Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Unverified Commit c6a43cd8 authored by Michael Bestas's avatar Michael Bestas
Browse files

Merge tag 'android-security-16.0.0_r3' into staging/lineage-23.0_merge-android-security-16.0.0_r3 

Android security 16.0.0 release 3

# -----BEGIN PGP SIGNATURE-----
#
# iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCaS3ZNQAKCRDorT+BmrEO
# eL1zAJ0V9L8fJjUlMVzGa7yZfdwaMx0EUACfTHDutsFDm6VMU3HHz5D6fML6T+k=
# =4XhT
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon Dec  1 20:06:45 2025 EET
# gpg:                using DSA key 4340D13570EF945E83810964E8AD3F819AB10E78
# gpg: Good signature from "The Android Open Source Project <initial-contribution@android.com>" [ultimate]

# By Achim Thesmann (4) and others
# Via Android Build Coastguard Worker
* tag 'android-security-16.0.0_r3': (73 commits)
  Revert "Fix build failure in release branch"
  Revert "Ignore pinned Windows"
  Validate displayName for AssociationRequest
  Add missing import in test
  Don't allow 3p apps to become voice recognizer automatically
  Enforce a hard limit for the size of images to be decoded
  Get all accounts no matter the visibility
  Sanitize window private flags based on caller permissions.
  print: Prevent cross-user icon access
  Add onKeyEvent, to support KEYCODE_HOME
  Do not use BIND_INCLUDE_CAPABILITIES when bind PrintService
  RESTRICT AUTOMERGE: Backport Cut max duration for default transition to 1500
  Don't allow read truncation or appending for file operations.
  Allow resetting the voice recognition service if its package uninstalled
  Check length of MBR component name properties
  Disallow factory reset while in DSU mode
  Check the strongAuthTracker for lockdown instead of LockPatternUtils
  Protect shell overriding the carrier config
  Use ParceledListSlice to paginate response from getPackagesForOpsForDevice binder API
  Ensure exit animations are canceled prior to user switch
  ...

 Conflicts:
	core/java/android/companion/AssociationRequest.java
	packages/SettingsLib/src/com/android/settingslib/graph/ThemedBatteryDrawable.kt
	packages/SystemUI/src/com/android/systemui/biometrics/UdfpsController.java
	packages/SystemUI/src/com/android/systemui/biometrics/UdfpsControllerOverlay.kt
	packages/SystemUI/src/com/android/systemui/recents/LauncherProxyService.java
	packages/SystemUI/tests/src/com/android/systemui/biometrics/UdfpsControllerOverlayTest.kt
	services/companion/java/com/android/server/companion/association/DisassociationProcessor.java

Change-Id: Idf5a08f8e8dc0733063e727b210de4c9a4f8d588
parents 06d467c9 c8391347

core/java/android/app/AppOpsManager.java

+5 −4
Original line number Diff line number Diff line
@@ -8367,13 +8367,13 @@ public class AppOpsManager { 
        } else {

            opCodes = null;

        }

        final List<AppOpsManager.PackageOps> result;

        try {

            result = mService.getPackagesForOpsForDevice(opCodes, persistentDeviceId);

            ParceledListSlice<PackageOps> packageOps = mService.getPackagesForOpsForDevice(opCodes,

                    persistentDeviceId);

            return packageOps == null ? Collections.emptyList() : packageOps.getList();

        } catch (RemoteException e) {

            throw e.rethrowFromSystemServer();

        }

        return (result != null) ? result : Collections.emptyList();

    }



    /**
@@ -8392,8 +8392,9 @@ public class AppOpsManager { 
    @UnsupportedAppUsage

    public List<AppOpsManager.PackageOps> getPackagesForOps(int[] ops) {

        try {

            return mService.getPackagesForOpsForDevice(ops,

            ParceledListSlice<PackageOps> packageOps = mService.getPackagesForOpsForDevice(ops,

                    VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT);

            return packageOps == null ? null : packageOps.getList();

        } catch (RemoteException e) {

            throw e.rethrowFromSystemServer();

        }

core/java/android/app/INotificationManager.aidl

+0 −1
Original line number Diff line number Diff line
@@ -178,7 +178,6 @@ interface INotificationManager 
    void setInterruptionFilter(String pkg, int interruptionFilter, boolean fromUser);



    NotificationChannel createConversationNotificationChannelForPackageFromPrivilegedListener(in INotificationListener token, String pkg, in UserHandle user, String parentChannelId, String conversationId);

    void updateNotificationChannelGroupFromPrivilegedListener(in INotificationListener token, String pkg, in UserHandle user, in NotificationChannelGroup group);

    void updateNotificationChannelFromPrivilegedListener(in INotificationListener token, String pkg, in UserHandle user, in NotificationChannel channel);

    ParceledListSlice getNotificationChannelsFromPrivilegedListener(in INotificationListener token, String pkg, in UserHandle user);

    ParceledListSlice getNotificationChannelGroupsFromPrivilegedListener(in INotificationListener token, String pkg, in UserHandle user);

core/java/android/companion/AssociationRequest.java

+10 −5
Original line number Diff line number Diff line
@@ -311,6 +311,7 @@ public final class AssociationRequest implements Parcelable { 
            boolean forceConfirmation,

            boolean skipRoleGrant,

            @Nullable Icon deviceIcon) {

        validateDisplayName(displayName);

        mSingleDevice = singleDevice;

        mDeviceFilters = requireNonNull(deviceFilters);

        mDeviceProfile = deviceProfile;
@@ -418,6 +419,7 @@ public final class AssociationRequest implements Parcelable { 


    /** @hide */

    public void setDisplayName(CharSequence displayName) {

        validateDisplayName(displayName);

        mDisplayName = displayName;

    }
@@ -503,11 +505,7 @@ public final class AssociationRequest implements Parcelable { 
        public Builder setDisplayName(@NonNull CharSequence displayName) {

            checkNotUsed();

            mDisplayName = requireNonNull(displayName);

            if (displayName.length() > DISPLAY_NAME_LENGTH_LIMIT) {

                throw new IllegalArgumentException("Length of the display name must be at most "

                        + DISPLAY_NAME_LENGTH_LIMIT + " characters");

            }



            validateDisplayName(displayName);

            return this;

        }
@@ -815,4 +813,11 @@ public final class AssociationRequest implements Parcelable { 
            return new AssociationRequest(in);

        }

    };



    private static void validateDisplayName(@Nullable CharSequence displayName) {

        if (displayName != null && displayName.length() > DISPLAY_NAME_LENGTH_LIMIT) {

            throw new IllegalArgumentException("Length of the display name must be at most "

                    + DISPLAY_NAME_LENGTH_LIMIT + " characters");

        }

    }

}

core/java/android/content/ContentProvider.java

+25 −4
Original line number Diff line number Diff line
@@ -590,13 +590,14 @@ public abstract class ContentProvider implements ContentInterface, ComponentCall 
                throws FileNotFoundException {

            uri = validateIncomingUri(uri);

            uri = maybeGetUriWithoutUserId(uri);

            enforceFilePermission(attributionSource, uri, mode);

            final String updatedMode = validateFileMode(mode);

            enforceFilePermission(attributionSource, uri, updatedMode);

            traceBegin(TRACE_TAG_ACTIVITY_MANAGER, "openFile: ", uri.getAuthority());

            final AttributionSource original = setCallingAttributionSource(

                    attributionSource);

            try {

                return mInterface.openFile(

                        uri, mode, CancellationSignal.fromTransport(cancellationSignal));

                        uri, updatedMode, CancellationSignal.fromTransport(cancellationSignal));

            } catch (RemoteException e) {

                throw e.rethrowAsRuntimeException();

            } finally {
@@ -611,13 +612,14 @@ public abstract class ContentProvider implements ContentInterface, ComponentCall 
                throws FileNotFoundException {

            uri = validateIncomingUri(uri);

            uri = maybeGetUriWithoutUserId(uri);

            enforceFilePermission(attributionSource, uri, mode);

            final String updatedMode = validateFileMode(mode);

            enforceFilePermission(attributionSource, uri, updatedMode);

            traceBegin(TRACE_TAG_ACTIVITY_MANAGER, "openAssetFile: ", uri.getAuthority());

            final AttributionSource original = setCallingAttributionSource(

                    attributionSource);

            try {

                return mInterface.openAssetFile(

                        uri, mode, CancellationSignal.fromTransport(cancellationSignal));

                        uri, updatedMode, CancellationSignal.fromTransport(cancellationSignal));

            } catch (RemoteException e) {

                throw e.rethrowAsRuntimeException();

            } finally {
@@ -782,6 +784,25 @@ public abstract class ContentProvider implements ContentInterface, ComponentCall 
            }

        }



        private String validateFileMode(String mode) {

            // We currently only support the following modes: r, w, wt, wa, rw, rwt

            // Note: ideally, we should check against the allowed modes and throw a

            // SecurityException if the mode doesn't match any of them but to avoid app compat

            // issues, we're silently dropping bits which allow modifying files when the write bit

            // is not specified.

            if (mode != null && mode.indexOf('w') == -1) {

                // Don't allow truncation without write

                if (mode.indexOf('t') != -1) {

                    mode = mode.replace("t", "");

                }

                // Don't allow appending without write

                if (mode.indexOf('a') != -1) {

                    mode = mode.replace("a", "");

                }

            }

            return mode;

        }



        @Override

        public int checkUriPermission(@NonNull AttributionSource attributionSource, Uri uri,

                int uid, int modeFlags) {

core/java/android/os/BaseBundle.java

+8 −10
Original line number Diff line number Diff line
@@ -457,11 +457,11 @@ public class BaseBundle implements Parcel.ClassLoaderProvider { 
            if (mOwnsLazyValues) {

                Preconditions.checkState(mLazyValues >= 0,

                        "Lazy values ref count below 0");

                // No more lazy values in mMap, so we can recycle the parcel early rather than

                // No more lazy values in mMap, so we can destroy the parcel early rather than

                // waiting for the next GC run

                Parcel parcel = mWeakParcelledData.get();

                if (mLazyValues == 0 && parcel != null) {

                    recycleParcel(parcel);

                    parcel.destroy();

                    mWeakParcelledData = null;

                }

            }
@@ -516,7 +516,8 @@ public class BaseBundle implements Parcel.ClassLoaderProvider { 
            mWeakParcelledData = null;

            if (ownsParcel) {

                if (numLazyValues[0] == 0) {

                    recycleParcel(parcelledData);

                    // No lazy value, we can directly recycle this parcel

                    parcelledData.recycle();

                } else {

                    mWeakParcelledData = new WeakReference<>(parcelledData);

                }
@@ -556,12 +557,6 @@ public class BaseBundle implements Parcel.ClassLoaderProvider { 
        return p == NoImagePreloadHolder.EMPTY_PARCEL;

    }



    private static void recycleParcel(Parcel p) {

        if (p != null && !isEmptyParcel(p)) {

            p.recycle();

        }

    }



    /**

     * Returns the backing map of this bundle after deserializing every item.

     *
@@ -667,7 +662,10 @@ public class BaseBundle implements Parcel.ClassLoaderProvider { 
    public void clear() {

        unparcel();

        if (mOwnsLazyValues && mWeakParcelledData != null) {

            recycleParcel(mWeakParcelledData.get());

            Parcel parcel = mWeakParcelledData.get();

            if (parcel != null) {

                parcel.destroy();

            }

        }



        mWeakParcelledData = null;