Skip to content

Commit

Permalink
ASB JAN 2025 Security Patches integration
Browse files Browse the repository at this point in the history
Integrating Google Android Security Bulletin Patches

Test done: STS r34 TCs Passed 100% on MBL with ACRN
Bare metal scenario not tested, as blocked by the issue: OAM-129200

Tracked-On: OAM-129118
Signed-off-by: AlamIntel <[email protected]>
  • Loading branch information
AlamIntel committed Jan 16, 2025
1 parent b6dca63 commit 597e75a
Show file tree
Hide file tree
Showing 26 changed files with 4,122 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ index dba897a9c3..a2dae42533 100644
# It must match one of the Android Security Patch Level strings of the Public Security Bulletins.
# If there is no $PLATFORM_SECURITY_PATCH set, keep it empty.
- PLATFORM_SECURITY_PATCH := 2024-02-05
+ PLATFORM_SECURITY_PATCH := 2024-11-01
+ PLATFORM_SECURITY_PATCH := 2025-01-01
endif

include $(BUILD_SYSTEM)/version_util.mk
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
From 3281e14f6b9b85473145ee0ae33b8d4b8fbabffe Mon Sep 17 00:00:00 2001
From: Sadaf Ebrahimi <[email protected]>
Date: Tue, 17 Sep 2024 21:02:42 +0000
Subject: [PATCH] Fix potential overflow when calculating ImageSize

The modified if statement doesn't check the size of ImageDesc.Width and
ImageDesc.Height. If ImageDesc.Width and ImageDesc.Height are larger
than SIZE_MAX, then ImageSize overflows.

Bug: 355461643
Test: TreeHugger
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:a6ede43ad88693f782f3a6c5b8b9b9c451151ac7)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:da6189e11ed4ea9199a82b4b0d2bd7bed04a7efb)
Merged-In: Ieef04e789acf783eda2dff2cd9284ed204f1d117
Change-Id: Ieef04e789acf783eda2dff2cd9284ed204f1d117
---
dgif_lib.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/dgif_lib.c b/dgif_lib.c
index 66a1d6a..7b43a6a 100644
--- a/dgif_lib.c
+++ b/dgif_lib.c
@@ -1099,8 +1099,10 @@ DGifSlurp(GifFileType *GifFile)

sp = &GifFile->SavedImages[GifFile->ImageCount - 1];
/* Allocate memory for the image */
- if (sp->ImageDesc.Width < 0 && sp->ImageDesc.Height < 0 &&
- sp->ImageDesc.Width > (INT_MAX / sp->ImageDesc.Height)) {
+ if (sp->ImageDesc.Width <= 0 ||
+ sp->ImageDesc.Height <= 0 ||
+ sp->ImageDesc.Width >
+ (INT_MAX / sp->ImageDesc.Height)) {
return GIF_ERROR;
}
ImageSize = sp->ImageDesc.Width * sp->ImageDesc.Height;
--
2.46.1.824.gd892dcdcdd-goog

Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
From 8a867d29099b893204eecc1d3fbaffa467e7713f Mon Sep 17 00:00:00 2001
From: Jean-Michel Trivi <[email protected]>
Date: Mon, 24 Jun 2024 17:29:14 -0700
Subject: [PATCH] RingtoneManager: allow video ringtone URI

When checking the MIME type for the default ringtone, also
allow it to refer to video content.

Bug: 205837340
Test: see POC + atest android.media.audio.cts.RingtoneManagerTest
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:a513c6e476844c16176e57c222b1a5ac9417cbb4)
Merged-In: Iac9f27f14bae29e0fabc31e05da2357f6f4f16c7
Change-Id: Iac9f27f14bae29e0fabc31e05da2357f6f4f16c7
---
media/java/android/media/RingtoneManager.java | 8 ++++++--
.../android/providers/settings/SettingsProvider.java | 11 +++++++----
2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/media/java/android/media/RingtoneManager.java b/media/java/android/media/RingtoneManager.java
index ff369c8a5eee..11c80d3578b1 100644
--- a/media/java/android/media/RingtoneManager.java
+++ b/media/java/android/media/RingtoneManager.java
@@ -924,9 +924,13 @@ public class RingtoneManager {
+ " ignored: failure to find mimeType (no access from this context?)");
return;
}
- if (!(mimeType.startsWith("audio/") || mimeType.equals("application/ogg"))) {
+ if (!(mimeType.startsWith("audio/") || mimeType.equals("application/ogg")
+ || mimeType.equals("application/x-flac")
+ // also check for video ringtones
+ || mimeType.startsWith("video/") || mimeType.equals("application/mp4"))) {
Log.e(TAG, "setActualDefaultRingtoneUri for URI:" + ringtoneUri
- + " ignored: associated mimeType:" + mimeType + " is not an audio type");
+ + " ignored: associated MIME type:" + mimeType
+ + " is not a recognized audio or video type");
return;
}
}
diff --git a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
index b785d6f7f858..44f043ee75aa 100644
--- a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
+++ b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
@@ -1985,7 +1985,7 @@ public class SettingsProvider extends ContentProvider {

File cacheFile = getCacheFile(name, callingUserId);
if (cacheFile != null) {
- if (!isValidAudioUri(name, value)) {
+ if (!isValidMediaUri(name, value)) {
return false;
}
// Invalidate any relevant cache files
@@ -2046,7 +2046,7 @@ public class SettingsProvider extends ContentProvider {
return true;
}

- private boolean isValidAudioUri(String name, String uri) {
+ private boolean isValidMediaUri(String name, String uri) {
if (uri != null) {
Uri audioUri = Uri.parse(uri);
if (Settings.AUTHORITY.equals(
@@ -2064,10 +2064,13 @@ public class SettingsProvider extends ContentProvider {
return false;
}
if (!(mimeType.startsWith("audio/") || mimeType.equals("application/ogg")
- || mimeType.equals("application/x-flac"))) {
+ || mimeType.equals("application/x-flac")
+ // also check for video ringtones
+ || mimeType.startsWith("video/") || mimeType.equals("application/mp4"))) {
Slog.e(LOG_TAG,
"mutateSystemSetting for setting: " + name + " URI: " + audioUri
- + " ignored: associated mimeType: " + mimeType + " is not an audio type");
+ + " ignored: associated MIME type: " + mimeType
+ + " is not a recognized audio or video type");
return false;
}
}
--
2.46.0

Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
From ea3337c88a8cb8922447065c16f464300d0b8465 Mon Sep 17 00:00:00 2001
From: Thomas Stuart <[email protected]>
Date: Thu, 6 Jun 2024 22:36:40 +0000
Subject: [PATCH] enforce limits for VisualVoicemailSmsFilterSettings
properties

- clientPrefix is now limited to 256 characters
- originatingNumbers is now limited to a list size of 100 and
each element is also limited to 256 characters

Bug: 308932906
Test: CTS
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:f39f15e2389d967d5dda329bd733a477b90d589c)
Merged-In: Id4b4358b141bb211a7e340b979774850b4bd2403
Change-Id: Id4b4358b141bb211a7e340b979774850b4bd2403
---
.../VisualVoicemailSmsFilterSettings.java | 27 +++++++++++++++++++
1 file changed, 27 insertions(+)

diff --git a/telephony/java/android/telephony/VisualVoicemailSmsFilterSettings.java b/telephony/java/android/telephony/VisualVoicemailSmsFilterSettings.java
index eadb726bf63b..2b515c9b5cd1 100644
--- a/telephony/java/android/telephony/VisualVoicemailSmsFilterSettings.java
+++ b/telephony/java/android/telephony/VisualVoicemailSmsFilterSettings.java
@@ -64,6 +64,14 @@ public final class VisualVoicemailSmsFilterSettings implements Parcelable {
* @hide
*/
public static final int DEFAULT_DESTINATION_PORT = DESTINATION_PORT_ANY;
+ /**
+ * @hide
+ */
+ public static final int MAX_STRING_LENGTH = 256;
+ /**
+ * @hide
+ */
+ public static final int MAX_LIST_SIZE = 100;

/**
* Builder class for {@link VisualVoicemailSmsFilterSettings} objects.
@@ -82,11 +90,16 @@ public final class VisualVoicemailSmsFilterSettings implements Parcelable {
/**
* Sets the client prefix for the visual voicemail SMS filter. The client prefix will appear
* at the start of a visual voicemail SMS message, followed by a colon(:).
+ * @throws IllegalArgumentException if the string length is greater than 256 characters
*/
public Builder setClientPrefix(String clientPrefix) {
if (clientPrefix == null) {
throw new IllegalArgumentException("Client prefix cannot be null");
}
+ if (clientPrefix.length() > MAX_STRING_LENGTH) {
+ throw new IllegalArgumentException("Client prefix cannot be greater than "
+ + MAX_STRING_LENGTH + " characters");
+ }
mClientPrefix = clientPrefix;
return this;
}
@@ -95,11 +108,25 @@ public final class VisualVoicemailSmsFilterSettings implements Parcelable {
* Sets the originating number allow list for the visual voicemail SMS filter. If the list
* is not null only the SMS messages from a number in the list can be considered as a visual
* voicemail SMS. Otherwise, messages from any address will be considered.
+ * @throws IllegalArgumentException if the size of the originatingNumbers list is greater
+ * than 100 elements
+ * @throws IllegalArgumentException if an element within the originatingNumbers list has
+ * a string length greater than 256
*/
public Builder setOriginatingNumbers(List<String> originatingNumbers) {
if (originatingNumbers == null) {
throw new IllegalArgumentException("Originating numbers cannot be null");
}
+ if (originatingNumbers.size() > MAX_LIST_SIZE) {
+ throw new IllegalArgumentException("The originatingNumbers list size cannot be"
+ + " greater than " + MAX_STRING_LENGTH + " elements");
+ }
+ for (String num : originatingNumbers) {
+ if (num != null && num.length() > MAX_STRING_LENGTH) {
+ throw new IllegalArgumentException("Numbers within the originatingNumbers list"
+ + " cannot be greater than" + MAX_STRING_LENGTH + " characters");
+ }
+ }
mOriginatingNumbers = originatingNumbers;
return this;
}
--
2.46.1.824.gd892dcdcdd-goog

Loading

0 comments on commit 597e75a

Please sign in to comment.