Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit edaabde8 authored by Android Build Coastguard Worker's avatar Android Build Coastguard Worker
Browse files

Merge cherrypicks of ['googleplex-android-review.googlesource.com/23983543',... 

Merge cherrypicks of ['googleplex-android-review.googlesource.com/23983543', 'googleplex-android-review.googlesource.com/24323876', 'googleplex-android-review.googlesource.com/24309522', 'googleplex-android-review.googlesource.com/24424817'] into security-aosp-sc-v2-release.

Change-Id: I76f2e1f1247357cc9451c5831ff57447d85496bd
parents 0c191825 da9dd005

core/java/android/app/Notification.java

+5 −2
Original line number Diff line number Diff line
@@ -3357,8 +3357,11 @@ public class Notification implements Parcelable 
     *

     * @hide

     */

    public void setAllowlistToken(@Nullable IBinder token) {

        mAllowlistToken = token;

    public void clearAllowlistToken() {

        mAllowlistToken = null;

        if (publicVersion != null) {

            publicVersion.clearAllowlistToken();

        }

    }



    /**

core/java/android/hardware/usb/UsbConfiguration.java

+2 −1
Original line number Diff line number Diff line
@@ -172,7 +172,8 @@ public class UsbConfiguration implements Parcelable { 
            String name = in.readString();

            int attributes = in.readInt();

            int maxPower = in.readInt();

            Parcelable[] interfaces = in.readParcelableArray(UsbInterface.class.getClassLoader());

            Parcelable[] interfaces = in.readParcelableArray(

                    UsbInterface.class.getClassLoader(), UsbInterface.class);

            UsbConfiguration configuration = new UsbConfiguration(id, name, attributes, maxPower);

            configuration.setInterfaces(interfaces);

            return configuration;

packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java

+31 −0
Original line number Diff line number Diff line
@@ -1906,6 +1906,9 @@ public class SettingsProvider extends ContentProvider { 
            cacheName = Settings.System.ALARM_ALERT_CACHE;

        }

        if (cacheName != null) {

            if (!isValidAudioUri(name, value)) {

                return false;

            }

            final File cacheFile = new File(

                    getRingtoneCacheDir(owningUserId), cacheName);

            cacheFile.delete();
@@ -1938,6 +1941,34 @@ public class SettingsProvider extends ContentProvider { 
        }

    }



    private boolean isValidAudioUri(String name, String uri) {

        if (uri != null) {

            Uri audioUri = Uri.parse(uri);

            if (Settings.AUTHORITY.equals(

                    ContentProvider.getAuthorityWithoutUserId(audioUri.getAuthority()))) {

                // Don't accept setting the default uri to self-referential URIs like

                // Settings.System.DEFAULT_RINGTONE_URI, which is an alias to the value of this

                // setting.

                return false;

            }

            final String mimeType = getContext().getContentResolver().getType(audioUri);

            if (mimeType == null) {

                Slog.e(LOG_TAG,

                        "mutateSystemSetting for setting: " + name + " URI: " + audioUri

                        + " ignored: failure to find mimeType (no access from this context?)");

                return false;

            }

            if (!(mimeType.startsWith("audio/") || mimeType.equals("application/ogg")

                    || mimeType.equals("application/x-flac"))) {

                Slog.e(LOG_TAG,

                        "mutateSystemSetting for setting: " + name + " URI: " + audioUri

                        + " ignored: associated mimeType: " + mimeType + " is not an audio type");

                return false;

            }

        }

        return true;

    }



    private boolean hasWriteSecureSettingsPermission() {

        // Write secure settings is a more protected permission. If caller has it we are good.

        return getContext().checkCallingOrSelfPermission(Manifest.permission.WRITE_SECURE_SETTINGS)

services/core/java/com/android/server/am/ActivityManagerService.java

+21 −2
Original line number Diff line number Diff line
@@ -2806,6 +2806,22 @@ public class ActivityManagerService extends IActivityManager.Stub 
        }

    }













    /**













     * Enforces that the uid of the caller matches the uid of the package.













     *













     * @param packageName the name of the package to match uid against.













     * @param callingUid the uid of the caller.













     * @throws SecurityException if the calling uid doesn't match uid of the package.













     */













    private void enforceCallingPackage(String packageName, int callingUid) {













        final int userId = UserHandle.getUserId(callingUid);













        final int packageUid = getPackageManagerInternal().getPackageUid(packageName,













                /*flags=*/ 0, userId);













        if (packageUid != callingUid) {













            throw new SecurityException(packageName + " does not belong to uid " + callingUid);













        }













    }



























    @Override















    public void setPackageScreenCompatMode(String packageName, int mode) {















        mActivityTaskManager.setPackageScreenCompatMode(packageName, mode);










@@ -12256,13 +12272,16 @@ public class ActivityManagerService extends IActivityManager.Stub













    // A backup agent has just come up















    @Override















    public void backupAgentCreated(String agentPackageName, IBinder agent, int userId) {













        final int callingUid = Binder.getCallingUid();













        enforceCallingPackage(agentPackageName, callingUid);



























        // Resolve the target user id and enforce permissions.













        userId = mUserController.handleIncomingUser(Binder.getCallingPid(), Binder.getCallingUid(),













        userId = mUserController.handleIncomingUser(Binder.getCallingPid(), callingUid,















                userId, /* allowAll */ false, ALLOW_FULL_ONLY, "backupAgentCreated", null);















        if (DEBUG_BACKUP) {















            Slog.v(TAG_BACKUP, "backupAgentCreated: " + agentPackageName + " = " + agent















                    + " callingUserId = " + UserHandle.getCallingUserId() + " userId = " + userId













                    + " callingUid = " + Binder.getCallingUid() + " uid = " + Process.myUid());













                    + " callingUid = " + callingUid + " uid = " + Process.myUid());















        }





























        synchronized(this) {

























services/core/java/com/android/server/notification/NotificationManagerService.java



+1
−1






























Original line number
Diff line number
Diff line








@@ -4202,7 +4202,7 @@ public class NotificationManagerService extends SystemService {













                    // Remove background token before returning notification to untrusted app, this















                    // ensures the app isn't able to perform background operations that are















                    // associated with notification interactions.













                    notification.setAllowlistToken(null);













                    notification.clearAllowlistToken();















                    return new StatusBarNotification(















                            sbn.getPackageName(),















                            sbn.getOpPkg(),