-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
6 months worth of security patches! #8
base: 12.1
Are you sure you want to change the base?
Commits on Aug 8, 2023
-
Add DISALLOW_APPS_CONTROL check into uninstall app for all users
Settings App info page supports a "Uninstall for all users" function when multiple users are enabled. It bypasses the restriction of DISALLOW_APPS_CONTROL which breaks the user isolation guideline. To fix this vulnerability, we should check the DISALLOW_APPS_CONTROL restriction to provide the "Uninstall for all users" function. Bug: 258653813 Test: manual & robotests Change-Id: I5d3bbcbaac439c4f7a1e6a9ade7775ff4f2f2ec6 Merged-In: I5d3bbcbaac439c4f7a1e6a9ade7775ff4f2f2ec6 (cherry picked from commit 16500a7ada6b0730bec2787055667c4394fa3468) Merged-In: I5d3bbcbaac439c4f7a1e6a9ade7775ff4f2f2ec6
Configuration menu - View commit details
-
Copy full SHA for 520b8d0 - Browse repository at this point
Copy the full SHA 520b8d0View commit details -
Settings 2-pane deep link vulnerabilities
Settings app must not start an deep link Activity if 1. The deep link Activity is not exported. or 2. Calling package does not have the permission to start the deep link Activity. Bug: 250589026 Test: make RunSettingsRoboTests ROBOTEST_FILTER=SettingsHomepageActivityTest Change-Id: I9a3bddfa5d9d1d2e924dd6f3e5e07dca6c11664f Merged-In: I9a3bddfa5d9d1d2e924dd6f3e5e07dca6c11664f (cherry picked from commit 434c8934c4aa416931a66626016d94712e47d617) Merged-In: I9a3bddfa5d9d1d2e924dd6f3e5e07dca6c11664f
Configuration menu - View commit details
-
Copy full SHA for 2014f44 - Browse repository at this point
Copy the full SHA 2014f44View commit details -
Allow 2-pane deep link to access unexported Activity
If an Activity is not exported, the Activity still can be launched by components of the same application, applications with the same user ID, or privileged system components. Bug: 261678674 Bug: 250589026 Test: manual visual Launcher -> context menu -> Wallpaper & style Change-Id: I662df6cb287361b135e2c596abe946ddeb03bda4 Merged-In: I662df6cb287361b135e2c596abe946ddeb03bda4 (cherry picked from commit 04989073225435ffdbd04f795dcc99c269fa35d5) Merged-In: I662df6cb287361b135e2c596abe946ddeb03bda4
Configuration menu - View commit details
-
Copy full SHA for 1dd8d32 - Browse repository at this point
Copy the full SHA 1dd8d32View commit details -
Check Uri permission for FLAG_GRANT_READ/WRITE_URI_PERMISSION
To improve security, calling app must be granted Uri permission if it sets FLAG_GRANT_READ/WRITE_URI_PERMISSION in the Intent of ACTION_SETTINGS_EMBED_DEEP_LINK_ACTIVITY. Bug: 250589026 Test: manual Change-Id: I48f88c662b843212b1066369badff84cf98935a8 Merged-In: I48f88c662b843212b1066369badff84cf98935a8 (cherry picked from commit 0f7f913281fff39d533b4ae325ba2fd11f0ae204) Merged-In: I48f88c662b843212b1066369badff84cf98935a8
Configuration menu - View commit details
-
Copy full SHA for 645e563 - Browse repository at this point
Copy the full SHA 645e563View commit details -
Only primary user is allowed to control secure nfc
Bug: 238298970 Test: manual Merged-In: I945490ef1e62af479a732c9a260ed94bdd8bc313 Change-Id: I945490ef1e62af479a732c9a260ed94bdd8bc313 (cherry picked from commit 0e57ff90cdae3575c243d21d490e2b6384d33397) Merged-In: I945490ef1e62af479a732c9a260ed94bdd8bc313
Configuration menu - View commit details
-
Copy full SHA for 82a4095 - Browse repository at this point
Copy the full SHA 82a4095View commit details -
[DO NOT MERGE] Enforce INTERACT_ACROSS_USERS_FULL permission for Noti…
…ficationAccessDetails When using EXTRA_USER_HANDLE, check for INTERACT_ACROSS_USERS_FULL permission on calling package. Bug: 259385017 Test: 1. Build a test app that creates and starts an intent to NOTIFICATION_LISTENER_DETAIL_SETTINGS while setting the intent extra android.intent.extra.user_handle to UserHandle(secondaryUserId). 2. Create and switch to a secondary user Settings > System > Multiple users > Allow multiple users > Add user > Switch to New user 3. Open Settings > Notifications > Device & app notifications and choose an app from the list (uses android.permission.BIND_NOTIFICATION_LISTENER_SERVICE). Enable Device & app notifications for selected app and disable all attributed permissions. 4. Switch back to the Owner user. 5. Get the userId of the secondary user: adb shell pm list users. 6. Open the test app and enter the userId for the secondary user and the component name that uses android.permission.BIND_NOTIFICATION_LISTENER_SERVICE. 8. In the settings window that open, enable all 4 sub-options. 9. Switch to the secondary user and note that the all sub-options for the app are disabled. Change-Id: I875b9f2fc32c252acdcf8374a14067836e0f1ac6 (cherry picked from commit on googleplex-android-review.googlesource.com host: 9a7bd79ca3ba7918e78e88b9638524887473d16c) Merged-In: I875b9f2fc32c252acdcf8374a14067836e0f1ac6
Configuration menu - View commit details
-
Copy full SHA for 2f942be - Browse repository at this point
Copy the full SHA 2f942beView commit details -
Convert argument to intent in AddAccountSettings.
Bug: 265798353 Test: manual (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:c7e8052b527434ed8660e3babdab718f7f3cd7da) Merged-In: I0051e5d5fc9fd3691504cb5fbb959f701e0bce6a Change-Id: I0051e5d5fc9fd3691504cb5fbb959f701e0bce6a
Configuration menu - View commit details
-
Copy full SHA for 8074aca - Browse repository at this point
Copy the full SHA 8074acaView commit details -
Don't show NLSes with excessively long component names
Test: install test app with long CN Test: ServiceListingTest Bug: 260570119 (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:52a102cc2a408657230c757054e6979e1c76d6fb) Merged-In: I3ffd02f6cf6bf282e7fc264fd070ed3add4d8571 Change-Id: I3ffd02f6cf6bf282e7fc264fd070ed3add4d8571
Configuration menu - View commit details
-
Copy full SHA for a2ec2b5 - Browse repository at this point
Copy the full SHA a2ec2b5View commit details -
Fix: Bluetooth and Wifi scanning location MainSwitch page policy tran…
…sparency. When DISALLOW_CONFIG_LOCATION is set, make location service's MainSwitchPreference pages for wifi scanning and bluetooth scanning unavailable too, so that intent direct access is disabled. screenshot: http://shortn/_kkK3BMTSh1 Bug: 277333746 Bug: 277333781 Test: atest SettingsRoboTests, on device (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:7591fff234886e79c5d0210a2cf3282a69de9be9) Merged-In: I52f9a11b1dd78a5e5dbb1bbde3cda7381c87ae39 Change-Id: I52f9a11b1dd78a5e5dbb1bbde3cda7381c87ae39
Configuration menu - View commit details
-
Copy full SHA for c5a654b - Browse repository at this point
Copy the full SHA c5a654bView commit details