Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2025-03-25 15:08:16 -04:00
Code Issues Packages Projects Releases Wiki Activity

Reconcile picks

Browse Source 
no effective change:
https://review.lineageos.org/q/topic:%22P_asb_2024-05%22

gains 8 patches:
https://review.lineageos.org/q/topic:%22Q_asb_2024-06%22
https://review.lineageos.org/q/topic:%22Q_asb_2024-07%22

Signed-off-by: Tavi <tavi@divested.dev>
This commit is contained in:
Tavi 2024-08-05 16:03:46 -04:00
parent f07e0f4722
commit d2d0c48a25
No known key found for this signature in database
GPG Key ID: E599F62ECBAEAF2E
22 changed files with 874 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Patches/LineageOS-17.1/android_frameworks_base/394553.patch → Patches/LineageOS-17.1/android_frameworks_base/399072.patch
View File

@ -1,4 +1,4 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From 3ec9c56bd4ac40cf11f00866639b37a955eabc8b Mon Sep 17 00:00:00 2001
From: Jing Ji <jji@google.com>
Date: Tue, 25 Oct 2022 22:39:52 -0700
Subject: [PATCH] DO NOT MERGE: ActivityManager#killBackgroundProcesses can
@ -13,16 +13,16 @@ Test: atest CtsAppTestCases:ActivityManagerTest
Merged-In: Iac6baa889965b8ffecd9a43179a4c96632ad1d02
AOSP-Change-Id: Iac6baa889965b8ffecd9a43179a4c96632ad1d02
Change-Id: I41cd6fa1f71e950db18a9fd450355c4e6f80ec7d
Change-Id: I3a39b5e2b2ff0c314972ddeccb012894de704de8
---
.../server/am/ActivityManagerService.java | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index 98d7cecd81ca..bcb7276b4014 100644
index 41b1ddaf887bb..bcb7276b4014e 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -4217,6 +4217,22 @@ public class ActivityManagerService extends IActivityManager.Stub
@@ -4268,6 +4268,22 @@ void killAllBackgroundProcessesExcept(int minTargetSdk, int maxProcState) {
throw new SecurityException(msg);
}

10
Patches/LineageOS-17.1/android_frameworks_base/394554.patch → Patches/LineageOS-17.1/android_frameworks_base/399073.patch
View File

@ -1,4 +1,4 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From a948eaf29141a1f176a9345fb9ec72502c2a8953 Mon Sep 17 00:00:00 2001
From: Jing Ji <jji@google.com>
Date: Thu, 19 Oct 2023 14:22:58 -0700
Subject: [PATCH] DO NOT MERGE: Fix ActivityManager#killBackgroundProcesses
@ -12,16 +12,18 @@ Bug: 223376078
Test: atest CtsAppTestCases:ActivityManagerTest
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:140fce861944419a375c669010c6c47cd7ff5b37)
Merged-In: I9471a77188ee63ec32cd0c81569193e4ccad885b
Change-Id: I9471a77188ee63ec32cd0c81569193e4ccad885b
AOSP-Change-Id: I9471a77188ee63ec32cd0c81569193e4ccad885b
Change-Id: I1b1e683b6a92b0fa2a844a99bedcccac8c980e58
---
.../server/am/ActivityManagerService.java | 16 ----------------
1 file changed, 16 deletions(-)
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index bcb7276b4014..41b1ddaf887b 100644
index bcb7276b4014e..41b1ddaf887bb 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -4268,22 +4268,6 @@ public class ActivityManagerService extends IActivityManager.Stub
@@ -4268,22 +4268,6 @@ void killAllBackgroundProcessesExcept(int minTargetSdk, int maxProcState) {
throw new SecurityException(msg);
}

17
Patches/LineageOS-17.1/android_frameworks_base/394555-backport.patch → Patches/LineageOS-17.1/android_frameworks_base/399074.patch
View File

@ -1,4 +1,4 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From 3c2f186cb27ba2bfad1639deabccc82bf4593654 Mon Sep 17 00:00:00 2001
From: Valentin Iftime <valiiftime@google.com>
Date: Thu, 1 Feb 2024 13:58:49 +0100
Subject: [PATCH] Verify URI permission for channel sound update from
@ -14,25 +14,26 @@ Bug: 317357401
Merged-In: Ic7d2e96e43565e98d2aa29b8f2ba35c142387ba9
Change-Id: Ic7d2e96e43565e98d2aa29b8f2ba35c142387ba9
---
.../NotificationManagerService.java | 21 ++++++
.../NotificationManagerService.java | 22 ++++++
.../NotificationManagerServiceTest.java | 67 +++++++++++++++++++
2 files changed, 88 insertions(+)
2 files changed, 89 insertions(+)
diff --git a/services/core/java/com/android/server/notification/NotificationManagerService.java b/services/core/java/com/android/server/notification/NotificationManagerService.java
index 7b1c0ac27ab3..ca957e4d16e3 100755
index 7b1c0ac27ab30..110cfe190ef51 100755
--- a/services/core/java/com/android/server/notification/NotificationManagerService.java
+++ b/services/core/java/com/android/server/notification/NotificationManagerService.java
@@ -4333,6 +4333,9 @@ public class NotificationManagerService extends SystemService {
@@ -4333,6 +4333,10 @@ public void updateNotificationChannelFromPrivilegedListener(INotificationListene
Preconditions.checkNotNull(user);
verifyPrivilegedListener(token, user, false);
+
+ final NotificationChannel originalChannel = mPreferencesHelper.getNotificationChannel(
+ pkg, getUidForPackageAndUser(pkg, user), channel.getId(), true);
+ verifyPrivilegedListenerUriPermission(Binder.getCallingUid(), channel, originalChannel);
updateNotificationChannelInt(pkg, getUidForPackageAndUser(pkg, user), channel, true);
}
@@ -4412,6 +4415,24 @@ public class NotificationManagerService extends SystemService {
@@ -4412,6 +4416,24 @@ private void verifyPrivilegedListener(INotificationListener token, UserHandle us
}
}
@ -58,10 +59,10 @@ index 7b1c0ac27ab3..ca957e4d16e3 100755
int uid = 0;
long identity = Binder.clearCallingIdentity();
diff --git a/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java b/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java
index 0e8cea43063b..403772d0f875 100755
index 0e8cea43063b9..403772d0f875d 100755
--- a/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java
+++ b/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java
@@ -2037,6 +2037,73 @@ public class NotificationManagerServiceTest extends UiServiceTestCase {
@@ -2037,6 +2037,73 @@ public void testUpdateNotificationChannelFromPrivilegedListener_badUser() throws
eq(NotificationListenerService.NOTIFICATION_CHANNEL_OR_GROUP_UPDATED));
}

149
Patches/LineageOS-17.1/android_frameworks_base/399075.patch Normal file
View File

@ -0,0 +1,149 @@
From 2614bceca6ee68a8c0d8d7d6a6267ef740622148 Mon Sep 17 00:00:00 2001
From: Pinyao Ting <pinyaoting@google.com>
Date: Thu, 30 Nov 2023 23:12:39 +0000
Subject: [PATCH] Added throttle when reporting shortcut usage
Bug: 304290201
Test: manual
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:76121eb73d4c40829d5513b073871333520fe0a2)
Merged-In: I96370cbd4f6a55f894c1a93307e5f82dfd394652
Change-Id: I96370cbd4f6a55f894c1a93307e5f82dfd394652
---
.../android/server/pm/ShortcutPackage.java | 35 +++++++++++++++++++
.../android/server/pm/ShortcutService.java | 12 +++----
.../server/pm/ShortcutManagerTest2.java | 2 ++
3 files changed, 41 insertions(+), 8 deletions(-)
diff --git a/services/core/java/com/android/server/pm/ShortcutPackage.java b/services/core/java/com/android/server/pm/ShortcutPackage.java
index c6bc7576147f7..da018ad041799 100644
--- a/services/core/java/com/android/server/pm/ShortcutPackage.java
+++ b/services/core/java/com/android/server/pm/ShortcutPackage.java
@@ -19,6 +19,7 @@
import android.annotation.Nullable;
import android.annotation.UserIdInt;
import android.app.Person;
+import android.app.usage.UsageStatsManagerInternal;
import android.content.ComponentName;
import android.content.Intent;
import android.content.IntentFilter;
@@ -28,12 +29,14 @@
import android.content.pm.ShortcutManager;
import android.content.res.Resources;
import android.os.PersistableBundle;
+import android.os.SystemClock;
import android.text.format.Formatter;
import android.util.ArrayMap;
import android.util.ArraySet;
import android.util.Log;
import android.util.Slog;
+import com.android.internal.annotations.GuardedBy;
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.util.ArrayUtils;
import com.android.internal.util.Preconditions;
@@ -119,6 +122,11 @@ class ShortcutPackage extends ShortcutPackageItem {
private static final String KEY_BITMAPS = "bitmaps";
private static final String KEY_BITMAP_BYTES = "bitmapBytes";
+ @VisibleForTesting
+ public static final int REPORT_USAGE_BUFFER_SIZE = 3;
+
+ private final Object mLock = new Object();
+
/**
* All the shortcuts from the package, keyed on IDs.
*/
@@ -143,6 +151,9 @@ class ShortcutPackage extends ShortcutPackageItem {
private long mLastKnownForegroundElapsedTime;
+ @GuardedBy("mLock")
+ private List<Long> mLastReportedTime = new ArrayList<>();
+
private ShortcutPackage(ShortcutUser shortcutUser,
int packageUserId, String packageName, ShortcutPackageInfo spi) {
super(shortcutUser, packageUserId, packageName,
@@ -1352,6 +1363,30 @@ public boolean hasNonManifestShortcuts() {
return false;
}
+ void reportShortcutUsed(@NonNull final UsageStatsManagerInternal usageStatsManagerInternal,
+ @NonNull final String shortcutId) {
+ synchronized (mLock) {
+ final long currentTS = SystemClock.elapsedRealtime();
+ final ShortcutService s = mShortcutUser.mService;
+ if (mLastReportedTime.isEmpty()
+ || mLastReportedTime.size() < REPORT_USAGE_BUFFER_SIZE) {
+ mLastReportedTime.add(currentTS);
+ } else if (currentTS - mLastReportedTime.get(0) > s.mSaveDelayMillis) {
+ mLastReportedTime.remove(0);
+ mLastReportedTime.add(currentTS);
+ } else {
+ return;
+ }
+ final long token = s.injectClearCallingIdentity();
+ try {
+ usageStatsManagerInternal.reportShortcutUsage(getPackageName(), shortcutId,
+ getUser().getUserId());
+ } finally {
+ s.injectRestoreCallingIdentity(token);
+ }
+ }
+ }
+
public void dump(@NonNull PrintWriter pw, @NonNull String prefix, DumpFilter filter) {
pw.println();
diff --git a/services/core/java/com/android/server/pm/ShortcutService.java b/services/core/java/com/android/server/pm/ShortcutService.java
index 2e2883dcb2a52..c18cdcb891409 100644
--- a/services/core/java/com/android/server/pm/ShortcutService.java
+++ b/services/core/java/com/android/server/pm/ShortcutService.java
@@ -315,7 +315,7 @@ public boolean test(PackageInfo pi) {
private CompressFormat mIconPersistFormat;
private int mIconPersistQuality;
- private int mSaveDelayMillis;
+ int mSaveDelayMillis;
private final IPackageManager mIPackageManager;
private final PackageManagerInternal mPackageManagerInternal;
@@ -2285,10 +2285,11 @@ public void reportShortcutUsed(String packageName, String shortcutId, int userId
shortcutId, packageName, userId));
}
+ final ShortcutPackage ps;
synchronized (mLock) {
throwIfUserLockedL(userId);
- final ShortcutPackage ps = getPackageShortcutsForPublisherLocked(packageName, userId);
+ ps = getPackageShortcutsForPublisherLocked(packageName, userId);
if (ps.findShortcutById(shortcutId) == null) {
Log.w(TAG, String.format("reportShortcutUsed: package %s doesn't have shortcut %s",
@@ -2297,12 +2298,7 @@ public void reportShortcutUsed(String packageName, String shortcutId, int userId
}
}
- final long token = injectClearCallingIdentity();
- try {
- mUsageStatsManagerInternal.reportShortcutUsage(packageName, shortcutId, userId);
- } finally {
- injectRestoreCallingIdentity(token);
- }
+ ps.reportShortcutUsed(mUsageStatsManagerInternal, shortcutId);
}
@Override
diff --git a/services/tests/servicestests/src/com/android/server/pm/ShortcutManagerTest2.java b/services/tests/servicestests/src/com/android/server/pm/ShortcutManagerTest2.java
index 18970322d854c..27cf3502d489c 100644
--- a/services/tests/servicestests/src/com/android/server/pm/ShortcutManagerTest2.java
+++ b/services/tests/servicestests/src/com/android/server/pm/ShortcutManagerTest2.java
@@ -1940,6 +1940,8 @@ public void testThrottling_resetByInternalCall() throws Exception {
public void testReportShortcutUsed() {
mRunningUsers.put(USER_10, true);
+ mService.updateConfigurationLocked(
+ ShortcutService.ConfigConstants.KEY_SAVE_DELAY_MILLIS + "=1");
runWithCaller(CALLING_PACKAGE_1, USER_10, () -> {
reset(mMockUsageStatsManagerInternal);

53
Patches/LineageOS-17.1/android_frameworks_base/399076.patch Normal file
View File

@ -0,0 +1,53 @@
From a8d8d9bb68570d395ddb20449ee466e2b468840c Mon Sep 17 00:00:00 2001
From: Pinyao Ting <pinyaoting@google.com>
Date: Tue, 20 Jul 2021 00:01:29 +0000
Subject: [PATCH] Prevend user spoofing in isRequestPinItemSupported
This CL ensure the caller process is from the same user when calling
ShortcutService#isRequestPinItemSupported.
Bug: 191772737
Test: atest ShortcutManagerTest1 ShortcutManagerTest2
ShortcutManagerTest3 ShortcutManagerTest4 ShortcutManagerTest5
ShortcutManagerTest6 ShortcutManagerTest7 ShortcutManagerTest8
ShortcutManagerTest9 ShortcutManagerTest10 ShortcutManagerTest11
ShortcutManagerTest12
Test: atest CtsShortcutManagerTestCases
Change-Id: Icab7cdf25b870b88ecfde9b99e107bbeda0eb485
---
.../com/android/server/pm/ShortcutService.java | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/services/core/java/com/android/server/pm/ShortcutService.java b/services/core/java/com/android/server/pm/ShortcutService.java
index c18cdcb891409..f4c8127439181 100644
--- a/services/core/java/com/android/server/pm/ShortcutService.java
+++ b/services/core/java/com/android/server/pm/ShortcutService.java
@@ -1566,6 +1566,19 @@ void injectEnforceCallingPermission(
mContext.enforceCallingPermission(permission, message);
}
+ private void verifyCallerUserId(@UserIdInt int userId) {
+ if (isCallerSystem()) {
+ return; // no check
+ }
+
+ final int callingUid = injectBinderCallingUid();
+
+ // Otherwise, make sure the arguments are valid.
+ if (UserHandle.getUserId(callingUid) != userId) {
+ throw new SecurityException("Invalid user-ID");
+ }
+ }
+
private void verifyCaller(@NonNull String packageName, @UserIdInt int userId) {
Preconditions.checkStringNotEmpty(packageName, "packageName");
@@ -2303,6 +2316,8 @@ public void reportShortcutUsed(String packageName, String shortcutId, int userId
@Override
public boolean isRequestPinItemSupported(int callingUserId, int requestType) {
+ verifyCallerUserId(callingUserId);
+
final long token = injectClearCallingIdentity();
try {
return mShortcutRequestPinProcessor

30
Patches/LineageOS-17.1/android_frameworks_base/394556-backport.patch → Patches/LineageOS-17.1/android_frameworks_base/399077.patch
View File

@ -1,4 +1,4 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From c2cf66ca1d5a676a8b29049c54c5117f1e2a5c72 Mon Sep 17 00:00:00 2001
From: Valentin Iftime <valiiftime@google.com>
Date: Thu, 22 Feb 2024 10:51:58 +0100
Subject: [PATCH] Check for NLS bind permission when rebinding services
@ -19,7 +19,7 @@ Change-Id: I11901755ec430c6e3145def9d67e4e63cda00806
2 files changed, 139 insertions(+), 23 deletions(-)
diff --git a/services/core/java/com/android/server/notification/ManagedServices.java b/services/core/java/com/android/server/notification/ManagedServices.java
index 4828bbfff676..f57cddafdc2a 100644
index 4828bbfff6762..2d9cfcb3ebb52 100644
--- a/services/core/java/com/android/server/notification/ManagedServices.java
+++ b/services/core/java/com/android/server/notification/ManagedServices.java
@@ -141,7 +141,9 @@ abstract public class ManagedServices {
@ -27,13 +27,13 @@ index 4828bbfff676..f57cddafdc2a 100644
// allowed to be bound as managed services. A package or component appearing in this list does
// not mean that we are currently bound to said package/component.
- private ArrayMap<Integer, ArrayMap<Boolean, ArraySet<String>>> mApproved = new ArrayMap<>();
+
+ @GuardedBy("mApproved")
+ private final ArrayMap<Integer, ArrayMap<Boolean, ArraySet<String>>> mApproved = new ArrayMap<>();
+ protected final ArrayMap<Integer, ArrayMap<Boolean, ArraySet<String>>> mApproved =
+ new ArrayMap<>();
// True if approved services are stored in xml, not settings.
private boolean mUseXml;
@@ -573,6 +575,23 @@ abstract public class ManagedServices {
@@ -573,6 +575,23 @@ protected boolean isPackageOrComponentAllowed(String pkgOrComponent, int userId)
return false;
}
@ -57,7 +57,7 @@ index 4828bbfff676..f57cddafdc2a 100644
protected boolean isPackageAllowed(String pkg, int userId) {
if (pkg == null) {
return false;
@@ -623,6 +642,7 @@ abstract public class ManagedServices {
@@ -623,6 +642,7 @@ public void onPackagesChanged(boolean removingPackage, String[] pkgList, int[] u
for (int uid : uidList) {
if (isPackageAllowed(pkgName, UserHandle.getUserId(uid))) {
anyServicesInvolved = true;
@ -65,7 +65,7 @@ index 4828bbfff676..f57cddafdc2a 100644
}
}
}
@@ -749,8 +769,7 @@ abstract public class ManagedServices {
@@ -749,8 +769,7 @@ protected void setComponentState(ComponentName component, boolean enabled) {
for (int i = 0; i < userIds.size(); i++) {
final int userId = userIds.get(i);
if (enabled) {
@ -75,7 +75,7 @@ index 4828bbfff676..f57cddafdc2a 100644
registerServiceLocked(component, userId);
} else {
Slog.d(TAG, component + " no longer has permission to be bound");
@@ -889,6 +908,33 @@ abstract public class ManagedServices {
@@ -889,6 +908,33 @@ private boolean removeUninstalledItemsFromApprovedLists(int uninstalledUserId, S
return removed;
}
@ -109,7 +109,7 @@ index 4828bbfff676..f57cddafdc2a 100644
protected String getPackageName(String packageOrComponent) {
final ComponentName component = ComponentName.unflattenFromString(packageOrComponent);
if (component != null) {
@@ -1048,26 +1094,20 @@ abstract public class ManagedServices {
@@ -1048,26 +1094,20 @@ private void bindToServices(SparseArray<Set<ComponentName>> componentsToBind) {
final int userId = componentsToBind.keyAt(i);
final Set<ComponentName> add = componentsToBind.get(userId);
for (ComponentName component : add) {
@ -149,7 +149,7 @@ index 4828bbfff676..f57cddafdc2a 100644
}
}
}
@@ -1081,6 +1121,15 @@ abstract public class ManagedServices {
@@ -1081,6 +1121,15 @@ private void registerService(final ComponentName name, final int userid) {
}
}
@ -165,7 +165,7 @@ index 4828bbfff676..f57cddafdc2a 100644
/**
* Inject a system service into the management list.
*/
@@ -1181,7 +1230,7 @@ abstract public class ManagedServices {
@@ -1181,7 +1230,7 @@ public void onBindingDied(ComponentName name) {
mHandler.postDelayed(new Runnable() {
@Override
public void run() {
@ -174,7 +174,7 @@ index 4828bbfff676..f57cddafdc2a 100644
}
}, ON_BINDING_DIED_REBIND_DELAY_MS);
} else {
@@ -1313,6 +1362,19 @@ abstract public class ManagedServices {
@@ -1313,6 +1362,19 @@ private void unbindService(ServiceConnection connection, ComponentName component
}
}
@ -195,10 +195,10 @@ index 4828bbfff676..f57cddafdc2a 100644
public IInterface service;
public ComponentName component;
diff --git a/services/tests/uiservicestests/src/com/android/server/notification/ManagedServicesTest.java b/services/tests/uiservicestests/src/com/android/server/notification/ManagedServicesTest.java
index 8aaf29a11033..cac620f409f3 100644
index 8aaf29a110332..cac620f409f32 100644
--- a/services/tests/uiservicestests/src/com/android/server/notification/ManagedServicesTest.java
+++ b/services/tests/uiservicestests/src/com/android/server/notification/ManagedServicesTest.java
@@ -28,8 +28,10 @@ import static org.mockito.Matchers.any;
@@ -28,8 +28,10 @@
import static org.mockito.Matchers.anyInt;
import static org.mockito.Matchers.eq;
import static org.mockito.Mockito.doAnswer;
@ -209,7 +209,7 @@ index 8aaf29a11033..cac620f409f3 100644
import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
@@ -624,6 +626,58 @@ public class ManagedServicesTest extends UiServiceTestCase {
@@ -624,6 +626,58 @@ public void testUpgradeAppBindsNewServices() throws Exception {
}
}

6
Patches/LineageOS-17.1/android_frameworks_base/394558-backport.patch → Patches/LineageOS-17.1/android_frameworks_base/399078.patch
View File

@ -1,4 +1,4 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From 4b0cceb626252107c4e532afee62533e166523e5 Mon Sep 17 00:00:00 2001
From: Yi-an Chen <theianchen@google.com>
Date: Tue, 20 Feb 2024 04:34:57 +0000
Subject: [PATCH] Fix error handling for non-dynamic permissions
@ -18,10 +18,10 @@ Change-Id: I7336f2fc78804f26e4b2a329870ecdea776595d8
1 file changed, 1 insertion(+)
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
index 2fcdec7c92d6..ed551795aad5 100644
index 2fcdec7c92d67..ed551795aad58 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@@ -1015,6 +1015,7 @@ public class PermissionManagerService {
@@ -1015,6 +1015,7 @@ private void removeDynamicPermission(
// TODO: switch this back to SecurityException
Slog.wtf(TAG, "Not allowed to modify non-dynamic permission "
+ permName);

8
Patches/LineageOS-17.1/android_frameworks_base/394559.patch → Patches/LineageOS-17.1/android_frameworks_base/399079.patch
View File

@ -1,4 +1,4 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From 8e3b69bbd4ae5f918dd783b190e298c74584e45c Mon Sep 17 00:00:00 2001
From: Dmitry Dementyev <dementyev@google.com>
Date: Tue, 26 Mar 2024 10:31:44 -0700
Subject: [PATCH] Add more checkKeyIntent checks to AccountManagerService.
@ -14,10 +14,10 @@ Change-Id: I9e45d758a2320328da5664b6341eafe6f285f297
1 file changed, 10 insertions(+)
diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java
index 326acdfe3a3f..bf577735d037 100644
index 326acdfe3a3f5..bf577735d0372 100644
--- a/services/core/java/com/android/server/accounts/AccountManagerService.java
+++ b/services/core/java/com/android/server/accounts/AccountManagerService.java
@@ -3479,6 +3479,11 @@ public class AccountManagerService
@@ -3479,6 +3479,11 @@ public void onResult(Bundle result) {
// Strip auth token from result.
result.remove(AccountManager.KEY_AUTHTOKEN);
@ -29,7 +29,7 @@ index 326acdfe3a3f..bf577735d037 100644
if (Log.isLoggable(TAG, Log.VERBOSE)) {
Log.v(TAG,
@@ -5062,6 +5067,11 @@ public class AccountManagerService
@@ -5062,6 +5067,11 @@ public void onResult(Bundle result) {
} else {
if (mStripAuthTokenFromResult) {
result.remove(AccountManager.KEY_AUTHTOKEN);

12
Patches/LineageOS-17.1/android_frameworks_base/394560.patch → Patches/LineageOS-17.1/android_frameworks_base/399080.patch
View File

@ -1,7 +1,8 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From 25baa1489699bb620c2ef8e4d78a265b85132c87 Mon Sep 17 00:00:00 2001
From: Haoran Zhang <haoranzhang@google.com>
Date: Wed, 13 Mar 2024 17:08:00 +0000
Subject: [PATCH] Add in check for intent filter when setting/updating service
Subject: [PATCH] [DO NOT MERGE][Autofill Framework] Add in check for intent
filter when setting/updating service
For test, I registered two tests around on ABTD. CtsAutoFillServiceTestCases module is passing except three known failures:
@ -9,6 +10,7 @@ Test run link:
- https://android-build.corp.google.com/builds/abtd/run/L33300030002610600
- https://android-build.corp.google.com/builds/abtd/run/L58100030002616607
Bug: b/324874908
Test: atest CtsAutoFillServiceTestCases
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:141d9d050346bfc4673c429382deb1b3d210f6ad)
@ -20,10 +22,10 @@ Change-Id: I51c2e3788ac29ff4d6b86aa2a735ff2ea1463a77
1 file changed, 27 insertions(+)
diff --git a/services/autofill/java/com/android/server/autofill/AutofillManagerServiceImpl.java b/services/autofill/java/com/android/server/autofill/AutofillManagerServiceImpl.java
index 1bd5201f5b26..58a1064682d3 100644
index 1bd5201f5b266..58a1064682d35 100644
--- a/services/autofill/java/com/android/server/autofill/AutofillManagerServiceImpl.java
+++ b/services/autofill/java/com/android/server/autofill/AutofillManagerServiceImpl.java
@@ -32,8 +32,10 @@ import android.app.ActivityManagerInternal;
@@ -32,8 +32,10 @@
import android.app.ActivityTaskManager;
import android.app.IActivityTaskManager;
import android.content.ComponentName;
@ -34,7 +36,7 @@ index 1bd5201f5b26..58a1064682d3 100644
import android.content.pm.ServiceInfo;
import android.graphics.Rect;
import android.metrics.LogMaker;
@@ -214,6 +216,31 @@ final class AutofillManagerServiceImpl
@@ -214,6 +216,31 @@ protected boolean updateLocked(boolean disabled) {
@Override // from PerUserSystemService
protected ServiceInfo newServiceInfoLocked(@NonNull ComponentName serviceComponent)
throws NameNotFoundException {

8
Patches/LineageOS-17.1/android_frameworks_base/394561.patch → Patches/LineageOS-17.1/android_frameworks_base/399081.patch
View File

@ -1,4 +1,4 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From 19820317cc73a78c8141d8e3cbc435bdf1c0f503 Mon Sep 17 00:00:00 2001
From: Hans Boehm <hboehm@google.com>
Date: Tue, 2 Jan 2024 16:53:13 -0800
Subject: [PATCH] Check hidden API exemptions
@ -18,10 +18,10 @@ Change-Id: I83cd60e46407a4a082f9f3c80e937dbd522dbac4
1 file changed, 10 insertions(+)
diff --git a/core/java/android/os/ZygoteProcess.java b/core/java/android/os/ZygoteProcess.java
index 0417a4c8959c..ff4131c2398d 100644
index 0417a4c8959c0..ff4131c2398d8 100644
--- a/core/java/android/os/ZygoteProcess.java
+++ b/core/java/android/os/ZygoteProcess.java
@@ -411,6 +411,8 @@ public class ZygoteProcess {
@@ -411,6 +411,8 @@ private Process.ProcessStartResult zygoteSendArgsAndGetResult(
throw new ZygoteStartFailedEx("Embedded newlines not allowed");
} else if (arg.indexOf('\r') >= 0) {
throw new ZygoteStartFailedEx("Embedded carriage returns not allowed");
@ -30,7 +30,7 @@ index 0417a4c8959c..ff4131c2398d 100644
}
}
@@ -869,6 +871,14 @@ public class ZygoteProcess {
@@ -869,6 +871,14 @@ private boolean maybeSetApiBlacklistExemptions(ZygoteState state, boolean sendIf
return true;
}

37
Patches/LineageOS-17.1/android_frameworks_base/399082.patch Normal file
View File

@ -0,0 +1,37 @@
From a76b0a0c26bc16a98840757e9c999a10101c565a Mon Sep 17 00:00:00 2001
From: Julia Reynolds <juliacr@google.com>
Date: Mon, 13 Apr 2020 11:03:44 -0400
Subject: [PATCH] Add StatusBarNotification::getNormalizedUserId
Required for ASB 2024-06
Cherry-picked from I9b2ae1ecd1cc8b42ab715ee033879f295949a9ba
Change-Id: Ife602cee53c303dd3f841004d8ffc84b38c7677b
---
.../service/notification/StatusBarNotification.java | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/core/java/android/service/notification/StatusBarNotification.java b/core/java/android/service/notification/StatusBarNotification.java
index 905c7811e4573..39395074b9165 100644
--- a/core/java/android/service/notification/StatusBarNotification.java
+++ b/core/java/android/service/notification/StatusBarNotification.java
@@ -273,6 +273,18 @@ public int getUserId() {
return this.user.getIdentifier();
}
+ /**
+ * Like {@link #getUserId()} but handles special users.
+ * @hide
+ */
+ public int getNormalizedUserId() {
+ int userId = getUserId();
+ if (userId == UserHandle.USER_ALL) {
+ userId = UserHandle.USER_SYSTEM;
+ }
+ return userId;
+ }
+
/** The package that the notification belongs to. */
public String getPackageName() {
return pkg;

142
Patches/LineageOS-17.1/android_frameworks_base/399083.patch Normal file
View File

@ -0,0 +1,142 @@
From 74184eec063b205f9131a5a8335c7e2335fcabf8 Mon Sep 17 00:00:00 2001
From: Makoto Onuki <omakoto@google.com>
Date: Wed, 9 Oct 2019 15:33:11 -0700
Subject: [PATCH] Add Context.createContextAsUser()
Without it, apps (mainline modules) will need to use createPackageContext...,
which is a bit painful.
Bug: 142472686
Test: atest android.content.cts.ContextTest#testCreateContextAsUser
Change-Id: Id640e03862462724df1a4a3101f0b08faafba22f
---
api/system-current.txt | 3 ++-
api/test-current.txt | 3 ++-
core/java/android/app/ContextImpl.java | 9 +++++++++
core/java/android/content/Context.java | 20 ++++++++++++++++++-
core/java/android/content/ContextWrapper.java | 6 ++++++
.../src/android/test/mock/MockContext.java | 6 ++++++
6 files changed, 44 insertions(+), 3 deletions(-)
diff --git a/api/system-current.txt b/api/system-current.txt
index 07689adc67cc3..02e348309fff1 100644
--- a/api/system-current.txt
+++ b/api/system-current.txt
@@ -1346,8 +1346,9 @@ package android.content {
public abstract class Context {
method @RequiresPermission(android.Manifest.permission.INTERACT_ACROSS_USERS) public boolean bindServiceAsUser(@RequiresPermission android.content.Intent, android.content.ServiceConnection, int, android.os.UserHandle);
+ method @NonNull public android.content.Context createContextAsUser(@NonNull android.os.UserHandle);
method public abstract android.content.Context createCredentialProtectedStorageContext();
- method public android.content.Context createPackageContextAsUser(String, int, android.os.UserHandle) throws android.content.pm.PackageManager.NameNotFoundException;
+ method @NonNull public android.content.Context createPackageContextAsUser(@NonNull String, int, @NonNull android.os.UserHandle) throws android.content.pm.PackageManager.NameNotFoundException;
method @Nullable public abstract java.io.File getPreloadsFileCache();
method public abstract boolean isCredentialProtectedStorage();
method public abstract void sendBroadcast(android.content.Intent, @Nullable String, @Nullable android.os.Bundle);
diff --git a/api/test-current.txt b/api/test-current.txt
index d3bea18fb9447..5f53b2a40a49e 100644
--- a/api/test-current.txt
+++ b/api/test-current.txt
@@ -638,7 +638,8 @@ package android.content {
}
public abstract class Context {
- method public android.content.Context createPackageContextAsUser(String, int, android.os.UserHandle) throws android.content.pm.PackageManager.NameNotFoundException;
+ method @NonNull public android.content.Context createContextAsUser(@NonNull android.os.UserHandle);
+ method @NonNull public android.content.Context createPackageContextAsUser(@NonNull String, int, @NonNull android.os.UserHandle) throws android.content.pm.PackageManager.NameNotFoundException;
method public abstract android.view.Display getDisplay();
method public abstract int getDisplayId();
method public android.os.UserHandle getUser();
diff --git a/core/java/android/app/ContextImpl.java b/core/java/android/app/ContextImpl.java
index 41a4fba0434cd..1f3c3a46792a6 100644
--- a/core/java/android/app/ContextImpl.java
+++ b/core/java/android/app/ContextImpl.java
@@ -2200,6 +2200,15 @@ public Context createPackageContextAsUser(String packageName, int flags, UserHan
"Application package " + packageName + " not found");
}
+ @Override
+ public Context createContextAsUser(UserHandle user) {
+ try {
+ return createPackageContextAsUser(getPackageName(), mFlags, user);
+ } catch (NameNotFoundException e) {
+ throw new IllegalStateException("Own package not found: package=" + getPackageName());
+ }
+ }
+
@Override
public Context createContextForSplit(String splitName) throws NameNotFoundException {
if (!mPackageInfo.getApplicationInfo().requestsIsolatedSplitLoading()) {
diff --git a/core/java/android/content/Context.java b/core/java/android/content/Context.java
index 6fb10c1c277cb..713287d26f80c 100644
--- a/core/java/android/content/Context.java
+++ b/core/java/android/content/Context.java
@@ -5196,8 +5196,9 @@ public abstract Context createPackageContext(String packageName,
*/
@SystemApi
@TestApi
+ @NonNull
public Context createPackageContextAsUser(
- String packageName, @CreatePackageOptions int flags, UserHandle user)
+ @NonNull String packageName, @CreatePackageOptions int flags, @NonNull UserHandle user)
throws PackageManager.NameNotFoundException {
if (Build.IS_ENG) {
throw new IllegalStateException("createPackageContextAsUser not overridden!");
@@ -5205,6 +5206,23 @@ public Context createPackageContextAsUser(
return this;
}
+ /**
+ * Similar to {@link #createPackageContext(String, int)}, but for the own package with a
+ * different {@link UserHandle}. For example, {@link #getContentResolver()}
+ * will open any {@link Uri} as the given user.
+ *
+ * @hide
+ */
+ @SystemApi
+ @TestApi
+ @NonNull
+ public Context createContextAsUser(@NonNull UserHandle user) {
+ if (Build.IS_ENG) {
+ throw new IllegalStateException("createContextAsUser not overridden!");
+ }
+ return this;
+ }
+
/**
* Creates a context given an {@link android.content.pm.ApplicationInfo}.
*
diff --git a/core/java/android/content/ContextWrapper.java b/core/java/android/content/ContextWrapper.java
index 0859f97e81a10..f7cd51e7ffbca 100644
--- a/core/java/android/content/ContextWrapper.java
+++ b/core/java/android/content/ContextWrapper.java
@@ -883,6 +883,12 @@ public Context createPackageContextAsUser(String packageName, int flags, UserHan
return mBase.createPackageContextAsUser(packageName, flags, user);
}
+ /** @hide */
+ @Override
+ public Context createContextAsUser(UserHandle user) {
+ return mBase.createContextAsUser(user);
+ }
+
/** @hide */
@Override
@UnsupportedAppUsage
diff --git a/test-mock/src/android/test/mock/MockContext.java b/test-mock/src/android/test/mock/MockContext.java
index a95b6f11e98a5..fcd4701c76307 100644
--- a/test-mock/src/android/test/mock/MockContext.java
+++ b/test-mock/src/android/test/mock/MockContext.java
@@ -756,6 +756,12 @@ public Context createPackageContextAsUser(String packageName, int flags, UserHan
throw new UnsupportedOperationException();
}
+ /** {@hide} */
+ @Override
+ public Context createContextAsUser(UserHandle user) {
+ throw new UnsupportedOperationException();
+ }
+
/** {@hide} */
@Override
public int getUserId() {

100
Patches/LineageOS-17.1/android_frameworks_base/399084.patch Normal file
View File

@ -0,0 +1,100 @@
From fdc2deb5be6920d00e8c3fbc84fc0f158a0d3c55 Mon Sep 17 00:00:00 2001
From: Makoto Onuki <omakoto@google.com>
Date: Fri, 11 Oct 2019 20:19:58 -0700
Subject: [PATCH] Explicitly take flags in createContextAsUser()
Bug: 142472686
Test: atest android.content.cts.ContextTest#testCreateContextAsUser
Change-Id: Id2e3d5ffe5887a4916e0872a7e85d62cbb439744
---
api/system-current.txt | 2 +-
api/test-current.txt | 2 +-
core/java/android/app/ContextImpl.java | 4 ++--
core/java/android/content/Context.java | 2 +-
core/java/android/content/ContextWrapper.java | 4 ++--
test-mock/src/android/test/mock/MockContext.java | 2 +-
6 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/api/system-current.txt b/api/system-current.txt
index 02e348309fff1..c08667a02b4b1 100644
--- a/api/system-current.txt
+++ b/api/system-current.txt
@@ -1346,7 +1346,7 @@ package android.content {
public abstract class Context {
method @RequiresPermission(android.Manifest.permission.INTERACT_ACROSS_USERS) public boolean bindServiceAsUser(@RequiresPermission android.content.Intent, android.content.ServiceConnection, int, android.os.UserHandle);
- method @NonNull public android.content.Context createContextAsUser(@NonNull android.os.UserHandle);
+ method @NonNull public android.content.Context createContextAsUser(@NonNull android.os.UserHandle, int);
method public abstract android.content.Context createCredentialProtectedStorageContext();
method @NonNull public android.content.Context createPackageContextAsUser(@NonNull String, int, @NonNull android.os.UserHandle) throws android.content.pm.PackageManager.NameNotFoundException;
method @Nullable public abstract java.io.File getPreloadsFileCache();
diff --git a/api/test-current.txt b/api/test-current.txt
index 5f53b2a40a49e..29c580da327f0 100644
--- a/api/test-current.txt
+++ b/api/test-current.txt
@@ -638,7 +638,7 @@ package android.content {
}
public abstract class Context {
- method @NonNull public android.content.Context createContextAsUser(@NonNull android.os.UserHandle);
+ method @NonNull public android.content.Context createContextAsUser(@NonNull android.os.UserHandle, int);
method @NonNull public android.content.Context createPackageContextAsUser(@NonNull String, int, @NonNull android.os.UserHandle) throws android.content.pm.PackageManager.NameNotFoundException;
method public abstract android.view.Display getDisplay();
method public abstract int getDisplayId();
diff --git a/core/java/android/app/ContextImpl.java b/core/java/android/app/ContextImpl.java
index 1f3c3a46792a6..9c46b23d8df87 100644
--- a/core/java/android/app/ContextImpl.java
+++ b/core/java/android/app/ContextImpl.java
@@ -2201,9 +2201,9 @@ public Context createPackageContextAsUser(String packageName, int flags, UserHan
}
@Override
- public Context createContextAsUser(UserHandle user) {
+ public Context createContextAsUser(UserHandle user, @CreatePackageOptions int flags) {
try {
- return createPackageContextAsUser(getPackageName(), mFlags, user);
+ return createPackageContextAsUser(getPackageName(), flags, user);
} catch (NameNotFoundException e) {
throw new IllegalStateException("Own package not found: package=" + getPackageName());
}
diff --git a/core/java/android/content/Context.java b/core/java/android/content/Context.java
index 713287d26f80c..c161f81835844 100644
--- a/core/java/android/content/Context.java
+++ b/core/java/android/content/Context.java
@@ -5216,7 +5216,7 @@ public Context createPackageContextAsUser(
@SystemApi
@TestApi
@NonNull
- public Context createContextAsUser(@NonNull UserHandle user) {
+ public Context createContextAsUser(@NonNull UserHandle user, @CreatePackageOptions int flags) {
if (Build.IS_ENG) {
throw new IllegalStateException("createContextAsUser not overridden!");
}
diff --git a/core/java/android/content/ContextWrapper.java b/core/java/android/content/ContextWrapper.java
index f7cd51e7ffbca..7993ea192424b 100644
--- a/core/java/android/content/ContextWrapper.java
+++ b/core/java/android/content/ContextWrapper.java
@@ -885,8 +885,8 @@ public Context createPackageContextAsUser(String packageName, int flags, UserHan
/** @hide */
@Override
- public Context createContextAsUser(UserHandle user) {
- return mBase.createContextAsUser(user);
+ public Context createContextAsUser(UserHandle user, @CreatePackageOptions int flags) {
+ return mBase.createContextAsUser(user, flags);
}
/** @hide */
diff --git a/test-mock/src/android/test/mock/MockContext.java b/test-mock/src/android/test/mock/MockContext.java
index fcd4701c76307..5053ceedc7031 100644
--- a/test-mock/src/android/test/mock/MockContext.java
+++ b/test-mock/src/android/test/mock/MockContext.java
@@ -758,7 +758,7 @@ public Context createPackageContextAsUser(String packageName, int flags, UserHan
/** {@hide} */
@Override
- public Context createContextAsUser(UserHandle user) {
+ public Context createContextAsUser(UserHandle user, @CreatePackageOptions int flags) {
throw new UnsupportedOperationException();
}

201
Patches/LineageOS-17.1/android_frameworks_base/399085.patch Normal file
View File

@ -0,0 +1,201 @@
From f0d3e98bb01f4caf292539e98cdf174dacb92444 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C3=ADas=20Hern=C3=A1ndez?= <matiashe@google.com>
Date: Fri, 22 Mar 2024 14:26:23 +0100
Subject: [PATCH] Resolve message/conversation image Uris with the correct user
id
Bug: 317503801
Test: atest ExpandableNotificationRowTest
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:3b913c4237993525d2435a2d1082c6af8997168d)
Merged-In: I11c5b39f2d9d8f0788acab43640a6d4abcd5a179
Change-Id: I11c5b39f2d9d8f0788acab43640a6d4abcd5a179
---
.../row/ExpandableNotificationRow.java | 13 +++++++--
.../row/NotificationInlineImageResolver.java | 8 +++++-
.../systemui/SysuiTestableContext.java | 23 ++++++++++++++++
.../row/ExpandableNotificationRowTest.java | 27 +++++++++++++++++++
4 files changed, 68 insertions(+), 3 deletions(-)
diff --git a/packages/SystemUI/src/com/android/systemui/statusbar/notification/row/ExpandableNotificationRow.java b/packages/SystemUI/src/com/android/systemui/statusbar/notification/row/ExpandableNotificationRow.java
index 37f7802909357..2004db5005a63 100644
--- a/packages/SystemUI/src/com/android/systemui/statusbar/notification/row/ExpandableNotificationRow.java
+++ b/packages/SystemUI/src/com/android/systemui/statusbar/notification/row/ExpandableNotificationRow.java
@@ -44,6 +44,7 @@
import android.os.Build;
import android.os.Bundle;
import android.os.SystemClock;
+import android.os.UserHandle;
import android.service.notification.StatusBarNotification;
import android.util.ArraySet;
import android.util.AttributeSet;
@@ -446,6 +447,8 @@ private void setIconRunning(ImageView imageView, boolean running) {
public void setEntry(@NonNull NotificationEntry entry) {
mEntry = entry;
mStatusBarNotification = entry.notification;
+ mImageResolver = new NotificationInlineImageResolver(userContextForEntry(mContext, entry),
+ new NotificationInlineImageCache());
cacheIsSystemNotification();
}
@@ -1640,8 +1643,6 @@ public ExpandableNotificationRow(Context context, AttributeSet attrs) {
mFalsingManager = Dependency.get(FalsingManager.class); // TODO: inject into a controller.
mNotificationInflater = new NotificationContentInflater(this);
mMenuRow = new NotificationMenuRow(mContext);
- mImageResolver = new NotificationInlineImageResolver(context,
- new NotificationInlineImageCache());
mMediaManager = Dependency.get(NotificationMediaManager.class);
initDimens();
}
@@ -1654,6 +1655,14 @@ public void setStatusBarStateController(StatusBarStateController statusBarStateC
mStatusbarStateController = statusBarStateController;
}
+ private static Context userContextForEntry(Context base, NotificationEntry entry) {
+ if (base.getUserId() == entry.notification.getNormalizedUserId()) {
+ return base;
+ }
+ return base.createContextAsUser(
+ UserHandle.of(entry.notification.getNormalizedUserId()), /* flags= */ 0);
+ }
+
private void initDimens() {
mNotificationMinHeightBeforeN = NotificationUtils.getFontScaledHeight(mContext,
R.dimen.notification_min_height_legacy);
diff --git a/packages/SystemUI/src/com/android/systemui/statusbar/notification/row/NotificationInlineImageResolver.java b/packages/SystemUI/src/com/android/systemui/statusbar/notification/row/NotificationInlineImageResolver.java
index 466be072afdb3..885b28aebc897 100644
--- a/packages/SystemUI/src/com/android/systemui/statusbar/notification/row/NotificationInlineImageResolver.java
+++ b/packages/SystemUI/src/com/android/systemui/statusbar/notification/row/NotificationInlineImageResolver.java
@@ -26,6 +26,7 @@
import android.os.SystemClock;
import android.util.Log;
+import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.widget.ImageResolver;
import com.android.internal.widget.LocalImageResolver;
import com.android.internal.widget.MessagingMessage;
@@ -54,7 +55,7 @@ public class NotificationInlineImageResolver implements ImageResolver {
* @param imageCache The implementation of internal cache.
*/
public NotificationInlineImageResolver(Context context, ImageCache imageCache) {
- mContext = context.getApplicationContext();
+ mContext = context;
mImageCache = imageCache;
if (mImageCache != null) {
@@ -62,6 +63,11 @@ public NotificationInlineImageResolver(Context context, ImageCache imageCache) {
}
}
+ @VisibleForTesting
+ public Context getContext() {
+ return mContext;
+ }
+
/**
* Check if this resolver has its internal cache implementation.
* @return True if has its internal cache, false otherwise.
diff --git a/packages/SystemUI/tests/src/com/android/systemui/SysuiTestableContext.java b/packages/SystemUI/tests/src/com/android/systemui/SysuiTestableContext.java
index f792d7d11e157..6324569411ed3 100644
--- a/packages/SystemUI/tests/src/com/android/systemui/SysuiTestableContext.java
+++ b/packages/SystemUI/tests/src/com/android/systemui/SysuiTestableContext.java
@@ -14,15 +14,20 @@
package com.android.systemui;
+import android.annotation.NonNull;
import android.content.Context;
import android.testing.LeakCheck;
import android.testing.TestableContext;
import android.util.ArrayMap;
import android.view.Display;
+import java.util.HashMap;
+import java.util.Map;
+
public class SysuiTestableContext extends TestableContext implements SysUiServiceProvider {
private ArrayMap<Class<?>, Object> mComponents;
+ private final Map<UserHandle, Context> mContextForUser = new HashMap<>();
public SysuiTestableContext(Context base) {
super(base);
@@ -59,4 +64,22 @@ public Context createDisplayContext(Display display) {
new SysuiTestableContext(getBaseContext().createDisplayContext(display));
return context;
}
+
+ /**
+ * Sets a Context object that will be returned as the result of {@link #createContextAsUser}
+ * for a specific {@code user}.
+ */
+ public void prepareCreateContextAsUser(UserHandle user, Context context) {
+ mContextForUser.put(user, context);
+ }
+
+ @Override
+ @NonNull
+ public Context createContextAsUser(UserHandle user, int flags) {
+ Context userContext = mContextForUser.get(user);
+ if (userContext != null) {
+ return userContext;
+ }
+ return super.createContextAsUser(user, flags);
+ }
}
diff --git a/packages/SystemUI/tests/src/com/android/systemui/statusbar/notification/row/ExpandableNotificationRowTest.java b/packages/SystemUI/tests/src/com/android/systemui/statusbar/notification/row/ExpandableNotificationRowTest.java
index d526d104630eb..c9b29fe7e4903 100644
--- a/packages/SystemUI/tests/src/com/android/systemui/statusbar/notification/row/ExpandableNotificationRowTest.java
+++ b/packages/SystemUI/tests/src/com/android/systemui/statusbar/notification/row/ExpandableNotificationRowTest.java
@@ -21,6 +21,10 @@
import static com.android.systemui.statusbar.notification.row.NotificationContentInflater.FLAG_CONTENT_VIEW_ALL;
import static com.android.systemui.statusbar.notification.row.NotificationContentInflater.FLAG_CONTENT_VIEW_HEADS_UP;
import static com.android.systemui.statusbar.notification.row.NotificationContentInflater.FLAG_CONTENT_VIEW_PUBLIC;
+import static com.android.systemui.statusbar.notification.row.NotificationTestHelper.PKG;
+import static com.android.systemui.statusbar.notification.row.NotificationTestHelper.USER_HANDLE;
+
+import static com.google.common.truth.Truth.assertThat;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
@@ -38,6 +42,8 @@
import android.app.AppOpsManager;
import android.app.NotificationChannel;
+import android.content.Context;
+import android.os.UserHandle;
import android.testing.AndroidTestingRunner;
import android.testing.TestableLooper;
import android.testing.TestableLooper.RunWithLooper;
@@ -48,6 +54,7 @@
import androidx.test.filters.SmallTest;
import com.android.systemui.SysuiTestCase;
+import com.android.systemui.SysuiTestableContext;
import com.android.systemui.plugins.statusbar.NotificationMenuRowPlugin;
import com.android.systemui.plugins.statusbar.StatusBarStateController;
import com.android.systemui.statusbar.NotificationTestHelper;
@@ -377,4 +384,24 @@ public void testGetIsNonblockable_criticalDeviceFunction() throws Exception {
assertTrue(row.getIsNonblockable());
}
+
+ @Test
+ public void imageResolver_sameNotificationUser_usesContext() throws Exception {
+ ExpandableNotificationRow row = mNotificationTestHelper.createRow(PKG,
+ USER_HANDLE.getUid(1234), USER_HANDLE);
+
+ assertThat(row.getImageResolver().getContext()).isSameInstanceAs(mContext);
+ }
+
+ @Test
+ public void imageResolver_differentNotificationUser_createsUserContext() throws Exception {
+ UserHandle user = new UserHandle(33);
+ Context userContext = new SysuiTestableContext(mContext);
+ mContext.prepareCreateContextAsUser(user, userContext);
+
+ ExpandableNotificationRow row = mNotificationTestHelper.createRow(PKG,
+ user.getUid(1234), user);
+
+ assertThat(row.getImageResolver().getContext()).isSameInstanceAs(userContext);
+ }
}

12
Patches/LineageOS-17.1/android_frameworks_base/394562-backport.patch → Patches/LineageOS-17.1/android_frameworks_base/399086.patch
View File

@ -1,8 +1,8 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From 7b923d459cadbe1ab11cfd1b552d9bf9725f0506 Mon Sep 17 00:00:00 2001
From: Ameer Armaly <aarmaly@google.com>
Date: Fri, 8 Mar 2024 19:41:06 +0000
Subject: [PATCH] AccessibilityManagerService: remove uninstalled services from
enabled list after service update.
Subject: [PATCH] [RESTRICT AUTOMERGE] AccessibilityManagerService: remove
uninstalled services from enabled list after service update.
Bug: 326485767
Test: atest AccessibilityEndToEndTest#testUpdateServiceWithoutIntent_disablesService
@ -14,10 +14,10 @@ Change-Id: I5e59296fcad68e62b34c74ee5fd80b6ad6b46fa1
1 file changed, 22 insertions(+)
diff --git a/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java b/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java
index 194c90e125f9..dbc9d42a4adc 100644
index 194c90e125f95..dbc9d42a4adc7 100644
--- a/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java
+++ b/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java
@@ -1623,10 +1623,13 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub
@@ -1623,10 +1623,13 @@ private void updateServicesLocked(UserState userState) {
boolean isUnlockingOrUnlocked = LocalServices.getService(UserManagerInternal.class)
.isUserUnlockingOrUnlocked(userState.mUserId);
@ -31,7 +31,7 @@ index 194c90e125f9..dbc9d42a4adc 100644
AccessibilityServiceConnection service = componentNameToServiceMap.get(componentName);
@@ -1673,6 +1676,25 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub
@@ -1673,6 +1676,25 @@ private void updateServicesLocked(UserState userState) {
if (audioManager != null) {
audioManager.setAccessibilityServiceUids(mTempIntArray);
}

6
Patches/LineageOS-17.1/android_frameworks_base/397542.patch → Patches/LineageOS-17.1/android_frameworks_base/399088.patch
View File

@ -1,7 +1,7 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From 1e4f397dc110954bdc6baffff51f72cbaad0c142 Mon Sep 17 00:00:00 2001
From: Martijn Coenen <maco@google.com>
Date: Thu, 29 Feb 2024 12:03:05 +0000
Subject: [PATCH] Verify UID of incoming Zygote connections.
Subject: [PATCH] [BACKPORT] Verify UID of incoming Zygote connections.
Only the system UID should be allowed to connect to the Zygote. While
for generic Zygotes this is also covered by SELinux policy, this is not
@ -33,7 +33,7 @@ Change-Id: I3f85a17107849e2cd3e82d6ef15c90b9e2f26532
1 file changed, 3 insertions(+)
diff --git a/core/java/com/android/internal/os/ZygoteConnection.java b/core/java/com/android/internal/os/ZygoteConnection.java
index 52d0adba0a05..fe2ff54194fb 100644
index 52d0adba0a057..fe2ff54194fb9 100644
--- a/core/java/com/android/internal/os/ZygoteConnection.java
+++ b/core/java/com/android/internal/os/ZygoteConnection.java
@@ -106,6 +106,9 @@ class ZygoteConnection {

6
Patches/LineageOS-17.1/android_frameworks_base/397543.patch → Patches/LineageOS-17.1/android_frameworks_base/399089.patch
View File

@ -1,4 +1,4 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From fb2b0d4aa1a756807fdd2944137dce30cdd0b57b Mon Sep 17 00:00:00 2001
From: Yi-an Chen <theianchen@google.com>
Date: Tue, 23 Apr 2024 21:53:02 +0000
Subject: [PATCH] Fix security vulnerability of non-dynamic permission removal
@ -23,10 +23,10 @@ Change-Id: Id573b75cdcfce3a1df5731ffb00c4228c513e686
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
index ed551795aad5..b342f443d9ac 100644
index ed551795aad58..b342f443d9acc 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@@ -1011,7 +1011,7 @@ public class PermissionManagerService {
@@ -1011,7 +1011,7 @@ private void removeDynamicPermission(
if (bp == null) {
return;
}

34
Patches/LineageOS-17.1/android_packages_providers_MediaProvider/399090.patch Normal file
View File

@ -0,0 +1,34 @@
From 3ebb06797359a6b2497e843c1e65bf6b4be4bb37 Mon Sep 17 00:00:00 2001
From: Omar Eissa <oeissa@google.com>
Date: Mon, 15 Apr 2024 12:04:56 +0000
Subject: [PATCH] Prevent insertion in other users storage volumes
Don't allow file insertion in other users storage volumes.
This was already handled if DATA was explicitly set in content values,
but was allowed if DATA was generated based on other values like RELATIVE_PATH and DISPLAY_NAME.
Insertion of files in other users storage volumes can be used by malicious apps
to get access to other users files, since the same file would exist in both users MP databases
which would lead to MP falsely assuming that the user has access to this file.
Bug: 294406604
Test: atest MediaProviderTests
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:df39f8486b25473d0bdbeed896ad917e3c793bf9)
Merged-In: Ie219bbdbe28819421040e4c083b65ab47d8ebde6
Change-Id: Ie219bbdbe28819421040e4c083b65ab47d8ebde6
---
src/com/android/providers/media/MediaProvider.java | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/com/android/providers/media/MediaProvider.java b/src/com/android/providers/media/MediaProvider.java
index 0887bd6ae..4cd4452d0 100644
--- a/src/com/android/providers/media/MediaProvider.java
+++ b/src/com/android/providers/media/MediaProvider.java
@@ -2120,6 +2120,7 @@ private static void ensureFileColumns(int match, Uri uri, ContentValues values,
} catch (FileNotFoundException e) {
throw new IllegalArgumentException(e);
}
+ assertFileColumnsSane(match, uri, values);
res = Environment.buildPath(res, relativePath);
try {
if (makeUnique) {

6
Patches/LineageOS-17.1/android_system_bt/397545.patch → Patches/LineageOS-17.1/android_system_bt/399092.patch
View File

@ -1,4 +1,4 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From 44e273a1121b21cde1d53cd9c86bdd813c9d259f Mon Sep 17 00:00:00 2001
From: Brian Delwiche <delwiche@google.com>
Date: Mon, 22 Apr 2024 21:14:56 +0000
Subject: [PATCH] Fix an authentication bypass bug in SMP
@ -20,7 +20,7 @@ Change-Id: I66b1f9a80060f48a604001829db8ea7c96c7b7f8
2 files changed, 13 insertions(+)
diff --git a/stack/smp/smp_act.cc b/stack/smp/smp_act.cc
index c1f143e92..199c5abb3 100644
index c1f143e925e..199c5abb37b 100644
--- a/stack/smp/smp_act.cc
+++ b/stack/smp/smp_act.cc
@@ -284,6 +284,7 @@ void smp_send_pair_rsp(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
@ -50,7 +50,7 @@ index c1f143e92..199c5abb3 100644
STREAM_TO_ARRAY(p_cb->rrand.data(), p, OCTET16_LEN);
}
diff --git a/stack/smp/smp_int.h b/stack/smp/smp_int.h
index 72fdf55a9..e3063c57d 100644
index 72fdf55a963..e3063c57d2f 100644
--- a/stack/smp/smp_int.h
+++ b/stack/smp/smp_int.h
@@ -241,6 +241,7 @@ typedef union {

65
Patches/LineageOS-17.1/android_system_libfmq/399071.patch Normal file
View File

@ -0,0 +1,65 @@
From 5c77ea08c49728abbd5cbadd0b4f473d2fe6fa1b Mon Sep 17 00:00:00 2001
From: Devin Moore <devinmoore@google.com>
Date: Mon, 22 Jan 2024 17:52:16 +0000
Subject: [PATCH] Use the values of the ptrs that we check
Test: fmq_fuzzer
Bug: 321326147
Bug: 321341508
Bug: 321383085
(cherry picked from https://android-review.googlesource.com/q/commit:38963310ad5789b625ca0bca9f9c2c8e24666651)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:af19e0ef034174afd794563552f91303fd9f1529)
Merged-In: I56fe4fe72180e39ecef066353969c1ae9fbcd44e
Change-Id: I56fe4fe72180e39ecef066353969c1ae9fbcd44e
---
include/fmq/MessageQueue.h | 25 ++++++++++++++++++++-----
1 file changed, 20 insertions(+), 5 deletions(-)
diff --git a/include/fmq/MessageQueue.h b/include/fmq/MessageQueue.h
index 7be7151..6cf8f3f 100644
--- a/include/fmq/MessageQueue.h
+++ b/include/fmq/MessageQueue.h
@@ -968,8 +968,16 @@ bool MessageQueue<T, flavor>::readBlocking(T* data, size_t count, int64_t timeOu
}
template <typename T, MQFlavor flavor>
-size_t MessageQueue<T, flavor>::availableToWriteBytes() const {
- return mDesc->getSize() - availableToReadBytes();
+inline size_t MessageQueue<T, flavor>::availableToWriteBytes() const {
+ size_t queueSizeBytes = mDesc->getSize();
+ size_t availableBytes = availableToReadBytes();
+ if (queueSizeBytes < availableBytes) {
+ hardware::details::logError(
+ "The write or read pointer has become corrupted. Reading from the queue is no "
+ "longer possible.");
+ return 0;
+ }
+ return queueSizeBytes - availableBytes;
}
template <typename T, MQFlavor flavor>
@@ -1050,14 +1058,21 @@ bool MessageQueue<T, flavor>::commitWrite(size_t nMessages) {
}
template <typename T, MQFlavor flavor>
-size_t MessageQueue<T, flavor>::availableToReadBytes() const {
+inline size_t MessageQueue<T, flavor>::availableToReadBytes() const {
/*
* This method is invoked by implementations of both read() and write() and
* hence requries a memory_order_acquired load for both mReadPtr and
* mWritePtr.
*/
- return mWritePtr->load(std::memory_order_acquire) -
- mReadPtr->load(std::memory_order_acquire);
+ uint64_t writePtr = mWritePtr->load(std::memory_order_acquire);
+ uint64_t readPtr = mReadPtr->load(std::memory_order_acquire);
+ if (writePtr < readPtr) {
+ hardware::details::logError(
+ "The write or read pointer has become corrupted. Reading from the queue is no "
+ "longer possible.");
+ return 0;
+ }
+ return writePtr - readPtr;
}
template <typename T, MQFlavor flavor>

2
Patches/LineageOS-17.1/android_vendor_qcom_opensource_system_bt/397546.patch → Patches/LineageOS-17.1/android_vendor_qcom_opensource_system_bt/399091.patch
View File

@ -1,4 +1,4 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From 1c72baf0b3f59b8e43e96202e90cb19e2c0a635b Mon Sep 17 00:00:00 2001
From: Brian Delwiche <delwiche@google.com>
Date: Mon, 22 Apr 2024 21:14:56 +0000
Subject: [PATCH] Fix an authentication bypass bug in SMP

39
Scripts/LineageOS-17.1/Patch.sh
View File

@ -95,7 +95,7 @@ applyPatch "$DOS_PATCHES_COMMON/android_build/0001-verity-openssl3.patch"; #Fix
sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
awk -i inplace '!/updatable_apex.mk/' target/product/mainline_system.mk; #Disable APEX
sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
sed -i 's/2023-02-05/2024-07-05/' core/version_defaults.mk; #Bump Security String #x_asb_2024-07
sed -i 's/2023-02-05/2024-07-05/' core/version_defaults.mk; #Bump Security String #Q_asb_2024-07
fi;
if enterAndClear "build/soong"; then
@ -294,19 +294,25 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/392204.patch"; #Q_asb_2024-04 i
applyPatch "$DOS_PATCHES/android_frameworks_base/392205.patch"; #Q_asb_2024-04 Fix security vulnerability that creates user with no restrictions when accountOptions are too long.
applyPatch "$DOS_PATCHES/android_frameworks_base/393587.patch"; #Q_asb_2024-05 Prioritize system toasts
applyPatch "$DOS_PATCHES/android_frameworks_base/393588.patch"; #Q_asb_2024-05 Don't try to show the current toast again while it's showing.
applyPatch "$DOS_PATCHES/android_frameworks_base/394553.patch"; #R_asb_2024-06 ActivityManager#killBackgroundProcesses can kill caller's own app only
applyPatch "$DOS_PATCHES/android_frameworks_base/394554.patch"; #R_asb_2024-06 Fix ActivityManager#killBackgroundProcesses permissions
applyPatch "$DOS_PATCHES/android_frameworks_base/394555-backport.patch"; #R_asb_2024-06 Verify URI permission for channel sound update from NotificationListenerService
applyPatch "$DOS_PATCHES/android_frameworks_base/394556-backport.patch"; #R_asb_2024-06 Check for NLS bind permission when rebinding services
applyPatch "$DOS_PATCHES/android_frameworks_base/399072.patch"; #Q_asb_2024-06 ActivityManager#killBackgroundProcesses can kill caller's own app only
applyPatch "$DOS_PATCHES/android_frameworks_base/399073.patch"; #Q_asb_2024-06 Fix ActivityManager#killBackgroundProcesses permissions
applyPatch "$DOS_PATCHES/android_frameworks_base/399074.patch"; #Q_asb_2024-06 Verify URI permission for channel sound update from NotificationListenerService
applyPatch "$DOS_PATCHES/android_frameworks_base/399075.patch"; #Q_asb_2024-06 Added throttle when reporting shortcut usage
applyPatch "$DOS_PATCHES/android_frameworks_base/399076.patch"; #Q_asb_2024-06 Prevend user spoofing in isRequestPinItemSupported
applyPatch "$DOS_PATCHES/android_frameworks_base/399077.patch"; #Q_asb_2024-06 Check for NLS bind permission when rebinding services
applyPatch "$DOS_PATCHES/android_frameworks_base/394557-backport.patch"; #R_asb_2024-06 Hide window immediately if itself doesn't run hide animation
applyPatch "$DOS_PATCHES/android_frameworks_base/394558-backport.patch"; #R_asb_2024-06 Fix error handling for non-dynamic permissions
applyPatch "$DOS_PATCHES/android_frameworks_base/394559.patch"; #R_asb_2024-06 Add more checkKeyIntent checks to AccountManagerService.
applyPatch "$DOS_PATCHES/android_frameworks_base/394560.patch"; #R_asb_2024-06 Add in check for intent filter when setting/updating service
applyPatch "$DOS_PATCHES/android_frameworks_base/394561.patch"; #R_asb_2024-06 Check hidden API exemptions
applyPatch "$DOS_PATCHES/android_frameworks_base/397542.patch"; #R_asb_2024-07 Verify UID of incoming Zygote connections.
applyPatch "$DOS_PATCHES/android_frameworks_base/397543.patch"; #R_asb_2024-07 Fix security vulnerability of non-dynamic permission removal
applyPatch "$DOS_PATCHES/android_frameworks_base/394562-backport.patch"; #R_asb_2024-06 AccessibilityManagerService: remove uninstalled services from enabled list after service update.
applyPatch "$DOS_PATCHES/android_frameworks_base/399078.patch"; #Q_asb_2024-06 Fix error handling for non-dynamic permissions
applyPatch "$DOS_PATCHES/android_frameworks_base/399079.patch"; #Q_asb_2024-06 Add more checkKeyIntent checks to AccountManagerService.
applyPatch "$DOS_PATCHES/android_frameworks_base/399080.patch"; #Q_asb_2024-06 [Autofill Framework] Add in check for intent filter when setting/updating service
applyPatch "$DOS_PATCHES/android_frameworks_base/399081.patch"; #Q_asb_2024-06 Check hidden API exemptions
applyPatch "$DOS_PATCHES/android_frameworks_base/399082.patch"; #Q_asb_2024-06 Add StatusBarNotification::getNormalizedUserId
applyPatch "$DOS_PATCHES/android_frameworks_base/399083.patch"; #Q_asb_2024-06 Add Context.createContextAsUser()
applyPatch "$DOS_PATCHES/android_frameworks_base/399084.patch"; #Q_asb_2024-06 Explicitly take flags in createContextAsUser()
applyPatch "$DOS_PATCHES/android_frameworks_base/399085.patch"; #Q_asb_2024-06 Resolve message/conversation image Uris with the correct user id
applyPatch "$DOS_PATCHES/android_frameworks_base/399086.patch"; #Q_asb_2024-06 AccessibilityManagerService: remove uninstalled services from enabled list after service update.
applyPatch "$DOS_PATCHES/android_frameworks_base/394882.patch"; #P_asb_2024-06 Check permissions for CDM shell commands
applyPatch "$DOS_PATCHES/android_frameworks_base/399088.patch"; #Q_asb_2024-07 Verify UID of incoming Zygote connections.
applyPatch "$DOS_PATCHES/android_frameworks_base/399089.patch"; #Q_asb_2024-07 Fix security vulnerability of non-dynamic permission removal
#applyPatch "$DOS_PATCHES/android_frameworks_base/272645.patch"; #ten-bt-sbc-hd-dualchannel: Add CHANNEL_MODE_DUAL_CHANNEL constant (ValdikSS)
#applyPatch "$DOS_PATCHES/android_frameworks_base/272646-forwardport.patch"; #ten-bt-sbc-hd-dualchannel: Add Dual Channel into Bluetooth Audio Channel Mode developer options menu (ValdikSS)
#applyPatch "$DOS_PATCHES/android_frameworks_base/272647.patch"; #ten-bt-sbc-hd-dualchannel: Allow SBC as HD audio codec in Bluetooth device configuration (ValdikSS)
@ -570,6 +576,7 @@ if enterAndClear "packages/providers/MediaProvider"; then
applyPatch "$DOS_PATCHES/android_packages_providers_MediaProvider/355362.patch"; #Q_asb_2023-04 Canonicalise path before extracting relative path
applyPatch "$DOS_PATCHES/android_packages_providers_MediaProvider/378137.patch"; #Q_asb_2023-09 Canonicalize file path for insertion by legacy apps
applyPatch "$DOS_PATCHES/android_packages_providers_MediaProvider/378138.patch"; #Q_asb_2023-10 Fix path traversal vulnerabilities in MediaProvider
applyPatch "$DOS_PATCHES/android_packages_providers_MediaProvider/399090.patch"; #Q_asb_2024-07 Prevent insertion in other users storage volumes
fi;
if enterAndClear "packages/providers/TelephonyProvider"; then
@ -629,7 +636,7 @@ applyPatch "$DOS_PATCHES/android_system_bt/383261.patch"; #Q_asb_2024-02 Fix an
applyPatch "$DOS_PATCHES/android_system_bt/391914.patch"; #Q_asb_2024-03 Fix an OOB bug in smp_proc_sec_req
applyPatch "$DOS_PATCHES/android_system_bt/391915.patch"; #Q_asb_2024-03 Reland: Fix an OOB write bug in attp_build_value_cmd
applyPatch "$DOS_PATCHES/android_system_bt/391916.patch"; #Q_asb_2024-03 Fix a security bypass issue in access_secure_service_from_temp_bond
applyPatch "$DOS_PATCHES/android_system_bt/397545.patch"; #R_asb_2024-07 Fix an authentication bypass bug in SMP
applyPatch "$DOS_PATCHES/android_system_bt/399092.patch"; #Q_asb_2024-07 Fix an authentication bypass bug in SMP
applyPatch "$DOS_PATCHES_COMMON/android_system_bt/0001-alloc_size.patch"; #Add alloc_size attributes to the allocator (GrapheneOS)
#applyPatch "$DOS_PATCHES/android_system_bt/272648.patch"; #ten-bt-sbc-hd-dualchannel: Increase maximum Bluetooth SBC codec bitrate for SBC HD (ValdikSS)
#applyPatch "$DOS_PATCHES/android_system_bt/272649.patch"; #ten-bt-sbc-hd-dualchannel: Explicit SBC Dual Channel (SBC HD) support (ValdikSS)
@ -656,6 +663,10 @@ if enterAndClear "system/extras"; then
applyPatch "$DOS_PATCHES/android_system_extras/0001-ext4_pad_filenames.patch"; #FBE: pad filenames more (GrapheneOS)
fi;
if enterAndClear "system/libfmq"; then
applyPatch "$DOS_PATCHES/android_system_libfmq/399071.patch"; #Q_asb_2024-06 Use the values of the ptrs that we check
fi;
if enterAndClear "system/netd"; then
applyPatch "$DOS_PATCHES/android_system_netd/376607.patch"; #Q_asb_2023-11 Fix use-after-free in DNS64 discovery thread
applyPatch "$DOS_PATCHES/android_system_netd/378074.patch"; #Q_asb_2023-12 Fix Heap-use-after-free in MDnsSdListener::Monitor::run
@ -737,7 +748,7 @@ applyPatch "$DOS_PATCHES/android_vendor_qcom_opensource_system_bt/383264.patch";
applyPatch "$DOS_PATCHES/android_vendor_qcom_opensource_system_bt/391917.patch"; #Q_asb_2024-03 Fix an OOB bug in smp_proc_sec_req
applyPatch "$DOS_PATCHES/android_vendor_qcom_opensource_system_bt/391918.patch"; #Q_asb_2024-03 Fix a security bypass issue in access_secure_service_from_temp_bond
applyPatch "$DOS_PATCHES/android_vendor_qcom_opensource_system_bt/391919.patch"; #Q_asb_2024-03 Reland: Fix an OOB write bug in attp_build_value_cmd
applyPatch "$DOS_PATCHES/android_vendor_qcom_opensource_system_bt/397546.patch"; #R_asb_2024-07 Fix an authentication bypass bug in SMP
applyPatch "$DOS_PATCHES/android_vendor_qcom_opensource_system_bt/399091.patch"; #Q_asb_2024-07 Fix an authentication bypass bug in SMP
fi;
if enterAndClear "vendor/lineage"; then