Commits · v1-pie · e / os / android_packages_apps_Settings

This project is mirrored from https://github.com/LineageOS/android_packages_apps_Settings.git. Pull mirroring updated Sep 18, 2021.

10 Aug, 2021 1 commit
- Merge remote-tracking branch 'origin/lineage-16.0' into v1-pie · 9cefdd51
  /e/ robot authored Aug 10, 2021
  
  9cefdd51
04 Aug, 2021 1 commit

Merge tag 'android-security-9.0.0_r71' into staging/lineage-16.0_merge_android-security-9.0.0_r71 · fbe092ae

Kevin F. Haggerty authored Aug 04, 2021

Android Security 9.0.0 Release 71 (7449186)

* tag 'android-security-9.0.0_r71':
  RESTRICT AUTOMERGE Fix unable to send file via OPP
  RESTRICT AUTOMERGE Fix bluetooth settings will broadcast to anywhere when some cases

Change-Id: I663c95431ef34e368db1212852aa52aa819daaf1

fbe092ae

18 Jul, 2021 1 commit
- Merge remote-tracking branch 'origin/lineage-16.0' into v1-pie · aa639483
  /e/ robot authored Jul 18, 2021
  
  aa639483
09 Jul, 2021 1 commit

Merge tag 'android-security-9.0.0_r70' into staging/lineage-16.0_merge_android-security-9.0.0_r70 · c8b6a387

Kevin F. Haggerty authored Jul 08, 2021

Android security 9.0.0 release 70

* tag 'android-security-9.0.0_r70':
  Prevent drawing on top of DevicePickerActivity
  Prevent HTML Injection on the Device Admin request screen

Change-Id: Ifd31996eb33e92e369f55cb02912e4a584c36400

c8b6a387

17 Jun, 2021 1 commit
- Merge remote-tracking branch 'origin/lineage-16.0' into v1-pie · 0844e3ba
  /e/ robot authored Jun 17, 2021
  
  0844e3ba
11 Jun, 2021 3 commits

Merge cherrypicks of [14947012, 14947430, 14947171, 14947470, 14947471,... · a76c9f4c

Android Build Coastguard Worker authored Jun 11, 2021

Merge cherrypicks of [14947012, 14947430, 14947171, 14947470, 14947471, 14947013, 14947490] into security-aosp-pi-release

Change-Id: I409d5f8d7e7edf40ca5291d8c017540b7fdcd485

a76c9f4c

RESTRICT AUTOMERGE Fix unable to send file via OPP · 12117ce5

Hugh Chen authored Mar 12, 2021

Bluetooth app will indicate BluetoothOppReceiver to receive
device picker intent. But for fix the security issue we
removed the setClassName() method in ag/14111132 to avoid attack.
It causes BluetoothOppReceiver cannot receive the intent.

This CL will compare to calling package name with launch package name.
If they are not equal, the setClassName() will not invoke.

Bug: 186490534
Bug: 179386960
Bug: 179386068

Test: make RunSettingsRoboTests -j56
Change-Id: Ia51528f2a44ab73edbc86899ca0846d3262fe1f0
(cherry picked from commit bb5be240c0982f2e098978fec187fc735c0e7ad9)
(cherry picked from commit f727d5cf2ab9a88857c2d412f84f496ea4311f9b)

12117ce5

RESTRICT AUTOMERGE Fix bluetooth settings will broadcast to anywhere when some cases · a01db8fd

Hugh Chen authored Mar 12, 2021

BluetoothPermissionActivity and DevicePickerFragment will send
broadcast to return the result to calling apps. As this broadcast
intent is from Settings with uid 1000, it will be sent to any
protected BroadcastReceivers in the device. It can make an attacker
send broadcast to protected BroadcastReceivers like factory reset intent
(android/com.android.server.MasterClearReceiver) via
BluetoothPermissionActivity or DevicePickerFragment.

This CL will not allow to set package name and class name to avoid
the attacker.

Bug: 179386960
Bug: 179386068
Test: make -j42 RunSettingsRoboTests and use test apk to manually test
to verify factory reset not started and no system UI notification.

Change-Id: Id27a78091ab578077853b8fbb97a4422cff0a158
(cherry picked from commit 8adedc62496cf8cf6ecfc6ccf23b0b248081d7d4)
(cherry picked from commit 093ac45cd840162f9359ed158a86a230279d17ba)

a01db8fd

10 Jun, 2021 1 commit

Merge tag 'android-security-9.0.0_r69' into staging/lineage-16.0_merge_android-security-9.0.0_r69 · 51d0dcd1

Kevin F. Haggerty authored Jun 09, 2021

Android Security 9.0.0 Release 69 (7269718)

* tag 'android-security-9.0.0_r69':
  Hide non-system overlay window on ActivityPicker

Change-Id: I4a419b730b27c6803313e9b681a1dcb21b5eb4fb

51d0dcd1

04 Jun, 2021 2 commits

Merge cherrypicks of [14553530, 14552439, 14553531, 14553532, 14554542,... · 9e561c23

android-build-team Robot authored May 14, 2021

Merge cherrypicks of [14553530, 14552439, 14553531, 14553532, 14554542, 14551981, 14553644, 14553645, 14554582, 14554583, 14554584, 14553501, 14554602, 14554603, 14554604, 14552580, 14553646, 14553647] into security-aosp-pi-release

Change-Id: Iefedeef79095f09542a6936b2cb9cc45ca0c3361

9e561c23

Prevent drawing on top of DevicePickerActivity · 1f1d308e

Jakub Pawlowski authored May 10, 2021

Bug: 182584940
Merged-In: I8b27b397bce1708a42b96b1b647c64e23142c468
Change-Id: I8b27b397bce1708a42b96b1b647c64e23142c468
(cherry picked from commit 9d99e0b3ff7f05c464a22fe0e0d965d8468cdfc1)

1f1d308e

14 May, 2021 1 commit

Prevent HTML Injection on the Device Admin request screen · 6e78aae9

Tsung-Mao Fang authored Apr 13, 2021

The root issue is that CharSequence is an interface.
String implements that interface, however, Spanned class
too which is a rich text format that can store HTML code.

The solution is enforce to use String type which won't include
any HTML function.

Test: Rebuilt apk and see the string without HTML style.
Bug: 179042963
Change-Id: I53b460b12da918e022d2f2934f114d205dbaadb0
Merged-In: I53b460b12da918e022d2f2934f114d205dbaadb0
(cherry picked from commit 80c3f6d4d84f822d1c3f41e6cb55fc05130e2b17)

6e78aae9

10 May, 2021 1 commit
- Merge remote-tracking branch 'origin/lineage-16.0' into v1-pie · cdb4ca2d
  /e/ robot authored May 10, 2021
  
  cdb4ca2d
05 May, 2021 1 commit

Merge tag 'android-security-9.0.0_r68' into staging/lineage-16.0_merge_android-security-9.0.0_r68 · d9f2f6f4

Kevin F. Haggerty authored May 05, 2021

Android Security 9.0.0 Release 68 (7249336)

* tag 'android-security-9.0.0_r68':
  Prevent using invalid result uri during multi user image change

Change-Id: I5d66092c73b0750ebcb8415e9d8973a5e57d8a3e

d9f2f6f4

13 Apr, 2021 1 commit
- Merge branch 'lineage-16.0' into v1-pie · 9f442a1e
  Romain Hunault authored Apr 13, 2021
  
  9f442a1e
08 Apr, 2021 2 commits

Merge cherrypicks of [14126781, 14126782, 14127202, 14128466, 14127516,... · 320ff004

android-build-team Robot authored Apr 08, 2021

Merge cherrypicks of [14126781, 14126782, 14127202, 14128466, 14127516, 14128057, 14127204, 14128747, 14128708, 14128059, 14128686, 14128127, 14128507, 14128809, 14128810, 14128811, 14128812] into security-aosp-pi-release

Change-Id: I40a76fb1045e81d2e9378e180f33d5c18d74038f

320ff004

Hide non-system overlay window on ActivityPicker · 2bf3ac56

Arc Wang authored Apr 07, 2021

To improve security.

Bug: 181962311
Test: manual
      Show an AlertDialog and observe if it will hide after below command.
      adb shell am start -a android.intent.action.PICK_ACTIVITY -n com.android.settings/.ActivityPicker
Change-Id: I43bb0f47a96719c61c5beb4ddf486b14cbdd6ee8
Merged-In: I6e2845cc19dc012cba2933318a067bbb8db90a23
(cherry picked from commit 636e70fb)

2bf3ac56

07 Apr, 2021 1 commit

Merge tag 'android-security-9.0.0_r67' into staging/lineage-16.0_merge_android-security-9.0.0_r67 · a0311f07

Kevin F. Haggerty authored Apr 07, 2021

Android security 9.0.0 release 67

* tag 'android-security-9.0.0_r67':
  RESTRICT AUTOMERGE Update String
  RESTRICT AUTOMERGE Fix phishing attacks over Bluetooth due to unclear warning message

Change-Id: If1130e1c0088ae009e0776365dd2c09e29bf090d

a0311f07

02 Apr, 2021 2 commits
- Merge branch 'add_switch_updater_pie' into 'v1-pie' · d3c46636
  Romain Hunault authored Apr 02, 2021
```
Add switch updater pie

See merge request !69
```
  d3c46636
- Switch to select prod or staging OTA server · 581758b8
  Mohit Mali authored Apr 02, 2021
  
  581758b8
13 Mar, 2021 1 commit

Prevent using invalid result uri during multi user image change · 188ade07

Andras Kloczl authored Mar 09, 2021

Test: manual
Bug: 172939189
Change-Id: I258c305f825da94474c8027828e3b9707b463699
Merged-In: I258c305f825da94474c8027828e3b9707b463699
Merged-In: I3e6f6200e82e86d6a2085652906ad2d0d44814f5
Merged-In: Id2e598878b3250e8b3590905c6def561e2437d55
Merged-In: I15e15ad88b768a5b679de32c5429d921d850a3cb
(cherry picked from commit 9c0024f4)

188ade07

10 Mar, 2021 2 commits
- Merge branch 'microg_provider_pie' into 'v1-pie' · 160eb497
  Romain Hunault authored Mar 10, 2021
```
microg content provider changes for pie

See merge request !72
```
  160eb497
- Use content provider to let Apps know when microG EN is uninstalled · 73ed87e8
  Mohit Mali authored Mar 10, 2021
  
  73ed87e8
24 Feb, 2021 2 commits
- Merge branch 'reset_text_fix_pie' into 'v1-pie' · 42ad808b
  Romain Hunault authored Feb 24, 2021
```
Implemented  text change in remaining language in strings file

See merge request !68
```
  42ad808b
- Implemented text change in remaining language in strings file · 9279e9b1
  Mohit Mali authored Feb 24, 2021
  
  9279e9b1
19 Feb, 2021 3 commits
- Merge branch 'updater-in-search' into 'v1-pie' · ae653290
  narinder Rana authored Feb 19, 2021
```
Add SystemUpdaterSettings to SearchIndexableResources

See merge request !63
```
  ae653290
- Merge branch 'add_microg_uninstall_pie' into 'v1-pie' · 26e611e9
  Amit Kumar authored Feb 19, 2021
```
Add microg uninstall pie

See merge request !66
```
  26e611e9
- Add broadcast receiver for microg uninstall · 65fa57df
  Mohit Mali authored Feb 19, 2021
  
  65fa57df
10 Feb, 2021 1 commit
- Merge branch 'update_text_factory_reset' into 'v1-pie' · b10d3b64
  Amit Kumar authored Feb 10, 2021
```
Change text in factory reset

See merge request !62
```
  b10d3b64
07 Feb, 2021 2 commits
- Merge remote-tracking branch 'origin/lineage-16.0' into v1-pie · a335ced5
  /e/ robot authored Feb 07, 2021
  
  a335ced5
- Add SystemUpdaterSettings to SearchIndexableResources · 74e65ec7
  Amit Kumar authored Feb 07, 2021
```
Change-Id: I9bad7d9b0e4726de019aaddd7808d96159379ba0
```
  74e65ec7
05 Feb, 2021 3 commits

RESTRICT AUTOMERGE Update String · b158f9d6

Hugh Chen authored Dec 22, 2020

Remove brackets.

Bug: 176106404
Bug: 167403112
Test: build pass
Change-Id: Ib9a3c4fa3c6ea1ca54244d672bdc3e12d51a719f
(cherry picked from commit ccbe74f5)

b158f9d6

RESTRICT AUTOMERGE Fix phishing attacks over Bluetooth due to unclear warning message · 2aeb5295

Hugh Chen authored Dec 17, 2020

Before this CL, there is a possible phishing attack allowing a malicious
BT device to acquire permissions based on insufficient information
presented to the user in the consent dialog. This could lead to local
escalation of privilege with no additional execution privileges needed.
User interaction is needed for exploitation.

This CL add more prompts presented for users to avoid phishing attacks.

Merge Conflict Notes:
There were a number of entries in strings.xml that did not exist on this
branch. However, as the CL only adds new entries rather than modifying
old ones this should not cause a problem. There were no merge conflicts
in the java files.

Bug: 167403112
Test: send intent to test right prompts message is pop up. make -j42 RunSettingsRoboTests
Change-Id: Idc6ef558b692115bb82ea58cf223f5919b618633
(cherry picked from commit 01a50db6)

2aeb5295

Use the new GitLab CI template · 60d12ead
Romain Hunault authored Feb 05, 2021

60d12ead

02 Feb, 2021 1 commit

Merge tag 'android-security-9.0.0_r65' of... · d2c786ec

Kevin F. Haggerty authored Feb 02, 2021

Merge tag 'android-security-9.0.0_r65' of https://android.googlesource.com/platform/packages/apps/Settings into staging/lineage-16.0_merge_android-security-9.0.0_r65

Android security 9.0.0 release 65

* tag 'android-security-9.0.0_r65' of https://android.googlesource.com/platform/packages/apps/Settings:
  Prevent overlay drawing on top of Bluetooth activity dialog
  Add bluetooth package to permission request intent
  RESTRICT AUTOMERGE Prevent non-system overlays from showing over notification listener consent dialog

Change-Id: I4834e100946169b635a369994bc5953ed339dd69

d2c786ec

28 Jan, 2021 1 commit
- Change text in factory reset · e68deded
  Mohit Mali authored Jan 28, 2021
  
  e68deded
16 Jan, 2021 2 commits
- Merge remote-tracking branch 'origin/lineage-16.0' into v1-pie · de9f77c0
  /e/ robot authored Jan 16, 2021
  
  de9f77c0
- Automatic translation import · 6437b8cf
  LineageOS Builder authored Jan 16, 2021
```
Change-Id: Iee57d47397f3060403606fcea3520190e208258e
```
  6437b8cf
16 Dec, 2020 2 commits
- Merge remote-tracking branch 'origin/lineage-16.0' into v1-pie · 1adedd54
  /e/ robot authored Dec 16, 2020
  
  1adedd54
- Automatic translation import · 20064c79
  LineageOS Builder authored Dec 16, 2020
```
Change-Id: If9e4584060cc861fe4457b4ddb284d0f3bae7e52
```
  20064c79