diff --git a/Patches/LineageOS-14.1/android_system_netd/244387.patch b/Patches/LineageOS-14.1/android_system_netd/244387.patch new file mode 100644 index 00000000..a928c29e --- /dev/null +++ b/Patches/LineageOS-14.1/android_system_netd/244387.patch @@ -0,0 +1,134 @@ +From 0cd7a28a999b9be67251989f8d434dde172157bd Mon Sep 17 00:00:00 2001 +From: Lorenzo Colitti +Date: Thu, 30 Mar 2017 02:50:09 +0900 +Subject: [PATCH] Really always allow networking on loopback. + +https://android-review.googlesource.com/#/c/294359/ attempted to +allow networking on loopback, but actually does not do anything +because no packet has both -i lo and -o lo: loopback packets have +-i lo in INPUT and -o lo in OUTPUT. + +Test: bullhead builds, boots +Test: netd_{unit,integration}_test pass +Test: loopback traffic is matched by new "-i lo" and "-o lo" rules +Test: originated and received traffic is not matched by new rules +Bug: 34444781 +Change-Id: I090cbeafce5bbdcf36a7aecaafbf832feddc06e1 +--- + server/FirewallController.cpp | 3 ++- + server/FirewallControllerTest.cpp | 15 ++++++++++----- + tests/binder_test.cpp | 16 ++++++++-------- + 3 files changed, 20 insertions(+), 14 deletions(-) + +diff --git a/server/FirewallController.cpp b/server/FirewallController.cpp +index 826cf758..ffc99e16 100644 +--- a/server/FirewallController.cpp ++++ b/server/FirewallController.cpp +@@ -301,7 +301,8 @@ std::string FirewallController::makeUidRules(IptablesTarget target, const char * + StringAppendF(&commands, "*filter\n:%s -\n", name); + + // Always allow networking on loopback. +- StringAppendF(&commands, "-A %s -i lo -o lo -j RETURN\n", name); ++ StringAppendF(&commands, "-A %s -i lo -j RETURN\n", name); ++ StringAppendF(&commands, "-A %s -o lo -j RETURN\n", name); + + // Allow TCP RSTs so we can cleanly close TCP connections of apps that no longer have network + // access. Both incoming and outgoing RSTs are allowed. +diff --git a/server/FirewallControllerTest.cpp b/server/FirewallControllerTest.cpp +index 7d96c61c..ba449db0 100644 +--- a/server/FirewallControllerTest.cpp ++++ b/server/FirewallControllerTest.cpp +@@ -56,7 +56,8 @@ TEST_F(FirewallControllerTest, TestCreateWhitelistChain) { + std::vector expectedRestore4 = { + "*filter", + ":fw_whitelist -", +- "-A fw_whitelist -i lo -o lo -j RETURN", ++ "-A fw_whitelist -i lo -j RETURN", ++ "-A fw_whitelist -o lo -j RETURN", + "-A fw_whitelist -p tcp --tcp-flags RST RST -j RETURN", + "-A fw_whitelist -m owner --uid-owner 0-9999 -j RETURN", + "-A fw_whitelist -j DROP", +@@ -65,7 +66,8 @@ TEST_F(FirewallControllerTest, TestCreateWhitelistChain) { + std::vector expectedRestore6 = { + "*filter", + ":fw_whitelist -", +- "-A fw_whitelist -i lo -o lo -j RETURN", ++ "-A fw_whitelist -i lo -j RETURN", ++ "-A fw_whitelist -o lo -j RETURN", + "-A fw_whitelist -p tcp --tcp-flags RST RST -j RETURN", + "-A fw_whitelist -p icmpv6 --icmpv6-type packet-too-big -j RETURN", + "-A fw_whitelist -p icmpv6 --icmpv6-type router-solicitation -j RETURN", +@@ -95,7 +97,8 @@ TEST_F(FirewallControllerTest, TestCreateBlacklistChain) { + std::vector expectedRestore = { + "*filter", + ":fw_blacklist -", +- "-A fw_blacklist -i lo -o lo -j RETURN", ++ "-A fw_blacklist -i lo -j RETURN", ++ "-A fw_blacklist -o lo -j RETURN", + "-A fw_blacklist -p tcp --tcp-flags RST RST -j RETURN", + "COMMIT\n\x04" + }; +@@ -141,7 +144,8 @@ TEST_F(FirewallControllerTest, TestReplaceWhitelistUidRule) { + std::string expected = + "*filter\n" + ":FW_whitechain -\n" +- "-A FW_whitechain -i lo -o lo -j RETURN\n" ++ "-A FW_whitechain -i lo -j RETURN\n" ++ "-A FW_whitechain -o lo -j RETURN\n" + "-A FW_whitechain -p tcp --tcp-flags RST RST -j RETURN\n" + "-A FW_whitechain -p icmpv6 --icmpv6-type packet-too-big -j RETURN\n" + "-A FW_whitechain -p icmpv6 --icmpv6-type router-solicitation -j RETURN\n" +@@ -168,7 +172,8 @@ TEST_F(FirewallControllerTest, TestReplaceBlacklistUidRule) { + std::string expected = + "*filter\n" + ":FW_blackchain -\n" +- "-A FW_blackchain -i lo -o lo -j RETURN\n" ++ "-A FW_blackchain -i lo -j RETURN\n" ++ "-A FW_blackchain -o lo -j RETURN\n" + "-A FW_blackchain -p tcp --tcp-flags RST RST -j RETURN\n" + "-A FW_blackchain -m owner --uid-owner 10023 -j DROP\n" + "-A FW_blackchain -m owner --uid-owner 10059 -j DROP\n" +diff --git a/tests/binder_test.cpp b/tests/binder_test.cpp +index 5395f1d2..dcaf2302 100644 +--- a/tests/binder_test.cpp ++++ b/tests/binder_test.cpp +@@ -176,31 +176,31 @@ TEST_F(BinderTest, TestFirewallReplaceUidChain) { + mNetd->firewallReplaceUidChain(String16(chainName.c_str()), true, uids, &ret); + } + EXPECT_EQ(true, ret); +- EXPECT_EQ((int) uids.size() + 6, iptablesRuleLineLength(IPTABLES_PATH, chainName.c_str())); +- EXPECT_EQ((int) uids.size() + 12, iptablesRuleLineLength(IP6TABLES_PATH, chainName.c_str())); ++ EXPECT_EQ((int) uids.size() + 7, iptablesRuleLineLength(IPTABLES_PATH, chainName.c_str())); ++ EXPECT_EQ((int) uids.size() + 13, iptablesRuleLineLength(IP6TABLES_PATH, chainName.c_str())); + { + TimedOperation op("Clearing whitelist chain"); + mNetd->firewallReplaceUidChain(String16(chainName.c_str()), false, noUids, &ret); + } + EXPECT_EQ(true, ret); +- EXPECT_EQ(4, iptablesRuleLineLength(IPTABLES_PATH, chainName.c_str())); +- EXPECT_EQ(4, iptablesRuleLineLength(IP6TABLES_PATH, chainName.c_str())); ++ EXPECT_EQ(5, iptablesRuleLineLength(IPTABLES_PATH, chainName.c_str())); ++ EXPECT_EQ(5, iptablesRuleLineLength(IP6TABLES_PATH, chainName.c_str())); + + { + TimedOperation op(StringPrintf("Programming %d-UID blacklist chain", kNumUids)); + mNetd->firewallReplaceUidChain(String16(chainName.c_str()), false, uids, &ret); + } + EXPECT_EQ(true, ret); +- EXPECT_EQ((int) uids.size() + 4, iptablesRuleLineLength(IPTABLES_PATH, chainName.c_str())); +- EXPECT_EQ((int) uids.size() + 4, iptablesRuleLineLength(IP6TABLES_PATH, chainName.c_str())); ++ EXPECT_EQ((int) uids.size() + 5, iptablesRuleLineLength(IPTABLES_PATH, chainName.c_str())); ++ EXPECT_EQ((int) uids.size() + 5, iptablesRuleLineLength(IP6TABLES_PATH, chainName.c_str())); + + { + TimedOperation op("Clearing blacklist chain"); + mNetd->firewallReplaceUidChain(String16(chainName.c_str()), false, noUids, &ret); + } + EXPECT_EQ(true, ret); +- EXPECT_EQ(4, iptablesRuleLineLength(IPTABLES_PATH, chainName.c_str())); +- EXPECT_EQ(4, iptablesRuleLineLength(IP6TABLES_PATH, chainName.c_str())); ++ EXPECT_EQ(5, iptablesRuleLineLength(IPTABLES_PATH, chainName.c_str())); ++ EXPECT_EQ(5, iptablesRuleLineLength(IP6TABLES_PATH, chainName.c_str())); + + // Check that the call fails if iptables returns an error. + std::string veryLongStringName = "netd_binder_test_UnacceptablyLongIptablesChainName"; diff --git a/Patches/LineageOS-14.1/android_system_netd/244388.patch b/Patches/LineageOS-14.1/android_system_netd/244388.patch new file mode 100644 index 00000000..0d70dfd4 --- /dev/null +++ b/Patches/LineageOS-14.1/android_system_netd/244388.patch @@ -0,0 +1,52 @@ +From 297e6f85ac174825505970e62b4a1f39f84ef3ac Mon Sep 17 00:00:00 2001 +From: Joel Scherpelz +Date: Wed, 14 Jun 2017 10:27:47 +0900 +Subject: [PATCH] BACKPORT: Avoid netlink socket address conflict + +NetlinkManager previously bound all netlink sockets with nl_pid = +getpid(). Unfortunately only the first such socket is allowed to claim +nl_pid = getpid(). The kernel is happy to assign this value +automatically if nl_pid = 0. For more information on nl_pid see "man 7 +netlink". + +When NFLogListener was added, it created a socket with a kernel assigned +nl_pid, unfortunately the kernel assigns getpid() to the first such +socket and listener was initialized earlier in the startup process than +NetlinkManager. + +This change alters NetlinkManager to request a kernel assigned nl_pid and +defensively moves the initialization of NFLogListener later in the +startup sequence to favor proper operation of existing code in +NetlinkManager. Error logging is also slightly improved. + +Test: as follows + - built + - flashed + - booted + - "runtest -x .../netd_unit_test.cpp" passes + - "cts-tradefed run commandAndExit cts-dev -m CtsOsTestCases -t + android.os.cts.StrictModeTest" passes +Bug: 62353125 + +[syphyr: Removed NFLogListener changes] +Signed-off-by: L.W. Reek + +Change-Id: I9c1c76e5769de75ff624bf43634ac4061c447a72 +--- + server/NetlinkManager.cpp | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/server/NetlinkManager.cpp b/server/NetlinkManager.cpp +index 769a80ae..5e6eaba8 100644 +--- a/server/NetlinkManager.cpp ++++ b/server/NetlinkManager.cpp +@@ -73,7 +73,8 @@ NetlinkHandler *NetlinkManager::setupSocket(int *sock, int netlinkFamily, + + memset(&nladdr, 0, sizeof(nladdr)); + nladdr.nl_family = AF_NETLINK; +- nladdr.nl_pid = getpid(); ++ // Kernel will assign a unique nl_pid if set to zero. ++ nladdr.nl_pid = 0; + nladdr.nl_groups = groups; + + if ((*sock = socket(PF_NETLINK, SOCK_DGRAM | SOCK_CLOEXEC, netlinkFamily)) < 0) { diff --git a/Patches/LineageOS-14.1/android_system_netd/245690.patch b/Patches/LineageOS-14.1/android_system_netd/245690.patch new file mode 100644 index 00000000..eac507c7 --- /dev/null +++ b/Patches/LineageOS-14.1/android_system_netd/245690.patch @@ -0,0 +1,68 @@ +From af314f68701a4d6c06ac1b9a09feddcff5e7eb73 Mon Sep 17 00:00:00 2001 +From: Sehee Park +Date: Wed, 26 Dec 2018 07:28:23 +0900 +Subject: [PATCH] Fix fortify_fatal issue during DNSServiceProcessResult() + +fd was checked at beginnig of DNSServiceProcessResult() +but fd was changed to -1. So, fortify_fatal was occured +when FD_SET() was called. +Abort message: 'FORTIFY: FD_SET: file descriptor -1 < 0' + +Test: Build +Bug: 120910016 +Bug: 121327565 +Change-Id: Ib4c8dcc08223578fb53647637b44a20a4c221050 +Merged-In: Ib4c8dcc08223578fb53647637b44a20a4c221050 +Signed-off-by: Sehee Park +(cherry picked from commit 3eeb0e6b86ac8a7f00968d0a086381e7dcd8cc2b) +--- + server/MDnsSdListener.cpp | 10 +++++++++- + server/MDnsSdListener.h | 1 + + 2 files changed, 10 insertions(+), 1 deletion(-) + +diff --git a/server/MDnsSdListener.cpp b/server/MDnsSdListener.cpp +index 883fe815..e3fd66a0 100644 +--- a/server/MDnsSdListener.cpp ++++ b/server/MDnsSdListener.cpp +@@ -146,7 +146,7 @@ void MDnsSdListener::Handler::stop(SocketClient *cli, int argc, char **argv, con + return; + } + if (VDBG) ALOGD("Stopping %s with ref %p", str, ref); +- DNSServiceRefDeallocate(*ref); ++ mMonitor->deallocateServiceRef(ref); + mMonitor->freeServiceRef(requestId); + char *msg; + asprintf(&msg, "%s stopped", str); +@@ -617,7 +617,9 @@ void MDnsSdListener::Monitor::run() { + ALOGD("Monitor found [%d].revents = %d - calling ProcessResults", + i, mPollFds[i].revents); + } ++ pthread_mutex_lock(&mHeadMutex); + DNSServiceProcessResult(*(mPollRefs[i])); ++ pthread_mutex_unlock(&mHeadMutex); + mPollFds[i].revents = 0; + } + } +@@ -769,3 +771,9 @@ void MDnsSdListener::Monitor::freeServiceRef(int id) { + } + pthread_mutex_unlock(&mHeadMutex); + } ++ ++void MDnsSdListener::Monitor::deallocateServiceRef(DNSServiceRef* ref) { ++ pthread_mutex_lock(&mHeadMutex); ++ DNSServiceRefDeallocate(*ref); ++ pthread_mutex_unlock(&mHeadMutex); ++} +\ No newline at end of file +diff --git a/server/MDnsSdListener.h b/server/MDnsSdListener.h +index e9c6066a..a107d3b8 100644 +--- a/server/MDnsSdListener.h ++++ b/server/MDnsSdListener.h +@@ -76,6 +76,7 @@ class MDnsSdListener : public FrameworkListener { + static void *threadStart(void *handler); + int startService(); + int stopService(); ++ void deallocateServiceRef(DNSServiceRef* ref); + private: + void run(); + int rescan(); // returns the number of elements in the poll diff --git a/Patches/LineageOS-14.1/android_system_netd/245691.patch b/Patches/LineageOS-14.1/android_system_netd/245691.patch new file mode 100644 index 00000000..33df2e41 --- /dev/null +++ b/Patches/LineageOS-14.1/android_system_netd/245691.patch @@ -0,0 +1,32 @@ +From 5f01e7f21f155a6b13a5ce659bac1fc03735a5e9 Mon Sep 17 00:00:00 2001 +From: Ken Chen +Date: Sat, 26 Jan 2019 19:17:00 +0800 +Subject: [PATCH] Clear Element.mRef immediately after deallocating it + +DNSServiceRefDeallocate() and pointer dereferencing in request handler +thread are protected by two separate lock/unlock pairs on mHeadMutex. +If rescan() runs between these, it could dereference mRef, causing +a heap-use-after-free bug. + +Solution: set mRef to null immediately after freeing it. + +Bug: 121327565 +Test: build +Change-Id: I56ace2ad8a2da528afa375aefb1b9420547658a7 +(cherry picked from commit 9762bc1964a37ec56091ee2b6070e19c5206f615) +--- + server/MDnsSdListener.cpp | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/server/MDnsSdListener.cpp b/server/MDnsSdListener.cpp +index e3fd66a0..563e0207 100644 +--- a/server/MDnsSdListener.cpp ++++ b/server/MDnsSdListener.cpp +@@ -775,5 +775,6 @@ void MDnsSdListener::Monitor::freeServiceRef(int id) { + void MDnsSdListener::Monitor::deallocateServiceRef(DNSServiceRef* ref) { + pthread_mutex_lock(&mHeadMutex); + DNSServiceRefDeallocate(*ref); ++ *ref = nullptr; + pthread_mutex_unlock(&mHeadMutex); + } +\ No newline at end of file diff --git a/Patches/LineageOS-14.1/android_system_netd/264479.patch b/Patches/LineageOS-14.1/android_system_netd/264479.patch new file mode 100644 index 00000000..7f59f756 --- /dev/null +++ b/Patches/LineageOS-14.1/android_system_netd/264479.patch @@ -0,0 +1,129 @@ +From 73e902f57aae15f4d79ed57f46326fb5a0136c94 Mon Sep 17 00:00:00 2001 +From: Erik Kline +Date: Thu, 24 Nov 2016 08:30:34 +0900 +Subject: [PATCH] Cache flushing no longer occurs updating DNS for a single + netid + +Test: runtest netd_integration_test.cpp +Bug: 32517984 +Change-Id: I6a82824ab423a07797291e7b4701350c88809117 +--- + tests/netd_test.cpp | 102 ++++++++++++++++++++++---------------------- + 1 file changed, 51 insertions(+), 51 deletions(-) + +diff --git a/tests/netd_test.cpp b/tests/netd_test.cpp +index a958cd90..97a96b9a 100644 +--- a/tests/netd_test.cpp ++++ b/tests/netd_test.cpp +@@ -386,60 +386,60 @@ TEST_F(ResolverTest, GetAddrInfo) { + dns2.addMapping(host_name, ns_type::ns_t_aaaa, "::1.2.3.4"); + ASSERT_TRUE(dns2.startServer()); + +- for (size_t i = 0 ; i < 1000 ; ++i) { +- std::vector servers = { listen_addr }; +- ASSERT_TRUE(SetResolversForNetwork(mDefaultSearchDomains, servers, mDefaultParams)); +- dns.clearQueries(); +- dns2.clearQueries(); +- +- EXPECT_EQ(0, getaddrinfo("howdy", nullptr, nullptr, &result)); +- size_t found = GetNumQueries(dns, host_name); +- EXPECT_LE(1U, found); +- // Could be A or AAAA +- std::string result_str = ToString(result); +- EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4") +- << ", result_str='" << result_str << "'"; +- // TODO: Use ScopedAddrinfo or similar once it is available in a common header file. +- if (result) { +- freeaddrinfo(result); +- result = nullptr; +- } + +- // Verify that the name is cached. +- size_t old_found = found; +- EXPECT_EQ(0, getaddrinfo("howdy", nullptr, nullptr, &result)); +- found = GetNumQueries(dns, host_name); +- EXPECT_LE(1U, found); +- EXPECT_EQ(old_found, found); +- result_str = ToString(result); +- EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4") +- << result_str; +- if (result) { +- freeaddrinfo(result); +- result = nullptr; +- } ++ std::vector servers = { listen_addr }; ++ ASSERT_TRUE(SetResolversForNetwork(mDefaultSearchDomains, servers, mDefaultParams)); ++ dns.clearQueries(); ++ dns2.clearQueries(); ++ ++ EXPECT_EQ(0, getaddrinfo("howdy", nullptr, nullptr, &result)); ++ size_t found = GetNumQueries(dns, host_name); ++ EXPECT_LE(1U, found); ++ // Could be A or AAAA ++ std::string result_str = ToString(result); ++ EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4") ++ << ", result_str='" << result_str << "'"; ++ // TODO: Use ScopedAddrinfo or similar once it is available in a common header file. ++ if (result) { ++ freeaddrinfo(result); ++ result = nullptr; ++ } + +- // Change the DNS resolver, ensure that queries are no longer cached. +- servers = { listen_addr2 }; +- ASSERT_TRUE(SetResolversForNetwork(mDefaultSearchDomains, servers, mDefaultParams)); +- dns.clearQueries(); +- dns2.clearQueries(); +- +- EXPECT_EQ(0, getaddrinfo("howdy", nullptr, nullptr, &result)); +- found = GetNumQueries(dns, host_name); +- size_t found2 = GetNumQueries(dns2, host_name); +- EXPECT_EQ(0U, found); +- EXPECT_LE(1U, found2); +- +- // Could be A or AAAA +- result_str = ToString(result); +- EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4") +- << ", result_str='" << result_str << "'"; +- if (result) { +- freeaddrinfo(result); +- result = nullptr; +- } ++ // Verify that the name is cached. ++ size_t old_found = found; ++ EXPECT_EQ(0, getaddrinfo("howdy", nullptr, nullptr, &result)); ++ found = GetNumQueries(dns, host_name); ++ EXPECT_LE(1U, found); ++ EXPECT_EQ(old_found, found); ++ result_str = ToString(result); ++ EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4") ++ << result_str; ++ if (result) { ++ freeaddrinfo(result); ++ result = nullptr; + } ++ ++ // Change the DNS resolver, ensure that queries are still cached. ++ servers = { listen_addr2 }; ++ ASSERT_TRUE(SetResolversForNetwork(mDefaultSearchDomains, servers, mDefaultParams)); ++ dns.clearQueries(); ++ dns2.clearQueries(); ++ ++ EXPECT_EQ(0, getaddrinfo("howdy", nullptr, nullptr, &result)); ++ found = GetNumQueries(dns, host_name); ++ size_t found2 = GetNumQueries(dns2, host_name); ++ EXPECT_EQ(0U, found); ++ EXPECT_LE(0U, found2); ++ ++ // Could be A or AAAA ++ result_str = ToString(result); ++ EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4") ++ << ", result_str='" << result_str << "'"; ++ if (result) { ++ freeaddrinfo(result); ++ result = nullptr; ++ } ++ + dns.stopServer(); + dns2.stopServer(); + } diff --git a/Patches/LineageOS-14.1/android_system_netd/264480.patch b/Patches/LineageOS-14.1/android_system_netd/264480.patch new file mode 100644 index 00000000..ab88d38a --- /dev/null +++ b/Patches/LineageOS-14.1/android_system_netd/264480.patch @@ -0,0 +1,28 @@ +From 7aee5e85160c025a6d3f0460f4482aadb985c0f3 Mon Sep 17 00:00:00 2001 +From: Nick Kralevich +Date: Sat, 19 Nov 2016 09:09:16 -0800 +Subject: [PATCH] TetherController.cpp: add O_CLOEXEC + +Don't leak open file descriptors across execs to netd's children. This +can occur in the unlikely but theoretically possible event that one +thread is in writeToFile() and another thread happens to call exec(). + +Test: device boots with no obvious problems. +Change-Id: Iabd8eee46bf94d70894ca46e58484ccb8241513a +--- + server/TetherController.cpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/server/TetherController.cpp b/server/TetherController.cpp +index 3cc46368..65c88ede 100644 +--- a/server/TetherController.cpp ++++ b/server/TetherController.cpp +@@ -46,7 +46,7 @@ const char IPV6_FORWARDING_PROC_FILE[] = "/proc/sys/net/ipv6/conf/all/forwarding + const char SEPARATOR[] = "|"; + + bool writeToFile(const char* filename, const char* value) { +- int fd = open(filename, O_WRONLY); ++ int fd = open(filename, O_WRONLY | O_CLOEXEC); + if (fd < 0) { + ALOGE("Failed to open %s: %s", filename, strerror(errno)); + return false; diff --git a/Patches/LineageOS-14.1/android_system_netd/264481.patch b/Patches/LineageOS-14.1/android_system_netd/264481.patch new file mode 100644 index 00000000..f175ec66 --- /dev/null +++ b/Patches/LineageOS-14.1/android_system_netd/264481.patch @@ -0,0 +1,30 @@ +From bea94d341f8c3da6611e959b4732accbb079cab1 Mon Sep 17 00:00:00 2001 +From: Manoj Gupta +Date: Tue, 22 Nov 2016 21:15:59 -0800 +Subject: [PATCH] Fix clang static analyzer warnings. + +system/netd/server/NetlinkHandler.cpp:218:12: warning: Dereference of +null pointer (loaded from variable 'gateway') + +Test: Warning no longer appears +Change-Id: Idaa08940c990f7d572e855e77982ffd57a032dd4 +--- + server/NetlinkHandler.cpp | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/server/NetlinkHandler.cpp b/server/NetlinkHandler.cpp +index 19de240a..e9a11bab 100644 +--- a/server/NetlinkHandler.cpp ++++ b/server/NetlinkHandler.cpp +@@ -215,9 +215,9 @@ void NetlinkHandler::notifyRouteChange(NetlinkEvent::Action action, const char * + "Route %s %s%s%s%s%s", + (action == NetlinkEvent::Action::kRouteUpdated) ? kUpdated : kRemoved, + route, +- *gateway ? " via " : "", ++ (gateway && *gateway) ? " via " : "", + gateway, +- *iface ? " dev " : "", ++ (iface && *iface) ? " dev " : "", + iface); + } + diff --git a/Patches/LineageOS-14.1/android_system_netd/264482.patch b/Patches/LineageOS-14.1/android_system_netd/264482.patch new file mode 100644 index 00000000..a49147a7 --- /dev/null +++ b/Patches/LineageOS-14.1/android_system_netd/264482.patch @@ -0,0 +1,40 @@ +From 147d0470f98c5f5f938892bbc5bb640e115fdb98 Mon Sep 17 00:00:00 2001 +From: Nick Kralevich +Date: Tue, 20 Dec 2016 08:40:35 -0800 +Subject: [PATCH] SockDiag.cpp: Add O_CLOEXEC to tcpdiag sockets + +Add O_CLOEXEC to NETLINK_INET_DIAG sockets. This ensures that the file +descriptors associated with these sockets do not leak across an exec() +boundary. Please see "man 2 open" for a description of why this is +desirable. + +Addresses the following SELinux denial: + + avc: denied { read write } for comm="clatd" path="socket:[902062]" + dev="sockfs" ino=902062 scontext=u:r:clatd:s0 tcontext=u:r:netd:s0 + tclass=netlink_tcpdiag_socket permissive=0 + +which occurs when netd executes clatd and inadvertantly leaks the file +descriptors to that process. + +Test: Android compiles and boots, and no obvious errors +Change-Id: Ic5662fa8df6884e7002a0ec89839fe90abe05574 +--- + server/SockDiag.cpp | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/server/SockDiag.cpp b/server/SockDiag.cpp +index 11711afa..630e379d 100644 +--- a/server/SockDiag.cpp ++++ b/server/SockDiag.cpp +@@ -73,8 +73,8 @@ bool SockDiag::open() { + return false; + } + +- mSock = socket(PF_NETLINK, SOCK_DGRAM, NETLINK_INET_DIAG); +- mWriteSock = socket(PF_NETLINK, SOCK_DGRAM, NETLINK_INET_DIAG); ++ mSock = socket(PF_NETLINK, SOCK_DGRAM | SOCK_CLOEXEC, NETLINK_INET_DIAG); ++ mWriteSock = socket(PF_NETLINK, SOCK_DGRAM | SOCK_CLOEXEC, NETLINK_INET_DIAG); + if (!hasSocks()) { + closeSocks(); + return false; diff --git a/Patches/LineageOS-14.1/android_system_netd/264483.patch b/Patches/LineageOS-14.1/android_system_netd/264483.patch new file mode 100644 index 00000000..ce94c9cb --- /dev/null +++ b/Patches/LineageOS-14.1/android_system_netd/264483.patch @@ -0,0 +1,41 @@ +From 3c272f5a65fa8ebabb22bd344ff65c14be47183c Mon Sep 17 00:00:00 2001 +From: Nick Kralevich +Date: Tue, 20 Dec 2016 06:51:32 -0800 +Subject: [PATCH] FwMarkServer.cpp: Add O_CLOEXEC to received FDs + +Add O_CLOEXEC to file descriptors received via the fwmark service. This +prevents netd's file descriptors from leaking across an exec() boundary, +and may address the following non-reproducible SELinux denials: + +avc: denied { use } for comm="clatd" path="socket:[860297]" dev="sockfs" +ino=860297 scontext=u:r:clatd:s0 tcontext=u:r:untrusted_app:s0:c512,c768 +tclass=fd permissive=0 + +avc: denied { read write } for comm="clatd" path="socket:[1414454]" +dev="sockfs" ino=1414454 scontext=u:r:clatd:s0 +tcontext=u:r:system_server:s0 tclass=tcp_socket permissive=0 + +avc: denied { use } for comm="clatd" path="socket:[681600]" dev="sockfs" +ino=681600 scontext=u:r:clatd:s0 tcontext=u:r:priv_app:s0:c512,c768 +tclass=fd permissive=0 + +Test: Device boots and no obvious problems +Test: /data/nativetest/netd_integration_test/netd_integration_test passed +Change-Id: I866b1ee0693516b46269c7106e7fc1f85b017639 +--- + server/FwmarkServer.cpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/server/FwmarkServer.cpp b/server/FwmarkServer.cpp +index 80df03f4..38a116d6 100644 +--- a/server/FwmarkServer.cpp ++++ b/server/FwmarkServer.cpp +@@ -74,7 +74,7 @@ int FwmarkServer::processClient(SocketClient* client, int* socketFd) { + message.msg_control = cmsgu.cmsg; + message.msg_controllen = sizeof(cmsgu.cmsg); + +- int messageLength = TEMP_FAILURE_RETRY(recvmsg(client->getSocket(), &message, 0)); ++ int messageLength = TEMP_FAILURE_RETRY(recvmsg(client->getSocket(), &message, MSG_CMSG_CLOEXEC)); + if (messageLength <= 0) { + return -errno; + } diff --git a/Patches/LineageOS-14.1/android_system_netd/264484.patch b/Patches/LineageOS-14.1/android_system_netd/264484.patch new file mode 100644 index 00000000..e95d6573 --- /dev/null +++ b/Patches/LineageOS-14.1/android_system_netd/264484.patch @@ -0,0 +1,54 @@ +From 2b418c7cdced80f2ecd0e31b357970d51d9e4b25 Mon Sep 17 00:00:00 2001 +From: Lorenzo Colitti +Date: Sat, 21 Jan 2017 15:00:36 +0900 +Subject: [PATCH] Log the time it takes netd to start up. + +Currently on, bullhead-eng, I see: + +01-21 14:59:26.174 21421 21421 I Netd : Netd started in 2432ms + +Test: restarted netd and observed log message. +Bug: 32323979 +Bug: 33279878 +Change-Id: I7195d06d7ed1a09858185555f60b07e5bfe306ed +--- + server/main.cpp | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/server/main.cpp b/server/main.cpp +index ae3a71a3..aab15d66 100644 +--- a/server/main.cpp ++++ b/server/main.cpp +@@ -18,6 +18,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -40,6 +41,7 @@ + #include "NetdConstants.h" + #include "NetdNativeService.h" + #include "NetlinkManager.h" ++#include "Stopwatch.h" + #include "DnsProxyListener.h" + #include "MDnsSdListener.h" + #include "FwmarkServer.h" +@@ -63,6 +65,7 @@ android::RWLock android::net::gBigNetdLock; + + int main() { + using android::net::gCtls; ++ Stopwatch s; + + ALOGI("Netd 1.0 starting"); + remove_pid_file(); +@@ -122,6 +125,8 @@ int main() { + + write_pid_file(); + ++ ALOGI("Netd started in %dms", static_cast(s.timeTaken())); ++ + IPCThreadState::self()->joinThreadPool(); + + ALOGI("Netd exiting"); diff --git a/Patches/LineageOS-14.1/android_system_netd/264572.patch b/Patches/LineageOS-14.1/android_system_netd/264572.patch new file mode 100644 index 00000000..b53b2732 --- /dev/null +++ b/Patches/LineageOS-14.1/android_system_netd/264572.patch @@ -0,0 +1,24 @@ +From 0dfec203ee3b024ab9ff3d7d5c40c2cdf2db81e2 Mon Sep 17 00:00:00 2001 +From: Chih-Hung Hsieh +Date: Fri, 6 May 2016 10:36:13 -0700 +Subject: [PATCH] Fix google-explicit-constructor warnings. + +Bug: 28341362 +Change-Id: Idadc9ad22fdd9d014c8fe0522c89b6ec9d05ae98 +--- + tests/binder_test.cpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tests/binder_test.cpp b/tests/binder_test.cpp +index dcaf2302..1018e00e 100644 +--- a/tests/binder_test.cpp ++++ b/tests/binder_test.cpp +@@ -105,7 +105,7 @@ char BinderTest::sDstStr[INET6_ADDRSTRLEN]; + + class TimedOperation : public Stopwatch { + public: +- TimedOperation(std::string name): mName(name) {} ++ explicit TimedOperation(const std::string &name): mName(name) {} + virtual ~TimedOperation() { + fprintf(stderr, " %s: %6.1f ms\n", mName.c_str(), timeTaken()); + } diff --git a/Patches/LineageOS-14.1/android_system_netd/264573.patch b/Patches/LineageOS-14.1/android_system_netd/264573.patch new file mode 100644 index 00000000..36e9c890 --- /dev/null +++ b/Patches/LineageOS-14.1/android_system_netd/264573.patch @@ -0,0 +1,46 @@ +From b5c3fe8fac846e9e586f2c0454c1036099adaf27 Mon Sep 17 00:00:00 2001 +From: Thurston Hou Yeen Dang +Date: Wed, 1 Jun 2016 11:02:29 -0700 +Subject: [PATCH] Unsigned integer overflow sanitization for netd/server + +Enable unsigned-integer-overflow sanitization for netd/server +(libnetdaidl, netd, ndc). + +This does not cause any aborts on CtsNetTestCases (includes +android.net.cts.VpnServiceTest), CtsNetTestCasesLegacyApi22, and +CtsNetTestCasesLegacyPermission22. +(Some tests are finicky and need to be re-run individually to pass; there is similar behavior on the unsanitized build.) + +Change-Id: I021bae3cf20df7669822977d3221a44f207614a8 +--- + server/Android.mk | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/server/Android.mk b/server/Android.mk +index 04b626f0..0c848e54 100644 +--- a/server/Android.mk ++++ b/server/Android.mk +@@ -21,6 +21,7 @@ include $(CLEAR_VARS) + + LOCAL_CFLAGS := -Wall -Werror + LOCAL_CLANG := true ++LOCAL_SANITIZE := unsigned-integer-overflow + LOCAL_MODULE := libnetdaidl + LOCAL_SHARED_LIBRARIES := \ + libbinder \ +@@ -47,6 +48,7 @@ LOCAL_C_INCLUDES := \ + + LOCAL_CLANG := true + LOCAL_CPPFLAGS := -std=c++11 -Wall -Werror ++LOCAL_SANITIZE := unsigned-integer-overflow + LOCAL_MODULE := netd + + LOCAL_INIT_RC := netd.rc +@@ -134,6 +136,7 @@ include $(BUILD_EXECUTABLE) + include $(CLEAR_VARS) + + LOCAL_CFLAGS := -Wall -Werror ++LOCAL_SANITIZE := unsigned-integer-overflow + LOCAL_CLANG := true + LOCAL_MODULE := ndc + LOCAL_SHARED_LIBRARIES := libcutils diff --git a/PrebuiltApps b/PrebuiltApps index b708c547..1efeeaca 160000 --- a/PrebuiltApps +++ b/PrebuiltApps @@ -1 +1 @@ -Subproject commit b708c5479c9695f4658decbebe789f33f8586e99 +Subproject commit 1efeeaca191c0033b57816b99caf0341c7dc97e3 diff --git a/Scripts/LineageOS-14.1/Functions.sh b/Scripts/LineageOS-14.1/Functions.sh index d0c32d20..04990a1f 100644 --- a/Scripts/LineageOS-14.1/Functions.sh +++ b/Scripts/LineageOS-14.1/Functions.sh @@ -118,7 +118,6 @@ patchWorkspace() { #repopick 214125; #spellchecker: enable more wordlists repopick -it n_asb_09-2018-qcom; repopick -it ibss-mode-nougat; - repopick -it n-netd; repopick -i 280667 280668 280669; #n-asb-2020-07 export DOS_GRAPHENE_MALLOC=false; #patches apply, compile fails diff --git a/Scripts/LineageOS-14.1/Patch.sh b/Scripts/LineageOS-14.1/Patch.sh index cb6eee0c..824fe790 100644 --- a/Scripts/LineageOS-14.1/Patch.sh +++ b/Scripts/LineageOS-14.1/Patch.sh @@ -183,6 +183,9 @@ git revert --no-edit 0217dddeb5c16903c13ff6c75213619b79ea622b d7aa1231b6a0631f50 patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden.patch"; #Harden mounts with nodev/noexec/nosuid + misc sysfs changes (GrapheneOS) if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_system_core/0001-HM-Increase_vm_mmc.patch"; fi; #(GrapheneOS) +enterAndClear "system/netd"; +git am "$DOS_PATCHES/android_system_netd/*.patch"; #n-netd + enterAndClear "system/sepolicy"; patch -p1 < "$DOS_PATCHES/android_system_sepolicy/248600.patch"; #restrict access to timing information in /proc patch -p1 < "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch"; #Fix -user builds for LGE devices