From e5f019d63d3c67ee3aa822ba663c31caff09db2e Mon Sep 17 00:00:00 2001 From: Tavi Date: Sun, 7 Apr 2024 18:05:26 -0400 Subject: [PATCH] 18.1: April ASB work Signed-off-by: Tavi --- .../android_frameworks_base/389013.patch | 117 ++++++ .../389014-backport.patch | 345 ++++++++++++++++++ Scripts/LineageOS-18.1/Patch.sh | 4 +- 3 files changed, 465 insertions(+), 1 deletion(-) create mode 100644 Patches/LineageOS-18.1/android_frameworks_base/389013.patch create mode 100644 Patches/LineageOS-18.1/android_frameworks_base/389014-backport.patch diff --git a/Patches/LineageOS-18.1/android_frameworks_base/389013.patch b/Patches/LineageOS-18.1/android_frameworks_base/389013.patch new file mode 100644 index 00000000..0e4b431c --- /dev/null +++ b/Patches/LineageOS-18.1/android_frameworks_base/389013.patch @@ -0,0 +1,117 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Beverly +Date: Thu, 18 Jan 2024 20:13:52 +0000 +Subject: [PATCH] isUserInLockDown can be true when there are other strong auth + requirements + +Bug: 315206668 +Bug: 218495634 +Flag: None +Test: manual, atest LockPatternUtilsTest +(cherry picked from commit d341f1ecdb011d24b17358f115391b3f997cb179) +(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:ce7ca2d9f405c94062504411c886eff93bd7ce15) +Merged-In: I5e979a7822dd7254b4579ab28ecf96df1db44179 +Change-Id: I5e979a7822dd7254b4579ab28ecf96df1db44179 +--- + .../internal/widget/LockPatternUtils.java | 4 +- + .../internal/util/LockPatternUtilsTest.java | 41 ++++++++++++++++--- + 2 files changed, 38 insertions(+), 7 deletions(-) + +diff --git a/core/java/com/android/internal/widget/LockPatternUtils.java b/core/java/com/android/internal/widget/LockPatternUtils.java +index e0a2803ea60b..d0e82ec29c80 100644 +--- a/core/java/com/android/internal/widget/LockPatternUtils.java ++++ b/core/java/com/android/internal/widget/LockPatternUtils.java +@@ -1484,8 +1484,8 @@ public class LockPatternUtils { + } + + public boolean isUserInLockdown(int userId) { +- return getStrongAuthForUser(userId) +- == StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN; ++ return (getStrongAuthForUser(userId) ++ & StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN) != 0; + } + + private static class WrappedCallback extends ICheckCredentialProgressCallback.Stub { +diff --git a/core/tests/utiltests/src/com/android/internal/util/LockPatternUtilsTest.java b/core/tests/utiltests/src/com/android/internal/util/LockPatternUtilsTest.java +index 50e8474e8d52..01494a7659a5 100644 +--- a/core/tests/utiltests/src/com/android/internal/util/LockPatternUtilsTest.java ++++ b/core/tests/utiltests/src/com/android/internal/util/LockPatternUtilsTest.java +@@ -19,6 +19,10 @@ package com.android.internal.util; + import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_MANAGED; + import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED; + ++import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_NOT_REQUIRED; ++import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_LOCKOUT; ++import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN; ++ + import static org.junit.Assert.assertFalse; + import static org.junit.Assert.assertTrue; + import static org.mockito.Mockito.doReturn; +@@ -48,12 +52,15 @@ import org.mockito.Mockito; + @SmallTest + public class LockPatternUtilsTest { + ++ private ILockSettings mLockSettings; ++ private static final int USER_ID = 1; + private static final int DEMO_USER_ID = 5; + + private LockPatternUtils mLockPatternUtils; + + private void configureTest(boolean isSecure, boolean isDemoUser, int deviceDemoMode) + throws Exception { ++ mLockSettings = Mockito.mock(ILockSettings.class); + final Context context = spy(new ContextWrapper(InstrumentationRegistry.getTargetContext())); + + final MockContentResolver cr = new MockContentResolver(context); +@@ -61,15 +68,14 @@ public class LockPatternUtilsTest { + when(context.getContentResolver()).thenReturn(cr); + Settings.Global.putInt(cr, Settings.Global.DEVICE_DEMO_MODE, deviceDemoMode); + +- final ILockSettings ils = Mockito.mock(ILockSettings.class); +- when(ils.getCredentialType(DEMO_USER_ID)).thenReturn( ++ when(mLockSettings.getCredentialType(DEMO_USER_ID)).thenReturn( + isSecure ? LockPatternUtils.CREDENTIAL_TYPE_PASSWORD + : LockPatternUtils.CREDENTIAL_TYPE_NONE); +- when(ils.getLong("lockscreen.password_type", PASSWORD_QUALITY_UNSPECIFIED, DEMO_USER_ID)) +- .thenReturn((long) PASSWORD_QUALITY_MANAGED); ++ when(mLockSettings.getLong("lockscreen.password_type", PASSWORD_QUALITY_UNSPECIFIED, ++ DEMO_USER_ID)).thenReturn((long) PASSWORD_QUALITY_MANAGED); + // TODO(b/63758238): stop spying the class under test + mLockPatternUtils = spy(new LockPatternUtils(context)); +- when(mLockPatternUtils.getLockSettings()).thenReturn(ils); ++ when(mLockPatternUtils.getLockSettings()).thenReturn(mLockSettings); + doReturn(true).when(mLockPatternUtils).hasSecureLockScreen(); + + final UserInfo userInfo = Mockito.mock(UserInfo.class); +@@ -79,6 +85,31 @@ public class LockPatternUtilsTest { + when(context.getSystemService(Context.USER_SERVICE)).thenReturn(um); + } + ++ @Test ++ public void isUserInLockDown() throws Exception { ++ configureTest(true, false, 2); ++ ++ // GIVEN strong auth not required ++ when(mLockSettings.getStrongAuthForUser(USER_ID)).thenReturn(STRONG_AUTH_NOT_REQUIRED); ++ ++ // THEN user isn't in lockdown ++ assertFalse(mLockPatternUtils.isUserInLockdown(USER_ID)); ++ ++ // GIVEN lockdown ++ when(mLockSettings.getStrongAuthForUser(USER_ID)).thenReturn( ++ STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN); ++ ++ // THEN user is in lockdown ++ assertTrue(mLockPatternUtils.isUserInLockdown(USER_ID)); ++ ++ // GIVEN lockdown and lockout ++ when(mLockSettings.getStrongAuthForUser(USER_ID)).thenReturn( ++ STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN | STRONG_AUTH_REQUIRED_AFTER_LOCKOUT); ++ ++ // THEN user is in lockdown ++ assertTrue(mLockPatternUtils.isUserInLockdown(USER_ID)); ++ } ++ + @Test + public void isLockScreenDisabled_isDemoUser_true() throws Exception { + configureTest(false, true, 2); diff --git a/Patches/LineageOS-18.1/android_frameworks_base/389014-backport.patch b/Patches/LineageOS-18.1/android_frameworks_base/389014-backport.patch new file mode 100644 index 00000000..e802abc2 --- /dev/null +++ b/Patches/LineageOS-18.1/android_frameworks_base/389014-backport.patch @@ -0,0 +1,345 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Tetiana Meronyk +Date: Wed, 10 Jan 2024 16:25:13 +0000 +Subject: [PATCH] Fix security vulnerability that creates user with no + restrictions when accountOptions are too long. + +Bug: 293602970 +Test: atest UserManagerTest#testAddUserAccountData_validStringValuesAreSaved_validBundleIsSaved && atest UserManagerTest#testAddUserAccountData_invalidStringValuesAreTruncated_invalidBundleIsDropped +(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:944ea959ab8464c39a8f6a4fc391fb6953e1df89) +Merged-In: I23c971f671546ac085060add89485cfac6691ca3 +Change-Id: I23c971f671546ac085060add89485cfac6691ca3 +--- + core/java/android/os/PersistableBundle.java | 37 +++++++ + core/java/android/os/UserManager.java | 23 +++- + .../app/ConfirmUserCreationActivity.java | 12 +++ + .../android/server/pm/UserManagerService.java | 29 ++--- + .../android/server/pm/UserManagerTest.java | 102 ++++++++++++++++++ + 5 files changed, 187 insertions(+), 16 deletions(-) + +diff --git a/core/java/android/os/PersistableBundle.java b/core/java/android/os/PersistableBundle.java +index 7c7e2137aa17..b2adb5eb434c 100644 +--- a/core/java/android/os/PersistableBundle.java ++++ b/core/java/android/os/PersistableBundle.java +@@ -275,6 +275,43 @@ public final class PersistableBundle extends BaseBundle implements Cloneable, Pa + XmlUtils.writeMapXml(mMap, out, this); + } + ++ /** ++ * Checks whether all keys and values are within the given character limit. ++ * Note: Maximum character limit of String that can be saved to XML as part of bundle is 65535. ++ * Otherwise IOException is thrown. ++ * @param limit length of String keys and values in the PersistableBundle, including nested ++ * PersistableBundles to check against. ++ * ++ * @hide ++ */ ++ public boolean isBundleContentsWithinLengthLimit(int limit) { ++ unparcel(); ++ if (mMap == null) { ++ return true; ++ } ++ for (int i = 0; i < mMap.size(); i++) { ++ if (mMap.keyAt(i) != null && mMap.keyAt(i).length() > limit) { ++ return false; ++ } ++ final Object value = mMap.valueAt(i); ++ if (value instanceof String && ((String) value).length() > limit) { ++ return false; ++ } else if (value instanceof String[]) { ++ String[] stringArray = (String[]) value; ++ for (int j = 0; j < stringArray.length; j++) { ++ if (stringArray[j] != null ++ && stringArray[j].length() > limit) { ++ return false; ++ } ++ } ++ } else if (value instanceof PersistableBundle ++ && !((PersistableBundle) value).isBundleContentsWithinLengthLimit(limit)) { ++ return false; ++ } ++ } ++ return true; ++ } ++ + /** @hide */ + static class MyReadMapCallback implements XmlUtils.ReadMapCallback { + @Override +diff --git a/core/java/android/os/UserManager.java b/core/java/android/os/UserManager.java +index 2465b0e41876..9606ce97a3b0 100644 +--- a/core/java/android/os/UserManager.java ++++ b/core/java/android/os/UserManager.java +@@ -91,6 +91,21 @@ public class UserManager { + private Boolean mIsManagedProfileCached; + private Boolean mIsProfileCached; + ++ /** Maximum length of username. ++ * @hide ++ */ ++ public static final int MAX_USER_NAME_LENGTH = 100; ++ ++ /** Maximum length of user property String value. ++ * @hide ++ */ ++ public static final int MAX_ACCOUNT_STRING_LENGTH = 500; ++ ++ /** Maximum length of account options String values. ++ * @hide ++ */ ++ public static final int MAX_ACCOUNT_OPTIONS_LENGTH = 1000; ++ + /** + * User type representing a {@link UserHandle#USER_SYSTEM system} user that is a human user. + * This type of user cannot be created; it can only pre-exist on first boot. +@@ -2974,15 +2989,15 @@ public class UserManager { + * time, the preferred user name and account information are used by the setup process for that + * user. + * +- * @param userName Optional name to assign to the user. ++ * @param userName Optional name to assign to the user. Character limit is 100. + * @param accountName Optional account name that will be used by the setup wizard to initialize +- * the user. ++ * the user. Character limit is 500. + * @param accountType Optional account type for the account to be created. This is required +- * if the account name is specified. ++ * if the account name is specified. Character limit is 500. + * @param accountOptions Optional bundle of data to be passed in during account creation in the + * new user via {@link AccountManager#addAccount(String, String, String[], + * Bundle, android.app.Activity, android.accounts.AccountManagerCallback, +- * Handler)}. ++ * Handler)}. Character limit is 1000. + * @return An Intent that can be launched from an Activity. + * @see #USER_CREATION_FAILED_NOT_PERMITTED + * @see #USER_CREATION_FAILED_NO_MORE_USERS +diff --git a/core/java/com/android/internal/app/ConfirmUserCreationActivity.java b/core/java/com/android/internal/app/ConfirmUserCreationActivity.java +index 03da9bc939ec..74dedc38a922 100644 +--- a/core/java/com/android/internal/app/ConfirmUserCreationActivity.java ++++ b/core/java/com/android/internal/app/ConfirmUserCreationActivity.java +@@ -110,6 +110,14 @@ public class ConfirmUserCreationActivity extends AlertActivity + if (cantCreateUser) { + setResult(UserManager.USER_CREATION_FAILED_NOT_PERMITTED); + return null; ++ } else if (!(isUserPropertyWithinLimit(mUserName, UserManager.MAX_USER_NAME_LENGTH) ++ && isUserPropertyWithinLimit(mAccountName, UserManager.MAX_ACCOUNT_STRING_LENGTH) ++ && isUserPropertyWithinLimit(mAccountType, UserManager.MAX_ACCOUNT_STRING_LENGTH)) ++ || (mAccountOptions != null && !mAccountOptions.isBundleContentsWithinLengthLimit( ++ UserManager.MAX_ACCOUNT_OPTIONS_LENGTH))) { ++ setResult(UserManager.USER_CREATION_FAILED_NOT_PERMITTED); ++ Log.i(TAG, "User properties must not exceed their character limits"); ++ return null; + } else if (cantCreateAnyMoreUsers) { + setResult(UserManager.USER_CREATION_FAILED_NO_MORE_USERS); + return null; +@@ -137,4 +145,8 @@ public class ConfirmUserCreationActivity extends AlertActivity + } + finish(); + } ++ ++ private boolean isUserPropertyWithinLimit(String property, int limit) { ++ return property == null || property.length() <= limit; ++ } + } +diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java +index 4a9d6f6ef5ff..88c4223d0925 100644 +--- a/services/core/java/com/android/server/pm/UserManagerService.java ++++ b/services/core/java/com/android/server/pm/UserManagerService.java +@@ -240,8 +240,6 @@ public class UserManagerService extends IUserManager.Stub { + + private static final int USER_VERSION = 9; + +- private static final int MAX_USER_STRING_LENGTH = 500; +- + private static final long EPOCH_PLUS_30_YEARS = 30L * 365 * 24 * 60 * 60 * 1000L; // ms + + static final int WRITE_USER_MSG = 1; +@@ -2938,16 +2936,18 @@ public class UserManagerService extends IUserManager.Stub { + if (userData.persistSeedData) { + if (userData.seedAccountName != null) { + serializer.attribute(null, ATTR_SEED_ACCOUNT_NAME, +- truncateString(userData.seedAccountName)); ++ truncateString(userData.seedAccountName, ++ UserManager.MAX_ACCOUNT_STRING_LENGTH)); + } + if (userData.seedAccountType != null) { + serializer.attribute(null, ATTR_SEED_ACCOUNT_TYPE, +- truncateString(userData.seedAccountType)); ++ truncateString(userData.seedAccountType, ++ UserManager.MAX_ACCOUNT_STRING_LENGTH)); + } + } + if (userInfo.name != null) { + serializer.startTag(null, TAG_NAME); +- serializer.text(truncateString(userInfo.name)); ++ serializer.text(truncateString(userInfo.name, UserManager.MAX_USER_NAME_LENGTH)); + serializer.endTag(null, TAG_NAME); + } + synchronized (mRestrictionsLock) { +@@ -2987,11 +2987,11 @@ public class UserManagerService extends IUserManager.Stub { + serializer.endDocument(); + } + +- private String truncateString(String original) { +- if (original == null || original.length() <= MAX_USER_STRING_LENGTH) { ++ private String truncateString(String original, int limit) { ++ if (original == null || original.length() <= limit) { + return original; + } +- return original.substring(0, MAX_USER_STRING_LENGTH); ++ return original.substring(0, limit); + } + + /* +@@ -3409,7 +3409,7 @@ public class UserManagerService extends IUserManager.Stub { + @NonNull String userType, @UserInfoFlag int flags, @UserIdInt int parentId, + boolean preCreate, @Nullable String[] disallowedPackages, + @NonNull TimingsTraceAndSlog t) throws UserManager.CheckedUserOperationException { +- String truncatedName = truncateString(name); ++ String truncatedName = truncateString(name, UserManager.MAX_USER_NAME_LENGTH); + final UserTypeDetails userTypeDetails = mUserTypes.get(userType); + if (userTypeDetails == null) { + Slog.e(LOG_TAG, "Cannot create user of invalid user type: " + userType); +@@ -4619,9 +4619,14 @@ public class UserManagerService extends IUserManager.Stub { + Slog.e(LOG_TAG, "No such user for settings seed data u=" + userId); + return; + } +- userData.seedAccountName = truncateString(accountName); +- userData.seedAccountType = truncateString(accountType); +- userData.seedAccountOptions = accountOptions; ++ userData.seedAccountName = truncateString(accountName, ++ UserManager.MAX_ACCOUNT_STRING_LENGTH); ++ userData.seedAccountType = truncateString(accountType, ++ UserManager.MAX_ACCOUNT_STRING_LENGTH); ++ if (accountOptions != null && accountOptions.isBundleContentsWithinLengthLimit( ++ UserManager.MAX_ACCOUNT_OPTIONS_LENGTH)) { ++ userData.seedAccountOptions = accountOptions; ++ } + userData.persistSeedData = persist; + } + if (persist) { +diff --git a/services/tests/servicestests/src/com/android/server/pm/UserManagerTest.java b/services/tests/servicestests/src/com/android/server/pm/UserManagerTest.java +index 44bb58f62253..e7bb3ef42136 100644 +--- a/services/tests/servicestests/src/com/android/server/pm/UserManagerTest.java ++++ b/services/tests/servicestests/src/com/android/server/pm/UserManagerTest.java +@@ -19,6 +19,7 @@ package com.android.server.pm; + import static com.google.common.truth.Truth.assertThat; + import static com.google.common.truth.Truth.assertWithMessage; + ++import static org.junit.Assert.assertTrue; + import static org.junit.Assert.fail; + import static org.junit.Assume.assumeTrue; + import static org.testng.Assert.assertThrows; +@@ -33,6 +34,7 @@ import android.content.pm.PackageManager; + import android.content.pm.UserInfo; + import android.content.res.Resources; + import android.os.Bundle; ++import android.os.PersistableBundle; + import android.os.UserHandle; + import android.os.UserManager; + import android.provider.Settings; +@@ -879,6 +881,106 @@ public final class UserManagerTest { + assertThat(userInfo.name).isEqualTo(newName); + } + ++ @Test ++ public void testAddUserAccountData_validStringValuesAreSaved_validBundleIsSaved() { ++ assumeManagedUsersSupported(); ++ ++ String userName = "User"; ++ String accountName = "accountName"; ++ String accountType = "accountType"; ++ String arrayKey = "StringArrayKey"; ++ String stringKey = "StringKey"; ++ String intKey = "IntKey"; ++ String nestedBundleKey = "PersistableBundleKey"; ++ String value1 = "Value 1"; ++ String value2 = "Value 2"; ++ String value3 = "Value 3"; ++ ++ UserInfo userInfo = mUserManager.createUser(userName, ++ UserManager.USER_TYPE_FULL_SECONDARY, 0); ++ ++ PersistableBundle accountOptions = new PersistableBundle(); ++ String[] stringArray = {value1, value2}; ++ accountOptions.putInt(intKey, 1234); ++ PersistableBundle nested = new PersistableBundle(); ++ nested.putString(stringKey, value3); ++ accountOptions.putPersistableBundle(nestedBundleKey, nested); ++ accountOptions.putStringArray(arrayKey, stringArray); ++ ++ mUserManager.clearSeedAccountData(); ++ mUserManager.setSeedAccountData(mContext.getUserId(), accountName, ++ accountType, accountOptions); ++ ++ //assert userName accountName and accountType were saved correctly ++ assertTrue(mUserManager.getUserInfo(userInfo.id).name.equals(userName)); ++ assertTrue(mUserManager.getSeedAccountName().equals(accountName)); ++ assertTrue(mUserManager.getSeedAccountType().equals(accountType)); ++ ++ //assert bundle with correct values was added ++ assertThat(mUserManager.getSeedAccountOptions().containsKey(arrayKey)).isTrue(); ++ assertThat(mUserManager.getSeedAccountOptions().getPersistableBundle(nestedBundleKey) ++ .getString(stringKey)).isEqualTo(value3); ++ assertThat(mUserManager.getSeedAccountOptions().getStringArray(arrayKey)[0]) ++ .isEqualTo(value1); ++ ++ mUserManager.removeUser(userInfo.id); ++ } ++ ++ @Test ++ public void testAddUserAccountData_invalidStringValuesAreTruncated_invalidBundleIsDropped() { ++ assumeManagedUsersSupported(); ++ ++ String tooLongString = generateLongString(); ++ String userName = "User " + tooLongString; ++ String accountType = "Account Type " + tooLongString; ++ String accountName = "accountName " + tooLongString; ++ String arrayKey = "StringArrayKey"; ++ String stringKey = "StringKey"; ++ String intKey = "IntKey"; ++ String nestedBundleKey = "PersistableBundleKey"; ++ String value1 = "Value 1"; ++ String value2 = "Value 2"; ++ ++ UserInfo userInfo = mUserManager.createUser(userName, ++ UserManager.USER_TYPE_FULL_SECONDARY, 0); ++ ++ PersistableBundle accountOptions = new PersistableBundle(); ++ String[] stringArray = {value1, value2}; ++ accountOptions.putInt(intKey, 1234); ++ PersistableBundle nested = new PersistableBundle(); ++ nested.putString(stringKey, tooLongString); ++ accountOptions.putPersistableBundle(nestedBundleKey, nested); ++ accountOptions.putStringArray(arrayKey, stringArray); ++ mUserManager.clearSeedAccountData(); ++ mUserManager.setSeedAccountData(mContext.getUserId(), accountName, ++ accountType, accountOptions); ++ ++ //assert userName was truncated ++ assertTrue(mUserManager.getUserInfo(userInfo.id).name.length() ++ == UserManager.MAX_USER_NAME_LENGTH); ++ ++ //assert accountName and accountType got truncated ++ assertTrue(mUserManager.getSeedAccountName().length() ++ == UserManager.MAX_ACCOUNT_STRING_LENGTH); ++ assertTrue(mUserManager.getSeedAccountType().length() ++ == UserManager.MAX_ACCOUNT_STRING_LENGTH); ++ ++ //assert bundle with invalid values was dropped ++ assertThat(mUserManager.getSeedAccountOptions() == null).isTrue(); ++ ++ mUserManager.removeUser(userInfo.id); ++ } ++ ++ private String generateLongString() { ++ String partialString = "Test Name Test Name Test Name Test Name Test Name Test Name Test " ++ + "Name Test Name Test Name Test Name "; //String of length 100 ++ StringBuilder resultString = new StringBuilder(); ++ for (int i = 0; i < 600; i++) { ++ resultString.append(partialString); ++ } ++ return resultString.toString(); ++ } ++ + private boolean isPackageInstalledForUser(String packageName, int userId) { + try { + return mPackageManager.getPackageInfoAsUser(packageName, 0, userId) != null; diff --git a/Scripts/LineageOS-18.1/Patch.sh b/Scripts/LineageOS-18.1/Patch.sh index 9c59e271..9d663452 100644 --- a/Scripts/LineageOS-18.1/Patch.sh +++ b/Scripts/LineageOS-18.1/Patch.sh @@ -96,7 +96,7 @@ sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aap awk -i inplace '!/updatable_apex.mk/' target/product/mainline_system.mk; #Disable APEX sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS) #sed -i 's/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := true/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := false/' core/product_config.mk; #broken by hardenDefconfig -sed -i 's/2024-02-05/2024-03-05/' core/version_defaults.mk; #Bump Security String #R_asb_2024-03 +sed -i 's/2024-02-05/2024-04-05/' core/version_defaults.mk; #Bump Security String #R_asb_2024-04 fi; if enterAndClear "build/soong"; then @@ -126,6 +126,8 @@ fi; if enterAndClear "frameworks/base"; then git revert --no-edit 438d9feacfcad73d3ee918541574132928a93644; #Reverts "Allow signature spoofing for microG Companion/Services" in favor of below patch +applyPatch "$DOS_PATCHES/android_frameworks_base/389013.patch"; #S_asb_2024-04 isUserInLockDown can be true when there are other strong auth requirements +applyPatch "$DOS_PATCHES/android_frameworks_base/389014-backport.patch"; #S_asb_2024-04 Fix security vulnerability that creates user with no restrictions when accountOptions are too long. applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch"; #Allow SystemUI to directly manage Bluetooth/WiFi (GrapheneOS)