Permalink
Browse files

Settings: Asterisk security patch for old kernels

AOSP and SOC vendors do not announce vulnerabilities nor release patches
specific to linux kernel versions older than 3.10. Mark the security
patch level with an asterisk and provide a toast on tap to make users
aware that their devices may not be as secure as the patch level
indicates.

Change-Id: Id6df331342be80b829f826e89b02be2300aabd9f
  • Loading branch information...
mdmower committed Dec 20, 2017
1 parent e6e9462 commit a5edd35a0ece3e0d1dddd8705926fb3d138ebe13
Showing with 30 additions and 1 deletion.
  1. +1 −0 res/values/cm_strings.xml
  2. +29 −1 src/com/android/settings/DeviceInfoSettings.java
@@ -25,6 +25,7 @@
<string name="show_dev_on_cm">You have enabled development settings!</string>
<!-- [CHAR LIMIT=NONE] Device Info screen. Okay we get it, stop pressing, you already have it on -->
<string name="show_dev_already_cm">No need, you have already enabled development settings.</string>
<string name="show_security_patch_asterisk">This device runs a deprecated kernel version for which AOSP no longer announces vulnerabilities or releases patches.</string>

<!-- Launch Dev Tools -->
<string name="development_tools_title">Development tools</string>
@@ -49,6 +49,8 @@
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

import static com.android.settingslib.RestrictedLockUtils.EnforcedAdmin;

@@ -98,6 +100,9 @@
private boolean mDebuggingFeaturesDisallowedBySystem;
private IRegionalizationService mRegionalizationService = null;

private boolean mSecurityPatchAsterisk = false;
Toast mSecurityPatchToast;

@Override
protected int getMetricsCategory() {
return MetricsEvent.DEVICEINFO;
@@ -118,8 +123,17 @@ public void onCreate(Bundle icicle) {
setStringSummary(KEY_FIRMWARE_VERSION, Build.VERSION.RELEASE);
findPreference(KEY_FIRMWARE_VERSION).setEnabled(true);

final String patch = DeviceInfoUtils.getSecurityPatch();
String patch = DeviceInfoUtils.getSecurityPatch();
if (!TextUtils.isEmpty(patch)) {
String kernelVersion = DeviceInfoUtils.getFormattedKernelVersion();
if (kernelVersion != "Unavailable") {
final String DEPRECATED_VERSION_REGEX = "^2\\.|^3\\.[0-9]\\.";
Matcher matcher = Pattern.compile(DEPRECATED_VERSION_REGEX).matcher(kernelVersion);
if (matcher.find()) {
patch += "*";
mSecurityPatchAsterisk = true;
}
}
setStringSummary(KEY_SECURITY_PATCH, patch);
} else {
getPreferenceScreen().removePreference(findPreference(KEY_SECURITY_PATCH));
@@ -235,6 +249,7 @@ public void onResume() {
Context.MODE_PRIVATE).getBoolean(DevelopmentSettings.PREF_SHOW,
android.os.Build.TYPE.equals("eng")) ? -1 : TAPS_TO_BE_A_DEVELOPER;
mDevHitToast = null;
mSecurityPatchToast = null;
mFunDisallowedAdmin = RestrictedLockUtils.checkIfRestrictionEnforced(
getActivity(), UserManager.DISALLOW_FUN, UserHandle.myUserId());
mFunDisallowedBySystem = RestrictedLockUtils.hasBaseUserRestriction(
@@ -325,6 +340,9 @@ public boolean onPreferenceTreeClick(Preference preference) {
mDevHitToast.show();
}
} else if (preference.getKey().equals(KEY_SECURITY_PATCH)) {
if (mSecurityPatchAsterisk) {
showSecurityPatchToast();
}
if (getPackageManager().queryIntentActivities(preference.getIntent(), 0).isEmpty()) {
// Don't send out the intent to stop crash
Log.w(LOG_TAG, "Stop click action on " + KEY_SECURITY_PATCH + ": "
@@ -466,6 +484,16 @@ private void setExplicitValueSummary(String preference, String value) {
}
}

private void showSecurityPatchToast() {
if (mSecurityPatchToast != null) {
mSecurityPatchToast.cancel();
}
mSecurityPatchToast = Toast.makeText(getActivity(),
R.string.show_security_patch_asterisk,
Toast.LENGTH_LONG);
mSecurityPatchToast.show();
}

private void sendFeedback() {
String reporterPackage = DeviceInfoUtils.getFeedbackReporterPackage(getActivity());
if (TextUtils.isEmpty(reporterPackage)) {

0 comments on commit a5edd35

Please sign in to comment.