This project is mirrored from https://github.com/LineageOS/android_frameworks_base.git. Pull mirroring updated .
  1. 06 May, 2022 1 commit
  2. 12 Apr, 2022 1 commit
    • Jeff Chang's avatar
      [RESTRICT AUTOMERGE] Add hide-non-system-overlay flag for HarmfulAppWarningActivity · aa23050a
      Jeff Chang authored
      A malicious application could overlay the activity. The overlay is
      able to be tapped through, which can trick the user into starting a
      harmful activity.
      
      The CL added the flag SYSTEM_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS for
      the activity to prevent the tapjacking/overlay attack.
      
      Bug: 205595291
      Test: atest CtsHarmfulAppWarningHostTestCases
      Change-Id: Ia1a1ae0dc451e04bf5c31e3cb8cf30a0d8e32991
      (cherry picked from commit a04b3666b8619e09e08646c6d5c529d016cbfb47)
      (cherry picked from commit f36b7b9f)
      Merged-In: Ia1a1ae0dc451e04bf5c31e3cb8cf30a0d8e32991
      aa23050a
  3. 10 Apr, 2022 1 commit
  4. 12 Mar, 2022 1 commit
    • Julia Reynolds's avatar
      Check group channels for FGSes · b7ecc9d0
      Julia Reynolds authored
      Before allowing the group to be deleted, by updating
      the current check to the method that populates the channel
      list
      
      Test: NotificationManagerServiceTest
      Bug: 209965481
      Change-Id: I9db781c300e96e9c80bd5d21585b8be9b4db08c8
      Merged-In: I9db781c300e96e9c80bd5d21585b8be9b4db08c8
      (cherry picked from commit 331b6179)
      (cherry picked from commit adf4be190e39691c99578ee01fc3b19ca0dd16d1)
      Merged-In: I9db781c300e96e9c80bd5d21585b8be9b4db08c8
      b7ecc9d0
  5. 16 Feb, 2022 1 commit
  6. 13 Feb, 2022 1 commit
  7. 28 Jan, 2022 1 commit
  8. 09 Jan, 2022 1 commit
  9. 19 Dec, 2021 1 commit
  10. 16 Dec, 2021 1 commit
  11. 12 Nov, 2021 4 commits
  12. 11 Nov, 2021 1 commit
  13. 03 Nov, 2021 1 commit
  14. 17 Oct, 2021 1 commit
  15. 16 Oct, 2021 1 commit
    • Bernardo Rufino's avatar
      Fix background bypass via notifications · eeb92c3c
      Bernardo Rufino authored
      This is a CP of ag/14736230 to qt-dev.
      
      Apps were able to bypass BAL and BG-FGS restrictions by retrieving their
      own notifications and firing their PI since those were allowlisted for
      those operations.
      
      Now we strip the token that granted them that ability
      from notifications returned via NM.getActiveNotifications(), which
      returns the notifications of the caller.
      
      Notifications returned via notification listener APIs still contain such
      token, as they should.
      
      Bug: 185388103
      Bug: 169821287
      Test: Manually tested
      Change-Id: I2ede0d639a560f6acacec3864a0a7d23af152ba5
      Merged-In: I2ede0d639a560f6acacec3864a0a7d23af152ba5
      (cherry picked from commit 5fbeff59)
      (cherry picked from commit 14c1c7b4)
      eeb92c3c
  16. 08 Oct, 2021 3 commits
  17. 06 Oct, 2021 1 commit
    • Kevin F. Haggerty's avatar
      Merge tag 'android-security-9.0.0_r73' into staging/lineage-16.0_merge_android-security-9.0.0_r73 · 63126edf
      Kevin F. Haggerty authored
      Android Security 9.0.0 Release 73 (7678331)
      
      * tag 'android-security-9.0.0_r73':
        Send targeted broadcasts to prevent other apps from receiving them.
        Guard DISABLE_PLUGIN with PLUGIN permission.
        DO NOT MERGE Apply a maximum char count to the load label api
        Change ownership of the account request notification.
        Fix a potential thread safety issue in VectorDrawable
      
      Change-Id: Ic686d5035a5995e34f2373177a34fab6e6114020
      63126edf
  18. 01 Oct, 2021 4 commits
  19. 20 Sep, 2021 1 commit
  20. 11 Sep, 2021 1 commit
    • Kevin F. Haggerty's avatar
      Merge tag 'android-security-9.0.0_r72' into staging/lineage-16.0_merge_android-security-9.0.0_r72 · c124bc9f
      Kevin F. Haggerty authored
      Android security 9.0.0 release 72
      
      * tag 'android-security-9.0.0_r72':
        Don't attach private Notification to A11yEvent when user locked
        Improve ellipsize performance
        Fix side effects of trace-ipc and dumpheap commands
        Fix race condition between lockNow() and updateLockscreenTimeout
      
      Conflicts:
      	services/core/java/com/android/server/notification/NotificationManagerService.java
      	services/core/java/com/android/server/policy/PhoneWindowManager.java
      	services/tests/uiservicestests/src/com/android/server/notification/BuzzBeepBlinkTest.java
      
      Change-Id: I1c3c9e0cb63673d606f81657c5c93c722e6ec147
      c124bc9f
  21. 10 Sep, 2021 1 commit
    • Jayant Chowdhary's avatar
      camera2: Fix exception swallowing in params classes createFromParcel · 2f1cb618
      Jayant Chowdhary authored
      
      
      Do not catch exceptions when we attempt to create the following classes
      from a parcel
      - OutputConfiguration
      - VendorTagDescriptor
      - VendorTagDescriptorCache
      - SessionConfiguration
      This could cause subsequent parcel information to be read incorrectly.
      
      Bug: 188675581
      
      Test: Sample app which tries to write invalid data into an
            OutputConfiguration parcel to send in an intent via Broadcast. When read by the receiving app,
            gets an exception (not swallowed).
      
      Merged-In: I745ca49daa6ca36b1020d518e9f346b52684f2b1
      Change-Id: I745ca49daa6ca36b1020d518e9f346b52684f2b1
      Signed-off-by: default avatarJayant Chowdhary <jchowdhary@google.com>
      (cherry picked from commit 6b0bcd60)
      (cherry picked from commit 8a115381)
      2f1cb618
  22. 12 Aug, 2021 6 commits
  23. 10 Aug, 2021 3 commits
  24. 04 Aug, 2021 1 commit
  25. 18 Jul, 2021 1 commit