mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-24 15:09:34 -05:00
19.1: Add toggle for /etc/hosts
Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
parent
879256139f
commit
4f64f7538c
@ -1,4 +1,4 @@
|
||||
From f4290ee3eceb3843429255aeae9a86dc19b24312 Mon Sep 17 00:00:00 2001
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Tad <tad@spotco.us>
|
||||
Date: Wed, 20 Apr 2022 00:40:52 -0400
|
||||
Subject: [PATCH] Add a toggle to disable /etc/hosts lookup
|
||||
@ -33,6 +33,3 @@ index cc94b21e2..12294da04 100644
|
||||
memset(&sentinel, 0, sizeof(sentinel));
|
||||
cur = &sentinel;
|
||||
int gai_error = hc_getaddrinfo(name, NULL, pai, &cur);
|
||||
--
|
||||
2.36.0
|
||||
|
||||
|
@ -16,15 +16,15 @@ Change-Id: Ic01a142722372d9d57f52947025cd9db23e58ef4
|
||||
create mode 100644 src/com/android/settings/security/HostsPreferenceController.java
|
||||
|
||||
diff --git a/res/values/strings.xml b/res/values/strings.xml
|
||||
index c8e830342b..1da3f7f8fb 100644
|
||||
index c8e830342b..b04499511b 100644
|
||||
--- a/res/values/strings.xml
|
||||
+++ b/res/values/strings.xml
|
||||
@@ -11969,6 +11969,9 @@
|
||||
<!-- If blurs are supported on SurfaceFlinger, summary. [CHAR LIMIT=NONE] -->
|
||||
<string name="enable_blurs_on_windows_summary">Enables window blurs at compositor level. Requires device reboot.</string>
|
||||
|
||||
+ <string name="hosts_disable_title">Disable /etc/hosts blocking</string>
|
||||
+ <string name="hosts_disable_summary">Prevents use of the included /etc/hosts database, at the cost of DNS based content blocking.</string>
|
||||
+ <string name="hosts_disable_title">Disable DNS content blocker</string>
|
||||
+ <string name="hosts_disable_summary">Disables use of the included /etc/hosts database for data collection and malware blocking.</string>
|
||||
+
|
||||
<!-- Title for the top level Privacy Settings [CHAR LIMIT=30]-->
|
||||
<string name="privacy_dashboard_title">Privacy</string>
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 91bae24269ae01b7c4508276e21e7417c24ce5e4 Mon Sep 17 00:00:00 2001
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Tad <tad@spotco.us>
|
||||
Date: Wed, 20 Apr 2022 00:40:53 -0400
|
||||
Subject: [PATCH] Add a toggle to disable /etc/hosts lookup
|
||||
@ -31,6 +31,3 @@ index 071f6ac..955b5c2 100644
|
||||
struct addrinfo sentinel = {};
|
||||
struct addrinfo *p, *cur;
|
||||
FILE* hostf = nullptr;
|
||||
--
|
||||
2.36.0
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From d7d848b5d0b398e7a85d4d7ca112bbf3198ff6a5 Mon Sep 17 00:00:00 2001
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Tom Marshall <tdm@cyngn.com>
|
||||
Date: Fri, 17 Jun 2016 16:38:12 -0700
|
||||
Subject: [PATCH] bionic: Sort and cache hosts file data for fast lookup
|
||||
@ -641,6 +641,3 @@ index 483105a95..1399378cd 100644
|
||||
#if 0
|
||||
{
|
||||
res_state res = __res_get_state();
|
||||
--
|
||||
2.36.0
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 5f63f4b6526c5bf88d5b0676afb6e4917154c96e Mon Sep 17 00:00:00 2001
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Tom Marshall <tdm.code@gmail.com>
|
||||
Date: Thu, 16 Jan 2020 13:07:04 -0800
|
||||
Subject: [PATCH] bionic: Support wildcards in cached hosts file
|
||||
@ -67,6 +67,3 @@ index deafb78b7..5038986be 100644
|
||||
/*
|
||||
* Find next name on line, if any.
|
||||
*
|
||||
--
|
||||
2.36.0
|
||||
|
||||
|
@ -0,0 +1,35 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Tad <tad@spotco.us>
|
||||
Date: Wed, 20 Apr 2022 00:40:52 -0400
|
||||
Subject: [PATCH] Add a toggle to disable /etc/hosts lookup
|
||||
|
||||
Signed-off-by: Tad <tad@spotco.us>
|
||||
Change-Id: I92679c57e73228dc194e61a86ea1a18b2ac90e04
|
||||
---
|
||||
libc/dns/net/getaddrinfo.c | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/libc/dns/net/getaddrinfo.c b/libc/dns/net/getaddrinfo.c
|
||||
index cc94b21e2..12294da04 100644
|
||||
--- a/libc/dns/net/getaddrinfo.c
|
||||
+++ b/libc/dns/net/getaddrinfo.c
|
||||
@@ -83,6 +83,7 @@
|
||||
#include <sys/stat.h>
|
||||
#include <sys/param.h>
|
||||
#include <sys/socket.h>
|
||||
+#include <sys/system_properties.h>
|
||||
#include <sys/un.h>
|
||||
#include <net/if.h>
|
||||
#include <netinet/in.h>
|
||||
@@ -2127,6 +2128,11 @@ _files_getaddrinfo(void *rv, void *cb_data, va_list ap)
|
||||
name = va_arg(ap, char *);
|
||||
pai = va_arg(ap, struct addrinfo *);
|
||||
|
||||
+ char value[PROP_VALUE_MAX] = { 0 };
|
||||
+ if (__system_property_get("persist.security.hosts_disable", value) != 0)
|
||||
+ if (atoi(value) != 0 && strcmp(name, "localhost") != 0 && strcmp(name, "ip6-localhost") != 0)
|
||||
+ return NS_NOTFOUND;
|
||||
+
|
||||
memset(&sentinel, 0, sizeof(sentinel));
|
||||
cur = &sentinel;
|
||||
int gai_error = hc_getaddrinfo(name, NULL, pai, &cur);
|
@ -0,0 +1,175 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Tad <tad@spotco.us>
|
||||
Date: Wed, 20 Apr 2022 01:04:27 -0400
|
||||
Subject: [PATCH] Add a toggle to disable /etc/hosts lookup
|
||||
|
||||
Copy and pasted from the GrapheneOS exec spawning toggle patch
|
||||
|
||||
Signed-off-by: Tad <tad@spotco.us>
|
||||
Change-Id: Ic01a142722372d9d57f52947025cd9db23e58ef4
|
||||
---
|
||||
res/values/strings.xml | 3 +
|
||||
res/xml/security_dashboard_settings.xml | 6 +
|
||||
.../security/HostsPreferenceController.java | 106 ++++++++++++++++++
|
||||
.../settings/security/SecuritySettings.java | 1 +
|
||||
4 files changed, 116 insertions(+)
|
||||
create mode 100644 src/com/android/settings/security/HostsPreferenceController.java
|
||||
|
||||
diff --git a/res/values/strings.xml b/res/values/strings.xml
|
||||
index 970533145b..2586ff2612 100644
|
||||
--- a/res/values/strings.xml
|
||||
+++ b/res/values/strings.xml
|
||||
@@ -13117,6 +13117,9 @@
|
||||
<string name="native_debug_title">Enable native code debugging</string>
|
||||
<string name="native_debug_summary">Generate useful logs / bug reports from crashes and permit debugging native code.</string>
|
||||
|
||||
+ <string name="hosts_disable_title">Disable DNS content blocker</string>
|
||||
+ <string name="hosts_disable_summary">Disables use of the included /etc/hosts database for data collection and malware blocking.</string>
|
||||
+
|
||||
<!-- Title for the top level Privacy Settings [CHAR LIMIT=30]-->
|
||||
<string name="privacy_dashboard_title">Privacy</string>
|
||||
<!-- Summary for the top level Privacy Settings [CHAR LIMIT=NONE]-->
|
||||
diff --git a/res/xml/security_dashboard_settings.xml b/res/xml/security_dashboard_settings.xml
|
||||
index 20f0d4df5b..011f6e1117 100644
|
||||
--- a/res/xml/security_dashboard_settings.xml
|
||||
+++ b/res/xml/security_dashboard_settings.xml
|
||||
@@ -75,6 +75,12 @@
|
||||
android:summary="@string/native_debug_summary"
|
||||
android:persistent="false" />
|
||||
|
||||
+ <SwitchPreference
|
||||
+ android:key="hosts_disable"
|
||||
+ android:title="@string/hosts_disable_title"
|
||||
+ android:summary="@string/hosts_disable_summary"
|
||||
+ android:persistent="false" />
|
||||
+
|
||||
<com.android.settingslib.RestrictedPreference
|
||||
android:key="biometric_settings"
|
||||
android:title="@string/security_settings_biometric_preference_title"
|
||||
diff --git a/src/com/android/settings/security/HostsPreferenceController.java b/src/com/android/settings/security/HostsPreferenceController.java
|
||||
new file mode 100644
|
||||
index 0000000000..d8af6d2649
|
||||
--- /dev/null
|
||||
+++ b/src/com/android/settings/security/HostsPreferenceController.java
|
||||
@@ -0,0 +1,106 @@
|
||||
+/*
|
||||
+ * Copyright (C) 2022 The Android Open Source Project
|
||||
+ *
|
||||
+ * Licensed under the Apache License, Version 2.0 (the "License");
|
||||
+ * you may not use this file except in compliance with the License.
|
||||
+ * You may obtain a copy of the License at
|
||||
+ *
|
||||
+ * http://www.apache.org/licenses/LICENSE-2.0
|
||||
+ *
|
||||
+ * Unless required by applicable law or agreed to in writing, software
|
||||
+ * distributed under the License is distributed on an "AS IS" BASIS,
|
||||
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
+ * See the License for the specific language governing permissions and
|
||||
+ * limitations under the License
|
||||
+ */
|
||||
+
|
||||
+package com.android.settings.security;
|
||||
+
|
||||
+import android.content.Context;
|
||||
+
|
||||
+import android.os.UserHandle;
|
||||
+import android.os.UserManager;
|
||||
+import android.os.SystemProperties;
|
||||
+
|
||||
+import android.provider.Settings;
|
||||
+
|
||||
+import androidx.preference.Preference;
|
||||
+import androidx.preference.PreferenceCategory;
|
||||
+import androidx.preference.PreferenceGroup;
|
||||
+import androidx.preference.PreferenceScreen;
|
||||
+import androidx.preference.TwoStatePreference;
|
||||
+import androidx.preference.SwitchPreference;
|
||||
+
|
||||
+import com.android.internal.widget.LockPatternUtils;
|
||||
+import com.android.settings.core.PreferenceControllerMixin;
|
||||
+import com.android.settingslib.core.AbstractPreferenceController;
|
||||
+import com.android.settingslib.core.lifecycle.events.OnResume;
|
||||
+
|
||||
+public class HostsPreferenceController extends AbstractPreferenceController
|
||||
+ implements PreferenceControllerMixin, OnResume, Preference.OnPreferenceChangeListener {
|
||||
+
|
||||
+ private static final String SYS_KEY_HOSTS_DISABLE = "persist.security.hosts_disable";
|
||||
+ private static final String PREF_KEY_HOSTS_DISABLE = "hosts_disable";
|
||||
+ private static final String PREF_KEY_SECURITY_CATEGORY = "security_category";
|
||||
+
|
||||
+ private PreferenceCategory mSecurityCategory;
|
||||
+ private SwitchPreference mHostsDisable;
|
||||
+ private boolean mIsAdmin;
|
||||
+ private UserManager mUm;
|
||||
+
|
||||
+ public HostsPreferenceController(Context context) {
|
||||
+ super(context);
|
||||
+ mUm = UserManager.get(context);
|
||||
+ }
|
||||
+
|
||||
+ @Override
|
||||
+ public void displayPreference(PreferenceScreen screen) {
|
||||
+ super.displayPreference(screen);
|
||||
+ mSecurityCategory = screen.findPreference(PREF_KEY_SECURITY_CATEGORY);
|
||||
+ updatePreferenceState();
|
||||
+ }
|
||||
+
|
||||
+ @Override
|
||||
+ public boolean isAvailable() {
|
||||
+ mIsAdmin = mUm.isAdminUser();
|
||||
+ return mIsAdmin;
|
||||
+ }
|
||||
+
|
||||
+ @Override
|
||||
+ public String getPreferenceKey() {
|
||||
+ return PREF_KEY_HOSTS_DISABLE;
|
||||
+ }
|
||||
+
|
||||
+ // TODO: should we use onCreatePreferences() instead?
|
||||
+ private void updatePreferenceState() {
|
||||
+ if (mSecurityCategory == null) {
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ if (mIsAdmin) {
|
||||
+ mHostsDisable = (SwitchPreference) mSecurityCategory.findPreference(PREF_KEY_HOSTS_DISABLE);
|
||||
+ mHostsDisable.setChecked(SystemProperties.getInt(SYS_KEY_HOSTS_DISABLE, 0) == 1);
|
||||
+ } else {
|
||||
+ mSecurityCategory.removePreference(mSecurityCategory.findPreference(PREF_KEY_HOSTS_DISABLE));
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ @Override
|
||||
+ public void onResume() {
|
||||
+ updatePreferenceState();
|
||||
+ if (mHostsDisable != null) {
|
||||
+ boolean mode = mHostsDisable.isChecked();
|
||||
+ SystemProperties.set(SYS_KEY_HOSTS_DISABLE, mode ? "1" : "0");
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ @Override
|
||||
+ public boolean onPreferenceChange(Preference preference, Object value) {
|
||||
+ final String key = preference.getKey();
|
||||
+ if (PREF_KEY_HOSTS_DISABLE.equals(key)) {
|
||||
+ final boolean mode = !mHostsDisable.isChecked();
|
||||
+ SystemProperties.set(SYS_KEY_HOSTS_DISABLE, mode ? "1" : "0");
|
||||
+ }
|
||||
+ return true;
|
||||
+ }
|
||||
+}
|
||||
diff --git a/src/com/android/settings/security/SecuritySettings.java b/src/com/android/settings/security/SecuritySettings.java
|
||||
index a940165bed..dbb9987f0c 100644
|
||||
--- a/src/com/android/settings/security/SecuritySettings.java
|
||||
+++ b/src/com/android/settings/security/SecuritySettings.java
|
||||
@@ -125,6 +125,7 @@ public class SecuritySettings extends DashboardFragment {
|
||||
securityPreferenceControllers.add(new AutoRebootPreferenceController(context));
|
||||
securityPreferenceControllers.add(new ExecSpawnPreferenceController(context));
|
||||
securityPreferenceControllers.add(new NativeDebugPreferenceController(context));
|
||||
+ securityPreferenceControllers.add(new HostsPreferenceController(context));
|
||||
controllers.add(new PreferenceCategoryController(context, SECURITY_CATEGORY)
|
||||
.setChildren(securityPreferenceControllers));
|
||||
controllers.addAll(securityPreferenceControllers);
|
||||
--
|
||||
2.36.0
|
||||
|
@ -0,0 +1,33 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Tad <tad@spotco.us>
|
||||
Date: Wed, 20 Apr 2022 00:40:53 -0400
|
||||
Subject: [PATCH] Add a toggle to disable /etc/hosts lookup
|
||||
|
||||
Signed-off-by: Tad <tad@spotco.us>
|
||||
Change-Id: Iea165003474e1107dc77980985bf9928c369dbb5
|
||||
---
|
||||
getaddrinfo.cpp | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/getaddrinfo.cpp b/getaddrinfo.cpp
|
||||
index 071f6ac..955b5c2 100644
|
||||
--- a/getaddrinfo.cpp
|
||||
+++ b/getaddrinfo.cpp
|
||||
@@ -57,6 +57,7 @@
|
||||
#include <future>
|
||||
|
||||
#include <android-base/logging.h>
|
||||
+#include <android-base/properties.h>
|
||||
|
||||
#include "Experiments.h"
|
||||
#include "netd_resolv/resolv.h"
|
||||
@@ -1556,6 +1557,9 @@ static struct addrinfo* getCustomHosts(const size_t netid, const char* _Nonnull
|
||||
|
||||
static bool files_getaddrinfo(const size_t netid, const char* name, const addrinfo* pai,
|
||||
addrinfo** res) {
|
||||
+ if (android::base::GetIntProperty("persist.security.hosts_disable", 0) != 0 && name != "localhost" && name != "ip6-localhost")
|
||||
+ return false;
|
||||
+
|
||||
struct addrinfo sentinel = {};
|
||||
struct addrinfo *p, *cur;
|
||||
FILE* hostf = nullptr;
|
@ -81,6 +81,7 @@ applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-16.patch"
|
||||
fi;
|
||||
applyPatch "$DOS_PATCHES/android_bionic/0003-Hosts_Cache.patch"; #Sort and cache hosts file data for fast lookup (tdm)
|
||||
applyPatch "$DOS_PATCHES/android_bionic/0003-Hosts_Wildcards.patch"; #Support wildcards in cached hosts file (tdm)
|
||||
applyPatch "$DOS_PATCHES/android_bionic/0004-hosts_toggle.patch"; #Add a toggle to disable /etc/hosts lookup (DivestOS)
|
||||
fi;
|
||||
|
||||
if enterAndClear "bootable/recovery"; then
|
||||
@ -257,6 +258,7 @@ if [ "$DOS_GRAPHENE_PTRACE_SCOPE" = true ]; then applyPatch "$DOS_PATCHES/androi
|
||||
if [ "$DOS_GRAPHENE_EXEC" = true ]; then applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0010-exec_spawning_toggle.patch"; fi; #Add exec spawning toggle (GrapheneOS)
|
||||
if [ "$DOS_GRAPHENE_RANDOM_MAC" = true ]; then applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0011-Random_MAC.patch"; fi; #Add option to always randomize MAC (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0009-Install_Restrictions.patch"; #UserManager app installation restrictions (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0012-hosts_toggle.patch"; #Add a toggle to disable /etc/hosts lookup (heavily based off of a GrapheneOS patch)
|
||||
sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service
|
||||
fi;
|
||||
|
||||
@ -289,7 +291,8 @@ fi;
|
||||
|
||||
if enterAndClear "packages/modules/DnsResolver"; then
|
||||
applyPatch "$DOS_PATCHES/android_packages_modules_DnsResolver/0001-Hosts_Cache.patch"; #DnsResolver: Sort and cache hosts file data for fast lookup (tdm)
|
||||
applyPatch "$DOS_PATCHES/android_packages_modules_DnsResolver/0002-Hosts_Wildcards.patch"; #DnsResolver: Support wildcards in cached hosts file (tdm)
|
||||
applyPatch "$DOS_PATCHES/android_packages_modules_DnsResolver/0001-Hosts_Wildcards.patch"; #DnsResolver: Support wildcards in cached hosts file (tdm)
|
||||
applyPatch "$DOS_PATCHES/android_packages_modules_DnsResolver/0002-hosts_toggle.patch"; #Add a toggle to disable /etc/hosts lookup (DivestOS)
|
||||
fi;
|
||||
|
||||
if [ "$DOS_GRAPHENE_RANDOM_MAC" = true ]; then
|
||||
|
Loading…
Reference in New Issue
Block a user