Skip to content

Commit

Permalink
ASB-NOV 2024 Security Patches integration
Browse files Browse the repository at this point in the history 
Integrating Google Android Security Bulletin Patches

Test done: STS r32 TCs Passed.

Tracked-On: OAM-126584
Signed-off-by: AlamIntel <sahibex.alam@intel.com>
  • Loading branch information
@AlamIntel
AlamIntel committed Oct 21, 2024
1 parent d25365b commit 7a60ee1
Show file tree
Hide file tree
Showing 21 changed files with 2,224 additions and 67 deletions.
2 changes: 1 addition & 1 deletion aosp_diff/preliminary/build/make/0009-Update-security_patch_level-string.patch
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ index dba897a9c3..a2dae42533 100644
# It must match one of the Android Security Patch Level strings of the Public Security Bulletins.
# If there is no $PLATFORM_SECURITY_PATCH set, keep it empty.
- PLATFORM_SECURITY_PATCH := 2024-02-05
+ PLATFORM_SECURITY_PATCH := 2024-10-01
+ PLATFORM_SECURITY_PATCH := 2024-11-01
endif

include $(BUILD_SYSTEM)/version_util.mk
Expand Down
51 changes: 51 additions & 0 deletions ...ia/01_0001-RESTRICT-AUTOMERGE-Avoid-potential-overflow-when-allocating-3D-.bulletin.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
From 0b628a960e74197ace9831ef0727f5ba7ab6ac10 Mon Sep 17 00:00:00 2001
From: Brian Osman <brianosman@google.com>
Date: Tue, 27 Aug 2024 14:22:52 -0400
Subject: [PATCH] RESTRICT AUTOMERGE: Avoid potential overflow when allocating
3D mask from emboss filter

Note: the original fix landed after
Iac8b937e516dbfbbcefef54360dd5b7300bacb67 introduced SkMaskBuilder, so
this cherry-pick had to be tweaked to avoid conflicts. Unfortuantely
that means we need RESTRICT AUTOMERGE to prevent this modified version
from flowing through API boundaries into VIC, and we need to manually
cherry-pick it to each API level.

Bug: 344620577
Test: N/A -- unclear if even reachable
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/893738
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: Ben Wagner <bungeman@google.com>
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:2bc38734eec777bf2574d4b38a7fd4fc05f0ecde)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:bd6b1b730157b35457c9dbdb3bbf15ede15f6ba7)
Merged-In: Ia35860371d45120baca63238e77faa5c0eb25d51
Change-Id: Ia35860371d45120baca63238e77faa5c0eb25d51
---
src/effects/SkEmbossMaskFilter.cpp | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/effects/SkEmbossMaskFilter.cpp b/src/effects/SkEmbossMaskFilter.cpp
index a42cf083fa..123549ee7e 100644
--- a/src/effects/SkEmbossMaskFilter.cpp
+++ b/src/effects/SkEmbossMaskFilter.cpp
@@ -103,11 +103,13 @@ bool SkEmbossMaskFilter::filterMask(SkMask* dst, const SkMask& src,

{
uint8_t* alphaPlane = dst->fImage;
- size_t planeSize = dst->computeImageSize();
- if (0 == planeSize) {
- return false; // too big to allocate, abort
+ size_t totalSize = dst->computeTotalImageSize();
+ if (totalSize == 0) {
+ return false; // too big to allocate, abort
}
- dst->fImage = SkMask::AllocImage(planeSize * 3);
+ size_t planeSize = dst->computeImageSize();
+ SkASSERT(planeSize != 0); // if totalSize didn't overflow, this can't either
+ dst->fImage = SkMask::AllocImage(totalSize);
memcpy(dst->fImage, alphaPlane, planeSize);
SkMask::FreeImage(alphaPlane);
}
--
2.46.1.824.gd892dcdcdd-goog

34 changes: 34 additions & 0 deletions ...nary/frameworks/base/73_0073-Remove-authenticator-data-if-it-was-disabled-.bulletin.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
From 55a3d36701bb874358f685d3ac3381eda10fcff0 Mon Sep 17 00:00:00 2001
From: Dmitry Dementyev <dementyev@google.com>
Date: Tue, 2 Jul 2024 11:02:07 -0700
Subject: [PATCH] Remove authenticator data if it was disabled.

Test: manual
Bug: 343440463
Flag: EXEMPT bugfix
(cherry picked from commit ddfc078af7e89641360b896f99af23a6b371b847)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:cd372149336675c82e032fe2613d1dc8b03122f6)
Merged-In: I36bd6bf101da03c9c30a6d3c0080b801e7898bc6
Change-Id: I36bd6bf101da03c9c30a6d3c0080b801e7898bc6
---
.../com/android/server/accounts/AccountManagerService.java | 4 ++++
1 file changed, 4 insertions(+)

diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java
index b59a5ea5ad1a..6179b1533475 100644
--- a/services/core/java/com/android/server/accounts/AccountManagerService.java
+++ b/services/core/java/com/android/server/accounts/AccountManagerService.java
@@ -1195,6 +1195,10 @@ public class AccountManagerService
obsoleteAuthType.add(type);
// And delete it from the TABLE_META
accountsDb.deleteMetaByAuthTypeAndUid(type, uid);
+ } else if (knownUid != null && knownUid != uid) {
+ Slog.w(TAG, "authenticator no longer exist for type " + type);
+ obsoleteAuthType.add(type);
+ accountsDb.deleteMetaByAuthTypeAndUid(type, uid);
}
}
}
--
2.46.1.824.gd892dcdcdd-goog

79 changes: 79 additions & 0 deletions aosp_diff/preliminary/frameworks/base/74_0074-RingtoneManager-allow-video-ringtone-URI.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
From 281cc8cc117b7a0e44a29c58e4f5b5b8643f5976 Mon Sep 17 00:00:00 2001
From: Jean-Michel Trivi <jmtrivi@google.com>
Date: Mon, 24 Jun 2024 17:29:14 -0700
Subject: [PATCH] RingtoneManager: allow video ringtone URI

When checking the MIME type for the default ringtone, also
allow it to refer to video content.

Bug: 205837340
Test: see POC + atest android.media.audio.cts.RingtoneManagerTest
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:a513c6e476844c16176e57c222b1a5ac9417cbb4)
Merged-In: Iac9f27f14bae29e0fabc31e05da2357f6f4f16c7
Change-Id: Iac9f27f14bae29e0fabc31e05da2357f6f4f16c7
---
media/java/android/media/RingtoneManager.java | 8 ++++++--
.../android/providers/settings/SettingsProvider.java | 11 +++++++----
2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/media/java/android/media/RingtoneManager.java b/media/java/android/media/RingtoneManager.java
index ff369c8a5eee..11c80d3578b1 100644
--- a/media/java/android/media/RingtoneManager.java
+++ b/media/java/android/media/RingtoneManager.java
@@ -924,9 +924,13 @@ public class RingtoneManager {
+ " ignored: failure to find mimeType (no access from this context?)");
return;
}
- if (!(mimeType.startsWith("audio/") || mimeType.equals("application/ogg"))) {
+ if (!(mimeType.startsWith("audio/") || mimeType.equals("application/ogg")
+ || mimeType.equals("application/x-flac")
+ // also check for video ringtones
+ || mimeType.startsWith("video/") || mimeType.equals("application/mp4"))) {
Log.e(TAG, "setActualDefaultRingtoneUri for URI:" + ringtoneUri
- + " ignored: associated mimeType:" + mimeType + " is not an audio type");
+ + " ignored: associated MIME type:" + mimeType
+ + " is not a recognized audio or video type");
return;
}
}
diff --git a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
index b785d6f7f858..44f043ee75aa 100644
--- a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
+++ b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
@@ -1985,7 +1985,7 @@ public class SettingsProvider extends ContentProvider {

File cacheFile = getCacheFile(name, callingUserId);
if (cacheFile != null) {
- if (!isValidAudioUri(name, value)) {
+ if (!isValidMediaUri(name, value)) {
return false;
}
// Invalidate any relevant cache files
@@ -2046,7 +2046,7 @@ public class SettingsProvider extends ContentProvider {
return true;
}

- private boolean isValidAudioUri(String name, String uri) {
+ private boolean isValidMediaUri(String name, String uri) {
if (uri != null) {
Uri audioUri = Uri.parse(uri);
if (Settings.AUTHORITY.equals(
@@ -2064,10 +2064,13 @@ public class SettingsProvider extends ContentProvider {
return false;
}
if (!(mimeType.startsWith("audio/") || mimeType.equals("application/ogg")
- || mimeType.equals("application/x-flac"))) {
+ || mimeType.equals("application/x-flac")
+ // also check for video ringtones
+ || mimeType.startsWith("video/") || mimeType.equals("application/mp4"))) {
Slog.e(LOG_TAG,
"mutateSystemSetting for setting: " + name + " URI: " + audioUri
- + " ignored: associated mimeType: " + mimeType + " is not an audio type");
+ + " ignored: associated MIME type: " + mimeType
+ + " is not a recognized audio or video type");
return false;
}
}
--
2.34.1

69 changes: 69 additions & 0 deletions aosp_diff/preliminary/frameworks/base/75_0075-Check-more-URIs-in-notifications.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
From f80f4d2758258a9174402512c0d70f68da7eb9aa Mon Sep 17 00:00:00 2001
From: Ioana Alexandru <aioana@google.com>
Date: Wed, 31 Jul 2024 13:46:30 +0000
Subject: [PATCH] Check more URIs in notifications

Bug: 281044385
Test: presubmit + tested in current release

(cherry picked from commit f47b41a138ebd60f7b518fb6a9d8aa8230488422,
includes changes from commit 57bf60dd7b6a0a0e9785231f8ec25a458fedde64
and commit 47fa2f79584b0a4e9ca7e9c6b237c4e5cf699032)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:b50af4f855899a63a6b85c5cbfbde8e8236a933e)
Merged-In: I1ce6bebd9452466d005505dc5b99a0fdc0e05e80
Change-Id: I1ce6bebd9452466d005505dc5b99a0fdc0e05e80
---
core/java/android/widget/RemoteViews.java | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)

diff --git a/core/java/android/widget/RemoteViews.java b/core/java/android/widget/RemoteViews.java
index a740b651142d..e039ac423359 100644
--- a/core/java/android/widget/RemoteViews.java
+++ b/core/java/android/widget/RemoteViews.java
@@ -1089,6 +1089,13 @@ public class RemoteViews implements Parcelable, Filter {
return (SET_REMOTE_ADAPTER_TAG + "_" + viewId);
}

+ @Override
+ public void visitUris(@NonNull Consumer<Uri> visitor) {
+ for (RemoteViews remoteViews : list) {
+ remoteViews.visitUris(visitor);
+ }
+ }
+
int viewTypeCount;
ArrayList<RemoteViews> list;
}
@@ -1132,6 +1139,13 @@ public class RemoteViews implements Parcelable, Filter {
if (key == null) return null;
return mPackageUserToApplicationInfo.get(key);
}
+
+ @Override
+ public void visitUris(@NonNull Consumer<Uri> visitor) {
+ if (mItems != null) {
+ mItems.visitUris(visitor);
+ }
+ }
}

private class SetRemoteCollectionItemListAdapterAction extends Action {
@@ -7275,6 +7289,15 @@ public class RemoteViews implements Parcelable, Filter {
Math.max(mViewTypeCount, 1));
}
}
+
+ /**
+ * See {@link RemoteViews#visitUris(Consumer)}.
+ */
+ private void visitUris(@NonNull Consumer<Uri> visitor) {
+ for (RemoteViews view : mViews) {
+ view.visitUris(visitor);
+ }
+ }
}

/**
--
2.34.1

56 changes: 56 additions & 0 deletions ...e/76_0076-Set-no-data-transfer-on-function-switch-timeout-for-accessory-mo.bulletin.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
From 2457d4e459ee6ffd099b9ff7cce9c83119c3ce66 Mon Sep 17 00:00:00 2001
From: Ashish Kumar Gupta <kumarashishg@google.com>
Date: Wed, 31 Jul 2024 16:02:29 +0000
Subject: [PATCH] Set no data transfer on function switch timeout for accessory
mode

In case of function switch times out, we will check whether
the last function set was accessory. If this is the case, it is
recommended to set the function to NONE(No data transfer) rather than
setting it to the default USB function.

Bug: 353712853
Test: Build the code, flash the device and test it.
Test: atest CtsUsbManagerTestCases
Test: run CtsVerifier tool
Test: atest CtsUsbTests
(cherry picked from commit 7c6ec68537ba8abf798afd9ab7c3e5889841171f)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:bec30c91a7bea8af2900b1b97cd1fb8fcfa287c0)
Merged-In: I698e9df0333cbb51dd9bd5917a94d81273a2784a
Change-Id: I698e9df0333cbb51dd9bd5917a94d81273a2784a
---
.../java/com/android/server/usb/UsbDeviceManager.java | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/services/usb/java/com/android/server/usb/UsbDeviceManager.java b/services/usb/java/com/android/server/usb/UsbDeviceManager.java
index 77b263824b78..3d012f6eacc0 100644
--- a/services/usb/java/com/android/server/usb/UsbDeviceManager.java
+++ b/services/usb/java/com/android/server/usb/UsbDeviceManager.java
@@ -819,7 +819,7 @@ public class UsbDeviceManager implements ActivityTaskManagerInternal.ScreenObser
}
}

- private void notifyAccessoryModeExit(int operationId) {
+ protected void notifyAccessoryModeExit(int operationId) {
// make sure accessory mode is off
// and restore default functions
Slog.d(TAG, "exited USB accessory mode");
@@ -2145,8 +2145,13 @@ public class UsbDeviceManager implements ActivityTaskManagerInternal.ScreenObser
*/
operationId = sUsbOperationCount.incrementAndGet();
if (msg.arg1 != 1) {
- // Set this since default function may be selected from Developer options
- setEnabledFunctions(mScreenUnlockedFunctions, false, operationId);
+ if (mCurrentFunctions == UsbManager.FUNCTION_ACCESSORY) {
+ notifyAccessoryModeExit(operationId);
+ } else {
+ // Set this since default function may be selected from Developer
+ // options
+ setEnabledFunctions(mScreenUnlockedFunctions, false, operationId);
+ }
}
break;
case MSG_GADGET_HAL_REGISTERED:
--
2.46.1.824.gd892dcdcdd-goog

50 changes: 50 additions & 0 deletions ...e/77_0077-Disallow-device-admin-package-and-protected-packages-to-be-reins.bulletin.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
From 31c098c4271ad4fdfb3809e05017ead8d9f6580f Mon Sep 17 00:00:00 2001
From: lpeter <lpeter@google.com>
Date: Tue, 16 Jul 2024 00:14:47 +0000
Subject: [PATCH] Disallow device admin package and protected packages to be
reinstalled as instant.

We should prevent the following types of apps from being reinstalled with
--install-existing as an instant.
(1)device admin package
(2)protected packages

Flag: EXEMPT bugfix

Bug: 341256043
Test: atest android.content.pm.cts.PackageManagerTest
Test: Manual test
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:12b2fd162c91441ea89517cf9e2359ef6aea9f82)
Merged-In: I30244cf18aa6522361f13a1d2119ac5847939ddd
Change-Id: I30244cf18aa6522361f13a1d2119ac5847939ddd
---
.../java/com/android/server/pm/InstallPackageHelper.java | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/services/core/java/com/android/server/pm/InstallPackageHelper.java b/services/core/java/com/android/server/pm/InstallPackageHelper.java
index f26a9f8f3aed..6ae7834377d8 100644
--- a/services/core/java/com/android/server/pm/InstallPackageHelper.java
+++ b/services/core/java/com/android/server/pm/InstallPackageHelper.java
@@ -660,6 +660,9 @@ final class InstallPackageHelper {
(installFlags & PackageManager.INSTALL_INSTANT_APP) != 0;
final boolean fullApp =
(installFlags & PackageManager.INSTALL_FULL_APP) != 0;
+ final boolean isPackageDeviceAdmin = mPm.isPackageDeviceAdmin(packageName, userId);
+ final boolean isProtectedPackage = mPm.mProtectedPackages != null
+ && mPm.mProtectedPackages.isPackageStateProtected(userId, packageName);

// writer
synchronized (mPm.mLock) {
@@ -668,7 +671,8 @@ final class InstallPackageHelper {
if (pkgSetting == null || pkgSetting.getPkg() == null) {
return Pair.create(PackageManager.INSTALL_FAILED_INVALID_URI, intentSender);
}
- if (instantApp && (pkgSetting.isSystem() || pkgSetting.isUpdatedSystemApp())) {
+ if (instantApp && (pkgSetting.isSystem() || pkgSetting.isUpdatedSystemApp()
+ || isPackageDeviceAdmin || isProtectedPackage)) {
return Pair.create(PackageManager.INSTALL_FAILED_INVALID_URI, intentSender);
}
if (!snapshot.canViewInstantApps(callingUid, UserHandle.getUserId(callingUid))) {
--
2.46.1.824.gd892dcdcdd-goog

Loading

0 comments on commit 7a60ee1

Please sign in to comment.