From f5da93c4e57f947ea687467254afada4473632d2 Mon Sep 17 00:00:00 2001 From: Tad Date: Mon, 9 Oct 2023 21:50:11 -0400 Subject: [PATCH] 15.1 October ASB work Signed-off-by: Tad --- .../android_external_libxml2/368053.patch | 123 ++++++++++++++++++ .../android_frameworks_base/368055.patch | 60 +++++++++ .../android_frameworks_base/368059.patch | 52 ++++++++ .../android_frameworks_base/368061.patch | 29 +++++ .../368062-backport.patch | 49 +++++++ .../android_frameworks_base/368063.patch | 59 +++++++++ .../0001-Captive_Portal_Toggle.patch | 12 +- .../326758.patch | 2 +- .../326759.patch | 2 +- .../334265.patch | 2 +- .../335111.patch | 2 +- .../335114.patch | 2 +- .../335115.patch | 2 +- .../345911.patch | 2 +- .../345912-backport.patch | 8 +- .../351914-backport.patch | 4 +- .../358568-backport.patch | 2 +- .../365973-backport.patch | 2 +- .../367639-backport.patch | 66 ++++++++++ .../android_system_vold/0001-AES256.patch | 4 +- Scripts/LineageOS-15.1/Patch.sh | 12 +- 21 files changed, 472 insertions(+), 24 deletions(-) create mode 100644 Patches/LineageOS-15.1/android_external_libxml2/368053.patch create mode 100644 Patches/LineageOS-15.1/android_frameworks_base/368055.patch create mode 100644 Patches/LineageOS-15.1/android_frameworks_base/368059.patch create mode 100644 Patches/LineageOS-15.1/android_frameworks_base/368061.patch create mode 100644 Patches/LineageOS-15.1/android_frameworks_base/368062-backport.patch create mode 100644 Patches/LineageOS-15.1/android_frameworks_base/368063.patch create mode 100644 Patches/LineageOS-15.1/android_packages_apps_Settings/367639-backport.patch diff --git a/Patches/LineageOS-15.1/android_external_libxml2/368053.patch b/Patches/LineageOS-15.1/android_external_libxml2/368053.patch new file mode 100644 index 00000000..11df9387 --- /dev/null +++ b/Patches/LineageOS-15.1/android_external_libxml2/368053.patch @@ -0,0 +1,123 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Fri, 17 Feb 2023 15:53:07 +0100 +Subject: [PATCH] malloc-fail: Fix OOB read after xmlRegGetCounter + +Found with libFuzzer, see #344. + +(cherry picked from commit 1743c4c3fc58cf38ecce68db9de51d0f3651e033) + +I also copied the error label from +e64653c0e7975594e27d7de2ed4be062c1e4ad03 to fix the build failure. + +Bug: http://b/274231102 +Test: TreeHugger +(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:381160fc2a293d50a627c9e35bb34485bf97b6e7) +Merged-In: I3bad3e03092e17a761cb6e299aff848ebd35b6f4 +Change-Id: I3bad3e03092e17a761cb6e299aff848ebd35b6f4 +--- + xmlregexp.c | 28 ++++++++++++++++++++++++++++ + 1 file changed, 28 insertions(+) + +diff --git a/xmlregexp.c b/xmlregexp.c +index d255fbf0..6234a879 100644 +--- a/xmlregexp.c ++++ b/xmlregexp.c +@@ -1641,6 +1641,8 @@ xmlFAGenerateTransitions(xmlRegParserCtxtPtr ctxt, xmlRegStatePtr from, + return(-1); + inter = ctxt->state; + counter = xmlRegGetCounter(ctxt); ++ if (counter < 0) ++ return(-1); + ctxt->counters[counter].min = atom->min - 1; + ctxt->counters[counter].max = atom->max - 1; + /* count the number of times we see it again */ +@@ -1659,6 +1661,8 @@ xmlFAGenerateTransitions(xmlRegParserCtxtPtr ctxt, xmlRegStatePtr from, + * epsilon transition. + */ + counter = xmlRegGetCounter(ctxt); ++ if (counter < 0) ++ return(-1); + ctxt->counters[counter].min = atom->min - 1; + ctxt->counters[counter].max = atom->max - 1; + /* count the number of times we see it again */ +@@ -5924,6 +5928,8 @@ xmlAutomataNewCountTrans2(xmlAutomataPtr am, xmlAutomataStatePtr from, + * associate a counter to the transition. + */ + counter = xmlRegGetCounter(am); ++ if (counter < 0) ++ goto error; + am->counters[counter].min = min; + am->counters[counter].max = max; + +@@ -5943,6 +5949,10 @@ xmlAutomataNewCountTrans2(xmlAutomataPtr am, xmlAutomataStatePtr from, + if (min == 0) + xmlFAGenerateEpsilonTransition(am, from, to); + return(to); ++ ++error: ++ xmlRegFreeAtom(atom); ++ return(NULL); + } + + /** +@@ -5990,6 +6000,8 @@ xmlAutomataNewCountTrans(xmlAutomataPtr am, xmlAutomataStatePtr from, + * associate a counter to the transition. + */ + counter = xmlRegGetCounter(am); ++ if (counter < 0) ++ goto error; + am->counters[counter].min = min; + am->counters[counter].max = max; + +@@ -6009,6 +6021,10 @@ xmlAutomataNewCountTrans(xmlAutomataPtr am, xmlAutomataStatePtr from, + if (min == 0) + xmlFAGenerateEpsilonTransition(am, from, to); + return(to); ++ ++error: ++ xmlRegFreeAtom(atom); ++ return(NULL); + } + + /** +@@ -6076,6 +6092,8 @@ xmlAutomataNewOnceTrans2(xmlAutomataPtr am, xmlAutomataStatePtr from, + * associate a counter to the transition. + */ + counter = xmlRegGetCounter(am); ++ if (counter < 0) ++ goto error; + am->counters[counter].min = 1; + am->counters[counter].max = 1; + +@@ -6088,6 +6106,10 @@ xmlAutomataNewOnceTrans2(xmlAutomataPtr am, xmlAutomataStatePtr from, + xmlRegAtomPush(am, atom); + am->state = to; + return(to); ++ ++error: ++ xmlRegFreeAtom(atom); ++ return(NULL); + } + + +@@ -6135,6 +6157,8 @@ xmlAutomataNewOnceTrans(xmlAutomataPtr am, xmlAutomataStatePtr from, + * associate a counter to the transition. + */ + counter = xmlRegGetCounter(am); ++ if (counter < 0) ++ goto error; + am->counters[counter].min = 1; + am->counters[counter].max = 1; + +@@ -6147,6 +6171,10 @@ xmlAutomataNewOnceTrans(xmlAutomataPtr am, xmlAutomataStatePtr from, + xmlRegAtomPush(am, atom); + am->state = to; + return(to); ++ ++error: ++ xmlRegFreeAtom(atom); ++ return(NULL); + } + + /** diff --git a/Patches/LineageOS-15.1/android_frameworks_base/368055.patch b/Patches/LineageOS-15.1/android_frameworks_base/368055.patch new file mode 100644 index 00000000..39ccb93b --- /dev/null +++ b/Patches/LineageOS-15.1/android_frameworks_base/368055.patch @@ -0,0 +1,60 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Jean-Michel Trivi +Date: Wed, 7 Dec 2022 04:36:46 +0000 +Subject: [PATCH] RingtoneManager: verify default ringtone is audio + +When a ringtone picker tries to set a ringtone through +RingtoneManager.setActualDefaultRingtoneUri (also +called by com.android.settings.DefaultRingtonePreference), +verify the mimeType can be obtained (not found when caller +doesn't have access to it) and it is an audio resource. + +Bug: 205837340 +Test: atest android.media.audio.cts.RingtoneManagerTest +(cherry picked from commit 38618f9fb16d3b5617e2289354d47abe5af17dad) +(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:377144b64325dadad102f5233ecb50a4446b205b) +Merged-In: I3f2c487ded405c0c1a83ef0a2fe99cff7cc9328e +Change-Id: I3f2c487ded405c0c1a83ef0a2fe99cff7cc9328e +--- + media/java/android/media/RingtoneManager.java | 19 +++++++++++++++++-- + 1 file changed, 17 insertions(+), 2 deletions(-) + +diff --git a/media/java/android/media/RingtoneManager.java b/media/java/android/media/RingtoneManager.java +index 3eb9d529b756..38f6deb34f18 100644 +--- a/media/java/android/media/RingtoneManager.java ++++ b/media/java/android/media/RingtoneManager.java +@@ -822,10 +822,10 @@ public class RingtoneManager { + + return ringtoneUri; + } +- ++ + /** + * Sets the {@link Uri} of the default sound for a given sound type. +- * ++ * + * @param context A context used for querying. + * @param type The type whose default sound should be set. One of + * {@link #TYPE_RINGTONE}, {@link #TYPE_NOTIFICATION}, or +@@ -846,6 +846,21 @@ public class RingtoneManager { + if(!isInternalRingtoneUri(ringtoneUri)) { + ringtoneUri = ContentProvider.maybeAddUserId(ringtoneUri, context.getUserId()); + } ++ ++ if (ringtoneUri != null) { ++ final String mimeType = resolver.getType(ringtoneUri); ++ if (mimeType == null) { ++ Log.e(TAG, "setActualDefaultRingtoneUri for URI:" + ringtoneUri ++ + " ignored: failure to find mimeType (no access from this context?)"); ++ return; ++ } ++ if (!(mimeType.startsWith("audio/") || mimeType.equals("application/ogg"))) { ++ Log.e(TAG, "setActualDefaultRingtoneUri for URI:" + ringtoneUri ++ + " ignored: associated mimeType:" + mimeType + " is not an audio type"); ++ return; ++ } ++ } ++ + Settings.System.putStringForUser(resolver, setting, + ringtoneUri != null ? ringtoneUri.toString() : null, context.getUserId()); + diff --git a/Patches/LineageOS-15.1/android_frameworks_base/368059.patch b/Patches/LineageOS-15.1/android_frameworks_base/368059.patch new file mode 100644 index 00000000..de7a0236 --- /dev/null +++ b/Patches/LineageOS-15.1/android_frameworks_base/368059.patch @@ -0,0 +1,52 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Josep del Rio +Date: Mon, 26 Jun 2023 11:16:37 +0000 +Subject: [PATCH] Do not share key mappings with JNI object + +The key mapping information between the native key mappings and +the KeyCharacterMap object available in Java is currently shared, +which means that a read can be attempted while it's being modified. + +Because the code changed between R and S, this CL fixes it just +for R; the patch for versions S+ is ag/23785419 + +Bug: 274058082 +Test: Presubmit +(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:4b3c4620166071561ec44961fb08a56676b4fd6c) +Merged-In: I3be94534dcda365da473f82347ae2e3f57bb1b42 +Change-Id: I3be94534dcda365da473f82347ae2e3f57bb1b42 +--- + core/jni/android_view_InputDevice.cpp | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/core/jni/android_view_InputDevice.cpp b/core/jni/android_view_InputDevice.cpp +index 494fad7900ef..806a88f8f50e 100644 +--- a/core/jni/android_view_InputDevice.cpp ++++ b/core/jni/android_view_InputDevice.cpp +@@ -14,6 +14,7 @@ + * limitations under the License. + */ + ++#include + #include + + #include +@@ -48,9 +49,16 @@ jobject android_view_InputDevice_create(JNIEnv* env, const InputDeviceInfo& devi + return NULL; + } + ++ sp map = deviceInfo.getKeyCharacterMap(); ++ if (map != nullptr) { ++ Parcel parcel; ++ map->writeToParcel(&parcel); ++ map = map->readFromParcel(&parcel); ++ } ++ + ScopedLocalRef kcmObj(env, +- android_view_KeyCharacterMap_create(env, deviceInfo.getId(), +- deviceInfo.getKeyCharacterMap())); ++ android_view_KeyCharacterMap_create(env, deviceInfo.getId(), ++ map)); + if (!kcmObj.get()) { + return NULL; + } diff --git a/Patches/LineageOS-15.1/android_frameworks_base/368061.patch b/Patches/LineageOS-15.1/android_frameworks_base/368061.patch new file mode 100644 index 00000000..fb16b368 --- /dev/null +++ b/Patches/LineageOS-15.1/android_frameworks_base/368061.patch @@ -0,0 +1,29 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Josep del Rio +Date: Wed, 12 Jul 2023 16:32:05 +0000 +Subject: [PATCH] Fix KCM key mapping cloning + +ag/23792288 tried to fix a security issue by cloning the key +mappings, but unfortunately the parcel was not being rewinded. + +Bug: 274058082 +Test: Confirmed change works in newer Android versions +(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:aaaba6cf190d976efdc5db6c78997dbdc9214c15) +Merged-In: I6f75b9202e20d82ebf81a35a2916e653ee1b8372 +Change-Id: I6f75b9202e20d82ebf81a35a2916e653ee1b8372 +--- + core/jni/android_view_InputDevice.cpp | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/core/jni/android_view_InputDevice.cpp b/core/jni/android_view_InputDevice.cpp +index 806a88f8f50e..f36300ada64e 100644 +--- a/core/jni/android_view_InputDevice.cpp ++++ b/core/jni/android_view_InputDevice.cpp +@@ -53,6 +53,7 @@ jobject android_view_InputDevice_create(JNIEnv* env, const InputDeviceInfo& devi + if (map != nullptr) { + Parcel parcel; + map->writeToParcel(&parcel); ++ parcel.setDataPosition(0); + map = map->readFromParcel(&parcel); + } + diff --git a/Patches/LineageOS-15.1/android_frameworks_base/368062-backport.patch b/Patches/LineageOS-15.1/android_frameworks_base/368062-backport.patch new file mode 100644 index 00000000..62d12c2f --- /dev/null +++ b/Patches/LineageOS-15.1/android_frameworks_base/368062-backport.patch @@ -0,0 +1,49 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Hongwei Wang +Date: Wed, 24 May 2023 19:35:44 -0700 +Subject: [PATCH] Disallow loading icon from content URI to PipMenu + +Bug: 278246904 +Test: manually, with the PoC app attached to the bug +(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:5f5a87d8a0dc9190327ba0e6113d5b80ee96abae) +Merged-In: Iecfc1fb962de611cbe3c51a44ba4fded53925a7d +Change-Id: Iecfc1fb962de611cbe3c51a44ba4fded53925a7d +--- + .../systemui/pip/phone/PipMenuActivity.java | 17 ++++++++++++----- + 1 file changed, 12 insertions(+), 5 deletions(-) + +diff --git a/packages/SystemUI/src/com/android/systemui/pip/phone/PipMenuActivity.java b/packages/SystemUI/src/com/android/systemui/pip/phone/PipMenuActivity.java +index 90f7b8db1c59..646b10c3db45 100644 +--- a/packages/SystemUI/src/com/android/systemui/pip/phone/PipMenuActivity.java ++++ b/packages/SystemUI/src/com/android/systemui/pip/phone/PipMenuActivity.java +@@ -46,6 +46,7 @@ import android.graphics.PointF; + import android.graphics.Rect; + import android.graphics.drawable.ColorDrawable; + import android.graphics.drawable.Drawable; ++import android.graphics.drawable.Icon; + import android.os.Bundle; + import android.os.Handler; + import android.os.Message; +@@ -484,11 +485,17 @@ public class PipMenuActivity extends Activity { + final RemoteAction action = mActions.get(i); + final ImageView actionView = (ImageView) mActionsGroup.getChildAt(i); + +- // TODO: Check if the action drawable has changed before we reload it +- action.getIcon().loadDrawableAsync(this, d -> { +- d.setTint(Color.WHITE); +- actionView.setImageDrawable(d); +- }, mHandler); ++ final int iconType = action.getIcon().getType(); ++ if (iconType == Icon.TYPE_URI /* || iconType == Icon.TYPE_URI_ADAPTIVE_BITMAP*/) { ++ // Disallow loading icon from content URI ++ actionView.setImageDrawable(null); ++ } else { ++ // TODO: Check if the action drawable has changed before we reload it ++ action.getIcon().loadDrawableAsync(this, d -> { ++ d.setTint(Color.WHITE); ++ actionView.setImageDrawable(d); ++ }, mHandler); ++ } + actionView.setContentDescription(action.getContentDescription()); + if (action.isEnabled()) { + actionView.setOnClickListener(v -> { diff --git a/Patches/LineageOS-15.1/android_frameworks_base/368063.patch b/Patches/LineageOS-15.1/android_frameworks_base/368063.patch new file mode 100644 index 00000000..ae06ded4 --- /dev/null +++ b/Patches/LineageOS-15.1/android_frameworks_base/368063.patch @@ -0,0 +1,59 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Kunal Malhotra +Date: Fri, 2 Jun 2023 23:32:02 +0000 +Subject: [PATCH] Fixing DatabaseUtils to detect malformed UTF-16 strings + +Test: tested with POC in bug, also using atest +Bug: 224771621 +(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:fb4a72e3943d166088407e61aa4439ac349f3f12) +Merged-In: Ide65205b83063801971c5778af3154bcf3f0e530 +Change-Id: Ide65205b83063801971c5778af3154bcf3f0e530 +--- + core/java/android/database/DatabaseUtils.java | 32 +++++++++++++------ + 1 file changed, 23 insertions(+), 9 deletions(-) + +diff --git a/core/java/android/database/DatabaseUtils.java b/core/java/android/database/DatabaseUtils.java +index 8cd3d7b5bc68..534adcd0a37f 100644 +--- a/core/java/android/database/DatabaseUtils.java ++++ b/core/java/android/database/DatabaseUtils.java +@@ -337,17 +337,31 @@ public class DatabaseUtils { + */ + public static void appendEscapedSQLString(StringBuilder sb, String sqlString) { + sb.append('\''); +- if (sqlString.indexOf('\'') != -1) { +- int length = sqlString.length(); +- for (int i = 0; i < length; i++) { +- char c = sqlString.charAt(i); +- if (c == '\'') { +- sb.append('\''); ++ int length = sqlString.length(); ++ for (int i = 0; i < length; i++) { ++ char c = sqlString.charAt(i); ++ if (Character.isHighSurrogate(c)) { ++ if (i == length - 1) { ++ continue; ++ } ++ if (Character.isLowSurrogate(sqlString.charAt(i + 1))) { ++ // add them both ++ sb.append(c); ++ sb.append(sqlString.charAt(i + 1)); ++ continue; ++ } else { ++ // this is a lone surrogate, skip it ++ continue; + } +- sb.append(c); + } +- } else +- sb.append(sqlString); ++ if (Character.isLowSurrogate(c)) { ++ continue; ++ } ++ if (c == '\'') { ++ sb.append('\''); ++ } ++ sb.append(c); ++ } + sb.append('\''); + } + diff --git a/Patches/LineageOS-15.1/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch b/Patches/LineageOS-15.1/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch index 2a113401..bbd4fcec 100644 --- a/Patches/LineageOS-15.1/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch +++ b/Patches/LineageOS-15.1/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch @@ -24,7 +24,7 @@ Change-Id: Ibbffdb5f3930df74ca8b4ba93d451f7fad086989 create mode 100644 src/com/android/settings/network/CaptivePortalWarningDialogHost.java diff --git a/res/menu/data_usage.xml b/res/menu/data_usage.xml -index 9fe6b60118..b8be11adbf 100644 +index 9fe6b601182..b8be11adbf3 100644 --- a/res/menu/data_usage.xml +++ b/res/menu/data_usage.xml @@ -18,4 +18,8 @@ @@ -37,7 +37,7 @@ index 9fe6b60118..b8be11adbf 100644 + android:checkable="true" /> diff --git a/res/values/cm_strings.xml b/res/values/cm_strings.xml -index 91238336d9..314074eff0 100644 +index 91238336d92..314074eff06 100644 --- a/res/values/cm_strings.xml +++ b/res/values/cm_strings.xml @@ -374,4 +374,9 @@ @@ -51,7 +51,7 @@ index 91238336d9..314074eff0 100644 + Disable diff --git a/src/com/android/settings/ResetNetworkConfirm.java b/src/com/android/settings/ResetNetworkConfirm.java -index f70d3c27ef..37dae5aa6c 100644 +index f70d3c27efb..37dae5aa6cd 100644 --- a/src/com/android/settings/ResetNetworkConfirm.java +++ b/src/com/android/settings/ResetNetworkConfirm.java @@ -27,6 +27,7 @@ import android.net.wifi.WifiManager; @@ -73,7 +73,7 @@ index f70d3c27ef..37dae5aa6c 100644 .show(); } diff --git a/src/com/android/settings/datausage/DataUsageSummary.java b/src/com/android/settings/datausage/DataUsageSummary.java -index e37cc4a6c6..f5aba01b9c 100644 +index e37cc4a6c6a..f5aba01b9c3 100644 --- a/src/com/android/settings/datausage/DataUsageSummary.java +++ b/src/com/android/settings/datausage/DataUsageSummary.java @@ -32,6 +32,7 @@ import android.os.RemoteException; @@ -167,7 +167,7 @@ index e37cc4a6c6..f5aba01b9c 100644 } diff --git a/src/com/android/settings/network/CaptivePortalWarningDialog.java b/src/com/android/settings/network/CaptivePortalWarningDialog.java new file mode 100644 -index 0000000000..b274d6b9f5 +index 00000000000..b274d6b9f5c --- /dev/null +++ b/src/com/android/settings/network/CaptivePortalWarningDialog.java @@ -0,0 +1,69 @@ @@ -242,7 +242,7 @@ index 0000000000..b274d6b9f5 +} diff --git a/src/com/android/settings/network/CaptivePortalWarningDialogHost.java b/src/com/android/settings/network/CaptivePortalWarningDialogHost.java new file mode 100644 -index 0000000000..208042ad73 +index 00000000000..208042ad73c --- /dev/null +++ b/src/com/android/settings/network/CaptivePortalWarningDialogHost.java @@ -0,0 +1,28 @@ diff --git a/Patches/LineageOS-15.1/android_packages_apps_Settings/326758.patch b/Patches/LineageOS-15.1/android_packages_apps_Settings/326758.patch index 754778ab..52a44260 100644 --- a/Patches/LineageOS-15.1/android_packages_apps_Settings/326758.patch +++ b/Patches/LineageOS-15.1/android_packages_apps_Settings/326758.patch @@ -26,7 +26,7 @@ Merged-In: Iaa2d3a9497c3266babe0789961befc9776a4db7a 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/src/com/android/settings/users/AppRestrictionsFragment.java b/src/com/android/settings/users/AppRestrictionsFragment.java -index d487c70c66..10d714401e 100644 +index d487c70c66f..10d714401e9 100644 --- a/src/com/android/settings/users/AppRestrictionsFragment.java +++ b/src/com/android/settings/users/AppRestrictionsFragment.java @@ -17,6 +17,7 @@ diff --git a/Patches/LineageOS-15.1/android_packages_apps_Settings/326759.patch b/Patches/LineageOS-15.1/android_packages_apps_Settings/326759.patch index 20ab23a8..6791216e 100644 --- a/Patches/LineageOS-15.1/android_packages_apps_Settings/326759.patch +++ b/Patches/LineageOS-15.1/android_packages_apps_Settings/326759.patch @@ -27,7 +27,7 @@ Merged-In: I9dfde586616d004befbee529f2ae842d22795065 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/src/com/android/settings/CredentialStorage.java b/src/com/android/settings/CredentialStorage.java -index e5d40b7add..c0726719e0 100644 +index e5d40b7add0..c0726719e0a 100644 --- a/src/com/android/settings/CredentialStorage.java +++ b/src/com/android/settings/CredentialStorage.java @@ -131,7 +131,7 @@ public final class CredentialStorage extends Activity { diff --git a/Patches/LineageOS-15.1/android_packages_apps_Settings/334265.patch b/Patches/LineageOS-15.1/android_packages_apps_Settings/334265.patch index 578fe316..5fa0ff7b 100644 --- a/Patches/LineageOS-15.1/android_packages_apps_Settings/334265.patch +++ b/Patches/LineageOS-15.1/android_packages_apps_Settings/334265.patch @@ -22,7 +22,7 @@ Merged-In: I40496105bae313fe5cff2a36dfe329c1e2b5bbe4 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/src/com/android/settings/users/AppRestrictionsFragment.java b/src/com/android/settings/users/AppRestrictionsFragment.java -index 10d714401e..bf0f3da8d0 100644 +index 10d714401e9..bf0f3da8d00 100644 --- a/src/com/android/settings/users/AppRestrictionsFragment.java +++ b/src/com/android/settings/users/AppRestrictionsFragment.java @@ -654,10 +654,7 @@ public class AppRestrictionsFragment extends SettingsPreferenceFragment implemen diff --git a/Patches/LineageOS-15.1/android_packages_apps_Settings/335111.patch b/Patches/LineageOS-15.1/android_packages_apps_Settings/335111.patch index c0320bc0..ae3baed6 100644 --- a/Patches/LineageOS-15.1/android_packages_apps_Settings/335111.patch +++ b/Patches/LineageOS-15.1/android_packages_apps_Settings/335111.patch @@ -17,7 +17,7 @@ Merged-In: I0a9ca163f5ae91b67c9f957fde4c6db326b8718d 1 file changed, 18 insertions(+) diff --git a/src/com/android/settings/DefaultRingtonePreference.java b/src/com/android/settings/DefaultRingtonePreference.java -index 9f9f832b10..751eb8c8e7 100644 +index 9f9f832b100..751eb8c8e7c 100644 --- a/src/com/android/settings/DefaultRingtonePreference.java +++ b/src/com/android/settings/DefaultRingtonePreference.java @@ -22,6 +22,7 @@ import android.content.Intent; diff --git a/Patches/LineageOS-15.1/android_packages_apps_Settings/335114.patch b/Patches/LineageOS-15.1/android_packages_apps_Settings/335114.patch index 81a746fc..3ba790bd 100644 --- a/Patches/LineageOS-15.1/android_packages_apps_Settings/335114.patch +++ b/Patches/LineageOS-15.1/android_packages_apps_Settings/335114.patch @@ -23,7 +23,7 @@ Merged-In: I044b680871472a3c272f6264c4ef272df542112e 1 file changed, 5 insertions(+) diff --git a/src/com/android/settings/DefaultRingtonePreference.java b/src/com/android/settings/DefaultRingtonePreference.java -index 751eb8c8e7..226cde693b 100644 +index 751eb8c8e7c..226cde693b1 100644 --- a/src/com/android/settings/DefaultRingtonePreference.java +++ b/src/com/android/settings/DefaultRingtonePreference.java @@ -44,6 +44,11 @@ public class DefaultRingtonePreference extends RingtonePreference { diff --git a/Patches/LineageOS-15.1/android_packages_apps_Settings/335115.patch b/Patches/LineageOS-15.1/android_packages_apps_Settings/335115.patch index 9af3c71f..7297859a 100644 --- a/Patches/LineageOS-15.1/android_packages_apps_Settings/335115.patch +++ b/Patches/LineageOS-15.1/android_packages_apps_Settings/335115.patch @@ -20,7 +20,7 @@ Merged-In: I7f8fb737a7c6f77a380f3f075a5c89a1970e39ad 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/com/android/settings/DefaultRingtonePreference.java b/src/com/android/settings/DefaultRingtonePreference.java -index 226cde693b..f3eeff9df2 100644 +index 226cde693b1..f3eeff9df25 100644 --- a/src/com/android/settings/DefaultRingtonePreference.java +++ b/src/com/android/settings/DefaultRingtonePreference.java @@ -49,7 +49,7 @@ public class DefaultRingtonePreference extends RingtonePreference { diff --git a/Patches/LineageOS-15.1/android_packages_apps_Settings/345911.patch b/Patches/LineageOS-15.1/android_packages_apps_Settings/345911.patch index fe9df820..a93cf2b5 100644 --- a/Patches/LineageOS-15.1/android_packages_apps_Settings/345911.patch +++ b/Patches/LineageOS-15.1/android_packages_apps_Settings/345911.patch @@ -27,7 +27,7 @@ Merged-In: I98eea867f926c508456ec9bc654e24eeeffa0e54 1 file changed, 30 insertions(+), 13 deletions(-) diff --git a/src/com/android/settings/users/EditUserPhotoController.java b/src/com/android/settings/users/EditUserPhotoController.java -index 0f67b181de..a874d6a0e5 100644 +index 0f67b181de3..a874d6a0e57 100644 --- a/src/com/android/settings/users/EditUserPhotoController.java +++ b/src/com/android/settings/users/EditUserPhotoController.java @@ -22,7 +22,9 @@ import android.content.ClipData; diff --git a/Patches/LineageOS-15.1/android_packages_apps_Settings/345912-backport.patch b/Patches/LineageOS-15.1/android_packages_apps_Settings/345912-backport.patch index 9bf9310e..d7220c4a 100644 --- a/Patches/LineageOS-15.1/android_packages_apps_Settings/345912-backport.patch +++ b/Patches/LineageOS-15.1/android_packages_apps_Settings/345912-backport.patch @@ -19,7 +19,7 @@ Change-Id: I7449a24427c966c1aa4280a7b7e7e70b60997cca 4 files changed, 32 insertions(+) diff --git a/src/com/android/settings/password/ChooseLockPassword.java b/src/com/android/settings/password/ChooseLockPassword.java -index 9f5192d044..c7e0673b8a 100644 +index 9f5192d0441..c7e0673b8ae 100644 --- a/src/com/android/settings/password/ChooseLockPassword.java +++ b/src/com/android/settings/password/ChooseLockPassword.java @@ -49,6 +49,7 @@ import android.view.LayoutInflater; @@ -39,7 +39,7 @@ index 9f5192d044..c7e0673b8a 100644 public static class ChooseLockPasswordFragment extends InstrumentedPreferenceFragment diff --git a/src/com/android/settings/password/ChooseLockPattern.java b/src/com/android/settings/password/ChooseLockPattern.java -index f65b4b3cf5..e4fa302f0a 100644 +index f65b4b3cf5e..e4fa302f0af 100644 --- a/src/com/android/settings/password/ChooseLockPattern.java +++ b/src/com/android/settings/password/ChooseLockPattern.java @@ -29,6 +29,7 @@ import android.view.View; @@ -59,7 +59,7 @@ index f65b4b3cf5..e4fa302f0a 100644 @Override diff --git a/tests/robotests/src/com/android/settings/password/ChooseLockPasswordTest.java b/tests/robotests/src/com/android/settings/password/ChooseLockPasswordTest.java -index b8f06793ac..0970e5f3bf 100644 +index b8f06793ac3..0970e5f3bf1 100644 --- a/tests/robotests/src/com/android/settings/password/ChooseLockPasswordTest.java +++ b/tests/robotests/src/com/android/settings/password/ChooseLockPasswordTest.java @@ -16,6 +16,8 @@ @@ -95,7 +95,7 @@ index b8f06793ac..0970e5f3bf 100644 ShadowDrawable drawable = setActivityAndGetIconDrawable(true); assertThat(drawable.getCreatedFromResId()).isEqualTo(R.drawable.ic_fingerprint_header); diff --git a/tests/robotests/src/com/android/settings/password/ChooseLockPatternTest.java b/tests/robotests/src/com/android/settings/password/ChooseLockPatternTest.java -index c74448b5dd..7735e5db9f 100644 +index c74448b5dd9..7735e5db9f4 100644 --- a/tests/robotests/src/com/android/settings/password/ChooseLockPatternTest.java +++ b/tests/robotests/src/com/android/settings/password/ChooseLockPatternTest.java @@ -16,6 +16,8 @@ diff --git a/Patches/LineageOS-15.1/android_packages_apps_Settings/351914-backport.patch b/Patches/LineageOS-15.1/android_packages_apps_Settings/351914-backport.patch index 4b7f04c9..afab7620 100644 --- a/Patches/LineageOS-15.1/android_packages_apps_Settings/351914-backport.patch +++ b/Patches/LineageOS-15.1/android_packages_apps_Settings/351914-backport.patch @@ -29,7 +29,7 @@ Merged-In: Ia18f367109df5af7da0a5acad7702898a459d32e 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/src/com/android/settings/SettingsPreferenceFragment.java b/src/com/android/settings/SettingsPreferenceFragment.java -index a3d26af8eb..6653dd0ba9 100644 +index a3d26af8eb7..6653dd0ba98 100644 --- a/src/com/android/settings/SettingsPreferenceFragment.java +++ b/src/com/android/settings/SettingsPreferenceFragment.java @@ -49,6 +49,7 @@ import com.android.settings.applications.LayoutPreference; @@ -83,7 +83,7 @@ index a3d26af8eb..6653dd0ba9 100644 highlightPreferenceIfNeeded(); updateEmptyView(); diff --git a/src/com/android/settings/system/ResetDashboardFragment.java b/src/com/android/settings/system/ResetDashboardFragment.java -index 48295a42e1..add340f230 100644 +index 48295a42e18..add340f2306 100644 --- a/src/com/android/settings/system/ResetDashboardFragment.java +++ b/src/com/android/settings/system/ResetDashboardFragment.java @@ -56,6 +56,11 @@ public class ResetDashboardFragment extends DashboardFragment { diff --git a/Patches/LineageOS-15.1/android_packages_apps_Settings/358568-backport.patch b/Patches/LineageOS-15.1/android_packages_apps_Settings/358568-backport.patch index b7b43e6d..832a55a9 100644 --- a/Patches/LineageOS-15.1/android_packages_apps_Settings/358568-backport.patch +++ b/Patches/LineageOS-15.1/android_packages_apps_Settings/358568-backport.patch @@ -13,7 +13,7 @@ Change-Id: I0051e5d5fc9fd3691504cb5fbb959f701e0bce6a 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/com/android/settings/accounts/AddAccountSettings.java b/src/com/android/settings/accounts/AddAccountSettings.java -index cca15c96d3..2e23e93124 100644 +index cca15c96d3c..2e23e931241 100644 --- a/src/com/android/settings/accounts/AddAccountSettings.java +++ b/src/com/android/settings/accounts/AddAccountSettings.java @@ -102,7 +102,8 @@ public class AddAccountSettings extends Activity { diff --git a/Patches/LineageOS-15.1/android_packages_apps_Settings/365973-backport.patch b/Patches/LineageOS-15.1/android_packages_apps_Settings/365973-backport.patch index c466d834..a429bfee 100644 --- a/Patches/LineageOS-15.1/android_packages_apps_Settings/365973-backport.patch +++ b/Patches/LineageOS-15.1/android_packages_apps_Settings/365973-backport.patch @@ -21,7 +21,7 @@ Change-Id: I6470d1684d707f4b1e86f8b456be0b4e0af5f188 1 file changed, 64 insertions(+), 56 deletions(-) diff --git a/src/com/android/settings/DeviceAdminAdd.java b/src/com/android/settings/DeviceAdminAdd.java -index ebad411531..981930987a 100644 +index ebad4115318..981930987a6 100644 --- a/src/com/android/settings/DeviceAdminAdd.java +++ b/src/com/android/settings/DeviceAdminAdd.java @@ -49,6 +49,8 @@ import android.text.TextUtils.TruncateAt; diff --git a/Patches/LineageOS-15.1/android_packages_apps_Settings/367639-backport.patch b/Patches/LineageOS-15.1/android_packages_apps_Settings/367639-backport.patch new file mode 100644 index 00000000..d525fa79 --- /dev/null +++ b/Patches/LineageOS-15.1/android_packages_apps_Settings/367639-backport.patch @@ -0,0 +1,66 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Weng Su +Date: Fri, 7 Jul 2023 19:52:04 +0800 +Subject: [PATCH] Restrict ApnEditor settings + +- Finish ApnEditor settings if user is not an admin + +- Finish ApnEditor settings if user has DISALLOW_CONFIG_MOBILE_NETWORKS restriction + +Bug: 279902472 +Test: manual test +make RunSettingsRoboTests ROBOTEST_FILTER=ApnEditorTest +(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:5c2d727b8f9198bf758a4896eda7c9e5385435ff) +Merged-In: Iecdbbff7e21dfb11e3ba385858747a220cfd3e04 +Change-Id: Iecdbbff7e21dfb11e3ba385858747a220cfd3e04 +--- + src/com/android/settings/ApnEditor.java | 22 ++++++++++++++++++++++ + 1 file changed, 22 insertions(+) + +diff --git a/src/com/android/settings/ApnEditor.java b/src/com/android/settings/ApnEditor.java +index 50a7a77309a..c1b19153fb6 100644 +--- a/src/com/android/settings/ApnEditor.java ++++ b/src/com/android/settings/ApnEditor.java +@@ -27,6 +27,7 @@ import android.database.Cursor; + import android.net.Uri; + import android.os.Bundle; + import android.os.PersistableBundle; ++import android.os.UserManager; + import android.provider.Telephony; + import android.support.v14.preference.MultiSelectListPreference; + import android.support.v14.preference.SwitchPreference; +@@ -179,6 +180,11 @@ public class ApnEditor extends SettingsPreferenceFragment + @Override + public void onCreate(Bundle icicle) { + super.onCreate(icicle); ++ if (isUserRestricted()) { ++ Log.e(TAG, "This setting isn't available due to user restriction."); ++ finish(); ++ return; ++ } + + addPreferencesFromResource(R.xml.apn_editor); + +@@ -1118,6 +1124,22 @@ public class ApnEditor extends SettingsPreferenceFragment + } + } + ++ boolean isUserRestricted() { ++ UserManager userManager = getContext().getSystemService(UserManager.class); ++ if (userManager == null) { ++ return false; ++ } ++ if (!userManager.isAdminUser()) { ++ Log.e(TAG, "User is not an admin"); ++ return true; ++ } ++ if (userManager.hasUserRestriction(UserManager.DISALLOW_CONFIG_MOBILE_NETWORKS)) { ++ Log.e(TAG, "User is not allowed to configure mobile network"); ++ return true; ++ } ++ return false; ++ } ++ + private String checkNotSet(String value) { + if (value == null || value.equals(sNotSet)) { + return ""; diff --git a/Patches/LineageOS-15.1/android_system_vold/0001-AES256.patch b/Patches/LineageOS-15.1/android_system_vold/0001-AES256.patch index 1cd0206b..2bf6064f 100644 --- a/Patches/LineageOS-15.1/android_system_vold/0001-AES256.patch +++ b/Patches/LineageOS-15.1/android_system_vold/0001-AES256.patch @@ -10,7 +10,7 @@ Change-Id: Ib2d53a1d22e935ef0fa5f0f91e3bf5308d9c6459 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/Android.mk b/Android.mk -index 2beae28..25fd823 100644 +index 2beae282..25fd823e 100644 --- a/Android.mk +++ b/Android.mk @@ -115,6 +115,10 @@ ifeq ($(TARGET_HW_DISK_ENCRYPTION),true) @@ -25,7 +25,7 @@ index 2beae28..25fd823 100644 vold_cflags += -DCONFIG_EXFAT_DRIVER=\"$(TARGET_EXFAT_DRIVER)\" mini_src_files += fs/Exfat.cpp diff --git a/cryptfs.cpp b/cryptfs.cpp -index e33afdd..5102f12 100644 +index e33afddf..5102f126 100644 --- a/cryptfs.cpp +++ b/cryptfs.cpp @@ -75,9 +75,17 @@ extern "C" { diff --git a/Scripts/LineageOS-15.1/Patch.sh b/Scripts/LineageOS-15.1/Patch.sh index 6a17ea5b..fc0fa906 100644 --- a/Scripts/LineageOS-15.1/Patch.sh +++ b/Scripts/LineageOS-15.1/Patch.sh @@ -74,7 +74,7 @@ applyPatch "$DOS_PATCHES/android_build/0002-Enable_fwrapv.patch"; #Use -fwrapv a applyPatch "$DOS_PATCHES/android_build/0003-verity-openssl3.patch"; #Fix VB 1.0 failure due to openssl output format change sed -i '57i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches. awk -i inplace '!/Email/' target/product/core.mk; #Remove Email -sed -i 's/2021-10-05/2023-09-05/' core/version_defaults.mk; #Bump Security String #XXX +sed -i 's/2021-10-05/2023-10-05/' core/version_defaults.mk; #Bump Security String #XXX fi; if enterAndClear "build/soong"; then @@ -130,6 +130,10 @@ if enterAndClear "external/libvpx"; then applyPatch "$DOS_PATCHES_COMMON/android_external_libvpx/CVE-2023-5217.patch"; #VP8: disallow thread count changes fi; +if enterAndClear "external/libxml2"; then +applyPatch "$DOS_PATCHES/android_external_libxml2/368053.patch"; #R_asb_2023-10 malloc-fail: Fix OOB read after xmlRegGetCounter +fi; + if enterAndClear "external/svox"; then git revert --no-edit 1419d63b4889a26d22443fd8df1f9073bf229d3d; #Add back Makefiles fi; @@ -212,6 +216,11 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/364036-backport.patch"; #R_asb_ applyPatch "$DOS_PATCHES/android_frameworks_base/364037.patch"; #R_asb_2023-08 Use Settings.System.getIntForUser instead of getInt to make sure user specific settings are used applyPatch "$DOS_PATCHES/android_frameworks_base/364038-backport.patch"; #R_asb_2023-08 Resolve StatusHints image exploit across user. applyPatch "$DOS_PATCHES/android_frameworks_base/365967.patch"; #R_asb_2023-09 Update AccountManagerService checkKeyIntentParceledCorrectly. +applyPatch "$DOS_PATCHES/android_frameworks_base/368055.patch"; #R_asb_2023-10 RingtoneManager: verify default ringtone is audio +applyPatch "$DOS_PATCHES/android_frameworks_base/368059.patch"; #R_asb_2023-10 Do not share key mappings with JNI object +applyPatch "$DOS_PATCHES/android_frameworks_base/368061.patch"; #R_asb_2023-10 Fix KCM key mapping cloning +applyPatch "$DOS_PATCHES/android_frameworks_base/368062-backport.patch"; #R_asb_2023-10 Disallow loading icon from content URI to PipMenu +applyPatch "$DOS_PATCHES/android_frameworks_base/368063.patch"; #R_asb_2023-10 Fixing DatabaseUtils to detect malformed UTF-16 strings applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0001-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS) applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969) applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after five failed attempts (GrapheneOS) @@ -358,6 +367,7 @@ applyPatch "$DOS_PATCHES/android_packages_apps_Settings/345912-backport.patch"; applyPatch "$DOS_PATCHES/android_packages_apps_Settings/351914-backport.patch"; #P_asb_2023-03 FRP bypass defense in the settings app applyPatch "$DOS_PATCHES/android_packages_apps_Settings/358568-backport.patch"; #R_asb_2023-06 Convert argument to intent in AddAccountSettings. applyPatch "$DOS_PATCHES/android_packages_apps_Settings/365973-backport.patch"; #R_asb_2023-09 Prevent non-system IME from becoming device admin +applyPatch "$DOS_PATCHES/android_packages_apps_Settings/367639-backport.patch"; #n-asb-2023-10 Restrict ApnEditor settings git revert --no-edit a96df110e84123fe1273bff54feca3b4ca484dcd; #Don't hide OEM unlock applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969) if [ "$DOS_SENSORS_PERM" = true ]; then