mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2025-01-25 23:05:56 -05:00
15.1+16.0: September 2022 ASB picks
16.0 backports thanks to MSe1969 as usual: https://github.com/lin16-microg/android_system_bt/commits/lineage-16.0 - last 3 commits https://github.com/lin16-microg/android_frameworks_base/commits/lineage-16.0 - last 4 commits https://github.com/lin16-microg/android_external_expat/commits/lineage-16.0 - last 4 commits Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
parent
e5eb67f77d
commit
e2b314da3c
29
Patches/LineageOS-15.1/android_external_expat/337987.patch
Normal file
29
Patches/LineageOS-15.1/android_external_expat/337987.patch
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Sadaf Ebrahimi <sadafebrahimi@google.com>
|
||||||
|
Date: Thu, 2 Jun 2022 19:32:22 +0000
|
||||||
|
Subject: [PATCH] Prevent XML_GetBuffer signed integer overflow
|
||||||
|
|
||||||
|
Bug: http://b/221255869
|
||||||
|
Change-Id: I38758fae8c71184f728f95e6073457cdb86bcc29
|
||||||
|
(cherry picked from commit d6a09f1b7fb24dd03dc58e45062ad951a37ff8e3)
|
||||||
|
Merged-In: I38758fae8c71184f728f95e6073457cdb86bcc29
|
||||||
|
---
|
||||||
|
lib/xmlparse.c | 5 +++++
|
||||||
|
1 file changed, 5 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/lib/xmlparse.c b/lib/xmlparse.c
|
||||||
|
index 2f4e7258..91f50034 100644
|
||||||
|
--- a/lib/xmlparse.c
|
||||||
|
+++ b/lib/xmlparse.c
|
||||||
|
@@ -1741,6 +1741,11 @@ XML_GetBuffer(XML_Parser parser, int len)
|
||||||
|
keep = (int)(bufferPtr - buffer);
|
||||||
|
if (keep > XML_CONTEXT_BYTES)
|
||||||
|
keep = XML_CONTEXT_BYTES;
|
||||||
|
+ /* Detect and prevent integer overflow */
|
||||||
|
+ if (keep > INT_MAX - neededSize) {
|
||||||
|
+ parser->m_errorCode = XML_ERROR_NO_MEMORY;
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
neededSize += keep;
|
||||||
|
#endif /* defined XML_CONTEXT_BYTES */
|
||||||
|
if (neededSize <= bufferLim - buffer) {
|
113
Patches/LineageOS-15.1/android_frameworks_base/337990.patch
Normal file
113
Patches/LineageOS-15.1/android_frameworks_base/337990.patch
Normal file
@ -0,0 +1,113 @@
|
|||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Manjeet Rulhania <mrulhania@google.com>
|
||||||
|
Date: Thu, 28 Apr 2022 20:23:58 +0000
|
||||||
|
Subject: [PATCH 1/4] Fix duplicate permission privilege escalation
|
||||||
|
|
||||||
|
Duplicate permissions definition with different group allows
|
||||||
|
privilege permission escalation to a different permission group.
|
||||||
|
|
||||||
|
Android studio and gradle plugin does not allow duplicate
|
||||||
|
permissions with different attributes, these tools only allow
|
||||||
|
if duplicate permissions are exact copies.
|
||||||
|
|
||||||
|
Also platform stores permissions in map at multiple places with
|
||||||
|
permission name as key. This suggests that we can disallow
|
||||||
|
duplicate permissions during package install/update.
|
||||||
|
|
||||||
|
Bug: 213323615
|
||||||
|
Test: manual
|
||||||
|
Change-Id: I6f44e740897305e7a0553c1cf6c3af37faf02a2e
|
||||||
|
Merged-In: I1910dca44104e35a57eba4acfa8188cd9b8626ac
|
||||||
|
Merged-In: I34120fff2ec2a158dfa55779d2afd4bbd49487ff
|
||||||
|
Merged-In: I9bc839836786a0876e67fd73c05f8944bb532249
|
||||||
|
(cherry picked from commit 31bd425bb66b108cdec357a00f4a586379bcd33a)
|
||||||
|
Merged-In: I6f44e740897305e7a0553c1cf6c3af37faf02a2e
|
||||||
|
---
|
||||||
|
.../android/content/pm/PackageParser.java | 53 +++++++++++++++++++
|
||||||
|
1 file changed, 53 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
|
||||||
|
index 8c66fb227cf9..349f021c16ad 100644
|
||||||
|
--- a/core/java/android/content/pm/PackageParser.java
|
||||||
|
+++ b/core/java/android/content/pm/PackageParser.java
|
||||||
|
@@ -80,6 +80,7 @@ import android.util.ArraySet;
|
||||||
|
import android.util.AttributeSet;
|
||||||
|
import android.util.Base64;
|
||||||
|
import android.util.DisplayMetrics;
|
||||||
|
+import android.util.EventLog;
|
||||||
|
import android.util.Log;
|
||||||
|
import android.util.Pair;
|
||||||
|
import android.util.Slog;
|
||||||
|
@@ -121,6 +122,7 @@ import java.util.Collections;
|
||||||
|
import java.util.Comparator;
|
||||||
|
import java.util.Iterator;
|
||||||
|
import java.util.List;
|
||||||
|
+import java.util.Objects;
|
||||||
|
import java.util.Set;
|
||||||
|
import java.util.UUID;
|
||||||
|
import java.util.concurrent.Callable;
|
||||||
|
@@ -2637,6 +2639,12 @@ public class PackageParser {
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if (declareDuplicatePermission(pkg)) {
|
||||||
|
+ outError[0] = "Found duplicate permission with a different attribute value.";
|
||||||
|
+ mParseError = PackageManager.INSTALL_PARSE_FAILED_MANIFEST_MALFORMED;
|
||||||
|
+ return null;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (supportsSmallScreens < 0 || (supportsSmallScreens > 0
|
||||||
|
&& pkg.applicationInfo.targetSdkVersion
|
||||||
|
>= android.os.Build.VERSION_CODES.DONUT)) {
|
||||||
|
@@ -2675,6 +2683,51 @@ public class PackageParser {
|
||||||
|
return pkg;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ /**
|
||||||
|
+ * @return {@code true} if the package declares malformed duplicate permissions.
|
||||||
|
+ */
|
||||||
|
+ public static boolean declareDuplicatePermission(@NonNull Package pkg) {
|
||||||
|
+ final List<Permission> permissions = pkg.permissions;
|
||||||
|
+ final int size = permissions.size();
|
||||||
|
+ if (size > 0) {
|
||||||
|
+ final ArrayMap<String, Permission> checkDuplicatePerm = new ArrayMap<>(size);
|
||||||
|
+ for (int i = 0; i < size; i++) {
|
||||||
|
+ final Permission permissionDefinition = permissions.get(i);
|
||||||
|
+ final String name = permissionDefinition.info.name;
|
||||||
|
+ final Permission perm = checkDuplicatePerm.get(name);
|
||||||
|
+ if (isMalformedDuplicate(permissionDefinition, perm)) {
|
||||||
|
+ // Fix for b/213323615
|
||||||
|
+ EventLog.writeEvent(0x534e4554, "213323615",
|
||||||
|
+ "The package " + pkg.packageName + " seems malicious");
|
||||||
|
+ return true;
|
||||||
|
+ }
|
||||||
|
+ checkDuplicatePerm.put(name, permissionDefinition);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /**
|
||||||
|
+ * Determines if a duplicate permission is malformed .i.e. defines different protection level
|
||||||
|
+ * or group.
|
||||||
|
+ */
|
||||||
|
+ private static boolean isMalformedDuplicate(Permission p1, Permission p2) {
|
||||||
|
+ // Since a permission tree is also added as a permission with normal protection
|
||||||
|
+ // level, we need to skip if the parsedPermission is a permission tree.
|
||||||
|
+ if (p1 == null || p2 == null || p1.tree || p2.tree) {
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (p1.info.getProtection() != p2.info.getProtection()) {
|
||||||
|
+ return true;
|
||||||
|
+ }
|
||||||
|
+ if (!Objects.equals(p1.info.group, p2.info.group)) {
|
||||||
|
+ return true;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
private boolean checkOverlayRequiredSystemProperty(String propName, String propValue) {
|
||||||
|
|
||||||
|
if (TextUtils.isEmpty(propName) || TextUtils.isEmpty(propValue)) {
|
35
Patches/LineageOS-15.1/android_frameworks_base/337991.patch
Normal file
35
Patches/LineageOS-15.1/android_frameworks_base/337991.patch
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Steven Moreland <smoreland@google.com>
|
||||||
|
Date: Wed, 30 Mar 2022 21:46:29 +0000
|
||||||
|
Subject: [PATCH 2/4] Parcel: recycle recycles
|
||||||
|
|
||||||
|
Before, it was like getting a used pan with food stuck on it. We run
|
||||||
|
a clean ship here. You want a Parcel? You get a fresh Parcel. When
|
||||||
|
we recycle a Parcel, we do a real clean-up job. Air freshener. All
|
||||||
|
bits brushed over. These Parcel objects are clean as heck now!
|
||||||
|
|
||||||
|
(specifically cleans mClassCookies)
|
||||||
|
|
||||||
|
Bug: 208279300
|
||||||
|
Test: build
|
||||||
|
Merged-In: I250872f5c6796bb64e2dc68008154c0e90feb218
|
||||||
|
Change-Id: I250872f5c6796bb64e2dc68008154c0e90feb218
|
||||||
|
(cherry picked from commit 46770fa49c9a5e51a5ea5a3afc7aab0dba2e59bd)
|
||||||
|
(cherry picked from commit b5c79e141a81fa86fc834980d46886ac3c86ab11)
|
||||||
|
Merged-In: I250872f5c6796bb64e2dc68008154c0e90feb218
|
||||||
|
---
|
||||||
|
core/java/android/os/Parcel.java | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/core/java/android/os/Parcel.java b/core/java/android/os/Parcel.java
|
||||||
|
index 7da3e1fded30..49c22732470f 100644
|
||||||
|
--- a/core/java/android/os/Parcel.java
|
||||||
|
+++ b/core/java/android/os/Parcel.java
|
||||||
|
@@ -393,6 +393,7 @@ public final class Parcel {
|
||||||
|
*/
|
||||||
|
public final void recycle() {
|
||||||
|
if (DEBUG_RECYCLE) mStack = null;
|
||||||
|
+ mClassCookies = null;
|
||||||
|
freeBuffer();
|
||||||
|
|
||||||
|
final Parcel[] pool;
|
@ -0,0 +1,41 @@
|
|||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Adrian Roos <roosa@google.com>
|
||||||
|
Date: Thu, 24 Sep 2020 15:30:46 +0200
|
||||||
|
Subject: [PATCH 3/4] IMMS: Make IMMS PendingIntents immutable
|
||||||
|
|
||||||
|
Fixes: 154913391
|
||||||
|
Test: n/a
|
||||||
|
Change-Id: I34a95732ef3e7c20d6549b57230c11f0c3db04d6
|
||||||
|
Merged-In: I34a95732ef3e7c20d6549b57230c11f0c3db04d6
|
||||||
|
(cherry picked from commit d4b625994f7664666ac7b53bf6a7d79a6459b3f1)
|
||||||
|
(cherry picked from commit 6842f03c9d2f128785df5ce2bd02c61f35226554)
|
||||||
|
(cherry picked from commit 2b859826165bddb11f17b217d097253c442f6045)
|
||||||
|
Merged-In: I34a95732ef3e7c20d6549b57230c11f0c3db04d6
|
||||||
|
---
|
||||||
|
.../java/com/android/server/InputMethodManagerService.java | 6 ++++--
|
||||||
|
1 file changed, 4 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/services/core/java/com/android/server/InputMethodManagerService.java b/services/core/java/com/android/server/InputMethodManagerService.java
|
||||||
|
index d177e596cb04..f6c62addbaa4 100644
|
||||||
|
--- a/services/core/java/com/android/server/InputMethodManagerService.java
|
||||||
|
+++ b/services/core/java/com/android/server/InputMethodManagerService.java
|
||||||
|
@@ -1339,7 +1339,8 @@ public class InputMethodManagerService extends IInputMethodManager.Stub
|
||||||
|
|
||||||
|
Intent intent = new Intent(ACTION_SHOW_INPUT_METHOD_PICKER)
|
||||||
|
.setPackage(mContext.getPackageName());
|
||||||
|
- mImeSwitchPendingIntent = PendingIntent.getBroadcast(mContext, 0, intent, 0);
|
||||||
|
+ mImeSwitchPendingIntent = PendingIntent.getBroadcast(mContext, 0, intent,
|
||||||
|
+ PendingIntent.FLAG_IMMUTABLE);
|
||||||
|
|
||||||
|
mShowOngoingImeSwitcherForPhones = false;
|
||||||
|
|
||||||
|
@@ -1892,7 +1893,8 @@ public class InputMethodManagerService extends IInputMethodManager.Stub
|
||||||
|
mCurIntent.putExtra(Intent.EXTRA_CLIENT_LABEL,
|
||||||
|
com.android.internal.R.string.input_method_binding_label);
|
||||||
|
mCurIntent.putExtra(Intent.EXTRA_CLIENT_INTENT, PendingIntent.getActivity(
|
||||||
|
- mContext, 0, new Intent(Settings.ACTION_INPUT_METHOD_SETTINGS), 0));
|
||||||
|
+ mContext, 0, new Intent(Settings.ACTION_INPUT_METHOD_SETTINGS),
|
||||||
|
+ PendingIntent.FLAG_IMMUTABLE));
|
||||||
|
if (bindCurrentInputMethodService(mCurIntent, this, IME_CONNECTION_BIND_FLAGS)) {
|
||||||
|
mLastBindTime = SystemClock.uptimeMillis();
|
||||||
|
mHaveConnection = true;
|
31
Patches/LineageOS-15.1/android_frameworks_base/337993.patch
Normal file
31
Patches/LineageOS-15.1/android_frameworks_base/337993.patch
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Manjeet Rulhania <mrulhania@google.com>
|
||||||
|
Date: Thu, 30 Jun 2022 18:52:50 +0000
|
||||||
|
Subject: [PATCH 4/4] Remove package name from SafetyNet logs
|
||||||
|
|
||||||
|
Bug: 213323615
|
||||||
|
Test: AppSecurityTests
|
||||||
|
Change-Id: Ia2be2b1e32dc0b75c352bc15219f4c4de9abb45a
|
||||||
|
Merged-In: I993832e148636f1795ffe393c6dc74a08b9442f8
|
||||||
|
Merged-In: I8f823487ca16861a35135cfc3383fa2ce8258017
|
||||||
|
Merged-In: I4b61d13256ce0bfb8fc9d21db52ee78ce2097f14
|
||||||
|
(cherry picked from commit 50d343c656921ba9c730c68b7a41de6b15f57f03)
|
||||||
|
Merged-In: Ia2be2b1e32dc0b75c352bc15219f4c4de9abb45a
|
||||||
|
---
|
||||||
|
core/java/android/content/pm/PackageParser.java | 3 +--
|
||||||
|
1 file changed, 1 insertion(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
|
||||||
|
index 349f021c16ad..118e5c9e6535 100644
|
||||||
|
--- a/core/java/android/content/pm/PackageParser.java
|
||||||
|
+++ b/core/java/android/content/pm/PackageParser.java
|
||||||
|
@@ -2697,8 +2697,7 @@ public class PackageParser {
|
||||||
|
final Permission perm = checkDuplicatePerm.get(name);
|
||||||
|
if (isMalformedDuplicate(permissionDefinition, perm)) {
|
||||||
|
// Fix for b/213323615
|
||||||
|
- EventLog.writeEvent(0x534e4554, "213323615",
|
||||||
|
- "The package " + pkg.packageName + " seems malicious");
|
||||||
|
+ EventLog.writeEvent(0x534e4554, "213323615");
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
checkDuplicatePerm.put(name, permissionDefinition);
|
115
Patches/LineageOS-15.1/android_system_bt/337995-backport.patch
Normal file
115
Patches/LineageOS-15.1/android_system_bt/337995-backport.patch
Normal file
@ -0,0 +1,115 @@
|
|||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Chienyuan <chienyuanhuang@google.com>
|
||||||
|
Date: Tue, 12 Feb 2019 16:01:00 +0800
|
||||||
|
Subject: [PATCH] Fix OOB in bnep_is_packet_allowed
|
||||||
|
|
||||||
|
Bug: 112050983
|
||||||
|
Test: PoC
|
||||||
|
Change-Id: I5d331f46cdba86c8e61de206a2ede1d2b348d7e4
|
||||||
|
(cherry picked from commit 230f252b8a1a1073ec1a4081545b2ff62393d16d)
|
||||||
|
CRs-Fixed: 3155069
|
||||||
|
---
|
||||||
|
stack/bnep/bnep_api.cc | 13 +++++++++++--
|
||||||
|
stack/bnep/bnep_int.h | 4 ++--
|
||||||
|
stack/bnep/bnep_utils.cc | 12 +++++++++++-
|
||||||
|
3 files changed, 24 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/stack/bnep/bnep_api.cc b/stack/bnep/bnep_api.cc
|
||||||
|
index 4d1c2d99e..817507320 100644
|
||||||
|
--- a/stack/bnep/bnep_api.cc
|
||||||
|
+++ b/stack/bnep/bnep_api.cc
|
||||||
|
@@ -360,7 +360,7 @@ tBNEP_RESULT BNEP_WriteBuf(uint16_t handle, const RawAddress& p_dest_addr,
|
||||||
|
/* Check if the packet should be filtered out */
|
||||||
|
p_data = (uint8_t*)(p_buf + 1) + p_buf->offset;
|
||||||
|
if (bnep_is_packet_allowed(p_bcb, p_dest_addr, protocol, fw_ext_present,
|
||||||
|
- p_data) != BNEP_SUCCESS) {
|
||||||
|
+ p_data, p_buf->len) != BNEP_SUCCESS) {
|
||||||
|
/*
|
||||||
|
** If packet is filtered and ext headers are present
|
||||||
|
** drop the data and forward the ext headers
|
||||||
|
@@ -372,6 +372,11 @@ tBNEP_RESULT BNEP_WriteBuf(uint16_t handle, const RawAddress& p_dest_addr,
|
||||||
|
org_len = p_buf->len;
|
||||||
|
new_len = 0;
|
||||||
|
do {
|
||||||
|
+ if ((new_len + 2) > org_len) {
|
||||||
|
+ osi_free(p_buf);
|
||||||
|
+ return BNEP_IGNORE_CMD;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
ext = *p_data++;
|
||||||
|
length = *p_data++;
|
||||||
|
p_data += length;
|
||||||
|
@@ -466,7 +471,7 @@ tBNEP_RESULT BNEP_Write(uint16_t handle, const RawAddress& p_dest_addr,
|
||||||
|
|
||||||
|
/* Check if the packet should be filtered out */
|
||||||
|
if (bnep_is_packet_allowed(p_bcb, p_dest_addr, protocol, fw_ext_present,
|
||||||
|
- p_data) != BNEP_SUCCESS) {
|
||||||
|
+ p_data, len) != BNEP_SUCCESS) {
|
||||||
|
/*
|
||||||
|
** If packet is filtered and ext headers are present
|
||||||
|
** drop the data and forward the ext headers
|
||||||
|
@@ -479,6 +484,10 @@ tBNEP_RESULT BNEP_Write(uint16_t handle, const RawAddress& p_dest_addr,
|
||||||
|
new_len = 0;
|
||||||
|
p = p_data;
|
||||||
|
do {
|
||||||
|
+ if ((new_len + 2) > org_len) {
|
||||||
|
+ return BNEP_IGNORE_CMD;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
ext = *p_data++;
|
||||||
|
length = *p_data++;
|
||||||
|
p_data += length;
|
||||||
|
diff --git a/stack/bnep/bnep_int.h b/stack/bnep/bnep_int.h
|
||||||
|
index e25e7f822..1abb3340f 100644
|
||||||
|
--- a/stack/bnep/bnep_int.h
|
||||||
|
+++ b/stack/bnep/bnep_int.h
|
||||||
|
@@ -229,8 +229,8 @@ extern void bnep_sec_check_complete(const RawAddress* bd_addr,
|
||||||
|
extern tBNEP_RESULT bnep_is_packet_allowed(tBNEP_CONN* p_bcb,
|
||||||
|
const RawAddress& p_dest_addr,
|
||||||
|
uint16_t protocol,
|
||||||
|
- bool fw_ext_present,
|
||||||
|
- uint8_t* p_data);
|
||||||
|
+ bool fw_ext_present, uint8_t* p_data,
|
||||||
|
+ uint16_t org_len);
|
||||||
|
extern uint32_t bnep_get_uuid32(tBT_UUID* src_uuid);
|
||||||
|
|
||||||
|
#endif
|
||||||
|
diff --git a/stack/bnep/bnep_utils.cc b/stack/bnep/bnep_utils.cc
|
||||||
|
index 3bab9eebd..76065dfe5 100644
|
||||||
|
--- a/stack/bnep/bnep_utils.cc
|
||||||
|
+++ b/stack/bnep/bnep_utils.cc
|
||||||
|
@@ -1253,23 +1253,33 @@ void bnep_sec_check_complete(UNUSED_ATTR const RawAddress* bd_addr,
|
||||||
|
tBNEP_RESULT bnep_is_packet_allowed(tBNEP_CONN* p_bcb,
|
||||||
|
const RawAddress& p_dest_addr,
|
||||||
|
uint16_t protocol, bool fw_ext_present,
|
||||||
|
- uint8_t* p_data) {
|
||||||
|
+ uint8_t* p_data, uint16_t org_len) {
|
||||||
|
if (p_bcb->rcvd_num_filters) {
|
||||||
|
uint16_t i, proto;
|
||||||
|
|
||||||
|
/* Findout the actual protocol to check for the filtering */
|
||||||
|
proto = protocol;
|
||||||
|
if (proto == BNEP_802_1_P_PROTOCOL) {
|
||||||
|
+ uint16_t new_len = 0;
|
||||||
|
if (fw_ext_present) {
|
||||||
|
uint8_t len, ext;
|
||||||
|
/* parse the extension headers and findout actual protocol */
|
||||||
|
do {
|
||||||
|
+ if ((new_len + 2) > org_len) {
|
||||||
|
+ return BNEP_IGNORE_CMD;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
ext = *p_data++;
|
||||||
|
len = *p_data++;
|
||||||
|
p_data += len;
|
||||||
|
|
||||||
|
+ new_len += (len + 2);
|
||||||
|
+
|
||||||
|
} while (ext & 0x80);
|
||||||
|
}
|
||||||
|
+ if ((new_len + 4) > org_len) {
|
||||||
|
+ return BNEP_IGNORE_CMD;
|
||||||
|
+ }
|
||||||
|
p_data += 2;
|
||||||
|
BE_STREAM_TO_UINT16(proto, p_data);
|
||||||
|
}
|
50
Patches/LineageOS-15.1/android_system_bt/337996.patch
Normal file
50
Patches/LineageOS-15.1/android_system_bt/337996.patch
Normal file
@ -0,0 +1,50 @@
|
|||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Chienyuan <chienyuanhuang@google.com>
|
||||||
|
Date: Wed, 30 Jan 2019 19:17:03 +0800
|
||||||
|
Subject: [PATCH 1/2] Fix OOB in BNEP_Write
|
||||||
|
|
||||||
|
Bug: 112050583
|
||||||
|
Test: PoC
|
||||||
|
Change-Id: I2ad3aceea38950b83f98819ede47538afb053ac0
|
||||||
|
(cherry picked from commit b31554e2a31534888c0eb593d915f735ce4670c7)
|
||||||
|
CRs-Fixed: 3155069
|
||||||
|
---
|
||||||
|
stack/bnep/bnep_api.cc | 13 +++++++++++--
|
||||||
|
1 file changed, 11 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/stack/bnep/bnep_api.cc b/stack/bnep/bnep_api.cc
|
||||||
|
index e5d3c0948..4d1c2d99e 100644
|
||||||
|
--- a/stack/bnep/bnep_api.cc
|
||||||
|
+++ b/stack/bnep/bnep_api.cc
|
||||||
|
@@ -346,10 +346,15 @@ tBNEP_RESULT BNEP_WriteBuf(uint16_t handle, const RawAddress& p_dest_addr,
|
||||||
|
p_bcb = &(bnep_cb.bcb[handle - 1]);
|
||||||
|
/* Check MTU size */
|
||||||
|
if (p_buf->len > BNEP_MTU_SIZE) {
|
||||||
|
- BNEP_TRACE_ERROR("BNEP_Write() length %d exceeded MTU %d", p_buf->len,
|
||||||
|
+ BNEP_TRACE_ERROR("%s length %d exceeded MTU %d", __func__, p_buf->len,
|
||||||
|
BNEP_MTU_SIZE);
|
||||||
|
osi_free(p_buf);
|
||||||
|
return (BNEP_MTU_EXCEDED);
|
||||||
|
+ } else if (p_buf->len < 2) {
|
||||||
|
+ BNEP_TRACE_ERROR("%s length %d too short, must be at least 2", __func__,
|
||||||
|
+ p_buf->len);
|
||||||
|
+ osi_free(p_buf);
|
||||||
|
+ return BNEP_IGNORE_CMD;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Check if the packet should be filtered out */
|
||||||
|
@@ -446,9 +451,13 @@ tBNEP_RESULT BNEP_Write(uint16_t handle, const RawAddress& p_dest_addr,
|
||||||
|
|
||||||
|
/* Check MTU size. Consider the possibility of having extension headers */
|
||||||
|
if (len > BNEP_MTU_SIZE) {
|
||||||
|
- BNEP_TRACE_ERROR("BNEP_Write() length %d exceeded MTU %d", len,
|
||||||
|
+ BNEP_TRACE_ERROR("%s length %d exceeded MTU %d", __func__, len,
|
||||||
|
BNEP_MTU_SIZE);
|
||||||
|
return (BNEP_MTU_EXCEDED);
|
||||||
|
+ } else if (len < 2) {
|
||||||
|
+ BNEP_TRACE_ERROR("%s length %d too short, must be at least 2", __func__,
|
||||||
|
+ len);
|
||||||
|
+ return BNEP_IGNORE_CMD;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ((!handle) || (handle > BNEP_MAX_CONNECTIONS)) return (BNEP_WRONG_HANDLE);
|
40
Patches/LineageOS-15.1/android_system_bt/337997.patch
Normal file
40
Patches/LineageOS-15.1/android_system_bt/337997.patch
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Venkata Jagadeesh Garaga <quic_vgaraga@quicinc.com>
|
||||||
|
Date: Tue, 22 Mar 2022 13:35:43 +0530
|
||||||
|
Subject: [PATCH 2/2] Fix OOB in reassemble_and_dispatch
|
||||||
|
|
||||||
|
Fix OOB while reading L2cap length in HCI pkt
|
||||||
|
|
||||||
|
Change-Id: I7f32b171e8c68b9724f95fcf2327959539e2d0d5
|
||||||
|
CRs-Fixed: 3155132
|
||||||
|
---
|
||||||
|
hci/src/packet_fragmenter.cc | 5 +++--
|
||||||
|
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/hci/src/packet_fragmenter.cc b/hci/src/packet_fragmenter.cc
|
||||||
|
index 4c8906e38..eeaf52b30 100644
|
||||||
|
--- a/hci/src/packet_fragmenter.cc
|
||||||
|
+++ b/hci/src/packet_fragmenter.cc
|
||||||
|
@@ -123,12 +123,10 @@ static void reassemble_and_dispatch(UNUSED_ATTR BT_HDR* packet) {
|
||||||
|
if ((packet->event & MSG_EVT_MASK) == MSG_HC_TO_STACK_HCI_ACL) {
|
||||||
|
uint8_t* stream = packet->data;
|
||||||
|
uint16_t handle;
|
||||||
|
- uint16_t l2cap_length;
|
||||||
|
uint16_t acl_length;
|
||||||
|
|
||||||
|
STREAM_TO_UINT16(handle, stream);
|
||||||
|
STREAM_TO_UINT16(acl_length, stream);
|
||||||
|
- STREAM_TO_UINT16(l2cap_length, stream);
|
||||||
|
|
||||||
|
CHECK(acl_length == packet->len - HCI_ACL_PREAMBLE_SIZE);
|
||||||
|
|
||||||
|
@@ -163,6 +161,9 @@ static void reassemble_and_dispatch(UNUSED_ATTR BT_HDR* packet) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ uint16_t l2cap_length;
|
||||||
|
+ STREAM_TO_UINT16(l2cap_length, stream);
|
||||||
|
+
|
||||||
|
uint16_t full_length =
|
||||||
|
l2cap_length + L2CAP_HEADER_SIZE + HCI_ACL_PREAMBLE_SIZE;
|
||||||
|
|
@ -0,0 +1,41 @@
|
|||||||
|
From 3a1887eb6147d7e51a79c387aaed38c08056c789 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Adrian Roos <roosa@google.com>
|
||||||
|
Date: Thu, 24 Sep 2020 15:30:46 +0200
|
||||||
|
Subject: [PATCH] IMMS: Make IMMS PendingIntents immutable
|
||||||
|
|
||||||
|
Fixes: 154913391
|
||||||
|
Test: n/a
|
||||||
|
Change-Id: I34a95732ef3e7c20d6549b57230c11f0c3db04d6
|
||||||
|
Merged-In: I34a95732ef3e7c20d6549b57230c11f0c3db04d6
|
||||||
|
(cherry picked from commit d4b625994f7664666ac7b53bf6a7d79a6459b3f1)
|
||||||
|
(cherry picked from commit 6842f03c9d2f128785df5ce2bd02c61f35226554)
|
||||||
|
(cherry picked from commit 2b859826165bddb11f17b217d097253c442f6045)
|
||||||
|
Merged-In: I34a95732ef3e7c20d6549b57230c11f0c3db04d6
|
||||||
|
---
|
||||||
|
.../java/com/android/server/InputMethodManagerService.java | 6 ++++--
|
||||||
|
1 file changed, 4 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/services/core/java/com/android/server/InputMethodManagerService.java b/services/core/java/com/android/server/InputMethodManagerService.java
|
||||||
|
index 412b314aefbf..e728b0aa92e8 100644
|
||||||
|
--- a/services/core/java/com/android/server/InputMethodManagerService.java
|
||||||
|
+++ b/services/core/java/com/android/server/InputMethodManagerService.java
|
||||||
|
@@ -1402,7 +1402,8 @@ public void executeMessage(Message msg) {
|
||||||
|
|
||||||
|
Intent intent = new Intent(ACTION_SHOW_INPUT_METHOD_PICKER)
|
||||||
|
.setPackage(mContext.getPackageName());
|
||||||
|
- mImeSwitchPendingIntent = PendingIntent.getBroadcast(mContext, 0, intent, 0);
|
||||||
|
+ mImeSwitchPendingIntent = PendingIntent.getBroadcast(mContext, 0, intent,
|
||||||
|
+ PendingIntent.FLAG_IMMUTABLE);
|
||||||
|
|
||||||
|
mShowOngoingImeSwitcherForPhones = false;
|
||||||
|
|
||||||
|
@@ -2003,7 +2004,8 @@ InputBindResult startInputInnerLocked() {
|
||||||
|
mCurIntent.putExtra(Intent.EXTRA_CLIENT_LABEL,
|
||||||
|
com.android.internal.R.string.input_method_binding_label);
|
||||||
|
mCurIntent.putExtra(Intent.EXTRA_CLIENT_INTENT, PendingIntent.getActivity(
|
||||||
|
- mContext, 0, new Intent(Settings.ACTION_INPUT_METHOD_SETTINGS), 0));
|
||||||
|
+ mContext, 0, new Intent(Settings.ACTION_INPUT_METHOD_SETTINGS),
|
||||||
|
+ PendingIntent.FLAG_IMMUTABLE));
|
||||||
|
if (bindCurrentInputMethodServiceLocked(mCurIntent, this, IME_CONNECTION_BIND_FLAGS)) {
|
||||||
|
mLastBindTime = SystemClock.uptimeMillis();
|
||||||
|
mHaveConnection = true;
|
@ -34,10 +34,10 @@ index b99634c11742..d74627f45dbd 100644
|
|||||||
field public static final String SENSORS = "android.permission-group.SENSORS";
|
field public static final String SENSORS = "android.permission-group.SENSORS";
|
||||||
field public static final String SMS = "android.permission-group.SMS";
|
field public static final String SMS = "android.permission-group.SMS";
|
||||||
diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
|
diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
|
||||||
index 861b0d922d32..e9a0696ebaff 100644
|
index 7f728febe5d9..f9f3ead23fb8 100644
|
||||||
--- a/core/java/android/content/pm/PackageParser.java
|
--- a/core/java/android/content/pm/PackageParser.java
|
||||||
+++ b/core/java/android/content/pm/PackageParser.java
|
+++ b/core/java/android/content/pm/PackageParser.java
|
||||||
@@ -286,6 +286,8 @@ public class PackageParser {
|
@@ -288,6 +288,8 @@ public class PackageParser {
|
||||||
@UnsupportedAppUsage
|
@UnsupportedAppUsage
|
||||||
public static final PackageParser.NewPermissionInfo NEW_PERMISSIONS[] =
|
public static final PackageParser.NewPermissionInfo NEW_PERMISSIONS[] =
|
||||||
new PackageParser.NewPermissionInfo[] {
|
new PackageParser.NewPermissionInfo[] {
|
||||||
|
@ -74,7 +74,7 @@ applyPatch "$DOS_PATCHES/android_build/0002-Enable_fwrapv.patch"; #Use -fwrapv a
|
|||||||
sed -i '57i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
|
sed -i '57i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
|
||||||
if [ "$DOS_SILENCE_INCLUDED" = true ]; then sed -i 's/messaging/Silence/' target/product/aosp_base_telephony.mk target/product/treble_common.mk; fi; #Replace the Messaging app with Silence
|
if [ "$DOS_SILENCE_INCLUDED" = true ]; then sed -i 's/messaging/Silence/' target/product/aosp_base_telephony.mk target/product/treble_common.mk; fi; #Replace the Messaging app with Silence
|
||||||
awk -i inplace '!/Email/' target/product/core.mk; #Remove Email
|
awk -i inplace '!/Email/' target/product/core.mk; #Remove Email
|
||||||
sed -i 's/2021-10-05/2022-08-05/' core/version_defaults.mk; #Bump Security String #XXX
|
sed -i 's/2021-10-05/2022-09-05/' core/version_defaults.mk; #Bump Security String #XXX
|
||||||
fi;
|
fi;
|
||||||
|
|
||||||
if enterAndClear "build/soong"; then
|
if enterAndClear "build/soong"; then
|
||||||
@ -96,6 +96,10 @@ if [ "$(type -t DOS_WEBVIEW_CHERRYPICK)" = "alias" ] ; then DOS_WEBVIEW_CHERRYPI
|
|||||||
if [ "$DOS_WEBVIEW_LFS" = true ]; then git lfs pull; fi; #Ensure the objects are available
|
if [ "$DOS_WEBVIEW_LFS" = true ]; then git lfs pull; fi; #Ensure the objects are available
|
||||||
fi;
|
fi;
|
||||||
|
|
||||||
|
if enterAndClear "external/expat"; then
|
||||||
|
applyPatch "$DOS_PATCHES/android_external_expat/337987.patch"; #Q_asb_2022-09 Prevent XML_GetBuffer signed integer overflow
|
||||||
|
fi;
|
||||||
|
|
||||||
#if [ "$DOS_GRAPHENE_MALLOC_BROKEN" = true ]; then
|
#if [ "$DOS_GRAPHENE_MALLOC_BROKEN" = true ]; then
|
||||||
#if enterAndClear "external/hardened_malloc"; then
|
#if enterAndClear "external/hardened_malloc"; then
|
||||||
#applyPatch "$DOS_PATCHES_COMMON/android_external_hardened_malloc/0001-Broken_Audio.patch"; #DeviceDescriptor sorting wrongly relies on malloc addresses (GrapheneOS)
|
#applyPatch "$DOS_PATCHES_COMMON/android_external_hardened_malloc/0001-Broken_Audio.patch"; #DeviceDescriptor sorting wrongly relies on malloc addresses (GrapheneOS)
|
||||||
@ -126,6 +130,10 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/335117-backport.patch"; #P_asb_
|
|||||||
#applyPatch "$DOS_PATCHES/android_frameworks_base/335119.patch"; #P_asb_2022-08 Remove package title from notification access confirmation intent TODO: 335116 must be backported
|
#applyPatch "$DOS_PATCHES/android_frameworks_base/335119.patch"; #P_asb_2022-08 Remove package title from notification access confirmation intent TODO: 335116 must be backported
|
||||||
applyPatch "$DOS_PATCHES/android_frameworks_base/335120.patch"; #P_asb_2022-08 Stop using invalid URL to prevent unexpected crash
|
applyPatch "$DOS_PATCHES/android_frameworks_base/335120.patch"; #P_asb_2022-08 Stop using invalid URL to prevent unexpected crash
|
||||||
applyPatch "$DOS_PATCHES/android_frameworks_base/335121-backport.patch"; #P_asb_2022-08 Only allow the system server to connect to sync adapters
|
applyPatch "$DOS_PATCHES/android_frameworks_base/335121-backport.patch"; #P_asb_2022-08 Only allow the system server to connect to sync adapters
|
||||||
|
applyPatch "$DOS_PATCHES/android_frameworks_base/337990.patch"; #Q_asb_2022-09 Fix duplicate permission privilege escalation
|
||||||
|
applyPatch "$DOS_PATCHES/android_frameworks_base/337991.patch"; #Q_asb_2022-09 Parcel: recycle recycles
|
||||||
|
applyPatch "$DOS_PATCHES/android_frameworks_base/337992-backport.patch"; #Q_asb_2022-09 IMMS: Make IMMS PendingIntents immutable
|
||||||
|
applyPatch "$DOS_PATCHES/android_frameworks_base/337993.patch"; #Q_asb_2022-09 Remove package name from SafetyNet logs
|
||||||
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0001-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
|
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0001-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
|
||||||
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969)
|
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969)
|
||||||
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after three failed attempts (GrapheneOS)
|
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after three failed attempts (GrapheneOS)
|
||||||
@ -302,6 +310,9 @@ applyPatch "$DOS_PATCHES/android_system_bt/334266.patch"; #P_asb_2022-07 Securit
|
|||||||
applyPatch "$DOS_PATCHES/android_system_bt/334267.patch"; #P_asb_2022-07 Check Avrcp packet vendor length before extracting length
|
applyPatch "$DOS_PATCHES/android_system_bt/334267.patch"; #P_asb_2022-07 Check Avrcp packet vendor length before extracting length
|
||||||
applyPatch "$DOS_PATCHES/android_system_bt/334268.patch"; #P_asb_2022-07 Security: Fix out of bound read in AT_SKIP_REST
|
applyPatch "$DOS_PATCHES/android_system_bt/334268.patch"; #P_asb_2022-07 Security: Fix out of bound read in AT_SKIP_REST
|
||||||
applyPatch "$DOS_PATCHES/android_system_bt/335109.patch"; #P_asb_2022-08 Removing bonded device when auth fails due to missing keys
|
applyPatch "$DOS_PATCHES/android_system_bt/335109.patch"; #P_asb_2022-08 Removing bonded device when auth fails due to missing keys
|
||||||
|
applyPatch "$DOS_PATCHES/android_system_bt/337995-backport.patch"; #Q_asb_2022-09 Fix OOB in bnep_is_packet_allowed
|
||||||
|
applyPatch "$DOS_PATCHES/android_system_bt/337996.patch"; #Q_asb_2022-09 Fix OOB in BNEP_Write
|
||||||
|
applyPatch "$DOS_PATCHES/android_system_bt/337997.patch"; #Q_asb_2022-09 Fix OOB in reassemble_and_dispatch
|
||||||
fi;
|
fi;
|
||||||
|
|
||||||
if enterAndClear "system/core"; then
|
if enterAndClear "system/core"; then
|
||||||
|
@ -98,7 +98,7 @@ sed -i '74i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aap
|
|||||||
if [ "$DOS_SILENCE_INCLUDED" = true ]; then sed -i 's/messaging/Silence/' target/product/aosp_base_telephony.mk target/product/treble_common.mk; fi; #Replace the Messaging app with Silence
|
if [ "$DOS_SILENCE_INCLUDED" = true ]; then sed -i 's/messaging/Silence/' target/product/aosp_base_telephony.mk target/product/treble_common.mk; fi; #Replace the Messaging app with Silence
|
||||||
sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 17/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
|
sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 17/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
|
||||||
awk -i inplace '!/Email/' target/product/core.mk; #Remove Email
|
awk -i inplace '!/Email/' target/product/core.mk; #Remove Email
|
||||||
sed -i 's/2022-01-05/2022-08-05/' core/version_defaults.mk; #Bump Security String #P_asb_2022-08 #XXX
|
sed -i 's/2022-01-05/2022-09-05/' core/version_defaults.mk; #Bump Security String #P_asb_2022-09 #XXX
|
||||||
fi;
|
fi;
|
||||||
|
|
||||||
if enterAndClear "build/soong"; then
|
if enterAndClear "build/soong"; then
|
||||||
@ -119,6 +119,13 @@ if enterAndClear "external/conscrypt"; then
|
|||||||
if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_external_conscrypt/0001-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS)
|
if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_external_conscrypt/0001-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS)
|
||||||
fi;
|
fi;
|
||||||
|
|
||||||
|
if enterAndClear "external/expat"; then
|
||||||
|
git fetch https://github.com/LineageOS/android_external_expat refs/changes/86/337986/2 && git cherry-pick FETCH_HEAD; #Q_asb_2022-09
|
||||||
|
git fetch https://github.com/LineageOS/android_external_expat refs/changes/87/337987/2 && git cherry-pick FETCH_HEAD;
|
||||||
|
git fetch https://github.com/LineageOS/android_external_expat refs/changes/88/337988/2 && git cherry-pick FETCH_HEAD;
|
||||||
|
git fetch https://github.com/LineageOS/android_external_expat refs/changes/89/337989/2 && git cherry-pick FETCH_HEAD;
|
||||||
|
fi;
|
||||||
|
|
||||||
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then
|
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then
|
||||||
if enterAndClear "external/hardened_malloc"; then
|
if enterAndClear "external/hardened_malloc"; then
|
||||||
applyPatch "$DOS_PATCHES_COMMON/android_external_hardened_malloc/0001-Broken_Audio.patch"; #DeviceDescriptor sorting wrongly relies on malloc addresses (GrapheneOS)
|
applyPatch "$DOS_PATCHES_COMMON/android_external_hardened_malloc/0001-Broken_Audio.patch"; #DeviceDescriptor sorting wrongly relies on malloc addresses (GrapheneOS)
|
||||||
@ -138,6 +145,10 @@ if [ "$DOS_GRAPHENE_MALLOC" = true ]; then applyPatch "$DOS_PATCHES/android_fram
|
|||||||
fi;
|
fi;
|
||||||
|
|
||||||
if enterAndClear "frameworks/base"; then
|
if enterAndClear "frameworks/base"; then
|
||||||
|
git fetch https://github.com/LineageOS/android_frameworks_base refs/changes/90/337990/2 && git cherry-pick FETCH_HEAD; #Q_asb_2022-09
|
||||||
|
git fetch https://github.com/LineageOS/android_frameworks_base refs/changes/91/337991/2 && git cherry-pick FETCH_HEAD;
|
||||||
|
applyPatch "$DOS_PATCHES/android_frameworks_base/337992-Backport.patch"; #(MSe1969)
|
||||||
|
git fetch https://github.com/LineageOS/android_frameworks_base refs/changes/93/337993/2 && git cherry-pick FETCH_HEAD;
|
||||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS)
|
applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS)
|
||||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
|
applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
|
||||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch"; #Allow SystemUI to directly manage Bluetooth/WiFi (GrapheneOS)
|
applyPatch "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch"; #Allow SystemUI to directly manage Bluetooth/WiFi (GrapheneOS)
|
||||||
@ -311,9 +322,12 @@ applyPatch "$DOS_PATCHES/android_packages_services_Telephony/0001-PREREQ_Handle_
|
|||||||
applyPatch "$DOS_PATCHES/android_packages_services_Telephony/0002-More_Preferred_Network_Modes.patch";
|
applyPatch "$DOS_PATCHES/android_packages_services_Telephony/0002-More_Preferred_Network_Modes.patch";
|
||||||
fi;
|
fi;
|
||||||
|
|
||||||
#if enterAndClear "system/bt"; then
|
if enterAndClear "system/bt"; then
|
||||||
|
git fetch https://github.com/LineageOS/android_vendor_qcom_opensource_system_bt refs/changes/95/337995/1 && git cherry-pick FETCH_HEAD; #Q_asb_2022-09
|
||||||
|
git fetch https://github.com/LineageOS/android_vendor_qcom_opensource_system_bt refs/changes/96/337996/1 && git cherry-pick FETCH_HEAD;
|
||||||
|
git fetch https://github.com/LineageOS/android_vendor_qcom_opensource_system_bt refs/changes/97/337997/1 && git cherry-pick FETCH_HEAD;
|
||||||
#applyPatch "$DOS_PATCHES_COMMON/android_system_bt/0001-alloc_size.patch"; #Add alloc_size attributes to the allocator (GrapheneOS)
|
#applyPatch "$DOS_PATCHES_COMMON/android_system_bt/0001-alloc_size.patch"; #Add alloc_size attributes to the allocator (GrapheneOS)
|
||||||
#fi;
|
fi;
|
||||||
|
|
||||||
if enterAndClear "system/core"; then
|
if enterAndClear "system/core"; then
|
||||||
if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file
|
if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file
|
||||||
|
@ -81,9 +81,8 @@ patchWorkspace() {
|
|||||||
gpgVerifyGitTag "$DOS_BUILD_BASE/external/hardened_malloc";
|
gpgVerifyGitTag "$DOS_BUILD_BASE/external/hardened_malloc";
|
||||||
gpgVerifyGitHead "$DOS_BUILD_BASE/external/chromium-webview";
|
gpgVerifyGitHead "$DOS_BUILD_BASE/external/chromium-webview";
|
||||||
|
|
||||||
source build/envsetup.sh;
|
#source build/envsetup.sh;
|
||||||
#repopick -it ten-firewall;
|
#repopick -it ten-firewall;
|
||||||
repopick -it Q_asb_2022-09;
|
|
||||||
|
|
||||||
sh "$DOS_SCRIPTS/Patch.sh";
|
sh "$DOS_SCRIPTS/Patch.sh";
|
||||||
sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";
|
sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";
|
||||||
|
@ -97,7 +97,6 @@ if [ "$DOS_SILENCE_INCLUDED" = true ]; then sed -i 's/messaging/Silence/' target
|
|||||||
awk -i inplace '!/updatable_apex.mk/' target/product/mainline_system.mk; #Disable APEX
|
awk -i inplace '!/updatable_apex.mk/' target/product/mainline_system.mk; #Disable APEX
|
||||||
sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
|
sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
|
||||||
#sed -i 's/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := true/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := false/' core/product_config.mk; #broken by hardenDefconfig
|
#sed -i 's/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := true/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := false/' core/product_config.mk; #broken by hardenDefconfig
|
||||||
sed -i 's/2022-08-05/2022-09-05/' core/version_defaults.mk; #Bump Security String #Q_asb_2022-09 #XXX
|
|
||||||
fi;
|
fi;
|
||||||
|
|
||||||
if enterAndClear "build/soong"; then
|
if enterAndClear "build/soong"; then
|
||||||
@ -119,13 +118,6 @@ if enterAndClear "external/conscrypt"; then
|
|||||||
if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_external_conscrypt/0001-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS)
|
if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_external_conscrypt/0001-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS)
|
||||||
fi;
|
fi;
|
||||||
|
|
||||||
if enterAndClear "external/expat"; then
|
|
||||||
git fetch https://github.com/LineageOS/android_external_expat refs/changes/86/337986/1 && git cherry-pick FETCH_HEAD; #Q_asb_2022-09
|
|
||||||
git fetch https://github.com/LineageOS/android_external_expat refs/changes/87/337987/1 && git cherry-pick FETCH_HEAD;
|
|
||||||
git fetch https://github.com/LineageOS/android_external_expat refs/changes/88/337988/1 && git cherry-pick FETCH_HEAD;
|
|
||||||
git fetch https://github.com/LineageOS/android_external_expat refs/changes/89/337989/1 && git cherry-pick FETCH_HEAD;
|
|
||||||
fi;
|
|
||||||
|
|
||||||
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then
|
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then
|
||||||
if enterAndClear "external/hardened_malloc"; then
|
if enterAndClear "external/hardened_malloc"; then
|
||||||
applyPatch "$DOS_PATCHES/android_external_hardened_malloc/0001-Broken_Cameras.patch"; #Expand workaround to all camera executables (DivestOS)
|
applyPatch "$DOS_PATCHES/android_external_hardened_malloc/0001-Broken_Cameras.patch"; #Expand workaround to all camera executables (DivestOS)
|
||||||
|
@ -122,12 +122,11 @@ patchWorkspace() {
|
|||||||
gpgVerifyGitTag "$DOS_BUILD_BASE/external/hardened_malloc";
|
gpgVerifyGitTag "$DOS_BUILD_BASE/external/hardened_malloc";
|
||||||
gpgVerifyGitHead "$DOS_BUILD_BASE/external/chromium-webview";
|
gpgVerifyGitHead "$DOS_BUILD_BASE/external/chromium-webview";
|
||||||
|
|
||||||
source build/envsetup.sh;
|
#source build/envsetup.sh;
|
||||||
#repopick -it eleven-firewall;
|
#repopick -it eleven-firewall;
|
||||||
#repopick -i 314130; #adbconnection: don't spin if adbd isn't running
|
#repopick -i 314130; #adbconnection: don't spin if adbd isn't running
|
||||||
#repopick -i 314453; #TaskViewTouchController: Null check current animation on drag
|
#repopick -i 314453; #TaskViewTouchController: Null check current animation on drag
|
||||||
#repopick -i 325011; #lineage: Opt-in to shipping full recovery image by default
|
#repopick -i 325011; #lineage: Opt-in to shipping full recovery image by default
|
||||||
repopick -it R_asb_2022-09;
|
|
||||||
|
|
||||||
sh "$DOS_SCRIPTS/Patch.sh";
|
sh "$DOS_SCRIPTS/Patch.sh";
|
||||||
sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";
|
sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";
|
||||||
|
@ -96,7 +96,6 @@ if [ "$DOS_SILENCE_INCLUDED" = true ]; then sed -i 's/messaging/Silence/' target
|
|||||||
awk -i inplace '!/updatable_apex.mk/' target/product/mainline_system.mk; #Disable APEX
|
awk -i inplace '!/updatable_apex.mk/' target/product/mainline_system.mk; #Disable APEX
|
||||||
sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
|
sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
|
||||||
#sed -i 's/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := true/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := false/' core/product_config.mk; #broken by hardenDefconfig
|
#sed -i 's/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := true/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := false/' core/product_config.mk; #broken by hardenDefconfig
|
||||||
sed -i 's/2022-08-05/2022-09-05/' core/version_defaults.mk; #Bump Security String #R_asb_2022-09 #XXX
|
|
||||||
fi;
|
fi;
|
||||||
|
|
||||||
if enterAndClear "build/soong"; then
|
if enterAndClear "build/soong"; then
|
||||||
@ -118,13 +117,6 @@ if enterAndClear "external/conscrypt"; then
|
|||||||
if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_external_conscrypt/0001-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS)
|
if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_external_conscrypt/0001-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS)
|
||||||
fi;
|
fi;
|
||||||
|
|
||||||
if enterAndClear "external/expat"; then
|
|
||||||
git fetch https://github.com/LineageOS/android_external_expat refs/changes/66/337966/1 && git cherry-pick FETCH_HEAD; #R_asb_2022-09
|
|
||||||
git fetch https://github.com/LineageOS/android_external_expat refs/changes/67/337967/1 && git cherry-pick FETCH_HEAD;
|
|
||||||
git fetch https://github.com/LineageOS/android_external_expat refs/changes/68/337968/1 && git cherry-pick FETCH_HEAD;
|
|
||||||
git fetch https://github.com/LineageOS/android_external_expat refs/changes/69/337969/1 && git cherry-pick FETCH_HEAD;
|
|
||||||
fi;
|
|
||||||
|
|
||||||
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then
|
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then
|
||||||
if enterAndClear "external/hardened_malloc"; then
|
if enterAndClear "external/hardened_malloc"; then
|
||||||
applyPatch "$DOS_PATCHES/android_external_hardened_malloc/0001-Broken_Cameras.patch"; #Expand workaround to all camera executables (DivestOS)
|
applyPatch "$DOS_PATCHES/android_external_hardened_malloc/0001-Broken_Cameras.patch"; #Expand workaround to all camera executables (DivestOS)
|
||||||
|
@ -114,8 +114,7 @@ patchWorkspace() {
|
|||||||
gpgVerifyGitTag "$DOS_BUILD_BASE/external/SecureCamera";
|
gpgVerifyGitTag "$DOS_BUILD_BASE/external/SecureCamera";
|
||||||
gpgVerifyGitHead "$DOS_BUILD_BASE/external/chromium-webview";
|
gpgVerifyGitHead "$DOS_BUILD_BASE/external/chromium-webview";
|
||||||
|
|
||||||
source build/envsetup.sh;
|
#source build/envsetup.sh;
|
||||||
repopick -it S_asb_2022-09;
|
|
||||||
|
|
||||||
sh "$DOS_SCRIPTS/Patch.sh";
|
sh "$DOS_SCRIPTS/Patch.sh";
|
||||||
sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";
|
sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";
|
||||||
|
@ -97,7 +97,6 @@ sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aap
|
|||||||
awk -i inplace '!/updatable_apex.mk/' target/product/generic_system.mk; #Disable APEX
|
awk -i inplace '!/updatable_apex.mk/' target/product/generic_system.mk; #Disable APEX
|
||||||
sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
|
sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
|
||||||
#sed -i 's/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := true/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := false/' core/product_config.mk; #broken by hardenDefconfig
|
#sed -i 's/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := true/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := false/' core/product_config.mk; #broken by hardenDefconfig
|
||||||
sed -i 's/2022-08-05/2022-09-05/' core/version_defaults.mk; #Bump Security String #S_asb_2022-09 #XXX
|
|
||||||
fi;
|
fi;
|
||||||
|
|
||||||
if enterAndClear "build/soong"; then
|
if enterAndClear "build/soong"; then
|
||||||
@ -114,13 +113,6 @@ if enterAndClear "external/conscrypt"; then
|
|||||||
if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_external_conscrypt/0001-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS)
|
if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_external_conscrypt/0001-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS)
|
||||||
fi;
|
fi;
|
||||||
|
|
||||||
if enterAndClear "external/expat"; then
|
|
||||||
git fetch https://github.com/LineageOS/android_external_expat refs/changes/00/337900/1 && git cherry-pick FETCH_HEAD; #S_asb_2022-09
|
|
||||||
git fetch https://github.com/LineageOS/android_external_expat refs/changes/01/337901/1 && git cherry-pick FETCH_HEAD;
|
|
||||||
git fetch https://github.com/LineageOS/android_external_expat refs/changes/02/337902/1 && git cherry-pick FETCH_HEAD;
|
|
||||||
git fetch https://github.com/LineageOS/android_external_expat refs/changes/03/337903/1 && git cherry-pick FETCH_HEAD;
|
|
||||||
fi;
|
|
||||||
|
|
||||||
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then
|
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then
|
||||||
if enterAndClear "external/hardened_malloc"; then
|
if enterAndClear "external/hardened_malloc"; then
|
||||||
applyPatch "$DOS_PATCHES/android_external_hardened_malloc/0001-Broken_Cameras-1.patch"; #Workarounds for Pixel 3 SoC era camera driver bugs (GrapheneOS)
|
applyPatch "$DOS_PATCHES/android_external_hardened_malloc/0001-Broken_Cameras-1.patch"; #Workarounds for Pixel 3 SoC era camera driver bugs (GrapheneOS)
|
||||||
|
Loading…
x
Reference in New Issue
Block a user