Skip to content

Commit

Permalink
ASB-OCT 2024 Security Patches integration
Browse files Browse the repository at this point in the history 
Integrating Google Android Security Bulletin Patches

Test done: STS r31 TCs Passed.

Tracked-On: OAM-125586
Signed-off-by: AlamIntel <[email protected]>
  • Loading branch information
@AlamIntel
AlamIntel committed Sep 25, 2024
1 parent df75202 commit ed75a94
Show file tree
Hide file tree
Showing 7 changed files with 264 additions and 1 deletion.
2 changes: 1 addition & 1 deletion aosp_diff/base_aaos/build/make/0004-Update-security_patch_level-string.patch
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ index 0daae6bdcb..d14bd65167 100644
# It must match one of the Android Security Patch Level strings of the Public Security Bulletins.
# If there is no $PLATFORM_SECURITY_PATCH set, keep it empty.
- PLATFORM_SECURITY_PATCH := 2022-06-05
+ PLATFORM_SECURITY_PATCH := 2024-09-01
+ PLATFORM_SECURITY_PATCH := 2024-10-01
endif
.KATI_READONLY := PLATFORM_SECURITY_PATCH

Expand Down
33 changes: 33 additions & 0 deletions aosp_diff/base_aaos/frameworks/base/99_0291-Fail-parseUri-if-end-is-missing.bulletin.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
From ffaac4a576939731de7dc13429ec961aec1ae0e0 Mon Sep 17 00:00:00 2001
From: William Loh <[email protected]>
Date: Mon, 3 Jun 2024 12:56:47 -0700
Subject: [PATCH] Fail parseUri if end is missing

Bug: 318683126
Test: atest IntentTest
Flag: EXEMPT bugfix
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:b85bee508793e31d6fe37fc9cd4e8fa3787113cc)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:5d754ed6dd1fd321746f5ec4742831ffd97a9967)
Merged-In: I5f619ced684ff505ce2b7408cd35dd3e9be89dea
Change-Id: I5f619ced684ff505ce2b7408cd35dd3e9be89dea
---
core/java/android/content/Intent.java | 3 +++
1 file changed, 3 insertions(+)

diff --git a/core/java/android/content/Intent.java b/core/java/android/content/Intent.java
index 6224758ce71a..ec67c7239df2 100644
--- a/core/java/android/content/Intent.java
+++ b/core/java/android/content/Intent.java
@@ -7322,6 +7322,9 @@ public class Intent implements Parcelable, Cloneable {
int eq = uri.indexOf('=', i);
if (eq < 0) eq = i-1;
int semi = uri.indexOf(';', i);
+ if (semi < 0) {
+ throw new URISyntaxException(uri, "uri end not found");
+ }
String value = eq < semi ? Uri.decode(uri.substring(eq + 1, semi)) : "";

// action
--
2.46.0.469.g59c65b2a67-goog

35 changes: 35 additions & 0 deletions ..._aaos/frameworks/base/99_0292-Update-AccountManagerService-checkKeyIntent-.bulletin.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
From 638ddfbcdc68bb9a103927d447e2b7a12a9e4a7d Mon Sep 17 00:00:00 2001
From: Dmitry Dementyev <[email protected]>
Date: Thu, 11 Jul 2024 12:39:22 -0700
Subject: [PATCH] Update AccountManagerService checkKeyIntent.

Block intents with "content" data scheme.

Bug: 349780950
Test: manual
Flag: EXEMPT bugfix
(cherry picked from commit c1e79495a49bd4d3e380136fe4bca7ac1a9ed763)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:59b2cc4447fbbdea58840f5b9d885d83241ac5f5)
Merged-In: I8b23191d3d60036ca7ddf0ef7dcba6b38fb27b3c
Change-Id: I8b23191d3d60036ca7ddf0ef7dcba6b38fb27b3c
---
.../com/android/server/accounts/AccountManagerService.java | 3 +++
1 file changed, 3 insertions(+)

diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java
index 43944b050de4..d55be44f62cd 100644
--- a/services/core/java/com/android/server/accounts/AccountManagerService.java
+++ b/services/core/java/com/android/server/accounts/AccountManagerService.java
@@ -4895,6 +4895,9 @@ public class AccountManagerService
if (resolveInfo == null) {
return false;
}
+ if ("content".equals(intent.getScheme())) {
+ return false;
+ }
ActivityInfo targetActivityInfo = resolveInfo.activityInfo;
int targetUid = targetActivityInfo.applicationInfo.uid;
PackageManagerInternal pmi = LocalServices.getService(PackageManagerInternal.class);
--
2.46.0.469.g59c65b2a67-goog

42 changes: 42 additions & 0 deletions .../frameworks/base/99_0293-Prevent-Sharing-when-FRP-enforcement-is-in-effect.bulletin.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
From edd911388ced1d5d8783f0f91068a01970e01ed7 Mon Sep 17 00:00:00 2001
From: Mark Renouf <[email protected]>
Date: Thu, 20 Jun 2024 16:37:42 -0400
Subject: [PATCH] Prevent Sharing when FRP enforcement is in effect

ADB command to trigger sharing:

```
adb shell 'am start -a android.intent.action.CHOOSER --eu android.intent.extra.INTENT "intent:#Intent;action=android.intent.action.SEND;type=text/plain;S.android.intent.extra.TEXT=Shared%20text;end"'
```

Bug: 327645387
Test: manual; trigger FRP; attempt to open share sheet using adb
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:5080af26387a18d5638d5a42eadfb8d4d700518c)
Merged-In: I1db78ab74babe71b516f601be35cf476b5e43271
Change-Id: I1db78ab74babe71b516f601be35cf476b5e43271
---
core/java/com/android/internal/app/ChooserActivity.java | 8 ++++++++
1 file changed, 8 insertions(+)

diff --git a/core/java/com/android/internal/app/ChooserActivity.java b/core/java/com/android/internal/app/ChooserActivity.java
index a204dc0112c9..2fa16ffd94e9 100644
--- a/core/java/com/android/internal/app/ChooserActivity.java
+++ b/core/java/com/android/internal/app/ChooserActivity.java
@@ -600,6 +600,14 @@ public class ChooserActivity extends ResolverActivity implements

@Override
protected void onCreate(Bundle savedInstanceState) {
+ if (Settings.Secure.getIntForUser(getContentResolver(),
+ Settings.Secure.SECURE_FRP_MODE, 0,
+ getUserId()) == 1) {
+ Log.e(TAG, "Sharing disabled due to active FRP lock.");
+ super.onCreate(savedInstanceState);
+ finish();
+ return;
+ }
final long intentReceivedTime = System.currentTimeMillis();
getChooserActivityLogger().logSharesheetTriggered();
// This is the only place this value is being set. Effectively final.
--
2.46.0.469.g59c65b2a67-goog

42 changes: 42 additions & 0 deletions ...ase/99_0294-RESTRICT-AUTOMERGE-Check-whether-installerPackageName-contains.bulletin.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
From 601929fb8d236a7e60cb65d2a53409447e62a923 Mon Sep 17 00:00:00 2001
From: Sumedh Sen <[email protected]>
Date: Wed, 17 Jul 2024 01:00:55 +0000
Subject: [PATCH] [RESTRICT AUTOMERGE] Check whether installerPackageName
contains only valid characters

Bug: 341256391
Bug: 307532206
Test: sts-tradefed run sts-dynamic-develop -m CtsSecurityTestCases -t android.security.cts.CVE_2024_0044
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:9b850b6f68e63288f240439601723412324381bb)
Merged-In: I74a172c617d6f5b13f0708092156b657b73b5891
Change-Id: I74a172c617d6f5b13f0708092156b657b73b5891
---
.../com/android/server/pm/PackageInstallerService.java | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/services/core/java/com/android/server/pm/PackageInstallerService.java b/services/core/java/com/android/server/pm/PackageInstallerService.java
index 02515cfdc16a..310c56ef1260 100644
--- a/services/core/java/com/android/server/pm/PackageInstallerService.java
+++ b/services/core/java/com/android/server/pm/PackageInstallerService.java
@@ -609,12 +609,17 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements
params.appLabel = TextUtils.trimToSize(params.appLabel,
PackageItemInfo.MAX_SAFE_LABEL_LENGTH);

- // Validate installer package name.
+ // Validate requested installer package name.
if (params.installerPackageName != null && !isValidPackageName(
params.installerPackageName)) {
params.installerPackageName = null;
}

+ // Validate installer package name.
+ if (installerPackageName != null && !isValidPackageName(installerPackageName)) {
+ installerPackageName = null;
+ }
+
String requestedInstallerPackageName =
params.installerPackageName != null ? params.installerPackageName
: installerPackageName;
--
2.46.0.469.g59c65b2a67-goog

56 changes: 56 additions & 0 deletions ...ff/base_aaos/libcore/02_0002-Do-not-accept-zip-files-with-invalid-headers-.bulletin.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
From 9649db56157cafe575f997d9c207498eda987775 Mon Sep 17 00:00:00 2001
From: Almaz Mingaleev <[email protected]>
Date: Wed, 10 Jul 2024 13:38:35 +0100
Subject: [PATCH] Do not accept zip files with invalid headers.

According to Section 4.3.6 in [1] non-empty zip file starts with
local file header. 4.3.1 allows empty files, and in such case
file starts with "end of central directory record".

This aligns ZipFile with libziparchive modulo empty zip files -
libziparchive rejects them.

Tests are skipped because sc-dev branch uses ART module
prebuilts, but builds tests from sources which leads to presubmit
failures.

Ignore-AOSP-First: b/309938635#comment1

[1] https://pkwaredownloads.blob.core.windows.net/pem/APPNOTE.txt

Bug: 309938635
Test: CtsLibcoreTestCases
Test: CtsLibcoreOjTestCases
(cherry picked from commit 288a44a1817707110cdf5a3a6ef8377c6e10cce2)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:43e428a99aa89a9dfbe93000171721ecbfc31b88)
Merged-In: I545cdd49ec3cc138331145f4716c8148662a478b
Change-Id: I545cdd49ec3cc138331145f4716c8148662a478b
---
ojluni/src/main/native/zip_util.c | 11 +++++++++++
1 file changed, 11 insertions(+)

diff --git a/ojluni/src/main/native/zip_util.c b/ojluni/src/main/native/zip_util.c
index aa9c5cede9e..16951a78ede 100644
--- a/ojluni/src/main/native/zip_util.c
+++ b/ojluni/src/main/native/zip_util.c
@@ -878,6 +878,17 @@ ZIP_Put_In_Cache0(const char *name, ZFILE zfd, char **pmsg, jlong lastModified,
zip->locsig = JNI_TRUE;
else
zip->locsig = JNI_FALSE;
+
+ // BEGIN Android-changed: do not accept files with invalid header.
+ if (GETSIG(errbuf) != LOCSIG && GETSIG(errbuf) != ENDSIG) {
+ if (pmsg) {
+ *pmsg = strdup("Entry at offset zero has invalid LFH signature.");
+ }
+ ZFILE_Close(zfd);
+ freeZip(zip);
+ return NULL;
+ }
+ // END Android-changed: do not accept files with invalid header.
}

// This lseek is safe because it happens during construction of the ZipFile
--
2.46.0.469.g59c65b2a67-goog

55 changes: 55 additions & 0 deletions ...gs/42_0042-RESTRICT-AUTOMERGE-FRP-bypass-defense-in-App-battery-usage-page.bulletin.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
From 375a30ad50053aa5edae357c8ee127fb759fe3bb Mon Sep 17 00:00:00 2001
From: Yiling Chuang <[email protected]>
Date: Mon, 8 Jul 2024 03:09:50 +0000
Subject: [PATCH] RESTRICT AUTOMERGE FRP bypass defense in App battery usage
page

Before the setup flow completion, don't allow the app info page in App battery usage to be launched.

Bug: 327748846
Test: atest SettingsRoboTests + manual test
- factory reset + launch app battery usage app info via ADB during Setup -> verify app closes
Flag : EXEMPT bugfix

(cherry picked from commit 419a6a907902a12a0f565c808fa70092004d6686)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:62b0014ed6e69b0abc48a5c18b740f95bc5dc429)
Merged-In: I486820ca2afecc02729a56a3c531fb931c1907d0
Change-Id: I486820ca2afecc02729a56a3c531fb931c1907d0
---
.../android/settings/fuelgauge/AdvancedPowerUsageDetail.java | 5 +++++
.../settings/fuelgauge/AdvancedPowerUsageDetailTest.java | 5 +++++
2 files changed, 10 insertions(+)

diff --git a/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetail.java b/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetail.java
index 3741bfe804..d89286d4e4 100644
--- a/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetail.java
+++ b/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetail.java
@@ -283,6 +283,11 @@ public class AdvancedPowerUsageDetail extends DashboardFragment implements
}
}

+ @Override
+ protected boolean shouldSkipForInitialSUW() {
+ return true;
+ }
+
@Override
public void onPause() {
super.onPause();
diff --git a/tests/robotests/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetailTest.java b/tests/robotests/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetailTest.java
index 0a48cd1b12..212ac21cd0 100644
--- a/tests/robotests/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetailTest.java
+++ b/tests/robotests/src/com/android/settings/fuelgauge/AdvancedPowerUsageDetailTest.java
@@ -859,4 +859,9 @@ public class AdvancedPowerUsageDetailTest {

verifyZeroInteractions(mBackupManager);
}
+
+ @Test
+ public void shouldSkipForInitialSUW_returnTrue() {
+ assertThat(mFragment.shouldSkipForInitialSUW()).isTrue();
+ }
}
--
2.46.0.469.g59c65b2a67-goog

0 comments on commit ed75a94

Please sign in to comment.