Cherrypick updates

2025-01-11 23:49:34 -05:00 · 2021-06-16 02:41:22 -04:00 · 2021-06-16 02:41:22 -04:00 · d9d564ebd3
commit d9d564ebd3
parent fe1f9ec7c4
3 changed files with 0 additions and 138 deletions
--- a/Patches/LineageOS-18.1/android_packages_apps_LineageParts/311606.patch
+++ b/Patches/LineageOS-18.1/android_packages_apps_LineageParts/311606.patch
@ -1,56 +0,0 @@
-From 61685846ab27c87dd0646478c4d3c5098d584daa Mon Sep 17 00:00:00 2001
-From: Bruno Martins <bgcngm@gmail.com>
-Date: Sun, 6 Jun 2021 14:18:24 +0100
-Subject: [PATCH] profiles: Add FLAG_IMMUTABLE flag for security purposes
-
-Prevent the intent to be altered by a malicious app.
-
-Change-Id: Id5144fb3f11fc98380de0188df0f32330e976398
---
- .../lineageos/lineageparts/profiles/NFCProfileWriter.java    | 5 +++--
- .../lineageparts/profiles/triggers/NfcTriggerFragment.java   | 4 ++--
- 2 files changed, 5 insertions(+), 4 deletions(-)
-
-diff --git a/src/org/lineageos/lineageparts/profiles/NFCProfileWriter.java b/src/org/lineageos/lineageparts/profiles/NFCProfileWriter.java
-index d477d6969..d651e9b5c 100644
--- a/src/org/lineageos/lineageparts/profiles/NFCProfileWriter.java
-+++ b/src/org/lineageos/lineageparts/profiles/NFCProfileWriter.java
-@@ -1,6 +1,6 @@
- /*
-  * Copyright (C) 2012 The CyanogenMod Project
- *               2017-2018 The LineageOS Project
-+ *               2017-2018,2021 The LineageOS Project
-  *
-  * Licensed under the Apache License, Version 2.0 (the "License");
-  * you may not use this file except in compliance with the License.
-@@ -84,7 +84,8 @@ protected void onPause() {
- 
-     private PendingIntent getPendingIntent() {
-         return PendingIntent.getActivity(this, 0,
-                new Intent(this, getClass()).addFlags(Intent.FLAG_ACTIVITY_SINGLE_TOP), 0);
-+                new Intent(this, getClass()).addFlags(Intent.FLAG_ACTIVITY_SINGLE_TOP),
-+                        PendingIntent.FLAG_IMMUTABLE);
-     }
- 
-     private void disableTagWriteMode() {
-diff --git a/src/org/lineageos/lineageparts/profiles/triggers/NfcTriggerFragment.java b/src/org/lineageos/lineageparts/profiles/triggers/NfcTriggerFragment.java
-index adb684c32..aac98393c 100644
--- a/src/org/lineageos/lineageparts/profiles/triggers/NfcTriggerFragment.java
-+++ b/src/org/lineageos/lineageparts/profiles/triggers/NfcTriggerFragment.java
-@@ -1,6 +1,6 @@
- /*
-  * Copyright (C) 2014 The CyanogenMod Project
- *               2017 The LineageOS Project
-+ *               2017,2021 The LineageOS Project
-  *
-  * Licensed under the Apache License, Version 2.0 (the "License");
-  * you may not use this file except in compliance with the License.
-@@ -89,7 +89,7 @@ public void onPause() {
-     private PendingIntent getPendingIntent() {
-         Intent intent = new Intent(getActivity(), getActivity().getClass())
-                 .addFlags(Intent.FLAG_ACTIVITY_SINGLE_TOP);
-        return PendingIntent.getActivity(getActivity(), 0, intent, 0);
-+        return PendingIntent.getActivity(getActivity(), 0, intent, PendingIntent.FLAG_IMMUTABLE);
-     }
- 
-     private void disableTagWriteMode() {
--- a/Patches/LineageOS-18.1/android_packages_apps_Recorder/311607.patch
+++ b/Patches/LineageOS-18.1/android_packages_apps_Recorder/311607.patch
@ -1,78 +0,0 @@
-From 519ce7dd4887a31a9a8dc60ebae589234aab9e1d Mon Sep 17 00:00:00 2001
-From: Bruno Martins <bgcngm@gmail.com>
-Date: Sun, 6 Jun 2021 14:26:57 +0100
-Subject: [PATCH] SoundRecorderService: Flag all pending intents as immutable
-
-Following Google's approach to fix these vulnerabilities,
-require that the PendingIntent be immutable so that a malicious app
-isn't able to hijack and mutate any of the details.
-
-Change-Id: Id1ebbfabb7e6282f371d10d0a9648aa99822cadc
---
- .../service/SoundRecorderService.java         | 21 ++++++++++++-------
- 1 file changed, 13 insertions(+), 8 deletions(-)
-
-diff --git a/app/src/main/java/org/lineageos/recorder/service/SoundRecorderService.java b/app/src/main/java/org/lineageos/recorder/service/SoundRecorderService.java
-index 20bf748d..b28763f9 100644
--- a/app/src/main/java/org/lineageos/recorder/service/SoundRecorderService.java
-+++ b/app/src/main/java/org/lineageos/recorder/service/SoundRecorderService.java
-@@ -13,6 +13,7 @@
-  * See the License for the specific language governing permissions and
-  * limitations under the License.
-  */
-+
- package org.lineageos.recorder.service;
- 
- import android.app.Notification;
-@@ -277,10 +278,11 @@ private Notification createRecordingNotification() {
-         }
- 
-         Intent intent = new Intent(this, RecorderActivity.class);
-        PendingIntent pi = PendingIntent.getActivity(this, 0, intent, 0);
-+        PendingIntent pi = PendingIntent.getActivity(this, 0, intent,
-+                PendingIntent.FLAG_IMMUTABLE);
-         PendingIntent stopPIntent = PendingIntent.getService(this, 0,
-                 new Intent(this, SoundRecorderService.class).setAction(ACTION_STOP),
-                0);
-+                        PendingIntent.FLAG_IMMUTABLE);
- 
-         String duration = DateUtils.formatElapsedTime(mSbRecycle, mElapsedTime.get());
-         NotificationCompat.Builder nb = new NotificationCompat.Builder(this, NOTIFICATION_CHANNEL)
-@@ -293,11 +295,13 @@ private Notification createRecordingNotification() {
- 
-         if (mIsPaused) {
-             PendingIntent resumePIntent = PendingIntent.getService(this, 0,
-                    new Intent(this, SoundRecorderService.class).setAction(ACTION_RESUME), 0);
-+                    new Intent(this, SoundRecorderService.class).setAction(ACTION_RESUME),
-+                            PendingIntent.FLAG_IMMUTABLE);
-             nb.addAction(R.drawable.ic_resume, getString(R.string.resume), resumePIntent);
-         } else {
-             PendingIntent pausePIntent = PendingIntent.getService(this, 0,
-                    new Intent(this, SoundRecorderService.class).setAction(ACTION_PAUSE), 0);
-+                    new Intent(this, SoundRecorderService.class).setAction(ACTION_PAUSE),
-+                            PendingIntent.FLAG_IMMUTABLE);
-             nb.addAction(R.drawable.ic_pause, getString(R.string.pause), pausePIntent);
-         }
-         nb.addAction(R.drawable.ic_stop, getString(R.string.stop), stopPIntent);
-@@ -314,16 +318,17 @@ private void createShareNotification(@Nullable String uri) {
-         String mimeType = mRecorder.getMimeType();
- 
-         Intent intent = new Intent(this, ListActivity.class);
-        PendingIntent pi = PendingIntent.getActivity(this, 0, intent, 0);
-+        PendingIntent pi = PendingIntent.getActivity(this, 0, intent,
-+                PendingIntent.FLAG_IMMUTABLE);
-         PendingIntent playPIntent = PendingIntent.getActivity(this, 0,
-                 LastRecordHelper.getOpenIntent(fileUri, mimeType),
-                PendingIntent.FLAG_CANCEL_CURRENT);
-+                PendingIntent.FLAG_CANCEL_CURRENT | PendingIntent.FLAG_IMMUTABLE);
-         PendingIntent sharePIntent = PendingIntent.getActivity(this, 0,
-                 LastRecordHelper.getShareIntent(fileUri, mimeType),
-                PendingIntent.FLAG_CANCEL_CURRENT);
-+                PendingIntent.FLAG_CANCEL_CURRENT | PendingIntent.FLAG_IMMUTABLE);
-         PendingIntent deletePIntent = PendingIntent.getActivity(this, 0,
-                 LastRecordHelper.getDeleteIntent(this),
-                PendingIntent.FLAG_CANCEL_CURRENT);
-+                PendingIntent.FLAG_CANCEL_CURRENT | PendingIntent.FLAG_IMMUTABLE);
- 
-         String duration = DateUtils.formatElapsedTime(mSbRecycle, mElapsedTime.get());
-         Notification notification = new NotificationCompat.Builder(this, NOTIFICATION_CHANNEL)
--- a/Scripts/LineageOS-18.1/Patch.sh
+++ b/Scripts/LineageOS-18.1/Patch.sh
@ -134,14 +134,10 @@ patch -p1 < "$DOS_PATCHES_COMMON/android_packages_apps_Contacts/0001-No_Google_L
 enterAndClear "packages/apps/LineageParts";
 rm -rf src/org/lineageos/lineageparts/lineagestats/ res/xml/anonymous_stats.xml res/xml/preview_data.xml; #Nuke part of the analytics
 patch -p1 < "$DOS_PATCHES/android_packages_apps_LineageParts/0001-Remove_Analytics.patch"; #Remove analytics
-patch -p1 < "$DOS_PATCHES/android_packages_apps_LineageParts/311606.patch"; #intent security fix

 enterAndClear "packages/apps/PermissionController";
 if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then patch -p1 < "$DOS_PATCHES/android_packages_apps_PermissionController/0001-Signature_Spoofing.patch"; fi; #Allow packages to spoof their signature (microG)

-enterAndClear "packages/apps/Recorder";
-patch -p1 < "$DOS_PATCHES/android_packages_apps_Recorder/311607.patch"; #intent security fix
-
 enterAndClear "packages/apps/Settings";
 sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service
 if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/backup/PrivacySettingsUtils.java; fi; #microG doesn't support Backup, hide the options