Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2024-12-12 01:14:22 -05:00
Code Issues Packages Projects Releases Wiki Activity

16: November 2024 ASB Picks

Browse Source 
Signed-off-by: Tavi <tavi@divested.dev>
This commit is contained in:
Tavi 2024-11-14 07:28:57 -05:00
parent 7ecc843451
commit fb3f88b5a3
No known key found for this signature in database
GPG Key ID: E599F62ECBAEAF2E
8 changed files with 417 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
Patches/LineageOS-16.0/android_external_skia/408506.patch Normal file
View File

@ -0,0 +1,48 @@
From af3b316fa1727a4b036d32e2c4eb4564ffef134f Mon Sep 17 00:00:00 2001
From: Brian Osman <brianosman@google.com>
Date: Tue, 27 Aug 2024 14:22:52 -0400
Subject: [PATCH] RESTRICT AUTOMERGE: Avoid potential overflow when allocating
3D mask from emboss filter
Note: the original fix landed after
Iac8b937e516dbfbbcefef54360dd5b7300bacb67 introduced SkMaskBuilder, so
this cherry-pick had to be tweaked to avoid conflicts. Unfortuantely
that means we need RESTRICT AUTOMERGE to prevent this modified version
from flowing through API boundaries into VIC, and we need to manually
cherry-pick it to each API level.
Bug: 344620577
Test: N/A -- unclear if even reachable
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/893738
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: Ben Wagner <bungeman@google.com>
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:2bc38734eec777bf2574d4b38a7fd4fc05f0ecde)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:69fc79acf3f05f269c55069ba5e2fbd00e1a76b6)
Merged-In: Ia35860371d45120baca63238e77faa5c0eb25d51
Change-Id: Ia35860371d45120baca63238e77faa5c0eb25d51
---
src/effects/SkEmbossMaskFilter.cpp | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/src/effects/SkEmbossMaskFilter.cpp b/src/effects/SkEmbossMaskFilter.cpp
index 671025006e4..299456446df 100644
--- a/src/effects/SkEmbossMaskFilter.cpp
+++ b/src/effects/SkEmbossMaskFilter.cpp
@@ -91,11 +91,13 @@ bool SkEmbossMaskFilter::filterMask(SkMask* dst, const SkMask& src,
{
uint8_t* alphaPlane = dst->fImage;
- size_t planeSize = dst->computeImageSize();
- if (0 == planeSize) {
- return false; // too big to allocate, abort
+ size_t totalSize = dst->computeTotalImageSize();
+ if (totalSize == 0) {
+ return false; // too big to allocate, abort
}
- dst->fImage = SkMask::AllocImage(planeSize * 3);
+ size_t planeSize = dst->computeImageSize();
+ SkASSERT(planeSize != 0); // if totalSize didn't overflow, this can't either
+ dst->fImage = SkMask::AllocImage(totalSize);
memcpy(dst->fImage, alphaPlane, planeSize);
SkMask::FreeImage(alphaPlane);
}

31
Patches/LineageOS-16.0/android_frameworks_base/408507.patch Normal file
View File

@ -0,0 +1,31 @@
From 49838726eef570a382fdc3da6822f84089efb0d9 Mon Sep 17 00:00:00 2001
From: Dmitry Dementyev <dementyev@google.com>
Date: Tue, 2 Jul 2024 11:02:07 -0700
Subject: [PATCH] Remove authenticator data if it was disabled.
Test: manual
Bug: 343440463
Flag: EXEMPT bugfix
(cherry picked from commit ddfc078af7e89641360b896f99af23a6b371b847)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:c2660dcf7fca3f652528d219767f65858bbbe622)
Merged-In: I36bd6bf101da03c9c30a6d3c0080b801e7898bc6
Change-Id: I36bd6bf101da03c9c30a6d3c0080b801e7898bc6
---
.../com/android/server/accounts/AccountManagerService.java | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java
index c5fff3652c283..5103db36f196e 100644
--- a/services/core/java/com/android/server/accounts/AccountManagerService.java
+++ b/services/core/java/com/android/server/accounts/AccountManagerService.java
@@ -1168,6 +1168,10 @@ private void validateAccountsInternal(
obsoleteAuthType.add(type);
// And delete it from the TABLE_META
accountsDb.deleteMetaByAuthTypeAndUid(type, uid);
+ } else if (knownUid != null && knownUid != uid) {
+ Slog.w(TAG, "authenticator no longer exist for type " + type);
+ obsoleteAuthType.add(type);
+ accountsDb.deleteMetaByAuthTypeAndUid(type, uid);
}
}
}

76
Patches/LineageOS-16.0/android_frameworks_base/408508.patch Normal file
View File

@ -0,0 +1,76 @@
From ed3e90e0c1ff4f2a2b0e893ac354ef92503210f4 Mon Sep 17 00:00:00 2001
From: Jean-Michel Trivi <jmtrivi@google.com>
Date: Mon, 24 Jun 2024 17:29:14 -0700
Subject: [PATCH] RingtoneManager: allow video ringtone URI
When checking the MIME type for the default ringtone, also
allow it to refer to video content.
Bug: 205837340
Test: see POC + atest android.media.audio.cts.RingtoneManagerTest
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:a8d2785d69314086dc3b5b2531386fefff079ce7)
Merged-In: Iac9f27f14bae29e0fabc31e05da2357f6f4f16c7
Change-Id: Iac9f27f14bae29e0fabc31e05da2357f6f4f16c7
---
media/java/android/media/RingtoneManager.java | 8 ++++++--
.../android/providers/settings/SettingsProvider.java | 11 +++++++----
2 files changed, 13 insertions(+), 6 deletions(-)
diff --git a/media/java/android/media/RingtoneManager.java b/media/java/android/media/RingtoneManager.java
index 0e03bfb2502a4..7a27b03fd731d 100644
--- a/media/java/android/media/RingtoneManager.java
+++ b/media/java/android/media/RingtoneManager.java
@@ -851,9 +851,13 @@ public static void setActualDefaultRingtoneUri(Context context, int type, Uri ri
+ " ignored: failure to find mimeType (no access from this context?)");
return;
}
- if (!(mimeType.startsWith("audio/") || mimeType.equals("application/ogg"))) {
+ if (!(mimeType.startsWith("audio/") || mimeType.equals("application/ogg")
+ || mimeType.equals("application/x-flac")
+ // also check for video ringtones
+ || mimeType.startsWith("video/") || mimeType.equals("application/mp4"))) {
Log.e(TAG, "setActualDefaultRingtoneUri for URI:" + ringtoneUri
- + " ignored: associated mimeType:" + mimeType + " is not an audio type");
+ + " ignored: associated MIME type:" + mimeType
+ + " is not a recognized audio or video type");
return;
}
}
diff --git a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
index b65b612ecad5c..1cef725241222 100644
--- a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
+++ b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
@@ -1497,7 +1497,7 @@ private boolean mutateSystemSetting(String name, String value, int runAsUserId,
cacheName = Settings.System.ALARM_ALERT_CACHE;
}
if (cacheName != null) {
- if (!isValidAudioUri(name, value)) {
+ if (!isValidMediaUri(name, value)) {
return false;
}
final File cacheFile = new File(
@@ -1532,7 +1532,7 @@ owningUserId, name, value, null, false, getCallingPackage(),
}
}
- private boolean isValidAudioUri(String name, String uri) {
+ private boolean isValidMediaUri(String name, String uri) {
if (uri != null) {
Uri audioUri = Uri.parse(uri);
if (Settings.AUTHORITY.equals(
@@ -1550,10 +1550,13 @@ private boolean isValidAudioUri(String name, String uri) {
return false;
}
if (!(mimeType.startsWith("audio/") || mimeType.equals("application/ogg")
- || mimeType.equals("application/x-flac"))) {
+ || mimeType.equals("application/x-flac")
+ // also check for video ringtones
+ || mimeType.startsWith("video/") || mimeType.equals("application/mp4"))) {
Slog.e(LOG_TAG,
"mutateSystemSetting for setting: " + name + " URI: " + audioUri
- + " ignored: associated mimeType: " + mimeType + " is not an audio type");
+ + " ignored: associated MIME type: " + mimeType
+ + " is not a recognized audio or video type");
return false;
}
}

46
Patches/LineageOS-16.0/android_frameworks_base/408509.patch Normal file
View File

@ -0,0 +1,46 @@
From ddc8e8afabfd0956ddd646f57e7b10670a9309a8 Mon Sep 17 00:00:00 2001
From: lpeter <lpeter@google.com>
Date: Tue, 6 Aug 2024 09:22:12 +0000
Subject: [PATCH] Disallow device admin package and protected packages to be
reinstalled as instant.
We should prevent the following types of apps from being reinstalled with
--install-existing as an instant.
(1)device admin package
(2)protected packages
Flag: EXEMPT bugfix
Bug: 341256043
Test: Manual test
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:77c5ebbd2a83e060577dd584aed7802452339ca5)
Merged-In: I4e913a12477fd4a64990033eaae533e30863e2a2
Change-Id: I4e913a12477fd4a64990033eaae533e30863e2a2
---
.../java/com/android/server/pm/PackageManagerService.java | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 893268da7f361..19245c4f7e0f9 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -14284,6 +14284,9 @@ public int installExistingPackageAsUser(String packageName, int userId, int inst
(installFlags & PackageManager.INSTALL_INSTANT_APP) != 0;
final boolean fullApp =
(installFlags & PackageManager.INSTALL_FULL_APP) != 0;
+ final boolean isPackageDeviceAdmin = isPackageDeviceAdmin(packageName, userId);
+ final boolean isProtectedPackage = mProtectedPackages != null
+ && mProtectedPackages.isPackageStateProtected(userId, packageName);
// writer
synchronized (mPackages) {
@@ -14291,7 +14294,8 @@ public int installExistingPackageAsUser(String packageName, int userId, int inst
if (pkgSetting == null) {
return PackageManager.INSTALL_FAILED_INVALID_URI;
}
- if (instantApp && (pkgSetting.isSystem() || isUpdatedSystemApp(pkgSetting))) {
+ if (instantApp && (pkgSetting.isSystem() || isUpdatedSystemApp(pkgSetting)
+ || isPackageDeviceAdmin || isProtectedPackage)) {
return PackageManager.INSTALL_FAILED_INVALID_URI;
}
if (!canViewInstantApps(callingUid, UserHandle.getUserId(callingUid))) {

82
Patches/LineageOS-16.0/android_frameworks_base/408510.patch Normal file
View File

@ -0,0 +1,82 @@
From 8dde42c39537e40cbf642350801b4aaf6ba7a73d Mon Sep 17 00:00:00 2001
From: Ben Murdoch <benm@google.com>
Date: Fri, 30 Aug 2024 17:22:59 +0000
Subject: [PATCH] [BACKPORT] Clear app-provided shortcut icons
When displaying keyboard shortcuts provided by an app, clear
any icon that may have been set (this is only possible via
reflection, and is not a intended for usage outside of the system).
Bug: 331180422
Test: Verify on device
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:a031e9f221cf87657c42d3ed0ddbe93fc6d7a9c3)
Merged-In: If7e291eb2254c3cbec23673c65e7477e6ad45b09
Change-Id: If7e291eb2254c3cbec23673c65e7477e6ad45b09
---
core/java/android/view/KeyboardShortcutInfo.java | 13 +++++++++++--
.../systemui/statusbar/KeyboardShortcuts.java | 9 +++++++++
2 files changed, 20 insertions(+), 2 deletions(-)
diff --git a/core/java/android/view/KeyboardShortcutInfo.java b/core/java/android/view/KeyboardShortcutInfo.java
index c934a4e31f985..136c19f3f11e3 100644
--- a/core/java/android/view/KeyboardShortcutInfo.java
+++ b/core/java/android/view/KeyboardShortcutInfo.java
@@ -29,7 +29,7 @@
*/
public final class KeyboardShortcutInfo implements Parcelable {
private final CharSequence mLabel;
- private final Icon mIcon;
+ private Icon mIcon;
private final char mBaseCharacter;
private final int mKeycode;
private final int mModifiers;
@@ -115,6 +115,15 @@ public Icon getIcon() {
return mIcon;
}
+ /**
+ * Removes an icon that was previously set.
+ *
+ * @hide
+ */
+ public void clearIcon() {
+ mIcon = null;
+ }
+
/**
* Returns the base keycode that, combined with the modifiers, triggers this shortcut. If the
* base character was set instead, returns {@link KeyEvent#KEYCODE_UNKNOWN}. Valid keycodes are
@@ -165,4 +174,4 @@ public KeyboardShortcutInfo[] newArray(int size) {
return new KeyboardShortcutInfo[size];
}
};
-}
\ No newline at end of file
+}
diff --git a/packages/SystemUI/src/com/android/systemui/statusbar/KeyboardShortcuts.java b/packages/SystemUI/src/com/android/systemui/statusbar/KeyboardShortcuts.java
index 2d16d2209c9e5..5779aec216838 100644
--- a/packages/SystemUI/src/com/android/systemui/statusbar/KeyboardShortcuts.java
+++ b/packages/SystemUI/src/com/android/systemui/statusbar/KeyboardShortcuts.java
@@ -376,6 +376,7 @@ private void showKeyboardShortcuts(int deviceId) {
@Override
public void onKeyboardShortcutsReceived(
final List<KeyboardShortcutGroup> result) {
+ sanitiseShortcuts(result);
result.add(getSystemShortcuts());
final KeyboardShortcutGroup appShortcuts = getDefaultApplicationShortcuts();
if (appShortcuts != null) {
@@ -386,6 +387,14 @@ public void onKeyboardShortcutsReceived(
}, deviceId);
}
+ static void sanitiseShortcuts(List<KeyboardShortcutGroup> shortcutGroups) {
+ for (KeyboardShortcutGroup group : shortcutGroups) {
+ for (KeyboardShortcutInfo info : group.getItems()) {
+ info.clearIcon();
+ }
+ }
+ }
+
private void dismissKeyboardShortcuts() {
if (mKeyboardShortcutsDialog != null) {
mKeyboardShortcutsDialog.dismiss();

33
Patches/LineageOS-16.0/android_packages_apps_Settings/408511.patch Normal file
View File

@ -0,0 +1,33 @@
From 09df73fbe58059be8428b1325c0444a25cd3748b Mon Sep 17 00:00:00 2001
From: Adam Bookatz <bookatz@google.com>
Date: Mon, 22 Jul 2024 17:03:12 -0700
Subject: [PATCH] startActivityForResult with new Intent
Rather than use the raw Intent, we make a copy of it. See bug.
Bug: 330722900
Flag: EXEMPT bugfix
Test: manual
Test: atest com.android.settings.users.UserSettingsTest
com.android.settings.users.UserDetailsSettingsTest
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:1189e24e47571eae86634aeaa7dc60b8fe7f4820)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:fdb148b6efb16af018a39511001b48286f401512)
Merged-In: Id74e4b7ae261f2916eedaef04a679f83409a4b67
Change-Id: Id74e4b7ae261f2916eedaef04a679f83409a4b67
---
src/com/android/settings/users/AppRestrictionsFragment.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/com/android/settings/users/AppRestrictionsFragment.java b/src/com/android/settings/users/AppRestrictionsFragment.java
index bf0f3da8d00..201d23ceab3 100644
--- a/src/com/android/settings/users/AppRestrictionsFragment.java
+++ b/src/com/android/settings/users/AppRestrictionsFragment.java
@@ -648,7 +648,7 @@ public void onReceive(Context context, Intent intent) {
int requestCode = generateCustomActivityRequestCode(
RestrictionsResultReceiver.this.preference);
AppRestrictionsFragment.this.startActivityForResult(
- restrictionsIntent, requestCode);
+ new Intent(restrictionsIntent), requestCode);
}
}
}

90
Patches/LineageOS-16.0/android_packages_apps_Settings/408512.patch Normal file
View File

@ -0,0 +1,90 @@
From 371cf5203e1140ba416a248ed626413257bac87d Mon Sep 17 00:00:00 2001
From: Fan Wu <cechkahn@google.com>
Date: Mon, 22 Jul 2024 16:12:46 +0800
Subject: [PATCH] [BACKPORT] Checks cross user permission before handling
intent
Bug: 326057017
Test: atest
Flag: EXEMPT bug fix
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:d3b3edd45167515579ab156533754e56ac813f35)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:0f67d233c1cd653c113df5956f1ed29a42e1d32f)
Merged-In: I3444e55b22b7487f96b0e3e9deb3f844c4c4723a
Change-Id: I3444e55b22b7487f96b0e3e9deb3f844c4c4723a
---
.../settings/applications/AppInfoBase.java | 38 ++++++++++++++++++-
1 file changed, 36 insertions(+), 2 deletions(-)
diff --git a/src/com/android/settings/applications/AppInfoBase.java b/src/com/android/settings/applications/AppInfoBase.java
index f8ed315bfd5..549ecbdd61e 100644
--- a/src/com/android/settings/applications/AppInfoBase.java
+++ b/src/com/android/settings/applications/AppInfoBase.java
@@ -18,7 +18,9 @@
import static com.android.settingslib.RestrictedLockUtils.EnforcedAdmin;
+import android.Manifest;
import android.app.Activity;
+import android.app.ActivityManager;
import android.app.AlertDialog;
import android.app.Dialog;
import android.app.DialogFragment;
@@ -37,6 +39,7 @@
import android.os.ServiceManager;
import android.os.UserHandle;
import android.os.UserManager;
+import android.support.annotation.VisibleForTesting;
import android.text.TextUtils;
import android.util.Log;
@@ -134,8 +137,13 @@ protected String retrieveAppEntry() {
}
}
if (intent != null && intent.hasExtra(Intent.EXTRA_USER_HANDLE)) {
- mUserId = ((UserHandle) intent.getParcelableExtra(
- Intent.EXTRA_USER_HANDLE)).getIdentifier();
+ mUserId = ((UserHandle) intent.getParcelableExtra(Intent.EXTRA_USER_HANDLE))
+ .getIdentifier();
+ if (mUserId != UserHandle.myUserId() && !hasInteractAcrossUsersPerm()) {
+ Log.w(TAG, "Intent not valid.");
+ finish();
+ return "";
+ }
} else {
mUserId = UserHandle.myUserId();
}
@@ -158,6 +166,32 @@ protected String retrieveAppEntry() {
return mPackageName;
}
+ @VisibleForTesting
+ protected boolean hasInteractAcrossUsersPerm() {
+ Activity activity = getActivity();
+ if (activity == null) {
+ return false;
+ }
+ String callingPackageName = null;
+ try {
+ callingPackageName = ActivityManager.getService()
+ .getLaunchedFromPackage(activity.getActivityToken());
+ } catch (Exception e) {
+ return false;
+ }
+ if (TextUtils.isEmpty(callingPackageName)) {
+ Log.w(TAG, "Not able to get calling package name for permission check");
+ return false;
+ }
+ if (mPm.checkPermission(Manifest.permission.INTERACT_ACROSS_USERS_FULL, callingPackageName)
+ != PackageManager.PERMISSION_GRANTED) {
+ Log.w(TAG, "Package " + callingPackageName + " does not have required permission "
+ + Manifest.permission.INTERACT_ACROSS_USERS_FULL);
+ return false;
+ }
+ return true;
+ }
+
protected void setIntentAndFinish(boolean finish, boolean appChanged) {
if (localLOGV) Log.i(TAG, "appChanged=" + appChanged);
Intent intent = new Intent();

12
Scripts/LineageOS-16.0/Patch.sh
View File

@ -97,7 +97,7 @@ applyPatch "$DOS_PATCHES_COMMON/android_build/0001-verity-openssl3.patch"; #Fix
sed -i '74i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 17/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
awk -i inplace '!/Email/' target/product/core.mk; #Remove Email
sed -i 's/2022-01-05/2024-10-05/' core/version_defaults.mk; #Bump Security String #P_asb_2024-10 #XXX
sed -i 's/2022-01-05/2024-11-05/' core/version_defaults.mk; #Bump Security String #P_asb_2024-11 #XXX
fi;
if enterAndClear "build/soong"; then
@ -178,6 +178,10 @@ if enterAndClear "external/libxml2"; then
applyPatch "$DOS_PATCHES/android_external_libxml2/370701.patch"; #P_asb_2023-10 malloc-fail: Fix OOB read after xmlRegGetCounter
fi;
if enterAndClear "external/skia"; then
applyPatch "$DOS_PATCHES/android_external_skia/408506.patch"; #P_asb_2024-11 Avoid potential overflow when allocating 3D mask from emboss filter
fi;
if enterAndClear "external/sonivox"; then
applyPatch "$DOS_PATCHES_COMMON/android_external_sonivox/391896.patch"; #n-asb-2024-05 Fix buffer overrun in eas_wtengine
fi;
@ -341,6 +345,10 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/399770.patch"; #P_asb_2024-08 H
applyPatch "$DOS_PATCHES/android_frameworks_base/403538.patch"; #P_asb_2024-09 Sanitized uri scheme by removing scheme delimiter
applyPatch "$DOS_PATCHES/android_frameworks_base/405829.patch"; #P_asb_2024-10 Update AccountManagerService checkKeyIntent.
applyPatch "$DOS_PATCHES/android_frameworks_base/405830.patch"; #P_asb_2024-10 Fail parseUri if end is missing
applyPatch "$DOS_PATCHES/android_frameworks_base/408507.patch"; #P_asb_2024-11 Remove authenticator data if it was disabled.
applyPatch "$DOS_PATCHES/android_frameworks_base/408508.patch"; #P_asb_2024-11 RingtoneManager: allow video ringtone URI
applyPatch "$DOS_PATCHES/android_frameworks_base/408509.patch"; #P_asb_2024-11 Disallow device admin package and protected packages to be reinstalled as instant.
applyPatch "$DOS_PATCHES/android_frameworks_base/408510.patch"; #P_asb_2024-11 Clear app-provided shortcut icons
applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS)
applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
applyPatch "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch"; #Allow SystemUI to directly manage Bluetooth/WiFi (GrapheneOS)
@ -549,6 +557,8 @@ applyPatch "$DOS_PATCHES/android_packages_apps_Settings/403539.patch"; #P_asb_20
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/403540.patch"; #P_asb_2024-09 Replace getCallingActivity() with getLaunchedFromPackage()
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/403541.patch"; #P_asb_2024-09 Ignore fragment attr from ext authenticator resource
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/405832.patch"; #P_asb_2024-10 FRP bypass defense in App battery usage page
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/408511.patch"; #P_asb_2024-11 startActivityForResult with new Intent
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/408512.patch"; #P_asb_2024-11 Checks cross user permission before handling intent
git revert --no-edit c240992b4c86c7f226290807a2f41f2619e7e5e8; #Don't hide OEM unlock
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969)
#applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0004-Private_DNS.patch"; #More 'Private DNS' options (heavily based off of a CalyxOS patch) #TODO: Needs work