Skip to content

Commit

Permalink
ASB-NOV 2024 Security Patches integration
Browse files Browse the repository at this point in the history 
Integrating Google Android Security Bulletin Patches

Test done: STS r32 TCs Passed.

Tracked-On: OAM-126981
Signed-off-by: AlamIntel <[email protected]>
  • Loading branch information
@AlamIntel @sysopenci
AlamIntel authored and sysopenci committed Nov 12, 2024
1 parent 369b97c commit 3f2e04d
Show file tree
Hide file tree
Showing 13 changed files with 1,362 additions and 0 deletions.
27 changes: 27 additions & 0 deletions aosp_diff/preliminary/build/release/0001-Update-RELEASE_PLATFORM_SECURITY_PATCH-string.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
From 7c9c07f16863fc893f09911c23800b306a0f2da8 Mon Sep 17 00:00:00 2001
From: "Alam, Sahibex" <[email protected]>
Date: Mon, 4 Nov 2024 08:24:08 +0000
Subject: [PATCH] Update RELEASE_PLATFORM_SECURITY_PATCH string

Security_patch_level needs to be updated
When ASB Security patches are integrated.

Tracked-On: OAM-125942
Signed-off-by: Alam, Sahibex <[email protected]>
---
flag_values/ap3a/RELEASE_PLATFORM_SECURITY_PATCH.textproto | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/flag_values/ap3a/RELEASE_PLATFORM_SECURITY_PATCH.textproto b/flag_values/ap3a/RELEASE_PLATFORM_SECURITY_PATCH.textproto
index f27e557..f816af1 100644
--- a/flag_values/ap3a/RELEASE_PLATFORM_SECURITY_PATCH.textproto
+++ b/flag_values/ap3a/RELEASE_PLATFORM_SECURITY_PATCH.textproto
@@ -1,4 +1,4 @@
name: "RELEASE_PLATFORM_SECURITY_PATCH"
value: {
- string_value: "2024-10-05"
+ string_value: "2024-11-01"
}
--
2.34.1

44 changes: 44 additions & 0 deletions ...skia/0001-Avoid-potential-overflow-when-allocating-3D-mask-from-emboss-fil.bulletin.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
From b8081964ce86f26b37361d4c91128edd98b516c5 Mon Sep 17 00:00:00 2001
From: Nolan Scobie <[email protected]>
Date: Thu, 29 Aug 2024 18:06:17 +0000
Subject: [PATCH] Avoid potential overflow when allocating 3D mask from emboss
filter

Bug: 344620577
Test: N/A -- unclear if even reachable
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/893738
Commit-Queue: Brian Osman <[email protected]>
Reviewed-by: Ben Wagner <[email protected]>
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:2bc38734eec777bf2574d4b38a7fd4fc05f0ecde)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:e36fda1a1a145ca8d708a32c26981ca9251a4f9d)
Merged-In: Ia35860371d45120baca63238e77faa5c0eb25d51
Change-Id: Ia35860371d45120baca63238e77faa5c0eb25d51
---
src/effects/SkEmbossMaskFilter.cpp | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/effects/SkEmbossMaskFilter.cpp b/src/effects/SkEmbossMaskFilter.cpp
index 3d431f812e..c8f0c536b3 100644
--- a/src/effects/SkEmbossMaskFilter.cpp
+++ b/src/effects/SkEmbossMaskFilter.cpp
@@ -99,11 +99,13 @@ bool SkEmbossMaskFilter::filterMask(SkMaskBuilder* dst, const SkMask& src,

{
uint8_t* alphaPlane = dst->image();
- size_t planeSize = dst->computeImageSize();
- if (0 == planeSize) {
- return false; // too big to allocate, abort
+ size_t totalSize = dst->computeTotalImageSize();
+ if (totalSize == 0) {
+ return false; // too big to allocate, abort
}
- dst->image() = SkMaskBuilder::AllocImage(planeSize * 3);
+ size_t planeSize = dst->computeImageSize();
+ SkASSERT(planeSize != 0); // if totalSize didn't overflow, this can't either
+ dst->image() = SkMaskBuilder::AllocImage(totalSize);
memcpy(dst->image(), alphaPlane, planeSize);
SkMaskBuilder::FreeImage(alphaPlane);
}
--
2.46.1.824.gd892dcdcdd-goog

34 changes: 34 additions & 0 deletions ..._diff/preliminary/frameworks/base/0004-Remove-authenticator-data-if-it-was-disabled.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
From a4ce19611234fd6e067b9a19bc57cdc54f052a15 Mon Sep 17 00:00:00 2001
From: Dmitry Dementyev <[email protected]>
Date: Tue, 2 Jul 2024 11:02:07 -0700
Subject: [PATCH 1/5] Remove authenticator data if it was disabled.

Test: manual
Bug: 343440463
Flag: EXEMPT bugfix
(cherry picked from commit ddfc078af7e89641360b896f99af23a6b371b847)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:4e115a86fda4bec1916f63eadd1f2756bb4b2a49)
Merged-In: I36bd6bf101da03c9c30a6d3c0080b801e7898bc6
Change-Id: I36bd6bf101da03c9c30a6d3c0080b801e7898bc6
---
.../com/android/server/accounts/AccountManagerService.java | 4 ++++
1 file changed, 4 insertions(+)

diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java
index 1d07bcae3f35..69478bbd0d44 100644
--- a/services/core/java/com/android/server/accounts/AccountManagerService.java
+++ b/services/core/java/com/android/server/accounts/AccountManagerService.java
@@ -1234,6 +1234,10 @@ public class AccountManagerService
obsoleteAuthType.add(type);
// And delete it from the TABLE_META
accountsDb.deleteMetaByAuthTypeAndUid(type, uid);
+ } else if (knownUid != null && knownUid != uid) {
+ Slog.w(TAG, "authenticator no longer exist for type " + type);
+ obsoleteAuthType.add(type);
+ accountsDb.deleteMetaByAuthTypeAndUid(type, uid);
}
}
}
--
2.34.1

37 changes: 37 additions & 0 deletions aosp_diff/preliminary/frameworks/base/0005-Remove-visitPersonUri-flagged-code.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
From 45a4324db9ffc5570d2507e9a86389e512c86c8a Mon Sep 17 00:00:00 2001
From: Ioana Alexandru <[email protected]>
Date: Fri, 26 Jul 2024 17:30:50 +0000
Subject: [PATCH 2/5] Remove visitPersonUri flagged code

Flag: EXEMPT removing code for rolled out flag
Bug: 281044385
Test: builds

(cherry picked from commit 0f4bf9fa13f6b5760c8b80103371db82f69813f8)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:2a41d41657b94b81cb7245eff90b7e4824960c29)
Merged-In: I05ccd19d997063873d9df0f7c4e1906bd3f0e6f5
Change-Id: I05ccd19d997063873d9df0f7c4e1906bd3f0e6f5
---
core/java/android/app/Person.java | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/core/java/android/app/Person.java b/core/java/android/app/Person.java
index 96f6f4eac372..c7432c571e43 100644
--- a/core/java/android/app/Person.java
+++ b/core/java/android/app/Person.java
@@ -189,10 +189,8 @@ public final class Person implements Parcelable {
*/
public void visitUris(@NonNull Consumer<Uri> visitor) {
visitor.accept(getIconUri());
- if (Flags.visitPersonUri()) {
- if (mUri != null && !mUri.isEmpty()) {
- visitor.accept(Uri.parse(mUri));
- }
+ if (mUri != null && !mUri.isEmpty()) {
+ visitor.accept(Uri.parse(mUri));
}
}

--
2.34.1

67 changes: 67 additions & 0 deletions ...eliminary/frameworks/base/0006-Set-no-data-transfer-on-function-switch-timeout-for-.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
From 37073cac5272be9428144ad4ebe59478d8b9dc03 Mon Sep 17 00:00:00 2001
From: Ashish Kumar Gupta <[email protected]>
Date: Wed, 31 Jul 2024 16:02:29 +0000
Subject: [PATCH 3/5] Set no data transfer on function switch timeout for
accessory mode

In case of function switch times out, we will check whether
the last function set was accessory. If this is the case, it is
recommended to set the function to NONE(No data transfer) rather than
setting it to the default USB function.

Bug: 353712853
Test: Build the code, flash the device and test it.
Test: atest CtsUsbManagerTestCases
Test: run CtsVerifier tool
Test: atest CtsUsbTests
(cherry picked from commit 7c6ec68537ba8abf798afd9ab7c3e5889841171f)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:f927d03008b4acd7616c9a2dfbac62bac6983a7c)
Merged-In: I698e9df0333cbb51dd9bd5917a94d81273a2784a
Change-Id: I698e9df0333cbb51dd9bd5917a94d81273a2784a
---
.../com/android/server/usb/UsbDeviceManager.java | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/services/usb/java/com/android/server/usb/UsbDeviceManager.java b/services/usb/java/com/android/server/usb/UsbDeviceManager.java
index 175a09db54e3..ae89996c8d26 100644
--- a/services/usb/java/com/android/server/usb/UsbDeviceManager.java
+++ b/services/usb/java/com/android/server/usb/UsbDeviceManager.java
@@ -78,9 +78,9 @@ import android.os.storage.StorageVolume;
import android.provider.Settings;
import android.service.usb.UsbDeviceManagerProto;
import android.service.usb.UsbHandlerProto;
+import android.text.TextUtils;
import android.util.Pair;
import android.util.Slog;
-import android.text.TextUtils;

import com.android.internal.annotations.GuardedBy;
import com.android.internal.logging.MetricsLogger;
@@ -838,7 +838,7 @@ public class UsbDeviceManager implements ActivityTaskManagerInternal.ScreenObser
}
}

- private void notifyAccessoryModeExit(int operationId) {
+ protected void notifyAccessoryModeExit(int operationId) {
// make sure accessory mode is off
// and restore default functions
Slog.d(TAG, "exited USB accessory mode");
@@ -2271,8 +2271,13 @@ public class UsbDeviceManager implements ActivityTaskManagerInternal.ScreenObser
*/
operationId = sUsbOperationCount.incrementAndGet();
if (msg.arg1 != 1) {
- // Set this since default function may be selected from Developer options
- setEnabledFunctions(mScreenUnlockedFunctions, false, operationId);
+ if (mCurrentFunctions == UsbManager.FUNCTION_ACCESSORY) {
+ notifyAccessoryModeExit(operationId);
+ } else {
+ // Set this since default function may be selected from Developer
+ // options
+ setEnabledFunctions(mScreenUnlockedFunctions, false, operationId);
+ }
}
break;
case MSG_GADGET_HAL_REGISTERED:
--
2.34.1

50 changes: 50 additions & 0 deletions ...eliminary/frameworks/base/0007-Disallow-device-admin-package-and-protected-packages.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
From 29db1516a814adb55ce022dd07da4b42090a9606 Mon Sep 17 00:00:00 2001
From: lpeter <[email protected]>
Date: Tue, 16 Jul 2024 00:14:47 +0000
Subject: [PATCH 4/5] Disallow device admin package and protected packages to
be reinstalled as instant.

We should prevent the following types of apps from being reinstalled with
--install-existing as an instant.
(1)device admin package
(2)protected packages

Flag: EXEMPT bugfix

Bug: 341256043
Test: atest android.content.pm.cts.PackageManagerTest
Test: Manual test
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:54f53bb296ee3baa8ea47f15e5c698371234b815)
Merged-In: I30244cf18aa6522361f13a1d2119ac5847939ddd
Change-Id: I30244cf18aa6522361f13a1d2119ac5847939ddd
---
.../java/com/android/server/pm/InstallPackageHelper.java | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/services/core/java/com/android/server/pm/InstallPackageHelper.java b/services/core/java/com/android/server/pm/InstallPackageHelper.java
index b079fed65d5d..f2a7cb7d3665 100644
--- a/services/core/java/com/android/server/pm/InstallPackageHelper.java
+++ b/services/core/java/com/android/server/pm/InstallPackageHelper.java
@@ -686,6 +686,9 @@ final class InstallPackageHelper {
(installFlags & PackageManager.INSTALL_INSTANT_APP) != 0;
final boolean fullApp =
(installFlags & PackageManager.INSTALL_FULL_APP) != 0;
+ final boolean isPackageDeviceAdmin = mPm.isPackageDeviceAdmin(packageName, userId);
+ final boolean isProtectedPackage = mPm.mProtectedPackages != null
+ && mPm.mProtectedPackages.isPackageStateProtected(userId, packageName);

// writer
synchronized (mPm.mLock) {
@@ -694,7 +697,8 @@ final class InstallPackageHelper {
if (pkgSetting == null || pkgSetting.getPkg() == null) {
return Pair.create(PackageManager.INSTALL_FAILED_INVALID_URI, intentSender);
}
- if (instantApp && (pkgSetting.isSystem() || pkgSetting.isUpdatedSystemApp())) {
+ if (instantApp && (pkgSetting.isSystem() || pkgSetting.isUpdatedSystemApp()
+ || isPackageDeviceAdmin || isProtectedPackage)) {
return Pair.create(PackageManager.INSTALL_FAILED_INVALID_URI, intentSender);
}
if (!snapshot.canViewInstantApps(callingUid, UserHandle.getUserId(callingUid))) {
--
2.34.1

Loading

0 comments on commit 3f2e04d

Please sign in to comment.