mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-10-01 01:35:54 -04:00
18.1: April ASB work
Signed-off-by: Tavi <tavi@divested.dev>
This commit is contained in:
parent
898ddf41a9
commit
e5f019d63d
117
Patches/LineageOS-18.1/android_frameworks_base/389013.patch
Normal file
117
Patches/LineageOS-18.1/android_frameworks_base/389013.patch
Normal file
@ -0,0 +1,117 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Beverly <beverlyt@google.com>
|
||||
Date: Thu, 18 Jan 2024 20:13:52 +0000
|
||||
Subject: [PATCH] isUserInLockDown can be true when there are other strong auth
|
||||
requirements
|
||||
|
||||
Bug: 315206668
|
||||
Bug: 218495634
|
||||
Flag: None
|
||||
Test: manual, atest LockPatternUtilsTest
|
||||
(cherry picked from commit d341f1ecdb011d24b17358f115391b3f997cb179)
|
||||
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:ce7ca2d9f405c94062504411c886eff93bd7ce15)
|
||||
Merged-In: I5e979a7822dd7254b4579ab28ecf96df1db44179
|
||||
Change-Id: I5e979a7822dd7254b4579ab28ecf96df1db44179
|
||||
---
|
||||
.../internal/widget/LockPatternUtils.java | 4 +-
|
||||
.../internal/util/LockPatternUtilsTest.java | 41 ++++++++++++++++---
|
||||
2 files changed, 38 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/core/java/com/android/internal/widget/LockPatternUtils.java b/core/java/com/android/internal/widget/LockPatternUtils.java
|
||||
index e0a2803ea60b..d0e82ec29c80 100644
|
||||
--- a/core/java/com/android/internal/widget/LockPatternUtils.java
|
||||
+++ b/core/java/com/android/internal/widget/LockPatternUtils.java
|
||||
@@ -1484,8 +1484,8 @@ public class LockPatternUtils {
|
||||
}
|
||||
|
||||
public boolean isUserInLockdown(int userId) {
|
||||
- return getStrongAuthForUser(userId)
|
||||
- == StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN;
|
||||
+ return (getStrongAuthForUser(userId)
|
||||
+ & StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN) != 0;
|
||||
}
|
||||
|
||||
private static class WrappedCallback extends ICheckCredentialProgressCallback.Stub {
|
||||
diff --git a/core/tests/utiltests/src/com/android/internal/util/LockPatternUtilsTest.java b/core/tests/utiltests/src/com/android/internal/util/LockPatternUtilsTest.java
|
||||
index 50e8474e8d52..01494a7659a5 100644
|
||||
--- a/core/tests/utiltests/src/com/android/internal/util/LockPatternUtilsTest.java
|
||||
+++ b/core/tests/utiltests/src/com/android/internal/util/LockPatternUtilsTest.java
|
||||
@@ -19,6 +19,10 @@ package com.android.internal.util;
|
||||
import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_MANAGED;
|
||||
import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED;
|
||||
|
||||
+import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_NOT_REQUIRED;
|
||||
+import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_LOCKOUT;
|
||||
+import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN;
|
||||
+
|
||||
import static org.junit.Assert.assertFalse;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import static org.mockito.Mockito.doReturn;
|
||||
@@ -48,12 +52,15 @@ import org.mockito.Mockito;
|
||||
@SmallTest
|
||||
public class LockPatternUtilsTest {
|
||||
|
||||
+ private ILockSettings mLockSettings;
|
||||
+ private static final int USER_ID = 1;
|
||||
private static final int DEMO_USER_ID = 5;
|
||||
|
||||
private LockPatternUtils mLockPatternUtils;
|
||||
|
||||
private void configureTest(boolean isSecure, boolean isDemoUser, int deviceDemoMode)
|
||||
throws Exception {
|
||||
+ mLockSettings = Mockito.mock(ILockSettings.class);
|
||||
final Context context = spy(new ContextWrapper(InstrumentationRegistry.getTargetContext()));
|
||||
|
||||
final MockContentResolver cr = new MockContentResolver(context);
|
||||
@@ -61,15 +68,14 @@ public class LockPatternUtilsTest {
|
||||
when(context.getContentResolver()).thenReturn(cr);
|
||||
Settings.Global.putInt(cr, Settings.Global.DEVICE_DEMO_MODE, deviceDemoMode);
|
||||
|
||||
- final ILockSettings ils = Mockito.mock(ILockSettings.class);
|
||||
- when(ils.getCredentialType(DEMO_USER_ID)).thenReturn(
|
||||
+ when(mLockSettings.getCredentialType(DEMO_USER_ID)).thenReturn(
|
||||
isSecure ? LockPatternUtils.CREDENTIAL_TYPE_PASSWORD
|
||||
: LockPatternUtils.CREDENTIAL_TYPE_NONE);
|
||||
- when(ils.getLong("lockscreen.password_type", PASSWORD_QUALITY_UNSPECIFIED, DEMO_USER_ID))
|
||||
- .thenReturn((long) PASSWORD_QUALITY_MANAGED);
|
||||
+ when(mLockSettings.getLong("lockscreen.password_type", PASSWORD_QUALITY_UNSPECIFIED,
|
||||
+ DEMO_USER_ID)).thenReturn((long) PASSWORD_QUALITY_MANAGED);
|
||||
// TODO(b/63758238): stop spying the class under test
|
||||
mLockPatternUtils = spy(new LockPatternUtils(context));
|
||||
- when(mLockPatternUtils.getLockSettings()).thenReturn(ils);
|
||||
+ when(mLockPatternUtils.getLockSettings()).thenReturn(mLockSettings);
|
||||
doReturn(true).when(mLockPatternUtils).hasSecureLockScreen();
|
||||
|
||||
final UserInfo userInfo = Mockito.mock(UserInfo.class);
|
||||
@@ -79,6 +85,31 @@ public class LockPatternUtilsTest {
|
||||
when(context.getSystemService(Context.USER_SERVICE)).thenReturn(um);
|
||||
}
|
||||
|
||||
+ @Test
|
||||
+ public void isUserInLockDown() throws Exception {
|
||||
+ configureTest(true, false, 2);
|
||||
+
|
||||
+ // GIVEN strong auth not required
|
||||
+ when(mLockSettings.getStrongAuthForUser(USER_ID)).thenReturn(STRONG_AUTH_NOT_REQUIRED);
|
||||
+
|
||||
+ // THEN user isn't in lockdown
|
||||
+ assertFalse(mLockPatternUtils.isUserInLockdown(USER_ID));
|
||||
+
|
||||
+ // GIVEN lockdown
|
||||
+ when(mLockSettings.getStrongAuthForUser(USER_ID)).thenReturn(
|
||||
+ STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN);
|
||||
+
|
||||
+ // THEN user is in lockdown
|
||||
+ assertTrue(mLockPatternUtils.isUserInLockdown(USER_ID));
|
||||
+
|
||||
+ // GIVEN lockdown and lockout
|
||||
+ when(mLockSettings.getStrongAuthForUser(USER_ID)).thenReturn(
|
||||
+ STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN | STRONG_AUTH_REQUIRED_AFTER_LOCKOUT);
|
||||
+
|
||||
+ // THEN user is in lockdown
|
||||
+ assertTrue(mLockPatternUtils.isUserInLockdown(USER_ID));
|
||||
+ }
|
||||
+
|
||||
@Test
|
||||
public void isLockScreenDisabled_isDemoUser_true() throws Exception {
|
||||
configureTest(false, true, 2);
|
@ -0,0 +1,345 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Tetiana Meronyk <tetianameronyk@google.com>
|
||||
Date: Wed, 10 Jan 2024 16:25:13 +0000
|
||||
Subject: [PATCH] Fix security vulnerability that creates user with no
|
||||
restrictions when accountOptions are too long.
|
||||
|
||||
Bug: 293602970
|
||||
Test: atest UserManagerTest#testAddUserAccountData_validStringValuesAreSaved_validBundleIsSaved && atest UserManagerTest#testAddUserAccountData_invalidStringValuesAreTruncated_invalidBundleIsDropped
|
||||
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:944ea959ab8464c39a8f6a4fc391fb6953e1df89)
|
||||
Merged-In: I23c971f671546ac085060add89485cfac6691ca3
|
||||
Change-Id: I23c971f671546ac085060add89485cfac6691ca3
|
||||
---
|
||||
core/java/android/os/PersistableBundle.java | 37 +++++++
|
||||
core/java/android/os/UserManager.java | 23 +++-
|
||||
.../app/ConfirmUserCreationActivity.java | 12 +++
|
||||
.../android/server/pm/UserManagerService.java | 29 ++---
|
||||
.../android/server/pm/UserManagerTest.java | 102 ++++++++++++++++++
|
||||
5 files changed, 187 insertions(+), 16 deletions(-)
|
||||
|
||||
diff --git a/core/java/android/os/PersistableBundle.java b/core/java/android/os/PersistableBundle.java
|
||||
index 7c7e2137aa17..b2adb5eb434c 100644
|
||||
--- a/core/java/android/os/PersistableBundle.java
|
||||
+++ b/core/java/android/os/PersistableBundle.java
|
||||
@@ -275,6 +275,43 @@ public final class PersistableBundle extends BaseBundle implements Cloneable, Pa
|
||||
XmlUtils.writeMapXml(mMap, out, this);
|
||||
}
|
||||
|
||||
+ /**
|
||||
+ * Checks whether all keys and values are within the given character limit.
|
||||
+ * Note: Maximum character limit of String that can be saved to XML as part of bundle is 65535.
|
||||
+ * Otherwise IOException is thrown.
|
||||
+ * @param limit length of String keys and values in the PersistableBundle, including nested
|
||||
+ * PersistableBundles to check against.
|
||||
+ *
|
||||
+ * @hide
|
||||
+ */
|
||||
+ public boolean isBundleContentsWithinLengthLimit(int limit) {
|
||||
+ unparcel();
|
||||
+ if (mMap == null) {
|
||||
+ return true;
|
||||
+ }
|
||||
+ for (int i = 0; i < mMap.size(); i++) {
|
||||
+ if (mMap.keyAt(i) != null && mMap.keyAt(i).length() > limit) {
|
||||
+ return false;
|
||||
+ }
|
||||
+ final Object value = mMap.valueAt(i);
|
||||
+ if (value instanceof String && ((String) value).length() > limit) {
|
||||
+ return false;
|
||||
+ } else if (value instanceof String[]) {
|
||||
+ String[] stringArray = (String[]) value;
|
||||
+ for (int j = 0; j < stringArray.length; j++) {
|
||||
+ if (stringArray[j] != null
|
||||
+ && stringArray[j].length() > limit) {
|
||||
+ return false;
|
||||
+ }
|
||||
+ }
|
||||
+ } else if (value instanceof PersistableBundle
|
||||
+ && !((PersistableBundle) value).isBundleContentsWithinLengthLimit(limit)) {
|
||||
+ return false;
|
||||
+ }
|
||||
+ }
|
||||
+ return true;
|
||||
+ }
|
||||
+
|
||||
/** @hide */
|
||||
static class MyReadMapCallback implements XmlUtils.ReadMapCallback {
|
||||
@Override
|
||||
diff --git a/core/java/android/os/UserManager.java b/core/java/android/os/UserManager.java
|
||||
index 2465b0e41876..9606ce97a3b0 100644
|
||||
--- a/core/java/android/os/UserManager.java
|
||||
+++ b/core/java/android/os/UserManager.java
|
||||
@@ -91,6 +91,21 @@ public class UserManager {
|
||||
private Boolean mIsManagedProfileCached;
|
||||
private Boolean mIsProfileCached;
|
||||
|
||||
+ /** Maximum length of username.
|
||||
+ * @hide
|
||||
+ */
|
||||
+ public static final int MAX_USER_NAME_LENGTH = 100;
|
||||
+
|
||||
+ /** Maximum length of user property String value.
|
||||
+ * @hide
|
||||
+ */
|
||||
+ public static final int MAX_ACCOUNT_STRING_LENGTH = 500;
|
||||
+
|
||||
+ /** Maximum length of account options String values.
|
||||
+ * @hide
|
||||
+ */
|
||||
+ public static final int MAX_ACCOUNT_OPTIONS_LENGTH = 1000;
|
||||
+
|
||||
/**
|
||||
* User type representing a {@link UserHandle#USER_SYSTEM system} user that is a human user.
|
||||
* This type of user cannot be created; it can only pre-exist on first boot.
|
||||
@@ -2974,15 +2989,15 @@ public class UserManager {
|
||||
* time, the preferred user name and account information are used by the setup process for that
|
||||
* user.
|
||||
*
|
||||
- * @param userName Optional name to assign to the user.
|
||||
+ * @param userName Optional name to assign to the user. Character limit is 100.
|
||||
* @param accountName Optional account name that will be used by the setup wizard to initialize
|
||||
- * the user.
|
||||
+ * the user. Character limit is 500.
|
||||
* @param accountType Optional account type for the account to be created. This is required
|
||||
- * if the account name is specified.
|
||||
+ * if the account name is specified. Character limit is 500.
|
||||
* @param accountOptions Optional bundle of data to be passed in during account creation in the
|
||||
* new user via {@link AccountManager#addAccount(String, String, String[],
|
||||
* Bundle, android.app.Activity, android.accounts.AccountManagerCallback,
|
||||
- * Handler)}.
|
||||
+ * Handler)}. Character limit is 1000.
|
||||
* @return An Intent that can be launched from an Activity.
|
||||
* @see #USER_CREATION_FAILED_NOT_PERMITTED
|
||||
* @see #USER_CREATION_FAILED_NO_MORE_USERS
|
||||
diff --git a/core/java/com/android/internal/app/ConfirmUserCreationActivity.java b/core/java/com/android/internal/app/ConfirmUserCreationActivity.java
|
||||
index 03da9bc939ec..74dedc38a922 100644
|
||||
--- a/core/java/com/android/internal/app/ConfirmUserCreationActivity.java
|
||||
+++ b/core/java/com/android/internal/app/ConfirmUserCreationActivity.java
|
||||
@@ -110,6 +110,14 @@ public class ConfirmUserCreationActivity extends AlertActivity
|
||||
if (cantCreateUser) {
|
||||
setResult(UserManager.USER_CREATION_FAILED_NOT_PERMITTED);
|
||||
return null;
|
||||
+ } else if (!(isUserPropertyWithinLimit(mUserName, UserManager.MAX_USER_NAME_LENGTH)
|
||||
+ && isUserPropertyWithinLimit(mAccountName, UserManager.MAX_ACCOUNT_STRING_LENGTH)
|
||||
+ && isUserPropertyWithinLimit(mAccountType, UserManager.MAX_ACCOUNT_STRING_LENGTH))
|
||||
+ || (mAccountOptions != null && !mAccountOptions.isBundleContentsWithinLengthLimit(
|
||||
+ UserManager.MAX_ACCOUNT_OPTIONS_LENGTH))) {
|
||||
+ setResult(UserManager.USER_CREATION_FAILED_NOT_PERMITTED);
|
||||
+ Log.i(TAG, "User properties must not exceed their character limits");
|
||||
+ return null;
|
||||
} else if (cantCreateAnyMoreUsers) {
|
||||
setResult(UserManager.USER_CREATION_FAILED_NO_MORE_USERS);
|
||||
return null;
|
||||
@@ -137,4 +145,8 @@ public class ConfirmUserCreationActivity extends AlertActivity
|
||||
}
|
||||
finish();
|
||||
}
|
||||
+
|
||||
+ private boolean isUserPropertyWithinLimit(String property, int limit) {
|
||||
+ return property == null || property.length() <= limit;
|
||||
+ }
|
||||
}
|
||||
diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java
|
||||
index 4a9d6f6ef5ff..88c4223d0925 100644
|
||||
--- a/services/core/java/com/android/server/pm/UserManagerService.java
|
||||
+++ b/services/core/java/com/android/server/pm/UserManagerService.java
|
||||
@@ -240,8 +240,6 @@ public class UserManagerService extends IUserManager.Stub {
|
||||
|
||||
private static final int USER_VERSION = 9;
|
||||
|
||||
- private static final int MAX_USER_STRING_LENGTH = 500;
|
||||
-
|
||||
private static final long EPOCH_PLUS_30_YEARS = 30L * 365 * 24 * 60 * 60 * 1000L; // ms
|
||||
|
||||
static final int WRITE_USER_MSG = 1;
|
||||
@@ -2938,16 +2936,18 @@ public class UserManagerService extends IUserManager.Stub {
|
||||
if (userData.persistSeedData) {
|
||||
if (userData.seedAccountName != null) {
|
||||
serializer.attribute(null, ATTR_SEED_ACCOUNT_NAME,
|
||||
- truncateString(userData.seedAccountName));
|
||||
+ truncateString(userData.seedAccountName,
|
||||
+ UserManager.MAX_ACCOUNT_STRING_LENGTH));
|
||||
}
|
||||
if (userData.seedAccountType != null) {
|
||||
serializer.attribute(null, ATTR_SEED_ACCOUNT_TYPE,
|
||||
- truncateString(userData.seedAccountType));
|
||||
+ truncateString(userData.seedAccountType,
|
||||
+ UserManager.MAX_ACCOUNT_STRING_LENGTH));
|
||||
}
|
||||
}
|
||||
if (userInfo.name != null) {
|
||||
serializer.startTag(null, TAG_NAME);
|
||||
- serializer.text(truncateString(userInfo.name));
|
||||
+ serializer.text(truncateString(userInfo.name, UserManager.MAX_USER_NAME_LENGTH));
|
||||
serializer.endTag(null, TAG_NAME);
|
||||
}
|
||||
synchronized (mRestrictionsLock) {
|
||||
@@ -2987,11 +2987,11 @@ public class UserManagerService extends IUserManager.Stub {
|
||||
serializer.endDocument();
|
||||
}
|
||||
|
||||
- private String truncateString(String original) {
|
||||
- if (original == null || original.length() <= MAX_USER_STRING_LENGTH) {
|
||||
+ private String truncateString(String original, int limit) {
|
||||
+ if (original == null || original.length() <= limit) {
|
||||
return original;
|
||||
}
|
||||
- return original.substring(0, MAX_USER_STRING_LENGTH);
|
||||
+ return original.substring(0, limit);
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -3409,7 +3409,7 @@ public class UserManagerService extends IUserManager.Stub {
|
||||
@NonNull String userType, @UserInfoFlag int flags, @UserIdInt int parentId,
|
||||
boolean preCreate, @Nullable String[] disallowedPackages,
|
||||
@NonNull TimingsTraceAndSlog t) throws UserManager.CheckedUserOperationException {
|
||||
- String truncatedName = truncateString(name);
|
||||
+ String truncatedName = truncateString(name, UserManager.MAX_USER_NAME_LENGTH);
|
||||
final UserTypeDetails userTypeDetails = mUserTypes.get(userType);
|
||||
if (userTypeDetails == null) {
|
||||
Slog.e(LOG_TAG, "Cannot create user of invalid user type: " + userType);
|
||||
@@ -4619,9 +4619,14 @@ public class UserManagerService extends IUserManager.Stub {
|
||||
Slog.e(LOG_TAG, "No such user for settings seed data u=" + userId);
|
||||
return;
|
||||
}
|
||||
- userData.seedAccountName = truncateString(accountName);
|
||||
- userData.seedAccountType = truncateString(accountType);
|
||||
- userData.seedAccountOptions = accountOptions;
|
||||
+ userData.seedAccountName = truncateString(accountName,
|
||||
+ UserManager.MAX_ACCOUNT_STRING_LENGTH);
|
||||
+ userData.seedAccountType = truncateString(accountType,
|
||||
+ UserManager.MAX_ACCOUNT_STRING_LENGTH);
|
||||
+ if (accountOptions != null && accountOptions.isBundleContentsWithinLengthLimit(
|
||||
+ UserManager.MAX_ACCOUNT_OPTIONS_LENGTH)) {
|
||||
+ userData.seedAccountOptions = accountOptions;
|
||||
+ }
|
||||
userData.persistSeedData = persist;
|
||||
}
|
||||
if (persist) {
|
||||
diff --git a/services/tests/servicestests/src/com/android/server/pm/UserManagerTest.java b/services/tests/servicestests/src/com/android/server/pm/UserManagerTest.java
|
||||
index 44bb58f62253..e7bb3ef42136 100644
|
||||
--- a/services/tests/servicestests/src/com/android/server/pm/UserManagerTest.java
|
||||
+++ b/services/tests/servicestests/src/com/android/server/pm/UserManagerTest.java
|
||||
@@ -19,6 +19,7 @@ package com.android.server.pm;
|
||||
import static com.google.common.truth.Truth.assertThat;
|
||||
import static com.google.common.truth.Truth.assertWithMessage;
|
||||
|
||||
+import static org.junit.Assert.assertTrue;
|
||||
import static org.junit.Assert.fail;
|
||||
import static org.junit.Assume.assumeTrue;
|
||||
import static org.testng.Assert.assertThrows;
|
||||
@@ -33,6 +34,7 @@ import android.content.pm.PackageManager;
|
||||
import android.content.pm.UserInfo;
|
||||
import android.content.res.Resources;
|
||||
import android.os.Bundle;
|
||||
+import android.os.PersistableBundle;
|
||||
import android.os.UserHandle;
|
||||
import android.os.UserManager;
|
||||
import android.provider.Settings;
|
||||
@@ -879,6 +881,106 @@ public final class UserManagerTest {
|
||||
assertThat(userInfo.name).isEqualTo(newName);
|
||||
}
|
||||
|
||||
+ @Test
|
||||
+ public void testAddUserAccountData_validStringValuesAreSaved_validBundleIsSaved() {
|
||||
+ assumeManagedUsersSupported();
|
||||
+
|
||||
+ String userName = "User";
|
||||
+ String accountName = "accountName";
|
||||
+ String accountType = "accountType";
|
||||
+ String arrayKey = "StringArrayKey";
|
||||
+ String stringKey = "StringKey";
|
||||
+ String intKey = "IntKey";
|
||||
+ String nestedBundleKey = "PersistableBundleKey";
|
||||
+ String value1 = "Value 1";
|
||||
+ String value2 = "Value 2";
|
||||
+ String value3 = "Value 3";
|
||||
+
|
||||
+ UserInfo userInfo = mUserManager.createUser(userName,
|
||||
+ UserManager.USER_TYPE_FULL_SECONDARY, 0);
|
||||
+
|
||||
+ PersistableBundle accountOptions = new PersistableBundle();
|
||||
+ String[] stringArray = {value1, value2};
|
||||
+ accountOptions.putInt(intKey, 1234);
|
||||
+ PersistableBundle nested = new PersistableBundle();
|
||||
+ nested.putString(stringKey, value3);
|
||||
+ accountOptions.putPersistableBundle(nestedBundleKey, nested);
|
||||
+ accountOptions.putStringArray(arrayKey, stringArray);
|
||||
+
|
||||
+ mUserManager.clearSeedAccountData();
|
||||
+ mUserManager.setSeedAccountData(mContext.getUserId(), accountName,
|
||||
+ accountType, accountOptions);
|
||||
+
|
||||
+ //assert userName accountName and accountType were saved correctly
|
||||
+ assertTrue(mUserManager.getUserInfo(userInfo.id).name.equals(userName));
|
||||
+ assertTrue(mUserManager.getSeedAccountName().equals(accountName));
|
||||
+ assertTrue(mUserManager.getSeedAccountType().equals(accountType));
|
||||
+
|
||||
+ //assert bundle with correct values was added
|
||||
+ assertThat(mUserManager.getSeedAccountOptions().containsKey(arrayKey)).isTrue();
|
||||
+ assertThat(mUserManager.getSeedAccountOptions().getPersistableBundle(nestedBundleKey)
|
||||
+ .getString(stringKey)).isEqualTo(value3);
|
||||
+ assertThat(mUserManager.getSeedAccountOptions().getStringArray(arrayKey)[0])
|
||||
+ .isEqualTo(value1);
|
||||
+
|
||||
+ mUserManager.removeUser(userInfo.id);
|
||||
+ }
|
||||
+
|
||||
+ @Test
|
||||
+ public void testAddUserAccountData_invalidStringValuesAreTruncated_invalidBundleIsDropped() {
|
||||
+ assumeManagedUsersSupported();
|
||||
+
|
||||
+ String tooLongString = generateLongString();
|
||||
+ String userName = "User " + tooLongString;
|
||||
+ String accountType = "Account Type " + tooLongString;
|
||||
+ String accountName = "accountName " + tooLongString;
|
||||
+ String arrayKey = "StringArrayKey";
|
||||
+ String stringKey = "StringKey";
|
||||
+ String intKey = "IntKey";
|
||||
+ String nestedBundleKey = "PersistableBundleKey";
|
||||
+ String value1 = "Value 1";
|
||||
+ String value2 = "Value 2";
|
||||
+
|
||||
+ UserInfo userInfo = mUserManager.createUser(userName,
|
||||
+ UserManager.USER_TYPE_FULL_SECONDARY, 0);
|
||||
+
|
||||
+ PersistableBundle accountOptions = new PersistableBundle();
|
||||
+ String[] stringArray = {value1, value2};
|
||||
+ accountOptions.putInt(intKey, 1234);
|
||||
+ PersistableBundle nested = new PersistableBundle();
|
||||
+ nested.putString(stringKey, tooLongString);
|
||||
+ accountOptions.putPersistableBundle(nestedBundleKey, nested);
|
||||
+ accountOptions.putStringArray(arrayKey, stringArray);
|
||||
+ mUserManager.clearSeedAccountData();
|
||||
+ mUserManager.setSeedAccountData(mContext.getUserId(), accountName,
|
||||
+ accountType, accountOptions);
|
||||
+
|
||||
+ //assert userName was truncated
|
||||
+ assertTrue(mUserManager.getUserInfo(userInfo.id).name.length()
|
||||
+ == UserManager.MAX_USER_NAME_LENGTH);
|
||||
+
|
||||
+ //assert accountName and accountType got truncated
|
||||
+ assertTrue(mUserManager.getSeedAccountName().length()
|
||||
+ == UserManager.MAX_ACCOUNT_STRING_LENGTH);
|
||||
+ assertTrue(mUserManager.getSeedAccountType().length()
|
||||
+ == UserManager.MAX_ACCOUNT_STRING_LENGTH);
|
||||
+
|
||||
+ //assert bundle with invalid values was dropped
|
||||
+ assertThat(mUserManager.getSeedAccountOptions() == null).isTrue();
|
||||
+
|
||||
+ mUserManager.removeUser(userInfo.id);
|
||||
+ }
|
||||
+
|
||||
+ private String generateLongString() {
|
||||
+ String partialString = "Test Name Test Name Test Name Test Name Test Name Test Name Test "
|
||||
+ + "Name Test Name Test Name Test Name "; //String of length 100
|
||||
+ StringBuilder resultString = new StringBuilder();
|
||||
+ for (int i = 0; i < 600; i++) {
|
||||
+ resultString.append(partialString);
|
||||
+ }
|
||||
+ return resultString.toString();
|
||||
+ }
|
||||
+
|
||||
private boolean isPackageInstalledForUser(String packageName, int userId) {
|
||||
try {
|
||||
return mPackageManager.getPackageInfoAsUser(packageName, 0, userId) != null;
|
@ -96,7 +96,7 @@ sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aap
|
||||
awk -i inplace '!/updatable_apex.mk/' target/product/mainline_system.mk; #Disable APEX
|
||||
sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
|
||||
#sed -i 's/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := true/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := false/' core/product_config.mk; #broken by hardenDefconfig
|
||||
sed -i 's/2024-02-05/2024-03-05/' core/version_defaults.mk; #Bump Security String #R_asb_2024-03
|
||||
sed -i 's/2024-02-05/2024-04-05/' core/version_defaults.mk; #Bump Security String #R_asb_2024-04
|
||||
fi;
|
||||
|
||||
if enterAndClear "build/soong"; then
|
||||
@ -126,6 +126,8 @@ fi;
|
||||
|
||||
if enterAndClear "frameworks/base"; then
|
||||
git revert --no-edit 438d9feacfcad73d3ee918541574132928a93644; #Reverts "Allow signature spoofing for microG Companion/Services" in favor of below patch
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/389013.patch"; #S_asb_2024-04 isUserInLockDown can be true when there are other strong auth requirements
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/389014-backport.patch"; #S_asb_2024-04 Fix security vulnerability that creates user with no restrictions when accountOptions are too long.
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch"; #Allow SystemUI to directly manage Bluetooth/WiFi (GrapheneOS)
|
||||
|
Loading…
Reference in New Issue
Block a user