Churn

Signed-off-by: Tavi <tavi@divested.dev>
2024-10-01 01:35:54 -04:00 · 2024-06-19 18:43:50 -04:00 · 2024-06-19 18:43:50 -04:00 · fcd8808b35
commit fcd8808b35
parent e6fc32e012
13 changed files with 78 additions and 99 deletions
--- a/Logs/resetWorkspace-LineageOS-17.1.txt
+++ b/Logs/resetWorkspace-LineageOS-17.1.txt
@ -78,7 +78,7 @@ external/catch2 bcfbb791d09e390fb545c03ca002e570f764d960
 external/cblas 61ee00692011385347a5dd1ad872556899a5cf7a
 external/chromium-libpac c98fc96035e6fdc5b84d953d2bd38d2dcd175467
 external/chromium-trace f4e722b911fcc6f7164026432de62a02ea3460fb
-external/chromium-webview 18024297bc95fb233a92b15d8bf26c9b987bda66
+external/chromium-webview ef62acbe255f65218a2122885a27624a0178ba14
 external/clang 8343f599c9e1dda8e6c1bb779af323a673a052f9
 external/cldr 4e0bdd442c1e01f5c6147cf6032ce4f8587f4ede
 external/cmockery 9199c7bfafefea32d1884182fa655b6e4578c1c4
@ -726,7 +726,7 @@ tools/external_updater 1dc2143b13455b4ab0e2a0aa59dda791c0b0084f
 tools/loganalysis eec32327da28db6f5e599a4ab76f7c93995896ef
 tools/metalava edcafddcb54e149af8d4135a346501dde802fb30
 tools/ndkports 74fefbc2160250129cbd157272fcfb3c9ac20f18
-tools/repohooks 6ca9412c1ba65e255924a403165d60949bfebd50
+tools/repohooks c2c8692c55a22d15d57ae05a226c731aca7cf3ba
 tools/security 3c5ee5d6f2f50895611eacd71a62b11efcfb0648
 tools/test/connectivity 4857a1a24ab6fd537bc4186fc88548c2b9c29e82
 tools/test/graphicsbenchmark 143e833b3762e93b0a1fe6a6bc127f09e5afade8
--- a/Patches/LineageOS-17.1/android_frameworks_base/0007-Always_Restict_Serial.patch
+++ b/Patches/LineageOS-17.1/android_frameworks_base/0007-Always_Restict_Serial.patch
@ -10,7 +10,7 @@ requiring the READ_PHONE_STATE permission.
 1 file changed, 1 insertion(+), 6 deletions(-)

 diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
-index 98d7cecd81ca..ad536de06e66 100644
+index 41b1ddaf887b..78bdde0c5ef9 100644
 --- a/services/core/java/com/android/server/am/ActivityManagerService.java
 +++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -5025,12 +5025,7 @@ public class ActivityManagerService extends IActivityManager.Stub
--- a/Patches/LineageOS-17.1/android_frameworks_base/0014-Network_Permission-1.patch
+++ b/Patches/LineageOS-17.1/android_frameworks_base/0014-Network_Permission-1.patch
@ -22,10 +22,10 @@ index a8dd041454c9..6940b9eb36ed 100644
     <!-- Allows applications to access information about networks.
          <p>Protection level: normal
 diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
-index 65646aef6c9e..adf6fa87be3e 100644
+index f247610fa8a3..a57a2b819f84 100644
 --- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
 +++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
-@@ -1024,7 +1024,7 @@ public class PermissionManagerService {
+@@ -1025,7 +1025,7 @@ public class PermissionManagerService {
     }
 
     public static boolean isSpecialRuntimePermission(final String permission) {
--- a/Patches/LineageOS-17.1/android_frameworks_base/0014-Sensors_Permission.patch
+++ b/Patches/LineageOS-17.1/android_frameworks_base/0014-Sensors_Permission.patch
@ -100,10 +100,10 @@ index 2cf2b923ef90..ae206c1f5872 100644
     <string name="permlab_readCalendar">Read calendar events and details</string>
     <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
 diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
-index adf6fa87be3e..648502f7ba02 100644
+index a57a2b819f84..ecbee40cf574 100644
 --- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
 +++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
-@@ -1024,7 +1024,7 @@ public class PermissionManagerService {
+@@ -1025,7 +1025,7 @@ public class PermissionManagerService {
     }
 
     public static boolean isSpecialRuntimePermission(final String permission) {
--- a/Patches/LineageOS-17.1/android_frameworks_base/0014-Special_Permissions.patch
+++ b/Patches/LineageOS-17.1/android_frameworks_base/0014-Special_Permissions.patch
@ -25,10 +25,10 @@ index d27b5ad0d646..32b022455451 100644
                         Process.SYSTEM_UID, userId, delayingPermCallback);
                 // Allow app op later as we are holding mPackages
 diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
-index 2fcdec7c92d6..65646aef6c9e 100644
+index ed551795aad5..f247610fa8a3 100644
 --- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
 +++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
-@@ -1023,6 +1023,10 @@ public class PermissionManagerService {
+@@ -1024,6 +1024,10 @@ public class PermissionManagerService {
         }
     }
 
@ -39,7 +39,7 @@ index 2fcdec7c92d6..65646aef6c9e 100644
     /**
      * Restore the permission state for a package.
      *
-@@ -1322,6 +1326,14 @@ public class PermissionManagerService {
+@@ -1323,6 +1327,14 @@ public class PermissionManagerService {
                                             }
                                         }
                                     }
@ -54,7 +54,7 @@ index 2fcdec7c92d6..65646aef6c9e 100644
                                 } else {
                                     if (permState == null) {
                                         // New permission
-@@ -1455,7 +1467,7 @@ public class PermissionManagerService {
+@@ -1456,7 +1468,7 @@ public class PermissionManagerService {
                                              wasChanged = true;
                                         }
                                     }
@ -63,7 +63,7 @@ index 2fcdec7c92d6..65646aef6c9e 100644
                                     if (!permissionsState.hasRuntimePermission(bp.name, userId)
                                             && permissionsState.grantRuntimePermission(bp,
                                                     userId) != PERMISSION_OPERATION_FAILURE) {
-@@ -2233,7 +2245,7 @@ public class PermissionManagerService {
+@@ -2234,7 +2246,7 @@ public class PermissionManagerService {
                     && (grantedPermissions == null
                            || ArrayUtils.contains(grantedPermissions, permission))) {
                 final int flags = permissionsState.getPermissionFlags(permission, userId);
@ -72,7 +72,7 @@ index 2fcdec7c92d6..65646aef6c9e 100644
                     // Installer cannot change immutable permissions.
                     if ((flags & immutableFlags) == 0) {
                         grantRuntimePermission(permission, pkg.packageName, false, callingUid,
-@@ -2292,7 +2304,7 @@ public class PermissionManagerService {
+@@ -2293,7 +2305,7 @@ public class PermissionManagerService {
         // to keep the review required permission flag per user while an
         // install permission's state is shared across all users.
         if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M
@ -81,7 +81,7 @@ index 2fcdec7c92d6..65646aef6c9e 100644
             return;
         }
 
-@@ -2344,7 +2356,8 @@ public class PermissionManagerService {
+@@ -2345,7 +2357,8 @@ public class PermissionManagerService {
                     + permName + " for package " + packageName);
         }
 
@ -91,7 +91,7 @@ index 2fcdec7c92d6..65646aef6c9e 100644
             Slog.w(TAG, "Cannot grant runtime permission to a legacy app");
             return;
         }
-@@ -2431,7 +2444,7 @@ public class PermissionManagerService {
+@@ -2432,7 +2445,7 @@ public class PermissionManagerService {
         // to keep the review required permission flag per user while an
         // install permission's state is shared across all users.
         if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M
--- a/Patches/LineageOS-17.1/android_frameworks_base/394553.patch
+++ b/Patches/LineageOS-17.1/android_frameworks_base/394553.patch
@ -1,4 +1,4 @@
-From 00961ad29e26dde5d4f56de90ac333ceb2fc8d34 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Jing Ji <jji@google.com>
 Date: Tue, 25 Oct 2022 22:39:52 -0700
 Subject: [PATCH] DO NOT MERGE: ActivityManager#killBackgroundProcesses can
@ -19,10 +19,10 @@ Change-Id: I41cd6fa1f71e950db18a9fd450355c4e6f80ec7d
 1 file changed, 16 insertions(+)

 diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
-index 234b23a996267..815ddf63e565a 100644
+index 98d7cecd81ca..bcb7276b4014 100644
 --- a/services/core/java/com/android/server/am/ActivityManagerService.java
 +++ b/services/core/java/com/android/server/am/ActivityManagerService.java
-@@ -4486,6 +4486,22 @@ void killAllBackgroundProcessesExcept(int minTargetSdk, int maxProcState) {
+@@ -4217,6 +4217,22 @@ public class ActivityManagerService extends IActivityManager.Stub
             throw new SecurityException(msg);
         }
 
--- a/Patches/LineageOS-17.1/android_frameworks_base/394554.patch
+++ b/Patches/LineageOS-17.1/android_frameworks_base/394554.patch
@ -1,4 +1,4 @@
-From 14804676d97278009b746073e8339374b0cce927 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Jing Ji <jji@google.com>
 Date: Thu, 19 Oct 2023 14:22:58 -0700
 Subject: [PATCH] DO NOT MERGE: Fix ActivityManager#killBackgroundProcesses
@ -18,10 +18,10 @@ Change-Id: I9471a77188ee63ec32cd0c81569193e4ccad885b
 1 file changed, 16 deletions(-)

 diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
-index 815ddf63e565a..234b23a996267 100644
+index bcb7276b4014..41b1ddaf887b 100644
 --- a/services/core/java/com/android/server/am/ActivityManagerService.java
 +++ b/services/core/java/com/android/server/am/ActivityManagerService.java
-@@ -4486,22 +4486,6 @@ void killAllBackgroundProcessesExcept(int minTargetSdk, int maxProcState) {
+@@ -4268,22 +4268,6 @@ public class ActivityManagerService extends IActivityManager.Stub
             throw new SecurityException(msg);
         }
 
--- a/Patches/LineageOS-17.1/android_frameworks_base/394559.patch
+++ b/Patches/LineageOS-17.1/android_frameworks_base/394559.patch
@ -1,4 +1,4 @@
-From 18d1359a28cee22491dbe2f8b814ab999348ebfa Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Dmitry Dementyev <dementyev@google.com>
 Date: Tue, 26 Mar 2024 10:31:44 -0700
 Subject: [PATCH] Add more checkKeyIntent checks to AccountManagerService.
@ -14,10 +14,10 @@ Change-Id: I9e45d758a2320328da5664b6341eafe6f285f297
 1 file changed, 10 insertions(+)

 diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java
-index 8a9ddda50d63b..37a68d3eec76c 100644
+index 326acdfe3a3f..bf577735d037 100644
 --- a/services/core/java/com/android/server/accounts/AccountManagerService.java
 +++ b/services/core/java/com/android/server/accounts/AccountManagerService.java
-@@ -3475,6 +3475,11 @@ public void onResult(Bundle result) {
+@@ -3479,6 +3479,11 @@ public class AccountManagerService
 
             // Strip auth token from result.
             result.remove(AccountManager.KEY_AUTHTOKEN);
@ -29,7 +29,7 @@ index 8a9ddda50d63b..37a68d3eec76c 100644
 
             if (Log.isLoggable(TAG, Log.VERBOSE)) {
                 Log.v(TAG,
-@@ -5052,6 +5057,11 @@ public void onResult(Bundle result) {
+@@ -5062,6 +5067,11 @@ public class AccountManagerService
                     } else {
                         if (mStripAuthTokenFromResult) {
                             result.remove(AccountManager.KEY_AUTHTOKEN);
--- a/Patches/LineageOS-17.1/android_frameworks_base/394560.patch
+++ b/Patches/LineageOS-17.1/android_frameworks_base/394560.patch
@ -1,4 +1,4 @@
-From a0059406f6fa6fa600bd6d5fc488de1d3aa956af Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Haoran Zhang <haoranzhang@google.com>
 Date: Wed, 13 Mar 2024 17:08:00 +0000
 Subject: [PATCH] Add in check for intent filter when setting/updating service
@ -20,10 +20,10 @@ Change-Id: I51c2e3788ac29ff4d6b86aa2a735ff2ea1463a77
 1 file changed, 27 insertions(+)

 diff --git a/services/autofill/java/com/android/server/autofill/AutofillManagerServiceImpl.java b/services/autofill/java/com/android/server/autofill/AutofillManagerServiceImpl.java
-index 57ffe0498a88e..309f78006d4b6 100644
+index 1bd5201f5b26..58a1064682d3 100644
 --- a/services/autofill/java/com/android/server/autofill/AutofillManagerServiceImpl.java
 +++ b/services/autofill/java/com/android/server/autofill/AutofillManagerServiceImpl.java
-@@ -32,8 +32,10 @@
+@@ -32,8 +32,10 @@ import android.app.ActivityManagerInternal;
 import android.app.ActivityTaskManager;
 import android.app.IActivityTaskManager;
 import android.content.ComponentName;
@ -34,7 +34,7 @@ index 57ffe0498a88e..309f78006d4b6 100644
 import android.content.pm.ServiceInfo;
 import android.graphics.Rect;
 import android.metrics.LogMaker;
-@@ -235,6 +237,31 @@ protected boolean updateLocked(boolean disabled) {
+@@ -214,6 +216,31 @@ final class AutofillManagerServiceImpl
     @Override // from PerUserSystemService
     protected ServiceInfo newServiceInfoLocked(@NonNull ComponentName serviceComponent)
             throws NameNotFoundException {
--- a/Patches/LineageOS-17.1/android_frameworks_base/394561.patch
+++ b/Patches/LineageOS-17.1/android_frameworks_base/394561.patch
@ -1,4 +1,4 @@
-From a0d6c266c99cdcdba0ef4674cf6995619f13efa7 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Hans Boehm <hboehm@google.com>
 Date: Tue, 2 Jan 2024 16:53:13 -0800
 Subject: [PATCH] Check hidden API exemptions
@ -18,10 +18,10 @@ Change-Id: I83cd60e46407a4a082f9f3c80e937dbd522dbac4
 1 file changed, 10 insertions(+)

 diff --git a/core/java/android/os/ZygoteProcess.java b/core/java/android/os/ZygoteProcess.java
-index 39038f555044e..4d69f217c5e6a 100644
+index 0417a4c8959c..ff4131c2398d 100644
 --- a/core/java/android/os/ZygoteProcess.java
 +++ b/core/java/android/os/ZygoteProcess.java
-@@ -431,6 +431,8 @@ private Process.ProcessStartResult zygoteSendArgsAndGetResult(
+@@ -411,6 +411,8 @@ public class ZygoteProcess {
                 throw new ZygoteStartFailedEx("Embedded newlines not allowed");
             } else if (arg.indexOf('\r') >= 0) {
                 throw new ZygoteStartFailedEx("Embedded carriage returns not allowed");
@ -30,7 +30,7 @@ index 39038f555044e..4d69f217c5e6a 100644
             }
         }
 
-@@ -980,6 +982,14 @@ private boolean maybeSetApiBlacklistExemptions(ZygoteState state, boolean sendIf
+@@ -869,6 +871,14 @@ public class ZygoteProcess {
             return true;
         }
 
--- a/Patches/LineageOS-17.1/android_frameworks_base/394563-backport.patch
+++ b/Patches/LineageOS-17.1/android_frameworks_base/394563-backport.patch
@ -1,61 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Guojing Yuan <guojing@google.com>
-Date: Thu, 14 Dec 2023 19:30:04 +0000
-Subject: [PATCH] Check permissions for CDM shell commands
-
-Override handleShellCommand instead of onShellCommand because
-Binder.onShellCommand checks the necessary permissions of the caller.
-
-Bug: 313428840
-
-Test: manually tested CDM shell commands
-(cherry picked from commit 1761a0fee9c2cd9787bbb7fbdbe30b4c2b03396e)
-(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:8d008c61451dba86aa9f14c6bcd661db2cea4856)
-Merged-In: I5539b3594feb5544c458c0fd1061b51a0a808900
-Change-Id: I5539b3594feb5544c458c0fd1061b51a0a808900
---
- .../companion/CompanionDeviceManagerService.java   | 14 ++++++++------
- 1 file changed, 8 insertions(+), 6 deletions(-)
-
-diff --git a/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java b/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java
-index 73b8ff7067ef..e78ddaad3e88 100644
--- a/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java
-+++ b/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java
-@@ -24,6 +24,7 @@ import static com.android.internal.util.Preconditions.checkState;
- import static com.android.internal.util.function.pooled.PooledLambda.obtainRunnable;
- 
- import android.annotation.CheckResult;
-+import android.annotation.NonNull;
- import android.annotation.Nullable;
- import android.app.AppOpsManager;
- import android.app.PendingIntent;
-@@ -48,11 +49,10 @@ import android.os.IBinder;
- import android.os.IDeviceIdleController;
- import android.os.IInterface;
- import android.os.Parcel;
-+import android.os.ParcelFileDescriptor;
- import android.os.Process;
- import android.os.RemoteException;
-import android.os.ResultReceiver;
- import android.os.ServiceManager;
-import android.os.ShellCallback;
- import android.os.ShellCommand;
- import android.os.UserHandle;
- import android.provider.Settings;
-@@ -363,10 +363,12 @@ public class CompanionDeviceManagerService extends SystemService implements Bind
-         }
- 
-         @Override
-        public void onShellCommand(FileDescriptor in, FileDescriptor out, FileDescriptor err,
-                String[] args, ShellCallback callback, ResultReceiver resultReceiver)
-                throws RemoteException {
-            new ShellCmd().exec(this, in, out, err, args, callback, resultReceiver);
-+        public int handleShellCommand(@NonNull ParcelFileDescriptor in,
-+                @NonNull ParcelFileDescriptor out, @NonNull ParcelFileDescriptor err,
-+                @NonNull String[] args) {
-+            return new ShellCmd()
-+                    .exec(this, in.getFileDescriptor(), out.getFileDescriptor(),
-+                            err.getFileDescriptor(), args);
-         }
-     }
- 
--- a/Patches/LineageOS-17.1/android_frameworks_base/394882.patch
+++ b/Patches/LineageOS-17.1/android_frameworks_base/394882.patch
@ -0,0 +1,40 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Guojing Yuan <guojing@google.com>
+Date: Thu, 14 Dec 2023 19:30:04 +0000
+Subject: [PATCH] Check permissions for CDM shell commands
+
+Override handleShellCommand instead of onShellCommand because
+Binder.onShellCommand checks the necessary permissions of the caller.
+
+Backport by mse1969@posteo.de:
+In Pie, method handleShellCommand does not exist, only Binder.onShellCommand, in which
+the caller uid check isn't yet implemented. Backport: Take over the uid check from A11
+and implement it in the method override.
+
+Bug: 313428840
+
+Test: manually tested CDM shell commands
+(cherry picked from commit 1761a0fee9c2cd9787bbb7fbdbe30b4c2b03396e)
+(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:8d008c61451dba86aa9f14c6bcd661db2cea4856)
+Merged-In: I5539b3594feb5544c458c0fd1061b51a0a808900
+Change-Id: I5539b3594feb5544c458c0fd1061b51a0a808900
+---
+ .../server/companion/CompanionDeviceManagerService.java      | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java b/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java
+index 73b8ff7067ef..4377ee6145d8 100644
+--- a/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java
+++ b/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java
+@@ -366,6 +366,11 @@ public class CompanionDeviceManagerService extends SystemService implements Bind
+         public void onShellCommand(FileDescriptor in, FileDescriptor out, FileDescriptor err,
+                 String[] args, ShellCallback callback, ResultReceiver resultReceiver)
+                 throws RemoteException {
+            final int callingUid = Binder.getCallingUid();
+            if (callingUid != Process.ROOT_UID && callingUid != Process.SHELL_UID) {
+                resultReceiver.send(-1, null);
+                throw new RemoteException("Shell commands are only callable by ADB");
+            }
+             new ShellCmd().exec(this, in, out, err, args, callback, resultReceiver);
+         }
+     }
--- a/Scripts/LineageOS-17.1/Patch.sh
+++ b/Scripts/LineageOS-17.1/Patch.sh
@ -294,17 +294,17 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/392204.patch"; #Q_asb_2024-04 i
 applyPatch "$DOS_PATCHES/android_frameworks_base/392205.patch"; #Q_asb_2024-04 Fix security vulnerability that creates user with no restrictions when accountOptions are too long.
 applyPatch "$DOS_PATCHES/android_frameworks_base/393587.patch"; #Q_asb_2024-05 Prioritize system toasts
 applyPatch "$DOS_PATCHES/android_frameworks_base/393588.patch"; #Q_asb_2024-05 Don't try to show the current toast again while it's showing.
-applyPatch "$DOS_PATCHES/android_frameworks_base/394553.patch"; #R_asb_2024-06 DO NOT MERGE: ActivityManager#killBackgroundProcesses can kill caller's own app only
-applyPatch "$DOS_PATCHES/android_frameworks_base/394554.patch"; #R_asb_2024-06 DO NOT MERGE: Fix ActivityManager#killBackgroundProcesses permissions
+applyPatch "$DOS_PATCHES/android_frameworks_base/394553.patch"; #R_asb_2024-06 ActivityManager#killBackgroundProcesses can kill caller's own app only
+applyPatch "$DOS_PATCHES/android_frameworks_base/394554.patch"; #R_asb_2024-06 Fix ActivityManager#killBackgroundProcesses permissions
 applyPatch "$DOS_PATCHES/android_frameworks_base/394555-backport.patch"; #R_asb_2024-06 Verify URI permission for channel sound update from NotificationListenerService
 applyPatch "$DOS_PATCHES/android_frameworks_base/394556-backport.patch"; #R_asb_2024-06 Check for NLS bind permission when rebinding services
-applyPatch "$DOS_PATCHES/android_frameworks_base/394557-backport.patch"; #R_asb_2024-06 Hide window immediately if itself doesn't run hide animation #XXX
-applyPatch "$DOS_PATCHES/android_frameworks_base/394558-backport.patch"; #R_asb_2024-06 Fix error handling for non-dynamic permissions #XXX
+applyPatch "$DOS_PATCHES/android_frameworks_base/394557-backport.patch"; #R_asb_2024-06 Hide window immediately if itself doesn't run hide animation
+applyPatch "$DOS_PATCHES/android_frameworks_base/394558-backport.patch"; #R_asb_2024-06 Fix error handling for non-dynamic permissions
 applyPatch "$DOS_PATCHES/android_frameworks_base/394559.patch"; #R_asb_2024-06 Add more checkKeyIntent checks to AccountManagerService.
 applyPatch "$DOS_PATCHES/android_frameworks_base/394560.patch"; #R_asb_2024-06 Add in check for intent filter when setting/updating service
 applyPatch "$DOS_PATCHES/android_frameworks_base/394561.patch"; #R_asb_2024-06 Check hidden API exemptions
 applyPatch "$DOS_PATCHES/android_frameworks_base/394562-backport.patch"; #R_asb_2024-06 AccessibilityManagerService: remove uninstalled services from enabled list after service update.
-applyPatch "$DOS_PATCHES/android_frameworks_base/394563-backport.patch"; #R_asb_2024-06 Check permissions for CDM shell commands
+applyPatch "$DOS_PATCHES/android_frameworks_base/394882.patch"; #P_asb_2024-06 Check permissions for CDM shell commands
 #applyPatch "$DOS_PATCHES/android_frameworks_base/272645.patch"; #ten-bt-sbc-hd-dualchannel: Add CHANNEL_MODE_DUAL_CHANNEL constant (ValdikSS)
 #applyPatch "$DOS_PATCHES/android_frameworks_base/272646-forwardport.patch"; #ten-bt-sbc-hd-dualchannel: Add Dual Channel into Bluetooth Audio Channel Mode developer options menu (ValdikSS)
 #applyPatch "$DOS_PATCHES/android_frameworks_base/272647.patch"; #ten-bt-sbc-hd-dualchannel: Allow SBC as HD audio codec in Bluetooth device configuration (ValdikSS)