This project is mirrored from Pull mirroring updated .
  1. 24 Aug, 2021 3 commits
    • /e/ robot's avatar
    • Jakub Pawlowski's avatar
      Prevent drawing on top of DevicePickerActivity · 995e7be0
      Jakub Pawlowski authored
      Bug: 182584940
      Merged-In: I8b27b397bce1708a42b96b1b647c64e23142c468
      Change-Id: I8b27b397bce1708a42b96b1b647c64e23142c468
      (cherry picked from commit 9d99e0b3ff7f05c464a22fe0e0d965d8468cdfc1)
    • Tsung-Mao Fang's avatar
      Prevent HTML Injection on the Device Admin request screen · 3fe1c217
      Tsung-Mao Fang authored
      The root issue is that CharSequence is an interface.
      String implements that interface, however, Spanned class
      too which is a rich text format that can store HTML code.
      The solution is enforce to use String type which won't include
      any HTML function.
      Test: Rebuilt apk and see the string without HTML style.
      Bug: 179042963
      Change-Id: I53b460b12da918e022d2f2934f114d205dbaadb0
      Merged-In: I53b460b12da918e022d2f2934f114d205dbaadb0
      (cherry picked from commit 80c3f6d4d84f822d1c3f41e6cb55fc05130e2b17)
  2. 19 Jul, 2021 1 commit
  3. 08 Jun, 2021 2 commits
  4. 05 May, 2021 1 commit
    • Andras Kloczl's avatar
      Prevent using invalid result uri during multi user image change · a5ced096
      Andras Kloczl authored
      Test: manual
      Bug: 172939189
      Change-Id: I258c305f825da94474c8027828e3b9707b463699
      Merged-In: I258c305f825da94474c8027828e3b9707b463699
      Merged-In: I3e6f6200e82e86d6a2085652906ad2d0d44814f5
      Merged-In: Id2e598878b3250e8b3590905c6def561e2437d55
      Merged-In: I15e15ad88b768a5b679de32c5429d921d850a3cb
      (cherry picked from commit 6746add6)
  5. 16 Apr, 2021 1 commit
  6. 06 Apr, 2021 2 commits
    • Hugh Chen's avatar
      RESTRICT AUTOMERGE Update String · ae2a9257
      Hugh Chen authored
      Remove brackets.
      Bug: 176106404
      Bug: 167403112
      Test: build pass
      Change-Id: Ib9a3c4fa3c6ea1ca54244d672bdc3e12d51a719f
      (cherry picked from commit 48ec7459)
    • Hugh Chen's avatar
      RESTRICT AUTOMERGE Fix phishing attacks over Bluetooth due to unclear warning message · 5b8b4a01
      Hugh Chen authored
      Before this CL, there is a possible phishing attack allowing a malicious
      BT device to acquire permissions based on insufficient information
      presented to the user in the consent dialog. This could lead to local
      escalation of privilege with no additional execution privileges needed.
      User interaction is needed for exploitation.
      This CL add more prompts presented for users to avoid phishing attacks.
      Merge Conflict Notes:
      There were a number of entries in strings.xml that did not exist on this
      branch. However, as the CL only adds new entries rather than modifying
      old ones this should not cause a problem. There were no merge conflicts
      in the java files.
      Bug: 167403112
      Test: send intent to test right prompts message is pop up. make -j42 RunSettingsRoboTests
      Change-Id: Idc6ef558b692115bb82ea58cf223f5919b618633
      (cherry picked from commit 9037e43f)
  7. 10 Mar, 2021 1 commit
  8. 07 Mar, 2021 1 commit
  9. 17 Feb, 2021 1 commit
  10. 05 Feb, 2021 1 commit
  11. 03 Feb, 2021 2 commits
  12. 29 Oct, 2020 1 commit
  13. 28 Oct, 2020 1 commit
    • Sunny Shao's avatar
      Enable the filterTouchesWhenObscured in Special app access · b26ecda5
      Sunny Shao authored
      - Enable the filterTouchesWhenObscured attribute on all toggle
        switches in all pages of the special app access
      Bug: 155288585
      Test: make RunSettingsRoboTests
      Merged-In: I011cfe4b7e4e624a8338332ac47a353f7f3ab661
      Change-Id: I85842db3faa558ea61bc878ca76ff6d8ce1a4b03
      (cherry picked from commit 7359b384)
  14. 27 Oct, 2020 2 commits
  15. 06 Oct, 2020 1 commit
  16. 09 Sep, 2020 2 commits
  17. 23 Aug, 2020 1 commit
  18. 22 Aug, 2020 1 commit
    • Sunny Shao's avatar
      Allows to launch only authenticator owned activities · 6048a5c6
      Sunny Shao authored
      - 3rd party developers can define himself-authenticator
        and use the accountPreferences attribute to load the
        predefined preference UI.
      - If a developer defines an action intent to launch the
        other activity in xml and it would return true due
        to the true exported attribute and no permission.
      - To avoid launching arbitrary activity. Here allows
        to launch only authenticator owned activities.
      Bug: 150946634
      Test: make RunSettingsRoboTests -j
      Test: PoC app
      Change-Id: I5ce1a0b3838db7b3fbe48c6ea23d5f093d625cdb
      Merged-In: I5ce1a0b3838db7b3fbe48c6ea23d5f093d625cdb
      (cherry picked from commit d6d8f988)
      (cherry picked from commit 4b6e82fd)
  19. 06 Jun, 2020 1 commit
  20. 02 Jun, 2020 2 commits
  21. 20 May, 2020 2 commits
  22. 05 May, 2020 1 commit
    • Mill Chen's avatar
      RESTRICT AUTOMERGE · 121236d1
      Mill Chen authored
      Allow LockScreenPattern to be launched in the pinning screen
      If work profile lock is enabled and work app is pinned, users will get a
      black/white screen on the phone. That's because Settings is prevented
      from other apps launch any pages of Settings in the pinning mode.
      In order to launch some pages of Settings from other apps, we add a
      condition to the preventive mechanism and allow the activity inherited
      from SettingsBaseActivity to override the condition to have the activity
      to be launched from other apps in the pinning mode.
      Bug: 137015265
      Bug: 135604684
      Test: manual test
      Change-Id: I8070de79a83350d1658efcb19e983669dad0e673
      Merged-In: I8070de79a83350d1658efcb19e983669dad0e673
      (cherry picked from commit 3f4d3b4a)
  23. 14 Feb, 2020 1 commit
  24. 10 Feb, 2020 1 commit
  25. 05 Feb, 2020 1 commit
    • Mill Chen's avatar
      Prevent accounts page directly opening in screen pinning mode · b2087715
      Mill Chen authored
      In Settings there is no auth mechanism to prevent accounts page being
      opened in screen pinning mode. This CL makes it so that when users are
      trying to navigate to any pages in Settings from other apps in screen
      pinning mode, Settings app will directly close its page.
      Bug: 137015265
      Bug: 135604684
      Test: manual
      Change-Id: If26eda408a9ef6fa03ad82e5bee51bb7185950d6
      Merged-In: If26eda408a9ef6fa03ad82e5bee51bb7185950d6
      (cherry picked from commit f3242dab)
      (cherry picked from commit ad2502a9)
  26. 21 Jan, 2020 1 commit
  27. 25 Dec, 2019 1 commit
  28. 25 Nov, 2019 1 commit
  29. 15 Nov, 2019 2 commits
  30. 12 Nov, 2019 1 commit