Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
Tad 2023-01-06 03:18:57 -05:00
parent 3ac41a1918
commit efa31534a9
No known key found for this signature in database
GPG Key ID: B286E9F57A07424B
25 changed files with 526 additions and 28 deletions

View File

@ -0,0 +1,86 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Yuri Lin <yurilin@google.com>
Date: Tue, 13 Sep 2022 12:53:19 -0400
Subject: [PATCH] Limit lengths of fields in Condition to a max length.
This app-generated input needs to not be too long to avoid errors in the process of writing to disk.
Bug: 242846316
Test: cts ConditionTest; atest ConditionTest; manually verified exploit apk is OK
Change-Id: Ic2fa8f06cc7a4c1f262115764fbd1be2a226b4b9
Merged-In: Ic2fa8f06cc7a4c1f262115764fbd1be2a226b4b9
(cherry picked from commit 81352c3775949c622441e10b468766441e35edc7)
(cherry picked from commit 5cb217fff3bc7184bd776a9dc2991e7fce5e25bd)
Merged-In: Ic2fa8f06cc7a4c1f262115764fbd1be2a226b4b9
---
.../service/notification/Condition.java | 38 +++++++++++++++++--
1 file changed, 34 insertions(+), 4 deletions(-)
diff --git a/core/java/android/service/notification/Condition.java b/core/java/android/service/notification/Condition.java
index 447afe62fd1a..5f65d401600a 100644
--- a/core/java/android/service/notification/Condition.java
+++ b/core/java/android/service/notification/Condition.java
@@ -94,6 +94,12 @@ public final class Condition implements Parcelable {
@SystemApi
public final int icon;
+ /**
+ * The maximum string length for any string contained in this condition.
+ * @hide
+ */
+ public static final int MAX_STRING_LENGTH = 1000;
+
/**
* An object representing the current state of a {@link android.app.AutomaticZenRule}.
* @param id the {@link android.app.AutomaticZenRule#getConditionId()} of the zen rule
@@ -109,16 +115,19 @@ public final class Condition implements Parcelable {
if (id == null) throw new IllegalArgumentException("id is required");
if (summary == null) throw new IllegalArgumentException("summary is required");
if (!isValidState(state)) throw new IllegalArgumentException("state is invalid: " + state);
- this.id = id;
- this.summary = summary;
- this.line1 = line1;
- this.line2 = line2;
+ this.id = getTrimmedUri(id);
+ this.summary = getTrimmedString(summary);
+ this.line1 = getTrimmedString(line1);
+ this.line2 = getTrimmedString(line2);
this.icon = icon;
this.state = state;
this.flags = flags;
}
public Condition(Parcel source) {
+ // This constructor passes all fields directly into the constructor that takes all the
+ // fields as arguments; that constructor will trim each of the input strings to
+ // max length if necessary.
this((Uri)source.readParcelable(Condition.class.getClassLoader()),
source.readString(),
source.readString(),
@@ -234,4 +243,25 @@ public final class Condition implements Parcelable {
return new Condition[size];
}
};
+
+ /**
+ * Returns a truncated copy of the string if the string is longer than MAX_STRING_LENGTH.
+ */
+ private static String getTrimmedString(String input) {
+ if (input != null && input.length() > MAX_STRING_LENGTH) {
+ return input.substring(0, MAX_STRING_LENGTH);
+ }
+ return input;
+ }
+
+ /**
+ * Returns a truncated copy of the Uri by trimming the string representation to the maximum
+ * string length.
+ */
+ private static Uri getTrimmedUri(Uri input) {
+ if (input != null && input.toString().length() > MAX_STRING_LENGTH) {
+ return Uri.parse(getTrimmedString(input.toString()));
+ }
+ return input;
+ }
}

View File

@ -0,0 +1,68 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Daniel Norman <danielnorman@google.com>
Date: Wed, 5 Oct 2022 16:28:20 -0700
Subject: [PATCH] RESTRICT AUTOMERGE Disable all A11yServices from an
uninstalled package.
Previous logic would exit the loop after removing the first service
matching the uninstalled package.
Bug: 243378132
Test: atest AccessibilityEndToEndTest
Test: m sts;
sts-tradefed run sts-dynamic-develop -m \
CtsAccessibilityServiceTestCases
Change-Id: I4ba30345d8600674ee8a9ea3ff411aecbf3655a3
(cherry picked from commit 37966299859153377e61a6a97b036388d231c2d0)
Merged-In: I4ba30345d8600674ee8a9ea3ff411aecbf3655a3
---
.../AccessibilityManagerService.java | 30 ++++++++++---------
1 file changed, 16 insertions(+), 14 deletions(-)
diff --git a/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java b/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java
index 34ccb7b82c87..718e30a43337 100644
--- a/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java
+++ b/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java
@@ -314,26 +314,28 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub {
}
UserState userState = getUserStateLocked(userId);
Iterator<ComponentName> it = userState.mEnabledServices.iterator();
+ boolean anyServiceRemoved = false;
while (it.hasNext()) {
ComponentName comp = it.next();
String compPkg = comp.getPackageName();
if (compPkg.equals(packageName)) {
it.remove();
- // Update the enabled services setting.
- persistComponentNamesToSettingLocked(
- Settings.Secure.ENABLED_ACCESSIBILITY_SERVICES,
- userState.mEnabledServices, userId);
- // Update the touch exploration granted services setting.
userState.mTouchExplorationGrantedServices.remove(comp);
- persistComponentNamesToSettingLocked(
- Settings.Secure.
- TOUCH_EXPLORATION_GRANTED_ACCESSIBILITY_SERVICES,
- userState.mTouchExplorationGrantedServices, userId);
- // We will update when the automation service dies.
- if (!userState.isUiAutomationSuppressingOtherServices()) {
- onUserStateChangedLocked(userState);
- }
- return;
+ anyServiceRemoved = true;
+ }
+ }
+ if (anyServiceRemoved) {
+ // Update the enabled services setting.
+ persistComponentNamesToSettingLocked(
+ Settings.Secure.ENABLED_ACCESSIBILITY_SERVICES,
+ userState.mEnabledServices, userId);
+ // Update the touch exploration granted services setting.
+ persistComponentNamesToSettingLocked(
+ Settings.Secure.TOUCH_EXPLORATION_GRANTED_ACCESSIBILITY_SERVICES,
+ userState.mTouchExplorationGrantedServices, userId);
+ // We will update when the automation service dies.
+ if (!userState.isUiAutomationSuppressingOtherServices()) {
+ onUserStateChangedLocked(userState);
}
}
}

View File

@ -0,0 +1,122 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Yuri Lin <yurilin@google.com>
Date: Mon, 29 Aug 2022 17:40:14 -0400
Subject: [PATCH] Trim any long string inputs that come in to AutomaticZenRule
This change both prevents any rules from being unable to be written to disk and also avoids risk of running out of memory while handling all the zen rules.
Bug: 242703460
Bug: 242703505
Bug: 242703780
Bug: 242704043
Bug: 243794204
Test: cts AutomaticZenRuleTest; atest android.app.AutomaticZenRuleTest; manually confirmed each exploit example either saves the rule successfully with a truncated string (in the case of name & conditionId) or may fail to save the rule at all (if the owner/configactivity is invalid). Additionally ran the memory-exhausting PoC without device crashes.
Change-Id: I110172a43f28528dd274b3b346eb29c3796ff2c6
Merged-In: I110172a43f28528dd274b3b346eb29c3796ff2c6
(cherry picked from commit de172ba0d434c940be9e2aad8685719731ab7da2)
(cherry picked from commit c4b2c877ec28e2473104d9fcdcf321bd81da881b)
Merged-In: I110172a43f28528dd274b3b346eb29c3796ff2c6
---
core/java/android/app/AutomaticZenRule.java | 52 ++++++++++++++++++---
1 file changed, 45 insertions(+), 7 deletions(-)
diff --git a/core/java/android/app/AutomaticZenRule.java b/core/java/android/app/AutomaticZenRule.java
index cd4ace669b6c..c152b6b438ef 100644
--- a/core/java/android/app/AutomaticZenRule.java
+++ b/core/java/android/app/AutomaticZenRule.java
@@ -36,6 +36,13 @@ public final class AutomaticZenRule implements Parcelable {
private ComponentName owner;
private long creationTime;
+ /**
+ * The maximum string length for any string contained in this automatic zen rule. This pertains
+ * both to fields in the rule itself (such as its name) and items with sub-fields.
+ * @hide
+ */
+ public static final int MAX_STRING_LENGTH = 1000;
+
/**
* Creates an automatic zen rule.
*
@@ -50,9 +57,9 @@ public final class AutomaticZenRule implements Parcelable {
*/
public AutomaticZenRule(String name, ComponentName owner, Uri conditionId,
int interruptionFilter, boolean enabled) {
- this.name = name;
- this.owner = owner;
- this.conditionId = conditionId;
+ this.name = getTrimmedString(name);
+ this.owner = getTrimmedComponentName(owner);
+ this.conditionId = getTrimmedUri(conditionId);
this.interruptionFilter = interruptionFilter;
this.enabled = enabled;
}
@@ -70,11 +77,11 @@ public final class AutomaticZenRule implements Parcelable {
public AutomaticZenRule(Parcel source) {
enabled = source.readInt() == 1;
if (source.readInt() == 1) {
- name = source.readString();
+ name = getTrimmedString(source.readString());
}
interruptionFilter = source.readInt();
conditionId = source.readParcelable(null);
- owner = source.readParcelable(null);
+ owner = getTrimmedComponentName(source.readParcelable(null));
creationTime = source.readLong();
}
@@ -124,7 +131,7 @@ public final class AutomaticZenRule implements Parcelable {
* Sets the representation of the state that causes this rule to become active.
*/
public void setConditionId(Uri conditionId) {
- this.conditionId = conditionId;
+ this.conditionId = getTrimmedUri(conditionId);
}
/**
@@ -139,7 +146,7 @@ public final class AutomaticZenRule implements Parcelable {
* Sets the name of this rule.
*/
public void setName(String name) {
- this.name = name;
+ this.name = getTrimmedString(name);
}
/**
@@ -210,4 +217,35 @@ public final class AutomaticZenRule implements Parcelable {
return new AutomaticZenRule[size];
}
};
+
+ /**
+ * If the package or class name of the provided ComponentName are longer than MAX_STRING_LENGTH,
+ * return a trimmed version that truncates each of the package and class name at the max length.
+ */
+ private static ComponentName getTrimmedComponentName(ComponentName cn) {
+ if (cn == null) return null;
+ return new ComponentName(getTrimmedString(cn.getPackageName()),
+ getTrimmedString(cn.getClassName()));
+ }
+
+ /**
+ * Returns a truncated copy of the string if the string is longer than MAX_STRING_LENGTH.
+ */
+ private static String getTrimmedString(String input) {
+ if (input != null && input.length() > MAX_STRING_LENGTH) {
+ return input.substring(0, MAX_STRING_LENGTH);
+ }
+ return input;
+ }
+
+ /**
+ * Returns a truncated copy of the Uri by trimming the string representation to the maximum
+ * string length.
+ */
+ private static Uri getTrimmedUri(Uri input) {
+ if (input != null && input.toString().length() > MAX_STRING_LENGTH) {
+ return Uri.parse(getTrimmedString(input.toString()));
+ }
+ return input;
+ }
}

View File

@ -0,0 +1,35 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Yuri Lin <yurilin@google.com>
Date: Wed, 12 Oct 2022 14:27:46 +0000
Subject: [PATCH] Fix conditionId string trimming in AutomaticZenRule
This change only applies to S branches and earlier.
Bug: 253085433
Bug: 242703460
Bug: 242703505
Bug: 242703780
Bug: 242704043
Bug: 243794204
Test: AutomaticZenRuleTest
Change-Id: Iae423d93b777df8946ecf1c3baf640fcf74990ec
Merged-In: Iae423d93b777df8946ecf1c3baf640fcf74990ec
(cherry picked from commit 303f6bde896877793370c1697fa8c8331b808e56)
Merged-In: Iae423d93b777df8946ecf1c3baf640fcf74990ec
---
core/java/android/app/AutomaticZenRule.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/core/java/android/app/AutomaticZenRule.java b/core/java/android/app/AutomaticZenRule.java
index c152b6b438ef..ba77d891553b 100644
--- a/core/java/android/app/AutomaticZenRule.java
+++ b/core/java/android/app/AutomaticZenRule.java
@@ -80,7 +80,7 @@ public final class AutomaticZenRule implements Parcelable {
name = getTrimmedString(source.readString());
}
interruptionFilter = source.readInt();
- conditionId = source.readParcelable(null);
+ conditionId = getTrimmedUri(source.readParcelable(null));
owner = getTrimmedComponentName(source.readParcelable(null));
creationTime = source.readLong();
}

View File

@ -0,0 +1,31 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Alisher Alikhodjaev <alisher@google.com>
Date: Wed, 26 Oct 2022 14:03:48 -0700
Subject: [PATCH] DO NOT MERGE OOBW in Mfc_Transceive()
Bug: 241387741
Test: build ok
Change-Id: Idf45b940ac21eeb4cf09c222988bfce22b0bef55
(cherry picked from commit f5f24d0ea2bcc33f18915c4c7369f803c45e53b0)
Merged-In: Idf45b940ac21eeb4cf09c222988bfce22b0bef55
---
nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.c b/nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.c
index 0ee2314d..6c24bf83 100755
--- a/nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.c
+++ b/nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.c
@@ -1074,6 +1074,12 @@ NFCSTATUS Mfc_Transceive(uint8_t *p_data, uint32_t len)
return status;
}
+ if (len > (MAX_BUFF_SIZE * 2))
+ {
+ android_errorWriteLog(0x534e4554, "241387741");
+ return status;
+ }
+
gphNxpExtns_Context.RawWriteCallBack = FALSE;
gphNxpExtns_Context.CallBackMifare = NULL;
gphNxpExtns_Context.CallBackCtxt = NdefMap;

View File

@ -0,0 +1,105 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Thomas Stuart <tjstuart@google.com>
Date: Wed, 28 Sep 2022 09:40:14 -0700
Subject: [PATCH] prevent overlays on the phone settings
A report came in showing a 3rd party app could overlay a button
on the phone settings causing unwanted behavior. In order to prevent
this, a new system flag has been added that only allows system overlays.
bug: 246933785
Test: manual
Change-Id: I427b65bc6c1acf06676e1753a34a7a38e21bbae0
Merged-In: I427b65bc6c1acf06676e1753a34a7a38e21bbae0
(cherry picked from commit e827d8f13c1c92622474fa2bf9e41a1f4ce21e2c)
Merged-In: I427b65bc6c1acf06676e1753a34a7a38e21bbae0
---
.../phone/settings/AccessibilitySettingsActivity.java | 6 +++++-
.../phone/settings/PhoneAccountSettingsActivity.java | 4 ++++
.../android/phone/settings/VoicemailChangePinActivity.java | 3 +++
.../android/phone/settings/VoicemailSettingsActivity.java | 4 ++++
4 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/src/com/android/phone/settings/AccessibilitySettingsActivity.java b/src/com/android/phone/settings/AccessibilitySettingsActivity.java
index 769ef615f..ebe7a1afe 100644
--- a/src/com/android/phone/settings/AccessibilitySettingsActivity.java
+++ b/src/com/android/phone/settings/AccessibilitySettingsActivity.java
@@ -19,15 +19,19 @@ package com.android.phone.settings;
import android.os.Bundle;
import android.preference.PreferenceActivity;
import android.view.MenuItem;
+import android.view.WindowManager;
import com.android.phone.R;
public class AccessibilitySettingsActivity extends PreferenceActivity {
- @Override
+ @Override
protected void onCreate(Bundle icicle) {
super.onCreate(icicle);
+ getWindow().addPrivateFlags(
+ WindowManager.LayoutParams.PRIVATE_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS);
+
getActionBar().setTitle(R.string.accessibility_settings_activity_title);
getFragmentManager().beginTransaction().replace(
android.R.id.content, new AccessibilitySettingsFragment()).commit();
diff --git a/src/com/android/phone/settings/PhoneAccountSettingsActivity.java b/src/com/android/phone/settings/PhoneAccountSettingsActivity.java
index 71ae8cfa4..88a70df18 100644
--- a/src/com/android/phone/settings/PhoneAccountSettingsActivity.java
+++ b/src/com/android/phone/settings/PhoneAccountSettingsActivity.java
@@ -19,6 +19,7 @@ package com.android.phone.settings;
import android.os.Bundle;
import android.preference.PreferenceActivity;
import android.view.MenuItem;
+import android.view.WindowManager;
import com.android.phone.R;
@@ -28,6 +29,9 @@ public class PhoneAccountSettingsActivity extends PreferenceActivity {
protected void onCreate(Bundle icicle) {
super.onCreate(icicle);
+ getWindow().addPrivateFlags(
+ WindowManager.LayoutParams.PRIVATE_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS);
+
getActionBar().setTitle(R.string.phone_accounts);
getFragmentManager().beginTransaction().replace(
android.R.id.content, new PhoneAccountSettingsFragment()).commit();
diff --git a/src/com/android/phone/settings/VoicemailChangePinActivity.java b/src/com/android/phone/settings/VoicemailChangePinActivity.java
index 33da27a53..cf852ec3d 100644
--- a/src/com/android/phone/settings/VoicemailChangePinActivity.java
+++ b/src/com/android/phone/settings/VoicemailChangePinActivity.java
@@ -343,6 +343,9 @@ public class VoicemailChangePinActivity extends Activity implements OnClickListe
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
+ getWindow().addPrivateFlags(
+ WindowManager.LayoutParams.PRIVATE_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS);
+
mPhoneAccountHandle = getIntent().getParcelableExtra(EXTRA_PHONE_ACCOUNT_HANDLE);
mConfig = new OmtpVvmCarrierConfigHelper(this, mPhoneAccountHandle);
setContentView(R.layout.voicemail_change_pin);
diff --git a/src/com/android/phone/settings/VoicemailSettingsActivity.java b/src/com/android/phone/settings/VoicemailSettingsActivity.java
index fea702bf5..1b3f31bb1 100644
--- a/src/com/android/phone/settings/VoicemailSettingsActivity.java
+++ b/src/com/android/phone/settings/VoicemailSettingsActivity.java
@@ -37,6 +37,7 @@ import android.text.TextDirectionHeuristics;
import android.text.TextUtils;
import android.util.Log;
import android.view.MenuItem;
+import android.view.WindowManager;
import android.widget.ListAdapter;
import android.widget.Toast;
@@ -217,6 +218,9 @@ public class VoicemailSettingsActivity extends PreferenceActivity
@Override
protected void onCreate(Bundle icicle) {
super.onCreate(icicle);
+ getWindow().addPrivateFlags(
+ WindowManager.LayoutParams.PRIVATE_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS);
+
// Make sure we are running as the primary user only
if (UserHandle.myUserId() != UserHandle.USER_OWNER) {
Toast.makeText(this, R.string.voice_number_setting_primary_user_only,

View File

@ -0,0 +1,41 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Raghavender Reddy Bujala <c-bujalr@codeaurora.org>
Date: Thu, 2 Dec 2021 16:04:19 +0530
Subject: [PATCH] BT: Once AT command is retrieved, return from method.
- Observed SIGSEV issue in Defensics, when received
buf is more than BTA_HF_CLIENT_AT_PARSER_MAX_LEN.
- Commented recover cut data, after AT command is
retrieved because leftover data/buf is more than
BTA_HF_CLIENT_AT_PARSER_MAX_LEN and leading to
offset corruption.
CRs-Fixed: 3052411
Change-Id: I6375d00eebfbf97ffc40456622a6d39e4388f4b2
---
bta/hf_client/bta_hf_client_at.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/bta/hf_client/bta_hf_client_at.c b/bta/hf_client/bta_hf_client_at.c
index 695c4fb32..f364e1c81 100644
--- a/bta/hf_client/bta_hf_client_at.c
+++ b/bta/hf_client/bta_hf_client_at.c
@@ -1578,9 +1578,14 @@ void bta_hf_client_at_parse(char *buf, unsigned int len)
bta_hf_client_at_parse_start();
bta_hf_client_at_clear_buf();
- /* recover cut data */
- memcpy(bta_hf_client_cb.scb.at_cb.buf, tmp_buff, tmp);
- bta_hf_client_cb.scb.at_cb.offset += tmp;
+ /* TODO: recover cut data */
+ // memcpy(bta_hf_client_cb.scb.at_cb.buf, tmp_buff, tmp);
+ // bta_hf_client_cb.scb.at_cb.offset += tmp;
+
+ // Observed SIGSEV issue in Defensics, when received buf is more than
+ // BTA_HF_CLIENT_AT_PARSER_MAX_LEN.
+ // Assuming to return from here, Once AT command is retrieved.
+ return;
}
memcpy(bta_hf_client_cb.scb.at_cb.buf + bta_hf_client_cb.scb.at_cb.offset, buf, len);

View File

@ -23,10 +23,10 @@ index 9bb5aecdac8f..13c77bf16ef6 100644
<!-- Allows applications to access information about networks.
<p>Protection level: normal
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
index f8d298a538e7..0ceb190c6068 100644
index b30bd41d3059..fbe33065e0f9 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@@ -2609,7 +2609,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
@@ -2649,7 +2649,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
}
public static boolean isSpecialRuntimePermission(final String permission) {

View File

@ -128,10 +128,10 @@ index 189544f98594..9badc8c4d9c0 100644
field public static final String SENSORS = "android.permission-group.SENSORS";
field public static final String SMS = "android.permission-group.SMS";
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
index 0ceb190c6068..2380844eec5d 100644
index fbe33065e0f9..80576d7b3d75 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@@ -2609,7 +2609,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
@@ -2649,7 +2649,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
}
public static boolean isSpecialRuntimePermission(final String permission) {

View File

@ -17,7 +17,7 @@ As a result, PackageManagerService is no longer modified.
1 file changed, 19 insertions(+), 5 deletions(-)
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
index 663f6ebcd73a..f8d298a538e7 100644
index 0a98b8b0df57..b30bd41d3059 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@@ -1461,7 +1461,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
@ -58,7 +58,7 @@ index 663f6ebcd73a..f8d298a538e7 100644
// PermissionPolicyService will handle the app op for runtime permissions later.
grantRuntimePermissionInternal(permName, packageName, false,
Process.SYSTEM_UID, userId, delayingPermCallback);
@@ -2606,6 +2608,10 @@ public class PermissionManagerService extends IPermissionManager.Stub {
@@ -2646,6 +2648,10 @@ public class PermissionManagerService extends IPermissionManager.Stub {
}
}
@ -69,7 +69,7 @@ index 663f6ebcd73a..f8d298a538e7 100644
/**
* Restore the permission state for a package.
*
@@ -2958,6 +2964,14 @@ public class PermissionManagerService extends IPermissionManager.Stub {
@@ -2998,6 +3004,14 @@ public class PermissionManagerService extends IPermissionManager.Stub {
}
}
}
@ -84,7 +84,7 @@ index 663f6ebcd73a..f8d298a538e7 100644
} else {
if (permState == null) {
// New permission
@@ -3913,7 +3927,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
@@ -3953,7 +3967,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
&& (grantedPermissions == null
|| ArrayUtils.contains(grantedPermissions, permission))) {
final int flags = permissionsState.getPermissionFlags(permission, userId);

View File

@ -1,7 +1,7 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: inthewaves <inthewaves@pm.me>
Date: Thu, 27 Feb 2020 19:34:56 -0800
Subject: [PATCH 1/3] add LTE only setting
Subject: [PATCH] add LTE only setting
---
res/values/arrays.xml | 5 +++-

View File

@ -1,7 +1,7 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: flawedworld <flawedworld@flawed.world>
Date: Fri, 6 Aug 2021 21:23:33 +0000
Subject: [PATCH 2/3] Show preferred network options no matter the carrier
Subject: [PATCH] Show preferred network options no matter the carrier
configuration
This ignores:

View File

@ -1,7 +1,7 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: flawedworld <flawedworld@flawed.world>
Date: Tue, 17 Aug 2021 22:41:26 +0000
Subject: [PATCH 3/3] Add LTE only entry when carrier enables world mode.
Subject: [PATCH] Add LTE only entry when carrier enables world mode.
---
.../telephony/EnabledNetworkModePreferenceController.java | 1 +

View File

@ -23,10 +23,10 @@ index cb6ef5a8f1ae..4692ddb26491 100644
<!-- Allows applications to access information about networks.
<p>Protection level: normal
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
index 5f0beea38af5..ba5572eb4383 100644
index e7c141d3e5fd..41bb1878e0dc 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@@ -2592,7 +2592,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
@@ -2632,7 +2632,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
}
public static boolean isSpecialRuntimePermission(final String permission) {

View File

@ -12,7 +12,7 @@ Change-Id: I74b0b8a5aa70f0794b4f3d72c70167dbe2aae88d
1 file changed, 11 insertions(+)
diff --git a/services/core/java/com/android/server/net/NetworkPolicyManagerService.java b/services/core/java/com/android/server/net/NetworkPolicyManagerService.java
index 7d70b6d73497..07918a9a903b 100644
index d7fa56e56e0b..2092276d377f 100644
--- a/services/core/java/com/android/server/net/NetworkPolicyManagerService.java
+++ b/services/core/java/com/android/server/net/NetworkPolicyManagerService.java
@@ -185,6 +185,7 @@ import android.content.pm.IPackageManager;

View File

@ -99,10 +99,10 @@ index 27c9026c863a..4a8624222ae8 100644
<string name="permlab_readCalendar">Read calendar events and details</string>
<!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
index ba5572eb4383..f7a09f49aacb 100644
index 41bb1878e0dc..897134430015 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@@ -2592,7 +2592,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
@@ -2632,7 +2632,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
}
public static boolean isSpecialRuntimePermission(final String permission) {

View File

@ -8,7 +8,7 @@ Subject: [PATCH] extend special runtime permission implementation
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
index eeff027cb46c..5f0beea38af5 100644
index 5be5d735598c..e7c141d3e5fd 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@@ -1881,7 +1881,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
@ -20,7 +20,7 @@ index eeff027cb46c..5f0beea38af5 100644
? FLAG_PERMISSION_REVIEW_REQUIRED | FLAG_PERMISSION_REVOKED_COMPAT
: 0;
@@ -2725,7 +2725,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
@@ -2765,7 +2765,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
FLAG_PERMISSION_RESTRICTION_UPGRADE_EXEMPT,
FLAG_PERMISSION_RESTRICTION_UPGRADE_EXEMPT);
}
@ -29,7 +29,7 @@ index eeff027cb46c..5f0beea38af5 100644
uidState.updatePermissionFlags(permission,
PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED
| PackageManager.FLAG_PERMISSION_REVOKED_COMPAT,
@@ -2815,7 +2815,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
@@ -2855,7 +2855,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
// continue;
// }
@ -38,7 +38,7 @@ index eeff027cb46c..5f0beea38af5 100644
if (DEBUG_PERMISSIONS) {
Log.i(TAG, "Denying runtime-only permission " + bp.getName()
+ " for package " + friendlyName);
@@ -2894,7 +2894,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
@@ -2934,7 +2934,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
boolean restrictionApplied = (origState.getPermissionFlags(
bp.getName()) & FLAG_PERMISSION_APPLY_RESTRICTION) != 0;
@ -47,7 +47,7 @@ index eeff027cb46c..5f0beea38af5 100644
// If hard restricted we don't allow holding it
if (permissionPolicyInitialized && hardRestricted) {
if (!restrictionExempt) {
@@ -2978,7 +2978,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
@@ -3018,7 +3018,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
if (restrictionApplied) {
flags &= ~FLAG_PERMISSION_APPLY_RESTRICTION;
// Dropping restriction on a legacy app implies a review

View File

@ -20,7 +20,7 @@ Signed-off-by: Danny Lin <danny@kdrag0n.dev>
1 file changed, 20 insertions(+), 5 deletions(-)
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
index 2662f620cbd4..eeff027cb46c 100644
index 5e54f937fc98..5be5d735598c 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@@ -1525,7 +1525,8 @@ public class PermissionManagerService extends IPermissionManager.Stub {
@ -63,7 +63,7 @@ index 2662f620cbd4..eeff027cb46c 100644
// PermissionPolicyService will handle the app op for runtime permissions later.
grantRuntimePermissionInternal(packageName, permName, false,
Process.SYSTEM_UID, userId, delayingPermCallback);
@@ -2587,6 +2591,10 @@ public class PermissionManagerService extends IPermissionManager.Stub {
@@ -2627,6 +2631,10 @@ public class PermissionManagerService extends IPermissionManager.Stub {
}
}
@ -74,7 +74,7 @@ index 2662f620cbd4..eeff027cb46c 100644
/**
* Restore the permission state for a package.
*
@@ -2929,6 +2937,13 @@ public class PermissionManagerService extends IPermissionManager.Stub {
@@ -2969,6 +2977,13 @@ public class PermissionManagerService extends IPermissionManager.Stub {
}
}
}
@ -88,7 +88,7 @@ index 2662f620cbd4..eeff027cb46c 100644
} else {
if (origPermState == null) {
// New permission
@@ -3766,7 +3781,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
@@ -3806,7 +3821,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
if (shouldGrantPermission) {
final int flags = getPermissionFlagsInternal(pkg.getPackageName(), permission,
myUid, userId);

View File

@ -104,7 +104,6 @@ patchWorkspace() {
gpgVerifyGitHead "$DOS_BUILD_BASE/external/chromium-webview";
source build/envsetup.sh;
#repopick -it bt-sbc-hd-dualchannel-nougat;
repopick -it tzdb_N;
sh "$DOS_SCRIPTS/Patch.sh";

View File

@ -76,7 +76,7 @@ sed -i '50i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aap
sed -i '296iLOCAL_AAPT_FLAGS += --auto-add-overlay' core/package_internal.mk;
awk -i inplace '!/Email/' target/product/core.mk; #Remove Email
awk -i inplace '!/Exchange2/' target/product/core.mk;
sed -i 's/2021-06-05/2022-12-05/' core/version_defaults.mk; #Bump Security String #n-asb-2022-12 #XXX
sed -i 's/2021-06-05/2023-01-05/' core/version_defaults.mk; #Bump Security String #n-asb-2023-01 #XXX
fi;
if enterAndClear "device/qcom/sepolicy"; then
@ -171,6 +171,10 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/345519.patch"; #n-asb-2022-12 V
applyPatch "$DOS_PATCHES/android_frameworks_base/345520.patch"; #n-asb-2022-12 Ignore malformed shortcuts
applyPatch "$DOS_PATCHES/android_frameworks_base/345521.patch"; #n-asb-2022-12 Fix permanent denial of service via setComponentEnabledSetting
applyPatch "$DOS_PATCHES/android_frameworks_base/345522.patch"; #n-asb-2022-12 Add safety checks on KEY_INTENT mismatch.
applyPatch "$DOS_PATCHES/android_frameworks_base/346948.patch"; #n-asb-2023-01 Limit lengths of fields in Condition to a max length.
applyPatch "$DOS_PATCHES/android_frameworks_base/346949.patch"; #n-asb-2023-01 Disable all A11yServices from an uninstalled package.
applyPatch "$DOS_PATCHES/android_frameworks_base/346950.patch"; #n-asb-2023-01 Trim any long string inputs that come in to AutomaticZenRule
applyPatch "$DOS_PATCHES/android_frameworks_base/346951.patch"; #n-asb-2023-01 Fix conditionId string trimming in AutomaticZenRule
git revert --no-edit 0326bb5e41219cf502727c3aa44ebf2daa19a5b3; #Re-enable doze on devices without gms
applyPatch "$DOS_PATCHES/android_frameworks_base/248599.patch"; #Make SET_TIME_ZONE permission match SET_TIME (AOSP)
applyPatch "$DOS_PATCHES/android_frameworks_base/0001-Reduced_Resolution.patch"; #Allow reducing resolution to save power TODO: Add 800x480 (DivestOS)
@ -315,6 +319,7 @@ if enterAndClear "packages/apps/Nfc"; then
applyPatch "$DOS_PATCHES/android_packages_apps_Nfc/315715.patch"; #n-asb-2021-09 Add HIDE_NON_SYSTEM_OVERLAY_WINDOWS permission to Nfc
applyPatch "$DOS_PATCHES/android_packages_apps_Nfc/328308.patch"; #n-asb-2022-04 Do not set default contactless application without user interaction
applyPatch "$DOS_PATCHES/android_packages_apps_Nfc/332455.patch"; #n-asb-2022-06 OOB read in phNciNfc_RecvMfResp()
applyPatch "$DOS_PATCHES/android_packages_apps_Nfc/346953.patch"; #n-asb-2023-01 OOBW in Mfc_Transceive()
fi;
if enterAndClear "packages/apps/PackageInstaller"; then
@ -377,6 +382,7 @@ applyPatch "$DOS_PATCHES/android_packages_services_Telecomm/345526.patch"; #n-as
fi;
if enterAndClear "packages/services/Telephony"; then
applyPatch "$DOS_PATCHES/android_packages_services_Telephony/346954.patch"; #n-asb-2023-01 Prevent overlays on the phone settings
applyPatch "$DOS_PATCHES/android_packages_services_Telephony/0001-PREREQ_Handle_All_Modes.patch"; #(DivestOS)
applyPatch "$DOS_PATCHES/android_packages_services_Telephony/0002-More_Preferred_Network_Modes.patch";
fi;
@ -415,6 +421,7 @@ applyPatch "$DOS_PATCHES/android_system_bt/345528.patch"; #n-asb-2022-12 Added m
applyPatch "$DOS_PATCHES/android_system_bt/345529.patch"; #n-asb-2022-12 Add missing increment in bnep_api.cc
applyPatch "$DOS_PATCHES/android_system_bt/345530.patch"; #n-asb-2022-12 Add length check when copy AVDT and AVCT packet
applyPatch "$DOS_PATCHES/android_system_bt/345531.patch"; #n-asb-2022-12 Fix integer overflow when parsing avrc response
applyPatch "$DOS_PATCHES/android_system_bt/346952.patch"; #n-asb-2023-01 Once AT command is retrieved, return from method.
applyPatch "$DOS_PATCHES/android_system_bt/229574.patch"; #bt-sbc-hd-dualchannel-nougat: Increase maximum Bluetooth SBC codec bitrate for SBC HD (ValdikSS)
applyPatch "$DOS_PATCHES/android_system_bt/229575.patch"; #bt-sbc-hd-dualchannel-nougat: Explicit SBC Dual Channel (SBC HD) support (ValdikSS)
applyPatch "$DOS_PATCHES/android_system_bt/242134.patch"; #avrc_bld_get_attrs_rsp - fix attribute length position off by one (cprhokie)

View File

@ -87,6 +87,7 @@ patchWorkspace() {
repopick -it P_tzdata_2022;
repopick -it P_asb_2022-11 -e 344200;
repopick -it P_asb_2022-12 -e 345931;
repopick -it P_asb_2023-01;
sh "$DOS_SCRIPTS/Patch.sh";
sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";

View File

@ -97,7 +97,7 @@ applyPatch "$DOS_PATCHES/android_build/0002-Enable_fwrapv.patch"; #Use -fwrapv a
sed -i '74i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 17/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
awk -i inplace '!/Email/' target/product/core.mk; #Remove Email
sed -i 's/2022-01-05/2022-12-05/' core/version_defaults.mk; #Bump Security String #P_asb_2022-12 #XXX
sed -i 's/2022-01-05/2023-01-05/' core/version_defaults.mk; #Bump Security String #P_asb_2023-01 #XXX
fi;
if enterAndClear "build/soong"; then

View File

@ -87,6 +87,7 @@ patchWorkspace() {
source build/envsetup.sh;
#repopick -it ten-firewall;
repopick -it Q_tzdb2022f;
repopick -it Q_asb_2023-01;
sh "$DOS_SCRIPTS/Patch.sh";
sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";

View File

@ -115,6 +115,7 @@ patchWorkspace() {
#repopick -i 314453; #TaskViewTouchController: Null check current animation on drag
#repopick -i 325011; #lineage: Opt-in to shipping full recovery image by default
repopick -it R_tzdb2022f;
repopick -it R_asb_2023-01;
sh "$DOS_SCRIPTS/Patch.sh";
sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";

View File

@ -84,6 +84,7 @@ patchWorkspace() {
#repopick -ift twelve-bt-sbc-hd-dualchannel;
#repopick -it twelve-colors;
repopick -it S_tzdb2022f;
repopick -it S_asb_2023-01;
sh "$DOS_SCRIPTS/Patch.sh";
sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";