This project is mirrored from Pull mirroring updated .
  1. 13 Jul, 2022 1 commit
  2. 07 Jul, 2022 1 commit
    • Kevin F. Haggerty's avatar
      Merge tag 'android-security-11.0.0_r57' of... · 391f017f
      Kevin F. Haggerty authored
      Merge tag 'android-security-11.0.0_r57' of into staging/lineage-18.1_merge_android-security-11.0.0_r57
      Android security 11.0.0 release 57
      * tag 'android-security-11.0.0_r57' of
        Crash invalid FGS notifications
        [RESTRICT AUTOMERGE] Log to EventLog on prepareUserStorage failure
        [RESTRICT AUTOMERGE] Ignore errors preparing user storage for existing users
        [RESTRICT AUTOMERGE] UserDataPreparer: reboot to recovery for system user only
        [RESTRICT AUTOMERGE] UserDataPreparer: reboot to recovery if preparing user storage fails
        [RESTRICT AUTOMERGE] StorageManagerService: don't ignore failures to prepare user storage
      Change-Id: Ia902573185b3700e03308aa1a5f995b0ad0c9ee0
  3. 13 Jun, 2022 1 commit
  4. 07 Jun, 2022 1 commit
  5. 20 May, 2022 2 commits
  6. 16 May, 2022 2 commits
  7. 13 May, 2022 5 commits
    • Eric Biggers's avatar
      [RESTRICT AUTOMERGE] Log to EventLog on prepareUserStorage failure · bc641236
      Eric Biggers authored
      Bug: 224585613
      Change-Id: Id6dfb4f4c48d5cf4e71f54bdb6d0d6eea527caf5
      (cherry picked from commit fbb632ea95ac5b6d9efa89e09d0988a9df4f19e4)
      Merged-In: Id6dfb4f4c48d5cf4e71f54bdb6d0d6eea527caf5
      (cherry picked from commit 0762961674f1454b7c7012a0ab53c427570e836c)
      Merged-In: Id6dfb4f4c48d5cf4e71f54bdb6d0d6eea527caf5
    • Eric Biggers's avatar
      [RESTRICT AUTOMERGE] Ignore errors preparing user storage for existing users · d2da0319
      Eric Biggers authored
      Unfortunately we can't rule out the existence of devices where the user
      storage wasn't properly prepared, due to StorageManagerService
      previously ignoring errors from mVold.prepareUserStorage, combined with
      OEMs potentially creating files in per-user directories too early.  And
      forcing these broken devices to be factory reset upon taking an OTA is
      not currently considered to be acceptable.
      One option is to only check for prepareUserStorage errors on devices
      that launched with T or later.  However, this is a serious issue and it
      would be strongly preferable to do more than that.
      Therefore, this CL makes it so that errors are checked for all new
      users, rather than all new devices.  A field ignorePrepareStorageErrors
      is added to the user record; it is only ever set to true implicitly,
      when reading a user record from disk that lacks this field.  This field
      is used by StorageManagerService to decide whether to check for errors.
      Bug: 164488924
      Bug: 224585613
      Test: Intentionally made a device affected by this issue by reverting
            the CLs that introduced the error checks, and changing vold to
            inject an error into prepareUserStorage.   Then, flashed a build
            with this CL without wiping userdata.  The device still boots, as
            expected, and the log shows that the error was intentionally
            ignored.  Tested that if a second user is added, the error is
            *not* ignored and the second user's storage is destroyed before it
            can be used.  Finally, wiped the device and verified that it won't
            boot up anymore, as expected since error checking is enabled for
            the system user in that case.
      Change-Id: I9bdd1a4bf5b14542adb901f264a91d489115c89b
      (cherry picked from commit 60d8318c47b7b659716d71243d087b34ab327f64)
      Merged-In: I9bdd1a4bf5b14542adb901f264a91d489115c89b
      (cherry picked from commit e03e987337accde646e4e86c1fdfe02c0d78d743)
      Merged-In: I9bdd1a4bf5b14542adb901f264a91d489115c89b
    • Eric Biggers's avatar
      [RESTRICT AUTOMERGE] UserDataPreparer: reboot to recovery for system user only · 35835dce
      Eric Biggers authored
      With the next CL, old devices might contain a combination of old users
      with prepareUserStorage error checking disabled and new users with
      prepareUserStorage error checking enabled.  Factory resetting the whole
      device when any user fails to prepare may be too aggressive.  Also,
      UserDataPreparer already destroys the affected user's storage when it
      fails to prepare, which seems to be fairly effective at breaking things
      for that user (absent proper error handling by upper layers).
      Therefore, let's only factory reset the device if the failing user is
      the system user.
      Bug: 164488924
      Bug: 224585613
      Change-Id: Ia1db01ab4ec6b3b17d725f391c3500d92aa00f97
      (cherry picked from commit 4c76da76c9831266e4e63c0618150bed10a929a7)
      Merged-In: Ia1db01ab4ec6b3b17d725f391c3500d92aa00f97
      (cherry picked from commit ecf569bd1623231984e9ec9823edb82f52d7846a)
      Merged-In: Ia1db01ab4ec6b3b17d725f391c3500d92aa00f97
    • Eric Biggers's avatar
      [RESTRICT AUTOMERGE] UserDataPreparer: reboot to recovery if preparing user storage fails · 60643935
      Eric Biggers authored
      StorageManager.prepareUserStorage() can throw an exception if a
      directory cannot be encrypted, for example due to already being
      nonempty.  In this case, usage of the directory must not be allowed to
      proceed.  UserDataPreparer currently handles this by deleting the user's
      directories, but the error is still ultimately suppressed and starting
      the user is still allowed to proceed.
      The correct behavior in this case is to reboot into recovery to ask the
      user to factory reset the device.  This is already what happens when
      'init' fails to encrypt a directory with the system DE policy.  However,
      this was overlooked for the user directories.  Start doing this.
      Bug: 164488924
      Bug: 224585613
      Change-Id: Ib5e91d2510b25780d7a161b91b5cee2f6f7a2e54
      (cherry picked from commit 5256365e65882b81509ec2f6b9dfe2dcf0025254)
      Merged-In: Ib5e91d2510b25780d7a161b91b5cee2f6f7a2e54
      (cherry picked from commit 69c3ce70c6dcabf57219d338af86e569ea672ef5)
      Merged-In: Ib5e91d2510b25780d7a161b91b5cee2f6f7a2e54
    • Eric Biggers's avatar
      [RESTRICT AUTOMERGE] StorageManagerService: don't ignore failures to prepare user storage · 632a907f
      Eric Biggers authored
      We must never leave directories unencrypted.
      Bug: 164488924
      Bug: 224585613
      Change-Id: I9a38ab5cca1ae9c9ebff81fca04615fd83ebe4b2
      (cherry picked from commit 50946dd15fd14cbf92b5c7e32ac7a0f088b8b302)
      Merged-In: I9a38ab5cca1ae9c9ebff81fca04615fd83ebe4b2
      (cherry picked from commit ecffe3ecbf4cb01055bd2f852d95396f2475fc01)
      Merged-In: I9a38ab5cca1ae9c9ebff81fca04615fd83ebe4b2
  8. 10 May, 2022 1 commit
  9. 04 May, 2022 1 commit
    • Kevin F. Haggerty's avatar
      Merge tag 'android-security-11.0.0_r55' into staging/lineage-18.1_merge_android-security-11.0.0_r55 · d045f50e
      Kevin F. Haggerty authored
      Android Security 11.0.0 Release 55 (8287685)
      * tag 'android-security-11.0.0_r55':
        Always restart apps if base.apk gets updated.
        Verify caller before auto granting slice permission
        [DO NOT MERGE] Keyguard - Treat messsages to lock with priority
        [RESTRICT AUTOMERGE] Do not resume activity if behind a translucent task
        Filter notification APIs by user
      Change-Id: I3de384c44e161c0ad6b2dd0540e9ad0eb5346c11
  10. 02 May, 2022 9 commits
    • Android Build Coastguard Worker's avatar
      Merge cherrypicks of [16961349, 17186290, 17046136, 17343925, 17408864,... · 82f6df1c
      Android Build Coastguard Worker authored
      Merge cherrypicks of [16961349, 17186290, 17046136, 17343925, 17408864, 17591190, 17591530, 16908080, 17614780] into security-aosp-rvc-release.
      Change-Id: I47e20d457154fa79820017454ec6034645ffb1d5
    • Remi NGUYEN VAN's avatar
      Disallow PAP authentication when MPPE is requested · 392c061a
      Remi NGUYEN VAN authored
      MPPE cannot work if PAP is used as authentication, so it is not useful
      to allow PAP authentication when MPPE is enforced: establishing the
      tunnel would fail anyway with "MPPE required, but MS-CHAP[v2] auth not
      Also users enforcing MPPE may assume that this means PAP will not be
      used for authentication, so without this change MPPE enforcement gives a
      false sense of security, as PAP uses plain-text credentials.
      Bug: 201660636
      Test: atest VpnTest
      Merged-In: Ie318d45fe44294e97cf38da7f1834cf014cb4417
      Change-Id: Ie318d45fe44294e97cf38da7f1834cf014cb4417
      (cherry picked from commit 997a4a39268b4f3af7ccc388269b5eb1972d3624)
      (cherry picked from commit 4f319df8)
      Merged-In: Ie318d45fe44294e97cf38da7f1834cf014cb4417
    • Thomas Stuart's avatar
      limit TelecomManager#registerPhoneAccount to 10; api doc update · ddc1b5ad
      Thomas Stuart authored
      bug: 209814693
      Bug: 217934478
      Test: CTS
      Change-Id: I8e4425a4e7de716f86b1f1f56ea605d93f357a57
      Merged-In: I8e4425a4e7de716f86b1f1f56ea605d93f357a57
      (cherry picked from commit f0f67b5a)
      Merged-In: I8e4425a4e7de716f86b1f1f56ea605d93f357a57
    • Jonathan Scott's avatar
      [rvc] RESTRICT AUTOMERGE Add finalizeWorkProfileProvisioning. · 84c3e320
      Jonathan Scott authored
      Test: atest android.devicepolicy.cts.DevicePolicyManagerTest
      Bug: 210469972
      Change-Id: I2de99f9ccd8b27ffdc2562fa451f132e73d54317
      (cherry picked from commit bde28d28)
      Merged-In: I2de99f9ccd8b27ffdc2562fa451f132e73d54317
    • JW Wang's avatar
      Fix NPE · 6c65bf11
      JW Wang authored
      NPE happens when there is an orphaned session which we've
      tried to prevent in all cases.
      Log an error message if this situation happens.
      Bug: 227342978
      Test: atest CtsRootPackageInstallerHostTestCases
      Change-Id: Ia21323926bd9db1a6f05461904deb45b4c3dd0bc
      (cherry picked from commit 07e31dfb1efabc8110d64819f26a06e12a35e020)
      Merged-In: Ia21323926bd9db1a6f05461904deb45b4c3dd0bc
      (cherry picked from commit e58049a3)
      Merged-In: Ia21323926bd9db1a6f05461904deb45b4c3dd0bc
    • Oli Lan's avatar
      Prevent non-admin users from deleting system apps. · 9f80a969
      Oli Lan authored
      This addresses a security issue where the guest user can remove updates
      for system apps.
      With this CL, attempts to uninstall/downgrade system apps will fail if
      attempted by a non-admin user.
      This is a backport of ag/17352264.
      Bug: 170646036
      Test: manual, try uninstalling system app update as guest
      Change-Id: I79c3bf303e729e00d8fb12c40330bc10c5ffec6e
      Merged-In: I4e959e296cca9bbdfc8fccc5e5e0e654ca524165
      (cherry picked from commit 6c870e15)
      Merged-In: I79c3bf303e729e00d8fb12c40330bc10c5ffec6e
    • Ayush Sharma's avatar
      Fix security hole in GateKeeperResponse · 3ba41b36
      Ayush Sharma authored
      GateKeeperResponse has inconsistent writeToParcel() and
      createFromParcel() methods, making it possible for a malicious app to
      create a Bundle that changes contents after reserialization. Such
      Bundles can be used to execute Intents with system privileges.
      We fixed related issues previously for GateKeeperResponse class, but
      one of the case was remaining when payload is byte array of size 0,
      Fixing this case now.
      Bug: 220303465
      Test: With the POC provided in the bug.
      Change-Id: Ida28d611edd674e76ed39dd8037f52abcba82586
      Merged-In: Ida28d611edd674e76ed39dd8037f52abcba82586
      (cherry picked from commit 46653a91c30245ca29d41d69174813979a910496)
      Change-Id: I486348c7a01c6f59c952b20fb4a36429fff22958
      (cherry picked from commit 658c53c4)
      Merged-In: I486348c7a01c6f59c952b20fb4a36429fff22958
    • Julia Reynolds's avatar
      DO NOT MERGE Add an OEM configurable limit for zen rules · 99c7c068
      Julia Reynolds authored
      Test: ZenModeHelperTest
      Bug: 220735360
      Change-Id: I3da105951af90007bf48dc6cf00aed3e28778b36
      Merged-In: I3da105951af90007bf48dc6cf00aed3e28778b36
      (cherry picked from commit 1db5d402)
      Merged-In: I3da105951af90007bf48dc6cf00aed3e28778b36
    • David Christie's avatar
      Update GeofenceHardwareRequestParcelable to match parcel/unparcel format. · 3593792f
      David Christie authored
      Test: manual
      Bug: 216631962
      Change-Id: I3d6d1be9d6c312fe0bf98f600ff8fc9c617f8ec3
      (cherry picked from commit ba3acb3e)
      Merged-In: I3d6d1be9d6c312fe0bf98f600ff8fc9c617f8ec3
  11. 15 Apr, 2022 1 commit
  12. 05 Apr, 2022 2 commits
  13. 31 Mar, 2022 1 commit
  14. 30 Mar, 2022 4 commits
  15. 23 Mar, 2022 2 commits
  16. 22 Mar, 2022 2 commits
  17. 17 Mar, 2022 1 commit
  18. 16 Mar, 2022 1 commit
  19. 14 Mar, 2022 1 commit
  20. 10 Mar, 2022 1 commit