Issue #1263


Security revaluation pack [until Android 4.4.3 r1]

Added by My Self over 9 years ago. Updated almost 9 years ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:
Type of work:


I've crawled the unofficial changelog script [] by using these search criterias:
"CVE"; "secur"ity; "vul"nerability to make a list of the following security patches, which where missing in Replicant 4.2 (for now):

  • JSS15J (4.3_r2.1) to KRT16M (4.4_r1) []
      AppSecurity: Add traffic stats test, and fix file access test
      Bug: 10349057
      Patch-file: Bugfix-10349057.patch
      • Fix the private file access test which would fail because the path was wrong.
      • Add a test that ensures the private file is actually "not accessible" because it can't be as opposed to it not being there: the new test accesses a public file created at the same time as the private file.
      • Add tests around traffic stats
        • add internet permission to app that creates data.
        • generate private traffic stats (tagged sockets).
        • read back traffic stats to make sure that only public stats are visible.
  • KOT49H (4.4.2_r1) to KTU84L (4.4.3_r1) []
      CtsVerifier test for lock screen vulnerability fix.
      Lock screen credential reset w/o previous credentials.
      The test asks the user to first set a lock screen password and then launch an intent to change it, using an EXTRA that was not being properly validated before the vulnerability was fixed.
      Bug: 9858403
      Patch-package: (containing the files above)
      Patch-files: Bugfix-9858403.patch
      Additionally please [git] add this files to the following path:
      • apps/CtsVerifier/res/layout/pass_fail_lockconfirm.xml
      • apps/CtsVerifier/src/com/android/cts/verifier/security/

The only (big) part I've leaved open yet is OpenSSL, which I will provide the next time...

Files (23.9 KB) My Self, 08/26/2015 12:00 PM
Actions #1

Updated by My Self over 9 years ago

I've sent the patch files to the mailing list:
Actions #2

Updated by My Self almost 9 years ago

  • File added
In the meanwhile there where made some changes on the Replicant sources, which makes it necessary to re-adjust the two patch-files:
  • Bugfix-7622253.patch and
  • Bugfix-7622253-Phone.patch

again. So I decided to attach all the current patches listed above, (and tested with the current Replicant 4.2 sources) on this ticket.
After flashing the patched Replicant, I've tested my productive device several months, (and the 2 re-adjusted patches, several weeks) without any misbehavior.

@everyone: please review the patches and apply them if you like.

Actions #3

Updated by My Self almost 9 years ago

  • File added

I've revised the "Bugfix-7622253.patch" again, (careless mistake) to fit it to the current codebase.
I've decided to attach the complete patchset again, (hopefully the last time).

PS: Because it was unspoken until now, please respect the order of the single patches, as shown above.
PPS: (for those who doesn't know): to "[git] add" the files, like mentioned above, just copy/move the files in place and use:
# git add .
# git commit -m "Think of something nice"

Have fun.

Actions #4

Updated by My Self almost 9 years ago

  • % Done changed from 0 to 100
Actions #5

Updated by My Self almost 9 years ago

  • File deleted (
Actions #6

Updated by My Self almost 9 years ago

  • File deleted (
Actions #8

Updated by Paul Kocialkowski almost 9 years ago

  • Status changed from New to Closed
  • Resolution set to fixed

Merged the bits that don't relate to the CTS, thanks a lot!


Also available in: Atom PDF