Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2024-12-13 01:44:26 -05:00
Code Issues Packages Projects Releases Wiki Activity

19.1: October 2024 ASB work

Browse Source 
Signed-off-by: Tavi <tavi@divested.dev>
This commit is contained in:
Tavi 2024-10-13 13:51:12 -04:00
parent bc14aa5d0e
commit f75cf77da2
No known key found for this signature in database
GPG Key ID: E599F62ECBAEAF2E
10 changed files with 701 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
Patches/LineageOS-19.1/android_frameworks_base/405358.patch Normal file
View File

@ -0,0 +1,30 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: William Loh <wloh@google.com>
Date: Mon, 3 Jun 2024 12:56:47 -0700
Subject: [PATCH] Fail parseUri if end is missing
Bug: 318683126
Test: atest IntentTest
Flag: EXEMPT bugfix
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:b85bee508793e31d6fe37fc9cd4e8fa3787113cc)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:77c140c674ec1cec011989f4a2c2666949771370)
Merged-In: I5f619ced684ff505ce2b7408cd35dd3e9be89dea
Change-Id: I5f619ced684ff505ce2b7408cd35dd3e9be89dea
---
core/java/android/content/Intent.java | 3 +++
1 file changed, 3 insertions(+)
diff --git a/core/java/android/content/Intent.java b/core/java/android/content/Intent.java
index 6224758ce71a..ec67c7239df2 100644
--- a/core/java/android/content/Intent.java
+++ b/core/java/android/content/Intent.java
@@ -7322,6 +7322,9 @@ public class Intent implements Parcelable, Cloneable {
int eq = uri.indexOf('=', i);
if (eq < 0) eq = i-1;
int semi = uri.indexOf(';', i);
+ if (semi < 0) {
+ throw new URISyntaxException(uri, "uri end not found");
+ }
String value = eq < semi ? Uri.decode(uri.substring(eq + 1, semi)) : "";
// action

32
Patches/LineageOS-19.1/android_frameworks_base/405359.patch Normal file
View File

@ -0,0 +1,32 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Dmitry Dementyev <dementyev@google.com>
Date: Thu, 11 Jul 2024 12:39:22 -0700
Subject: [PATCH] Update AccountManagerService checkKeyIntent.
Block intents with "content" data scheme.
Bug: 349780950
Test: manual
Flag: EXEMPT bugfix
(cherry picked from commit c1e79495a49bd4d3e380136fe4bca7ac1a9ed763)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:1bcf4f36c171a73990b47136930af1930ccd3ece)
Merged-In: I8b23191d3d60036ca7ddf0ef7dcba6b38fb27b3c
Change-Id: I8b23191d3d60036ca7ddf0ef7dcba6b38fb27b3c
---
.../com/android/server/accounts/AccountManagerService.java | 3 +++
1 file changed, 3 insertions(+)
diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java
index 43944b050de4..d55be44f62cd 100644
--- a/services/core/java/com/android/server/accounts/AccountManagerService.java
+++ b/services/core/java/com/android/server/accounts/AccountManagerService.java
@@ -4895,6 +4895,9 @@ public class AccountManagerService
if (resolveInfo == null) {
return false;
}
+ if ("content".equals(intent.getScheme())) {
+ return false;
+ }
ActivityInfo targetActivityInfo = resolveInfo.activityInfo;
int targetUid = targetActivityInfo.applicationInfo.uid;
PackageManagerInternal pmi = LocalServices.getService(PackageManagerInternal.class);

39
Patches/LineageOS-19.1/android_frameworks_base/405360-backport.patch Normal file
View File

@ -0,0 +1,39 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Mark Renouf <mrenouf@google.com>
Date: Thu, 20 Jun 2024 16:37:42 -0400
Subject: [PATCH] Prevent Sharing when FRP enforcement is in effect
ADB command to trigger sharing:
```
adb shell 'am start -a android.intent.action.CHOOSER --eu android.intent.extra.INTENT "intent:#Intent;action=android.intent.action.SEND;type=text/plain;S.android.intent.extra.TEXT=Shared%20text;end"'
```
Bug: 327645387
Test: manual; trigger FRP; attempt to open share sheet using adb
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:1c7101154d42f804d52d65643a7e79dfee22295a)
Merged-In: I1db78ab74babe71b516f601be35cf476b5e43271
Change-Id: I1db78ab74babe71b516f601be35cf476b5e43271
---
core/java/com/android/internal/app/ChooserActivity.java | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/core/java/com/android/internal/app/ChooserActivity.java b/core/java/com/android/internal/app/ChooserActivity.java
index 9d95a6b346b3..c741029143ec 100644
--- a/core/java/com/android/internal/app/ChooserActivity.java
+++ b/core/java/com/android/internal/app/ChooserActivity.java
@@ -600,6 +600,14 @@ public class ChooserActivity extends ResolverActivity implements
@Override
protected void onCreate(Bundle savedInstanceState) {
+ if (Settings.Secure.getIntForUser(getContentResolver(),
+ Settings.Secure.SECURE_FRP_MODE, 0,
+ getUserId()) == 1) {
+ Log.e(TAG, "Sharing disabled due to active FRP lock.");
+ super.onCreate(savedInstanceState);
+ finish();
+ return;
+ }
final long intentReceivedTime = System.currentTimeMillis();
getChooserActivityLogger().logSharesheetTriggered();
// This is the only place this value is being set. Effectively final.

39
Patches/LineageOS-19.1/android_frameworks_base/405361-backport.patch Normal file
View File

@ -0,0 +1,39 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Sumedh Sen <sumedhsen@google.com>
Date: Wed, 17 Jul 2024 17:42:43 +0000
Subject: [PATCH] Check whether installerPackageName contains only valid
characters
Bug: 341256391
Bug: 307532206
Test: sts-tradefed run sts-dynamic-develop -m CtsSecurityTestCases -t android.security.cts.CVE_2024_0044
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:7aa86be3077b0ffa3de2345788c7c711fcfb4fe7)
Merged-In: I74a172c617d6f5b13f0708092156b657b73b5891
Change-Id: I74a172c617d6f5b13f0708092156b657b73b5891
---
.../com/android/server/pm/PackageInstallerService.java | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/services/core/java/com/android/server/pm/PackageInstallerService.java b/services/core/java/com/android/server/pm/PackageInstallerService.java
index 02515cfdc16a..310c56ef1260 100644
--- a/services/core/java/com/android/server/pm/PackageInstallerService.java
+++ b/services/core/java/com/android/server/pm/PackageInstallerService.java
@@ -609,12 +609,17 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements
params.appLabel = TextUtils.trimToSize(params.appLabel,
PackageItemInfo.MAX_SAFE_LABEL_LENGTH);
- // Validate installer package name.
+ // Validate requested installer package name.
if (params.installerPackageName != null && !isValidPackageName(
params.installerPackageName)) {
params.installerPackageName = null;
}
+ // Validate installer package name.
+ if (installerPackageName != null && !isValidPackageName(installerPackageName)) {
+ installerPackageName = null;
+ }
+
String requestedInstallerPackageName =
params.installerPackageName != null ? params.installerPackageName
: installerPackageName;

53
Patches/LineageOS-19.1/android_libcore/405362.patch Normal file
View File

@ -0,0 +1,53 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Almaz Mingaleev <mingaleev@google.com>
Date: Wed, 10 Jul 2024 13:38:35 +0100
Subject: [PATCH] Do not accept zip files with invalid headers.
According to Section 4.3.6 in [1] non-empty zip file starts with
local file header. 4.3.1 allows empty files, and in such case
file starts with "end of central directory record".
This aligns ZipFile with libziparchive modulo empty zip files -
libziparchive rejects them.
Tests are skipped because sc-dev branch uses ART module
prebuilts, but builds tests from sources which leads to presubmit
failures.
Ignore-AOSP-First: b/309938635#comment1
[1] https://pkwaredownloads.blob.core.windows.net/pem/APPNOTE.txt
Bug: 309938635
Test: CtsLibcoreTestCases
Test: CtsLibcoreOjTestCases
(cherry picked from commit 288a44a1817707110cdf5a3a6ef8377c6e10cce2)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:5a6809400627ab1c8dbb76f92dfb89daae6b2f65)
Merged-In: I545cdd49ec3cc138331145f4716c8148662a478b
Change-Id: I545cdd49ec3cc138331145f4716c8148662a478b
---
ojluni/src/main/native/zip_util.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/ojluni/src/main/native/zip_util.c b/ojluni/src/main/native/zip_util.c
index aa9c5cede9..16951a78ed 100644
--- a/ojluni/src/main/native/zip_util.c
+++ b/ojluni/src/main/native/zip_util.c
@@ -878,6 +878,17 @@ ZIP_Put_In_Cache0(const char *name, ZFILE zfd, char **pmsg, jlong lastModified,
zip->locsig = JNI_TRUE;
else
zip->locsig = JNI_FALSE;
+
+ // BEGIN Android-changed: do not accept files with invalid header.
+ if (GETSIG(errbuf) != LOCSIG && GETSIG(errbuf) != ENDSIG) {
+ if (pmsg) {
+ *pmsg = strdup("Entry at offset zero has invalid LFH signature.");
+ }
+ ZFILE_Close(zfd);
+ freeZip(zip);
+ return NULL;
+ }
+ // END Android-changed: do not accept files with invalid header.
}
// This lseek is safe because it happens during construction of the ZipFile

4
Patches/LineageOS-19.1/android_packages_apps_Bluetooth/0001-constify_JNINativeMethod.patch
View File

@ -206,10 +206,10 @@ index 17b6e97c0..c3a00d5d2 100644
{"initNative", "()V", (void*)initNative},
{"cleanupNative", "()V", (void*)cleanupNative},
diff --git a/jni/com_android_bluetooth_hid_host.cpp b/jni/com_android_bluetooth_hid_host.cpp
index 074e39d5b..b1116ef47 100644
index b552cae52..a4df4c221 100644
--- a/jni/com_android_bluetooth_hid_host.cpp
+++ b/jni/com_android_bluetooth_hid_host.cpp
@@ -506,7 +506,7 @@ static jboolean setIdleTimeNative(JNIEnv* env, jobject object,
@@ -508,7 +508,7 @@ static jboolean setIdleTimeNative(JNIEnv* env, jobject object,
return status == BT_STATUS_SUCCESS ? JNI_TRUE : JNI_FALSE;
}

84
Patches/LineageOS-19.1/android_packages_apps_Bluetooth/405364-backport.patch Normal file
View File

@ -0,0 +1,84 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Himanshu Rawat <rwt@google.com>
Date: Mon, 8 Apr 2024 19:44:45 +0000
Subject: [PATCH] RESTRICT AUTOMERGE Disallow unexpected incoming HID
connections 2/2
HID profile accepted any new incoming HID connection. Even when the
connection policy disabled HID connection, remote devices could initiate
HID connection.
This change ensures that incoming HID connection are accepted only if
application was interested in that HID connection.
This vulnerarbility no longer exists on the main because of feature
request b/324093729.
Test: Manual | Pair and connect a HID device, disable HID connection
from Bluetooth device setting, attempt to connect from the HID device.
Bug: 308429049
Ignore-AOSP-First: security
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:5fc87e65eb3d70f051e2902d3e81ce6587ab1a96)
Merged-In: I1d7e886b1045d026f96c8274aca86dc499f87777
Change-Id: I1d7e886b1045d026f96c8274aca86dc499f87777
---
jni/com_android_bluetooth_hid_host.cpp | 8 +++++---
src/com/android/bluetooth/hid/HidHostService.java | 7 +++++--
2 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/jni/com_android_bluetooth_hid_host.cpp b/jni/com_android_bluetooth_hid_host.cpp
index 074e39d5b..b552cae52 100644
--- a/jni/com_android_bluetooth_hid_host.cpp
+++ b/jni/com_android_bluetooth_hid_host.cpp
@@ -284,7 +284,8 @@ static jboolean connectHidNative(JNIEnv* env, jobject object,
}
static jboolean disconnectHidNative(JNIEnv* env, jobject object,
- jbyteArray address) {
+ jbyteArray address,
+ jboolean reconnect_allowed) {
jbyte* addr;
jboolean ret = JNI_TRUE;
if (!sBluetoothHidInterface) return JNI_FALSE;
@@ -295,7 +296,8 @@ static jboolean disconnectHidNative(JNIEnv* env, jobject object,
return JNI_FALSE;
}
- bt_status_t status = sBluetoothHidInterface->disconnect((RawAddress*)addr);
+ bt_status_t status =
+ sBluetoothHidInterface->disconnect((RawAddress*)addr, reconnect_allowed);
if (status != BT_STATUS_SUCCESS) {
ALOGE("Failed disconnect hid channel, status: %d", status);
ret = JNI_FALSE;
@@ -511,7 +513,7 @@ static JNINativeMethod sMethods[] = {
{"initializeNative", "()V", (void*)initializeNative},
{"cleanupNative", "()V", (void*)cleanupNative},
{"connectHidNative", "([B)Z", (void*)connectHidNative},
- {"disconnectHidNative", "([B)Z", (void*)disconnectHidNative},
+ {"disconnectHidNative", "([BZ)Z", (void*)disconnectHidNative},
{"getProtocolModeNative", "([B)Z", (void*)getProtocolModeNative},
{"virtualUnPlugNative", "([B)Z", (void*)virtualUnPlugNative},
{"setProtocolModeNative", "([BB)Z", (void*)setProtocolModeNative},
diff --git a/src/com/android/bluetooth/hid/HidHostService.java b/src/com/android/bluetooth/hid/HidHostService.java
index f1e974631..e88f4b649 100644
--- a/src/com/android/bluetooth/hid/HidHostService.java
+++ b/src/com/android/bluetooth/hid/HidHostService.java
@@ -175,7 +175,10 @@ public class HidHostService extends ProfileService {
BluetoothDevice device = (BluetoothDevice) msg.obj;
Attributable.setAttributionSource(device,
ActivityThread.currentAttributionSource());
- if (!disconnectHidNative(Utils.getByteAddress(device))) {
+ int connectionPolicy = getConnectionPolicy(device);
+ boolean reconnectAllowed =
+ connectionPolicy == BluetoothProfile.CONNECTION_POLICY_ALLOWED;
+ if (!disconnectHidNative(Utils.getByteAddress(device), reconnectAllowed)) {
broadcastConnectionState(device, BluetoothProfile.STATE_DISCONNECTING);
broadcastConnectionState(device, BluetoothProfile.STATE_DISCONNECTED);
break;
@@ -959,7 +962,7 @@ public class HidHostService extends ProfileService {
private native boolean connectHidNative(byte[] btAddress);
- private native boolean disconnectHidNative(byte[] btAddress);
+ private native boolean disconnectHidNative(byte[] btAddress, boolean reconnectAllowed);
private native boolean getProtocolModeNative(byte[] btAddress);

52
Patches/LineageOS-19.1/android_packages_apps_Settings/405363-backport.patch Normal file
View File

@ -0,0 +1,52 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Yiling Chuang <emilychuang@google.com>
Date: Mon, 8 Jul 2024 03:09:50 +0000
Subject: [PATCH] RESTRICT AUTOMERGE FRP bypass defense in App battery usage
page
Before the setup flow completion, don't allow the app info page in App battery usage to be launched.
Bug: 327748846
Test: atest SettingsRoboTests + manual test
- factory reset + launch app battery usage app info via ADB during Setup -> verify app closes
Flag : EXEMPT bugfix
(cherry picked from commit 419a6a907902a12a0f565c808fa70092004d6686)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:e5d21702863284479af7561e3c833bc2cab2a7d3)
Merged-In: I486820ca2afecc02729a56a3c531fb931c1907d0
Change-Id: I486820ca2afecc02729a56a3c531fb931c1907d0
---
.../android/settings/fuelgauge/AdvancedPowerUsageDetail.java | 5 +++++
.../settings/fuelgauge/AdvancedPowerUsageDetailTest.java | 5 +++++
2 files changed, 10 insertions(+)
diff --git a/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetail.java b/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetail.java
index 3741bfe804..d89286d4e4 100644
--- a/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetail.java
+++ b/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetail.java
@@ -283,6 +283,11 @@ public class AdvancedPowerUsageDetail extends DashboardFragment implements
}
}
+ @Override
+ protected boolean shouldSkipForInitialSUW() {
+ return true;
+ }
+
@Override
public void onPause() {
super.onPause();
diff --git a/tests/robotests/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetailTest.java b/tests/robotests/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetailTest.java
index 0a48cd1b12..212ac21cd0 100644
--- a/tests/robotests/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetailTest.java
+++ b/tests/robotests/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetailTest.java
@@ -859,4 +859,9 @@ public class AdvancedPowerUsageDetailTest {
verifyZeroInteractions(mBackupManager);
}
+
+ @Test
+ public void shouldSkipForInitialSUW_returnTrue() {
+ assertThat(mFragment.shouldSkipForInitialSUW()).isTrue();
+ }
}

361
Patches/LineageOS-19.1/android_system_bt/405364-backport.patch Normal file
View File

@ -0,0 +1,361 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Himanshu Rawat <rwt@google.com>
Date: Mon, 8 Apr 2024 19:42:21 +0000
Subject: [PATCH] RESTRICT AUTOMERGE Disallow unexpected incoming HID
connections 1/2
HID profile accepted any new incoming HID connection. Even when the
connection policy disabled HID connection, remote devices could initiate
HID connection.
This change ensures that incoming HID connection are accepted only if
application was interested in that HID connection.
This vulnerarbility no longer exists on the main because of feature
request b/324093729.
Test: Manual | Pair and connect a HID device, disable HID connection
from Bluetooth device setting, attempt to connect from the HID device.
Bug: 308429049
Ignore-AOSP-First: security
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:18c635ad7923f5c26d6cd4cf7f7c66b2fa02462b)
Merged-In: I6e9db983e752dd498625078c13b736cd4c668806
Change-Id: I6e9db983e752dd498625078c13b736cd4c668806
---
btif/include/btif_hh.h | 4 +-
btif/include/btif_storage.h | 23 ++++++++++
btif/src/btif_hh.cc | 86 ++++++++++++++++++++++++++++++++++---
btif/src/btif_storage.cc | 52 +++++++++++++++++++++-
include/hardware/bt_hh.h | 2 +-
5 files changed, 159 insertions(+), 8 deletions(-)
diff --git a/btif/include/btif_hh.h b/btif/include/btif_hh.h
index 1d4bc93e2..978951500 100644
--- a/btif/include/btif_hh.h
+++ b/btif/include/btif_hh.h
@@ -99,6 +99,7 @@ typedef struct {
uint8_t dev_handle;
RawAddress bd_addr;
tBTA_HH_ATTR_MASK attr_mask;
+ bool reconnect_allowed;
} btif_hh_added_device_t;
/**
@@ -124,7 +125,8 @@ extern btif_hh_cb_t btif_hh_cb;
extern btif_hh_device_t* btif_hh_find_connected_dev_by_handle(uint8_t handle);
extern void btif_hh_remove_device(RawAddress bd_addr);
extern bool btif_hh_add_added_dev(const RawAddress& bda,
- tBTA_HH_ATTR_MASK attr_mask);
+ tBTA_HH_ATTR_MASK attr_mask,
+ bool reconnect_allowed);
extern bt_status_t btif_hh_virtual_unplug(const RawAddress* bd_addr);
extern void btif_hh_disconnect(RawAddress* bd_addr);
extern void btif_hh_setreport(btif_hh_device_t* p_dev,
diff --git a/btif/include/btif_storage.h b/btif/include/btif_storage.h
index 7e970ec4d..a568e7006 100644
--- a/btif/include/btif_storage.h
+++ b/btif/include/btif_storage.h
@@ -179,6 +179,29 @@ bt_status_t btif_storage_remove_bonded_device(const RawAddress* remote_bd_addr);
******************************************************************************/
bt_status_t btif_storage_load_bonded_devices(void);
+/*******************************************************************************
+ *
+ * Function btif_storage_set_hid_connection_policy
+ *
+ * Description Stores connection policy info in nvram
+ *
+ * Returns BT_STATUS_SUCCESS
+ *
+ ******************************************************************************/
+bt_status_t btif_storage_set_hid_connection_policy(const RawAddress& addr,
+ bool reconnect_allowed);
+/*******************************************************************************
+ *
+ * Function btif_storage_get_hid_connection_policy
+ *
+ * Description get connection policy info from nvram
+ *
+ * Returns BT_STATUS_SUCCESS
+ *
+ ******************************************************************************/
+bt_status_t btif_storage_get_hid_connection_policy(const RawAddress& addr,
+ bool* reconnect_allowed);
+
/*******************************************************************************
*
* Function btif_storage_add_hid_device_info
diff --git a/btif/src/btif_hh.cc b/btif/src/btif_hh.cc
index b35b2cd49..fc7731e92 100644
--- a/btif/src/btif_hh.cc
+++ b/btif/src/btif_hh.cc
@@ -305,6 +305,24 @@ btif_hh_device_t* btif_hh_find_connected_dev_by_handle(uint8_t handle) {
return NULL;
}
+/*******************************************************************************
+ *
+ * Function btif_hh_find_added_dev
+ *
+ * Description Return the added device pointer of the specified address
+ *
+ * Returns Added device entry
+ ******************************************************************************/
+btif_hh_added_device_t* btif_hh_find_added_dev(const RawAddress& addr) {
+ for (int i = 0; i < BTIF_HH_MAX_ADDED_DEV; i++) {
+ btif_hh_added_device_t* added_dev = &btif_hh_cb.added_devices[i];
+ if (added_dev->bd_addr == addr) {
+ return added_dev;
+ }
+ }
+ return nullptr;
+}
+
/*******************************************************************************
*
* Function btif_hh_find_dev_by_bda
@@ -390,7 +408,8 @@ void btif_hh_start_vup_timer(const RawAddress* bd_addr) {
*
* Returns true if add successfully, otherwise false.
******************************************************************************/
-bool btif_hh_add_added_dev(const RawAddress& bda, tBTA_HH_ATTR_MASK attr_mask) {
+bool btif_hh_add_added_dev(const RawAddress& bda, tBTA_HH_ATTR_MASK attr_mask,
+ bool reconnect_allowed) {
int i;
for (i = 0; i < BTIF_HH_MAX_ADDED_DEV; i++) {
if (btif_hh_cb.added_devices[i].bd_addr == bda) {
@@ -404,6 +423,7 @@ bool btif_hh_add_added_dev(const RawAddress& bda, tBTA_HH_ATTR_MASK attr_mask) {
btif_hh_cb.added_devices[i].bd_addr = bda;
btif_hh_cb.added_devices[i].dev_handle = BTA_HH_INVALID_HANDLE;
btif_hh_cb.added_devices[i].attr_mask = attr_mask;
+ btif_hh_cb.added_devices[i].reconnect_allowed = reconnect_allowed;
return true;
}
}
@@ -711,6 +731,23 @@ void btif_hh_getreport(btif_hh_device_t* p_dev, bthh_report_type_t r_type,
*
****************************************************************************/
+static bool btif_hh_connection_allowed(const RawAddress& bda) {
+ /* Accept connection only if reconnection is allowed for the known device, or
+ * outgoing connection was requested */
+ btif_hh_added_device_t* added_dev = btif_hh_find_added_dev(bda);
+ if (added_dev != nullptr && added_dev->reconnect_allowed) {
+ LOG_VERBOSE("Connection allowed %s", PRIVATE_ADDRESS(bda));
+ return true;
+ } else if (btif_hh_cb.pending_conn_address == bda) {
+ LOG_VERBOSE("Device connection was pending for: %s, status: %s",
+ PRIVATE_ADDRESS(bda),
+ btif_hh_status_text(btif_hh_cb.status).c_str());
+ return true;
+ }
+
+ return false;
+}
+
/*******************************************************************************
*
* Function btif_hh_upstreams_evt
@@ -769,9 +806,26 @@ static void btif_hh_upstreams_evt(uint16_t event, char* p_param) {
p_data->status);
break;
- case BTA_HH_OPEN_EVT:
+ case BTA_HH_OPEN_EVT: {
BTIF_TRACE_WARNING("%s: BTA_HH_OPN_EVT: handle=%d, status =%d", __func__,
p_data->conn.handle, p_data->conn.status);
+
+ if (!btif_hh_connection_allowed(p_data->conn.bda)) {
+ LOG_WARN("Reject Incoming HID Connection, device: %s",
+ PRIVATE_ADDRESS(p_data->conn.bda));
+ btif_hh_device_t* p_dev =
+ btif_hh_find_connected_dev_by_handle(p_data->conn.handle);
+ if (p_dev != nullptr) {
+ p_dev->dev_status = BTHH_CONN_STATE_DISCONNECTED;
+ }
+
+ btif_hh_cb.status = (BTIF_HH_STATUS)BTIF_HH_DEV_DISCONNECTED;
+ BTA_HhClose(p_data->conn.handle);
+ HAL_CBACK(bt_hh_callbacks, connection_state_cb, &p_data->conn.bda,
+ BTHH_CONN_STATE_DISCONNECTED);
+ return;
+ }
+
btif_hh_cb.pending_conn_address = RawAddress::kEmpty;
if (p_data->conn.status == BTA_HH_OK) {
p_dev = btif_hh_find_connected_dev_by_handle(p_data->conn.handle);
@@ -830,6 +884,7 @@ static void btif_hh_upstreams_evt(uint16_t event, char* p_param) {
btif_hh_cb.status = (BTIF_HH_STATUS)BTIF_HH_DEV_DISCONNECTED;
}
break;
+ }
case BTA_HH_CLOSE_EVT:
BTIF_TRACE_DEBUG("BTA_HH_CLOSE_EVT: status = %d, handle = %d",
@@ -982,7 +1037,7 @@ static void btif_hh_upstreams_evt(uint16_t event, char* p_param) {
p_data->dscp_info.version,
p_data->dscp_info.ctry_code, len,
p_data->dscp_info.descriptor.dsc_list);
- if (btif_hh_add_added_dev(p_dev->bd_addr, p_dev->attr_mask)) {
+ if (btif_hh_add_added_dev(p_dev->bd_addr, p_dev->attr_mask, true)) {
tBTA_HH_DEV_DSCP_INFO dscp_info;
bt_status_t ret;
btif_hh_copy_hid_info(&dscp_info, &p_data->dscp_info);
@@ -998,6 +1053,8 @@ static void btif_hh_upstreams_evt(uint16_t event, char* p_param) {
p_data->dscp_info.ssr_min_tout, len,
p_data->dscp_info.descriptor.dsc_list);
+ btif_storage_set_hid_connection_policy(p_dev->bd_addr, true);
+
ASSERTC(ret == BT_STATUS_SUCCESS, "storing hid info failed", ret);
BTIF_TRACE_WARNING("BTA_HH_GET_DSCP_EVT: Called add device");
@@ -1285,6 +1342,13 @@ static bt_status_t init(bthh_callbacks_t* callbacks) {
******************************************************************************/
static bt_status_t connect(RawAddress* bd_addr) {
if (btif_hh_cb.status != BTIF_HH_DEV_CONNECTING) {
+ /* If the device was already added, ensure that reconnections are allowed */
+ btif_hh_added_device_t* added_dev = btif_hh_find_added_dev(*bd_addr);
+ if (added_dev != nullptr && !added_dev->reconnect_allowed) {
+ added_dev->reconnect_allowed = true;
+ btif_storage_set_hid_connection_policy(*bd_addr, true);
+ }
+
btif_transfer_context(btif_hh_handle_evt, BTIF_HH_CONNECT_REQ_EVT,
(char*)bd_addr, sizeof(RawAddress), NULL);
return BT_STATUS_SUCCESS;
@@ -1305,7 +1369,7 @@ static bt_status_t connect(RawAddress* bd_addr) {
* Returns bt_status_t
*
******************************************************************************/
-static bt_status_t disconnect(RawAddress* bd_addr) {
+static bt_status_t disconnect(RawAddress* bd_addr, bool reconnect_allowed) {
CHECK_BTHH_INIT();
BTIF_TRACE_EVENT("BTHH: %s", __func__);
btif_hh_device_t* p_dev;
@@ -1315,6 +1379,17 @@ static bt_status_t disconnect(RawAddress* bd_addr) {
btif_hh_cb.status);
return BT_STATUS_FAIL;
}
+
+ if (!reconnect_allowed) {
+ LOG_INFO("Incoming reconnections disabled for device %s",
+ PRIVATE_ADDRESS((*bd_addr)));
+ btif_hh_added_device_t* added_dev = btif_hh_find_added_dev(*bd_addr);
+ if (added_dev != nullptr && added_dev->reconnect_allowed) {
+ added_dev->reconnect_allowed = false;
+ btif_storage_set_hid_connection_policy(added_dev->bd_addr, false);
+ }
+ }
+
p_dev = btif_hh_find_connected_dev_by_bda(*bd_addr);
if (p_dev != NULL) {
return btif_transfer_context(btif_hh_handle_evt, BTIF_HH_DISCONNECT_REQ_EVT,
@@ -1446,9 +1521,10 @@ static bt_status_t set_info(RawAddress* bd_addr, bthh_hid_info_t hid_info) {
(uint8_t*)osi_malloc(dscp_info.descriptor.dl_len);
memcpy(dscp_info.descriptor.dsc_list, &(hid_info.dsc_list), hid_info.dl_len);
- if (btif_hh_add_added_dev(*bd_addr, hid_info.attr_mask)) {
+ if (btif_hh_add_added_dev(*bd_addr, hid_info.attr_mask, true)) {
BTA_HhAddDev(*bd_addr, hid_info.attr_mask, hid_info.sub_class,
hid_info.app_id, dscp_info);
+ btif_storage_set_hid_connection_policy(*bd_addr, true);
}
osi_free_and_reset((void**)&dscp_info.descriptor.dsc_list);
diff --git a/btif/src/btif_storage.cc b/btif/src/btif_storage.cc
index 570c024fe..b42b8ed7d 100644
--- a/btif/src/btif_storage.cc
+++ b/btif/src/btif_storage.cc
@@ -88,6 +88,8 @@ using bluetooth::Uuid;
#define BTIF_STORAGE_KEY_SECURE_CONNECTIONS_SUPPORTED \
"SecureConnectionsSupported"
+#define BTIF_STORAGE_KEY_HID_RECONNECT_ALLOWED "HidReConnectAllowed"
+
/* This is a local property to add a device found */
#define BT_PROPERTY_REMOTE_DEVICE_TIMESTAMP 0xFF
@@ -1348,6 +1350,50 @@ bt_status_t btif_storage_get_remote_addr_type(const RawAddress* remote_bd_addr,
*addr_type = static_cast<tBLE_ADDR_TYPE>(val);
return ret ? BT_STATUS_SUCCESS : BT_STATUS_FAIL;
}
+
+/*******************************************************************************
+ *
+ * Function btif_storage_set_hid_connection_policy
+ *
+ * Description Stores connection policy info in nvram
+ *
+ * Returns BT_STATUS_SUCCESS
+ *
+ ******************************************************************************/
+bt_status_t btif_storage_set_hid_connection_policy(const RawAddress& addr,
+ bool reconnect_allowed) {
+ std::string bdstr = addr.ToString();
+
+ if (btif_config_set_int(bdstr, BTIF_STORAGE_KEY_HID_RECONNECT_ALLOWED,
+ reconnect_allowed)) {
+ return BT_STATUS_SUCCESS;
+ } else {
+ return BT_STATUS_FAIL;
+ }
+}
+
+/*******************************************************************************
+ *
+ * Function btif_storage_get_hid_connection_policy
+ *
+ * Description get connection policy info from nvram
+ *
+ * Returns BT_STATUS_SUCCESS
+ *
+ ******************************************************************************/
+bt_status_t btif_storage_get_hid_connection_policy(const RawAddress& addr,
+ bool* reconnect_allowed) {
+ std::string bdstr = addr.ToString();
+
+ // For backward compatibility, assume that the reconnection is allowed in the
+ // absence of the key
+ int value = 1;
+ btif_config_get_int(bdstr, BTIF_STORAGE_KEY_HID_RECONNECT_ALLOWED, &value);
+ *reconnect_allowed = (value != 0);
+
+ return BT_STATUS_SUCCESS;
+}
+
/*******************************************************************************
*
* Function btif_storage_add_hid_device_info
@@ -1443,8 +1489,11 @@ bt_status_t btif_storage_load_bonded_hid_info(void) {
(uint8_t*)dscp_info.descriptor.dsc_list, &len);
}
+ bool reconnect_allowed = false;
+ btif_storage_get_hid_connection_policy(bd_addr, &reconnect_allowed);
+
// add extracted information to BTA HH
- if (btif_hh_add_added_dev(bd_addr, attr_mask)) {
+ if (btif_hh_add_added_dev(bd_addr, attr_mask, reconnect_allowed)) {
BTA_HhAddDev(bd_addr, attr_mask, sub_class, app_id, dscp_info);
}
}
@@ -1476,6 +1525,7 @@ bt_status_t btif_storage_remove_hid_info(const RawAddress& remote_bd_addr) {
btif_config_remove(bdstr, "HidSSRMaxLatency");
btif_config_remove(bdstr, "HidSSRMinTimeout");
btif_config_remove(bdstr, "HidDescriptor");
+ btif_config_remove(bdstr, BTIF_STORAGE_KEY_HID_RECONNECT_ALLOWED);
btif_config_save();
return BT_STATUS_SUCCESS;
}
diff --git a/include/hardware/bt_hh.h b/include/hardware/bt_hh.h
index 06272d2c9..75c9cf462 100644
--- a/include/hardware/bt_hh.h
+++ b/include/hardware/bt_hh.h
@@ -170,7 +170,7 @@ typedef struct {
bt_status_t (*connect)(RawAddress* bd_addr);
/** dis-connect from hid device */
- bt_status_t (*disconnect)(RawAddress* bd_addr);
+ bt_status_t (*disconnect)(RawAddress* bd_addr, bool reconnect_allowed);
/** Virtual UnPlug (VUP) the specified HID device */
bt_status_t (*virtual_unplug)(RawAddress* bd_addr);

9
Scripts/LineageOS-19.1/Patch.sh
View File

@ -95,6 +95,7 @@ applyPatch "$DOS_PATCHES_COMMON/android_build/0001-verity-openssl3.patch"; #Fix
sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
awk -i inplace '!/updatable_apex.mk/' target/product/generic_system.mk; #Disable APEX
sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
sed -i 's/2024-09-05/2024-10-05/' core/version_defaults.mk; #Bump Security String #x_asb_2024-10
fi;
if enterAndClear "build/soong"; then
@ -134,6 +135,10 @@ fi;
if enterAndClear "frameworks/base"; then
git revert --no-edit 83fe523914728a3674debba17a6019cb74803045; #Reverts "Allow signature spoofing for microG Companion/Services" in favor of below patch
applyPatch "$DOS_PATCHES/android_frameworks_base/405358.patch"; #T_asb_2024-10 Fail parseUri if end is missing
applyPatch "$DOS_PATCHES/android_frameworks_base/405359.patch"; #T_asb_2024-10 Update AccountManagerService checkKeyIntent.
applyPatch "$DOS_PATCHES/android_frameworks_base/405360-backport.patch"; #T_asb_2024-10 Prevent Sharing when FRP enforcement is in effect
applyPatch "$DOS_PATCHES/android_frameworks_base/405361-backport.patch"; #T_asb_2024-10 Check whether installerPackageName contains only valid characters
applyPatch "$DOS_PATCHES/android_frameworks_base/344888-backport.patch"; #fixup! fw/b: Add support for allowing/disallowing apps on cellular, vpn and wifi networks (CalyxOS)
applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS)
applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
@ -255,6 +260,7 @@ applyPatch "$DOS_PATCHES/android_hardware_qcom_audio/0001-Unused-sm8150.patch";
fi;
if enterAndClear "libcore"; then
applyPatch "$DOS_PATCHES/android_libcore/405362.patch"; #T_asb_2024-10 Do not accept zip files with invalid headers.
applyPatch "$DOS_PATCHES/android_libcore/0001-Network_Permission.patch"; #Expose the NETWORK permission (GrapheneOS)
applyPatch "$DOS_PATCHES/android_libcore/0002-constify_JNINativeMethod.patch"; #Constify JNINativeMethod tables (GrapheneOS)
applyPatch "$DOS_PATCHES/android_libcore/0003-Exec_Based_Spawning-1.patch"; #Add exec-based spawning support (GrapheneOS)
@ -266,6 +272,7 @@ if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then awk -i inplace '!/LineageAud
fi;
if enterAndClear "packages/apps/Bluetooth"; then
applyPatch "$DOS_PATCHES/android_packages_apps_Bluetooth/405364-backport.patch"; #T_asb_2024-10 Disallow unexpected incoming HID connections
applyPatch "$DOS_PATCHES/android_packages_apps_Bluetooth/0001-constify_JNINativeMethod.patch"; #Constify JNINativeMethod tables (GrapheneOS)
fi;
@ -306,6 +313,7 @@ applyPatch "$DOS_PATCHES/android_packages_apps_Nfc/0001-constify_JNINativeMethod
fi;
if enterAndClear "packages/apps/Settings"; then
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/405363-backport.patch"; #T_asb_2024-10 FRP bypass defense in App battery usage page
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0004-Private_DNS.patch"; #More 'Private DNS' options (heavily based off of a CalyxOS patch)
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0005-Automatic_Reboot.patch"; #Timeout for reboot (GrapheneOS)
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0006-Bluetooth_Timeout.patch"; #Timeout for Bluetooth (CalyxOS)
@ -394,6 +402,7 @@ if [ -d "$DOS_BUILD_BASE"/vendor/divested-carriersettings ]; then applyPatch "$D
fi;
if enterAndClear "system/bt"; then
applyPatch "$DOS_PATCHES/android_system_bt/405364-backport.patch"; #T_asb_2024-10 Disallow unexpected incoming HID connections
applyPatch "$DOS_PATCHES_COMMON/android_system_bt/0001-alloc_size.patch"; #Add alloc_size attributes to the allocator (GrapheneOS)
fi;