From fb3f88b5a3ef5fc9b79247da1e4f391822c68d72 Mon Sep 17 00:00:00 2001
From: Tavi <tavi@divested.dev>
Date: Thu, 14 Nov 2024 07:28:57 -0500
Subject: [PATCH] 16: November 2024 ASB Picks

Signed-off-by: Tavi <tavi@divested.dev>
---
 .../android_external_skia/408506.patch        | 48 ++++++++++
 .../android_frameworks_base/408507.patch      | 31 +++++++
 .../android_frameworks_base/408508.patch      | 76 ++++++++++++++++
 .../android_frameworks_base/408509.patch      | 46 ++++++++++
 .../android_frameworks_base/408510.patch      | 82 +++++++++++++++++
 .../408511.patch                              | 33 +++++++
 .../408512.patch                              | 90 +++++++++++++++++++
 Scripts/LineageOS-16.0/Patch.sh               | 12 ++-
 8 files changed, 417 insertions(+), 1 deletion(-)
 create mode 100644 Patches/LineageOS-16.0/android_external_skia/408506.patch
 create mode 100644 Patches/LineageOS-16.0/android_frameworks_base/408507.patch
 create mode 100644 Patches/LineageOS-16.0/android_frameworks_base/408508.patch
 create mode 100644 Patches/LineageOS-16.0/android_frameworks_base/408509.patch
 create mode 100644 Patches/LineageOS-16.0/android_frameworks_base/408510.patch
 create mode 100644 Patches/LineageOS-16.0/android_packages_apps_Settings/408511.patch
 create mode 100644 Patches/LineageOS-16.0/android_packages_apps_Settings/408512.patch

diff --git a/Patches/LineageOS-16.0/android_external_skia/408506.patch b/Patches/LineageOS-16.0/android_external_skia/408506.patch
new file mode 100644
index 00000000..d5ff0903
--- /dev/null
+++ b/Patches/LineageOS-16.0/android_external_skia/408506.patch
@@ -0,0 +1,48 @@
+From af3b316fa1727a4b036d32e2c4eb4564ffef134f Mon Sep 17 00:00:00 2001
+From: Brian Osman <brianosman@google.com>
+Date: Tue, 27 Aug 2024 14:22:52 -0400
+Subject: [PATCH] RESTRICT AUTOMERGE: Avoid potential overflow when allocating
+ 3D mask from emboss filter
+
+Note: the original fix landed after
+Iac8b937e516dbfbbcefef54360dd5b7300bacb67 introduced SkMaskBuilder, so
+this cherry-pick had to be tweaked to avoid conflicts. Unfortuantely
+that means we need RESTRICT AUTOMERGE to prevent this modified version
+from flowing through API boundaries into VIC, and we need to manually
+cherry-pick it to each API level.
+
+Bug: 344620577
+Test: N/A -- unclear if even reachable
+Reviewed-on: https://skia-review.googlesource.com/c/skia/+/893738
+Commit-Queue: Brian Osman <brianosman@google.com>
+Reviewed-by: Ben Wagner <bungeman@google.com>
+(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:2bc38734eec777bf2574d4b38a7fd4fc05f0ecde)
+(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:69fc79acf3f05f269c55069ba5e2fbd00e1a76b6)
+Merged-In: Ia35860371d45120baca63238e77faa5c0eb25d51
+Change-Id: Ia35860371d45120baca63238e77faa5c0eb25d51
+---
+ src/effects/SkEmbossMaskFilter.cpp | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/src/effects/SkEmbossMaskFilter.cpp b/src/effects/SkEmbossMaskFilter.cpp
+index 671025006e4..299456446df 100644
+--- a/src/effects/SkEmbossMaskFilter.cpp
++++ b/src/effects/SkEmbossMaskFilter.cpp
+@@ -91,11 +91,13 @@ bool SkEmbossMaskFilter::filterMask(SkMask* dst, const SkMask& src,
+ 
+     {
+         uint8_t* alphaPlane = dst->fImage;
+-        size_t   planeSize = dst->computeImageSize();
+-        if (0 == planeSize) {
+-            return false;   // too big to allocate, abort
++        size_t totalSize = dst->computeTotalImageSize();
++        if (totalSize == 0) {
++            return false;  // too big to allocate, abort
+         }
+-        dst->fImage = SkMask::AllocImage(planeSize * 3);
++        size_t planeSize = dst->computeImageSize();
++        SkASSERT(planeSize != 0);  // if totalSize didn't overflow, this can't either
++        dst->fImage = SkMask::AllocImage(totalSize);
+         memcpy(dst->fImage, alphaPlane, planeSize);
+         SkMask::FreeImage(alphaPlane);
+     }
diff --git a/Patches/LineageOS-16.0/android_frameworks_base/408507.patch b/Patches/LineageOS-16.0/android_frameworks_base/408507.patch
new file mode 100644
index 00000000..25197e06
--- /dev/null
+++ b/Patches/LineageOS-16.0/android_frameworks_base/408507.patch
@@ -0,0 +1,31 @@
+From 49838726eef570a382fdc3da6822f84089efb0d9 Mon Sep 17 00:00:00 2001
+From: Dmitry Dementyev <dementyev@google.com>
+Date: Tue, 2 Jul 2024 11:02:07 -0700
+Subject: [PATCH] Remove authenticator data if it was disabled.
+
+Test: manual
+Bug: 343440463
+Flag: EXEMPT bugfix
+(cherry picked from commit ddfc078af7e89641360b896f99af23a6b371b847)
+(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:c2660dcf7fca3f652528d219767f65858bbbe622)
+Merged-In: I36bd6bf101da03c9c30a6d3c0080b801e7898bc6
+Change-Id: I36bd6bf101da03c9c30a6d3c0080b801e7898bc6
+---
+ .../com/android/server/accounts/AccountManagerService.java    | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java
+index c5fff3652c283..5103db36f196e 100644
+--- a/services/core/java/com/android/server/accounts/AccountManagerService.java
++++ b/services/core/java/com/android/server/accounts/AccountManagerService.java
+@@ -1168,6 +1168,10 @@ private void validateAccountsInternal(
+                             obsoleteAuthType.add(type);
+                             // And delete it from the TABLE_META
+                             accountsDb.deleteMetaByAuthTypeAndUid(type, uid);
++                        } else if (knownUid != null && knownUid != uid) {
++                            Slog.w(TAG, "authenticator no longer exist for type " + type);
++                            obsoleteAuthType.add(type);
++                            accountsDb.deleteMetaByAuthTypeAndUid(type, uid);
+                         }
+                     }
+                 }
diff --git a/Patches/LineageOS-16.0/android_frameworks_base/408508.patch b/Patches/LineageOS-16.0/android_frameworks_base/408508.patch
new file mode 100644
index 00000000..e6520c1e
--- /dev/null
+++ b/Patches/LineageOS-16.0/android_frameworks_base/408508.patch
@@ -0,0 +1,76 @@
+From ed3e90e0c1ff4f2a2b0e893ac354ef92503210f4 Mon Sep 17 00:00:00 2001
+From: Jean-Michel Trivi <jmtrivi@google.com>
+Date: Mon, 24 Jun 2024 17:29:14 -0700
+Subject: [PATCH] RingtoneManager: allow video ringtone URI
+
+When checking the MIME type for the default ringtone, also
+allow it to refer to video content.
+
+Bug: 205837340
+Test: see POC + atest android.media.audio.cts.RingtoneManagerTest
+(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:a8d2785d69314086dc3b5b2531386fefff079ce7)
+Merged-In: Iac9f27f14bae29e0fabc31e05da2357f6f4f16c7
+Change-Id: Iac9f27f14bae29e0fabc31e05da2357f6f4f16c7
+---
+ media/java/android/media/RingtoneManager.java         |  8 ++++++--
+ .../android/providers/settings/SettingsProvider.java  | 11 +++++++----
+ 2 files changed, 13 insertions(+), 6 deletions(-)
+
+diff --git a/media/java/android/media/RingtoneManager.java b/media/java/android/media/RingtoneManager.java
+index 0e03bfb2502a4..7a27b03fd731d 100644
+--- a/media/java/android/media/RingtoneManager.java
++++ b/media/java/android/media/RingtoneManager.java
+@@ -851,9 +851,13 @@ public static void setActualDefaultRingtoneUri(Context context, int type, Uri ri
+                         + " ignored: failure to find mimeType (no access from this context?)");
+                 return;
+             }
+-            if (!(mimeType.startsWith("audio/") || mimeType.equals("application/ogg"))) {
++            if (!(mimeType.startsWith("audio/") || mimeType.equals("application/ogg")
++                    || mimeType.equals("application/x-flac")
++                    // also check for video ringtones
++                    || mimeType.startsWith("video/") || mimeType.equals("application/mp4"))) {
+                 Log.e(TAG, "setActualDefaultRingtoneUri for URI:" + ringtoneUri
+-                        + " ignored: associated mimeType:" + mimeType + " is not an audio type");
++                        + " ignored: associated MIME type:" + mimeType
++                        + " is not a recognized audio or video type");
+                 return;
+             }
+         }
+diff --git a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
+index b65b612ecad5c..1cef725241222 100644
+--- a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
++++ b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
+@@ -1497,7 +1497,7 @@ private boolean mutateSystemSetting(String name, String value, int runAsUserId,
+             cacheName = Settings.System.ALARM_ALERT_CACHE;
+         }
+         if (cacheName != null) {
+-            if (!isValidAudioUri(name, value)) {
++            if (!isValidMediaUri(name, value)) {
+                 return false;
+             }
+             final File cacheFile = new File(
+@@ -1532,7 +1532,7 @@ owningUserId, name, value, null, false, getCallingPackage(),
+         }
+     }
+ 
+-    private boolean isValidAudioUri(String name, String uri) {
++    private boolean isValidMediaUri(String name, String uri) {
+         if (uri != null) {
+             Uri audioUri = Uri.parse(uri);
+             if (Settings.AUTHORITY.equals(
+@@ -1550,10 +1550,13 @@ private boolean isValidAudioUri(String name, String uri) {
+                 return false;
+             }
+             if (!(mimeType.startsWith("audio/") || mimeType.equals("application/ogg")
+-                    || mimeType.equals("application/x-flac"))) {
++                    || mimeType.equals("application/x-flac")
++                    // also check for video ringtones
++                    || mimeType.startsWith("video/") || mimeType.equals("application/mp4"))) {
+                 Slog.e(LOG_TAG,
+                         "mutateSystemSetting for setting: " + name + " URI: " + audioUri
+-                        + " ignored: associated mimeType: " + mimeType + " is not an audio type");
++                        + " ignored: associated MIME type: " + mimeType
++                        + " is not a recognized audio or video type");
+                 return false;
+             }
+         }
diff --git a/Patches/LineageOS-16.0/android_frameworks_base/408509.patch b/Patches/LineageOS-16.0/android_frameworks_base/408509.patch
new file mode 100644
index 00000000..adf4a4ef
--- /dev/null
+++ b/Patches/LineageOS-16.0/android_frameworks_base/408509.patch
@@ -0,0 +1,46 @@
+From ddc8e8afabfd0956ddd646f57e7b10670a9309a8 Mon Sep 17 00:00:00 2001
+From: lpeter <lpeter@google.com>
+Date: Tue, 6 Aug 2024 09:22:12 +0000
+Subject: [PATCH] Disallow device admin package and protected packages to be
+ reinstalled as instant.
+
+We should prevent the following types of apps from being reinstalled with
+--install-existing as an instant.
+(1)device admin package
+(2)protected packages
+
+Flag: EXEMPT bugfix
+
+Bug: 341256043
+Test: Manual test
+(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:77c5ebbd2a83e060577dd584aed7802452339ca5)
+Merged-In: I4e913a12477fd4a64990033eaae533e30863e2a2
+Change-Id: I4e913a12477fd4a64990033eaae533e30863e2a2
+---
+ .../java/com/android/server/pm/PackageManagerService.java   | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
+index 893268da7f361..19245c4f7e0f9 100644
+--- a/services/core/java/com/android/server/pm/PackageManagerService.java
++++ b/services/core/java/com/android/server/pm/PackageManagerService.java
+@@ -14284,6 +14284,9 @@ public int installExistingPackageAsUser(String packageName, int userId, int inst
+                     (installFlags & PackageManager.INSTALL_INSTANT_APP) != 0;
+             final boolean fullApp =
+                     (installFlags & PackageManager.INSTALL_FULL_APP) != 0;
++            final boolean isPackageDeviceAdmin = isPackageDeviceAdmin(packageName, userId);
++            final boolean isProtectedPackage = mProtectedPackages != null
++                    && mProtectedPackages.isPackageStateProtected(userId, packageName);
+ 
+             // writer
+             synchronized (mPackages) {
+@@ -14291,7 +14294,8 @@ public int installExistingPackageAsUser(String packageName, int userId, int inst
+                 if (pkgSetting == null) {
+                     return PackageManager.INSTALL_FAILED_INVALID_URI;
+                 }
+-                if (instantApp && (pkgSetting.isSystem() || isUpdatedSystemApp(pkgSetting))) {
++                if (instantApp && (pkgSetting.isSystem() || isUpdatedSystemApp(pkgSetting)
++                        || isPackageDeviceAdmin || isProtectedPackage)) {
+                     return PackageManager.INSTALL_FAILED_INVALID_URI;
+                 }
+                 if (!canViewInstantApps(callingUid, UserHandle.getUserId(callingUid))) {
diff --git a/Patches/LineageOS-16.0/android_frameworks_base/408510.patch b/Patches/LineageOS-16.0/android_frameworks_base/408510.patch
new file mode 100644
index 00000000..a0cf2d4a
--- /dev/null
+++ b/Patches/LineageOS-16.0/android_frameworks_base/408510.patch
@@ -0,0 +1,82 @@
+From 8dde42c39537e40cbf642350801b4aaf6ba7a73d Mon Sep 17 00:00:00 2001
+From: Ben Murdoch <benm@google.com>
+Date: Fri, 30 Aug 2024 17:22:59 +0000
+Subject: [PATCH] [BACKPORT] Clear app-provided shortcut icons
+
+When displaying keyboard shortcuts provided by an app, clear
+any icon that may have been set (this is only possible via
+reflection, and is not a intended for usage outside of the system).
+
+Bug: 331180422
+Test: Verify on device
+(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:a031e9f221cf87657c42d3ed0ddbe93fc6d7a9c3)
+Merged-In: If7e291eb2254c3cbec23673c65e7477e6ad45b09
+Change-Id: If7e291eb2254c3cbec23673c65e7477e6ad45b09
+---
+ core/java/android/view/KeyboardShortcutInfo.java    | 13 +++++++++++--
+ .../systemui/statusbar/KeyboardShortcuts.java       |  9 +++++++++
+ 2 files changed, 20 insertions(+), 2 deletions(-)
+
+diff --git a/core/java/android/view/KeyboardShortcutInfo.java b/core/java/android/view/KeyboardShortcutInfo.java
+index c934a4e31f985..136c19f3f11e3 100644
+--- a/core/java/android/view/KeyboardShortcutInfo.java
++++ b/core/java/android/view/KeyboardShortcutInfo.java
+@@ -29,7 +29,7 @@
+  */
+ public final class KeyboardShortcutInfo implements Parcelable {
+     private final CharSequence mLabel;
+-    private final Icon mIcon;
++    private Icon mIcon;
+     private final char mBaseCharacter;
+     private final int mKeycode;
+     private final int mModifiers;
+@@ -115,6 +115,15 @@ public Icon getIcon() {
+         return mIcon;
+     }
+ 
++    /**
++     * Removes an icon that was previously set.
++     *
++     * @hide
++     */
++    public void clearIcon() {
++        mIcon = null;
++    }
++
+     /**
+      * Returns the base keycode that, combined with the modifiers, triggers this shortcut. If the
+      * base character was set instead, returns {@link KeyEvent#KEYCODE_UNKNOWN}. Valid keycodes are
+@@ -165,4 +174,4 @@ public KeyboardShortcutInfo[] newArray(int size) {
+             return new KeyboardShortcutInfo[size];
+         }
+     };
+-}
+\ No newline at end of file
++}
+diff --git a/packages/SystemUI/src/com/android/systemui/statusbar/KeyboardShortcuts.java b/packages/SystemUI/src/com/android/systemui/statusbar/KeyboardShortcuts.java
+index 2d16d2209c9e5..5779aec216838 100644
+--- a/packages/SystemUI/src/com/android/systemui/statusbar/KeyboardShortcuts.java
++++ b/packages/SystemUI/src/com/android/systemui/statusbar/KeyboardShortcuts.java
+@@ -376,6 +376,7 @@ private void showKeyboardShortcuts(int deviceId) {
+                     @Override
+                     public void onKeyboardShortcutsReceived(
+                             final List<KeyboardShortcutGroup> result) {
++                        sanitiseShortcuts(result);
+                         result.add(getSystemShortcuts());
+                         final KeyboardShortcutGroup appShortcuts = getDefaultApplicationShortcuts();
+                         if (appShortcuts != null) {
+@@ -386,6 +387,14 @@ public void onKeyboardShortcutsReceived(
+                 }, deviceId);
+     }
+ 
++    static void sanitiseShortcuts(List<KeyboardShortcutGroup> shortcutGroups) {
++        for (KeyboardShortcutGroup group : shortcutGroups) {
++            for (KeyboardShortcutInfo info : group.getItems()) {
++                info.clearIcon();
++            }
++        }
++    }
++
+     private void dismissKeyboardShortcuts() {
+         if (mKeyboardShortcutsDialog != null) {
+             mKeyboardShortcutsDialog.dismiss();
diff --git a/Patches/LineageOS-16.0/android_packages_apps_Settings/408511.patch b/Patches/LineageOS-16.0/android_packages_apps_Settings/408511.patch
new file mode 100644
index 00000000..6ecd840a
--- /dev/null
+++ b/Patches/LineageOS-16.0/android_packages_apps_Settings/408511.patch
@@ -0,0 +1,33 @@
+From 09df73fbe58059be8428b1325c0444a25cd3748b Mon Sep 17 00:00:00 2001
+From: Adam Bookatz <bookatz@google.com>
+Date: Mon, 22 Jul 2024 17:03:12 -0700
+Subject: [PATCH] startActivityForResult with new Intent
+
+Rather than use the raw Intent, we make a copy of it. See bug.
+
+Bug: 330722900
+Flag: EXEMPT bugfix
+Test: manual
+Test: atest com.android.settings.users.UserSettingsTest
+            com.android.settings.users.UserDetailsSettingsTest
+(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:1189e24e47571eae86634aeaa7dc60b8fe7f4820)
+(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:fdb148b6efb16af018a39511001b48286f401512)
+Merged-In: Id74e4b7ae261f2916eedaef04a679f83409a4b67
+Change-Id: Id74e4b7ae261f2916eedaef04a679f83409a4b67
+---
+ src/com/android/settings/users/AppRestrictionsFragment.java | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/com/android/settings/users/AppRestrictionsFragment.java b/src/com/android/settings/users/AppRestrictionsFragment.java
+index bf0f3da8d00..201d23ceab3 100644
+--- a/src/com/android/settings/users/AppRestrictionsFragment.java
++++ b/src/com/android/settings/users/AppRestrictionsFragment.java
+@@ -648,7 +648,7 @@ public void onReceive(Context context, Intent intent) {
+                     int requestCode = generateCustomActivityRequestCode(
+                             RestrictionsResultReceiver.this.preference);
+                     AppRestrictionsFragment.this.startActivityForResult(
+-                            restrictionsIntent, requestCode);
++                            new Intent(restrictionsIntent), requestCode);
+                 }
+             }
+         }
diff --git a/Patches/LineageOS-16.0/android_packages_apps_Settings/408512.patch b/Patches/LineageOS-16.0/android_packages_apps_Settings/408512.patch
new file mode 100644
index 00000000..08886c62
--- /dev/null
+++ b/Patches/LineageOS-16.0/android_packages_apps_Settings/408512.patch
@@ -0,0 +1,90 @@
+From 371cf5203e1140ba416a248ed626413257bac87d Mon Sep 17 00:00:00 2001
+From: Fan Wu <cechkahn@google.com>
+Date: Mon, 22 Jul 2024 16:12:46 +0800
+Subject: [PATCH] [BACKPORT] Checks cross user permission before handling
+ intent
+
+Bug: 326057017
+
+Test: atest
+
+Flag: EXEMPT bug fix
+(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:d3b3edd45167515579ab156533754e56ac813f35)
+(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:0f67d233c1cd653c113df5956f1ed29a42e1d32f)
+Merged-In: I3444e55b22b7487f96b0e3e9deb3f844c4c4723a
+Change-Id: I3444e55b22b7487f96b0e3e9deb3f844c4c4723a
+---
+ .../settings/applications/AppInfoBase.java    | 38 ++++++++++++++++++-
+ 1 file changed, 36 insertions(+), 2 deletions(-)
+
+diff --git a/src/com/android/settings/applications/AppInfoBase.java b/src/com/android/settings/applications/AppInfoBase.java
+index f8ed315bfd5..549ecbdd61e 100644
+--- a/src/com/android/settings/applications/AppInfoBase.java
++++ b/src/com/android/settings/applications/AppInfoBase.java
+@@ -18,7 +18,9 @@
+ 
+ import static com.android.settingslib.RestrictedLockUtils.EnforcedAdmin;
+ 
++import android.Manifest;
+ import android.app.Activity;
++import android.app.ActivityManager;
+ import android.app.AlertDialog;
+ import android.app.Dialog;
+ import android.app.DialogFragment;
+@@ -37,6 +39,7 @@
+ import android.os.ServiceManager;
+ import android.os.UserHandle;
+ import android.os.UserManager;
++import android.support.annotation.VisibleForTesting;
+ import android.text.TextUtils;
+ import android.util.Log;
+ 
+@@ -134,8 +137,13 @@ protected String retrieveAppEntry() {
+             }
+         }
+         if (intent != null && intent.hasExtra(Intent.EXTRA_USER_HANDLE)) {
+-            mUserId = ((UserHandle) intent.getParcelableExtra(
+-                    Intent.EXTRA_USER_HANDLE)).getIdentifier();
++            mUserId = ((UserHandle) intent.getParcelableExtra(Intent.EXTRA_USER_HANDLE))
++                    .getIdentifier();
++            if (mUserId != UserHandle.myUserId() && !hasInteractAcrossUsersPerm()) {
++                Log.w(TAG, "Intent not valid.");
++                finish();
++                return "";
++            }
+         } else {
+             mUserId = UserHandle.myUserId();
+         }
+@@ -158,6 +166,32 @@ protected String retrieveAppEntry() {
+         return mPackageName;
+     }
+ 
++    @VisibleForTesting
++    protected boolean hasInteractAcrossUsersPerm() {
++        Activity activity = getActivity();
++        if (activity == null) {
++            return false;
++        }
++        String callingPackageName = null;
++        try {
++            callingPackageName = ActivityManager.getService()
++                .getLaunchedFromPackage(activity.getActivityToken());
++        } catch (Exception e) {
++            return false;
++        }
++        if (TextUtils.isEmpty(callingPackageName)) {
++            Log.w(TAG, "Not able to get calling package name for permission check");
++            return false;
++        }
++        if (mPm.checkPermission(Manifest.permission.INTERACT_ACROSS_USERS_FULL, callingPackageName)
++                != PackageManager.PERMISSION_GRANTED) {
++            Log.w(TAG, "Package " + callingPackageName + " does not have required permission "
++                    + Manifest.permission.INTERACT_ACROSS_USERS_FULL);
++            return false;
++        }
++        return true;
++    }
++
+     protected void setIntentAndFinish(boolean finish, boolean appChanged) {
+         if (localLOGV) Log.i(TAG, "appChanged=" + appChanged);
+         Intent intent = new Intent();
diff --git a/Scripts/LineageOS-16.0/Patch.sh b/Scripts/LineageOS-16.0/Patch.sh
index 40231ef5..b26cde11 100644
--- a/Scripts/LineageOS-16.0/Patch.sh
+++ b/Scripts/LineageOS-16.0/Patch.sh
@@ -97,7 +97,7 @@ applyPatch "$DOS_PATCHES_COMMON/android_build/0001-verity-openssl3.patch"; #Fix
 sed -i '74i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
 sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 17/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
 awk -i inplace '!/Email/' target/product/core.mk; #Remove Email
-sed -i 's/2022-01-05/2024-10-05/' core/version_defaults.mk; #Bump Security String #P_asb_2024-10 #XXX
+sed -i 's/2022-01-05/2024-11-05/' core/version_defaults.mk; #Bump Security String #P_asb_2024-11 #XXX
 fi;
 
 if enterAndClear "build/soong"; then
@@ -178,6 +178,10 @@ if enterAndClear "external/libxml2"; then
 applyPatch "$DOS_PATCHES/android_external_libxml2/370701.patch"; #P_asb_2023-10 malloc-fail: Fix OOB read after xmlRegGetCounter
 fi;
 
+if enterAndClear "external/skia"; then
+applyPatch "$DOS_PATCHES/android_external_skia/408506.patch"; #P_asb_2024-11 Avoid potential overflow when allocating 3D mask from emboss filter
+fi;
+
 if enterAndClear "external/sonivox"; then
 applyPatch "$DOS_PATCHES_COMMON/android_external_sonivox/391896.patch"; #n-asb-2024-05 Fix buffer overrun in eas_wtengine
 fi;
@@ -341,6 +345,10 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/399770.patch"; #P_asb_2024-08 H
 applyPatch "$DOS_PATCHES/android_frameworks_base/403538.patch"; #P_asb_2024-09 Sanitized uri scheme by removing scheme delimiter
 applyPatch "$DOS_PATCHES/android_frameworks_base/405829.patch"; #P_asb_2024-10 Update AccountManagerService checkKeyIntent.
 applyPatch "$DOS_PATCHES/android_frameworks_base/405830.patch"; #P_asb_2024-10 Fail parseUri if end is missing
+applyPatch "$DOS_PATCHES/android_frameworks_base/408507.patch"; #P_asb_2024-11 Remove authenticator data if it was disabled.
+applyPatch "$DOS_PATCHES/android_frameworks_base/408508.patch"; #P_asb_2024-11 RingtoneManager: allow video ringtone URI
+applyPatch "$DOS_PATCHES/android_frameworks_base/408509.patch"; #P_asb_2024-11 Disallow device admin package and protected packages to be reinstalled as instant.
+applyPatch "$DOS_PATCHES/android_frameworks_base/408510.patch"; #P_asb_2024-11 Clear app-provided shortcut icons
 applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch"; #Allow SystemUI to directly manage Bluetooth/WiFi (GrapheneOS)
@@ -549,6 +557,8 @@ applyPatch "$DOS_PATCHES/android_packages_apps_Settings/403539.patch"; #P_asb_20
 applyPatch "$DOS_PATCHES/android_packages_apps_Settings/403540.patch"; #P_asb_2024-09 Replace getCallingActivity() with getLaunchedFromPackage()
 applyPatch "$DOS_PATCHES/android_packages_apps_Settings/403541.patch"; #P_asb_2024-09 Ignore fragment attr from ext authenticator resource
 applyPatch "$DOS_PATCHES/android_packages_apps_Settings/405832.patch"; #P_asb_2024-10 FRP bypass defense in App battery usage page
+applyPatch "$DOS_PATCHES/android_packages_apps_Settings/408511.patch"; #P_asb_2024-11 startActivityForResult with new Intent
+applyPatch "$DOS_PATCHES/android_packages_apps_Settings/408512.patch"; #P_asb_2024-11 Checks cross user permission before handling intent
 git revert --no-edit c240992b4c86c7f226290807a2f41f2619e7e5e8; #Don't hide OEM unlock
 applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969)
 #applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0004-Private_DNS.patch"; #More 'Private DNS' options (heavily based off of a CalyxOS patch) #TODO: Needs work