diff --git a/aosp_diff/base_aaos/frameworks/base/99_0307-RingtoneManager-verify-default-ringtone-is-audio.patch b/aosp_diff/base_aaos/frameworks/base/99_0307-RingtoneManager-verify-default-ringtone-is-audio.patch
new file mode 100644
index 0000000000..42e4dfb361
--- /dev/null
+++ b/aosp_diff/base_aaos/frameworks/base/99_0307-RingtoneManager-verify-default-ringtone-is-audio.patch
@@ -0,0 +1,77 @@
+From 8435167e373b1029f8fa817c4c8dd48c0a2b963f Mon Sep 17 00:00:00 2001
+From: Jean-Michel Trivi <jmtrivi@google.com>
+Date: Wed, 7 Dec 2022 04:36:46 +0000
+Subject: [PATCH] RingtoneManager: verify default ringtone is audio
+
+When a ringtone picker tries to set a ringtone through
+RingtoneManager.setActualDefaultRingtoneUri (also
+called by com.android.settings.DefaultRingtonePreference),
+verify the mimeType can be obtained (not found when caller
+doesn't have access to it) and it is an audio resource.
+
+Bug: 205837340
+Test: atest android.media.audio.cts.RingtoneManagerTest
+(cherry picked from commit 38618f9fb16d3b5617e2289354d47abe5af17dad)
+(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:0a4792b62ea86c153653b0663ffe920d90b7cc15)
+Merged-In: I3f2c487ded405c0c1a83ef0a2fe99cff7cc9328e
+Change-Id: I3f2c487ded405c0c1a83ef0a2fe99cff7cc9328e
+---
+ core/java/android/app/Notification.java       |  2 +-
+ media/java/android/media/RingtoneManager.java | 19 +++++++++++++++++--
+ 2 files changed, 18 insertions(+), 3 deletions(-)
+
+diff --git a/core/java/android/app/Notification.java b/core/java/android/app/Notification.java
+index a752ac3ae008..a90fb91fa046 100644
+--- a/core/java/android/app/Notification.java
++++ b/core/java/android/app/Notification.java
+@@ -2850,7 +2850,7 @@ public class Notification implements Parcelable
+             // Extras for CallStyle (same reason for visiting without checking isStyle).
+             Person callPerson = extras.getParcelable(EXTRA_CALL_PERSON);
+             if (callPerson != null) {
+-                visitor.accept(callPerson.getIconUri());
++                callPerson.visitUris(visitor);
+             }
+             visitIconUri(visitor, extras.getParcelable(EXTRA_VERIFICATION_ICON));
+         }
+diff --git a/media/java/android/media/RingtoneManager.java b/media/java/android/media/RingtoneManager.java
+index 4ec79b7e085a..8aecf7f17026 100644
+--- a/media/java/android/media/RingtoneManager.java
++++ b/media/java/android/media/RingtoneManager.java
+@@ -802,10 +802,10 @@ public class RingtoneManager {
+ 
+         return ringtoneUri;
+     }
+-    
++
+     /**
+      * Sets the {@link Uri} of the default sound for a given sound type.
+-     * 
++     *
+      * @param context A context used for querying.
+      * @param type The type whose default sound should be set. One of
+      *            {@link #TYPE_RINGTONE}, {@link #TYPE_NOTIFICATION}, or
+@@ -826,6 +826,21 @@ public class RingtoneManager {
+         if(!isInternalRingtoneUri(ringtoneUri)) {
+             ringtoneUri = ContentProvider.maybeAddUserId(ringtoneUri, context.getUserId());
+         }
++
++        if (ringtoneUri != null) {
++            final String mimeType = resolver.getType(ringtoneUri);
++            if (mimeType == null) {
++                Log.e(TAG, "setActualDefaultRingtoneUri for URI:" + ringtoneUri
++                        + " ignored: failure to find mimeType (no access from this context?)");
++                return;
++            }
++            if (!(mimeType.startsWith("audio/") || mimeType.equals("application/ogg"))) {
++                Log.e(TAG, "setActualDefaultRingtoneUri for URI:" + ringtoneUri
++                        + " ignored: associated mimeType:" + mimeType + " is not an audio type");
++                return;
++            }
++        }
++
+         Settings.System.putStringForUser(resolver, setting,
+                 ringtoneUri != null ? ringtoneUri.toString() : null, context.getUserId());
+ 
+-- 
+2.34.1
+
diff --git a/aosp_diff/base_aaos/frameworks/base/99_0308--SettingsProvider-verify-ringtone-URI-before-setting.bulletin.patch b/aosp_diff/base_aaos/frameworks/base/99_0308--SettingsProvider-verify-ringtone-URI-before-setting.bulletin.patch
new file mode 100644
index 0000000000..e915a4054e
--- /dev/null
+++ b/aosp_diff/base_aaos/frameworks/base/99_0308--SettingsProvider-verify-ringtone-URI-before-setting.bulletin.patch
@@ -0,0 +1,71 @@
+From da9dd005ceaf2cd681411ff646efd17e1ac75230 Mon Sep 17 00:00:00 2001
+From: Songchun Fan <schfan@google.com>
+Date: Mon, 14 Aug 2023 15:24:11 -0700
+Subject: [PATCH] [SettingsProvider] verify ringtone URI before setting
+
+Similar to ag/24422287, but the same URI verification should be done in
+SettingsProvider as well, which can be called by apps via
+Settings.System API or ContentProvider APIs without using
+RingtoneManager.
+
+BUG: 227201030
+Test: manual with a test app. Will add a CTS test.
+(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:1b234678ec122994ccbfc52ac48aafdad7fdb1ed)
+Merged-In: Ic0ffa1db14b5660d02880b632a7f2ad9e6e5d84b
+Change-Id: Ic0ffa1db14b5660d02880b632a7f2ad9e6e5d84b
+---
+ .../providers/settings/SettingsProvider.java  | 31 +++++++++++++++++++
+ 1 file changed, 31 insertions(+)
+
+diff --git a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
+index 8dd77a675d6e..4df565045e82 100644
+--- a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
++++ b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
+@@ -1906,6 +1906,9 @@ public class SettingsProvider extends ContentProvider {
+             cacheName = Settings.System.ALARM_ALERT_CACHE;
+         }
+         if (cacheName != null) {
++            if (!isValidAudioUri(name, value)) {
++                return false;
++            }
+             final File cacheFile = new File(
+                     getRingtoneCacheDir(owningUserId), cacheName);
+             cacheFile.delete();
+@@ -1938,6 +1941,34 @@ public class SettingsProvider extends ContentProvider {
+         }
+     }
+ 
++    private boolean isValidAudioUri(String name, String uri) {
++        if (uri != null) {
++            Uri audioUri = Uri.parse(uri);
++            if (Settings.AUTHORITY.equals(
++                    ContentProvider.getAuthorityWithoutUserId(audioUri.getAuthority()))) {
++                // Don't accept setting the default uri to self-referential URIs like
++                // Settings.System.DEFAULT_RINGTONE_URI, which is an alias to the value of this
++                // setting.
++                return false;
++            }
++            final String mimeType = getContext().getContentResolver().getType(audioUri);
++            if (mimeType == null) {
++                Slog.e(LOG_TAG,
++                        "mutateSystemSetting for setting: " + name + " URI: " + audioUri
++                        + " ignored: failure to find mimeType (no access from this context?)");
++                return false;
++            }
++            if (!(mimeType.startsWith("audio/") || mimeType.equals("application/ogg")
++                    || mimeType.equals("application/x-flac"))) {
++                Slog.e(LOG_TAG,
++                        "mutateSystemSetting for setting: " + name + " URI: " + audioUri
++                        + " ignored: associated mimeType: " + mimeType + " is not an audio type");
++                return false;
++            }
++        }
++        return true;
++    }
++
+     private boolean hasWriteSecureSettingsPermission() {
+         // Write secure settings is a more protected permission. If caller has it we are good.
+         return getContext().checkCallingOrSelfPermission(Manifest.permission.WRITE_SECURE_SETTINGS)
+-- 
+2.46.1.824.gd892dcdcdd-goog
+
diff --git a/aosp_diff/base_aaos/frameworks/base/99_0309-RingtoneManager-allow-video-ringtone-URI.bulletin.patch b/aosp_diff/base_aaos/frameworks/base/99_0309-RingtoneManager-allow-video-ringtone-URI.bulletin.patch
new file mode 100644
index 0000000000..71be45fff9
--- /dev/null
+++ b/aosp_diff/base_aaos/frameworks/base/99_0309-RingtoneManager-allow-video-ringtone-URI.bulletin.patch
@@ -0,0 +1,79 @@
+From aece1c1baa9259c18d06e91dad7240ad69396d99 Mon Sep 17 00:00:00 2001
+From: Jean-Michel Trivi <jmtrivi@google.com>
+Date: Mon, 24 Jun 2024 17:29:14 -0700
+Subject: [PATCH] RingtoneManager: allow video ringtone URI
+
+When checking the MIME type for the default ringtone, also
+allow it to refer to video content.
+
+Bug: 205837340
+Test: see POC + atest android.media.audio.cts.RingtoneManagerTest
+(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:afa5db6707aa765fa92a00aa57cbe889951dc15b)
+Merged-In: Iac9f27f14bae29e0fabc31e05da2357f6f4f16c7
+Change-Id: Iac9f27f14bae29e0fabc31e05da2357f6f4f16c7
+---
+ media/java/android/media/RingtoneManager.java         |  8 ++++++--
+ .../android/providers/settings/SettingsProvider.java  | 11 +++++++----
+ 2 files changed, 13 insertions(+), 6 deletions(-)
+
+diff --git a/media/java/android/media/RingtoneManager.java b/media/java/android/media/RingtoneManager.java
+index 8aecf7f17026..2dc6365c2e29 100644
+--- a/media/java/android/media/RingtoneManager.java
++++ b/media/java/android/media/RingtoneManager.java
+@@ -834,9 +834,13 @@ public class RingtoneManager {
+                         + " ignored: failure to find mimeType (no access from this context?)");
+                 return;
+             }
+-            if (!(mimeType.startsWith("audio/") || mimeType.equals("application/ogg"))) {
++            if (!(mimeType.startsWith("audio/") || mimeType.equals("application/ogg")
++                    || mimeType.equals("application/x-flac")
++                    // also check for video ringtones
++                    || mimeType.startsWith("video/") || mimeType.equals("application/mp4"))) {
+                 Log.e(TAG, "setActualDefaultRingtoneUri for URI:" + ringtoneUri
+-                        + " ignored: associated mimeType:" + mimeType + " is not an audio type");
++                        + " ignored: associated MIME type:" + mimeType
++                        + " is not a recognized audio or video type");
+                 return;
+             }
+         }
+diff --git a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
+index 4df565045e82..71824ecbed9a 100644
+--- a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
++++ b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
+@@ -1906,7 +1906,7 @@ public class SettingsProvider extends ContentProvider {
+             cacheName = Settings.System.ALARM_ALERT_CACHE;
+         }
+         if (cacheName != null) {
+-            if (!isValidAudioUri(name, value)) {
++            if (!isValidMediaUri(name, value)) {
+                 return false;
+             }
+             final File cacheFile = new File(
+@@ -1941,7 +1941,7 @@ public class SettingsProvider extends ContentProvider {
+         }
+     }
+ 
+-    private boolean isValidAudioUri(String name, String uri) {
++    private boolean isValidMediaUri(String name, String uri) {
+         if (uri != null) {
+             Uri audioUri = Uri.parse(uri);
+             if (Settings.AUTHORITY.equals(
+@@ -1959,10 +1959,13 @@ public class SettingsProvider extends ContentProvider {
+                 return false;
+             }
+             if (!(mimeType.startsWith("audio/") || mimeType.equals("application/ogg")
+-                    || mimeType.equals("application/x-flac"))) {
++                    || mimeType.equals("application/x-flac")
++                    // also check for video ringtones
++                    || mimeType.startsWith("video/") || mimeType.equals("application/mp4"))) {
+                 Slog.e(LOG_TAG,
+                         "mutateSystemSetting for setting: " + name + " URI: " + audioUri
+-                        + " ignored: associated mimeType: " + mimeType + " is not an audio type");
++                        + " ignored: associated MIME type: " + mimeType
++                        + " is not a recognized audio or video type");
+                 return false;
+             }
+         }
+-- 
+2.46.1.824.gd892dcdcdd-goog
+