Merge tag 'android-14.0.0_r67' into staging/lineage-21.0_merge-androi…

…d-14.0.0_r67 Android 14.0.0 release 67 # -----BEGIN PGP SIGNATURE----- # # iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCZteF1wAKCRDorT+BmrEO # eA11AJ9FpTowXZ8I6tQVqf61XAzS6JsNJgCeLAcXhYDzT9JkLNn310/9gzypFLA= # =7ZuM # -----END PGP SIGNATURE----- # gpg: Signature made Wed Sep 4 00:55:35 2024 EEST # gpg: using DSA key 4340D13570EF945E83810964E8AD3F819AB10E78 # gpg: Good signature from "The Android Open Source Project <[email protected]>" [marginal] # gpg: [email protected]: Verified 2593 signatures in the past # 2 years. Encrypted 4 messages in the past 2 years. # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: 4340 D135 70EF 945E 8381 0964 E8AD 3F81 9AB1 0E78 # By Chaohui Wang (6) and others # Via Android Build Coastguard Worker * tag 'android-14.0.0_r67': Remove Dependency#get call from ToggleSeekBar. Enforce BaseUserRestriction for DISALLOW_CONFIG_BRIGHTNESS Remove Dependency#get call from ToggleSeekBar. Enforce BaseUserRestriction for DISALLOW_CONFIG_BRIGHTNESS Remove Dependency#get call from ToggleSeekBar. Enforce BaseUserRestriction for DISALLOW_CONFIG_BRIGHTNESS Optimized scheme sanitization performance by replacing regex operation with string replacement Sanitized uri scheme by removing scheme delimiter Remove Dependency#get call from ToggleSeekBar. Enforce BaseUserRestriction for DISALLOW_CONFIG_BRIGHTNESS Remove Dependency#get call from ToggleSeekBar. Enforce BaseUserRestriction for DISALLOW_CONFIG_BRIGHTNESS Remove Dependency#get call from ToggleSeekBar. Enforce BaseUserRestriction for DISALLOW_CONFIG_BRIGHTNESS Change-Id: I612c5c06e19c93aab3577572d8d739b9eb8406f3
xiaomi-8560 · Sep 4, 2024 · f0be587 · f0be587
2 parents 14701c3 + e6eaac8
commit f0be587
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 1 deletion.
diff --git a/core/java/android/net/Uri.java b/core/java/android/net/Uri.java
@@ -1387,7 +1387,11 @@ public Builder() {}
          * @param scheme name or {@code null} if this is a relative Uri
          */
         public Builder scheme(String scheme) {
-            this.scheme = scheme;
+            if (scheme != null) {
+                this.scheme = scheme.replace("://", "");
+            } else {
+                this.scheme = null;
+            }
             return this;
         }
 

diff --git a/core/tests/coretests/src/android/net/UriTest.java b/core/tests/coretests/src/android/net/UriTest.java
@@ -18,6 +18,7 @@
 
 import android.content.ContentUris;
 import android.os.Parcel;
+import android.platform.test.annotations.AsbSecurityTest;
 
 import androidx.test.filters.SmallTest;
 
@@ -86,6 +87,16 @@ public void testBuildUponOpaqueStringUri() {
         assertNull(u.getHost());
     }
 
+    @AsbSecurityTest(cveBugId = 261721900)
+    @SmallTest
+    public void testSchemeSanitization() {
+        Uri uri = new Uri.Builder()
+                .scheme("http://https://evil.com:/te:st/")
+                .authority("google.com").path("one/way").build();
+        assertEquals("httphttpsevil.com:/te:st/", uri.getScheme());
+        assertEquals("httphttpsevil.com:/te:st/://google.com/one/way", uri.toString());
+    }
+
     @SmallTest
     public void testStringUri() {
         assertEquals("bob lee",