Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2024-10-01 01:35:54 -04:00
Code Issues Packages Projects Releases Wiki Activity

19.1: Add toggle for /etc/hosts

Browse Source 
Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
Tad 2022-04-20 21:49:54 -04:00
parent 879256139f
commit 4f64f7538c
10 changed files with 254 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Patches/LineageOS-18.1/android_bionic/0003-hosts_toggle.patch
View File

@ -1,4 +1,4 @@
From f4290ee3eceb3843429255aeae9a86dc19b24312 Mon Sep 17 00:00:00 2001
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Wed, 20 Apr 2022 00:40:52 -0400
Subject: [PATCH] Add a toggle to disable /etc/hosts lookup
@ -33,6 +33,3 @@ index cc94b21e2..12294da04 100644
memset(&sentinel, 0, sizeof(sentinel));
cur = &sentinel;
int gai_error = hc_getaddrinfo(name, NULL, pai, &cur);
--
2.36.0

6
Patches/LineageOS-18.1/android_packages_apps_Settings/0012-hosts_toggle.patch
View File

@ -16,15 +16,15 @@ Change-Id: Ic01a142722372d9d57f52947025cd9db23e58ef4
create mode 100644 src/com/android/settings/security/HostsPreferenceController.java
diff --git a/res/values/strings.xml b/res/values/strings.xml
index c8e830342b..1da3f7f8fb 100644
index c8e830342b..b04499511b 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -11969,6 +11969,9 @@
<!-- If blurs are supported on SurfaceFlinger, summary. [CHAR LIMIT=NONE] -->
<string name="enable_blurs_on_windows_summary">Enables window blurs at compositor level. Requires device reboot.</string>
+ <string name="hosts_disable_title">Disable /etc/hosts blocking</string>
+ <string name="hosts_disable_summary">Prevents use of the included /etc/hosts database, at the cost of DNS based content blocking.</string>
+ <string name="hosts_disable_title">Disable DNS content blocker</string>
+ <string name="hosts_disable_summary">Disables use of the included /etc/hosts database for data collection and malware blocking.</string>
+
<!-- Title for the top level Privacy Settings [CHAR LIMIT=30]-->
<string name="privacy_dashboard_title">Privacy</string>

5
Patches/LineageOS-18.1/android_packages_modules_DnsResolver/0001-hosts_toggle.patch
View File

@ -1,4 +1,4 @@
From 91bae24269ae01b7c4508276e21e7417c24ce5e4 Mon Sep 17 00:00:00 2001
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Wed, 20 Apr 2022 00:40:53 -0400
Subject: [PATCH] Add a toggle to disable /etc/hosts lookup
@ -31,6 +31,3 @@ index 071f6ac..955b5c2 100644
struct addrinfo sentinel = {};
struct addrinfo *p, *cur;
FILE* hostf = nullptr;
--
2.36.0

5
Patches/LineageOS-19.1/android_bionic/0003-Hosts_Cache.patch
View File

@ -1,4 +1,4 @@
From d7d848b5d0b398e7a85d4d7ca112bbf3198ff6a5 Mon Sep 17 00:00:00 2001
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Tom Marshall <tdm@cyngn.com>
Date: Fri, 17 Jun 2016 16:38:12 -0700
Subject: [PATCH] bionic: Sort and cache hosts file data for fast lookup
@ -641,6 +641,3 @@ index 483105a95..1399378cd 100644
#if 0
{
res_state res = __res_get_state();
--
2.36.0

5
Patches/LineageOS-19.1/android_bionic/0003-Hosts_Wildcards.patch
View File

@ -1,4 +1,4 @@
From 5f63f4b6526c5bf88d5b0676afb6e4917154c96e Mon Sep 17 00:00:00 2001
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Tom Marshall <tdm.code@gmail.com>
Date: Thu, 16 Jan 2020 13:07:04 -0800
Subject: [PATCH] bionic: Support wildcards in cached hosts file
@ -67,6 +67,3 @@ index deafb78b7..5038986be 100644
/*
* Find next name on line, if any.
*
--
2.36.0

35
Patches/LineageOS-19.1/android_bionic/0004-hosts_toggle.patch Normal file
View File

@ -0,0 +1,35 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Wed, 20 Apr 2022 00:40:52 -0400
Subject: [PATCH] Add a toggle to disable /etc/hosts lookup
Signed-off-by: Tad <tad@spotco.us>
Change-Id: I92679c57e73228dc194e61a86ea1a18b2ac90e04
---
libc/dns/net/getaddrinfo.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/libc/dns/net/getaddrinfo.c b/libc/dns/net/getaddrinfo.c
index cc94b21e2..12294da04 100644
--- a/libc/dns/net/getaddrinfo.c
+++ b/libc/dns/net/getaddrinfo.c
@@ -83,6 +83,7 @@
#include <sys/stat.h>
#include <sys/param.h>
#include <sys/socket.h>
+#include <sys/system_properties.h>
#include <sys/un.h>
#include <net/if.h>
#include <netinet/in.h>
@@ -2127,6 +2128,11 @@ _files_getaddrinfo(void *rv, void *cb_data, va_list ap)
name = va_arg(ap, char *);
pai = va_arg(ap, struct addrinfo *);
+ char value[PROP_VALUE_MAX] = { 0 };
+ if (__system_property_get("persist.security.hosts_disable", value) != 0)
+ if (atoi(value) != 0 && strcmp(name, "localhost") != 0 && strcmp(name, "ip6-localhost") != 0)
+ return NS_NOTFOUND;
+
memset(&sentinel, 0, sizeof(sentinel));
cur = &sentinel;
int gai_error = hc_getaddrinfo(name, NULL, pai, &cur);

175
Patches/LineageOS-19.1/android_packages_apps_Settings/0012-hosts_toggle.patch Normal file
View File

@ -0,0 +1,175 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Wed, 20 Apr 2022 01:04:27 -0400
Subject: [PATCH] Add a toggle to disable /etc/hosts lookup
Copy and pasted from the GrapheneOS exec spawning toggle patch
Signed-off-by: Tad <tad@spotco.us>
Change-Id: Ic01a142722372d9d57f52947025cd9db23e58ef4
---
res/values/strings.xml | 3 +
res/xml/security_dashboard_settings.xml | 6 +
.../security/HostsPreferenceController.java | 106 ++++++++++++++++++
.../settings/security/SecuritySettings.java | 1 +
4 files changed, 116 insertions(+)
create mode 100644 src/com/android/settings/security/HostsPreferenceController.java
diff --git a/res/values/strings.xml b/res/values/strings.xml
index 970533145b..2586ff2612 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -13117,6 +13117,9 @@
<string name="native_debug_title">Enable native code debugging</string>
<string name="native_debug_summary">Generate useful logs / bug reports from crashes and permit debugging native code.</string>
+ <string name="hosts_disable_title">Disable DNS content blocker</string>
+ <string name="hosts_disable_summary">Disables use of the included /etc/hosts database for data collection and malware blocking.</string>
+
<!-- Title for the top level Privacy Settings [CHAR LIMIT=30]-->
<string name="privacy_dashboard_title">Privacy</string>
<!-- Summary for the top level Privacy Settings [CHAR LIMIT=NONE]-->
diff --git a/res/xml/security_dashboard_settings.xml b/res/xml/security_dashboard_settings.xml
index 20f0d4df5b..011f6e1117 100644
--- a/res/xml/security_dashboard_settings.xml
+++ b/res/xml/security_dashboard_settings.xml
@@ -75,6 +75,12 @@
android:summary="@string/native_debug_summary"
android:persistent="false" />
+ <SwitchPreference
+ android:key="hosts_disable"
+ android:title="@string/hosts_disable_title"
+ android:summary="@string/hosts_disable_summary"
+ android:persistent="false" />
+
<com.android.settingslib.RestrictedPreference
android:key="biometric_settings"
android:title="@string/security_settings_biometric_preference_title"
diff --git a/src/com/android/settings/security/HostsPreferenceController.java b/src/com/android/settings/security/HostsPreferenceController.java
new file mode 100644
index 0000000000..d8af6d2649
--- /dev/null
+++ b/src/com/android/settings/security/HostsPreferenceController.java
@@ -0,0 +1,106 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+package com.android.settings.security;
+
+import android.content.Context;
+
+import android.os.UserHandle;
+import android.os.UserManager;
+import android.os.SystemProperties;
+
+import android.provider.Settings;
+
+import androidx.preference.Preference;
+import androidx.preference.PreferenceCategory;
+import androidx.preference.PreferenceGroup;
+import androidx.preference.PreferenceScreen;
+import androidx.preference.TwoStatePreference;
+import androidx.preference.SwitchPreference;
+
+import com.android.internal.widget.LockPatternUtils;
+import com.android.settings.core.PreferenceControllerMixin;
+import com.android.settingslib.core.AbstractPreferenceController;
+import com.android.settingslib.core.lifecycle.events.OnResume;
+
+public class HostsPreferenceController extends AbstractPreferenceController
+ implements PreferenceControllerMixin, OnResume, Preference.OnPreferenceChangeListener {
+
+ private static final String SYS_KEY_HOSTS_DISABLE = "persist.security.hosts_disable";
+ private static final String PREF_KEY_HOSTS_DISABLE = "hosts_disable";
+ private static final String PREF_KEY_SECURITY_CATEGORY = "security_category";
+
+ private PreferenceCategory mSecurityCategory;
+ private SwitchPreference mHostsDisable;
+ private boolean mIsAdmin;
+ private UserManager mUm;
+
+ public HostsPreferenceController(Context context) {
+ super(context);
+ mUm = UserManager.get(context);
+ }
+
+ @Override
+ public void displayPreference(PreferenceScreen screen) {
+ super.displayPreference(screen);
+ mSecurityCategory = screen.findPreference(PREF_KEY_SECURITY_CATEGORY);
+ updatePreferenceState();
+ }
+
+ @Override
+ public boolean isAvailable() {
+ mIsAdmin = mUm.isAdminUser();
+ return mIsAdmin;
+ }
+
+ @Override
+ public String getPreferenceKey() {
+ return PREF_KEY_HOSTS_DISABLE;
+ }
+
+ // TODO: should we use onCreatePreferences() instead?
+ private void updatePreferenceState() {
+ if (mSecurityCategory == null) {
+ return;
+ }
+
+ if (mIsAdmin) {
+ mHostsDisable = (SwitchPreference) mSecurityCategory.findPreference(PREF_KEY_HOSTS_DISABLE);
+ mHostsDisable.setChecked(SystemProperties.getInt(SYS_KEY_HOSTS_DISABLE, 0) == 1);
+ } else {
+ mSecurityCategory.removePreference(mSecurityCategory.findPreference(PREF_KEY_HOSTS_DISABLE));
+ }
+ }
+
+ @Override
+ public void onResume() {
+ updatePreferenceState();
+ if (mHostsDisable != null) {
+ boolean mode = mHostsDisable.isChecked();
+ SystemProperties.set(SYS_KEY_HOSTS_DISABLE, mode ? "1" : "0");
+ }
+ }
+
+ @Override
+ public boolean onPreferenceChange(Preference preference, Object value) {
+ final String key = preference.getKey();
+ if (PREF_KEY_HOSTS_DISABLE.equals(key)) {
+ final boolean mode = !mHostsDisable.isChecked();
+ SystemProperties.set(SYS_KEY_HOSTS_DISABLE, mode ? "1" : "0");
+ }
+ return true;
+ }
+}
diff --git a/src/com/android/settings/security/SecuritySettings.java b/src/com/android/settings/security/SecuritySettings.java
index a940165bed..dbb9987f0c 100644
--- a/src/com/android/settings/security/SecuritySettings.java
+++ b/src/com/android/settings/security/SecuritySettings.java
@@ -125,6 +125,7 @@ public class SecuritySettings extends DashboardFragment {
securityPreferenceControllers.add(new AutoRebootPreferenceController(context));
securityPreferenceControllers.add(new ExecSpawnPreferenceController(context));
securityPreferenceControllers.add(new NativeDebugPreferenceController(context));
+ securityPreferenceControllers.add(new HostsPreferenceController(context));
controllers.add(new PreferenceCategoryController(context, SECURITY_CATEGORY)
.setChildren(securityPreferenceControllers));
controllers.addAll(securityPreferenceControllers);
--
2.36.0

0
Patches/LineageOS-19.1/android_packages_modules_DnsResolver/0002-Hosts_Wildcards.patch → Patches/LineageOS-19.1/android_packages_modules_DnsResolver/0001-Hosts_Wildcards.patch
View File

33
Patches/LineageOS-19.1/android_packages_modules_DnsResolver/0002-hosts_toggle.patch Normal file
View File

@ -0,0 +1,33 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Wed, 20 Apr 2022 00:40:53 -0400
Subject: [PATCH] Add a toggle to disable /etc/hosts lookup
Signed-off-by: Tad <tad@spotco.us>
Change-Id: Iea165003474e1107dc77980985bf9928c369dbb5
---
getaddrinfo.cpp | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/getaddrinfo.cpp b/getaddrinfo.cpp
index 071f6ac..955b5c2 100644
--- a/getaddrinfo.cpp
+++ b/getaddrinfo.cpp
@@ -57,6 +57,7 @@
#include <future>
#include <android-base/logging.h>
+#include <android-base/properties.h>
#include "Experiments.h"
#include "netd_resolv/resolv.h"
@@ -1556,6 +1557,9 @@ static struct addrinfo* getCustomHosts(const size_t netid, const char* _Nonnull
static bool files_getaddrinfo(const size_t netid, const char* name, const addrinfo* pai,
addrinfo** res) {
+ if (android::base::GetIntProperty("persist.security.hosts_disable", 0) != 0 && name != "localhost" && name != "ip6-localhost")
+ return false;
+
struct addrinfo sentinel = {};
struct addrinfo *p, *cur;
FILE* hostf = nullptr;

5
Scripts/LineageOS-19.1/Patch.sh
View File

@ -81,6 +81,7 @@ applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-16.patch"
fi;
applyPatch "$DOS_PATCHES/android_bionic/0003-Hosts_Cache.patch"; #Sort and cache hosts file data for fast lookup (tdm)
applyPatch "$DOS_PATCHES/android_bionic/0003-Hosts_Wildcards.patch"; #Support wildcards in cached hosts file (tdm)
applyPatch "$DOS_PATCHES/android_bionic/0004-hosts_toggle.patch"; #Add a toggle to disable /etc/hosts lookup (DivestOS)
fi;
if enterAndClear "bootable/recovery"; then
@ -257,6 +258,7 @@ if [ "$DOS_GRAPHENE_PTRACE_SCOPE" = true ]; then applyPatch "$DOS_PATCHES/androi
if [ "$DOS_GRAPHENE_EXEC" = true ]; then applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0010-exec_spawning_toggle.patch"; fi; #Add exec spawning toggle (GrapheneOS)
if [ "$DOS_GRAPHENE_RANDOM_MAC" = true ]; then applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0011-Random_MAC.patch"; fi; #Add option to always randomize MAC (GrapheneOS)
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0009-Install_Restrictions.patch"; #UserManager app installation restrictions (GrapheneOS)
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0012-hosts_toggle.patch"; #Add a toggle to disable /etc/hosts lookup (heavily based off of a GrapheneOS patch)
sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service
fi;
@ -289,7 +291,8 @@ fi;
if enterAndClear "packages/modules/DnsResolver"; then
applyPatch "$DOS_PATCHES/android_packages_modules_DnsResolver/0001-Hosts_Cache.patch"; #DnsResolver: Sort and cache hosts file data for fast lookup (tdm)
applyPatch "$DOS_PATCHES/android_packages_modules_DnsResolver/0002-Hosts_Wildcards.patch"; #DnsResolver: Support wildcards in cached hosts file (tdm)
applyPatch "$DOS_PATCHES/android_packages_modules_DnsResolver/0001-Hosts_Wildcards.patch"; #DnsResolver: Support wildcards in cached hosts file (tdm)
applyPatch "$DOS_PATCHES/android_packages_modules_DnsResolver/0002-hosts_toggle.patch"; #Add a toggle to disable /etc/hosts lookup (DivestOS)
fi;
if [ "$DOS_GRAPHENE_RANDOM_MAC" = true ]; then