mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2025-01-25 23:05:56 -05:00
16.0: switch to upstream P_asb_2023-06
Has two extra patches for Traceur, but misses a patch for CarSettings Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
parent
4282c7c35f
commit
f2c8005853
@ -1,75 +0,0 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Ray Essick <essick@google.com>
|
||||
Date: Mon, 27 Mar 2023 18:16:46 -0500
|
||||
Subject: [PATCH] Fix NuMediaExtractor::readSampleData buffer Handling
|
||||
|
||||
readSampleData() did not initialize buffer before filling it,
|
||||
leading to OOB memory references. Correct and clarify the book
|
||||
keeping around output buffer management.
|
||||
|
||||
Bug: 275418191
|
||||
Test: CtsMediaExtractorTestCases w/debug messages
|
||||
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:943fc12219b21d2a98f0ddc070b9b316a6f5d412)
|
||||
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:84c69bca81175feb2fd97ebb22e432ee41572786)
|
||||
Merged-In: Ie744f118526f100d82a312c64f7c6fcf20773b6d
|
||||
Change-Id: Ie744f118526f100d82a312c64f7c6fcf20773b6d
|
||||
---
|
||||
media/libstagefright/NuMediaExtractor.cpp | 14 +++++++++-----
|
||||
1 file changed, 9 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/media/libstagefright/NuMediaExtractor.cpp b/media/libstagefright/NuMediaExtractor.cpp
|
||||
index 4a7d6ca7ad..90ddcb81c3 100644
|
||||
--- a/media/libstagefright/NuMediaExtractor.cpp
|
||||
+++ b/media/libstagefright/NuMediaExtractor.cpp
|
||||
@@ -607,9 +607,11 @@ status_t NuMediaExtractor::appendVorbisNumPageSamples(
|
||||
numPageSamples = -1;
|
||||
}
|
||||
|
||||
+ // insert, including accounting for the space used.
|
||||
memcpy((uint8_t *)buffer->data() + mbuf->range_length(),
|
||||
&numPageSamples,
|
||||
sizeof(numPageSamples));
|
||||
+ buffer->setRange(buffer->offset(), buffer->size() + sizeof(numPageSamples));
|
||||
|
||||
uint32_t type;
|
||||
const void *data;
|
||||
@@ -658,6 +660,8 @@ status_t NuMediaExtractor::readSampleData(const sp<ABuffer> &buffer) {
|
||||
|
||||
ssize_t minIndex = fetchAllTrackSamples();
|
||||
|
||||
+ buffer->setRange(0, 0); // start with an empty buffer
|
||||
+
|
||||
if (minIndex < 0) {
|
||||
return ERROR_END_OF_STREAM;
|
||||
}
|
||||
@@ -673,25 +677,25 @@ status_t NuMediaExtractor::readSampleData(const sp<ABuffer> &buffer) {
|
||||
sampleSize += sizeof(int32_t);
|
||||
}
|
||||
|
||||
+ // capacity() is ok since we cleared out the buffer
|
||||
if (buffer->capacity() < sampleSize) {
|
||||
return -ENOMEM;
|
||||
}
|
||||
|
||||
+ const size_t srclen = it->mBuffer->range_length();
|
||||
const uint8_t *src =
|
||||
(const uint8_t *)it->mBuffer->data()
|
||||
+ it->mBuffer->range_offset();
|
||||
|
||||
- memcpy((uint8_t *)buffer->data(), src, it->mBuffer->range_length());
|
||||
+ memcpy((uint8_t *)buffer->data(), src, srclen);
|
||||
+ buffer->setRange(0, srclen);
|
||||
|
||||
status_t err = OK;
|
||||
if (info->mTrackFlags & kIsVorbis) {
|
||||
+ // adjusts range when it inserts the extra bits
|
||||
err = appendVorbisNumPageSamples(it->mBuffer, buffer);
|
||||
}
|
||||
|
||||
- if (err == OK) {
|
||||
- buffer->setRange(0, sampleSize);
|
||||
- }
|
||||
-
|
||||
return err;
|
||||
}
|
||||
|
@ -1,167 +0,0 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Brian Lee <brnlee@google.com>
|
||||
Date: Fri, 17 Feb 2023 16:05:17 -0800
|
||||
Subject: [PATCH] Check key intent for selectors and prohibited flags
|
||||
|
||||
Bug: 265015796
|
||||
Test: atest
|
||||
FrameworksServicesTests: com.android.server.accounts.AccountManagerServiceTest
|
||||
(cherry picked from commit e53a96304352e2965176c8d32ac1b504e52ef185)
|
||||
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:92114886bdce8467c52c655c186f3e7ab1e134d8)
|
||||
Merged-In: Ie16f8654337bd75eaad3156817470674b4f0cee3
|
||||
Change-Id: Ie16f8654337bd75eaad3156817470674b4f0cee3
|
||||
---
|
||||
.../accounts/AccountManagerService.java | 18 +++++++---
|
||||
.../accounts/AccountManagerServiceTest.java | 36 +++++++++++++++++++
|
||||
.../AccountManagerServiceTestFixtures.java | 5 ++-
|
||||
.../TestAccountType1Authenticator.java | 5 +--
|
||||
4 files changed, 54 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java
|
||||
index d2f5d59e7030..36732273ab6f 100644
|
||||
--- a/services/core/java/com/android/server/accounts/AccountManagerService.java
|
||||
+++ b/services/core/java/com/android/server/accounts/AccountManagerService.java
|
||||
@@ -4785,10 +4785,6 @@ public class AccountManagerService
|
||||
if (intent.getClipData() == null) {
|
||||
intent.setClipData(ClipData.newPlainText(null, null));
|
||||
}
|
||||
- intent.setFlags(intent.getFlags() & ~(Intent.FLAG_GRANT_READ_URI_PERMISSION
|
||||
- | Intent.FLAG_GRANT_WRITE_URI_PERMISSION
|
||||
- | Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION
|
||||
- | Intent.FLAG_GRANT_PREFIX_URI_PERMISSION));
|
||||
long bid = Binder.clearCallingIdentity();
|
||||
try {
|
||||
PackageManager pm = mContext.getPackageManager();
|
||||
@@ -4835,7 +4831,19 @@ public class AccountManagerService
|
||||
if (intent == null) {
|
||||
return (simulateIntent == null);
|
||||
}
|
||||
- return intent.filterEquals(simulateIntent);
|
||||
+ if (!intent.filterEquals(simulateIntent)) {
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
+ if (intent.getSelector() != simulateIntent.getSelector()) {
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
+ int prohibitedFlags = Intent.FLAG_GRANT_READ_URI_PERMISSION
|
||||
+ | Intent.FLAG_GRANT_WRITE_URI_PERMISSION
|
||||
+ | Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION
|
||||
+ | Intent.FLAG_GRANT_PREFIX_URI_PERMISSION;
|
||||
+ return (simulateIntent.getFlags() & prohibitedFlags) == 0;
|
||||
}
|
||||
|
||||
private boolean isExportedSystemActivity(ActivityInfo activityInfo) {
|
||||
diff --git a/services/tests/servicestests/src/com/android/server/accounts/AccountManagerServiceTest.java b/services/tests/servicestests/src/com/android/server/accounts/AccountManagerServiceTest.java
|
||||
index 73267e4868a6..c063f645a4ea 100644
|
||||
--- a/services/tests/servicestests/src/com/android/server/accounts/AccountManagerServiceTest.java
|
||||
+++ b/services/tests/servicestests/src/com/android/server/accounts/AccountManagerServiceTest.java
|
||||
@@ -17,6 +17,7 @@
|
||||
package com.android.server.accounts;
|
||||
|
||||
import static android.database.sqlite.SQLiteDatabase.deleteDatabase;
|
||||
+import static org.mockito.ArgumentMatchers.contains;
|
||||
import static org.mockito.Matchers.any;
|
||||
import static org.mockito.Matchers.anyBoolean;
|
||||
import static org.mockito.Matchers.anyInt;
|
||||
@@ -681,6 +682,41 @@ public class AccountManagerServiceTest extends AndroidTestCase {
|
||||
assertNotNull(intent.getParcelableExtra(AccountManagerServiceTestFixtures.KEY_CALLBACK));
|
||||
}
|
||||
|
||||
+ @SmallTest
|
||||
+ public void testStartAddAccountSessionWhereAuthenticatorReturnsIntentWithProhibitedFlags()
|
||||
+ throws Exception {
|
||||
+ unlockSystemUser();
|
||||
+ ResolveInfo resolveInfo = new ResolveInfo();
|
||||
+ resolveInfo.activityInfo = new ActivityInfo();
|
||||
+ resolveInfo.activityInfo.applicationInfo = new ApplicationInfo();
|
||||
+ when(mMockPackageManager.resolveActivityAsUser(
|
||||
+ any(Intent.class), anyInt(), anyInt())).thenReturn(resolveInfo);
|
||||
+ when(mMockPackageManager.checkSignatures(
|
||||
+ anyInt(), anyInt())).thenReturn(PackageManager.SIGNATURE_MATCH);
|
||||
+
|
||||
+ final CountDownLatch latch = new CountDownLatch(1);
|
||||
+ Response response = new Response(latch, mMockAccountManagerResponse);
|
||||
+ Bundle options = createOptionsWithAccountName(
|
||||
+ AccountManagerServiceTestFixtures.ACCOUNT_NAME_INTERVENE);
|
||||
+ int prohibitedFlags = Intent.FLAG_GRANT_READ_URI_PERMISSION
|
||||
+ | Intent.FLAG_GRANT_WRITE_URI_PERMISSION
|
||||
+ | Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION
|
||||
+ | Intent.FLAG_GRANT_PREFIX_URI_PERMISSION;
|
||||
+ options.putInt(AccountManagerServiceTestFixtures.KEY_INTENT_FLAGS, prohibitedFlags);
|
||||
+
|
||||
+ mAms.startAddAccountSession(
|
||||
+ response, // response
|
||||
+ AccountManagerServiceTestFixtures.ACCOUNT_TYPE_1, // accountType
|
||||
+ "authTokenType",
|
||||
+ null, // requiredFeatures
|
||||
+ true, // expectActivityLaunch
|
||||
+ options); // optionsIn
|
||||
+ waitForLatch(latch);
|
||||
+
|
||||
+ verify(mMockAccountManagerResponse).onError(
|
||||
+ eq(AccountManager.ERROR_CODE_INVALID_RESPONSE), contains("invalid intent"));
|
||||
+ }
|
||||
+
|
||||
@SmallTest
|
||||
public void testStartAddAccountSessionError() throws Exception {
|
||||
unlockSystemUser();
|
||||
diff --git a/services/tests/servicestests/src/com/android/server/accounts/AccountManagerServiceTestFixtures.java b/services/tests/servicestests/src/com/android/server/accounts/AccountManagerServiceTestFixtures.java
|
||||
index 73f30d9f9e79..b98a6a891d55 100644
|
||||
--- a/services/tests/servicestests/src/com/android/server/accounts/AccountManagerServiceTestFixtures.java
|
||||
+++ b/services/tests/servicestests/src/com/android/server/accounts/AccountManagerServiceTestFixtures.java
|
||||
@@ -17,9 +17,6 @@ package com.android.server.accounts;
|
||||
|
||||
import android.accounts.Account;
|
||||
|
||||
-import java.util.ArrayList;
|
||||
-import java.util.List;
|
||||
-
|
||||
/**
|
||||
* Constants shared between test AccountAuthenticators and AccountManagerServiceTest.
|
||||
*/
|
||||
@@ -31,6 +28,8 @@ public final class AccountManagerServiceTestFixtures {
|
||||
"account_manager_service_test:account_status_token_key";
|
||||
public static final String KEY_ACCOUNT_PASSWORD =
|
||||
"account_manager_service_test:account_password_key";
|
||||
+ public static final String KEY_INTENT_FLAGS =
|
||||
+ "account_manager_service_test:intent_flags_key";
|
||||
public static final String KEY_OPTIONS_BUNDLE =
|
||||
"account_manager_service_test:option_bundle_key";
|
||||
public static final String ACCOUNT_NAME_SUCCESS = "success_on_return@fixture.com";
|
||||
diff --git a/services/tests/servicestests/src/com/android/server/accounts/TestAccountType1Authenticator.java b/services/tests/servicestests/src/com/android/server/accounts/TestAccountType1Authenticator.java
|
||||
index 8106364477d9..924443e9d5cf 100644
|
||||
--- a/services/tests/servicestests/src/com/android/server/accounts/TestAccountType1Authenticator.java
|
||||
+++ b/services/tests/servicestests/src/com/android/server/accounts/TestAccountType1Authenticator.java
|
||||
@@ -24,8 +24,6 @@ import android.content.Context;
|
||||
import android.content.Intent;
|
||||
import android.os.Bundle;
|
||||
|
||||
-import com.android.frameworks.servicestests.R;
|
||||
-
|
||||
import java.util.concurrent.atomic.AtomicInteger;
|
||||
|
||||
/**
|
||||
@@ -270,11 +268,13 @@ public class TestAccountType1Authenticator extends AbstractAccountAuthenticator
|
||||
String accountName = null;
|
||||
Bundle sessionBundle = null;
|
||||
String password = null;
|
||||
+ int intentFlags = 0;
|
||||
if (options != null) {
|
||||
accountName = options.getString(AccountManagerServiceTestFixtures.KEY_ACCOUNT_NAME);
|
||||
sessionBundle = options.getBundle(
|
||||
AccountManagerServiceTestFixtures.KEY_ACCOUNT_SESSION_BUNDLE);
|
||||
password = options.getString(AccountManagerServiceTestFixtures.KEY_ACCOUNT_PASSWORD);
|
||||
+ intentFlags = options.getInt(AccountManagerServiceTestFixtures.KEY_INTENT_FLAGS, 0);
|
||||
}
|
||||
|
||||
Bundle result = new Bundle();
|
||||
@@ -302,6 +302,7 @@ public class TestAccountType1Authenticator extends AbstractAccountAuthenticator
|
||||
intent.putExtra(AccountManagerServiceTestFixtures.KEY_RESULT,
|
||||
eventualActivityResultData);
|
||||
intent.putExtra(AccountManagerServiceTestFixtures.KEY_CALLBACK, response);
|
||||
+ intent.setFlags(intentFlags);
|
||||
|
||||
result.putParcelable(AccountManager.KEY_INTENT, intent);
|
||||
} else {
|
@ -1,79 +0,0 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Kweku Adams <kwekua@google.com>
|
||||
Date: Wed, 21 Sep 2022 22:13:01 +0000
|
||||
Subject: [PATCH] Handle invalid data during job loading.
|
||||
|
||||
Catch exceptions that may be thrown if invalid data ended up in the
|
||||
persisted job file.
|
||||
|
||||
Bug: 246541702
|
||||
Bug: 246542132
|
||||
Bug: 246542285
|
||||
Bug: 246542330
|
||||
Test: install test app with invalid job config, start app to schedule job, then reboot device
|
||||
(cherry picked from commit c98fb42b480b3beedc2d94de6110f50212c4aa0b)
|
||||
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:df1ba00dd9f64a3ae9a9e05979dfae6a15c7e203)
|
||||
Merged-In: Id0ceba345942baf21177f687b8dd85ef001c0a9e
|
||||
Change-Id: Id0ceba345942baf21177f687b8dd85ef001c0a9e
|
||||
---
|
||||
.../java/com/android/server/job/JobStore.java | 26 ++++++++++++++++---
|
||||
1 file changed, 23 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/services/core/java/com/android/server/job/JobStore.java b/services/core/java/com/android/server/job/JobStore.java
|
||||
index 4f8b1dcc6bb4..7f2d7fb5987d 100644
|
||||
--- a/services/core/java/com/android/server/job/JobStore.java
|
||||
+++ b/services/core/java/com/android/server/job/JobStore.java
|
||||
@@ -623,6 +623,10 @@ public final class JobStore {
|
||||
}
|
||||
} catch (XmlPullParserException | IOException e) {
|
||||
Slog.wtf(TAG, "Error jobstore xml.", e);
|
||||
+ } catch (Exception e) {
|
||||
+ // Crashing at this point would result in a boot loop, so live with a general
|
||||
+ // Exception for system stability's sake.
|
||||
+ Slog.wtf(TAG, "Unexpected exception", e);
|
||||
} finally {
|
||||
if (mPersistInfo.countAllJobsLoaded < 0) { // Only set them once.
|
||||
mPersistInfo.countAllJobsLoaded = numJobs;
|
||||
@@ -753,6 +757,15 @@ public final class JobStore {
|
||||
} catch (NumberFormatException e) {
|
||||
Slog.d(TAG, "Error reading constraints, skipping.");
|
||||
return null;
|
||||
+ } catch (XmlPullParserException e) {
|
||||
+ Slog.d(TAG, "Error Parser Exception.", e);
|
||||
+ return null;
|
||||
+ } catch (IOException e) {
|
||||
+ Slog.d(TAG, "Error I/O Exception.", e);
|
||||
+ return null;
|
||||
+ } catch (IllegalArgumentException e) {
|
||||
+ Slog.e(TAG, "Constraints contained invalid data", e);
|
||||
+ return null;
|
||||
}
|
||||
parser.next(); // Consume </constraints>
|
||||
|
||||
@@ -848,8 +861,14 @@ public final class JobStore {
|
||||
return null;
|
||||
}
|
||||
|
||||
- PersistableBundle extras = PersistableBundle.restoreFromXml(parser);
|
||||
- jobBuilder.setExtras(extras);
|
||||
+ final PersistableBundle extras;
|
||||
+ try {
|
||||
+ extras = PersistableBundle.restoreFromXml(parser);
|
||||
+ jobBuilder.setExtras(extras);
|
||||
+ } catch (IllegalArgumentException e) {
|
||||
+ Slog.e(TAG, "Persisted extras contained invalid data", e);
|
||||
+ return null;
|
||||
+ }
|
||||
parser.nextTag(); // Consume </extras>
|
||||
|
||||
// Migrate sync jobs forward from earlier, incomplete representation
|
||||
@@ -887,7 +906,8 @@ public final class JobStore {
|
||||
return new JobInfo.Builder(jobId, cname);
|
||||
}
|
||||
|
||||
- private void buildConstraintsFromXml(JobInfo.Builder jobBuilder, XmlPullParser parser) {
|
||||
+ private void buildConstraintsFromXml(JobInfo.Builder jobBuilder, XmlPullParser parser)
|
||||
+ throws XmlPullParserException, IOException {
|
||||
String val;
|
||||
|
||||
final String netCapabilities = parser.getAttributeValue(null, "net-capabilities");
|
@ -1,232 +0,0 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Julia Reynolds <juliacr@google.com>
|
||||
Date: Tue, 7 Mar 2023 15:44:49 -0500
|
||||
Subject: [PATCH] Allow filtering of services
|
||||
|
||||
Test: ServiceListingTest
|
||||
Bug: 260570119
|
||||
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:44dcb8351e61f4b3a63ec68fa5d8490501e8a823)
|
||||
Merged-In: Ib4740ba401667de62fa1a33334c2c1fbee25b760
|
||||
Change-Id: Ib4740ba401667de62fa1a33334c2c1fbee25b760
|
||||
---
|
||||
.../applications/ServiceListing.java | 19 +++-
|
||||
.../applications/ServiceListingTest.java | 98 ++++++++++++++++++-
|
||||
2 files changed, 113 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/packages/SettingsLib/src/com/android/settingslib/applications/ServiceListing.java b/packages/SettingsLib/src/com/android/settingslib/applications/ServiceListing.java
|
||||
index 3c3c70ac364e..8c1cc256eee4 100644
|
||||
--- a/packages/SettingsLib/src/com/android/settingslib/applications/ServiceListing.java
|
||||
+++ b/packages/SettingsLib/src/com/android/settingslib/applications/ServiceListing.java
|
||||
@@ -37,6 +37,7 @@ import com.android.settingslib.wrapper.PackageManagerWrapper;
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
+import java.util.function.Predicate;
|
||||
|
||||
/**
|
||||
* Class for managing services matching a given intent and requesting a given permission.
|
||||
@@ -52,11 +53,13 @@ public class ServiceListing {
|
||||
private final HashSet<ComponentName> mEnabledServices = new HashSet<>();
|
||||
private final List<ServiceInfo> mServices = new ArrayList<>();
|
||||
private final List<Callback> mCallbacks = new ArrayList<>();
|
||||
+ private final Predicate mValidator;
|
||||
|
||||
private boolean mListening;
|
||||
|
||||
private ServiceListing(Context context, String tag,
|
||||
- String setting, String intentAction, String permission, String noun) {
|
||||
+ String setting, String intentAction, String permission, String noun,
|
||||
+ Predicate validator) {
|
||||
mContentResolver = context.getContentResolver();
|
||||
mContext = context;
|
||||
mTag = tag;
|
||||
@@ -64,6 +67,7 @@ public class ServiceListing {
|
||||
mIntentAction = intentAction;
|
||||
mPermission = permission;
|
||||
mNoun = noun;
|
||||
+ mValidator = validator;
|
||||
}
|
||||
|
||||
public void addCallback(Callback callback) {
|
||||
@@ -133,7 +137,6 @@ public class ServiceListing {
|
||||
new Intent(mIntentAction),
|
||||
PackageManager.GET_SERVICES | PackageManager.GET_META_DATA,
|
||||
user);
|
||||
-
|
||||
for (ResolveInfo resolveInfo : installedServices) {
|
||||
ServiceInfo info = resolveInfo.serviceInfo;
|
||||
|
||||
@@ -144,6 +147,9 @@ public class ServiceListing {
|
||||
+ mPermission);
|
||||
continue;
|
||||
}
|
||||
+ if (mValidator != null && !mValidator.test(info)) {
|
||||
+ continue;
|
||||
+ }
|
||||
mServices.add(info);
|
||||
}
|
||||
for (Callback callback : mCallbacks) {
|
||||
@@ -189,6 +195,7 @@ public class ServiceListing {
|
||||
private String mIntentAction;
|
||||
private String mPermission;
|
||||
private String mNoun;
|
||||
+ private Predicate mValidator;
|
||||
|
||||
public Builder(Context context) {
|
||||
mContext = context;
|
||||
@@ -219,8 +226,14 @@ public class ServiceListing {
|
||||
return this;
|
||||
}
|
||||
|
||||
+ public Builder setValidator(Predicate<ServiceInfo> validator) {
|
||||
+ mValidator = validator;
|
||||
+ return this;
|
||||
+ }
|
||||
+
|
||||
public ServiceListing build() {
|
||||
- return new ServiceListing(mContext, mTag, mSetting, mIntentAction, mPermission, mNoun);
|
||||
+ return new ServiceListing(mContext, mTag, mSetting, mIntentAction, mPermission, mNoun,
|
||||
+ mValidator);
|
||||
}
|
||||
}
|
||||
}
|
||||
diff --git a/packages/SettingsLib/tests/robotests/src/com/android/settingslib/applications/ServiceListingTest.java b/packages/SettingsLib/tests/robotests/src/com/android/settingslib/applications/ServiceListingTest.java
|
||||
index 060b716bb435..6cfbd458fd79 100644
|
||||
--- a/packages/SettingsLib/tests/robotests/src/com/android/settingslib/applications/ServiceListingTest.java
|
||||
+++ b/packages/SettingsLib/tests/robotests/src/com/android/settingslib/applications/ServiceListingTest.java
|
||||
@@ -17,21 +17,36 @@
|
||||
package com.android.settingslib.applications;
|
||||
|
||||
import static com.google.common.truth.Truth.assertThat;
|
||||
+import static org.mockito.ArgumentMatchers.any;
|
||||
+import static org.mockito.ArgumentMatchers.anyInt;
|
||||
import static org.mockito.ArgumentMatchers.anyList;
|
||||
import static org.mockito.Mockito.mock;
|
||||
+import static org.mockito.Mockito.spy;
|
||||
import static org.mockito.Mockito.times;
|
||||
import static org.mockito.Mockito.verify;
|
||||
+import static org.mockito.Mockito.spy;
|
||||
|
||||
import android.content.ComponentName;
|
||||
+import android.content.Context;
|
||||
+import android.content.pm.PackageManager;
|
||||
+import android.content.pm.ResolveInfo;
|
||||
+import android.content.pm.ServiceInfo;
|
||||
import android.provider.Settings;
|
||||
|
||||
+import androidx.test.core.app.ApplicationProvider;
|
||||
+
|
||||
import com.android.settingslib.SettingsLibRobolectricTestRunner;
|
||||
|
||||
+import com.google.common.collect.ImmutableList;
|
||||
+
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
+import org.mockito.ArgumentCaptor;
|
||||
import org.robolectric.RuntimeEnvironment;
|
||||
|
||||
+import java.util.List;
|
||||
+
|
||||
@RunWith(SettingsLibRobolectricTestRunner.class)
|
||||
public class ServiceListingTest {
|
||||
|
||||
@@ -39,16 +54,97 @@ public class ServiceListingTest {
|
||||
private static final String TEST_INTENT = "com.example.intent";
|
||||
|
||||
private ServiceListing mServiceListing;
|
||||
+ private Context mContext;
|
||||
+ private PackageManager mPm;
|
||||
|
||||
@Before
|
||||
public void setUp() {
|
||||
- mServiceListing = new ServiceListing.Builder(RuntimeEnvironment.application)
|
||||
+ mPm = mock(PackageManager.class);
|
||||
+ mContext = spy(ApplicationProvider.getApplicationContext());
|
||||
+ when(mContext.getPackageManager()).thenReturn(mPm);
|
||||
+
|
||||
+ mServiceListing = new ServiceListing.Builder(mContext)
|
||||
+ .setTag("testTag")
|
||||
+ .setSetting(TEST_SETTING)
|
||||
+ .setNoun("testNoun")
|
||||
+ .setIntentAction(TEST_INTENT)
|
||||
+ .setPermission("testPermission")
|
||||
+ .build();
|
||||
+ }
|
||||
+
|
||||
+ @Test
|
||||
+ public void testValidator() {
|
||||
+ ServiceInfo s1 = new ServiceInfo();
|
||||
+ s1.permission = "testPermission";
|
||||
+ s1.packageName = "pkg";
|
||||
+ ServiceInfo s2 = new ServiceInfo();
|
||||
+ s2.permission = "testPermission";
|
||||
+ s2.packageName = "pkg2";
|
||||
+ ResolveInfo r1 = new ResolveInfo();
|
||||
+ r1.serviceInfo = s1;
|
||||
+ ResolveInfo r2 = new ResolveInfo();
|
||||
+ r2.serviceInfo = s2;
|
||||
+
|
||||
+ when(mPm.queryIntentServicesAsUser(any(), anyInt(), anyInt())).thenReturn(
|
||||
+ ImmutableList.of(r1, r2));
|
||||
+
|
||||
+ mServiceListing = new ServiceListing.Builder(mContext)
|
||||
+ .setTag("testTag")
|
||||
+ .setSetting(TEST_SETTING)
|
||||
+ .setNoun("testNoun")
|
||||
+ .setIntentAction(TEST_INTENT)
|
||||
+ .setValidator(info -> {
|
||||
+ if (info.packageName.equals("pkg")) {
|
||||
+ return true;
|
||||
+ }
|
||||
+ return false;
|
||||
+ })
|
||||
+ .setPermission("testPermission")
|
||||
+ .build();
|
||||
+ ServiceListing.Callback callback = mock(ServiceListing.Callback.class);
|
||||
+ mServiceListing.addCallback(callback);
|
||||
+ mServiceListing.reload();
|
||||
+
|
||||
+ verify(mPm).queryIntentServicesAsUser(any(), anyInt(), anyInt());
|
||||
+ ArgumentCaptor<List<ServiceInfo>> captor = ArgumentCaptor.forClass(List.class);
|
||||
+ verify(callback, times(1)).onServicesReloaded(captor.capture());
|
||||
+
|
||||
+ assertThat(captor.getValue().size()).isEqualTo(1);
|
||||
+ assertThat(captor.getValue().get(0)).isEqualTo(s1);
|
||||
+ }
|
||||
+
|
||||
+ @Test
|
||||
+ public void testNoValidator() {
|
||||
+ ServiceInfo s1 = new ServiceInfo();
|
||||
+ s1.permission = "testPermission";
|
||||
+ s1.packageName = "pkg";
|
||||
+ ServiceInfo s2 = new ServiceInfo();
|
||||
+ s2.permission = "testPermission";
|
||||
+ s2.packageName = "pkg2";
|
||||
+ ResolveInfo r1 = new ResolveInfo();
|
||||
+ r1.serviceInfo = s1;
|
||||
+ ResolveInfo r2 = new ResolveInfo();
|
||||
+ r2.serviceInfo = s2;
|
||||
+
|
||||
+ when(mPm.queryIntentServicesAsUser(any(), anyInt(), anyInt())).thenReturn(
|
||||
+ ImmutableList.of(r1, r2));
|
||||
+
|
||||
+ mServiceListing = new ServiceListing.Builder(mContext)
|
||||
.setTag("testTag")
|
||||
.setSetting(TEST_SETTING)
|
||||
.setNoun("testNoun")
|
||||
.setIntentAction(TEST_INTENT)
|
||||
.setPermission("testPermission")
|
||||
.build();
|
||||
+ ServiceListing.Callback callback = mock(ServiceListing.Callback.class);
|
||||
+ mServiceListing.addCallback(callback);
|
||||
+ mServiceListing.reload();
|
||||
+
|
||||
+ verify(mPm).queryIntentServicesAsUser(any(), anyInt(), anyInt());
|
||||
+ ArgumentCaptor<List<ServiceInfo>> captor = ArgumentCaptor.forClass(List.class);
|
||||
+ verify(callback, times(1)).onServicesReloaded(captor.capture());
|
||||
+
|
||||
+ assertThat(captor.getValue().size()).isEqualTo(2);
|
||||
}
|
||||
|
||||
@Test
|
@ -1,85 +0,0 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Valentin Iftime <valiiftime@google.com>
|
||||
Date: Wed, 22 Feb 2023 09:38:55 +0100
|
||||
Subject: [PATCH] Prevent RemoteViews crashing SystemUi
|
||||
|
||||
Catch canvas drawing exceptions caused by unsuported image sizes.
|
||||
|
||||
Test: 1. Post a custom view notification with a layout
|
||||
containing an ImageView that references a 5k x 5k image
|
||||
2. Add an App Widget to the home screen with that has the
|
||||
layout mentioned above as preview/initial layout.
|
||||
|
||||
Bug: 268193777
|
||||
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:cfc0b34432ab54e3fa472db5c43e620293f64a5d)
|
||||
Merged-In: Ib3bda769c499b4069b49c566b1b227f98f707a8a
|
||||
Change-Id: Ib3bda769c499b4069b49c566b1b227f98f707a8a
|
||||
---
|
||||
.../android/appwidget/AppWidgetHostView.java | 39 ++++++++++++++-----
|
||||
1 file changed, 29 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/core/java/android/appwidget/AppWidgetHostView.java b/core/java/android/appwidget/AppWidgetHostView.java
|
||||
index ab0eb92e1726..02b244bdd9a6 100644
|
||||
--- a/core/java/android/appwidget/AppWidgetHostView.java
|
||||
+++ b/core/java/android/appwidget/AppWidgetHostView.java
|
||||
@@ -21,6 +21,7 @@ import android.content.Context;
|
||||
import android.content.pm.ApplicationInfo;
|
||||
import android.content.pm.PackageManager.NameNotFoundException;
|
||||
import android.content.res.Resources;
|
||||
+import android.graphics.Canvas;
|
||||
import android.graphics.Color;
|
||||
import android.graphics.Rect;
|
||||
import android.os.Build;
|
||||
@@ -248,19 +249,26 @@ public class AppWidgetHostView extends FrameLayout {
|
||||
super.onLayout(changed, left, top, right, bottom);
|
||||
} catch (final RuntimeException e) {
|
||||
Log.e(TAG, "Remote provider threw runtime exception, using error view instead.", e);
|
||||
- removeViewInLayout(mView);
|
||||
- View child = getErrorView();
|
||||
- prepareView(child);
|
||||
- addViewInLayout(child, 0, child.getLayoutParams());
|
||||
- measureChild(child, MeasureSpec.makeMeasureSpec(getMeasuredWidth(), MeasureSpec.EXACTLY),
|
||||
- MeasureSpec.makeMeasureSpec(getMeasuredHeight(), MeasureSpec.EXACTLY));
|
||||
- child.layout(0, 0, child.getMeasuredWidth() + mPaddingLeft + mPaddingRight,
|
||||
- child.getMeasuredHeight() + mPaddingTop + mPaddingBottom);
|
||||
- mView = child;
|
||||
- mViewMode = VIEW_MODE_ERROR;
|
||||
+ handleViewError();
|
||||
}
|
||||
}
|
||||
|
||||
+ /**
|
||||
+ * Remove bad view and replace with error message view
|
||||
+ */
|
||||
+ private void handleViewError() {
|
||||
+ removeViewInLayout(mView);
|
||||
+ View child = getErrorView();
|
||||
+ prepareView(child);
|
||||
+ addViewInLayout(child, 0, child.getLayoutParams());
|
||||
+ measureChild(child, MeasureSpec.makeMeasureSpec(getMeasuredWidth(), MeasureSpec.EXACTLY),
|
||||
+ MeasureSpec.makeMeasureSpec(getMeasuredHeight(), MeasureSpec.EXACTLY));
|
||||
+ child.layout(0, 0, child.getMeasuredWidth() + mPaddingLeft + mPaddingRight,
|
||||
+ child.getMeasuredHeight() + mPaddingTop + mPaddingBottom);
|
||||
+ mView = child;
|
||||
+ mViewMode = VIEW_MODE_ERROR;
|
||||
+ }
|
||||
+
|
||||
/**
|
||||
* Provide guidance about the size of this widget to the AppWidgetManager. The widths and
|
||||
* heights should correspond to the full area the AppWidgetHostView is given. Padding added by
|
||||
@@ -646,4 +654,15 @@ public class AppWidgetHostView extends FrameLayout {
|
||||
super.onInitializeAccessibilityNodeInfoInternal(info);
|
||||
info.setClassName(AppWidgetHostView.class.getName());
|
||||
}
|
||||
+
|
||||
+ @Override
|
||||
+ protected void dispatchDraw(Canvas canvas) {
|
||||
+ try {
|
||||
+ super.dispatchDraw(canvas);
|
||||
+ } catch (Exception e) {
|
||||
+ // Catch draw exceptions that may be caused by RemoteViews
|
||||
+ Log.e(TAG, "Drawing view failed: " + e);
|
||||
+ post(this::handleViewError);
|
||||
+ }
|
||||
+ }
|
||||
}
|
@ -1,28 +0,0 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Dmitry Dementyev <dementyev@google.com>
|
||||
Date: Tue, 7 Mar 2023 10:36:41 -0800
|
||||
Subject: [PATCH] Convert argument to intent in AddAccountSettings.
|
||||
|
||||
Bug: 265798353
|
||||
Test: manual
|
||||
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:c7e8052b527434ed8660e3babdab718f7f3cd7da)
|
||||
Merged-In: I0051e5d5fc9fd3691504cb5fbb959f701e0bce6a
|
||||
Change-Id: I0051e5d5fc9fd3691504cb5fbb959f701e0bce6a
|
||||
---
|
||||
src/com/android/settings/accounts/AddAccountSettings.java | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/com/android/settings/accounts/AddAccountSettings.java b/src/com/android/settings/accounts/AddAccountSettings.java
|
||||
index cca15c96d3..2e23e93124 100644
|
||||
--- a/src/com/android/settings/accounts/AddAccountSettings.java
|
||||
+++ b/src/com/android/settings/accounts/AddAccountSettings.java
|
||||
@@ -102,7 +102,8 @@ public class AddAccountSettings extends Activity {
|
||||
addAccountOptions.putParcelable(EXTRA_USER, mUserHandle);
|
||||
intent.putExtras(addAccountOptions);
|
||||
intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
|
||||
- startActivityForResultAsUser(intent, ADD_ACCOUNT_REQUEST, mUserHandle);
|
||||
+ startActivityForResultAsUser(
|
||||
+ new Intent(intent), ADD_ACCOUNT_REQUEST, mUserHandle);
|
||||
} else {
|
||||
setResult(RESULT_OK);
|
||||
if (mPendingIntent != null) {
|
@ -1,27 +0,0 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Dmitry Dementyev <dementyev@google.com>
|
||||
Date: Tue, 7 Mar 2023 10:55:07 -0800
|
||||
Subject: [PATCH] Convert argument to intent in addAccount TvSettings.
|
||||
|
||||
Bug: 265798353
|
||||
Test: manual
|
||||
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:706edcb7532d74788f899968016b7a6273bfbcac)
|
||||
Merged-In: I06a63078f55ee8169123b1dfcf1811e682e0776e
|
||||
Change-Id: I06a63078f55ee8169123b1dfcf1811e682e0776e
|
||||
---
|
||||
.../tv/settings/accounts/AddAccountWithTypeActivity.java | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/Settings/src/com/android/tv/settings/accounts/AddAccountWithTypeActivity.java b/Settings/src/com/android/tv/settings/accounts/AddAccountWithTypeActivity.java
|
||||
index a608bc4fa..ff71ac93b 100644
|
||||
--- a/Settings/src/com/android/tv/settings/accounts/AddAccountWithTypeActivity.java
|
||||
+++ b/Settings/src/com/android/tv/settings/accounts/AddAccountWithTypeActivity.java
|
||||
@@ -52,7 +52,7 @@ public class AddAccountWithTypeActivity extends Activity {
|
||||
Log.e(TAG, "Failed to retrieve add account intent from authenticator");
|
||||
setResultAndFinish(Activity.RESULT_CANCELED);
|
||||
} else {
|
||||
- startActivityForResult(addAccountIntent, REQUEST_ADD_ACCOUNT);
|
||||
+ startActivityForResult(new Intent(addAccountIntent), REQUEST_ADD_ACCOUNT);
|
||||
}
|
||||
} catch (IOException|AuthenticatorException|OperationCanceledException e) {
|
||||
Log.e(TAG, "Failed to get add account intent: ", e);
|
@ -1,107 +0,0 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Brian Delwiche <delwiche@google.com>
|
||||
Date: Tue, 11 Oct 2022 21:23:22 +0000
|
||||
Subject: [PATCH] Prevent use-after-free of HID reports
|
||||
|
||||
BTA sends the the HID report pointer to BTIF and deallocates it immediately.
|
||||
This is now prevented by providing a deep copy callback function for HID
|
||||
reports when tranferring context from BTA to BTIF.
|
||||
|
||||
This is a backport of change Icef7a7ed1185b4283ee4fe4f812ca154d8f1b825,
|
||||
already merged on T for b/227620181.
|
||||
|
||||
Bug: 228837201
|
||||
Test: Validated against researcher POC, ran BT unit tests, played audio
|
||||
manually.
|
||||
Tag: #security
|
||||
Ignore-AOSP-First: Security
|
||||
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:874c495c886cd8722625756dc5fd0634b16b4f42)
|
||||
Merged-In: Ib837f395883de2369207f1b3b974d6bff02dcb19
|
||||
Change-Id: Ib837f395883de2369207f1b3b974d6bff02dcb19
|
||||
---
|
||||
btif/src/btif_hh.cc | 50 ++++++++++++++++++++++++++++++++++++++++-----
|
||||
1 file changed, 45 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/btif/src/btif_hh.cc b/btif/src/btif_hh.cc
|
||||
index c5a90218a..b6441e1cc 100644
|
||||
--- a/btif/src/btif_hh.cc
|
||||
+++ b/btif/src/btif_hh.cc
|
||||
@@ -1073,6 +1073,38 @@ static void btif_hh_upstreams_evt(uint16_t event, char* p_param) {
|
||||
}
|
||||
}
|
||||
|
||||
+/*******************************************************************************
|
||||
+ *
|
||||
+ * Function btif_hh_hsdata_rpt_copy_cb
|
||||
+ *
|
||||
+ * Description Deep copies the tBTA_HH_HSDATA structure
|
||||
+ *
|
||||
+ * Returns void
|
||||
+ *
|
||||
+ ******************************************************************************/
|
||||
+
|
||||
+static void btif_hh_hsdata_rpt_copy_cb(uint16_t event, char* p_dest,
|
||||
+ char* p_src) {
|
||||
+ tBTA_HH_HSDATA* p_dst_data = (tBTA_HH_HSDATA*)p_dest;
|
||||
+ tBTA_HH_HSDATA* p_src_data = (tBTA_HH_HSDATA*)p_src;
|
||||
+ BT_HDR* hdr;
|
||||
+
|
||||
+ if (!p_src) {
|
||||
+ BTIF_TRACE_ERROR("%s: Nothing to copy", __func__);
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ memcpy(p_dst_data, p_src_data, sizeof(tBTA_HH_HSDATA));
|
||||
+
|
||||
+ hdr = p_src_data->rsp_data.p_rpt_data;
|
||||
+ if (hdr != NULL) {
|
||||
+ uint8_t* p_data = ((uint8_t*)p_dst_data) + sizeof(tBTA_HH_HSDATA);
|
||||
+ memcpy(p_data, hdr, BT_HDR_SIZE + hdr->offset + hdr->len);
|
||||
+
|
||||
+ p_dst_data->rsp_data.p_rpt_data = (BT_HDR*)p_data;
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
/*******************************************************************************
|
||||
*
|
||||
* Function bte_hh_evt
|
||||
@@ -1086,6 +1118,7 @@ static void btif_hh_upstreams_evt(uint16_t event, char* p_param) {
|
||||
void bte_hh_evt(tBTA_HH_EVT event, tBTA_HH* p_data) {
|
||||
bt_status_t status;
|
||||
int param_len = 0;
|
||||
+ tBTIF_COPY_CBACK* p_copy_cback = NULL;
|
||||
|
||||
if (BTA_HH_ENABLE_EVT == event)
|
||||
param_len = sizeof(tBTA_HH_STATUS);
|
||||
@@ -1097,11 +1130,18 @@ void bte_hh_evt(tBTA_HH_EVT event, tBTA_HH* p_data) {
|
||||
param_len = sizeof(tBTA_HH_CBDATA);
|
||||
else if (BTA_HH_GET_DSCP_EVT == event)
|
||||
param_len = sizeof(tBTA_HH_DEV_DSCP_INFO);
|
||||
- else if ((BTA_HH_GET_PROTO_EVT == event) || (BTA_HH_GET_RPT_EVT == event) ||
|
||||
- (BTA_HH_GET_IDLE_EVT == event))
|
||||
+ else if ((BTA_HH_GET_PROTO_EVT == event) || (BTA_HH_GET_IDLE_EVT == event))
|
||||
+ param_len = sizeof(tBTA_HH_HSDATA);
|
||||
+ else if (BTA_HH_GET_RPT_EVT == event) {
|
||||
+ BT_HDR* hdr = p_data->hs_data.rsp_data.p_rpt_data;
|
||||
param_len = sizeof(tBTA_HH_HSDATA);
|
||||
- else if ((BTA_HH_SET_PROTO_EVT == event) || (BTA_HH_SET_RPT_EVT == event) ||
|
||||
- (BTA_HH_VC_UNPLUG_EVT == event) || (BTA_HH_SET_IDLE_EVT == event))
|
||||
+
|
||||
+ if (hdr != NULL) {
|
||||
+ p_copy_cback = btif_hh_hsdata_rpt_copy_cb;
|
||||
+ param_len += BT_HDR_SIZE + hdr->offset + hdr->len;
|
||||
+ }
|
||||
+ } else if ((BTA_HH_SET_PROTO_EVT == event) || (BTA_HH_SET_RPT_EVT == event) ||
|
||||
+ (BTA_HH_VC_UNPLUG_EVT == event) || (BTA_HH_SET_IDLE_EVT == event))
|
||||
param_len = sizeof(tBTA_HH_CBDATA);
|
||||
else if ((BTA_HH_ADD_DEV_EVT == event) || (BTA_HH_RMV_DEV_EVT == event))
|
||||
param_len = sizeof(tBTA_HH_DEV_INFO);
|
||||
@@ -1110,7 +1150,7 @@ void bte_hh_evt(tBTA_HH_EVT event, tBTA_HH* p_data) {
|
||||
/* switch context to btif task context (copy full union size for convenience)
|
||||
*/
|
||||
status = btif_transfer_context(btif_hh_upstreams_evt, (uint16_t)event,
|
||||
- (char*)p_data, param_len, NULL);
|
||||
+ (char*)p_data, param_len, p_copy_cback);
|
||||
|
||||
/* catch any failed context transfers */
|
||||
ASSERTC(status == BT_STATUS_SUCCESS, "context transfer failed", status);
|
@ -1,141 +0,0 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Brian Delwiche <delwiche@google.com>
|
||||
Date: Tue, 21 Mar 2023 22:35:35 +0000
|
||||
Subject: [PATCH] Revert "Revert "[RESTRICT AUTOMERGE] Validate buffer length
|
||||
in sdpu_build_uuid_seq""
|
||||
|
||||
This reverts commit 487a1079078f3717fdc4665c19a45eca5b3ec5e6.
|
||||
|
||||
Reason for revert: Reinstate original change for QPR
|
||||
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:a681067af2ea4565543238db3025d749923f63ec)
|
||||
Merged-In: If0528519a29dc73ff99163098da2a05592ab15d8
|
||||
Change-Id: If0528519a29dc73ff99163098da2a05592ab15d8
|
||||
---
|
||||
stack/sdp/sdp_discovery.cc | 65 ++++++++++++++++++++++++++++++++++----
|
||||
1 file changed, 58 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/stack/sdp/sdp_discovery.cc b/stack/sdp/sdp_discovery.cc
|
||||
index 420259800..ffc9586cd 100644
|
||||
--- a/stack/sdp/sdp_discovery.cc
|
||||
+++ b/stack/sdp/sdp_discovery.cc
|
||||
@@ -74,10 +74,15 @@ static uint8_t* add_attr(uint8_t* p, uint8_t* p_end, tSDP_DISCOVERY_DB* p_db,
|
||||
*
|
||||
******************************************************************************/
|
||||
static uint8_t* sdpu_build_uuid_seq(uint8_t* p_out, uint16_t num_uuids,
|
||||
- Uuid* p_uuid_list) {
|
||||
+ Uuid* p_uuid_list, uint16_t& bytes_left) {
|
||||
uint16_t xx;
|
||||
uint8_t* p_len;
|
||||
|
||||
+ if (bytes_left < 2) {
|
||||
+ DCHECK(0) << "SDP: No space for data element header";
|
||||
+ return (p_out);
|
||||
+ }
|
||||
+
|
||||
/* First thing is the data element header */
|
||||
UINT8_TO_BE_STREAM(p_out, (DATA_ELE_SEQ_DESC_TYPE << 3) | SIZE_IN_NEXT_BYTE);
|
||||
|
||||
@@ -85,9 +90,20 @@ static uint8_t* sdpu_build_uuid_seq(uint8_t* p_out, uint16_t num_uuids,
|
||||
p_len = p_out;
|
||||
p_out += 1;
|
||||
|
||||
+ /* Account for data element header and length */
|
||||
+ bytes_left -= 2;
|
||||
+
|
||||
/* Now, loop through and put in all the UUID(s) */
|
||||
for (xx = 0; xx < num_uuids; xx++, p_uuid_list++) {
|
||||
int len = p_uuid_list->GetShortestRepresentationSize();
|
||||
+
|
||||
+ if (len + 1 > bytes_left) {
|
||||
+ DCHECK(0) << "SDP: Too many UUIDs for internal buffer";
|
||||
+ break;
|
||||
+ } else {
|
||||
+ bytes_left -= (len + 1);
|
||||
+ }
|
||||
+
|
||||
if (len == Uuid::kNumBytes16) {
|
||||
UINT8_TO_BE_STREAM(p_out, (UUID_DESC_TYPE << 3) | SIZE_TWO_BYTES);
|
||||
UINT16_TO_BE_STREAM(p_out, p_uuid_list->As16Bit());
|
||||
@@ -124,6 +140,7 @@ static void sdp_snd_service_search_req(tCONN_CB* p_ccb, uint8_t cont_len,
|
||||
uint8_t *p, *p_start, *p_param_len;
|
||||
BT_HDR* p_cmd = (BT_HDR*)osi_malloc(SDP_DATA_BUF_SIZE);
|
||||
uint16_t param_len;
|
||||
+ uint16_t bytes_left = SDP_DATA_BUF_SIZE;
|
||||
|
||||
/* Prepare the buffer for sending the packet to L2CAP */
|
||||
p_cmd->offset = L2CAP_MIN_OFFSET;
|
||||
@@ -138,13 +155,30 @@ static void sdp_snd_service_search_req(tCONN_CB* p_ccb, uint8_t cont_len,
|
||||
p_param_len = p;
|
||||
p += 2;
|
||||
|
||||
-/* Build the UID sequence. */
|
||||
+ /* Account for header size, max service record count and
|
||||
+ * continuation state */
|
||||
+ const uint16_t base_bytes = (sizeof(BT_HDR) + L2CAP_MIN_OFFSET +
|
||||
+ 3u + /* service search request header */
|
||||
+ 2u + /* param len */
|
||||
+ 3u + ((p_cont) ? cont_len : 0));
|
||||
+
|
||||
+ if (base_bytes > bytes_left) {
|
||||
+ DCHECK(0) << "SDP: Overran SDP data buffer";
|
||||
+ osi_free(p_cmd);
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ bytes_left -= base_bytes;
|
||||
+
|
||||
+ /* Build the UID sequence. */
|
||||
#if (SDP_BROWSE_PLUS == TRUE)
|
||||
p = sdpu_build_uuid_seq(p, 1,
|
||||
- &p_ccb->p_db->uuid_filters[p_ccb->cur_uuid_idx]);
|
||||
+ &p_ccb->p_db->uuid_filters[p_ccb->cur_uuid_idx],
|
||||
+ bytes_left);
|
||||
#else
|
||||
+ /* Build the UID sequence. */
|
||||
p = sdpu_build_uuid_seq(p, p_ccb->p_db->num_uuid_filters,
|
||||
- p_ccb->p_db->uuid_filters);
|
||||
+ p_ccb->p_db->uuid_filters, bytes_left);
|
||||
#endif
|
||||
|
||||
/* Set max service record count */
|
||||
@@ -636,6 +670,7 @@ static void process_service_search_attr_rsp(tCONN_CB* p_ccb, uint8_t* p_reply,
|
||||
if ((cont_request_needed) || (!p_reply)) {
|
||||
BT_HDR* p_msg = (BT_HDR*)osi_malloc(SDP_DATA_BUF_SIZE);
|
||||
uint8_t* p;
|
||||
+ uint16_t bytes_left = SDP_DATA_BUF_SIZE;
|
||||
|
||||
p_msg->offset = L2CAP_MIN_OFFSET;
|
||||
p = p_start = (uint8_t*)(p_msg + 1) + L2CAP_MIN_OFFSET;
|
||||
@@ -649,13 +684,29 @@ static void process_service_search_attr_rsp(tCONN_CB* p_ccb, uint8_t* p_reply,
|
||||
p_param_len = p;
|
||||
p += 2;
|
||||
|
||||
-/* Build the UID sequence. */
|
||||
+ /* Account for header size, max service record count and
|
||||
+ * continuation state */
|
||||
+ const uint16_t base_bytes = (sizeof(BT_HDR) + L2CAP_MIN_OFFSET +
|
||||
+ 3u + /* service search request header */
|
||||
+ 2u + /* param len */
|
||||
+ 3u + /* max service record count */
|
||||
+ ((p_reply) ? (*p_reply) : 0));
|
||||
+
|
||||
+ if (base_bytes > bytes_left) {
|
||||
+ sdp_disconnect(p_ccb, SDP_INVALID_CONT_STATE);
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ bytes_left -= base_bytes;
|
||||
+
|
||||
+ /* Build the UID sequence. */
|
||||
#if (SDP_BROWSE_PLUS == TRUE)
|
||||
p = sdpu_build_uuid_seq(p, 1,
|
||||
- &p_ccb->p_db->uuid_filters[p_ccb->cur_uuid_idx]);
|
||||
+ &p_ccb->p_db->uuid_filters[p_ccb->cur_uuid_idx],
|
||||
+ bytes_left);
|
||||
#else
|
||||
p = sdpu_build_uuid_seq(p, p_ccb->p_db->num_uuid_filters,
|
||||
- p_ccb->p_db->uuid_filters);
|
||||
+ p_ccb->p_db->uuid_filters, bytes_left);
|
||||
#endif
|
||||
|
||||
/* Max attribute byte count */
|
@ -1,82 +0,0 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Brian Delwiche <delwiche@google.com>
|
||||
Date: Tue, 21 Mar 2023 22:39:16 +0000
|
||||
Subject: [PATCH] Revert "Revert "Fix wrong BR/EDR link key downgrades
|
||||
(P_256->P_192)""
|
||||
|
||||
This reverts commit d733c86cbc06ce0ec72216b9d41e172d1939c46f.
|
||||
|
||||
Function btm_sec_encrypt_change() is called at most places
|
||||
with argument "encr_enable" treated as bool and not as per
|
||||
(tHCI_ENCRYPT_MODE = 0/1/2) expected by the function. The
|
||||
function has special handling for "encr_enable=1" to downgrade
|
||||
the link key type for BR/EDR case. This gets executed even
|
||||
when the caller/context did not mean/expect so. It appears
|
||||
this handling in btm_sec_encrypt_change() is not necessary and
|
||||
is removed by this commit to prevent accidental execution of it.
|
||||
|
||||
Test: Verified re-pairing with an iPhone works fine now
|
||||
|
||||
Issue Reproduction Steps:
|
||||
1. Enable Bluetooth Hotspot on Android device (DUT).
|
||||
2. Pair and connect an iPhone to DUT.
|
||||
3. Forget this pairing on DUT.
|
||||
4. On iPhone settings, click on old DUT's paired entry to connect.
|
||||
5. iPhone notifies to click 'Forget Device' and try fresh pairing.
|
||||
6. On iPhone, after doing 'Forget Device', discover DUT again.
|
||||
7. Attempt pairing to DUT by clicking on discovered DUT entry.
|
||||
Pairing will be unsuccessful.
|
||||
|
||||
Issue Cause:
|
||||
During re-pairing, DUT is seen to downgrade
|
||||
BR/EDR link key unexpectedly from link key type 0x8
|
||||
(BTM_LKEY_TYPE_AUTH_COMB_P_256) to 0x5 (BTM_LKEY_TYPE_AUTH_COMB).
|
||||
|
||||
Log snippet (re-pairing time):
|
||||
btm_sec_link_key_notification set new_encr_key_256 to 1
|
||||
btif_dm_auth_cmpl_evt: Storing link key. key_type=0x8, bond_type=1
|
||||
btm_sec_encrypt_change new_encr_key_256 is 1
|
||||
--On DUT, HCI_Encryption_Key_Refresh_Complete event noticed---
|
||||
btm_sec_encrypt_change new_encr_key_256 is 0
|
||||
updated link key type to 5
|
||||
btif_dm_auth_cmpl_evt: Storing link key. key_type=0x5, bond_type=1
|
||||
|
||||
This is a backport of the following patch: aosp/1890096
|
||||
|
||||
Bug: 258834033
|
||||
|
||||
Reason for revert: Reinstate original change for QPR
|
||||
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:56891eedc68c86b40977191dad28d65ebf86a94f)
|
||||
Merged-In: Iba0c220b82bcf6b15368762b7052a3987ccbc0c6
|
||||
Change-Id: Iba0c220b82bcf6b15368762b7052a3987ccbc0c6
|
||||
---
|
||||
stack/btm/btm_sec.cc | 16 ----------------
|
||||
1 file changed, 16 deletions(-)
|
||||
|
||||
diff --git a/stack/btm/btm_sec.cc b/stack/btm/btm_sec.cc
|
||||
index 168750140..899b6b908 100644
|
||||
--- a/stack/btm/btm_sec.cc
|
||||
+++ b/stack/btm/btm_sec.cc
|
||||
@@ -4030,22 +4030,6 @@ void btm_sec_encrypt_change(uint16_t handle, uint8_t status,
|
||||
SMP_BR_PairWith(p_dev_rec->bd_addr);
|
||||
}
|
||||
}
|
||||
- } else {
|
||||
- // BR/EDR is successfully encrypted. Correct LK type if needed
|
||||
- // (BR/EDR LK derived from LE LTK was used for encryption)
|
||||
- if ((encr_enable == 1) && /* encryption is ON for SSP */
|
||||
- /* LK type is for BR/EDR SC */
|
||||
- (p_dev_rec->link_key_type == BTM_LKEY_TYPE_UNAUTH_COMB_P_256 ||
|
||||
- p_dev_rec->link_key_type == BTM_LKEY_TYPE_AUTH_COMB_P_256)) {
|
||||
- if (p_dev_rec->link_key_type == BTM_LKEY_TYPE_UNAUTH_COMB_P_256)
|
||||
- p_dev_rec->link_key_type = BTM_LKEY_TYPE_UNAUTH_COMB;
|
||||
- else /* BTM_LKEY_TYPE_AUTH_COMB_P_256 */
|
||||
- p_dev_rec->link_key_type = BTM_LKEY_TYPE_AUTH_COMB;
|
||||
-
|
||||
- BTM_TRACE_DEBUG("updated link key type to %d",
|
||||
- p_dev_rec->link_key_type);
|
||||
- btm_send_link_key_notif(p_dev_rec);
|
||||
- }
|
||||
}
|
||||
}
|
||||
|
@ -91,6 +91,7 @@ patchWorkspaceReal() {
|
||||
repopick -fit P_asb_2023-03;
|
||||
repopick -fit P_asb_2023-04;
|
||||
repopick -fit P_asb_2023-05;
|
||||
repopick -fit P_asb_2023-06;
|
||||
|
||||
sh "$DOS_SCRIPTS/Patch.sh";
|
||||
sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";
|
||||
|
@ -148,14 +148,9 @@ fi;
|
||||
|
||||
if enterAndClear "frameworks/av"; then
|
||||
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch"; fi; #(GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_av/358555.patch"; #R_asb_2023-06 Fix NuMediaExtractor::readSampleData buffer Handling
|
||||
fi;
|
||||
|
||||
if enterAndClear "frameworks/base"; then
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/358560-backport.patch"; #R_asb_2023-06 Check key intent for selectors and prohibited flags
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/358561-backport.patch"; #R_asb_2023-06 Handle invalid data during job loading.
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/358562-backport.patch"; #R_asb_2023-06 Allow filtering of services
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/358732-backport.patch"; #n-asb-2023-06 Prevent RemoteViews crashing SystemUi
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch"; #Allow SystemUI to directly manage Bluetooth/WiFi (GrapheneOS)
|
||||
@ -299,7 +294,6 @@ fi;
|
||||
|
||||
if enterAndClear "packages/apps/Settings"; then
|
||||
git revert --no-edit c240992b4c86c7f226290807a2f41f2619e7e5e8; #Don't hide OEM unlock
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/358568-backport.patch"; #R_asb_2023-06 Convert argument to intent in AddAccountSettings.
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969)
|
||||
#applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0004-Private_DNS.patch"; #More 'Private DNS' options (heavily based off of a CalyxOS patch) #TODO: Needs work
|
||||
sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 64;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase default max password length to 64 (GrapheneOS)
|
||||
@ -314,10 +308,6 @@ if enterAndClear "packages/apps/Trebuchet"; then
|
||||
cp $DOS_BUILD_BASE/vendor/divested/overlay/common/packages/apps/Trebuchet/res/xml/default_workspace_*.xml res/xml/; #XXX: Likely no longer needed
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/apps/TvSettings"; then
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_TvSettings/358578.patch"; #R_asb_2023-06 Convert argument to intent in addAccount TvSettings.
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/apps/Updater"; then
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Updater/0001-Server.patch"; #Switch to our server (DivestOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Updater/0002-Tor_Support.patch"; #Add Tor support (DivestOS)
|
||||
@ -345,9 +335,6 @@ applyPatch "$DOS_PATCHES/android_packages_services_Telephony/0002-More_Preferred
|
||||
fi;
|
||||
|
||||
if enterAndClear "system/bt"; then
|
||||
applyPatch "$DOS_PATCHES/android_system_bt/358580.patch"; #R_asb_2023-06 Prevent use-after-free of HID reports
|
||||
applyPatch "$DOS_PATCHES/android_system_bt/358581.patch"; #R_asb_2023-06 Revert "Revert "[RESTRICT AUTOMERGE] Validate buffer length in sdpu_build_uuid_seq""
|
||||
applyPatch "$DOS_PATCHES/android_system_bt/358582.patch"; #R_asb_2023-06 Revert "Revert "Fix wrong BR/EDR link key downgrades (P_256->P_192)""
|
||||
#applyPatch "$DOS_PATCHES_COMMON/android_system_bt/0001-alloc_size.patch"; #Add alloc_size attributes to the allocator (GrapheneOS)
|
||||
fi;
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user