DivestOS/Patches/LineageOS-17.1/android_system_netd/0001-Network_Permission.patch

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Pratyush <codelab@pratyush.dev>
Date: Thu, 12 Aug 2021 00:15:25 +0530
Subject: [PATCH] use uid instead of app id for tracking INTERNET permission

Change-Id: Ibec846480f3b440b5a323c86efa95c2fd1d81284
---
 bpf_progs/netd.c | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/bpf_progs/netd.c b/bpf_progs/netd.c
index 1362be25..69b618f8 100644
--- a/bpf_progs/netd.c
+++ b/bpf_progs/netd.c
@@ -74,14 +74,8 @@ DEFINE_BPF_MAP(uid_permission_map, HASH, uint32_t, uint8_t, UID_OWNER_MAP_SIZE)
 SEC("cgroupsock/inet/create")
 int inet_socket_create(struct bpf_sock* sk) {
     uint64_t gid_uid = bpf_get_current_uid_gid();
-    /*
-     * A given app is guaranteed to have the same app ID in all the profiles in
-     * which it is installed, and install permission is granted to app for all
-     * user at install time so we only check the appId part of a request uid at
-     * run time. See UserHandle#isSameApp for detail.
-     */
-    uint32_t appId = (gid_uid & 0xffffffff) % PER_USER_RANGE;
-    uint8_t* permissions = bpf_uid_permission_map_lookup_elem(&appId);
+    uint32_t uid = (gid_uid & 0xffffffff);
+    uint8_t* permissions = bpf_uid_permission_map_lookup_elem(&uid);
     if (!permissions) {
         // UID not in map. Default to just INTERNET permission.
         return 1;
Port the GrapheneOS NETWORK permission to 17.1 and 18.1 Some patches were ported from 12 to 10/11 Some patches from 11 were ported to 10 This 10/11 port should be very close to 12 BOUNS: 16.0 patches, disabled Signed-off-by: Tad <tad@spotco.us> 2022-02-25 13:38:36 -05:00			`From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001`
			`From: Pratyush <codelab@pratyush.dev>`
			`Date: Thu, 12 Aug 2021 00:15:25 +0530`
			`Subject: [PATCH] use uid instead of app id for tracking INTERNET permission`

			`Change-Id: Ibec846480f3b440b5a323c86efa95c2fd1d81284`
			`---`
			`bpf_progs/netd.c \| 10 ++--------`
			`1 file changed, 2 insertions(+), 8 deletions(-)`

			`diff --git a/bpf_progs/netd.c b/bpf_progs/netd.c`
			`index 1362be25..69b618f8 100644`
			`--- a/bpf_progs/netd.c`
			`+++ b/bpf_progs/netd.c`
			`@@ -74,14 +74,8 @@ DEFINE_BPF_MAP(uid_permission_map, HASH, uint32_t, uint8_t, UID_OWNER_MAP_SIZE)`
			`SEC("cgroupsock/inet/create")`
			`int inet_socket_create(struct bpf_sock* sk) {`
			`uint64_t gid_uid = bpf_get_current_uid_gid();`
			`- /*`
			`- * A given app is guaranteed to have the same app ID in all the profiles in`
			`- * which it is installed, and install permission is granted to app for all`
			`- * user at install time so we only check the appId part of a request uid at`
			`- * run time. See UserHandle#isSameApp for detail.`
			`- */`
			`- uint32_t appId = (gid_uid & 0xffffffff) % PER_USER_RANGE;`
			`- uint8_t* permissions = bpf_uid_permission_map_lookup_elem(&appId);`
			`+ uint32_t uid = (gid_uid & 0xffffffff);`
			`+ uint8_t* permissions = bpf_uid_permission_map_lookup_elem(&uid);`
			`if (!permissions) {`
			`// UID not in map. Default to just INTERNET permission.`
			`return 1;`