ASB JAN 2025 Security Patches integration

Integrating Google Android Security Bulletin Patches.

Test done: STS r34 TCs Passed (Tested on EB-4417 & 4149)

Tracked-On: OAM-128566
Signed-off-by: AlamIntel <[email protected]>

aosp_diff/preliminary/build/release/0001-Update-RELEASE_PLATFORM_SECURITY_PATCH-string.patch

@@ -0,0 +1,27 @@
+From 557549b925dd19c62bfe522d1769bee59d2beed2 Mon Sep 17 00:00:00 2001
+From: "Alam, Sahibex" <[email protected]>
+Date: Thu, 9 Jan 2025 20:44:37 +0530
+Subject: [PATCH] Update RELEASE_PLATFORM_SECURITY_PATCH string
+
+Security_patch_level needs to be updated
+When ASB Security patches are integrated
+
+Tracked-On: OAM-125942
+Signed-off-by: Alam, Sahibex <[email protected]>
+---
+ flag_values/ap3a/RELEASE_PLATFORM_SECURITY_PATCH.textproto | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/flag_values/ap3a/RELEASE_PLATFORM_SECURITY_PATCH.textproto b/flag_values/ap3a/RELEASE_PLATFORM_SECURITY_PATCH.textproto
+index ce29523c..5f7ab423 100644
+--- a/flag_values/ap3a/RELEASE_PLATFORM_SECURITY_PATCH.textproto
++++ b/flag_values/ap3a/RELEASE_PLATFORM_SECURITY_PATCH.textproto
+@@ -1,4 +1,4 @@
+ name: "RELEASE_PLATFORM_SECURITY_PATCH"
+ value: {
+-  string_value: "2024-11-05"
++  string_value: "2025-01-01"
+ }
+-- 
+2.34.1
+

aosp_diff/preliminary/frameworks/base/0013-enforce-limits-for-VisualVoicemailSmsFilterSettings-properties.bulletin.patch

@@ -0,0 +1,84 @@
+From bcb1316835dc31f33f0c3b409ee847c389c09d2b Mon Sep 17 00:00:00 2001
+From: Thomas Stuart <[email protected]>
+Date: Thu, 6 Jun 2024 22:36:40 +0000
+Subject: [PATCH] enforce limits for VisualVoicemailSmsFilterSettings
+ properties
+
+- clientPrefix is now limited to 256 characters
+- originatingNumbers is now limited to a list size of 100 and
+  each element is also limited to 256 characters
+
+Bug: 308932906
+Test: CTS
+(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:25b326e4844671a18c30426c5bc5d7481fb83d54)
+Merged-In: Id4b4358b141bb211a7e340b979774850b4bd2403
+Change-Id: Id4b4358b141bb211a7e340b979774850b4bd2403
+---
+ .../VisualVoicemailSmsFilterSettings.java     | 27 +++++++++++++++++++
+ 1 file changed, 27 insertions(+)
+
+diff --git a/telephony/java/android/telephony/VisualVoicemailSmsFilterSettings.java b/telephony/java/android/telephony/VisualVoicemailSmsFilterSettings.java
+index eadb726bf63b..2b515c9b5cd1 100644
+--- a/telephony/java/android/telephony/VisualVoicemailSmsFilterSettings.java
++++ b/telephony/java/android/telephony/VisualVoicemailSmsFilterSettings.java
+@@ -64,6 +64,14 @@ public final class VisualVoicemailSmsFilterSettings implements Parcelable {
+      * @hide
+      */
+     public static final int DEFAULT_DESTINATION_PORT = DESTINATION_PORT_ANY;
++    /**
++     * @hide
++     */
++    public static final int MAX_STRING_LENGTH = 256;
++    /**
++     * @hide
++     */
++    public static final int MAX_LIST_SIZE = 100;
+
+     /**
+      * Builder class for {@link VisualVoicemailSmsFilterSettings} objects.
+@@ -82,11 +90,16 @@ public final class VisualVoicemailSmsFilterSettings implements Parcelable {
+         /**
+          * Sets the client prefix for the visual voicemail SMS filter. The client prefix will appear
+          * at the start of a visual voicemail SMS message, followed by a colon(:).
++         * @throws IllegalArgumentException if the string length is greater than 256 characters
+          */
+         public Builder setClientPrefix(String clientPrefix) {
+             if (clientPrefix == null) {
+                 throw new IllegalArgumentException("Client prefix cannot be null");
+             }
++            if (clientPrefix.length() > MAX_STRING_LENGTH) {
++                throw new IllegalArgumentException("Client prefix cannot be greater than "
++                        + MAX_STRING_LENGTH + " characters");
++            }
+             mClientPrefix = clientPrefix;
+             return this;
+         }
+@@ -95,11 +108,25 @@ public final class VisualVoicemailSmsFilterSettings implements Parcelable {
+          * Sets the originating number allow list for the visual voicemail SMS filter. If the list
+          * is not null only the SMS messages from a number in the list can be considered as a visual
+          * voicemail SMS. Otherwise, messages from any address will be considered.
++         * @throws IllegalArgumentException if the size of the originatingNumbers list is greater
++         * than 100 elements
++         * @throws IllegalArgumentException if an element within the originatingNumbers list has
++         * a string length greater than 256
+          */
+         public Builder setOriginatingNumbers(List<String> originatingNumbers) {
+             if (originatingNumbers == null) {
+                 throw new IllegalArgumentException("Originating numbers cannot be null");
+             }
++            if (originatingNumbers.size() > MAX_LIST_SIZE) {
++                throw new IllegalArgumentException("The originatingNumbers list size cannot be"
++                        + " greater than " + MAX_STRING_LENGTH + " elements");
++            }
++            for (String num : originatingNumbers) {
++                if (num != null && num.length() > MAX_STRING_LENGTH) {
++                    throw new IllegalArgumentException("Numbers within the originatingNumbers list"
++                            + " cannot be greater than" + MAX_STRING_LENGTH + " characters");
++                }
++            }
+             mOriginatingNumbers = originatingNumbers;
+             return this;
+         }
+-- 
+2.46.1.824.gd892dcdcdd-goog
+

aosp_diff/preliminary/frameworks/base/0014-Ensure-group-summary-and-any-notifications-added-directly-by-NM.bulletin.patch

@@ -0,0 +1,80 @@
+From 92b1da4e4c657d73ad10fdf21ad1729f654be1a8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Mat=C3=ADas=20Hern=C3=A1ndez?= <[email protected]>
+Date: Mon, 24 Jun 2024 18:43:59 +0200
+Subject: [PATCH] Ensure group summary (and any notifications added directly by
+ NMS) have the correct token
+
+All notifications must have the same token so that their serialization works as intended.
+
+Bug: 328254922
+Bug: 305695605
+Bug: 346360609
+Flag: android.app.secure_allowlist_token
+Test: atest NotificationManagerServiceTest
+(cherry picked from commit c18c614aec9e5345caab70446f058d8706185776)
+(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:faba96efff401d77243a3f257fb12512a8efe379)
+Merged-In: I26784a729506169b3fe8481094cc4f5ab7b8a92b
+Change-Id: I26784a729506169b3fe8481094cc4f5ab7b8a92b
+---
+ .../NotificationManagerService.java           | 10 ++++----
+ .../NotificationManagerServiceTest.java       | 23 +++++++++++++++++++
+ 2 files changed, 29 insertions(+), 4 deletions(-)
+
+diff --git a/services/core/java/com/android/server/notification/NotificationManagerService.java b/services/core/java/com/android/server/notification/NotificationManagerService.java
+index b15fcc917588..d289c50dff41 100644
+--- a/services/core/java/com/android/server/notification/NotificationManagerService.java
++++ b/services/core/java/com/android/server/notification/NotificationManagerService.java
+@@ -8863,10 +8863,12 @@ public class NotificationManagerService extends SystemService {
+          */
+         private boolean enqueueNotification() {
+             synchronized (mNotificationLock) {
+-                // allowlistToken is populated by unparceling, so it will be absent if the
+-                // EnqueueNotificationRunnable is created directly by NMS (as we do for group
+-                // summaries) instead of via notify(). Fix that.
+-                r.getNotification().overrideAllowlistToken(ALLOWLIST_TOKEN);
++                if (android.app.Flags.secureAllowlistToken()) {
++                    // allowlistToken is populated by unparceling, so it will be absent if the
++                    // EnqueueNotificationRunnable is created directly by NMS (as we do for group
++                    // summaries) instead of via notify(). Fix that.
++                    r.getNotification().overrideAllowlistToken(ALLOWLIST_TOKEN);
++                }
+
+                 final long snoozeAt =
+                         mSnoozeHelper.getSnoozeTimeForUnpostedNotification(
+diff --git a/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java b/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java
+index 130690d80b70..58ce5fda4e79 100644
+--- a/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java
++++ b/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java
+@@ -14331,6 +14331,29 @@ public class NotificationManagerServiceTest extends UiServiceTestCase {
+         assertNotSame(0, n.flags & Notification.FLAG_NO_DISMISS);
+     }
+
++    @Test
++    @EnableFlags(android.app.Flags.FLAG_SECURE_ALLOWLIST_TOKEN)
++    public void enqueueNotification_directlyThroughRunnable_populatesAllowlistToken() {
++        Notification receivedWithoutParceling = new Notification.Builder(mContext, TEST_CHANNEL_ID)
++                .setContentIntent(createPendingIntent("content"))
++                .build();
++        NotificationRecord record = new NotificationRecord(
++                mContext,
++                new StatusBarNotification(mPkg, mPkg, 1, "tag", mUid, 44, receivedWithoutParceling,
++                        mUser, "groupKey", 0),
++                mTestNotificationChannel);
++        assertThat(record.getNotification().getAllowlistToken()).isNull();
++
++        mWorkerHandler.post(
++                mService.new EnqueueNotificationRunnable(mUserId, record, false, false,
++                mPostNotificationTrackerFactory.newTracker(null)));
++        waitForIdle();
++
++        assertThat(mService.mNotificationList).hasSize(1);
++        assertThat(mService.mNotificationList.get(0).getNotification().getAllowlistToken())
++                .isEqualTo(NotificationManagerService.ALLOWLIST_TOKEN);
++    }
++
+     @Test
+     public void fixExemptAppOpNotification_withoutAppOpsFlag_shouldBeDismissible()
+             throws Exception {
+-- 
+2.34.1
+