diff --git a/Patches/LineageOS-18.1/android_bionic/0003-hosts_toggle.patch b/Patches/LineageOS-18.1/android_bionic/0003-hosts_toggle.patch new file mode 100644 index 00000000..b0025e4e --- /dev/null +++ b/Patches/LineageOS-18.1/android_bionic/0003-hosts_toggle.patch @@ -0,0 +1,72 @@ +From e336a0c51b42f5a43d4d7216cf0de7fb27c8b138 Mon Sep 17 00:00:00 2001 +From: Tad +Date: Wed, 20 Apr 2022 00:40:52 -0400 +Subject: [PATCH] Add a toggle to disable /etc/hosts lookup + +Signed-off-by: Tad +Change-Id: I92679c57e73228dc194e61a86ea1a18b2ac90e04 +--- + libc/dns/net/getaddrinfo.c | 37 +++++++++++++++++++++++-------------- + 1 file changed, 23 insertions(+), 14 deletions(-) + +diff --git a/libc/dns/net/getaddrinfo.c b/libc/dns/net/getaddrinfo.c +index cc94b21e2..d4d1db259 100644 +--- a/libc/dns/net/getaddrinfo.c ++++ b/libc/dns/net/getaddrinfo.c +@@ -83,6 +83,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -2129,23 +2130,31 @@ _files_getaddrinfo(void *rv, void *cb_data, va_list ap) + + memset(&sentinel, 0, sizeof(sentinel)); + cur = &sentinel; +- int gai_error = hc_getaddrinfo(name, NULL, pai, &cur); +- if (gai_error != EAI_SYSTEM) { +- *((struct addrinfo **)rv) = sentinel.ai_next; +- return (gai_error == 0 ? NS_SUCCESS : NS_NOTFOUND); +- } + +-// fprintf(stderr, "_files_getaddrinfo() name = '%s'\n", name); +- memset(&sentinel, 0, sizeof(sentinel)); +- cur = &sentinel; ++ int hostsDisabled = 0; ++ char value[PROP_VALUE_MAX] = { 0 }; ++ if (__system_property_get("persist.security.hosts_disable", value) != 0) ++ hostsDisabled = atoi(value); + +- _sethtent(&hostf); +- while ((p = _gethtent(&hostf, name, pai)) != NULL) { +- cur->ai_next = p; +- while (cur && cur->ai_next) +- cur = cur->ai_next; ++ if (hostsDisabled == 0) { ++ int gai_error = hc_getaddrinfo(name, NULL, pai, &cur); ++ if (gai_error != EAI_SYSTEM) { ++ *((struct addrinfo **)rv) = sentinel.ai_next; ++ return (gai_error == 0 ? NS_SUCCESS : NS_NOTFOUND); ++ } ++ ++// fprintf(stderr, "_files_getaddrinfo() name = '%s'\n", name); ++ memset(&sentinel, 0, sizeof(sentinel)); ++ cur = &sentinel; ++ ++ _sethtent(&hostf); ++ while ((p = _gethtent(&hostf, name, pai)) != NULL) { ++ cur->ai_next = p; ++ while (cur && cur->ai_next) ++ cur = cur->ai_next; ++ } ++ _endhtent(&hostf); + } +- _endhtent(&hostf); + + *((struct addrinfo **)rv) = sentinel.ai_next; + if (sentinel.ai_next == NULL) +-- +2.36.0 + diff --git a/Patches/LineageOS-18.1/android_packages_apps_Settings/0012-hosts_toggle.patch b/Patches/LineageOS-18.1/android_packages_apps_Settings/0012-hosts_toggle.patch new file mode 100644 index 00000000..3b6c4622 --- /dev/null +++ b/Patches/LineageOS-18.1/android_packages_apps_Settings/0012-hosts_toggle.patch @@ -0,0 +1,172 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Tad +Date: Wed, 20 Apr 2022 01:04:27 -0400 +Subject: [PATCH] Add a toggle to disable /etc/hosts lookup + +Copy and pasted from the GrapheneOS exec spawning toggle patch + +Signed-off-by: Tad +Change-Id: Ic01a142722372d9d57f52947025cd9db23e58ef4 +--- + res/values/strings.xml | 3 + + res/xml/security_dashboard_settings.xml | 6 + + .../security/HostsPreferenceController.java | 106 ++++++++++++++++++ + .../settings/security/SecuritySettings.java | 1 + + 4 files changed, 116 insertions(+) + create mode 100644 src/com/android/settings/security/HostsPreferenceController.java + +diff --git a/res/values/strings.xml b/res/values/strings.xml +index c8e830342b..1da3f7f8fb 100644 +--- a/res/values/strings.xml ++++ b/res/values/strings.xml +@@ -11969,6 +11969,9 @@ + + Enables window blurs at compositor level. Requires device reboot. + ++ Disable /etc/hosts blocking ++ Prevents use of the included /etc/hosts database, at the cost of DNS based content blocking. ++ + + Privacy + +diff --git a/res/xml/security_dashboard_settings.xml b/res/xml/security_dashboard_settings.xml +index 75cc0b261d..62d42246a3 100644 +--- a/res/xml/security_dashboard_settings.xml ++++ b/res/xml/security_dashboard_settings.xml +@@ -75,6 +75,12 @@ + android:title="@string/native_debug_title" + android:summary="@string/native_debug_summary" + android:persistent="false" /> ++ ++ + + + +diff --git a/src/com/android/settings/security/HostsPreferenceController.java b/src/com/android/settings/security/HostsPreferenceController.java +new file mode 100644 +index 0000000000..d8af6d2649 +--- /dev/null ++++ b/src/com/android/settings/security/HostsPreferenceController.java +@@ -0,0 +1,106 @@ ++/* ++ * Copyright (C) 2022 The Android Open Source Project ++ * ++ * Licensed under the Apache License, Version 2.0 (the "License"); ++ * you may not use this file except in compliance with the License. ++ * You may obtain a copy of the License at ++ * ++ * http://www.apache.org/licenses/LICENSE-2.0 ++ * ++ * Unless required by applicable law or agreed to in writing, software ++ * distributed under the License is distributed on an "AS IS" BASIS, ++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++ * See the License for the specific language governing permissions and ++ * limitations under the License ++ */ ++ ++package com.android.settings.security; ++ ++import android.content.Context; ++ ++import android.os.UserHandle; ++import android.os.UserManager; ++import android.os.SystemProperties; ++ ++import android.provider.Settings; ++ ++import androidx.preference.Preference; ++import androidx.preference.PreferenceCategory; ++import androidx.preference.PreferenceGroup; ++import androidx.preference.PreferenceScreen; ++import androidx.preference.TwoStatePreference; ++import androidx.preference.SwitchPreference; ++ ++import com.android.internal.widget.LockPatternUtils; ++import com.android.settings.core.PreferenceControllerMixin; ++import com.android.settingslib.core.AbstractPreferenceController; ++import com.android.settingslib.core.lifecycle.events.OnResume; ++ ++public class HostsPreferenceController extends AbstractPreferenceController ++ implements PreferenceControllerMixin, OnResume, Preference.OnPreferenceChangeListener { ++ ++ private static final String SYS_KEY_HOSTS_DISABLE = "persist.security.hosts_disable"; ++ private static final String PREF_KEY_HOSTS_DISABLE = "hosts_disable"; ++ private static final String PREF_KEY_SECURITY_CATEGORY = "security_category"; ++ ++ private PreferenceCategory mSecurityCategory; ++ private SwitchPreference mHostsDisable; ++ private boolean mIsAdmin; ++ private UserManager mUm; ++ ++ public HostsPreferenceController(Context context) { ++ super(context); ++ mUm = UserManager.get(context); ++ } ++ ++ @Override ++ public void displayPreference(PreferenceScreen screen) { ++ super.displayPreference(screen); ++ mSecurityCategory = screen.findPreference(PREF_KEY_SECURITY_CATEGORY); ++ updatePreferenceState(); ++ } ++ ++ @Override ++ public boolean isAvailable() { ++ mIsAdmin = mUm.isAdminUser(); ++ return mIsAdmin; ++ } ++ ++ @Override ++ public String getPreferenceKey() { ++ return PREF_KEY_HOSTS_DISABLE; ++ } ++ ++ // TODO: should we use onCreatePreferences() instead? ++ private void updatePreferenceState() { ++ if (mSecurityCategory == null) { ++ return; ++ } ++ ++ if (mIsAdmin) { ++ mHostsDisable = (SwitchPreference) mSecurityCategory.findPreference(PREF_KEY_HOSTS_DISABLE); ++ mHostsDisable.setChecked(SystemProperties.getInt(SYS_KEY_HOSTS_DISABLE, 0) == 1); ++ } else { ++ mSecurityCategory.removePreference(mSecurityCategory.findPreference(PREF_KEY_HOSTS_DISABLE)); ++ } ++ } ++ ++ @Override ++ public void onResume() { ++ updatePreferenceState(); ++ if (mHostsDisable != null) { ++ boolean mode = mHostsDisable.isChecked(); ++ SystemProperties.set(SYS_KEY_HOSTS_DISABLE, mode ? "1" : "0"); ++ } ++ } ++ ++ @Override ++ public boolean onPreferenceChange(Preference preference, Object value) { ++ final String key = preference.getKey(); ++ if (PREF_KEY_HOSTS_DISABLE.equals(key)) { ++ final boolean mode = !mHostsDisable.isChecked(); ++ SystemProperties.set(SYS_KEY_HOSTS_DISABLE, mode ? "1" : "0"); ++ } ++ return true; ++ } ++} +diff --git a/src/com/android/settings/security/SecuritySettings.java b/src/com/android/settings/security/SecuritySettings.java +index 387814c406..0fbcd27104 100644 +--- a/src/com/android/settings/security/SecuritySettings.java ++++ b/src/com/android/settings/security/SecuritySettings.java +@@ -121,6 +121,7 @@ public class SecuritySettings extends DashboardFragment { + securityPreferenceControllers.add(new AutoRebootPreferenceController(context)); + securityPreferenceControllers.add(new ExecSpawnPreferenceController(context)); + securityPreferenceControllers.add(new NativeDebugPreferenceController(context)); ++ securityPreferenceControllers.add(new HostsPreferenceController(context)); + controllers.add(new PreferenceCategoryController(context, SECURITY_CATEGORY) + .setChildren(securityPreferenceControllers)); + controllers.addAll(securityPreferenceControllers); diff --git a/Patches/LineageOS-18.1/android_packages_modules_DnsResolver/0001-hosts_toggle.patch b/Patches/LineageOS-18.1/android_packages_modules_DnsResolver/0001-hosts_toggle.patch new file mode 100644 index 00000000..fbc00e8d --- /dev/null +++ b/Patches/LineageOS-18.1/android_packages_modules_DnsResolver/0001-hosts_toggle.patch @@ -0,0 +1,58 @@ +From 2cc44127b3140a9f86787022c5c3b78e0134c5d6 Mon Sep 17 00:00:00 2001 +From: Tad +Date: Wed, 20 Apr 2022 00:40:53 -0400 +Subject: [PATCH] Add a toggle to disable /etc/hosts lookup + +Signed-off-by: Tad +Change-Id: Iea165003474e1107dc77980985bf9928c369dbb5 +--- + getaddrinfo.cpp | 24 +++++++++++++----------- + 1 file changed, 13 insertions(+), 11 deletions(-) + +diff --git a/getaddrinfo.cpp b/getaddrinfo.cpp +index 071f6ac..da7333c 100644 +--- a/getaddrinfo.cpp ++++ b/getaddrinfo.cpp +@@ -57,6 +57,7 @@ + #include + + #include ++#include + + #include "Experiments.h" + #include "netd_resolv/resolv.h" +@@ -1561,19 +1562,20 @@ static bool files_getaddrinfo(const size_t netid, const char* name, const addrin + FILE* hostf = nullptr; + + cur = &sentinel; ++ if (android::base::GetIntProperty("persist.security.hosts_disable", 0) == 0) { ++ int hc_error = hc_getaddrinfo(name, pai, &cur); ++ if (hc_error != EAI_SYSTEM) { ++ *res = sentinel.ai_next; ++ return sentinel.ai_next != NULL; ++ } + +- int hc_error = hc_getaddrinfo(name, pai, &cur); +- if (hc_error != EAI_SYSTEM) { +- *res = sentinel.ai_next; +- return sentinel.ai_next != NULL; +- } +- +- _sethtent(&hostf); +- while ((p = _gethtent(&hostf, name, pai)) != nullptr) { +- cur->ai_next = p; +- while (cur && cur->ai_next) cur = cur->ai_next; ++ _sethtent(&hostf); ++ while ((p = _gethtent(&hostf, name, pai)) != nullptr) { ++ cur->ai_next = p; ++ while (cur && cur->ai_next) cur = cur->ai_next; ++ } ++ _endhtent(&hostf); + } +- _endhtent(&hostf); + + if ((p = getCustomHosts(netid, name, pai)) != nullptr) { + cur->ai_next = p; +-- +2.36.0 + diff --git a/Scripts/LineageOS-16.0/Patch.sh b/Scripts/LineageOS-16.0/Patch.sh index e485bb32..69c63f8e 100644 --- a/Scripts/LineageOS-16.0/Patch.sh +++ b/Scripts/LineageOS-16.0/Patch.sh @@ -157,7 +157,7 @@ fi; applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969) applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after three failed attempts (GrapheneOS) applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0005-User_Logout.patch"; #Allow user logout (GrapheneOS) -#applyPatch "$DOS_PATCHES/android_frameworks_base/0012-Private_DNS.patch"; #More 'Private DNS' options (CalyxOS) +#applyPatch "$DOS_PATCHES/android_frameworks_base/0012-Private_DNS.patch"; #More 'Private DNS' options (heavily based off of a CalyxOS patch) applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Special_Permissions.patch"; #Support new special runtime permissions (GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-1.patch"; #Make INTERNET into a special runtime permission (GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-2.patch"; #Add a NETWORK permission group for INTERNET (GrapheneOS) @@ -272,7 +272,7 @@ fi; if enterAndClear "packages/apps/Settings"; then git revert --no-edit c240992b4c86c7f226290807a2f41f2619e7e5e8; #Don't hide OEM unlock applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969) -#applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0004-Private_DNS.patch"; #More 'Private DNS' options (CalyxOS) #TODO: Needs work +#applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0004-Private_DNS.patch"; #More 'Private DNS' options (heavily based off of a CalyxOS patch) #TODO: Needs work sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase max password length (GrapheneOS) sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service fi; diff --git a/Scripts/LineageOS-17.1/Patch.sh b/Scripts/LineageOS-17.1/Patch.sh index 7c729ff2..6c9a0da0 100644 --- a/Scripts/LineageOS-17.1/Patch.sh +++ b/Scripts/LineageOS-17.1/Patch.sh @@ -153,7 +153,7 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don' applyPatch "$DOS_PATCHES/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after three failed attempts (GrapheneOS) applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0005-User_Logout.patch"; #Allow user logout (GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0012-Restore_SensorsOff.patch"; #Restore the Sensors Off tile (DivestOS) -applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Private_DNS.patch"; #More 'Private DNS' options (CalyxOS) +applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Private_DNS.patch"; #More 'Private DNS' options (heavily based off of a CalyxOS patch) applyPatch "$DOS_PATCHES/android_frameworks_base/0014-Special_Permissions.patch"; #Support new special runtime permissions (GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0014-Network_Permission-1.patch"; #Make INTERNET into a special runtime permission (GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0014-Network_Permission-2.patch"; #Add a NETWORK permission group for INTERNET (GrapheneOS) @@ -288,7 +288,7 @@ if enterAndClear "packages/apps/Settings"; then git revert --no-edit 486980cfecce2ca64267f41462f9371486308e9d; #Don't hide OEM unlock applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969) applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0003-Remove_SensorsOff_Tile.patch"; #Remove the Sensors Off development tile (DivestOS) -applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0004-Private_DNS.patch"; #More 'Private DNS' options (CalyxOS) +applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0004-Private_DNS.patch"; #More 'Private DNS' options (heavily based off of a CalyxOS patch) if [ "$DOS_TIMEOUTS" = true ]; then applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0005-Automatic_Reboot.patch"; #Timeout for reboot (GrapheneOS) applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0006-Bluetooth_Timeout.patch"; #Timeout for Bluetooth (CalyxOS) diff --git a/Scripts/LineageOS-18.1/Patch.sh b/Scripts/LineageOS-18.1/Patch.sh index dfe501c9..3f13f6cb 100644 --- a/Scripts/LineageOS-18.1/Patch.sh +++ b/Scripts/LineageOS-18.1/Patch.sh @@ -79,6 +79,7 @@ applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-9.patch"; #applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-15.patch"; #Move pthread_internal_t behind guard page (GrapheneOS) #applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-16.patch"; #Add secondary stack randomization (GrapheneOS) fi; +applyPatch "$DOS_PATCHES/android_bionic/0003-hosts_toggle.patch"; #Add a toggle to disable /etc/hosts lookup (DivestOS) fi; if enterAndClear "bootable/recovery"; then @@ -129,7 +130,7 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don' applyPatch "$DOS_PATCHES/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after three failed attempts (GrapheneOS) applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0005-User_Logout.patch"; #Allow user logout (GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0011-Restore_SensorsOff.patch"; #Restore the Sensors Off tile -applyPatch "$DOS_PATCHES/android_frameworks_base/0012-Private_DNS.patch"; #More 'Private DNS' options (CalyxOS) +applyPatch "$DOS_PATCHES/android_frameworks_base/0012-Private_DNS.patch"; #More 'Private DNS' options (heavily based off of a CalyxOS patch) applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Special_Permissions.patch"; #Support new special runtime permissions (GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-1.patch"; #Make INTERNET into a special runtime permission (GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-2.patch"; #Add a NETWORK permission group for INTERNET (GrapheneOS) @@ -296,7 +297,7 @@ fi; if enterAndClear "packages/apps/Settings"; then applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969) applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0003-Remove_SensorsOff_Tile.patch"; #Remove the Sensors Off development tile (DivestOS) -applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0004-Private_DNS.patch"; #More 'Private DNS' options (CalyxOS) +applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0004-Private_DNS.patch"; #More 'Private DNS' options (heavily based off of a CalyxOS patch) if [ "$DOS_TIMEOUTS" = true ]; then applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0005-Automatic_Reboot.patch"; #Timeout for reboot (GrapheneOS) applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0006-Bluetooth_Timeout.patch"; #Timeout for Bluetooth (CalyxOS) @@ -309,6 +310,7 @@ applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0011-Random_MAC-1.patch" applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0011-Random_MAC-2.patch"; #Remove partial MAC randomization translations (GrapheneOS) fi; applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0009-Install_Restrictions.patch"; #UserManager app installation restrictions (GrapheneOS) +applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0012-hosts_toggle.patch"; #Add a toggle to disable /etc/hosts lookup (heavily based off of a GrapheneOS patch) sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service fi; @@ -332,6 +334,10 @@ applyPatch "$DOS_PATCHES_COMMON/android_packages_inputmethods_LatinIME/0001-Voic applyPatch "$DOS_PATCHES_COMMON/android_packages_inputmethods_LatinIME/0002-Disable_Personalization.patch"; #Disable personalization dictionary by default (GrapheneOS) fi; +if enterAndClear "packages/modules/DnsResolver"; then +applyPatch "$DOS_PATCHES/android_packages_modules_DnsResolver/0001-hosts_toggle.patch"; #Add a toggle to disable /etc/hosts lookup (DivestOS) +fi; + if [ "$DOS_GRAPHENE_RANDOM_MAC" = true ]; then if enterAndClear "packages/modules/NetworkStack"; then applyPatch "$DOS_PATCHES/android_packages_modules_NetworkStack/0001-Random_MAC.patch"; #Avoid reusing DHCP state for full MAC randomization (GrapheneOS) diff --git a/Scripts/LineageOS-19.1/Patch.sh b/Scripts/LineageOS-19.1/Patch.sh index 32dafd7d..e1ee1ac0 100644 --- a/Scripts/LineageOS-19.1/Patch.sh +++ b/Scripts/LineageOS-19.1/Patch.sh @@ -247,7 +247,7 @@ fi; if enterAndClear "packages/apps/Settings"; then #applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969) #XXX 19REBASE: broken? -#applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0004-Private_DNS.patch"; #More 'Private DNS' options (CalyxOS) #XXX 19REBASE +#applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0004-Private_DNS.patch"; #More 'Private DNS' options (heavily based off of a CalyxOS patch) #XXX 19REBASE if [ "$DOS_TIMEOUTS" = true ]; then applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0005-Automatic_Reboot.patch"; #Timeout for reboot (GrapheneOS) applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0006-Bluetooth_Timeout.patch"; #Timeout for Bluetooth (CalyxOS) @@ -284,7 +284,7 @@ if enterAndClear "packages/modules/Connectivity"; then applyPatch "$DOS_PATCHES/android_packages_modules_Connectivity/0001-Network_Permission-1.patch"; #Add callback for enforcing INTERNET permission changes (GrapheneOS) applyPatch "$DOS_PATCHES/android_packages_modules_Connectivity/0001-Network_Permission-2.patch"; #Use uid instead of app id (GrapheneOS) applyPatch "$DOS_PATCHES/android_packages_modules_Connectivity/0001-Network_Permission-3.patch"; #Skip reportNetworkConnectivity() when permission is revoked (GrapheneOS) -#applyPatch "$DOS_PATCHES/android_packages_modules_Connectivity/0002-Private_DNS.patch"; #More 'Private DNS' options (CalyxOS) #XXX 19REBASE +#applyPatch "$DOS_PATCHES/android_packages_modules_Connectivity/0002-Private_DNS.patch"; #More 'Private DNS' options (heavily based off of a CalyxOS patch) #XXX 19REBASE fi; if enterAndClear "packages/modules/DnsResolver"; then