AOSP Changelogs

android-security-15.0.0_r15 to android-security-15.0.0_r16 AOSP changelog

This only includes the Android Open Source Project changes and does not include any changes in any proprietary components included by Google or any hardware manufacturer. The raw log was generated using a modified version of this script written by JBQ and improved by Al Sutton.

Please do not copy this without attribution to this site and JBQ for the original script.

+- Project: platform/build

8e7508b7c3 : Version bump to ASV1.240715.047 [core/build_id.mk]
45a4728485 : Version bump to ASV1.240715.046 [core/build_id.mk]
9518d486b0 : Version bump to ASV1.240715.045 [core/build_id.mk]
36bdbe7873 : Version bump to ASV1.240715.041.A1 [core/build_id.mk]

+- Project: platform/build/release

a6e22eb44 : Revert "Clean up sqlite flags in 24Q3"
c321a0e49 : Clean up sqlite flags in 24Q3

+- Project: platform/external/dng_sdk

7a737bb : Update dng_sdk to 1.7.1 2471
1ec4140 : Replace ubsan-minimal with throw

+- Project: platform/external/libpng

9f93c45fa : Rearchitect the fix to the buffer overflow in `png_image_finish_read`
6a5cceb16 : Fix a buffer overflow in `png_image_finish_read`
2a900c24d : Fix a buffer overflow in `png_init_read_transformations`
299ab8530 : Fix a buffer overflow in `png_do_quantize`
3547b8454 : Fix a memory leak in function `png_set_quantize`; refactor
3ab2d366e : Fix a heap buffer overflow in `png_write_image_8bit`

+- Project: platform/external/sqlite

52b1ab1 : Revert "Install sqlite 3.44.5 source files"
28ee880 : Install sqlite 3.44.5 source files

+- Project: platform/frameworks/base

c87384f4be82 : DO NOT MERGE: Enforce suspend restrictions in startOp and noteOp paths
380fe9799cbd : Remove enabled flag use_visible_requested_for_process_tracker
51da2317c66a : Do not count closing activity as visible process
9af61140db79 : Block adding toast windows to non-empty tokens.
e8ff8af05575 : Enforce package name length limits in PackagePolicy setters.
86dd9d421620 : [res] Validate package ID range in LoadedArsc
f7488ad342c2 : Map animation delegate to the transition instead of plumbing it
b81e2355caf1 : Compare period character as well during wildcard matching
b4f448b356b1 : [res] Make sure we properly validate the XML attr size
71bc705a2542 : Validate max proxy string length for proxySpec and exclusionList using PolicySizeVerifier.
3d4a174f1def : RESTRICT AUTOMERGE Require to be bound with non-pinned visible window
424df716e8bc : On face auth success, verify the face auth'd user is the current user
613fa6465e4d : Add StorageManager.convert() check earlier in the stack so the command fails early instead of crashing system later.
3717e022bc2a : Quick fix for WCLS security vulnerability.
e80f76ded67a : Validate ResStringPool_header.styleCount
e3cb029648f4 : Allow default per-thread and per-process OnHeaderDecodedListeners
060fe5399350 : Don't allow hiding critical apps.
40729ba7fc18 : Fix broken build in test due to missing variable
8eb831ece18d : Fix Tapjacking caused by touch slipping out of letterbox
1cbbf73a3c71 : Checking userId in com.android.server.pm.ComputerEngine#resolveContentProvider
c9bc382318dd : Hide non system overlay window immediately if it is animating exit
0922d84b1c64 : Apply visibility policy to window state surface
fa1c418fd8aa : Start a new transition to ignore split-enter from a malformed transition
b1b3c20edf73 : NotificationHistory validate position value

+- Project: platform/frameworks/native

dc54178de2 : Check mDataPos to see if the Parcel needs to grow

+- Project: platform/packages/apps/CertInstaller

d29fcd1 : Use loadSafeLabel to prevent UI spoofing in CertInstaller

+- Project: platform/packages/apps/DocumentsUI

b05353f63 : Use signature-based trust for package name overrides

+- Project: platform/packages/apps/KeyChain

cbb6b7d : Sanitize app label in KeyChainActivity to prevent UI injection.

+- Project: platform/packages/apps/Launcher3

8fd9af41d5 : Introduce LauncherProcessImageListener for downscaling images in Launcher.

+- Project: platform/packages/apps/Settings

2b5834d47f2 : Import translations. DO NOT MERGE ANYWHERE
73a18cca95c : Update enable ANGLE warning message
7f9aa580559 : Fix vulnerability in RequestManageCredentials
7791c4097d9 : Revert^2 "[nfc] Fix string injection in default payment app selector"
1db9b27682b : Revert "[nfc] Fix string injection in default payment app selector"
63910cc4de3 : [nfc] Fix default payment app selection
46f81fda8cd : Add a warning asking user to backup device data
1d8ca3901c7 : Add check to prevent privilege escalation from trampoline added in change Ie469c47005afb941f5646a2f790736362c23c697.
c4516a9b919 : nfc: Do not let guest user disable secure nfc
9fb2a90f5db : Allow multi-user to control secure nfc

+- Project: platform/packages/modules/Bluetooth

f82bbb37a8 : Avoid buffer overflow
c18ac65121 : Handle LE Secure Connections Passkey Display/Notification
59f3f429e3 : sdp: Validate buffer length in sdpu_build_attrib_seq
da365e87dc : Revoke permissions on rebond attempt
c1a809d233 : Upgrade security If it is on temp bonding & authentication is requirement

+- Project: platform/packages/modules/Permission

d8ef171266 : Revert^2 "Ensure Gallery always shows as system fixed"
eb5f9948b2 : Revert "Revert "Display the system gallery storage permission as..."
f164b690f6 : Revert "Ensure Gallery always shows as system fixed"
29af37410e : Revert "Display the system gallery storage permission as system fixed"

+- Project: platform/packages/providers/ContactsProvider

93081742 : Fix side channel attacks in CP2
7d266fde : Fix size check bypass for case-mismatched columns

+- Project: platform/packages/providers/MediaProvider

6d81d42db : Remove duplicate MediaSelectionConfirmed event.

+- Project: platform/packages/services/Car

20d4c410ce : CarDevicePolicyService: add missing permission checks

+- Project: platform/packages/services/Telecomm

34079b659 : Fix issue initiating calls from the work profile.

+- Project: platform/packages/services/Telephony

74cfd539a : Disallow shell to change CarrierRestrictionRules