mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-10-01 01:35:54 -04:00
Pull in n-asb-2023-04
Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
parent
2cc87c4dc7
commit
ed25b69f5f
@ -0,0 +1,30 @@
|
||||
From 86e2cbf8227fff2b020ba5ff858d054318044916 Mon Sep 17 00:00:00 2001
|
||||
From: Alisher Alikhodjaev <alisher@google.com>
|
||||
Date: Tue, 31 Jan 2023 19:04:09 -0800
|
||||
Subject: [PATCH] OOBW in nci_snd_set_routing_cmd()
|
||||
|
||||
Bug: 264879662
|
||||
Test: read a tag, nfc on/off
|
||||
Change-Id: I408cf611fb35e9467d7484165ce48759970b158a
|
||||
(cherry picked from commit 1dd4d2e1b481dd83ca2b222993fdb74ae5306c78)
|
||||
Merged-In: I408cf611fb35e9467d7484165ce48759970b158a
|
||||
---
|
||||
src/nfc/nci/nci_hmsgs.c | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/src/nfc/nci/nci_hmsgs.c b/src/nfc/nci/nci_hmsgs.c
|
||||
index af6ad5d..d7a96b4 100644
|
||||
--- a/src/nfc/nci/nci_hmsgs.c
|
||||
+++ b/src/nfc/nci/nci_hmsgs.c
|
||||
@@ -588,6 +588,11 @@ UINT8 nci_snd_set_routing_cmd (BOOLEAN more, UINT8 num_tlv, UINT8 tlv_size, UINT
|
||||
UINT8 *pp;
|
||||
UINT8 size = tlv_size + 2;
|
||||
|
||||
+ if (size < tlv_size)
|
||||
+ {
|
||||
+ return (NCI_STATUS_FAILED);
|
||||
+ }
|
||||
+
|
||||
if (tlv_size == 0)
|
||||
{
|
||||
/* just to terminate routing table
|
97
Patches/LineageOS-14.1/android_frameworks_base/353756.patch
Normal file
97
Patches/LineageOS-14.1/android_frameworks_base/353756.patch
Normal file
@ -0,0 +1,97 @@
|
||||
From 6dbd9ee40a5c13e8e4a5b1aca039bb6c00031501 Mon Sep 17 00:00:00 2001
|
||||
From: Jing Ji <jji@google.com>
|
||||
Date: Thu, 4 Aug 2022 11:36:26 -0700
|
||||
Subject: [PATCH] DO NOT MERGE: Context#startInstrumentation could be started
|
||||
from SHELL only now.
|
||||
|
||||
Or, if an instrumentation starts another instrumentation and so on,
|
||||
and the original instrumentation is started from SHELL, allow all
|
||||
Context#startInstrumentation calls in this chain.
|
||||
|
||||
Otherwise, it'll throw a SecurityException.
|
||||
|
||||
Bug: 237766679
|
||||
Test: atest CtsAppTestCases:InstrumentationTest
|
||||
Merged-In: Ia08f225c21a3933067d066a578ea4af9c23e7d4c
|
||||
Merged-In: I1b76f61c5fd6c9f7e738978592260945a606f40c
|
||||
Merged-In: I3ea7aa27bd776fec546908a37f667f680da9c892
|
||||
Change-Id: I7ca7345b064e8e74f7037b8fa3ed45bb6423e406
|
||||
(cherry picked from commit 8c90891a38ecb5047e115e13baf700a8b486a5d1)
|
||||
Merged-In: I7ca7345b064e8e74f7037b8fa3ed45bb6423e406
|
||||
---
|
||||
.../server/am/ActivityManagerService.java | 41 ++++++++++++++++++-
|
||||
1 file changed, 39 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
|
||||
index 4e48f422a2fe3..73ecd14090c99 100644
|
||||
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
|
||||
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
|
||||
@@ -4306,6 +4306,29 @@ public int getPackageProcessState(String packageName, String callingPackage) {
|
||||
return procState;
|
||||
}
|
||||
|
||||
+ @GuardedBy("this")
|
||||
+ private boolean hasActiveInstrumentationLocked(int pid) {
|
||||
+ if (pid == 0) {
|
||||
+ return false;
|
||||
+ }
|
||||
+ synchronized (mPidsSelfLocked) {
|
||||
+ ProcessRecord process = mPidsSelfLocked.get(pid);
|
||||
+ return process != null && process.instrumentationClass != null;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ private String getPackageNameByPid(int pid) {
|
||||
+ synchronized (mPidsSelfLocked) {
|
||||
+ final ProcessRecord app = mPidsSelfLocked.get(pid);
|
||||
+
|
||||
+ if (app != null && app.info != null) {
|
||||
+ return app.info.packageName;
|
||||
+ }
|
||||
+
|
||||
+ return null;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
private boolean isCallerShell() {
|
||||
final int callingUid = Binder.getCallingUid();
|
||||
return callingUid == Process.SHELL_UID || callingUid == Process.ROOT_UID;
|
||||
@@ -18947,7 +18970,9 @@ public boolean startInstrumentation(ComponentName className,
|
||||
IInstrumentationWatcher watcher, IUiAutomationConnection uiAutomationConnection,
|
||||
int userId, String abiOverride) {
|
||||
enforceNotIsolatedCaller("startInstrumentation");
|
||||
- userId = mUserController.handleIncomingUser(Binder.getCallingPid(), Binder.getCallingUid(),
|
||||
+ final int callingUid = Binder.getCallingUid();
|
||||
+ final int callingPid = Binder.getCallingPid();
|
||||
+ userId = mUserController.handleIncomingUser(callingPid, callingUid,
|
||||
userId, false, ALLOW_FULL_ONLY, "startInstrumentation", null);
|
||||
// Refuse possible leaked file descriptors
|
||||
if (arguments != null && arguments.hasFileDescriptors()) {
|
||||
@@ -18987,7 +19012,7 @@ public boolean startInstrumentation(ComponentName className,
|
||||
String msg = "Permission Denial: starting instrumentation "
|
||||
+ className + " from pid="
|
||||
+ Binder.getCallingPid()
|
||||
- + ", uid=" + Binder.getCallingPid()
|
||||
+ + ", uid=" + Binder.getCallingUid()
|
||||
+ " not allowed because package " + ii.packageName
|
||||
+ " does not have a signature matching the target "
|
||||
+ ii.targetPackage;
|
||||
@@ -18995,6 +19020,18 @@ public boolean startInstrumentation(ComponentName className,
|
||||
throw new SecurityException(msg);
|
||||
}
|
||||
|
||||
+ if (!Build.IS_DEBUGGABLE && callingUid != Process.ROOT_UID && callingUid != Process.SHELL_UID
|
||||
+ && callingUid != Process.SYSTEM_UID && !hasActiveInstrumentationLocked(callingPid)) {
|
||||
+ // If it's not debug build and not called from root/shell/system uid, reject it.
|
||||
+ final String msg = "Permission Denial: instrumentation test "
|
||||
+ + className + " from pid=" + callingPid + ", uid=" + callingUid
|
||||
+ + ", pkgName=" + getPackageNameByPid(callingPid)
|
||||
+ + " not allowed because it's not started from SHELL";
|
||||
+ Slog.wtfQuiet(TAG, msg);
|
||||
+ reportStartInstrumentationFailureLocked(watcher, className, msg);
|
||||
+ throw new SecurityException(msg);
|
||||
+ }
|
||||
+
|
||||
final long origId = Binder.clearCallingIdentity();
|
||||
// Instrumentation can kill and relaunch even persistent processes
|
||||
forceStopPackageLocked(ii.targetPackage, -1, true, false, true, true, false, userId,
|
33
Patches/LineageOS-14.1/android_frameworks_base/353757.patch
Normal file
33
Patches/LineageOS-14.1/android_frameworks_base/353757.patch
Normal file
@ -0,0 +1,33 @@
|
||||
From 1168540ec2ed0fa57c19f5a5033c6fd7cbf74a25 Mon Sep 17 00:00:00 2001
|
||||
From: Kunal Malhotra <malhk@google.com>
|
||||
Date: Mon, 7 Nov 2022 23:33:55 +0000
|
||||
Subject: [PATCH] Checking if package belongs to UID before registering
|
||||
broadcast receiver
|
||||
|
||||
Test: manual testing done on device by installing test APK and checking if receiver can register
|
||||
Bug: 242040055
|
||||
Change-Id: Ia525f218a46f8bf7fff660cec0d6432f09fdf24d
|
||||
Merged-In: Ia525f218a46f8bf7fff660cec0d6432f09fdf24d
|
||||
(cherry picked from commit 790a8d0dd329460bc60456681cb446accf2a27e0)
|
||||
(cherry picked from commit 4f0dc37b896e06086391e71ce471e413215e1130)
|
||||
Merged-In: Ia525f218a46f8bf7fff660cec0d6432f09fdf24d
|
||||
---
|
||||
services/core/java/com/android/server/am/ActiveServices.java | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/services/core/java/com/android/server/am/ActiveServices.java b/services/core/java/com/android/server/am/ActiveServices.java
|
||||
index c38dad9125de5..cb3fb9f5abbe0 100755
|
||||
--- a/services/core/java/com/android/server/am/ActiveServices.java
|
||||
+++ b/services/core/java/com/android/server/am/ActiveServices.java
|
||||
@@ -1326,6 +1326,11 @@ private ServiceLookupResult retrieveServiceLocked(Intent service,
|
||||
throw new SecurityException("BIND_EXTERNAL_SERVICE failed, " + name +
|
||||
" is not an isolatedProcess");
|
||||
}
|
||||
+ if (AppGlobals.getPackageManager().getPackageUid(callingPackage,
|
||||
+ 0, userId) != callingUid) {
|
||||
+ throw new SecurityException("BIND_EXTERNAL_SERVICE failed, "
|
||||
+ + "calling package not owned by calling UID ");
|
||||
+ }
|
||||
// Run the service under the calling package's application.
|
||||
ApplicationInfo aInfo = AppGlobals.getPackageManager().getApplicationInfo(
|
||||
callingPackage, ActivityManagerService.STOCK_PM_FLAGS, userId);
|
71
Patches/LineageOS-14.1/android_frameworks_base/353758.patch
Normal file
71
Patches/LineageOS-14.1/android_frameworks_base/353758.patch
Normal file
@ -0,0 +1,71 @@
|
||||
From c7267fd43b5a9aa80f218fb5c09385269925b073 Mon Sep 17 00:00:00 2001
|
||||
From: Hao Ke <haok@google.com>
|
||||
Date: Mon, 12 Dec 2022 15:49:16 +0000
|
||||
Subject: [PATCH] Fix checkKeyIntentParceledCorrectly's bypass
|
||||
|
||||
The checkKeyIntentParceledCorrectly method was added in checkKeyIntent, which was originaly only invoked when AccountManagerService deserializes the KEY_INTENT value as not NULL. However, due to the self-changing bundle technique in Parcel mismatch problems, the Intent value can change after reparceling; hence would bypass the added checkKeyIntentParceledCorrectly call.
|
||||
|
||||
This CL did the following:
|
||||
|
||||
- Ensure the checkKeyIntent method is also called when result.getParcelable(AccountManager.KEY_INTENT) == null.
|
||||
|
||||
Bug: 260567867
|
||||
Bug: 262230405
|
||||
Test: local test, see b/262230405
|
||||
Test: atest CtsAccountManagerTestCases
|
||||
Merged-In: I7b528f52c41767ae12731838fdd36aa26a8f3477
|
||||
Change-Id: I7b528f52c41767ae12731838fdd36aa26a8f3477
|
||||
(cherry picked from commit 9f623983a8d4ec48d58b0eda56fa461fc6748981)
|
||||
Merged-In: I7b528f52c41767ae12731838fdd36aa26a8f3477
|
||||
---
|
||||
.../server/accounts/AccountManagerService.java | 15 +++++++++------
|
||||
1 file changed, 9 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java
|
||||
index 1692367c70a1..9aef2cc347d2 100644
|
||||
--- a/services/core/java/com/android/server/accounts/AccountManagerService.java
|
||||
+++ b/services/core/java/com/android/server/accounts/AccountManagerService.java
|
||||
@@ -2936,8 +2936,7 @@ public void onResult(Bundle result) {
|
||||
Bundle.setDefusable(result, true);
|
||||
mNumResults++;
|
||||
Intent intent = null;
|
||||
- if (result != null
|
||||
- && (intent = result.getParcelable(AccountManager.KEY_INTENT)) != null) {
|
||||
+ if (result != null) {
|
||||
if (!checkKeyIntent(
|
||||
Binder.getCallingUid(),
|
||||
result)) {
|
||||
@@ -4215,8 +4214,10 @@ protected boolean checkKeyIntent(int authUid, Bundle bundle) {
|
||||
EventLog.writeEvent(0x534e4554, "250588548", authUid, "");
|
||||
return false;
|
||||
}
|
||||
-
|
||||
Intent intent = bundle.getParcelable(AccountManager.KEY_INTENT);
|
||||
+ if (intent == null) {
|
||||
+ return true;
|
||||
+ }
|
||||
// Explicitly set an empty ClipData to ensure that we don't offer to
|
||||
// promote any Uris contained inside for granting purposes
|
||||
if (intent.getClipData() == null) {
|
||||
@@ -4265,7 +4266,10 @@ private boolean checkKeyIntentParceledCorrectly(Bundle bundle) {
|
||||
p.recycle();
|
||||
Intent intent = bundle.getParcelable(AccountManager.KEY_INTENT);
|
||||
Intent simulateIntent = simulateBundle.getParcelable(AccountManager.KEY_INTENT);
|
||||
- return (intent.filterEquals(simulateIntent));
|
||||
+ if (intent == null) {
|
||||
+ return (simulateIntent == null);
|
||||
+ }
|
||||
+ return intent.filterEquals(simulateIntent);
|
||||
}
|
||||
|
||||
private void close() {
|
||||
@@ -4409,8 +4413,7 @@ public void onResult(Bundle result) {
|
||||
}
|
||||
}
|
||||
}
|
||||
- if (result != null
|
||||
- && (intent = result.getParcelable(AccountManager.KEY_INTENT)) != null) {
|
||||
+ if (result != null) {
|
||||
if (!checkKeyIntent(
|
||||
Binder.getCallingUid(),
|
||||
result)) {
|
34
Patches/LineageOS-14.1/android_frameworks_base/353759.patch
Normal file
34
Patches/LineageOS-14.1/android_frameworks_base/353759.patch
Normal file
@ -0,0 +1,34 @@
|
||||
From ff21c932b70b820c32a3a5331128a85e382f9885 Mon Sep 17 00:00:00 2001
|
||||
From: Winson Chiu <chiuwinson@google.com>
|
||||
Date: Fri, 6 Jan 2023 21:26:24 +0000
|
||||
Subject: [PATCH] Encode Intent scheme when serializing to URI string RESTRICT
|
||||
AUTOMERGE
|
||||
|
||||
Avoids deserialization error when the scheme contains a
|
||||
reserved character.
|
||||
|
||||
Bug: 261858325
|
||||
|
||||
Test: atest android.content.cts.IntentTest#testEncoding
|
||||
|
||||
Merged-In: Ic34b3f796b762763db5aa7b5d7c109ae70607470
|
||||
Change-Id: Ic34b3f796b762763db5aa7b5d7c109ae70607470
|
||||
(cherry picked from commit 43437b4ee6424933d4e403f0375ef8c1f07986f4)
|
||||
Merged-In: Ic34b3f796b762763db5aa7b5d7c109ae70607470
|
||||
---
|
||||
core/java/android/content/Intent.java | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/core/java/android/content/Intent.java b/core/java/android/content/Intent.java
|
||||
index 2142aae2ec74a..0059f9edb6e15 100644
|
||||
--- a/core/java/android/content/Intent.java
|
||||
+++ b/core/java/android/content/Intent.java
|
||||
@@ -8602,7 +8602,7 @@ private void toUriFragment(StringBuilder uri, String scheme, String defAction,
|
||||
private void toUriInner(StringBuilder uri, String scheme, String defAction,
|
||||
String defPackage, int flags) {
|
||||
if (scheme != null) {
|
||||
- uri.append("scheme=").append(scheme).append(';');
|
||||
+ uri.append("scheme=").append(Uri.encode(scheme)).append(';');
|
||||
}
|
||||
if (mAction != null && !mAction.equals(defAction)) {
|
||||
uri.append("action=").append(Uri.encode(mAction)).append(';');
|
53
Patches/LineageOS-14.1/android_system_bt/353754.patch
Normal file
53
Patches/LineageOS-14.1/android_system_bt/353754.patch
Normal file
@ -0,0 +1,53 @@
|
||||
From cb6a14a070dbaf85a8fb0db89531aef3e091711b Mon Sep 17 00:00:00 2001
|
||||
From: Cheney Ni <cheneyni@google.com>
|
||||
Date: Fri, 1 Oct 2021 20:44:20 +0800
|
||||
Subject: [PATCH] AVDTP: Fix a potential overflow about the media payload
|
||||
offset
|
||||
|
||||
This variable is uint16, and is possible to overflow when the length of
|
||||
header extension is larger. Here we compare with the data length to
|
||||
prevent any exceptions.
|
||||
|
||||
Bug: 142546355
|
||||
Tag: #security
|
||||
Test: A2DP sink playback
|
||||
Ignore-AOSP-First: security vulnerabilities
|
||||
Change-Id: Id13b1ebde8f603123c8b7a49922b2f1378ab788f
|
||||
---
|
||||
stack/avdt/avdt_scb_act.c | 13 ++++++++++---
|
||||
1 file changed, 10 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/stack/avdt/avdt_scb_act.c b/stack/avdt/avdt_scb_act.c
|
||||
index d7cf791ccf..6b6d708f77 100644
|
||||
--- a/stack/avdt/avdt_scb_act.c
|
||||
+++ b/stack/avdt/avdt_scb_act.c
|
||||
@@ -291,19 +291,26 @@ void avdt_scb_hdl_pkt_no_frag(tAVDT_SCB *p_scb, tAVDT_SCB_EVT *p_data)
|
||||
if (offset > len) goto length_error;
|
||||
p += 2;
|
||||
BE_STREAM_TO_UINT16(ex_len, p);
|
||||
- offset += ex_len * 4;
|
||||
p += ex_len * 4;
|
||||
}
|
||||
|
||||
+ if ((p - p_start) > len)
|
||||
+ {
|
||||
+ android_errorWriteLog(0x534e4554, "142546355");
|
||||
+ osi_free_and_reset((void **)&p_data->p_pkt);
|
||||
+ return;
|
||||
+ }
|
||||
+ offset = p - p_start;
|
||||
+
|
||||
/* adjust length for any padding at end of packet */
|
||||
if (o_p)
|
||||
{
|
||||
/* padding length in last byte of packet */
|
||||
- pad_len = *(p_start + p_data->p_pkt->len);
|
||||
+ pad_len = *(p_start + len);
|
||||
}
|
||||
|
||||
/* do sanity check */
|
||||
- if ((offset > p_data->p_pkt->len) || ((pad_len + offset) > p_data->p_pkt->len))
|
||||
+ if (pad_len > (len - offset))
|
||||
{
|
||||
AVDT_TRACE_WARNING("Got bad media packet");
|
||||
osi_free_and_reset((void **)&p_data->p_pkt);
|
36
Patches/LineageOS-14.1/android_system_bt/353755.patch
Normal file
36
Patches/LineageOS-14.1/android_system_bt/353755.patch
Normal file
@ -0,0 +1,36 @@
|
||||
From 1f57f8785858f189bf3aa005f4e0cb92388d5d2c Mon Sep 17 00:00:00 2001
|
||||
From: Hui Peng <phui@google.com>
|
||||
Date: Fri, 20 Jan 2023 19:39:30 +0000
|
||||
Subject: [PATCH] Fix an OOB bug in register_notification_rsp
|
||||
|
||||
This is a backport of I901d973a736678d7f3cc816ddf0cbbcbbd1fe93f
|
||||
to rvc-dev.
|
||||
|
||||
Bug: 245916076
|
||||
Test: manual
|
||||
Ignore-AOSP-First: security
|
||||
Change-Id: I37a9f45e707702b2ec52b5a2d572f177f2911765
|
||||
(cherry picked from commit 901e34203c6280d414cbfa3978de04fd6515ffdf)
|
||||
Merged-In: I37a9f45e707702b2ec52b5a2d572f177f2911765
|
||||
---
|
||||
btif/src/btif_rc.c | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/btif/src/btif_rc.c b/btif/src/btif_rc.c
|
||||
index 632ec9c33d..b42df67b11 100644
|
||||
--- a/btif/src/btif_rc.c
|
||||
+++ b/btif/src/btif_rc.c
|
||||
@@ -3170,6 +3170,13 @@ static bt_status_t register_notification_rsp(btrc_event_id_t event_id,
|
||||
BTIF_TRACE_ERROR("Avrcp Event id not registered: event_id = %x", event_id);
|
||||
return BT_STATUS_NOT_READY;
|
||||
}
|
||||
+
|
||||
+ if (event_id > MAX_RC_NOTIFICATIONS)
|
||||
+ {
|
||||
+ BTIF_TRACE_ERROR("Invalid event id");
|
||||
+ return BT_STATUS_PARM_INVALID;
|
||||
+ }
|
||||
+
|
||||
memset(&(avrc_rsp.reg_notif), 0, sizeof(tAVRC_REG_NOTIF_RSP));
|
||||
avrc_rsp.reg_notif.event_id = event_id;
|
||||
|
@ -76,7 +76,7 @@ sed -i '50i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aap
|
||||
sed -i '296iLOCAL_AAPT_FLAGS += --auto-add-overlay' core/package_internal.mk;
|
||||
awk -i inplace '!/Email/' target/product/core.mk; #Remove Email
|
||||
awk -i inplace '!/Exchange2/' target/product/core.mk;
|
||||
sed -i 's/2021-06-05/2023-03-05/' core/version_defaults.mk; #Bump Security String #n-asb-2023-03 #XXX
|
||||
sed -i 's/2021-06-05/2023-04-05/' core/version_defaults.mk; #Bump Security String #n-asb-2023-04 #XXX
|
||||
fi;
|
||||
|
||||
if enterAndClear "device/qcom/sepolicy"; then
|
||||
@ -115,6 +115,7 @@ applyPatch "$DOS_PATCHES/android_external_libnfc-nci/332459.patch"; #n-asb-2022-
|
||||
applyPatch "$DOS_PATCHES/android_external_libnfc-nci/332460.patch"; #n-asb-2022-06 Double Free in ce_t4t_data_cback
|
||||
applyPatch "$DOS_PATCHES/android_external_libnfc-nci/341071.patch"; #n-asb-2022-10 The length of a packet should be non-zero
|
||||
applyPatch "$DOS_PATCHES/android_external_libnfc-nci/343955.patch"; #n-asb-2022-11 OOBW in phNxpNciHal_write_unlocked()
|
||||
applyPatch "$DOS_PATCHES/android_external_libnfc-nci/353760.patch"; #n-asb-2023-04 OOBW in nci_snd_set_routing_cmd()
|
||||
fi;
|
||||
|
||||
if enterAndClear "external/sonivox"; then
|
||||
@ -183,6 +184,10 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/346951.patch"; #n-asb-2023-01 F
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/348650.patch"; #n-asb-2023-02 Correct the behavior of ACTION_PACKAGE_DATA_CLEARED
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/348651.patch"; #n-asb-2023-02 Convert argument to intent in ChooseTypeAndAccountActivity
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/352086.patch"; #n-asb-2023-03 Revoke dev perm if app is upgrading to post 23 and perm has pre23 flag
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/353756.patch"; #n-asb-2023-04 Context#startInstrumentation could be started from SHELL only now.
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/353757.patch"; #n-asb-2023-04 Checking if package belongs to UID before registering broadcast receiver
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/353758.patch"; #n-asb-2023-04 Fix checkKeyIntentParceledCorrectly's bypass
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/353759.patch"; #n-asb-2023-04 Encode Intent scheme when serializing to URI string
|
||||
git revert --no-edit 0326bb5e41219cf502727c3aa44ebf2daa19a5b3; #Re-enable doze on devices without gms
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/248599.patch"; #Make SET_TIME_ZONE permission match SET_TIME (AOSP)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0001-Reduced_Resolution.patch"; #Allow reducing resolution to save power TODO: Add 800x480 (DivestOS)
|
||||
@ -435,6 +440,8 @@ applyPatch "$DOS_PATCHES/android_system_bt/348654.patch"; #n-asb-2023-02 Add bou
|
||||
applyPatch "$DOS_PATCHES/android_system_bt/351105.patch"; #n-asb-2023-03 Fix an OOB Write bug in gatt_check_write_long_terminate
|
||||
applyPatch "$DOS_PATCHES/android_system_bt/351106.patch"; #n-asb-2023-03 Fix an OOB write in SDP_AddAttribute
|
||||
applyPatch "$DOS_PATCHES/android_system_bt/351109.patch"; #n-asb-2023-03 AVRCP: Fix potential buffer overflow
|
||||
applyPatch "$DOS_PATCHES/android_system_bt/353754.patch"; #n-asb-2023-04 AVDTP: Fix a potential overflow about the media payload offset
|
||||
applyPatch "$DOS_PATCHES/android_system_bt/353755.patch"; #n-asb-2023-04 Fix an OOB bug in register_notification_rsp
|
||||
applyPatch "$DOS_PATCHES/android_system_bt/229574.patch"; #bt-sbc-hd-dualchannel-nougat: Increase maximum Bluetooth SBC codec bitrate for SBC HD (ValdikSS)
|
||||
applyPatch "$DOS_PATCHES/android_system_bt/229575.patch"; #bt-sbc-hd-dualchannel-nougat: Explicit SBC Dual Channel (SBC HD) support (ValdikSS)
|
||||
applyPatch "$DOS_PATCHES/android_system_bt/242134.patch"; #avrc_bld_get_attrs_rsp - fix attribute length position off by one (cprhokie)
|
||||
|
Loading…
Reference in New Issue
Block a user