Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Unverified Commit db93faff authored by Kevin F. Haggerty's avatar Kevin F. Haggerty
Browse files

Merge tag 'android-security-13.0.0_r18' into staging/lineage-20.0_android-security-13.0.0_r18 

Android Security 13.0.0 Release 18 (11698590)

* tag 'android-security-13.0.0_r18':
  [RESTRICT AUTOMERGE] AccessibilityManagerService: remove uninstalled services from enabled list after service update.
  Resolve message/conversation image Uris with the correct user id
  [CDM][CMD] Check permissions for CDM shell commands
  Check hidden API exemptions
  Update media visibility on lock screen
  [DO NOT MERGE][Autofill Framework] Add in check for intent filter when setting/updating service
  Add more checkKeyIntent checks to AccountManagerService.
  Hide window immediately if itself doesn't run hide animation
  Fix vulnerability in AttributionSource due to incorrect Binder call
  Fix error handling for non-dynamic permissions
  Check for NLS bind permission when rebinding services
  Verify URI permission for channel sound update from NotificationListenerService
  Added throttle when reporting shortcut usage

Conflicts:
	packages/SystemUI/src/com/android/systemui/media/MediaCarouselController.kt
	packages/SystemUI/src/com/android/systemui/media/MediaHierarchyManager.kt
	packages/SystemUI/src/com/android/systemui/media/controls/ui/KeyguardMediaController.kt
	packages/SystemUI/src/com/android/systemui/media/controls/ui/MediaHost.kt
	packages/SystemUI/src/com/android/systemui/statusbar/notification/row/ExpandableNotificationRow.java
	packages/SystemUI/tests/src/com/android/systemui/media/MediaHierarchyManagerTest.kt
	packages/SystemUI/tests/src/com/android/systemui/media/controls/ui/KeyguardMediaControllerTest.kt
	packages/SystemUI/tests/src/com/android/systemui/statusbar/notification/row/ExpandableNotificationRowTest.java
	services/core/java/com/android/server/notification/ManagedServices.java

Change-Id: Id2d659bc916dccf8b86a771f008bb56ee2e079e2
parents 8221cad4 fad3e27a

core/java/android/content/AttributionSource.java

+17 −3
Original line number Diff line number Diff line
@@ -31,6 +31,7 @@ import android.os.Parcelable; 
import android.os.Process;

import android.permission.PermissionManager;

import android.util.ArraySet;

import android.util.Log;



import com.android.internal.annotations.Immutable;
@@ -87,6 +88,8 @@ import java.util.Set; 
 */

@Immutable

public final class AttributionSource implements Parcelable {

    private static final String TAG = "AttributionSource";



    private static final String DESCRIPTOR = "android.content.AttributionSource";



    private static final Binder sDefaultToken = new Binder(DESCRIPTOR);
@@ -154,10 +157,21 @@ public final class AttributionSource implements Parcelable { 
    AttributionSource(@NonNull Parcel in) {

        this(AttributionSourceState.CREATOR.createFromParcel(in));



        if (!Binder.isDirectlyHandlingTransaction()) {

            Log.e(TAG, "Unable to verify calling UID #" + mAttributionSourceState.uid + " PID #"

                    + mAttributionSourceState.pid + " when not handling Binder transaction; "

                    + "clearing.");

            mAttributionSourceState.pid = -1;

            mAttributionSourceState.uid = -1;

            mAttributionSourceState.packageName = null;

            mAttributionSourceState.attributionTag = null;

            mAttributionSourceState.next = null;

        } else {

            // Since we just unpacked this object as part of it transiting a Binder

            // call, this is the perfect time to enforce that its UID and PID can be trusted

            enforceCallingUidAndPid();

        }

    }



    /** @hide */

    public AttributionSource(@NonNull AttributionSourceState attributionSourceState) {

core/java/android/os/ZygoteProcess.java

+10 −0
Original line number Diff line number Diff line
@@ -431,6 +431,8 @@ public class ZygoteProcess { 
                throw new ZygoteStartFailedEx("Embedded newlines not allowed");

            } else if (arg.indexOf('\r') >= 0) {

                throw new ZygoteStartFailedEx("Embedded carriage returns not allowed");

            } else if (arg.indexOf('\u0000') >= 0) {

                throw new ZygoteStartFailedEx("Embedded nulls not allowed");

            }

        }
@@ -972,6 +974,14 @@ public class ZygoteProcess { 
            return true;

        }



        for (/* NonNull */ String s : mApiDenylistExemptions) {

            // indexOf() is intrinsified and faster than contains().

            if (s.indexOf('\n') >= 0 || s.indexOf('\r') >= 0 || s.indexOf('\u0000') >= 0) {

                Slog.e(LOG_TAG, "Failed to set API denylist exemptions: Bad character");

                mApiDenylistExemptions = Collections.emptyList();

                return false;

            }

        }

        try {

            state.mZygoteOutputWriter.write(Integer.toString(mApiDenylistExemptions.size() + 1));

            state.mZygoteOutputWriter.newLine();

packages/SystemUI/src/com/android/systemui/media/controls/ui/KeyguardMediaController.kt

+0 −40
Original line number Diff line number Diff line
@@ -18,16 +18,10 @@ package com.android.systemui.media.controls.ui 


import android.content.Context

import android.content.res.Configuration

import android.database.ContentObserver

import android.net.Uri

import android.os.Handler

import android.os.UserHandle

import android.provider.Settings

import android.view.View

import android.view.ViewGroup

import androidx.annotation.VisibleForTesting

import com.android.systemui.dagger.SysUISingleton

import com.android.systemui.dagger.qualifiers.Main

import com.android.systemui.media.dagger.MediaModule.KEYGUARD

import com.android.systemui.plugins.statusbar.StatusBarStateController

import com.android.systemui.statusbar.StatusBarState
@@ -36,7 +30,6 @@ import com.android.systemui.statusbar.notification.stack.MediaContainerView 
import com.android.systemui.statusbar.phone.KeyguardBypassController

import com.android.systemui.statusbar.policy.ConfigurationController

import com.android.systemui.util.LargeScreenUtils

import com.android.systemui.util.settings.SecureSettings

import javax.inject.Inject

import javax.inject.Named
@@ -52,8 +45,6 @@ constructor( 
    private val bypassController: KeyguardBypassController,

    private val statusBarStateController: SysuiStatusBarStateController,

    private val context: Context,

    private val secureSettings: SecureSettings,

    @Main private val handler: Handler,

    configurationController: ConfigurationController,

) {
@@ -77,26 +68,6 @@ constructor( 
            }

        )



        val settingsObserver: ContentObserver =

            object : ContentObserver(handler) {

                override fun onChange(selfChange: Boolean, uri: Uri?) {

                    if (uri == lockScreenMediaPlayerUri) {

                        allowMediaPlayerOnLockScreen =

                            secureSettings.getBoolForUser(

                                Settings.Secure.MEDIA_CONTROLS_LOCK_SCREEN,

                                true,

                                UserHandle.USER_CURRENT

                            )

                        refreshMediaPosition()

                    }

                }

            }

        secureSettings.registerContentObserverForUser(

            Settings.Secure.MEDIA_CONTROLS_LOCK_SCREEN,

            settingsObserver,

            UserHandle.USER_ALL

        )



        // First let's set the desired state that we want for this host

        mediaHost.expansion = MediaHostState.EXPANDED

        mediaHost.showsOnlyActiveMedia = true
@@ -133,16 +104,6 @@ constructor( 
        private set

    private var splitShadeContainer: ViewGroup? = null



    /** Track the media player setting status on lock screen. */

    private var allowMediaPlayerOnLockScreen: Boolean =

        secureSettings.getBoolForUser(

            Settings.Secure.MEDIA_CONTROLS_LOCK_SCREEN,

            true,

            UserHandle.USER_CURRENT

        )

    private val lockScreenMediaPlayerUri =

        secureSettings.getUriFor(Settings.Secure.MEDIA_CONTROLS_LOCK_SCREEN)



    /**

     * Attaches media container in single pane mode, situated at the top of the notifications list

     */
@@ -202,7 +163,6 @@ constructor( 
            mediaHost.visible &&

                !bypassController.bypassEnabled &&

                keyguardOrUserSwitcher &&

                allowMediaPlayerOnLockScreen &&

                shouldBeVisibleForSplitShade()

        if (visible) {

            showMediaPlayer()

packages/SystemUI/src/com/android/systemui/media/controls/ui/MediaHierarchyManager.kt

+19 −8
Original line number Diff line number Diff line
@@ -104,7 +104,7 @@ constructor( 
) {



    /** Track the media player setting status on lock screen. */

    private var allowMediaPlayerOnLockScreen: Boolean = true

    private var allowMediaPlayerOnLockScreen: Boolean = getMediaLockScreenSetting()

    private val lockScreenMediaPlayerUri =

        secureSettings.getUriFor(Settings.Secure.MEDIA_CONTROLS_LOCK_SCREEN)
@@ -462,6 +462,7 @@ constructor( 
                    }

                    mediaCarouselController.mediaCarouselScrollHandler.visibleToUser =

                        isVisibleToUser()

                    mediaCarouselController.updateHostVisibility()

                }



                override fun onDozeAmountChanged(linear: Float, eased: Float) {
@@ -538,7 +539,6 @@ constructor( 
        mediaCarouselController.updateHostVisibility = {

            mediaHosts.forEach { it?.updateViewVisibility() }

        }



        panelEventsEvents.addShadeStateEventsListener(

            object : ShadeStateEventsListener {

                override fun onExpandImmediateChanged(isExpandImmediateEnabled: Boolean) {
@@ -552,12 +552,8 @@ constructor( 
            object : ContentObserver(handler) {

                override fun onChange(selfChange: Boolean, uri: Uri?) {

                    if (uri == lockScreenMediaPlayerUri) {

                        allowMediaPlayerOnLockScreen =

                            secureSettings.getBoolForUser(

                                Settings.Secure.MEDIA_CONTROLS_LOCK_SCREEN,

                                true,

                                UserHandle.USER_CURRENT

                            )

                        allowMediaPlayerOnLockScreen = getMediaLockScreenSetting()

                        mediaCarouselController.updateHostVisibility()

                    }

                }

            }
@@ -568,6 +564,14 @@ constructor( 
        )

    }



    private fun getMediaLockScreenSetting(): Boolean {

        return secureSettings.getBoolForUser(

            Settings.Secure.MEDIA_CONTROLS_LOCK_SCREEN,

            true,

            UserHandle.USER_CURRENT

        )

    }



    private fun updateConfiguration() {

        distanceForFullShadeTransition =

            context.resources.getDimensionPixelSize(
@@ -607,6 +611,13 @@ constructor( 
        mediaCarouselController.closeGuts()

    }



    /** Return true if the carousel should be hidden because lockscreen is currently visible */

    fun isLockedAndHidden(): Boolean {

        return !allowMediaPlayerOnLockScreen &&

            (statusbarState == StatusBarState.SHADE_LOCKED ||

                statusbarState == StatusBarState.KEYGUARD)

    }



    private fun createUniqueObjectHost(): UniqueObjectHostView {

        val viewHost = UniqueObjectHostView(context)

        viewHost.addOnAttachStateChangeListener(

packages/SystemUI/src/com/android/systemui/media/controls/ui/MediaHost.kt

+3 −1
Original line number Diff line number Diff line
@@ -199,7 +199,9 @@ constructor( 
     */

    fun updateViewVisibility() {

        state.visible =

            if (showsOnlyActiveMedia) {

            if (mediaHierarchyManager.isLockedAndHidden()) {

                false

            } else if (showsOnlyActiveMedia) {

                mediaDataManager.hasActiveMediaOrRecommendation()

            } else {

                mediaDataManager.hasAnyMediaOrRecommendation()