Signed-off-by: Tavi <tavi@divested.dev>
This commit is contained in:
Tavi 2024-09-06 14:52:17 -04:00
parent b9216efdb3
commit c6299eef89
No known key found for this signature in database
GPG Key ID: E599F62ECBAEAF2E
4 changed files with 181 additions and 2 deletions

View File

@ -0,0 +1,148 @@
From 973d345da476bc0b9ce7618625dac9184d6d001e Mon Sep 17 00:00:00 2001
From: Kiran Ramachandra <kiranmr@google.com>
Date: Thu, 30 May 2024 21:21:12 +0000
Subject: [PATCH] DO NOT MERGE Ignore - Sanitized uri scheme by removing scheme
delimiter
Initially considered removing unsupported characters as per IANA guidelines, but this could break applications that use custom schemes with asterisks. Instead, opted to remove only the "://" to minimize disruption
Bug: 261721900
Test: atest FrameworksCoreTests:android.net.UriTest
No-Typo-Check: The unit test is specifically written to test few cases, string "http://https://" is not a typo
NOTE FOR REVIEWERS - original patch and result patch are not identical.
PLEASE REVIEW CAREFULLY.
Diffs between the patches:
@AsbSecurityTest(cveBugId = 261721900)
> + @SmallTest
> + public void testSchemeSanitization() {
> + Uri uri = new Uri.Builder()
> + .scheme("http://https://evil.com:/te:st/")
> + .authority("google.com").path("one/way").build();
> + assertEquals("httphttpsevil.com:/te:st/", uri.getScheme());
> + assertEquals("httphttpsevil.com:/te:st/://google.com/one/way", uri.toString());
> + }
> +
Original patch:
diff --git a/core/java/android/net/Uri.java b/core/java/android/net/Uri.java
old mode 100644
new mode 100644
Change-Id: I3c78085473351b6f424ced5e6365d5ced05ee689
--- a/core/java/android/net/Uri.java
+++ b/core/java/android/net/Uri.java
@@ -1388,7 +1388,11 @@
* @param scheme name or {@code null} if this is a relative Uri
*/
public Builder scheme(String scheme) {
- this.scheme = scheme;
+ if (scheme != null) {
+ this.scheme = scheme.replace("://", "");
+ } else {
+ this.scheme = null;
+ }
return this;
}
diff --git a/core/tests/coretests/src/android/net/UriTest.java b/core/tests/coretests/src/android/net/UriTest.java
old mode 100644
new mode 100644
--- a/core/tests/coretests/src/android/net/UriTest.java
+++ b/core/tests/coretests/src/android/net/UriTest.java
@@ -87,6 +87,16 @@
assertNull(u.getAuthority());
assertNull(u.getHost());
}
+
+ @AsbSecurityTest(cveBugId = 261721900)
+ @SmallTest
+ public void testSc
[[[Original patch trimmed due to size. Decoded string size: 1426. Decoded string SHA1: 55d69e9f854938457b2d98b18776898b16c2dd54.]]]
Result patch:
diff --git a/core/java/android/net/Uri.java b/core/java/android/net/Uri.java
index 3da696a..f0262e9 100644
--- a/core/java/android/net/Uri.java
+++ b/core/java/android/net/Uri.java
@@ -1388,7 +1388,11 @@
* @param scheme name or {@code null} if this is a relative Uri
*/
public Builder scheme(String scheme) {
- this.scheme = scheme;
+ if (scheme != null) {
+ this.scheme = scheme.replace("://", "");
+ } else {
+ this.scheme = null;
+ }
return this;
}
diff --git a/core/tests/coretests/src/android/net/UriTest.java b/core/tests/coretests/src/android/net/UriTest.java
index 89632a4..8c130ee 100644
--- a/core/tests/coretests/src/android/net/UriTest.java
+++ b/core/tests/coretests/src/android/net/UriTest.java
@@ -88,6 +88,16 @@
assertNull(u.getHost());
}
+ @AsbSecurityTest(cveBugId = 261721900)
+ @SmallTest
+ public void testSchemeSanitization() {
+ Uri uri = new
[[[Result patch trimmed due to size. Decoded string size: 1417. Decoded string SHA1: f9ce831a369872ae9bfd9f50f01dd394682e0f3f.]]]
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:557941ca0cf59da66db4fad12c2139ce80922f4a)
Merged-In: Icab100bd4ae9b1c8245e6f891ad22101bda5eea5
Change-Id: Icab100bd4ae9b1c8245e6f891ad22101bda5eea5
---
core/java/android/net/Uri.java | 6 +++++-
core/tests/coretests/src/android/net/UriTest.java | 11 +++++++++++
2 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/core/java/android/net/Uri.java b/core/java/android/net/Uri.java
index 6c069be07e3ec..9b7153ba7076e 100644
--- a/core/java/android/net/Uri.java
+++ b/core/java/android/net/Uri.java
@@ -1347,7 +1347,11 @@ public Builder() {}
* @param scheme name or {@code null} if this is a relative Uri
*/
public Builder scheme(String scheme) {
- this.scheme = scheme;
+ if (scheme != null) {
+ this.scheme = scheme.replace("://", "");
+ } else {
+ this.scheme = null;
+ }
return this;
}
diff --git a/core/tests/coretests/src/android/net/UriTest.java b/core/tests/coretests/src/android/net/UriTest.java
index ea0347d67ad74..6c9fdd5a83a78 100644
--- a/core/tests/coretests/src/android/net/UriTest.java
+++ b/core/tests/coretests/src/android/net/UriTest.java
@@ -18,6 +18,7 @@
import android.content.ContentUris;
import android.os.Parcel;
+import android.platform.test.annotations.AsbSecurityTest;
import android.test.suitebuilder.annotation.SmallTest;
import junit.framework.TestCase;
@@ -83,6 +84,16 @@ public void testBuildUponOpaqueStringUri() {
assertNull(u.getHost());
}
+ @AsbSecurityTest(cveBugId = 261721900)
+ @SmallTest
+ public void testSchemeSanitization() {
+ Uri uri = new Uri.Builder()
+ .scheme("http://https://evil.com:/te:st/")
+ .authority("google.com").path("one/way").build();
+ assertEquals("httphttpsevil.com:/te:st/", uri.getScheme());
+ assertEquals("httphttpsevil.com:/te:st/://google.com/one/way", uri.toString());
+ }
+
@SmallTest
public void testStringUri() {
assertEquals("bob lee",

View File

@ -0,0 +1,28 @@
From 16cf36cd7d7beb9d108da511da90ab4b404ea7bb Mon Sep 17 00:00:00 2001
From: Chaohui Wang <chaohuiw@google.com>
Date: Thu, 2 Nov 2023 11:43:00 +0800
Subject: [PATCH] Limit wifi item edit content's max length to 500
Bug: 293199910
Test: manual - on "Add network"
(cherry picked from commit 855053ca4124f2d515b21c469096f8c18bd4829d)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:092668676af741719d50ac0f121a8f8461aa21ad)
Merged-In: I303b8c6e0f3c3a1174a047ba98f302042e5db9ae
Change-Id: I303b8c6e0f3c3a1174a047ba98f302042e5db9ae
---
res/values/styles.xml | 1 +
1 file changed, 1 insertion(+)
diff --git a/res/values/styles.xml b/res/values/styles.xml
index 11e4afb6dc4..723d505618b 100644
--- a/res/values/styles.xml
+++ b/res/values/styles.xml
@@ -244,6 +244,7 @@
<item name="android:paddingStart">4dip</item>
<item name="android:layout_marginStart">4dip</item>
<item name="android:textSize">18sp</item>
+ <item name="android:maxLength">500</item>
</style>
<style name="wifi_section">

View File

@ -82,7 +82,7 @@ sed -i '50i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aap
sed -i '296iLOCAL_AAPT_FLAGS += --auto-add-overlay' core/package_internal.mk;
awk -i inplace '!/Email/' target/product/core.mk; #Remove Email
awk -i inplace '!/Exchange2/' target/product/core.mk;
sed -i 's/2021-06-05/2024-08-05/' core/version_defaults.mk; #Bump Security String #n-asb-2024-08 #XXX
sed -i 's/2021-06-05/2024-09-05/' core/version_defaults.mk; #Bump Security String #n-asb-2024-09 #XXX
fi;
if enterAndClear "device/qcom/sepolicy"; then
@ -292,6 +292,7 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/393648.patch"; #n-asb-2024-06 C
applyPatch "$DOS_PATCHES/android_frameworks_base/393649.patch"; #n-asb-2024-06 AccessibilityManagerService: remove uninstalled services from enabled list after service update.
applyPatch "$DOS_PATCHES/android_frameworks_base/396611.patch"; #n-asb-2024-07 Verify UID of incoming Zygote connections.
applyPatch "$DOS_PATCHES/android_frameworks_base/399269.patch"; #n-asb-2024-08 Restrict USB poups while setup is in progress
applyPatch "$DOS_PATCHES/android_frameworks_base/400926.patch"; #n-asb-2024-09 Sanitized uri scheme by removing scheme delimiter
git revert --no-edit 0326bb5e41219cf502727c3aa44ebf2daa19a5b3; #Re-enable doze on devices without gms
applyPatch "$DOS_PATCHES/android_frameworks_base/248599.patch"; #Make SET_TIME_ZONE permission match SET_TIME (AOSP)
applyPatch "$DOS_PATCHES/android_frameworks_base/0001-Reduced_Resolution.patch"; #Allow reducing resolution to save power TODO: Add 800x480 (DivestOS)
@ -468,6 +469,7 @@ applyPatch "$DOS_PATCHES/android_packages_apps_Settings/334875.patch"; #n-asb-20
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/345679.patch"; #n-asb-2022-12 Add FLAG_SECURE for ChooseLockPassword and Pattern
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/358738.patch"; #n-asb-2023-06 Convert argument to intent in AddAccountSettings.
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/367639.patch"; #n-asb-2023-10 Restrict ApnEditor settings
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/400927.patch"; #n-asb-2024-09 Limit wifi item edit content's max length to 500
git revert --no-edit 2ebe6058c546194a301c1fd22963d6be4adbf961; #Don't hide OEM unlock
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/201113.patch"; #wifi: Add world regulatory domain country code (syphyr)
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969)

View File

@ -162,7 +162,8 @@ patchWorkspaceReal() {
verifyAllPlatformTags;
gpgVerifyGitHead "$DOS_BUILD_BASE/external/chromium-webview";
#source build/envsetup.sh;
source build/envsetup.sh;
repopick -it T_asb_2024-09;
sh "$DOS_SCRIPTS/Patch.sh";
sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";