)]}'
{"id":"LineageOS%2Fandroid_packages_modules_Bluetooth~399433","triplet_id":"LineageOS%2Fandroid_packages_modules_Bluetooth~lineage-20.0~I7a11e11257b85dc0752396490abfc79b1c383204","project":"LineageOS/android_packages_modules_Bluetooth","branch":"lineage-20.0","topic":"T_asb_2024-08","hashtags":[],"change_id":"I7a11e11257b85dc0752396490abfc79b1c383204","subject":"Fix permission bypasses to multiple methods","status":"MERGED","created":"2024-08-09 16:49:10.000000000","updated":"2024-08-12 11:57:13.000000000","submitted":"2024-08-12 11:57:13.000000000","submitter":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"total_comment_count":0,"unresolved_comment_count":0,"has_review_started":true,"submission_id":"399433-T_asb_2024-08","meta_rev_id":"10a7740006e595ab500bb914b7182abbfaaea5a4","_number":399433,"virtual_id_number":399433,"owner":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"actions":{},"labels":{"Verified":{"all":[{"value":0,"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]}],"values":{"-1":"Fails"," 0":"No score","+1":"Verified"},"description":"","default_value":0},"Code-Review":{"all":[{"value":0,"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]}],"values":{"-2":"Do not submit","-1":"I would prefer that you didn\u0027t submit this"," 0":"No score","+1":"Looks good to me, but someone else must approve","+2":"Looks good to me, approved"},"description":"","default_value":0},"CI":{"all":[{"value":0,"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]}],"values":{"-1":"Fail"," 0":"No score","+1":"Pass"},"description":"","default_value":0,"optional":true}},"removable_reviewers":[],"reviewers":{},"pending_reviewers":{},"reviewer_updates":[],"messages":[{"id":"1c76dabfa84f69e0c6489a0ffb4aac4a7aa6f65e","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"date":"2024-08-09 16:49:10.000000000","message":"Uploaded patch set 1.","accounts_in_message":[],"_revision_number":1},{"id":"10a7740006e595ab500bb914b7182abbfaaea5a4","tag":"autogenerated:gerrit:merged","author":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"date":"2024-08-12 11:57:13.000000000","message":"Change has been successfully pushed.","accounts_in_message":[],"_revision_number":2}],"current_revision_number":2,"current_revision":"ed87ee31dc6b32ea0e99e863f51413d911f038e6","revisions":{"e942800d7be1ba4e4040359946f1cbf431aaa48c":{"kind":"REWORK","_number":1,"created":"2024-08-09 16:49:10.000000000","uploader":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"ref":"refs/changes/33/399433/1","fetch":{"anonymous http":{"url":"https://github.com/LineageOS/android_packages_modules_Bluetooth","ref":"refs/changes/33/399433/1","commands":{"Branch":"git fetch https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/33/399433/1 \u0026\u0026 git checkout -b change-399433 FETCH_HEAD","Checkout":"git fetch https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/33/399433/1 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/33/399433/1 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/33/399433/1 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/33/399433/1","Reset To":"git fetch https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/33/399433/1 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"df64d757a519299ff45463569bd073d606c555c5","subject":"Merge tag \u0027android-security-13.0.0_r19\u0027 into staging/lineage-20.0_android-security-13.0.0_r19","web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_packages_modules_Bluetooth/commit/df64d757a519299ff45463569bd073d606c555c5"}]}],"author":{"name":"Brian Delwiche","email":"delwiche@google.com","date":"2024-05-06 17:32:14.000000000","tz":0},"committer":{"name":"Kevin F. Haggerty","email":"haggertk@lineageos.org","date":"2024-08-09 16:25:21.000000000","tz":-360},"subject":"Fix permission bypasses to multiple methods","message":"Fix permission bypasses to multiple methods\n\nResearcher reports that some BT calls across Binder are validating only\nBT\u0027s own permissions and not the calling app\u0027s permissions.  On\ninvestigation this seems to be due to a missing null check in several BT\npermissions checks, which allows a malicious app to pass in a null\nAttributionSource and therefore produce a stub AttributionSource chain\nwhich does not properly check for the caller\u0027s permissions.\n\nAdd null checks.\n\nBug: 242996380\nTest: atest UtilsTest\nTest: researcher POC\nTag: #security\nIgnore-AOSP-First: Security\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:ed63d97fd6537f539fdde1413bff86a30f80a7b5)\nMerged-In: I7a11e11257b85dc0752396490abfc79b1c383204\nChange-Id: I7a11e11257b85dc0752396490abfc79b1c383204\n","web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_packages_modules_Bluetooth/commit/e942800d7be1ba4e4040359946f1cbf431aaa48c"}],"resolve_conflicts_web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_packages_modules_Bluetooth/commit/e942800d7be1ba4e4040359946f1cbf431aaa48c"}]},"branch":"refs/heads/lineage-20.0"},"ed87ee31dc6b32ea0e99e863f51413d911f038e6":{"kind":"TRIVIAL_REBASE","_number":2,"created":"2024-08-12 11:57:13.000000000","uploader":{"_account_id":15173,"name":"Kevin Haggerty","email":"haggertk@lineageos.org","username":"haggertk","avatars":[{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/258edfac858c1ce5f056ed4ca050a578.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"ref":"refs/changes/33/399433/2","fetch":{"anonymous http":{"url":"https://github.com/LineageOS/android_packages_modules_Bluetooth","ref":"refs/changes/33/399433/2","commands":{"Branch":"git fetch https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/33/399433/2 \u0026\u0026 git checkout -b change-399433 FETCH_HEAD","Checkout":"git fetch https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/33/399433/2 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/33/399433/2 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/33/399433/2 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/33/399433/2","Reset To":"git fetch https://github.com/LineageOS/android_packages_modules_Bluetooth refs/changes/33/399433/2 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"de90c90d22e7f11f2e412e1cfd27d8371c657c75","subject":"Merge cherrypicks of [\u0027googleplex-android-review.googlesource.com/27059478\u0027] into security-aosp-tm-release.","web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_packages_modules_Bluetooth/commit/de90c90d22e7f11f2e412e1cfd27d8371c657c75"}]}],"author":{"name":"Brian Delwiche","email":"delwiche@google.com","date":"2024-05-06 17:32:14.000000000","tz":0},"committer":{"name":"Android Build Coastguard Worker","email":"android-build-coastguard-worker@google.com","date":"2024-06-06 00:20:37.000000000","tz":0},"subject":"Fix permission bypasses to multiple methods","message":"Fix permission bypasses to multiple methods\n\nResearcher reports that some BT calls across Binder are validating only\nBT\u0027s own permissions and not the calling app\u0027s permissions.  On\ninvestigation this seems to be due to a missing null check in several BT\npermissions checks, which allows a malicious app to pass in a null\nAttributionSource and therefore produce a stub AttributionSource chain\nwhich does not properly check for the caller\u0027s permissions.\n\nAdd null checks.\n\nBug: 242996380\nTest: atest UtilsTest\nTest: researcher POC\nTag: #security\nIgnore-AOSP-First: Security\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:ed63d97fd6537f539fdde1413bff86a30f80a7b5)\nMerged-In: I7a11e11257b85dc0752396490abfc79b1c383204\nChange-Id: I7a11e11257b85dc0752396490abfc79b1c383204\n","web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_packages_modules_Bluetooth/commit/ed87ee31dc6b32ea0e99e863f51413d911f038e6"}],"resolve_conflicts_web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_packages_modules_Bluetooth/commit/ed87ee31dc6b32ea0e99e863f51413d911f038e6"}]},"branch":"refs/heads/lineage-20.0"}},"requirements":[],"submit_records":[],"submit_requirements":[]}