This project is mirrored from https://github.com/LineageOS/android_frameworks_base.git. Pull mirroring updated .
  1. 15 Jan, 2021 1 commit
  2. 14 Jan, 2021 1 commit
    • Kevin F. Haggerty's avatar
      Merge tag 'android-security-9.0.0_r64' into staging/lineage-16.0_merge_android-security-9.0.0_r64 · 31664aa5
      Kevin F. Haggerty authored
      Android security 9.0.0 release 64
      
      * tag 'android-security-9.0.0_r64':
        Ignore GrantCredentials call with unexpected calling uid.
        Protect GrantCredentialsPermissionActivity against overlay.
        [DO NOT MERGE] Make GlobalScreenshot PendingIntents immutable
        Check that Account Parcel has name and type.
        Revoke permission on non-runtime -> runtime upgrade
        Ensure permissions are revoked on state changes
        RESTRICT AUTOMERGE Fix CDM package check
        remove sensitive pii from safetynet logging
        DO NOT MERGE Check fingerprint client against top activity in auth callback
        Fix the issue provider can be wrong when requesting slice permission
      
      Change-Id: I5686e8a3ed26d5abdec952748e1eb1a33ba8d0c8
      31664aa5
  3. 11 Jan, 2021 1 commit
  4. 10 Jan, 2021 1 commit
  5. 16 Dec, 2020 2 commits
  6. 15 Dec, 2020 2 commits
  7. 09 Dec, 2020 1 commit
  8. 16 Nov, 2020 2 commits
  9. 12 Nov, 2020 10 commits
    • Dmitry Dementyev's avatar
      Ignore GrantCredentials call with unexpected calling uid. · 97961294
      Dmitry Dementyev authored
      Activity can be used only in two cases.
      1) Calling uid matches uid grantee.
      2) Calling uid is is system. This flow is used by getToken methods with
      notifyAuthFailure=true.
      
      Test: Existing CTS tests
      Bug: 158480899
      Merged-In: I1421c333b6cebb4f7cddcdd8766298f6872e933b
      Change-Id: I18af48cf3cb4ad23a3e5b02a8ea1416aa5570dba
      (cherry picked from commit ece586e3218e1ecd497e020af3fac4f381957ef7)
      97961294
    • Dmitry Dementyev's avatar
      Protect GrantCredentialsPermissionActivity against overlay. · 5f77856b
      Dmitry Dementyev authored
      Bug: 169763814
      Test: manual
      Merged-In: I15dd22791fcc61ef02b06ad51d9e4409d11c0181
      Change-Id: I0d8f901d100a5e2a022c96fa6c2be75a11c58059
      (cherry picked from commit deddb784d0c4b3dab69045dd4f98a89d6fca5f52)
      5f77856b
    • Miranda Kephart's avatar
      [DO NOT MERGE] Make GlobalScreenshot PendingIntents immutable · 9f42cf00
      Miranda Kephart authored
      Mutable pending intents are a security risk. This change adds the
      IMMUTABLE flag to all PendingIntents created in GlobalScreenshot.
      
      Bug: 162738636
      Test: manual
      Change-Id: I1044b6aaf2b1650ff91d9a72181684d2aaea9a62
      (cherry picked from commit ed450d77edc632bbdf74f86fa76dae1f9475a5c9)
      9f42cf00
    • Dmitry Dementyev's avatar
      Check that Account Parcel has name and type. · 29de6913
      Dmitry Dementyev authored
      Bug: 129287265
      Test: manual
      Change-Id: I8431eb27cc4c6dfd3048b28ff635474f14433308
      (cherry picked from commit 32e85796)
      (cherry picked from commit 0992000acea457142cb2b715a106057d6cee9166)
      29de6913
    • Philip P. Moltmann's avatar
      Revoke permission on non-runtime -> runtime upgrade · b581af12
      Philip P. Moltmann authored
      Not only on normal -> runtime.
      
      Test: atest android.appsecurity.cts.PermissionsHostTest#testNoPermissionEscalationAfterReboot
      Bug: 154505240, 168319670
      Change-Id: If3b420067b4d7111dcf67ae6f98e42176158b679
      Merged-In: If3b420067b4d7111dcf67ae6f98e42176158b679
      (cherry picked from commit 60c41ae4a653ea594f6ebaf78f30d7e50be62327)
      b581af12
    • Nate Myren's avatar
      Ensure permissions are revoked on state changes · 45ac3b66
      Nate Myren authored
      If a permission owner changes, or a permission level is upgraded, revoke
      the permission from all packages
      
      Test: Manual
      Bug: 154505240
      Merged-In: I0dec9eb7c2fecd3147e33e04d3f79f6dffcf7721
      Change-Id: I0dec9eb7c2fecd3147e33e04d3f79f6dffcf7721
      (cherry picked from commit a28931a09814a89e1c55816c794c1e1f20dc0c91)
      (cherry picked from commit a162e9592db4231c33e04c86db5f2db84aed6303)
      45ac3b66
    • Eugene Susla's avatar
      RESTRICT AUTOMERGE · 3fd32559
      Eugene Susla authored
      Fix CDM package check
      
      CDM was using a pckage check that returns a value intead of throwing,
      resulting in failing to throw on querying other package's associations
      
      Test: ensure attached bug no longer reproduces
      Bug: 167244818
      Change-Id: I21319b6f5495dcae681541c76b847aad0c00b8ab
      (cherry picked from commit feb4dd913c1b128df1626471375d423257d57cf9)
      3fd32559
    • Pinyao Ting's avatar
      remove sensitive pii from safetynet logging · 3932e33e
      Pinyao Ting authored
      Bug: 159145361
      Test: manual
      Change-Id: I8f1be55971672c7e8f5aa8848f65b1b9d9f40fb5
      Merged-In: I8f1be55971672c7e8f5aa8848f65b1b9d9f40fb5
      (cherry picked from commit 3b6905bf6a39de7789f93a7ce6ca5d65a3fe589e)
      (cherry picked from commit 6d9794aa9ff786f98252d859b8a1de7429f5441a)
      3932e33e
    • Curtis Belmonte's avatar
      DO NOT MERGE Check fingerprint client against top activity in auth callback · 9899b14c
      Curtis Belmonte authored
      Due to a race condition with activity task stack broadcasts, it's
      currently possible for fingerprint authentication to succeed for a
      non-top activity. This means, for example, that a malicious overlay
      could be drawn in order to mislead the user about what they are
      authenticating for.
      
      This commit addresses the issue by adding a check to the fingerprint
      authentication client interface that ensures the authenticating
      activity is on top at the time of authentication. Otherwise, the
      pending authentication will fail, as if an incorrect biometric
      been presented.
      
      Test: Follow steps from b/159249069:
      1. Install com.pro100svitlo.fingerprintauthdemo from the Play store.
      2. Install the PoC attack app from b/159249069.
      3. Start the PoC attack app and press the "Launch PoC attack" button.
      4. Use fingerprint to authenticate while the overlay is showing.
      
      Before: Authentication succeeds, and a new activity is launched.
      After: Authentication fails, and no new activity is launched.
      
      Bug: 159249069
      Change-Id: If5cdf8ffaf3aa7d8a1ac81272e3bfb2cc7cdddf1
      Merged-In: Iee6af379515385777984da55048c1efd9339ed88
      Merged-In: I9b242a9fee0acbfb430875061e2d809c00fe4b97
      Merged-In: I1241a12eafa0bdbac59a8ddd4cf6a0637d467b19
      Merged-In: Ie5a0f8c3e9b92d348a78678a6ed192d440c45ffc
      Merged-In: I289d67e5c7055ed60f7a96725c523d07cd047b23
      (cherry picked from commit d4774f910101d20b36afff4b39ce824b89d491cc)
      9899b14c
    • Pinyao Ting's avatar
      Fix the issue provider can be wrong when requesting slice permission · becd1fa9
      Pinyao Ting authored
      SlicePermissionActivity reads provider_pkg from intent, which can be
      modified at will. As a result user might see incorrect package name in
      the dialog granting slice permission.
      
      Bug: 159145361
      Test: manual
      Merged-In: I8b66c02786df4096dad74b7e76255d5ddd1d609d
      Change-Id: I8b66c02786df4096dad74b7e76255d5ddd1d609d
      (cherry picked from commit 0ad32a2d70ae410a59d730802b47af7c27b0b4a3)
      (cherry picked from commit 4cab9c38764a6123c0072f0ef7b007cc29cd1b74)
      becd1fa9
  10. 08 Nov, 2020 1 commit
  11. 03 Nov, 2020 1 commit
    • Kevin F. Haggerty's avatar
      Merge tag 'android-security-9.0.0_r62' into staging/lineage-16.0_merge-android-security-9.0.0_r62 · 40e6e93c
      Kevin F. Haggerty authored
      Android security 9.0.0 release 62
      
      * tag 'refs/tags/android-security-9.0.0_r62':
        [WIFI] Make Aware + Connectivity agent network specifiers sensitive
        [CS] Add an option to block sensitive network specifier
        Accept repeated locale as an input of LocaleList construction.
        Sanitize more of the notification text fields
        DO NOT MERGE Don't allow non-instant permissions for instant apps.
      
      Change-Id: Ie83a9f0d9388a606e08dae862ff478948ddf3da8
      40e6e93c
  12. 16 Oct, 2020 2 commits
  13. 11 Oct, 2020 2 commits
  14. 09 Oct, 2020 2 commits
    • lucaslin's avatar
      Fix storing the wrong value of mLockdown in setting · 2f8631a6
      lucaslin authored
      When user is stopped, the Vpn#onUserStopped() will be called and
      the value of mLockdown will be set to false then store into
      setting.
      This is a wrong behavior because user doesn't change it, so for
      this kind of case, there is no need to store the value of
      mLockdown in setting.
      In fact, there is no need to call Vpn#saveAlwaysOnPackage() when
      user is stopped because there is nothing changed.
      
      Bug: 168500792
      Test: atest FrameworksNetTests
      Change-Id: Ie85a347216614b7873bfdf199165d89527ada3a8
      (cherry picked from commit 9226fc3723a477751705011cd7eecf063b1c3707)
      2f8631a6
    • wilsonshih's avatar
      Make WallpaperMS bind wallpaper component PendingIntent immutable. · c5e6f56c
      wilsonshih authored
      Require that the PendingIntent be immutable so that a malicious app is
      not able to hijack and mutate any of the details.
      
      Fixes: 154915372
      Test: build & flash, change wallpaper manually.
      Change-Id: I59b48811b26736bf0575769107dd940ca33ccf8d
      (cherry picked from commit d4bd69ce)
      (cherry picked from commit a839692d5ca4ea47e9565865eae5cdf904cc0629)
      c5e6f56c
  15. 02 Oct, 2020 2 commits
  16. 22 Sep, 2020 2 commits
  17. 13 Sep, 2020 2 commits
  18. 12 Sep, 2020 1 commit
  19. 10 Sep, 2020 4 commits
    • Etan Cohen's avatar
      [WIFI] Make Aware + Connectivity agent network specifiers sensitive · 5263e868
      Etan Cohen authored
      Configure the Wi-Fi Aware agent network
      specifier as sensitive. This will strip it out from the
      network capabilities before the capabilities are forwarded to the
      app.
      
      Necessary since the agent network specifier contains information
      which the apps should not have.
      
      Bug: 161853197
      Bug: 161370134
      Test: atest ConnectivityServiceTest (frameworks/base/tests/net)
      Test: atest frameworks/base/tests/net
      Test: atest frameworks/opt/net/wifi/tests/wifitests
      Test: atest frameworks/opt/telephony/tests/telephonytests
      Test: atest frameworks/opt/net/ethernet/tests
      Test: atest android.net.cts - some flakiness!
      Test: act.py ThroughputTest
      Test: act.py DataPathTest
      Test: atest SingleDeviceTest (cts)
      Change-Id: Ia6adf2afa0f2052dc46a504ceb3e5aaba591aab8
      Merged-In: I9673107a2ee13bca63539fc7dbee7f376af3ebcb
      (cherry picked from commit 7f60f432)
      5263e868
    • Etan Cohen's avatar
      [CS] Add an option to block sensitive network specifier · 20491714
      Etan Cohen authored
      Network specifiers are used for 2 purposes:
      
      - As part of network requests to specify more information on the type
        of requested networks.
      - On network agents to specify information about their networks.
      
      The network specifiers of the requests and agents are matched to each
      other. However, the agent network specifier may contain sensitive
      information which we do not want forwarded to any app.
      
      This CL adds an option to strip out this agent network specifier before
      the network capabilities are forwarded to the app.
      
      Bug: 161853197
      Bug: 161370134
      Test: atest ConnectivityServiceTest (frameworks/base/tests/net)
      Test: atest frameworks/base/tests/net
      Test: atest frameworks/opt/net/wifi/tests/wifitests
      Test: atest frameworks/opt/telephony/tests/telephonytests
      Test: atest frameworks/opt/net/ethernet/tests
      Test: atest android.net.cts - some flakiness!
      Test: act.py ThroughputTest
      Test: act.py DataPathTest
      Test: atest SingleDeviceTest (cts)
      Change-Id: I38ed3ff88532ef522ab167c88d87e6e82295ffc5
      Merged-In: If08d312ff814bdde1147518f923199e6349503d5
      (cherry picked from commit 9b1d701a)
      20491714
    • Seigo Nonaka's avatar
      Accept repeated locale as an input of LocaleList construction. · b648e7ff
      Seigo Nonaka authored
      Repeated locale has not been accepted and IllegalArgumentException
      is thrown. Instead of throwing exception, dropping repeated locale
      instead.
      
      Bug: 152410253
      Test: atest LocaleListTest
      Change-Id: I80f243678ac3024eaeb0349f770cff897df7f332
      (cherry picked from commit 33ee4638)
      b648e7ff
    • Julia Reynolds's avatar
      Sanitize more of the notification text fields · 4c1d9781
      Julia Reynolds authored
      Test: manual; monitor SystemUI performance when an app tries to
      post a messaging style notification with messages with long text
      Bug: 158304295
      Bug: 147358092
      
      Merged-In: c953fdf6bc498ca791aed49df04e5a07c935b63a
      Change-Id: I0e2ea12fc3351b1a56645b556720ea2306f5422a
      (cherry picked from commit c953fdf6bc498ca791aed49df04e5a07c935b63a)
      (cherry picked from commit 7857da64)
      4c1d9781