Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Unverified Commit 17d7e595 authored by Kevin F. Haggerty's avatar Kevin F. Haggerty
Browse files

Merge tag 'android-security-11.0.0_r67' of... 

Merge tag 'android-security-11.0.0_r67' of https://android.googlesource.com/platform/frameworks/base into staging/lineage-18.1_merge_android-security-11.0.0_r67

Android security 11.0.0 release 67

* tag 'android-security-11.0.0_r67' of https://android.googlesource.com/platform/frameworks/base:
  Fix WindowInputTests#testOverlapWindow failing (1/2)
  Limit the number of shortcuts per app that can be retained by system
  Trim strings added to persistent snoozed notification storage.
  Make Activites touch opaque - DO NOT MERGE
  Revert "Make Activites touch opaque - DO NOT MERGE"
  enforce stricter rules when registering phoneAccounts
  Uri: check authority and scheme as part of determining URI path
  Checks if AccessibilityServiceInfo is within parcelable size.
  [RESTRICT AUTOMERGE][pm] still allow debuggable for system app downgrades
  [RESTRICT AUTOMERGE][pm] prevent system app downgrades of versions lower than preload
  Make Activites touch opaque - DO NOT MERGE

Change-Id: I4684b4db1d152cb5afe26d936aaf00c500c98b22
parents d0458eb3 196c3799

core/java/android/accessibilityservice/AccessibilityService.java

+4 −0
Original line number Diff line number Diff line
@@ -1982,6 +1982,10 @@ public abstract class AccessibilityService extends Service { 
        IAccessibilityServiceConnection connection =

            AccessibilityInteractionClient.getInstance().getConnection(mConnectionId);

        if (mInfo != null && connection != null) {

            if (!mInfo.isWithinParcelableSize()) {

                throw new IllegalStateException(

                        "Cannot update service info: size is larger than safe parcelable limits.");

            }

            try {

                connection.setServiceInfo(mInfo);

                mInfo = null;

core/java/android/accessibilityservice/AccessibilityServiceInfo.java

+10 −0
Original line number Diff line number Diff line
@@ -39,6 +39,7 @@ import android.content.res.XmlResourceParser; 
import android.graphics.drawable.Drawable;

import android.hardware.fingerprint.FingerprintManager;

import android.os.Build;

import android.os.IBinder;

import android.os.Parcel;

import android.os.Parcelable;

import android.os.RemoteException;
@@ -1028,6 +1029,15 @@ public class AccessibilityServiceInfo implements Parcelable { 
        return 0;

    }



    /** @hide */

    public final boolean isWithinParcelableSize() {

        final Parcel parcel = Parcel.obtain();

        writeToParcel(parcel, 0);

        final boolean result = parcel.dataSize() <= IBinder.MAX_IPC_SIZE;

        parcel.recycle();

        return result;

    }



    public void writeToParcel(Parcel parcel, int flagz) {

        parcel.writeInt(eventTypes);

        parcel.writeStringArray(packageNames);

core/java/android/net/Uri.java

+15 −7
Original line number Diff line number Diff line
@@ -1194,13 +1194,16 @@ public abstract class Uri implements Parcelable, Comparable<Uri> { 
        }



        static Uri readFrom(Parcel parcel) {

            return new HierarchicalUri(

                parcel.readString8(),

                Part.readFrom(parcel),

                PathPart.readFrom(parcel),

                Part.readFrom(parcel),

                Part.readFrom(parcel)

            );

            final String scheme = parcel.readString8();

            final Part authority = Part.readFrom(parcel);

            // In RFC3986 the path should be determined based on whether there is a scheme or

            // authority present (https://www.rfc-editor.org/rfc/rfc3986.html#section-3.3).

            final boolean hasSchemeOrAuthority =

                    (scheme != null && scheme.length() > 0) || !authority.isEmpty();

            final PathPart path = PathPart.readFrom(hasSchemeOrAuthority, parcel);

            final Part query = Part.readFrom(parcel);

            final Part fragment = Part.readFrom(parcel);

            return new HierarchicalUri(scheme, authority, path, query, fragment);

        }



        public int describeContents() {
@@ -2259,6 +2262,11 @@ public abstract class Uri implements Parcelable, Comparable<Uri> { 
            }

        }



        static PathPart readFrom(boolean hasSchemeOrAuthority, Parcel parcel) {

            final PathPart path = readFrom(parcel);

            return hasSchemeOrAuthority ? makeAbsolute(path) : path;

        }



        /**

         * Creates a path from the encoded string.

         *

core/tests/coretests/src/android/net/UriTest.java

+54 −0
Original line number Diff line number Diff line
@@ -48,6 +48,7 @@ public class UriTest extends TestCase { 
    public void testParcelling() {

        parcelAndUnparcel(Uri.parse("foo:bob%20lee"));

        parcelAndUnparcel(Uri.fromParts("foo", "bob lee", "fragment"));

        parcelAndUnparcel(Uri.fromParts("https", "www.google.com", null));

        parcelAndUnparcel(new Uri.Builder()

            .scheme("http")

            .authority("crazybob.org")
@@ -873,9 +874,62 @@ public class UriTest extends TestCase { 
            Throwable targetException = expected.getTargetException();

            // Check that the exception was thrown for the correct reason.

            assertEquals("Unknown representation: 0", targetException.getMessage());

        } finally {

            parcel.recycle();

        }

    }



    private Uri buildUriFromRawParcel(boolean argumentsEncoded,

                                      String scheme,

                                      String authority,

                                      String path,

                                      String query,

                                      String fragment) {

        // Representation value (from AbstractPart.REPRESENTATION_{ENCODED,DECODED}).

        final int representation = argumentsEncoded ? 1 : 2;

        Parcel parcel = Parcel.obtain();

        try {

            parcel.writeInt(3);  // hierarchical

            parcel.writeString8(scheme);

            parcel.writeInt(representation);

            parcel.writeString8(authority);

            parcel.writeInt(representation);

            parcel.writeString8(path);

            parcel.writeInt(representation);

            parcel.writeString8(query);

            parcel.writeInt(representation);

            parcel.writeString8(fragment);

            parcel.setDataPosition(0);

            return Uri.CREATOR.createFromParcel(parcel);

        } finally {

            parcel.recycle();

        }

    }



    public void testUnparcelMalformedPath() {

        // Regression tests for b/171966843.



        // Test cases with arguments encoded (covering testing `scheme` * `authority` options).

        Uri uri0 = buildUriFromRawParcel(true, "https", "google.com", "@evil.com", null, null);

        assertEquals("https://google.com/@evil.com", uri0.toString());

        Uri uri1 = buildUriFromRawParcel(true, null, "google.com", "@evil.com", "name=spark", "x");

        assertEquals("//google.com/@evil.com?name=spark#x", uri1.toString());

        Uri uri2 = buildUriFromRawParcel(true, "http:", null, "@evil.com", null, null);

        assertEquals("http::/@evil.com", uri2.toString());

        Uri uri3 = buildUriFromRawParcel(true, null, null, "@evil.com", null, null);

        assertEquals("@evil.com", uri3.toString());



        // Test cases with arguments not encoded (covering testing `scheme` * `authority` options).

        Uri uriA = buildUriFromRawParcel(false, "https", "google.com", "@evil.com", null, null);

        assertEquals("https://google.com/%40evil.com", uriA.toString());

        Uri uriB = buildUriFromRawParcel(false, null, "google.com", "@evil.com", null, null);

        assertEquals("//google.com/%40evil.com", uriB.toString());

        Uri uriC = buildUriFromRawParcel(false, "http:", null, "@evil.com", null, null);

        assertEquals("http::/%40evil.com", uriC.toString());

        Uri uriD = buildUriFromRawParcel(false, null, null, "@evil.com", "name=spark", "y");

        assertEquals("%40evil.com?name%3Dspark#y", uriD.toString());

    }



    public void testToSafeString() {

        checkToSafeString("tel:xxxxxx", "tel:Google");

        checkToSafeString("tel:xxxxxxxxxx", "tel:1234567890");

services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java

+6 −0
Original line number Diff line number Diff line
@@ -1353,6 +1353,12 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub 
            AccessibilityServiceInfo accessibilityServiceInfo;

            try {

                accessibilityServiceInfo = new AccessibilityServiceInfo(resolveInfo, mContext);

                if (!accessibilityServiceInfo.isWithinParcelableSize()) {

                    Slog.e(LOG_TAG, "Skipping service "

                            + accessibilityServiceInfo.getResolveInfo().getComponentInfo()

                            + " because service info size is larger than safe parcelable limits.");

                    continue;

                }

                if (userState.mCrashedServices.contains(serviceInfo.getComponentName())) {

                    // Restore the crashed attribute.

                    accessibilityServiceInfo.crashed = true;