Merge tag 'android-security-11.0.0_r75' into staging/lineage-18.1_android-security-11.0.0_r75 (6e9f3b71) · Commits · e / os / android_frameworks_base

packages/SettingsLib/src/com/android/settingslib/dream/DreamBackend.java

+11 −1

Original line number	Diff line number	Diff line
		@@ -351,7 +351,17 @@ public class DreamBackend {
		if (cn != null && cn.indexOf('/') < 0) {
		cn = resolveInfo.serviceInfo.packageName + "/" + cn;
		}
		return cn == null ? null : ComponentName.unflattenFromString(cn);
		// Ensure that the component is from the same package as the dream service. If not,
		// treat the component as invalid and return null instead.
		final ComponentName result = cn != null ? ComponentName.unflattenFromString(cn) : null;
		if (result != null
		&& !result.getPackageName().equals(resolveInfo.serviceInfo.packageName)) {
		Log.w(TAG,
		"Inconsistent package name in component: " + result.getPackageName()
		+ ", should be: " + resolveInfo.serviceInfo.packageName);
		return null;
		}
		return result;
		}

		private static void logd(String msg, Object... args) {

packages/SystemUI/src/com/android/keyguard/KeyguardSecurityContainer.java

+8 −2

Original line number	Diff line number	Diff line
		@@ -77,6 +77,7 @@ import com.android.systemui.Interpolators;
		import com.android.systemui.R;
		import com.android.systemui.SystemUIFactory;
		import com.android.systemui.shared.system.SysUiStatsLog;
		import com.android.systemui.statusbar.policy.DeviceProvisionedController;
		import com.android.systemui.statusbar.policy.KeyguardStateController;
		import com.android.systemui.util.InjectionInflationController;

		@@ -141,6 +142,7 @@ public class KeyguardSecurityContainer extends FrameLayout implements KeyguardSe
		private boolean mIsDragging;
		private float mStartTouchY = -1;
		private boolean mDisappearAnimRunning;
		private final DeviceProvisionedController mDeviceProvisionedController;

		private final WindowInsetsAnimation.Callback mWindowInsetsAnimationCallback =
		new WindowInsetsAnimation.Callback(DISPATCH_MODE_STOP) {
		@@ -265,6 +267,7 @@ public class KeyguardSecurityContainer extends FrameLayout implements KeyguardSe
		mKeyguardStateController = Dependency.get(KeyguardStateController.class);
		mSecondaryLockScreenController = new AdminSecondaryLockScreenController(context, this,
		mUpdateMonitor, mCallback, new Handler(Looper.myLooper()));
		mDeviceProvisionedController = Dependency.get(DeviceProvisionedController.class);

		PackageManager packageManager = mContext.getPackageManager();
		mHasFod = packageManager.hasSystemFeature(PackageManager.FEATURE_FINGERPRINT) &&
		@@ -739,8 +742,11 @@ public class KeyguardSecurityContainer extends FrameLayout implements KeyguardSe
		case SimPuk:
		// Shortcut for SIM PIN/PUK to go to directly to user's security screen or home
		SecurityMode securityMode = mSecurityModel.getSecurityMode(targetUserId);
		if (securityMode == SecurityMode.None && mLockPatternUtils.isLockScreenDisabled(
		KeyguardUpdateMonitor.getCurrentUser())) {
		boolean isLockscreenDisabled = mLockPatternUtils.isLockScreenDisabled(
		KeyguardUpdateMonitor.getCurrentUser())
		\|\| !mDeviceProvisionedController.isUserSetup(targetUserId);

		if (securityMode == SecurityMode.None && isLockscreenDisabled) {
		finish = true;
		eventSubtype = BOUNCER_DISMISS_SIM;
		uiEvent = BouncerUiEvent.BOUNCER_DISMISS_SIM;

services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java

+4 −0

Original line number	Diff line number	Diff line
		@@ -120,6 +120,7 @@ public class CompanionDeviceManagerService extends SystemService implements Bind

		private static final String PREF_FILE_NAME = "companion_device_preferences.xml";
		private static final String PREF_KEY_AUTO_REVOKE_GRANTS_DONE = "auto_revoke_grants_done";
		private static final int MAX_CN_LENGTH = 500;

		private static final String XML_TAG_ASSOCIATIONS = "associations";
		private static final String XML_TAG_ASSOCIATION = "association";
		@@ -384,6 +385,9 @@ public class CompanionDeviceManagerService extends SystemService implements Bind
		String callingPackage = component.getPackageName();
		checkCanCallNotificationApi(callingPackage);
		int userId = getCallingUserId();
		if (component.flattenToString().length() > MAX_CN_LENGTH) {
		throw new IllegalArgumentException("Component name is too long.");
		}
		final long identity = Binder.clearCallingIdentity();
		try {
		return PendingIntent.getActivityAsUser(getContext(),

services/core/java/com/android/server/am/ActivityManagerService.java

+16 −4

Original line number	Diff line number	Diff line
		@@ -162,7 +162,6 @@ import android.app.AppOpsManagerInternal.CheckOpsDelegate;
		import android.app.ApplicationErrorReport;
		import android.app.ApplicationExitInfo;
		import android.app.ApplicationThreadConstants;
		import android.app.AppOpsManager;
		import android.app.BroadcastOptions;
		import android.app.ContentProviderHolder;
		import android.app.IActivityController;
		@@ -5775,12 +5774,12 @@ public class ActivityManagerService extends IActivityManager.Stub
		}

		@Override
		public int sendIntentSender(IIntentSender target, IBinder whitelistToken, int code,
		public int sendIntentSender(IIntentSender target, IBinder allowlistToken, int code,
		Intent intent, String resolvedType,
		IIntentReceiver finishedReceiver, String requiredPermission, Bundle options) {
		if (target instanceof PendingIntentRecord) {
		return ((PendingIntentRecord)target).sendWithResult(code, intent, resolvedType,
		whitelistToken, finishedReceiver, requiredPermission, options);
		allowlistToken, finishedReceiver, requiredPermission, options);
		} else {
		if (intent == null) {
		// Weird case: someone has given us their own custom IIntentSender, and now
		@@ -5792,7 +5791,20 @@ public class ActivityManagerService extends IActivityManager.Stub
		intent = new Intent(Intent.ACTION_MAIN);
		}
		try {
		target.send(code, intent, resolvedType, whitelistToken, null,
		if (allowlistToken != null) {
		final int callingUid = Binder.getCallingUid();
		final String packageName;
		final long token = Binder.clearCallingIdentity();
		try {
		packageName = AppGlobals.getPackageManager().getNameForUid(callingUid);
		} finally {
		Binder.restoreCallingIdentity(token);
		}
		Slog.wtf(TAG, "Send a non-null allowlistToken to a non-PI target."
		+ " Calling package: " + packageName + "; intent: " + intent
		+ "; options: " + options);
		}
		target.send(code, intent, resolvedType, null, null,
		requiredPermission, options);
		} catch (RemoteException e) {
		}

services/core/java/com/android/server/pm/UserManagerService.java

+20 −7

Original line number	Diff line number	Diff line
		@@ -240,6 +240,8 @@ public class UserManagerService extends IUserManager.Stub {

		private static final int USER_VERSION = 9;

		private static final int MAX_USER_STRING_LENGTH = 500;

		private static final long EPOCH_PLUS_30_YEARS = 30L * 365 * 24 * 60 * 60 * 1000L; // ms

		static final int WRITE_USER_MSG = 1;
		@@ -2935,15 +2937,17 @@ public class UserManagerService extends IUserManager.Stub {
		// Write seed data
		if (userData.persistSeedData) {
		if (userData.seedAccountName != null) {
		serializer.attribute(null, ATTR_SEED_ACCOUNT_NAME, userData.seedAccountName);
		serializer.attribute(null, ATTR_SEED_ACCOUNT_NAME,
		truncateString(userData.seedAccountName));
		}
		if (userData.seedAccountType != null) {
		serializer.attribute(null, ATTR_SEED_ACCOUNT_TYPE, userData.seedAccountType);
		serializer.attribute(null, ATTR_SEED_ACCOUNT_TYPE,
		truncateString(userData.seedAccountType));
		}
		}
		if (userInfo.name != null) {
		serializer.startTag(null, TAG_NAME);
		serializer.text(userInfo.name);
		serializer.text(truncateString(userInfo.name));
		serializer.endTag(null, TAG_NAME);
		}
		synchronized (mRestrictionsLock) {
		@@ -2983,6 +2987,13 @@ public class UserManagerService extends IUserManager.Stub {
		serializer.endDocument();
		}

		private String truncateString(String original) {
		if (original == null \|\| original.length() <= MAX_USER_STRING_LENGTH) {
		return original;
		}
		return original.substring(0, MAX_USER_STRING_LENGTH);
		}

		/*
		* Writes the user list file in this format:
		*
		@@ -3398,6 +3409,7 @@ public class UserManagerService extends IUserManager.Stub {
		@NonNull String userType, @UserInfoFlag int flags, @UserIdInt int parentId,
		boolean preCreate, @Nullable String[] disallowedPackages,
		@NonNull TimingsTraceAndSlog t) throws UserManager.CheckedUserOperationException {
		String truncatedName = truncateString(name);
		final UserTypeDetails userTypeDetails = mUserTypes.get(userType);
		if (userTypeDetails == null) {
		Slog.e(LOG_TAG, "Cannot create user of invalid user type: " + userType);
		@@ -3423,7 +3435,8 @@ public class UserManagerService extends IUserManager.Stub {

		// Try to use a pre-created user (if available).
		if (!preCreate && parentId < 0 && isUserTypeEligibleForPreCreation(userTypeDetails)) {
		final UserInfo preCreatedUser = convertPreCreatedUserIfPossible(userType, flags, name);
		final UserInfo preCreatedUser = convertPreCreatedUserIfPossible(userType, flags,
		truncatedName);
		if (preCreatedUser != null) {
		return preCreatedUser;
		}
		@@ -3515,7 +3528,7 @@ public class UserManagerService extends IUserManager.Stub {
		flags &= ~UserInfo.FLAG_EPHEMERAL;
		}

		userInfo = new UserInfo(userId, name, null, flags, userType);
		userInfo = new UserInfo(userId, truncatedName, null, flags, userType);
		userInfo.serialNumber = mNextSerialNumber++;
		userInfo.creationTime = getCreationTime();
		userInfo.partial = true;
		@@ -4606,8 +4619,8 @@ public class UserManagerService extends IUserManager.Stub {
		Slog.e(LOG_TAG, "No such user for settings seed data u=" + userId);
		return;
		}
		userData.seedAccountName = accountName;
		userData.seedAccountType = accountType;
		userData.seedAccountName = truncateString(accountName);
		userData.seedAccountType = truncateString(accountType);
		userData.seedAccountOptions = accountOptions;
		userData.persistSeedData = persist;
		}