Please review - security-patch-bunch [until Android 4.4.3 r1] #2
Moritz Bandemer
replicant at posteo.mx
Thu Apr 2 22:30:24 UTC 2015
I've merged the following patches to the Replicant sources and
successfully recompiled/flashed Replicant after that for/on my device:
# https://android.googlesource.com/platform/cts/+/deadf91
Add test for CVE-2013-2094
Detect CVE-2013-2094, the perf_event_open exploit. A patch for this
issue can be found at
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8176cced706b5e5d15887584150764894e94e02f
Bug: 8962304
Patch-files: CVE-2013-2094.patch
Additionally please [git] add this files to the following path:
tests/tests/security/jni/android_security_cts_NativeCodeTest.cpp
tests/tests/security/src/android/security/cts/NativeCodeTest.java
These two files also includes the following two more Patches:
https://android.googlesource.com/platform/cts/+/aa93584
CVE-2013-4254: detect perf_event validate_event bug
Credit:
https://github.com/deater/perf_event_tests/blob/master/exploits/arm_perf_exploit.c
More info:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4254
Bug: 11260636
https://android.googlesource.com/platform/cts/+/ba28fe6
Add test for CVE-2014-1710.
Detect devices vulnerable to CVE-2014-1710
Bug: 13539903
Patch-package: CVE-2013-2094.zip (containing the files above)
# https://android.googlesource.com/platform/cts/+/ed54695
AppSecurity: Add traffic stats test, and fix file access test
* Fix the private file access test which would fail because the path
was wrong.
* Add a test that ensures the private file is actually "not accessible"
because it can't be as opposed to it not being there: the new test
accesses a public file created at the same time as the private file.
* Add tests around traffic stats
* add internet permission to app that creates data.
* generate private traffic stats (tagged sockets).
* read back traffic stats to make sure that only public stats are
visible.
Bug: 10349057
Patch-file: Bugfix-10349057.patch
# https://android.googlesource.com/platform/cts/+/0e2d6d9
CtsVerifier test for lock screen vulnerability fix.
Lock screen credential reset w/o previous credentials.
The test asks the user to first set a lock screen password and then
launch an intent to change it, using an EXTRA that was not being
properly validated before the vulnerability was fixed.
Bug: 9858403
Patch-files: Bugfix-9858403.patch
Additionally please [git] add this files to the following path:
apps/CtsVerifier/res/layout/pass_fail_lockconfirm.xml
apps/CtsVerifier/src/com/android/cts/verifier/security/LockConfirmBypassTest.java
Patch-package: Bugfix-9858403.zip (containing the files above)
Finally I've tested this productive device several weeks without any
misbehavior.
Replicant ticket reference: http://redmine.replicant.us/issues/1263
Please review the patches attached [one by one or all together] and
apply them, if you like.
More information about the Replicant
mailing list