19.1: more work, it compiles and boots!

- Add the manifest
- Add Pixel 2 series
- Add some missing patches
- More DNS files
- Drop Silence in 19.1

Signed-off-by: Tad <tad@spotco.us>

Patches/LineageOS-19.1/android_bionic/0001-HM-Use_HM.patch

@@ -5,6 +5,7 @@ Subject: [PATCH] use Scudo on 32-bit and hardened_malloc on 64-bit
 
 Co-authored-by: anupritaisno1 <www.anuprita804@gmail.com>
 Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
+[tad@spotco.us]: kept Lineage's scudo 32-bit workaround
 ---
  libc/Android.bp                  | 39 +++++++++++-------------
  libc/bionic/h_malloc_wrapper.cpp | 51 ++++++++++++++++++++++++++++++++

Patches/LineageOS-19.1/android_build/0002-OTA_Keys.patch

@@ -26,7 +26,6 @@ index 4b4ba3ccb8..dac79d1ff7 100644
  DEXPREOPT_DISABLED_MODULES :=
  # If a module has multiple setups, the first takes precedence.
 diff --git a/target/product/security/Android.mk b/target/product/security/Android.mk
-index cedad5b490..7eea027506 100644
 --- a/target/product/security/Android.mk
 +++ b/target/product/security/Android.mk
 @@ -63,8 +63,15 @@ LOCAL_MODULE_CLASS := ETC
@@ -52,8 +51,8 @@ index cedad5b490..7eea027506 100644
  extra_recovery_keys := $(patsubst %,%.x509.pem,$(PRODUCT_EXTRA_RECOVERY_KEYS))
  
 -$(LOCAL_BUILT_MODULE): PRIVATE_CERT := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem
-++OTA_PUBLIC_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem
-++
++OTA_PUBLIC_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem
++
 +ifneq ($(OTA_KEY_OVERRIDE_DIR),)
 +    OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem
 +endif

Patches/LineageOS-19.1/android_build/0003-Exec_Based_Spawning.patch

@@ -1,4 +1,4 @@
-From 8e01dd93f29aba79e15a211084582afd9681e8ab Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Daniel Micay <danielmicay@gmail.com>
 Date: Thu, 17 Sep 2020 10:53:00 -0400
 Subject: [PATCH] disable enforce RRO for mainline devices
@@ -14,10 +14,10 @@ Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/target/product/generic_system.mk b/target/product/generic_system.mk
-index d930957dfb..f0a9400b86 100644
+index f13c9db4d1..06126f5117 100644
 --- a/target/product/generic_system.mk
 +++ b/target/product/generic_system.mk
-@@ -113,7 +113,7 @@ PRODUCT_COPY_FILES += \
+@@ -116,7 +116,7 @@ PRODUCT_COPY_FILES += \
  # Enable dynamic partition size
  PRODUCT_USE_DYNAMIC_PARTITION_SIZE := true
  

Patches/LineageOS-19.1/android_build_soong/0002-hm_apex.patch

@@ -1,4 +1,4 @@
-From cc973e807d440a2cfe7bed420fbf7ae25985ddc1 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: anupritaisno1 <www.anuprita804@gmail.com>
 Date: Sun, 13 Sep 2020 09:35:41 +0000
 Subject: [PATCH] make hardened malloc available to apexes

Patches/LineageOS-19.1/android_external_hardened_malloc/0001-Broken_Cameras.patch

@@ -0,0 +1,25 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Tad <tad@spotco.us>
+Date: Tue, 15 Mar 2022 22:18:26 -0400
+Subject: [PATCH] Expand workaround to all camera executables
+
+Signed-off-by: Tad <tad@spotco.us>
+Change-Id: I23513ec0379bbb10829f989690334e9704fd20e2
+---
+ h_malloc.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/h_malloc.c b/h_malloc.c
+index 5fceaef..70a3e82 100644
+--- a/h_malloc.c
++++ b/h_malloc.c
+@@ -1082,7 +1082,8 @@ COLD static void handle_bugs(void) {
+ 
+     // Pixel 3, Pixel 3 XL, Pixel 3a and Pixel 3a XL camera provider
+     const char camera_provider[] = "/vendor/bin/hw/android.hardware.camera.provider@2.4-service_64";
+-    if (strcmp(camera_provider, path) == 0) {
++    // Any camera executable on system partition
++    if (strcmp(camera_provider, path) == 0 || (strstr(path, "camera") != NULL && (strncmp("/system", path, 7) == 0 || strncmp("/vendor", path, 7) == 0))) {
+         ro.zero_on_free = false;
+         ro.purge_slabs = false;
+         ro.region_quarantine_protect = false;

Patches/LineageOS-19.1/android_frameworks_base/0013-Network_Permission-4.patch

@@ -0,0 +1,43 @@
+From 2f262ed47122e57283ee85c2cca138728559ef35 Mon Sep 17 00:00:00 2001
+From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
+Date: Mon, 10 Jan 2022 15:50:33 +0200
+Subject: [PATCH] make DownloadManager.enqueue() a no-op when INTERNET
+ permission is revoked
+
+---
+ core/java/android/app/DownloadManager.java | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/core/java/android/app/DownloadManager.java b/core/java/android/app/DownloadManager.java
+index 355092378279..cb4a16641953 100644
+--- a/core/java/android/app/DownloadManager.java
++++ b/core/java/android/app/DownloadManager.java
+@@ -16,6 +16,7 @@
+ 
+ package android.app;
+ 
++import android.Manifest;
+ import android.annotation.NonNull;
+ import android.annotation.Nullable;
+ import android.annotation.RequiresPermission;
+@@ -31,6 +32,7 @@
+ import android.content.ContentUris;
+ import android.content.ContentValues;
+ import android.content.Context;
++import android.content.pm.PackageManager;
+ import android.database.Cursor;
+ import android.database.CursorWrapper;
+ import android.database.DatabaseUtils;
+@@ -1115,6 +1117,12 @@ public void onMediaStoreDownloadsDeleted(@NonNull LongSparseArray<String> idToMi
+      * calls related to this download.
+      */
+     public long enqueue(Request request) {
++        // don't crash apps that expect INTERNET permission to be always granted
++        Context ctx = ActivityThread.currentApplication();
++        if (ctx != null && ctx.checkSelfPermission(Manifest.permission.INTERNET) != PackageManager.PERMISSION_GRANTED) {
++            // invalid id (DownloadProvider uses SQLite and returns a row id)
++            return -1;
++        }
+         ContentValues values = request.toContentValues(mPackageName);
+         Uri downloadUri = mResolver.insert(Downloads.Impl.CONTENT_URI, values);
+         long id = Long.parseLong(downloadUri.getLastPathSegment());

Patches/LineageOS-19.1/android_frameworks_base/0013-Network_Permission-5.patch

@@ -0,0 +1,35 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
+Date: Sat, 5 Feb 2022 11:08:55 +0200
+Subject: [PATCH] make DownloadManager.query() a no-op when INTERNET permission
+ is revoked
+
+---
+ core/java/android/app/DownloadManager.java | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/core/java/android/app/DownloadManager.java b/core/java/android/app/DownloadManager.java
+index c209660f4197..2b141e17a80b 100644
+--- a/core/java/android/app/DownloadManager.java
++++ b/core/java/android/app/DownloadManager.java
+@@ -34,6 +34,7 @@ import android.content.Context;
+ import android.database.Cursor;
+ import android.database.CursorWrapper;
+ import android.database.DatabaseUtils;
++import android.database.MatrixCursor;
+ import android.net.ConnectivityManager;
+ import android.net.NetworkPolicyManager;
+ import android.net.Uri;
+@@ -1170,6 +1171,12 @@ public class DownloadManager {
+ 
+     /** @hide */
+     public Cursor query(Query query, String[] projection) {
++        // don't crash apps that expect INTERNET permission to be always granted
++        Context ctx = ActivityThread.currentApplication();
++        if (ctx != null && ctx.checkSelfPermission(Manifest.permission.INTERNET) != PackageManager.PERMISSION_GRANTED) {
++            // underlying provider is protected by the INTERNET permission
++            return new MatrixCursor(projection);
++        }
+         Cursor underlyingCursor = query.runQuery(mResolver, projection, mBaseUri);
+         if (underlyingCursor == null) {
+             return null;

Patches/LineageOS-19.1/android_frameworks_base/0020-Location_Indicators-2.patch

@@ -0,0 +1,24 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: flawedworld <flawedworld@flawed.world>
+Date: Fri, 25 Feb 2022 01:02:26 +0000
+Subject: [PATCH] Exclude Bluetooth app from Location indicators
+
+---
+ core/res/res/values/config.xml | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml
+index 7305ccc93e93..5114704eac33 100644
+--- a/core/res/res/values/config.xml
++++ b/core/res/res/values/config.xml
+@@ -1753,7 +1753,9 @@
+          set before. -->
+     <bool name="config_defaultAdasGnssLocationEnabled" translatable="false">false</bool>
+ 
+-    <string-array name="config_locationExtraPackageNames" translatable="false"></string-array>
++    <string-array name="config_locationExtraPackageNames" translatable="false">
++     <item>com.android.bluetooth</item>
++    </string-array>
+ 
+     <!-- The package name of the default network recommendation app.
+          A network recommendation provider must:

Patches/LineageOS-19.1/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch

@@ -17,21 +17,21 @@ Change-Id: Ibbffdb5f3930df74ca8b4ba93d451f7fad086989
  res/values-de/cm_strings.xml                  |  3 +
  res/values/cm_strings.xml                     |  5 ++
  res/xml/network_and_internet.xml              |  7 ++
- .../android/settings/ResetNetworkConfirm.java |  3 +
+ .../android/settings/ResetNetworkConfirm.java |  4 +
  ...CaptivePortalModePreferenceController.java | 82 +++++++++++++++++++
  .../network/CaptivePortalWarningDialog.java   | 74 +++++++++++++++++
  .../CaptivePortalWarningDialogHost.java       | 32 ++++++++
  .../network/NetworkDashboardFragment.java     | 17 +++-
- 8 files changed, 222 insertions(+), 1 deletion(-)
+ 8 files changed, 223 insertions(+), 1 deletion(-)
  create mode 100644 src/com/android/settings/network/CaptivePortalModePreferenceController.java
  create mode 100644 src/com/android/settings/network/CaptivePortalWarningDialog.java
  create mode 100644 src/com/android/settings/network/CaptivePortalWarningDialogHost.java
 
 diff --git a/res/values-de/cm_strings.xml b/res/values-de/cm_strings.xml
-index 1669bf4fbf..0c3ebffd3e 100644
+index daf7a19a8f..326564d973 100644
 --- a/res/values-de/cm_strings.xml
 +++ b/res/values-de/cm_strings.xml
-@@ -23,6 +23,9 @@
+@@ -36,6 +36,9 @@
      <string name="volume_link_notification_title">Klingelton- und Benachrichtigungslautstärke verknüpfen</string>
      <string name="unlock_scramble_pin_layout_title">Zufällige Anordnung</string>
      <string name="unlock_scramble_pin_layout_summary">Bei jedem Entsperrversuch die Ziffernanordnung zufällig neu wählen</string>
@@ -74,10 +74,18 @@ index d842aad021..7f82235a2b 100644
 +
  </PreferenceScreen>
 diff --git a/src/com/android/settings/ResetNetworkConfirm.java b/src/com/android/settings/ResetNetworkConfirm.java
-index f79bdb2e36..aab19b4c73 100644
+index f79bdb2e36..58372582e1 100644
 --- a/src/com/android/settings/ResetNetworkConfirm.java
 +++ b/src/com/android/settings/ResetNetworkConfirm.java
-@@ -142,6 +142,9 @@ public class ResetNetworkConfirm extends InstrumentedFragment {
+@@ -37,6 +37,7 @@ import android.os.Looper;
+ import android.os.RecoverySystem;
+ import android.os.UserHandle;
+ import android.os.UserManager;
++import android.provider.Settings;
+ import android.telephony.SubscriptionManager;
+ import android.telephony.SubscriptionManager.OnSubscriptionsChangedListener;
+ import android.telephony.TelephonyManager;
+@@ -142,6 +143,9 @@ public class ResetNetworkConfirm extends InstrumentedFragment {
                  }
              }
  

Patches/LineageOS-19.1/android_packages_modules_Connectivity/0001-Network_Permission-1.patch

@@ -0,0 +1,121 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Danny Lin <danny@kdrag0n.dev>
+Date: Tue, 5 Oct 2021 17:05:49 -0700
+Subject: [PATCH] Add callback for enforcing INTERNET permission changes
+
+Change-Id: Ic79b9c6a6cb35c69de16732ce5be0a3e6e81d066
+---
+ framework/api/system-current.txt                 |  1 +
+ .../src/android/net/ConnectivityManager.java     | 16 ++++++++++++++++
+ .../src/android/net/IConnectivityManager.aidl    |  2 ++
+ .../com/android/server/ConnectivityService.java  |  6 ++++++
+ .../server/connectivity/PermissionMonitor.java   |  5 +++++
+ 5 files changed, 30 insertions(+)
+
+diff --git a/framework/api/system-current.txt b/framework/api/system-current.txt
+index d1d51da15..09a678d9b 100644
+--- a/framework/api/system-current.txt
++++ b/framework/api/system-current.txt
+@@ -51,6 +51,7 @@ package android.net {
+     method @Deprecated @RequiresPermission(android.Manifest.permission.NETWORK_SETTINGS) public String getCaptivePortalServerUrl();
+     method @Deprecated @RequiresPermission(android.Manifest.permission.TETHER_PRIVILEGED) public void getLatestTetheringEntitlementResult(int, boolean, @NonNull java.util.concurrent.Executor, @NonNull android.net.ConnectivityManager.OnTetheringEntitlementResultListener);
+     method @Deprecated @RequiresPermission(anyOf={android.Manifest.permission.TETHER_PRIVILEGED, android.Manifest.permission.WRITE_SETTINGS}) public boolean isTetheringSupported();
++    method public void onPackagePermissionChanged(int);
+     method @RequiresPermission(anyOf={android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK, android.Manifest.permission.NETWORK_FACTORY}) public int registerNetworkProvider(@NonNull android.net.NetworkProvider);
+     method public void registerQosCallback(@NonNull android.net.QosSocketInfo, @NonNull java.util.concurrent.Executor, @NonNull android.net.QosCallback);
+     method @Deprecated @RequiresPermission(android.Manifest.permission.TETHER_PRIVILEGED) public void registerTetheringEventCallback(@NonNull java.util.concurrent.Executor, @NonNull android.net.ConnectivityManager.OnTetheringEventCallback);
+diff --git a/framework/src/android/net/ConnectivityManager.java b/framework/src/android/net/ConnectivityManager.java
+index 2eb5fb72a..fd37a9746 100644
+--- a/framework/src/android/net/ConnectivityManager.java
++++ b/framework/src/android/net/ConnectivityManager.java
+@@ -16,6 +16,7 @@
+ package android.net;
+ 
+ import static android.annotation.SystemApi.Client.MODULE_LIBRARIES;
++import static android.annotation.SystemApi.Client.SYSTEM_SERVER;
+ import static android.net.NetworkRequest.Type.BACKGROUND_REQUEST;
+ import static android.net.NetworkRequest.Type.LISTEN;
+ import static android.net.NetworkRequest.Type.LISTEN_FOR_BEST;
+@@ -34,6 +35,7 @@ import android.annotation.SdkConstant.SdkConstantType;
+ import android.annotation.SuppressLint;
+ import android.annotation.SystemApi;
+ import android.annotation.SystemService;
++import android.annotation.UserIdInt;
+ import android.app.PendingIntent;
+ import android.app.admin.DevicePolicyManager;
+ import android.compat.annotation.UnsupportedAppUsage;
+@@ -5499,4 +5501,18 @@ public class ConnectivityManager {
+     public static Range<Integer> getIpSecNetIdRange() {
+         return new Range(TUN_INTF_NETID_START, TUN_INTF_NETID_START + TUN_INTF_NETID_RANGE - 1);
+     }
++
++    /**
++     * Notify ConnectivityService of a runtime permission change for the given package and user ID.
++     *
++     * @hide
++     */
++    @SystemApi
++    public void onPackagePermissionChanged(int uid) {
++        try {
++            mService.onPackagePermissionChanged(uid);
++        } catch (RemoteException e) {
++            throw e.rethrowFromSystemServer();
++        }
++    }
+ }
+diff --git a/framework/src/android/net/IConnectivityManager.aidl b/framework/src/android/net/IConnectivityManager.aidl
+index 50ec78120..2d09c0422 100644
+--- a/framework/src/android/net/IConnectivityManager.aidl
++++ b/framework/src/android/net/IConnectivityManager.aidl
+@@ -228,4 +228,6 @@ interface IConnectivityManager
+     void unofferNetwork(in INetworkOfferCallback callback);
+ 
+     void setTestAllowBadWifiUntil(long timeMs);
++
++    void onPackagePermissionChanged(int uid);
+ }
+diff --git a/service/src/com/android/server/ConnectivityService.java b/service/src/com/android/server/ConnectivityService.java
+index 418e9e33b..d4da9a42a 100644
+--- a/service/src/com/android/server/ConnectivityService.java
++++ b/service/src/com/android/server/ConnectivityService.java
+@@ -93,6 +93,7 @@ import static java.util.Map.Entry;
+ import android.Manifest;
+ import android.annotation.NonNull;
+ import android.annotation.Nullable;
++import android.annotation.UserIdInt;
+ import android.app.AppOpsManager;
+ import android.app.BroadcastOptions;
+ import android.app.PendingIntent;
+@@ -10346,4 +10347,9 @@ public class ConnectivityService extends IConnectivityManager.Stub
+             return createNetworkRequest(NetworkRequest.Type.REQUEST, netcap);
+         }
+     }
++
++    @Override
++    public void onPackagePermissionChanged(int uid) {
++        mPermissionMonitor.onInternetPermissionChanged(uid);
++    }
+ }
+diff --git a/service/src/com/android/server/connectivity/PermissionMonitor.java b/service/src/com/android/server/connectivity/PermissionMonitor.java
+index a49c0a6e8..a43ee18b3 100755
+--- a/service/src/com/android/server/connectivity/PermissionMonitor.java
++++ b/service/src/com/android/server/connectivity/PermissionMonitor.java
+@@ -32,6 +32,7 @@ import static android.os.Process.SYSTEM_UID;
+ import static com.android.net.module.util.CollectionUtils.toIntArray;
+ 
+ import android.annotation.NonNull;
++import android.annotation.UserIdInt;
+ import android.content.BroadcastReceiver;
+ import android.content.Context;
+ import android.content.Intent;
+@@ -278,6 +279,10 @@ public class PermissionMonitor {
+         sendPackagePermissionsToNetd(netdPermsUids);
+     }
+ 
++    public void onInternetPermissionChanged(int uid) {
++        sendPackagePermissionsForUid(UserHandle.getAppId(uid), getPermissionForUid(uid));
++    }
++
+     @VisibleForTesting
+     synchronized void updateUidsAllowedOnRestrictedNetworks(final Set<Integer> uids) {
+         mUidsAllowedOnRestrictedNetworks.clear();

Patches/LineageOS-19.1/android_packages_modules_Connectivity/0001-Network_Permission-2.patch

@@ -0,0 +1,320 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Pratyush <codelab@pratyush.dev>
+Date: Wed, 13 Oct 2021 22:20:53 +0530
+Subject: [PATCH] use uid instead of app id
+
+---
+ .../connectivity/PermissionMonitor.java       | 142 +++++++++---------
+ 1 file changed, 68 insertions(+), 74 deletions(-)
+
+diff --git a/service/src/com/android/server/connectivity/PermissionMonitor.java b/service/src/com/android/server/connectivity/PermissionMonitor.java
+index a43ee18b3..8625f3c80 100755
+--- a/service/src/com/android/server/connectivity/PermissionMonitor.java
++++ b/service/src/com/android/server/connectivity/PermissionMonitor.java
+@@ -225,42 +225,44 @@ public class PermissionMonitor {
+         // mUidsAllowedOnRestrictedNetworks.
+         updateUidsAllowedOnRestrictedNetworks(mDeps.getUidsAllowedOnRestrictedNetworks(mContext));
+ 
+-        List<PackageInfo> apps = mPackageManager.getInstalledPackages(GET_PERMISSIONS
+-                | MATCH_ANY_USER);
+-        if (apps == null) {
+-            loge("No apps");
+-            return;
+-        }
+-
+         SparseIntArray netdPermsUids = new SparseIntArray();
+ 
+-        for (PackageInfo app : apps) {
+-            int uid = app.applicationInfo != null ? app.applicationInfo.uid : INVALID_UID;
+-            if (uid < 0) {
++        mUsers.addAll(mUserManager.getUserHandles(true /* excludeDying */));
++
++        for(UserHandle user : mUsers){
++            PackageManager pmUser = mContext.createContextAsUser(user,0).getPackageManager();
++            List<PackageInfo> apps = pmUser.getInstalledPackages(GET_PERMISSIONS);
++            if (apps == null) {
++                loge("No apps");
+                 continue;
+             }
+-            mAllApps.add(UserHandle.getAppId(uid));
+ 
+-            boolean isNetwork = hasNetworkPermission(app);
+-            boolean hasRestrictedPermission = hasRestrictedNetworkPermission(app);
++            for (PackageInfo app : apps) {
++                int uid = app.applicationInfo != null ? app.applicationInfo.uid : INVALID_UID;
++                if (uid < 0) {
++                    continue;
++                }
++                mAllApps.add(uid);
+ 
+-            if (isNetwork || hasRestrictedPermission) {
+-                Boolean permission = mApps.get(UserHandle.getAppId(uid));
+-                // If multiple packages share a UID (cf: android:sharedUserId) and ask for different
+-                // permissions, don't downgrade (i.e., if it's already SYSTEM, leave it as is).
+-                if (permission == null || permission == NETWORK) {
+-                    mApps.put(UserHandle.getAppId(uid), hasRestrictedPermission);
++                boolean isNetwork = hasNetworkPermission(app);
++                boolean hasRestrictedPermission = hasRestrictedNetworkPermission(app);
++
++                if (isNetwork || hasRestrictedPermission) {
++                    Boolean permission = mApps.get(uid);
++                    // If multiple packages share a UID (cf: android:sharedUserId) and ask for different
++                    // permissions, don't downgrade (i.e., if it's already SYSTEM, leave it as is).
++                    if (permission == null || permission == NETWORK) {
++                        mApps.put(uid, hasRestrictedPermission);
++                    }
+                 }
+-            }
+ 
+-            //TODO: unify the management of the permissions into one codepath.
+-            int otherNetdPerms = getNetdPermissionMask(app.requestedPermissions,
+-                    app.requestedPermissionsFlags);
+-            netdPermsUids.put(uid, netdPermsUids.get(uid) | otherNetdPerms);
++                //TODO: unify the management of the permissions into one codepath.
++                int otherNetdPerms = getNetdPermissionMask(app.requestedPermissions,
++                        app.requestedPermissionsFlags);
++                netdPermsUids.put(uid, netdPermsUids.get(uid) | otherNetdPerms);
++            }
+         }
+ 
+-        mUsers.addAll(mUserManager.getUserHandles(true /* excludeDying */));
+-
+         final SparseArray<String> netdPermToSystemPerm = new SparseArray<>();
+         netdPermToSystemPerm.put(INetd.PERMISSION_INTERNET, INTERNET);
+         netdPermToSystemPerm.put(INetd.PERMISSION_UPDATE_DEVICE_STATS, UPDATE_DEVICE_STATS);
+@@ -280,7 +282,7 @@ public class PermissionMonitor {
+     }
+ 
+     public void onInternetPermissionChanged(int uid) {
+-        sendPackagePermissionsForUid(UserHandle.getAppId(uid), getPermissionForUid(uid));
++        sendPackagePermissionsForUid(uid, getPermissionForUid(uid));
+     }
+ 
+     @VisibleForTesting
+@@ -291,9 +293,7 @@ public class PermissionMonitor {
+         // is only installed on some users because the uid cannot match some other app – this uid is
+         // in effect not installed and can't be run.
+         // TODO (b/192431153): Change appIds back to uids.
+-        for (int uid : uids) {
+-            mUidsAllowedOnRestrictedNetworks.add(UserHandle.getAppId(uid));
+-        }
++        mUidsAllowedOnRestrictedNetworks.addAll(uids);
+     }
+ 
+     @VisibleForTesting
+@@ -315,7 +315,7 @@ public class PermissionMonitor {
+         if (appInfo == null) return false;
+         // Check whether package's uid is in allowed on restricted networks uid list. If so, this
+         // uid can have netd system permission.
+-        return mUidsAllowedOnRestrictedNetworks.contains(UserHandle.getAppId(appInfo.uid));
++        return mUidsAllowedOnRestrictedNetworks.contains(appInfo.uid);
+     }
+ 
+     @VisibleForTesting
+@@ -351,14 +351,14 @@ public class PermissionMonitor {
+         // networks. mApps contains the result of checks for both hasNetworkPermission and
+         // hasRestrictedNetworkPermission. If uid is in the mApps list that means uid has one of
+         // permissions at least.
+-        return mApps.containsKey(UserHandle.getAppId(uid));
++        return mApps.containsKey(uid);
+     }
+ 
+     /**
+      * Returns whether the given uid has permission to use restricted networks.
+      */
+     public synchronized boolean hasRestrictedNetworksPermission(int uid) {
+-        return Boolean.TRUE.equals(mApps.get(UserHandle.getAppId(uid)));
++        return Boolean.TRUE.equals(mApps.get(uid));
+     }
+ 
+     private void update(Set<UserHandle> users, Map<Integer, Boolean> apps, boolean add) {
+@@ -424,21 +424,17 @@ public class PermissionMonitor {
+      *             permission.
+      */
+     @VisibleForTesting
+-    protected Boolean highestPermissionForUid(Boolean currentPermission, String name) {
++    protected Boolean highestPermissionForUid(Boolean currentPermission, String name, int uid) {
+         if (currentPermission == SYSTEM) {
+             return currentPermission;
+         }
+-        try {
+-            final PackageInfo app = mPackageManager.getPackageInfo(name,
+-                    GET_PERMISSIONS | MATCH_ANY_USER);
++        final PackageInfo app = getPackageInfo(name, UserHandle.getUserHandleForUid(uid));
++        if(app != null){
+             final boolean isNetwork = hasNetworkPermission(app);
+             final boolean hasRestrictedPermission = hasRestrictedNetworkPermission(app);
+             if (isNetwork || hasRestrictedPermission) {
+                 currentPermission = hasRestrictedPermission;
+             }
+-        } catch (NameNotFoundException e) {
+-            // App not found.
+-            loge("NameNotFoundException " + name);
+         }
+         return currentPermission;
+     }
+@@ -450,7 +446,7 @@ public class PermissionMonitor {
+         final String[] packages = mPackageManager.getPackagesForUid(uid);
+         if (packages != null && packages.length > 0) {
+             for (String name : packages) {
+-                final PackageInfo app = getPackageInfo(name);
++                PackageInfo app = getPackageInfo(name,  UserHandle.getUserHandleForUid(uid));
+                 if (app != null && app.requestedPermissions != null) {
+                     permission |= getNetdPermissionMask(app.requestedPermissions,
+                             app.requestedPermissionsFlags);
+@@ -474,17 +470,16 @@ public class PermissionMonitor {
+     public synchronized void onPackageAdded(@NonNull final String packageName, final int uid) {
+         // TODO: Netd is using appId for checking traffic permission. Correct the methods that are
+         //  using appId instead of uid actually
+-        sendPackagePermissionsForUid(UserHandle.getAppId(uid), getPermissionForUid(uid));
++        sendPackagePermissionsForUid(uid, getPermissionForUid(uid));
+ 
+         // If multiple packages share a UID (cf: android:sharedUserId) and ask for different
+         // permissions, don't downgrade (i.e., if it's already SYSTEM, leave it as is).
+-        final int appId = UserHandle.getAppId(uid);
+-        final Boolean permission = highestPermissionForUid(mApps.get(appId), packageName);
+-        if (permission != mApps.get(appId)) {
+-            mApps.put(appId, permission);
++        final Boolean permission = highestPermissionForUid(mApps.get(uid), packageName, uid);
++        if (permission != mApps.get(uid)) {
++            mApps.put(uid, permission);
+ 
+             Map<Integer, Boolean> apps = new HashMap<>();
+-            apps.put(appId, permission);
++            apps.put(uid, permission);
+             update(mUsers, apps, true);
+         }
+ 
+@@ -499,7 +494,7 @@ public class PermissionMonitor {
+                 updateVpnUids(vpn.getKey(), changedUids, true);
+             }
+         }
+-        mAllApps.add(appId);
++        mAllApps.add(uid);
+     }
+ 
+     private Boolean highestUidNetworkPermission(int uid) {
+@@ -509,7 +504,7 @@ public class PermissionMonitor {
+             for (String name : packages) {
+                 // If multiple packages have the same UID, give the UID all permissions that
+                 // any package in that UID has.
+-                permission = highestPermissionForUid(permission, name);
++                permission = highestPermissionForUid(permission, name, uid);
+                 if (permission == SYSTEM) {
+                     break;
+                 }
+@@ -529,7 +524,7 @@ public class PermissionMonitor {
+     public synchronized void onPackageRemoved(@NonNull final String packageName, final int uid) {
+         // TODO: Netd is using appId for checking traffic permission. Correct the methods that are
+         //  using appId instead of uid actually
+-        sendPackagePermissionsForUid(UserHandle.getAppId(uid), getPermissionForUid(uid));
++        sendPackagePermissionsForUid(uid, getPermissionForUid(uid));
+ 
+         // If the newly-removed package falls within some VPN's uid range, update Netd with it.
+         // This needs to happen before the mApps update below, since removeBypassingUids() depends
+@@ -544,11 +539,11 @@ public class PermissionMonitor {
+         }
+         // If the package has been removed from all users on the device, clear it form mAllApps.
+         if (mPackageManager.getNameForUid(uid) == null) {
+-            mAllApps.remove(UserHandle.getAppId(uid));
++            mAllApps.remove(uid);
+         }
+ 
+         Map<Integer, Boolean> apps = new HashMap<>();
+-        final Boolean permission = highestUidNetworkPermission(uid);
++        final Boolean permission = highestPermissionForUid(null, packageName,uid);
+         if (permission == SYSTEM) {
+             // An app with this UID still has the SYSTEM permission.
+             // Therefore, this UID must already have the SYSTEM permission.
+@@ -556,23 +551,22 @@ public class PermissionMonitor {
+             return;
+         }
+ 
+-        final int appId = UserHandle.getAppId(uid);
+-        if (permission == mApps.get(appId)) {
++        if (permission == mApps.get(uid)) {
+             // The permissions of this UID have not changed. Nothing to do.
+             return;
+         } else if (permission != null) {
+-            mApps.put(appId, permission);
+-            apps.put(appId, permission);
++            mApps.put(uid, permission);
++            apps.put(uid, permission);
+             update(mUsers, apps, true);
+         } else {
+-            mApps.remove(appId);
+-            apps.put(appId, NETWORK);  // doesn't matter which permission we pick here
++            mApps.remove(uid);
++            apps.put(uid, NETWORK);  // doesn't matter which permission we pick here
+             update(mUsers, apps, false);
+         }
+     }
+ 
+     private static int getNetdPermissionMask(String[] requestedPermissions,
+-                                             int[] requestedPermissionsFlags) {
++            int[] requestedPermissionsFlags) {
+         int permissions = 0;
+         if (requestedPermissions == null || requestedPermissionsFlags == null) return permissions;
+         for (int i = 0; i < requestedPermissions.length; i++) {
+@@ -588,11 +582,10 @@ public class PermissionMonitor {
+         return permissions;
+     }
+ 
+-    private PackageInfo getPackageInfo(String packageName) {
++    private PackageInfo getPackageInfo(String packageName, UserHandle user) {
+         try {
+-            PackageInfo app = mPackageManager.getPackageInfo(packageName, GET_PERMISSIONS
+-                    | MATCH_ANY_USER);
+-            return app;
++            return mContext.createContextAsUser(user, 0).getPackageManager()
++                    .getPackageInfo(packageName, GET_PERMISSIONS);
+         } catch (NameNotFoundException e) {
+             return null;
+         }
+@@ -681,7 +674,7 @@ public class PermissionMonitor {
+      */
+     private void removeBypassingUids(Set<Integer> uids, int vpnAppUid) {
+         uids.remove(vpnAppUid);
+-        uids.removeIf(uid -> mApps.getOrDefault(UserHandle.getAppId(uid), NETWORK) == SYSTEM);
++        uids.removeIf(uid -> mApps.getOrDefault(uid, NETWORK) == SYSTEM);
+     }
+ 
+     /**
+@@ -823,13 +816,12 @@ public class PermissionMonitor {
+         for (Integer uid : uidsToUpdate) {
+             final Boolean permission = highestUidNetworkPermission(uid);
+ 
+-            final int appId = UserHandle.getAppId(uid);
+             if (null == permission) {
+-                removedUids.put(appId, NETWORK); // Doesn't matter which permission is set here.
+-                mApps.remove(appId);
++                removedUids.put(uid, NETWORK); // Doesn't matter which permission is set here.
++                mApps.remove(uid);
+             } else {
+-                updatedUids.put(appId, permission);
+-                mApps.put(appId, permission);
++                updatedUids.put(uid, permission);
++                mApps.put(uid, permission);
+             }
+         }
+ 
+@@ -844,12 +836,14 @@ public class PermissionMonitor {
+             return;
+         }
+ 
+-        for (String app : pkgList) {
+-            final PackageInfo info = getPackageInfo(app);
+-            if (info == null || info.applicationInfo == null) continue;
++        for (UserHandle user : mUsers){
++            for (String app : pkgList) {
++                final PackageInfo info = getPackageInfo(app, user);
++                if (info == null || info.applicationInfo == null) continue;
+ 
+-            final int appId = info.applicationInfo.uid;
+-            onPackageAdded(app, appId); // Use onPackageAdded to add package one by one.
++                final int appId = info.applicationInfo.uid;
++                onPackageAdded(app, appId); // Use onPackageAdded to add package one by one.
++            }
+         }
+     }
+ 

Patches/LineageOS-19.1/android_packages_modules_Connectivity/0001-Network_Permission-3.patch

@@ -0,0 +1,42 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
+Date: Tue, 14 Dec 2021 18:17:11 +0200
+Subject: [PATCH] skip reportNetworkConnectivity() when permission is revoked
+
+---
+ framework/src/android/net/ConnectivityManager.java | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/framework/src/android/net/ConnectivityManager.java b/framework/src/android/net/ConnectivityManager.java
+index fd37a9746..8857b7996 100644
+--- a/framework/src/android/net/ConnectivityManager.java
++++ b/framework/src/android/net/ConnectivityManager.java
+@@ -25,6 +25,7 @@ import static android.net.NetworkRequest.Type.TRACK_DEFAULT;
+ import static android.net.NetworkRequest.Type.TRACK_SYSTEM_DEFAULT;
+ import static android.net.QosCallback.QosCallbackRegistrationException;
+ 
++import android.Manifest;
+ import android.annotation.CallbackExecutor;
+ import android.annotation.IntDef;
+ import android.annotation.NonNull;
+@@ -42,6 +43,7 @@ import android.compat.annotation.UnsupportedAppUsage;
+ import android.content.ComponentName;
+ import android.content.Context;
+ import android.content.Intent;
++import android.content.pm.PackageManager;
+ import android.net.ConnectivityDiagnosticsManager.DataStallReport.DetectionMethod;
+ import android.net.IpSecManager.UdpEncapsulationSocket;
+ import android.net.SocketKeepalive.Callback;
+@@ -3139,6 +3141,12 @@ public class ConnectivityManager {
+      */
+     public void reportNetworkConnectivity(@Nullable Network network, boolean hasConnectivity) {
+         printStackTrace();
++        if (mContext.checkSelfPermission(Manifest.permission.INTERNET) != PackageManager.PERMISSION_GRANTED) {
++            // ConnectivityService enforces this by throwing an unexpected SecurityException,
++            // which puts GMS into a crash loop. Also useful for other apps that don't expect that
++            // INTERNET permission might get revoked.
++            return;
++        }
+         try {
+             mService.reportNetworkConnectivity(network, hasConnectivity);
+         } catch (RemoteException e) {

Patches/LineageOS-19.1/android_packages_modules_Connectivity/0002-Private_DNS.patch

@@ -0,0 +1,228 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Tad <tad@spotco.us>
+Date: Thu, 21 Oct 2021 20:54:37 -0400
+Subject: [PATCH] Add more 'Private DNS' options
+
+This adds thirteen DNS providers as available presets.
+
+Credit: CalyxOS
+- Chirayu Desai <chirayudesai1@gmail.com>
+  https://review.calyxos.org/c/CalyxOS/platform_frameworks_base/+/446
+- Oliver Scott <olivercscott@gmail.com>
+  https://review.calyxos.org/c/CalyxOS/platform_frameworks_base/+/2327
+- Pavel Shirshov <pshirshov@eml.cc>
+  https://review.calyxos.org/c/CalyxOS/platform_frameworks_base/+/5356
+
+Signed-off-by: Tad <tad@spotco.us>
+Change-Id: Id75a774ce1ed109a83c6a5bf512536c643165d71
+---
+ .../java/android/net/ConnectivityManager.java | 104 ++++++++++++++++++
+ .../server/connectivity/DnsManager.java       |  66 +++++++++++
+ 2 files changed, 170 insertions(+)
+
+diff --git a/core/java/android/net/ConnectivityManager.java b/core/java/android/net/ConnectivityManager.java
+index ed03f5198d6f..7df32c10b16b 100644
+--- a/core/java/android/net/ConnectivityManager.java
++++ b/core/java/android/net/ConnectivityManager.java
+@@ -796,6 +796,58 @@ public class ConnectivityManager {
+      * @hide
+      */
+     public static final String PRIVATE_DNS_MODE_OFF = "off";
++    /**
++     * @hide
++     */
++    public static final String PRIVATE_DNS_MODE_ADGUARD = "adguard";
++    /**
++     * @hide
++     */
++    public static final String PRIVATE_DNS_MODE_APPLIEDPRIVACY = "appliedprivacy";
++    /**
++     * @hide
++     */
++    public static final String PRIVATE_DNS_MODE_CLEANBROWSING = "cleanbrowsing";
++    /**
++     * @hide
++     */
++    public static final String PRIVATE_DNS_MODE_CIRA = "cira";
++    /**
++     * @hide
++     */
++    public static final String PRIVATE_DNS_MODE_CZNIC = "cznic";
++    /**
++     * @hide
++     */
++    public static final String PRIVATE_DNS_MODE_CLOUDFLARE = "cloudflare";
++    /**
++     * @hide
++     */
++    public static final String PRIVATE_DNS_MODE_GOOGLE = "google";
++    /**
++     * @hide
++     */
++    public static final String PRIVATE_DNS_MODE_MULLVAD = "mullvad";
++    /**
++     * @hide
++     */
++    public static final String PRIVATE_DNS_MODE_QUADNINE = "quadnine";
++    /**
++     * @hide
++     */
++    public static final String PRIVATE_DNS_MODE_RESTENA = "restena";
++    /**
++     * @hide
++     */
++    public static final String PRIVATE_DNS_MODE_SWITCH = "switch";
++    /**
++     * @hide
++     */
++    public static final String PRIVATE_DNS_MODE_TWNIC = "twnic";
++    /**
++     * @hide
++     */
++    public static final String PRIVATE_DNS_MODE_UNCENSOREDDNS = "uncensoreddns";
+     /**
+      * @hide
+      */
+@@ -804,6 +856,58 @@ public class ConnectivityManager {
+      * @hide
+      */
+     public static final String PRIVATE_DNS_MODE_PROVIDER_HOSTNAME = "hostname";
++    /**
++     * @hide
++     */
++    public static final String PRIVATE_DNS_SPECIFIER_APPLIEDPRIVACY = "dot1.applied-privacy.net";
++    /**
++     * @hide
++     */
++    public static final String PRIVATE_DNS_SPECIFIER_ADGUARD = "dns.adguard.com";
++    /**
++     * @hide
++     */
++    public static final String PRIVATE_DNS_SPECIFIER_CIRA = "protected.canadianshield.cira.ca";
++    /**
++     * @hide
++     */
++    public static final String PRIVATE_DNS_SPECIFIER_CZNIC = "odvr.nic.cz";
++    /**
++     * @hide
++     */
++    public static final String PRIVATE_DNS_SPECIFIER_CLEANBROWSING = "security-filter-dns.cleanbrowsing.org";
++    /**
++     * @hide
++     */
++    public static final String PRIVATE_DNS_SPECIFIER_CLOUDFLARE = "security.cloudflare-dns.com";
++    /**
++     * @hide
++     */
++    public static final String PRIVATE_DNS_SPECIFIER_GOOGLE = "dns.google";
++    /**
++     * @hide
++     */
++    public static final String PRIVATE_DNS_SPECIFIER_MULLVAD = "adblock.doh.mullvad.net";
++    /**
++     * @hide
++     */
++    public static final String PRIVATE_DNS_SPECIFIER_QUADNINE = "dns.quad9.net";
++    /**
++     * @hide
++     */
++    public static final String PRIVATE_DNS_SPECIFIER_RESTENA = "kaitain.restena.lu";
++    /**
++     * @hide
++     */
++    public static final String PRIVATE_DNS_SPECIFIER_SWITCH = "dns.switch.ch";
++    /**
++     * @hide
++     */
++    public static final String PRIVATE_DNS_SPECIFIER_TWNIC = "101.101.101.101";
++    /**
++     * @hide
++     */
++    public static final String PRIVATE_DNS_SPECIFIER_UNCENSOREDDNS = "unicast.censurfridns.dk";
+     /**
+      * The default Private DNS mode.
+      *
+diff --git a/services/core/java/com/android/server/connectivity/DnsManager.java b/services/core/java/com/android/server/connectivity/DnsManager.java
+index cf6a7f6e8d70..5d3de9edc930 100644
+--- a/services/core/java/com/android/server/connectivity/DnsManager.java
++++ b/services/core/java/com/android/server/connectivity/DnsManager.java
+@@ -18,6 +18,32 @@ package com.android.server.connectivity;
+ 
+ import static android.net.ConnectivityManager.PRIVATE_DNS_DEFAULT_MODE_FALLBACK;
+ import static android.net.ConnectivityManager.PRIVATE_DNS_MODE_OFF;
++import static android.net.ConnectivityManager.PRIVATE_DNS_MODE_ADGUARD;
++import static android.net.ConnectivityManager.PRIVATE_DNS_MODE_APPLIEDPRIVACY;
++import static android.net.ConnectivityManager.PRIVATE_DNS_MODE_CIRA;
++import static android.net.ConnectivityManager.PRIVATE_DNS_MODE_CLEANBROWSING;
++import static android.net.ConnectivityManager.PRIVATE_DNS_MODE_CLOUDFLARE;
++import static android.net.ConnectivityManager.PRIVATE_DNS_MODE_CZNIC;
++import static android.net.ConnectivityManager.PRIVATE_DNS_MODE_GOOGLE;
++import static android.net.ConnectivityManager.PRIVATE_DNS_MODE_MULLVAD;
++import static android.net.ConnectivityManager.PRIVATE_DNS_MODE_QUADNINE;
++import static android.net.ConnectivityManager.PRIVATE_DNS_MODE_RESTENA;
++import static android.net.ConnectivityManager.PRIVATE_DNS_MODE_SWITCH;
++import static android.net.ConnectivityManager.PRIVATE_DNS_MODE_TWNIC;
++import static android.net.ConnectivityManager.PRIVATE_DNS_MODE_UNCENSOREDDNS;
++import static android.net.ConnectivityManager.PRIVATE_DNS_SPECIFIER_ADGUARD;
++import static android.net.ConnectivityManager.PRIVATE_DNS_SPECIFIER_APPLIEDPRIVACY;
++import static android.net.ConnectivityManager.PRIVATE_DNS_SPECIFIER_CIRA;
++import static android.net.ConnectivityManager.PRIVATE_DNS_SPECIFIER_CLEANBROWSING;
++import static android.net.ConnectivityManager.PRIVATE_DNS_SPECIFIER_CLOUDFLARE;
++import static android.net.ConnectivityManager.PRIVATE_DNS_SPECIFIER_CZNIC;
++import static android.net.ConnectivityManager.PRIVATE_DNS_SPECIFIER_GOOGLE;
++import static android.net.ConnectivityManager.PRIVATE_DNS_SPECIFIER_MULLVAD;
++import static android.net.ConnectivityManager.PRIVATE_DNS_SPECIFIER_QUADNINE;
++import static android.net.ConnectivityManager.PRIVATE_DNS_SPECIFIER_RESTENA;
++import static android.net.ConnectivityManager.PRIVATE_DNS_SPECIFIER_SWITCH;
++import static android.net.ConnectivityManager.PRIVATE_DNS_SPECIFIER_TWNIC;
++import static android.net.ConnectivityManager.PRIVATE_DNS_SPECIFIER_UNCENSOREDDNS;
+ import static android.net.ConnectivityManager.PRIVATE_DNS_MODE_PROVIDER_HOSTNAME;
+ import static android.provider.Settings.Global.DNS_RESOLVER_MAX_SAMPLES;
+ import static android.provider.Settings.Global.DNS_RESOLVER_MIN_SAMPLES;
+@@ -136,6 +162,46 @@ public class DnsManager {
+             return new PrivateDnsConfig(specifier, null);
+         }
+ 
++        if (PRIVATE_DNS_MODE_ADGUARD.equals(mode)) {
++            return new PrivateDnsConfig(PRIVATE_DNS_SPECIFIER_ADGUARD, null);
++        }
++        if (PRIVATE_DNS_MODE_APPLIEDPRIVACY.equals(mode)) {
++            return new PrivateDnsConfig(PRIVATE_DNS_SPECIFIER_APPLIEDPRIVACY, null);
++        }
++        if (PRIVATE_DNS_MODE_CIRA.equals(mode)) {
++            return new PrivateDnsConfig(PRIVATE_DNS_SPECIFIER_CIRA, null);
++        }
++        if (PRIVATE_DNS_MODE_CLEANBROWSING.equals(mode)) {
++            return new PrivateDnsConfig(PRIVATE_DNS_SPECIFIER_CLEANBROWSING, null);
++        }
++        if (PRIVATE_DNS_MODE_CLOUDFLARE.equals(mode)) {
++            return new PrivateDnsConfig(PRIVATE_DNS_SPECIFIER_CLOUDFLARE, null);
++        }
++        if (PRIVATE_DNS_MODE_CZNIC.equals(mode)) {
++            return new PrivateDnsConfig(PRIVATE_DNS_SPECIFIER_CZNIC, null);
++        }
++        if (PRIVATE_DNS_MODE_GOOGLE.equals(mode)) {
++            return new PrivateDnsConfig(PRIVATE_DNS_SPECIFIER_GOOGLE, null);
++        }
++        if (PRIVATE_DNS_MODE_MULLVAD.equals(mode)) {
++            return new PrivateDnsConfig(PRIVATE_DNS_SPECIFIER_MULLVAD, null);
++        }
++        if (PRIVATE_DNS_MODE_QUADNINE.equals(mode)) {
++            return new PrivateDnsConfig(PRIVATE_DNS_SPECIFIER_QUADNINE, null);
++        }
++        if (PRIVATE_DNS_MODE_RESTENA.equals(mode)) {
++            return new PrivateDnsConfig(PRIVATE_DNS_SPECIFIER_RESTENA, null);
++        }
++        if (PRIVATE_DNS_MODE_SWITCH.equals(mode)) {
++            return new PrivateDnsConfig(PRIVATE_DNS_SPECIFIER_SWITCH, null);
++        }
++        if (PRIVATE_DNS_MODE_TWNIC.equals(mode)) {
++            return new PrivateDnsConfig(PRIVATE_DNS_SPECIFIER_TWNIC, null);
++        }
++        if (PRIVATE_DNS_MODE_UNCENSOREDDNS.equals(mode)) {
++            return new PrivateDnsConfig(PRIVATE_DNS_SPECIFIER_UNCENSOREDDNS, null);
++        }
++
+         return new PrivateDnsConfig(useTls);
+     }
+