diff --git a/Patches/LineageOS-16.0/android_frameworks_av/358555.patch b/Patches/LineageOS-16.0/android_frameworks_av/358555.patch
deleted file mode 100644
index 45469fb1..00000000
--- a/Patches/LineageOS-16.0/android_frameworks_av/358555.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Ray Essick <essick@google.com>
-Date: Mon, 27 Mar 2023 18:16:46 -0500
-Subject: [PATCH] Fix NuMediaExtractor::readSampleData buffer Handling
-
-readSampleData() did not initialize buffer before filling it,
-leading to OOB memory references. Correct and clarify the book
-keeping around output buffer management.
-
-Bug: 275418191
-Test: CtsMediaExtractorTestCases w/debug messages
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:943fc12219b21d2a98f0ddc070b9b316a6f5d412)
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:84c69bca81175feb2fd97ebb22e432ee41572786)
-Merged-In: Ie744f118526f100d82a312c64f7c6fcf20773b6d
-Change-Id: Ie744f118526f100d82a312c64f7c6fcf20773b6d
----
- media/libstagefright/NuMediaExtractor.cpp | 14 +++++++++-----
- 1 file changed, 9 insertions(+), 5 deletions(-)
-
-diff --git a/media/libstagefright/NuMediaExtractor.cpp b/media/libstagefright/NuMediaExtractor.cpp
-index 4a7d6ca7ad..90ddcb81c3 100644
---- a/media/libstagefright/NuMediaExtractor.cpp
-+++ b/media/libstagefright/NuMediaExtractor.cpp
-@@ -607,9 +607,11 @@ status_t NuMediaExtractor::appendVorbisNumPageSamples(
-         numPageSamples = -1;
-     }
- 
-+    // insert, including accounting for the space used.
-     memcpy((uint8_t *)buffer->data() + mbuf->range_length(),
-            &numPageSamples,
-            sizeof(numPageSamples));
-+    buffer->setRange(buffer->offset(), buffer->size() + sizeof(numPageSamples));
- 
-     uint32_t type;
-     const void *data;
-@@ -658,6 +660,8 @@ status_t NuMediaExtractor::readSampleData(const sp<ABuffer> &buffer) {
- 
-     ssize_t minIndex = fetchAllTrackSamples();
- 
-+    buffer->setRange(0, 0);     // start with an empty buffer
-+
-     if (minIndex < 0) {
-         return ERROR_END_OF_STREAM;
-     }
-@@ -673,25 +677,25 @@ status_t NuMediaExtractor::readSampleData(const sp<ABuffer> &buffer) {
-         sampleSize += sizeof(int32_t);
-     }
- 
-+    // capacity() is ok since we cleared out the buffer
-     if (buffer->capacity() < sampleSize) {
-         return -ENOMEM;
-     }
- 
-+    const size_t srclen = it->mBuffer->range_length();
-     const uint8_t *src =
-         (const uint8_t *)it->mBuffer->data()
-             + it->mBuffer->range_offset();
- 
--    memcpy((uint8_t *)buffer->data(), src, it->mBuffer->range_length());
-+    memcpy((uint8_t *)buffer->data(), src, srclen);
-+    buffer->setRange(0, srclen);
- 
-     status_t err = OK;
-     if (info->mTrackFlags & kIsVorbis) {
-+        // adjusts range when it inserts the extra bits
-         err = appendVorbisNumPageSamples(it->mBuffer, buffer);
-     }
- 
--    if (err == OK) {
--        buffer->setRange(0, sampleSize);
--    }
--
-     return err;
- }
- 
diff --git a/Patches/LineageOS-16.0/android_frameworks_base/358560-backport.patch b/Patches/LineageOS-16.0/android_frameworks_base/358560-backport.patch
deleted file mode 100644
index a31d38b2..00000000
--- a/Patches/LineageOS-16.0/android_frameworks_base/358560-backport.patch
+++ /dev/null
@@ -1,167 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Brian Lee <brnlee@google.com>
-Date: Fri, 17 Feb 2023 16:05:17 -0800
-Subject: [PATCH] Check key intent for selectors and prohibited flags
-
-Bug: 265015796
-Test: atest
-FrameworksServicesTests: com.android.server.accounts.AccountManagerServiceTest
-(cherry picked from commit e53a96304352e2965176c8d32ac1b504e52ef185)
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:92114886bdce8467c52c655c186f3e7ab1e134d8)
-Merged-In: Ie16f8654337bd75eaad3156817470674b4f0cee3
-Change-Id: Ie16f8654337bd75eaad3156817470674b4f0cee3
----
- .../accounts/AccountManagerService.java       | 18 +++++++---
- .../accounts/AccountManagerServiceTest.java   | 36 +++++++++++++++++++
- .../AccountManagerServiceTestFixtures.java    |  5 ++-
- .../TestAccountType1Authenticator.java        |  5 +--
- 4 files changed, 54 insertions(+), 10 deletions(-)
-
-diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java
-index d2f5d59e7030..36732273ab6f 100644
---- a/services/core/java/com/android/server/accounts/AccountManagerService.java
-+++ b/services/core/java/com/android/server/accounts/AccountManagerService.java
-@@ -4785,10 +4785,6 @@ public class AccountManagerService
-             if (intent.getClipData() == null) {
-                 intent.setClipData(ClipData.newPlainText(null, null));
-             }
--            intent.setFlags(intent.getFlags() & ~(Intent.FLAG_GRANT_READ_URI_PERMISSION
--                    | Intent.FLAG_GRANT_WRITE_URI_PERMISSION
--                    | Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION
--                    | Intent.FLAG_GRANT_PREFIX_URI_PERMISSION));
-             long bid = Binder.clearCallingIdentity();
-             try {
-                 PackageManager pm = mContext.getPackageManager();
-@@ -4835,7 +4831,19 @@ public class AccountManagerService
-             if (intent == null) {
-                 return (simulateIntent == null);
-             }
--            return intent.filterEquals(simulateIntent);
-+            if (!intent.filterEquals(simulateIntent)) {
-+                return false;
-+            }
-+
-+            if (intent.getSelector() != simulateIntent.getSelector()) {
-+                return false;
-+            }
-+
-+            int prohibitedFlags = Intent.FLAG_GRANT_READ_URI_PERMISSION
-+                    | Intent.FLAG_GRANT_WRITE_URI_PERMISSION
-+                    | Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION
-+                    | Intent.FLAG_GRANT_PREFIX_URI_PERMISSION;
-+            return (simulateIntent.getFlags() & prohibitedFlags) == 0;
-         }
- 
-         private boolean isExportedSystemActivity(ActivityInfo activityInfo) {
-diff --git a/services/tests/servicestests/src/com/android/server/accounts/AccountManagerServiceTest.java b/services/tests/servicestests/src/com/android/server/accounts/AccountManagerServiceTest.java
-index 73267e4868a6..c063f645a4ea 100644
---- a/services/tests/servicestests/src/com/android/server/accounts/AccountManagerServiceTest.java
-+++ b/services/tests/servicestests/src/com/android/server/accounts/AccountManagerServiceTest.java
-@@ -17,6 +17,7 @@
- package com.android.server.accounts;
- 
- import static android.database.sqlite.SQLiteDatabase.deleteDatabase;
-+import static org.mockito.ArgumentMatchers.contains;
- import static org.mockito.Matchers.any;
- import static org.mockito.Matchers.anyBoolean;
- import static org.mockito.Matchers.anyInt;
-@@ -681,6 +682,41 @@ public class AccountManagerServiceTest extends AndroidTestCase {
-         assertNotNull(intent.getParcelableExtra(AccountManagerServiceTestFixtures.KEY_CALLBACK));
-     }
- 
-+    @SmallTest
-+    public void testStartAddAccountSessionWhereAuthenticatorReturnsIntentWithProhibitedFlags()
-+            throws Exception {
-+        unlockSystemUser();
-+        ResolveInfo resolveInfo = new ResolveInfo();
-+        resolveInfo.activityInfo = new ActivityInfo();
-+        resolveInfo.activityInfo.applicationInfo = new ApplicationInfo();
-+        when(mMockPackageManager.resolveActivityAsUser(
-+                any(Intent.class), anyInt(), anyInt())).thenReturn(resolveInfo);
-+        when(mMockPackageManager.checkSignatures(
-+                anyInt(), anyInt())).thenReturn(PackageManager.SIGNATURE_MATCH);
-+
-+        final CountDownLatch latch = new CountDownLatch(1);
-+        Response response = new Response(latch, mMockAccountManagerResponse);
-+        Bundle options = createOptionsWithAccountName(
-+                AccountManagerServiceTestFixtures.ACCOUNT_NAME_INTERVENE);
-+        int prohibitedFlags = Intent.FLAG_GRANT_READ_URI_PERMISSION
-+                | Intent.FLAG_GRANT_WRITE_URI_PERMISSION
-+                | Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION
-+                | Intent.FLAG_GRANT_PREFIX_URI_PERMISSION;
-+        options.putInt(AccountManagerServiceTestFixtures.KEY_INTENT_FLAGS, prohibitedFlags);
-+
-+        mAms.startAddAccountSession(
-+                response, // response
-+                AccountManagerServiceTestFixtures.ACCOUNT_TYPE_1, // accountType
-+                "authTokenType",
-+                null, // requiredFeatures
-+                true, // expectActivityLaunch
-+                options); // optionsIn
-+        waitForLatch(latch);
-+
-+        verify(mMockAccountManagerResponse).onError(
-+                eq(AccountManager.ERROR_CODE_INVALID_RESPONSE), contains("invalid intent"));
-+    }
-+
-     @SmallTest
-     public void testStartAddAccountSessionError() throws Exception {
-         unlockSystemUser();
-diff --git a/services/tests/servicestests/src/com/android/server/accounts/AccountManagerServiceTestFixtures.java b/services/tests/servicestests/src/com/android/server/accounts/AccountManagerServiceTestFixtures.java
-index 73f30d9f9e79..b98a6a891d55 100644
---- a/services/tests/servicestests/src/com/android/server/accounts/AccountManagerServiceTestFixtures.java
-+++ b/services/tests/servicestests/src/com/android/server/accounts/AccountManagerServiceTestFixtures.java
-@@ -17,9 +17,6 @@ package com.android.server.accounts;
- 
- import android.accounts.Account;
- 
--import java.util.ArrayList;
--import java.util.List;
--
- /**
-  * Constants shared between test AccountAuthenticators and AccountManagerServiceTest.
-  */
-@@ -31,6 +28,8 @@ public final class AccountManagerServiceTestFixtures {
-             "account_manager_service_test:account_status_token_key";
-     public static final String KEY_ACCOUNT_PASSWORD =
-             "account_manager_service_test:account_password_key";
-+    public static final String KEY_INTENT_FLAGS =
-+            "account_manager_service_test:intent_flags_key";
-     public static final String KEY_OPTIONS_BUNDLE =
-             "account_manager_service_test:option_bundle_key";
-     public static final String ACCOUNT_NAME_SUCCESS = "success_on_return@fixture.com";
-diff --git a/services/tests/servicestests/src/com/android/server/accounts/TestAccountType1Authenticator.java b/services/tests/servicestests/src/com/android/server/accounts/TestAccountType1Authenticator.java
-index 8106364477d9..924443e9d5cf 100644
---- a/services/tests/servicestests/src/com/android/server/accounts/TestAccountType1Authenticator.java
-+++ b/services/tests/servicestests/src/com/android/server/accounts/TestAccountType1Authenticator.java
-@@ -24,8 +24,6 @@ import android.content.Context;
- import android.content.Intent;
- import android.os.Bundle;
- 
--import com.android.frameworks.servicestests.R;
--
- import java.util.concurrent.atomic.AtomicInteger;
- 
- /**
-@@ -270,11 +268,13 @@ public class TestAccountType1Authenticator extends AbstractAccountAuthenticator
-         String accountName = null;
-         Bundle sessionBundle = null;
-         String password = null;
-+        int intentFlags = 0;
-         if (options != null) {
-             accountName = options.getString(AccountManagerServiceTestFixtures.KEY_ACCOUNT_NAME);
-             sessionBundle = options.getBundle(
-                     AccountManagerServiceTestFixtures.KEY_ACCOUNT_SESSION_BUNDLE);
-             password = options.getString(AccountManagerServiceTestFixtures.KEY_ACCOUNT_PASSWORD);
-+            intentFlags = options.getInt(AccountManagerServiceTestFixtures.KEY_INTENT_FLAGS, 0);
-         }
- 
-         Bundle result = new Bundle();
-@@ -302,6 +302,7 @@ public class TestAccountType1Authenticator extends AbstractAccountAuthenticator
-             intent.putExtra(AccountManagerServiceTestFixtures.KEY_RESULT,
-                     eventualActivityResultData);
-             intent.putExtra(AccountManagerServiceTestFixtures.KEY_CALLBACK, response);
-+            intent.setFlags(intentFlags);
- 
-             result.putParcelable(AccountManager.KEY_INTENT, intent);
-         } else {
diff --git a/Patches/LineageOS-16.0/android_frameworks_base/358561-backport.patch b/Patches/LineageOS-16.0/android_frameworks_base/358561-backport.patch
deleted file mode 100644
index e0971199..00000000
--- a/Patches/LineageOS-16.0/android_frameworks_base/358561-backport.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Kweku Adams <kwekua@google.com>
-Date: Wed, 21 Sep 2022 22:13:01 +0000
-Subject: [PATCH] Handle invalid data during job loading.
-
-Catch exceptions that may be thrown if invalid data ended up in the
-persisted job file.
-
-Bug: 246541702
-Bug: 246542132
-Bug: 246542285
-Bug: 246542330
-Test: install test app with invalid job config, start app to schedule job, then reboot device
-(cherry picked from commit c98fb42b480b3beedc2d94de6110f50212c4aa0b)
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:df1ba00dd9f64a3ae9a9e05979dfae6a15c7e203)
-Merged-In: Id0ceba345942baf21177f687b8dd85ef001c0a9e
-Change-Id: Id0ceba345942baf21177f687b8dd85ef001c0a9e
----
- .../java/com/android/server/job/JobStore.java | 26 ++++++++++++++++---
- 1 file changed, 23 insertions(+), 3 deletions(-)
-
-diff --git a/services/core/java/com/android/server/job/JobStore.java b/services/core/java/com/android/server/job/JobStore.java
-index 4f8b1dcc6bb4..7f2d7fb5987d 100644
---- a/services/core/java/com/android/server/job/JobStore.java
-+++ b/services/core/java/com/android/server/job/JobStore.java
-@@ -623,6 +623,10 @@ public final class JobStore {
-                 }
-             } catch (XmlPullParserException | IOException e) {
-                 Slog.wtf(TAG, "Error jobstore xml.", e);
-+            } catch (Exception e) {
-+                // Crashing at this point would result in a boot loop, so live with a general
-+                // Exception for system stability's sake.
-+                Slog.wtf(TAG, "Unexpected exception", e);
-             } finally {
-                 if (mPersistInfo.countAllJobsLoaded < 0) { // Only set them once.
-                     mPersistInfo.countAllJobsLoaded = numJobs;
-@@ -753,6 +757,15 @@ public final class JobStore {
-             } catch (NumberFormatException e) {
-                 Slog.d(TAG, "Error reading constraints, skipping.");
-                 return null;
-+            } catch (XmlPullParserException e) {
-+                Slog.d(TAG, "Error Parser Exception.", e);
-+                return null;
-+            } catch (IOException e) {
-+                Slog.d(TAG, "Error I/O Exception.", e);
-+                return null;
-+            } catch (IllegalArgumentException e) {
-+                Slog.e(TAG, "Constraints contained invalid data", e);
-+                return null;
-             }
-             parser.next(); // Consume </constraints>
- 
-@@ -848,8 +861,14 @@ public final class JobStore {
-                 return null;
-             }
- 
--            PersistableBundle extras = PersistableBundle.restoreFromXml(parser);
--            jobBuilder.setExtras(extras);
-+            final PersistableBundle extras;
-+            try {
-+                extras = PersistableBundle.restoreFromXml(parser);
-+                jobBuilder.setExtras(extras);
-+            } catch (IllegalArgumentException e) {
-+                Slog.e(TAG, "Persisted extras contained invalid data", e);
-+                return null;
-+            }
-             parser.nextTag(); // Consume </extras>
- 
-             // Migrate sync jobs forward from earlier, incomplete representation
-@@ -887,7 +906,8 @@ public final class JobStore {
-             return new JobInfo.Builder(jobId, cname);
-         }
- 
--        private void buildConstraintsFromXml(JobInfo.Builder jobBuilder, XmlPullParser parser) {
-+        private void buildConstraintsFromXml(JobInfo.Builder jobBuilder, XmlPullParser parser)
-+                throws XmlPullParserException, IOException {
-             String val;
- 
-             final String netCapabilities = parser.getAttributeValue(null, "net-capabilities");
diff --git a/Patches/LineageOS-16.0/android_frameworks_base/358562-backport.patch b/Patches/LineageOS-16.0/android_frameworks_base/358562-backport.patch
deleted file mode 100644
index 23125594..00000000
--- a/Patches/LineageOS-16.0/android_frameworks_base/358562-backport.patch
+++ /dev/null
@@ -1,232 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Julia Reynolds <juliacr@google.com>
-Date: Tue, 7 Mar 2023 15:44:49 -0500
-Subject: [PATCH] Allow filtering of services
-
-Test: ServiceListingTest
-Bug: 260570119
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:44dcb8351e61f4b3a63ec68fa5d8490501e8a823)
-Merged-In: Ib4740ba401667de62fa1a33334c2c1fbee25b760
-Change-Id: Ib4740ba401667de62fa1a33334c2c1fbee25b760
----
- .../applications/ServiceListing.java          | 19 +++-
- .../applications/ServiceListingTest.java      | 98 ++++++++++++++++++-
- 2 files changed, 113 insertions(+), 4 deletions(-)
-
-diff --git a/packages/SettingsLib/src/com/android/settingslib/applications/ServiceListing.java b/packages/SettingsLib/src/com/android/settingslib/applications/ServiceListing.java
-index 3c3c70ac364e..8c1cc256eee4 100644
---- a/packages/SettingsLib/src/com/android/settingslib/applications/ServiceListing.java
-+++ b/packages/SettingsLib/src/com/android/settingslib/applications/ServiceListing.java
-@@ -37,6 +37,7 @@ import com.android.settingslib.wrapper.PackageManagerWrapper;
- import java.util.ArrayList;
- import java.util.HashSet;
- import java.util.List;
-+import java.util.function.Predicate;
- 
- /**
-  * Class for managing services matching a given intent and requesting a given permission.
-@@ -52,11 +53,13 @@ public class ServiceListing {
-     private final HashSet<ComponentName> mEnabledServices = new HashSet<>();
-     private final List<ServiceInfo> mServices = new ArrayList<>();
-     private final List<Callback> mCallbacks = new ArrayList<>();
-+    private final Predicate mValidator;
- 
-     private boolean mListening;
- 
-     private ServiceListing(Context context, String tag,
--            String setting, String intentAction, String permission, String noun) {
-+            String setting, String intentAction, String permission, String noun,
-+            Predicate validator) {
-         mContentResolver = context.getContentResolver();
-         mContext = context;
-         mTag = tag;
-@@ -64,6 +67,7 @@ public class ServiceListing {
-         mIntentAction = intentAction;
-         mPermission = permission;
-         mNoun = noun;
-+        mValidator = validator;
-     }
- 
-     public void addCallback(Callback callback) {
-@@ -133,7 +137,6 @@ public class ServiceListing {
-                 new Intent(mIntentAction),
-                 PackageManager.GET_SERVICES | PackageManager.GET_META_DATA,
-                 user);
--
-         for (ResolveInfo resolveInfo : installedServices) {
-             ServiceInfo info = resolveInfo.serviceInfo;
- 
-@@ -144,6 +147,9 @@ public class ServiceListing {
-                         + mPermission);
-                 continue;
-             }
-+            if (mValidator != null && !mValidator.test(info)) {
-+                continue;
-+            }
-             mServices.add(info);
-         }
-         for (Callback callback : mCallbacks) {
-@@ -189,6 +195,7 @@ public class ServiceListing {
-         private String mIntentAction;
-         private String mPermission;
-         private String mNoun;
-+        private Predicate mValidator;
- 
-         public Builder(Context context) {
-             mContext = context;
-@@ -219,8 +226,14 @@ public class ServiceListing {
-             return this;
-         }
- 
-+        public Builder setValidator(Predicate<ServiceInfo> validator) {
-+            mValidator = validator;
-+            return this;
-+        }
-+
-         public ServiceListing build() {
--            return new ServiceListing(mContext, mTag, mSetting, mIntentAction, mPermission, mNoun);
-+            return new ServiceListing(mContext, mTag, mSetting, mIntentAction, mPermission, mNoun,
-+                    mValidator);
-         }
-     }
- }
-diff --git a/packages/SettingsLib/tests/robotests/src/com/android/settingslib/applications/ServiceListingTest.java b/packages/SettingsLib/tests/robotests/src/com/android/settingslib/applications/ServiceListingTest.java
-index 060b716bb435..6cfbd458fd79 100644
---- a/packages/SettingsLib/tests/robotests/src/com/android/settingslib/applications/ServiceListingTest.java
-+++ b/packages/SettingsLib/tests/robotests/src/com/android/settingslib/applications/ServiceListingTest.java
-@@ -17,21 +17,36 @@
- package com.android.settingslib.applications;
- 
- import static com.google.common.truth.Truth.assertThat;
-+import static org.mockito.ArgumentMatchers.any;
-+import static org.mockito.ArgumentMatchers.anyInt;
- import static org.mockito.ArgumentMatchers.anyList;
- import static org.mockito.Mockito.mock;
-+import static org.mockito.Mockito.spy;
- import static org.mockito.Mockito.times;
- import static org.mockito.Mockito.verify;
-+import static org.mockito.Mockito.spy;
- 
- import android.content.ComponentName;
-+import android.content.Context;
-+import android.content.pm.PackageManager;
-+import android.content.pm.ResolveInfo;
-+import android.content.pm.ServiceInfo;
- import android.provider.Settings;
- 
-+import androidx.test.core.app.ApplicationProvider;
-+
- import com.android.settingslib.SettingsLibRobolectricTestRunner;
- 
-+import com.google.common.collect.ImmutableList;
-+
- import org.junit.Before;
- import org.junit.Test;
- import org.junit.runner.RunWith;
-+import org.mockito.ArgumentCaptor;
- import org.robolectric.RuntimeEnvironment;
- 
-+import java.util.List;
-+
- @RunWith(SettingsLibRobolectricTestRunner.class)
- public class ServiceListingTest {
- 
-@@ -39,16 +54,97 @@ public class ServiceListingTest {
-     private static final String TEST_INTENT = "com.example.intent";
- 
-     private ServiceListing mServiceListing;
-+    private Context mContext;
-+    private PackageManager mPm;
- 
-     @Before
-     public void setUp() {
--        mServiceListing = new ServiceListing.Builder(RuntimeEnvironment.application)
-+        mPm = mock(PackageManager.class);
-+        mContext = spy(ApplicationProvider.getApplicationContext());
-+        when(mContext.getPackageManager()).thenReturn(mPm);
-+
-+        mServiceListing = new ServiceListing.Builder(mContext)
-+                .setTag("testTag")
-+                .setSetting(TEST_SETTING)
-+                .setNoun("testNoun")
-+                .setIntentAction(TEST_INTENT)
-+                .setPermission("testPermission")
-+                .build();
-+    }
-+
-+    @Test
-+    public void testValidator() {
-+        ServiceInfo s1 = new ServiceInfo();
-+        s1.permission = "testPermission";
-+        s1.packageName = "pkg";
-+        ServiceInfo s2 = new ServiceInfo();
-+        s2.permission = "testPermission";
-+        s2.packageName = "pkg2";
-+        ResolveInfo r1 = new ResolveInfo();
-+        r1.serviceInfo = s1;
-+        ResolveInfo r2 = new ResolveInfo();
-+        r2.serviceInfo = s2;
-+
-+        when(mPm.queryIntentServicesAsUser(any(), anyInt(), anyInt())).thenReturn(
-+                ImmutableList.of(r1, r2));
-+
-+        mServiceListing = new ServiceListing.Builder(mContext)
-+                .setTag("testTag")
-+                .setSetting(TEST_SETTING)
-+                .setNoun("testNoun")
-+                .setIntentAction(TEST_INTENT)
-+                .setValidator(info -> {
-+                    if (info.packageName.equals("pkg")) {
-+                        return true;
-+                    }
-+                    return false;
-+                })
-+                .setPermission("testPermission")
-+                .build();
-+        ServiceListing.Callback callback = mock(ServiceListing.Callback.class);
-+        mServiceListing.addCallback(callback);
-+        mServiceListing.reload();
-+
-+        verify(mPm).queryIntentServicesAsUser(any(), anyInt(), anyInt());
-+        ArgumentCaptor<List<ServiceInfo>> captor = ArgumentCaptor.forClass(List.class);
-+        verify(callback, times(1)).onServicesReloaded(captor.capture());
-+
-+        assertThat(captor.getValue().size()).isEqualTo(1);
-+        assertThat(captor.getValue().get(0)).isEqualTo(s1);
-+    }
-+
-+    @Test
-+    public void testNoValidator() {
-+        ServiceInfo s1 = new ServiceInfo();
-+        s1.permission = "testPermission";
-+        s1.packageName = "pkg";
-+        ServiceInfo s2 = new ServiceInfo();
-+        s2.permission = "testPermission";
-+        s2.packageName = "pkg2";
-+        ResolveInfo r1 = new ResolveInfo();
-+        r1.serviceInfo = s1;
-+        ResolveInfo r2 = new ResolveInfo();
-+        r2.serviceInfo = s2;
-+
-+        when(mPm.queryIntentServicesAsUser(any(), anyInt(), anyInt())).thenReturn(
-+                ImmutableList.of(r1, r2));
-+
-+        mServiceListing = new ServiceListing.Builder(mContext)
-                 .setTag("testTag")
-                 .setSetting(TEST_SETTING)
-                 .setNoun("testNoun")
-                 .setIntentAction(TEST_INTENT)
-                 .setPermission("testPermission")
-                 .build();
-+        ServiceListing.Callback callback = mock(ServiceListing.Callback.class);
-+        mServiceListing.addCallback(callback);
-+        mServiceListing.reload();
-+
-+        verify(mPm).queryIntentServicesAsUser(any(), anyInt(), anyInt());
-+        ArgumentCaptor<List<ServiceInfo>> captor = ArgumentCaptor.forClass(List.class);
-+        verify(callback, times(1)).onServicesReloaded(captor.capture());
-+
-+        assertThat(captor.getValue().size()).isEqualTo(2);
-     }
- 
-     @Test
diff --git a/Patches/LineageOS-16.0/android_frameworks_base/358732-backport.patch b/Patches/LineageOS-16.0/android_frameworks_base/358732-backport.patch
deleted file mode 100644
index b5c98965..00000000
--- a/Patches/LineageOS-16.0/android_frameworks_base/358732-backport.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Valentin Iftime <valiiftime@google.com>
-Date: Wed, 22 Feb 2023 09:38:55 +0100
-Subject: [PATCH] Prevent RemoteViews crashing SystemUi
-
-  Catch canvas drawing exceptions caused  by unsuported image sizes.
-
-Test: 1. Post a custom view notification with a layout
-	containing an ImageView that references a 5k x 5k image
-2. Add an App Widget to the home screen with that has the
-	layout mentioned above as preview/initial layout.
-
-Bug: 268193777
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:cfc0b34432ab54e3fa472db5c43e620293f64a5d)
-Merged-In: Ib3bda769c499b4069b49c566b1b227f98f707a8a
-Change-Id: Ib3bda769c499b4069b49c566b1b227f98f707a8a
----
- .../android/appwidget/AppWidgetHostView.java  | 39 ++++++++++++++-----
- 1 file changed, 29 insertions(+), 10 deletions(-)
-
-diff --git a/core/java/android/appwidget/AppWidgetHostView.java b/core/java/android/appwidget/AppWidgetHostView.java
-index ab0eb92e1726..02b244bdd9a6 100644
---- a/core/java/android/appwidget/AppWidgetHostView.java
-+++ b/core/java/android/appwidget/AppWidgetHostView.java
-@@ -21,6 +21,7 @@ import android.content.Context;
- import android.content.pm.ApplicationInfo;
- import android.content.pm.PackageManager.NameNotFoundException;
- import android.content.res.Resources;
-+import android.graphics.Canvas;
- import android.graphics.Color;
- import android.graphics.Rect;
- import android.os.Build;
-@@ -248,19 +249,26 @@ public class AppWidgetHostView extends FrameLayout {
-             super.onLayout(changed, left, top, right, bottom);
-         } catch (final RuntimeException e) {
-             Log.e(TAG, "Remote provider threw runtime exception, using error view instead.", e);
--            removeViewInLayout(mView);
--            View child = getErrorView();
--            prepareView(child);
--            addViewInLayout(child, 0, child.getLayoutParams());
--            measureChild(child, MeasureSpec.makeMeasureSpec(getMeasuredWidth(), MeasureSpec.EXACTLY),
--                    MeasureSpec.makeMeasureSpec(getMeasuredHeight(), MeasureSpec.EXACTLY));
--            child.layout(0, 0, child.getMeasuredWidth() + mPaddingLeft + mPaddingRight,
--                    child.getMeasuredHeight() + mPaddingTop + mPaddingBottom);
--            mView = child;
--            mViewMode = VIEW_MODE_ERROR;
-+            handleViewError();
-         }
-     }
- 
-+    /**
-+     * Remove bad view and replace with error message view
-+     */
-+    private void handleViewError() {
-+        removeViewInLayout(mView);
-+        View child = getErrorView();
-+        prepareView(child);
-+        addViewInLayout(child, 0, child.getLayoutParams());
-+        measureChild(child, MeasureSpec.makeMeasureSpec(getMeasuredWidth(), MeasureSpec.EXACTLY),
-+                MeasureSpec.makeMeasureSpec(getMeasuredHeight(), MeasureSpec.EXACTLY));
-+        child.layout(0, 0, child.getMeasuredWidth() + mPaddingLeft + mPaddingRight,
-+                child.getMeasuredHeight() + mPaddingTop + mPaddingBottom);
-+        mView = child;
-+        mViewMode = VIEW_MODE_ERROR;
-+    }
-+
-     /**
-      * Provide guidance about the size of this widget to the AppWidgetManager. The widths and
-      * heights should correspond to the full area the AppWidgetHostView is given. Padding added by
-@@ -646,4 +654,15 @@ public class AppWidgetHostView extends FrameLayout {
-         super.onInitializeAccessibilityNodeInfoInternal(info);
-         info.setClassName(AppWidgetHostView.class.getName());
-     }
-+
-+    @Override
-+    protected void dispatchDraw(Canvas canvas) {
-+        try {
-+            super.dispatchDraw(canvas);
-+        } catch (Exception e) {
-+            // Catch draw exceptions that may be caused by RemoteViews
-+            Log.e(TAG, "Drawing view failed: " + e);
-+            post(this::handleViewError);
-+        }
-+    }
- }
diff --git a/Patches/LineageOS-16.0/android_packages_apps_Settings/358568-backport.patch b/Patches/LineageOS-16.0/android_packages_apps_Settings/358568-backport.patch
deleted file mode 100644
index b7b43e6d..00000000
--- a/Patches/LineageOS-16.0/android_packages_apps_Settings/358568-backport.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Dmitry Dementyev <dementyev@google.com>
-Date: Tue, 7 Mar 2023 10:36:41 -0800
-Subject: [PATCH] Convert argument to intent in AddAccountSettings.
-
-Bug: 265798353
-Test: manual
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:c7e8052b527434ed8660e3babdab718f7f3cd7da)
-Merged-In: I0051e5d5fc9fd3691504cb5fbb959f701e0bce6a
-Change-Id: I0051e5d5fc9fd3691504cb5fbb959f701e0bce6a
----
- src/com/android/settings/accounts/AddAccountSettings.java | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/com/android/settings/accounts/AddAccountSettings.java b/src/com/android/settings/accounts/AddAccountSettings.java
-index cca15c96d3..2e23e93124 100644
---- a/src/com/android/settings/accounts/AddAccountSettings.java
-+++ b/src/com/android/settings/accounts/AddAccountSettings.java
-@@ -102,7 +102,8 @@ public class AddAccountSettings extends Activity {
-                     addAccountOptions.putParcelable(EXTRA_USER, mUserHandle);
-                     intent.putExtras(addAccountOptions);
-                     intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
--                    startActivityForResultAsUser(intent, ADD_ACCOUNT_REQUEST, mUserHandle);
-+                    startActivityForResultAsUser(
-+                            new Intent(intent), ADD_ACCOUNT_REQUEST, mUserHandle);
-                 } else {
-                     setResult(RESULT_OK);
-                     if (mPendingIntent != null) {
diff --git a/Patches/LineageOS-16.0/android_packages_apps_TvSettings/358578.patch b/Patches/LineageOS-16.0/android_packages_apps_TvSettings/358578.patch
deleted file mode 100644
index 01bf6bab..00000000
--- a/Patches/LineageOS-16.0/android_packages_apps_TvSettings/358578.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Dmitry Dementyev <dementyev@google.com>
-Date: Tue, 7 Mar 2023 10:55:07 -0800
-Subject: [PATCH] Convert argument to intent in addAccount TvSettings.
-
-Bug: 265798353
-Test: manual
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:706edcb7532d74788f899968016b7a6273bfbcac)
-Merged-In: I06a63078f55ee8169123b1dfcf1811e682e0776e
-Change-Id: I06a63078f55ee8169123b1dfcf1811e682e0776e
----
- .../tv/settings/accounts/AddAccountWithTypeActivity.java        | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Settings/src/com/android/tv/settings/accounts/AddAccountWithTypeActivity.java b/Settings/src/com/android/tv/settings/accounts/AddAccountWithTypeActivity.java
-index a608bc4fa..ff71ac93b 100644
---- a/Settings/src/com/android/tv/settings/accounts/AddAccountWithTypeActivity.java
-+++ b/Settings/src/com/android/tv/settings/accounts/AddAccountWithTypeActivity.java
-@@ -52,7 +52,7 @@ public class AddAccountWithTypeActivity extends Activity {
-                     Log.e(TAG, "Failed to retrieve add account intent from authenticator");
-                     setResultAndFinish(Activity.RESULT_CANCELED);
-                 } else {
--                    startActivityForResult(addAccountIntent, REQUEST_ADD_ACCOUNT);
-+                    startActivityForResult(new Intent(addAccountIntent), REQUEST_ADD_ACCOUNT);
-                 }
-             } catch (IOException|AuthenticatorException|OperationCanceledException e) {
-                 Log.e(TAG, "Failed to get add account intent: ", e);
diff --git a/Patches/LineageOS-16.0/android_system_bt/358580.patch b/Patches/LineageOS-16.0/android_system_bt/358580.patch
deleted file mode 100644
index bbaf8638..00000000
--- a/Patches/LineageOS-16.0/android_system_bt/358580.patch
+++ /dev/null
@@ -1,107 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Brian Delwiche <delwiche@google.com>
-Date: Tue, 11 Oct 2022 21:23:22 +0000
-Subject: [PATCH] Prevent use-after-free of HID reports
-
-BTA sends the the HID report pointer to BTIF and deallocates it immediately.
-This is now prevented by providing a deep copy callback function for HID
-reports when tranferring context from BTA to BTIF.
-
-This is a backport of change Icef7a7ed1185b4283ee4fe4f812ca154d8f1b825,
-already merged on T for b/227620181.
-
-Bug: 228837201
-Test: Validated against researcher POC, ran BT unit tests, played audio
-manually.
-Tag: #security
-Ignore-AOSP-First: Security
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:874c495c886cd8722625756dc5fd0634b16b4f42)
-Merged-In: Ib837f395883de2369207f1b3b974d6bff02dcb19
-Change-Id: Ib837f395883de2369207f1b3b974d6bff02dcb19
----
- btif/src/btif_hh.cc | 50 ++++++++++++++++++++++++++++++++++++++++-----
- 1 file changed, 45 insertions(+), 5 deletions(-)
-
-diff --git a/btif/src/btif_hh.cc b/btif/src/btif_hh.cc
-index c5a90218a..b6441e1cc 100644
---- a/btif/src/btif_hh.cc
-+++ b/btif/src/btif_hh.cc
-@@ -1073,6 +1073,38 @@ static void btif_hh_upstreams_evt(uint16_t event, char* p_param) {
-   }
- }
- 
-+/*******************************************************************************
-+ *
-+ * Function         btif_hh_hsdata_rpt_copy_cb
-+ *
-+ * Description      Deep copies the tBTA_HH_HSDATA structure
-+ *
-+ * Returns          void
-+ *
-+ ******************************************************************************/
-+
-+static void btif_hh_hsdata_rpt_copy_cb(uint16_t event, char* p_dest,
-+                                       char* p_src) {
-+  tBTA_HH_HSDATA* p_dst_data = (tBTA_HH_HSDATA*)p_dest;
-+  tBTA_HH_HSDATA* p_src_data = (tBTA_HH_HSDATA*)p_src;
-+  BT_HDR* hdr;
-+
-+  if (!p_src) {
-+    BTIF_TRACE_ERROR("%s: Nothing to copy", __func__);
-+    return;
-+  }
-+
-+  memcpy(p_dst_data, p_src_data, sizeof(tBTA_HH_HSDATA));
-+
-+  hdr = p_src_data->rsp_data.p_rpt_data;
-+  if (hdr != NULL) {
-+    uint8_t* p_data = ((uint8_t*)p_dst_data) + sizeof(tBTA_HH_HSDATA);
-+    memcpy(p_data, hdr, BT_HDR_SIZE + hdr->offset + hdr->len);
-+
-+    p_dst_data->rsp_data.p_rpt_data = (BT_HDR*)p_data;
-+  }
-+}
-+
- /*******************************************************************************
-  *
-  * Function         bte_hh_evt
-@@ -1086,6 +1118,7 @@ static void btif_hh_upstreams_evt(uint16_t event, char* p_param) {
- void bte_hh_evt(tBTA_HH_EVT event, tBTA_HH* p_data) {
-   bt_status_t status;
-   int param_len = 0;
-+  tBTIF_COPY_CBACK* p_copy_cback = NULL;
- 
-   if (BTA_HH_ENABLE_EVT == event)
-     param_len = sizeof(tBTA_HH_STATUS);
-@@ -1097,11 +1130,18 @@ void bte_hh_evt(tBTA_HH_EVT event, tBTA_HH* p_data) {
-     param_len = sizeof(tBTA_HH_CBDATA);
-   else if (BTA_HH_GET_DSCP_EVT == event)
-     param_len = sizeof(tBTA_HH_DEV_DSCP_INFO);
--  else if ((BTA_HH_GET_PROTO_EVT == event) || (BTA_HH_GET_RPT_EVT == event) ||
--           (BTA_HH_GET_IDLE_EVT == event))
-+  else if ((BTA_HH_GET_PROTO_EVT == event) || (BTA_HH_GET_IDLE_EVT == event))
-+    param_len = sizeof(tBTA_HH_HSDATA);
-+  else if (BTA_HH_GET_RPT_EVT == event) {
-+    BT_HDR* hdr = p_data->hs_data.rsp_data.p_rpt_data;
-     param_len = sizeof(tBTA_HH_HSDATA);
--  else if ((BTA_HH_SET_PROTO_EVT == event) || (BTA_HH_SET_RPT_EVT == event) ||
--           (BTA_HH_VC_UNPLUG_EVT == event) || (BTA_HH_SET_IDLE_EVT == event))
-+
-+    if (hdr != NULL) {
-+      p_copy_cback = btif_hh_hsdata_rpt_copy_cb;
-+      param_len += BT_HDR_SIZE + hdr->offset + hdr->len;
-+    }
-+  } else if ((BTA_HH_SET_PROTO_EVT == event) || (BTA_HH_SET_RPT_EVT == event) ||
-+             (BTA_HH_VC_UNPLUG_EVT == event) || (BTA_HH_SET_IDLE_EVT == event))
-     param_len = sizeof(tBTA_HH_CBDATA);
-   else if ((BTA_HH_ADD_DEV_EVT == event) || (BTA_HH_RMV_DEV_EVT == event))
-     param_len = sizeof(tBTA_HH_DEV_INFO);
-@@ -1110,7 +1150,7 @@ void bte_hh_evt(tBTA_HH_EVT event, tBTA_HH* p_data) {
-   /* switch context to btif task context (copy full union size for convenience)
-    */
-   status = btif_transfer_context(btif_hh_upstreams_evt, (uint16_t)event,
--                                 (char*)p_data, param_len, NULL);
-+                                 (char*)p_data, param_len, p_copy_cback);
- 
-   /* catch any failed context transfers */
-   ASSERTC(status == BT_STATUS_SUCCESS, "context transfer failed", status);
diff --git a/Patches/LineageOS-16.0/android_system_bt/358581.patch b/Patches/LineageOS-16.0/android_system_bt/358581.patch
deleted file mode 100644
index 0b685f89..00000000
--- a/Patches/LineageOS-16.0/android_system_bt/358581.patch
+++ /dev/null
@@ -1,141 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Brian Delwiche <delwiche@google.com>
-Date: Tue, 21 Mar 2023 22:35:35 +0000
-Subject: [PATCH] Revert "Revert "[RESTRICT AUTOMERGE] Validate buffer length
- in sdpu_build_uuid_seq""
-
-This reverts commit 487a1079078f3717fdc4665c19a45eca5b3ec5e6.
-
-Reason for revert: Reinstate original change for QPR
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:a681067af2ea4565543238db3025d749923f63ec)
-Merged-In: If0528519a29dc73ff99163098da2a05592ab15d8
-Change-Id: If0528519a29dc73ff99163098da2a05592ab15d8
----
- stack/sdp/sdp_discovery.cc | 65 ++++++++++++++++++++++++++++++++++----
- 1 file changed, 58 insertions(+), 7 deletions(-)
-
-diff --git a/stack/sdp/sdp_discovery.cc b/stack/sdp/sdp_discovery.cc
-index 420259800..ffc9586cd 100644
---- a/stack/sdp/sdp_discovery.cc
-+++ b/stack/sdp/sdp_discovery.cc
-@@ -74,10 +74,15 @@ static uint8_t* add_attr(uint8_t* p, uint8_t* p_end, tSDP_DISCOVERY_DB* p_db,
-  *
-  ******************************************************************************/
- static uint8_t* sdpu_build_uuid_seq(uint8_t* p_out, uint16_t num_uuids,
--                                    Uuid* p_uuid_list) {
-+                                    Uuid* p_uuid_list, uint16_t& bytes_left) {
-   uint16_t xx;
-   uint8_t* p_len;
- 
-+  if (bytes_left < 2) {
-+    DCHECK(0) << "SDP: No space for data element header";
-+    return (p_out);
-+  }
-+
-   /* First thing is the data element header */
-   UINT8_TO_BE_STREAM(p_out, (DATA_ELE_SEQ_DESC_TYPE << 3) | SIZE_IN_NEXT_BYTE);
- 
-@@ -85,9 +90,20 @@ static uint8_t* sdpu_build_uuid_seq(uint8_t* p_out, uint16_t num_uuids,
-   p_len = p_out;
-   p_out += 1;
- 
-+  /* Account for data element header and length */
-+  bytes_left -= 2;
-+
-   /* Now, loop through and put in all the UUID(s) */
-   for (xx = 0; xx < num_uuids; xx++, p_uuid_list++) {
-     int len = p_uuid_list->GetShortestRepresentationSize();
-+
-+    if (len + 1 > bytes_left) {
-+      DCHECK(0) << "SDP: Too many UUIDs for internal buffer";
-+      break;
-+    } else {
-+      bytes_left -= (len + 1);
-+    }
-+
-     if (len == Uuid::kNumBytes16) {
-       UINT8_TO_BE_STREAM(p_out, (UUID_DESC_TYPE << 3) | SIZE_TWO_BYTES);
-       UINT16_TO_BE_STREAM(p_out, p_uuid_list->As16Bit());
-@@ -124,6 +140,7 @@ static void sdp_snd_service_search_req(tCONN_CB* p_ccb, uint8_t cont_len,
-   uint8_t *p, *p_start, *p_param_len;
-   BT_HDR* p_cmd = (BT_HDR*)osi_malloc(SDP_DATA_BUF_SIZE);
-   uint16_t param_len;
-+  uint16_t bytes_left = SDP_DATA_BUF_SIZE;
- 
-   /* Prepare the buffer for sending the packet to L2CAP */
-   p_cmd->offset = L2CAP_MIN_OFFSET;
-@@ -138,13 +155,30 @@ static void sdp_snd_service_search_req(tCONN_CB* p_ccb, uint8_t cont_len,
-   p_param_len = p;
-   p += 2;
- 
--/* Build the UID sequence. */
-+  /* Account for header size, max service record count and
-+   * continuation state */
-+  const uint16_t base_bytes = (sizeof(BT_HDR) + L2CAP_MIN_OFFSET +
-+                               3u + /* service search request header */
-+                               2u + /* param len */
-+                               3u + ((p_cont) ? cont_len : 0));
-+
-+  if (base_bytes > bytes_left) {
-+    DCHECK(0) << "SDP: Overran SDP data buffer";
-+    osi_free(p_cmd);
-+    return;
-+  }
-+
-+  bytes_left -= base_bytes;
-+
-+  /* Build the UID sequence. */
- #if (SDP_BROWSE_PLUS == TRUE)
-   p = sdpu_build_uuid_seq(p, 1,
--                          &p_ccb->p_db->uuid_filters[p_ccb->cur_uuid_idx]);
-+                          &p_ccb->p_db->uuid_filters[p_ccb->cur_uuid_idx],
-+                          bytes_left);
- #else
-+  /* Build the UID sequence. */
-   p = sdpu_build_uuid_seq(p, p_ccb->p_db->num_uuid_filters,
--                          p_ccb->p_db->uuid_filters);
-+                          p_ccb->p_db->uuid_filters, bytes_left);
- #endif
- 
-   /* Set max service record count */
-@@ -636,6 +670,7 @@ static void process_service_search_attr_rsp(tCONN_CB* p_ccb, uint8_t* p_reply,
-   if ((cont_request_needed) || (!p_reply)) {
-     BT_HDR* p_msg = (BT_HDR*)osi_malloc(SDP_DATA_BUF_SIZE);
-     uint8_t* p;
-+    uint16_t bytes_left = SDP_DATA_BUF_SIZE;
- 
-     p_msg->offset = L2CAP_MIN_OFFSET;
-     p = p_start = (uint8_t*)(p_msg + 1) + L2CAP_MIN_OFFSET;
-@@ -649,13 +684,29 @@ static void process_service_search_attr_rsp(tCONN_CB* p_ccb, uint8_t* p_reply,
-     p_param_len = p;
-     p += 2;
- 
--/* Build the UID sequence. */
-+    /* Account for header size, max service record count and
-+     * continuation state */
-+    const uint16_t base_bytes = (sizeof(BT_HDR) + L2CAP_MIN_OFFSET +
-+                                 3u + /* service search request header */
-+                                 2u + /* param len */
-+                                 3u + /* max service record count */
-+                                 ((p_reply) ? (*p_reply) : 0));
-+
-+    if (base_bytes > bytes_left) {
-+      sdp_disconnect(p_ccb, SDP_INVALID_CONT_STATE);
-+      return;
-+    }
-+
-+    bytes_left -= base_bytes;
-+
-+    /* Build the UID sequence. */
- #if (SDP_BROWSE_PLUS == TRUE)
-     p = sdpu_build_uuid_seq(p, 1,
--                            &p_ccb->p_db->uuid_filters[p_ccb->cur_uuid_idx]);
-+                            &p_ccb->p_db->uuid_filters[p_ccb->cur_uuid_idx],
-+                            bytes_left);
- #else
-     p = sdpu_build_uuid_seq(p, p_ccb->p_db->num_uuid_filters,
--                            p_ccb->p_db->uuid_filters);
-+                            p_ccb->p_db->uuid_filters, bytes_left);
- #endif
- 
-     /* Max attribute byte count */
diff --git a/Patches/LineageOS-16.0/android_system_bt/358582.patch b/Patches/LineageOS-16.0/android_system_bt/358582.patch
deleted file mode 100644
index 8674368f..00000000
--- a/Patches/LineageOS-16.0/android_system_bt/358582.patch
+++ /dev/null
@@ -1,82 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Brian Delwiche <delwiche@google.com>
-Date: Tue, 21 Mar 2023 22:39:16 +0000
-Subject: [PATCH] Revert "Revert "Fix wrong BR/EDR link key downgrades
- (P_256->P_192)""
-
-This reverts commit d733c86cbc06ce0ec72216b9d41e172d1939c46f.
-
-Function btm_sec_encrypt_change() is called at most places
-with argument "encr_enable" treated as bool and not as per
-(tHCI_ENCRYPT_MODE = 0/1/2) expected by the function. The
-function has special handling for "encr_enable=1" to downgrade
-the link key type for BR/EDR case. This gets executed even
-when the caller/context did not mean/expect so. It appears
-this handling in btm_sec_encrypt_change() is not necessary and
-is removed by this commit to prevent accidental execution of it.
-
-Test: Verified re-pairing with an iPhone works fine now
-
-Issue Reproduction Steps:
-1. Enable Bluetooth Hotspot on Android device (DUT).
-2. Pair and connect an iPhone to DUT.
-3. Forget this pairing on DUT.
-4. On iPhone settings, click on old DUT's paired entry to connect.
-5. iPhone notifies to click 'Forget Device' and try fresh pairing.
-6. On iPhone, after doing 'Forget Device', discover DUT again.
-7. Attempt pairing to DUT by clicking on discovered DUT entry.
-   Pairing will be unsuccessful.
-
-Issue Cause:
-During re-pairing, DUT is seen to downgrade
-BR/EDR link key unexpectedly from link key type 0x8
-(BTM_LKEY_TYPE_AUTH_COMB_P_256) to 0x5 (BTM_LKEY_TYPE_AUTH_COMB).
-
-Log snippet (re-pairing time):
-btm_sec_link_key_notification set new_encr_key_256 to 1
-btif_dm_auth_cmpl_evt: Storing link key. key_type=0x8, bond_type=1
-btm_sec_encrypt_change new_encr_key_256 is 1
---On DUT, HCI_Encryption_Key_Refresh_Complete event noticed---
-btm_sec_encrypt_change new_encr_key_256 is 0
-updated link key type to 5
-btif_dm_auth_cmpl_evt: Storing link key. key_type=0x5, bond_type=1
-
-This is a backport of the following patch: aosp/1890096
-
-Bug: 258834033
-
-Reason for revert: Reinstate original change for QPR
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:56891eedc68c86b40977191dad28d65ebf86a94f)
-Merged-In: Iba0c220b82bcf6b15368762b7052a3987ccbc0c6
-Change-Id: Iba0c220b82bcf6b15368762b7052a3987ccbc0c6
----
- stack/btm/btm_sec.cc | 16 ----------------
- 1 file changed, 16 deletions(-)
-
-diff --git a/stack/btm/btm_sec.cc b/stack/btm/btm_sec.cc
-index 168750140..899b6b908 100644
---- a/stack/btm/btm_sec.cc
-+++ b/stack/btm/btm_sec.cc
-@@ -4030,22 +4030,6 @@ void btm_sec_encrypt_change(uint16_t handle, uint8_t status,
-           SMP_BR_PairWith(p_dev_rec->bd_addr);
-         }
-       }
--    } else {
--      // BR/EDR is successfully encrypted. Correct LK type if needed
--      // (BR/EDR LK derived from LE LTK was used for encryption)
--      if ((encr_enable == 1) && /* encryption is ON for SSP */
--          /* LK type is for BR/EDR SC */
--          (p_dev_rec->link_key_type == BTM_LKEY_TYPE_UNAUTH_COMB_P_256 ||
--           p_dev_rec->link_key_type == BTM_LKEY_TYPE_AUTH_COMB_P_256)) {
--        if (p_dev_rec->link_key_type == BTM_LKEY_TYPE_UNAUTH_COMB_P_256)
--          p_dev_rec->link_key_type = BTM_LKEY_TYPE_UNAUTH_COMB;
--        else /* BTM_LKEY_TYPE_AUTH_COMB_P_256 */
--          p_dev_rec->link_key_type = BTM_LKEY_TYPE_AUTH_COMB;
--
--        BTM_TRACE_DEBUG("updated link key type to %d",
--                        p_dev_rec->link_key_type);
--        btm_send_link_key_notif(p_dev_rec);
--      }
-     }
-   }
- 
diff --git a/Scripts/LineageOS-16.0/Functions.sh b/Scripts/LineageOS-16.0/Functions.sh
index 444a30b4..ae630c5b 100644
--- a/Scripts/LineageOS-16.0/Functions.sh
+++ b/Scripts/LineageOS-16.0/Functions.sh
@@ -91,6 +91,7 @@ patchWorkspaceReal() {
 	repopick -fit P_asb_2023-03;
 	repopick -fit P_asb_2023-04;
 	repopick -fit P_asb_2023-05;
+	repopick -fit P_asb_2023-06;
 
 	sh "$DOS_SCRIPTS/Patch.sh";
 	sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";
diff --git a/Scripts/LineageOS-16.0/Patch.sh b/Scripts/LineageOS-16.0/Patch.sh
index 2c0df60c..f970d7d0 100644
--- a/Scripts/LineageOS-16.0/Patch.sh
+++ b/Scripts/LineageOS-16.0/Patch.sh
@@ -148,14 +148,9 @@ fi;
 
 if enterAndClear "frameworks/av"; then
 if [ "$DOS_GRAPHENE_MALLOC" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch"; fi; #(GrapheneOS)
-applyPatch "$DOS_PATCHES/android_frameworks_av/358555.patch"; #R_asb_2023-06 Fix NuMediaExtractor::readSampleData buffer Handling
 fi;
 
 if enterAndClear "frameworks/base"; then
-applyPatch "$DOS_PATCHES/android_frameworks_base/358560-backport.patch"; #R_asb_2023-06 Check key intent for selectors and prohibited flags
-applyPatch "$DOS_PATCHES/android_frameworks_base/358561-backport.patch"; #R_asb_2023-06 Handle invalid data during job loading.
-applyPatch "$DOS_PATCHES/android_frameworks_base/358562-backport.patch"; #R_asb_2023-06 Allow filtering of services
-applyPatch "$DOS_PATCHES/android_frameworks_base/358732-backport.patch"; #n-asb-2023-06 Prevent RemoteViews crashing SystemUi
 applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch"; #Allow SystemUI to directly manage Bluetooth/WiFi (GrapheneOS)
@@ -299,7 +294,6 @@ fi;
 
 if enterAndClear "packages/apps/Settings"; then
 git revert --no-edit c240992b4c86c7f226290807a2f41f2619e7e5e8; #Don't hide OEM unlock
-applyPatch "$DOS_PATCHES/android_packages_apps_Settings/358568-backport.patch"; #R_asb_2023-06 Convert argument to intent in AddAccountSettings.
 applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969)
 #applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0004-Private_DNS.patch"; #More 'Private DNS' options (heavily based off of a CalyxOS patch) #TODO: Needs work
 sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 64;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase default max password length to 64 (GrapheneOS)
@@ -314,10 +308,6 @@ if enterAndClear "packages/apps/Trebuchet"; then
 cp $DOS_BUILD_BASE/vendor/divested/overlay/common/packages/apps/Trebuchet/res/xml/default_workspace_*.xml res/xml/; #XXX: Likely no longer needed
 fi;
 
-if enterAndClear "packages/apps/TvSettings"; then
-applyPatch "$DOS_PATCHES/android_packages_apps_TvSettings/358578.patch"; #R_asb_2023-06 Convert argument to intent in addAccount TvSettings.
-fi;
-
 if enterAndClear "packages/apps/Updater"; then
 applyPatch "$DOS_PATCHES/android_packages_apps_Updater/0001-Server.patch"; #Switch to our server (DivestOS)
 applyPatch "$DOS_PATCHES/android_packages_apps_Updater/0002-Tor_Support.patch"; #Add Tor support (DivestOS)
@@ -345,9 +335,6 @@ applyPatch "$DOS_PATCHES/android_packages_services_Telephony/0002-More_Preferred
 fi;
 
 if enterAndClear "system/bt"; then
-applyPatch "$DOS_PATCHES/android_system_bt/358580.patch"; #R_asb_2023-06 Prevent use-after-free of HID reports
-applyPatch "$DOS_PATCHES/android_system_bt/358581.patch"; #R_asb_2023-06 Revert "Revert "[RESTRICT AUTOMERGE] Validate buffer length in sdpu_build_uuid_seq""
-applyPatch "$DOS_PATCHES/android_system_bt/358582.patch"; #R_asb_2023-06 Revert "Revert "Fix wrong BR/EDR link key downgrades (P_256->P_192)""
 #applyPatch "$DOS_PATCHES_COMMON/android_system_bt/0001-alloc_size.patch"; #Add alloc_size attributes to the allocator (GrapheneOS)
 fi;