Please review - security-patch-bunch [until Android 4.4.3 r1] #2

Moritz Bandemer replicant at posteo.mx
Thu Apr 2 22:30:24 UTC 2015


I've merged the following patches to the Replicant sources and 
successfully recompiled/flashed Replicant after that for/on my device:

#	https://android.googlesource.com/platform/cts/+/deadf91
	Add test for CVE-2013-2094
	Detect CVE-2013-2094, the perf_event_open exploit. A patch for this 
issue can be found at 
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8176cced706b5e5d15887584150764894e94e02f
	Bug: 8962304
	Patch-files: CVE-2013-2094.patch
	Additionally please [git] add this files to the following path:
		tests/tests/security/jni/android_security_cts_NativeCodeTest.cpp
		tests/tests/security/src/android/security/cts/NativeCodeTest.java
	These two files also includes the following two more Patches:
		https://android.googlesource.com/platform/cts/+/aa93584
			CVE-2013-4254: detect perf_event validate_event bug
			Credit: 
https://github.com/deater/perf_event_tests/blob/master/exploits/arm_perf_exploit.c
			More info: 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4254
			Bug: 11260636
		https://android.googlesource.com/platform/cts/+/ba28fe6
			Add test for CVE-2014-1710.
			Detect devices vulnerable to CVE-2014-1710
			Bug: 13539903
	Patch-package: CVE-2013-2094.zip (containing the files above)
#	https://android.googlesource.com/platform/cts/+/ed54695
	AppSecurity: Add traffic stats test, and fix file access test
	* Fix the private file access test which would fail because the path 
was wrong.
	* Add a test that ensures the private file is actually "not accessible" 
because it can't be as opposed to it not being there: the new test 
accesses a public file created at the same time as the private file.
	* Add tests around traffic stats
		* add internet permission to app that creates data.
		* generate private traffic stats (tagged sockets).
		* read back traffic stats to make sure that only public stats are 
visible.
	Bug: 10349057
	Patch-file: Bugfix-10349057.patch
# https://android.googlesource.com/platform/cts/+/0e2d6d9
	CtsVerifier test for lock screen vulnerability fix.
	Lock screen credential reset w/o previous credentials.
	The test asks the user to first set a lock screen password and then 
launch an intent to change it, using an EXTRA that was not being 
properly validated before the vulnerability was fixed.
	Bug: 9858403
	Patch-files: Bugfix-9858403.patch
	Additionally please [git] add this files to the following path:
		apps/CtsVerifier/res/layout/pass_fail_lockconfirm.xml
		apps/CtsVerifier/src/com/android/cts/verifier/security/LockConfirmBypassTest.java
	Patch-package: Bugfix-9858403.zip (containing the files above)

Finally I've tested this productive device several weeks without any 
misbehavior.

Replicant ticket reference: http://redmine.replicant.us/issues/1263

Please review the patches attached [one by one or all together] and 
apply them, if you like.


More information about the Replicant mailing list