(H6m;oh_I)@#eeoSZ5~
-z0t;28D;c%O@QJ9P*E@Th;jnuqpB236qQmB-IY1QHD9;%dgm&YPu94vcV?U9bq0z@h
-zdG2>~{S<CqJR?mcQd<>@#d~~~I#BeUY2Cdr$wO4fG-K=|TfMS-HFe(p2jgUK!S*|(
-zwkOTh)611iPPe>5ny^fs?%V95>2_XO&y#f^;_>mch_xJT9lH17xTkjO<t>^_gmY99
-z{h1Zb(-9lAW8|}S?W<MN*RABMrH0uPw{nNWcundV6xPp8LbwL3&&c<Lv<>98_GGV)
-zN=aJB^L%>Iu<BMMQZVIJvf^NI>W6A=TIo!*fNZzURKfDNZ_awAa<N{Ld9~CjramL%
-zf%_df+jZVr8ZTpyNAag``80Y(!ghn2$E!HHnZ5fk_FDQx&8UlqpuOZ9W+#bpZ)aDJ
-zf*MR`+f0<y*8A3N_D)SdJvi<Yt33@P)*1JbXi*gIkh(V~3iDV8^&4TU-xr{!g1{tT
-z9{3(xPSgHkx&keV=|ac;o&BkcKK_|&i#o|{)$i9lryRWXR7Wzf2_nxDlsFfcF&Vzx
-z;jGZ)oGE+3<a14}Cn;X$m6n>!>Nt*|YXSz5hpwsTK^<)m`2^YCib8bT3l5%f8uDii
-zb!>u;D?Q`OJ%g)aGD*rOx(J@KRU!UyZEo$mZv^|Jhl4p>!|%SZXu9{=@mA%+jy&Fe
-z-}TB5tH+K>2A@2uyeHD)-(U4~ZaAge-a?|V-(ELRkw-xV?dcoc1uz?i{8zBO1i;qB
-z#>m+jFfyiQ?okPf764p(=IqS*EK|F=U!}gfobyRVx~Z#Vq<~SoEUy-oU|qE!jc1no
-zQPAuSi`}f8&`&m(1Lkk+<hZNu%wOBd2{Y8#S9u-?M-7luUTEhNil@g+OkHZQ|I~8c
-z{OI084}m+PQ(_Jnw|ogi@3b%kM!4Bsz31+>I4x)FSjMd`fJQG)0$MJNrkA*Pg6XFR
-zKjSbZc-f^1ZKK?u&qvy%s)e!1T<L5lol0iZm3T`t7bimH_c$zOMv?+<ADbzQGPHJ$
-zvlo>!Jd%nCJA5gwzt`0it?~Yh6a{t6eccF6q5||+{{4iNP$OE1Q<Q2R!F?9(2_ZYR
-z#g(V&(^#C8uv>vjiB}RfQOov26EYdC8L!xmSYsX=SE&-;94=j(jx|fi=UewkTXf^d
-z=s2>c9^>wzG-~cC5<90^7mYhPDlM73Og*O@nTdN`<^%~?Uu`FvCyC=>&F7H?$p@)#
-zT7A?n8;*d*rJf&%o!Y0JTGw@mOSO}VRu_1&9T^N7B{!bJEVNe13RzbYXVS0rn{6Zv
-z&X)8OagI!`9+EdLWKY*L+B+t*p>D!lwe;qi@_lMTowm&8=Y1LPZ8frH`a^ZBxvK8z
-zsqdAK5hSq)lDrnn$n7c-vR3VuOLuB`UdA=Rp5(0{d^7J^rhiMCMNOnYM)>wLt?0V}
-zMHc_S2TSh$w~96LSnVIBvGel|i+h=vok)`n+_0=;8Y%3~PMoS={G59&^^hu{(lPF(
-z07@7mHti#UWapkMazsTUUhY}jy^e^h?<kjtL1-><xL0<``p9KZYS)))238W@40*77
-z7qC)bi!PoRs#{hs%xhih$(EN7UhE8X*W4{o)XiDQ39Z{o$d=iMtxZ*PX<f<NCoK1B
-z$Ux5zOX`erMRJQNFldrXLVLM|;x*USbes0|Lp}QFR@hra^cQT83PY)@MTe3t*_0uq
-zp49%H2HaV1uP7EB_NYh>;dmLy%j==gBgRIr4z(u5dPpmej_oz(WQHV&@>g0uR7<y{
-zVLQlS@Y_R?OqAK*ZM~48*At-+FI^ZeK!$#&-yHbOf!`eX&4J$>_;2IDk=VDP8veGH
-zAPq%xtOTwPfW_DW;JjU|?HB<914alA<jaf;Q3@!LB_?Ge!)w*&R^9q~zNJg+^n04`
-zI@p!s`Wk^gbpRm(Ak_dlW<eof2m}rEB`8%6Ow`4QKto1h4v`(=hd~i|95{%}$WRR!
-z6a&@N*@%q;!O4xFAj0I}MR0L(aPV;QaUisbFuA!9{2Y9LEB?Au0Jt6z0A~3<G#DsQ
-zK>Ynd@mOi6{_L7ZvSvA2Ct6|yh9r9(4SaQma~Zcp_xm(3NA8};fH$q)W!KeR-Ae5(
-z&VNul1=3tV?9AED_^p#Qcnj6lEp*rqtB$Ud-%Dyh@JuFIRU#`Pxm~6-W_(3+Qn#J_
-z#3T*VaN9>BMc4+HB$G_iwZ>02BMRguFgnfG3LyZ6rpaLTJPLeh7hNjqXYPPk?U>LH
-z@%MA0ti4=gZC4yOiFI>U#a78ViXE=`sO;c6+prI-0KQWuT~C)IIum^1Mf;(|!{{sc
-z)rrenoq7w3h5Av?^f4-4Bt~B=+wazZWT=)34(_LDL<D8$Pv-Y(&T78z5or+Oo{G)q
-zpN%bVsQfI6m%sE(JV)E^WrJ-5XOj54#WvP(sDBU$cns&~c?Gc_Z%FmXJtz%n)RSTK
-zNQ=a!)F;7vTad{5_S3k9te|j6o5+{lh=4#ZqRmAkmc>0g-g*<;s0X*=n}%cKI?ktx
-zu+1lsVp0`eA=J~uF&+uE#NM-Mwu}_pdx2(?*}84U^<X1oM#r>yveuB;Cd7e8H7nOR
-zu&6eE@*`e%t_ng4K@MPm91BJW!;k3{M2-5aL1{^Wow&(fnTGO+ZU8}f@ih&M7(wXw
-z>joGX4e(${2q+kQ{sX|ES3w9?2tK81tW#?B$8*aAly_)&SDi_pqYgpveMwYmTE_86
-zDMEFmyV%^Y@5P4n1Ni=$E@XihpbOBm1Np@$)^3EZzMR75Qqm72<-Hrj#;zb~L+~xV
-z_#H_Z!qFnS2%1%@v&!k^w^5%0aR2~-zY+O=5|Oe%WF-?&e*dcCGXeS-0E7sD=>P=z
-zuJ|h0jmO)p-irQ!%RlKbP6Rjq4~mbU3xVMHyW;y+{B@@Qs0^TG1%6O`5LQS47z}E)
-z-@7S8y?gwoAi20-i%fu%#b!@UC;H(OXS6m)hvKYuF^*lP$b6Ev<C))l)Kg5V5Q8bs
-z?05@mPO#6;(teP{2#HIPk7r!AmWdZOZ#vtiD1lSttb0Dz8#+(l^6Yo7=Hr(t`tKFa
-zd}Nn=Y`~2+xlq$5&a+cIDcjYg@+l}c!Uq)}I+@9*r2F!$Mu>7aZ8|7IG_$r2P1S;o
-zZf$qMjCTIjK~ZN?z~wtk7=dAATFk+cl$n#Xo9NSa4y*dCPWSHy^{8D}5k25YTb}M=
-z5=%Kz74jyWL85-lCbHHhHa6DIQqaLjk*92B+)cibnqsr9TfIZ0f$0!`J<xLH5`+qr
-ze#WxI6oB=?E>FSZO0Vx7b}fRmh~O0?$}o^s*1cd7fKMO+Rz5Fn@*BO+WH^-G;fK+t
-z9nZ>f>P(wc9S_vW_VYK!#jEIaocohE3_m|9aVOGubf|m&(y;{(E6?kG;BNK3^PbiA
-zXgCu!N?OUo;kzk8V40z7iJv>OiczPT_Dibm=eXuS%i+zOPfPO+6j>#MmiLx&qeP#t
-zkck;5dfQ>WZp6};dXbmoUd-cR=IdF2sV`i;(t3=6>P{T7#l7f1Z@<DHu|voUzMm-s
-z4(~8-!6Cbm7tY~-wb5J0Z^{pQhZRjl7}1)THvCxQ!LbQh`L)or`n9-O_u8Y945ShB
-z0=nM3(m-Z{K0zhF%EC?yj4=|#+Uk^|?6VF;S;&TX3N!$W4EhR~Cc-Xz^3VkzaPg<5
-zOVcKqAK`O?M{Fs`TW4L`>1%OSWH{}T>f!MzDRD{tnG2S_4X+InHm1sVP82tAou6<L
-zQ~SO_EurfWy~S`0DtTBVjg*)nq0)g7xvS8xQLd;ho%80AO<<}d!%;i>$2FR3D)U6b
-zxN(Y6hhz%_IWb7r>0M72+4qmtwZbEVsSQsW>%q{?v8*q2f<)5SqvFB_M=HIPP4FD0
-zj07z5!+bvyzVqg@7Nl0wMnBVZ_O~#U#K~q8a#hfcuDi!X<f2T+UAkQ=eQeh^s@#jt
-zsSrNbUjBgVf$G5(J*2eDu9T7w(w~^--7gXzv!TY{R`@^)ZhQ9!OVqNIMLa=<@xZrh
-zWAbfH5%<Y0GTfgm(JvePLrWwJLR<qN868QLSeOjmNhtI34D(@MTe(HD?A)uGpKr}k
-z(-DurfxvCc&4+g%C5qR%7lnnQjMI&=z7>b^dUvR)GqH?0>*ap6Pr%1bfRq5bFj3cm
-z93c&XEBj1ih`F*EeN0=osA11SxN|J~c8_$?DJdd6j<C?wA#kqxY;me44PQe1!US;@
-z**tBIcjkP#a|)FA*$BiAI7j7y(Gb6N%5R<WTc`YY=#(2ka2pOp?*3I@VhITZng<9G
-zfHVV8z;|DwxR^4XNSL?#uY3tE1Rv*5z62)^?~lI3Me$F*#Me#%upU76fAl4w7rul)
-zsCt00j`J*9m;^m8uGm$7P+575SFFuZlLO?kpE93Ct(qo&Mv%U&<o$rIg0%_FA$$69
-zz<F`(ecFtBh!fls_U`xBIM@kATyqcmS&^mZiyy(EOK9z%=bZ~XhQRG*FW8K1)#bm~
-z&g7z7^-it7))KXoPA4?CL|&j{$Z9<%kpEP0a#Kj?DfV^=LA$Qj+4-$nsAcY96u!}Y
-zmH5yrlPh?oLUyzjkAo9j*zZMw)^=Y@=Af=#Cv`5BQ;5lL5V<?fi*l%sOV-mo@<20>
-zN6G5-7%gZoP=$*OQuboMkIYlXt{ASi6ITm)eo1A#_i1d9S37Acd1`J?<=7Rsr?(qt
-zctdlW8%xA%%!3;~k(blY&edHFs&RT@OPM{sh=kzQrm-2J9;0owShS65xQ&kqtD{eY
-z2VpF8n5RCg_#z%;RN#zqHG1t8;$h1GhFu_?Lpm0^aE%!ol8<@dNgVY`&hF=lPCHdx
-zu2!=0R<XpUtsJt_wgBDxXc43MjErGCfZ@mwI;h6Wg|)fk2a(DTB{Ge=hmOTfI<Qzs
-zH`rF*x_uj%CqJ6e4{;egjyI;(?>do)QqEQ%FfjzqmGc_S338YE?}AIuV8>TKAhoen
-zHb)ceoaJ*xUO6e3FQ;hU{o<y@PBv0hc-j;7F2YotY+^x=ABA+r>-@RnK9|Z)TV>R>
-zj?HqYxC~y!W+hH85Bunlzt&Cos@tb%Q##{>o231zNN;>O-6xrpnLc#!c6SRKg@Ehp
-z*eF|xb%^y#ll}HFr)hg~&bx)!hBiSM%1FGiZ$lPJdbo0`MtkW|c;I6rV_Ec;60V{s
-zP47hf=mKAN6n=zMHx!8FPtiz?d=yIHi$zDR6h_ZBZhD&)e&0(<9Cv#-jA=;c5tWp`
-z=UoG{AzvF3m*J%{J(>8LD+@U%uJL@mZoMB`Oe?xWd+|N9`6RRvi<|Pnopt+HlaIy(
-zK6a!r_q8zL9aBbpn(GzJ(yQ`sj46*;k3c7VRn*gR?Xx*IJJreH;hHSku?<<NcwMiZ
-zN?5eL3ZcmI{Wgq3rF%i{LIiFy&35+LCs=P}5eSuq3c!~Nx$vd@LCLSyL?pUjS>O~h
-z%b4ycU6q*Gb~EeU7eWkWPGDFO6+3<k9w*-^ogilj9EP*0PgkYlIHK_pqd5fQc&l~l
-zVimKgGM8E47+BX5kXxp>%620xoA>O6-nt*%tty<)SIg~Vx3SYm71vmh=&5Qx<q=!y
-z@cqIPvQN>PhB5p^?sBSQ3TMv*T07B4T3(UFJ#H%>W>?NY=KPcaOS~?kTAu>)aE5yR
-zs(F;%Qgo)b=hIhu;+It4<$Gdd()eb-%L?Kx*%uCrWG*GSD}}tv?p=@Lx3QA1A3qvM
-zdZ3u}M)2dzUFh2T{e87;QfI>C$qM7z#OsXWjKr?nHf8l6_ufz-TtEUiD4%iLW&`F%
-z_<PPF$E1wTmp^dHEfG4l?Q^rhOj#*wTe5mNJ?*APPm~y|xo~;HN#58}j*p(BeBRHO
-z<JA@(SMgjYIGAJmsFiaw|0be=sc1UKTyqqC3fV_q8T@#U2%M2lg3OZ2I1+U_p7$Je
-zpzxCPU9pi^6}K#pKlpO{R$R1~M5by3mUd?Ya&BL_#kV~ClP~wn2LI5Py8%L62ShTe
-zw|w`d>e!up%@PV}boTUfH9YeYtU?cm#C839tX17WlQ8(}Nt_^ymID*42sux6!(~Of
-zG%os{{JG(FxGCpqE8w?%O}}#Hocz&o-N+*2mp{F1x!ag^H++h5+-Q=^h__&bDW7>T
-z83MQSIlU}S!U&=H)IG&Ce>6J#yxzi<Dek$UCudO>Kiz2mx7FxxrT$x~|5ob1mHPj6
-zrEUf6DpUcX)&F#+fifIWpZ{z}!UgE#@GT^31B7L9zB|)>m+KWjo3A(_(2-Fub|ge#
-zPzVB-0~>+$ZA${h%!JJW@RomYrn!0e5kEN7--^HNqlLix7LyZ!fd4i;6pR9u1i=an
-za73v4Z{WoSqLguLv1F~`MYtQ3neo0<${C6st!;gmP=_%SO_-@(DEN?K=j1MD3f(i5
-z$esWf6zG(6?c~NEY}+^<k42*nf*^tu?zkQ)b*_Un(EF2Z`(=ZlZQBnFfd0+69l)|e
-zY$|q`_KEOWbsO;1dooX7z7jWzI?db7Ae?r81sJ!Zt-OHbhix|HsNG|uqaTpwZ%e4J
-z$gE$Uegb2y*C?6&X4*g?HQ+)SATTgrGC&RlLg2n_cr9uJ4Cqm4x`DIT3g`}>(XSFZ
-za?7fzHYz8Y*wg^S$D=lvy>qEm_h+3~%_iudPffC!7>s1B+;qlC$bXxgr*kpX{~VjG
-zfv2thFQCm8=;QbeZMFc~@V=uhOrwQ-w5Epc{|RmU2tE!j4nA%Uo{KOr=S30mw;}?c
-z0~dk)4WVd%L#P4gUoe7Pp%3O%p1dXeVH>kp#JE<a+dYu$v7M{h;M$>F-5jXtsdcf+
-za*)yFrDldJ#suW$YzwW%&_VcJKQhlp($s&9i+RMoVS%8YN=F<Zk8i&?-)HRCH~4q(
-z_BAjDXRs`-uFdQ?;P!Z4@u0wjy!7lQYij?crz}z%8xOmIxEK{^)bKMoC6Uc>!-*kU
-z#2GC|<_)CW_h;Flf-j`Z)tNgP035!iU%-tD)YmxI>-}m*ElWPRQ?c8$^ZI1f+$Y<T
-zQP{x!_eu%yEeKrqdWV^{#2AQwxj0yf_+$KsMkxaF`m@kb<H6KCb6b~x0=Ivc%TOTj
-zh6zAU0r(BF06~CjaUgdir`c0Oegl@7l|hdty+#~!gx$TeOQoFeMYj;&)0rFel-^&v
-zoGK-YS>09$ysE)>(=N<Cdn2_0gK`Yjs4Msa!sXxKSPa0C{W~0=-;$q?pdPUL0gli=
-zDKakppSEMU5IlT;k0kJXE&j64T>zk8H+e6V9}<f{3`7kz2EitKO<Wtr$Q@(3BZ8mj
-z4uInuM9^OHZ{-Y7E|U#PFrFBP+8@87!NV^;VWbn`N%NHo@exhZU|+7nF*$!4T%{TI
-zWkY^xI{j#SzjTy=A`#x*Fn;!wKT5119-5;238VNAn(=T@A$zqenw-TpJDFd&N+6<r
-z&hjUu{<6V8(u`23B?w^-;Q*ayvglO?r%>E)qZB#yV|R)-d+>TxwE9!6Xaf?h(z8S+
-z-I-^Fi~00htmvPFD7;}nmzNq<lKEi#S`_?rS9&gDqy5jj2Aqj8QIEA8%cnm~k0}O5
-zD?q2K&Jq<6?s)i9M!>v(O-{h49Y7agFb8skDFnfG5*OISQWMF2>CHoR6pJq}wqa6>
-zMeSwJ(`upJt~;$5{J1<d<nDGV#dA%wF@l;91X}s%UOL|GDLQI}X~yN6f>fC?v&LRu
-z&dClVEFw`uk|9goez2t!kq@7qf+oF*p!>z0{y$A&3Lplz{|Ch2Gav$o-^Ab}AO`B+
-z#o)tj7oDqVcd3661K6J+&BMv@gAc&N#lgw>qZnKif7!=B?N4$*1N9F9UUN6{^{8eX
-z#zD{Ot=eB0Q}3&EI={^7(WsPvl6s0(z3PKZFtteHx^Kic$=rH92qWwTtdO?`K8AR&
-zg>(hBe`}r|%&M04Dv@D)#E4Plh<B`x$@+EeSPJGUQWSO!iky%4wNATAY<%9UNt97$
-zlCB%8*}KlNzAE*HS0Zq8J+pEPA)o#rEa%tCmxjyXQcariclXR*kg*kP?*1e!zijZ2
-zgaromj|3t7!yuBNv$NoU588^MAH!jt?_Lxc<$4iYxr=PeZklV8GF323pATB}dnZoH
-z*%=4uPwGnDIE2QS8E{ig4ZR<FD_u=|`2ZpbW|MR*JV>#Pd<QcwUBAuY%o%omDbnY<
-zXLD;Uc83P^tO7T*<e7&Ta*yf#fmD7xX%K&I<85u>J;H&k{D!gA+c*HCzoum1GajG|
-zfr<d~Z;yCLU@`b4Z=n5ymFbPdJmXUaosXnrbc&tJFrUrrF*FpR4FLzXjZdU66-fdk
-zD%Z0;p64pc%RPF?9h7D4db?5U1@JQ$m)b;Y<w;y?Co|qX_&_w=dn!qM<p84%S4wvK
-z7V2myhE-WSA-Aq{pp&W5`9l_V6)uBmuN;GUf)P5S@@S-+%@_6y@xK}|UO+%v1dz|~
-z{x=kmCphrb|IGis*r7TD7!K@H9|N-Y?z`+o^B`<y!32j0Ok^~`{|-6C1cNUjfqsfj
-zI{|M6{b6&Qn}?5E;P3MHt@!Is0buGM2L~g8fDqkf;6cFXU$;C*<{$82KWaG8N7M|`
-z<ZEeht{6=pgQV&7vWQu)U8;08RZQP(z+){;np5YSpWz`=p(gCeS6_6w;cL729M!`r
-za7=pkq%9^c!;X$z^O@fl2D$23o^(hJHHKr<i>=STSWb;fYt998g%!{5%$`YZ1Q1>~
-z;36QbU}vYkIwKeyCxe=x2yT&0$eLlwNpwdP9gv_hT1chQ+BwFy$qALt&*d91c=6r#
-zJlb1uG_){6iUW_xS?D&nN5~n2C~*<>`?yL~(A_sXn5B1J%HwtE&IgCMG>1m#-9i~&
-z6y#7x>kN{5zR!-V;SYZ>QXQI!fB*6mMljVUoHMFLR-LMi9tbdn;6Eq=A_$u^wl9C0
-z0Pcnr)njmo7Av{^Pm17|4SrSxKTjyYbKo|IrpNUGOGJh8$rZkK{>PG^(^gP=<Hezq
-zriTq4#9Ck_%Ii>6XZcx%<qBSmQ&vn`6j$c?h$Up*%p3Gy?%@)6dF*@^Ll9kgxlng6
-z^s&24Hj_g6lAj?aXNLGn{u;AznRV>-s<|^W?~1pXPtj2MIUK9VS7ZEfEzG8$S--km
-z^2FMMvGjOix){XPdk6CDoPf(}#t~IYMXGYj%vICX@0xE8PM;(6h|4zUaig`z%o<hq
-zF-uO-nY=?atu2KoRt#F&QEOKX2(5aJ-XX40q5QTJHEYG=YZ&xgzK8dO)H=@$JYp%1
-zHsm6Qs*}u<`BEC533?=QR-`Z7kFE{K2jt{y!T^K@6`%{@0Rc3U*rtRTa78+QLB2B4
-z=iN)<!T_C}YZ2___Bfb4?Q3$U6WLg|a-?y@-BMQqmA{M#FS^*^Qz8T?h`MB~g*D7R
-z%$-oq?IlM~SPA6wBh%W>@#;skPbaU`oV^a<SFCBDkH@bMie@U)Gjvh1tyzCD--?WU
-zcx7dG?<%r#k&=kcEU}Ax5Tx<FknB@6o`R0zb77t#6GaK|(>_6WN*sRNExTQxJD2=Y
-zCjxFpO^+H9ByivNEh{7Bbh=^PI}`wQ1^cxQULMw1W_cuam^!yC?)PzN2X}Z+`4VC7
-zNes!(3TvwFiTxA44}9^S-p@bFZN|JC0|f^Wj<#hqdEpK2Lg@h>0P^@-PXDQ#rlEmA
-zdVmW4zCwTjoD&B?^zW_^0Idi*`xYq%)HCEi)pM9*Ia<i^B*~8&^jGSc8zJyxh=hle
-zpZkXp$+zO4)brO)0gyjWJLEz=Ljd&*0fWXwafBlL>}T+iUoi}bB##keYBehtNSI_v
-zX}8Y6xTc+i^FoSZbdhZRwjc2#tH4(hQo~yzN2yf|-6!$g_O*cr!GeBrgn^n%tA-AI
-zt0^y$B#K@iJR!1pU4`Q}{?fPPv$0=B%P~TK+vR$w!yKHD+@o!ILf=xqtOHAHb*1Am
-zKjQr&Dc9|KxDOU4KS8TL#mbwLK|RJ1#z+z2hmxjUh`Im)f5wy3p!v(WuWFWFnXVh9
-z(x`H)#p_VVz8#U(>>^mg;`;2H<!px|{WLauFkazOZ1v@y52^BXXgU7YRK<@;*bH@T
-zI@Paf@S41Rkdi)VK#Q~Zg+O#$_~}TuV*Z3+MBIdRyK>?TsQXLIo0<K#`}gEMH;M#j
-zr_U@aJ^OecU%3^%Gnh%ysA(QOZFBvjHy;xugYG2T#?GJ`NechmbdV!n$-}RcaGP)=
-zt4SI3NIt&S(-QIEXn7-u8297mX;si^nL)=Tk#MO>>YMTO2(mACud`kT50^G|w?#HH
-zH0%s=uB$djAGY|+x1F88oGw0k3F)1C#Cl3mxJOYN$TUwCP;9*?2Cc)IL^0_#^{4Nh
-zJBRA+-b)ai9qyAk&HUuN5Ezh2v8IH1kPH*6SANK4B|VxM$T?SiEsdi#fChuXyZdnv
-z6G<#O{vC&4xu@wMX6ypS<0;z&O`XACnWy8k4c8Nz$1M0oFP9^g$UaL78=C!Oo_^Wj
-zugwzxHJcR|n}R8K6Ps|yn@&m$;Z&U=GJzi~Y#uG?LtFYW5*;9Y$Ffz#N#^orlywZ4
-z!6X&tAFY}f^{TUVt-wuOr|a#}!Oz|kx7~~zZIxf0nQ6g|lgh{C>D`7AD8_^&&0K1`
-zI;rTJg)LkU31mh-qkLJKu^wKEyIr;rn7E0DV|eAAZ%yCA=%e?7stGG!u(E@45&1-{
-z=n4p?^7@T}iqhFZ=shBP4Gg@88E#(;U}cL}Yqz0oYIdzK7jF}r<HFvkJNMPmGUT`8
-zOFFN0WeCpYi=CLaWTmTX-@}i4uWe)fbZB?vbLg&(zN40>$a^<La~!!h@>KyVIwSM#
-zM_poGc(=V3i`R<A!)y~=+@g_$O=>twjTfVbjE7d3xi;#l!^PU0--qzMOd}1!bGh}b
-zBC$2L{tdrdkhqXA4?2Y0*XaOp2QPcVyoG1Qs9!ok7v}vaDugT!a}6zSB9^fiB=h7X
-zZ#-=F30G9Ed>N_of}y{H|0#9dkXmaPc{D=aZoP|#fKO5m@72uZ#^ob@uVwqw(1!vg
-zX^%1H*GwOB7aI{#@37tAX4ESR8<f>MA=FyNkYW}q(XVSHaafYtlsC+x3`9Nk*P-7`
-z+YJ=3t(>7NIt&tk>c(NE)`&0l(lYAT^k2F;<z{;vFRQBHW6jvgG@bzPg)f+y8!Im8
-zt8E58FaSRl6`%{{3Ig&{V_WgMaf6n3bE*kJI@V<rW<HC2!v_blZB5?B3r1h4q`lJ8
-zp7B_=(@-I{##e*2)7jfs1hAaXU}u&xdCTN2T*Y|EGi<WWi{7+KUad~E4s_u2s&V=O
-z_*4@4svJ$}v+M77p9yHkmclw*OHC=FOv63Z-Y34s$;?NeXvMuZ5z-y-l#(detZ1Qs
-z4Zkvz{*J@J%!8z!)CoaoFU`B={PKj<yb_(n#A^}K&zh|7GqYOV#Mei|{GtYL6ASKt
-zmCo1)wxg*pj&>@*ZxxM|CT4Tfrj#-EEyUfmeNUyC>2nho<t<4s8~MQ|*RpSYT90{~
-zRiCC|OzN{H)(Yxa@3b#B%;(Aq>ov26m*0vOsu{p)WUq^%?AcRK*v@*yYv89m!)ki2
-zZ#7P08Mf#OER;UfMA*JJB4R1Dv9z9jjYYY}fzTDEeS9dvu%oAM+!>n2K6G2V`0)bH
-z)yS#s!8Sa;PS>kOTf=l3Ihff_RCDxQVY0P&kHjx=1<*g;bIFFi>EIH`O_knQyG<!r
-zuyd1hA?)lk-F9g)v)KFW8bz$VbK#fJioK|%Tnl2}3ImN4kh^|;rc>F_1AlKv<&Ik`
-zg%vE#OtwXyw_xP<Wp1+4$?{k8_$%(ml@BcOmPshQnMOZQo(2c)=N{NM%TO?HrMhd<
-z`7V_`p~HcLKDMyX0~i48(QiBT+fMxxJLLr&jvxZKQUCJl80d2btdM~>uP)p#qwlNZ
-zInq1J1pO#R|IGdR!|PrG9Kfd3-&e=qihpvyzP;`R&iQfhZ>!^&3vWF9>q{)@0h>z$
-z)Dv3ox!ShuLy>|nhj-B3s(f_Q1RCZ%dnD4)>)r97_Oh?`9&5OKi~IZCYp3#;3j&JP
-zTIu%9WPEBL)6v(K^<Zzm3%$zF{kf}r?L~KcEB&fkB;znKL<4K^=D8;CZJ2dW(-FOy
-zGq+h)%|yFIf98^d(cJ-qIqT)-%+T@sXgb8~HOq8;UQndr%uW2aU=KzK*_rEfYD!P%
-zrdc=ENCQW1_3IOA!0*$<G`i(*yzj)2f|1t?H8n~QT6|c6lk4SdW^_nx3@f_sLCyR>
-zgy9=(wJU0w7%qUh{iNRUNz-03G__LZZZJXUzRE*+!pu--)4!~YY~jqs_t37U#W8Wd
-zXw0nJYKoEpdEh8>p|7Bj&G)&kV$l*+<{h$^hj*oInUmFziZ=1zv_wg9DLA2TBH0E_
-zT*JS$MnGGYx`|uU&|I?hp4pwAoD0vO#T+clx@OuxM)PES)eTY%&D43Zgm?N0PIRl8
-zxS==HkcowGblFD7{@|$ih7ZZF+@I>Q*45|A=0}b;VLW9uZwt@Wo;?1^{rP2szjl9s
-z_m!ykG;Ue@)%A}YfaJ}p%$t&8rkWD9KC-^he!FdQwjYt9)^`@lE=k#05-}Ki)KwPY
-z&>3uSl?0o&N6E1bgWQm}!ZoLPnL%E=!EeaZYc%R?m-z(|U(zc{(OpJDN9kJ=2C2w5
-zNc1>h_3HQ@!_gY$s==ds3Eqd4eaRS&mO1wX+LL5Ig^fgw^{RH*&j!{V>W56)?fL~)
-z!uBi!dRjsi#Z@*KY*BYjY_2?acyPN-bA|+-VIW0@5=LF!@+!W;L{pXNiOhYNI3sP+
-z69x-~`gp_ya|Uu020=x4o!#g&xu>%Mqs%DFk9%A{hA%8k+FQ}yc~}#A+Nb8>aldNx
-znU`B`49cm=+o#|viq8$99+9$UCgNI$UU$i@C+V$=63=cpmIey6XZH}3-@l_PaOVLC
-z=g?t-I$Yi0ar?`5);Dbw(lU(Oj6~PN>p(V7SR%IB4)q)T%MRN$l^03KE{8s4k0{o>
-zTMFu^NbkC?Q57B2m<yKbVYur<L4Y0>v;OJ3`w<Da9bo`nL<jr;@*N25zxKhogyRvi
-zNJNbdk1vWyee!l`^I5u~_mjcH*XN9Q$RKs8i6dEE=%UA_7;)ED5wr4Vx6}{h(URzK
-zXFCbGSb|r147x)0kOerLUPZE75|WA!J$x9d&I=yTCg1aRy>@CUmuvs37IN~sgM>jk
-z<Hdv$r$8*%45hV@pnzWM6Uju-N&F<zes~xd{$<lG#8~U-5q)Qu3E{N7_tvRoZ<(pt
-z;}krp*aMd6hyXpTkV3ALnsXRVX_r}jk6H;%HngY2;kNgr;wL&fDK<`x(IYZM^{Bxc
-z(j=T>pO@+>CAWrJ$!UA#jX1NA*;`(AIgUMxPI+idVRZaa#;WC9WRPjer74Gz`i6g}
-zUDc5CVSfr+>&WV5F_7=0?#(iB9ff9MO|MsP6e8#H4#{JkDhgJI-|`6GLqB_2%0mAj
-z#k#5-F|$+ehZ<adJT^Keu)uzF6RpAd)yvT5uPbdTlB4F}J&fygHTR>K<|~eTZR)Wf
-zMqCxrYiC7u=o2J;Q2@*VpbvlR$^Z3wk_3oiTqHL$C&_PDzdwI-;5P?;bKo}zzH;FE
-z|M^R($ivkv@4zK(>`koU+?*=%U<f+sAD;mDGyDF09^gfPeBczf|2&cGheMz6e(GEW
-vta5&FKG`1!`0>P>i?gBrp6&quN%O-=Q7ZCCK*hzeZcxzEi;Ih+;z0iaoSo#C
-
-literal 0
-HcmV?d00001
-
-diff --git a/src/test/resources/com/android/apksig/v2-only-11-signers.apk b/src/test/resources/com/android/apksig/v2-only-11-signers.apk
-new file mode 100644
-index 0000000000000000000000000000000000000000..674b6e4d7d67810c70aaf4255db90b710bf37d23
-GIT binary patch
-literal 24784
-zcmeHw1z1(h*6`ubNOyPVp&Lm-T0-dt>F!P`K~j+p=|)1jB%~WDK^l~91o=05z1R1B
-zz4!iK{P8`H!?X76HD_k+!<tpIW-}<uLBk+{KnNh9PzX@G=~MED27zt?6$ArvG<C9b
-zaWpn{Vl{MhGXB~J0)auu-#&!``a^+;K@~s^bpBp|M*1K3K#c`}1OVvhY8JL0<YM;r
-z<Ysn`<PvJCAaWM%uI$dT&dSba^3IUXmd+OP?zqm{u0-<A(5~#ROmaJ0Q*viFJ91}p
-zM^jT>5V`2G|FdQPvRgvS{v`lH{=ESp`Uf0%z#nknVc+rF?*%4@dJ6`D{D50SkS)jr
-z<Os3@SpYRFfZGE<P9Rf|F~|jIw*WbVJb-p%pmqXkXQ0IvX!+jnme~L7LJrIozzUEW
-zP~XnwZMmIKE}*_`|5ktxsDIo8H9P<?Fow>~jvzQVCuc_s+sEI=FazyBXx!eA1Ne`E
-zfM95EuWxH;V+zm(ql3_a4}SE$#jyeW_IbB$Ft;^W9%KO2KiZUmdp-dEv*nv$1A~G3
-zo0$G9`lhxTV*k<S{7nD$clcNI4IMSa|10!wd7=#HD>euL;r6){0zXr`)iyC(6GuA>
-z69q$C3o}zEXI6I`>nOEGTP!hb;l>ocC)C}dfyO;T5!eU}R$zK^Nh~m?OaNFCNx(SO
-zz%VtjIXVsr2?-C|8-%0Zfv5aH`H+Oc-)V2?ZG0sQ{wMdIjSpVC#%3fG&%{s>l)GLa
-z6d1e_5%BtGhcO)HWBf(ln<hGJQIZ`*iVpvlZdvdk{#=R}BLw}8>^zkoCj49f^Ltn1
-zW`*;Tc*4~cp{P6;*U19~YYf}&`OiH>v`x~-k63Dz+$$+x9e*}@;Vsbqn9%03iE?he
-zoWb#-*ONw6<A!7F14NxpqU~2Q_ITXBp5`$YW359zpD%i<cSj#mWk8&wp3`1iQZ<ZN
-zBVNE=Z)>qtNZzxQtCSdKP29~H4&yPdrIX*jF@C~1V0BG$D5#|`yL%|ZHYOo%70-S8
-zu5Qz<KsayKt7yaC{K_A}%B0*0ZyC;Zo1u*9b>E`ZeECYPIOArq<FnfI^f>p&vNqd1
-z)l^<a9%=DcA9&S!g~JYln<gsQyBWRvkPn;tL`*3QhoE~&KAB!7#(r4XJP)ojS!gp>
-zRNd~|wm!TvIgPvMyIXw~hOa&0CDyDU)FI)sC<5cL4eB>UR}1H-qyWQ+!FXVM>^jZ`
-z+|}W4R!9}R2<YrjUhxgc*jmwk!BV-l<vDBbt@~gk9UbTCb%G+t$~p?&*T)=X8XWT_
-z?-+cgRC}JsOHXO4N^eeJ2)HC5<9X<qc%IZy_mE5yA8yD;x4mQMo}eOWsjFcTaM<XX
-zSnnC!yes`&=~4&6U9u_2H=)I)<vJtKA3Yqx?h@hp&b-m*i^Ie6<$XD<<Gy?4pEoZY
-zp6j1_R(MaQ#ILb=I@Mj#?Crvm+U;%YE6c$nfDZKxT>+U5gZo!vdj}9(V{1bvC&0;=
-zn7T(LD3}A{+OueD#%qz>%{7%gg_eD)EZNvqG?GWJRr0DD0cZO`UJCaDS6cAGee;9N
-z?9fwdw7{kN``PXf_Lrpgv%?J3kCopBks}1kDlND33dYl-Bqp!c*_}4uG^P2x^x%Ii
-zGJDq^`Jo?<$m3?Zph!1cHXnDll{r}>hY~I|eneVP0?>MXG_9D=C5pc;`8B%<&S;kg
-zbQ{_6QZDQcMKuhIG*M?e;p_`~9kCBoi?PBK{;$KH&5M(g+r?zazz=Onar7c^L_DRy
-zLyuUE?eBFlL97p-mmsBl7OoSiftQCg70{1c4sA#cc8q%P3MZUNYf{iwb!DR=bq<w-
-z4CY~wVj@w(4noOsXhH_P6+My7h!x6(QN;s%mEq#8xfs(_Y~F2;lodDj^p0~o%5kn9
-zGQ*~xg1a|V+aj@-=fy?SXq1aePctwtN*uv~+neopO9Zjp%(>h$Ah}?*9m^xVlHo|0
-z*yNj&yH|E8S5`G0q7v<dB9(bwEa&=zhA--`V9Yf)iSwB^66aH;`b|G23@#M)<8h2k
-zZ=R7fE@#bE)!R9|U_sb{anaOWY|Qno3U%ByU0U*^_t~vy&Io|kw&JYt(N#Mv9mjdj
-zBtY=~ZhB5vk)YLsZrN1Fy0;~q1FX-z<%LvUwPXY|r<hkg<xh{;o1+%_IH1535EQrS
-z9`LYG{S~uaS_&&4&#<VMvFW8G@xXnH8itYl?ySVw+LbRkQpsl&f#nXdqx|q;^yt)S
-z{4bn(h-C2!guUD|_j(;5Y#+(ihe3$Wv6w^$#C;?(m(|;=RRbFdGeaJ%-g(TV=prkZ
-z25J_S%S)Pfda~r?LRLD1+%*pJ6m+tevqNik6SAa_VYX%~IW>u19pjdI)ukilhCT0$
-za)EVwmZ#q+`y6p}7v5{Jt??1{`<J@3(XB8aAkkmZJ<1Fu*b2_Xo3qHC5PDJuc<OUy
-zejrjPIO|asAHwj`my^?lr-h7<u?@98kMWRH8XG^X&(3&~Ai`H}@lrL_f{NuNo6i3b
-zUOZ9y_@MPxhu%+yzPxkmxBwmcU4C=mHwS)m;5P?;bKt*?1LsQLNj;SRUK55QIw%77
-zC%|It1PI=4*LL&(KmksO9H`gnm!st2pB5RH2oG;n-dJ|)>G~C~ZqpuWeC%LVjP0uj
-z#?$}+2?SRH;E)Loh5~~TL0^NDWufr8=pl%3@QhDnhWKEhAz17f5HvVwbr@)51QRDi
-z7Ip{+7lafKg`Ee&$;r;n&B4nK(ZWOF;)L+A^ZpI}^`JngT1X%i(+|>6074252mr;S
-zrd$QEYMjfMW@}z*-W@O?IP9q7tua_ke<*U?r;ak>dMORHWBD<wriN`dxwkMku6h=v
-zu?*Q?w3+wcCa&`qtf^V<up53bwoT&mybi)W{oJw~P7&4(jm(ICit4gv@5LMA6cmF!
-zU$G=1YfOR+VsV!$f0^_skQ@Kl9B(Ta2Naqjjnb1A^wKuESj6AV9;?zJp&uOJ??_gS
-zR%K;d7(0!svY>3E=oH0Du8~%9a*t)$mzf{iF@vV3%K?djeED7bnb^x{BJ9e<_1#Y0
-zWrcjbs1`lsvUiEmQYFXT>frPT#R7xJN$QcoS-I1>y&4M|Ydyksf?TsPxqJ&TrFG?B
-z#IbT$TST+9Y)9*CA~~Lmeq3o|j(`pb1_58g>Fuk$n4|j=J+g7dPwI80={-`OVv^|*
-zV139-Wd3kEVJ;&e^rTJr>p^5-kQd(0iXqd=p)F6Xu}xIm!}!MGnAnb+*#dO4N!Vw}
-z@>3AC)ClA>!R8nr>n4k*cMsnoT4%KGnR3Q`N}ty@X_~G!z_)&4PxT-($0(?vI)3^H
-zt2;*-q6i@YWPk(}1{VhVS*HL()E9L!3sUsN9oF&`_%xaU2-)q&R517uT>oEpK)&sO
-z1p^C#hJw2JNx-1lKoDjyHraz1$K=YR8;cY8kBC@oPK0j}hQQc<1j<#-6Ig_#q1uvN
-zEN<vNF;Dsd`TkaJ*VQ}#+zLG_P~TF);~6OFexzGYNttoBNZqEoOOdSx#->&UvvY<u
-zzv(e$Sr=by9pSVb>S_S;0Du7gmdO8+5-9^@Rx$wN_a8NU#=sbT03d-d+5mum7``%A
-zqlq@l4<bLw<zH+V2ZW37C&S0b34yTx!|;7ae?2G=S{ksj{685!Ff%w13JTO}cc>yw
-zd2lh4_oA?0lbD}_$@)-LJNo4;N3<4uhr)tZA%<;+@X~WFhim_(s0I{@C;GD-S@GtS
-z98kXdtH;4&BLvO`zMipJn#Nw}JgF=@A~=pu7u<7EXJ|bAO0zyrEyb^v_50+{AF+zR
-z*5^W;UasmB<=!uxmg#C#J`K)^^hLmip3dM^)ET|55+oZ=nG22-$*8VDd|*yYvvn|O
-zO1(67QqcK45bZGoa!?qtCS!;=S;jQ=4$_>h{iYtXW4LQ@kLo>TkrVcm^|>B~yGfT1
-z1if+RVJTm;2yeCB9UpIJ%IlyfeWhe+)J^g!ImvoYr*fZ49mPKWUXaDc9WVtb^_ppw
-zArSSm?JIc?qF%qpteQ9}ks%v~WMLr7OrH<}fKMQPW?nBXlKZ_a((H;KvBRiSE*4}t
-zwCBtyE(U63`uXZ(<CV2LZURW^hTmQmx#Q_M*w?%rb!f&yedQG%bWrJY)3ezgP0m0G
-zpHlR4*fl8_N_t2t@k?iBA;KKPaZ#n+BInW<S*-b+IZ57u0?QYm^~2SiD3P}t#CMGn
-zy=_t7*Q4r5ynB`HUdZiX>gSn<q9;_j(RzW5;Eo@;%e4})WVgW=xsS^O6`mmo713eT
-zj6r<=RRntgTfMio|ExdyJ~N`S5TrFRW%#vv+=Vf5sZ?l6?N;o9d-ZuyI_!v99!>A7
-z;vhzxJ^@Al^88M7<Z%MX*5<5&OiKr(<jE(|B<MgWIM6qNX~gZaBMDvhg(^H<y)$Q=
-zaYVi-aL$qhw|m{CmAVyML5$HZt`-rWlob2CKV#X#ukO8m!l&8N{Y!;Um`-mv@G1Rf
-z5Q=CzL>|&zfQnvLNx~+kiz#;?KRuA|S1(o2lFXh-vkpoYr#o*)I@+R=QeMIn!i-gj
-zIwM{l$bJTUkJjaKh4uJCO*7(Y2&KVgeJvF9&Uofm8UZ}Xdr`4rgCpf$O2$|Y5{CTd
-zxnX`sxF5ZFtpq4lwUDkgoC3@Z#4)m11YP8HqHBB@@SK%sxQh3RB`<9I#*})IIOHQ1
-z+e_m(;~tz4>B6R<xsZv+rM@wF6<#1TZcT~3C;yocs_o;SJW=y%CjKNba-3h+r|Az>
-z1zeX8i824+iGJDPpL!x05JU<P$>^sPiTN*}_Y+FIJi~lhw>BOUtUL8S$j!B4uj+`0
-zV1UVOO3j83(h@~$+zY}&;U{RunLmg^^LTftsxdH)JL%?p^H0D<1pq|=Ze7$ppoU0-
-z$$gmUkcQFJVQFi2s7tW&NVa*oh~6SfZu7bfef)axrU6Wj8)up$AE@$x#1`LcIu{X9
-z>%!nGBT@0<V}fuRQ>5M$Ie;4Ew@vwNQ-0f&{|=jSA4qPK1DU)3Xe_Y`3j!?x011Sh
-z2O#iAEKyiUmWn6D)BUev2~G$v#~)$|4sM>GV~JbzFR{e8L4hzmfbRbsOF-Yo5&@vf
-z0s0z_>u4bYq}bR(7rj9xrE#9SZ4MgjAm`(xrA*2PDWcansq2c~aWrMjjfnPHbFTw$
-z3S+{l(|sV9n3t^GYf|j2xWX<uXZ_4@l1qhY<j|{#?O&Fh@;ip0+DqQC7}}`GeYKg-
-zL9*<f-F~krVk?=7Yi0qrOhcF1dVwQ%ns=!pDA<6$SA^59qj`Pvuo~JT=PU}_FkCr4
-zlxTVbt60#My6kmGf-|d66lm+<y?8dl<~>5EVp;iTxpl&>6Fl%|dYHsLO(Ss{uecR0
-z-;Yy+4uh0AiNPiBj{Ar`rELqzRrh17!Ef&<PxLm#1bej;CX*!R^puYixivhhpXUk9
-zX{s+0tuhO#J0&TlU0AGP3$Ai}XG4}Xu>uR>(xS2+p&X}fHD9rbs(XZu0#ieqLLQ8~
-z&Tf|6Qub9e*f7rto-KN73i7gf0NFN(#y%AlNvO({1=iOr=rWdaBm3aXWT))|OwLx~
-z($>3)jl0>z#chE);fRrA*!1*a+<@cA4L+&F%7JNf#||cx8%ksta}OPlowjE(m#niX
-zfB5JTFi-weW1nNw_Z{xfZo4`Xh>$H*o-oh_Etc{aE(&lJ2OK~ZU&CCmeTHpgDsPI$
-z*}u-^d`fg#DpyL{bnw+pla+X+Apfc->SLsdDDmX7E+0JMyw}ZJhht9V{kHNbsg9je
-zXi;gbvYm2_9B$UJp#V)4@=dqXXcHQv1Qo*mWY`%$4)<vWC5F#kJl)+whEJesYgouy
-z@wM^wieLC2qs&qFWZ!fPvJCBjkd<J0Vm>@sF6!aTt{Cg3h36(89~sZ2wGeX=fp7dM
-z>`xQ)z9at#Tv?ZQH+PmwV&q6Lfj0&Tp<D<l%c$`~W<<D`ged0Ta2Ugob{d65fTydz
-z>5!i_f%EWciLP{f7146`rAs_-uUqfuW|Ok+&|YlMEM74!$jXjfNN3G4+l%vY{-cf*
-z#=d3-tP8Tp)5TtaOx=or`e&t)+mT3wQw2TEQeVutSSc<C&$eU`FRY1+MQeI(mBXU#
-zlyQaE!`qPa6@7x;1##S@n{4f}E>UM>AQ0u{G9Z?EavMtpfL=^(35#`4nPcQLN}KE}
-zvWd;_xtaDJ3qpo6CXp@i3LQ>ECP?;+CrRjnhRIpf<|>jg91wZ&5$!`Tyj44OPzzZe
-zFqW8O=v!6ekXR(S$aF(2nhxy*Ke(T}R^%_`s^;{uTHC58i>fb+^;9%nao^qO@cYX2
-z<e0QI1$p?5ELyTd5=YM@VmsauHIH!OA(y2uqYFn6V{X!b1y&bcwQn9t1YIp(#S;8M
-zF%rXvn>nJM_|*p=b3M^fsQj`%W(M;V9Sem$Wh^Fem4G{7^{&P6|Fn^-7e5w6c%txp
-zM&M}P6?$v!_*gZI&<Xd&beU0g;yrp%dVH5X>yp}|!x>VDGl(Ap{tIT?Lg3;EU(XHr
-zf{@+`?K7wBDy~D@F&7hz2{T!Bb7n7xr|sO>r6PSLCnk3U!Hf;r#Mlk|m*ZSn9xb5>
-zWzTJ#lSP&z&1{ui6-XUJ!CbbP#u(BpoUfb`)aye$sPt3<IHqL!k*KSQS8ovp^6yBx
-z-W`cicFXkmQ!ICE$w_@jc(yul^<W_|`w`JY-u2->#B#sv@K0m8`yj|YKqaGkOAkgL
-zj6crRC?b_aVokkK#WE{G&G)cR+}879uIL83gpt3W#t1fVJ~2j(l=W0ISXZD);iT=!
-zT^w#FH{sZ91>&}E<yXPn10uv$fuu(^E{Bx6su#~lC_wmy51l>daH+Q#i*IBM!Q?`e
-z=hd=rMyXXu>^ND($5kDd@ekzb!oJ{kA+7Z~79jV3Uyc4Y>c5TpZ=?R(sQ*tl>XyK+
-zLIsdo{d+JC;N*b${C7JN&cGP^?<rYpAT5jWBbe?(t5x`7w&4gtf<w67kr0M~2178}
-z(IKecw<O?Ajalr0X!)mLnv0tc@>4MV9sT7PO$gTaoSZNi>Tl$sq2Qs#K`?px7{ZkO
-z_pxGv;7izdnKHMqBHi^%OnF8Xvxj2Fs#`xM)F97C<7TMk3%n%VzjWnDqG^GD+7svu
-z4?QbcJ^krVzHI`F+q_;If)mL>?y&t-;zk>Gp!W~H?Ux<?=-Yl`0QBFS+X+nO6YH{l
-zhGRTzW}P}LwVsTt(J4{GsH;~8>9}+5Q-E_j-+dMM;$@q4DMI)7*w|;-rAK0F8`9fo
-zb8ldnYt@SuzPmOMNENub-DH9S=1Ur=fkX(o*ol1Pv>D#8v45jVNOI5H+TeWqCbvK*
-zOe=wjdNW%zfP6l+AM#x#%pGMK!iS+mQs@b2U1~{wHge;1s`l>*B!jhYN&TN=vlZ}d
-zEB_PH<^qgy_%3ZWfV5%#khU=OW|Fb0Dw_W-Y2$<NvU9TYa<OyYrhz$bQOMs=2sS$=
-z1pT{&BK}Q6^*R0pBS_@?U>r+d><WF}Ln#zCs#flH58`}n>!LcibtYT02x@GwDpXz%
-zHk`iGL`P(VLsH7J+-d|pNbc%S?3pG>`RBZtN9+s}7~x7X@&s;T@7>KYeZQXme?{KD
-zCC13<EQ%|uGdfPVJl>YY<r$L{U#l=D_upw?lKAxLWjBx)qX3N=d?6vjv%aXiG(e2J
-zre@E$51X@godwGKO2}B5v7Ziz!?*G)aZ`>sw~alX2{pNA9cJ-G_~b*a6+#m7x^5op
-z4DaJzrDTA7OtKc~gOII*ry=MldnFaIW)}zMB99daVj2dwo;oKv{u^=ouW}g%NW7r{
-zA}0_04l)3MfqPM)b|axWRE3*?l3tKTiYAo8e|C=Ey>URHl<P&a9N*KK6Wl->pjAqd
-zl*y=OBM7yr&Z}Y@=AQK_xel3Z9Ko<F<W_`Bzl&obAdaj*#PRJzxur<T0n4An5&AEN
-zjFayV+p(MwZr*=n61cyizZ~NV2<W#>-dp1b%M<_uqJ%aA!A$oWyVTz$afsoH40)R~
-z02N;+j5x}-n>|3bPCO_^e`yqIcQHkUg<W__Pb18o;wSOMSLC@m>v{!-@l8WWg+|!d
-zPjahssposg#bb1&iR9gN6W0xVQFrs=p_6n@kqiH18P5jgvo^b;NtkT1UhoN3@JF^U
-zTKqv$f7#)mSw?7R3lPK%%nrKAVA3rQNg@qzBNM*zXLXD>je9>PQh8b}QU^<|*pkSg
-zGvAWGl1sbGjC3kU>J0-78C9<k&xOLShR05Iq2<IkJpOW^&yn~n>b0gr>D=eJafP60
-zdFZ){>qL2oI~Mk=Au#XXiW6|P1K?H|9s@PR6bvB<rfQKSXQ11Bi9Mqm!acqmu{PmW
-ziDr@{-^fy$U0$_miM3hTCcw?=LMjbo;zbHP{y5q)ajUSLWJ6A>suX*dQ~$io+p3Q8
-zBTd+vd^j%mwQObdo{Y<SMjkC^t2Yk`jQj1Q{vXZZ3qTJZ{U6YSFMtl5eb<8{Ko8V@
-z=)vbl&f07#u9QFN0nA@ynwx|DryzivlbwU(XFa$@e>o-~<u8gr1s(7Nc+cI?&!dul
-z7y~J@x8ittT&=I%@dl0Aqh2xhGWiOza?=+MXLg0a<=BvSnz8j>Fml*Cn0%fp@^Q$T
-zCM*%m@xvurC}!2nsYJSo5kq?AbDr@U2CMhg<4Gu+uu<sG;AMTir8;fP(Xn~ho|8qH
-zio1N;%sOzA@l&onBZ|b#@yyK02cP~)TW+LESBFc<B^ov2T@Ov)5wqm&9Q;9Be%axl
-zX$uT=z*7(;APg)Hy1otx{H&!AdK3ZE`SD$WVU8ERrMvK+%#N8BAwwCX<jtUYzjxxa
-ztgTU?-n5Ry{WIuirutkIvqNh`A0#XB(N4hPP%PpO`6o#>Pd~yK6>mRccj5@Ux%1Tb
-zo@Y~QHF}3S^mQ3#Xi<xY7hI1?_&_ormL!NTr~Z+a&>`+XW^Ubh@*@mDqQ8~rz%>ql
-zTaAhUYDhpRKz?7|Eb#m*!_|oml$)Wcq%KozmCDAL6Ej+Zl&zEG{xj>jt&EtM3hL`&
-zCEd+e1#xGDOs+(2we?puXxNjp><Xb^F<MTVTCFW==(9GA(QNZ2byG>UCAa%Y_41Vv
-z-oEjnq;PxO>l2EFj)-~Wp`39#c5rfeLcCe5vbm0uL;GUOVC1d;g8Y9iFkV1HS{P8z
-zAMrOdpibn#xBhqW_w5eVHNbCRpZWq&y^lXsFPa--y#R%C20?*C1mf=}XDComcVIz(
-z$W1!}Zw38nbDWEtmy7=&>h~S}^`Jl~%Abit!GeGk9UAaOppd?8d5$c_aigczo#;WT
-z2B~s2H90m6=Pp2!G`gAi%u;vColF!`cj~a1^PexO@h;7C<0(_(cI2w9IN$fPS$T`#
-zVHq?oxp3L`EH>SihD4*q|0|trWej&JxQY_lA?n@k7e7?Tdc`fLyv6*ow~rUD#Xkk&
-z-qYvA!7XEDrDU5I2#J+ONKk-kmPyE*XUI-;hZLL;Akdpjq)^*B#I(r@7B4O4>eG4g
-zKJq+2Ty`)pH-wFa8j&^EsdJB%H3E@gLTZmO6)T_*X7*8vU7btgb!ct|hd4Ec#+KYd
-z>E7jKQ$}kK5_+y>J+0!4h#RR4&A<*vdqWRJaf)$GvBIof@u>$4Od-^t>;N8^#R=Vy
-zFNGiTlO@G#s3)4tBzAwW1HbI>M?3Jx2?cl#Jm$>gqBd|9FJJCOnV)UIh4`104fx)8
-zQRr!tvpNraO(;dOd(a3@atn0pWjx4N%qZ0GE{sc&t8h9Q_i4ZSVB&ar?0>ln!6O=7
-zuJH+d?Jk|gAYZ!bZ-By)F1nGs#VAx_6?3m*@!Hh8>_bKaA_5<~Lj}p^vj9wU)43L_
-zDYT+DRvz@l7n5^^AeP?8;FcR4PRn@*1PNt{@>x?C4HthYzif;?2k3K7o8Z^=Rvz<P
-z6x|n0*#*~f_LbB&q@JkH5L3=uyQ)Blm0Ps-vGww$j~pqP%U(+%({lQq`3S0ZUh8|r
-zke+{%eL7V6-0TH!QeBIHM<PdA>T-B=bzm-_C*KM(pfm^o+$s+UfRV&DMU+4y$=qeR
-z@<iW{qxkuO+WS(Gtfh7sDBSH^vR9K?s1LIxF+|;xH-ePDjtH$dTVs<!_(}1)q^*S1
-zO+PPQk}V#-h@Q0M&*g)owprxSi)^2Ju~BvXK9EnLs(mRQyEZtQp+wifS<$9y``uD2
-z9NZbv#=#*QoKk_Ju=WDJvs^H^eoauOL6tkNqwq$Ed&pQp4630|z?}?(4|CV{!1wVT
-z|K!O)m8iKf1Dph|aKDlgTn@+kR=q=k&@NE^t%GR8>g!Bt5@*Sa>!SWgtNWP4he~&F
-zb1t6|>~An9>s;Es;r+}T@9F*ai|o#`kK>?_VBE2`^hPhN!2@VofCqp+{?^lftEVZ5
-zAdoI#f`6<KU;xgE0z&j(T_FHg5p?}MQw*4A@ZZgIm_sSzlZ$DBpDpOG%rh5+|K}75
-zHwPcrPbre`=wHn9w?Tp6zfL>&);xm&^9+Upjf-FiM*7>$W5Z3+4G6y&$4Aj@QpyuE
-z&Xmw<ormF^a};{@q~Mtjtd0L(8V{T@`9?x=L@W3_xq`0yGQQicI_M-sz+V<ONMm)=
-zz@B$AX%tqh;Qh%PJoEPz82%HZennr5{L`B+AbNYw_d@L#$#F?M+SVuaEc8k`P&GF<
-zI$rZZ)>a5PAJvlkqN4EOwCa&=%v=uY(vQ$T6&89aZqfy*3FHr;zq|@wLd%(|TAec4
-zHcX~^z@-|mO&RlHL`I_vXBCz6i(jUbErw)6O!Q#9{GFIew4Tq&ay5wA0ag@+uL)QT
-zbgVnoq||wgKg1=a4(d~5tbD~0*%N9Q=~l>{6o`zSv}#vMoCkG(eKs?H+!pR5=lQ8X
-zU}5gsqTI8O=QYv8=>5SA(s~WE=sD|qN8Y>);B=bHENff+N>~Z(8<RoyctsEYPTW1*
-zPnnHMpftJoYEKJD-1+*aV0_G@ovVuAs}lW=JHinX<&-M%v=HL2uJ@SHpoWVZyW5^N
-z(beq_a%?|niau-hU240&8J#OU9|iX=rZHcU<{y$)2Qe&B1QuEy-i59~orX8=H3^{Y
-zUA%$TJ@82oSQze;zREatS`G@#Al*_#Ie7tdw^r#Tr={drMi9qhrBn)gbs!Zoop<-^
-zU<QI1B<#obA+imrAV%~&`iohc1P$%MU%97?>rXD1RIiz^3r5$UDiVJY7cwyYgM0dA
-zhkxy!08z8vaJJ5ybvL$-a8Pknq>G^Fd?Fq6+1xs9RS&wkA34z;+;<^Uf&bi0?wYKI
-z4kd)3%<RarX+^g(OUDwbk@IT1JvyXi4Zlq#cC1xybAG-VGgcxOle>2h21nu9ljrky
-z+SsNQ{4&vnYQaH_aMxs`#p&A-#h7~~%Rz}dSQrLGAN{KOmdDc81Rf-8d_~O)&Vl6O
-zF(b)C7)onD<&_mL3_|<h*{LIAy-auest;4L!dATp-KJ{W3ghf;Y<-d68}&F`4KZDA
-zFTSW#sw-V!G57AJS#xHpnwAfC?3$LfRm0H1$d}LqYdr@|PvJE;NK-6{Hyj(kC5@rk
-zURu{(FRVx23WZw*6Ja(9&Ti4LLdI3>#YQX9Lq<azjGUipDI@N-H?2M49Zey8g5~_M
-zr7W>ErgnzUEm%}gh#Lt^;^%k*d5o1cY1YiWVc0L3pabKb7WITU7G(=Db~1*(7bN}W
-z^3_Dx!W+)09JvxgrDcNv`G70RnjzKJFp_A9ob7fOHx943EY{RKTK)RDp4YnFRp?9p
-zqLkOjOIs!{xe5*ODEC?JbJ6P-gbm8*UgB!5BTF#eEz+y0C$L|Y*pV~HBnv{g3ecwA
-zNjV7Ow<({eDL4z}ht`QjO|BAM?WLyItLnd_GV5k@5ij#V-q(u0m0=<Q;0tdEBNu9H
-z@HgKKT#$h{6#;--;|c=mVj~;TnhE{pkBbiyg0-zmNKJiLc!y6;WZD|Njg}3+Qb>BG
-zq_l8bv{O+)b|*GNv{G5yH~3MVu3@e%q+hL*G;<bW!OgSCG_813D|)p$F4)sR-Be7_
-z4v^12C)t#xDsH*AcF@AF6;lk;;Zkfu8f6mUsk)Z<9wQ?cX|fg5XYxsRU;`Omh-txc
-z{}y(62JK_}lli#kJ;{>-(7jY2n{rDNl3x{RCnicoO13mwg)=f+s$lCOqI^{)Z@U}P
-zKb1<~2W3lDTNv$_huta?BZ<%ArbQ-g<d=_mV6#S{k>RU?3IBnhmxbhHhjZPpHl@d`
-z&9YC!;8}7@BXb#LjCab{`(}$J`L!CE!|NYJ@>TU=s$}lng+H{ToU~c+h*!r>YC&y$
-zt7kbuU=g<BBKV2_b5*3xnjs!jzO{wb!h2M*Ep~{G5cTUbF}i(SJ)_Rh6xN|fT7|Ed
-zG1#8Y?hUqK@pihf8SW0#sAr>OIZ`arc7@4QW2K4S;S8j0ICRc}nd#u<&q<d2wDpKg
-zAa7rVV>#^l3(a0}A>-Y(tSSZ6!yBPd=(5A8)f{tto-%#)B#^saZH8mXP+WkwgHp%C
-zjr=mECI*`V&xbH1b|r2yk}u@gUh$QM$CeJP@|1|l&&(m6D9u3yALpFdHA#~)?k2ly
-z(D<#EyrID$2OTvt(E>66_@m!`>bIZzH-5?sI2=J32&4YPt7BlyHLyYk-n_aEzYKq@
-zju#0ZujBN?8~(fS>rbzH@v{S)QvX;Te@Fiketm!43o83(;@?-t&u*jfh;J{kqz3M+
-z4p2^Nu5q^Q+J(Y~pha}hJS<OBF@_FvS~wT(==JW1t48zFI%JNJYj$5dkh+pX%L^>n
-zYNa_gmG-TEO+#B<(u2PDF_ew2`%72p*1PWZR@zO~r}V@4V0F|%l^YG7M=(}Bjpwwc
-zPF$uHRg>*v{TZwFhOPtpi&pDR8KD#5h}!t9RqHf;UeK_^89Ue?pgicsWajVDs46xr
-z&M|-5A`BXN*sq7HP99G6tllk~eXSE&0*0hku(4hY*ZlJaIf-uePI`yLr(p$`Luk{0
-z&tcg5yX^{^#s<q!T>cUtc_pdu7?@Zpan%_^bf#XxzhR`SvF=}2f-`sG<b7#d)$EYC
-zR4{JZZ8=Lu2RCq@vD}xJ&*Jx1N1<SqBI7af=$Wge4dV;7^MW1hndT@7PI*V99ax*-
-zNh$1yTR7Ae$vc=;bxlRPYmDx+B%E0K&1O(C%v&b?<5X|9H{HO6&>7nAR<W*5$?+aG
-z;n($s8Za>7j;&j3+nt;j-uET=Rrpg`(z^Lp$?V+0I*hxd>O=mG>YLYp2!DRr;a`V8
-z!23#+hw2Zl{A>D0PC#;|6=sdkpUpNVY92Aa)B3Pye0?05uG)7U$|_FQSrj=KbKX@F
-zY2O*5&qjdG)1&CnhD>6>Q|6N0v`#0dRp&qC=`|L0eZcq*kN5eMxX1xLu7l*mN&RHF
-z`vkh|Ftuvf9>dY<r4K^J4imi3$ogI&*IQ)!@V7sgISm_$8t;A3VYd)ebEfxX+V;Rd
-zs2t|dBCw}9R6$hv6P*phfw48wTl=_2Z5s0g<mvhn#PDI1mCaM}b;cSG7~V*S!-&#T
-zKYv4KE?*lDnPg0di$caJ>#ngKYmseO2pnUCUw_@>aul(=JZ)!5{rF{7=vAMphevqD
-zSc{ii&NKKc;|~o`6{KJ4LOq_!m>P>}o_V>FSWVMf6(nBYcPI|xZ_nz%CkcP7!~ZxA
-zgmGp+Ng1K0|GIs&oq48>R8pFLj~?${L=DLL4O8SE%b8w%K*?FVhSCZFF<NK?Yh<B@
-zYcZ&!EVb*NdPVfJ`Wz^U9y(WFQXHhPXWOSg!jGpw*bxT6ZFayP0Kb8teyPt+MeJ#C
-z!jV<h+<x%FwJ-LHo32w0yx$C-y}zNyf&-~ZOrFc=K(Bc0+{N$OEnrmo;+FiGBw8FP
-z_If`d2UUQLTfghcAsj!u<J41D3tU3cp_ea1)p(#LvPcfSU8Jr|WOMAMs==4<I|%3`
-z)89=ha`4A+&XZXQ3h?W;z7bCZUB*wt9!G>hk$>HBdt#({o<`f*WsEx~=e>I+-dkc~
-z`Z@_qBIblCIx<if^+`VGWz`J~Msb&EZI5aZMiz8Wk^Lj@X@yf78VME-^|5neNadLR
-z4B>N(Lf=ufq@ssItt8aFa)un4aIDRvT@K?d(Md0jNDVKJq%E6oga;W`og1_1Denh#
-z+ExrHo%JWNw2o||-39rjb?=mjYRfm_Yj{n~$Uj|tbw(27SeCar{DE7@2kCmWn29zn
-z$*Q6hGQVHzj}TINF+MiVzs!2Bf>`G?H5&T%eYthni>O8N9{O#Xs_-a=rLuEB>ss`e
-zk!*sx?aT=FeFB8<@_;!2?BQ=a`TxD0OaW5-x<H2Hzdbtw(7XozA`B9U0JvwEzh_4}
-z!MvH{G?}PBdr*{LB(M3{`G35P%?06N=jY`3dv=6_{cq@B-1E0VfiQoKI$>_JBQQXA
-z1X!Px&ca0tQ*TV5O~n>z_07V}V1%sOJ0%`&IuyWt5j7Z=lwN>g97mUYiBSIX&ABIX
-z1P+X_OT-5s=f_r*BTb(A9>OPL&Te5j85~|aZ_Cxvr8ZC4#xDjApDif%q}dazb8x7y
-z;0_bj;Wx0pWD3+>Noq}BISD(Iu~V$G9(vtWg3)fId}Uni-*krK#KV~GOS}2P`8scO
-z{hf3qMQJRTWTwaSue(f3XXAr~{r$Ym8h(B?izNnbtdmiA3MQjHmc=TT5?^XA98ZQ%
-z8(|QYcwA==h2wjP3153xd1o5lsYo?YPh&lWt*+G!7n?MfkVK=Q$!>9S5Yg2ccuu6p
-zkYem=xQ_nXjmlE&Gfq!IRK<Je@eXU9bicksW&bw>4@fdK<KYJC_#RnP786Adi0`Zs
-z;t6kxIwM50+-aTH5orwcb9*h>5to@e(%ow}aq8lkEV%iy7uCfmCGnN0C(UgA(^d}H
-zhC^}IrCrR-+}L}@A+s5!jwG|lCBmG;ibroLuy~G8dkdiPqQTi;YDwl~PF;O`_`An>
-znp7Gmq2yPzTCkVDj+X|vp4@+@NFI;bu;Su-hlu`|R`TJfe$31yxpCMm8FjiuHtW<t
-zDzjh6fUQY=tKKR4+m+TGx;tfJ{VL04*JHJDZ5v1A2Ig*)2_DEVwJ@LSWzdr)=*3U(
-zq34#EfN&GlqFK#N7MRbak;SHwYr8Mm2=?zxj!lS<tg6AiiPfru6PBWJb7(@?mXNhb
-z3RrLJgvx~1A5Bno0L@%fH|}C%ug1L$UhFwv8`V`{M=|Gv6Bg}z?I=M%$EM>MH}YXR
-zPvU~ldN!xj-%V)4Qf|CJsRf%si9Bd_Z(Ma2SEVQTutI(KX;jpu#iI<H3vPzg_B@-?
-zb}3rC`<%;(ys%-%7L4QWxykZx7Ba#Y@ZY8{K%+~<COF~*I?-eG`d?|2iMR_5Qw~p5
-z4!7(aW4t-7a9D83Lfu#74vTJ?Oz-l3LNV6cUx<<KO}b>WPi2F0v;GzRgteV)bV?|d
-zJx=7rFM=egkoTiQzQC#oB7NTE25G&yJn|0U%-EDGNIRIU<scrjwQ0!;c%Zou$;wQn
-zxiu7-rplO&^hU10xb}V_oLA~+7}mL@X!Gu<^JFtt*fn9@1FM4IxOVuE9<Ptj%FkOw
-zjFguAH&s<Becr5D^&QQmq}wE+Wzcw~F|86Es1@F0uySExiK4^1PD8<P=3$)ET5{*O
-zf0t25T*6xjBUWR5H}ZO;cEMUZO*L3F#)gsfhUx@oX0#|v#bHJ^ex%P>nZmedIY;X>
-zxbCBVGVkcUS7gNXh>78j*P(hUmCu~b5qX-yj_+n-;LPX+`1rNIwm-5Z!&v-Pc&HoJ
-zch5=X>lbQbj_IAOk7aCN-@AVZ4}aO=pN5BkL4&?EHRh-4u<!J#sKgl@z#Y5j)#ObM
-zn}X1trwr_irqWC~4COccDvIbkGZ(bEzJZ?;Iy=xFrBf3d^ei684``}1=JR#fqRi{8
-z5f?s!x7i#|knmJ6REmj9KeI@kjk9fyR2f13e9upH)+_?8&^3bnD&?43gfkW6#On?+
-za*T*huJ6LUR-YG2&garTFIivPMdzI+@+I#9B8KFnA%irKbNy@@$cd8y6^=a=y^Qz@
-zWy{&WTWc!q(nO#~Hf=Mp{7F#CqpeS>BSD`~ftSUpsc4l+opm%$mb2GeINnOmxHe07
-z7KL4+p*QpQWM{oJ9#G|R8}3AB@iUaX0+|trFCfU&TZ-9|E>p7W<0vq}?$N}9-Mr6r
-z{V<!LU$7}XFWFcOltj;EJbjAOhqD9qiiU1b6XhA&oLYu(bVEi%EIVBxl6+I|xlh?m
-z)spG`>uW^25ED1@=Es=(fqVzkigjfwX$cI)p*tqnm)2cZ<pp*;l;&sr3-iZ!9Cez_
-z+1A>$gSnXr2bN7<uS$DfC|;^^>Fzi=Rvkq&A|6FhZQkQOZh@I7zu*;JUwLv#21obG
-zzg^2Hg^x9qq%|C0P=I3n$<sFvzJT$LNiuckF@v9S3NY~niM;0V)k8pJZ+tiqdCmns
-zm8T4MjPb0KVs~T>=Pi`4b=}^3%kI97I4``kl|WCppT-0=&weLg&KPMg={n>c-a5AL
-zI6=>s_1<&gZQbJB0V;p{KDbvyQ$fsaP99k&nTWUw_m9^(Up?eqb~&}@BpxS{nH{#6
-zyTO|dD_-x9ke1y}vDfqh&5Ehol*Z(J?V*^6BIXS!NWRkiVlA=a_1Vl09i1fOo#5;c
-z>ML#IW+G{N6)VoR=sLf;$)3-grl~4(K`y&0sEY;0aHXy?nMcPg^W^Im!l63m^Adf`
-zj2DDdwy<>B9mbKLHR~wrVXsZN$Z~jsR9CmB5ba|>nRy_hWkAh1EsZaP*V1+Lz{=c3
-zg*FmY4nBXM$%>4D%%J|^BZFZ<(~xWK{^K`(kBJi!pS{ip51pR%KTLiZUc6>U7Ash9
-z(u&oMInI~Ny|Xs%F#86X?c$M)VqIZTNp9e~BSrstL#{LZyLRgmzE|DEwI2#XY{2UK
-ze1>wabp0*8u<xq*``*OfP_L0V`6+d@NR*)EctyqJ7$^%=<63v|PC`qpNkPpM;-9tW
-zkZi^nZ=#j=xH3{V!kH~w7-hQ8IHkE2q0i>BEYfsMZqGFfV4}gKE9mO*QmF64Z<NF?
-zJl|kLPjHomnb;p39)`=lUI6jj#R`e&lc@RB)=0fAfGwWw%FID{$L~g=2!pvd*RW%X
-z!l;H~6fFyhoctofnDHZzK{7U1mm{8=#*gI*GLWl40N`786sT1&2RXXbQKm_x_)f<l
-z_wX$d-?bCJ4i6eQco{s1_1NnUy;(<H$Y%sstFJ>S)*iw_xNB^$#O@>^Du$PCte9x`
-zKGx1b!*#S5vFFL%>CG=pvz#Y-_Tr8UiFwn;qjk@z?ZfzC6QYDGe8J?DoIqmIZuB;q
-znB5_6p85svSMR8q?WTG!GyDh0Xq=TlY_12hk+(E=7q??H;l1H&pSwI?Uwa`Mp-JtF
-z;Cre45)O)i^rqrt5oTk!{MZy$S`amordNMj$JJcLfVBc-&0N4?D<XB<@b!B#hm@97
-z4!(8c&;p)K;;dy$`|@zz1z23%li+7#P@&x!(vuw(>hNDta6}IWa?JSn`Y#G!Xcm`J
-zd(NjgZuuRJ<IPa&K%i<}P7C%hb6Ph}JBQksB&|rTBwlTdU?@#T$a_0N5${yz2aj+V
-z#mdZ{roDIF^{RIv%D#6zEyLkB&a?a_nvgdonPDeTswS%wZBvD5Bz*sqI``;%g><sU
-zysjmK@Qf1$V5`JBT{G{zpq<5Nu#%VHMY_m!hE}$c*%xCa{cE~w-Y2a#a3r}?ZY<e%
-zl7^YzNX~Z8OdZVFFV#5|yj34*79BxJ@eVmmIB3Y+z&jGnaF3Ck&%;IGx55MYyG9WW
-zV89z__dbY&#s&NP&|N<{o0ffKc+gLl0$Zg)pEV=tp!8AVaR@@%4ADD;f<QT2FHV<{
-z_p6T#;?+6O>PYvaInm@|+v*I8rPhM&49{Em>_0Fe>w9VKtlFJ1^QW0h=_kM&Ssm?N
-zyG?8F@8I2KcWk_V<jq82J7j*@mb@pZhT%(UE<JacJ1|d&rPPJ~r8|U^cO0cx8B1u{
-z2gYIaj2->!LOKUbbXW`(j<ilj8w;LmL&y2oyL37;gZfQf%}Q_d+#)lhVas15z%o~B
-zGZyx9D-+#)`b3Pc38Zlpc}P5jH(D0VI>jctrCU<;ZU_bDm|mFKI#$C*>@~Q?<$2Dm
-zrF#OIBy(RztGT5qR<pkQ`tG%48=vJpp9ULy%ZBRRR{l9+zBMAF`)oxRTMgLP&`=B2
-z;U*LXYt%ju_6rx+x?kZSfU_FYr?Y8~@X~z}@!V5j?oGQokBrFV!*uE$H{xTAY}9+@
-zzcccW8&fB2U6d)wrxk!7Tu6L}8I|J>&2n=?{_^Gcr>OT(1A6wEeoBs)K?R{{dx!7)
-zB*o{+qwF#Y_HOF-L#xP0lse7HD;}gyiIVQ<M<UAVFG`m%Hf(5i66B{g#$PO?Vnl<U
-zc7J^&dQpG#ysMER>Xn(G1ghM_tnS3;BYNt1rN^E3#nB$ZX;>=VY%F?iqK00K`!_p;
-zKPZrNS!)n4X&8exnU-r!edJF5=7ik0VeI~)O@rbDEnowH^~mpa%I|f`?{&)Wb;`e3
-zr+5N89Jj^I)KUEV-S6vf4*cf8|2+=;IOk7HS&m%Q;xW0nwVkmQITwer926J{^w0kT
-zz#qTiU;iJ#?Rae96!*WMNdD8I&scvLTmjgCUz|_=X97Q;czb&`^gqgD;3SQoPKs8R
-Tg9RFHk9CIzHQe49++O|{heuzh
-
-literal 0
-HcmV?d00001
-
diff --git a/Patches/LineageOS-16.0/android_vendor_nxp_opensource_commonsys_external_libnfc-nci/360974-backport.patch b/Patches/LineageOS-16.0/android_vendor_nxp_opensource_commonsys_external_libnfc-nci/360974-backport.patch
deleted file mode 100644
index fce1d56c..00000000
--- a/Patches/LineageOS-16.0/android_vendor_nxp_opensource_commonsys_external_libnfc-nci/360974-backport.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Alisher Alikhodjaev <alisher@google.com>
-Date: Tue, 2 May 2023 14:20:57 -0700
-Subject: [PATCH] OOBW in rw_i93_send_to_upper()
-
-Bug: 271849189
-Test: tag r/w
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:dc9d09e1698725712628d394bf9be4c9003579e8)
-Merged-In: I1d55954e56a3f995f8dd48bf484fe9fce02b2ed1
-Change-Id: I1d55954e56a3f995f8dd48bf484fe9fce02b2ed1
-
-Change-Id: Ia10491e388a495a164462c73ced7ea1965808860
----
- src/nfc/tags/rw_i93.cc | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/src/nfc/tags/rw_i93.cc b/src/nfc/tags/rw_i93.cc
-index 62c5b54c..13ccaf0e 100755
---- a/src/nfc/tags/rw_i93.cc
-+++ b/src/nfc/tags/rw_i93.cc
-@@ -472,6 +472,15 @@ void rw_i93_send_to_upper(NFC_HDR* p_resp) {
-     case I93_CMD_GET_MULTI_BLK_SEC:
-     case I93_CMD_EXT_GET_MULTI_BLK_SEC:
- 
-+      if (UINT16_MAX - length < NFC_HDR_SIZE) {
-+        rw_data.i93_cmd_cmpl.status = NFC_STATUS_FAILED;
-+        rw_data.i93_cmd_cmpl.command = p_i93->sent_cmd;
-+        rw_cb.tcb.i93.sent_cmd = 0;
-+
-+        event = RW_I93_CMD_CMPL_EVT;
-+        break;
-+      }
-+
-       /* forward tag data or security status */
-       p_buff = (NFC_HDR*)GKI_getbuf((uint16_t)(length + NFC_HDR_SIZE));
- 
diff --git a/Patches/LineageOS-16.0/android_vendor_nxp_opensource_commonsys_packages_apps_Nfc/365983-backport.patch b/Patches/LineageOS-16.0/android_vendor_nxp_opensource_commonsys_packages_apps_Nfc/365983-backport.patch
deleted file mode 100644
index 1bb3ebeb..00000000
--- a/Patches/LineageOS-16.0/android_vendor_nxp_opensource_commonsys_packages_apps_Nfc/365983-backport.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Alisher Alikhodjaev <alisher@google.com>
-Date: Thu, 1 Jun 2023 13:44:28 -0700
-Subject: [PATCH] Ensure that SecureNFC setting cannot be bypassed
-
-Bug: 268038643
-Test: ctsverifier
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:d6d8f79fd8d605b3cb460895a8e3a11bcf0c22b0)
-Merged-In: Ic408b3ef9e35b646b728f9b76a0ba8922ed6e25f
-Change-Id: Ic408b3ef9e35b646b728f9b76a0ba8922ed6e25f
-
-Change-Id: Ib0baa833fe31c72825889b729c83a1d70a5a6a72
----
- src/com/android/nfc/NfcService.java                         | 6 ++++++
- src/com/android/nfc/cardemulation/HostEmulationManager.java | 5 +++--
- 2 files changed, 9 insertions(+), 2 deletions(-)
-
-diff --git a/src/com/android/nfc/NfcService.java b/src/com/android/nfc/NfcService.java
-index 28a1b92c..63cbed97 100644
---- a/src/com/android/nfc/NfcService.java
-+++ b/src/com/android/nfc/NfcService.java
-@@ -1768,6 +1768,12 @@ public class NfcService implements DeviceHostListener {
-         }
-     }
- 
-+    public boolean isSecureNfcEnabled() {
-+        synchronized (NfcService.this) {
-+            return mIsSecureNfcEnabled;
-+        }
-+    }
-+
-     final class NfcAdapterService extends INfcAdapter.Stub {
-         @Override
-         public boolean enable() throws RemoteException {
-diff --git a/src/com/android/nfc/cardemulation/HostEmulationManager.java b/src/com/android/nfc/cardemulation/HostEmulationManager.java
-index 91001582..ad4a3bd7 100644
---- a/src/com/android/nfc/cardemulation/HostEmulationManager.java
-+++ b/src/com/android/nfc/cardemulation/HostEmulationManager.java
-@@ -209,8 +209,9 @@ public class HostEmulationManager {
-                     // Resolve to default
-                     // Check if resolvedService requires unlock
-                     NQApduServiceInfo defaultServiceInfo = resolveInfo.defaultService;
--                    if (defaultServiceInfo.requiresUnlock() &&
--                            mKeyguard.isKeyguardLocked() && mKeyguard.isKeyguardSecure()) {
-+                    if ((defaultServiceInfo.requiresUnlock()
-+                            || NfcService.getInstance().isSecureNfcEnabled())
-+                          && mKeyguard.isKeyguardLocked() && mKeyguard.isKeyguardSecure()) {
-                         // Just ignore all future APDUs until next tap
-                         mState = STATE_W4_DEACTIVATE;
-                         launchTapAgain(resolveInfo.defaultService, resolveInfo.category);
diff --git a/Patches/LineageOS-17.1/android_external_aac/364027.patch b/Patches/LineageOS-17.1/android_external_aac/364027.patch
deleted file mode 100644
index 9168e565..00000000
--- a/Patches/LineageOS-17.1/android_external_aac/364027.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Fraunhofer IIS FDK <audio-fdk@iis.fraunhofer.de>
-Date: Tue, 30 May 2023 16:39:32 +0200
-Subject: [PATCH] Increase patchParam array size by one and fix out-of-bounce
- write in resetLppTransposer().
-
-Bug: 279766766
-Test: see POC
-(cherry picked from commit f682b8787eb312b9f8997dac4c2c18bb779cf0df)
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:451762ca48e7fb30a0ce77a8962813a3419ec420)
-Merged-In: I206973e0bb21140865efffd930e39f920f477359
-Change-Id: I206973e0bb21140865efffd930e39f920f477359
----
- libSBRdec/src/lpp_tran.h | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/libSBRdec/src/lpp_tran.h b/libSBRdec/src/lpp_tran.h
-index 51b4395..21c4101 100644
---- a/libSBRdec/src/lpp_tran.h
-+++ b/libSBRdec/src/lpp_tran.h
-@@ -1,7 +1,7 @@
- /* -----------------------------------------------------------------------------
- Software License for The Fraunhofer FDK AAC Codec Library for Android
- 
--© Copyright  1995 - 2018 Fraunhofer-Gesellschaft zur Förderung der angewandten
-+© Copyright  1995 - 2023 Fraunhofer-Gesellschaft zur Förderung der angewandten
- Forschung e.V. All rights reserved.
- 
-  1.    INTRODUCTION
-@@ -207,7 +207,7 @@ typedef struct {
-                                             inverse filtering levels */
- 
-   PATCH_PARAM
--  patchParam[MAX_NUM_PATCHES]; /*!< new parameter set for patching */
-+  patchParam[MAX_NUM_PATCHES + 1]; /*!< new parameter set for patching */
-   WHITENING_FACTORS
-   whFactors;     /*!< the pole moving factors for certain
-                     whitening levels as indicated     in the bitstream
diff --git a/Patches/LineageOS-17.1/android_external_freetype/360951.patch b/Patches/LineageOS-17.1/android_external_freetype/360951.patch
deleted file mode 100644
index d8fa7c88..00000000
--- a/Patches/LineageOS-17.1/android_external_freetype/360951.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Werner Lemberg <wl@gnu.org>
-Date: Sat, 19 Mar 2022 06:40:17 +0100
-Subject: [PATCH] DO NOT MERGE - Cherry-pick two upstream changes
-
-This cherry picks following two changes:
-
-0c2bdb01a2e1d24a3e592377a6d0822856e10df2
-22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5
-
-Bug: 271680254
-Test: N/A
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:4ffa271ab538f57b65a65d434a2df9d3f8cd2f4a)
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:b0f8930701bf19229075cc930ad15813ff5fb07b)
-Merged-In: I42469df8e8b07221d64e3f8574c4f30110dbda7e
-Change-Id: I42469df8e8b07221d64e3f8574c4f30110dbda7e
----
- src/base/ftobjs.c | 12 ++++++++++++
- 1 file changed, 12 insertions(+)
-
-diff --git a/src/base/ftobjs.c b/src/base/ftobjs.c
-index 2b444056c..7fdf15372 100644
---- a/src/base/ftobjs.c
-+++ b/src/base/ftobjs.c
-@@ -2358,6 +2358,15 @@
- #endif
- 
- 
-+    /* only use lower 31 bits together with sign bit */
-+    if ( face_index > 0 )
-+      face_index &= 0x7FFFFFFFL;
-+    else
-+    {
-+      face_index &= 0x7FFFFFFFL;
-+      face_index  = -face_index;
-+    }
-+
- #ifdef FT_DEBUG_LEVEL_TRACE
-     FT_TRACE3(( "FT_Open_Face: " ));
-     if ( face_index < 0 )
-@@ -3213,6 +3222,9 @@
-     if ( !face )
-       return FT_THROW( Invalid_Face_Handle );
- 
-+    if ( !face->size )
-+      return FT_THROW( Invalid_Size_Handle );
-+
-     if ( !req || req->width < 0 || req->height < 0 ||
-          req->type >= FT_SIZE_REQUEST_TYPE_MAX )
-       return FT_THROW( Invalid_Argument );
diff --git a/Patches/LineageOS-17.1/android_external_freetype/364028-backport.patch b/Patches/LineageOS-17.1/android_external_freetype/364028-backport.patch
deleted file mode 100644
index 504217ce..00000000
--- a/Patches/LineageOS-17.1/android_external_freetype/364028-backport.patch
+++ /dev/null
@@ -1,386 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Seigo Nonaka <nona@google.com>
-Date: Tue, 2 May 2023 10:01:38 +0900
-Subject: [PATCH] Cherrypick following three changes
-
-[cherrypick 545bf3a27] [sfnt, truetype] Add `size_reset` to `MetricsVariations`.
-[cherrypick daad10810] [truetype] tt_size_reset_height to take FT_Size
-[cherrypick 51ad7b243] [services] FT_Size_Reset_Func to return FT_Error
-
-Bug: 278221085
-Test: TreeHugger
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:9fe9411db4b7e715a39c0ccf48d1e0328f1d8e7c)
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:8d63b0bfcbaba361543fd9394b8d86907f52c97d)
-Merged-In: I7e839b2a36e35c27974a82cc76e853996a7c7688
-Change-Id: I7e839b2a36e35c27974a82cc76e853996a7c7688
----
- include/freetype/internal/services/svmetric.h | 10 ++-
- include/freetype/internal/tttypes.h           | 10 ++-
- src/cff/cffdrivr.c                            |  9 ++-
- src/cff/cffobjs.c                             |  6 +-
- src/sfnt/sfobjs.c                             | 14 ++--
- src/sfnt/ttmtx.c                              |  2 +-
- src/truetype/ttdriver.c                       |  7 +-
- src/truetype/ttgxvar.c                        | 23 +++---
- src/truetype/ttobjs.c                         | 70 +++++++++++--------
- src/truetype/ttobjs.h                         |  6 +-
- 10 files changed, 99 insertions(+), 58 deletions(-)
-
-diff --git a/include/freetype/internal/services/svmetric.h b/include/freetype/internal/services/svmetric.h
-index 91de020bc..8eea460a0 100644
---- a/include/freetype/internal/services/svmetric.h
-+++ b/include/freetype/internal/services/svmetric.h
-@@ -77,6 +77,9 @@ FT_BEGIN_HEADER
-   typedef void
-   (*FT_Metrics_Adjust_Func)( FT_Face  face );
- 
-+  typedef FT_Error
-+  (*FT_Size_Reset_Func)( FT_Size  size );
-+
- 
-   FT_DEFINE_SERVICE( MetricsVariations )
-   {
-@@ -90,6 +93,7 @@ FT_BEGIN_HEADER
-     FT_VOrg_Adjust_Func      vorg_adjust;
- 
-     FT_Metrics_Adjust_Func   metrics_adjust;
-+    FT_Size_Reset_Func       size_reset;
-   };
- 
- 
-@@ -101,7 +105,8 @@ FT_BEGIN_HEADER
-                                                 tsb_adjust_,       \
-                                                 bsb_adjust_,       \
-                                                 vorg_adjust_,      \
--                                                metrics_adjust_  ) \
-+                                                metrics_adjust_,   \
-+                                                size_reset_      ) \
-   static const FT_Service_MetricsVariationsRec  class_ =           \
-   {                                                                \
-     hadvance_adjust_,                                              \
-@@ -111,7 +116,8 @@ FT_BEGIN_HEADER
-     tsb_adjust_,                                                   \
-     bsb_adjust_,                                                   \
-     vorg_adjust_,                                                  \
--    metrics_adjust_                                                \
-+    metrics_adjust_,                                               \
-+    size_reset_                                                    \
-   };
- 
-   /* */
-diff --git a/include/freetype/internal/tttypes.h b/include/freetype/internal/tttypes.h
-index 4df6b298f..fd9f02821 100644
---- a/include/freetype/internal/tttypes.h
-+++ b/include/freetype/internal/tttypes.h
-@@ -1650,8 +1650,14 @@ FT_BEGIN_HEADER
-     void*                 mm;
- 
-     /* a typeless pointer to the FT_Service_MetricsVariationsRec table */
--    /* used to handle the HVAR, VVAR, and MVAR OpenType tables         */
--    void*                 var;
-+    /* used to handle the HVAR, VVAR, and MVAR OpenType tables by the  */
-+    /* "truetype" driver                                               */
-+    void*                 tt_var;
-+
-+    /* a typeless pointer to the FT_Service_MetricsVariationsRec table */
-+    /* used to handle the HVAR, VVAR, and MVAR OpenType tables by this */
-+    /* TT_Face's driver                                                */
-+    void*                 face_var;
- #endif
- 
-     /* a typeless pointer to the PostScript Aux service */
-diff --git a/src/cff/cffdrivr.c b/src/cff/cffdrivr.c
-index 997a734fb..6eaad8bbd 100644
---- a/src/cff/cffdrivr.c
-+++ b/src/cff/cffdrivr.c
-@@ -940,7 +940,8 @@
-                        FT_UInt   gindex,
-                        FT_Int   *avalue )
-   {
--    FT_Service_MetricsVariations  var = (FT_Service_MetricsVariations)face->var;
-+    FT_Service_MetricsVariations
-+      var = (FT_Service_MetricsVariations)face->tt_var;
- 
- 
-     return var->hadvance_adjust( FT_FACE( face ), gindex, avalue );
-@@ -950,7 +951,8 @@
-   static void
-   cff_metrics_adjust( CFF_Face  face )
-   {
--    FT_Service_MetricsVariations  var = (FT_Service_MetricsVariations)face->var;
-+    FT_Service_MetricsVariations
-+      var = (FT_Service_MetricsVariations)face->tt_var;
- 
- 
-     var->metrics_adjust( FT_FACE( face ) );
-@@ -969,7 +971,8 @@
-     (FT_BSB_Adjust_Func)     NULL,                   /* bsb_adjust      */
-     (FT_VOrg_Adjust_Func)    NULL,                   /* vorg_adjust     */
- 
--    (FT_Metrics_Adjust_Func) cff_metrics_adjust      /* metrics_adjust  */
-+    (FT_Metrics_Adjust_Func) cff_metrics_adjust,     /* metrics_adjust  */
-+    (FT_Size_Reset_Func)     NULL                    /* size_reset      */
-   )
- #endif
- 
-diff --git a/src/cff/cffobjs.c b/src/cff/cffobjs.c
-index b3f0f99e3..97d8f8e9f 100644
---- a/src/cff/cffobjs.c
-+++ b/src/cff/cffobjs.c
-@@ -709,8 +709,10 @@
- 
- #ifdef TT_CONFIG_OPTION_GX_VAR_SUPPORT
-       {
--        FT_Service_MultiMasters       mm  = (FT_Service_MultiMasters)face->mm;
--        FT_Service_MetricsVariations  var = (FT_Service_MetricsVariations)face->var;
-+        FT_Service_MultiMasters
-+          mm = (FT_Service_MultiMasters)face->mm;
-+        FT_Service_MetricsVariations
-+          var = (FT_Service_MetricsVariations)face->face_var;
- 
-         FT_UInt  instance_index = (FT_UInt)face_index >> 16;
- 
-diff --git a/src/sfnt/sfobjs.c b/src/sfnt/sfobjs.c
-index 9dfc20e83..764cd23e9 100644
---- a/src/sfnt/sfobjs.c
-+++ b/src/sfnt/sfobjs.c
-@@ -896,17 +896,23 @@
-                                         0 );
-     }
- 
--    if ( !face->var )
-+    if ( !face->tt_var )
-     {
-       /* we want the metrics variations interface */
-       /* from the `truetype' module only          */
-       FT_Module  tt_module = FT_Get_Module( library, "truetype" );
- 
- 
--      face->var = ft_module_get_service( tt_module,
--                                         FT_SERVICE_ID_METRICS_VARIATIONS,
--                                         0 );
-+      face->tt_var = ft_module_get_service( tt_module,
-+                                            FT_SERVICE_ID_METRICS_VARIATIONS,
-+                                            0 );
-     }
-+
-+    if ( !face->face_var )
-+      face->face_var = ft_module_get_service(
-+                         &face->root.driver->root,
-+                         FT_SERVICE_ID_METRICS_VARIATIONS,
-+                         0 );
- #endif
- 
-     FT_TRACE2(( "SFNT driver\n" ));
-diff --git a/src/sfnt/ttmtx.c b/src/sfnt/ttmtx.c
-index 8edf4e6a3..89e1fb5a5 100644
---- a/src/sfnt/ttmtx.c
-+++ b/src/sfnt/ttmtx.c
-@@ -240,7 +240,7 @@
- 
- #ifdef TT_CONFIG_OPTION_GX_VAR_SUPPORT
-     FT_Service_MetricsVariations  var =
--      (FT_Service_MetricsVariations)face->var;
-+      (FT_Service_MetricsVariations)face->tt_var;
- #endif
- 
- 
-diff --git a/src/truetype/ttdriver.c b/src/truetype/ttdriver.c
-index eac736c4a..22e897053 100644
---- a/src/truetype/ttdriver.c
-+++ b/src/truetype/ttdriver.c
-@@ -307,7 +307,7 @@
-       /* use the scaled metrics, even when tt_size_reset fails */
-       FT_Select_Metrics( size->face, strike_index );
- 
--      tt_size_reset( ttsize, 0 ); /* ignore return value */
-+      tt_size_reset( ttsize ); /* ignore return value */
-     }
-     else
-     {
-@@ -359,7 +359,7 @@
- 
-     if ( FT_IS_SCALABLE( size->face ) )
-     {
--      error = tt_size_reset( ttsize, 0 );
-+      error = tt_size_reset( ttsize );
- 
- #ifdef TT_USE_BYTECODE_INTERPRETER
-       /* for the `MPS' bytecode instruction we need the point size */
-@@ -523,7 +523,8 @@
-     (FT_BSB_Adjust_Func)     NULL,                   /* bsb_adjust      */
-     (FT_VOrg_Adjust_Func)    NULL,                   /* vorg_adjust     */
- 
--    (FT_Metrics_Adjust_Func) tt_apply_mvar           /* metrics_adjust  */
-+    (FT_Metrics_Adjust_Func) tt_apply_mvar,          /* metrics_adjust  */
-+    (FT_Size_Reset_Func)     tt_size_reset_height    /* size_reset      */
-   )
- 
- #endif /* TT_CONFIG_OPTION_GX_VAR_SUPPORT */
-diff --git a/src/truetype/ttgxvar.c b/src/truetype/ttgxvar.c
-index 3df50d630..f2d2ccabb 100644
---- a/src/truetype/ttgxvar.c
-+++ b/src/truetype/ttgxvar.c
-@@ -1300,15 +1300,14 @@
- 
- 
-   static FT_Error
--  tt_size_reset_iterator( FT_ListNode  node,
-+  ft_size_reset_iterator( FT_ListNode  node,
-                           void*        user )
-   {
--    TT_Size  size = (TT_Size)node->data;
-+    FT_Size                       size = (FT_Size)node->data;
-+    FT_Service_MetricsVariations  var  = (FT_Service_MetricsVariations)user;
- 
--    FT_UNUSED( user );
- 
--
--    tt_size_reset( size, 1 );
-+    var->size_reset( size );
- 
-     return FT_Err_Ok;
-   }
-@@ -1370,6 +1369,9 @@
- 
-     /* adjust all derived values */
-     {
-+      FT_Service_MetricsVariations  var =
-+        (FT_Service_MetricsVariations)face->face_var;
-+
-       FT_Face  root = &face->root;
- 
- 
-@@ -1396,11 +1398,12 @@
-                                   face->postscript.underlineThickness / 2;
-       root->underline_thickness = face->postscript.underlineThickness;
- 
--      /* iterate over all FT_Size objects and call `tt_size_reset' */
--      /* to propagate the metrics changes                          */
--      FT_List_Iterate( &root->sizes_list,
--                       tt_size_reset_iterator,
--                       NULL );
-+      /* iterate over all FT_Size objects and call `var->size_reset' */
-+      /* to propagate the metrics changes                            */
-+      if ( var && var->size_reset )
-+        FT_List_Iterate( &root->sizes_list,
-+                         ft_size_reset_iterator,
-+                         (void*)var );
-     }
-   }
- 
-diff --git a/src/truetype/ttobjs.c b/src/truetype/ttobjs.c
-index df6c72a10..e22b6c3c7 100644
---- a/src/truetype/ttobjs.c
-+++ b/src/truetype/ttobjs.c
-@@ -1269,39 +1269,29 @@
-   /**************************************************************************
-    *
-    * @Function:
--   *   tt_size_reset
-+   *   tt_size_reset_height
-    *
-    * @Description:
--   *   Reset a TrueType size when resolutions and character dimensions
--   *   have been changed.
-+   *   Recompute a TrueType size's ascender, descender, and height
-+   *   when resolutions and character dimensions have been changed.
-+   *   Used for variation fonts as an iterator function.
-    *
-    * @Input:
--   *   size ::
--   *     A handle to the target size object.
--   *
--   *   only_height ::
--   *     Only recompute ascender, descender, and height;
--   *     this flag is used for variation fonts where
--   *     `tt_size_reset' is used as an iterator function.
-+   *   ft_size ::
-+   *     A handle to the target TT_Size object. This function will be called
-+   *     through a `FT_Size_Reset_Func` pointer which takes `FT_Size`. This
-+   *     function must take `FT_Size` as a result. The passed `FT_Size` is
-+   *     expected to point to a `TT_Size`.
-    */
-   FT_LOCAL_DEF( FT_Error )
--  tt_size_reset( TT_Size  size,
--                 FT_Bool  only_height )
-+  tt_size_reset_height( FT_Size  ft_size )
-   {
--    TT_Face           face;
--    FT_Size_Metrics*  size_metrics;
--
--
--    face = (TT_Face)size->root.face;
--
--    /* nothing to do for CFF2 */
--    if ( face->is_cff2 )
--      return FT_Err_Ok;
-+    TT_Size           size         = (TT_Size)ft_size;
-+    TT_Face           face         = (TT_Face)size->root.face;
-+    FT_Size_Metrics*  size_metrics = &size->hinted_metrics;
- 
-     size->ttmetrics.valid = FALSE;
- 
--    size_metrics = &size->hinted_metrics;
--
-     /* copy the result from base layer */
-     *size_metrics = size->root.metrics;
- 
-@@ -1328,12 +1318,34 @@
- 
-     size->ttmetrics.valid = TRUE;
- 
--    if ( only_height )
--    {
--      /* we must not recompute the scaling values here since       */
--      /* `tt_size_reset' was already called (with only_height = 0) */
--      return FT_Err_Ok;
--    }
-+    return FT_Err_Ok;
-+  }
-+
-+
-+  /**************************************************************************
-+   *
-+   * @Function:
-+   *   tt_size_reset
-+   *
-+   * @Description:
-+   *   Reset a TrueType size when resolutions and character dimensions
-+   *   have been changed.
-+   *
-+   * @Input:
-+   *   size ::
-+   *     A handle to the target size object.
-+   */
-+  FT_LOCAL_DEF( FT_Error )
-+  tt_size_reset( TT_Size  size )
-+  {
-+    FT_Error          error;
-+    TT_Face           face         = (TT_Face)size->root.face;
-+    FT_Size_Metrics*  size_metrics = &size->hinted_metrics;
-+
-+
-+    error = tt_size_reset_height( (FT_Size)size );
-+    if ( error )
-+      return error;
- 
-     if ( face->header.Flags & 8 )
-     {
-diff --git a/src/truetype/ttobjs.h b/src/truetype/ttobjs.h
-index dcff3f7a0..99895794a 100644
---- a/src/truetype/ttobjs.h
-+++ b/src/truetype/ttobjs.h
-@@ -390,8 +390,10 @@ FT_BEGIN_HEADER
- #endif /* TT_USE_BYTECODE_INTERPRETER */
- 
-   FT_LOCAL( FT_Error )
--  tt_size_reset( TT_Size  size,
--                 FT_Bool  only_height );
-+  tt_size_reset_height( FT_Size  size );
-+
-+  FT_LOCAL( FT_Error )
-+  tt_size_reset( TT_Size  size );
- 
- 
-   /**************************************************************************
diff --git a/Patches/LineageOS-17.1/android_frameworks_av/365962.patch b/Patches/LineageOS-17.1/android_frameworks_av/365962.patch
deleted file mode 100644
index 77074939..00000000
--- a/Patches/LineageOS-17.1/android_frameworks_av/365962.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Shruti Bihani <shrutibihani@google.com>
-Date: Thu, 6 Jul 2023 08:41:56 +0000
-Subject: [PATCH] Fix Segv on unknown address error flagged by fuzzer test.
-
-The error is thrown when the destructor tries to free pointer memory.
-This is happening for cases where the pointer was not initialized. Initializing it to a default value fixes the error.
-
-Bug: 245135112
-Test: Build mtp_host_property_fuzzer and run on the target device
-(cherry picked from commit 3afa6e80e8568fe63f893fa354bc79ef91d3dcc0)
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:d44311374e41a26b28db56794c9a7890a13a6972)
-Merged-In: I255cd68b7641e96ac47ab81479b9b46b78c15580
-Change-Id: I255cd68b7641e96ac47ab81479b9b46b78c15580
----
- media/mtp/MtpProperty.h | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/media/mtp/MtpProperty.h b/media/mtp/MtpProperty.h
-index bfd5f7f59a..1eb8874af1 100644
---- a/media/mtp/MtpProperty.h
-+++ b/media/mtp/MtpProperty.h
-@@ -26,6 +26,9 @@ namespace android {
- class MtpDataPacket;
- 
- struct MtpPropertyValue {
-+    // pointer str initialized to NULL so that free operation
-+    // is not called for pre-assigned value
-+    MtpPropertyValue() : str (NULL) {}
-     union {
-         int8_t          i8;
-         uint8_t         u8;
diff --git a/Patches/LineageOS-17.1/android_frameworks_base/360952-backport.patch b/Patches/LineageOS-17.1/android_frameworks_base/360952-backport.patch
deleted file mode 100644
index 46694c4f..00000000
--- a/Patches/LineageOS-17.1/android_frameworks_base/360952-backport.patch
+++ /dev/null
@@ -1,233 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: "Nate(Qiang) Jiang" <qiangjiang@google.com>
-Date: Wed, 26 Oct 2022 21:52:34 +0000
-Subject: [PATCH] Passpoint Add more check to limit the config size
-
-Bug: 245299920
-Test: atest con.android.server.wifi
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:e1a80210f3f0391c989a2a86fd4aef739bf2574c)
-Merged-In: I97522ce3607547c10025caa107cd1a40455a9c5d
-Change-Id: I97522ce3607547c10025caa107cd1a40455a9c5d
-
-Change-Id: Id95fc30cb9f22276114ecef543d7a7e9e0c3459b
----
- .../wifi/hotspot2/PasspointConfiguration.java | 47 ++++++++++-
- .../net/wifi/hotspot2/pps/Credential.java     | 10 ++-
- .../android/net/wifi/hotspot2/pps/HomeSp.java | 79 ++++++++++++++++++-
- .../hotspot2/PasspointConfigurationTest.java  |  2 +-
- 4 files changed, 134 insertions(+), 4 deletions(-)
-
-diff --git a/wifi/java/android/net/wifi/hotspot2/PasspointConfiguration.java b/wifi/java/android/net/wifi/hotspot2/PasspointConfiguration.java
-index 9095b5d927a2..f88d6f6ca25a 100644
---- a/wifi/java/android/net/wifi/hotspot2/PasspointConfiguration.java
-+++ b/wifi/java/android/net/wifi/hotspot2/PasspointConfiguration.java
-@@ -52,8 +52,42 @@ public final class PasspointConfiguration implements Parcelable {
- 
-     /**
-      * Maximum bytes for URL string.
-+     * @hide
-+     */
-+    public static final int MAX_URL_BYTES = 2048;
-+
-+    /**
-+     * Maximum size for match entry, just to limit the size of the Passpoint config.
-+     * @hide
-+     */
-+    public static final int MAX_NUMBER_OF_ENTRIES = 16;
-+
-+    /**
-+     * Maximum size for OI entry.
-+     * The spec allows a string of up to 255 characters, with comma delimited numbers like
-+     * 001122,334455. So with minimum OI size of 7, the maximum amount of OIs is 36.
-+     * @hide
-+     */
-+    public static final int MAX_NUMBER_OF_OI = 36;
-+
-+
-+    /**
-+     * Maximum bytes for a string entry like FQDN and friendly name.
-+     * @hide
-      */
--    private static final int MAX_URL_BYTES = 1023;
-+    public static final int MAX_STRING_LENGTH = 255;
-+
-+    /**
-+     * HESSID is 48 bit.
-+     * @hide
-+     */
-+    public static final long MAX_HESSID_VALUE = ((long) 1 << 48)  - 1;
-+
-+    /**
-+     * Organization Identifiers is 3 or 5 Octets. 24 or 36 bit.
-+     * @hide
-+     */
-+    public static final long MAX_OI_VALUE = ((long) 1 << 40)  - 1;
- 
-     /**
-      * Integer value used for indicating null value in the Parcel.
-@@ -572,7 +606,18 @@ public final class PasspointConfiguration implements Parcelable {
-             return false;
-         }
- 
-+        if (mSubscriptionType != null) {
-+            if (mSubscriptionType.getBytes(StandardCharsets.UTF_8).length > MAX_STRING_LENGTH) {
-+                Log.d(TAG, "SubscriptionType is too long");
-+                return false;
-+            }
-+        }
-+
-         if (mTrustRootCertList != null) {
-+            if (mTrustRootCertList.size() > MAX_NUMBER_OF_ENTRIES) {
-+                Log.d(TAG, "Too many TrustRootCert");
-+                return false;
-+            }
-             for (Map.Entry<String, byte[]> entry : mTrustRootCertList.entrySet()) {
-                 String url = entry.getKey();
-                 byte[] certFingerprint = entry.getValue();
-diff --git a/wifi/java/android/net/wifi/hotspot2/pps/Credential.java b/wifi/java/android/net/wifi/hotspot2/pps/Credential.java
-index 9409c03c614d..6d12ccef29ae 100644
---- a/wifi/java/android/net/wifi/hotspot2/pps/Credential.java
-+++ b/wifi/java/android/net/wifi/hotspot2/pps/Credential.java
-@@ -16,6 +16,8 @@
- 
- package android.net.wifi.hotspot2.pps;
- 
-+import static android.net.wifi.hotspot2.PasspointConfiguration.MAX_STRING_LENGTH;
-+
- import android.net.wifi.EAPConstants;
- import android.net.wifi.ParcelUtil;
- import android.os.Parcel;
-@@ -413,7 +415,13 @@ public final class Credential implements Parcelable {
-                         + mPassword.getBytes(StandardCharsets.UTF_8).length);
-                 return false;
-             }
--
-+            if (mSoftTokenApp != null) {
-+                if (mSoftTokenApp.getBytes(StandardCharsets.UTF_8).length > MAX_STRING_LENGTH) {
-+                    Log.d(TAG, "app name exceeding maximum length: "
-+                            + mSoftTokenApp.getBytes(StandardCharsets.UTF_8).length);
-+                    return false;
-+                }
-+            }
-             // Only supports EAP-TTLS for user credential.
-             if (mEapType != EAPConstants.EAP_TTLS) {
-                 Log.d(TAG, "Invalid EAP Type for user credential: " + mEapType);
-diff --git a/wifi/java/android/net/wifi/hotspot2/pps/HomeSp.java b/wifi/java/android/net/wifi/hotspot2/pps/HomeSp.java
-index 49a76c33d209..cdb9ec5cec3c 100644
---- a/wifi/java/android/net/wifi/hotspot2/pps/HomeSp.java
-+++ b/wifi/java/android/net/wifi/hotspot2/pps/HomeSp.java
-@@ -16,6 +16,13 @@
- 
- package android.net.wifi.hotspot2.pps;
- 
-+import static android.net.wifi.hotspot2.PasspointConfiguration.MAX_HESSID_VALUE;
-+import static android.net.wifi.hotspot2.PasspointConfiguration.MAX_NUMBER_OF_ENTRIES;
-+import static android.net.wifi.hotspot2.PasspointConfiguration.MAX_NUMBER_OF_OI;
-+import static android.net.wifi.hotspot2.PasspointConfiguration.MAX_OI_VALUE;
-+import static android.net.wifi.hotspot2.PasspointConfiguration.MAX_STRING_LENGTH;
-+import static android.net.wifi.hotspot2.PasspointConfiguration.MAX_URL_BYTES;
-+
- import android.os.Parcelable;
- import android.os.Parcel;
- import android.text.TextUtils;
-@@ -328,16 +335,86 @@ public final class HomeSp implements Parcelable {
-             Log.d(TAG, "Missing FQDN");
-             return false;
-         }
-+        if (mFqdn.getBytes(StandardCharsets.UTF_8).length > MAX_STRING_LENGTH) {
-+            Log.d(TAG, "FQDN is too long");
-+            return false;
-+        }
-         if (TextUtils.isEmpty(mFriendlyName)) {
-             Log.d(TAG, "Missing friendly name");
-             return false;
-         }
-+        if (mFriendlyName.getBytes(StandardCharsets.UTF_8).length > MAX_STRING_LENGTH) {
-+            Log.d(TAG, "Friendly name is too long");
-+            return false;
-+        }
-         // Verify SSIDs specified in the NetworkID
-         if (mHomeNetworkIds != null) {
-+            if (mHomeNetworkIds.size() > MAX_NUMBER_OF_ENTRIES) {
-+                Log.d(TAG, "too many SSID in HomeNetworkIDs");
-+                return false;
-+            }
-             for (Map.Entry<String, Long> entry : mHomeNetworkIds.entrySet()) {
-                 if (entry.getKey() == null ||
-                         entry.getKey().getBytes(StandardCharsets.UTF_8).length > MAX_SSID_BYTES) {
--                    Log.d(TAG, "Invalid SSID in HomeNetworkIDs");
-+                    Log.d(TAG, "SSID is too long in HomeNetworkIDs");
-+                    return false;
-+                }
-+                if (entry.getValue() != null
-+                        && (entry.getValue() > MAX_HESSID_VALUE || entry.getValue() < 0)) {
-+                    Log.d(TAG, "HESSID is out of range");
-+                    return false;
-+                }
-+            }
-+        }
-+        if (mIconUrl != null && mIconUrl.getBytes(StandardCharsets.UTF_8).length > MAX_URL_BYTES) {
-+            Log.d(TAG, "Icon URL is too long");
-+            return false;
-+        }
-+        if (mMatchAllOis != null) {
-+            if (mMatchAllOis.length > MAX_NUMBER_OF_OI) {
-+                Log.d(TAG, "too many match all Organization Identifiers in the profile");
-+                return false;
-+            }
-+            for (long oi : mMatchAllOis) {
-+                if (oi > MAX_OI_VALUE || oi < 0) {
-+                    Log.d(TAG, "Organization Identifiers is out of range");
-+                    return false;
-+                }
-+            }
-+        }
-+        if (mMatchAnyOis != null) {
-+            if (mMatchAnyOis.length > MAX_NUMBER_OF_OI) {
-+                Log.d(TAG, "too many match any Organization Identifiers in the profile");
-+                return false;
-+            }
-+            for (long oi : mMatchAnyOis) {
-+                if (oi > MAX_OI_VALUE || oi < 0) {
-+                    Log.d(TAG, "Organization Identifiers is out of range");
-+                    return false;
-+                }
-+            }
-+        }
-+        if (mRoamingConsortiumOis != null) {
-+            if (mRoamingConsortiumOis.length > MAX_NUMBER_OF_OI) {
-+                Log.d(TAG, "too many Roaming Consortium Organization Identifiers in the "
-+                        + "profile");
-+                return false;
-+            }
-+            for (long oi : mRoamingConsortiumOis) {
-+                if (oi > MAX_OI_VALUE || oi < 0) {
-+                    Log.d(TAG, "Organization Identifiers is out of range");
-+                    return false;
-+                }
-+            }
-+        }
-+        if (mOtherHomePartners != null) {
-+            if (mOtherHomePartners.length > MAX_NUMBER_OF_ENTRIES) {
-+                Log.d(TAG, "too many other home partners in the profile");
-+                return false;
-+            }
-+            for (String fqdn : mOtherHomePartners) {
-+                if (fqdn.length() > MAX_STRING_LENGTH) {
-+                    Log.d(TAG, "FQDN is too long in OtherHomePartners");
-                     return false;
-                 }
-             }
-diff --git a/wifi/tests/src/android/net/wifi/hotspot2/PasspointConfigurationTest.java b/wifi/tests/src/android/net/wifi/hotspot2/PasspointConfigurationTest.java
-index fc03e7eb6176..6b4f7b0cc51e 100644
---- a/wifi/tests/src/android/net/wifi/hotspot2/PasspointConfigurationTest.java
-+++ b/wifi/tests/src/android/net/wifi/hotspot2/PasspointConfigurationTest.java
-@@ -43,7 +43,7 @@ import java.util.Map;
-  */
- @SmallTest
- public class PasspointConfigurationTest {
--    private static final int MAX_URL_BYTES = 1023;
-+    private static final int MAX_URL_BYTES = 2048;
-     private static final int CERTIFICATE_FINGERPRINT_BYTES = 32;
- 
-     /**
diff --git a/Patches/LineageOS-17.1/android_frameworks_base/360953-backport.patch b/Patches/LineageOS-17.1/android_frameworks_base/360953-backport.patch
deleted file mode 100644
index 9941be55..00000000
--- a/Patches/LineageOS-17.1/android_frameworks_base/360953-backport.patch
+++ /dev/null
@@ -1,145 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Lucas Lin <lucaslin@google.com>
-Date: Fri, 3 Mar 2023 08:13:50 +0000
-Subject: [PATCH] Sanitize VPN label to prevent HTML injection
-
-This commit will try to sanitize the content of VpnDialog. This
-commit creates a function which will try to sanitize the VPN
-label, if the sanitized VPN label is different from the original
-one, which means the VPN label might contain HTML tag or the VPN
-label violates the words restriction(may contain some wording
-which will mislead the user). For this kind of case, show the
-package name instead of the VPN label to prevent misleading the
-user.
-
-The malicious VPN app might be able to add a large number of line
-breaks with HTML in order to hide the system-displayed text from
-the user in the connection request dialog. Thus, sanitizing the
-content of the dialog is needed.
-
-Bug: 204554636
-Test: N/A
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:2178216b98bf9865edee198f45192f0b883624ab)
-Merged-In: I8eb890fd2e5797d8d6ab5b12f9c628bc9616081d
-Change-Id: I8eb890fd2e5797d8d6ab5b12f9c628bc9616081d
----
- packages/VpnDialogs/res/values/strings.xml    | 28 ++++++++++
- .../com/android/vpndialogs/ConfirmDialog.java | 53 +++++++++++++++++--
- 2 files changed, 76 insertions(+), 5 deletions(-)
-
-diff --git a/packages/VpnDialogs/res/values/strings.xml b/packages/VpnDialogs/res/values/strings.xml
-index 443a9bc33b90..b4166f0bedfd 100644
---- a/packages/VpnDialogs/res/values/strings.xml
-+++ b/packages/VpnDialogs/res/values/strings.xml
-@@ -89,4 +89,32 @@
-          without any consequences. [CHAR LIMIT=20] -->
-     <string name="dismiss">Dismiss</string>
- 
-+    <!-- Malicious VPN apps may provide very long labels or cunning HTML to trick the system dialogs
-+         into displaying what they want. The system will attempt to sanitize the label, and if the
-+         label is deemed dangerous, then this string is used instead. The first argument is the
-+         first 30 characters of the label, and the second argument is the package name of the app.
-+         Example : Normally a VPN app may be called "My VPN app" in which case the dialog will read
-+         "My VPN app wants to set up a VPN connection...". If the label is very long, then, this
-+         will be used to show "VerylongVPNlabel… (com.my.vpn.app) wants to set up a VPN
-+         connection...". For this case, the code will refer to sanitized_vpn_label_with_ellipsis.
-+    -->
-+    <string name="sanitized_vpn_label_with_ellipsis">
-+        <xliff:g id="sanitized_vpn_label_with_ellipsis" example="My VPN app">%1$s</xliff:g>… (
-+        <xliff:g id="sanitized_vpn_label_with_ellipsis" example="com.my.vpn.app">%2$s</xliff:g>)
-+    </string>
-+
-+    <!-- Malicious VPN apps may provide very long labels or cunning HTML to trick the system dialogs
-+         into displaying what they want. The system will attempt to sanitize the label, and if the
-+         label is deemed dangerous, then this string is used instead. The first argument is the
-+         label, and the second argument is the package name of the app.
-+         Example : Normally a VPN app may be called "My VPN app" in which case the dialog will read
-+         "My VPN app wants to set up a VPN connection...". If the VPN label contains HTML tag but
-+         the length is not very long, the dialog will show "VpnLabelWith&lt;br&gt;HtmlTag
-+         (com.my.vpn.app) wants to set up a VPN connection...". For this case, the code will refer
-+         to sanitized_vpn_label.
-+    -->
-+    <string name="sanitized_vpn_label">
-+        <xliff:g id="sanitized_vpn_label" example="My VPN app">%1$s</xliff:g> (
-+        <xliff:g id="sanitized_vpn_label" example="com.my.vpn.app">%2$s</xliff:g>)
-+    </string>
- </resources>
-diff --git a/packages/VpnDialogs/src/com/android/vpndialogs/ConfirmDialog.java b/packages/VpnDialogs/src/com/android/vpndialogs/ConfirmDialog.java
-index 48adb9ba3f63..f74cc2f93916 100644
---- a/packages/VpnDialogs/src/com/android/vpndialogs/ConfirmDialog.java
-+++ b/packages/VpnDialogs/src/com/android/vpndialogs/ConfirmDialog.java
-@@ -43,10 +43,52 @@ public class ConfirmDialog extends AlertActivity
-         implements DialogInterface.OnClickListener, ImageGetter {
-     private static final String TAG = "VpnConfirm";
- 
-+    // Usually the label represents the app name, 150 code points might be enough to display the app
-+    // name, and 150 code points won't cover the warning message from VpnDialog.
-+    static final int MAX_VPN_LABEL_LENGTH = 150;
-+
-     private String mPackage;
- 
-     private IConnectivityManager mService;
- 
-+    private View mView;
-+
-+    /**
-+     * This function will use the string resource to combine the VPN label and the package name.
-+     *
-+     * If the VPN label violates the length restriction, the first 30 code points of VPN label and
-+     * the package name will be returned. Or return the VPN label and the package name directly if
-+     * the VPN label doesn't violate the length restriction.
-+     *
-+     * The result will be something like,
-+     * - ThisIsAVeryLongVpnAppNameWhich... (com.vpn.app)
-+     *   if the VPN label violates the length restriction.
-+     * or
-+     * - VpnLabelWith&lt;br&gt;HtmlTag (com.vpn.app)
-+     *   if the VPN label doesn't violate the length restriction.
-+     *
-+     */
-+    private String getSimplifiedLabel(String vpnLabel, String packageName) {
-+        if (vpnLabel.codePointCount(0, vpnLabel.length()) > 30) {
-+            return getString(R.string.sanitized_vpn_label_with_ellipsis,
-+                vpnLabel.substring(0, vpnLabel.offsetByCodePoints(0, 30)),
-+                packageName);
-+        }
-+
-+        return getString(R.string.sanitized_vpn_label, vpnLabel, packageName);
-+    }
-+
-+    protected String getSanitizedVpnLabel(String vpnLabel, String packageName) {
-+        final String sanitizedVpnLabel = Html.escapeHtml(vpnLabel);
-+        final boolean exceedMaxVpnLabelLength = sanitizedVpnLabel.codePointCount(0,
-+            sanitizedVpnLabel.length()) > MAX_VPN_LABEL_LENGTH;
-+        if (exceedMaxVpnLabelLength || !vpnLabel.equals(sanitizedVpnLabel)) {
-+            return getSimplifiedLabel(sanitizedVpnLabel, packageName);
-+        }
-+
-+        return sanitizedVpnLabel;
-+    }
-+
-     @Override
-     protected void onCreate(Bundle savedInstanceState) {
-         super.onCreate(savedInstanceState);
-@@ -69,15 +111,16 @@ public class ConfirmDialog extends AlertActivity
-             finish();
-             return;
-         }
--        View view = View.inflate(this, R.layout.confirm, null);
--        ((TextView) view.findViewById(R.id.warning)).setText(
--                Html.fromHtml(getString(R.string.warning, getVpnLabel()),
--                        this, null /* tagHandler */));
-+        mView = View.inflate(this, R.layout.confirm, null);
-+        ((TextView) mView.findViewById(R.id.warning)).setText(
-+                Html.fromHtml(getString(R.string.warning, getSanitizedVpnLabel(
-+                    getVpnLabel().toString(), mPackage)),
-+                    this /* imageGetter */, null /* tagHandler */));
-         mAlertParams.mTitle = getText(R.string.prompt);
-         mAlertParams.mPositiveButtonText = getText(android.R.string.ok);
-         mAlertParams.mPositiveButtonListener = this;
-         mAlertParams.mNegativeButtonText = getText(android.R.string.cancel);
--        mAlertParams.mView = view;
-+        mAlertParams.mView = mView;
-         setupAlert();
- 
-         getWindow().setCloseOnTouchOutside(false);
diff --git a/Patches/LineageOS-17.1/android_frameworks_base/360954.patch b/Patches/LineageOS-17.1/android_frameworks_base/360954.patch
deleted file mode 100644
index 6fd443ea..00000000
--- a/Patches/LineageOS-17.1/android_frameworks_base/360954.patch
+++ /dev/null
@@ -1,84 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Michael Groover <mpgroover@google.com>
-Date: Fri, 31 Mar 2023 21:31:22 +0000
-Subject: [PATCH] Limit the number of supported v1 and v2 signers
-
-The v1 and v2 APK Signature Schemes support multiple signers; this
-was intended to allow multiple entities to sign an APK. Previously,
-the platform had no limits placed on the number of signers supported
-in an APK, but this commit sets a hard limit of 10 supported signers
-for these signature schemes to ensure a large number of signers
-does not place undue burden on the platform.
-
-Bug: 266580022
-Test: Manually verified the platform only allowed an APK with the
-       maximum number of supported signers.
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:6f6ee8a55f37c2b8c0df041b2bd53ec928764597)
-Merged-In: I6aa86b615b203cdc69d58a593ccf8f18474ca091
-Change-Id: I6aa86b615b203cdc69d58a593ccf8f18474ca091
----
- .../util/apk/ApkSignatureSchemeV2Verifier.java        | 10 ++++++++++
- core/java/android/util/jar/StrictJarVerifier.java     | 11 +++++++++++
- 2 files changed, 21 insertions(+)
-
-diff --git a/core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java b/core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java
-index b36888e23f9c..0fa5358e9b86 100644
---- a/core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java
-+++ b/core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java
-@@ -83,6 +83,11 @@ public class ApkSignatureSchemeV2Verifier {
- 
-     private static final int APK_SIGNATURE_SCHEME_V2_BLOCK_ID = 0x7109871a;
- 
-+    /**
-+     * The maximum number of signers supported by the v2 APK signature scheme.
-+     */
-+    private static final int MAX_V2_SIGNERS = 10;
-+
-     /**
-      * Returns {@code true} if the provided APK contains an APK Signature Scheme V2 signature.
-      *
-@@ -188,6 +193,11 @@ public class ApkSignatureSchemeV2Verifier {
-         }
-         while (signers.hasRemaining()) {
-             signerCount++;
-+            if (signerCount > MAX_V2_SIGNERS) {
-+                throw new SecurityException(
-+                        "APK Signature Scheme v2 only supports a maximum of " + MAX_V2_SIGNERS
-+                                + " signers");
-+            }
-             try {
-                 ByteBuffer signer = getLengthPrefixedSlice(signers);
-                 X509Certificate[] certs = verifySigner(signer, contentDigests, certFactory);
-diff --git a/core/java/android/util/jar/StrictJarVerifier.java b/core/java/android/util/jar/StrictJarVerifier.java
-index 45254908c5c9..a6aca330d323 100644
---- a/core/java/android/util/jar/StrictJarVerifier.java
-+++ b/core/java/android/util/jar/StrictJarVerifier.java
-@@ -78,6 +78,11 @@ class StrictJarVerifier {
-         "SHA1",
-     };
- 
-+    /**
-+     * The maximum number of signers supported by the JAR signature scheme.
-+     */
-+    private static final int MAX_JAR_SIGNERS = 10;
-+
-     private final String jarName;
-     private final StrictJarManifest manifest;
-     private final HashMap<String, byte[]> metaEntries;
-@@ -293,10 +298,16 @@ class StrictJarVerifier {
-             return false;
-         }
- 
-+        int signerCount = 0;
-         Iterator<String> it = metaEntries.keySet().iterator();
-         while (it.hasNext()) {
-             String key = it.next();
-             if (key.endsWith(".DSA") || key.endsWith(".RSA") || key.endsWith(".EC")) {
-+                if (++signerCount > MAX_JAR_SIGNERS) {
-+                    throw new SecurityException(
-+                            "APK Signature Scheme v1 only supports a maximum of " + MAX_JAR_SIGNERS
-+                                    + " signers");
-+                }
-                 verifyCertificate(key);
-                 it.remove();
-             }
diff --git a/Patches/LineageOS-17.1/android_frameworks_base/360955.patch b/Patches/LineageOS-17.1/android_frameworks_base/360955.patch
deleted file mode 100644
index eb473ec1..00000000
--- a/Patches/LineageOS-17.1/android_frameworks_base/360955.patch
+++ /dev/null
@@ -1,1034 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Bill Yi <byi@google.com>
-Date: Tue, 4 Apr 2023 10:14:08 -0700
-Subject: [PATCH] Import translations. DO NOT MERGE ANYWHERE
-
-BUG:204554636
-
-Auto-generated-cl: translation import
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:2fe87df11e447755351c1934bcbae5f2f870950d)
-Merged-In: I1720c67e4361d9019b12fa5a510cd34918dfedb4
-Change-Id: I1720c67e4361d9019b12fa5a510cd34918dfedb4
----
- packages/VpnDialogs/res/values-af/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-am/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-ar/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-as/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-az/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-b+sr+Latn/strings.xml | 2 ++
- packages/VpnDialogs/res/values-be/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-bg/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-bn/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-bs/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-ca/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-cs/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-da/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-de/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-el/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-en-rAU/strings.xml    | 2 ++
- packages/VpnDialogs/res/values-en-rCA/strings.xml    | 2 ++
- packages/VpnDialogs/res/values-en-rGB/strings.xml    | 2 ++
- packages/VpnDialogs/res/values-en-rIN/strings.xml    | 2 ++
- packages/VpnDialogs/res/values-en-rXC/strings.xml    | 2 ++
- packages/VpnDialogs/res/values-es-rUS/strings.xml    | 2 ++
- packages/VpnDialogs/res/values-es/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-et/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-eu/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-fa/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-fi/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-fr-rCA/strings.xml    | 2 ++
- packages/VpnDialogs/res/values-fr/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-gl/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-gu/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-hi/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-hr/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-hu/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-hy/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-in/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-is/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-it/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-iw/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-ja/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-ka/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-kk/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-km/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-kn/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-ko/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-ky/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-lo/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-lt/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-lv/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-mk/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-ml/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-mn/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-mr/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-ms/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-my/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-nb/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-ne/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-nl/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-or/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-pa/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-pl/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-pt-rBR/strings.xml    | 2 ++
- packages/VpnDialogs/res/values-pt-rPT/strings.xml    | 2 ++
- packages/VpnDialogs/res/values-pt/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-ro/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-ru/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-si/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-sk/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-sl/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-sq/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-sr/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-sv/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-sw/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-ta/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-te/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-th/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-tl/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-tr/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-uk/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-ur/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-uz/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-vi/strings.xml        | 2 ++
- packages/VpnDialogs/res/values-zh-rCN/strings.xml    | 2 ++
- packages/VpnDialogs/res/values-zh-rHK/strings.xml    | 2 ++
- packages/VpnDialogs/res/values-zh-rTW/strings.xml    | 2 ++
- packages/VpnDialogs/res/values-zu/strings.xml        | 2 ++
- 85 files changed, 170 insertions(+)
-
-diff --git a/packages/VpnDialogs/res/values-af/strings.xml b/packages/VpnDialogs/res/values-af/strings.xml
-index ac82b0e0009a..b2718fd83e4f 100644
---- a/packages/VpnDialogs/res/values-af/strings.xml
-+++ b/packages/VpnDialogs/res/values-af/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Ontkoppel"</string>
-     <string name="open_app" msgid="3717639178595958667">"Maak program oop"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Maak toe"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g> … ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-am/strings.xml b/packages/VpnDialogs/res/values-am/strings.xml
-index ad9773b248a4..91821fba203b 100644
---- a/packages/VpnDialogs/res/values-am/strings.xml
-+++ b/packages/VpnDialogs/res/values-am/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"ግንኙነት አቋርጥ"</string>
-     <string name="open_app" msgid="3717639178595958667">"መተግበሪያን ክፈት"</string>
-     <string name="dismiss" msgid="6192859333764711227">"አሰናብት"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-ar/strings.xml b/packages/VpnDialogs/res/values-ar/strings.xml
-index 808cde906d2f..20057c66750c 100644
---- a/packages/VpnDialogs/res/values-ar/strings.xml
-+++ b/packages/VpnDialogs/res/values-ar/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"قطع الاتصال"</string>
-     <string name="open_app" msgid="3717639178595958667">"فتح التطبيق"</string>
-     <string name="dismiss" msgid="6192859333764711227">"تجاهل"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-as/strings.xml b/packages/VpnDialogs/res/values-as/strings.xml
-index 45d8458f4d45..9d05505b1fa8 100644
---- a/packages/VpnDialogs/res/values-as/strings.xml
-+++ b/packages/VpnDialogs/res/values-as/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"সংযোগ বিচ্ছিন্ন কৰক"</string>
-     <string name="open_app" msgid="3717639178595958667">"এপ্ খোলক"</string>
-     <string name="dismiss" msgid="6192859333764711227">"অগ্ৰাহ্য কৰক"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-az/strings.xml b/packages/VpnDialogs/res/values-az/strings.xml
-index 2bdf23ee2aa0..47cdeee180ed 100644
---- a/packages/VpnDialogs/res/values-az/strings.xml
-+++ b/packages/VpnDialogs/res/values-az/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Əlaqəni kəs"</string>
-     <string name="open_app" msgid="3717639178595958667">"Tətbiqi açın"</string>
-     <string name="dismiss" msgid="6192859333764711227">"İmtina edin"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-b+sr+Latn/strings.xml b/packages/VpnDialogs/res/values-b+sr+Latn/strings.xml
-index f40e40670bf3..ea8e60d36ba5 100644
---- a/packages/VpnDialogs/res/values-b+sr+Latn/strings.xml
-+++ b/packages/VpnDialogs/res/values-b+sr+Latn/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Prekini vezu"</string>
-     <string name="open_app" msgid="3717639178595958667">"Otvori aplikaciju"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Odbaci"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-be/strings.xml b/packages/VpnDialogs/res/values-be/strings.xml
-index 0903c8ece36b..914a1638b14a 100644
---- a/packages/VpnDialogs/res/values-be/strings.xml
-+++ b/packages/VpnDialogs/res/values-be/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Адключыцца"</string>
-     <string name="open_app" msgid="3717639178595958667">"Адкрыць праграму"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Адхіліць"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-bg/strings.xml b/packages/VpnDialogs/res/values-bg/strings.xml
-index 9ac853d2016f..e1aa242496de 100644
---- a/packages/VpnDialogs/res/values-bg/strings.xml
-+++ b/packages/VpnDialogs/res/values-bg/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Изключване"</string>
-     <string name="open_app" msgid="3717639178595958667">"Към приложението"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Отхвърляне"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… (<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> (<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-bn/strings.xml b/packages/VpnDialogs/res/values-bn/strings.xml
-index 5e11fd9934b6..1b0fc48a9139 100644
---- a/packages/VpnDialogs/res/values-bn/strings.xml
-+++ b/packages/VpnDialogs/res/values-bn/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"সংযোগ বিচ্ছিন্ন করুন"</string>
-     <string name="open_app" msgid="3717639178595958667">"অ্যাপটি খুলুন"</string>
-     <string name="dismiss" msgid="6192859333764711227">"খারিজ করুন"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-bs/strings.xml b/packages/VpnDialogs/res/values-bs/strings.xml
-index 56812d59e106..c8537ca6de17 100644
---- a/packages/VpnDialogs/res/values-bs/strings.xml
-+++ b/packages/VpnDialogs/res/values-bs/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Prekini vezu"</string>
-     <string name="open_app" msgid="3717639178595958667">"Otvori aplikaciju"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Odbaci"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-ca/strings.xml b/packages/VpnDialogs/res/values-ca/strings.xml
-index 97738c316f4b..1702e553f6e3 100644
---- a/packages/VpnDialogs/res/values-ca/strings.xml
-+++ b/packages/VpnDialogs/res/values-ca/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Desconnecta"</string>
-     <string name="open_app" msgid="3717639178595958667">"Obre l\'aplicació"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Ignora"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-cs/strings.xml b/packages/VpnDialogs/res/values-cs/strings.xml
-index 5cc809c7cb02..909cd2982b27 100644
---- a/packages/VpnDialogs/res/values-cs/strings.xml
-+++ b/packages/VpnDialogs/res/values-cs/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Odpojit"</string>
-     <string name="open_app" msgid="3717639178595958667">"Do aplikace"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Zavřít"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> (<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-da/strings.xml b/packages/VpnDialogs/res/values-da/strings.xml
-index 7641158af3da..f8985bd263f3 100644
---- a/packages/VpnDialogs/res/values-da/strings.xml
-+++ b/packages/VpnDialogs/res/values-da/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Fjern tilknytning"</string>
-     <string name="open_app" msgid="3717639178595958667">"Åbn app"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Luk"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-de/strings.xml b/packages/VpnDialogs/res/values-de/strings.xml
-index 0f1e00980439..d75736315767 100644
---- a/packages/VpnDialogs/res/values-de/strings.xml
-+++ b/packages/VpnDialogs/res/values-de/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Verbindung trennen"</string>
-     <string name="open_app" msgid="3717639178595958667">"App öffnen"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Schließen"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… (<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> (<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-el/strings.xml b/packages/VpnDialogs/res/values-el/strings.xml
-index 78bcc43ff609..13df0dda440d 100644
---- a/packages/VpnDialogs/res/values-el/strings.xml
-+++ b/packages/VpnDialogs/res/values-el/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Αποσύνδεση"</string>
-     <string name="open_app" msgid="3717639178595958667">"Άνοιγμα εφαρμογής"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Παράβλεψη"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-en-rAU/strings.xml b/packages/VpnDialogs/res/values-en-rAU/strings.xml
-index 6ed50a7668ae..0fb49a1ad7e7 100644
---- a/packages/VpnDialogs/res/values-en-rAU/strings.xml
-+++ b/packages/VpnDialogs/res/values-en-rAU/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Disconnect"</string>
-     <string name="open_app" msgid="3717639178595958667">"Open app"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Dismiss"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-en-rCA/strings.xml b/packages/VpnDialogs/res/values-en-rCA/strings.xml
-index 6ed50a7668ae..0fb49a1ad7e7 100644
---- a/packages/VpnDialogs/res/values-en-rCA/strings.xml
-+++ b/packages/VpnDialogs/res/values-en-rCA/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Disconnect"</string>
-     <string name="open_app" msgid="3717639178595958667">"Open app"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Dismiss"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-en-rGB/strings.xml b/packages/VpnDialogs/res/values-en-rGB/strings.xml
-index 6ed50a7668ae..0fb49a1ad7e7 100644
---- a/packages/VpnDialogs/res/values-en-rGB/strings.xml
-+++ b/packages/VpnDialogs/res/values-en-rGB/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Disconnect"</string>
-     <string name="open_app" msgid="3717639178595958667">"Open app"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Dismiss"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-en-rIN/strings.xml b/packages/VpnDialogs/res/values-en-rIN/strings.xml
-index 6ed50a7668ae..0fb49a1ad7e7 100644
---- a/packages/VpnDialogs/res/values-en-rIN/strings.xml
-+++ b/packages/VpnDialogs/res/values-en-rIN/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Disconnect"</string>
-     <string name="open_app" msgid="3717639178595958667">"Open app"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Dismiss"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-en-rXC/strings.xml b/packages/VpnDialogs/res/values-en-rXC/strings.xml
-index 9d010e63518f..2fb8403a6920 100644
---- a/packages/VpnDialogs/res/values-en-rXC/strings.xml
-+++ b/packages/VpnDialogs/res/values-en-rXC/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"‎‏‎‎‎‎‎‏‎‏‏‏‎‎‎‎‎‎‏‎‎‏‎‎‎‎‏‏‏‏‏‎‎‏‏‎‏‎‏‏‏‏‎‏‏‎‎‏‎‎‏‏‎‎‏‎‏‏‏‏‏‏‏‏‏‏‎‏‏‎‎‎‎‏‏‎‏‏‎‏‎‏‏‎‏‎‏‏‏‏‎‎‎‎Disconnect‎‏‎‎‏‎"</string>
-     <string name="open_app" msgid="3717639178595958667">"‎‏‎‎‎‎‎‏‎‏‏‏‎‎‎‎‎‎‏‎‎‏‎‎‎‎‏‏‏‏‏‏‎‏‏‎‎‏‏‏‎‎‏‎‏‏‏‏‎‏‏‎‏‎‏‎‎‏‎‎‎‏‎‏‏‎‏‎‎‏‏‎‏‎‎‏‎‎‏‎‏‏‏‏‏‏‏‏‎‎‎‏‎‏‏‎Open app‎‏‎‎‏‎"</string>
-     <string name="dismiss" msgid="6192859333764711227">"‎‏‎‎‎‎‎‏‎‏‏‏‎‎‎‎‎‎‏‎‎‏‎‎‎‎‏‏‏‏‏‏‏‏‎‏‎‏‎‏‏‏‏‏‎‎‎‏‎‏‏‏‎‏‎‎‏‏‎‎‎‎‎‎‏‎‏‏‏‏‎‏‎‎‎‎‎‎‏‎‎‎‎‎‎‎‏‏‎‎‏‏‏‎‏‏‎Dismiss‎‏‎‎‏‎"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"‎‏‎‎‎‎‎‏‎‏‏‏‎‎‎‎‎‎‏‎‎‏‎‎‎‎‏‏‏‏‏‏‏‏‏‎‎‎‎‏‎‏‎‏‎‏‏‏‏‏‏‎‎‏‎‏‏‎‏‎‏‏‎‎‏‎‏‏‎‏‏‏‏‏‎‎‏‎‎‏‏‎‏‏‎‏‎‏‏‎‎‏‏‎‏‏‎‎‏‎‎‏‏‎<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>‎‏‎‎‏‏‏‎… ( ‎‏‎‎‏‏‎<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>‎‏‎‎‏‏‏‎)‎‏‎‎‏‎"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"‎‏‎‎‎‎‎‏‎‏‏‏‎‎‎‎‎‎‏‎‎‏‎‎‎‎‏‏‏‏‏‎‏‏‏‎‏‎‎‎‎‎‏‏‎‏‏‏‏‎‏‎‏‏‎‎‎‎‎‎‏‎‎‏‎‏‏‎‎‏‏‎‏‎‎‏‎‎‏‎‏‏‏‎‏‎‏‏‎‎‏‏‏‎‎‎‏‎‎‏‏‎<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g>‎‏‎‎‏‏‏‎ ( ‎‏‎‎‏‏‎<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>‎‏‎‎‏‏‏‎)‎‏‎‎‏‎"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-es-rUS/strings.xml b/packages/VpnDialogs/res/values-es-rUS/strings.xml
-index 21cfc042e707..4917d6158bba 100644
---- a/packages/VpnDialogs/res/values-es-rUS/strings.xml
-+++ b/packages/VpnDialogs/res/values-es-rUS/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Desconectar"</string>
-     <string name="open_app" msgid="3717639178595958667">"Abrir app"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Descartar"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-es/strings.xml b/packages/VpnDialogs/res/values-es/strings.xml
-index 372147f2479a..6efb545a97ed 100644
---- a/packages/VpnDialogs/res/values-es/strings.xml
-+++ b/packages/VpnDialogs/res/values-es/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Desconectar"</string>
-     <string name="open_app" msgid="3717639178595958667">"Abrir aplicación"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Cerrar"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-et/strings.xml b/packages/VpnDialogs/res/values-et/strings.xml
-index c328cd725396..b15c130f0d70 100644
---- a/packages/VpnDialogs/res/values-et/strings.xml
-+++ b/packages/VpnDialogs/res/values-et/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Katkesta ühendus"</string>
-     <string name="open_app" msgid="3717639178595958667">"Ava rakendus"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Loobu"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-eu/strings.xml b/packages/VpnDialogs/res/values-eu/strings.xml
-index a3b7716e91d3..a07237366c29 100644
---- a/packages/VpnDialogs/res/values-eu/strings.xml
-+++ b/packages/VpnDialogs/res/values-eu/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Deskonektatu"</string>
-     <string name="open_app" msgid="3717639178595958667">"Ireki aplikazioa"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Baztertu"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… (<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> (<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-fa/strings.xml b/packages/VpnDialogs/res/values-fa/strings.xml
-index 56f847c15827..30e7493141c6 100644
---- a/packages/VpnDialogs/res/values-fa/strings.xml
-+++ b/packages/VpnDialogs/res/values-fa/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"قطع اتصال"</string>
-     <string name="open_app" msgid="3717639178595958667">"باز کردن برنامه"</string>
-     <string name="dismiss" msgid="6192859333764711227">"رد کردن"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-fi/strings.xml b/packages/VpnDialogs/res/values-fi/strings.xml
-index 91c918af09c3..40d4a9feb4a1 100644
---- a/packages/VpnDialogs/res/values-fi/strings.xml
-+++ b/packages/VpnDialogs/res/values-fi/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Katkaise yhteys"</string>
-     <string name="open_app" msgid="3717639178595958667">"Avaa sovellus"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Hylkää"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… (<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> (<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-fr-rCA/strings.xml b/packages/VpnDialogs/res/values-fr-rCA/strings.xml
-index aa86c7ca8a7f..2bcf6b2ed382 100644
---- a/packages/VpnDialogs/res/values-fr-rCA/strings.xml
-+++ b/packages/VpnDialogs/res/values-fr-rCA/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Déconnecter"</string>
-     <string name="open_app" msgid="3717639178595958667">"Ouvrir l\'application"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Ignorer"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-fr/strings.xml b/packages/VpnDialogs/res/values-fr/strings.xml
-index 71801197ddf2..820c8f98c806 100644
---- a/packages/VpnDialogs/res/values-fr/strings.xml
-+++ b/packages/VpnDialogs/res/values-fr/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Déconnecter"</string>
-     <string name="open_app" msgid="3717639178595958667">"Ouvrir l\'application"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Ignorer"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… (<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> (<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-gl/strings.xml b/packages/VpnDialogs/res/values-gl/strings.xml
-index 8a66d081a71b..765e7f7336e2 100644
---- a/packages/VpnDialogs/res/values-gl/strings.xml
-+++ b/packages/VpnDialogs/res/values-gl/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Desconectar"</string>
-     <string name="open_app" msgid="3717639178595958667">"Abrir aplicación"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Ignorar"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… (<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> (<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-gu/strings.xml b/packages/VpnDialogs/res/values-gu/strings.xml
-index 961711c57c3d..6faeb8758d0b 100644
---- a/packages/VpnDialogs/res/values-gu/strings.xml
-+++ b/packages/VpnDialogs/res/values-gu/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"ડિસ્કનેક્ટ કરો"</string>
-     <string name="open_app" msgid="3717639178595958667">"ઍપ ખોલો"</string>
-     <string name="dismiss" msgid="6192859333764711227">"છોડી દો"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-hi/strings.xml b/packages/VpnDialogs/res/values-hi/strings.xml
-index eed0858787d9..80914cf5ee15 100644
---- a/packages/VpnDialogs/res/values-hi/strings.xml
-+++ b/packages/VpnDialogs/res/values-hi/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"डिसकनेक्ट करें"</string>
-     <string name="open_app" msgid="3717639178595958667">"ऐप खोलें"</string>
-     <string name="dismiss" msgid="6192859333764711227">"खारिज करें"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-hr/strings.xml b/packages/VpnDialogs/res/values-hr/strings.xml
-index aa9e436f56e7..7d68f0ab4f44 100644
---- a/packages/VpnDialogs/res/values-hr/strings.xml
-+++ b/packages/VpnDialogs/res/values-hr/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Prekini vezu"</string>
-     <string name="open_app" msgid="3717639178595958667">"Otvori aplikaciju"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Odbaci"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… (<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> (<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-hu/strings.xml b/packages/VpnDialogs/res/values-hu/strings.xml
-index 703aa792f3c3..97d3946418b4 100644
---- a/packages/VpnDialogs/res/values-hu/strings.xml
-+++ b/packages/VpnDialogs/res/values-hu/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Kapcsolat bontása"</string>
-     <string name="open_app" msgid="3717639178595958667">"Alkalmazás indítása"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Bezárás"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-hy/strings.xml b/packages/VpnDialogs/res/values-hy/strings.xml
-index c296c8547283..84eace72bb3c 100644
---- a/packages/VpnDialogs/res/values-hy/strings.xml
-+++ b/packages/VpnDialogs/res/values-hy/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Անջատել"</string>
-     <string name="open_app" msgid="3717639178595958667">"Բացել հավելվածը"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Փակել"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-in/strings.xml b/packages/VpnDialogs/res/values-in/strings.xml
-index 18ef372a8cda..1782b696805b 100644
---- a/packages/VpnDialogs/res/values-in/strings.xml
-+++ b/packages/VpnDialogs/res/values-in/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Putuskan sambungan"</string>
-     <string name="open_app" msgid="3717639178595958667">"Buka aplikasi"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Tutup"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-is/strings.xml b/packages/VpnDialogs/res/values-is/strings.xml
-index 70fb40fc467c..af87d13e7aaf 100644
---- a/packages/VpnDialogs/res/values-is/strings.xml
-+++ b/packages/VpnDialogs/res/values-is/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Aftengja"</string>
-     <string name="open_app" msgid="3717639178595958667">"Opna forrit"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Hunsa"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-it/strings.xml b/packages/VpnDialogs/res/values-it/strings.xml
-index 2602493faf00..5689acbea102 100644
---- a/packages/VpnDialogs/res/values-it/strings.xml
-+++ b/packages/VpnDialogs/res/values-it/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Disconnetti"</string>
-     <string name="open_app" msgid="3717639178595958667">"Apri app"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Ignora"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… (<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> (<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-iw/strings.xml b/packages/VpnDialogs/res/values-iw/strings.xml
-index ebabd4e71aef..12cfc323e965 100644
---- a/packages/VpnDialogs/res/values-iw/strings.xml
-+++ b/packages/VpnDialogs/res/values-iw/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"נתק"</string>
-     <string name="open_app" msgid="3717639178595958667">"לאפליקציה"</string>
-     <string name="dismiss" msgid="6192859333764711227">"סגירה"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-ja/strings.xml b/packages/VpnDialogs/res/values-ja/strings.xml
-index 8480692e9dd3..32898a3a1ce2 100644
---- a/packages/VpnDialogs/res/values-ja/strings.xml
-+++ b/packages/VpnDialogs/res/values-ja/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"切断"</string>
-     <string name="open_app" msgid="3717639178595958667">"アプリを開く"</string>
-     <string name="dismiss" msgid="6192859333764711227">"閉じる"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>…（<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>）"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g>（<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>）"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-ka/strings.xml b/packages/VpnDialogs/res/values-ka/strings.xml
-index e5a07532c32e..0cc59d21a1da 100644
---- a/packages/VpnDialogs/res/values-ka/strings.xml
-+++ b/packages/VpnDialogs/res/values-ka/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"კავშირის გაწყვეტა"</string>
-     <string name="open_app" msgid="3717639178595958667">"გახსენით აპი"</string>
-     <string name="dismiss" msgid="6192859333764711227">"დახურვა"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-kk/strings.xml b/packages/VpnDialogs/res/values-kk/strings.xml
-index 79f79c34e1b4..d702f3f4a424 100644
---- a/packages/VpnDialogs/res/values-kk/strings.xml
-+++ b/packages/VpnDialogs/res/values-kk/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Ажырату"</string>
-     <string name="open_app" msgid="3717639178595958667">"Қолданбаны ашу"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Жабу"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-km/strings.xml b/packages/VpnDialogs/res/values-km/strings.xml
-index 06f34dbf2733..60627104f3f4 100644
---- a/packages/VpnDialogs/res/values-km/strings.xml
-+++ b/packages/VpnDialogs/res/values-km/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"ផ្ដាច់"</string>
-     <string name="open_app" msgid="3717639178595958667">"បើកកម្មវិធី"</string>
-     <string name="dismiss" msgid="6192859333764711227">"បដិសេធ"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-kn/strings.xml b/packages/VpnDialogs/res/values-kn/strings.xml
-index 040cd6c5aeda..254d64de3bdf 100644
---- a/packages/VpnDialogs/res/values-kn/strings.xml
-+++ b/packages/VpnDialogs/res/values-kn/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"ಸಂಪರ್ಕ ಕಡಿತಗೊಳಿಸು"</string>
-     <string name="open_app" msgid="3717639178595958667">"ಅಪ್ಲಿಕೇಶನ್ ತೆರೆಯಿರಿ"</string>
-     <string name="dismiss" msgid="6192859333764711227">"ವಜಾಗೊಳಿಸಿ"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-ko/strings.xml b/packages/VpnDialogs/res/values-ko/strings.xml
-index 6ad497680ae7..d2281938176a 100644
---- a/packages/VpnDialogs/res/values-ko/strings.xml
-+++ b/packages/VpnDialogs/res/values-ko/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"연결 끊기"</string>
-     <string name="open_app" msgid="3717639178595958667">"앱 열기"</string>
-     <string name="dismiss" msgid="6192859333764711227">"닫기"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>…(<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g>(<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-ky/strings.xml b/packages/VpnDialogs/res/values-ky/strings.xml
-index 23c9be8819a8..353e13c17157 100644
---- a/packages/VpnDialogs/res/values-ky/strings.xml
-+++ b/packages/VpnDialogs/res/values-ky/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Ажыратуу"</string>
-     <string name="open_app" msgid="3717639178595958667">"Колдонмону ачуу"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Четке кагуу"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-lo/strings.xml b/packages/VpnDialogs/res/values-lo/strings.xml
-index c591308480c1..1b851e127abd 100644
---- a/packages/VpnDialogs/res/values-lo/strings.xml
-+++ b/packages/VpnDialogs/res/values-lo/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"ຕັດການເຊື່ອມຕໍ່"</string>
-     <string name="open_app" msgid="3717639178595958667">"ເປີດແອັບ"</string>
-     <string name="dismiss" msgid="6192859333764711227">"ປິດໄວ້"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-lt/strings.xml b/packages/VpnDialogs/res/values-lt/strings.xml
-index 8846310730ce..e8e20a8d218d 100644
---- a/packages/VpnDialogs/res/values-lt/strings.xml
-+++ b/packages/VpnDialogs/res/values-lt/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Atsijungti"</string>
-     <string name="open_app" msgid="3717639178595958667">"Atidaryti programą"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Atsisakyti"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… (<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> (<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-lv/strings.xml b/packages/VpnDialogs/res/values-lv/strings.xml
-index 07625b6173c6..af19f4dce065 100644
---- a/packages/VpnDialogs/res/values-lv/strings.xml
-+++ b/packages/VpnDialogs/res/values-lv/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Pārtraukt savienojumu"</string>
-     <string name="open_app" msgid="3717639178595958667">"Atvērt lietotni"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Nerādīt"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-mk/strings.xml b/packages/VpnDialogs/res/values-mk/strings.xml
-index b5a64f213066..4db7e4a50241 100644
---- a/packages/VpnDialogs/res/values-mk/strings.xml
-+++ b/packages/VpnDialogs/res/values-mk/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Исклучи"</string>
-     <string name="open_app" msgid="3717639178595958667">"Отвори ја апликацијата"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Отфрли"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-ml/strings.xml b/packages/VpnDialogs/res/values-ml/strings.xml
-index 680d0ef539b7..9d3bba43f84c 100644
---- a/packages/VpnDialogs/res/values-ml/strings.xml
-+++ b/packages/VpnDialogs/res/values-ml/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"വിച്ഛേദിക്കുക"</string>
-     <string name="open_app" msgid="3717639178595958667">"ആപ്പ് തുറക്കുക"</string>
-     <string name="dismiss" msgid="6192859333764711227">"നിരസിക്കുക"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-mn/strings.xml b/packages/VpnDialogs/res/values-mn/strings.xml
-index 9aa104aff5ab..15f56b155053 100644
---- a/packages/VpnDialogs/res/values-mn/strings.xml
-+++ b/packages/VpnDialogs/res/values-mn/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Салгах"</string>
-     <string name="open_app" msgid="3717639178595958667">"Апп нээх"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Хаах"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-mr/strings.xml b/packages/VpnDialogs/res/values-mr/strings.xml
-index 41d74290815d..99c7f44c9d5f 100644
---- a/packages/VpnDialogs/res/values-mr/strings.xml
-+++ b/packages/VpnDialogs/res/values-mr/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"‍डिस्कनेक्ट करा"</string>
-     <string name="open_app" msgid="3717639178595958667">"अ‍ॅप उघडा"</string>
-     <string name="dismiss" msgid="6192859333764711227">"डिसमिस करा"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-ms/strings.xml b/packages/VpnDialogs/res/values-ms/strings.xml
-index b489f2edabc0..a7de3f166303 100644
---- a/packages/VpnDialogs/res/values-ms/strings.xml
-+++ b/packages/VpnDialogs/res/values-ms/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Putuskan sambungan"</string>
-     <string name="open_app" msgid="3717639178595958667">"Buka apl"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Ketepikan"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-my/strings.xml b/packages/VpnDialogs/res/values-my/strings.xml
-index 9d60ff42a7cd..52675b6092ac 100644
---- a/packages/VpnDialogs/res/values-my/strings.xml
-+++ b/packages/VpnDialogs/res/values-my/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"ချိတ်ဆက်ခြင်းရပ်ရန်"</string>
-     <string name="open_app" msgid="3717639178595958667">"အက်ပ်ကို ဖွင့်ရန်"</string>
-     <string name="dismiss" msgid="6192859333764711227">"ပယ်ရန်"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-nb/strings.xml b/packages/VpnDialogs/res/values-nb/strings.xml
-index be572d4408f8..bad15e913938 100644
---- a/packages/VpnDialogs/res/values-nb/strings.xml
-+++ b/packages/VpnDialogs/res/values-nb/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Koble fra"</string>
-     <string name="open_app" msgid="3717639178595958667">"Åpne appen"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Lukk"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-ne/strings.xml b/packages/VpnDialogs/res/values-ne/strings.xml
-index b716c35cfad4..ac21dd1713d1 100644
---- a/packages/VpnDialogs/res/values-ne/strings.xml
-+++ b/packages/VpnDialogs/res/values-ne/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"विच्छेदन गर्नुहोस्"</string>
-     <string name="open_app" msgid="3717639178595958667">"अनुप्रयोग खोल्नुहोस्"</string>
-     <string name="dismiss" msgid="6192859333764711227">"खारेज गर्नुहोस्"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-nl/strings.xml b/packages/VpnDialogs/res/values-nl/strings.xml
-index 8073b09e203c..ab77d5e9f218 100644
---- a/packages/VpnDialogs/res/values-nl/strings.xml
-+++ b/packages/VpnDialogs/res/values-nl/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Verbinding verbreken"</string>
-     <string name="open_app" msgid="3717639178595958667">"App openen"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Sluiten"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… (<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> (<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-or/strings.xml b/packages/VpnDialogs/res/values-or/strings.xml
-index f1122ebd4386..40ad247433de 100644
---- a/packages/VpnDialogs/res/values-or/strings.xml
-+++ b/packages/VpnDialogs/res/values-or/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"ବିଚ୍ଛିନ୍ନ କରନ୍ତୁ"</string>
-     <string name="open_app" msgid="3717639178595958667">"ଆପ୍‌ ଖୋଲନ୍ତୁ"</string>
-     <string name="dismiss" msgid="6192859333764711227">"ଖାରଜ କରନ୍ତୁ"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-pa/strings.xml b/packages/VpnDialogs/res/values-pa/strings.xml
-index 1815f4fb0d25..a3b6e04061c1 100644
---- a/packages/VpnDialogs/res/values-pa/strings.xml
-+++ b/packages/VpnDialogs/res/values-pa/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"ਡਿਸਕਨੈਕਟ ਕਰੋ"</string>
-     <string name="open_app" msgid="3717639178595958667">"ਐਪ ਖੋਲ੍ਹੋ"</string>
-     <string name="dismiss" msgid="6192859333764711227">"ਖਾਰਜ ਕਰੋ"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-pl/strings.xml b/packages/VpnDialogs/res/values-pl/strings.xml
-index d5201d7fbdf5..3af093ae9841 100644
---- a/packages/VpnDialogs/res/values-pl/strings.xml
-+++ b/packages/VpnDialogs/res/values-pl/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Rozłącz"</string>
-     <string name="open_app" msgid="3717639178595958667">"Otwórz aplikację"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Zamknij"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… (<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> (<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-pt-rBR/strings.xml b/packages/VpnDialogs/res/values-pt-rBR/strings.xml
-index 75c140617cf5..8c1ae840aa15 100644
---- a/packages/VpnDialogs/res/values-pt-rBR/strings.xml
-+++ b/packages/VpnDialogs/res/values-pt-rBR/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Desconectar"</string>
-     <string name="open_app" msgid="3717639178595958667">"Abrir app"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Dispensar"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… (<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> (<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-pt-rPT/strings.xml b/packages/VpnDialogs/res/values-pt-rPT/strings.xml
-index 01beddbab4e4..34980dc30916 100644
---- a/packages/VpnDialogs/res/values-pt-rPT/strings.xml
-+++ b/packages/VpnDialogs/res/values-pt-rPT/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Desligar"</string>
-     <string name="open_app" msgid="3717639178595958667">"Abrir aplicação"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Ignorar"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-pt/strings.xml b/packages/VpnDialogs/res/values-pt/strings.xml
-index 75c140617cf5..8c1ae840aa15 100644
---- a/packages/VpnDialogs/res/values-pt/strings.xml
-+++ b/packages/VpnDialogs/res/values-pt/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Desconectar"</string>
-     <string name="open_app" msgid="3717639178595958667">"Abrir app"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Dispensar"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… (<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> (<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-ro/strings.xml b/packages/VpnDialogs/res/values-ro/strings.xml
-index 4e60df2eca8e..11137cce96b5 100644
---- a/packages/VpnDialogs/res/values-ro/strings.xml
-+++ b/packages/VpnDialogs/res/values-ro/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Deconectați"</string>
-     <string name="open_app" msgid="3717639178595958667">"Deschideți aplicația"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Închideți"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… (<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> (<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-ru/strings.xml b/packages/VpnDialogs/res/values-ru/strings.xml
-index f8fcfb83aa9a..84a71d25cc16 100644
---- a/packages/VpnDialogs/res/values-ru/strings.xml
-+++ b/packages/VpnDialogs/res/values-ru/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Разъединить"</string>
-     <string name="open_app" msgid="3717639178595958667">"Открыть приложение"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Закрыть"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… (<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> (<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-si/strings.xml b/packages/VpnDialogs/res/values-si/strings.xml
-index bb97a5d86c5f..e1dbf9774839 100644
---- a/packages/VpnDialogs/res/values-si/strings.xml
-+++ b/packages/VpnDialogs/res/values-si/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"විසන්ධි කරන්න"</string>
-     <string name="open_app" msgid="3717639178595958667">"යෙදුම විවෘත කරන්න"</string>
-     <string name="dismiss" msgid="6192859333764711227">"ඉවතලන්න"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-sk/strings.xml b/packages/VpnDialogs/res/values-sk/strings.xml
-index a08117adfac1..ded28aeba8a5 100644
---- a/packages/VpnDialogs/res/values-sk/strings.xml
-+++ b/packages/VpnDialogs/res/values-sk/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Odpojiť"</string>
-     <string name="open_app" msgid="3717639178595958667">"Otvoriť aplikáciu"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Zavrieť"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-sl/strings.xml b/packages/VpnDialogs/res/values-sl/strings.xml
-index d5014fa34394..62bdd03cbe67 100644
---- a/packages/VpnDialogs/res/values-sl/strings.xml
-+++ b/packages/VpnDialogs/res/values-sl/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Prekini povezavo"</string>
-     <string name="open_app" msgid="3717639178595958667">"Odpri aplikacijo"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Opusti"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g> … (<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> (<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-sq/strings.xml b/packages/VpnDialogs/res/values-sq/strings.xml
-index 4a96e7b92212..50ad7cf02c8e 100644
---- a/packages/VpnDialogs/res/values-sq/strings.xml
-+++ b/packages/VpnDialogs/res/values-sq/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Shkëputu"</string>
-     <string name="open_app" msgid="3717639178595958667">"Hap aplikacionin"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Largoje"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-sr/strings.xml b/packages/VpnDialogs/res/values-sr/strings.xml
-index 8ce8060e333d..3bc65413b728 100644
---- a/packages/VpnDialogs/res/values-sr/strings.xml
-+++ b/packages/VpnDialogs/res/values-sr/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Прекини везу"</string>
-     <string name="open_app" msgid="3717639178595958667">"Отвори апликацију"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Одбаци"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-sv/strings.xml b/packages/VpnDialogs/res/values-sv/strings.xml
-index 16b6a31d7d1a..fee6f971824d 100644
---- a/packages/VpnDialogs/res/values-sv/strings.xml
-+++ b/packages/VpnDialogs/res/values-sv/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Koppla från"</string>
-     <string name="open_app" msgid="3717639178595958667">"Öppna appen"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Ignorera"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… (<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> (<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-sw/strings.xml b/packages/VpnDialogs/res/values-sw/strings.xml
-index ea2688438b7a..3e696f20fabe 100644
---- a/packages/VpnDialogs/res/values-sw/strings.xml
-+++ b/packages/VpnDialogs/res/values-sw/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Tenganisha"</string>
-     <string name="open_app" msgid="3717639178595958667">"Fungua programu"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Ondoa"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-ta/strings.xml b/packages/VpnDialogs/res/values-ta/strings.xml
-index 3b4cc571d860..8cdffc8579eb 100644
---- a/packages/VpnDialogs/res/values-ta/strings.xml
-+++ b/packages/VpnDialogs/res/values-ta/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"தொடர்பைத் துண்டி"</string>
-     <string name="open_app" msgid="3717639178595958667">"பயன்பாட்டைத் திற"</string>
-     <string name="dismiss" msgid="6192859333764711227">"நிராகரி"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-te/strings.xml b/packages/VpnDialogs/res/values-te/strings.xml
-index 864c926bc615..416f2e399240 100644
---- a/packages/VpnDialogs/res/values-te/strings.xml
-+++ b/packages/VpnDialogs/res/values-te/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"డిస్‌కనెక్ట్ చేయి"</string>
-     <string name="open_app" msgid="3717639178595958667">"యాప్‌ని తెరవండి"</string>
-     <string name="dismiss" msgid="6192859333764711227">"తీసివేయండి"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-th/strings.xml b/packages/VpnDialogs/res/values-th/strings.xml
-index 333ff5fefacc..14e2b7fcb8c9 100644
---- a/packages/VpnDialogs/res/values-th/strings.xml
-+++ b/packages/VpnDialogs/res/values-th/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"ยกเลิกการเชื่อมต่อ"</string>
-     <string name="open_app" msgid="3717639178595958667">"เปิดแอป"</string>
-     <string name="dismiss" msgid="6192859333764711227">"ปิด"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-tl/strings.xml b/packages/VpnDialogs/res/values-tl/strings.xml
-index 9c01c32d0d0d..b79e262ffce9 100644
---- a/packages/VpnDialogs/res/values-tl/strings.xml
-+++ b/packages/VpnDialogs/res/values-tl/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Idiskonekta"</string>
-     <string name="open_app" msgid="3717639178595958667">"Buksan ang app"</string>
-     <string name="dismiss" msgid="6192859333764711227">"I-dismiss"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-tr/strings.xml b/packages/VpnDialogs/res/values-tr/strings.xml
-index 8665a47e6633..309d116d7715 100644
---- a/packages/VpnDialogs/res/values-tr/strings.xml
-+++ b/packages/VpnDialogs/res/values-tr/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Bağlantıyı kes"</string>
-     <string name="open_app" msgid="3717639178595958667">"Uygulamayı aç"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Kapat"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-uk/strings.xml b/packages/VpnDialogs/res/values-uk/strings.xml
-index 8f91abf990b3..fe726049974a 100644
---- a/packages/VpnDialogs/res/values-uk/strings.xml
-+++ b/packages/VpnDialogs/res/values-uk/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Від’єднати"</string>
-     <string name="open_app" msgid="3717639178595958667">"Відкрити додаток"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Закрити"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-ur/strings.xml b/packages/VpnDialogs/res/values-ur/strings.xml
-index db0c2971a64c..d2ee5a8d0aa9 100644
---- a/packages/VpnDialogs/res/values-ur/strings.xml
-+++ b/packages/VpnDialogs/res/values-ur/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"منقطع کریں"</string>
-     <string name="open_app" msgid="3717639178595958667">"ایپ کھولیں"</string>
-     <string name="dismiss" msgid="6192859333764711227">"برخاست کریں"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-uz/strings.xml b/packages/VpnDialogs/res/values-uz/strings.xml
-index 5a348a0610d3..854417691e30 100644
---- a/packages/VpnDialogs/res/values-uz/strings.xml
-+++ b/packages/VpnDialogs/res/values-uz/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Aloqani uzish"</string>
-     <string name="open_app" msgid="3717639178595958667">"Ilovani ochish"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Yopish"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-vi/strings.xml b/packages/VpnDialogs/res/values-vi/strings.xml
-index 097c9aeee013..d74151a819e1 100644
---- a/packages/VpnDialogs/res/values-vi/strings.xml
-+++ b/packages/VpnDialogs/res/values-vi/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Ngắt kết nối"</string>
-     <string name="open_app" msgid="3717639178595958667">"Mở ứng dụng"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Loại bỏ"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… (<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> (<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-zh-rCN/strings.xml b/packages/VpnDialogs/res/values-zh-rCN/strings.xml
-index 7e528bdfb04a..92e10fd9fe16 100644
---- a/packages/VpnDialogs/res/values-zh-rCN/strings.xml
-+++ b/packages/VpnDialogs/res/values-zh-rCN/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"断开连接"</string>
-     <string name="open_app" msgid="3717639178595958667">"打开应用"</string>
-     <string name="dismiss" msgid="6192859333764711227">"关闭"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>…(<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> (<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-zh-rHK/strings.xml b/packages/VpnDialogs/res/values-zh-rHK/strings.xml
-index 49605b08cdee..a67e30d10408 100644
---- a/packages/VpnDialogs/res/values-zh-rHK/strings.xml
-+++ b/packages/VpnDialogs/res/values-zh-rHK/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"中斷連線"</string>
-     <string name="open_app" msgid="3717639178595958667">"開啟應用程式"</string>
-     <string name="dismiss" msgid="6192859333764711227">"關閉"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-zh-rTW/strings.xml b/packages/VpnDialogs/res/values-zh-rTW/strings.xml
-index edd8e61d5555..234635091f11 100644
---- a/packages/VpnDialogs/res/values-zh-rTW/strings.xml
-+++ b/packages/VpnDialogs/res/values-zh-rTW/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"中斷連線"</string>
-     <string name="open_app" msgid="3717639178595958667">"開啟應用程式"</string>
-     <string name="dismiss" msgid="6192859333764711227">"關閉"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… (<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> (<xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
-diff --git a/packages/VpnDialogs/res/values-zu/strings.xml b/packages/VpnDialogs/res/values-zu/strings.xml
-index 4ab1225e6fc6..6c7d0471efac 100644
---- a/packages/VpnDialogs/res/values-zu/strings.xml
-+++ b/packages/VpnDialogs/res/values-zu/strings.xml
-@@ -33,4 +33,6 @@
-     <string name="disconnect" msgid="971412338304200056">"Ayixhumekile kwi-inthanethi"</string>
-     <string name="open_app" msgid="3717639178595958667">"Vula uhlelo lokusebenza"</string>
-     <string name="dismiss" msgid="6192859333764711227">"Cashisa"</string>
-+    <string name="sanitized_vpn_label_with_ellipsis" msgid="7014327474633422235">"<xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_0">%1$s</xliff:g>… ( <xliff:g id="SANITIZED_VPN_LABEL_WITH_ELLIPSIS_1">%2$s</xliff:g>)"</string>
-+    <string name="sanitized_vpn_label" msgid="1877415015009794766">"<xliff:g id="SANITIZED_VPN_LABEL_0">%1$s</xliff:g> ( <xliff:g id="SANITIZED_VPN_LABEL_1">%2$s</xliff:g>)"</string>
- </resources>
diff --git a/Patches/LineageOS-17.1/android_frameworks_base/360956.patch b/Patches/LineageOS-17.1/android_frameworks_base/360956.patch
deleted file mode 100644
index 03f9f0e1..00000000
--- a/Patches/LineageOS-17.1/android_frameworks_base/360956.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: "Nate(Qiang) Jiang" <qiangjiang@google.com>
-Date: Thu, 13 Apr 2023 21:20:37 +0000
-Subject: [PATCH] DO NOT MERGE: Add size check on PPS#policy
-
-Bug: 275340417
-Test: atest android.net.wifi
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:d1afd2c47d086e0365bf6814a9f47555c294769f)
-Merged-In: I6e6128b7ed5327da8dbc9186a82bef0f2e4197bb
-Change-Id: I6e6128b7ed5327da8dbc9186a82bef0f2e4197bb
----
- .../android/net/wifi/hotspot2/pps/Policy.java | 28 ++++++++++++++++---
- 1 file changed, 24 insertions(+), 4 deletions(-)
-
-diff --git a/wifi/java/android/net/wifi/hotspot2/pps/Policy.java b/wifi/java/android/net/wifi/hotspot2/pps/Policy.java
-index b0a2cc397c53..4bdacebda060 100644
---- a/wifi/java/android/net/wifi/hotspot2/pps/Policy.java
-+++ b/wifi/java/android/net/wifi/hotspot2/pps/Policy.java
-@@ -16,6 +16,9 @@
- 
- package android.net.wifi.hotspot2.pps;
- 
-+import static android.net.wifi.hotspot2.PasspointConfiguration.MAX_NUMBER_OF_ENTRIES;
-+import static android.net.wifi.hotspot2.PasspointConfiguration.MAX_STRING_LENGTH;
-+
- import android.os.Parcel;
- import android.os.Parcelable;
- import android.text.TextUtils;
-@@ -269,11 +272,19 @@ public final class Policy implements Parcelable {
-          */
-         public boolean validate() {
-             if (TextUtils.isEmpty(mFqdn)) {
--                Log.d(TAG, "Missing FQDN");
-+                Log.e(TAG, "Missing FQDN");
-+                return false;
-+            }
-+            if (mFqdn.getBytes(StandardCharsets.UTF_8).length > MAX_STRING_LENGTH) {
-+                Log.e(TAG, "FQDN is too long");
-                 return false;
-             }
-             if (TextUtils.isEmpty(mCountries)) {
--                Log.d(TAG, "Missing countries");
-+                Log.e(TAG, "Missing countries");
-+                return false;
-+            }
-+            if (mCountries.getBytes(StandardCharsets.UTF_8).length > MAX_STRING_LENGTH) {
-+                Log.e(TAG, "country is too long");
-                 return false;
-             }
-             return true;
-@@ -449,7 +460,7 @@ public final class Policy implements Parcelable {
-             }
-             for (String ssid : mExcludedSsidList) {
-                 if (ssid.getBytes(StandardCharsets.UTF_8).length > MAX_SSID_BYTES) {
--                    Log.d(TAG, "Invalid SSID: " + ssid);
-+                    Log.e(TAG, "Invalid SSID: " + ssid);
-                     return false;
-                 }
-             }
-@@ -457,15 +468,24 @@ public final class Policy implements Parcelable {
-         // Validate required protocol to port map.
-         if (mRequiredProtoPortMap != null) {
-             for (Map.Entry<Integer, String> entry : mRequiredProtoPortMap.entrySet()) {
-+                int protocol = entry.getKey();
-+                if (protocol < 0 || protocol > 255) {
-+                    Log.e(TAG, "Invalid IP protocol: " + protocol);
-+                    return false;
-+                }
-                 String portNumber = entry.getValue();
-                 if (portNumber.getBytes(StandardCharsets.UTF_8).length > MAX_PORT_STRING_BYTES) {
--                    Log.d(TAG, "PortNumber string bytes exceeded the max: " + portNumber);
-+                    Log.e(TAG, "PortNumber string bytes exceeded the max: " + portNumber);
-                     return false;
-                 }
-             }
-         }
-         // Validate preferred roaming partner list.
-         if (mPreferredRoamingPartnerList != null) {
-+            if (mPreferredRoamingPartnerList.size() > MAX_NUMBER_OF_ENTRIES) {
-+                Log.e(TAG, "Number of the Preferred Roaming Partner exceed the limit");
-+                return false;
-+            }
-             for (RoamingPartner partner : mPreferredRoamingPartnerList) {
-                 if (!partner.validate()) {
-                     return false;
diff --git a/Patches/LineageOS-17.1/android_frameworks_base/360957.patch b/Patches/LineageOS-17.1/android_frameworks_base/360957.patch
deleted file mode 100644
index 5ccd61ca..00000000
--- a/Patches/LineageOS-17.1/android_frameworks_base/360957.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: "Nate(Qiang) Jiang" <qiangjiang@google.com>
-Date: Wed, 12 Apr 2023 18:32:50 +0000
-Subject: [PATCH] DO NOT MERGE: Limit the ServiceFriendlyNames
-
-Bug: 274445194
-Test: atest android.net.wifi
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:6b1746ab6f0ff4020c78381833554f20344c2e2a)
-Merged-In: Id4e16007531ba1ce3e3f9fa3d3111b5af57751be
-Change-Id: Id4e16007531ba1ce3e3f9fa3d3111b5af57751be
----
- .../wifi/hotspot2/PasspointConfiguration.java   | 17 +++++++++++++++++
- 1 file changed, 17 insertions(+)
-
-diff --git a/wifi/java/android/net/wifi/hotspot2/PasspointConfiguration.java b/wifi/java/android/net/wifi/hotspot2/PasspointConfiguration.java
-index f88d6f6ca25a..1fe66c0163b1 100644
---- a/wifi/java/android/net/wifi/hotspot2/PasspointConfiguration.java
-+++ b/wifi/java/android/net/wifi/hotspot2/PasspointConfiguration.java
-@@ -642,6 +642,23 @@ public final class PasspointConfiguration implements Parcelable {
-                 }
-             }
-         }
-+        if (mServiceFriendlyNames != null) {
-+            if (mServiceFriendlyNames.size() > MAX_NUMBER_OF_ENTRIES) {
-+                Log.e(TAG, "ServiceFriendlyNames exceed the max!");
-+                return false;
-+            }
-+            for (Map.Entry<String, String> names : mServiceFriendlyNames.entrySet()) {
-+                if (names.getKey() == null || names.getValue() == null) {
-+                    Log.e(TAG, "Service friendly name entry should not be null");
-+                    return false;
-+                }
-+                if (names.getKey().length() > MAX_STRING_LENGTH
-+                        || names.getValue().length() > MAX_STRING_LENGTH) {
-+                    Log.e(TAG, "Service friendly name is to long");
-+                    return false;
-+                }
-+            }
-+        }
-         return true;
-     }
- 
diff --git a/Patches/LineageOS-17.1/android_frameworks_base/360958-backport.patch b/Patches/LineageOS-17.1/android_frameworks_base/360958-backport.patch
deleted file mode 100644
index d6135b1d..00000000
--- a/Patches/LineageOS-17.1/android_frameworks_base/360958-backport.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Winson Chung <winsonc@google.com>
-Date: Wed, 8 Feb 2023 01:04:46 +0000
-Subject: [PATCH] Only allow NEW_TASK flag when adjusting pending intents
-
-Bug: 243794108
-Test: atest CtsSecurityBulletinHostTestCases:android.security.cts.CVE_2023_20918
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:c62d2e1021a030f4f0ae5fcfc8fe8e0875fa669f)
-Merged-In: I5d329beecef1902c36704e93d0bc5cb60d0e2f5b
-Change-Id: I5d329beecef1902c36704e93d0bc5cb60d0e2f5b
----
- core/java/android/app/ActivityOptions.java | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/core/java/android/app/ActivityOptions.java b/core/java/android/app/ActivityOptions.java
-index 36ab62aedc09..c8f54fd275ee 100644
---- a/core/java/android/app/ActivityOptions.java
-+++ b/core/java/android/app/ActivityOptions.java
-@@ -20,6 +20,8 @@ import static android.Manifest.permission.CONTROL_REMOTE_APP_TRANSITION_ANIMATIO
- import static android.app.ActivityTaskManager.SPLIT_SCREEN_CREATE_MODE_TOP_OR_LEFT;
- import static android.app.WindowConfiguration.ACTIVITY_TYPE_UNDEFINED;
- import static android.app.WindowConfiguration.WINDOWING_MODE_UNDEFINED;
-+import static android.content.Intent.FLAG_ACTIVITY_NEW_TASK;
-+import static android.content.Intent.FLAG_RECEIVER_FOREGROUND;
- import static android.view.Display.INVALID_DISPLAY;
- 
- import android.annotation.Nullable;
-@@ -1262,7 +1264,9 @@ public class ActivityOptions extends ComponentOptions {
-      * @hide
-      */
-     public int getPendingIntentLaunchFlags() {
--        return mPendingIntentLaunchFlags;
-+        // b/243794108: Ignore all flags except the new task flag, to be reconsidered in b/254490217
-+        return mPendingIntentLaunchFlags &
-+                (FLAG_ACTIVITY_NEW_TASK | FLAG_RECEIVER_FOREGROUND);
-     }
- 
-     /**
diff --git a/Patches/LineageOS-17.1/android_frameworks_base/360959.patch b/Patches/LineageOS-17.1/android_frameworks_base/360959.patch
deleted file mode 100644
index a6fd8255..00000000
--- a/Patches/LineageOS-17.1/android_frameworks_base/360959.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Aaron Liu <aaronjli@google.com>
-Date: Tue, 28 Mar 2023 13:15:04 -0700
-Subject: [PATCH] DO NOT MERGE Dismiss keyguard when simpin auth'd and...
-
-security method is none. This is mostly to fix the case where we auth
-sim pin in the set up wizard and it goes straight to keyguard instead of
-the setup wizard activity.
-
-This works with the prevent bypass keyguard flag because the device
-should be noe secure in this case.
-
-Fixes: 222446076
-Test: turn locked sim on, which opens the sim pin screen. Auth the
-screen and observe that keyguard is not shown.
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:48fa9bef3451e4a358c941af5b230f99881c5cb6)
-Cherry-picking this CL as a security fix
-
-Bug: 222446076
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:09f004722284ef6b9790ddf9338a1708b3f0833c)
-Merged-In: If4360dd6ae2e5f79b43eaf1a29687ac9cc4b6101
-Change-Id: If4360dd6ae2e5f79b43eaf1a29687ac9cc4b6101
----
- .../src/com/android/keyguard/KeyguardSecurityContainer.java     | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/packages/SystemUI/src/com/android/keyguard/KeyguardSecurityContainer.java b/packages/SystemUI/src/com/android/keyguard/KeyguardSecurityContainer.java
-index 89514a52d0bd..bd555e7360d8 100644
---- a/packages/SystemUI/src/com/android/keyguard/KeyguardSecurityContainer.java
-+++ b/packages/SystemUI/src/com/android/keyguard/KeyguardSecurityContainer.java
-@@ -529,7 +529,7 @@ public class KeyguardSecurityContainer extends FrameLayout implements KeyguardSe
-                 case SimPuk:
-                     // Shortcut for SIM PIN/PUK to go to directly to user's security screen or home
-                     SecurityMode securityMode = mSecurityModel.getSecurityMode(targetUserId);
--                    if (securityMode == SecurityMode.None && mLockPatternUtils.isLockScreenDisabled(
-+                    if (securityMode == SecurityMode.None || mLockPatternUtils.isLockScreenDisabled(
-                             KeyguardUpdateMonitor.getCurrentUser())) {
-                         finish = true;
-                         eventSubtype = BOUNCER_DISMISS_SIM;
diff --git a/Patches/LineageOS-17.1/android_frameworks_base/360960.patch b/Patches/LineageOS-17.1/android_frameworks_base/360960.patch
deleted file mode 100644
index 859da4b2..00000000
--- a/Patches/LineageOS-17.1/android_frameworks_base/360960.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Ioana Alexandru <aioana@google.com>
-Date: Fri, 28 Apr 2023 14:11:04 +0000
-Subject: [PATCH] DO NOT MERGE Increase notification channel limit.
-
-This was previously reduced because it can cause an out of memory error or be abused to trigger a permanent denial of service, but it breaks some messages apps in Android 11, as they are creating too many channels. Rolling it back until the apps are fixed to reduce user impact.
-
-Bug: 279447569
-Bug: 261723753
-Test: N/A, this was previously 50k
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:5664378a7cac48184ec0702a41aaed0677d41136)
-Merged-In: Id8da382f812d4abb8db723c40a61366a7402da4f
-Change-Id: Id8da382f812d4abb8db723c40a61366a7402da4f
----
- .../java/com/android/server/notification/PreferencesHelper.java | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/services/core/java/com/android/server/notification/PreferencesHelper.java b/services/core/java/com/android/server/notification/PreferencesHelper.java
-index 1a3779f7c607..32d1e7e53b6b 100644
---- a/services/core/java/com/android/server/notification/PreferencesHelper.java
-+++ b/services/core/java/com/android/server/notification/PreferencesHelper.java
-@@ -73,7 +73,7 @@ public class PreferencesHelper implements RankingConfig {
-     private static final String NON_BLOCKABLE_CHANNEL_DELIM = ":";
- 
-     @VisibleForTesting
--    static final int NOTIFICATION_CHANNEL_COUNT_LIMIT = 5000;
-+    static final int NOTIFICATION_CHANNEL_COUNT_LIMIT = 50000;
-     @VisibleForTesting
-     static final int NOTIFICATION_CHANNEL_GROUP_COUNT_LIMIT = 6000;
- 
diff --git a/Patches/LineageOS-17.1/android_frameworks_base/360962-backport.patch b/Patches/LineageOS-17.1/android_frameworks_base/360962-backport.patch
deleted file mode 100644
index 8d122737..00000000
--- a/Patches/LineageOS-17.1/android_frameworks_base/360962-backport.patch
+++ /dev/null
@@ -1,99 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Andr=C3=A1s=20Kurucz?= <kurucz@google.com>
-Date: Fri, 21 Apr 2023 09:45:07 +0000
-Subject: [PATCH] Truncate ShortcutInfo Id
-
-Creating Conversation with a ShortcutId longer than 65_535 (max unsigned short), we did not save the conversation settings into the notification_policy.xml due to a restriction in FastDataOutput.
-This put us to a state where the user changing the importance or turning off the notifications for the given conversation had no effect on notification behavior.
-
-Fixes: 273729476
-Test: atest ShortcutManagerTest2
-Test: Create a test app which creates a Conversation with a long shortcutId. Go to the Conversation Settings and turn off Notifications. Post a new Notification to this Conversation and see if it is displayed.
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:f31df6234091b5b1de258a01dd4b2d8e5415ee2e)
-Merged-In: I2617de6f9e8a7dbfd8fbeff589a7d592f00d87c5
-Change-Id: I2617de6f9e8a7dbfd8fbeff589a7d592f00d87c5
----
- .../java/android/content/pm/ShortcutInfo.java | 20 ++++++++++++++++---
- .../server/pm/ShortcutManagerTest2.java       | 10 ++++++++++
- 2 files changed, 27 insertions(+), 3 deletions(-)
-
-diff --git a/core/java/android/content/pm/ShortcutInfo.java b/core/java/android/content/pm/ShortcutInfo.java
-index 58aacc2c36c7..a50b321f6827 100644
---- a/core/java/android/content/pm/ShortcutInfo.java
-+++ b/core/java/android/content/pm/ShortcutInfo.java
-@@ -236,6 +236,12 @@ public final class ShortcutInfo implements Parcelable {
-      */
-     public static final int DISABLED_REASON_OTHER_RESTORE_ISSUE = 103;
- 
-+    /**
-+     * The maximum length of Shortcut ID. IDs will be truncated at this limit.
-+     * @hide
-+     */
-+    public static final int MAX_ID_LENGTH = 1000;
-+
-     /** @hide */
-     @IntDef(prefix = { "DISABLED_REASON_" }, value = {
-             DISABLED_REASON_NOT_DISABLED,
-@@ -408,8 +414,7 @@ public final class ShortcutInfo implements Parcelable {
- 
-     private ShortcutInfo(Builder b) {
-         mUserId = b.mContext.getUserId();
--
--        mId = Preconditions.checkStringNotEmpty(b.mId, "Shortcut ID must be provided");
-+        mId = getSafeId(Preconditions.checkStringNotEmpty(b.mId, "Shortcut ID must be provided"));
- 
-         // Note we can't do other null checks here because SM.updateShortcuts() takes partial
-         // information.
-@@ -511,6 +516,14 @@ public final class ShortcutInfo implements Parcelable {
-         return ret;
-     }
- 
-+    @NonNull
-+    private static String getSafeId(@NonNull String id) {
-+        if (id.length() > MAX_ID_LENGTH) {
-+            return id.substring(0, MAX_ID_LENGTH);
-+        }
-+        return id;
-+    }
-+
-     /**
-      * Throws if any of the mandatory fields is not set.
-      *
-@@ -2009,7 +2022,8 @@ public final class ShortcutInfo implements Parcelable {
-         final ClassLoader cl = getClass().getClassLoader();
- 
-         mUserId = source.readInt();
--        mId = source.readString();
-+        mId = getSafeId(Preconditions.checkStringNotEmpty(source.readString(),
-+                "Shortcut ID must be provided"));
-         mPackageName = source.readString();
-         mActivity = source.readParcelable(cl);
-         mFlags = source.readInt();
-diff --git a/services/tests/servicestests/src/com/android/server/pm/ShortcutManagerTest2.java b/services/tests/servicestests/src/com/android/server/pm/ShortcutManagerTest2.java
-index fd3678dae0c4..18970322d854 100644
---- a/services/tests/servicestests/src/com/android/server/pm/ShortcutManagerTest2.java
-+++ b/services/tests/servicestests/src/com/android/server/pm/ShortcutManagerTest2.java
-@@ -53,6 +53,7 @@ import java.io.File;
- import java.io.FileWriter;
- import java.io.IOException;
- import java.io.Writer;
-+import java.util.Collections;
- import java.util.Locale;
- 
- /**
-@@ -223,6 +224,15 @@ public class ShortcutManagerTest2 extends BaseShortcutManagerTest {
-                 });
-     }
- 
-+    public void testShortcutIdTruncated() {
-+        ShortcutInfo si = new ShortcutInfo.Builder(getTestContext(),
-+                String.join("", Collections.nCopies(Short.MAX_VALUE, "s"))).build();
-+
-+        assertTrue(
-+                "id must be truncated to MAX_ID_LENGTH",
-+                si.getId().length() <= ShortcutInfo.MAX_ID_LENGTH);
-+    }
-+
-     public void testShortcutInfoParcel() {
-         setCaller(CALLING_PACKAGE_1, USER_10);
-         ShortcutInfo si = parceled(new ShortcutInfo.Builder(mClientContext)
diff --git a/Patches/LineageOS-17.1/android_frameworks_base/360963.patch b/Patches/LineageOS-17.1/android_frameworks_base/360963.patch
deleted file mode 100644
index 079671c9..00000000
--- a/Patches/LineageOS-17.1/android_frameworks_base/360963.patch
+++ /dev/null
@@ -1,127 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Ioana Alexandru <aioana@google.com>
-Date: Thu, 27 Apr 2023 12:36:05 +0000
-Subject: [PATCH] Visit URIs in landscape/portrait custom remote views.
-
-Bug: 277740848
-Test: atest RemoteViewsTest NotificationManagerServiceTest & tested with POC from bug
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:e8acb2f660bdb03616989852f9dbbf1726f8237e)
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:43e1ae4e0d408604b9e3c18ac0e9bf87529b92a8)
-Merged-In: I7d3d35df0ec38945019f71755bed8797b7af4517
-Change-Id: I7d3d35df0ec38945019f71755bed8797b7af4517
----
- core/java/android/widget/RemoteViews.java     |  6 ++
- .../src/android/widget/RemoteViewsTest.java   | 64 +++++++++++++++++++
- 2 files changed, 70 insertions(+)
-
-diff --git a/core/java/android/widget/RemoteViews.java b/core/java/android/widget/RemoteViews.java
-index 86cec5e0f0a2..21d38b559736 100644
---- a/core/java/android/widget/RemoteViews.java
-+++ b/core/java/android/widget/RemoteViews.java
-@@ -554,6 +554,12 @@ public class RemoteViews implements Parcelable, Filter {
-                 mActions.get(i).visitUris(visitor);
-             }
-         }
-+        if (mLandscape != null) {
-+            mLandscape.visitUris(visitor);
-+        }
-+        if (mPortrait != null) {
-+            mPortrait.visitUris(visitor);
-+        }
-     }
- 
-     private static void visitIconUri(Icon icon, @NonNull Consumer<Uri> visitor) {
-diff --git a/core/tests/coretests/src/android/widget/RemoteViewsTest.java b/core/tests/coretests/src/android/widget/RemoteViewsTest.java
-index 8cb7e1b95245..46f2c0928fc3 100644
---- a/core/tests/coretests/src/android/widget/RemoteViewsTest.java
-+++ b/core/tests/coretests/src/android/widget/RemoteViewsTest.java
-@@ -20,6 +20,10 @@ import static org.junit.Assert.assertArrayEquals;
- import static org.junit.Assert.assertEquals;
- import static org.junit.Assert.assertSame;
- import static org.junit.Assert.assertTrue;
-+import static org.mockito.ArgumentMatchers.eq;
-+import static org.mockito.Mockito.spy;
-+import static org.mockito.Mockito.times;
-+import static org.mockito.Mockito.verify;
- 
- import android.app.ActivityOptions;
- import android.app.PendingIntent;
-@@ -29,6 +33,8 @@ import android.content.Intent;
- import android.graphics.Bitmap;
- import android.graphics.drawable.BitmapDrawable;
- import android.graphics.drawable.Drawable;
-+import android.graphics.drawable.Icon;
-+import android.net.Uri;
- import android.os.AsyncTask;
- import android.os.Binder;
- import android.os.Parcel;
-@@ -50,6 +56,7 @@ import org.junit.runner.RunWith;
- import java.util.ArrayList;
- import java.util.Arrays;
- import java.util.concurrent.CountDownLatch;
-+import java.util.function.Consumer;
- 
- /**
-  * Tests for RemoteViews.
-@@ -499,4 +506,61 @@ public class RemoteViewsTest {
-             return null;
-         }
-     }
-+
-+    @Test
-+    public void visitUris() {
-+        RemoteViews views = new RemoteViews(mPackage, R.layout.remote_views_test);
-+
-+        final Uri imageUri = Uri.parse("content://media/image");
-+        final Icon icon1 = Icon.createWithContentUri("content://media/icon1");
-+        final Icon icon2 = Icon.createWithContentUri("content://media/icon2");
-+        final Icon icon3 = Icon.createWithContentUri("content://media/icon3");
-+        final Icon icon4 = Icon.createWithContentUri("content://media/icon4");
-+        views.setImageViewUri(R.id.image, imageUri);
-+        views.setTextViewCompoundDrawables(R.id.text, icon1, icon2, icon3, icon4);
-+
-+        Consumer<Uri> visitor = (Consumer<Uri>) spy(Consumer.class);
-+        views.visitUris(visitor);
-+        verify(visitor, times(1)).accept(eq(imageUri));
-+        verify(visitor, times(1)).accept(eq(icon1.getUri()));
-+        verify(visitor, times(1)).accept(eq(icon2.getUri()));
-+        verify(visitor, times(1)).accept(eq(icon3.getUri()));
-+        verify(visitor, times(1)).accept(eq(icon4.getUri()));
-+    }
-+
-+    @Test
-+    public void visitUris_separateOrientation() {
-+        final RemoteViews landscape = new RemoteViews(mPackage, R.layout.remote_views_test);
-+        final Uri imageUriL = Uri.parse("content://landscape/image");
-+        final Icon icon1L = Icon.createWithContentUri("content://landscape/icon1");
-+        final Icon icon2L = Icon.createWithContentUri("content://landscape/icon2");
-+        final Icon icon3L = Icon.createWithContentUri("content://landscape/icon3");
-+        final Icon icon4L = Icon.createWithContentUri("content://landscape/icon4");
-+        landscape.setImageViewUri(R.id.image, imageUriL);
-+        landscape.setTextViewCompoundDrawables(R.id.text, icon1L, icon2L, icon3L, icon4L);
-+
-+        final RemoteViews portrait = new RemoteViews(mPackage, 33);
-+        final Uri imageUriP = Uri.parse("content://portrait/image");
-+        final Icon icon1P = Icon.createWithContentUri("content://portrait/icon1");
-+        final Icon icon2P = Icon.createWithContentUri("content://portrait/icon2");
-+        final Icon icon3P = Icon.createWithContentUri("content://portrait/icon3");
-+        final Icon icon4P = Icon.createWithContentUri("content://portrait/icon4");
-+        portrait.setImageViewUri(R.id.image, imageUriP);
-+        portrait.setTextViewCompoundDrawables(R.id.text, icon1P, icon2P, icon3P, icon4P);
-+
-+        RemoteViews views = new RemoteViews(landscape, portrait);
-+
-+        Consumer<Uri> visitor = (Consumer<Uri>) spy(Consumer.class);
-+        views.visitUris(visitor);
-+        verify(visitor, times(1)).accept(eq(imageUriL));
-+        verify(visitor, times(1)).accept(eq(icon1L.getUri()));
-+        verify(visitor, times(1)).accept(eq(icon2L.getUri()));
-+        verify(visitor, times(1)).accept(eq(icon3L.getUri()));
-+        verify(visitor, times(1)).accept(eq(icon4L.getUri()));
-+        verify(visitor, times(1)).accept(eq(imageUriP));
-+        verify(visitor, times(1)).accept(eq(icon1P.getUri()));
-+        verify(visitor, times(1)).accept(eq(icon2P.getUri()));
-+        verify(visitor, times(1)).accept(eq(icon3P.getUri()));
-+        verify(visitor, times(1)).accept(eq(icon4P.getUri()));
-+    }
- }
diff --git a/Patches/LineageOS-17.1/android_frameworks_base/364029.patch b/Patches/LineageOS-17.1/android_frameworks_base/364029.patch
deleted file mode 100644
index 4964f627..00000000
--- a/Patches/LineageOS-17.1/android_frameworks_base/364029.patch
+++ /dev/null
@@ -1,109 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Jing Ji <jji@google.com>
-Date: Tue, 25 Oct 2022 22:39:52 -0700
-Subject: [PATCH] DO NOT MERGE: ActivityManager#killBackgroundProcesses can
- kill caller's own app only
-
-unless it's a system app.
-
-Bug: 239423414
-Bug: 223376078
-Test: atest CtsAppTestCases:ActivityManagerTest
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:8b382775b258220466a977453905797521e159de)
-Merged-In: Iac6baa889965b8ffecd9a43179a4c96632ad1d02
-Change-Id: Iac6baa889965b8ffecd9a43179a4c96632ad1d02
----
- core/java/android/app/ActivityManager.java    |  3 ++
- core/res/AndroidManifest.xml                  |  6 +++-
- .../server/am/ActivityManagerService.java     | 32 +++++++++++++++++--
- 3 files changed, 38 insertions(+), 3 deletions(-)
-
-diff --git a/core/java/android/app/ActivityManager.java b/core/java/android/app/ActivityManager.java
-index 556b60bafd16..eff49bc1fe95 100644
---- a/core/java/android/app/ActivityManager.java
-+++ b/core/java/android/app/ActivityManager.java
-@@ -3452,6 +3452,9 @@ public class ActivityManager {
-      * processes to reclaim memory; the system will take care of restarting
-      * these processes in the future as needed.
-      *
-+     * <p class="note">Third party applications can only use this API to kill their own processes.
-+     * </p>
-+     *
-      * @param packageName The name of the package whose processes are to
-      * be killed.
-      */
-diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
-index 586d9a819d1e..a8dd041454c9 100644
---- a/core/res/AndroidManifest.xml
-+++ b/core/res/AndroidManifest.xml
-@@ -2379,7 +2379,11 @@
-         android:protectionLevel="normal" />
- 
-     <!-- Allows an application to call
--        {@link android.app.ActivityManager#killBackgroundProcesses}.
-+         {@link android.app.ActivityManager#killBackgroundProcesses}.
-+
-+         <p class="note">Third party applications can only use this API to kill their own
-+         processes.</p>
-+
-          <p>Protection level: normal
-     -->
-     <permission android:name="android.permission.KILL_BACKGROUND_PROCESSES"
-diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
-index efbccb3b8f94..b4e2e2b9cac9 100644
---- a/services/core/java/com/android/server/am/ActivityManagerService.java
-+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
-@@ -4148,8 +4148,20 @@ public class ActivityManagerService extends IActivityManager.Stub
-             Slog.w(TAG, msg);
-             throw new SecurityException(msg);
-         }
-+        final int callingUid = Binder.getCallingUid();
-+        final int callingPid = Binder.getCallingPid();
-+        final int callingAppId = UserHandle.getAppId(callingUid);
- 
--        userId = mUserController.handleIncomingUser(Binder.getCallingPid(), Binder.getCallingUid(),
-+        ProcessRecord proc;
-+        synchronized (mPidsSelfLocked) {
-+            proc = mPidsSelfLocked.get(callingPid);
-+        }
-+        final boolean hasKillAllPermission = PERMISSION_GRANTED == checkPermission(
-+                android.Manifest.permission.FORCE_STOP_PACKAGES, callingPid, callingUid)
-+                || UserHandle.isCore(callingUid)
-+                || (proc != null && proc.info.isSystemApp());
-+
-+        userId = mUserController.handleIncomingUser(callingPid, callingUid,
-                 userId, true, ALLOW_FULL_ONLY, "killBackgroundProcesses", null);
-         final int[] userIds = mUserController.expandUserId(userId);
- 
-@@ -4164,7 +4176,7 @@ public class ActivityManagerService extends IActivityManager.Stub
-                                     targetUserId));
-                 } catch (RemoteException e) {
-                 }
--                if (appId == -1) {
-+                if (appId == -1 || (!hasKillAllPermission && appId != callingAppId)) {
-                     Slog.w(TAG, "Invalid packageName: " + packageName);
-                     return;
-                 }
-@@ -4224,6 +4236,22 @@ public class ActivityManagerService extends IActivityManager.Stub
-             throw new SecurityException(msg);
-         }
- 
-+        final int callingUid = Binder.getCallingUid();
-+        final int callingPid = Binder.getCallingPid();
-+
-+        ProcessRecord proc;
-+        synchronized (mPidsSelfLocked) {
-+            proc = mPidsSelfLocked.get(callingPid);
-+        }
-+        if (callingUid >= FIRST_APPLICATION_UID
-+                && (proc == null || !proc.info.isSystemApp())) {
-+            final String msg = "Permission Denial: killAllBackgroundProcesses() from pid="
-+                    + callingPid + ", uid=" + callingUid + " is not allowed";
-+            Slog.w(TAG, msg);
-+            // Silently return to avoid existing apps from crashing.
-+            return;
-+        }
-+
-         final long callingId = Binder.clearCallingIdentity();
-         try {
-             synchronized (this) {
diff --git a/Patches/LineageOS-17.1/android_frameworks_base/364030-backport-prereq.patch b/Patches/LineageOS-17.1/android_frameworks_base/364030-backport-prereq.patch
deleted file mode 100644
index 929c30b2..00000000
--- a/Patches/LineageOS-17.1/android_frameworks_base/364030-backport-prereq.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Alexander Grund <flamefire89@gmail.com>
-Date: Mon, 14 Aug 2023 13:04:21 +0200
-Subject: [PATCH] Add `PackageParser.Package getPackage(int uid)`
-
-Partial backport of ca1ea17a3eacf71a64dc501c4374a4eeb6246451
-
-Change-Id: I8adb1ffac1ebe3d419c1fcf2c14b22a50b31fd5b
----
- .../android/content/pm/PackageManagerInternal.java  |  6 ++++++
- .../android/server/pm/PackageManagerService.java    | 13 +++++++++++++
- 2 files changed, 19 insertions(+)
-
-diff --git a/core/java/android/content/pm/PackageManagerInternal.java b/core/java/android/content/pm/PackageManagerInternal.java
-index 84d9743eec9e..9f9ff88c1541 100644
---- a/core/java/android/content/pm/PackageManagerInternal.java
-+++ b/core/java/android/content/pm/PackageManagerInternal.java
-@@ -667,6 +667,12 @@ public abstract class PackageManagerInternal {
-      */
-     public abstract @Nullable PackageParser.Package getPackage(@NonNull String packageName);
- 
-+    /**
-+     * Returns a package for the given UID. If the UID is part of a shared user ID, one
-+     * of the packages will be chosen to be returned.
-+     */
-+    public abstract @Nullable PackageParser.Package getPackage(int uid);
-+
-     /**
-      * Returns a list without a change observer.
-      *
-diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
-index 27282c0a2dda..5bd1b4ac0195 100644
---- a/services/core/java/com/android/server/pm/PackageManagerService.java
-+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
-@@ -24648,6 +24648,19 @@ public class PackageManagerService extends IPackageManager.Stub
-             }
-         }
- 
-+        @Override
-+        public PackageParser.Package getPackage(int uid) {
-+            synchronized (mPackages) {
-+                final String[] packageNames = getPackagesForUid(uid);
-+                PackageParser.Package pkg = null;
-+                final int numPackages = packageNames == null ? 0 : packageNames.length;
-+                for (int i = 0; pkg == null && i < numPackages; i++) {
-+                    pkg = mPackages.get(packageNames[i]);
-+                }
-+                return pkg;
-+            }
-+        }
-+
-         @Override
-         public PackageList getPackageList(PackageListObserver observer) {
-             synchronized (mPackages) {
diff --git a/Patches/LineageOS-17.1/android_frameworks_base/364030-backport.patch b/Patches/LineageOS-17.1/android_frameworks_base/364030-backport.patch
deleted file mode 100644
index 972c6e38..00000000
--- a/Patches/LineageOS-17.1/android_frameworks_base/364030-backport.patch
+++ /dev/null
@@ -1,104 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Austin Borger <borgera@google.com>
-Date: Sat, 18 Mar 2023 12:56:12 -0700
-Subject: [PATCH] ActivityManagerService: Allow openContentUri from
- vendor/system/product.
-
-Apps should not have direct access to this entry point. Check that the
-caller is a vendor, system, or product package.
-
-Test: Ran PoC app and CtsMediaPlayerTestCases.
-Bug: 236688380
-(cherry picked from commit d0ba7467c2cb2815f94f6651cbb1c2f405e8e9c7)
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:821f4c0d8ba06be32ce9b46c7a7c09d1cacd7b0e)
-Merged-In: I0335496d28fa5fc3bfe1fecd4be90040b0b3687f
-Change-Id: I0335496d28fa5fc3bfe1fecd4be90040b0b3687f
----
- .../server/am/ActivityManagerService.java     | 59 ++++++++++++++++++-
- 1 file changed, 58 insertions(+), 1 deletion(-)
-
-diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
-index b4e2e2b9cac9..4f3dd3449fae 100644
---- a/services/core/java/com/android/server/am/ActivityManagerService.java
-+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
-@@ -160,6 +160,7 @@ import android.app.AppOpsManager;
- import android.app.AppOpsManagerInternal.CheckOpsDelegate;
- import android.app.ApplicationErrorReport;
- import android.app.ApplicationThreadConstants;
-+import android.app.AppOpsManager;
- import android.app.BroadcastOptions;
- import android.app.ContentProviderHolder;
- import android.app.Dialog;
-@@ -7865,7 +7866,54 @@ public class ActivityManagerService extends IActivityManager.Stub
-             Binder token = new Binder();
-             sCallerIdentity.set(new Identity(
-                     token, Binder.getCallingPid(), Binder.getCallingUid()));
-+            boolean handlingSecurityViolation = false;
-             try {
-+                // This method is exposed to the VNDK and to avoid changing its
-+                // signature we just use the first package in the UID. For shared
-+                // UIDs we may blame the wrong app but that is Okay as they are
-+                // in the same security/privacy sandbox.
-+                final int uid = Binder.getCallingUid();
-+                // Here we handle some of the special UIDs (mediaserver, systemserver, etc)
-+                // Note: This is moved to AppOpsManager.resolvePackageName in future versions.
-+                final String packageName;
-+                if (uid == Process.ROOT_UID) {
-+                    packageName = "root";
-+                } else if (uid == Process.SHELL_UID) {
-+                    packageName = "com.android.shell";
-+                } else if (uid == Process.MEDIA_UID) {
-+                    packageName = "media";
-+                } else if (uid == Process.AUDIOSERVER_UID) {
-+                    packageName = "audioserver";
-+                } else if (uid == Process.CAMERASERVER_UID) {
-+                    packageName = "cameraserver";
-+                } else if (uid == Process.SYSTEM_UID) {
-+                    packageName = "android";
-+                } else {
-+                    packageName = null;
-+                }
-+
-+                final PackageParser.Package androidPackage;
-+                if (packageName != null) {
-+                    androidPackage = mPackageManagerInt.getPackage(packageName);
-+                } else {
-+                    androidPackage = mPackageManagerInt.getPackage(uid);
-+                }
-+                if (androidPackage == null) {
-+                    Log.e(TAG, "Cannot find package for uid: " + uid);
-+                    handlingSecurityViolation = true;
-+                    return null;
-+                }
-+
-+                final ApplicationInfo appInfo = mPackageManagerInt.getApplicationInfo(
-+                        androidPackage.packageName, /*flags*/0, Process.SYSTEM_UID,
-+                        UserHandle.USER_SYSTEM);
-+                if (!appInfo.isVendor() && !appInfo.isSystemApp()
-+                        && !appInfo.isProduct()) {
-+                    Log.e(TAG, "openContentUri may only be used by vendor/system/product.");
-+                    handlingSecurityViolation = true;
-+                    return null;
-+                }
-+
-                 pfd = cph.provider.openFile(null, uri, "r", null, token);
-             } catch (FileNotFoundException e) {
-                 // do nothing; pfd will be returned null
-@@ -7873,7 +7921,16 @@ public class ActivityManagerService extends IActivityManager.Stub
-                 // Ensure that whatever happens, we clean up the identity state
-                 sCallerIdentity.remove();
-                 // Ensure we're done with the provider.
--                removeContentProviderExternalUnchecked(name, null, userId);
-+                try {
-+                    removeContentProviderExternalUnchecked(name, null, userId);
-+                } catch (SecurityException e) {
-+                    // A SecurityException may be thrown from computeOomAdjLocked if the calling
-+                    // UID is that of a malicious app accessing this hidden API. In that case
-+                    // we're already handling that by returning null, so tolerate this.
-+                    if (!handlingSecurityViolation) {
-+                        throw e;
-+                    }
-+                }
-             }
-         } else {
-             Slog.d(TAG, "Failed to get provider for authority '" + name + "'");
diff --git a/Patches/LineageOS-17.1/android_frameworks_base/364031-backport.patch b/Patches/LineageOS-17.1/android_frameworks_base/364031-backport.patch
deleted file mode 100644
index 6b1577e9..00000000
--- a/Patches/LineageOS-17.1/android_frameworks_base/364031-backport.patch
+++ /dev/null
@@ -1,93 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Ioana Alexandru <aioana@google.com>
-Date: Thu, 27 Apr 2023 14:55:28 +0000
-Subject: [PATCH] Verify URI permissions for notification shortcutIcon.
-
-Bug: 277593270
-Test: atest NotificationManagerServiceTest
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:47e661cbf37e1dedf676f482ac07ffc433c92d0b)
-Merged-In: I1efaa1301bca36895ad4322a919d7421156a60df
-Change-Id: I1efaa1301bca36895ad4322a919d7421156a60df
----
- core/java/android/app/Notification.java       | 20 +++++++++++++++++++
- .../NotificationManagerServiceTest.java       |  7 ++++++-
- 2 files changed, 26 insertions(+), 1 deletion(-)
-
-diff --git a/core/java/android/app/Notification.java b/core/java/android/app/Notification.java
-index 3e75c52bf893..8f0b36cf2a87 100644
---- a/core/java/android/app/Notification.java
-+++ b/core/java/android/app/Notification.java
-@@ -18,6 +18,7 @@ package android.app;
- 
- import static android.annotation.Dimension.DP;
- import static android.graphics.drawable.Icon.TYPE_BITMAP;
-+import static android.graphics.drawable.Icon.TYPE_URI;
- 
- import static com.android.internal.util.ContrastColorUtil.satisfiesTextContrast;
- 
-@@ -2434,6 +2435,14 @@ public class Notification implements Parcelable
-         }
-     }
- 
-+    private static void visitIconUri(@NonNull Consumer<Uri> visitor, @Nullable Icon icon) {
-+        if (icon == null) return;
-+        final int iconType = icon.getType();
-+        if (iconType == TYPE_URI /*|| iconType == TYPE_URI_ADAPTIVE_BITMAP*/) {
-+            visitor.accept(icon.getUri());
-+        }
-+    }
-+
-     /**
-      * Note all {@link Uri} that are referenced internally, with the expectation
-      * that Uri permission grants will need to be issued to ensure the recipient
-@@ -2449,7 +2458,18 @@ public class Notification implements Parcelable
-         if (bigContentView != null) bigContentView.visitUris(visitor);
-         if (headsUpContentView != null) headsUpContentView.visitUris(visitor);
- 
-+        visitIconUri(visitor, mSmallIcon);
-+        visitIconUri(visitor, mLargeIcon);
-+
-+        if (actions != null) {
-+            for (Action action : actions) {
-+                visitIconUri(visitor, action.getIcon());
-+            }
-+        }
-+
-         if (extras != null) {
-+            visitIconUri(visitor, extras.getParcelable(EXTRA_LARGE_ICON_BIG));
-+
-             visitor.accept(extras.getParcelable(EXTRA_AUDIO_CONTENTS_URI));
-             if (extras.containsKey(EXTRA_BACKGROUND_IMAGE_URI)) {
-                 visitor.accept(Uri.parse(extras.getString(EXTRA_BACKGROUND_IMAGE_URI)));
-diff --git a/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java b/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java
-index 6c1620751866..a7a6f7a59ac3 100755
---- a/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java
-+++ b/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java
-@@ -3414,6 +3414,8 @@ public class NotificationManagerServiceTest extends UiServiceTestCase {
-     public void testVisitUris() throws Exception {
-         final Uri audioContents = Uri.parse("content://com.example/audio");
-         final Uri backgroundImage = Uri.parse("content://com.example/background");
-+        final Icon smallIcon = Icon.createWithContentUri("content://media/small/icon");
-+        final Icon largeIcon = Icon.createWithContentUri("content://media/large/icon");
- 
-         Bundle extras = new Bundle();
-         extras.putParcelable(Notification.EXTRA_AUDIO_CONTENTS_URI, audioContents);
-@@ -3421,7 +3423,8 @@ public class NotificationManagerServiceTest extends UiServiceTestCase {
- 
-         Notification n = new Notification.Builder(mContext, "a")
-                 .setContentTitle("notification with uris")
--                .setSmallIcon(android.R.drawable.sym_def_app_icon)
-+                .setSmallIcon(smallIcon)
-+                .setLargeIcon(largeIcon)
-                 .addExtras(extras)
-                 .build();
- 
-@@ -3429,6 +3432,8 @@ public class NotificationManagerServiceTest extends UiServiceTestCase {
-         n.visitUris(visitor);
-         verify(visitor, times(1)).accept(eq(audioContents));
-         verify(visitor, times(1)).accept(eq(backgroundImage));
-+        verify(visitor, times(1)).accept(eq(smallIcon.getUri()));
-+        verify(visitor, times(1)).accept(eq(largeIcon.getUri()));
-     }
- 
-     @Test
diff --git a/Patches/LineageOS-17.1/android_frameworks_base/364032.patch b/Patches/LineageOS-17.1/android_frameworks_base/364032.patch
deleted file mode 100644
index 1e48222c..00000000
--- a/Patches/LineageOS-17.1/android_frameworks_base/364032.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Beverly <beverlyt@google.com>
-Date: Mon, 8 May 2023 16:33:12 +0000
-Subject: [PATCH] On device lockdown, always show the keyguard
-
-Manual test steps:
-1. Enable app pinning and disable "Ask for PIN before unpinning" setting
-2. Pin an app (ie: Settings)
-3. Lockdown from the power menu
-Observe: user is brought to the keyguard, primary auth is required
-to enter the device. After entering credential, the device is still in
-app pinning mode.
-
-Test: atest KeyguardViewMediatorTest
-Test: manual steps outlined above
-Bug: 218495634
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:b23c2d5fb6630ea0da503b937f62880594b13e94)
-Merged-In: I9a7c5e1acadabd4484e58573331f98dba895f2a2
-Change-Id: I9a7c5e1acadabd4484e58573331f98dba895f2a2
----
- .../systemui/keyguard/KeyguardViewMediator.java        | 10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
-
-diff --git a/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java b/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java
-index f025575623ca..cd02fe9a6c2d 100644
---- a/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java
-+++ b/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java
-@@ -556,6 +556,13 @@ public class KeyguardViewMediator extends SystemUI {
-                 notifyHasLockscreenWallpaperChanged(hasLockscreenWallpaper);
-             }
-         }
-+
-+        @Override
-+        public void onStrongAuthStateChanged(int userId) {
-+            if (mLockPatternUtils.isUserInLockdown(KeyguardUpdateMonitor.getCurrentUser())) {
-+                doKeyguardLocked(null);
-+            }
-+        }
-     };
- 
-     ViewMediatorCallback mViewMediatorCallback = new ViewMediatorCallback() {
-@@ -1319,7 +1326,8 @@ public class KeyguardViewMediator extends SystemUI {
-         }
- 
-         // if another app is disabling us, don't show
--        if (!mExternallyEnabled) {
-+        if (!mExternallyEnabled
-+            && !mLockPatternUtils.isUserInLockdown(KeyguardUpdateMonitor.getCurrentUser())) {
-             if (DEBUG) Log.d(TAG, "doKeyguard: not showing because externally disabled");
- 
-             mNeedToReshowWhenReenabled = true;
diff --git a/Patches/LineageOS-17.1/android_frameworks_base/364033-backport.patch b/Patches/LineageOS-17.1/android_frameworks_base/364033-backport.patch
deleted file mode 100644
index ed0e2e1f..00000000
--- a/Patches/LineageOS-17.1/android_frameworks_base/364033-backport.patch
+++ /dev/null
@@ -1,242 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Pavel Grafov <pgrafov@google.com>
-Date: Wed, 5 Apr 2023 15:15:41 +0000
-Subject: [PATCH] Ensure policy has no absurdly long strings
-
-The following APIs now enforce limits and throw IllegalArgumentException
-when limits are violated:
-* DPM.setTrustAgentConfiguration() limits agent packgage name,
-  component name, and strings within configuration bundle.
-* DPM.setPermittedAccessibilityServices() limits package names.
-* DPM.setPermittedInputMethods() limits package names.
-* DPM.setAccountManagementDisabled() limits account name.
-* DPM.setLockTaskPackages() limits package names.
-* DPM.setAffiliationIds() limits id.
-* DPM.transferOwnership() limits strings inside the bundle.
-
-Package names are limited at 223, because they become directory names
-and it is a filesystem restriction, see FrameworkParsingPackageUtils.
-
-All other strings are limited at 65535, because longer ones break binary
-XML serializer.
-
-The following APIs silently truncate strings that are long beyond reason:
-* DPM.setShortSupportMessage() truncates message at 200.
-* DPM.setLongSupportMessage() truncates message at 20000.
-* DPM.setOrganizationName() truncates org name at 200.
-
-Bug: 260729089
-Test: atest com.android.server.devicepolicy
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:bb7e82ceaa6d16267e7b0e14563161b506d26be8)
-Merged-In: Idcf54e408722f164d16bf2f24a00cd1f5b626d23
-Change-Id: Idcf54e408722f164d16bf2f24a00cd1f5b626d23
----
- .../app/admin/DevicePolicyManager.java        |  3 +-
- .../DevicePolicyManagerService.java           | 91 ++++++++++++++++++-
- 2 files changed, 90 insertions(+), 4 deletions(-)
-
-diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
-index 5e263b0d05b6..bff9bfdf185d 100644
---- a/core/java/android/app/admin/DevicePolicyManager.java
-+++ b/core/java/android/app/admin/DevicePolicyManager.java
-@@ -9075,7 +9075,8 @@ public class DevicePolicyManager {
- 
-     /**
-      * Called by a device admin to set the long support message. This will be displayed to the user
--     * in the device administators settings screen.
-+     * in the device administrators settings screen. If the message is longer than 20000 characters
-+     * it may be truncated.
-      * <p>
-      * If the long support message needs to be localized, it is the responsibility of the
-      * {@link DeviceAdminReceiver} to listen to the {@link Intent#ACTION_LOCALE_CHANGED} broadcast
-diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
-index b2e23da08e2d..682ea6edf726 100644
---- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
-+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
-@@ -278,6 +278,7 @@ import java.lang.reflect.Constructor;
- import java.nio.charset.StandardCharsets;
- import java.text.DateFormat;
- import java.time.LocalDate;
-+import java.util.ArrayDeque;
- import java.util.ArrayList;
- import java.util.Arrays;
- import java.util.Collection;
-@@ -287,6 +288,7 @@ import java.util.HashMap;
- import java.util.List;
- import java.util.Map;
- import java.util.Map.Entry;
-+import java.util.Queue;
- import java.util.Set;
- import java.util.concurrent.TimeUnit;
- import java.util.concurrent.atomic.AtomicBoolean;
-@@ -351,6 +353,15 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
- 
-     private static final int REQUEST_EXPIRE_PASSWORD = 5571;
- 
-+    // Binary XML serializer doesn't support longer strings
-+    private static final int MAX_POLICY_STRING_LENGTH = 65535;
-+    // FrameworkParsingPackageUtils#MAX_FILE_NAME_SIZE, Android packages are used in dir names.
-+    private static final int MAX_PACKAGE_NAME_LENGTH = 223;
-+
-+    private static final int MAX_LONG_SUPPORT_MESSAGE_LENGTH = 20000;
-+    private static final int MAX_SHORT_SUPPORT_MESSAGE_LENGTH = 200;
-+    private static final int MAX_ORG_NAME_LENGTH = 200;
-+
-     private static final long MS_PER_DAY = TimeUnit.DAYS.toMillis(1);
- 
-     private static final long EXPIRATION_GRACE_PERIOD_MS = 5 * MS_PER_DAY; // 5 days, in ms
-@@ -9042,6 +9053,12 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
-         }
-         Preconditions.checkNotNull(admin, "admin is null");
-         Preconditions.checkNotNull(agent, "agent is null");
-+        enforceMaxPackageNameLength(agent.getPackageName());
-+        final String agentAsString = agent.flattenToString();
-+        enforceMaxStringLength(agentAsString, "agent name");
-+        if (args != null) {
-+            enforceMaxStringLength(args, "args");
-+        }
-         final int userHandle = UserHandle.getCallingUserId();
-         synchronized (getLockObject()) {
-             ActiveAdmin ap = getActiveAdminForCallerLocked(admin,
-@@ -9262,6 +9279,10 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
-         Preconditions.checkNotNull(who, "ComponentName is null");
- 
-         if (packageList != null) {
-+            for (String pkg : (List<String>) packageList) {
-+                enforceMaxPackageNameLength(pkg);
-+            }
-+
-             int userId = UserHandle.getCallingUserId();
-             List<AccessibilityServiceInfo> enabledServices = null;
-             long id = mInjector.binderClearCallingIdentity();
-@@ -9450,6 +9471,10 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
-         }
-         final int callingUserId = mInjector.userHandleGetCallingUserId();
-         if (packageList != null) {
-+            for (String pkg : (List<String>) packageList) {
-+                enforceMaxPackageNameLength(pkg);
-+            }
-+
-             List<InputMethodInfo> enabledImes = InputMethodManagerInternal.get()
-                     .getEnabledInputMethodListAsUser(callingUserId);
-             if (enabledImes != null) {
-@@ -10424,6 +10449,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
-             return;
-         }
-         Preconditions.checkNotNull(who, "ComponentName is null");
-+        enforceMaxStringLength(accountType, "account type");
-         synchronized (getLockObject()) {
-             ActiveAdmin ap = getActiveAdminForCallerLocked(who,
-                     DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
-@@ -10709,6 +10735,9 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
-             throws SecurityException {
-         Preconditions.checkNotNull(who, "ComponentName is null");
-         Preconditions.checkNotNull(packages, "packages is null");
-+        for (String pkg : packages) {
-+            enforceMaxPackageNameLength(pkg);
-+        }
- 
-         synchronized (getLockObject()) {
-             enforceCanCallLockTaskLocked(who);
-@@ -12223,6 +12252,8 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
-             return;
-         }
-         Preconditions.checkNotNull(who, "ComponentName is null");
-+        message = truncateIfLonger(message, MAX_SHORT_SUPPORT_MESSAGE_LENGTH);
-+
-         final int userHandle = mInjector.userHandleGetCallingUserId();
-         synchronized (getLockObject()) {
-             ActiveAdmin admin = getActiveAdminForUidLocked(who,
-@@ -12256,6 +12287,9 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
-         if (!mHasFeature) {
-             return;
-         }
-+
-+        message = truncateIfLonger(message, MAX_LONG_SUPPORT_MESSAGE_LENGTH);
-+
-         Preconditions.checkNotNull(who, "ComponentName is null");
-         final int userHandle = mInjector.userHandleGetCallingUserId();
-         synchronized (getLockObject()) {
-@@ -12393,6 +12427,8 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
-         Preconditions.checkNotNull(who, "ComponentName is null");
-         final int userHandle = mInjector.userHandleGetCallingUserId();
- 
-+        text = truncateIfLonger(text, MAX_ORG_NAME_LENGTH);
-+
-         synchronized (getLockObject()) {
-             ActiveAdmin admin = getActiveAdminForCallerLocked(who,
-                     DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
-@@ -12604,9 +12640,8 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
-             throw new IllegalArgumentException("ids must not be null");
-         }
-         for (String id : ids) {
--            if (TextUtils.isEmpty(id)) {
--                throw new IllegalArgumentException("ids must not contain empty string");
--            }
-+            Preconditions.checkArgument(!TextUtils.isEmpty(id), "ids must not have empty string");
-+            enforceMaxStringLength(id, "affiliation id");
-         }
- 
-         final Set<String> affiliationIds = new ArraySet<>(ids);
-@@ -13728,6 +13763,9 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
- 
-         Preconditions.checkNotNull(admin, "Admin cannot be null.");
-         Preconditions.checkNotNull(target, "Target cannot be null.");
-+        if (bundle != null) {
-+            enforceMaxStringLength(bundle, "bundle");
-+        }
- 
-         enforceProfileOrDeviceOwner(admin);
- 
-@@ -14505,4 +14543,51 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
-         return DevicePolicyConstants.loadFromString(
-                 mInjector.settingsGlobalGetString(Global.DEVICE_POLICY_CONSTANTS));
-     }
-+
-+    /**
-+     * Truncates char sequence to maximum length, nulls are ignored.
-+     */
-+    private static CharSequence truncateIfLonger(CharSequence input, int maxLength) {
-+        return input == null || input.length() <= maxLength
-+                ? input
-+                : input.subSequence(0, maxLength);
-+    }
-+
-+    /**
-+     * Throw if string argument is too long to be serialized.
-+     */
-+    private static void enforceMaxStringLength(String str, String argName) {
-+        Preconditions.checkArgument(
-+                str.length() <= MAX_POLICY_STRING_LENGTH, argName + " loo long");
-+    }
-+
-+    private static void enforceMaxPackageNameLength(String pkg) {
-+        Preconditions.checkArgument(
-+                pkg.length() <= MAX_PACKAGE_NAME_LENGTH, "Package name too long");
-+    }
-+
-+    /**
-+     * Throw if persistable bundle contains any string that we can't serialize.
-+     */
-+    private static void enforceMaxStringLength(PersistableBundle bundle, String argName) {
-+        // Persistable bundles can have other persistable bundles as values, traverse with a queue.
-+        Queue<PersistableBundle> queue = new ArrayDeque<>();
-+        queue.add(bundle);
-+        while (!queue.isEmpty()) {
-+            PersistableBundle current = queue.remove();
-+            for (String key : current.keySet()) {
-+                enforceMaxStringLength(key, "key in " + argName);
-+                Object value = current.get(key);
-+                if (value instanceof String) {
-+                    enforceMaxStringLength((String) value, "string value in " + argName);
-+                } else if (value instanceof String[]) {
-+                    for (String str : (String[]) value) {
-+                        enforceMaxStringLength(str, "string value in " + argName);
-+                    }
-+                } else if (value instanceof PersistableBundle) {
-+                    queue.add((PersistableBundle) value);
-+                }
-+            }
-+        }
-+    }
- }
diff --git a/Patches/LineageOS-17.1/android_frameworks_base/364034.patch b/Patches/LineageOS-17.1/android_frameworks_base/364034.patch
deleted file mode 100644
index 57753aaf..00000000
--- a/Patches/LineageOS-17.1/android_frameworks_base/364034.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Ioana Alexandru <aioana@google.com>
-Date: Fri, 12 May 2023 15:41:09 +0000
-Subject: [PATCH] Implement visitUris for RemoteViews ViewGroupActionAdd.
-
-This is to prevent a vulnerability where notifications can show
-resources belonging to other users, since the URI in the nested views
-was not being checked.
-
-Bug: 277740082
-Test: atest RemoteViewsTest NotificationVisitUrisTest
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:850fd984e5f346645b5a941ed7307387c7e4c4de)
-Merged-In: I5c71f0bad0a6f6361eb5ceffe8d1e47e936d78f8
-Change-Id: I5c71f0bad0a6f6361eb5ceffe8d1e47e936d78f8
----
- core/java/android/widget/RemoteViews.java     |  5 ++++
- .../src/android/widget/RemoteViewsTest.java   | 24 +++++++++++++++++++
- 2 files changed, 29 insertions(+)
-
-diff --git a/core/java/android/widget/RemoteViews.java b/core/java/android/widget/RemoteViews.java
-index 21d38b559736..c2e591950e25 100644
---- a/core/java/android/widget/RemoteViews.java
-+++ b/core/java/android/widget/RemoteViews.java
-@@ -1663,6 +1663,11 @@ public class RemoteViews implements Parcelable, Filter {
-         public int getActionTag() {
-             return VIEW_GROUP_ACTION_ADD_TAG;
-         }
-+
-+        @Override
-+        public final void visitUris(@NonNull Consumer<Uri> visitor) {
-+            mNestedViews.visitUris(visitor);
-+        }
-     }
- 
-     /**
-diff --git a/core/tests/coretests/src/android/widget/RemoteViewsTest.java b/core/tests/coretests/src/android/widget/RemoteViewsTest.java
-index 46f2c0928fc3..83ff725b5b75 100644
---- a/core/tests/coretests/src/android/widget/RemoteViewsTest.java
-+++ b/core/tests/coretests/src/android/widget/RemoteViewsTest.java
-@@ -528,6 +528,30 @@ public class RemoteViewsTest {
-         verify(visitor, times(1)).accept(eq(icon4.getUri()));
-     }
- 
-+    @Test
-+    public void visitUris_nestedViews() {
-+        final RemoteViews outer = new RemoteViews(mPackage, R.layout.remote_views_test);
-+
-+        final RemoteViews inner = new RemoteViews(mPackage, 33);
-+        final Uri imageUriI = Uri.parse("content://inner/image");
-+        final Icon icon1 = Icon.createWithContentUri("content://inner/icon1");
-+        final Icon icon2 = Icon.createWithContentUri("content://inner/icon2");
-+        final Icon icon3 = Icon.createWithContentUri("content://inner/icon3");
-+        final Icon icon4 = Icon.createWithContentUri("content://inner/icon4");
-+        inner.setImageViewUri(R.id.image, imageUriI);
-+        inner.setTextViewCompoundDrawables(R.id.text, icon1, icon2, icon3, icon4);
-+
-+        outer.addView(R.id.layout, inner);
-+
-+        Consumer<Uri> visitor = (Consumer<Uri>) spy(Consumer.class);
-+        outer.visitUris(visitor);
-+        verify(visitor, times(1)).accept(eq(imageUriI));
-+        verify(visitor, times(1)).accept(eq(icon1.getUri()));
-+        verify(visitor, times(1)).accept(eq(icon2.getUri()));
-+        verify(visitor, times(1)).accept(eq(icon3.getUri()));
-+        verify(visitor, times(1)).accept(eq(icon4.getUri()));
-+    }
-+
-     @Test
-     public void visitUris_separateOrientation() {
-         final RemoteViews landscape = new RemoteViews(mPackage, R.layout.remote_views_test);
diff --git a/Patches/LineageOS-17.1/android_frameworks_base/364035-backport.patch b/Patches/LineageOS-17.1/android_frameworks_base/364035-backport.patch
deleted file mode 100644
index 4bcfc25f..00000000
--- a/Patches/LineageOS-17.1/android_frameworks_base/364035-backport.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Ioana Alexandru <aioana@google.com>
-Date: Mon, 15 May 2023 16:15:55 +0000
-Subject: [PATCH] Check URIs in notification public version.
-
-Bug: 276294099
-Test: atest NotificationManagerServiceTest NotificationVisitUrisTest
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:9663d493142b59c65311bc09d48427d3bdde0222)
-Merged-In: I670198b213abb2cb29a9865eb9d1e897700508b4
-Change-Id: I670198b213abb2cb29a9865eb9d1e897700508b4
----
- core/java/android/app/Notification.java       |  4 ++++
- .../NotificationManagerServiceTest.java       | 20 +++++++++++++++++++
- 2 files changed, 24 insertions(+)
-
-diff --git a/core/java/android/app/Notification.java b/core/java/android/app/Notification.java
-index 8f0b36cf2a87..8da2611d3fe9 100644
---- a/core/java/android/app/Notification.java
-+++ b/core/java/android/app/Notification.java
-@@ -2451,6 +2451,10 @@ public class Notification implements Parcelable
-      * @hide
-      */
-     public void visitUris(@NonNull Consumer<Uri> visitor) {
-+        if (publicVersion != null) {
-+            publicVersion.visitUris(visitor);
-+        }
-+
-         visitor.accept(sound);
- 
-         if (tickerView != null) tickerView.visitUris(visitor);
-diff --git a/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java b/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java
-index a7a6f7a59ac3..578626482581 100755
---- a/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java
-+++ b/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java
-@@ -3436,6 +3436,26 @@ public class NotificationManagerServiceTest extends UiServiceTestCase {
-         verify(visitor, times(1)).accept(eq(largeIcon.getUri()));
-     }
- 
-+    @Test
-+    public void testVisitUris_publicVersion() throws Exception {
-+        final Icon smallIconPublic = Icon.createWithContentUri("content://media/small/icon");
-+        final Icon largeIconPrivate = Icon.createWithContentUri("content://media/large/icon");
-+
-+        Notification publicVersion = new Notification.Builder(mContext, "a")
-+                .setContentTitle("notification with uris")
-+                .setSmallIcon(smallIconPublic)
-+                .build();
-+        Notification n = new Notification.Builder(mContext, "a")
-+                .setLargeIcon(largeIconPrivate)
-+                .setPublicVersion(publicVersion)
-+                .build();
-+
-+        Consumer<Uri> visitor = (Consumer<Uri>) spy(Consumer.class);
-+        n.visitUris(visitor);
-+        verify(visitor, times(1)).accept(eq(smallIconPublic.getUri()));
-+        verify(visitor, times(1)).accept(eq(largeIconPrivate.getUri()));
-+    }
-+
-     @Test
-     public void testSetNotificationPolicy_preP_setOldFields() {
-         ZenModeHelper mZenModeHelper = mock(ZenModeHelper.class);
diff --git a/Patches/LineageOS-17.1/android_frameworks_base/364036-backport.patch b/Patches/LineageOS-17.1/android_frameworks_base/364036-backport.patch
deleted file mode 100644
index 9b3e4a8f..00000000
--- a/Patches/LineageOS-17.1/android_frameworks_base/364036-backport.patch
+++ /dev/null
@@ -1,129 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Michael Mikhail <michaelmikhil@google.com>
-Date: Fri, 28 Apr 2023 16:17:16 +0000
-Subject: [PATCH] Verify URI permissions in MediaMetadata
-
-Add a check for URI permission to make sure that user can access the URI
-set in MediaMetadata. If permission is denied, clear the URI string set
-in metadata.
-
-Bug: 271851153
-Test: atest MediaSessionTest
-Test: Verified by POC app attached in bug, image of second user is not
-the UMO background of the first user.
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:f95b7fc61d6b3bf49420ded0357bec031f8cbdcf)
-Merged-In: I384f8e230c909d8fc8e5f147e2fd3558fec44626
-Change-Id: I384f8e230c909d8fc8e5f147e2fd3558fec44626
----
- .../server/media/MediaSessionRecord.java      | 52 +++++++++++++++----
- 1 file changed, 43 insertions(+), 9 deletions(-)
-
-diff --git a/services/core/java/com/android/server/media/MediaSessionRecord.java b/services/core/java/com/android/server/media/MediaSessionRecord.java
-index e2087e6ca822..5ebbfe92dc20 100644
---- a/services/core/java/com/android/server/media/MediaSessionRecord.java
-+++ b/services/core/java/com/android/server/media/MediaSessionRecord.java
-@@ -17,6 +17,8 @@
- package com.android.server.media;
- 
- import android.app.PendingIntent;
-+import android.content.ContentProvider;
-+import android.content.ContentResolver;
- import android.content.Context;
- import android.content.Intent;
- import android.content.pm.ParceledListSlice;
-@@ -48,11 +50,13 @@ import android.os.Process;
- import android.os.RemoteException;
- import android.os.ResultReceiver;
- import android.os.SystemClock;
-+import android.text.TextUtils;
- import android.util.Log;
- import android.util.Slog;
- import android.view.KeyEvent;
- 
- import com.android.server.LocalServices;
-+import com.android.server.uri.UriGrantsManagerInternal;
- 
- import java.io.PrintWriter;
- import java.util.ArrayList;
-@@ -64,6 +68,10 @@ import java.util.List;
-  */
- public class MediaSessionRecord implements IBinder.DeathRecipient {
-     private static final String TAG = "MediaSessionRecord";
-+    private static final String[] ART_URIS = new String[] {
-+            MediaMetadata.METADATA_KEY_ALBUM_ART_URI,
-+            MediaMetadata.METADATA_KEY_ART_URI,
-+            MediaMetadata.METADATA_KEY_DISPLAY_ICON_URI};
-     private static final boolean DEBUG = Log.isLoggable(TAG, Log.DEBUG);
- 
-     /**
-@@ -85,6 +93,7 @@ public class MediaSessionRecord implements IBinder.DeathRecipient {
-     private final SessionStub mSession;
-     private final SessionCb mSessionCb;
-     private final MediaSessionService mService;
-+    private final UriGrantsManagerInternal mUgmInternal;
-     private final Context mContext;
- 
-     private final Object mLock = new Object();
-@@ -142,6 +151,7 @@ public class MediaSessionRecord implements IBinder.DeathRecipient {
-         mAudioManager = (AudioManager) mContext.getSystemService(Context.AUDIO_SERVICE);
-         mAudioManagerInternal = LocalServices.getService(AudioManagerInternal.class);
-         mAudioAttrs = new AudioAttributes.Builder().setUsage(AudioAttributes.USAGE_MEDIA).build();
-+        mUgmInternal = LocalServices.getService(UriGrantsManagerInternal.class);
-     }
- 
-     /**
-@@ -870,21 +880,45 @@ public class MediaSessionRecord implements IBinder.DeathRecipient {
-         public void setMetadata(MediaMetadata metadata, long duration, String metadataDescription)
-                 throws RemoteException {
-             synchronized (mLock) {
--                MediaMetadata temp = metadata == null ? null : new MediaMetadata.Builder(metadata)
--                        .build();
--                // This is to guarantee that the underlying bundle is unparceled
--                // before we set it to prevent concurrent reads from throwing an
--                // exception
--                if (temp != null) {
--                    temp.size();
--                }
--                mMetadata = temp;
-                 mDuration = duration;
-                 mMetadataDescription = metadataDescription;
-+                mMetadata = sanitizeMediaMetadata(metadata);
-             }
-             mHandler.post(MessageHandler.MSG_UPDATE_METADATA);
-         }
- 
-+        private MediaMetadata sanitizeMediaMetadata(MediaMetadata metadata) {
-+            if (metadata == null) {
-+                return null;
-+            }
-+            MediaMetadata.Builder metadataBuilder = new MediaMetadata.Builder(metadata);
-+            for (String key: ART_URIS) {
-+                String uriString = metadata.getString(key);
-+                if (TextUtils.isEmpty(uriString)) {
-+                    continue;
-+                }
-+                Uri uri = Uri.parse(uriString);
-+                if (!ContentResolver.SCHEME_CONTENT.equals(uri.getScheme())) {
-+                    continue;
-+                }
-+                try {
-+                    mUgmInternal.checkGrantUriPermission(getUid(),
-+                            getPackageName(),
-+                            ContentProvider.getUriWithoutUserId(uri),
-+                            Intent.FLAG_GRANT_READ_URI_PERMISSION,
-+                            ContentProvider.getUserIdFromUri(uri, getUserId()));
-+                } catch (SecurityException e) {
-+                    metadataBuilder.putString(key, null);
-+                }
-+            }
-+            MediaMetadata sanitizedMetadata = metadataBuilder.build();
-+            // sanitizedMetadata.size() guarantees that the underlying bundle is unparceled
-+            // before we set it to prevent concurrent reads from throwing an
-+            // exception
-+            sanitizedMetadata.size();
-+            return sanitizedMetadata;
-+        }
-+
-         @Override
-         public void setPlaybackState(PlaybackState state) throws RemoteException {
-             int oldState = mPlaybackState == null
diff --git a/Patches/LineageOS-17.1/android_frameworks_base/364037.patch b/Patches/LineageOS-17.1/android_frameworks_base/364037.patch
deleted file mode 100644
index dd980058..00000000
--- a/Patches/LineageOS-17.1/android_frameworks_base/364037.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Chandru S <chandruis@google.com>
-Date: Tue, 16 May 2023 10:41:07 -0700
-Subject: [PATCH] Use Settings.System.getIntForUser instead of getInt to make
- sure user specific settings are used
-
-Bug: 265431505
-Test: atest KeyguardViewMediatorTest
-(cherry picked from commit 625e009fc195ba5d658ca2d78ebb23d2770cc6c4)
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:ce6510deba06bcb72a0e468294b483fc4ac4be17)
-Merged-In: I66a660c091c90a957a0fd1e144c013840db3f47e
-Change-Id: I66a660c091c90a957a0fd1e144c013840db3f47e
----
- .../systemui/keyguard/KeyguardViewMediator.java     | 13 ++++++++-----
- 1 file changed, 8 insertions(+), 5 deletions(-)
-
-diff --git a/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java b/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java
-index cd02fe9a6c2d..a7d5c64dd3a3 100644
---- a/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java
-+++ b/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java
-@@ -913,9 +913,9 @@ public class KeyguardViewMediator extends SystemUI {
-         final ContentResolver cr = mContext.getContentResolver();
- 
-         // From SecuritySettings
--        final long lockAfterTimeout = Settings.Secure.getInt(cr,
-+        final long lockAfterTimeout = Settings.Secure.getIntForUser(cr,
-                 Settings.Secure.LOCK_SCREEN_LOCK_AFTER_TIMEOUT,
--                KEYGUARD_LOCK_AFTER_DELAY_DEFAULT);
-+                KEYGUARD_LOCK_AFTER_DELAY_DEFAULT, userId);
- 
-         // From DevicePolicyAdmin
-         final long policyTimeout = mLockPatternUtils.getDevicePolicyManager()
-@@ -927,8 +927,8 @@ public class KeyguardViewMediator extends SystemUI {
-             timeout = lockAfterTimeout;
-         } else {
-             // From DisplaySettings
--            long displayTimeout = Settings.System.getInt(cr, SCREEN_OFF_TIMEOUT,
--                    KEYGUARD_DISPLAY_TIMEOUT_DELAY_DEFAULT);
-+            long displayTimeout = Settings.System.getIntForUser(cr, SCREEN_OFF_TIMEOUT,
-+                    KEYGUARD_DISPLAY_TIMEOUT_DELAY_DEFAULT, userId);
- 
-             // policy in effect. Make sure we don't go beyond policy limit.
-             displayTimeout = Math.max(displayTimeout, 0); // ignore negative values
-@@ -1762,7 +1762,10 @@ public class KeyguardViewMediator extends SystemUI {
-     private void playSound(int soundId) {
-         if (soundId == 0) return;
-         final ContentResolver cr = mContext.getContentResolver();
--        if (Settings.System.getInt(cr, Settings.System.LOCKSCREEN_SOUNDS_ENABLED, 1) == 1) {
-+        int lockscreenSoundsEnabled = Settings.System.getIntForUser(cr,
-+                Settings.System.LOCKSCREEN_SOUNDS_ENABLED, 1,
-+                KeyguardUpdateMonitor.getCurrentUser());
-+        if (lockscreenSoundsEnabled == 1) {
- 
-             mLockSounds.stop(mLockSoundStreamId);
-             // Init mAudioManager
diff --git a/Patches/LineageOS-17.1/android_frameworks_base/364038-backport.patch b/Patches/LineageOS-17.1/android_frameworks_base/364038-backport.patch
deleted file mode 100644
index 1e6b627a..00000000
--- a/Patches/LineageOS-17.1/android_frameworks_base/364038-backport.patch
+++ /dev/null
@@ -1,146 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Pranav Madapurmath <pmadapurmath@google.com>
-Date: Thu, 25 May 2023 21:58:19 +0000
-Subject: [PATCH] Resolve StatusHints image exploit across user.
-
-Because of the INTERACT_ACROSS_USERS permission, an app that implements
-a ConnectionService can upload an image icon belonging to another user
-by setting it in the StatusHints. Validating the construction of the
-StatusHints on the calling user would prevent a malicious app from
-registering a connection service with the embedded image icon from a
-different user.
-
-From additional feedback, this CL also addresses potential
-vulnerabilities in an app being able to directly invoke the binder for a
-means to manipulate the contents of the bundle that are passed with it.
-The targeted points of entry are in ConnectionServiceWrapper for the
-following APIs: handleCreateConnectionComplete, setStatusHints,
-addConferenceCall, and addExistingConnection.
-
-Fixes: 280797684
-Test: Manual (verified that original exploit is no longer an issue).
-Test: Unit test for validating image in StatusHints constructor.
-Test: Unit tests to address vulnerabilities via the binder.
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:48223d6034907349c6a3fab3018c1b37d86367af)
-Merged-In: I6e70e238b3a5ace1cab41ec5796a6bb4d79769f2
-Change-Id: I6e70e238b3a5ace1cab41ec5796a6bb4d79769f2
----
- .../android/telecom/ParcelableConference.java |  8 +++
- .../java/android/telecom/StatusHints.java     | 53 ++++++++++++++++++-
- 2 files changed, 59 insertions(+), 2 deletions(-)
-
-diff --git a/telecomm/java/android/telecom/ParcelableConference.java b/telecomm/java/android/telecom/ParcelableConference.java
-index ede05943772e..b2f8ac8cb0ec 100644
---- a/telecomm/java/android/telecom/ParcelableConference.java
-+++ b/telecomm/java/android/telecom/ParcelableConference.java
-@@ -155,6 +155,14 @@ public final class ParcelableConference implements Parcelable {
-         return mAddressPresentation;
-     }
- 
-+    public String getCallerDisplayName() {
-+        return mCallerDisplayName;
-+    }
-+
-+    public int getCallerDisplayNamePresentation() {
-+        return mCallerDisplayNamePresentation;
-+    }
-+
-     public static final @android.annotation.NonNull Parcelable.Creator<ParcelableConference> CREATOR =
-             new Parcelable.Creator<ParcelableConference> () {
-         @Override
-diff --git a/telecomm/java/android/telecom/StatusHints.java b/telecomm/java/android/telecom/StatusHints.java
-index 762c93a49022..761eab81eb62 100644
---- a/telecomm/java/android/telecom/StatusHints.java
-+++ b/telecomm/java/android/telecom/StatusHints.java
-@@ -16,14 +16,19 @@
- 
- package android.telecom;
- 
-+import android.annotation.Nullable;
- import android.annotation.SystemApi;
- import android.content.ComponentName;
- import android.content.Context;
- import android.graphics.drawable.Drawable;
- import android.graphics.drawable.Icon;
-+import android.os.Binder;
- import android.os.Bundle;
- import android.os.Parcel;
- import android.os.Parcelable;
-+import android.os.UserHandle;
-+
-+import com.android.internal.annotations.VisibleForTesting;
- 
- import java.util.Objects;
- 
-@@ -33,7 +38,7 @@ import java.util.Objects;
- public final class StatusHints implements Parcelable {
- 
-     private final CharSequence mLabel;
--    private final Icon mIcon;
-+    private Icon mIcon;
-     private final Bundle mExtras;
- 
-     /**
-@@ -48,10 +53,30 @@ public final class StatusHints implements Parcelable {
- 
-     public StatusHints(CharSequence label, Icon icon, Bundle extras) {
-         mLabel = label;
--        mIcon = icon;
-+        mIcon = validateAccountIconUserBoundary(icon, Binder.getCallingUserHandle());
-         mExtras = extras;
-     }
- 
-+    /**
-+     * @param icon
-+     * @hide
-+     */
-+    @VisibleForTesting
-+    public StatusHints(@Nullable Icon icon) {
-+        mLabel = null;
-+        mExtras = null;
-+        mIcon = icon;
-+    }
-+
-+    /**
-+     *
-+     * @param icon
-+     * @hide
-+     */
-+    public void setIcon(@Nullable Icon icon) {
-+        mIcon = icon;
-+    }
-+
-     /**
-      * @return A package used to load the icon.
-      *
-@@ -112,6 +137,30 @@ public final class StatusHints implements Parcelable {
-         return 0;
-     }
- 
-+    /**
-+     * Validates the StatusHints image icon to see if it's not in the calling user space.
-+     * Invalidates the icon if so, otherwise returns back the original icon.
-+     *
-+     * @param icon
-+     * @return icon (validated)
-+     * @hide
-+     */
-+    public static Icon validateAccountIconUserBoundary(Icon icon, UserHandle callingUserHandle) {
-+        // Refer to Icon#getUriString for context. The URI string is invalid for icons of
-+        // incompatible types.
-+        if (icon != null && (icon.getType() == Icon.TYPE_URI
-+                /*|| icon.getType() == Icon.TYPE_URI_ADAPTIVE_BITMAP*/)) {
-+            String encodedUser = icon.getUri().getEncodedUserInfo();
-+            // If there is no encoded user, the URI is calling into the calling user space
-+            if (encodedUser != null) {
-+                int userId = Integer.parseInt(encodedUser);
-+                // Do not try to save the icon if the user id isn't in the calling user space.
-+                if (userId != callingUserHandle.getIdentifier()) return null;
-+            }
-+        }
-+        return icon;
-+    }
-+
-     @Override
-     public void writeToParcel(Parcel out, int flags) {
-         out.writeCharSequence(mLabel);
diff --git a/Patches/LineageOS-17.1/android_frameworks_base/365964-backport.patch b/Patches/LineageOS-17.1/android_frameworks_base/365964-backport.patch
deleted file mode 100644
index a1183f52..00000000
--- a/Patches/LineageOS-17.1/android_frameworks_base/365964-backport.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Aishwarya Mallampati <amallampati@google.com>
-Date: Tue, 1 Nov 2022 17:04:35 +0000
-Subject: [PATCH] DO NOT MERGE Grant carrier privileges if package has carrier
- config access.
-
-TelephonyManager#hasCarrierPrivileges internally uses
-SubscriptionManager#canManageSubscription to decide whether to grant
-carrier privilege status to an app or not.
-SubscriptionManager#canManageSubscription returns true if caller APK's
-certificate matches with one of the mNativeAccessRules or
-mCarrierConfigAccessRules. This over-grants carrier privilege status
-to apps that only has mNativeAccessRules.
-Carrier privilege status should
-be granted to the caller APK only if it's certificate matches with one
-of mCarrierConfigAccessRules.
-Replaced SubscriptionManager#canManageSubscription with
-PhoneInterfaceManager#hasCarrierConfigAccess which returns true only if
-caller APK certificates matches with one of mCarrierConfigAccessRules of
-the given subscription.
-
-Bug: 226593252
-Test: Manual Testing as explained in b/226593252#comment51
-      atest CtsTelephonyTestCases
-      Flashed build on raven-userdebug and performed basic
-      funtionality tests
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:e46bce078fef9dba500a7411e843f7f00a7a33c2)
-Merged-In: I662064529d2a9348f395fe3b541366de8bc2fe7d
-Change-Id: I662064529d2a9348f395fe3b541366de8bc2fe7d
----
- telephony/java/android/telephony/SubscriptionInfo.java | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/telephony/java/android/telephony/SubscriptionInfo.java b/telephony/java/android/telephony/SubscriptionInfo.java
-index 471edad80bc6..eb7c00a9fc78 100644
---- a/telephony/java/android/telephony/SubscriptionInfo.java
-+++ b/telephony/java/android/telephony/SubscriptionInfo.java
-@@ -16,6 +16,7 @@
- 
- package android.telephony;
- 
-+import android.annotation.NonNull;
- import android.annotation.Nullable;
- import android.annotation.SystemApi;
- import android.annotation.UnsupportedAppUsage;
-@@ -658,6 +659,15 @@ public class SubscriptionInfo implements Parcelable {
-         return merged.isEmpty() ? null : merged;
-     }
- 
-+    /**
-+     * @hide
-+     * @return mCarrierConfigAccessRules associated with this subscription.
-+     */
-+    public @NonNull List<UiccAccessRule> getCarrierConfigAccessRules() {
-+        return mCarrierConfigAccessRules == null ? Collections.emptyList() :
-+            Arrays.asList(mCarrierConfigAccessRules);
-+    }
-+
-     /**
-      * Returns the card string if the calling app has been granted the READ_PRIVILEGED_PHONE_STATE
-      * permission, has carrier privileges (see {@link TelephonyManager#hasCarrierPrivileges}), or
diff --git a/Patches/LineageOS-17.1/android_frameworks_base/365966-backport.patch b/Patches/LineageOS-17.1/android_frameworks_base/365966-backport.patch
deleted file mode 100644
index e262de34..00000000
--- a/Patches/LineageOS-17.1/android_frameworks_base/365966-backport.patch
+++ /dev/null
@@ -1,109 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Mat=C3=ADas=20Hern=C3=A1ndez?= <matiashe@google.com>
-Date: Thu, 15 Jun 2023 18:31:34 +0200
-Subject: [PATCH] Forbid granting access to NLSes with too-long component names
-
-This makes the limitation, which was previously only checked on the Settings UI, enforced everywhere.
-
-Fixes: 260570119
-Fixes: 286043036
-Test: atest + manually
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:dc71156a29427c8b228129f5b1368392f297835b)
-Merged-In: I4c25d80978cb37a8fa1531f5045259d25ac64692
-Change-Id: I4c25d80978cb37a8fa1531f5045259d25ac64692
----
- .../java/android/app/NotificationManager.java |  6 ++++
- .../NotificationManagerService.java           |  5 ++++
- .../android/server/vr/VrManagerService.java   |  6 +++-
- .../NotificationManagerServiceTest.java       | 28 +++++++++++++++++++
- 4 files changed, 44 insertions(+), 1 deletion(-)
-
-diff --git a/core/java/android/app/NotificationManager.java b/core/java/android/app/NotificationManager.java
-index b81a86331ca0..3f0fff4f40dd 100644
---- a/core/java/android/app/NotificationManager.java
-+++ b/core/java/android/app/NotificationManager.java
-@@ -378,6 +378,12 @@ public class NotificationManager {
-      */
-     public static final int IMPORTANCE_MAX = 5;
- 
-+    /**
-+     * Maximum length of the component name of a registered NotificationListenerService.
-+     * @hide
-+     */
-+    public static int MAX_SERVICE_COMPONENT_NAME_LENGTH = 500;
-+
-     @UnsupportedAppUsage
-     private static INotificationManager sService;
- 
-diff --git a/services/core/java/com/android/server/notification/NotificationManagerService.java b/services/core/java/com/android/server/notification/NotificationManagerService.java
-index 7ae80d927aaa..d056eac37039 100755
---- a/services/core/java/com/android/server/notification/NotificationManagerService.java
-+++ b/services/core/java/com/android/server/notification/NotificationManagerService.java
-@@ -4161,6 +4161,11 @@ public class NotificationManagerService extends SystemService {
-                 boolean granted) {
-             Preconditions.checkNotNull(listener);
-             checkCallerIsSystemOrShell();
-+            if (granted && listener.flattenToString().length()
-+                    > NotificationManager.MAX_SERVICE_COMPONENT_NAME_LENGTH) {
-+                throw new IllegalArgumentException(
-+                        "Component name too long: " + listener.flattenToString());
-+            }
-             final long identity = Binder.clearCallingIdentity();
-             try {
-                 if (mAllowedManagedServicePackages.test(
-diff --git a/services/core/java/com/android/server/vr/VrManagerService.java b/services/core/java/com/android/server/vr/VrManagerService.java
-index 45689ce73c9f..7eeba02542e4 100644
---- a/services/core/java/com/android/server/vr/VrManagerService.java
-+++ b/services/core/java/com/android/server/vr/VrManagerService.java
-@@ -1045,7 +1045,11 @@ public class VrManagerService extends SystemService
- 
-         for (ComponentName c : possibleServices) {
-             if (Objects.equals(c.getPackageName(), pkg)) {
--                nm.setNotificationListenerAccessGrantedForUser(c, userId, true);
-+                try {
-+                    nm.setNotificationListenerAccessGrantedForUser(c, userId, true);
-+                } catch (Exception e) {
-+                    Slog.w(TAG, "Could not grant NLS access to package " + pkg, e);
-+                }
-             }
-         }
-     }
-diff --git a/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java b/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java
-index 578626482581..dbd65c776307 100755
---- a/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java
-+++ b/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java
-@@ -2403,6 +2403,34 @@ public class NotificationManagerServiceTest extends UiServiceTestCase {
-                 any(), anyInt(), anyBoolean(), anyBoolean());
-     }
- 
-+    @Test
-+    public void testSetListenerAccessForUser_grantWithNameTooLong_throws() throws Exception {
-+        UserHandle user = UserHandle.of(mContext.getUserId() + 10);
-+        ComponentName c = new ComponentName("com.example.package",
-+                com.google.common.base.Strings.repeat("Blah", 150));
-+
-+        try {
-+            mBinderService.setNotificationListenerAccessGrantedForUser(c, user.getIdentifier(),
-+                    /* enabled= */ true);
-+            fail("Should've thrown IllegalArgumentException");
-+        } catch (IllegalArgumentException e) {
-+            // Good!
-+        }
-+    }
-+
-+    @Test
-+    public void testSetListenerAccessForUser_revokeWithNameTooLong_okay() throws Exception {
-+        UserHandle user = UserHandle.of(mContext.getUserId() + 10);
-+        ComponentName c = new ComponentName("com.example.package",
-+                com.google.common.base.Strings.repeat("Blah", 150));
-+
-+        mBinderService.setNotificationListenerAccessGrantedForUser(
-+                c, user.getIdentifier(), /* enabled= */ false);
-+
-+        verify(mListeners).setPackageOrComponentEnabled(
-+                c.flattenToString(), user.getIdentifier(), true, /* enabled= */ false);
-+    }
-+
-     @Test
-     public void testSetAssistantAccessForUser() throws Exception {
-         UserHandle user = UserHandle.of(10);
diff --git a/Patches/LineageOS-17.1/android_frameworks_base/365967.patch b/Patches/LineageOS-17.1/android_frameworks_base/365967.patch
deleted file mode 100644
index 62f68d84..00000000
--- a/Patches/LineageOS-17.1/android_frameworks_base/365967.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Dmitry Dementyev <dementyev@google.com>
-Date: Fri, 30 Jun 2023 14:36:44 -0700
-Subject: [PATCH] Update AccountManagerService checkKeyIntentParceledCorrectly.
-
-Bug: 265798288
-Test: manual
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:b117b506ec0504ff9eb2fa523e82f1879ecb8cc1)
-Merged-In: Iad33851af32a11c99d11bc2b5c76d124c3e97ebb
-Change-Id: Iad33851af32a11c99d11bc2b5c76d124c3e97ebb
----
- .../com/android/server/accounts/AccountManagerService.java     | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java
-index a9c7b0c6a3f1..715b32687054 100644
---- a/services/core/java/com/android/server/accounts/AccountManagerService.java
-+++ b/services/core/java/com/android/server/accounts/AccountManagerService.java
-@@ -4850,6 +4850,9 @@ public class AccountManagerService
-             Bundle simulateBundle = p.readBundle();
-             p.recycle();
-             Intent intent = bundle.getParcelable(AccountManager.KEY_INTENT);
-+            if (intent != null && intent.getClass() != Intent.class) {
-+                return false;
-+            }
-             Intent simulateIntent = simulateBundle.getParcelable(AccountManager.KEY_INTENT);
-             if (intent == null) {
-                 return (simulateIntent == null);
diff --git a/Patches/LineageOS-17.1/android_frameworks_native/365969.patch b/Patches/LineageOS-17.1/android_frameworks_native/365969.patch
deleted file mode 100644
index 44f73777..00000000
--- a/Patches/LineageOS-17.1/android_frameworks_native/365969.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Devin Moore <devinmoore@google.com>
-Date: Tue, 25 Apr 2023 00:17:13 +0000
-Subject: [PATCH] Allow sensors list to be empty
-
-Test: atest VtsHalSensorManagerV1_0TargetTest
-Bug: 278013275
-Bug: 269014004
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:49600b10aa5675d4e7e985203d69f252ead13e45)
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:7057a9f08d98bfec8ffbabcf00f2885d3909c6c9)
-Merged-In: I091f57de9570b0ace3a8da76f16fe0e83f0aa624
-Change-Id: I091f57de9570b0ace3a8da76f16fe0e83f0aa624
----
- libs/sensor/SensorManager.cpp | 7 ++-----
- 1 file changed, 2 insertions(+), 5 deletions(-)
-
-diff --git a/libs/sensor/SensorManager.cpp b/libs/sensor/SensorManager.cpp
-index 180a0ebd85..7f927d026e 100644
---- a/libs/sensor/SensorManager.cpp
-+++ b/libs/sensor/SensorManager.cpp
-@@ -172,11 +172,8 @@ status_t SensorManager::assertStateLocked() {
- 
-         mSensors = mSensorServer->getSensorList(mOpPackageName);
-         size_t count = mSensors.size();
--        if (count == 0) {
--            ALOGE("Failed to get Sensor list");
--            mSensorServer.clear();
--            return UNKNOWN_ERROR;
--        }
-+        // If count is 0, mSensorList will be non-null. This is old
-+        // existing behavior and callers expect this.
-         mSensorList =
-                 static_cast<Sensor const**>(malloc(count * sizeof(Sensor*)));
-         LOG_ALWAYS_FATAL_IF(mSensorList == nullptr, "mSensorList NULL");
diff --git a/Patches/LineageOS-17.1/android_frameworks_opt_net_wifi/360965-backport.patch b/Patches/LineageOS-17.1/android_frameworks_opt_net_wifi/360965-backport.patch
deleted file mode 100644
index 085cc7a4..00000000
--- a/Patches/LineageOS-17.1/android_frameworks_opt_net_wifi/360965-backport.patch
+++ /dev/null
@@ -1,237 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: "Nate(Qiang) Jiang" <qiangjiang@google.com>
-Date: Wed, 12 Apr 2023 18:38:15 +0000
-Subject: [PATCH] DO NOT MERGE: Limit the number of Passpoint per App
-
-Reject the suggestion passpoint with ServiceFriendlyNames
-
-Bug: 274445194
-Test: atest com.android.server.wifi
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:b081fc592709895f0e745ad33b41174b3b2ad399)
-Merged-In: I30606e9bb4eba54b5b9111de4982c0cfb565b3dc
-Change-Id: I30606e9bb4eba54b5b9111de4982c0cfb565b3dc
-
-Change-Id: I7df5e55e777189bdc11765d11cb5e428fe928faa
----
- .../wifi/hotspot2/PasspointManager.java       |  6 ++
- .../wifi/hotspot2/PasspointManagerTest.java   | 56 ++++++++++---------
- 2 files changed, 37 insertions(+), 25 deletions(-)
-
-diff --git a/service/java/com/android/server/wifi/hotspot2/PasspointManager.java b/service/java/com/android/server/wifi/hotspot2/PasspointManager.java
-index 0666943c3..8916976ea 100644
---- a/service/java/com/android/server/wifi/hotspot2/PasspointManager.java
-+++ b/service/java/com/android/server/wifi/hotspot2/PasspointManager.java
-@@ -374,6 +374,12 @@ public class PasspointManager {
-             Log.e(TAG, "UID " + uid + " not visible to the current user");
-             return false;
-         }
-+        if (getPasspointProviderWithPackage(packageName).size()
-+                >= WifiManager.NETWORK_SUGGESTIONS_MAX_PER_APP) {
-+            Log.e(TAG, "packageName " + packageName + " has too many passpoint with exceed the "
-+                    + "limitation");
-+            return false;
-+        }
- 
-         // For Hotspot 2.0 Release 1, the CA Certificate must be trusted by one of the pre-loaded
-         // public CAs in the system key store on the device.  Since the provisioning method
-diff --git a/tests/wifitests/src/com/android/server/wifi/hotspot2/PasspointManagerTest.java b/tests/wifitests/src/com/android/server/wifi/hotspot2/PasspointManagerTest.java
-index 618f1c3d5..2b02ed508 100644
---- a/tests/wifitests/src/com/android/server/wifi/hotspot2/PasspointManagerTest.java
-+++ b/tests/wifitests/src/com/android/server/wifi/hotspot2/PasspointManagerTest.java
-@@ -42,6 +42,7 @@ import static org.mockito.Mockito.verify;
- import static org.mockito.Mockito.when;
- import static org.mockito.MockitoAnnotations.initMocks;
- 
-+import android.app.ActivityManager;
- import android.app.AppOpsManager;
- import android.content.Context;
- import android.content.Intent;
-@@ -178,6 +179,7 @@ public class PasspointManagerTest {
-     @Mock TelephonyManager mDataTelephonyManager;
-     @Mock SubscriptionManager mSubscriptionManager;
-     @Mock WifiPermissionsUtil mWifiPermissionsUtil;
-+    @Mock ActivityManager mActivityManager;
- 
-     Handler mHandler;
-     TestLooper mLooper;
-@@ -203,6 +205,7 @@ public class PasspointManagerTest {
-                 any(PasspointManager.class), any(WifiMetrics.class)))
-                 .thenReturn(mPasspointProvisioner);
-         when(mContext.getSystemService(Context.APP_OPS_SERVICE)).thenReturn(mAppOpsManager);
-+        when(mContext.getSystemService(ActivityManager.class)).thenReturn(mActivityManager);
-         when(mWifiInjector.getClientModeImpl()).thenReturn(mClientModeImpl);
-         when(mWifiPermissionsUtil.doesUidBelongToCurrentUser(anyInt())).thenReturn(true);
-         mLooper = new TestLooper();
-@@ -268,11 +271,6 @@ public class PasspointManagerTest {
-         homeSp.setFqdn(fqdn);
-         homeSp.setFriendlyName(friendlyName);
-         config.setHomeSp(homeSp);
--        Map<String, String> friendlyNames = new HashMap<>();
--        friendlyNames.put("en", friendlyName);
--        friendlyNames.put("kr", friendlyName + 1);
--        friendlyNames.put("jp", friendlyName + 2);
--        config.setServiceFriendlyNames(friendlyNames);
-         Credential credential = new Credential();
-         credential.setRealm(TEST_REALM);
-         credential.setCaCertificate(FakeKeys.CA_CERT0);
-@@ -315,8 +313,16 @@ public class PasspointManagerTest {
-      * @return {@link PasspointProvider}
-      */
-     private PasspointProvider addTestProvider(String fqdn, String friendlyName,
--            String packageName) {
-+            String packageName,
-+            boolean addServiceFriendlyNames) {
-         PasspointConfiguration config = createTestConfigWithUserCredential(fqdn, friendlyName);
-+        if (addServiceFriendlyNames) {
-+            Map<String, String> friendlyNames = new HashMap<>();
-+            friendlyNames.put("en", friendlyName);
-+            friendlyNames.put("kr", friendlyName + 1);
-+            friendlyNames.put("jp", friendlyName + 2);
-+            config.setServiceFriendlyNames(friendlyNames);
-+        }
-         PasspointProvider provider = createMockProvider(config);
-         when(mObjectFactory.makePasspointProvider(eq(config), eq(mWifiKeyStore),
-                 eq(mSimAccessor), anyLong(), eq(TEST_CREATOR_UID), eq(TEST_PACKAGE))).thenReturn(
-@@ -738,7 +744,7 @@ public class PasspointManagerTest {
-      */
-     @Test
-     public void matchProviderWithAnqpCacheMissed() throws Exception {
--        addTestProvider(TEST_FQDN, TEST_FRIENDLY_NAME, TEST_PACKAGE);
-+        addTestProvider(TEST_FQDN, TEST_FRIENDLY_NAME, TEST_PACKAGE, false);
- 
-         when(mAnqpCache.getEntry(TEST_ANQP_KEY)).thenReturn(null);
-         assertNull(mManager.matchProvider(createTestScanResult()));
-@@ -754,7 +760,7 @@ public class PasspointManagerTest {
-      */
-     @Test
-     public void matchProviderAsHomeProvider() throws Exception {
--        PasspointProvider provider = addTestProvider(TEST_FQDN, TEST_FRIENDLY_NAME, TEST_PACKAGE);
-+        PasspointProvider provider = addTestProvider(TEST_FQDN, TEST_FRIENDLY_NAME, TEST_PACKAGE, false);
-         ANQPData entry = new ANQPData(mClock, null);
- 
-         when(mAnqpCache.getEntry(TEST_ANQP_KEY)).thenReturn(entry);
-@@ -773,7 +779,7 @@ public class PasspointManagerTest {
-      */
-     @Test
-     public void matchProviderAsRoamingProvider() throws Exception {
--        PasspointProvider provider = addTestProvider(TEST_FQDN, TEST_FRIENDLY_NAME, TEST_PACKAGE);
-+        PasspointProvider provider = addTestProvider(TEST_FQDN, TEST_FRIENDLY_NAME, TEST_PACKAGE, false);
-         ANQPData entry = new ANQPData(mClock, null);
- 
-         when(mAnqpCache.getEntry(TEST_ANQP_KEY)).thenReturn(entry);
-@@ -792,7 +798,7 @@ public class PasspointManagerTest {
-      */
-     @Test
-     public void matchProviderWithNoMatch() throws Exception {
--        PasspointProvider provider = addTestProvider(TEST_FQDN, TEST_FRIENDLY_NAME, TEST_PACKAGE);
-+        PasspointProvider provider = addTestProvider(TEST_FQDN, TEST_FRIENDLY_NAME, TEST_PACKAGE, false);
-         ANQPData entry = new ANQPData(mClock, null);
- 
-         when(mAnqpCache.getEntry(TEST_ANQP_KEY)).thenReturn(entry);
-@@ -852,16 +858,16 @@ public class PasspointManagerTest {
-                         InformationElementUtil.class).startMocking();
-         try {
-             PasspointProvider providerHome = addTestProvider(TEST_FQDN + 0, TEST_FRIENDLY_NAME,
--                    TEST_PACKAGE);
-+                    TEST_PACKAGE, false);
-             WifiConfiguration homeWifiConfiguration = new WifiConfiguration();
-             homeWifiConfiguration.FQDN = TEST_FQDN + 0;
-             homeWifiConfiguration.isHomeProviderNetwork = true;
-             PasspointProvider providerRoaming = addTestProvider(TEST_FQDN + 1, TEST_FRIENDLY_NAME,
--                    TEST_PACKAGE);
-+                    TEST_PACKAGE, false);
-             WifiConfiguration roamingWifiConfiguration = new WifiConfiguration();
-             roamingWifiConfiguration.FQDN = TEST_FQDN + 1;
-             PasspointProvider providerNone = addTestProvider(TEST_FQDN + 2, TEST_FRIENDLY_NAME,
--                    TEST_PACKAGE);
-+                    TEST_PACKAGE, false);
-             ANQPData entry = new ANQPData(mClock, null);
-             InformationElementUtil.Vsa vsa = new InformationElementUtil.Vsa();
-             vsa.anqpDomainID = TEST_ANQP_DOMAIN_ID2;
-@@ -905,15 +911,15 @@ public class PasspointManagerTest {
-      */
-     @Test
-     public void getWifiConfigsForPasspointProfiles() {
--        PasspointProvider provider1 = addTestProvider(TEST_FQDN, TEST_FRIENDLY_NAME, TEST_PACKAGE);
-+        PasspointProvider provider1 = addTestProvider(TEST_FQDN, TEST_FRIENDLY_NAME, TEST_PACKAGE, false);
-         WifiConfiguration wifiConfiguration1 = new WifiConfiguration();
-         wifiConfiguration1.FQDN = TEST_FQDN;
-         PasspointProvider provider2 = addTestProvider(TEST_FQDN + 1, TEST_FRIENDLY_NAME,
--                TEST_PACKAGE);
-+                TEST_PACKAGE, false);
-         WifiConfiguration wifiConfiguration2 = new WifiConfiguration();
-         wifiConfiguration2.FQDN = TEST_FQDN + 1;
-         PasspointProvider provider3 = addTestProvider(TEST_FQDN + 2, TEST_FRIENDLY_NAME,
--                TEST_PACKAGE);
-+                TEST_PACKAGE, false);
-         WifiConfiguration wifiConfiguration3 = new WifiConfiguration();
-         wifiConfiguration3.FQDN = TEST_FQDN + 2;
-         lenient().when(provider1.getWifiConfig()).thenReturn(wifiConfiguration1);
-@@ -1114,9 +1120,9 @@ public class PasspointManagerTest {
-      */
-     @Test
-     public void getMatchingPasspointConfigsForOsuProvidersWithMatch() {
--        PasspointProvider provider1 = addTestProvider(TEST_FQDN, TEST_FRIENDLY_NAME, TEST_PACKAGE);
-+        PasspointProvider provider1 = addTestProvider(TEST_FQDN, TEST_FRIENDLY_NAME, TEST_PACKAGE, true);
-         PasspointProvider provider2 = addTestProvider(TEST_FQDN2, TEST_FRIENDLY_NAME2,
--                TEST_PACKAGE);
-+                TEST_PACKAGE, true);
- 
-         List<OsuProvider> osuProviders = new ArrayList<>();
-         Map<String, String> friendlyNames = new HashMap<>();
-@@ -1143,8 +1149,8 @@ public class PasspointManagerTest {
-      */
-     @Test
-     public void getMatchingPasspointConfigsForOsuProvidersWitNoMatch() {
--        addTestProvider(TEST_FQDN, TEST_FRIENDLY_NAME, TEST_PACKAGE);
--        addTestProvider(TEST_FQDN2, TEST_FRIENDLY_NAME2, TEST_PACKAGE);
-+        addTestProvider(TEST_FQDN, TEST_FRIENDLY_NAME, TEST_PACKAGE, false);
-+        addTestProvider(TEST_FQDN2, TEST_FRIENDLY_NAME2, TEST_PACKAGE, false);
- 
-         List<OsuProvider> osuProviders = new ArrayList<>();
- 
-@@ -1444,7 +1450,7 @@ public class PasspointManagerTest {
-      */
-     @Test
-     public void providerNetworkConnectedFirstTime() throws Exception {
--        PasspointProvider provider = addTestProvider(TEST_FQDN, TEST_FRIENDLY_NAME, TEST_PACKAGE);
-+        PasspointProvider provider = addTestProvider(TEST_FQDN, TEST_FRIENDLY_NAME, TEST_PACKAGE, false);
-         when(provider.getHasEverConnected()).thenReturn(false);
-         mManager.onPasspointNetworkConnected(TEST_FQDN);
-         verify(provider).setHasEverConnected(eq(true));
-@@ -1459,7 +1465,7 @@ public class PasspointManagerTest {
-      */
-     @Test
-     public void providerNetworkConnectedNotFirstTime() throws Exception {
--        PasspointProvider provider = addTestProvider(TEST_FQDN, TEST_FRIENDLY_NAME, TEST_PACKAGE);
-+        PasspointProvider provider = addTestProvider(TEST_FQDN, TEST_FRIENDLY_NAME, TEST_PACKAGE, false);
-         when(provider.getHasEverConnected()).thenReturn(true);
-         mManager.onPasspointNetworkConnected(TEST_FQDN);
-         verify(provider, never()).setHasEverConnected(anyBoolean());
-@@ -1473,7 +1479,7 @@ public class PasspointManagerTest {
-      */
-     @Test
-     public void updateMetrics() {
--        PasspointProvider provider = addTestProvider(TEST_FQDN, TEST_FRIENDLY_NAME, TEST_PACKAGE);
-+        PasspointProvider provider = addTestProvider(TEST_FQDN, TEST_FRIENDLY_NAME, TEST_PACKAGE, false);
-         ArgumentCaptor<Map<String, PasspointProvider>> argCaptor = ArgumentCaptor.forClass(
-                 Map.class);
-         // Provider have not provided a successful network connection.
-@@ -1601,7 +1607,7 @@ public class PasspointManagerTest {
-      */
-     @Test
-     public void verifyHasProviderForCarrierWithNoMatch() {
--        addTestProvider(TEST_FQDN, TEST_FRIENDLY_NAME, TEST_PACKAGE);
-+        addTestProvider(TEST_FQDN, TEST_FRIENDLY_NAME, TEST_PACKAGE, false);
- 
-         assertFalse(mManager.hasCarrierProvider(TEST_MCC_MNC));
-     }
-@@ -1688,7 +1694,7 @@ public class PasspointManagerTest {
-         WifiConfiguration currentConfiguration = WifiConfigurationTestUtil.createPasspointNetwork();
-         currentConfiguration.FQDN = TEST_FQDN;
-         when(mClientModeImpl.getCurrentWifiConfiguration()).thenReturn(currentConfiguration);
--        addTestProvider(TEST_FQDN, TEST_FRIENDLY_NAME, TEST_PACKAGE);
-+        addTestProvider(TEST_FQDN, TEST_FRIENDLY_NAME, TEST_PACKAGE, false);
- 
-         verify(mAppOpsManager).startWatchingMode(eq(OPSTR_CHANGE_WIFI_STATE), eq(TEST_PACKAGE),
-                 mAppOpChangedListenerCaptor.capture());
diff --git a/Patches/LineageOS-17.1/android_packages_apps_Nfc/365970.patch b/Patches/LineageOS-17.1/android_packages_apps_Nfc/365970.patch
deleted file mode 100644
index bce5398c..00000000
--- a/Patches/LineageOS-17.1/android_packages_apps_Nfc/365970.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Alisher Alikhodjaev <alisher@google.com>
-Date: Thu, 1 Jun 2023 13:44:28 -0700
-Subject: [PATCH] Ensure that SecureNFC setting cannot be bypassed
-
-Bug: 268038643
-Test: ctsverifier
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:d6d8f79fd8d605b3cb460895a8e3a11bcf0c22b0)
-Merged-In: Ic408b3ef9e35b646b728f9b76a0ba8922ed6e25f
-Change-Id: Ic408b3ef9e35b646b728f9b76a0ba8922ed6e25f
----
- src/com/android/nfc/NfcService.java                         | 6 ++++++
- src/com/android/nfc/cardemulation/HostEmulationManager.java | 5 +++--
- 2 files changed, 9 insertions(+), 2 deletions(-)
-
-diff --git a/src/com/android/nfc/NfcService.java b/src/com/android/nfc/NfcService.java
-index 46a5d88e..0e02cd03 100644
---- a/src/com/android/nfc/NfcService.java
-+++ b/src/com/android/nfc/NfcService.java
-@@ -851,6 +851,12 @@ public class NfcService implements DeviceHostListener {
-         }
-     }
- 
-+    public boolean isSecureNfcEnabled() {
-+        synchronized (NfcService.this) {
-+            return mIsSecureNfcEnabled;
-+        }
-+    }
-+
-     final class NfcAdapterService extends INfcAdapter.Stub {
-         /**
-          * An interface for vendor specific extensions
-diff --git a/src/com/android/nfc/cardemulation/HostEmulationManager.java b/src/com/android/nfc/cardemulation/HostEmulationManager.java
-index df701f2f..a45c5f50 100644
---- a/src/com/android/nfc/cardemulation/HostEmulationManager.java
-+++ b/src/com/android/nfc/cardemulation/HostEmulationManager.java
-@@ -175,8 +175,9 @@ public class HostEmulationManager {
-                     // Resolve to default
-                     // Check if resolvedService requires unlock
-                     ApduServiceInfo defaultServiceInfo = resolveInfo.defaultService;
--                    if (defaultServiceInfo.requiresUnlock() &&
--                            mKeyguard.isKeyguardLocked() && mKeyguard.isKeyguardSecure()) {
-+                    if ((defaultServiceInfo.requiresUnlock()
-+                            || NfcService.getInstance().isSecureNfcEnabled())
-+                          && mKeyguard.isKeyguardLocked() && mKeyguard.isKeyguardSecure()) {
-                         // Just ignore all future APDUs until next tap
-                         mState = STATE_W4_DEACTIVATE;
-                         launchTapAgain(resolveInfo.defaultService, resolveInfo.category);
diff --git a/Patches/LineageOS-17.1/android_packages_apps_Settings/365973-backport.patch b/Patches/LineageOS-17.1/android_packages_apps_Settings/365973-backport.patch
deleted file mode 100644
index 425105bd..00000000
--- a/Patches/LineageOS-17.1/android_packages_apps_Settings/365973-backport.patch
+++ /dev/null
@@ -1,209 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Taran Singh <tarandeep@google.com>
-Date: Fri, 19 May 2023 23:17:47 +0000
-Subject: [PATCH] DO NOT MERGE: Prevent non-system IME from becoming device
- admin
-
-Currently selected IME can inject KeyEvent on DeviceAdminAdd screen to
-activate itself as device admin and cause various DoS attacks.
-
-This CL ensures KeyEvent on "Activate" button can only come from system
-apps.
-
-Bug: 280793427
-Test: atest DeviceAdminActivationTest
-(cherry picked from commit 70a501d02e0a6aefd874767a15378ba998759373)
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:0ee3b96e59f3e5699c919af3642130fb33cd263b)
-Merged-In: I6470d1684d707f4b1e86f8b456be0b4e0af5f188
-Change-Id: I6470d1684d707f4b1e86f8b456be0b4e0af5f188
----
- .../deviceadmin/DeviceAdminAdd.java           | 120 ++++++++++--------
- 1 file changed, 64 insertions(+), 56 deletions(-)
-
-diff --git a/src/com/android/settings/applications/specialaccess/deviceadmin/DeviceAdminAdd.java b/src/com/android/settings/applications/specialaccess/deviceadmin/DeviceAdminAdd.java
-index 786efd1ef4..56ba17ccc6 100644
---- a/src/com/android/settings/applications/specialaccess/deviceadmin/DeviceAdminAdd.java
-+++ b/src/com/android/settings/applications/specialaccess/deviceadmin/DeviceAdminAdd.java
-@@ -50,6 +50,8 @@ import android.text.method.ScrollingMovementMethod;
- import android.util.EventLog;
- import android.util.Log;
- import android.view.Display;
-+import android.view.KeyEvent;
-+import android.view.LayoutInflater;
- import android.view.View;
- import android.view.ViewGroup;
- import android.view.ViewTreeObserver;
-@@ -138,7 +140,7 @@ public class DeviceAdminAdd extends Activity {
-         mAppOps = (AppOpsManager)getSystemService(Context.APP_OPS_SERVICE);
-         PackageManager packageManager = getPackageManager();
- 
--        if ((getIntent().getFlags()&Intent.FLAG_ACTIVITY_NEW_TASK) != 0) {
-+        if ((getIntent().getFlags() & Intent.FLAG_ACTIVITY_NEW_TASK) != 0) {
-             Log.w(TAG, "Cannot start ADD_DEVICE_ADMIN as a new task");
-             finish();
-             return;
-@@ -148,7 +150,7 @@ public class DeviceAdminAdd extends Activity {
-                 EXTRA_CALLED_FROM_SUPPORT_DIALOG, false);
- 
-         String action = getIntent().getAction();
--        ComponentName who = (ComponentName)getIntent().getParcelableExtra(
-+        ComponentName who = (ComponentName) getIntent().getParcelableExtra(
-                 DevicePolicyManager.EXTRA_DEVICE_ADMIN);
-         if (who == null) {
-             String packageName = getIntent().getStringExtra(EXTRA_DEVICE_ADMIN_PACKAGE_NAME);
-@@ -206,7 +208,7 @@ public class DeviceAdminAdd extends Activity {
-                     PackageManager.GET_DISABLED_UNTIL_USED_COMPONENTS);
-             int count = avail == null ? 0 : avail.size();
-             boolean found = false;
--            for (int i=0; i<count; i++) {
-+            for (int i = 0; i < count; i++) {
-                 ResolveInfo ri = avail.get(i);
-                 if (ai.packageName.equals(ri.activityInfo.packageName)
-                         && ai.name.equals(ri.activityInfo.name)) {
-@@ -337,12 +339,12 @@ public class DeviceAdminAdd extends Activity {
-         }
-         setContentView(R.layout.device_admin_add);
- 
--        mAdminIcon = (ImageView)findViewById(R.id.admin_icon);
--        mAdminName = (TextView)findViewById(R.id.admin_name);
--        mAdminDescription = (TextView)findViewById(R.id.admin_description);
-+        mAdminIcon = (ImageView) findViewById(R.id.admin_icon);
-+        mAdminName = (TextView) findViewById(R.id.admin_name);
-+        mAdminDescription = (TextView) findViewById(R.id.admin_description);
-         mProfileOwnerWarning = (TextView) findViewById(R.id.profile_owner_warning);
- 
--        mAddMsg = (TextView)findViewById(R.id.add_msg);
-+        mAddMsg = (TextView) findViewById(R.id.add_msg);
-         mAddMsgExpander = (ImageView) findViewById(R.id.add_msg_expander);
-         final View.OnClickListener onClickListener = new View.OnClickListener() {
-             @Override
-@@ -365,7 +367,7 @@ public class DeviceAdminAdd extends Activity {
-                         mAddMsgExpander.setVisibility(hideMsgExpander ? View.GONE : View.VISIBLE);
-                         if (hideMsgExpander) {
-                             mAddMsg.setOnClickListener(null);
--                            ((View)mAddMsgExpander.getParent()).invalidate();
-+                            ((View) mAddMsgExpander.getParent()).invalidate();
-                         }
-                         mAddMsg.getViewTreeObserver().removeOnGlobalLayoutListener(this);
-                     }
-@@ -383,7 +385,7 @@ public class DeviceAdminAdd extends Activity {
-         mCancelButton.setOnClickListener(new View.OnClickListener() {
-             public void onClick(View v) {
-                 EventLog.writeEvent(EventLogTags.EXP_DET_DEVICE_ADMIN_DECLINED_BY_USER,
--                    mDeviceAdmin.getActivityInfo().applicationInfo.uid);
-+                        mDeviceAdmin.getActivityInfo().applicationInfo.uid);
-                 finish();
-             }
-         });
-@@ -403,58 +405,64 @@ public class DeviceAdminAdd extends Activity {
- 
-         final View restrictedAction = findViewById(R.id.restricted_action);
-         restrictedAction.setFilterTouchesWhenObscured(true);
--        restrictedAction.setOnClickListener(new View.OnClickListener() {
--            public void onClick(View v) {
--                if (!mActionButton.isEnabled()) {
--                    showPolicyTransparencyDialogIfRequired();
--                    return;
--                }
--                if (mAdding) {
--                    addAndFinish();
--                } else if (isManagedProfile(mDeviceAdmin)
--                        && mDeviceAdmin.getComponent().equals(mDPM.getProfileOwner())) {
--                    final int userId = UserHandle.myUserId();
--                    UserDialogs.createRemoveDialog(DeviceAdminAdd.this, userId,
--                            new DialogInterface.OnClickListener() {
--                                @Override
--                                public void onClick(DialogInterface dialog, int which) {
--                                    UserManager um = UserManager.get(DeviceAdminAdd.this);
--                                    um.removeUser(userId);
--                                    finish();
--                                }
-+
-+        final View.OnClickListener restrictedActionClickListener = v -> {
-+            if (!mActionButton.isEnabled()) {
-+                showPolicyTransparencyDialogIfRequired();
-+                return;
-+            }
-+            if (mAdding) {
-+                addAndFinish();
-+            } else if (isManagedProfile(mDeviceAdmin)
-+                    && mDeviceAdmin.getComponent().equals(mDPM.getProfileOwner())) {
-+                final int userId = UserHandle.myUserId();
-+                UserDialogs.createRemoveDialog(DeviceAdminAdd.this, userId,
-+                        new DialogInterface.OnClickListener() {
-+                            @Override
-+                            public void onClick(DialogInterface dialog, int which) {
-+                                UserManager um = UserManager.get(DeviceAdminAdd.this);
-+                                um.removeUser(userId);
-+                                finish();
-                             }
--                    ).show();
--                } else if (mUninstalling) {
--                    mDPM.uninstallPackageWithActiveAdmins(mDeviceAdmin.getPackageName());
--                    finish();
--                } else if (!mWaitingForRemoveMsg) {
--                    try {
--                        // Don't allow the admin to put a dialog up in front
--                        // of us while we interact with the user.
--                        ActivityManager.getService().stopAppSwitches();
--                    } catch (RemoteException e) {
--                    }
--                    mWaitingForRemoveMsg = true;
--                    mDPM.getRemoveWarning(mDeviceAdmin.getComponent(),
--                            new RemoteCallback(new RemoteCallback.OnResultListener() {
--                                @Override
--                                public void onResult(Bundle result) {
--                                    CharSequence msg = result != null
--                                            ? result.getCharSequence(
--                                            DeviceAdminReceiver.EXTRA_DISABLE_WARNING)
--                                            : null;
--                                    continueRemoveAction(msg);
--                                }
--                            }, mHandler));
--                    // Don't want to wait too long.
--                    getWindow().getDecorView().getHandler().postDelayed(new Runnable() {
--                        @Override public void run() {
--                            continueRemoveAction(null);
-                         }
--                    }, 2*1000);
-+                ).show();
-+            } else if (mUninstalling) {
-+                mDPM.uninstallPackageWithActiveAdmins(mDeviceAdmin.getPackageName());
-+                finish();
-+            } else if (!mWaitingForRemoveMsg) {
-+                try {
-+                    // Don't allow the admin to put a dialog up in front
-+                    // of us while we interact with the user.
-+                    ActivityManager.getService().stopAppSwitches();
-+                } catch (RemoteException e) {
-                 }
-+                mWaitingForRemoveMsg = true;
-+                mDPM.getRemoveWarning(mDeviceAdmin.getComponent(),
-+                        new RemoteCallback(new RemoteCallback.OnResultListener() {
-+                            @Override
-+                            public void onResult(Bundle result) {
-+                                CharSequence msg = result != null
-+                                        ? result.getCharSequence(
-+                                        DeviceAdminReceiver.EXTRA_DISABLE_WARNING)
-+                                        : null;
-+                                continueRemoveAction(msg);
-+                            }
-+                        }, mHandler));
-+                // Don't want to wait too long.
-+                getWindow().getDecorView().getHandler().postDelayed(
-+                        () -> continueRemoveAction(null), 2 * 1000);
-+            }
-+        };
-+        restrictedAction.setOnKeyListener((view, keyCode, keyEvent) -> {
-+            if ((keyEvent.getFlags() & KeyEvent.FLAG_FROM_SYSTEM) == 0) {
-+                Log.e(TAG, "Can not activate device-admin with KeyEvent from non-system app.");
-+                // Consume event to suppress click.
-+                return true;
-             }
-+            // Fallback to view click handler.
-+            return false;
-         });
-+        restrictedAction.setOnClickListener(restrictedActionClickListener);
-     }
- 
-     /**
diff --git a/Patches/LineageOS-17.1/android_packages_apps_Trebuchet/365974.patch b/Patches/LineageOS-17.1/android_packages_apps_Trebuchet/365974.patch
deleted file mode 100644
index 7338abe7..00000000
--- a/Patches/LineageOS-17.1/android_packages_apps_Trebuchet/365974.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Pinyao Ting <pinyaoting@google.com>
-Date: Thu, 1 Jun 2023 18:12:44 -0700
-Subject: [PATCH] Fix permission issue in legacy shortcut
-
-When building legacy shortcut, Launcher calls
-PackageManager#resolveActivity to retrieve necessary permission to
-launch the intent.
-
-However, when the source app wraps an arbitrary intent within
-Intent#createChooser, the existing logic will fail because launching
-Chooser doesn't require additional permission.
-
-This CL fixes the security vulnerability by performing the permission
-check against the intent that is wrapped within.
-
-Bug: 270152142
-Test: manual
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:c53818a16b4322a823497726ac7e7a44501b4442)
-Merged-In: If35344c08975e35085c7c2b9b814a3c457a144b0
-Change-Id: If35344c08975e35085c7c2b9b814a3c457a144b0
----
- .../android/launcher3/util/PackageManagerHelper.java | 12 ++++++++++++
- 1 file changed, 12 insertions(+)
-
-diff --git a/src/com/android/launcher3/util/PackageManagerHelper.java b/src/com/android/launcher3/util/PackageManagerHelper.java
-index 78d1d3ca8f..f263331f8f 100644
---- a/src/com/android/launcher3/util/PackageManagerHelper.java
-+++ b/src/com/android/launcher3/util/PackageManagerHelper.java
-@@ -112,6 +112,18 @@ public class PackageManagerHelper {
-      * any permissions
-      */
-     public boolean hasPermissionForActivity(Intent intent, String srcPackage) {
-+        // b/270152142
-+        if (Intent.ACTION_CHOOSER.equals(intent.getAction())) {
-+            final Bundle extras = intent.getExtras();
-+            if (extras == null) {
-+                return true;
-+            }
-+            // If given intent is ACTION_CHOOSER, verify srcPackage has permission over EXTRA_INTENT
-+            intent = (Intent) extras.getParcelable(Intent.EXTRA_INTENT);
-+            if (intent == null) {
-+                return true;
-+            }
-+        }
-         ResolveInfo target = mPm.resolveActivity(intent, 0);
-         if (target == null) {
-             // Not a valid target
diff --git a/Patches/LineageOS-17.1/android_packages_providers_TelephonyProvider/364040-backport.patch b/Patches/LineageOS-17.1/android_packages_providers_TelephonyProvider/364040-backport.patch
deleted file mode 100644
index e68278ce..00000000
--- a/Patches/LineageOS-17.1/android_packages_providers_TelephonyProvider/364040-backport.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Aishwarya Mallampati <amallampati@google.com>
-Date: Wed, 10 May 2023 21:54:43 +0000
-Subject: [PATCH] Update file permissions using canonical path
-
-Bug: 264880895
-Bug: 264880689
-Test: atest android.telephonyprovider.cts.MmsPartTest
-      atest CtsTelephonyTestCases
-      Sanity check - sending and receiving sms and mms manually
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:6743638a096c32627f398efd2ea78f08b8a2db8c)
-Merged-In: I8dd888ea31ec07c9f0de38eb8e8170d3ed255686
-Change-Id: I8dd888ea31ec07c9f0de38eb8e8170d3ed255686
----
- src/com/android/providers/telephony/MmsProvider.java | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/src/com/android/providers/telephony/MmsProvider.java b/src/com/android/providers/telephony/MmsProvider.java
-index 6ba775ba..7546c246 100644
---- a/src/com/android/providers/telephony/MmsProvider.java
-+++ b/src/com/android/providers/telephony/MmsProvider.java
-@@ -819,15 +819,16 @@ public class MmsProvider extends ContentProvider {
-                 String path = getContext().getDir(PARTS_DIR_NAME, 0).getPath() + '/' +
-                         uri.getPathSegments().get(1);
-                 try {
-+                    File canonicalFile = new File(path).getCanonicalFile();
-                     String partsDirPath = getContext().getDir(PARTS_DIR_NAME, 0).getCanonicalPath();
--                    if (!new File(path).getCanonicalPath().startsWith(partsDirPath)) {
-+                    if (!canonicalFile.getPath().startsWith(partsDirPath + '/')) {
-                         EventLog.writeEvent(0x534e4554, "240685104",
-                                 Binder.getCallingUid(), (TAG + " update: path " + path +
-                                         " does not start with " + partsDirPath));
-                         return 0;
-                     }
-                     // Reset the file permission back to read for everyone but me.
--                    Os.chmod(path, 0644);
-+                    Os.chmod(canonicalFile.getPath(), 0644);
-                     if (LOCAL_LOGV) {
-                         Log.d(TAG, "MmsProvider.update chmod is successful for path: " + path);
-                     }
diff --git a/Patches/LineageOS-17.1/android_packages_services_Telecomm/364041-backport.patch b/Patches/LineageOS-17.1/android_packages_services_Telecomm/364041-backport.patch
deleted file mode 100644
index 7506ee37..00000000
--- a/Patches/LineageOS-17.1/android_packages_services_Telecomm/364041-backport.patch
+++ /dev/null
@@ -1,714 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Pranav Madapurmath <pmadapurmath@google.com>
-Date: Thu, 25 May 2023 20:49:21 +0000
-Subject: [PATCH] Resolve StatusHints image exploit across user.
-
-Because of the INTERACT_ACROSS_USERS permission, an app that implements
-a ConnectionService can upload an image icon belonging to another user
-by setting it in the StatusHints. Validating the construction of the
-StatusHints on the calling user would prevent a malicious app from
-registering a connection service with the embedded image icon from a
-different user.
-
-From additional feedback, this CL also addresses potential
-vulnerabilities in an app being able to directly invoke the binder for a
-means to manipulate the contents of the bundle that are passed with it.
-The targeted points of entry are in ConnectionServiceWrapper for the
-following APIs: handleCreateConnectionComplete, setStatusHints,
-addConferenceCall, and addExistingConnection.
-
-Fixes: 280797684
-Test: Manual (verified that original exploit is no longer an issue).
-Test: Unit test for validating image in StatusHints constructor.
-Test: Unit tests to address vulnerabilities via the binder.
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:49d19dd265bee669b230efa29bf98c83650efea6)
-Merged-In: Ie1f6a8866d31d5f1099dd0630cf8e9ee782d389c
-Change-Id: Ie1f6a8866d31d5f1099dd0630cf8e9ee782d389c
----
- .../telecom/ConnectionServiceWrapper.java     |  32 ++++
- .../server/telecom/tests/BasicCallTests.java  | 164 +++++++++++++++++-
- .../server/telecom/tests/CallExtrasTest.java  |   6 +-
- .../tests/ConnectionServiceFixture.java       |  21 ++-
- .../telecom/tests/TelecomSystemTest.java      |  66 ++++---
- .../server/telecom/tests/VideoCallTests.java  |  16 +-
- 6 files changed, 265 insertions(+), 40 deletions(-)
-
-diff --git a/src/com/android/server/telecom/ConnectionServiceWrapper.java b/src/com/android/server/telecom/ConnectionServiceWrapper.java
-index 4621558d1..d06460784 100644
---- a/src/com/android/server/telecom/ConnectionServiceWrapper.java
-+++ b/src/com/android/server/telecom/ConnectionServiceWrapper.java
-@@ -19,6 +19,7 @@ package com.android.server.telecom;
- import android.app.AppOpsManager;
- import android.content.ComponentName;
- import android.content.Context;
-+import android.graphics.drawable.Icon;
- import android.net.Uri;
- import android.os.Binder;
- import android.os.Bundle;
-@@ -73,10 +74,17 @@ public class ConnectionServiceWrapper extends ServiceBinder implements
-         public void handleCreateConnectionComplete(String callId, ConnectionRequest request,
-                 ParcelableConnection connection, Session.Info sessionInfo) {
-             Log.startSession(sessionInfo, LogUtils.Sessions.CSW_HANDLE_CREATE_CONNECTION_COMPLETE);
-+            UserHandle callingUserHandle = Binder.getCallingUserHandle();
-             long token = Binder.clearCallingIdentity();
-             try {
-                 synchronized (mLock) {
-                     logIncoming("handleCreateConnectionComplete %s", callId);
-+                    // Check status hints image for cross user access
-+                    if (connection.getStatusHints() != null) {
-+                        Icon icon = connection.getStatusHints().getIcon();
-+                        connection.getStatusHints().setIcon(StatusHints.
-+                                validateAccountIconUserBoundary(icon, callingUserHandle));
-+                    }
-                     ConnectionServiceWrapper.this
-                             .handleCreateConnectionComplete(callId, request, connection);
- 
-@@ -435,6 +443,15 @@ public class ConnectionServiceWrapper extends ServiceBinder implements
-         public void addConferenceCall(String callId, ParcelableConference parcelableConference,
-                 Session.Info sessionInfo) {
-             Log.startSession(sessionInfo, LogUtils.Sessions.CSW_ADD_CONFERENCE_CALL);
-+
-+            UserHandle callingUserHandle = Binder.getCallingUserHandle();
-+            // Check status hints image for cross user access
-+            if (parcelableConference.getStatusHints() != null) {
-+                Icon icon = parcelableConference.getStatusHints().getIcon();
-+                parcelableConference.getStatusHints().setIcon(StatusHints.
-+                        validateAccountIconUserBoundary(icon, callingUserHandle));
-+            }
-+
-             long token = Binder.clearCallingIdentity();
-             try {
-                 synchronized (mLock) {
-@@ -658,10 +675,17 @@ public class ConnectionServiceWrapper extends ServiceBinder implements
-         public void setStatusHints(String callId, StatusHints statusHints,
-                 Session.Info sessionInfo) {
-             Log.startSession(sessionInfo, "CSW.sSH");
-+            UserHandle callingUserHandle = Binder.getCallingUserHandle();
-             long token = Binder.clearCallingIdentity();
-             try {
-                 synchronized (mLock) {
-                     logIncoming("setStatusHints %s %s", callId, statusHints);
-+                    // Check status hints image for cross user access
-+                    if (statusHints != null) {
-+                        Icon icon = statusHints.getIcon();
-+                        statusHints.setIcon(StatusHints.validateAccountIconUserBoundary(
-+                                icon, callingUserHandle));
-+                    }
-                     Call call = mCallIdMapper.getCall(callId);
-                     if (call != null) {
-                         call.setStatusHints(statusHints);
-@@ -849,6 +873,14 @@ public class ConnectionServiceWrapper extends ServiceBinder implements
-                         } else {
-                             connectIdToCheck = callId;
-                         }
-+
-+                        // Check status hints image for cross user access
-+                        if (connection.getStatusHints() != null) {
-+                            Icon icon = connection.getStatusHints().getIcon();
-+                            connection.getStatusHints().setIcon(StatusHints.
-+                                    validateAccountIconUserBoundary(icon, userHandle));
-+                        }
-+
-                         // Check to see if this Connection has already been added.
-                         Call alreadyAddedConnection = mCallsManager
-                                 .getAlreadyAddedConnection(connectIdToCheck);
-diff --git a/tests/src/com/android/server/telecom/tests/BasicCallTests.java b/tests/src/com/android/server/telecom/tests/BasicCallTests.java
-index 95ca3f3be..7889d0487 100644
---- a/tests/src/com/android/server/telecom/tests/BasicCallTests.java
-+++ b/tests/src/com/android/server/telecom/tests/BasicCallTests.java
-@@ -16,8 +16,11 @@
- 
- package com.android.server.telecom.tests;
- 
-+import static com.android.server.telecom.tests.ConnectionServiceFixture.STATUS_HINTS_EXTRA;
-+
- import static org.junit.Assert.assertEquals;
- import static org.junit.Assert.assertFalse;
-+import static org.junit.Assert.assertNotNull;
- import static org.junit.Assert.assertNull;
- import static org.junit.Assert.assertTrue;
- import static org.mockito.ArgumentMatchers.nullable;
-@@ -35,6 +38,8 @@ import static org.mockito.Mockito.when;
- 
- import android.content.Context;
- import android.content.IContentProvider;
-+import android.content.Intent;
-+import android.graphics.drawable.Icon;
- import android.media.AudioManager;
- import android.net.Uri;
- import android.os.Bundle;
-@@ -51,12 +56,14 @@ import android.telecom.Log;
- import android.telecom.ParcelableCall;
- import android.telecom.PhoneAccount;
- import android.telecom.PhoneAccountHandle;
-+import android.telecom.StatusHints;
- import android.telecom.TelecomManager;
- import android.telecom.VideoProfile;
- import android.test.suitebuilder.annotation.LargeTest;
- import android.test.suitebuilder.annotation.MediumTest;
- 
- import androidx.test.filters.FlakyTest;
-+import androidx.test.filters.SmallTest;
- 
- import com.android.internal.telecom.IInCallAdapter;
- import com.android.internal.telephony.CallerInfo;
-@@ -180,7 +187,7 @@ public class BasicCallTests extends TelecomSystemTest {
-     @Test
-     public void testTelecomManagerAcceptRingingVideoCall() throws Exception {
-         IdPair ids = startIncomingPhoneCall("650-555-1212", mPhoneAccountA0.getAccountHandle(),
--                VideoProfile.STATE_BIDIRECTIONAL, mConnectionServiceFixtureA);
-+                VideoProfile.STATE_BIDIRECTIONAL, mConnectionServiceFixtureA, null);
- 
-         assertEquals(Call.STATE_RINGING, mInCallServiceFixtureX.getCall(ids.mCallId).getState());
-         assertEquals(Call.STATE_RINGING, mInCallServiceFixtureY.getCall(ids.mCallId).getState());
-@@ -209,7 +216,7 @@ public class BasicCallTests extends TelecomSystemTest {
-     @Test
-     public void testTelecomManagerAcceptRingingVideoCallAsAudio() throws Exception {
-         IdPair ids = startIncomingPhoneCall("650-555-1212", mPhoneAccountA0.getAccountHandle(),
--                VideoProfile.STATE_BIDIRECTIONAL, mConnectionServiceFixtureA);
-+                VideoProfile.STATE_BIDIRECTIONAL, mConnectionServiceFixtureA, null);
- 
-         assertEquals(Call.STATE_RINGING, mInCallServiceFixtureX.getCall(ids.mCallId).getState());
-         assertEquals(Call.STATE_RINGING, mInCallServiceFixtureY.getCall(ids.mCallId).getState());
-@@ -237,7 +244,7 @@ public class BasicCallTests extends TelecomSystemTest {
-     @Test
-     public void testTelecomManagerAcceptRingingInvalidVideoState() throws Exception {
-         IdPair ids = startIncomingPhoneCall("650-555-1212", mPhoneAccountA0.getAccountHandle(),
--                VideoProfile.STATE_BIDIRECTIONAL, mConnectionServiceFixtureA);
-+                VideoProfile.STATE_BIDIRECTIONAL, mConnectionServiceFixtureA, null);
- 
-         assertEquals(Call.STATE_RINGING, mInCallServiceFixtureX.getCall(ids.mCallId).getState());
-         assertEquals(Call.STATE_RINGING, mInCallServiceFixtureY.getCall(ids.mCallId).getState());
-@@ -642,13 +649,13 @@ public class BasicCallTests extends TelecomSystemTest {
-     @MediumTest
-     @Test
-     public void testBasicConferenceCall() throws Exception {
--        makeConferenceCall();
-+        makeConferenceCall(null, null);
-     }
- 
-     @MediumTest
-     @Test
-     public void testAddCallToConference1() throws Exception {
--        ParcelableCall conferenceCall = makeConferenceCall();
-+        ParcelableCall conferenceCall = makeConferenceCall(null, null);
-         IdPair callId3 = startAndMakeActiveOutgoingCall("650-555-1214",
-                 mPhoneAccountA0.getAccountHandle(), mConnectionServiceFixtureA);
-         // testAddCallToConference{1,2} differ in the order of arguments to InCallAdapter#conference
-@@ -666,7 +673,7 @@ public class BasicCallTests extends TelecomSystemTest {
-     @MediumTest
-     @Test
-     public void testAddCallToConference2() throws Exception {
--        ParcelableCall conferenceCall = makeConferenceCall();
-+        ParcelableCall conferenceCall = makeConferenceCall(null, null);
-         IdPair callId3 = startAndMakeActiveOutgoingCall("650-555-1214",
-                 mPhoneAccountA0.getAccountHandle(), mConnectionServiceFixtureA);
-         mInCallServiceFixtureX.getInCallAdapter()
-@@ -922,7 +929,7 @@ public class BasicCallTests extends TelecomSystemTest {
-     public void testOutgoingCallSelectPhoneAccountVideo() throws Exception {
-         startOutgoingPhoneCallPendingCreateConnection("650-555-1212",
-                 null, mConnectionServiceFixtureA,
--                Process.myUserHandle(), VideoProfile.STATE_BIDIRECTIONAL);
-+                Process.myUserHandle(), VideoProfile.STATE_BIDIRECTIONAL, null);
-         com.android.server.telecom.Call call = mTelecomSystem.getCallsManager().getCalls()
-                 .iterator().next();
-         assert(call.isVideoCallingSupportedByPhoneAccount());
-@@ -945,7 +952,7 @@ public class BasicCallTests extends TelecomSystemTest {
-     public void testOutgoingCallSelectPhoneAccountNoVideo() throws Exception {
-         startOutgoingPhoneCallPendingCreateConnection("650-555-1212",
-                 null, mConnectionServiceFixtureA,
--                Process.myUserHandle(), VideoProfile.STATE_BIDIRECTIONAL);
-+                Process.myUserHandle(), VideoProfile.STATE_BIDIRECTIONAL, null);
-         com.android.server.telecom.Call call = mTelecomSystem.getCallsManager().getCalls()
-                 .iterator().next();
-         assert(call.isVideoCallingSupportedByPhoneAccount());
-@@ -1153,4 +1160,145 @@ public class BasicCallTests extends TelecomSystemTest {
-         assertTrue(muteValues.get(0));
-         assertFalse(muteValues.get(1));
-     }
-+
-+    /**
-+     * Verifies that StatusHints image is validated in ConnectionServiceWrapper#addConferenceCall
-+     * when the image doesn't belong to the calling user. Simulates a scenario where an app
-+     * could manipulate the contents of the bundle and send it via the binder to upload an image
-+     * from another user.
-+     *
-+     * @throws Exception
-+     */
-+    @SmallTest
-+    @Test
-+    public void testValidateStatusHintsImage_addConferenceCall() throws Exception {
-+        Intent callIntent1 = new Intent();
-+        // Stub intent for call2
-+        Intent callIntent2 = new Intent();
-+        Bundle callExtras1 = new Bundle();
-+        Icon icon = Icon.createWithContentUri("content://10@media/external/images/media/");
-+        // Load StatusHints extra into TelecomManager.EXTRA_OUTGOING_CALL_EXTRAS to be processed
-+        // as the call extras. This will be leveraged in ConnectionServiceFixture to set the
-+        // StatusHints for the given connection.
-+        StatusHints statusHints = new StatusHints(icon);
-+        assertNotNull(statusHints.getIcon());
-+        callExtras1.putParcelable(STATUS_HINTS_EXTRA, statusHints);
-+        callIntent1.putExtra(TelecomManager.EXTRA_OUTGOING_CALL_EXTRAS, callExtras1);
-+
-+        // Start conference call to invoke ConnectionServiceWrapper#addConferenceCall.
-+        // Note that the calling user would be User 0.
-+        ParcelableCall conferenceCall = makeConferenceCall(callIntent1, callIntent2);
-+
-+        // Ensure that StatusHints was set.
-+        assertNotNull(mInCallServiceFixtureX.getCall(mInCallServiceFixtureX.mLatestCallId)
-+                .getStatusHints());
-+        // Ensure that the StatusHints image icon was disregarded.
-+        assertNull(mInCallServiceFixtureX.getCall(mInCallServiceFixtureX.mLatestCallId)
-+                .getStatusHints().getIcon());
-+    }
-+
-+    /**
-+     * Verifies that StatusHints image is validated in
-+     * ConnectionServiceWrapper#handleCreateConnectionComplete when the image doesn't belong to the
-+     * calling user. Simulates a scenario where an app could manipulate the contents of the
-+     * bundle and send it via the binder to upload an image from another user.
-+     *
-+     * @throws Exception
-+     */
-+    @SmallTest
-+    @Test
-+    public void testValidateStatusHintsImage_handleCreateConnectionComplete() throws Exception {
-+        Bundle extras = new Bundle();
-+        Icon icon = Icon.createWithContentUri("content://10@media/external/images/media/");
-+        // Load the bundle with the test extra in order to simulate an app directly invoking the
-+        // binder on ConnectionServiceWrapper#handleCreateConnectionComplete.
-+        StatusHints statusHints = new StatusHints(icon);
-+        assertNotNull(statusHints.getIcon());
-+        extras.putParcelable(STATUS_HINTS_EXTRA, statusHints);
-+
-+        // Start incoming call with StatusHints extras
-+        // Note that the calling user in ConnectionServiceWrapper#handleCreateConnectionComplete
-+        // would be User 0.
-+        IdPair ids = startIncomingPhoneCallWithExtras("650-555-1212",
-+                mPhoneAccountA0.getAccountHandle(), mConnectionServiceFixtureA, extras);
-+
-+        // Ensure that StatusHints was set.
-+        assertNotNull(mInCallServiceFixtureX.getCall(ids.mCallId).getStatusHints());
-+        // Ensure that the StatusHints image icon was disregarded.
-+        assertNull(mInCallServiceFixtureX.getCall(ids.mCallId).getStatusHints().getIcon());
-+    }
-+
-+    /**
-+     * Verifies that StatusHints image is validated in ConnectionServiceWrapper#setStatusHints
-+     * when the image doesn't belong to the calling user. Simulates a scenario where an app
-+     * could manipulate the contents of the bundle and send it via the binder to upload an image
-+     * from another user.
-+     *
-+     * @throws Exception
-+     */
-+    @SmallTest
-+    @Test
-+    public void testValidateStatusHintsImage_setStatusHints() throws Exception {
-+        IdPair outgoing = startAndMakeActiveOutgoingCall("650-555-1214",
-+                mPhoneAccountA0.getAccountHandle(), mConnectionServiceFixtureA);
-+
-+        // Modify existing connection with StatusHints image exploit
-+        Icon icon = Icon.createWithContentUri("content://10@media/external/images/media/");
-+        StatusHints statusHints = new StatusHints(icon);
-+        assertNotNull(statusHints.getIcon());
-+        ConnectionServiceFixture.ConnectionInfo connectionInfo = mConnectionServiceFixtureA
-+                .mConnectionById.get(outgoing.mConnectionId);
-+        connectionInfo.statusHints = statusHints;
-+
-+        // Invoke ConnectionServiceWrapper#setStatusHints.
-+        // Note that the calling user would be User 0.
-+        mConnectionServiceFixtureA.sendSetStatusHints(outgoing.mConnectionId);
-+        waitForHandlerAction(mConnectionServiceFixtureA.mConnectionServiceDelegate.getHandler(),
-+                TEST_TIMEOUT);
-+
-+        // Ensure that StatusHints was set.
-+        assertNotNull(mInCallServiceFixtureX.getCall(outgoing.mCallId).getStatusHints());
-+        // Ensure that the StatusHints image icon was disregarded.
-+        assertNull(mInCallServiceFixtureX.getCall(outgoing.mCallId)
-+                .getStatusHints().getIcon());
-+    }
-+
-+    /**
-+     * Verifies that StatusHints image is validated in
-+     * ConnectionServiceWrapper#addExistingConnection when the image doesn't belong to the calling
-+     * user. Simulates a scenario where an app could manipulate the contents of the bundle and
-+     * send it via the binder to upload an image from another user.
-+     *
-+     * @throws Exception
-+     */
-+    @SmallTest
-+    @Test
-+    public void testValidateStatusHintsImage_addExistingConnection() throws Exception {
-+        IdPair outgoing = startAndMakeActiveOutgoingCall("650-555-1214",
-+                mPhoneAccountA0.getAccountHandle(), mConnectionServiceFixtureA);
-+        Connection existingConnection = mConnectionServiceFixtureA.mLatestConnection;
-+
-+        // Modify existing connection with StatusHints image exploit
-+        Icon icon = Icon.createWithContentUri("content://10@media/external/images/media/");
-+        StatusHints modifiedStatusHints = new StatusHints(icon);
-+        assertNotNull(modifiedStatusHints.getIcon());
-+        ConnectionServiceFixture.ConnectionInfo connectionInfo = mConnectionServiceFixtureA
-+                .mConnectionById.get(outgoing.mConnectionId);
-+        connectionInfo.statusHints = modifiedStatusHints;
-+
-+        // Invoke ConnectionServiceWrapper#addExistingConnection.
-+        // Note that the calling user would be User 0.
-+        mConnectionServiceFixtureA.sendAddExistingConnection(outgoing.mConnectionId);
-+        waitForHandlerAction(mConnectionServiceFixtureA.mConnectionServiceDelegate.getHandler(),
-+                TEST_TIMEOUT);
-+
-+        // Ensure that StatusHints was set. Due to test setup, the ParcelableConnection object that
-+        // is passed into sendAddExistingConnection is instantiated on invocation. The call's
-+        // StatusHints are not updated at the time of completion, so instead, we can verify that
-+        // the ParcelableConnection object was modified.
-+        assertNotNull(mConnectionServiceFixtureA.mLatestParcelableConnection.getStatusHints());
-+        // Ensure that the StatusHints image icon was disregarded.
-+        assertNull(mConnectionServiceFixtureA.mLatestParcelableConnection
-+                .getStatusHints().getIcon());
-+    }
- }
-diff --git a/tests/src/com/android/server/telecom/tests/CallExtrasTest.java b/tests/src/com/android/server/telecom/tests/CallExtrasTest.java
-index b97f819e1..28986c374 100644
---- a/tests/src/com/android/server/telecom/tests/CallExtrasTest.java
-+++ b/tests/src/com/android/server/telecom/tests/CallExtrasTest.java
-@@ -359,7 +359,7 @@ public class CallExtrasTest extends TelecomSystemTest {
-     @LargeTest
-     @Test
-     public void testConferenceSetExtras() throws Exception {
--        ParcelableCall call = makeConferenceCall();
-+        ParcelableCall call = makeConferenceCall(null, null);
-         String conferenceId = call.getId();
- 
-         Conference conference = mConnectionServiceFixtureA.mLatestConference;
-@@ -403,7 +403,7 @@ public class CallExtrasTest extends TelecomSystemTest {
-     @FlakyTest(bugId = 117751305)
-     @Test
-     public void testConferenceExtraOperations() throws Exception {
--        ParcelableCall call = makeConferenceCall();
-+        ParcelableCall call = makeConferenceCall(null, null);
-         String conferenceId = call.getId();
-         Conference conference = mConnectionServiceFixtureA.mLatestConference;
-         assertNotNull(conference);
-@@ -439,7 +439,7 @@ public class CallExtrasTest extends TelecomSystemTest {
-     @LargeTest
-     @Test
-     public void testConferenceICS() throws Exception {
--        ParcelableCall call = makeConferenceCall();
-+        ParcelableCall call = makeConferenceCall(null, null);
-         String conferenceId = call.getId();
-         Conference conference = mConnectionServiceFixtureA.mLatestConference;
- 
-diff --git a/tests/src/com/android/server/telecom/tests/ConnectionServiceFixture.java b/tests/src/com/android/server/telecom/tests/ConnectionServiceFixture.java
-index 9655476b4..c3561b64e 100644
---- a/tests/src/com/android/server/telecom/tests/ConnectionServiceFixture.java
-+++ b/tests/src/com/android/server/telecom/tests/ConnectionServiceFixture.java
-@@ -67,6 +67,7 @@ public class ConnectionServiceFixture implements TestFixture<IConnectionService>
-     static int INVALID_VIDEO_STATE = -1;
-     public CountDownLatch mExtrasLock = new CountDownLatch(1);
-     static int NOT_SPECIFIED = 0;
-+    public static final String STATUS_HINTS_EXTRA = "updateStatusHints";
- 
-     /**
-      * Implementation of ConnectionService that performs no-ops for tasks normally meant for
-@@ -101,6 +102,11 @@ public class ConnectionServiceFixture implements TestFixture<IConnectionService>
-             if (mProperties != NOT_SPECIFIED) {
-                 fakeConnection.setConnectionProperties(mProperties);
-             }
-+            // Testing for StatusHints image icon cross user access
-+            if (request.getExtras() != null) {
-+                fakeConnection.setStatusHints(
-+                        request.getExtras().getParcelable(STATUS_HINTS_EXTRA));
-+            }
- 
-             return fakeConnection;
-         }
-@@ -117,6 +123,11 @@ public class ConnectionServiceFixture implements TestFixture<IConnectionService>
-             if (mProperties != NOT_SPECIFIED) {
-                 fakeConnection.setConnectionProperties(mProperties);
-             }
-+            // Testing for StatusHints image icon cross user access
-+            if (request.getExtras() != null) {
-+                fakeConnection.setStatusHints(
-+                        request.getExtras().getParcelable(STATUS_HINTS_EXTRA));
-+            }
-             return fakeConnection;
-         }
- 
-@@ -133,6 +144,12 @@ public class ConnectionServiceFixture implements TestFixture<IConnectionService>
-                 Conference fakeConference = new FakeConference();
-                 fakeConference.addConnection(cxn1);
-                 fakeConference.addConnection(cxn2);
-+                if (cxn1.getStatusHints() != null || cxn2.getStatusHints() != null) {
-+                    // For testing purposes, pick one of the status hints that isn't null.
-+                    StatusHints statusHints = cxn1.getStatusHints() != null
-+                            ? cxn1.getStatusHints() : cxn2.getStatusHints();
-+                    fakeConference.setStatusHints(statusHints);
-+                }
-                 mLatestConference = fakeConference;
-                 addConference(fakeConference);
-             } else {
-@@ -440,6 +457,7 @@ public class ConnectionServiceFixture implements TestFixture<IConnectionService>
- 
-     public String mLatestConnectionId;
-     public Connection mLatestConnection;
-+    public ParcelableConnection mLatestParcelableConnection;
-     public Conference mLatestConference;
-     public final Set<IConnectionServiceAdapter> mConnectionServiceAdapters = new HashSet<>();
-     public final Map<String, ConnectionInfo> mConnectionById = new HashMap<>();
-@@ -678,7 +696,7 @@ public class ConnectionServiceFixture implements TestFixture<IConnectionService>
-     }
- 
-     private ParcelableConnection parcelable(ConnectionInfo c) {
--        return new ParcelableConnection(
-+        mLatestParcelableConnection = new ParcelableConnection(
-                 c.request.getAccountHandle(),
-                 c.state,
-                 c.capabilities,
-@@ -698,5 +716,6 @@ public class ConnectionServiceFixture implements TestFixture<IConnectionService>
-                 c.disconnectCause,
-                 c.conferenceableConnectionIds,
-                 c.extras);
-+        return mLatestParcelableConnection;
-     }
- }
-diff --git a/tests/src/com/android/server/telecom/tests/TelecomSystemTest.java b/tests/src/com/android/server/telecom/tests/TelecomSystemTest.java
-index 82b17be42..717579046 100644
---- a/tests/src/com/android/server/telecom/tests/TelecomSystemTest.java
-+++ b/tests/src/com/android/server/telecom/tests/TelecomSystemTest.java
-@@ -382,12 +382,13 @@ public class TelecomSystemTest extends TelecomTestCase {
-         super.tearDown();
-     }
- 
--    protected ParcelableCall makeConferenceCall() throws Exception {
--        IdPair callId1 = startAndMakeActiveOutgoingCall("650-555-1212",
--                mPhoneAccountA0.getAccountHandle(), mConnectionServiceFixtureA);
-+    protected ParcelableCall makeConferenceCall(
-+            Intent callIntentExtras1, Intent callIntentExtras2) throws Exception {
-+        IdPair callId1 = startAndMakeActiveOutgoingCallWithExtras("650-555-1212",
-+                mPhoneAccountA0.getAccountHandle(), mConnectionServiceFixtureA, callIntentExtras1);
- 
--        IdPair callId2 = startAndMakeActiveOutgoingCall("650-555-1213",
--                mPhoneAccountA0.getAccountHandle(), mConnectionServiceFixtureA);
-+        IdPair callId2 = startAndMakeActiveOutgoingCallWithExtras("650-555-1213",
-+                mPhoneAccountA0.getAccountHandle(), mConnectionServiceFixtureA, callIntentExtras2);
- 
-         IInCallAdapter inCallAdapter = mInCallServiceFixtureX.getInCallAdapter();
-         inCallAdapter.conference(callId1.mCallId, callId2.mCallId);
-@@ -570,7 +571,7 @@ public class TelecomSystemTest extends TelecomTestCase {
- 
-         startOutgoingPhoneCallWaitForBroadcaster(number, null,
-                 connectionServiceFixture, Process.myUserHandle(), VideoProfile.STATE_AUDIO_ONLY,
--                false /*isEmergency*/);
-+                false /*isEmergency*/, null);
- 
-         return mInCallServiceFixtureX.mLatestCallId;
-     }
-@@ -600,17 +601,17 @@ public class TelecomSystemTest extends TelecomTestCase {
-             throws Exception {
- 
-         return startOutgoingPhoneCall(number, phoneAccountHandle, connectionServiceFixture,
--                initiatingUser, VideoProfile.STATE_AUDIO_ONLY);
-+                initiatingUser, VideoProfile.STATE_AUDIO_ONLY, null);
-     }
- 
-     protected IdPair startOutgoingPhoneCall(String number, PhoneAccountHandle phoneAccountHandle,
-             ConnectionServiceFixture connectionServiceFixture, UserHandle initiatingUser,
--            int videoState) throws Exception {
-+            int videoState, Intent callIntentExtras) throws Exception {
-         int startingNumConnections = connectionServiceFixture.mConnectionById.size();
-         int startingNumCalls = mInCallServiceFixtureX.mCallById.size();
- 
-         startOutgoingPhoneCallPendingCreateConnection(number, phoneAccountHandle,
--                connectionServiceFixture, initiatingUser, videoState);
-+                connectionServiceFixture, initiatingUser, videoState, callIntentExtras);
- 
-         verify(connectionServiceFixture.getTestDouble(), timeout(TEST_TIMEOUT))
-                 .createConnectionComplete(anyString(), any());
-@@ -649,7 +650,7 @@ public class TelecomSystemTest extends TelecomTestCase {
-         mIsEmergencyCall = true;
-         // Call will not use the ordered broadcaster, since it is an Emergency Call
-         startOutgoingPhoneCallWaitForBroadcaster(number, phoneAccountHandle,
--                connectionServiceFixture, initiatingUser, videoState, true /*isEmergency*/);
-+                connectionServiceFixture, initiatingUser, videoState, true /*isEmergency*/, null);
- 
-         return outgoingCallCreateConnectionComplete(startingNumConnections, startingNumCalls,
-                 phoneAccountHandle, connectionServiceFixture);
-@@ -658,7 +659,7 @@ public class TelecomSystemTest extends TelecomTestCase {
-     protected void startOutgoingPhoneCallWaitForBroadcaster(String number,
-             PhoneAccountHandle phoneAccountHandle,
-             ConnectionServiceFixture connectionServiceFixture, UserHandle initiatingUser,
--            int videoState, boolean isEmergency) throws Exception {
-+            int videoState, boolean isEmergency, Intent actionCallIntent) throws Exception {
-         reset(connectionServiceFixture.getTestDouble(), mInCallServiceFixtureX.getTestDouble(),
-                 mInCallServiceFixtureY.getTestDouble());
- 
-@@ -671,7 +672,9 @@ public class TelecomSystemTest extends TelecomTestCase {
- 
-         boolean hasInCallAdapter = mInCallServiceFixtureX.mInCallAdapter != null;
- 
--        Intent actionCallIntent = new Intent();
-+        if (actionCallIntent == null) {
-+            actionCallIntent = new Intent();
-+        }
-         actionCallIntent.setData(Uri.parse("tel:" + number));
-         actionCallIntent.putExtra(Intent.EXTRA_PHONE_NUMBER, number);
-         if(isEmergency) {
-@@ -716,9 +719,10 @@ public class TelecomSystemTest extends TelecomTestCase {
-     protected String startOutgoingPhoneCallPendingCreateConnection(String number,
-             PhoneAccountHandle phoneAccountHandle,
-             ConnectionServiceFixture connectionServiceFixture, UserHandle initiatingUser,
--            int videoState) throws Exception {
-+            int videoState, Intent callIntentExtras) throws Exception {
-         startOutgoingPhoneCallWaitForBroadcaster(number,phoneAccountHandle,
--                connectionServiceFixture, initiatingUser, videoState, false /*isEmergency*/);
-+                connectionServiceFixture, initiatingUser,
-+                videoState, false /*isEmergency*/, callIntentExtras);
-         waitForHandlerAction(new Handler(Looper.getMainLooper()), TEST_TIMEOUT);
- 
-         verifyAndProcessOutgoingCallBroadcast(phoneAccountHandle);
-@@ -823,14 +827,24 @@ public class TelecomSystemTest extends TelecomTestCase {
-             PhoneAccountHandle phoneAccountHandle,
-             final ConnectionServiceFixture connectionServiceFixture) throws Exception {
-         return startIncomingPhoneCall(number, phoneAccountHandle, VideoProfile.STATE_AUDIO_ONLY,
--                connectionServiceFixture);
-+                connectionServiceFixture, null);
-+    }
-+
-+    protected IdPair startIncomingPhoneCallWithExtras(
-+            String number,
-+            PhoneAccountHandle phoneAccountHandle,
-+            final ConnectionServiceFixture connectionServiceFixture,
-+            Bundle extras) throws Exception {
-+        return startIncomingPhoneCall(number, phoneAccountHandle, VideoProfile.STATE_AUDIO_ONLY,
-+                connectionServiceFixture, extras);
-     }
- 
-     protected IdPair startIncomingPhoneCall(
-             String number,
-             PhoneAccountHandle phoneAccountHandle,
-             int videoState,
--            final ConnectionServiceFixture connectionServiceFixture) throws Exception {
-+            final ConnectionServiceFixture connectionServiceFixture,
-+            Bundle extras) throws Exception {
-         reset(connectionServiceFixture.getTestDouble(), mInCallServiceFixtureX.getTestDouble(),
-                 mInCallServiceFixtureY.getTestDouble());
- 
-@@ -847,7 +861,9 @@ public class TelecomSystemTest extends TelecomTestCase {
-                 new IncomingCallAddedListener(incomingCallAddedLatch);
-         mTelecomSystem.getCallsManager().addListener(callAddedListener);
- 
--        Bundle extras = new Bundle();
-+        if (extras == null) {
-+            extras = new Bundle();
-+        }
-         extras.putParcelable(
-                 TelecomManager.EXTRA_INCOMING_CALL_ADDRESS,
-                 Uri.fromParts(PhoneAccount.SCHEME_TEL, number, null));
-@@ -933,7 +949,16 @@ public class TelecomSystemTest extends TelecomTestCase {
-             PhoneAccountHandle phoneAccountHandle,
-             ConnectionServiceFixture connectionServiceFixture) throws Exception {
-         return startAndMakeActiveOutgoingCall(number, phoneAccountHandle, connectionServiceFixture,
--                VideoProfile.STATE_AUDIO_ONLY);
-+                VideoProfile.STATE_AUDIO_ONLY, null);
-+    }
-+
-+    protected IdPair startAndMakeActiveOutgoingCallWithExtras(
-+            String number,
-+            PhoneAccountHandle phoneAccountHandle,
-+            ConnectionServiceFixture connectionServiceFixture,
-+            Intent callIntentExtras) throws Exception {
-+        return startAndMakeActiveOutgoingCall(number, phoneAccountHandle, connectionServiceFixture,
-+                VideoProfile.STATE_AUDIO_ONLY, callIntentExtras);
-     }
- 
-     // A simple outgoing call, verifying that the appropriate connection service is contacted,
-@@ -941,9 +966,10 @@ public class TelecomSystemTest extends TelecomTestCase {
-     protected IdPair startAndMakeActiveOutgoingCall(
-             String number,
-             PhoneAccountHandle phoneAccountHandle,
--            ConnectionServiceFixture connectionServiceFixture, int videoState) throws Exception {
-+            ConnectionServiceFixture connectionServiceFixture, int videoState,
-+            Intent callIntentExtras) throws Exception {
-         IdPair ids = startOutgoingPhoneCall(number, phoneAccountHandle, connectionServiceFixture,
--                Process.myUserHandle(), videoState);
-+                Process.myUserHandle(), videoState, callIntentExtras);
- 
-         connectionServiceFixture.sendSetDialing(ids.mConnectionId);
-         if (phoneAccountHandle != mPhoneAccountSelfManaged.getAccountHandle()) {
-diff --git a/tests/src/com/android/server/telecom/tests/VideoCallTests.java b/tests/src/com/android/server/telecom/tests/VideoCallTests.java
-index 97e71d18b..84beedc0f 100644
---- a/tests/src/com/android/server/telecom/tests/VideoCallTests.java
-+++ b/tests/src/com/android/server/telecom/tests/VideoCallTests.java
-@@ -105,7 +105,7 @@ public class VideoCallTests extends TelecomSystemTest {
-         // Start an incoming video call.
-         IdPair ids = startAndMakeActiveOutgoingCall("650-555-1212",
-                 mPhoneAccountA0.getAccountHandle(), mConnectionServiceFixtureA,
--                VideoProfile.STATE_BIDIRECTIONAL);
-+                VideoProfile.STATE_BIDIRECTIONAL, null);
- 
-         verifyAudioRoute(CallAudioState.ROUTE_SPEAKER);
-     }
-@@ -121,7 +121,7 @@ public class VideoCallTests extends TelecomSystemTest {
-         // Start an incoming video call.
-         IdPair ids = startAndMakeActiveOutgoingCall("650-555-1212",
-                 mPhoneAccountA0.getAccountHandle(), mConnectionServiceFixtureA,
--                VideoProfile.STATE_TX_ENABLED);
-+                VideoProfile.STATE_TX_ENABLED, null);
- 
-         verifyAudioRoute(CallAudioState.ROUTE_SPEAKER);
-     }
-@@ -137,7 +137,7 @@ public class VideoCallTests extends TelecomSystemTest {
-         // Start an incoming video call.
-         IdPair ids = startAndMakeActiveOutgoingCall("650-555-1212",
-                 mPhoneAccountA0.getAccountHandle(), mConnectionServiceFixtureA,
--                VideoProfile.STATE_AUDIO_ONLY);
-+                VideoProfile.STATE_AUDIO_ONLY, null);
- 
-         verifyAudioRoute(CallAudioState.ROUTE_EARPIECE);
-     }
-@@ -165,7 +165,7 @@ public class VideoCallTests extends TelecomSystemTest {
-     @Test
-     public void testIncomingVideoCallMissedCheckVideoHistory() throws Exception {
-         IdPair ids = startIncomingPhoneCall("650-555-1212", mPhoneAccountA0.getAccountHandle(),
--                VideoProfile.STATE_BIDIRECTIONAL, mConnectionServiceFixtureA);
-+                VideoProfile.STATE_BIDIRECTIONAL, mConnectionServiceFixtureA, null);
-         com.android.server.telecom.Call call = mTelecomSystem.getCallsManager().getCalls()
-                 .iterator().next();
- 
-@@ -182,7 +182,7 @@ public class VideoCallTests extends TelecomSystemTest {
-     @Test
-     public void testIncomingVideoCallRejectedCheckVideoHistory() throws Exception {
-         IdPair ids = startIncomingPhoneCall("650-555-1212", mPhoneAccountA0.getAccountHandle(),
--                VideoProfile.STATE_BIDIRECTIONAL, mConnectionServiceFixtureA);
-+                VideoProfile.STATE_BIDIRECTIONAL, mConnectionServiceFixtureA, null);
-         com.android.server.telecom.Call call = mTelecomSystem.getCallsManager().getCalls()
-                 .iterator().next();
- 
-@@ -201,7 +201,7 @@ public class VideoCallTests extends TelecomSystemTest {
-     public void testOutgoingVideoCallCanceledCheckVideoHistory() throws Exception {
-         IdPair ids = startOutgoingPhoneCall("650-555-1212", mPhoneAccountA0.getAccountHandle(),
-                 mConnectionServiceFixtureA, Process.myUserHandle(),
--                VideoProfile.STATE_BIDIRECTIONAL);
-+                VideoProfile.STATE_BIDIRECTIONAL, null);
-         com.android.server.telecom.Call call = mTelecomSystem.getCallsManager().getCalls()
-                 .iterator().next();
- 
-@@ -219,7 +219,7 @@ public class VideoCallTests extends TelecomSystemTest {
-     public void testOutgoingVideoCallRejectedCheckVideoHistory() throws Exception {
-         IdPair ids = startOutgoingPhoneCall("650-555-1212", mPhoneAccountA0.getAccountHandle(),
-                 mConnectionServiceFixtureA, Process.myUserHandle(),
--                VideoProfile.STATE_BIDIRECTIONAL);
-+                VideoProfile.STATE_BIDIRECTIONAL, null);
-         com.android.server.telecom.Call call = mTelecomSystem.getCallsManager().getCalls()
-                 .iterator().next();
- 
-@@ -237,7 +237,7 @@ public class VideoCallTests extends TelecomSystemTest {
-     public void testOutgoingVideoCallAnsweredAsAudio() throws Exception {
-         IdPair ids = startOutgoingPhoneCall("650-555-1212", mPhoneAccountA0.getAccountHandle(),
-                 mConnectionServiceFixtureA, Process.myUserHandle(),
--                VideoProfile.STATE_BIDIRECTIONAL);
-+                VideoProfile.STATE_BIDIRECTIONAL, null);
-         com.android.server.telecom.Call call = mTelecomSystem.getCallsManager().getCalls()
-                 .iterator().next();
- 
diff --git a/Patches/LineageOS-17.1/android_packages_services_Telephony/365977-backport.patch b/Patches/LineageOS-17.1/android_packages_services_Telephony/365977-backport.patch
deleted file mode 100644
index fd6152df..00000000
--- a/Patches/LineageOS-17.1/android_packages_services_Telephony/365977-backport.patch
+++ /dev/null
@@ -1,132 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Aishwarya Mallampati <amallampati@google.com>
-Date: Fri, 28 Oct 2022 23:39:20 +0000
-Subject: [PATCH] DO NOT MERGE Grant carrier privileges if package has carrier
- config access.
-
-TelephonyManager#hasCarrierPrivileges internally uses
-SubscriptionManager#canManageSubscription to decide whether to grant
-carrier privilege status to an app or not.
-SubscriptionManager#canManageSubscription returns true if caller APK's
-certificate matches with one of the mNativeAccessRules or
-mCarrierConfigAccessRules. This over-grants carrier privilege status
-to apps that only has mNativeAccessRules.
-Carrier privilege status should
-be granted to the caller APK only if it's certificate matches with one
-of mCarrierConfigAccessRules.
-Replaced SubscriptionManager#canManageSubscription with
-PhoneInterfaceManager#hasCarrierConfigAccess which returns true only if
-caller APK certificates matches with one of mCarrierConfigAccessRules of
-the given subscription.
-
-Bug: 226593252
-Test: Manual Testing as explained in b/226593252#comment51
-      atest CtsTelephonyTestCases
-      Flashed build on raven-userdebug and performed basic funtionality
-      tests
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:213aba7e18ddadf800be981b802d8e242c61e0ad)
-Merged-In: I6899de902e6e3ffda47b48d0ae806ac9c17ee2a6
-Change-Id: I6899de902e6e3ffda47b48d0ae806ac9c17ee2a6
----
- .../android/phone/PhoneInterfaceManager.java  | 57 ++++++++++++++++---
- 1 file changed, 49 insertions(+), 8 deletions(-)
-
-diff --git a/src/com/android/phone/PhoneInterfaceManager.java b/src/com/android/phone/PhoneInterfaceManager.java
-index aad961f14..11b8909ac 100755
---- a/src/com/android/phone/PhoneInterfaceManager.java
-+++ b/src/com/android/phone/PhoneInterfaceManager.java
-@@ -21,6 +21,7 @@ import static android.content.pm.PackageManager.PERMISSION_GRANTED;
- import static com.android.internal.telephony.PhoneConstants.SUBSCRIPTION_KEY;
- 
- import android.Manifest.permission;
-+import android.annotation.NonNull;
- import android.annotation.Nullable;
- import android.app.AppOpsManager;
- import android.app.PendingIntent;
-@@ -86,6 +87,7 @@ import android.telephony.SubscriptionManager;
- import android.telephony.TelephonyHistogram;
- import android.telephony.TelephonyManager;
- import android.telephony.TelephonyScanManager;
-+import android.telephony.UiccAccessRule;
- import android.telephony.UiccCardInfo;
- import android.telephony.UiccSlotInfo;
- import android.telephony.UssdResponse;
-@@ -4808,14 +4810,18 @@ public class PhoneInterfaceManager extends ITelephony.Stub {
-         int uid = Binder.getCallingUid();
-         PackageManager pkgMgr = phone.getContext().getPackageManager();
-         String[] packages = pkgMgr.getPackagesForUid(uid);
-+        if (packages == null) {
-+            return privilegeFromSim;
-+        }
- 
-         final long identity = Binder.clearCallingIdentity();
-         try {
--            SubscriptionInfo subInfo = subController.getSubscriptionInfo(phone.getSubId());
--            SubscriptionManager subManager = (SubscriptionManager)
--                    phone.getContext().getSystemService(Context.TELEPHONY_SUBSCRIPTION_SERVICE);
-+            int subId = phone.getSubId();
-+            SubscriptionInfo subInfo = subController.getSubscriptionInfo(subId);
-+            List<UiccAccessRule> carrierConfigAccessRules = subInfo.getCarrierConfigAccessRules();
-+
-             for (String pkg : packages) {
--                if (subManager.canManageSubscription(subInfo, pkg)) {
-+                if (hasCarrierConfigAccess(pkg, pkgMgr, carrierConfigAccessRules)) {
-                     return TelephonyManager.CARRIER_PRIVILEGE_STATUS_HAS_ACCESS;
-                 }
-             }
-@@ -4834,16 +4840,51 @@ public class PhoneInterfaceManager extends ITelephony.Stub {
- 
-         final long identity = Binder.clearCallingIdentity();
-         try {
--            SubscriptionInfo subInfo = subController.getSubscriptionInfo(phone.getSubId());
--            SubscriptionManager subManager = (SubscriptionManager)
--                    phone.getContext().getSystemService(Context.TELEPHONY_SUBSCRIPTION_SERVICE);
--            return subManager.canManageSubscription(subInfo, pkgName)
-+            int subId = phone.getSubId();
-+            SubscriptionInfo subInfo = subController.getSubscriptionInfo(subId);
-+            List<UiccAccessRule> carrierConfigAccessRules = subInfo.getCarrierConfigAccessRules();
-+
-+            return hasCarrierConfigAccess(pkgName, phone.getContext().getPackageManager(),
-+                carrierConfigAccessRules)
-                 ? TelephonyManager.CARRIER_PRIVILEGE_STATUS_HAS_ACCESS : privilegeFromSim;
-         } finally {
-             Binder.restoreCallingIdentity(identity);
-         }
-     }
- 
-+    /**
-+     * Check whether carrier privilege status can be granted to the provided app for this
-+     * subscription based on the carrier config access rules of the subscription.
-+     *
-+     * @param packageName package name of the app to check
-+     * @param packageManager package manager
-+     * @param carrierConfigAccessRules carrier config access rules of the subscription
-+     * @return true if the app is included in the mCarrierConfigAccessRules of this subscription.
-+     */
-+    private boolean hasCarrierConfigAccess(String packageName, PackageManager packageManager,
-+        @NonNull List<UiccAccessRule> carrierConfigAccessRules) {
-+        if ((packageName == null) || (carrierConfigAccessRules.isEmpty())) {
-+            return false;
-+        }
-+
-+        PackageInfo packageInfo;
-+        try {
-+            packageInfo = packageManager.getPackageInfo(packageName,
-+                PackageManager.GET_SIGNING_CERTIFICATES);
-+        } catch (PackageManager.NameNotFoundException e) {
-+            logv("Unknown package: " + packageName);
-+            return false;
-+        }
-+
-+        for (UiccAccessRule rule : carrierConfigAccessRules) {
-+            if (rule.getCarrierPrivilegeStatus(packageInfo)
-+                == TelephonyManager.CARRIER_PRIVILEGE_STATUS_HAS_ACCESS) {
-+                return true;
-+            }
-+        }
-+        return false;
-+    }
-+
-     @Override
-     public int getCarrierPrivilegeStatus(int subId) {
-         final Phone phone = getPhone(subId);
diff --git a/Patches/LineageOS-17.1/android_packages_services_Telephony/365978-backport.patch b/Patches/LineageOS-17.1/android_packages_services_Telephony/365978-backport.patch
deleted file mode 100644
index c9861a3f..00000000
--- a/Patches/LineageOS-17.1/android_packages_services_Telephony/365978-backport.patch
+++ /dev/null
@@ -1,139 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Ashish Kumar <akgaurav@google.com>
-Date: Fri, 26 May 2023 14:18:46 +0000
-Subject: [PATCH] RESTRICT AUTOMERGE Fixed leak of cross user data in multiple
- settings.
-
-  - Any app is allowed to receive GET_CONTENT intent. Using this, an user puts back in the intent an uri with data of another user.
-  - Telephony service has INTERACT_ACROSS_USER permission. Using this, it reads and shows the deta to the evil user.
-
-Fix: When telephony service gets the intent result, it checks if the uri is from the current user or not.
-
-Bug: b/256591023 , b/256819787
-
-Test: The malicious behaviour was not being reproduced. Unable to import contact from other users data.
-Test2: Able to import contact from the primary user or uri with no user id
-(These settings are not available for secondary users)
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:36e10a6d0d7b9efc543f8004729fa85751f4f70d)
-Merged-In: I1e3a643f17948153aecc1d0df9ffd9619ad678c1
-Change-Id: I1e3a643f17948153aecc1d0df9ffd9619ad678c1
----
- .../android/phone/GsmUmtsCallForwardOptions.java   | 12 ++++++++++++
- .../phone/settings/VoicemailSettingsActivity.java  | 14 ++++++++++++++
- .../phone/settings/fdn/EditFdnContactScreen.java   | 13 +++++++++++++
- 3 files changed, 39 insertions(+)
-
-diff --git a/src/com/android/phone/GsmUmtsCallForwardOptions.java b/src/com/android/phone/GsmUmtsCallForwardOptions.java
-index b8ea8fd46..b353739f0 100644
---- a/src/com/android/phone/GsmUmtsCallForwardOptions.java
-+++ b/src/com/android/phone/GsmUmtsCallForwardOptions.java
-@@ -1,10 +1,13 @@
- package com.android.phone;
- 
- import android.app.ActionBar;
-+import android.content.ContentProvider;
- import android.content.Intent;
- import android.database.Cursor;
- import android.os.Bundle;
- import android.os.PersistableBundle;
-+import android.os.Process;
-+import android.os.UserHandle;
- import android.preference.Preference;
- import android.preference.PreferenceScreen;
- import android.telephony.CarrierConfigManager;
-@@ -184,6 +187,15 @@ public class GsmUmtsCallForwardOptions extends TimeConsumingPreferenceActivity {
-         }
-         Cursor cursor = null;
-         try {
-+            // check if the URI returned by the user belongs to the user
-+            final int currentUser = UserHandle.getUserId(Process.myUid());
-+            if (currentUser
-+                    != ContentProvider.getUserIdFromUri(data.getData(), currentUser)) {
-+
-+                Log.w(LOG_TAG, "onActivityResult: Contact data of different user, "
-+                        + "cannot access");
-+                return;
-+            }
-             cursor = getContentResolver().query(data.getData(),
-                 NUM_PROJECTION, null, null, null);
-             if ((cursor == null) || (!cursor.moveToFirst())) {
-diff --git a/src/com/android/phone/settings/VoicemailSettingsActivity.java b/src/com/android/phone/settings/VoicemailSettingsActivity.java
-index 2efa81c1e..484834fbc 100644
---- a/src/com/android/phone/settings/VoicemailSettingsActivity.java
-+++ b/src/com/android/phone/settings/VoicemailSettingsActivity.java
-@@ -17,6 +17,7 @@
- package com.android.phone.settings;
- 
- import android.app.Dialog;
-+import android.content.ContentProvider;
- import android.content.DialogInterface;
- import android.content.Intent;
- import android.database.Cursor;
-@@ -25,6 +26,8 @@ import android.os.Bundle;
- import android.os.Handler;
- import android.os.Message;
- import android.os.PersistableBundle;
-+import android.os.Process;
-+import android.os.UserHandle;
- import android.os.UserManager;
- import android.preference.Preference;
- import android.preference.PreferenceActivity;
-@@ -521,6 +524,17 @@ public class VoicemailSettingsActivity extends PreferenceActivity
- 
-             Cursor cursor = null;
-             try {
-+                // check if the URI returned by the user belongs to the user
-+                final int currentUser = UserHandle.getUserId(Process.myUid());
-+                if (currentUser
-+                        != ContentProvider.getUserIdFromUri(data.getData(), currentUser)) {
-+
-+                    if (DBG) {
-+                        log("onActivityResult: Contact data of different user, "
-+                                + "cannot access");
-+                    }
-+                    return;
-+                }
-                 cursor = getContentResolver().query(data.getData(),
-                     new String[] { CommonDataKinds.Phone.NUMBER }, null, null, null);
-                 if ((cursor == null) || (!cursor.moveToFirst())) {
-diff --git a/src/com/android/phone/settings/fdn/EditFdnContactScreen.java b/src/com/android/phone/settings/fdn/EditFdnContactScreen.java
-index c358e27c9..e68ab7e74 100644
---- a/src/com/android/phone/settings/fdn/EditFdnContactScreen.java
-+++ b/src/com/android/phone/settings/fdn/EditFdnContactScreen.java
-@@ -18,9 +18,12 @@ package com.android.phone.settings.fdn;
- 
- import static android.view.Window.PROGRESS_VISIBILITY_OFF;
- import static android.view.Window.PROGRESS_VISIBILITY_ON;
-+import static android.app.Activity.RESULT_OK;
-+
- 
- import android.app.Activity;
- import android.content.AsyncQueryHandler;
-+import android.content.ContentProvider;
- import android.content.ContentResolver;
- import android.content.ContentValues;
- import android.content.Intent;
-@@ -29,6 +32,8 @@ import android.database.Cursor;
- import android.net.Uri;
- import android.os.Bundle;
- import android.os.Handler;
-+import android.os.Process;
-+import android.os.UserHandle;
- import android.provider.ContactsContract.CommonDataKinds;
- import android.telephony.PhoneNumberUtils;
- import android.text.Editable;
-@@ -152,6 +157,14 @@ public class EditFdnContactScreen extends Activity {
-                 }
-                 Cursor cursor = null;
-                 try {
-+                    // check if the URI returned by the user belongs to the user
-+                    final int currentUser = UserHandle.getUserId(Process.myUid());
-+                    if (currentUser
-+                            != ContentProvider.getUserIdFromUri(intent.getData(), currentUser)) {
-+                        Log.w(LOG_TAG, "onActivityResult: Contact data of different user, "
-+                                + "cannot access");
-+                        return;
-+                    }
-                     cursor = getContentResolver().query(intent.getData(),
-                         NUM_PROJECTION, null, null, null);
-                     if ((cursor == null) || (!cursor.moveToFirst())) {
diff --git a/Patches/LineageOS-17.1/android_system_bt/360969.patch b/Patches/LineageOS-17.1/android_system_bt/360969.patch
deleted file mode 100644
index 822b440f..00000000
--- a/Patches/LineageOS-17.1/android_system_bt/360969.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: tyiu <tyiu@google.com>
-Date: Tue, 28 Mar 2023 18:40:51 +0000
-Subject: [PATCH] Fix gatt_end_operation buffer overflow
-
-Added boundary check for gatt_end_operation to prevent writing out of
-boundary.
-
-Since response of the GATT server is handled in
-gatt_client_handle_server_rsp() and gatt_process_read_rsp(), the maximum
-lenth that can be passed into the handlers is bounded by
-GATT_MAX_MTU_SIZE, which is set to 517, which is greater than
-GATT_MAX_ATTR_LEN which is set to 512. The fact that there is no spec
-that gaurentees MTU response to be less than or equal to 512 bytes can
-cause a buffer overflow when performing memcpy without length check.
-
-Bug: 261068592
-Test: No test since not affecting behavior
-Tag: #security
-Ignore-AOSP-First: security
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:dd7298e982e4bbf0138a490562679c9a4a755200)
-Merged-In: I49e2797cd9300ee4cd69f2c7fa5f0073db78b873
-Change-Id: I49e2797cd9300ee4cd69f2c7fa5f0073db78b873
----
- stack/gatt/gatt_utils.cc | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/stack/gatt/gatt_utils.cc b/stack/gatt/gatt_utils.cc
-index 2bd424000..013011778 100644
---- a/stack/gatt/gatt_utils.cc
-+++ b/stack/gatt/gatt_utils.cc
-@@ -1198,6 +1198,13 @@ void gatt_end_operation(tGATT_CLCB* p_clcb, tGATT_STATUS status, void* p_data) {
-       cb_data.att_value.handle = p_clcb->s_handle;
-       cb_data.att_value.len = p_clcb->counter;
- 
-+      if (cb_data.att_value.len > GATT_MAX_ATTR_LEN) {
-+        LOG(WARNING) << __func__
-+                     << StringPrintf(" Large cb_data.att_value, size=%d",
-+                                     cb_data.att_value.len);
-+        cb_data.att_value.len = GATT_MAX_ATTR_LEN;
-+      }
-+
-       if (p_data && p_clcb->counter)
-         memcpy(cb_data.att_value.value, p_data, cb_data.att_value.len);
-     }
diff --git a/Patches/LineageOS-17.1/android_system_bt/365979.patch b/Patches/LineageOS-17.1/android_system_bt/365979.patch
deleted file mode 100644
index c9c8691f..00000000
--- a/Patches/LineageOS-17.1/android_system_bt/365979.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Hui Peng <phui@google.com>
-Date: Tue, 16 May 2023 21:24:07 +0000
-Subject: [PATCH] Fix an integer overflow bug in avdt_msg_asmbl
-
-This is a backport of
-Iaa4d603921fc4ffb8cfb5783f99ec0963affd6a2
-to rvc-dev
-
-Bug: 280633699
-Test: manual
-Ignore-AOSP-First: security
-Tag: #security
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:26347d4bdba646bbba4d27337d2888a04de42639)
-Merged-In: Iaa4d603921fc4ffb8cfb5783f99ec0963affd6a2
-Change-Id: Iaa4d603921fc4ffb8cfb5783f99ec0963affd6a2
----
- stack/avdt/avdt_msg.cc | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/stack/avdt/avdt_msg.cc b/stack/avdt/avdt_msg.cc
-index bf83d191e..3f8713c0b 100644
---- a/stack/avdt/avdt_msg.cc
-+++ b/stack/avdt/avdt_msg.cc
-@@ -1289,14 +1289,14 @@ BT_HDR* avdt_msg_asmbl(AvdtpCcb* p_ccb, BT_HDR* p_buf) {
-        * NOTE: The buffer is allocated above at the beginning of the
-        * reassembly, and is always of size BT_DEFAULT_BUFFER_SIZE.
-        */
--      uint16_t buf_len = BT_DEFAULT_BUFFER_SIZE - sizeof(BT_HDR);
-+      size_t buf_len = BT_DEFAULT_BUFFER_SIZE - sizeof(BT_HDR);
- 
-       /* adjust offset and len of fragment for header byte */
-       p_buf->offset += AVDT_LEN_TYPE_CONT;
-       p_buf->len -= AVDT_LEN_TYPE_CONT;
- 
-       /* verify length */
--      if ((p_ccb->p_rx_msg->offset + p_buf->len) > buf_len) {
-+      if (((size_t) p_ccb->p_rx_msg->offset + (size_t) p_buf->len) > buf_len) {
-         /* won't fit; free everything */
-         AVDT_TRACE_WARNING("%s: Fragmented message too big!", __func__);
-         osi_free_and_reset((void**)&p_ccb->p_rx_msg);
diff --git a/Patches/LineageOS-17.1/android_system_bt/365980.patch b/Patches/LineageOS-17.1/android_system_bt/365980.patch
deleted file mode 100644
index 4009d9a4..00000000
--- a/Patches/LineageOS-17.1/android_system_bt/365980.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Brian Delwiche <delwiche@google.com>
-Date: Fri, 19 May 2023 19:17:16 +0000
-Subject: [PATCH] Fix integer overflow in build_read_multi_rsp
-
-Local variables tracking structure size in build_read_multi_rsp are of
-uint16 type but accept a full uint16 range from function arguments while
-appending a fixed-length offset.  This can lead to an integer overflow
-and unexpected behavior.
-
-Change the locals to size_t, and add a check during reasssignment.
-
-Bug: 273966636
-Test: atest bluetooth_test_gd_unit, net_test_stack_btm
-Tag: #security
-Ignore-AOSP-First: Security
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:53f64274cbf2268ad6db5af9c61ceead9ef64fb0)
-Merged-In: Iff252f0dd06aac9776e8548631e0b700b3ed85b9
-Change-Id: Iff252f0dd06aac9776e8548631e0b700b3ed85b9
----
- stack/gatt/gatt_sr.cc | 17 ++++++++++++-----
- 1 file changed, 12 insertions(+), 5 deletions(-)
-
-diff --git a/stack/gatt/gatt_sr.cc b/stack/gatt/gatt_sr.cc
-index 94d81efa2..558d61fcc 100644
---- a/stack/gatt/gatt_sr.cc
-+++ b/stack/gatt/gatt_sr.cc
-@@ -114,7 +114,8 @@ void gatt_dequeue_sr_cmd(tGATT_TCB& tcb) {
-  ******************************************************************************/
- static bool process_read_multi_rsp(tGATT_SR_CMD* p_cmd, tGATT_STATUS status,
-                                    tGATTS_RSP* p_msg, uint16_t mtu) {
--  uint16_t ii, total_len, len;
-+  uint16_t ii;
-+  size_t total_len, len;
-   uint8_t* p;
-   bool is_overflow = false;
- 
-@@ -169,16 +170,22 @@ static bool process_read_multi_rsp(tGATT_SR_CMD* p_cmd, tGATT_STATUS status,
-             len = p_rsp->attr_value.len - (total_len - mtu);
-             is_overflow = true;
-             VLOG(1) << StringPrintf(
--                "multi read overflow available len=%d val_len=%d", len,
-+                "multi read overflow available len=%zu val_len=%d", len,
-                 p_rsp->attr_value.len);
-           } else {
-             len = p_rsp->attr_value.len;
-           }
- 
-           if (p_rsp->attr_value.handle == p_cmd->multi_req.handles[ii]) {
--            memcpy(p, p_rsp->attr_value.value, len);
--            if (!is_overflow) p += len;
--            p_buf->len += len;
-+            // check for possible integer overflow
-+            if (p_buf->len + len <= UINT16_MAX) {
-+              memcpy(p, p_rsp->attr_value.value, len);
-+              if (!is_overflow) p += len;
-+              p_buf->len += len;
-+            } else {
-+              p_cmd->status = GATT_NOT_FOUND;
-+              break;
-+            }
-           } else {
-             p_cmd->status = GATT_NOT_FOUND;
-             break;
diff --git a/Patches/LineageOS-17.1/android_system_bt/365981.patch b/Patches/LineageOS-17.1/android_system_bt/365981.patch
deleted file mode 100644
index 4e7d0ca2..00000000
--- a/Patches/LineageOS-17.1/android_system_bt/365981.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Brian Delwiche <delwiche@google.com>
-Date: Thu, 27 Apr 2023 20:43:58 +0000
-Subject: [PATCH] Fix potential abort in btu_av_act.cc
-
-Partner analysis shows that bta_av_rc_msg does not respect handling
-established for a null browse packet, instead dispatching the null
-pointer to bta_av_rc_free_browse_msg.  Strictly speaking this does
-not cause a UAF, as osi_free_and_reset will find the null and abort,
-but it will lead to improper program termination.
-
-Handle the case instead.
-
-Bug: 269253349
-Test: atest bluetooth_test_gd_unit
-Tag: #security
-Ignore-AOSP-First: Security
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:91f6d6215c101acc99a7397c5fb5a12fe6d7b8e9)
-Merged-In: I4df7045798b663fbefd7434288dc9383216171a7
-Change-Id: I4df7045798b663fbefd7434288dc9383216171a7
----
- bta/av/bta_av_act.cc | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/bta/av/bta_av_act.cc b/bta/av/bta_av_act.cc
-index 8809abed3..9f97b453a 100644
---- a/bta/av/bta_av_act.cc
-+++ b/bta/av/bta_av_act.cc
-@@ -1005,7 +1005,10 @@ void bta_av_rc_msg(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
-     av.remote_cmd.rc_handle = p_data->rc_msg.handle;
-     (*p_cb->p_cback)(evt, &av);
-     /* If browsing message, then free the browse message buffer */
--    bta_av_rc_free_browse_msg(p_cb, p_data);
-+    if (p_data->rc_msg.opcode == AVRC_OP_BROWSE &&
-+        p_data->rc_msg.msg.browse.p_browse_pkt != NULL) {
-+      bta_av_rc_free_browse_msg(p_cb, p_data);
-+    }
-   }
- }
- 
diff --git a/Patches/LineageOS-17.1/android_system_bt/365982.patch b/Patches/LineageOS-17.1/android_system_bt/365982.patch
deleted file mode 100644
index 9d32bf94..00000000
--- a/Patches/LineageOS-17.1/android_system_bt/365982.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Brian Delwiche <delwiche@google.com>
-Date: Thu, 1 Jun 2023 23:57:58 +0000
-Subject: [PATCH] Fix UAF in gatt_cl.cc
-
-gatt_cl.cc accesses a header field after the buffer holding it may have
-been freed.
-
-Track the relevant state as a local variable instead.
-
-Bug: 274617156
-Test: atest: bluetooth, validated against fuzzer
-Tag: #security
-Ignore-AOSP-First: Security
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:d7a7f7f3311202065de4b2c17b49994053dd1244)
-Merged-In: I085ecfa1a9ba098ecbfecbd3cb3e263ae13f9724
-Change-Id: I085ecfa1a9ba098ecbfecbd3cb3e263ae13f9724
----
- stack/gatt/gatt_cl.cc | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/stack/gatt/gatt_cl.cc b/stack/gatt/gatt_cl.cc
-index db41c5f9f..f7f11b7a9 100644
---- a/stack/gatt/gatt_cl.cc
-+++ b/stack/gatt/gatt_cl.cc
-@@ -586,12 +586,17 @@ void gatt_process_prep_write_rsp(tGATT_TCB& tcb, tGATT_CLCB* p_clcb,
- 
-   memcpy(value.value, p, value.len);
- 
-+  bool subtype_is_write_prepare = (p_clcb->op_subtype == GATT_WRITE_PREPARE);
-+
-   if (!gatt_check_write_long_terminate(tcb, p_clcb, &value)) {
-     gatt_send_prepare_write(tcb, p_clcb);
-     return;
-   }
- 
--  if (p_clcb->op_subtype == GATT_WRITE_PREPARE) {
-+  // We now know that we have not terminated, or else we would have returned
-+  // early.  We free the buffer only if the subtype is not equal to
-+  // GATT_WRITE_PREPARE, so checking here is adequate to prevent UAF.
-+  if (subtype_is_write_prepare) {
-     /* application should verify handle offset
-        and value are matched or not */
-     gatt_end_operation(p_clcb, p_clcb->status, &value);
diff --git a/Patches/LineageOS-17.1/android_system_nfc/360972.patch b/Patches/LineageOS-17.1/android_system_nfc/360972.patch
deleted file mode 100644
index 4bb36669..00000000
--- a/Patches/LineageOS-17.1/android_system_nfc/360972.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Alisher Alikhodjaev <alisher@google.com>
-Date: Tue, 2 May 2023 14:20:57 -0700
-Subject: [PATCH] OOBW in rw_i93_send_to_upper()
-
-Bug: 271849189
-Test: tag r/w
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:dc9d09e1698725712628d394bf9be4c9003579e8)
-Merged-In: I1d55954e56a3f995f8dd48bf484fe9fce02b2ed1
-Change-Id: I1d55954e56a3f995f8dd48bf484fe9fce02b2ed1
----
- src/nfc/tags/rw_i93.cc | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/src/nfc/tags/rw_i93.cc b/src/nfc/tags/rw_i93.cc
-index 1483cdc..1f48c27 100644
---- a/src/nfc/tags/rw_i93.cc
-+++ b/src/nfc/tags/rw_i93.cc
-@@ -516,6 +516,15 @@ void rw_i93_send_to_upper(NFC_HDR* p_resp) {
-     case I93_CMD_GET_MULTI_BLK_SEC:
-     case I93_CMD_EXT_GET_MULTI_BLK_SEC:
- 
-+      if (UINT16_MAX - length < NFC_HDR_SIZE) {
-+        rw_data.i93_cmd_cmpl.status = NFC_STATUS_FAILED;
-+        rw_data.i93_cmd_cmpl.command = p_i93->sent_cmd;
-+        rw_cb.tcb.i93.sent_cmd = 0;
-+
-+        event = RW_I93_CMD_CMPL_EVT;
-+        break;
-+      }
-+
-       /* forward tag data or security status */
-       p_buff = (NFC_HDR*)GKI_getbuf((uint16_t)(length + NFC_HDR_SIZE));
- 
diff --git a/Patches/LineageOS-17.1/android_vendor_nxp_opensource_commonsys_external_libnfc-nci/360974.patch b/Patches/LineageOS-17.1/android_vendor_nxp_opensource_commonsys_external_libnfc-nci/360974.patch
deleted file mode 100644
index e95cf2a8..00000000
--- a/Patches/LineageOS-17.1/android_vendor_nxp_opensource_commonsys_external_libnfc-nci/360974.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Alisher Alikhodjaev <alisher@google.com>
-Date: Tue, 2 May 2023 14:20:57 -0700
-Subject: [PATCH] OOBW in rw_i93_send_to_upper()
-
-Bug: 271849189
-Test: tag r/w
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:dc9d09e1698725712628d394bf9be4c9003579e8)
-Merged-In: I1d55954e56a3f995f8dd48bf484fe9fce02b2ed1
-Change-Id: I1d55954e56a3f995f8dd48bf484fe9fce02b2ed1
-
-Change-Id: Ia10491e388a495a164462c73ced7ea1965808860
----
- SN100x/src/nfc/tags/rw_i93.cc | 9 +++++++++
- src/nfc/tags/rw_i93.cc        | 9 +++++++++
- 2 files changed, 18 insertions(+)
-
-diff --git a/SN100x/src/nfc/tags/rw_i93.cc b/SN100x/src/nfc/tags/rw_i93.cc
-index 9eb4458f..5bf497ad 100755
---- a/SN100x/src/nfc/tags/rw_i93.cc
-+++ b/SN100x/src/nfc/tags/rw_i93.cc
-@@ -467,6 +467,15 @@ void rw_i93_send_to_upper(NFC_HDR* p_resp) {
-     case I93_CMD_GET_MULTI_BLK_SEC:
-     case I93_CMD_EXT_GET_MULTI_BLK_SEC:
- 
-+      if (UINT16_MAX - length < NFC_HDR_SIZE) {
-+        rw_data.i93_cmd_cmpl.status = NFC_STATUS_FAILED;
-+        rw_data.i93_cmd_cmpl.command = p_i93->sent_cmd;
-+        rw_cb.tcb.i93.sent_cmd = 0;
-+
-+        event = RW_I93_CMD_CMPL_EVT;
-+        break;
-+      }
-+
-       /* forward tag data or security status */
-       p_buff = (NFC_HDR*)GKI_getbuf((uint16_t)(length + NFC_HDR_SIZE));
- 
-diff --git a/src/nfc/tags/rw_i93.cc b/src/nfc/tags/rw_i93.cc
-index a648bb9a..a9c220d6 100644
---- a/src/nfc/tags/rw_i93.cc
-+++ b/src/nfc/tags/rw_i93.cc
-@@ -528,6 +528,15 @@ void rw_i93_send_to_upper(NFC_HDR* p_resp) {
-     case I93_CMD_GET_MULTI_BLK_SEC:
-     case I93_CMD_EXT_GET_MULTI_BLK_SEC:
- 
-+      if (UINT16_MAX - length < NFC_HDR_SIZE) {
-+        rw_data.i93_cmd_cmpl.status = NFC_STATUS_FAILED;
-+        rw_data.i93_cmd_cmpl.command = p_i93->sent_cmd;
-+        rw_cb.tcb.i93.sent_cmd = 0;
-+
-+        event = RW_I93_CMD_CMPL_EVT;
-+        break;
-+      }
-+
-       /* forward tag data or security status */
-       p_buff = (NFC_HDR*)GKI_getbuf((uint16_t)(length + NFC_HDR_SIZE));
- 
diff --git a/Patches/LineageOS-17.1/android_vendor_nxp_opensource_commonsys_packages_apps_Nfc/365983.patch b/Patches/LineageOS-17.1/android_vendor_nxp_opensource_commonsys_packages_apps_Nfc/365983.patch
deleted file mode 100644
index 47a3f45e..00000000
--- a/Patches/LineageOS-17.1/android_vendor_nxp_opensource_commonsys_packages_apps_Nfc/365983.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Alisher Alikhodjaev <alisher@google.com>
-Date: Thu, 1 Jun 2023 13:44:28 -0700
-Subject: [PATCH] Ensure that SecureNFC setting cannot be bypassed
-
-Bug: 268038643
-Test: ctsverifier
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:d6d8f79fd8d605b3cb460895a8e3a11bcf0c22b0)
-Merged-In: Ic408b3ef9e35b646b728f9b76a0ba8922ed6e25f
-Change-Id: Ic408b3ef9e35b646b728f9b76a0ba8922ed6e25f
-
-Change-Id: Ib0baa833fe31c72825889b729c83a1d70a5a6a72
----
- src/com/android/nfc/NfcService.java                         | 6 ++++++
- src/com/android/nfc/cardemulation/HostEmulationManager.java | 5 +++--
- 2 files changed, 9 insertions(+), 2 deletions(-)
-
-diff --git a/src/com/android/nfc/NfcService.java b/src/com/android/nfc/NfcService.java
-index 0f12d2e9..d41ea4f2 100644
---- a/src/com/android/nfc/NfcService.java
-+++ b/src/com/android/nfc/NfcService.java
-@@ -1134,6 +1134,12 @@ public class NfcService implements DeviceHostListener {
-         }
-     }
- 
-+    public boolean isSecureNfcEnabled() {
-+        synchronized (NfcService.this) {
-+            return mIsSecureNfcEnabled;
-+        }
-+    }
-+
-     final class NfcAdapterService extends INfcAdapter.Stub {
-         @Override
-         public boolean enable() throws RemoteException {
-diff --git a/src/com/android/nfc/cardemulation/HostEmulationManager.java b/src/com/android/nfc/cardemulation/HostEmulationManager.java
-index 6af4e0d7..b2670ec2 100644
---- a/src/com/android/nfc/cardemulation/HostEmulationManager.java
-+++ b/src/com/android/nfc/cardemulation/HostEmulationManager.java
-@@ -177,8 +177,9 @@ public class HostEmulationManager {
-                     // Resolve to default
-                     // Check if resolvedService requires unlock
-                     NfcApduServiceInfo defaultServiceInfo = resolveInfo.defaultService;
--                    if (defaultServiceInfo.requiresUnlock() &&
--                            mKeyguard.isKeyguardLocked() && mKeyguard.isKeyguardSecure()) {
-+                    if ((defaultServiceInfo.requiresUnlock()
-+                            || NfcService.getInstance().isSecureNfcEnabled())
-+                          && mKeyguard.isKeyguardLocked() && mKeyguard.isKeyguardSecure()) {
-                         // Just ignore all future APDUs until next tap
-                         mState = STATE_W4_DEACTIVATE;
-                         launchTapAgain(resolveInfo.defaultService, resolveInfo.category);
diff --git a/Patches/LineageOS-17.1/android_vendor_qcom_opensource_commonsys_system_bt/360975.patch b/Patches/LineageOS-17.1/android_vendor_qcom_opensource_commonsys_system_bt/360975.patch
deleted file mode 100644
index f920a398..00000000
--- a/Patches/LineageOS-17.1/android_vendor_qcom_opensource_commonsys_system_bt/360975.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: tyiu <tyiu@google.com>
-Date: Tue, 28 Mar 2023 18:40:51 +0000
-Subject: [PATCH] Fix gatt_end_operation buffer overflow
-
-Added boundary check for gatt_end_operation to prevent writing out of
-boundary.
-
-Since response of the GATT server is handled in
-gatt_client_handle_server_rsp() and gatt_process_read_rsp(), the maximum
-lenth that can be passed into the handlers is bounded by
-GATT_MAX_MTU_SIZE, which is set to 517, which is greater than
-GATT_MAX_ATTR_LEN which is set to 512. The fact that there is no spec
-that gaurentees MTU response to be less than or equal to 512 bytes can
-cause a buffer overflow when performing memcpy without length check.
-
-Bug: 261068592
-Test: No test since not affecting behavior
-Tag: #security
-Ignore-AOSP-First: security
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:dd7298e982e4bbf0138a490562679c9a4a755200)
-Merged-In: I49e2797cd9300ee4cd69f2c7fa5f0073db78b873
-Change-Id: I49e2797cd9300ee4cd69f2c7fa5f0073db78b873
----
- stack/gatt/gatt_utils.cc | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/stack/gatt/gatt_utils.cc b/stack/gatt/gatt_utils.cc
-index 291cd1062..eb2a12dbc 100644
---- a/stack/gatt/gatt_utils.cc
-+++ b/stack/gatt/gatt_utils.cc
-@@ -1198,6 +1198,13 @@ void gatt_end_operation(tGATT_CLCB* p_clcb, tGATT_STATUS status, void* p_data) {
-       cb_data.att_value.handle = p_clcb->s_handle;
-       cb_data.att_value.len = p_clcb->counter;
- 
-+      if (cb_data.att_value.len > GATT_MAX_ATTR_LEN) {
-+        LOG(WARNING) << __func__
-+                     << StringPrintf(" Large cb_data.att_value, size=%d",
-+                                     cb_data.att_value.len);
-+        cb_data.att_value.len = GATT_MAX_ATTR_LEN;
-+      }
-+
-       if (p_data && p_clcb->counter)
-         memcpy(cb_data.att_value.value, p_data, cb_data.att_value.len);
-     }
diff --git a/Patches/LineageOS-17.1/android_vendor_qcom_opensource_commonsys_system_bt/365984.patch b/Patches/LineageOS-17.1/android_vendor_qcom_opensource_commonsys_system_bt/365984.patch
deleted file mode 100644
index 02dd7270..00000000
--- a/Patches/LineageOS-17.1/android_vendor_qcom_opensource_commonsys_system_bt/365984.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Hui Peng <phui@google.com>
-Date: Tue, 16 May 2023 21:24:07 +0000
-Subject: [PATCH] Fix an integer overflow bug in avdt_msg_asmbl
-
-This is a backport of
-Iaa4d603921fc4ffb8cfb5783f99ec0963affd6a2
-to rvc-dev
-
-Bug: 280633699
-Test: manual
-Ignore-AOSP-First: security
-Tag: #security
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:26347d4bdba646bbba4d27337d2888a04de42639)
-Merged-In: Iaa4d603921fc4ffb8cfb5783f99ec0963affd6a2
-Change-Id: Iaa4d603921fc4ffb8cfb5783f99ec0963affd6a2
----
- stack/avdt/avdt_msg.cc | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/stack/avdt/avdt_msg.cc b/stack/avdt/avdt_msg.cc
-index af8d7014e..a98d59d4b 100644
---- a/stack/avdt/avdt_msg.cc
-+++ b/stack/avdt/avdt_msg.cc
-@@ -1293,14 +1293,14 @@ BT_HDR* avdt_msg_asmbl(tAVDT_CCB* p_ccb, BT_HDR* p_buf) {
-        * NOTE: The buffer is allocated above at the beginning of the
-        * reassembly, and is always of size BT_DEFAULT_BUFFER_SIZE.
-        */
--      uint16_t buf_len = BT_DEFAULT_BUFFER_SIZE - sizeof(BT_HDR);
-+      size_t buf_len = BT_DEFAULT_BUFFER_SIZE - sizeof(BT_HDR);
- 
-       /* adjust offset and len of fragment for header byte */
-       p_buf->offset += AVDT_LEN_TYPE_CONT;
-       p_buf->len -= AVDT_LEN_TYPE_CONT;
- 
-       /* verify length */
--      if ((p_ccb->p_rx_msg->offset + p_buf->len) > buf_len) {
-+      if (((size_t) p_ccb->p_rx_msg->offset + (size_t) p_buf->len) > buf_len) {
-         /* won't fit; free everything */
-         AVDT_TRACE_WARNING("%s: Fragmented message too big!", __func__);
-         osi_free_and_reset((void**)&p_ccb->p_rx_msg);
diff --git a/Patches/LineageOS-17.1/android_vendor_qcom_opensource_commonsys_system_bt/365985.patch b/Patches/LineageOS-17.1/android_vendor_qcom_opensource_commonsys_system_bt/365985.patch
deleted file mode 100644
index 41a2aa41..00000000
--- a/Patches/LineageOS-17.1/android_vendor_qcom_opensource_commonsys_system_bt/365985.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Brian Delwiche <delwiche@google.com>
-Date: Fri, 19 May 2023 19:17:16 +0000
-Subject: [PATCH] Fix integer overflow in build_read_multi_rsp
-
-Local variables tracking structure size in build_read_multi_rsp are of
-uint16 type but accept a full uint16 range from function arguments while
-appending a fixed-length offset.  This can lead to an integer overflow
-and unexpected behavior.
-
-Change the locals to size_t, and add a check during reasssignment.
-
-Bug: 273966636
-Test: atest bluetooth_test_gd_unit, net_test_stack_btm
-Tag: #security
-Ignore-AOSP-First: Security
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:53f64274cbf2268ad6db5af9c61ceead9ef64fb0)
-Merged-In: Iff252f0dd06aac9776e8548631e0b700b3ed85b9
-Change-Id: Iff252f0dd06aac9776e8548631e0b700b3ed85b9
----
- stack/gatt/gatt_sr.cc | 17 ++++++++++++-----
- 1 file changed, 12 insertions(+), 5 deletions(-)
-
-diff --git a/stack/gatt/gatt_sr.cc b/stack/gatt/gatt_sr.cc
-index 0f32cde37..ee5059b92 100644
---- a/stack/gatt/gatt_sr.cc
-+++ b/stack/gatt/gatt_sr.cc
-@@ -114,7 +114,8 @@ void gatt_dequeue_sr_cmd(tGATT_TCB& tcb) {
-  ******************************************************************************/
- static bool process_read_multi_rsp(tGATT_SR_CMD* p_cmd, tGATT_STATUS status,
-                                    tGATTS_RSP* p_msg, uint16_t mtu) {
--  uint16_t ii, total_len, len;
-+  uint16_t ii;
-+  size_t total_len, len;
-   uint8_t* p;
-   bool is_overflow = false;
- 
-@@ -169,16 +170,22 @@ static bool process_read_multi_rsp(tGATT_SR_CMD* p_cmd, tGATT_STATUS status,
-             len = p_rsp->attr_value.len - (total_len - mtu);
-             is_overflow = true;
-             VLOG(1) << StringPrintf(
--                "multi read overflow available len=%d val_len=%d", len,
-+                "multi read overflow available len=%zu val_len=%d", len,
-                 p_rsp->attr_value.len);
-           } else {
-             len = p_rsp->attr_value.len;
-           }
- 
-           if (p_rsp->attr_value.handle == p_cmd->multi_req.handles[ii]) {
--            memcpy(p, p_rsp->attr_value.value, len);
--            if (!is_overflow) p += len;
--            p_buf->len += len;
-+            // check for possible integer overflow
-+            if (p_buf->len + len <= UINT16_MAX) {
-+              memcpy(p, p_rsp->attr_value.value, len);
-+              if (!is_overflow) p += len;
-+              p_buf->len += len;
-+            } else {
-+              p_cmd->status = GATT_NOT_FOUND;
-+              break;
-+            }
-           } else {
-             p_cmd->status = GATT_NOT_FOUND;
-             break;
diff --git a/Patches/LineageOS-17.1/android_vendor_qcom_opensource_commonsys_system_bt/365986.patch b/Patches/LineageOS-17.1/android_vendor_qcom_opensource_commonsys_system_bt/365986.patch
deleted file mode 100644
index fae68fd0..00000000
--- a/Patches/LineageOS-17.1/android_vendor_qcom_opensource_commonsys_system_bt/365986.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Brian Delwiche <delwiche@google.com>
-Date: Thu, 27 Apr 2023 20:43:58 +0000
-Subject: [PATCH] Fix potential abort in btu_av_act.cc
-
-Partner analysis shows that bta_av_rc_msg does not respect handling
-established for a null browse packet, instead dispatching the null
-pointer to bta_av_rc_free_browse_msg.  Strictly speaking this does
-not cause a UAF, as osi_free_and_reset will find the null and abort,
-but it will lead to improper program termination.
-
-Handle the case instead.
-
-Bug: 269253349
-Test: atest bluetooth_test_gd_unit
-Tag: #security
-Ignore-AOSP-First: Security
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:91f6d6215c101acc99a7397c5fb5a12fe6d7b8e9)
-Merged-In: I4df7045798b663fbefd7434288dc9383216171a7
-Change-Id: I4df7045798b663fbefd7434288dc9383216171a7
----
- bta/av/bta_av_act.cc | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/bta/av/bta_av_act.cc b/bta/av/bta_av_act.cc
-index ea823ad75..9582b7897 100644
---- a/bta/av/bta_av_act.cc
-+++ b/bta/av/bta_av_act.cc
-@@ -1310,7 +1310,10 @@ void bta_av_rc_msg(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
-       return;
-     }
-     /* If browsing message, then free the browse message buffer */
--    bta_av_rc_free_browse_msg(p_cb, p_data);
-+    if (p_data->rc_msg.opcode == AVRC_OP_BROWSE &&
-+        p_data->rc_msg.msg.browse.p_browse_pkt != NULL) {
-+      bta_av_rc_free_browse_msg(p_cb, p_data);
-+    }
-   }
- }
- 
diff --git a/Patches/LineageOS-17.1/android_vendor_qcom_opensource_commonsys_system_bt/365987.patch b/Patches/LineageOS-17.1/android_vendor_qcom_opensource_commonsys_system_bt/365987.patch
deleted file mode 100644
index 714f67ac..00000000
--- a/Patches/LineageOS-17.1/android_vendor_qcom_opensource_commonsys_system_bt/365987.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Brian Delwiche <delwiche@google.com>
-Date: Thu, 1 Jun 2023 23:57:58 +0000
-Subject: [PATCH] Fix UAF in gatt_cl.cc
-
-gatt_cl.cc accesses a header field after the buffer holding it may have
-been freed.
-
-Track the relevant state as a local variable instead.
-
-Bug: 274617156
-Test: atest: bluetooth, validated against fuzzer
-Tag: #security
-Ignore-AOSP-First: Security
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:d7a7f7f3311202065de4b2c17b49994053dd1244)
-Merged-In: I085ecfa1a9ba098ecbfecbd3cb3e263ae13f9724
-Change-Id: I085ecfa1a9ba098ecbfecbd3cb3e263ae13f9724
----
- stack/gatt/gatt_cl.cc | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/stack/gatt/gatt_cl.cc b/stack/gatt/gatt_cl.cc
-index 98186daed..ff4ac8aea 100644
---- a/stack/gatt/gatt_cl.cc
-+++ b/stack/gatt/gatt_cl.cc
-@@ -592,12 +592,17 @@ void gatt_process_prep_write_rsp(tGATT_TCB& tcb, tGATT_CLCB* p_clcb,
- 
-   memcpy(value.value, p, value.len);
- 
-+  bool subtype_is_write_prepare = (p_clcb->op_subtype == GATT_WRITE_PREPARE);
-+
-   if (!gatt_check_write_long_terminate(tcb, p_clcb, &value)) {
-     gatt_send_prepare_write(tcb, p_clcb);
-     return;
-   }
- 
--  if (p_clcb->op_subtype == GATT_WRITE_PREPARE) {
-+  // We now know that we have not terminated, or else we would have returned
-+  // early.  We free the buffer only if the subtype is not equal to
-+  // GATT_WRITE_PREPARE, so checking here is adequate to prevent UAF.
-+  if (subtype_is_write_prepare) {
-     /* application should verify handle offset
-        and value are matched or not */
-     gatt_end_operation(p_clcb, p_clcb->status, &value);
diff --git a/Patches/LineageOS-20.0/ASB-2023-10/apksig-01.patch b/Patches/LineageOS-20.0/ASB-2023-10/apksig-01.patch
deleted file mode 100644
index b139e961..00000000
--- a/Patches/LineageOS-20.0/ASB-2023-10/apksig-01.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 039f815895f62c9f8af23df66622b66246f3f61e Mon Sep 17 00:00:00 2001
-From: Michael Groover <mpgroover@google.com>
-Date: Tue, 20 Jun 2023 11:51:03 -0500
-Subject: [PATCH] Add errors from signature verify result to returned result
-
-During APK signature verification, the apksig library will maintain
-an internal Result instance for the current signature version being
-verified; any errors / warnings from the specific version signer(s)
-verification will then be copied to a Result instance that is
-returned to the caller containing details for each of the signature
-versions that the library attempted to verify. The internal Result
-instance can also contain more general errors / warnings abut the
-verification; these are currently not merged with the Result to be
-returned to the caller, so some APKs may fail to verify without a
-valid error returned. This commit resolves this by merging all
-general errors / warnings with the Result to be returned to the
-caller.
-
-Bug: 266580022
-Test: gradlew test
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:0b086bdc130e1e6216fcbc5436fe8e3cdc9ec011)
-Merged-In: Id0f4ee47a964a3bb5d30916808a3108858e6a0cf
-Change-Id: Id0f4ee47a964a3bb5d30916808a3108858e6a0cf
----
- src/main/java/com/android/apksig/ApkVerifier.java | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/src/main/java/com/android/apksig/ApkVerifier.java b/src/main/java/com/android/apksig/ApkVerifier.java
-index 8ae5f78..0b04ef9 100644
---- a/src/main/java/com/android/apksig/ApkVerifier.java
-+++ b/src/main/java/com/android/apksig/ApkVerifier.java
-@@ -1276,6 +1276,15 @@ public class ApkVerifier {
-         }
- 
-         private void mergeFrom(ApkSigningBlockUtils.Result source) {
-+            if (source == null) {
-+                return;
-+            }
-+            if (source.containsErrors()) {
-+                mErrors.addAll(source.getErrors());
-+            }
-+            if (source.containsWarnings()) {
-+                mWarnings.addAll(source.getWarnings());
-+            }
-             switch (source.signatureSchemeVersion) {
-                 case ApkSigningBlockUtils.VERSION_APK_SIGNATURE_SCHEME_V2:
-                     mVerifiedUsingV2Scheme = source.verified;
--- 
-GitLab
-
diff --git a/Patches/LineageOS-20.0/ASB-2023-10/base-01.patch b/Patches/LineageOS-20.0/ASB-2023-10/base-01.patch
deleted file mode 100644
index f5ac0473..00000000
--- a/Patches/LineageOS-20.0/ASB-2023-10/base-01.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From 89489ff5dd9b7717f0421ca4e90bc060af1ba8b7 Mon Sep 17 00:00:00 2001
-From: Jean-Michel Trivi <jmtrivi@google.com>
-Date: Wed, 7 Dec 2022 04:36:46 +0000
-Subject: [PATCH] RingtoneManager: verify default ringtone is audio
-
-When a ringtone picker tries to set a ringtone through
-RingtoneManager.setActualDefaultRingtoneUri (also
-called by com.android.settings.DefaultRingtonePreference),
-verify the mimeType can be obtained (not found when caller
-doesn't have access to it) and it is an audio resource.
-
-Bug: 205837340
-Test: atest android.media.audio.cts.RingtoneManagerTest
-(cherry picked from commit 38618f9fb16d3b5617e2289354d47abe5af17dad)
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:b8c2d03b720f0cc200ac59f6cfb411fddc3b119c)
-Merged-In: I3f2c487ded405c0c1a83ef0a2fe99cff7cc9328e
-Change-Id: I3f2c487ded405c0c1a83ef0a2fe99cff7cc9328e
----
- media/java/android/media/RingtoneManager.java | 19 +++++++++++++++++--
- 1 file changed, 17 insertions(+), 2 deletions(-)
-
-diff --git a/media/java/android/media/RingtoneManager.java b/media/java/android/media/RingtoneManager.java
-index 27db41cb9f4e..d3c3c370a641 100644
---- a/media/java/android/media/RingtoneManager.java
-+++ b/media/java/android/media/RingtoneManager.java
-@@ -814,10 +814,10 @@ public static Uri getActualDefaultRingtoneUri(Context context, int type) {
- 
-         return ringtoneUri;
-     }
--    
-+
-     /**
-      * Sets the {@link Uri} of the default sound for a given sound type.
--     * 
-+     *
-      * @param context A context used for querying.
-      * @param type The type whose default sound should be set. One of
-      *            {@link #TYPE_RINGTONE}, {@link #TYPE_NOTIFICATION}, or
-@@ -833,6 +833,21 @@ public static void setActualDefaultRingtoneUri(Context context, int type, Uri ri
-         if(!isInternalRingtoneUri(ringtoneUri)) {
-             ringtoneUri = ContentProvider.maybeAddUserId(ringtoneUri, context.getUserId());
-         }
-+
-+        if (ringtoneUri != null) {
-+            final String mimeType = resolver.getType(ringtoneUri);
-+            if (mimeType == null) {
-+                Log.e(TAG, "setActualDefaultRingtoneUri for URI:" + ringtoneUri
-+                        + " ignored: failure to find mimeType (no access from this context?)");
-+                return;
-+            }
-+            if (!(mimeType.startsWith("audio/") || mimeType.equals("application/ogg"))) {
-+                Log.e(TAG, "setActualDefaultRingtoneUri for URI:" + ringtoneUri
-+                        + " ignored: associated mimeType:" + mimeType + " is not an audio type");
-+                return;
-+            }
-+        }
-+
-         Settings.System.putStringForUser(resolver, setting,
-                 ringtoneUri != null ? ringtoneUri.toString() : null, context.getUserId());
- 
diff --git a/Patches/LineageOS-20.0/ASB-2023-10/base-02.patch b/Patches/LineageOS-20.0/ASB-2023-10/base-02.patch
deleted file mode 100644
index 0f8dafb7..00000000
--- a/Patches/LineageOS-20.0/ASB-2023-10/base-02.patch
+++ /dev/null
@@ -1,1168 +0,0 @@
-From d1765c47157a99ecdc44537b5cadbb9726892967 Mon Sep 17 00:00:00 2001
-From: Beth Thibodeau <ethibodeau@google.com>
-Date: Tue, 30 May 2023 18:45:47 -0500
-Subject: [PATCH] Add placeholder when media control title is blank
-
-When an app posts a media control with no available title, show a
-placeholder string with the app name instead
-
-Bug: 274775190
-Test: atest MediaDataManagerTest
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:a0fda1f36d04331c8d60c5540b09b1a30203581b)
-Merged-In: Ie406c180af48653595e8e222a15b4dda27de2e0e
-Change-Id: Ie406c180af48653595e8e222a15b4dda27de2e0e
----
- packages/SystemUI/res/values/strings.xml      |    2 +
- .../controls/pipeline/MediaDataManager.kt     |    8 +-
- .../systemui/media/MediaDataManagerTest.kt    | 1106 +++++++++++++++++
- 3 files changed, 1114 insertions(+), 2 deletions(-)
- create mode 100644 packages/SystemUI/tests/src/com/android/systemui/media/MediaDataManagerTest.kt
-
-diff --git a/packages/SystemUI/res/values/strings.xml b/packages/SystemUI/res/values/strings.xml
-index b7036529a733..ac894de4c5d9 100644
---- a/packages/SystemUI/res/values/strings.xml
-+++ b/packages/SystemUI/res/values/strings.xml
-@@ -2386,6 +2386,8 @@
-     <string name="controls_media_smartspace_rec_item_no_artist_description">Play <xliff:g id="song_name" example="Daily mix">%1$s</xliff:g> from <xliff:g id="app_label" example="Spotify">%2$s</xliff:g></string>
-     <!-- Header title for Smartspace recommendation card within media controls. [CHAR_LIMIT=30] -->
-     <string name="controls_media_smartspace_rec_header">For You</string>
-+    <!-- Placeholder title to inform user that an app has posted media controls [CHAR_LIMIT=NONE] -->
-+    <string name="controls_media_empty_title"><xliff:g id="app_name" example="Foo Music App">%1$s</xliff:g> is running</string>
- 
-     <!--- ****** Media tap-to-transfer ****** -->
-     <!-- Text for a button to undo the media transfer. [CHAR LIMIT=20] -->
-diff --git a/packages/SystemUI/src/com/android/systemui/media/controls/pipeline/MediaDataManager.kt b/packages/SystemUI/src/com/android/systemui/media/controls/pipeline/MediaDataManager.kt
-index 525b2fcb8dbc..4e20a24e9add 100644
---- a/packages/SystemUI/src/com/android/systemui/media/controls/pipeline/MediaDataManager.kt
-+++ b/packages/SystemUI/src/com/android/systemui/media/controls/pipeline/MediaDataManager.kt
-@@ -786,12 +786,16 @@ class MediaDataManager(
- 
-         // Song name
-         var song: CharSequence? = metadata?.getString(MediaMetadata.METADATA_KEY_DISPLAY_TITLE)
--        if (song == null) {
-+        if (song.isNullOrBlank()) {
-             song = metadata?.getString(MediaMetadata.METADATA_KEY_TITLE)
-         }
--        if (song == null) {
-+        if (song.isNullOrBlank()) {
-             song = HybridGroupManager.resolveTitle(notif)
-         }
-+        if (song.isNullOrBlank()) {
-+            // For apps that don't include a title, add a placeholder
-+            song = context.getString(R.string.controls_media_empty_title, appName)
-+        }
- 
-         // Explicit Indicator
-         var isExplicit = false
-diff --git a/packages/SystemUI/tests/src/com/android/systemui/media/MediaDataManagerTest.kt b/packages/SystemUI/tests/src/com/android/systemui/media/MediaDataManagerTest.kt
-new file mode 100644
-index 000000000000..52266f983fdd
---- /dev/null
-+++ b/packages/SystemUI/tests/src/com/android/systemui/media/MediaDataManagerTest.kt
-@@ -0,0 +1,1106 @@
-+package com.android.systemui.media
-+
-+import android.app.Notification
-+import android.app.Notification.MediaStyle
-+import android.app.PendingIntent
-+import android.app.smartspace.SmartspaceAction
-+import android.app.smartspace.SmartspaceTarget
-+import android.content.Intent
-+import android.graphics.Bitmap
-+import android.graphics.drawable.Icon
-+import android.media.MediaDescription
-+import android.media.MediaMetadata
-+import android.media.session.MediaController
-+import android.media.session.MediaSession
-+import android.media.session.PlaybackState
-+import android.os.Bundle
-+import android.provider.Settings
-+import android.service.notification.StatusBarNotification
-+import android.testing.AndroidTestingRunner
-+import android.testing.TestableLooper.RunWithLooper
-+import androidx.media.utils.MediaConstants
-+import androidx.test.filters.SmallTest
-+import com.android.internal.logging.InstanceId
-+import com.android.systemui.InstanceIdSequenceFake
-+import com.android.systemui.R
-+import com.android.systemui.SysuiTestCase
-+import com.android.systemui.broadcast.BroadcastDispatcher
-+import com.android.systemui.dump.DumpManager
-+import com.android.systemui.plugins.ActivityStarter
-+import com.android.systemui.statusbar.SbnBuilder
-+import com.android.systemui.tuner.TunerService
-+import com.android.systemui.util.concurrency.FakeExecutor
-+import com.android.systemui.util.mockito.any
-+import com.android.systemui.util.mockito.argumentCaptor
-+import com.android.systemui.util.mockito.capture
-+import com.android.systemui.util.mockito.eq
-+import com.android.systemui.util.time.FakeSystemClock
-+import com.google.common.truth.Truth.assertThat
-+import org.junit.After
-+import org.junit.Before
-+import org.junit.Ignore
-+import org.junit.Rule
-+import org.junit.Test
-+import org.junit.runner.RunWith
-+import org.mockito.ArgumentCaptor
-+import org.mockito.ArgumentMatchers.anyBoolean
-+import org.mockito.ArgumentMatchers.anyInt
-+import org.mockito.Captor
-+import org.mockito.Mock
-+import org.mockito.Mockito
-+import org.mockito.Mockito.never
-+import org.mockito.Mockito.reset
-+import org.mockito.Mockito.times
-+import org.mockito.Mockito.verify
-+import org.mockito.Mockito.verifyNoMoreInteractions
-+import org.mockito.junit.MockitoJUnit
-+import org.mockito.Mockito.`when` as whenever
-+
-+private const val KEY = "KEY"
-+private const val KEY_2 = "KEY_2"
-+private const val KEY_MEDIA_SMARTSPACE = "MEDIA_SMARTSPACE_ID"
-+private const val PACKAGE_NAME = "com.example.app"
-+private const val SYSTEM_PACKAGE_NAME = "com.android.systemui"
-+private const val APP_NAME = "com.android.systemui.tests"
-+private const val SESSION_ARTIST = "artist"
-+private const val SESSION_TITLE = "title"
-+private const val SESSION_BLANK_TITLE = " "
-+private const val SESSION_EMPTY_TITLE = ""
-+private const val USER_ID = 0
-+private val DISMISS_INTENT = Intent().apply { action = "dismiss" }
-+
-+private fun <T> anyObject(): T {
-+    return Mockito.anyObject<T>()
-+}
-+
-+@SmallTest
-+@RunWithLooper(setAsMainLooper = true)
-+@RunWith(AndroidTestingRunner::class)
-+class MediaDataManagerTest : SysuiTestCase() {
-+
-+    @JvmField @Rule val mockito = MockitoJUnit.rule()
-+    @Mock lateinit var mediaControllerFactory: MediaControllerFactory
-+    @Mock lateinit var controller: MediaController
-+    @Mock lateinit var transportControls: MediaController.TransportControls
-+    @Mock lateinit var playbackInfo: MediaController.PlaybackInfo
-+    lateinit var session: MediaSession
-+    lateinit var metadataBuilder: MediaMetadata.Builder
-+    lateinit var backgroundExecutor: FakeExecutor
-+    lateinit var foregroundExecutor: FakeExecutor
-+    @Mock lateinit var dumpManager: DumpManager
-+    @Mock lateinit var broadcastDispatcher: BroadcastDispatcher
-+    @Mock lateinit var mediaTimeoutListener: MediaTimeoutListener
-+    @Mock lateinit var mediaResumeListener: MediaResumeListener
-+    @Mock lateinit var mediaSessionBasedFilter: MediaSessionBasedFilter
-+    @Mock lateinit var mediaDeviceManager: MediaDeviceManager
-+    @Mock lateinit var mediaDataCombineLatest: MediaDataCombineLatest
-+    @Mock lateinit var mediaDataFilter: MediaDataFilter
-+    @Mock lateinit var listener: MediaDataManager.Listener
-+    @Mock lateinit var pendingIntent: PendingIntent
-+    @Mock lateinit var activityStarter: ActivityStarter
-+    lateinit var smartspaceMediaDataProvider: SmartspaceMediaDataProvider
-+    @Mock lateinit var mediaSmartspaceTarget: SmartspaceTarget
-+    @Mock private lateinit var mediaRecommendationItem: SmartspaceAction
-+    lateinit var validRecommendationList: List<SmartspaceAction>
-+    @Mock private lateinit var mediaSmartspaceBaseAction: SmartspaceAction
-+    @Mock private lateinit var mediaFlags: MediaFlags
-+    @Mock private lateinit var logger: MediaUiEventLogger
-+    lateinit var mediaDataManager: MediaDataManager
-+    lateinit var mediaNotification: StatusBarNotification
-+    @Captor lateinit var mediaDataCaptor: ArgumentCaptor<MediaData>
-+    private val clock = FakeSystemClock()
-+    @Mock private lateinit var tunerService: TunerService
-+    @Captor lateinit var tunableCaptor: ArgumentCaptor<TunerService.Tunable>
-+
-+    private val instanceIdSequence = InstanceIdSequenceFake(1 shl 20)
-+
-+    private val originalSmartspaceSetting = Settings.Secure.getInt(context.contentResolver,
-+            Settings.Secure.MEDIA_CONTROLS_RECOMMENDATION, 1)
-+
-+    @Before
-+    fun setup() {
-+        foregroundExecutor = FakeExecutor(clock)
-+        backgroundExecutor = FakeExecutor(clock)
-+        smartspaceMediaDataProvider = SmartspaceMediaDataProvider()
-+        Settings.Secure.putInt(context.contentResolver,
-+                Settings.Secure.MEDIA_CONTROLS_RECOMMENDATION, 1)
-+        mediaDataManager = MediaDataManager(
-+            context = context,
-+            backgroundExecutor = backgroundExecutor,
-+            foregroundExecutor = foregroundExecutor,
-+            mediaControllerFactory = mediaControllerFactory,
-+            broadcastDispatcher = broadcastDispatcher,
-+            dumpManager = dumpManager,
-+            mediaTimeoutListener = mediaTimeoutListener,
-+            mediaResumeListener = mediaResumeListener,
-+            mediaSessionBasedFilter = mediaSessionBasedFilter,
-+            mediaDeviceManager = mediaDeviceManager,
-+            mediaDataCombineLatest = mediaDataCombineLatest,
-+            mediaDataFilter = mediaDataFilter,
-+            activityStarter = activityStarter,
-+            smartspaceMediaDataProvider = smartspaceMediaDataProvider,
-+            useMediaResumption = true,
-+            useQsMediaPlayer = true,
-+            systemClock = clock,
-+            tunerService = tunerService,
-+            mediaFlags = mediaFlags,
-+            logger = logger
-+        )
-+        verify(tunerService).addTunable(capture(tunableCaptor),
-+                eq(Settings.Secure.MEDIA_CONTROLS_RECOMMENDATION))
-+        session = MediaSession(context, "MediaDataManagerTestSession")
-+        mediaNotification = SbnBuilder().run {
-+            setPkg(PACKAGE_NAME)
-+            modifyNotification(context).also {
-+                it.setSmallIcon(android.R.drawable.ic_media_pause)
-+                it.setStyle(MediaStyle().apply { setMediaSession(session.sessionToken) })
-+            }
-+            build()
-+        }
-+        metadataBuilder = MediaMetadata.Builder().apply {
-+            putString(MediaMetadata.METADATA_KEY_ARTIST, SESSION_ARTIST)
-+            putString(MediaMetadata.METADATA_KEY_TITLE, SESSION_TITLE)
-+        }
-+        whenever(mediaControllerFactory.create(eq(session.sessionToken))).thenReturn(controller)
-+        whenever(controller.transportControls).thenReturn(transportControls)
-+        whenever(controller.playbackInfo).thenReturn(playbackInfo)
-+        whenever(playbackInfo.playbackType).thenReturn(
-+                MediaController.PlaybackInfo.PLAYBACK_TYPE_LOCAL)
-+
-+        // This is an ugly hack for now. The mediaSessionBasedFilter is one of the internal
-+        // listeners in the internal processing pipeline. It receives events, but ince it is a
-+        // mock, it doesn't pass those events along the chain to the external listeners. So, just
-+        // treat mediaSessionBasedFilter as a listener for testing.
-+        listener = mediaSessionBasedFilter
-+
-+        val recommendationExtras = Bundle().apply {
-+            putString("package_name", PACKAGE_NAME)
-+            putParcelable("dismiss_intent", DISMISS_INTENT)
-+        }
-+        val icon = Icon.createWithResource(context, android.R.drawable.ic_media_play)
-+        whenever(mediaSmartspaceBaseAction.extras).thenReturn(recommendationExtras)
-+        whenever(mediaSmartspaceTarget.baseAction).thenReturn(mediaSmartspaceBaseAction)
-+        whenever(mediaRecommendationItem.extras).thenReturn(recommendationExtras)
-+        whenever(mediaRecommendationItem.icon).thenReturn(icon)
-+        validRecommendationList = listOf(
-+            mediaRecommendationItem, mediaRecommendationItem, mediaRecommendationItem
-+        )
-+        whenever(mediaSmartspaceTarget.smartspaceTargetId).thenReturn(KEY_MEDIA_SMARTSPACE)
-+        whenever(mediaSmartspaceTarget.featureType).thenReturn(SmartspaceTarget.FEATURE_MEDIA)
-+        whenever(mediaSmartspaceTarget.iconGrid).thenReturn(validRecommendationList)
-+        whenever(mediaSmartspaceTarget.creationTimeMillis).thenReturn(1234L)
-+        whenever(mediaFlags.areMediaSessionActionsEnabled(any(), any())).thenReturn(false)
-+        whenever(logger.getNewInstanceId()).thenReturn(instanceIdSequence.newInstanceId())
-+    }
-+
-+    @After
-+    fun tearDown() {
-+        session.release()
-+        mediaDataManager.destroy()
-+        Settings.Secure.putInt(context.contentResolver,
-+                Settings.Secure.MEDIA_CONTROLS_RECOMMENDATION, originalSmartspaceSetting)
-+    }
-+
-+    @Test
-+    fun testSetTimedOut_active_deactivatesMedia() {
-+        addNotificationAndLoad()
-+        val data = mediaDataCaptor.value
-+        assertThat(data.active).isTrue()
-+
-+        mediaDataManager.setTimedOut(KEY, timedOut = true)
-+        assertThat(data.active).isFalse()
-+        verify(logger).logMediaTimeout(anyInt(), eq(PACKAGE_NAME), eq(data.instanceId))
-+    }
-+
-+    @Test
-+    fun testSetTimedOut_resume_dismissesMedia() {
-+        // WHEN resume controls are present, and time out
-+        val desc = MediaDescription.Builder().run {
-+            setTitle(SESSION_TITLE)
-+            build()
-+        }
-+        mediaDataManager.addResumptionControls(USER_ID, desc, Runnable {}, session.sessionToken,
-+                APP_NAME, pendingIntent, PACKAGE_NAME)
-+
-+        backgroundExecutor.runAllReady()
-+        foregroundExecutor.runAllReady()
-+        verify(listener).onMediaDataLoaded(eq(PACKAGE_NAME), eq(null), capture(mediaDataCaptor),
-+            eq(true), eq(0), eq(false))
-+
-+        mediaDataManager.setTimedOut(PACKAGE_NAME, timedOut = true)
-+        verify(logger).logMediaTimeout(anyInt(), eq(PACKAGE_NAME),
-+            eq(mediaDataCaptor.value.instanceId))
-+
-+        // THEN it is removed and listeners are informed
-+        foregroundExecutor.advanceClockToLast()
-+        foregroundExecutor.runAllReady()
-+        verify(listener).onMediaDataRemoved(PACKAGE_NAME)
-+    }
-+
-+    @Test
-+    fun testLoadsMetadataOnBackground() {
-+        mediaDataManager.onNotificationAdded(KEY, mediaNotification)
-+        assertThat(backgroundExecutor.numPending()).isEqualTo(1)
-+    }
-+
-+    @Test
-+    fun testOnMetaDataLoaded_callsListener() {
-+        addNotificationAndLoad()
-+        verify(logger).logActiveMediaAdded(anyInt(), eq(PACKAGE_NAME),
-+            eq(mediaDataCaptor.value.instanceId), eq(MediaData.PLAYBACK_LOCAL))
-+    }
-+
-+    @Test
-+    fun testOnMetaDataLoaded_conservesActiveFlag() {
-+        whenever(mediaControllerFactory.create(anyObject())).thenReturn(controller)
-+        whenever(controller.metadata).thenReturn(metadataBuilder.build())
-+        mediaDataManager.addListener(listener)
-+        mediaDataManager.onNotificationAdded(KEY, mediaNotification)
-+        assertThat(backgroundExecutor.runAllReady()).isEqualTo(1)
-+        assertThat(foregroundExecutor.runAllReady()).isEqualTo(1)
-+        verify(listener).onMediaDataLoaded(eq(KEY), eq(null), capture(mediaDataCaptor), eq(true),
-+                eq(0), eq(false))
-+        assertThat(mediaDataCaptor.value!!.active).isTrue()
-+    }
-+
-+    @Test
-+    fun testOnNotificationAdded_isRcn_markedRemote() {
-+        val rcn = SbnBuilder().run {
-+            setPkg(SYSTEM_PACKAGE_NAME)
-+            modifyNotification(context).also {
-+                it.setSmallIcon(android.R.drawable.ic_media_pause)
-+                it.setStyle(MediaStyle().apply {
-+                    setMediaSession(session.sessionToken)
-+                    setRemotePlaybackInfo("Remote device", 0, null)
-+                })
-+            }
-+            build()
-+        }
-+
-+        mediaDataManager.onNotificationAdded(KEY, rcn)
-+        assertThat(backgroundExecutor.runAllReady()).isEqualTo(1)
-+        assertThat(foregroundExecutor.runAllReady()).isEqualTo(1)
-+        verify(listener).onMediaDataLoaded(eq(KEY), eq(null), capture(mediaDataCaptor), eq(true),
-+                eq(0), eq(false))
-+        assertThat(mediaDataCaptor.value!!.playbackLocation).isEqualTo(
-+                MediaData.PLAYBACK_CAST_REMOTE)
-+        verify(logger).logActiveMediaAdded(anyInt(), eq(SYSTEM_PACKAGE_NAME),
-+            eq(mediaDataCaptor.value.instanceId), eq(MediaData.PLAYBACK_CAST_REMOTE))
-+    }
-+
-+    @Test
-+    fun testLoadMediaDataInBg_invalidTokenNoCrash() {
-+        val bundle = Bundle()
-+        // wrong data type
-+        bundle.putParcelable(Notification.EXTRA_MEDIA_SESSION, Bundle())
-+        val rcn = SbnBuilder().run {
-+            setPkg(SYSTEM_PACKAGE_NAME)
-+            modifyNotification(context).also {
-+                it.setSmallIcon(android.R.drawable.ic_media_pause)
-+                it.addExtras(bundle)
-+                it.setStyle(MediaStyle().apply {
-+                    setRemotePlaybackInfo("Remote device", 0, null)
-+                })
-+            }
-+            build()
-+        }
-+
-+        mediaDataManager.loadMediaDataInBg(KEY, rcn, null)
-+        // no crash even though the data structure is incorrect
-+    }
-+
-+    @Test
-+    fun testLoadMediaDataInBg_invalidMediaRemoteIntentNoCrash() {
-+        val bundle = Bundle()
-+        // wrong data type
-+        bundle.putParcelable(Notification.EXTRA_MEDIA_REMOTE_INTENT, Bundle())
-+        val rcn = SbnBuilder().run {
-+            setPkg(SYSTEM_PACKAGE_NAME)
-+            modifyNotification(context).also {
-+                it.setSmallIcon(android.R.drawable.ic_media_pause)
-+                it.addExtras(bundle)
-+                it.setStyle(MediaStyle().apply {
-+                    setMediaSession(session.sessionToken)
-+                    setRemotePlaybackInfo("Remote device", 0, null)
-+                })
-+            }
-+            build()
-+        }
-+
-+        mediaDataManager.loadMediaDataInBg(KEY, rcn, null)
-+        // no crash even though the data structure is incorrect
-+    }
-+
-+    @Test
-+    fun testOnNotificationRemoved_callsListener() {
-+        addNotificationAndLoad()
-+        val data = mediaDataCaptor.value
-+        mediaDataManager.onNotificationRemoved(KEY)
-+        verify(listener).onMediaDataRemoved(eq(KEY))
-+        verify(logger).logMediaRemoved(anyInt(), eq(PACKAGE_NAME), eq(data.instanceId))
-+    }
-+
-+    @Test
-+    fun testOnNotificationAdded_emptyTitle_hasPlaceholder() {
-+        // When the manager has a notification with an empty title
-+        whenever(controller.metadata)
-+            .thenReturn(
-+                metadataBuilder
-+                    .putString(MediaMetadata.METADATA_KEY_TITLE, SESSION_EMPTY_TITLE)
-+                    .build()
-+            )
-+        mediaDataManager.onNotificationAdded(KEY, mediaNotification)
-+
-+        // Then a media control is created with a placeholder title string
-+        assertThat(backgroundExecutor.runAllReady()).isEqualTo(1)
-+        assertThat(foregroundExecutor.runAllReady()).isEqualTo(1)
-+        verify(listener)
-+            .onMediaDataLoaded(
-+                eq(KEY),
-+                eq(null),
-+                capture(mediaDataCaptor),
-+                eq(true),
-+                eq(0),
-+                eq(false)
-+            )
-+        val placeholderTitle = context.getString(R.string.controls_media_empty_title, APP_NAME)
-+        assertThat(mediaDataCaptor.value.song).isEqualTo(placeholderTitle)
-+    }
-+
-+    @Test
-+    fun testOnNotificationAdded_blankTitle_hasPlaceholder() {
-+        // GIVEN that the manager has a notification with a blank title
-+        whenever(controller.metadata)
-+            .thenReturn(
-+                metadataBuilder
-+                    .putString(MediaMetadata.METADATA_KEY_TITLE, SESSION_BLANK_TITLE)
-+                    .build()
-+            )
-+        mediaDataManager.onNotificationAdded(KEY, mediaNotification)
-+
-+        // Then a media control is created with a placeholder title string
-+        assertThat(backgroundExecutor.runAllReady()).isEqualTo(1)
-+        assertThat(foregroundExecutor.runAllReady()).isEqualTo(1)
-+        verify(listener)
-+            .onMediaDataLoaded(
-+                eq(KEY),
-+                eq(null),
-+                capture(mediaDataCaptor),
-+                eq(true),
-+                eq(0),
-+                eq(false)
-+            )
-+        val placeholderTitle = context.getString(R.string.controls_media_empty_title, APP_NAME)
-+        assertThat(mediaDataCaptor.value.song).isEqualTo(placeholderTitle)
-+    }
-+
-+    @Test
-+    fun testOnNotificationAdded_emptyMetadata_usesNotificationTitle() {
-+        // When the app sets the metadata title fields to empty strings, but does include a
-+        // non-blank notification title
-+        whenever(controller.metadata)
-+            .thenReturn(
-+                metadataBuilder
-+                    .putString(MediaMetadata.METADATA_KEY_TITLE, SESSION_EMPTY_TITLE)
-+                    .putString(MediaMetadata.METADATA_KEY_DISPLAY_TITLE, SESSION_EMPTY_TITLE)
-+                    .build()
-+            )
-+        mediaNotification =
-+            SbnBuilder().run {
-+                setPkg(PACKAGE_NAME)
-+                modifyNotification(context).also {
-+                    it.setSmallIcon(android.R.drawable.ic_media_pause)
-+                    it.setContentTitle(SESSION_TITLE)
-+                    it.setStyle(MediaStyle().apply { setMediaSession(session.sessionToken) })
-+                }
-+                build()
-+            }
-+        mediaDataManager.onNotificationAdded(KEY, mediaNotification)
-+
-+        // Then the media control is added using the notification's title
-+        assertThat(backgroundExecutor.runAllReady()).isEqualTo(1)
-+        assertThat(foregroundExecutor.runAllReady()).isEqualTo(1)
-+        verify(listener)
-+            .onMediaDataLoaded(
-+                eq(KEY),
-+                eq(null),
-+                capture(mediaDataCaptor),
-+                eq(true),
-+                eq(0),
-+                eq(false)
-+            )
-+        assertThat(mediaDataCaptor.value.song).isEqualTo(SESSION_TITLE)
-+    }
-+
-+    @Test
-+    fun testOnNotificationRemoved_withResumption() {
-+        // GIVEN that the manager has a notification with a resume action
-+        whenever(controller.metadata).thenReturn(metadataBuilder.build())
-+        addNotificationAndLoad()
-+        val data = mediaDataCaptor.value
-+        assertThat(data.resumption).isFalse()
-+        mediaDataManager.onMediaDataLoaded(KEY, null, data.copy(resumeAction = Runnable {}))
-+        // WHEN the notification is removed
-+        mediaDataManager.onNotificationRemoved(KEY)
-+        // THEN the media data indicates that it is for resumption
-+        verify(listener)
-+            .onMediaDataLoaded(eq(PACKAGE_NAME), eq(KEY), capture(mediaDataCaptor), eq(true),
-+                    eq(0), eq(false))
-+        assertThat(mediaDataCaptor.value.resumption).isTrue()
-+        assertThat(mediaDataCaptor.value.isPlaying).isFalse()
-+        verify(logger).logActiveConvertedToResume(anyInt(), eq(PACKAGE_NAME), eq(data.instanceId))
-+    }
-+
-+    @Test
-+    fun testOnNotificationRemoved_twoWithResumption() {
-+        // GIVEN that the manager has two notifications with resume actions
-+        whenever(controller.metadata).thenReturn(metadataBuilder.build())
-+        mediaDataManager.onNotificationAdded(KEY, mediaNotification)
-+        mediaDataManager.onNotificationAdded(KEY_2, mediaNotification)
-+        assertThat(backgroundExecutor.runAllReady()).isEqualTo(2)
-+        assertThat(foregroundExecutor.runAllReady()).isEqualTo(2)
-+        verify(listener)
-+            .onMediaDataLoaded(eq(KEY), eq(null), capture(mediaDataCaptor), eq(true),
-+                    eq(0), eq(false))
-+        val data = mediaDataCaptor.value
-+        assertThat(data.resumption).isFalse()
-+        val resumableData = data.copy(resumeAction = Runnable {})
-+        mediaDataManager.onMediaDataLoaded(KEY, null, resumableData)
-+        mediaDataManager.onMediaDataLoaded(KEY_2, null, resumableData)
-+        reset(listener)
-+        // WHEN the first is removed
-+        mediaDataManager.onNotificationRemoved(KEY)
-+        // THEN the data is for resumption and the key is migrated to the package name
-+        verify(listener)
-+            .onMediaDataLoaded(eq(PACKAGE_NAME), eq(KEY), capture(mediaDataCaptor), eq(true),
-+                    eq(0), eq(false))
-+        assertThat(mediaDataCaptor.value.resumption).isTrue()
-+        verify(listener, never()).onMediaDataRemoved(eq(KEY))
-+        // WHEN the second is removed
-+        mediaDataManager.onNotificationRemoved(KEY_2)
-+        // THEN the data is for resumption and the second key is removed
-+        verify(listener)
-+            .onMediaDataLoaded(
-+                eq(PACKAGE_NAME), eq(PACKAGE_NAME), capture(mediaDataCaptor), eq(true),
-+                    eq(0), eq(false))
-+        assertThat(mediaDataCaptor.value.resumption).isTrue()
-+        verify(listener).onMediaDataRemoved(eq(KEY_2))
-+    }
-+
-+    @Test
-+    fun testOnNotificationRemoved_withResumption_butNotLocal() {
-+        // GIVEN that the manager has a notification with a resume action, but is not local
-+        whenever(controller.metadata).thenReturn(metadataBuilder.build())
-+        whenever(playbackInfo.playbackType).thenReturn(
-+                MediaController.PlaybackInfo.PLAYBACK_TYPE_REMOTE)
-+        addNotificationAndLoad()
-+        val data = mediaDataCaptor.value
-+        val dataRemoteWithResume = data.copy(resumeAction = Runnable {},
-+                playbackLocation = MediaData.PLAYBACK_CAST_LOCAL)
-+        mediaDataManager.onMediaDataLoaded(KEY, null, dataRemoteWithResume)
-+        verify(logger).logActiveMediaAdded(anyInt(), eq(PACKAGE_NAME),
-+            eq(mediaDataCaptor.value.instanceId), eq(MediaData.PLAYBACK_CAST_LOCAL))
-+
-+        // WHEN the notification is removed
-+        mediaDataManager.onNotificationRemoved(KEY)
-+
-+        // THEN the media data is removed
-+        verify(listener).onMediaDataRemoved(eq(KEY))
-+    }
-+
-+    @Test
-+    fun testAddResumptionControls() {
-+        // WHEN resumption controls are added
-+        val desc = MediaDescription.Builder().run {
-+            setTitle(SESSION_TITLE)
-+            build()
-+        }
-+        val currentTime = clock.elapsedRealtime()
-+        mediaDataManager.addResumptionControls(USER_ID, desc, Runnable {}, session.sessionToken,
-+                APP_NAME, pendingIntent, PACKAGE_NAME)
-+        assertThat(backgroundExecutor.runAllReady()).isEqualTo(1)
-+        assertThat(foregroundExecutor.runAllReady()).isEqualTo(1)
-+        // THEN the media data indicates that it is for resumption
-+        verify(listener)
-+            .onMediaDataLoaded(eq(PACKAGE_NAME), eq(null), capture(mediaDataCaptor), eq(true),
-+                    eq(0), eq(false))
-+        val data = mediaDataCaptor.value
-+        assertThat(data.resumption).isTrue()
-+        assertThat(data.song).isEqualTo(SESSION_TITLE)
-+        assertThat(data.app).isEqualTo(APP_NAME)
-+        assertThat(data.actions).hasSize(1)
-+        assertThat(data.semanticActions!!.playOrPause).isNotNull()
-+        assertThat(data.lastActive).isAtLeast(currentTime)
-+        verify(logger).logResumeMediaAdded(anyInt(), eq(PACKAGE_NAME), eq(data.instanceId))
-+    }
-+
-+    @Test
-+    fun testResumptionDisabled_dismissesResumeControls() {
-+        // WHEN there are resume controls and resumption is switched off
-+        val desc = MediaDescription.Builder().run {
-+            setTitle(SESSION_TITLE)
-+            build()
-+        }
-+        mediaDataManager.addResumptionControls(USER_ID, desc, Runnable {}, session.sessionToken,
-+            APP_NAME, pendingIntent, PACKAGE_NAME)
-+        assertThat(backgroundExecutor.runAllReady()).isEqualTo(1)
-+        assertThat(foregroundExecutor.runAllReady()).isEqualTo(1)
-+        verify(listener).onMediaDataLoaded(eq(PACKAGE_NAME), eq(null), capture(mediaDataCaptor),
-+            eq(true), eq(0), eq(false))
-+        val data = mediaDataCaptor.value
-+        mediaDataManager.setMediaResumptionEnabled(false)
-+
-+        // THEN the resume controls are dismissed
-+        verify(listener).onMediaDataRemoved(eq(PACKAGE_NAME))
-+        verify(logger).logMediaRemoved(anyInt(), eq(PACKAGE_NAME), eq(data.instanceId))
-+    }
-+
-+    @Test
-+    fun testDismissMedia_listenerCalled() {
-+        addNotificationAndLoad()
-+        val data = mediaDataCaptor.value
-+        val removed = mediaDataManager.dismissMediaData(KEY, 0L)
-+        assertThat(removed).isTrue()
-+
-+        foregroundExecutor.advanceClockToLast()
-+        foregroundExecutor.runAllReady()
-+
-+        verify(listener).onMediaDataRemoved(eq(KEY))
-+        verify(logger).logMediaRemoved(anyInt(), eq(PACKAGE_NAME), eq(data.instanceId))
-+    }
-+
-+    @Test
-+    fun testDismissMedia_keyDoesNotExist_returnsFalse() {
-+        val removed = mediaDataManager.dismissMediaData(KEY, 0L)
-+        assertThat(removed).isFalse()
-+    }
-+
-+    @Test
-+    fun testBadArtwork_doesNotUse() {
-+        // WHEN notification has a too-small artwork
-+        val artwork = Bitmap.createBitmap(1, 1, Bitmap.Config.ARGB_8888)
-+        val notif = SbnBuilder().run {
-+            setPkg(PACKAGE_NAME)
-+            modifyNotification(context).also {
-+                it.setSmallIcon(android.R.drawable.ic_media_pause)
-+                it.setStyle(MediaStyle().apply { setMediaSession(session.sessionToken) })
-+                it.setLargeIcon(artwork)
-+            }
-+            build()
-+        }
-+        mediaDataManager.onNotificationAdded(KEY, notif)
-+
-+        // THEN it still loads
-+        assertThat(backgroundExecutor.runAllReady()).isEqualTo(1)
-+        assertThat(foregroundExecutor.runAllReady()).isEqualTo(1)
-+        verify(listener)
-+            .onMediaDataLoaded(eq(KEY), eq(null), capture(mediaDataCaptor), eq(true),
-+                    eq(0), eq(false))
-+    }
-+
-+    @Test
-+    fun testOnSmartspaceMediaDataLoaded_hasNewValidMediaTarget_callsListener() {
-+        smartspaceMediaDataProvider.onTargetsAvailable(listOf(mediaSmartspaceTarget))
-+        verify(logger).getNewInstanceId()
-+        val instanceId = instanceIdSequence.lastInstanceId
-+
-+        verify(listener).onSmartspaceMediaDataLoaded(
-+            eq(KEY_MEDIA_SMARTSPACE),
-+            eq(SmartspaceMediaData(
-+                targetId = KEY_MEDIA_SMARTSPACE,
-+                isActive = true,
-+                packageName = PACKAGE_NAME,
-+                cardAction = mediaSmartspaceBaseAction,
-+                recommendations = validRecommendationList,
-+                dismissIntent = DISMISS_INTENT,
-+                headphoneConnectionTimeMillis = 1234L,
-+                instanceId = InstanceId.fakeInstanceId(instanceId))),
-+            eq(false))
-+    }
-+
-+    @Test
-+    fun testOnSmartspaceMediaDataLoaded_hasNewInvalidMediaTarget_callsListener() {
-+        whenever(mediaSmartspaceTarget.iconGrid).thenReturn(listOf())
-+        smartspaceMediaDataProvider.onTargetsAvailable(listOf(mediaSmartspaceTarget))
-+        verify(logger).getNewInstanceId()
-+        val instanceId = instanceIdSequence.lastInstanceId
-+
-+        verify(listener).onSmartspaceMediaDataLoaded(
-+            eq(KEY_MEDIA_SMARTSPACE),
-+            eq(EMPTY_SMARTSPACE_MEDIA_DATA.copy(
-+                targetId = KEY_MEDIA_SMARTSPACE,
-+                isActive = true,
-+                dismissIntent = DISMISS_INTENT,
-+                headphoneConnectionTimeMillis = 1234L,
-+                instanceId = InstanceId.fakeInstanceId(instanceId))),
-+            eq(false))
-+    }
-+
-+    @Test
-+    fun testOnSmartspaceMediaDataLoaded_hasNullIntent_callsListener() {
-+        val recommendationExtras = Bundle().apply {
-+            putString("package_name", PACKAGE_NAME)
-+            putParcelable("dismiss_intent", null)
-+        }
-+        whenever(mediaSmartspaceBaseAction.extras).thenReturn(recommendationExtras)
-+        whenever(mediaSmartspaceTarget.baseAction).thenReturn(mediaSmartspaceBaseAction)
-+        whenever(mediaSmartspaceTarget.iconGrid).thenReturn(listOf())
-+
-+        smartspaceMediaDataProvider.onTargetsAvailable(listOf(mediaSmartspaceTarget))
-+        verify(logger).getNewInstanceId()
-+        val instanceId = instanceIdSequence.lastInstanceId
-+
-+        verify(listener).onSmartspaceMediaDataLoaded(
-+            eq(KEY_MEDIA_SMARTSPACE),
-+            eq(EMPTY_SMARTSPACE_MEDIA_DATA.copy(
-+                targetId = KEY_MEDIA_SMARTSPACE,
-+                isActive = true,
-+                dismissIntent = null,
-+                headphoneConnectionTimeMillis = 1234L,
-+                instanceId = InstanceId.fakeInstanceId(instanceId))),
-+            eq(false))
-+    }
-+
-+    @Test
-+    fun testOnSmartspaceMediaDataLoaded_hasNoneMediaTarget_notCallsListener() {
-+        smartspaceMediaDataProvider.onTargetsAvailable(listOf())
-+        verify(logger, never()).getNewInstanceId()
-+        verify(listener, never())
-+                .onSmartspaceMediaDataLoaded(anyObject(), anyObject(), anyBoolean())
-+    }
-+
-+    @Ignore("b/233283726")
-+    @Test
-+    fun testOnSmartspaceMediaDataLoaded_hasNoneMediaTarget_callsRemoveListener() {
-+        smartspaceMediaDataProvider.onTargetsAvailable(listOf(mediaSmartspaceTarget))
-+        verify(logger).getNewInstanceId()
-+
-+        smartspaceMediaDataProvider.onTargetsAvailable(listOf())
-+        foregroundExecutor.advanceClockToLast()
-+        foregroundExecutor.runAllReady()
-+
-+        verify(listener).onSmartspaceMediaDataRemoved(eq(KEY_MEDIA_SMARTSPACE), eq(false))
-+        verifyNoMoreInteractions(logger)
-+    }
-+
-+    @Test
-+    fun testOnSmartspaceMediaDataLoaded_settingDisabled_doesNothing() {
-+        // WHEN media recommendation setting is off
-+        Settings.Secure.putInt(context.contentResolver,
-+                Settings.Secure.MEDIA_CONTROLS_RECOMMENDATION, 0)
-+        tunableCaptor.value.onTuningChanged(Settings.Secure.MEDIA_CONTROLS_RECOMMENDATION, "0")
-+
-+        smartspaceMediaDataProvider.onTargetsAvailable(listOf(mediaSmartspaceTarget))
-+
-+        // THEN smartspace signal is ignored
-+        verify(listener, never())
-+                .onSmartspaceMediaDataLoaded(anyObject(), anyObject(), anyBoolean())
-+    }
-+
-+    @Ignore("b/229838140")
-+    @Test
-+    fun testMediaRecommendationDisabled_removesSmartspaceData() {
-+        // GIVEN a media recommendation card is present
-+        smartspaceMediaDataProvider.onTargetsAvailable(listOf(mediaSmartspaceTarget))
-+        verify(listener).onSmartspaceMediaDataLoaded(eq(KEY_MEDIA_SMARTSPACE), anyObject(),
-+                anyBoolean())
-+
-+        // WHEN the media recommendation setting is turned off
-+        Settings.Secure.putInt(context.contentResolver,
-+                Settings.Secure.MEDIA_CONTROLS_RECOMMENDATION, 0)
-+        tunableCaptor.value.onTuningChanged(Settings.Secure.MEDIA_CONTROLS_RECOMMENDATION, "0")
-+
-+        // THEN listeners are notified
-+        foregroundExecutor.advanceClockToLast()
-+        foregroundExecutor.runAllReady()
-+        verify(listener).onSmartspaceMediaDataRemoved(eq(KEY_MEDIA_SMARTSPACE), eq(true))
-+    }
-+
-+    @Test
-+    fun testOnMediaDataChanged_updatesLastActiveTime() {
-+        val currentTime = clock.elapsedRealtime()
-+        addNotificationAndLoad()
-+        assertThat(mediaDataCaptor.value!!.lastActive).isAtLeast(currentTime)
-+    }
-+
-+    @Test
-+    fun testOnMediaDataTimedOut_doesNotUpdateLastActiveTime() {
-+        // GIVEN that the manager has a notification
-+        mediaDataManager.onNotificationAdded(KEY, mediaNotification)
-+        assertThat(backgroundExecutor.runAllReady()).isEqualTo(1)
-+        assertThat(foregroundExecutor.runAllReady()).isEqualTo(1)
-+
-+        // WHEN the notification times out
-+        clock.advanceTime(100)
-+        val currentTime = clock.elapsedRealtime()
-+        mediaDataManager.setTimedOut(KEY, true, true)
-+
-+        // THEN the last active time is not changed
-+        verify(listener).onMediaDataLoaded(eq(KEY), eq(KEY), capture(mediaDataCaptor), eq(true),
-+                eq(0), eq(false))
-+        assertThat(mediaDataCaptor.value.lastActive).isLessThan(currentTime)
-+    }
-+
-+    @Test
-+    fun testOnActiveMediaConverted_doesNotUpdateLastActiveTime() {
-+        // GIVEN that the manager has a notification with a resume action
-+        whenever(controller.metadata).thenReturn(metadataBuilder.build())
-+        addNotificationAndLoad()
-+        val data = mediaDataCaptor.value
-+        val instanceId = data.instanceId
-+        assertThat(data.resumption).isFalse()
-+        mediaDataManager.onMediaDataLoaded(KEY, null, data.copy(resumeAction = Runnable {}))
-+
-+        // WHEN the notification is removed
-+        clock.advanceTime(100)
-+        val currentTime = clock.elapsedRealtime()
-+        mediaDataManager.onNotificationRemoved(KEY)
-+
-+        // THEN the last active time is not changed
-+        verify(listener)
-+            .onMediaDataLoaded(eq(PACKAGE_NAME), eq(KEY), capture(mediaDataCaptor), eq(true),
-+                    eq(0), eq(false))
-+        assertThat(mediaDataCaptor.value.resumption).isTrue()
-+        assertThat(mediaDataCaptor.value.lastActive).isLessThan(currentTime)
-+
-+        // Log as a conversion event, not as a new resume control
-+        verify(logger).logActiveConvertedToResume(anyInt(), eq(PACKAGE_NAME), eq(instanceId))
-+        verify(logger, never()).logResumeMediaAdded(anyInt(), eq(PACKAGE_NAME), any())
-+    }
-+
-+    @Test
-+    fun testTooManyCompactActions_isTruncated() {
-+        // GIVEN a notification where too many compact actions were specified
-+        val notif = SbnBuilder().run {
-+            setPkg(PACKAGE_NAME)
-+            modifyNotification(context).also {
-+                it.setSmallIcon(android.R.drawable.ic_media_pause)
-+                it.setStyle(MediaStyle().apply {
-+                    setMediaSession(session.sessionToken)
-+                    setShowActionsInCompactView(0, 1, 2, 3, 4)
-+                })
-+            }
-+            build()
-+        }
-+
-+        // WHEN the notification is loaded
-+        mediaDataManager.onNotificationAdded(KEY, notif)
-+        assertThat(backgroundExecutor.runAllReady()).isEqualTo(1)
-+        assertThat(foregroundExecutor.runAllReady()).isEqualTo(1)
-+
-+        // THEN only the first MAX_COMPACT_ACTIONS are actually set
-+        verify(listener).onMediaDataLoaded(eq(KEY), eq(null), capture(mediaDataCaptor), eq(true),
-+                eq(0), eq(false))
-+        assertThat(mediaDataCaptor.value.actionsToShowInCompact.size).isEqualTo(
-+                MediaDataManager.MAX_COMPACT_ACTIONS)
-+    }
-+
-+    @Test
-+    fun testTooManyNotificationActions_isTruncated() {
-+        // GIVEN a notification where too many notification actions are added
-+        val action = Notification.Action(R.drawable.ic_android, "action", null)
-+        val notif = SbnBuilder().run {
-+            setPkg(PACKAGE_NAME)
-+            modifyNotification(context).also {
-+                it.setSmallIcon(android.R.drawable.ic_media_pause)
-+                it.setStyle(MediaStyle().apply {
-+                    setMediaSession(session.sessionToken)
-+                })
-+                for (i in 0..MediaDataManager.MAX_NOTIFICATION_ACTIONS) {
-+                    it.addAction(action)
-+                }
-+            }
-+            build()
-+        }
-+
-+        // WHEN the notification is loaded
-+        mediaDataManager.onNotificationAdded(KEY, notif)
-+        assertThat(backgroundExecutor.runAllReady()).isEqualTo(1)
-+        assertThat(foregroundExecutor.runAllReady()).isEqualTo(1)
-+
-+        // THEN only the first MAX_NOTIFICATION_ACTIONS are actually included
-+        verify(listener).onMediaDataLoaded(eq(KEY), eq(null), capture(mediaDataCaptor), eq(true),
-+            eq(0), eq(false))
-+        assertThat(mediaDataCaptor.value.actions.size).isEqualTo(
-+            MediaDataManager.MAX_NOTIFICATION_ACTIONS)
-+    }
-+
-+    @Test
-+    fun testPlaybackActions_noState_usesNotification() {
-+        val desc = "Notification Action"
-+        whenever(mediaFlags.areMediaSessionActionsEnabled(any(), any())).thenReturn(true)
-+        whenever(controller.playbackState).thenReturn(null)
-+
-+        val notifWithAction = SbnBuilder().run {
-+            setPkg(PACKAGE_NAME)
-+            modifyNotification(context).also {
-+                it.setSmallIcon(android.R.drawable.ic_media_pause)
-+                it.setStyle(MediaStyle().apply { setMediaSession(session.sessionToken) })
-+                it.addAction(android.R.drawable.ic_media_play, desc, null)
-+            }
-+            build()
-+        }
-+        mediaDataManager.onNotificationAdded(KEY, notifWithAction)
-+
-+        assertThat(backgroundExecutor.runAllReady()).isEqualTo(1)
-+        assertThat(foregroundExecutor.runAllReady()).isEqualTo(1)
-+        verify(listener).onMediaDataLoaded(eq(KEY), eq(null), capture(mediaDataCaptor), eq(true),
-+                eq(0), eq(false))
-+
-+        assertThat(mediaDataCaptor.value!!.semanticActions).isNull()
-+        assertThat(mediaDataCaptor.value!!.actions).hasSize(1)
-+        assertThat(mediaDataCaptor.value!!.actions[0]!!.contentDescription).isEqualTo(desc)
-+    }
-+
-+    @Test
-+    fun testPlaybackActions_hasPrevNext() {
-+        val customDesc = arrayOf("custom 1", "custom 2", "custom 3", "custom 4")
-+        whenever(mediaFlags.areMediaSessionActionsEnabled(any(), any())).thenReturn(true)
-+        val stateActions = PlaybackState.ACTION_PLAY or
-+                PlaybackState.ACTION_SKIP_TO_PREVIOUS or
-+                PlaybackState.ACTION_SKIP_TO_NEXT
-+        val stateBuilder = PlaybackState.Builder()
-+                .setActions(stateActions)
-+        customDesc.forEach {
-+            stateBuilder.addCustomAction("action: $it", it, android.R.drawable.ic_media_pause)
-+        }
-+        whenever(controller.playbackState).thenReturn(stateBuilder.build())
-+
-+        addNotificationAndLoad()
-+
-+        assertThat(mediaDataCaptor.value!!.semanticActions).isNotNull()
-+        val actions = mediaDataCaptor.value!!.semanticActions!!
-+
-+        assertThat(actions.playOrPause).isNotNull()
-+        assertThat(actions.playOrPause!!.contentDescription).isEqualTo(
-+                context.getString(R.string.controls_media_button_play))
-+        actions.playOrPause!!.action!!.run()
-+        verify(transportControls).play()
-+
-+        assertThat(actions.prevOrCustom).isNotNull()
-+        assertThat(actions.prevOrCustom!!.contentDescription).isEqualTo(
-+                context.getString(R.string.controls_media_button_prev))
-+        actions.prevOrCustom!!.action!!.run()
-+        verify(transportControls).skipToPrevious()
-+
-+        assertThat(actions.nextOrCustom).isNotNull()
-+        assertThat(actions.nextOrCustom!!.contentDescription).isEqualTo(
-+                context.getString(R.string.controls_media_button_next))
-+        actions.nextOrCustom!!.action!!.run()
-+        verify(transportControls).skipToNext()
-+
-+        assertThat(actions.custom0).isNotNull()
-+        assertThat(actions.custom0!!.contentDescription).isEqualTo(customDesc[0])
-+
-+        assertThat(actions.custom1).isNotNull()
-+        assertThat(actions.custom1!!.contentDescription).isEqualTo(customDesc[1])
-+    }
-+
-+    @Test
-+    fun testPlaybackActions_noPrevNext_usesCustom() {
-+        val customDesc = arrayOf("custom 1", "custom 2", "custom 3", "custom 4", "custom 5")
-+        whenever(mediaFlags.areMediaSessionActionsEnabled(any(), any())).thenReturn(true)
-+        val stateActions = PlaybackState.ACTION_PLAY
-+        val stateBuilder = PlaybackState.Builder()
-+                .setActions(stateActions)
-+        customDesc.forEach {
-+            stateBuilder.addCustomAction("action: $it", it, android.R.drawable.ic_media_pause)
-+        }
-+        whenever(controller.playbackState).thenReturn(stateBuilder.build())
-+
-+        addNotificationAndLoad()
-+
-+        assertThat(mediaDataCaptor.value!!.semanticActions).isNotNull()
-+        val actions = mediaDataCaptor.value!!.semanticActions!!
-+
-+        assertThat(actions.playOrPause).isNotNull()
-+        assertThat(actions.playOrPause!!.contentDescription).isEqualTo(
-+                context.getString(R.string.controls_media_button_play))
-+
-+        assertThat(actions.prevOrCustom).isNotNull()
-+        assertThat(actions.prevOrCustom!!.contentDescription).isEqualTo(customDesc[0])
-+
-+        assertThat(actions.nextOrCustom).isNotNull()
-+        assertThat(actions.nextOrCustom!!.contentDescription).isEqualTo(customDesc[1])
-+
-+        assertThat(actions.custom0).isNotNull()
-+        assertThat(actions.custom0!!.contentDescription).isEqualTo(customDesc[2])
-+
-+        assertThat(actions.custom1).isNotNull()
-+        assertThat(actions.custom1!!.contentDescription).isEqualTo(customDesc[3])
-+    }
-+
-+    @Test
-+    fun testPlaybackActions_connecting() {
-+        whenever(mediaFlags.areMediaSessionActionsEnabled(any(), any())).thenReturn(true)
-+        val stateActions = PlaybackState.ACTION_PLAY
-+        val stateBuilder = PlaybackState.Builder()
-+                .setState(PlaybackState.STATE_BUFFERING, 0, 10f)
-+                .setActions(stateActions)
-+        whenever(controller.playbackState).thenReturn(stateBuilder.build())
-+
-+        addNotificationAndLoad()
-+
-+        assertThat(mediaDataCaptor.value!!.semanticActions).isNotNull()
-+        val actions = mediaDataCaptor.value!!.semanticActions!!
-+
-+        assertThat(actions.playOrPause).isNotNull()
-+        assertThat(actions.playOrPause!!.contentDescription).isEqualTo(
-+                context.getString(R.string.controls_media_button_connecting))
-+    }
-+
-+    @Test
-+    fun testPlaybackActions_reservedSpace() {
-+        val customDesc = arrayOf("custom 1", "custom 2", "custom 3", "custom 4")
-+        whenever(mediaFlags.areMediaSessionActionsEnabled(any(), any())).thenReturn(true)
-+        val stateActions = PlaybackState.ACTION_PLAY
-+        val stateBuilder = PlaybackState.Builder()
-+                .setActions(stateActions)
-+        customDesc.forEach {
-+            stateBuilder.addCustomAction("action: $it", it, android.R.drawable.ic_media_pause)
-+        }
-+        val extras = Bundle().apply {
-+            putBoolean(MediaConstants.SESSION_EXTRAS_KEY_SLOT_RESERVATION_SKIP_TO_PREV, true)
-+            putBoolean(MediaConstants.SESSION_EXTRAS_KEY_SLOT_RESERVATION_SKIP_TO_NEXT, true)
-+        }
-+        whenever(controller.playbackState).thenReturn(stateBuilder.build())
-+        whenever(controller.extras).thenReturn(extras)
-+
-+        addNotificationAndLoad()
-+
-+        assertThat(mediaDataCaptor.value!!.semanticActions).isNotNull()
-+        val actions = mediaDataCaptor.value!!.semanticActions!!
-+
-+        assertThat(actions.playOrPause).isNotNull()
-+        assertThat(actions.playOrPause!!.contentDescription).isEqualTo(
-+                context.getString(R.string.controls_media_button_play))
-+
-+        assertThat(actions.prevOrCustom).isNull()
-+        assertThat(actions.nextOrCustom).isNull()
-+
-+        assertThat(actions.custom0).isNotNull()
-+        assertThat(actions.custom0!!.contentDescription).isEqualTo(customDesc[0])
-+
-+        assertThat(actions.custom1).isNotNull()
-+        assertThat(actions.custom1!!.contentDescription).isEqualTo(customDesc[1])
-+
-+        assertThat(actions.reserveNext).isTrue()
-+        assertThat(actions.reservePrev).isTrue()
-+    }
-+
-+    @Test
-+    fun testPlaybackActions_playPause_hasButton() {
-+        whenever(mediaFlags.areMediaSessionActionsEnabled(any(), any())).thenReturn(true)
-+        val stateActions = PlaybackState.ACTION_PLAY_PAUSE
-+        val stateBuilder = PlaybackState.Builder().setActions(stateActions)
-+        whenever(controller.playbackState).thenReturn(stateBuilder.build())
-+
-+        addNotificationAndLoad()
-+
-+        assertThat(mediaDataCaptor.value!!.semanticActions).isNotNull()
-+        val actions = mediaDataCaptor.value!!.semanticActions!!
-+
-+        assertThat(actions.playOrPause).isNotNull()
-+        assertThat(actions.playOrPause!!.contentDescription).isEqualTo(
-+            context.getString(R.string.controls_media_button_play))
-+        actions.playOrPause!!.action!!.run()
-+        verify(transportControls).play()
-+    }
-+
-+    @Test
-+    fun testPlaybackLocationChange_isLogged() {
-+        // Media control added for local playback
-+        addNotificationAndLoad()
-+        val instanceId = mediaDataCaptor.value.instanceId
-+
-+        // Location is updated to local cast
-+        whenever(controller.metadata).thenReturn(metadataBuilder.build())
-+        whenever(playbackInfo.playbackType).thenReturn(
-+            MediaController.PlaybackInfo.PLAYBACK_TYPE_REMOTE)
-+        addNotificationAndLoad()
-+        verify(logger).logPlaybackLocationChange(anyInt(), eq(PACKAGE_NAME),
-+            eq(instanceId), eq(MediaData.PLAYBACK_CAST_LOCAL))
-+
-+        // update to remote cast
-+        val rcn = SbnBuilder().run {
-+            setPkg(SYSTEM_PACKAGE_NAME) // System package
-+            modifyNotification(context).also {
-+                it.setSmallIcon(android.R.drawable.ic_media_pause)
-+                it.setStyle(MediaStyle().apply {
-+                    setMediaSession(session.sessionToken)
-+                    setRemotePlaybackInfo("Remote device", 0, null)
-+                })
-+            }
-+            build()
-+        }
-+
-+        mediaDataManager.onNotificationAdded(KEY, rcn)
-+        assertThat(backgroundExecutor.runAllReady()).isEqualTo(1)
-+        assertThat(foregroundExecutor.runAllReady()).isEqualTo(1)
-+        verify(logger).logPlaybackLocationChange(anyInt(), eq(SYSTEM_PACKAGE_NAME),
-+            eq(instanceId), eq(MediaData.PLAYBACK_CAST_REMOTE))
-+    }
-+
-+    @Test
-+    fun testPlaybackStateChange_keyExists_callsListener() {
-+        // Notification has been added
-+        addNotificationAndLoad()
-+        val callbackCaptor = argumentCaptor<(String, PlaybackState) -> Unit>()
-+        verify(mediaTimeoutListener).stateCallback = capture(callbackCaptor)
-+
-+        // Callback gets an updated state
-+        val state = PlaybackState.Builder()
-+                .setState(PlaybackState.STATE_PLAYING, 0L, 1f)
-+                .build()
-+        callbackCaptor.value.invoke(KEY, state)
-+
-+        // Listener is notified of updated state
-+        verify(listener).onMediaDataLoaded(eq(KEY), eq(KEY),
-+                capture(mediaDataCaptor), eq(true), eq(0), eq(false))
-+        assertThat(mediaDataCaptor.value.isPlaying).isTrue()
-+    }
-+
-+    @Test
-+    fun testPlaybackStateChange_keyDoesNotExist_doesNothing() {
-+        val state = PlaybackState.Builder().build()
-+        val callbackCaptor = argumentCaptor<(String, PlaybackState) -> Unit>()
-+        verify(mediaTimeoutListener).stateCallback = capture(callbackCaptor)
-+
-+        // No media added with this key
-+
-+        callbackCaptor.value.invoke(KEY, state)
-+        verify(listener, never()).onMediaDataLoaded(eq(KEY), any(), any(), anyBoolean(), anyInt(),
-+                anyBoolean())
-+    }
-+
-+    @Test
-+    fun testPlaybackStateChange_keyHasNullToken_doesNothing() {
-+        // When we get an update that sets the data's token to null
-+        whenever(controller.metadata).thenReturn(metadataBuilder.build())
-+        addNotificationAndLoad()
-+        val data = mediaDataCaptor.value
-+        assertThat(data.resumption).isFalse()
-+        mediaDataManager.onMediaDataLoaded(KEY, null, data.copy(token = null))
-+
-+        // And then get a state update
-+        val state = PlaybackState.Builder().build()
-+        val callbackCaptor = argumentCaptor<(String, PlaybackState) -> Unit>()
-+        verify(mediaTimeoutListener).stateCallback = capture(callbackCaptor)
-+
-+        // Then no changes are made
-+        callbackCaptor.value.invoke(KEY, state)
-+        verify(listener, never()).onMediaDataLoaded(eq(KEY), any(), any(), anyBoolean(), anyInt(),
-+            anyBoolean())
-+    }
-+
-+    /**
-+     * Helper function to add a media notification and capture the resulting MediaData
-+     */
-+    private fun addNotificationAndLoad() {
-+        mediaDataManager.onNotificationAdded(KEY, mediaNotification)
-+        assertThat(backgroundExecutor.runAllReady()).isEqualTo(1)
-+        assertThat(foregroundExecutor.runAllReady()).isEqualTo(1)
-+        verify(listener).onMediaDataLoaded(eq(KEY), eq(null), capture(mediaDataCaptor), eq(true),
-+            eq(0), eq(false))
-+    }
-+}
diff --git a/Patches/LineageOS-20.0/ASB-2023-10/base-03.patch.disabled b/Patches/LineageOS-20.0/ASB-2023-10/base-03.patch.disabled
deleted file mode 100644
index c9d0a398..00000000
--- a/Patches/LineageOS-20.0/ASB-2023-10/base-03.patch.disabled
+++ /dev/null
@@ -1,53 +0,0 @@
-From cbb1a0ecd6b67735bdb735d76606bc03f6b955bf Mon Sep 17 00:00:00 2001
-From: Ioana Alexandru <aioana@google.com>
-Date: Mon, 8 May 2023 18:39:35 +0000
-Subject: [PATCH] Verify URI permissions for EXTRA_REMOTE_INPUT_HISTORY_ITEMS.
-
-Also added a step to serialize & deserialize the notification in the
-test, to prevent exceptions about not being able to cast e.g.
-Parcelable[] to RemoteInputHistoryItem[].
-
-Test: atest NotificationManagerServiceTest & tested with POC from bug
-Bug: 276729064
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:4e19431a60300c6ea6c7f7dd64299916e4eb09bc)
-Merged-In: I7053ca59f9c7f1df5226418594109cfb8b609b1e
-Change-Id: I7053ca59f9c7f1df5226418594109cfb8b609b1e
----
- core/java/android/app/Notification.java                    | 5 +++--
- .../notification/NotificationManagerServiceTest.java       | 7 +++++++
- 2 files changed, 10 insertions(+), 2 deletions(-)
-
-diff --git a/core/java/android/app/Notification.java b/core/java/android/app/Notification.java
-index 8a730fb0deaa..01528ae06cf5 100644
---- a/core/java/android/app/Notification.java
-+++ b/core/java/android/app/Notification.java
-@@ -2858,8 +2858,9 @@ public void visitUris(@NonNull Consumer<Uri> visitor) {
-                 visitor.accept(person.getIconUri());
-             }
- 
--            final RemoteInputHistoryItem[] history = (RemoteInputHistoryItem[])
--                    extras.getParcelableArray(Notification.EXTRA_REMOTE_INPUT_HISTORY_ITEMS);
-+            final RemoteInputHistoryItem[] history = extras.getParcelableArray(
-+                    Notification.EXTRA_REMOTE_INPUT_HISTORY_ITEMS,
-+                    RemoteInputHistoryItem.class);
-             if (history != null) {
-                 for (int i = 0; i < history.length; i++) {
-                     RemoteInputHistoryItem item = history[i];
-diff --git a/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java b/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java
-index dcaca51c176b..cf33eb5b3647 100755
---- a/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java
-+++ b/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java
-@@ -5439,6 +5439,13 @@ public void testVisitUris() throws Exception {
-                 .addExtras(extras)
-                 .build();
- 
-+        // Serialize and deserialize the notification to make sure nothing breaks in the process,
-+        // since that's what will usually happen before we get to call visitUris.
-+        Parcel parcel = Parcel.obtain();
-+        n.writeToParcel(parcel, 0);
-+        parcel.setDataPosition(0);
-+        n = new Notification(parcel);
-+
-         Consumer<Uri> visitor = (Consumer<Uri>) spy(Consumer.class);
-         n.visitUris(visitor);
-         verify(visitor, times(1)).accept(eq(audioContents));
diff --git a/Patches/LineageOS-20.0/ASB-2023-10/base-04.patch b/Patches/LineageOS-20.0/ASB-2023-10/base-04.patch
deleted file mode 100644
index 733b57c8..00000000
--- a/Patches/LineageOS-20.0/ASB-2023-10/base-04.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From 4725772c0b3f0db2940e70851e145ec4ec71768b Mon Sep 17 00:00:00 2001
-From: Josep del Rio <joseprio@google.com>
-Date: Mon, 26 Jun 2023 09:30:06 +0000
-Subject: [PATCH] Do not share key mappings with JNI object
-
-The key mapping information between the native key mappings and
-the KeyCharacterMap object available in Java is currently shared,
-which means that a read can be attempted while it's being modified.
-
-Bug: 274058082
-Test: Patch tested by Oppo
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:3d993de0d1ada8065d1fe561f690c8f82b6a7d4b)
-Merged-In: I745008a0a8ea30830660c45dcebee917b3913d13
-Change-Id: I745008a0a8ea30830660c45dcebee917b3913d13
----
- core/jni/android_view_InputDevice.cpp | 11 +++++++++--
- 1 file changed, 9 insertions(+), 2 deletions(-)
-
-diff --git a/core/jni/android_view_InputDevice.cpp b/core/jni/android_view_InputDevice.cpp
-index 9cc72437a023..f7c770e0bffb 100644
---- a/core/jni/android_view_InputDevice.cpp
-+++ b/core/jni/android_view_InputDevice.cpp
-@@ -42,6 +42,13 @@ jobject android_view_InputDevice_create(JNIEnv* env, const InputDeviceInfo& devi
-         return NULL;
-     }
- 
-+    // b/274058082: Pass a copy of the key character map to avoid concurrent
-+    // access
-+    std::shared_ptr<KeyCharacterMap> map = deviceInfo.getKeyCharacterMap();
-+    if (map != nullptr) {
-+        map = std::make_shared<KeyCharacterMap>(*map);
-+    }
-+
-     ScopedLocalRef<jstring> descriptorObj(env,
-             env->NewStringUTF(deviceInfo.getIdentifier().descriptor.c_str()));
-     if (!descriptorObj.get()) {
-@@ -49,8 +56,8 @@ jobject android_view_InputDevice_create(JNIEnv* env, const InputDeviceInfo& devi
-     }
- 
-     ScopedLocalRef<jobject> kcmObj(env,
--            android_view_KeyCharacterMap_create(env, deviceInfo.getId(),
--            deviceInfo.getKeyCharacterMap()));
-+                                   android_view_KeyCharacterMap_create(env, deviceInfo.getId(),
-+                                                                       map));
-     if (!kcmObj.get()) {
-         return NULL;
-     }
diff --git a/Patches/LineageOS-20.0/ASB-2023-10/base-05.patch b/Patches/LineageOS-20.0/ASB-2023-10/base-05.patch
deleted file mode 100644
index 6a0727e6..00000000
--- a/Patches/LineageOS-20.0/ASB-2023-10/base-05.patch
+++ /dev/null
@@ -1,197 +0,0 @@
-From 19747f69235d208e3d61099c76fa47aa792fe3a7 Mon Sep 17 00:00:00 2001
-From: Tim Yu <yunicorn@google.com>
-Date: Tue, 20 Jun 2023 21:24:36 +0000
-Subject: [PATCH] [DO NOT MERGE] Verify URI Permissions in Autofill RemoteViews
-
-Check permissions of URI inside of FillResponse's RemoteViews. If the
-current user does not have the required permissions to view the URI, the
-RemoteView is dropped from displaying.
-
-This fixes a security spill in which a user can view content of another
-user through a malicious Autofill provider.
-
-Bug: 283137865
-Fixes: b/283264674 b/281666022 b/281665050 b/281848557 b/281533566
-b/281534749 b/283101289
-Test: Verified by POC app attached in bugs
-Test: atest CtsAutoFillServiceTestCases (added new tests)
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:93810ba1c0a4d31f49adbf9454731e2b7defdfc0)
-Merged-In: I6f4d2a35e89bbed7bd9e07bf5cd3e2d68b20af9a
-Change-Id: I6f4d2a35e89bbed7bd9e07bf5cd3e2d68b20af9a
----
- .../com/android/server/autofill/Helper.java   | 43 +++++++++++++++++++
- .../server/autofill/ui/DialogFillUi.java      | 12 ++++--
- .../android/server/autofill/ui/FillUi.java    | 11 +++--
- .../android/server/autofill/ui/SaveUi.java    |  3 +-
- 4 files changed, 60 insertions(+), 9 deletions(-)
-
-diff --git a/services/autofill/java/com/android/server/autofill/Helper.java b/services/autofill/java/com/android/server/autofill/Helper.java
-index bc5d6457c945..48113a81cca5 100644
---- a/services/autofill/java/com/android/server/autofill/Helper.java
-+++ b/services/autofill/java/com/android/server/autofill/Helper.java
-@@ -18,6 +18,8 @@
- 
- import android.annotation.NonNull;
- import android.annotation.Nullable;
-+import android.annotation.UserIdInt;
-+import android.app.ActivityManager;
- import android.app.assist.AssistStructure;
- import android.app.assist.AssistStructure.ViewNode;
- import android.app.assist.AssistStructure.WindowNode;
-@@ -34,6 +36,7 @@
- import android.view.WindowManager;
- import android.view.autofill.AutofillId;
- import android.view.autofill.AutofillValue;
-+import android.widget.RemoteViews;
- 
- import com.android.internal.logging.nano.MetricsProto.MetricsEvent;
- import com.android.internal.util.ArrayUtils;
-@@ -42,6 +45,8 @@
- import java.util.ArrayDeque;
- import java.util.ArrayList;
- import java.util.Arrays;
-+import java.util.concurrent.atomic.AtomicBoolean;
-+
- 
- public final class Helper {
- 
-@@ -75,6 +80,44 @@ private Helper() {
-         throw new UnsupportedOperationException("contains static members only");
-     }
- 
-+    private static boolean checkRemoteViewUriPermissions(
-+            @UserIdInt int userId, @NonNull RemoteViews rView) {
-+        final AtomicBoolean permissionsOk = new AtomicBoolean(true);
-+
-+        rView.visitUris(uri -> {
-+            int uriOwnerId = android.content.ContentProvider.getUserIdFromUri(uri);
-+            boolean allowed = uriOwnerId == userId;
-+            permissionsOk.set(allowed && permissionsOk.get());
-+        });
-+
-+        return permissionsOk.get();
-+    }
-+
-+    /**
-+     * Checks the URI permissions of the remote view,
-+     * to see if the current userId is able to access it.
-+     *
-+     * Returns the RemoteView that is passed if user is able, null otherwise.
-+     *
-+     * TODO: instead of returning a null remoteview when
-+     * the current userId cannot access an URI,
-+     * return a new RemoteView with the URI removed.
-+     */
-+    public static @Nullable RemoteViews sanitizeRemoteView(RemoteViews rView) {
-+        if (rView == null) return null;
-+
-+        int userId = ActivityManager.getCurrentUser();
-+
-+        boolean ok = checkRemoteViewUriPermissions(userId, rView);
-+        if (!ok) {
-+            Slog.w(TAG,
-+                    "sanitizeRemoteView() user: " + userId
-+                    + " tried accessing resource that does not belong to them");
-+        }
-+        return (ok ? rView : null);
-+    }
-+
-+
-     @Nullable
-     static AutofillId[] toArray(@Nullable ArraySet<AutofillId> set) {
-         if (set == null) return null;
-diff --git a/services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java b/services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java
-index c2c630e01bee..59184e9ed288 100644
---- a/services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java
-+++ b/services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java
-@@ -52,6 +52,7 @@
- 
- import com.android.internal.R;
- import com.android.server.autofill.AutofillManagerService;
-+import com.android.server.autofill.Helper;
- 
- import java.io.PrintWriter;
- import java.util.ArrayList;
-@@ -197,7 +198,8 @@ private void setServiceIcon(View decor, Drawable serviceIcon) {
-     }
- 
-     private void setHeader(View decor, FillResponse response) {
--        final RemoteViews presentation = response.getDialogHeader();
-+        final RemoteViews presentation =
-+                Helper.sanitizeRemoteView(response.getDialogHeader());
-         if (presentation == null) {
-             return;
-         }
-@@ -232,9 +234,10 @@ private void setContinueButton(View decor, View.OnClickListener listener) {
-     }
- 
-     private void initialAuthenticationLayout(View decor, FillResponse response) {
--        RemoteViews presentation = response.getDialogPresentation();
-+        RemoteViews presentation = Helper.sanitizeRemoteView(
-+                response.getDialogPresentation());
-         if (presentation == null) {
--            presentation = response.getPresentation();
-+            presentation = Helper.sanitizeRemoteView(response.getPresentation());
-         }
-         if (presentation == null) {
-             throw new RuntimeException("No presentation for fill dialog authentication");
-@@ -278,7 +281,8 @@ private ArrayList<ViewItem> createDatasetItems(FillResponse response,
-             final Dataset dataset = response.getDatasets().get(i);
-             final int index = dataset.getFieldIds().indexOf(focusedViewId);
-             if (index >= 0) {
--                RemoteViews presentation = dataset.getFieldDialogPresentation(index);
-+                RemoteViews presentation = Helper.sanitizeRemoteView(
-+                        dataset.getFieldDialogPresentation(index));
-                 if (presentation == null) {
-                     if (sDebug) {
-                         Slog.w(TAG, "not displaying UI on field " + focusedViewId + " because "
-diff --git a/services/autofill/java/com/android/server/autofill/ui/FillUi.java b/services/autofill/java/com/android/server/autofill/ui/FillUi.java
-index 8fbdd81cc4cc..76fa258734cc 100644
---- a/services/autofill/java/com/android/server/autofill/ui/FillUi.java
-+++ b/services/autofill/java/com/android/server/autofill/ui/FillUi.java
-@@ -144,8 +144,9 @@ public static boolean isFullScreen(Context context) {
- 
-         final LayoutInflater inflater = LayoutInflater.from(mContext);
- 
--        final RemoteViews headerPresentation = response.getHeader();
--        final RemoteViews footerPresentation = response.getFooter();
-+        final RemoteViews headerPresentation = Helper.sanitizeRemoteView(response.getHeader());
-+        final RemoteViews footerPresentation = Helper.sanitizeRemoteView(response.getFooter());
-+
-         final ViewGroup decor;
-         if (mFullScreen) {
-             decor = (ViewGroup) inflater.inflate(R.layout.autofill_dataset_picker_fullscreen, null);
-@@ -223,6 +224,9 @@ public static boolean isFullScreen(Context context) {
-             ViewGroup container = decor.findViewById(R.id.autofill_dataset_picker);
-             final View content;
-             try {
-+                if (Helper.sanitizeRemoteView(response.getPresentation()) == null) {
-+                    throw new RuntimeException("Permission error accessing RemoteView");
-+                }
-                 content = response.getPresentation().applyWithTheme(
-                         mContext, decor, interceptionHandler, mThemeId);
-                 container.addView(content);
-@@ -302,7 +306,8 @@ public static boolean isFullScreen(Context context) {
-                 final Dataset dataset = response.getDatasets().get(i);
-                 final int index = dataset.getFieldIds().indexOf(focusedViewId);
-                 if (index >= 0) {
--                    final RemoteViews presentation = dataset.getFieldPresentation(index);
-+                    final RemoteViews presentation = Helper.sanitizeRemoteView(
-+                            dataset.getFieldPresentation(index));
-                     if (presentation == null) {
-                         Slog.w(TAG, "not displaying UI on field " + focusedViewId + " because "
-                                 + "service didn't provide a presentation for it on " + dataset);
-diff --git a/services/autofill/java/com/android/server/autofill/ui/SaveUi.java b/services/autofill/java/com/android/server/autofill/ui/SaveUi.java
-index 677871f6c85f..533a7b69a650 100644
---- a/services/autofill/java/com/android/server/autofill/ui/SaveUi.java
-+++ b/services/autofill/java/com/android/server/autofill/ui/SaveUi.java
-@@ -368,8 +368,7 @@ private boolean applyCustomDescription(@NonNull Context context, @NonNull View s
-             return false;
-         }
-         writeLog(MetricsEvent.AUTOFILL_SAVE_CUSTOM_DESCRIPTION);
--
--        final RemoteViews template = customDescription.getPresentation();
-+        final RemoteViews template = Helper.sanitizeRemoteView(customDescription.getPresentation());
-         if (template == null) {
-             Slog.w(TAG, "No remote view on custom description");
-             return false;
diff --git a/Patches/LineageOS-20.0/ASB-2023-10/base-06.patch b/Patches/LineageOS-20.0/ASB-2023-10/base-06.patch
deleted file mode 100644
index f5fa691a..00000000
--- a/Patches/LineageOS-20.0/ASB-2023-10/base-06.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From e7a1aa9ed0bc69853bc83d098e15b8fa3b1881b4 Mon Sep 17 00:00:00 2001
-From: Hongwei Wang <hwwang@google.com>
-Date: Thu, 25 May 2023 12:18:44 -0700
-Subject: [PATCH] Disallow loading icon from content URI to PipMenu
-
-Bug: 278246904
-Test: manually, with the PoC app attached to the bug
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:1aee65603e262affd815fa53dcc5416c605e4037)
-Merged-In: Ib3f5b8b6b9ce644fdf1173548d9078e4d969ae2e
-Change-Id: Ib3f5b8b6b9ce644fdf1173548d9078e4d969ae2e
----
- .../wm/shell/pip/phone/PipMenuView.java       | 21 ++++++++++++-------
- 1 file changed, 14 insertions(+), 7 deletions(-)
-
-diff --git a/libs/WindowManager/Shell/src/com/android/wm/shell/pip/phone/PipMenuView.java b/libs/WindowManager/Shell/src/com/android/wm/shell/pip/phone/PipMenuView.java
-index 167c0321d3ad..779c539a2097 100644
---- a/libs/WindowManager/Shell/src/com/android/wm/shell/pip/phone/PipMenuView.java
-+++ b/libs/WindowManager/Shell/src/com/android/wm/shell/pip/phone/PipMenuView.java
-@@ -45,6 +45,7 @@
- import android.graphics.Color;
- import android.graphics.Rect;
- import android.graphics.drawable.Drawable;
-+import android.graphics.drawable.Icon;
- import android.net.Uri;
- import android.os.Bundle;
- import android.os.Handler;
-@@ -513,13 +514,19 @@ private void updateActionViews(int menuState, Rect stackBounds) {
-                     final boolean isCloseAction = mCloseAction != null && Objects.equals(
-                             mCloseAction.getActionIntent(), action.getActionIntent());
- 
--                    // TODO: Check if the action drawable has changed before we reload it
--                    action.getIcon().loadDrawableAsync(mContext, d -> {
--                        if (d != null) {
--                            d.setTint(Color.WHITE);
--                            actionView.setImageDrawable(d);
--                        }
--                    }, mMainHandler);
-+                    final int iconType = action.getIcon().getType();
-+                    if (iconType == Icon.TYPE_URI || iconType == Icon.TYPE_URI_ADAPTIVE_BITMAP) {
-+                        // Disallow loading icon from content URI
-+                        actionView.setImageDrawable(null);
-+                    } else {
-+                        // TODO: Check if the action drawable has changed before we reload it
-+                        action.getIcon().loadDrawableAsync(mContext, d -> {
-+                            if (d != null) {
-+                                d.setTint(Color.WHITE);
-+                                actionView.setImageDrawable(d);
-+                            }
-+                        }, mMainHandler);
-+                    }
-                     actionView.setCustomCloseBackgroundVisibility(
-                             isCloseAction ? View.VISIBLE : View.GONE);
-                     actionView.setContentDescription(action.getContentDescription());
diff --git a/Patches/LineageOS-20.0/ASB-2023-10/base-07.patch b/Patches/LineageOS-20.0/ASB-2023-10/base-07.patch
deleted file mode 100644
index 1b807841..00000000
--- a/Patches/LineageOS-20.0/ASB-2023-10/base-07.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From 922a7860b1baf29ff5cb53a31d01c341cd2b9ecb Mon Sep 17 00:00:00 2001
-From: Kunal Malhotra <malhk@google.com>
-Date: Fri, 2 Jun 2023 23:32:02 +0000
-Subject: [PATCH] Fixing DatabaseUtils to detect malformed UTF-16 strings
-
-Test: tested with POC in bug, also using atest
-Bug: 224771621
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:fb4a72e3943d166088407e61aa4439ac349f3f12)
-Merged-In: Ide65205b83063801971c5778af3154bcf3f0e530
-Change-Id: Ide65205b83063801971c5778af3154bcf3f0e530
----
- core/java/android/database/DatabaseUtils.java | 32 +++++++++++++------
- 1 file changed, 23 insertions(+), 9 deletions(-)
-
-diff --git a/core/java/android/database/DatabaseUtils.java b/core/java/android/database/DatabaseUtils.java
-index 6c8a8500e4e3..d41df4f49d48 100644
---- a/core/java/android/database/DatabaseUtils.java
-+++ b/core/java/android/database/DatabaseUtils.java
-@@ -511,17 +511,31 @@ public static void cursorFillWindow(final Cursor cursor,
-      */
-     public static void appendEscapedSQLString(StringBuilder sb, String sqlString) {
-         sb.append('\'');
--        if (sqlString.indexOf('\'') != -1) {
--            int length = sqlString.length();
--            for (int i = 0; i < length; i++) {
--                char c = sqlString.charAt(i);
--                if (c == '\'') {
--                    sb.append('\'');
-+        int length = sqlString.length();
-+        for (int i = 0; i < length; i++) {
-+            char c = sqlString.charAt(i);
-+            if (Character.isHighSurrogate(c)) {
-+                if (i == length - 1) {
-+                    continue;
-+                }
-+                if (Character.isLowSurrogate(sqlString.charAt(i + 1))) {
-+                    // add them both
-+                    sb.append(c);
-+                    sb.append(sqlString.charAt(i + 1));
-+                    continue;
-+                } else {
-+                    // this is a lone surrogate, skip it
-+                    continue;
-                 }
--                sb.append(c);
-             }
--        } else
--            sb.append(sqlString);
-+            if (Character.isLowSurrogate(c)) {
-+                continue;
-+            }
-+            if (c == '\'') {
-+                sb.append('\'');
-+            }
-+            sb.append(c);
-+        }
-         sb.append('\'');
-     }
- 
diff --git a/Patches/LineageOS-20.0/ASB-2023-10/base-08.patch b/Patches/LineageOS-20.0/ASB-2023-10/base-08.patch
deleted file mode 100644
index 4b36962a..00000000
--- a/Patches/LineageOS-20.0/ASB-2023-10/base-08.patch
+++ /dev/null
@@ -1,455 +0,0 @@
-From ed183ed9122416026ed27d4877f96a545fe42316 Mon Sep 17 00:00:00 2001
-From: Anton Potapov <apotapov@google.com>
-Date: Tue, 4 Jul 2023 12:15:41 +0100
-Subject: [PATCH] Add userId check before loading icon in Device Controls
-
-Test: manual with the steps from the bug
-Test: manual with a normal icon
-Test: atest CanUseIconPredicate
-Test: atest ControlViewHolderTest
-Bug: 272025416
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:22f97f081ccc6f6a7230b15447a6c885dfe4fa59)
-Merged-In: Ib0e677f7ccbed6299ea07939519c7dcf6d371bec
-Change-Id: Ib0e677f7ccbed6299ea07939519c7dcf6d371bec
----
- .../controls/management/ControlAdapter.kt     | 15 +++-
- .../management/ControlsEditingActivity.kt     |  2 +-
- .../management/ControlsFavoritingActivity.kt  |  4 +-
- .../controls/management/StructureAdapter.kt   | 11 ++-
- .../controls/ui/CanUseIconPredicate.kt        | 30 +++++++
- .../systemui/controls/ui/ControlViewHolder.kt | 50 ++++++------
- .../controls/ui/ControlsUiControllerImpl.kt   |  3 +-
- .../controls/ui/TemperatureControlBehavior.kt |  2 +-
- .../systemui/controls/ui/ThumbnailBehavior.kt | 12 ++-
- .../controls/ui/CanUseIconPredicateTest.kt    | 81 +++++++++++++++++++
- .../controls/ui/ControlViewHolderTest.kt      |  3 +-
- 11 files changed, 173 insertions(+), 40 deletions(-)
- create mode 100644 packages/SystemUI/src/com/android/systemui/controls/ui/CanUseIconPredicate.kt
- create mode 100644 packages/SystemUI/tests/src/com/android/systemui/controls/ui/CanUseIconPredicateTest.kt
-
-diff --git a/packages/SystemUI/src/com/android/systemui/controls/management/ControlAdapter.kt b/packages/SystemUI/src/com/android/systemui/controls/management/ControlAdapter.kt
-index 3eb58bba1ca4..ec76f433b23b 100644
---- a/packages/SystemUI/src/com/android/systemui/controls/management/ControlAdapter.kt
-+++ b/packages/SystemUI/src/com/android/systemui/controls/management/ControlAdapter.kt
-@@ -38,6 +38,7 @@ import androidx.core.view.accessibility.AccessibilityNodeInfoCompat
- import androidx.recyclerview.widget.RecyclerView
- import com.android.systemui.R
- import com.android.systemui.controls.ControlInterface
-+import com.android.systemui.controls.ui.CanUseIconPredicate
- import com.android.systemui.controls.ui.RenderInfo
- 
- private typealias ModelFavoriteChanger = (String, Boolean) -> Unit
-@@ -51,7 +52,8 @@ private typealias ModelFavoriteChanger = (String, Boolean) -> Unit
-  * @property elevation elevation of each control view
-  */
- class ControlAdapter(
--    private val elevation: Float
-+    private val elevation: Float,
-+    private val currentUserId: Int,
- ) : RecyclerView.Adapter<Holder>() {
- 
-     companion object {
-@@ -107,7 +109,8 @@ class ControlAdapter(
-                         background = parent.context.getDrawable(
-                                 R.drawable.control_background_ripple)
-                     },
--                    model?.moveHelper // Indicates that position information is needed
-+                    currentUserId,
-+                    model?.moveHelper, // Indicates that position information is needed
-                 ) { id, favorite ->
-                     model?.changeFavoriteStatus(id, favorite)
-                 }
-@@ -212,8 +215,9 @@ private class ZoneHolder(view: View) : Holder(view) {
-  */
- internal class ControlHolder(
-     view: View,
-+    currentUserId: Int,
-     val moveHelper: ControlsModel.MoveHelper?,
--    val favoriteCallback: ModelFavoriteChanger
-+    val favoriteCallback: ModelFavoriteChanger,
- ) : Holder(view) {
-     private val favoriteStateDescription =
-         itemView.context.getString(R.string.accessibility_control_favorite)
-@@ -228,6 +232,7 @@ internal class ControlHolder(
-         visibility = View.VISIBLE
-     }
- 
-+    private val canUseIconPredicate = CanUseIconPredicate(currentUserId)
-     private val accessibilityDelegate = ControlHolderAccessibilityDelegate(
-         this::stateDescription,
-         this::getLayoutPosition,
-@@ -287,7 +292,9 @@ internal class ControlHolder(
-         val fg = context.getResources().getColorStateList(ri.foreground, context.getTheme())
- 
-         icon.imageTintList = null
--        ci.customIcon?.let {
-+        ci.customIcon
-+                ?.takeIf(canUseIconPredicate)
-+                ?.let {
-             icon.setImageIcon(it)
-         } ?: run {
-             icon.setImageDrawable(ri.icon)
-diff --git a/packages/SystemUI/src/com/android/systemui/controls/management/ControlsEditingActivity.kt b/packages/SystemUI/src/com/android/systemui/controls/management/ControlsEditingActivity.kt
-index 7df08651d5ab..8843349da2b5 100644
---- a/packages/SystemUI/src/com/android/systemui/controls/management/ControlsEditingActivity.kt
-+++ b/packages/SystemUI/src/com/android/systemui/controls/management/ControlsEditingActivity.kt
-@@ -205,7 +205,7 @@ open class ControlsEditingActivity @Inject constructor(
-         val elevation = resources.getFloat(R.dimen.control_card_elevation)
-         val recyclerView = requireViewById<RecyclerView>(R.id.list)
-         recyclerView.alpha = 0.0f
--        val adapter = ControlAdapter(elevation).apply {
-+        val adapter = ControlAdapter(elevation, controller.currentUserId).apply {
-             registerAdapterDataObserver(object : RecyclerView.AdapterDataObserver() {
-                 var hasAnimated = false
-                 override fun onChanged() {
-diff --git a/packages/SystemUI/src/com/android/systemui/controls/management/ControlsFavoritingActivity.kt b/packages/SystemUI/src/com/android/systemui/controls/management/ControlsFavoritingActivity.kt
-index 3e97d3132bc7..efc3fb662f1a 100644
---- a/packages/SystemUI/src/com/android/systemui/controls/management/ControlsFavoritingActivity.kt
-+++ b/packages/SystemUI/src/com/android/systemui/controls/management/ControlsFavoritingActivity.kt
-@@ -175,7 +175,7 @@ open class ControlsFavoritingActivity @Inject constructor(
-                 }
- 
-                 executor.execute {
--                    structurePager.adapter = StructureAdapter(listOfStructures)
-+                    structurePager.adapter = StructureAdapter(listOfStructures, controller.currentUserId)
-                     structurePager.setCurrentItem(structureIndex)
-                     if (error) {
-                         statusText.text = resources.getString(R.string.controls_favorite_load_error,
-@@ -221,7 +221,7 @@ open class ControlsFavoritingActivity @Inject constructor(
-         structurePager.alpha = 0.0f
-         pageIndicator.alpha = 0.0f
-         structurePager.apply {
--            adapter = StructureAdapter(emptyList())
-+            adapter = StructureAdapter(emptyList(), controller.currentUserId)
-             registerOnPageChangeCallback(object : ViewPager2.OnPageChangeCallback() {
-                 override fun onPageSelected(position: Int) {
-                     super.onPageSelected(position)
-diff --git a/packages/SystemUI/src/com/android/systemui/controls/management/StructureAdapter.kt b/packages/SystemUI/src/com/android/systemui/controls/management/StructureAdapter.kt
-index 747bcbe1c229..5977d379acde 100644
---- a/packages/SystemUI/src/com/android/systemui/controls/management/StructureAdapter.kt
-+++ b/packages/SystemUI/src/com/android/systemui/controls/management/StructureAdapter.kt
-@@ -24,13 +24,15 @@ import androidx.recyclerview.widget.RecyclerView
- import com.android.systemui.R
- 
- class StructureAdapter(
--    private val models: List<StructureContainer>
-+    private val models: List<StructureContainer>,
-+    private val currentUserId: Int,
- ) : RecyclerView.Adapter<StructureAdapter.StructureHolder>() {
- 
-     override fun onCreateViewHolder(parent: ViewGroup, p1: Int): StructureHolder {
-         val layoutInflater = LayoutInflater.from(parent.context)
-         return StructureHolder(
--            layoutInflater.inflate(R.layout.controls_structure_page, parent, false)
-+            layoutInflater.inflate(R.layout.controls_structure_page, parent, false),
-+            currentUserId,
-         )
-     }
- 
-@@ -40,7 +42,8 @@ class StructureAdapter(
-         holder.bind(models[index].model)
-     }
- 
--    class StructureHolder(view: View) : RecyclerView.ViewHolder(view) {
-+    class StructureHolder(view: View, currentUserId: Int) :
-+            RecyclerView.ViewHolder(view) {
- 
-         private val recyclerView: RecyclerView
-         private val controlAdapter: ControlAdapter
-@@ -48,7 +51,7 @@ class StructureAdapter(
-         init {
-             recyclerView = itemView.requireViewById<RecyclerView>(R.id.listAll)
-             val elevation = itemView.context.resources.getFloat(R.dimen.control_card_elevation)
--            controlAdapter = ControlAdapter(elevation)
-+            controlAdapter = ControlAdapter(elevation, currentUserId)
-             setUpRecyclerView()
-         }
- 
-diff --git a/packages/SystemUI/src/com/android/systemui/controls/ui/CanUseIconPredicate.kt b/packages/SystemUI/src/com/android/systemui/controls/ui/CanUseIconPredicate.kt
-new file mode 100644
-index 000000000000..61c21237144d
---- /dev/null
-+++ b/packages/SystemUI/src/com/android/systemui/controls/ui/CanUseIconPredicate.kt
-@@ -0,0 +1,30 @@
-+/*
-+ * Copyright (C) 2023 The Android Open Source Project
-+ *
-+ * Licensed under the Apache License, Version 2.0 (the "License");
-+ * you may not use this file except in compliance with the License.
-+ * You may obtain a copy of the License at
-+ *
-+ *      http://www.apache.org/licenses/LICENSE-2.0
-+ *
-+ * Unless required by applicable law or agreed to in writing, software
-+ * distributed under the License is distributed on an "AS IS" BASIS,
-+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+ * See the License for the specific language governing permissions and
-+ * limitations under the License.
-+ */
-+
-+package com.android.systemui.controls.ui
-+
-+import android.content.ContentProvider
-+import android.graphics.drawable.Icon
-+
-+class CanUseIconPredicate(private val currentUserId: Int) : (Icon) -> Boolean {
-+
-+    override fun invoke(icon: Icon): Boolean =
-+        if (icon.type == Icon.TYPE_URI || icon.type == Icon.TYPE_URI_ADAPTIVE_BITMAP) {
-+            ContentProvider.getUserIdFromUri(icon.uri, currentUserId) == currentUserId
-+        } else {
-+            true
-+        }
-+}
-diff --git a/packages/SystemUI/src/com/android/systemui/controls/ui/ControlViewHolder.kt b/packages/SystemUI/src/com/android/systemui/controls/ui/ControlViewHolder.kt
-index 6a9aaf865251..931062865c64 100644
---- a/packages/SystemUI/src/com/android/systemui/controls/ui/ControlViewHolder.kt
-+++ b/packages/SystemUI/src/com/android/systemui/controls/ui/ControlViewHolder.kt
-@@ -68,7 +68,8 @@ class ControlViewHolder(
-     val bgExecutor: DelayableExecutor,
-     val controlActionCoordinator: ControlActionCoordinator,
-     val controlsMetricsLogger: ControlsMetricsLogger,
--    val uid: Int
-+    val uid: Int,
-+    val currentUserId: Int,
- ) {
- 
-     companion object {
-@@ -85,29 +86,9 @@ class ControlViewHolder(
-         private val ATTR_DISABLED = intArrayOf(-android.R.attr.state_enabled)
-         const val MIN_LEVEL = 0
-         const val MAX_LEVEL = 10000
--
--        fun findBehaviorClass(
--            status: Int,
--            template: ControlTemplate,
--            deviceType: Int
--        ): Supplier<out Behavior> {
--            return when {
--                status != Control.STATUS_OK -> Supplier { StatusBehavior() }
--                template == ControlTemplate.NO_TEMPLATE -> Supplier { TouchBehavior() }
--                template is ThumbnailTemplate -> Supplier { ThumbnailBehavior() }
--
--                // Required for legacy support, or where cameras do not use the new template
--                deviceType == DeviceTypes.TYPE_CAMERA -> Supplier { TouchBehavior() }
--                template is ToggleTemplate -> Supplier { ToggleBehavior() }
--                template is StatelessTemplate -> Supplier { TouchBehavior() }
--                template is ToggleRangeTemplate -> Supplier { ToggleRangeBehavior() }
--                template is RangeTemplate -> Supplier { ToggleRangeBehavior() }
--                template is TemperatureControlTemplate -> Supplier { TemperatureControlBehavior() }
--                else -> Supplier { DefaultBehavior() }
--            }
--        }
-     }
- 
-+    private val canUseIconPredicate = CanUseIconPredicate(currentUserId)
-     private val toggleBackgroundIntensity: Float = layout.context.resources
-             .getFraction(R.fraction.controls_toggle_bg_intensity, 1, 1)
-     private var stateAnimator: ValueAnimator? = null
-@@ -147,6 +128,27 @@ class ControlViewHolder(
-         status.setSelected(true)
-     }
- 
-+    fun findBehaviorClass(
-+            status: Int,
-+            template: ControlTemplate,
-+            deviceType: Int
-+    ): Supplier<out Behavior> {
-+        return when {
-+            status != Control.STATUS_OK -> Supplier { StatusBehavior() }
-+            template == ControlTemplate.NO_TEMPLATE -> Supplier { TouchBehavior() }
-+            template is ThumbnailTemplate -> Supplier { ThumbnailBehavior(currentUserId) }
-+
-+            // Required for legacy support, or where cameras do not use the new template
-+            deviceType == DeviceTypes.TYPE_CAMERA -> Supplier { TouchBehavior() }
-+            template is ToggleTemplate -> Supplier { ToggleBehavior() }
-+            template is StatelessTemplate -> Supplier { TouchBehavior() }
-+            template is ToggleRangeTemplate -> Supplier { ToggleRangeBehavior() }
-+            template is RangeTemplate -> Supplier { ToggleRangeBehavior() }
-+            template is TemperatureControlTemplate -> Supplier { TemperatureControlBehavior() }
-+            else -> Supplier { DefaultBehavior() }
-+        }
-+    }
-+
-     fun bindData(cws: ControlWithState, isLocked: Boolean) {
-         // If an interaction is in progress, the update may visually interfere with the action the
-         // action the user wants to make. Don't apply the update, and instead assume a new update
-@@ -473,7 +475,9 @@ class ControlViewHolder(
- 
-         status.setTextColor(color)
- 
--        control?.getCustomIcon()?.let {
-+        control?.customIcon
-+                ?.takeIf(canUseIconPredicate)
-+                ?.let {
-             icon.setImageIcon(it)
-             icon.imageTintList = it.tintList
-         } ?: run {
-diff --git a/packages/SystemUI/src/com/android/systemui/controls/ui/ControlsUiControllerImpl.kt b/packages/SystemUI/src/com/android/systemui/controls/ui/ControlsUiControllerImpl.kt
-index 554391649548..1c1f7702c4bd 100644
---- a/packages/SystemUI/src/com/android/systemui/controls/ui/ControlsUiControllerImpl.kt
-+++ b/packages/SystemUI/src/com/android/systemui/controls/ui/ControlsUiControllerImpl.kt
-@@ -685,7 +685,8 @@ class ControlsUiControllerImpl @Inject constructor (
-                     bgExecutor,
-                     controlActionCoordinator,
-                     controlsMetricsLogger,
--                    selected.uid
-+                    selected.uid,
-+                    controlsController.get().currentUserId,
-                 )
-                 cvh.bindData(it, false /* isLocked, will be ignored on initial load */)
-                 controlViewsById.put(key, cvh)
-diff --git a/packages/SystemUI/src/com/android/systemui/controls/ui/TemperatureControlBehavior.kt b/packages/SystemUI/src/com/android/systemui/controls/ui/TemperatureControlBehavior.kt
-index a7dc09bb17e5..39d69704d817 100644
---- a/packages/SystemUI/src/com/android/systemui/controls/ui/TemperatureControlBehavior.kt
-+++ b/packages/SystemUI/src/com/android/systemui/controls/ui/TemperatureControlBehavior.kt
-@@ -63,7 +63,7 @@ class TemperatureControlBehavior : Behavior {
-             // interactions (touch, range)
-             subBehavior = cvh.bindBehavior(
-                 subBehavior,
--                ControlViewHolder.findBehaviorClass(
-+                cvh.findBehaviorClass(
-                     control.status,
-                     subTemplate,
-                     control.deviceType
-diff --git a/packages/SystemUI/src/com/android/systemui/controls/ui/ThumbnailBehavior.kt b/packages/SystemUI/src/com/android/systemui/controls/ui/ThumbnailBehavior.kt
-index c2168aa8d9d9..0b57e792f9f7 100644
---- a/packages/SystemUI/src/com/android/systemui/controls/ui/ThumbnailBehavior.kt
-+++ b/packages/SystemUI/src/com/android/systemui/controls/ui/ThumbnailBehavior.kt
-@@ -33,7 +33,7 @@ import com.android.systemui.controls.ui.ControlViewHolder.Companion.MIN_LEVEL
-  * Supports display of static images on the background of the tile. When marked active, the title
-  * and subtitle will not be visible. To be used with {@link Thumbnailtemplate} only.
-  */
--class ThumbnailBehavior : Behavior {
-+class ThumbnailBehavior(currentUserId: Int) : Behavior {
-     lateinit var template: ThumbnailTemplate
-     lateinit var control: Control
-     lateinit var cvh: ControlViewHolder
-@@ -42,6 +42,7 @@ class ThumbnailBehavior : Behavior {
-     private var shadowRadius: Float = 0f
-     private var shadowColor: Int = 0
- 
-+    private val canUseIconPredicate = CanUseIconPredicate(currentUserId)
-     private val enabled: Boolean
-         get() = template.isActive()
- 
-@@ -80,11 +81,16 @@ class ThumbnailBehavior : Behavior {
-             cvh.status.setShadowLayer(shadowOffsetX, shadowOffsetY, shadowRadius, shadowColor)
- 
-             cvh.bgExecutor.execute {
--                val drawable = template.getThumbnail().loadDrawable(cvh.context)
-+                val drawable = template.thumbnail
-+                        ?.takeIf(canUseIconPredicate)
-+                        ?.loadDrawable(cvh.context)
-                 cvh.uiExecutor.execute {
-                     val radius = cvh.context.getResources()
-                         .getDimensionPixelSize(R.dimen.control_corner_radius).toFloat()
--                    clipLayer.setDrawable(CornerDrawable(drawable, radius))
-+                    // TODO(b/290037843): Add a placeholder
-+                    drawable?.let {
-+                        clipLayer.drawable = CornerDrawable(it, radius)
-+                    }
-                     clipLayer.setColorFilter(BlendModeColorFilter(cvh.context.resources
-                         .getColor(R.color.control_thumbnail_tint), BlendMode.LUMINOSITY))
-                     cvh.applyRenderInfo(enabled, colorOffset)
-diff --git a/packages/SystemUI/tests/src/com/android/systemui/controls/ui/CanUseIconPredicateTest.kt b/packages/SystemUI/tests/src/com/android/systemui/controls/ui/CanUseIconPredicateTest.kt
-new file mode 100644
-index 000000000000..bfdb9231a9f8
---- /dev/null
-+++ b/packages/SystemUI/tests/src/com/android/systemui/controls/ui/CanUseIconPredicateTest.kt
-@@ -0,0 +1,81 @@
-+/*
-+ * Copyright (C) 2023 The Android Open Source Project
-+ *
-+ * Licensed under the Apache License, Version 2.0 (the "License");
-+ * you may not use this file except in compliance with the License.
-+ * You may obtain a copy of the License at
-+ *
-+ *      http://www.apache.org/licenses/LICENSE-2.0
-+ *
-+ * Unless required by applicable law or agreed to in writing, software
-+ * distributed under the License is distributed on an "AS IS" BASIS,
-+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+ * See the License for the specific language governing permissions and
-+ * limitations under the License.
-+ */
-+
-+package com.android.systemui.controls.ui
-+
-+import android.content.ContentProvider
-+import android.graphics.Bitmap
-+import android.graphics.drawable.Icon
-+import android.net.Uri
-+import android.os.UserHandle
-+import android.testing.AndroidTestingRunner
-+import androidx.test.filters.SmallTest
-+import com.android.systemui.SysuiTestCase
-+import com.google.common.truth.Truth.assertThat
-+import org.junit.Test
-+import org.junit.runner.RunWith
-+
-+@SmallTest
-+@RunWith(AndroidTestingRunner::class)
-+class CanUseIconPredicateTest : SysuiTestCase() {
-+
-+    private companion object {
-+        const val USER_ID_1 = 1
-+        const val USER_ID_2 = 2
-+    }
-+
-+    val underTest: CanUseIconPredicate = CanUseIconPredicate(USER_ID_1)
-+
-+    @Test
-+    fun testReturnsFalseForDifferentUser() {
-+        val user2Icon =
-+            Icon.createWithContentUri(
-+                ContentProvider.createContentUriForUser(
-+                    Uri.parse("content://test"),
-+                    UserHandle.of(USER_ID_2)
-+                )
-+            )
-+
-+        assertThat(underTest.invoke(user2Icon)).isFalse()
-+    }
-+
-+    @Test
-+    fun testReturnsTrueForCorrectUser() {
-+        val user1Icon =
-+            Icon.createWithContentUri(
-+                ContentProvider.createContentUriForUser(
-+                    Uri.parse("content://test"),
-+                    UserHandle.of(USER_ID_1)
-+                )
-+            )
-+
-+        assertThat(underTest.invoke(user1Icon)).isTrue()
-+    }
-+
-+    @Test
-+    fun testReturnsTrueForUriWithoutUser() {
-+        val uriIcon = Icon.createWithContentUri(Uri.parse("content://test"))
-+
-+        assertThat(underTest.invoke(uriIcon)).isTrue()
-+    }
-+
-+    @Test
-+    fun testReturnsTrueForNonUriIcon() {
-+        val bitmapIcon = Icon.createWithBitmap(Bitmap.createBitmap(1, 1, Bitmap.Config.ARGB_8888))
-+
-+        assertThat(underTest.invoke(bitmapIcon)).isTrue()
-+    }
-+}
-diff --git a/packages/SystemUI/tests/src/com/android/systemui/controls/ui/ControlViewHolderTest.kt b/packages/SystemUI/tests/src/com/android/systemui/controls/ui/ControlViewHolderTest.kt
-index d3c465dab438..42f28c8c6043 100644
---- a/packages/SystemUI/tests/src/com/android/systemui/controls/ui/ControlViewHolderTest.kt
-+++ b/packages/SystemUI/tests/src/com/android/systemui/controls/ui/ControlViewHolderTest.kt
-@@ -66,7 +66,8 @@ class ControlViewHolderTest : SysuiTestCase() {
-                     FakeExecutor(clock),
-                     mock(ControlActionCoordinator::class.java),
-                     mock(ControlsMetricsLogger::class.java),
--                    uid = 100
-+                    uid = 100,
-+                    0,
-             )
- 
-             val cws = ControlWithState(
diff --git a/Patches/LineageOS-20.0/ASB-2023-10/base-09.patch b/Patches/LineageOS-20.0/ASB-2023-10/base-09.patch
deleted file mode 100644
index b080bcc5..00000000
--- a/Patches/LineageOS-20.0/ASB-2023-10/base-09.patch
+++ /dev/null
@@ -1,135 +0,0 @@
-From c6fbe1330a77c479ea3e29b54523682d0f248420 Mon Sep 17 00:00:00 2001
-From: Eric Biggers <ebiggers@google.com>
-Date: Fri, 28 Jul 2023 22:03:03 +0000
-Subject: [PATCH] RESTRICT AUTOMERGE: SettingsProvider: exclude secure_frp_mode
- from resets
-
-When RescueParty detects that a system process is crashing frequently,
-it tries to recover in various ways, such as by resetting all settings.
-Unfortunately, this included resetting the secure_frp_mode setting,
-which is the means by which the system keeps track of whether the
-Factory Reset Protection (FRP) challenge has been passed yet.  With this
-setting reset, some FRP restrictions went away and it became possible to
-bypass FRP by setting a new lockscreen credential.
-
-Fix this by excluding secure_frp_mode from resets.
-
-Note: currently this bug isn't reproducible on 'main' due to ag/23727749
-disabling much of RescueParty, but that is a temporary change.
-
-Bug: 253043065
-Test: With ag/23727749 reverted and with my fix to prevent
-      com.android.settings from crashing *not* applied, tried repeatedly
-      setting lockscreen credential while in FRP mode, using the
-      smartlock setup activity launched by intent via adb.  Verified
-      that although RescueParty is still triggered after 5 attempts,
-      secure_frp_mode is no longer reset (its value remains "1").
-Test: Verified that secure_frp_mode still gets changed from 1 to 0 when
-      FRP is passed legitimately.
-Test: atest com.android.providers.settings.SettingsProviderTest
-Test: atest android.provider.SettingsProviderTest
-(cherry picked from commit 9890dd7f15c091f7d1a09e4fddb9f85d32015955)
-(changed Global.SECURE_FRP_MODE to Secure.SECURE_FRP_MODE,
- needed because this setting was moved in U)
-(removed static keyword from shouldExcludeSettingFromReset(),
- needed for compatibility with Java 15 and earlier)
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:8c2d2c6fc91c6b80809a91ac510667af24d2cf17)
-Merged-In: Id95ed43b9cc2208090064392bcd5dc012710af93
-Change-Id: Id95ed43b9cc2208090064392bcd5dc012710af93
----
- .../providers/settings/SettingsProvider.java  | 17 ++++++++++---
- .../settings/SettingsProviderTest.java        | 25 +++++++++++++++++++
- 2 files changed, 38 insertions(+), 4 deletions(-)
-
-diff --git a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
-index c51f19510f40..31e64196d3b5 100644
---- a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
-+++ b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
-@@ -3102,6 +3102,15 @@ public Setting getSettingLocked(int type, int userId, String name) {
-             return settingsState.getSettingLocked(name);
-         }
- 
-+        private boolean shouldExcludeSettingFromReset(Setting setting, String prefix) {
-+            // If a prefix was specified, exclude settings whose names don't start with it.
-+            if (prefix != null && !setting.getName().startsWith(prefix)) {
-+                return true;
-+            }
-+            // Never reset SECURE_FRP_MODE, as it could be abused to bypass FRP via RescueParty.
-+            return Secure.SECURE_FRP_MODE.equals(setting.getName());
-+        }
-+
-         public void resetSettingsLocked(int type, int userId, String packageName, int mode,
-                 String tag) {
-             resetSettingsLocked(type, userId, packageName, mode, tag, /*prefix=*/
-@@ -3124,7 +3133,7 @@ public void resetSettingsLocked(int type, int userId, String packageName, int mo
-                         Setting setting = settingsState.getSettingLocked(name);
-                         if (packageName.equals(setting.getPackageName())) {
-                             if ((tag != null && !tag.equals(setting.getTag()))
--                                    || (prefix != null && !setting.getName().startsWith(prefix))) {
-+                                    || shouldExcludeSettingFromReset(setting, prefix)) {
-                                 continue;
-                             }
-                             if (settingsState.resetSettingLocked(name)) {
-@@ -3144,7 +3153,7 @@ public void resetSettingsLocked(int type, int userId, String packageName, int mo
-                         Setting setting = settingsState.getSettingLocked(name);
-                         if (!SettingsState.isSystemPackage(getContext(),
-                                 setting.getPackageName())) {
--                            if (prefix != null && !setting.getName().startsWith(prefix)) {
-+                            if (shouldExcludeSettingFromReset(setting, prefix)) {
-                                 continue;
-                             }
-                             if (settingsState.resetSettingLocked(name)) {
-@@ -3164,7 +3173,7 @@ public void resetSettingsLocked(int type, int userId, String packageName, int mo
-                         Setting setting = settingsState.getSettingLocked(name);
-                         if (!SettingsState.isSystemPackage(getContext(),
-                                 setting.getPackageName())) {
--                            if (prefix != null && !setting.getName().startsWith(prefix)) {
-+                            if (shouldExcludeSettingFromReset(setting, prefix)) {
-                                 continue;
-                             }
-                             if (setting.isDefaultFromSystem()) {
-@@ -3187,7 +3196,7 @@ public void resetSettingsLocked(int type, int userId, String packageName, int mo
-                     for (String name : settingsState.getSettingNamesLocked()) {
-                         Setting setting = settingsState.getSettingLocked(name);
-                         boolean someSettingChanged = false;
--                        if (prefix != null && !setting.getName().startsWith(prefix)) {
-+                        if (shouldExcludeSettingFromReset(setting, prefix)) {
-                             continue;
-                         }
-                         if (setting.isDefaultFromSystem()) {
-diff --git a/packages/SettingsProvider/test/src/com/android/providers/settings/SettingsProviderTest.java b/packages/SettingsProvider/test/src/com/android/providers/settings/SettingsProviderTest.java
-index eaf0dcb9b4e7..1c6d2b08136c 100644
---- a/packages/SettingsProvider/test/src/com/android/providers/settings/SettingsProviderTest.java
-+++ b/packages/SettingsProvider/test/src/com/android/providers/settings/SettingsProviderTest.java
-@@ -464,6 +464,31 @@ private void testResetModeTrustedDefaultsCommon(int type) throws Exception {
-         }
-     }
- 
-+    // To prevent FRP bypasses, the SECURE_FRP_MODE setting should not be reset when all other
-+    // settings are reset.  But it should still be possible to explicitly set its value.
-+    @Test
-+    public void testSecureFrpModeSettingCannotBeReset() throws Exception {
-+        final String name = Settings.Secure.SECURE_FRP_MODE;
-+        final String origValue = getSetting(SETTING_TYPE_GLOBAL, name);
-+        setSettingViaShell(SETTING_TYPE_GLOBAL, name, "1", false);
-+        try {
-+            assertEquals("1", getSetting(SETTING_TYPE_GLOBAL, name));
-+            for (int type : new int[] { SETTING_TYPE_GLOBAL, SETTING_TYPE_SECURE }) {
-+                resetSettingsViaShell(type, Settings.RESET_MODE_UNTRUSTED_DEFAULTS);
-+                resetSettingsViaShell(type, Settings.RESET_MODE_UNTRUSTED_CHANGES);
-+                resetSettingsViaShell(type, Settings.RESET_MODE_TRUSTED_DEFAULTS);
-+            }
-+            // The value should still be "1".  It should not have been reset to null.
-+            assertEquals("1", getSetting(SETTING_TYPE_GLOBAL, name));
-+            // It should still be possible to explicitly set the value to "0".
-+            setSettingViaShell(SETTING_TYPE_GLOBAL, name, "0", false);
-+            assertEquals("0", getSetting(SETTING_TYPE_GLOBAL, name));
-+        } finally {
-+            setSettingViaShell(SETTING_TYPE_GLOBAL, name, origValue, false);
-+            assertEquals(origValue, getSetting(SETTING_TYPE_GLOBAL, name));
-+        }
-+    }
-+
-     private void doTestQueryStringInBracketsViaProviderApiForType(int type) {
-         // Make sure we have a clean slate.
-         deleteStringViaProviderApi(type, FAKE_SETTING_NAME);
diff --git a/Patches/LineageOS-20.0/ASB-2023-10/base-10.patch b/Patches/LineageOS-20.0/ASB-2023-10/base-10.patch
deleted file mode 100644
index 9262ff8f..00000000
--- a/Patches/LineageOS-20.0/ASB-2023-10/base-10.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 9141cac175caaf176377d088e334d0991482fd6a Mon Sep 17 00:00:00 2001
-From: Aaron Liu <aaronjli@google.com>
-Date: Thu, 10 Aug 2023 15:38:08 +0000
-Subject: [PATCH] Revert "Dismiss keyguard when simpin auth'd and..."
-
-Revert submission 22621774-cherrypicker-L22000000959901080:N28400001357657640
-
-Reason for revert: causing a partner bug
-Fixes: 295205456
-Bug: 222446076
-
-Reverted changes: /q/submissionid:22621774-cherrypicker-L22000000959901080:N28400001357657640
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:0afa6707fa632c1f5fba5dff46a94b5d734e2ab2)
-Merged-In: Icb27b4d897696b4fbb4e4a878751d925f5205dfd
-Change-Id: Icb27b4d897696b4fbb4e4a878751d925f5205dfd
----
- .../android/keyguard/KeyguardSecurityContainerController.java   | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/packages/SystemUI/src/com/android/keyguard/KeyguardSecurityContainerController.java b/packages/SystemUI/src/com/android/keyguard/KeyguardSecurityContainerController.java
-index 16299c7aff7b..061bab8a7006 100644
---- a/packages/SystemUI/src/com/android/keyguard/KeyguardSecurityContainerController.java
-+++ b/packages/SystemUI/src/com/android/keyguard/KeyguardSecurityContainerController.java
-@@ -752,7 +752,7 @@ public boolean showNextSecurityScreenOrFinish(boolean authenticated, int targetU
-                 case SimPuk:
-                     // Shortcut for SIM PIN/PUK to go to directly to user's security screen or home
-                     SecurityMode securityMode = mSecurityModel.getSecurityMode(targetUserId);
--                    if (securityMode == SecurityMode.None || mLockPatternUtils.isLockScreenDisabled(
-+                    if (securityMode == SecurityMode.None && mLockPatternUtils.isLockScreenDisabled(
-                             KeyguardUpdateMonitor.getCurrentUser())) {
-                         finish = true;
-                         eventSubtype = BOUNCER_DISMISS_SIM;
diff --git a/Patches/LineageOS-20.0/ASB-2023-10/bluetooth-01.patch b/Patches/LineageOS-20.0/ASB-2023-10/bluetooth-01.patch
deleted file mode 100644
index a9afbcba..00000000
--- a/Patches/LineageOS-20.0/ASB-2023-10/bluetooth-01.patch
+++ /dev/null
@@ -1,90 +0,0 @@
-From 364a1d99624e8dca6501d98166efbb8061362970 Mon Sep 17 00:00:00 2001
-From: Hui Peng <phui@google.com>
-Date: Tue, 16 May 2023 02:09:38 +0000
-Subject: [PATCH] Fix an integer underflow in build_read_multi_rsp
-
-When p_buf->len is mtu - 1 and p_cmd->multi_req.variable_len
-evaluates to true, integer underflow is triggered
-in the following line, resulting OOB access.
-
-```
- len = p_rsp->attr_value.len - (total_len - mtu);
-```
-
-Bug: 273874525
-Test: manual
-Ignore-AOSP-First: security
-Tag: #security
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:85f4d53c7bf90b806639a3a302f0007ffb3b9f23)
-Merged-In: Ia60dd829ff9152c083de1f4c1265bb3ad595dcc4
-Change-Id: Ia60dd829ff9152c083de1f4c1265bb3ad595dcc4
----
- system/stack/gatt/gatt_sr.cc | 32 +++++++++++++++++---------------
- 1 file changed, 17 insertions(+), 15 deletions(-)
-
-diff --git a/system/stack/gatt/gatt_sr.cc b/system/stack/gatt/gatt_sr.cc
-index f2a3e22414..ce00ef7428 100644
---- a/system/stack/gatt/gatt_sr.cc
-+++ b/system/stack/gatt/gatt_sr.cc
-@@ -21,6 +21,7 @@
-  *  this file contains the GATT server functions
-  *
-  ******************************************************************************/
-+#include <algorithm>
- #include <string.h>
- 
- #include "bt_target.h"
-@@ -178,37 +179,38 @@ static void build_read_multi_rsp(tGATT_SR_CMD* p_cmd, uint16_t mtu) {
-     }
- 
-     if (p_rsp != NULL) {
--      total_len = (p_buf->len + p_rsp->attr_value.len);
-+      total_len = p_buf->len;
-       if (p_cmd->multi_req.variable_len) {
-         total_len += 2;
-       }
- 
-       if (total_len > mtu) {
--        /* just send the partial response for the overflow case */
--        len = p_rsp->attr_value.len - (total_len - mtu);
-+        VLOG(1) << "Buffer space not enough for this data item, skipping";
-+        break;
-+      }
-+
-+      len = std::min((size_t) p_rsp->attr_value.len, mtu - total_len);
-+
-+      if (len == 0) {
-+        VLOG(1) << "Buffer space not enough for this data item, skipping";
-+        break;
-+      }
-+
-+      if (len < p_rsp->attr_value.len) {
-         is_overflow = true;
-         VLOG(1) << StringPrintf(
-             "multi read overflow available len=%zu val_len=%d", len,
-             p_rsp->attr_value.len);
--      } else {
--        len = p_rsp->attr_value.len;
-       }
- 
-       if (p_cmd->multi_req.variable_len) {
--        UINT16_TO_STREAM(p, len);
-+        UINT16_TO_STREAM(p, (uint16_t) len);
-         p_buf->len += 2;
-       }
- 
-       if (p_rsp->attr_value.handle == p_cmd->multi_req.handles[ii]) {
--        // check for possible integer overflow
--        if (p_buf->len + len <= UINT16_MAX) {
--          memcpy(p, p_rsp->attr_value.value, len);
--          if (!is_overflow) p += len;
--          p_buf->len += len;
--        } else {
--          p_cmd->status = GATT_NOT_FOUND;
--          break;
--        }
-+        ARRAY_TO_STREAM(p, p_rsp->attr_value.value, (uint16_t) len);
-+        p_buf->len += (uint16_t) len;
-       } else {
-         p_cmd->status = GATT_NOT_FOUND;
-         break;
diff --git a/Patches/LineageOS-20.0/ASB-2023-10/libxml-01.patch b/Patches/LineageOS-20.0/ASB-2023-10/libxml-01.patch
deleted file mode 100644
index 5caa3887..00000000
--- a/Patches/LineageOS-20.0/ASB-2023-10/libxml-01.patch
+++ /dev/null
@@ -1,123 +0,0 @@
-From 4a27a7f162907facfbeddf2d4ae4c6ab7c6eb15a Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Fri, 17 Feb 2023 15:53:07 +0100
-Subject: [PATCH] malloc-fail: Fix OOB read after xmlRegGetCounter
-
-Found with libFuzzer, see #344.
-
-(cherry picked from commit 1743c4c3fc58cf38ecce68db9de51d0f3651e033)
-
-I also copied the error label from
-e64653c0e7975594e27d7de2ed4be062c1e4ad03 to fix the build failure.
-
-Bug: http://b/274231102
-Test: TreeHugger
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:0e6ed17dfe8e36e5618a592a600720bd61e015cc)
-Merged-In: I3bad3e03092e17a761cb6e299aff848ebd35b6f4
-Change-Id: I3bad3e03092e17a761cb6e299aff848ebd35b6f4
----
- xmlregexp.c | 28 ++++++++++++++++++++++++++++
- 1 file changed, 28 insertions(+)
-
-diff --git a/xmlregexp.c b/xmlregexp.c
-index 984c7ac6e..ce09b2216 100644
---- a/xmlregexp.c
-+++ b/xmlregexp.c
-@@ -1673,6 +1673,8 @@ xmlFAGenerateTransitions(xmlRegParserCtxtPtr ctxt, xmlRegStatePtr from,
- 			return(-1);
- 		    inter = ctxt->state;
- 		    counter = xmlRegGetCounter(ctxt);
-+                    if (counter < 0)
-+                        return(-1);
- 		    ctxt->counters[counter].min = atom->min - 1;
- 		    ctxt->counters[counter].max = atom->max - 1;
- 		    /* count the number of times we see it again */
-@@ -1691,6 +1693,8 @@ xmlFAGenerateTransitions(xmlRegParserCtxtPtr ctxt, xmlRegStatePtr from,
- 		     * epsilon transition.
- 		     */
- 		    counter = xmlRegGetCounter(ctxt);
-+                    if (counter < 0)
-+                        return(-1);
- 		    ctxt->counters[counter].min = atom->min - 1;
- 		    ctxt->counters[counter].max = atom->max - 1;
- 		    /* count the number of times we see it again */
-@@ -6015,6 +6019,8 @@ xmlAutomataNewCountTrans2(xmlAutomataPtr am, xmlAutomataStatePtr from,
-      * associate a counter to the transition.
-      */
-     counter = xmlRegGetCounter(am);
-+    if (counter < 0)
-+        goto error;
-     am->counters[counter].min = min;
-     am->counters[counter].max = max;
- 
-@@ -6034,6 +6040,10 @@ xmlAutomataNewCountTrans2(xmlAutomataPtr am, xmlAutomataStatePtr from,
-     if (min == 0)
- 	xmlFAGenerateEpsilonTransition(am, from, to);
-     return(to);
-+
-+error:
-+    xmlRegFreeAtom(atom);
-+    return(NULL);
- }
- 
- /**
-@@ -6081,6 +6091,8 @@ xmlAutomataNewCountTrans(xmlAutomataPtr am, xmlAutomataStatePtr from,
-      * associate a counter to the transition.
-      */
-     counter = xmlRegGetCounter(am);
-+    if (counter < 0)
-+        goto error;
-     am->counters[counter].min = min;
-     am->counters[counter].max = max;
- 
-@@ -6100,6 +6112,10 @@ xmlAutomataNewCountTrans(xmlAutomataPtr am, xmlAutomataStatePtr from,
-     if (min == 0)
- 	xmlFAGenerateEpsilonTransition(am, from, to);
-     return(to);
-+
-+error:
-+    xmlRegFreeAtom(atom);
-+    return(NULL);
- }
- 
- /**
-@@ -6167,6 +6183,8 @@ xmlAutomataNewOnceTrans2(xmlAutomataPtr am, xmlAutomataStatePtr from,
-      * associate a counter to the transition.
-      */
-     counter = xmlRegGetCounter(am);
-+    if (counter < 0)
-+        goto error;
-     am->counters[counter].min = 1;
-     am->counters[counter].max = 1;
- 
-@@ -6179,6 +6197,10 @@ xmlAutomataNewOnceTrans2(xmlAutomataPtr am, xmlAutomataStatePtr from,
-     xmlRegAtomPush(am, atom);
-     am->state = to;
-     return(to);
-+
-+error:
-+    xmlRegFreeAtom(atom);
-+    return(NULL);
- }
- 
- 
-@@ -6226,6 +6248,8 @@ xmlAutomataNewOnceTrans(xmlAutomataPtr am, xmlAutomataStatePtr from,
-      * associate a counter to the transition.
-      */
-     counter = xmlRegGetCounter(am);
-+    if (counter < 0)
-+        goto error;
-     am->counters[counter].min = 1;
-     am->counters[counter].max = 1;
- 
-@@ -6238,6 +6262,10 @@ xmlAutomataNewOnceTrans(xmlAutomataPtr am, xmlAutomataStatePtr from,
-     xmlRegAtomPush(am, atom);
-     am->state = to;
-     return(to);
-+
-+error:
-+    xmlRegFreeAtom(atom);
-+    return(NULL);
- }
- 
- /**
diff --git a/Patches/LineageOS-20.0/ASB-2023-10/mediaprovider-01.patch b/Patches/LineageOS-20.0/ASB-2023-10/mediaprovider-01.patch
deleted file mode 100644
index 161842af..00000000
--- a/Patches/LineageOS-20.0/ASB-2023-10/mediaprovider-01.patch
+++ /dev/null
@@ -1,452 +0,0 @@
-From 0fb5786dbf8b462eb106df912a7f65ab240f0d6a Mon Sep 17 00:00:00 2001
-From: Sergey Nikolaienkov <sergeynv@google.com>
-Date: Tue, 28 Mar 2023 12:22:31 +0200
-Subject: [PATCH] Fix path traversal vulnerabilities in MediaProvider
-
-Canonicalize filepath provided by the caller when hanling SCAN_FILE_CALL
-method call in MediaProvider.
-Additionally, make sure to check access permission in SCAN_FILE_CALL
-(using enforceCallingPermissionInternal()).
-
-Preemptively canonicalize Files provided as an arguments to the public
-API methods in ModernMediaScanner (scanFile(), scanDirectory() and
-onDirectoryDirty()) to prevent path traversal attacks.
-
-Bug: 262244882
-Test: atest MediaProviderTests
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:5bb32d7fba00b9e53c7e20ae8acaf6f84a8b2e8d)
-Merged-In: I61e77d69ae857984b819fa0ea27bec5c26a34842
-Change-Id: I61e77d69ae857984b819fa0ea27bec5c26a34842
----
- .../providers/media/MediaProvider.java        | 61 +++++++++++--------
- .../media/scan/LegacyMediaScanner.java        |  7 ---
- .../providers/media/scan/MediaScanner.java    | 25 ++++----
- .../media/scan/ModernMediaScanner.java        | 56 +++++++++++------
- .../media/scan/NullMediaScanner.java          |  6 --
- .../providers/media/util/FileUtils.java       | 47 ++++++++++----
- .../media/scan/LegacyMediaScannerTest.java    |  6 --
- .../media/scan/ModernMediaScannerTest.java    | 18 ------
- .../media/scan/NullMediaScannerTest.java      |  2 -
- 9 files changed, 117 insertions(+), 111 deletions(-)
-
-diff --git a/src/com/android/providers/media/MediaProvider.java b/src/com/android/providers/media/MediaProvider.java
-index 21eeed7f3..8c1df561b 100644
---- a/src/com/android/providers/media/MediaProvider.java
-+++ b/src/com/android/providers/media/MediaProvider.java
-@@ -1692,11 +1692,7 @@ public void scanDirectory(File file, int reason) {
-     }
- 
-     public Uri scanFile(File file, int reason) {
--        return scanFile(file, reason, null);
--    }
--
--    public Uri scanFile(File file, int reason, String ownerPackage) {
--        return mMediaScanner.scanFile(file, reason, ownerPackage);
-+        return mMediaScanner.scanFile(file, reason);
-     }
- 
-     private Uri scanFileAsMediaProvider(File file, int reason) {
-@@ -6197,38 +6193,51 @@ private Bundle callInternal(String method, String arg, Bundle extras) {
-                 }
-                 return null;
-             }
--            case MediaStore.SCAN_FILE_CALL:
-+            case MediaStore.SCAN_FILE_CALL: {
-+                final LocalCallingIdentity token = clearLocalCallingIdentity();
-+                final CallingIdentity providerToken = clearCallingIdentity();
-+
-+                final String filePath = arg;
-+                final Uri uri;
-+                try {
-+                    File file;
-+                    try {
-+                        file = FileUtils.getCanonicalFile(filePath);
-+                    } catch (IOException e) {
-+                        file = null;
-+                    }
-+
-+                    uri = file != null ? scanFile(file, REASON_DEMAND) : null;
-+                } finally {
-+                    restoreCallingIdentity(providerToken);
-+                    restoreLocalCallingIdentity(token);
-+                }
-+
-+                // TODO(b/262244882): maybe enforceCallingPermissionInternal(uri, ...)
-+
-+                final Bundle res = new Bundle();
-+                res.putParcelable(Intent.EXTRA_STREAM, uri);
-+                return res;
-+            }
-             case MediaStore.SCAN_VOLUME_CALL: {
-                 final int userId = uidToUserId(Binder.getCallingUid());
-                 final LocalCallingIdentity token = clearLocalCallingIdentity();
-                 final CallingIdentity providerToken = clearCallingIdentity();
-+
-+                final String volumeName = arg;
-                 try {
--                    final Bundle res = new Bundle();
--                    switch (method) {
--                        case MediaStore.SCAN_FILE_CALL: {
--                            final File file = new File(arg);
--                            res.putParcelable(Intent.EXTRA_STREAM, scanFile(file, REASON_DEMAND));
--                            break;
--                        }
--                        case MediaStore.SCAN_VOLUME_CALL: {
--                            final String volumeName = arg;
--                            try {
--                                MediaVolume volume = mVolumeCache.findVolume(volumeName,
--                                        UserHandle.of(userId));
--                                MediaService.onScanVolume(getContext(), volume, REASON_DEMAND);
--                            } catch (FileNotFoundException e) {
--                                Log.w(TAG, "Failed to find volume " + volumeName, e);
--                            }
--                            break;
--                        }
--                    }
--                    return res;
-+                    final MediaVolume volume = mVolumeCache.findVolume(volumeName,
-+                            UserHandle.of(userId));
-+                    MediaService.onScanVolume(getContext(), volume, REASON_DEMAND);
-+                } catch (FileNotFoundException e) {
-+                    Log.w(TAG, "Failed to find volume " + volumeName, e);
-                 } catch (IOException e) {
-                     throw new RuntimeException(e);
-                 } finally {
-                     restoreCallingIdentity(providerToken);
-                     restoreLocalCallingIdentity(token);
-                 }
-+                return Bundle.EMPTY;
-             }
-             case MediaStore.GET_VERSION_CALL: {
-                 final String volumeName = extras.getString(Intent.EXTRA_TEXT);
-diff --git a/src/com/android/providers/media/scan/LegacyMediaScanner.java b/src/com/android/providers/media/scan/LegacyMediaScanner.java
-index d8d3bed41..d73dda584 100644
---- a/src/com/android/providers/media/scan/LegacyMediaScanner.java
-+++ b/src/com/android/providers/media/scan/LegacyMediaScanner.java
-@@ -19,8 +19,6 @@
- import android.content.Context;
- import android.net.Uri;
- 
--import androidx.annotation.Nullable;
--
- import com.android.providers.media.MediaVolume;
- 
- import java.io.File;
-@@ -48,11 +46,6 @@ public Uri scanFile(File file, int reason) {
-         throw new UnsupportedOperationException();
-     }
- 
--    @Override
--    public Uri scanFile(File file, int reason, @Nullable String ownerPackage) {
--        throw new UnsupportedOperationException();
--    }
--
-     @Override
-     public void onDetachVolume(MediaVolume volume) {
-         throw new UnsupportedOperationException();
-diff --git a/src/com/android/providers/media/scan/MediaScanner.java b/src/com/android/providers/media/scan/MediaScanner.java
-index 45d2a2436..eb5e4d6c7 100644
---- a/src/com/android/providers/media/scan/MediaScanner.java
-+++ b/src/com/android/providers/media/scan/MediaScanner.java
-@@ -24,23 +24,20 @@
- import android.content.Context;
- import android.net.Uri;
- 
--import androidx.annotation.Nullable;
--
- import com.android.providers.media.MediaVolume;
- 
- import java.io.File;
- 
- public interface MediaScanner {
--    public static final int REASON_UNKNOWN = MEDIA_PROVIDER_SCAN_OCCURRED__REASON__UNKNOWN;
--    public static final int REASON_MOUNTED = MEDIA_PROVIDER_SCAN_OCCURRED__REASON__MOUNTED;
--    public static final int REASON_DEMAND = MEDIA_PROVIDER_SCAN_OCCURRED__REASON__DEMAND;
--    public static final int REASON_IDLE = MEDIA_PROVIDER_SCAN_OCCURRED__REASON__IDLE;
--
--    public Context getContext();
--    public void scanDirectory(File file, int reason);
--    public Uri scanFile(File file, int reason);
--    public Uri scanFile(File file, int reason, @Nullable String ownerPackage);
--    public void onDetachVolume(MediaVolume volume);
--    public void onIdleScanStopped();
--    public void onDirectoryDirty(File file);
-+    int REASON_UNKNOWN = MEDIA_PROVIDER_SCAN_OCCURRED__REASON__UNKNOWN;
-+    int REASON_MOUNTED = MEDIA_PROVIDER_SCAN_OCCURRED__REASON__MOUNTED;
-+    int REASON_DEMAND = MEDIA_PROVIDER_SCAN_OCCURRED__REASON__DEMAND;
-+    int REASON_IDLE = MEDIA_PROVIDER_SCAN_OCCURRED__REASON__IDLE;
-+
-+    Context getContext();
-+    void scanDirectory(File file, int reason);
-+    Uri scanFile(File file, int reason);
-+    void onDetachVolume(MediaVolume volume);
-+    void onIdleScanStopped();
-+    void onDirectoryDirty(File file);
- }
-diff --git a/src/com/android/providers/media/scan/ModernMediaScanner.java b/src/com/android/providers/media/scan/ModernMediaScanner.java
-index 41f53d57a..81133f7aa 100644
---- a/src/com/android/providers/media/scan/ModernMediaScanner.java
-+++ b/src/com/android/providers/media/scan/ModernMediaScanner.java
-@@ -50,6 +50,8 @@
- 
- import static com.android.providers.media.util.Metrics.translateReason;
- 
-+import static java.util.Objects.requireNonNull;
-+
- import android.content.ContentProviderClient;
- import android.content.ContentProviderOperation;
- import android.content.ContentProviderResult;
-@@ -236,23 +238,36 @@ public Context getContext() {
-     }
- 
-     @Override
--    public void scanDirectory(File file, int reason) {
--        try (Scan scan = new Scan(file, reason, /*ownerPackage*/ null)) {
-+    public void scanDirectory(@NonNull File file, int reason) {
-+        requireNonNull(file);
-+        try {
-+            file = file.getCanonicalFile();
-+        } catch (IOException e) {
-+            Log.e(TAG, "Couldn't canonicalize directory to scan" + file, e);
-+            return;
-+        }
-+
-+        try (Scan scan = new Scan(file, reason)) {
-             scan.run();
--        } catch (OperationCanceledException ignored) {
-         } catch (FileNotFoundException e) {
--           Log.e(TAG, "Couldn't find directory to scan", e) ;
-+            Log.e(TAG, "Couldn't find directory to scan", e);
-+        } catch (OperationCanceledException ignored) {
-+            // No-op.
-         }
-     }
- 
-     @Override
--    public Uri scanFile(File file, int reason) {
--       return scanFile(file, reason, /*ownerPackage*/ null);
--    }
-+    @Nullable
-+    public Uri scanFile(@NonNull File file, int reason) {
-+        requireNonNull(file);
-+        try {
-+            file = file.getCanonicalFile();
-+        } catch (IOException e) {
-+            Log.e(TAG, "Couldn't canonicalize file to scan" + file, e);
-+            return null;
-+        }
- 
--    @Override
--    public Uri scanFile(File file, int reason, @Nullable String ownerPackage) {
--        try (Scan scan = new Scan(file, reason, ownerPackage)) {
-+        try (Scan scan = new Scan(file, reason)) {
-             scan.run();
-             return scan.getFirstResult();
-         } catch (OperationCanceledException ignored) {
-@@ -286,10 +301,18 @@ public void onIdleScanStopped() {
-     }
- 
-     @Override
--    public void onDirectoryDirty(File dir) {
-+    public void onDirectoryDirty(@NonNull File dir) {
-+        requireNonNull(dir);
-+        try {
-+            dir = dir.getCanonicalFile();
-+        } catch (IOException e) {
-+            Log.e(TAG, "Couldn't canonicalize directory" + dir, e);
-+            return;
-+        }
-+
-         synchronized (mPendingCleanDirectories) {
-             mPendingCleanDirectories.remove(dir.getPath());
--            FileUtils.setDirectoryDirty(dir, /*isDirty*/ true);
-+            FileUtils.setDirectoryDirty(dir, /* isDirty */ true);
-         }
-     }
- 
-@@ -320,7 +343,6 @@ private class Scan implements Runnable, FileVisitor<Path>, AutoCloseable {
-         private final String mVolumeName;
-         private final Uri mFilesUri;
-         private final CancellationSignal mSignal;
--        private final String mOwnerPackage;
-         private final List<String> mExcludeDirs;
- 
-         private final long mStartGeneration;
-@@ -349,7 +371,7 @@ private class Scan implements Runnable, FileVisitor<Path>, AutoCloseable {
-          */
-         private boolean mIsDirectoryTreeDirty;
- 
--        public Scan(File root, int reason, @Nullable String ownerPackage)
-+        public Scan(File root, int reason)
-                 throws FileNotFoundException {
-             Trace.beginSection("ctor");
- 
-@@ -371,7 +393,6 @@ public Scan(File root, int reason, @Nullable String ownerPackage)
- 
-             mStartGeneration = MediaStore.getGeneration(mResolver, mVolumeName);
-             mSingleFile = mRoot.isFile();
--            mOwnerPackage = ownerPackage;
-             mExcludeDirs = new ArrayList<>();
- 
-             Trace.endSection();
-@@ -800,10 +821,7 @@ public FileVisitResult visitFile(Path file, BasicFileAttributes attrs)
-             }
-             if (op != null) {
-                 op.withValue(FileColumns._MODIFIER, FileColumns._MODIFIER_MEDIA_SCAN);
--                // Add owner package name to new insertions when package name is provided.
--                if (op.build().isInsert() && !attrs.isDirectory() && mOwnerPackage != null) {
--                    op.withValue(MediaColumns.OWNER_PACKAGE_NAME, mOwnerPackage);
--                }
-+
-                 // Force DRM files to be marked as DRM, since the lower level
-                 // stack may not set this correctly
-                 if (isDrm) {
-diff --git a/src/com/android/providers/media/scan/NullMediaScanner.java b/src/com/android/providers/media/scan/NullMediaScanner.java
-index 7a1a39610..e53f96468 100644
---- a/src/com/android/providers/media/scan/NullMediaScanner.java
-+++ b/src/com/android/providers/media/scan/NullMediaScanner.java
-@@ -56,12 +56,6 @@ public Uri scanFile(File file, int reason) {
-         return null;
-     }
- 
--    @Override
--    public Uri scanFile(File file, int reason, @Nullable String ownerPackage) {
--        Log.w(TAG, "Ignoring scan request for " + file);
--        return null;
--    }
--
-     @Override
-     public void onDetachVolume(MediaVolume volume) {
-         // Ignored
-diff --git a/src/com/android/providers/media/util/FileUtils.java b/src/com/android/providers/media/util/FileUtils.java
-index 097eca8c9..6c2695c78 100644
---- a/src/com/android/providers/media/util/FileUtils.java
-+++ b/src/com/android/providers/media/util/FileUtils.java
-@@ -1110,18 +1110,25 @@ public static int extractUserId(@Nullable String data) {
-     }
- 
-     public static @Nullable String extractRelativePath(@Nullable String data) {
--        data = getCanonicalPath(data);
-         if (data == null) return null;
- 
--        final Matcher matcher = PATTERN_RELATIVE_PATH.matcher(data);
-+        final String path;
-+        try {
-+            path = getCanonicalPath(data);
-+        } catch (IOException e) {
-+            Log.d(TAG, "Unable to get canonical path from invalid data path: " + data, e);
-+            return null;
-+        }
-+
-+        final Matcher matcher = PATTERN_RELATIVE_PATH.matcher(path);
-         if (matcher.find()) {
--            final int lastSlash = data.lastIndexOf('/');
-+            final int lastSlash = path.lastIndexOf('/');
-             if (lastSlash == -1 || lastSlash < matcher.end()) {
-                 // This is a file in the top-level directory, so relative path is "/"
-                 // which is different than null, which means unknown path
-                 return "/";
-             } else {
--                return data.substring(matcher.end(), lastSlash + 1);
-+                return path.substring(matcher.end(), lastSlash + 1);
-             }
-         } else {
-             return null;
-@@ -1769,15 +1776,29 @@ public static File fromFuseFile(File file) {
-         return new File(file.getPath().replaceFirst(FUSE_FS_PREFIX, LOWER_FS_PREFIX));
-     }
- 
--    @Nullable
--    private static String getCanonicalPath(@Nullable String path) {
--        if (path == null) return null;
-+    /**
-+     * Returns the canonical {@link File} for the provided abstract pathname.
-+     *
-+     * @return The canonical pathname string denoting the same file or directory as this abstract
-+     *         pathname
-+     * @see File#getCanonicalFile()
-+     */
-+    @NonNull
-+    public static File getCanonicalFile(@NonNull String path) throws IOException {
-+        Objects.requireNonNull(path);
-+        return new File(path).getCanonicalFile();
-+    }
- 
--        try {
--            return new File(path).getCanonicalPath();
--        } catch (IOException e) {
--            Log.d(TAG, "Unable to get canonical path from invalid data path: " + path, e);
--            return null;
--        }
-+    /**
-+     * Returns the canonical pathname string of the provided abstract pathname.
-+     *
-+     * @return The canonical pathname string denoting the same file or directory as this abstract
-+     *         pathname.
-+     * @see File#getCanonicalPath()
-+     */
-+    @NonNull
-+    public static String getCanonicalPath(@NonNull String path) throws IOException {
-+        Objects.requireNonNull(path);
-+        return new File(path).getCanonicalPath();
-     }
- }
-diff --git a/tests/src/com/android/providers/media/scan/LegacyMediaScannerTest.java b/tests/src/com/android/providers/media/scan/LegacyMediaScannerTest.java
-index cf9cb395d..2831e963e 100644
---- a/tests/src/com/android/providers/media/scan/LegacyMediaScannerTest.java
-+++ b/tests/src/com/android/providers/media/scan/LegacyMediaScannerTest.java
-@@ -47,12 +47,6 @@ public void testSimple() throws Exception {
-             fail();
-         } catch (UnsupportedOperationException expected) {
-         }
--        try {
--            scanner.scanFile(new File("/dev/null"), MediaScanner.REASON_UNKNOWN,
--                    InstrumentationRegistry.getContext().getPackageName());
--            fail();
--        } catch (UnsupportedOperationException expected) {
--        }
-         try {
-             scanner.onDetachVolume(null);
-             fail();
-diff --git a/tests/src/com/android/providers/media/scan/ModernMediaScannerTest.java b/tests/src/com/android/providers/media/scan/ModernMediaScannerTest.java
-index 0450c1cee..06f10ed21 100644
---- a/tests/src/com/android/providers/media/scan/ModernMediaScannerTest.java
-+++ b/tests/src/com/android/providers/media/scan/ModernMediaScannerTest.java
-@@ -779,24 +779,6 @@ public void testScan_missingFile() throws Exception {
-         assertThat(mModern.scanFile(image, REASON_UNKNOWN)).isNull();
-     }
- 
--    @Test
--    public void testScanFileAndUpdateOwnerPackageName() throws Exception {
--        final File image = new File(mDir, "image.jpg");
--        final String thisPackageName = InstrumentationRegistry.getContext().getPackageName();
--        stage(R.raw.test_image, image);
--
--        assertQueryCount(0, MediaStore.Images.Media.EXTERNAL_CONTENT_URI);
--        // scanning the image file inserts new database entry with OWNER_PACKAGE_NAME as
--        // thisPackageName.
--        assertNotNull(mModern.scanFile(image, REASON_UNKNOWN, thisPackageName));
--        try (Cursor cursor = mIsolatedResolver.query(MediaStore.Images.Media.EXTERNAL_CONTENT_URI,
--                new String[] {MediaColumns.OWNER_PACKAGE_NAME}, null, null, null)) {
--            assertEquals(1, cursor.getCount());
--            cursor.moveToNext();
--            assertEquals(thisPackageName, cursor.getString(0));
--        }
--    }
--
-     /**
-      * Verify fix for obscure bug which would cause us to delete files outside a
-      * directory that share a common prefix.
-diff --git a/tests/src/com/android/providers/media/scan/NullMediaScannerTest.java b/tests/src/com/android/providers/media/scan/NullMediaScannerTest.java
-index 063f1b7a3..265d1a97a 100644
---- a/tests/src/com/android/providers/media/scan/NullMediaScannerTest.java
-+++ b/tests/src/com/android/providers/media/scan/NullMediaScannerTest.java
-@@ -38,8 +38,6 @@ public void testSimple() throws Exception {
- 
-         scanner.scanDirectory(new File("/dev/null"), MediaScanner.REASON_UNKNOWN);
-         scanner.scanFile(new File("/dev/null"), MediaScanner.REASON_UNKNOWN);
--        scanner.scanFile(new File("/dev/null"), MediaScanner.REASON_UNKNOWN,
--                    InstrumentationRegistry.getContext().getPackageName());
- 
-         scanner.onDetachVolume(null);
-     }
diff --git a/Patches/LineageOS-20.0/ASB-2023-10/native-01.patch b/Patches/LineageOS-20.0/ASB-2023-10/native-01.patch
deleted file mode 100644
index f432a768..00000000
--- a/Patches/LineageOS-20.0/ASB-2023-10/native-01.patch
+++ /dev/null
@@ -1,214 +0,0 @@
-From 507304e1f59236675bfd820290b329f5f7334ec0 Mon Sep 17 00:00:00 2001
-From: sergiuferentz <sergiuferentz@google.com>
-Date: Mon, 26 Jun 2023 18:01:47 +0000
-Subject: [PATCH] Fix for heap-use-after-free in GPUService.cpp
-
-This adds a unit test and fix for the bug reported by libfuzzer.
-Changes made:
- * Expose GPUService as testable code.
- * Update main_gpuservice.cpp to use the new GpuService now located at
-   gpuservice/GpuService.h
- * Make initializer threads members of GpuService
- * Join the threads in destructor to prevent heap-use-after-free.
- * Add unit test that waits 3 seconds after deallocation to ensure no
-   wrong access is made.
-
-Bug: 282919145
-Test: Added unit test and ran on device with ASAN
-(cherry picked from commit 3c00cbc0f119c3f59325aa6d5061529feb58462b)
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:7fb707802ee4c667d1ee6065ae2845d835b47aeb)
-Merged-In: I4d1d2d4658b575bf2c8f425f91f68f03114ad029
-Change-Id: I4d1d2d4658b575bf2c8f425f91f68f03114ad029
----
- services/gpuservice/Android.bp                |  1 +
- services/gpuservice/GpuService.cpp            | 14 +++--
- .../{ => include/gpuservice}/GpuService.h     |  4 ++
- services/gpuservice/main_gpuservice.cpp       |  2 +-
- .../gpuservice/tests/unittests/Android.bp     |  2 +
- .../tests/unittests/GpuServiceTest.cpp        | 52 +++++++++++++++++++
- 6 files changed, 69 insertions(+), 6 deletions(-)
- rename services/gpuservice/{ => include/gpuservice}/GpuService.h (94%)
- create mode 100644 services/gpuservice/tests/unittests/GpuServiceTest.cpp
-
-diff --git a/services/gpuservice/Android.bp b/services/gpuservice/Android.bp
-index 5b4ee21b42..020940f04e 100644
---- a/services/gpuservice/Android.bp
-+++ b/services/gpuservice/Android.bp
-@@ -71,6 +71,7 @@ filegroup {
- cc_library_shared {
-     name: "libgpuservice",
-     defaults: ["libgpuservice_production_defaults"],
-+    export_include_dirs: ["include"],
-     srcs: [
-         ":libgpuservice_sources",
-     ],
-diff --git a/services/gpuservice/GpuService.cpp b/services/gpuservice/GpuService.cpp
-index 7b9782f4e8..5643940a6e 100644
---- a/services/gpuservice/GpuService.cpp
-+++ b/services/gpuservice/GpuService.cpp
-@@ -16,7 +16,7 @@
- 
- #define ATRACE_TAG ATRACE_TAG_GRAPHICS
- 
--#include "GpuService.h"
-+#include "gpuservice/GpuService.h"
- 
- #include <android-base/stringprintf.h>
- #include <binder/IPCThreadState.h>
-@@ -34,6 +34,7 @@
- #include <vkjson.h>
- 
- #include <thread>
-+#include <memory>
- 
- namespace android {
- 
-@@ -55,18 +56,21 @@ GpuService::GpuService()
-         mGpuStats(std::make_unique<GpuStats>()),
-         mGpuMemTracer(std::make_unique<GpuMemTracer>()) {
- 
--    std::thread gpuMemAsyncInitThread([this]() {
-+    mGpuMemAsyncInitThread = std::make_unique<std::thread>([this] (){
-         mGpuMem->initialize();
-         mGpuMemTracer->initialize(mGpuMem);
-     });
--    gpuMemAsyncInitThread.detach();
- 
--    std::thread gpuWorkAsyncInitThread([this]() {
-+    mGpuWorkAsyncInitThread = std::make_unique<std::thread>([this]() {
-         mGpuWork->initialize();
-     });
--    gpuWorkAsyncInitThread.detach();
- };
- 
-+GpuService::~GpuService() {
-+    mGpuWorkAsyncInitThread->join();
-+    mGpuMemAsyncInitThread->join();
-+}
-+
- void GpuService::setGpuStats(const std::string& driverPackageName,
-                              const std::string& driverVersionName, uint64_t driverVersionCode,
-                              int64_t driverBuildTime, const std::string& appPackageName,
-diff --git a/services/gpuservice/GpuService.h b/services/gpuservice/include/gpuservice/GpuService.h
-similarity index 94%
-rename from services/gpuservice/GpuService.h
-rename to services/gpuservice/include/gpuservice/GpuService.h
-index d7313d165e..3e0ae66f39 100644
---- a/services/gpuservice/GpuService.h
-+++ b/services/gpuservice/include/gpuservice/GpuService.h
-@@ -24,6 +24,7 @@
- #include <serviceutils/PriorityDumper.h>
- 
- #include <mutex>
-+#include <thread>
- #include <vector>
- 
- namespace android {
-@@ -41,6 +42,7 @@ class GpuService : public BnGpuService, public PriorityDumper {
-     static const char* const SERVICE_NAME ANDROID_API;
- 
-     GpuService() ANDROID_API;
-+    ~GpuService();
- 
- protected:
-     status_t shellCommand(int in, int out, int err, std::vector<String16>& args) override;
-@@ -86,6 +88,8 @@ class GpuService : public BnGpuService, public PriorityDumper {
-     std::unique_ptr<GpuMemTracer> mGpuMemTracer;
-     std::mutex mLock;
-     std::string mDeveloperDriverPath;
-+    std::unique_ptr<std::thread> mGpuMemAsyncInitThread;
-+    std::unique_ptr<std::thread> mGpuWorkAsyncInitThread;
- };
- 
- } // namespace android
-diff --git a/services/gpuservice/main_gpuservice.cpp b/services/gpuservice/main_gpuservice.cpp
-index 64aafcab6a..200237219e 100644
---- a/services/gpuservice/main_gpuservice.cpp
-+++ b/services/gpuservice/main_gpuservice.cpp
-@@ -18,7 +18,7 @@
- #include <binder/IServiceManager.h>
- #include <binder/ProcessState.h>
- #include <sys/resource.h>
--#include "GpuService.h"
-+#include "gpuservice/GpuService.h"
- 
- using namespace android;
- 
-diff --git a/services/gpuservice/tests/unittests/Android.bp b/services/gpuservice/tests/unittests/Android.bp
-index 4fb0d2e734..808c86bcae 100644
---- a/services/gpuservice/tests/unittests/Android.bp
-+++ b/services/gpuservice/tests/unittests/Android.bp
-@@ -31,6 +31,7 @@ cc_test {
-         "GpuMemTest.cpp",
-         "GpuMemTracerTest.cpp",
-         "GpuStatsTest.cpp",
-+        "GpuServiceTest.cpp",
-     ],
-     header_libs: ["bpf_headers"],
-     shared_libs: [
-@@ -47,6 +48,7 @@ cc_test {
-         "libstatslog",
-         "libstatspull",
-         "libutils",
-+        "libgpuservice",
-     ],
-     static_libs: [
-         "libgmock",
-diff --git a/services/gpuservice/tests/unittests/GpuServiceTest.cpp b/services/gpuservice/tests/unittests/GpuServiceTest.cpp
-new file mode 100644
-index 0000000000..62b3e53f53
---- /dev/null
-+++ b/services/gpuservice/tests/unittests/GpuServiceTest.cpp
-@@ -0,0 +1,52 @@
-+#undef LOG_TAG
-+#define LOG_TAG "gpuservice_unittest"
-+
-+#include "gpuservice/GpuService.h"
-+
-+#include <gtest/gtest.h>
-+#include <log/log_main.h>
-+
-+#include <chrono>
-+#include <thread>
-+
-+namespace android {
-+namespace {
-+
-+class GpuServiceTest : public testing::Test {
-+public:
-+    GpuServiceTest() {
-+        const ::testing::TestInfo* const test_info =
-+                ::testing::UnitTest::GetInstance()->current_test_info();
-+        ALOGD("**** Setting up for %s.%s\n", test_info->test_case_name(), test_info->name());
-+    }
-+
-+    ~GpuServiceTest() {
-+        const ::testing::TestInfo* const test_info =
-+            ::testing::UnitTest::GetInstance()->current_test_info();
-+        ALOGD("**** Tearing down after %s.%s\n", test_info->test_case_name(), test_info->name());
-+    }
-+
-+};
-+
-+
-+/*
-+* The behaviour before this test + fixes was UB caused by threads accessing deallocated memory.
-+*
-+* This test creates the service (which initializes the culprit threads),
-+* deallocates it immediately and sleeps.
-+*
-+* GpuService's destructor gets called and joins the threads.
-+* If we haven't crashed by the time the sleep time has elapsed, we're good
-+* Let the test pass.
-+*/
-+TEST_F(GpuServiceTest, onInitializeShouldNotCauseUseAfterFree) {
-+    sp<GpuService> service = new GpuService();
-+    service.clear();
-+    std::this_thread::sleep_for(std::chrono::seconds(3));
-+
-+    // If we haven't crashed yet due to threads accessing freed up memory, let the test pass
-+    EXPECT_TRUE(true);
-+}
-+
-+} // namespace
-+} // namespace android
diff --git a/Patches/LineageOS-20.0/ASB-2023-10/settings-01.patch b/Patches/LineageOS-20.0/ASB-2023-10/settings-01.patch
deleted file mode 100644
index 1c6b0c7a..00000000
--- a/Patches/LineageOS-20.0/ASB-2023-10/settings-01.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-From 87a06448b96e1ccd2403ae5c90b15efdd8585444 Mon Sep 17 00:00:00 2001
-From: Weng Su <wengsu@google.com>
-Date: Fri, 7 Jul 2023 19:52:04 +0800
-Subject: [PATCH] [RESTRICT AUTOMERGE] Restrict ApnEditor settings
-
-- Finish ApnEditor settings if user is not an admin
-
-- Finish ApnEditor settings if user has DISALLOW_CONFIG_MOBILE_NETWORKS restriction
-
-Bug: 279902472
-Test: manual test
-atest -c ApnEditorTest
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:ef2fd5b7cd74426568e8e82fb0dcddbfdaa943bf)
-Merged-In: Iecdbbff7e21dfb11e3ba385858747a220cfd3e04
-Change-Id: Iecdbbff7e21dfb11e3ba385858747a220cfd3e04
----
- .../settings/network/apn/ApnEditor.java       | 23 +++++++++++++++++++
- 1 file changed, 23 insertions(+)
-
-diff --git a/src/com/android/settings/network/apn/ApnEditor.java b/src/com/android/settings/network/apn/ApnEditor.java
-index bfb49434378..afaf9bc3f8b 100644
---- a/src/com/android/settings/network/apn/ApnEditor.java
-+++ b/src/com/android/settings/network/apn/ApnEditor.java
-@@ -25,6 +25,7 @@
- import android.net.Uri;
- import android.os.Bundle;
- import android.os.PersistableBundle;
-+import android.os.UserManager;
- import android.provider.Telephony;
- import android.telephony.CarrierConfigManager;
- import android.telephony.SubscriptionInfo;
-@@ -281,6 +282,11 @@ public class ApnEditor extends SettingsPreferenceFragment
-     @Override
-     public void onCreate(Bundle icicle) {
-         super.onCreate(icicle);
-+        if (isUserRestricted()) {
-+            Log.e(TAG, "This setting isn't available due to user restriction.");
-+            finish();
-+            return;
-+        }
- 
-         setLifecycleForAllControllers();
- 
-@@ -1453,6 +1459,23 @@ ApnData getApnDataFromUri(Uri uri) {
-         return apnData;
-     }
- 
-+    @VisibleForTesting
-+    boolean isUserRestricted() {
-+        UserManager userManager = getContext().getSystemService(UserManager.class);
-+        if (userManager == null) {
-+            return false;
-+        }
-+        if (!userManager.isAdminUser()) {
-+            Log.e(TAG, "User is not an admin");
-+            return true;
-+        }
-+        if (userManager.hasUserRestriction(UserManager.DISALLOW_CONFIG_MOBILE_NETWORKS)) {
-+            Log.e(TAG, "User is not allowed to configure mobile network");
-+            return true;
-+        }
-+        return false;
-+    }
-+
-     @VisibleForTesting
-     static class ApnData {
-         /**
diff --git a/Patches/LineageOS-20.0/ASB-2023-10/settings-02.patch b/Patches/LineageOS-20.0/ASB-2023-10/settings-02.patch
deleted file mode 100644
index 19e7cc80..00000000
--- a/Patches/LineageOS-20.0/ASB-2023-10/settings-02.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Eric Biggers <ebiggers@google.com>
-Date: Thu, 27 Jul 2023 21:45:05 +0000
-Subject: [PATCH] RESTRICT AUTOMERGE: Catch exceptions from setLockCredential()
-
-When LockPatternUtils#setLockCredential() fails, it can either return
-false or throw an exception.  Catch the exception and treat it the same
-way as a false return value, to prevent crashing com.android.settings.
-
-Bug: 253043065
-Test: Tried setting lockscreen credential while in secure FRP mode using
-      smartlock setup activity launched by intent via adb.  Verified
-      that com.android.settings no longer crashes due to the exception
-      from LockPatternUtils#setLockCredential().
-(cherry picked from commit 05f1eff1c9c3f82797f1a0f92ff7665b9f463488)
-(moved change into ChooseLockPassword.java and ChooseLockPattern.java,
- which are merged into SaveAndFinishWorker.java on udc-qpr-dev and main)
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:e0b5a793a19198370d479401101cea97c2f1d835)
-Merged-In: I48b9119c19fb6378b1f88d36433ee4f4c8501d76
-Change-Id: I48b9119c19fb6378b1f88d36433ee4f4c8501d76
----
- .../android/settings/password/ChooseLockPassword.java    | 9 +++++++--
- src/com/android/settings/password/ChooseLockPattern.java | 9 +++++++--
- 2 files changed, 14 insertions(+), 4 deletions(-)
-
-diff --git a/src/com/android/settings/password/ChooseLockPassword.java b/src/com/android/settings/password/ChooseLockPassword.java
-index c4a3159e00..613388b21f 100644
---- a/src/com/android/settings/password/ChooseLockPassword.java
-+++ b/src/com/android/settings/password/ChooseLockPassword.java
-@@ -1048,8 +1048,13 @@ public class ChooseLockPassword extends SettingsActivity {
- 
-         @Override
-         protected Pair<Boolean, Intent> saveAndVerifyInBackground() {
--            final boolean success = mUtils.setLockCredential(
--                    mChosenPassword, mCurrentCredential, mUserId);
-+            boolean success;
-+            try {
-+                success = mUtils.setLockCredential(mChosenPassword, mCurrentCredential, mUserId);
-+            } catch (RuntimeException e) {
-+                Log.e(TAG, "Failed to set lockscreen credential", e);
-+                success = false;
-+            }
-             if (success) {
-                 unifyProfileCredentialIfRequested();
-             }
-diff --git a/src/com/android/settings/password/ChooseLockPattern.java b/src/com/android/settings/password/ChooseLockPattern.java
-index e54568060a..964a268510 100644
---- a/src/com/android/settings/password/ChooseLockPattern.java
-+++ b/src/com/android/settings/password/ChooseLockPattern.java
-@@ -925,8 +925,13 @@ public class ChooseLockPattern extends SettingsActivity {
-         protected Pair<Boolean, Intent> saveAndVerifyInBackground() {
-             final int userId = mUserId;
-             mUtils.setLockPatternSize(mPatternSize, userId);
--            final boolean success = mUtils.setLockCredential(mChosenPattern, mCurrentCredential,
--                    userId);
-+            boolean success;
-+            try {
-+                success = mUtils.setLockCredential(mChosenPattern, mCurrentCredential, userId);
-+            } catch (RuntimeException e) {
-+                Log.e(TAG, "Failed to set lockscreen credential", e);
-+                success = false;
-+            }
-             if (success) {
-                 unifyProfileCredentialIfRequested();
-             }
diff --git a/Patches/LineageOS-20.0/ASB-2023-10/telecomm-01.patch b/Patches/LineageOS-20.0/ASB-2023-10/telecomm-01.patch
deleted file mode 100644
index 3764d0d2..00000000
--- a/Patches/LineageOS-20.0/ASB-2023-10/telecomm-01.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From c873988898e1b520e0e4cfda77e26ec4377a4ce9 Mon Sep 17 00:00:00 2001
-From: Grace Jia <xiaotonj@google.com>
-Date: Thu, 20 Jul 2023 13:42:50 -0700
-Subject: [PATCH] Fix vulnerability in CallRedirectionService.
-
-Currently when the CallRedirectionService binding died, we didn't do
-anything, which cause malicious app start activities even not run in the
-background by implementing a CallRedirectionService and overriding the
-onPlaceCall method to schedule a activity start job in an independent
-process and then kill itself. In that way, the activity can still
-start after the CallRedirectionService died. Fix this by unbinding the
-service when the binding died.
-
-Bug: b/289809991
-Test: Using testapp provided in bug to make sure the test activity can't
-be started
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:29b52e3cd027da2d8644450a4dee3a7d95dc0043)
-Merged-In: I065d361b83700474a1efab2a75928427ee0a14ba
-Change-Id: I065d361b83700474a1efab2a75928427ee0a14ba
----
- .../callredirection/CallRedirectionProcessor.java  | 14 ++++++++++++++
- 1 file changed, 14 insertions(+)
-
-diff --git a/src/com/android/server/telecom/callredirection/CallRedirectionProcessor.java b/src/com/android/server/telecom/callredirection/CallRedirectionProcessor.java
-index 226382bde..02debcd6c 100644
---- a/src/com/android/server/telecom/callredirection/CallRedirectionProcessor.java
-+++ b/src/com/android/server/telecom/callredirection/CallRedirectionProcessor.java
-@@ -175,6 +175,20 @@ public void onNullBinding(ComponentName componentName) {
-                     Log.endSession();
-                 }
-             }
-+
-+            @Override
-+            public void onBindingDied(ComponentName componentName) {
-+                // Make sure we unbind the service if binding died to avoid background stating
-+                // activity leaks
-+                Log.startSession("CRSC.oBD");
-+                try {
-+                    synchronized (mTelecomLock) {
-+                        finishCallRedirection();
-+                    }
-+                } finally {
-+                    Log.endSession();
-+                }
-+            }
-         }
- 
-         private class CallRedirectionAdapter extends ICallRedirectionAdapter.Stub {
diff --git a/Patches/LineageOS-20.0/ASB-2023-10/wifi-01.patch b/Patches/LineageOS-20.0/ASB-2023-10/wifi-01.patch
deleted file mode 100644
index 959e4d0e..00000000
--- a/Patches/LineageOS-20.0/ASB-2023-10/wifi-01.patch
+++ /dev/null
@@ -1,96 +0,0 @@
-From 1a4b9ef510410a8d8c90e80352357f08c49f10c5 Mon Sep 17 00:00:00 2001
-From: Oscar Shu <xshu@google.com>
-Date: Fri, 7 Jul 2023 02:21:41 +0000
-Subject: [PATCH] Update password check for WAPI
-
-Do not allow arbitrarily large passwords.
-
-Bug: 275339978
-
-Test: compile
-(cherry picked from commit 38707fb4ff1405663cc24affc95244f4cc830499)
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:36deae20de1a8905e6cc72764e449b2d6e469f9e)
-Merged-In: I15f3aff373af56c253a50c308d886a7acf661e59
-Change-Id: I15f3aff373af56c253a50c308d886a7acf661e59
----
- .../server/wifi/WifiConfigurationUtil.java    | 22 +++++++++++++------
- .../wifi/WifiConfigurationUtilTest.java       |  3 ++-
- 2 files changed, 17 insertions(+), 8 deletions(-)
-
-diff --git a/service/java/com/android/server/wifi/WifiConfigurationUtil.java b/service/java/com/android/server/wifi/WifiConfigurationUtil.java
-index 9e8b660374..40837ff703 100644
---- a/service/java/com/android/server/wifi/WifiConfigurationUtil.java
-+++ b/service/java/com/android/server/wifi/WifiConfigurationUtil.java
-@@ -467,7 +467,8 @@ private static boolean validateBssid(String bssid) {
-         return true;
-     }
- 
--    private static boolean validatePassword(String password, boolean isAdd, boolean isSae) {
-+    private static boolean validatePassword(String password, boolean isAdd, boolean isSae,
-+            boolean isWapi) {
-         if (isAdd) {
-             if (password == null) {
-                 Log.e(TAG, "validatePassword: null string");
-@@ -509,7 +510,14 @@ private static boolean validatePassword(String password, boolean isAdd, boolean
-             }
-         } else {
-             // HEX PSK string
--            if (password.length() != PSK_SAE_HEX_LEN) {
-+            if (isWapi) {
-+                // Protect system against malicious actors injecting arbitrarily large passwords.
-+                if (password.length() > 100) {
-+                    Log.e(TAG, "validatePassword failed: WAPI hex string too long: "
-+                            + password.length());
-+                    return false;
-+                }
-+            } else if (password.length() != PSK_SAE_HEX_LEN) {
-                 Log.e(TAG, "validatePassword failed: hex string size mismatch: "
-                         + password.length());
-                 return false;
-@@ -713,15 +721,15 @@ public static boolean validate(WifiConfiguration config, long supportedFeatureSe
-             return false;
-         }
-         if (config.isSecurityType(WifiConfiguration.SECURITY_TYPE_PSK)
--                && !validatePassword(config.preSharedKey, isAdd, false)) {
-+                && !validatePassword(config.preSharedKey, isAdd, false, false)) {
-             return false;
-         }
-         if (config.isSecurityType(WifiConfiguration.SECURITY_TYPE_SAE)
--                && !validatePassword(config.preSharedKey, isAdd, true)) {
-+                && !validatePassword(config.preSharedKey, isAdd, true, false)) {
-             return false;
-         }
-         if (config.isSecurityType(WifiConfiguration.SECURITY_TYPE_WAPI_PSK)
--                && !validatePassword(config.preSharedKey, isAdd, false)) {
-+                && !validatePassword(config.preSharedKey, isAdd, false, true)) {
-             return false;
-         }
-         if (config.isSecurityType(WifiConfiguration.SECURITY_TYPE_DPP)
-@@ -880,11 +888,11 @@ public static boolean validateNetworkSpecifier(WifiNetworkSpecifier specifier) {
-             return false;
-         }
-         if (config.isSecurityType(WifiConfiguration.SECURITY_TYPE_PSK)
--                && !validatePassword(config.preSharedKey, true, false)) {
-+                && !validatePassword(config.preSharedKey, true, false, false)) {
-             return false;
-         }
-         if (config.isSecurityType(WifiConfiguration.SECURITY_TYPE_SAE)
--                && !validatePassword(config.preSharedKey, true, true)) {
-+                && !validatePassword(config.preSharedKey, true, true, false)) {
-             return false;
-         }
-         // TBD: Validate some enterprise params as well in the future here.
-diff --git a/service/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java b/service/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java
-index 7cabcd873a..b505c0c0d3 100644
---- a/service/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java
-+++ b/service/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java
-@@ -466,7 +466,8 @@ public void testValidateNegativeCases_BadHexPskLengthWapi() {
-         assertTrue(WifiConfigurationUtil.validate(config, SUPPORTED_FEATURES_ALL,
-                 WifiConfigurationUtil.VALIDATE_FOR_ADD));
- 
--        config.preSharedKey = "abcd123456788990013453445345465465476546";
-+        config.preSharedKey = "01234567890123456789012345678901234567890123456789012345678901234567"
-+                + "890123456789012345678901234567890";
-         assertFalse(WifiConfigurationUtil.validate(config, SUPPORTED_FEATURES_ALL,
-                 WifiConfigurationUtil.VALIDATE_FOR_ADD));
-         config.preSharedKey = "";
diff --git a/Scripts/LineageOS-14.1/Patch.sh b/Scripts/LineageOS-14.1/Patch.sh
index 261c8a28..650875bb 100644
--- a/Scripts/LineageOS-14.1/Patch.sh
+++ b/Scripts/LineageOS-14.1/Patch.sh
@@ -85,7 +85,6 @@ applyPatch "$DOS_PATCHES/android_device_qcom_sepolicy/0001-Camera_Fix.patch"; #F
 fi;
 
 if enterAndClear "external/aac"; then
-#applyPatch "$DOS_PATCHES/android_external_aac/364027-backport.patch"; #R_asb_2023-08 Increase patchParam array size by one and fix out-of-bounce write in resetLppTransposer().
 applyPatch "$DOS_PATCHES/android_external_aac/364027.patch"; #R_asb_2023-08 Increase patchParam array size by one and fix out-of-bounce write in resetLppTransposer().
 applyPatch "$DOS_PATCHES/android_external_aac/0001-makefile.patch"; #Add Android.mk for legacy builds (syphyr)
 fi;
@@ -107,7 +106,6 @@ applyPatch "$DOS_PATCHES/android_external_expat/348649.patch"; #n-asb-2023-02 Fi
 fi;
 
 if enterAndClear "external/freetype"; then
-#applyPatch "$DOS_PATCHES/android_external_freetype/360899.patch"; #n-asb-2023-07 Cherry-pick two upstream changes
 applyPatch "$DOS_PATCHES/android_external_freetype/0001-makefile.patch"; #Add Android.mk for legacy builds (syphyr)
 applyPatch "$DOS_PATCHES/android_external_freetype/0002-fixup.patch"; #Enable png and zlib support to Android.mk (syphyr)
 fi;
@@ -156,7 +154,6 @@ applyPatch "$DOS_PATCHES/android_external_tremolo/319986.patch"; #n-asb-2021-12
 fi;
 
 if enterAndClear "external/webp"; then
-applyPatch "$DOS_PATCHES_COMMON/android_external_webp/CVE-2023-4863.patch"; #Fix OOB write in BuildHuffmanTable.
 applyPatch "$DOS_PATCHES/android_external_webp/0001-makefile.patch"; #Add Android.mk for legacy builds (syphyr)
 fi;
 
diff --git a/Scripts/LineageOS-15.1/Patch.sh b/Scripts/LineageOS-15.1/Patch.sh
index da766880..6a17ea5b 100644
--- a/Scripts/LineageOS-15.1/Patch.sh
+++ b/Scripts/LineageOS-15.1/Patch.sh
@@ -92,7 +92,6 @@ applyPatch "$DOS_PATCHES/android_device_qcom_sepolicy/0001-Camera_Fix.patch"; #F
 fi;
 
 if enterAndClear "external/aac"; then
-#applyPatch "$DOS_PATCHES/android_external_aac/364027-backport.patch"; #R_asb_2023-08 Increase patchParam array size by one and fix out-of-bounce write in resetLppTransposer().
 applyPatch "$DOS_PATCHES/android_external_aac/364027.patch"; #R_asb_2023-08 Increase patchParam array size by one and fix out-of-bounce write in resetLppTransposer().
 fi;
 
@@ -136,7 +135,6 @@ git revert --no-edit 1419d63b4889a26d22443fd8df1f9073bf229d3d; #Add back Makefil
 fi;
 
 if enterAndClear "external/webp"; then
-applyPatch "$DOS_PATCHES_COMMON/android_external_webp/CVE-2023-4863.patch"; #Fix OOB write in BuildHuffmanTable.
 sed -i '85i\ \ \ \ \ \ \ \ "src/utils/filters_utils.c",' Android.bp; #Fixup
 fi;
 
diff --git a/Scripts/LineageOS-16.0/Functions.sh b/Scripts/LineageOS-16.0/Functions.sh
index 172d4e39..2726024c 100644
--- a/Scripts/LineageOS-16.0/Functions.sh
+++ b/Scripts/LineageOS-16.0/Functions.sh
@@ -90,6 +90,9 @@ patchWorkspaceReal() {
 	repopick -fit P_asb_2023-04;
 	repopick -fit P_asb_2023-05;
 	repopick -fit P_asb_2023-06;
+	repopick -fit P_asb_2023-07 -e 361282;
+	repopick -fit P_asb_2023-08 -e 365327;
+	repopick -fit P_asb_2023-09;
 
 	sh "$DOS_SCRIPTS/Patch.sh";
 	sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";
diff --git a/Scripts/LineageOS-16.0/Patch.sh b/Scripts/LineageOS-16.0/Patch.sh
index ee3438fd..d856cadc 100644
--- a/Scripts/LineageOS-16.0/Patch.sh
+++ b/Scripts/LineageOS-16.0/Patch.sh
@@ -138,11 +138,6 @@ git fetch https://github.com/LineageOS/android_external_expat refs/changes/56/33
 git fetch https://github.com/LineageOS/android_external_expat refs/changes/28/349328/1 && git cherry-pick FETCH_HEAD; #P_asb_2023-02
 fi;
 
-if enterAndClear "external/freetype"; then
-applyPatch "$DOS_PATCHES/android_external_freetype/360951.patch"; #R_asb_2023-07 Cherry-pick two upstream changes
-#applyPatch "$DOS_PATCHES/android_external_freetype/364028-backport.patch"; #R_asb_2023-08 Cherrypick following three changes #XXX: needs fix
-fi;
-
 if [ "$DOS_GRAPHENE_MALLOC" = true ]; then
 if enterAndClear "external/hardened_malloc"; then
 applyPatch "$DOS_PATCHES_COMMON/android_external_hardened_malloc/0001-Broken_Audio.patch"; #DeviceDescriptor sorting wrongly relies on malloc addresses (GrapheneOS)
@@ -161,33 +156,11 @@ sed -i 's/about to delete/unable to delete/' pico/src/com/svox/pico/LangPackUnin
 awk -i inplace '!/deletePackage/' pico/src/com/svox/pico/LangPackUninstaller.java;
 fi;
 
-if enterAndClear "external/webp"; then
-applyPatch "$DOS_PATCHES_COMMON/android_external_webp/CVE-2023-4863.patch"; #Fix OOB write in BuildHuffmanTable.
-fi;
-
 if enterAndClear "frameworks/av"; then
-applyPatch "$DOS_PATCHES/android_frameworks_av/365962.patch"; #R_asb_2023-09 Fix Segv on unknown address error flagged by fuzzer test.
 if [ "$DOS_GRAPHENE_MALLOC" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch"; fi; #(GrapheneOS)
 fi;
 
 if enterAndClear "frameworks/base"; then
-applyPatch "$DOS_PATCHES/android_frameworks_base/360953-backport.patch"; #R_asb_2023-07 Sanitize VPN label to prevent HTML injection
-applyPatch "$DOS_PATCHES/android_frameworks_base/360954.patch"; #R_asb_2023-07 Limit the number of supported v1 and v2 signers
-applyPatch "$DOS_PATCHES/android_frameworks_base/360955-backport.patch"; #R_asb_2023-07 Import translations.
-applyPatch "$DOS_PATCHES/android_frameworks_base/360959-backport.patch"; #R_asb_2023-07 Dismiss keyguard when simpin auth'd and security method is none.
-applyPatch "$DOS_PATCHES/android_frameworks_base/360962-backport.patch"; #R_asb_2023-07 Truncate ShortcutInfo Id
-applyPatch "$DOS_PATCHES/android_frameworks_base/360963-backport.patch"; #R_asb_2023-07 Visit URIs in landscape/portrait custom remote views.
-applyPatch "$DOS_PATCHES/android_frameworks_base/364029.patch"; #R_asb_2023-08 ActivityManager#killBackgroundProcesses can kill caller's own app only
-applyPatch "$DOS_PATCHES/android_frameworks_base/364031-backport.patch"; #R_asb_2023-08 Verify URI permissions for notification shortcutIcon.
-applyPatch "$DOS_PATCHES/android_frameworks_base/364032-backport.patch"; #R_asb_2023-08 On device lockdown, always show the keyguard
-applyPatch "$DOS_PATCHES/android_frameworks_base/364033-backport.patch"; #R_asb_2023-08 Ensure policy has no absurdly long strings
-applyPatch "$DOS_PATCHES/android_frameworks_base/364034.patch"; #R_asb_2023-08 Implement visitUris for RemoteViews ViewGroupActionAdd.
-applyPatch "$DOS_PATCHES/android_frameworks_base/364035-backport.patch"; #R_asb_2023-08 Check URIs in notification public version.
-applyPatch "$DOS_PATCHES/android_frameworks_base/364036-backport.patch"; #R_asb_2023-08 Verify URI permissions in MediaMetadata
-applyPatch "$DOS_PATCHES/android_frameworks_base/364037.patch"; #R_asb_2023-08 Use Settings.System.getIntForUser instead of getInt to make sure user specific settings are used
-applyPatch "$DOS_PATCHES/android_frameworks_base/364038-backport.patch"; #R_asb_2023-08 Resolve StatusHints image exploit across user.
-applyPatch "$DOS_PATCHES/android_frameworks_base/365966-backport.patch"; #R_asb_2023-09 Forbid granting access to NLSes with too-long component names
-applyPatch "$DOS_PATCHES/android_frameworks_base/365967.patch"; #R_asb_2023-09 Update AccountManagerService checkKeyIntentParceledCorrectly.
 applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch"; #Allow SystemUI to directly manage Bluetooth/WiFi (GrapheneOS)
@@ -232,7 +205,6 @@ rm -rf packages/PrintRecommendationService; #Creates popups to install proprieta
 fi;
 
 if enterAndClear "frameworks/native"; then
-applyPatch "$DOS_PATCHES/android_frameworks_native/365969-backport.patch"; #R_asb_2023-09 Allow sensors list to be empty
 applyPatch "$DOS_PATCHES/android_frameworks_native/0001-Sensors.patch"; #Require OTHER_SENSORS permission for sensors (GrapheneOS)
 fi;
 
@@ -327,7 +299,6 @@ applyPatch "$DOS_PATCHES_COMMON/android_packages_apps_Messaging/0001-null-fix.pa
 fi;
 
 if enterAndClear "packages/apps/Nfc"; then
-#applyPatch "$DOS_PATCHES/android_packages_apps_Nfc/365970.patch"; #R_asb_2023-09 Ensure that SecureNFC setting cannot be bypassed
 if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_packages_apps_Nfc/0001-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS)
 fi;
 
@@ -339,7 +310,6 @@ applyPatch "$DOS_PATCHES/android_packages_apps_PackageInstaller/0001-Sensors_Per
 fi;
 
 if enterAndClear "packages/apps/Settings"; then
-applyPatch "$DOS_PATCHES/android_packages_apps_Settings/365973-backport.patch"; #R_asb_2023-09 Prevent non-system IME from becoming device admin
 git revert --no-edit c240992b4c86c7f226290807a2f41f2619e7e5e8; #Don't hide OEM unlock
 applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969)
 #applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0004-Private_DNS.patch"; #More 'Private DNS' options (heavily based off of a CalyxOS patch) #TODO: Needs work
@@ -358,7 +328,6 @@ applyPatch "$DOS_PATCHES/android_packages_apps_SetupWizard/0001-Remove_Analytics
 fi;
 
 if enterAndClear "packages/apps/Trebuchet"; then
-applyPatch "$DOS_PATCHES/android_packages_apps_Trebuchet/365974.patch"; #R_asb_2023-09 Fix permission issue in legacy shortcut
 cp $DOS_BUILD_BASE/vendor/divested/overlay/common/packages/apps/Trebuchet/res/xml/default_workspace_*.xml res/xml/; #XXX: Likely no longer needed
 fi;
 
@@ -378,31 +347,19 @@ if enterAndClear "packages/providers/DownloadProvider"; then
 applyPatch "$DOS_PATCHES/android_packages_providers_DownloadProvider/0001-Network_Permission.patch"; #Expose the NETWORK permission (GrapheneOS)
 fi;
 
-if enterAndClear "packages/providers/TelephonyProvider"; then
-applyPatch "$DOS_PATCHES/android_packages_providers_TelephonyProvider/364040-backport.patch"; #R_asb_2023-08 Update file permissions using canonical path
+#if enterAndClear "packages/providers/TelephonyProvider"; then
 #cp $DOS_PATCHES_COMMON/android_packages_providers_TelephonyProvider/carrier_list.* assets/;
-fi;
-
-if enterAndClear "packages/services/Telecomm"; then
-applyPatch "$DOS_PATCHES/android_packages_services_Telecomm/364041-backport.patch"; #R_asb_2023-08 Resolve StatusHints image exploit across user.
-fi;
+#fi;
 
 if enterAndClear "packages/services/Telephony"; then
-applyPatch "$DOS_PATCHES/android_packages_services_Telephony/365978-backport.patch"; #R_asb_2023-09 Fixed leak of cross user data in multiple settings.
 git revert --no-edit 99564aaf0417c9ddf7d6aeb10d326e5b24fa8f55;
 applyPatch "$DOS_PATCHES/android_packages_services_Telephony/0001-PREREQ_Handle_All_Modes.patch"; #(DivestOS)
 applyPatch "$DOS_PATCHES/android_packages_services_Telephony/0002-More_Preferred_Network_Modes.patch";
 fi;
 
-if enterAndClear "system/bt"; then
-applyPatch "$DOS_PATCHES/android_system_bt/360969.patch"; #R_asb_2023-07 Fix gatt_end_operation buffer overflow
-applyPatch "$DOS_PATCHES/android_system_bt/365979.patch"; #R_asb_2023-09 Fix an integer overflow bug in avdt_msg_asmbl
-applyPatch "$DOS_PATCHES/android_system_bt/365980.patch"; #R_asb_2023-09 Fix integer overflow in build_read_multi_rsp
-applyPatch "$DOS_PATCHES/android_system_bt/365981.patch"; #R_asb_2023-09 Fix potential abort in btu_av_act.cc
-applyPatch "$DOS_PATCHES/android_system_bt/365982-prereq.patch"; #Fix reliable write
-applyPatch "$DOS_PATCHES/android_system_bt/365982.patch"; #R_asb_2023-09 Fix UAF in gatt_cl.cc
+#if enterAndClear "system/bt"; then
 #applyPatch "$DOS_PATCHES_COMMON/android_system_bt/0001-alloc_size.patch"; #Add alloc_size attributes to the allocator (GrapheneOS)
-fi;
+#fi;
 
 if enterAndClear "system/ca-certificates"; then
 rm -rf files; #Remove old certs
@@ -422,23 +379,6 @@ if enterAndClear "system/extras"; then
 applyPatch "$DOS_PATCHES/android_system_extras/0001-ext4_pad_filenames.patch"; #FBE: pad filenames more (GrapheneOS)
 fi;
 
-if enterAndClear "system/nfc"; then
-applyPatch "$DOS_PATCHES/android_system_nfc/360972.patch"; #R_asb_2023-07 OOBW in rw_i93_send_to_upper()
-fi;
-
-if enterAndClear "tools/apksig"; then
-applyPatch "$DOS_PATCHES/android_tools_apksig/360973-backport-prereq.patch"; #R_asb_2023-07 Create source stamp verifier
-applyPatch "$DOS_PATCHES/android_tools_apksig/360973-backport.patch"; #R_asb_2023-07 Limit the number of supported v1 and v2 signers
-fi;
-
-if enterAndClear "vendor/nxp/opensource/commonsys/external/libnfc-nci"; then
-applyPatch "$DOS_PATCHES/android_vendor_nxp_opensource_commonsys_external_libnfc-nci/360974-backport.patch"; #R_asb_2023-07 OOBW in rw_i93_send_to_upper()
-fi;
-
-#if enterAndClear "vendor/nxp/opensource/commonsys/packages/apps/Nfc/"; then
-#applyPatch "$DOS_PATCHES/android_vendor_nxp_opensource_commonsys_packages_apps_Nfc/365983-backport.patch"; #R_asb_2023-09 Ensure that SecureNFC setting cannot be bypassed
-#fi;
-
 if enterAndClear "system/sepolicy"; then
 applyPatch "$DOS_PATCHES/android_system_sepolicy/0002-protected_files.patch"; #label protected_{fifos,regular} as proc_security (GrapheneOS)
 #applyPatch "$DOS_PATCHES/android_system_sepolicy/0003-ptrace_scope-1.patch"; #Allow init to control kernel.yama.ptrace_scope (GrapheneOS)
@@ -450,6 +390,11 @@ patch -p1 < "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch" --direct
 awk -i inplace '!/true cannot be used in user builds/' Android.mk; #Allow ignoring neverallows under -user
 fi;
 
+if enterAndClear "tools/apksig"; then
+git fetch https://github.com/LineageOS/android_tools_apksig refs/changes/80/361280/1 && git cherry-pick FETCH_HEAD; #P_asb_2023-07
+git fetch https://github.com/LineageOS/android_tools_apksig refs/changes/81/361281/1 && git cherry-pick FETCH_HEAD;
+fi;
+
 if enterAndClear "vendor/lineage"; then
 rm build/target/product/security/lineage.x509.pem; #Remove Lineage keys
 rm -rf overlay/common/lineage-sdk/packages/LineageSettingsProvider/res/values/defaults.xml; #Remove analytics
diff --git a/Scripts/LineageOS-17.1/Functions.sh b/Scripts/LineageOS-17.1/Functions.sh
index c843267b..2ef36cc0 100644
--- a/Scripts/LineageOS-17.1/Functions.sh
+++ b/Scripts/LineageOS-17.1/Functions.sh
@@ -79,10 +79,13 @@ patchWorkspaceReal() {
 
 	source build/envsetup.sh;
 	#repopick -it ten-firewall;
-	repopick -fit Q_asb_2023-03;
+	repopick -fit Q_asb_2023-03 -e 352333;
 	repopick -fit Q_asb_2023-04;
 	repopick -fit Q_asb_2023-05;
 	repopick -fit Q_asb_2023-06;
+	repopick -fit Q_asb_2023-07 -e 362202;
+	repopick -fit Q_asb_2023-08 -e 365443;
+	repopick -fit Q_asb_2023-09;
 
 	sh "$DOS_SCRIPTS/Patch.sh";
 	sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";
diff --git a/Scripts/LineageOS-17.1/Patch.sh b/Scripts/LineageOS-17.1/Patch.sh
index b49f9d31..2363fb95 100644
--- a/Scripts/LineageOS-17.1/Patch.sh
+++ b/Scripts/LineageOS-17.1/Patch.sh
@@ -98,7 +98,6 @@ sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aap
 awk -i inplace '!/updatable_apex.mk/' target/product/mainline_system.mk; #Disable APEX
 sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
 #sed -i 's/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := true/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := false/' core/product_config.mk; #broken by hardenDefconfig
-sed -i 's/2023-06-05/2023-09-05/' core/version_defaults.mk; #Bump Security String #Q_asb_2023-09 #XXX
 fi;
 
 if enterAndClear "build/soong"; then
@@ -111,10 +110,6 @@ applyPatch "$DOS_PATCHES/android_device_qcom_sepolicy-legacy/0001-Camera_Fix.pat
 echo "SELINUX_IGNORE_NEVERALLOWS := true" >> sepolicy.mk; #Ignore neverallow violations XXX: necessary for -user builds of legacy devices
 fi;
 
-if enterAndClear "external/aac"; then
-applyPatch "$DOS_PATCHES/android_external_aac/364027.patch"; #R_asb_2023-08 Increase patchParam array size by one and fix out-of-bounce write in resetLppTransposer().
-fi;
-
 if enterAndClear "external/chromium-webview"; then
 if [ "$(type -t DOS_WEBVIEW_CHERRYPICK)" = "alias" ] ; then DOS_WEBVIEW_CHERRYPICK; fi; #Update the WebView to latest if available
 if [ "$DOS_WEBVIEW_LFS" = true ]; then git lfs pull; fi; #Ensure the objects are available
@@ -124,11 +119,6 @@ if enterAndClear "external/conscrypt"; then
 if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_external_conscrypt/0001-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS)
 fi;
 
-if enterAndClear "external/freetype"; then
-applyPatch "$DOS_PATCHES/android_external_freetype/360951.patch"; #R_asb_2023-07 Cherry-pick two upstream changes
-applyPatch "$DOS_PATCHES/android_external_freetype/364028-backport.patch"; #R_asb_2023-08 Cherrypick following three changes
-fi;
-
 if [ "$DOS_GRAPHENE_MALLOC" = true ]; then
 if enterAndClear "external/hardened_malloc"; then
 applyPatch "$DOS_PATCHES/android_external_hardened_malloc/0001-Broken_Cameras.patch"; #Expand workaround to all camera executables (DivestOS)
@@ -146,44 +136,11 @@ sed -i 's/about to delete/unable to delete/' pico/src/com/svox/pico/LangPackUnin
 awk -i inplace '!/deletePackage/' pico/src/com/svox/pico/LangPackUninstaller.java;
 fi;
 
-if enterAndClear "external/webp"; then
-applyPatch "$DOS_PATCHES_COMMON/android_external_webp/CVE-2023-4863.patch"; #Fix OOB write in BuildHuffmanTable.
-fi;
-
 if enterAndClear "external/zlib"; then
 git fetch https://github.com/LineageOS/android_external_zlib refs/changes/70/352570/1 && git cherry-pick FETCH_HEAD; #Q_asb_2023-03
 fi;
 
-if enterAndClear "frameworks/av"; then
-applyPatch "$DOS_PATCHES/android_frameworks_av/365962.patch"; #R_asb_2023-09 Fix Segv on unknown address error flagged by fuzzer test.
-fi;
-
 if enterAndClear "frameworks/base"; then
-applyPatch "$DOS_PATCHES/android_frameworks_base/360952-backport.patch"; #R_asb_2023-07 Passpoint Add more check to limit the config size
-applyPatch "$DOS_PATCHES/android_frameworks_base/360953-backport.patch"; #R_asb_2023-07 Sanitize VPN label to prevent HTML injection
-applyPatch "$DOS_PATCHES/android_frameworks_base/360954.patch"; #R_asb_2023-07 Limit the number of supported v1 and v2 signers
-applyPatch "$DOS_PATCHES/android_frameworks_base/360955.patch"; #R_asb_2023-07 Import translations.
-applyPatch "$DOS_PATCHES/android_frameworks_base/360956.patch"; #R_asb_2023-07 Add size check on PPS#policy
-applyPatch "$DOS_PATCHES/android_frameworks_base/360957.patch"; #R_asb_2023-07 Limit the ServiceFriendlyNames
-applyPatch "$DOS_PATCHES/android_frameworks_base/360958-backport.patch"; #R_asb_2023-07 Only allow NEW_TASK flag when adjusting pending intents
-applyPatch "$DOS_PATCHES/android_frameworks_base/360959.patch"; #R_asb_2023-07 Dismiss keyguard when simpin auth'd and security method is none.
-applyPatch "$DOS_PATCHES/android_frameworks_base/360960.patch"; #R_asb_2023-07 Increase notification channel limit.
-applyPatch "$DOS_PATCHES/android_frameworks_base/360962-backport.patch"; #R_asb_2023-07 Truncate ShortcutInfo Id
-applyPatch "$DOS_PATCHES/android_frameworks_base/360963.patch"; #R_asb_2023-07 Visit URIs in landscape/portrait custom remote views.
-applyPatch "$DOS_PATCHES/android_frameworks_base/364029.patch"; #R_asb_2023-08 ActivityManager#killBackgroundProcesses can kill caller's own app only
-applyPatch "$DOS_PATCHES/android_frameworks_base/364030-backport-prereq.patch"; #Add `PackageParser.Package getPackage(int uid)` (flamefire)
-applyPatch "$DOS_PATCHES/android_frameworks_base/364030-backport.patch"; #R_asb_2023-08 ActivityManagerService: Allow openContentUri from vendor/system/product.
-applyPatch "$DOS_PATCHES/android_frameworks_base/364031-backport.patch"; #R_asb_2023-08 Verify URI permissions for notification shortcutIcon.
-applyPatch "$DOS_PATCHES/android_frameworks_base/364032.patch"; #R_asb_2023-08 On device lockdown, always show the keyguard
-applyPatch "$DOS_PATCHES/android_frameworks_base/364033-backport.patch"; #R_asb_2023-08 Ensure policy has no absurdly long strings
-applyPatch "$DOS_PATCHES/android_frameworks_base/364034.patch"; #R_asb_2023-08 Implement visitUris for RemoteViews ViewGroupActionAdd.
-applyPatch "$DOS_PATCHES/android_frameworks_base/364035-backport.patch"; #R_asb_2023-08 Check URIs in notification public version.
-applyPatch "$DOS_PATCHES/android_frameworks_base/364036-backport.patch"; #R_asb_2023-08 Verify URI permissions in MediaMetadata
-applyPatch "$DOS_PATCHES/android_frameworks_base/364037.patch"; #R_asb_2023-08 Use Settings.System.getIntForUser instead of getInt to make sure user specific settings are used
-applyPatch "$DOS_PATCHES/android_frameworks_base/364038-backport.patch"; #R_asb_2023-08 Resolve StatusHints image exploit across user.
-applyPatch "$DOS_PATCHES/android_frameworks_base/365964-backport.patch"; #R_asb_2023-09 Grant carrier privileges if package has carrier config access.
-applyPatch "$DOS_PATCHES/android_frameworks_base/365966-backport.patch"; #R_asb_2023-09 Forbid granting access to NLSes with too-long component names
-applyPatch "$DOS_PATCHES/android_frameworks_base/365967.patch"; #R_asb_2023-09 Update AccountManagerService checkKeyIntentParceledCorrectly.
 #applyPatch "$DOS_PATCHES/android_frameworks_base/272645.patch"; #ten-bt-sbc-hd-dualchannel: Add CHANNEL_MODE_DUAL_CHANNEL constant (ValdikSS)
 #applyPatch "$DOS_PATCHES/android_frameworks_base/272646-forwardport.patch"; #ten-bt-sbc-hd-dualchannel: Add Dual Channel into Bluetooth Audio Channel Mode developer options menu (ValdikSS)
 #applyPatch "$DOS_PATCHES/android_frameworks_base/272647.patch"; #ten-bt-sbc-hd-dualchannel: Allow SBC as HD audio codec in Bluetooth device configuration (ValdikSS)
@@ -244,7 +201,6 @@ rm -rf packages/PrintRecommendationService; #Creates popups to install proprieta
 fi;
 
 if enterAndClear "frameworks/native"; then
-applyPatch "$DOS_PATCHES/android_frameworks_native/365969.patch"; #R_asb_2023-09 Allow sensors list to be empty
 applyPatch "$DOS_PATCHES/android_frameworks_native/0001-Sensors.patch"; #Require OTHER_SENSORS permission for sensors (GrapheneOS)
 fi;
 
@@ -255,7 +211,6 @@ fi;
 fi;
 
 if enterAndClear "frameworks/opt/net/wifi"; then
-applyPatch "$DOS_PATCHES/android_frameworks_opt_net_wifi/360965-backport.patch"; #R_asb_2023-07 Limit the number of Passpoint per App
 if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_opt_net_wifi/0001-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_frameworks_opt_net_wifi/0002-Random_MAC.patch"; #Add support for always generating new random MAC (GrapheneOS)
 fi;
@@ -349,7 +304,6 @@ applyPatch "$DOS_PATCHES_COMMON/android_packages_apps_Messaging/0001-null-fix.pa
 fi;
 
 if enterAndClear "packages/apps/Nfc"; then
-applyPatch "$DOS_PATCHES/android_packages_apps_Nfc/365970.patch"; #R_asb_2023-09 Ensure that SecureNFC setting cannot be bypassed
 if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_packages_apps_Nfc/0001-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS)
 fi;
 
@@ -362,7 +316,6 @@ fi;
 
 if enterAndClear "packages/apps/Settings"; then
 git revert --no-edit 486980cfecce2ca64267f41462f9371486308e9d; #Don't hide OEM unlock
-applyPatch "$DOS_PATCHES/android_packages_apps_Settings/365973-backport.patch"; #R_asb_2023-09 Prevent non-system IME from becoming device admin
 #applyPatch "$DOS_PATCHES/android_packages_apps_Settings/272651.patch"; #ten-bt-sbc-hd-dualchannel: Add Dual Channel into Bluetooth Audio Channel Mode developer options menu (ValdikSS)
 applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969)
 #applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle-gos.patch"; #Add option to disable captive portal checks (GrapheneOS) #FIXME: needs work
@@ -389,7 +342,6 @@ applyPatch "$DOS_PATCHES/android_packages_apps_SetupWizard/0001-Remove_Analytics
 fi;
 
 if enterAndClear "packages/apps/Trebuchet"; then
-applyPatch "$DOS_PATCHES/android_packages_apps_Trebuchet/365974.patch"; #R_asb_2023-09 Fix permission issue in legacy shortcut
 cp $DOS_BUILD_BASE/vendor/divested/overlay/common/packages/apps/Trebuchet/res/xml/default_workspace_*.xml res/xml/; #XXX: Likely no longer needed
 fi;
 
@@ -413,44 +365,21 @@ if enterAndClear "packages/providers/DownloadProvider"; then
 applyPatch "$DOS_PATCHES/android_packages_providers_DownloadProvider/0001-Network_Permission.patch"; #Expose the NETWORK permission (GrapheneOS)
 fi;
 
-if enterAndClear "packages/providers/TelephonyProvider"; then
-applyPatch "$DOS_PATCHES/android_packages_providers_TelephonyProvider/364040-backport.patch"; #R_asb_2023-08 Update file permissions using canonical path
+#if enterAndClear "packages/providers/TelephonyProvider"; then
 #cp $DOS_PATCHES_COMMON/android_packages_providers_TelephonyProvider/carrier_list.* assets/;
-fi;
-
-if enterAndClear "packages/services/Telecomm"; then
-applyPatch "$DOS_PATCHES/android_packages_services_Telecomm/364041-backport.patch"; #R_asb_2023-08 Resolve StatusHints image exploit across user.
-fi;
-
-if enterAndClear "packages/services/Telephony"; then
-applyPatch "$DOS_PATCHES/android_packages_services_Telephony/365977-backport.patch"; #R_asb_2023-09 Grant carrier privileges if package has carrier config access.
-applyPatch "$DOS_PATCHES/android_packages_services_Telephony/365978-backport.patch"; #R_asb_2023-09 Fixed leak of cross user data in multiple settings.
-fi;
+#fi;
 
 if enterAndClear "prebuilts/abi-dumps/vndk"; then
 applyPatch "$DOS_PATCHES/android_prebuilts_abi-dumps_vndk/0001-protobuf-avi.patch"; #Work around ABI changes from compiler hardening (GrapheneOS)
 fi;
 
 if enterAndClear "system/bt"; then
-applyPatch "$DOS_PATCHES/android_system_bt/360969.patch"; #R_asb_2023-07 Fix gatt_end_operation buffer overflow
-applyPatch "$DOS_PATCHES/android_system_bt/365979.patch"; #R_asb_2023-09 Fix an integer overflow bug in avdt_msg_asmbl
-applyPatch "$DOS_PATCHES/android_system_bt/365980.patch"; #R_asb_2023-09 Fix integer overflow in build_read_multi_rsp
-applyPatch "$DOS_PATCHES/android_system_bt/365981.patch"; #R_asb_2023-09 Fix potential abort in btu_av_act.cc
-applyPatch "$DOS_PATCHES/android_system_bt/365982.patch"; #R_asb_2023-09 Fix UAF in gatt_cl.cc
 applyPatch "$DOS_PATCHES_COMMON/android_system_bt/0001-alloc_size.patch"; #Add alloc_size attributes to the allocator (GrapheneOS)
 #applyPatch "$DOS_PATCHES/android_system_bt/272648.patch"; #ten-bt-sbc-hd-dualchannel: Increase maximum Bluetooth SBC codec bitrate for SBC HD (ValdikSS)
 #applyPatch "$DOS_PATCHES/android_system_bt/272649.patch"; #ten-bt-sbc-hd-dualchannel: Explicit SBC Dual Channel (SBC HD) support (ValdikSS)
 #applyPatch "$DOS_PATCHES/android_system_bt/272650.patch"; #ten-bt-sbc-hd-dualchannel: Allow using alternative (higher) SBC HD bitrates with a property (ValdikSS)
 fi;
 
-if enterAndClear "vendor/qcom/opensource/commonsys/system/bt"; then
-applyPatch "$DOS_PATCHES/android_vendor_qcom_opensource_commonsys_system_bt/360975.patch"; #R_asb_2023-07 Fix gatt_end_operation buffer overflow
-applyPatch "$DOS_PATCHES/android_vendor_qcom_opensource_commonsys_system_bt/365984.patch"; #R_asb_2023-09 Fix an integer overflow bug in avdt_msg_asmbl
-applyPatch "$DOS_PATCHES/android_vendor_qcom_opensource_commonsys_system_bt/365985.patch"; #R_asb_2023-09 Fix integer overflow in build_read_multi_rsp
-applyPatch "$DOS_PATCHES/android_vendor_qcom_opensource_commonsys_system_bt/365986.patch"; #R_asb_2023-09 Fix potential abort in btu_av_act.cc
-applyPatch "$DOS_PATCHES/android_vendor_qcom_opensource_commonsys_system_bt/365987.patch"; #R_asb_2023-09 Fix UAF in gatt_cl.cc
-fi;
-
 if enterAndClear "system/ca-certificates"; then
 rm -rf files; #Remove old certs
 cp -r "$DOS_PATCHES_COMMON/android_system_ca-certificates/files" .; #Copy the new ones into place
@@ -475,18 +404,6 @@ applyPatch "$DOS_PATCHES/android_system_netd/0001-Network_Permission.patch"; #Ex
 applyPatch "$DOS_PATCHES/android_system_netd/0002-hosts_toggle.patch"; #Add a toggle to disable /etc/hosts lookup (DivestOS)
 fi;
 
-if enterAndClear "system/nfc"; then
-applyPatch "$DOS_PATCHES/android_system_nfc/360972.patch"; #R_asb_2023-07 OOBW in rw_i93_send_to_upper()
-fi;
-
-if enterAndClear "vendor/nxp/opensource/commonsys/external/libnfc-nci"; then
-applyPatch "$DOS_PATCHES/android_vendor_nxp_opensource_commonsys_external_libnfc-nci/360974.patch"; #R_asb_2023-07 OOBW in rw_i93_send_to_upper()
-fi;
-
-if enterAndClear "vendor/nxp/opensource/commonsys/packages/apps/Nfc/"; then
-applyPatch "$DOS_PATCHES/android_vendor_nxp_opensource_commonsys_packages_apps_Nfc/365983.patch"; #R_asb_2023-09 Ensure that SecureNFC setting cannot be bypassed
-fi;
-
 if enterAndClear "system/sepolicy"; then
 applyPatch "$DOS_PATCHES/android_system_sepolicy/0002-protected_files.patch"; #label protected_{fifos,regular} as proc_security (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_system_sepolicy/0003-ptrace_scope-1.patch"; #Allow init to control kernel.yama.ptrace_scope (GrapheneOS)
diff --git a/Scripts/LineageOS-20.0/Functions.sh b/Scripts/LineageOS-20.0/Functions.sh
index 49344192..197ad294 100644
--- a/Scripts/LineageOS-20.0/Functions.sh
+++ b/Scripts/LineageOS-20.0/Functions.sh
@@ -141,6 +141,7 @@ patchWorkspaceReal() {
 
 	source build/envsetup.sh;
 	repopick -i 361248; #Launcher3: Allow toggling monochrome icons for all apps
+	repopick -it T_asb_2023-10;
 
 	sh "$DOS_SCRIPTS/Patch.sh";
 	sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";
diff --git a/Scripts/LineageOS-20.0/Patch.sh b/Scripts/LineageOS-20.0/Patch.sh
index ef412010..10972ea9 100644
--- a/Scripts/LineageOS-20.0/Patch.sh
+++ b/Scripts/LineageOS-20.0/Patch.sh
@@ -97,7 +97,6 @@ applyPatch "$DOS_PATCHES/android_build/0004-Selective_APEX.patch"; #Only enable
 sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
 sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_util.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
 #sed -i 's/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := true/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := false/' core/product_config.mk; #broken by hardenDefconfig
-sed -i 's/2023-09-05/2023-10-01/' core/version_defaults.mk; #Bump Security String #XXX ASB-2023-10
 fi;
 
 if enterAndClear "build/soong"; then
@@ -124,7 +123,7 @@ fi;
 fi;
 
 if enterAndClear "external/libxml2"; then
-git am $DOS_PATCHES/ASB-2023-10/libxml-*.patch;
+git fetch https://github.com/LineageOS/android_external_libxml2 refs/changes/46/367946/1 && git cherry-pick FETCH_HEAD; #T_asb_2023-10
 fi;
 
 if enterAndClear "frameworks/av"; then
@@ -132,7 +131,6 @@ git am $DOS_PATCHES/ASB-2023-10/av-*.patch;
 fi;
 
 if enterAndClear "frameworks/base"; then
-git am $DOS_PATCHES/ASB-2023-10/base-*.patch;
 git revert --no-edit d36faad3267522c6d3ff91ba9dcca8f6274bccd1; #Reverts "JobScheduler: Respect allow-in-power-save perm" in favor of below patch
 git revert --no-edit 90d6826548189ca850d91692e71fcc1be426f453; #Reverts "Remove sensitive info from SUPL requests" in favor of below patch
 applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS)
@@ -223,7 +221,6 @@ applyPatch "$DOS_PATCHES/android_frameworks_libs_systemui/0001-Icon_Cache.patch"
 fi;
 
 if enterAndClear "frameworks/native"; then
-git am $DOS_PATCHES/ASB-2023-10/native-*.patch;
 applyPatch "$DOS_PATCHES/android_frameworks_native/0001-Sensors_Permission.patch"; #Require OTHER_SENSORS permission for sensors (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_frameworks_native/0001-Sensors_Permission-a1.patch"; #Protect step sensors with OTHER_SENSORS permission for targetSdk<29 apps (GrapheneOS)
 fi;
@@ -316,7 +313,6 @@ applyPatch "$DOS_PATCHES/android_packages_apps_OpenEUICC/0001-hacky-fix.patch";
 fi;
 
 if enterAndClear "packages/apps/Settings"; then
-git am $DOS_PATCHES/ASB-2023-10/settings-*.patch;
 git revert --no-edit 41b4ed345a91da1dd46c00ee11a151c2b5ff4f43;
 applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0004-Private_DNS.patch"; #More 'Private DNS' options (heavily based off of a CalyxOS patch)
 applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0005-Automatic_Reboot.patch"; #Timeout for reboot (GrapheneOS)
@@ -361,10 +357,6 @@ applyPatch "$DOS_PATCHES/android_packages_inputmethods_LatinIME/0001-Voice.patch
 applyPatch "$DOS_PATCHES/android_packages_inputmethods_LatinIME/0002-Disable_Personalization.patch"; #Disable personalization dictionary by default (GrapheneOS)
 fi;
 
-if enterAndClear "packages/modules/Bluetooth"; then
-git am $DOS_PATCHES/ASB-2023-10/bluetooth-*.patch;
-fi;
-
 if enterAndClear "packages/modules/Connectivity"; then
 applyPatch "$DOS_PATCHES/android_packages_modules_Connectivity/0001-Network_Permission-1.patch"; #Skip reportNetworkConnectivity() when permission is revoked (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_packages_modules_Connectivity/0001-Network_Permission-2.patch"; #Enforce INTERNET permission per-uid instead of per-appId (GrapheneOS)
@@ -391,7 +383,6 @@ applyPatch "$DOS_PATCHES/android_packages_modules_Permission/0006-Location_Indic
 fi;
 
 if enterAndClear "packages/modules/Wifi"; then
-git am $DOS_PATCHES/ASB-2023-10/wifi-*.patch;
 applyPatch "$DOS_PATCHES/android_packages_modules_Wifi/344228.patch"; #wifi: resurrect mWifiLinkLayerStatsSupported counter (sassmann)
 applyPatch "$DOS_PATCHES/android_packages_modules_Wifi/0001-Random_MAC.patch"; #Add support for always generating new random MAC (GrapheneOS)
 fi;
@@ -400,19 +391,10 @@ if enterAndClear "packages/providers/DownloadProvider"; then
 applyPatch "$DOS_PATCHES/android_packages_providers_DownloadProvider/0001-Network_Permission.patch"; #Expose the NETWORK permission (GrapheneOS)
 fi;
 
-if enterAndClear "packages/providers/MediaProvider"; then
-git am $DOS_PATCHES/ASB-2023-10/mediaprovider-*.patch;
-fi;
-
-
 #if enterAndClear "packages/providers/TelephonyProvider"; then
 #cp $DOS_PATCHES_COMMON/android_packages_providers_TelephonyProvider/carrier_list.* assets/latest_carrier_id/;
 #fi;
 
-if enterAndClear "packages/services/Telecomm"; then
-git am $DOS_PATCHES/ASB-2023-10/telecomm-*.patch;
-fi;
-
 if enterAndClear "system/ca-certificates"; then
 rm -rf files; #Remove old certs
 cp -r "$DOS_PATCHES_COMMON/android_system_ca-certificates/files" .; #Copy the new ones into place
@@ -444,10 +426,9 @@ git revert --no-edit ac104e8990f3be3a3f111241e9328e7f98bfb912; #Do not skip payl
 fi;
 
 if enterAndClear "tools/apksig"; then
-git am $DOS_PATCHES/ASB-2023-10/apksig-*.patch;
+git fetch https://github.com/LineageOS/android_tools_apksig refs/changes/64/367964/1 && git cherry-pick FETCH_HEAD; #T_asb_2023-10
 fi;
 
-
 if enterAndClear "vendor/lineage"; then
 rm build/target/product/security/lineage.x509.pem; #Remove Lineage keys
 rm -rf overlay/common/lineage-sdk/packages/LineageSettingsProvider/res/values/defaults.xml; #Remove analytics