Various changes

- 17.1: Add more captive portal server options like 18.1+, disabled: needs fixes
- 17.1: Add the hosts toggle like 18.1+
- 18.1: fix junk in patch
- 17.1+: hosts toggle: bugfix: fixup localhost handling by switching to strcmp
- 15.1: fixes to get hmalloc to compile, does NOT boot

Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
Tad 2023-01-20 14:45:46 -05:00
parent 84a9a1326c
commit ad466bd3e4
No known key found for this signature in database
GPG Key ID: B286E9F57A07424B
21 changed files with 719 additions and 45 deletions

View File

@ -0,0 +1,35 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Wed, 20 Apr 2022 00:40:52 -0400
Subject: [PATCH] Add a toggle to disable /etc/hosts lookup
Signed-off-by: Tad <tad@spotco.us>
Change-Id: I92679c57e73228dc194e61a86ea1a18b2ac90e04
---
libc/dns/net/getaddrinfo.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/libc/dns/net/getaddrinfo.c b/libc/dns/net/getaddrinfo.c
index cc94b21e2..12294da04 100644
--- a/libc/dns/net/getaddrinfo.c
+++ b/libc/dns/net/getaddrinfo.c
@@ -83,6 +83,7 @@
#include <sys/stat.h>
#include <sys/param.h>
#include <sys/socket.h>
+#include <sys/system_properties.h>
#include <sys/un.h>
#include <net/if.h>
#include <netinet/in.h>
@@ -2127,6 +2128,11 @@ _files_getaddrinfo(void *rv, void *cb_data, va_list ap)
name = va_arg(ap, char *);
pai = va_arg(ap, struct addrinfo *);
+ char value[PROP_VALUE_MAX] = { 0 };
+ if (__system_property_get("persist.security.hosts_disable", value) != 0)
+ if (atoi(value) != 0 && strcmp(name, "localhost") != 0 && strcmp(name, "ip6-localhost") != 0)
+ return NS_NOTFOUND;
+
memset(&sentinel, 0, sizeof(sentinel));
cur = &sentinel;
int gai_error = hc_getaddrinfo(name, NULL, pai, &cur);

View File

@ -0,0 +1,447 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Pratyush <codelab@pratyush.dev>
Date: Wed, 20 Oct 2021 05:40:11 +0530
Subject: [PATCH] add toggle to set captiveportal settings
Access is disallowed for users that are disallowed from configuring
Private DNS settings. This restriction provides administrative control
over this feature in a way that's compatible with existing device
manager implementations. Private DNS is the closest fit from the
existing user management restrictions that are available.
Co-authored-by: stuux <stuux@posteo.net>
Co-authored-by: Renlord <me@renlord.com>
Co-authored-by: Danny Lin <danny@kdrag0n.dev>
Co-authored-by: anupritaisno1 <www.anuprita804@gmail.com>
Signed-off-by: empratyush <codelab@pratyush.dev>
[tad@spotco.us]: add multiple other server options
[tad@spotco.us]: merge with the GrapheneOS patch from RQ3A.211001.001.2021100606
Change-Id: I8a762d0f29ac42fce3dcfc7189e8ff216a8f8d1a
---
res/values/arrays.xml | 24 ++
res/values/strings.xml | 3 +
res/xml/network_and_internet.xml | 8 +
...ConnectivityCheckPreferenceController.java | 328 ++++++++++++++++++
.../network/NetworkDashboardFragment.java | 3 +
5 files changed, 366 insertions(+)
create mode 100644 src/com/android/settings/network/ConnectivityCheckPreferenceController.java
diff --git a/res/values/arrays.xml b/res/values/arrays.xml
index b983f467df..d799348200 100644
--- a/res/values/arrays.xml
+++ b/res/values/arrays.xml
@@ -108,6 +108,30 @@
<item>@string/dark_ui_auto_mode_auto</item>
</string-array>
+ <string-array name="connectivity_check_entries">
+ <item>Disabled</item>
+ <item>Google (US) [default]</item>
+ <!--<item>GrapheneOS (CA)</item>-->
+ <item>DivestOS (US)</item>
+ <item>openSUSE (DE)</item>
+ <item>Ubuntu (UK)</item>
+ <item>Amazon Fire OS (US)</item>
+ <item>Microsoft Edge (US)</item>
+ <item>Kuketz (DE)</item>
+ </string-array>
+
+ <string-array name="connectivity_check_values" translatable="false">
+ <item>0</item>
+ <item>1</item>
+ <!--<item>2</item>-->
+ <item>3</item>
+ <item>4</item>
+ <item>5</item>
+ <item>6</item>
+ <item>7</item>
+ <item>8</item>
+ </string-array>
+
<!-- Security settings. The delay after screen is turned off until device locks.
These are shown in a list dialog. -->
<string-array name="lock_after_timeout_entries">
diff --git a/res/values/strings.xml b/res/values/strings.xml
index 2180ea45f6..edd9a93761 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -11462,4 +11462,7 @@
<string name="bluetooth_connect_access_dialog_negative">Don\u2019t connect</string>
<!-- Strings for Dialog connect button -->
<string name="bluetooth_connect_access_dialog_positive">Connect</string>
+
+ <string name="connectivity_check_title">Internet connectivity check</string>
+ <string name="connectivity_check_summary">HTTP endpoints to use for performing internet connectivity checks.</string>
</resources>
diff --git a/res/xml/network_and_internet.xml b/res/xml/network_and_internet.xml
index 32b51d48fc..ff1e5234cf 100644
--- a/res/xml/network_and_internet.xml
+++ b/res/xml/network_and_internet.xml
@@ -97,4 +97,12 @@
android:positiveButtonText="@string/save"
android:negativeButtonText="@android:string/cancel" />
+ <ListPreference
+ android:key="connectivity_check_settings"
+ android:title="@string/connectivity_check_title"
+ android:summary="@string/connectivity_check_summary"
+ android:entries="@array/connectivity_check_entries"
+ android:entryValues="@array/connectivity_check_values"
+ android:order="30"/>
+
</PreferenceScreen>
diff --git a/src/com/android/settings/network/ConnectivityCheckPreferenceController.java b/src/com/android/settings/network/ConnectivityCheckPreferenceController.java
new file mode 100644
index 0000000000..942ae750bc
--- /dev/null
+++ b/src/com/android/settings/network/ConnectivityCheckPreferenceController.java
@@ -0,0 +1,328 @@
+/*
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.settings.network;
+
+import android.content.ContentResolver;
+import android.content.Context;
+import android.content.res.Resources;
+import android.database.ContentObserver;
+import android.net.LinkProperties;
+import android.net.Network;
+import android.os.Handler;
+import android.os.Looper;
+import android.os.UserHandle;
+import android.os.UserManager;
+import android.provider.Settings;
+import androidx.preference.ListPreference;
+import androidx.preference.Preference;
+import androidx.preference.PreferenceScreen;
+import com.android.internal.util.ArrayUtils;
+import com.android.settings.R;
+import com.android.settings.core.BasePreferenceController;
+import com.android.settings.core.PreferenceControllerMixin;
+import com.android.settingslib.RestrictedLockUtils.EnforcedAdmin;
+import com.android.settingslib.RestrictedLockUtilsInternal;
+import com.android.settingslib.core.lifecycle.events.OnResume;
+
+public class ConnectivityCheckPreferenceController
+ extends BasePreferenceController
+ implements PreferenceControllerMixin, Preference.OnPreferenceChangeListener,
+ OnResume {
+
+ // imported defaults from AOSP NetworkStack
+ private static final String STANDARD_HTTPS_URL =
+ "https://www.google.com/generate_204";
+ private static final String STANDARD_HTTP_URL =
+ "http://connectivitycheck.gstatic.com/generate_204";
+ private static final String STANDARD_FALLBACK_URL =
+ "http://www.google.com/gen_204";
+ private static final String STANDARD_OTHER_FALLBACK_URLS =
+ "http://play.googleapis.com/generate_204";
+
+ // GrapheneOS
+ private static final String GRAPHENEOS_CAPTIVE_PORTAL_HTTPS_URL =
+ "https://connectivitycheck.grapheneos.network/generate_204";
+ private static final String GRAPHENEOS_CAPTIVE_PORTAL_HTTP_URL =
+ "http://connectivitycheck.grapheneos.network/generate_204";
+ private static final String GRAPHENEOS_CAPTIVE_PORTAL_FALLBACK_URL =
+ "http://grapheneos.online/gen_204";
+ private static final String GRAPHENEOS_CAPTIVE_PORTAL_OTHER_FALLBACK_URL =
+ "http://grapheneos.online/generate_204";
+
+ // DivestOS
+ private static final String DIVESTOS_HTTPS_URL =
+ "https://divestos.org/generate_204";
+ private static final String DIVESTOS_HTTP_URL =
+ "http://divestos.org/generate_204";
+
+ // openSUSE
+ private static final String OPENSUSE_HTTPS_URL =
+ "https://conncheck.opensuse.org";
+ private static final String OPENSUSE_HTTP_URL =
+ "http://conncheck.opensuse.org";
+
+ // Ubuntu
+ private static final String UBUNTU_HTTPS_URL =
+ "https://connectivity-check.ubuntu.com";
+ private static final String UBUNTU_HTTP_URL =
+ "http://connectivity-check.ubuntu.com";
+
+ // Amazon Fire OS
+ private static final String AMAZON_HTTPS_URL =
+ "https://fireoscaptiveportal.com/generate_204";
+ private static final String AMAZON_HTTP_URL =
+ "http://fireoscaptiveportal.com/generate_204";
+
+ // Microsoft Edge
+ private static final String MICROSOFT_HTTP_URL =
+ "http://edge-http.microsoft.com/captiveportal/generate_204";
+
+ // Kuketz, https://www.kuketz-blog.de/android-captive-portal-check-204-http-antwort-von-captiveportal-kuketz-de/
+ private static final String KUKETZ_HTTPS_URL =
+ "https://captiveportal.kuketz.de";
+ private static final String KUKETZ_HTTP_URL =
+ "http://captiveportal.kuketz.de";
+
+ private static final int DISABLED_CAPTIVE_PORTAL_INTVAL = 0;
+ private static final int STANDARD_CAPTIVE_PORTAL_HTTP_URL_INTVAL = 1;
+ private static final int GRAPHENEOS_CAPTIVE_PORTAL_HTTP_URL_INTVAL = 2;
+ private static final int DIVESTOS_CAPTIVE_PORTAL_HTTP_URL_INTVAL = 3;
+ private static final int OPENSUSE_CAPTIVE_PORTAL_HTTP_URL_INTVAL = 4;
+ private static final int UBUNTU_CAPTIVE_PORTAL_HTTP_URL_INTVAL = 5;
+ private static final int AMAZON_CAPTIVE_PORTAL_HTTP_URL_INTVAL = 6;
+ private static final int MICROSOFT_CAPTIVE_PORTAL_HTTP_URL_INTVAL = 7;
+ private static final int KUKETZ_CAPTIVE_PORTAL_HTTP_URL_INTVAL = 8;
+
+ private static final String KEY_CONNECTIVITY_CHECK_SETTINGS =
+ "connectivity_check_settings";
+
+ private ListPreference mConnectivityPreference;
+
+ public ConnectivityCheckPreferenceController(Context context) {
+ super(context, KEY_CONNECTIVITY_CHECK_SETTINGS);
+ }
+
+ @Override
+ public int getAvailabilityStatus() {
+ if (isDisabledByAdmin()) {
+ return BasePreferenceController.DISABLED_FOR_USER;
+ }
+ return BasePreferenceController.AVAILABLE;
+ }
+
+ @Override
+ public void displayPreference(PreferenceScreen screen) {
+ super.displayPreference(screen);
+ mConnectivityPreference =
+ screen.findPreference(KEY_CONNECTIVITY_CHECK_SETTINGS);
+ updatePreferenceState();
+ }
+
+ @Override
+ public String getPreferenceKey() {
+ return KEY_CONNECTIVITY_CHECK_SETTINGS;
+ }
+
+ private void updatePreferenceState() {
+ if (Settings.Global.getInt(mContext.getContentResolver(),
+ Settings.Global.CAPTIVE_PORTAL_MODE, Settings.Global.CAPTIVE_PORTAL_MODE_PROMPT)
+ == Settings.Global.CAPTIVE_PORTAL_MODE_IGNORE) {
+ mConnectivityPreference.setValueIndex(DISABLED_CAPTIVE_PORTAL_INTVAL);
+ return;
+ }
+
+ String pref = Settings.Global.getString(
+ mContext.getContentResolver(), Settings.Global.CAPTIVE_PORTAL_HTTP_URL);
+ if (STANDARD_HTTP_URL.equals(pref)) {
+ mConnectivityPreference.setValueIndex(
+ STANDARD_CAPTIVE_PORTAL_HTTP_URL_INTVAL);
+ } else if (GRAPHENEOS_CAPTIVE_PORTAL_HTTP_URL.equals(pref)) {
+ mConnectivityPreference.setValueIndex(
+ GRAPHENEOS_CAPTIVE_PORTAL_HTTP_URL_INTVAL);
+ } else if (DIVESTOS_HTTP_URL.equals(pref)) {
+ mConnectivityPreference.setValueIndex(
+ DIVESTOS_CAPTIVE_PORTAL_HTTP_URL_INTVAL);
+ } else if (OPENSUSE_HTTP_URL.equals(pref)) {
+ mConnectivityPreference.setValueIndex(
+ OPENSUSE_CAPTIVE_PORTAL_HTTP_URL_INTVAL);
+ } else if (UBUNTU_HTTP_URL.equals(pref)) {
+ mConnectivityPreference.setValueIndex(
+ UBUNTU_CAPTIVE_PORTAL_HTTP_URL_INTVAL);
+ } else if (AMAZON_HTTP_URL.equals(pref)) {
+ mConnectivityPreference.setValueIndex(
+ AMAZON_CAPTIVE_PORTAL_HTTP_URL_INTVAL);
+ } else if (MICROSOFT_HTTP_URL.equals(pref)) {
+ mConnectivityPreference.setValueIndex(
+ MICROSOFT_CAPTIVE_PORTAL_HTTP_URL_INTVAL);
+ } else if (KUKETZ_HTTP_URL.equals(pref)) {
+ mConnectivityPreference.setValueIndex(
+ KUKETZ_CAPTIVE_PORTAL_HTTP_URL_INTVAL);
+ }
+ }
+
+ @Override
+ public void onResume() {
+ updatePreferenceState();
+ if (mConnectivityPreference != null) {
+ setCaptivePortalURLs(
+ mContext.getContentResolver(),
+ Integer.parseInt(mConnectivityPreference.getValue()));
+ }
+ }
+
+ private void setCaptivePortalURLs(ContentResolver cr, int mode) {
+ switch (mode) {
+ case STANDARD_CAPTIVE_PORTAL_HTTP_URL_INTVAL:
+ Settings.Global.putString(cr, Settings.Global.CAPTIVE_PORTAL_HTTP_URL,
+ STANDARD_HTTP_URL);
+ Settings.Global.putString(cr, Settings.Global.CAPTIVE_PORTAL_HTTPS_URL,
+ STANDARD_HTTPS_URL);
+ Settings.Global.putString(cr, Settings.Global.CAPTIVE_PORTAL_FALLBACK_URL,
+ STANDARD_FALLBACK_URL);
+ Settings.Global.putString(
+ cr, Settings.Global.CAPTIVE_PORTAL_OTHER_FALLBACK_URLS,
+ STANDARD_OTHER_FALLBACK_URLS);
+ Settings.Global.putInt(cr, Settings.Global.CAPTIVE_PORTAL_MODE,
+ Settings.Global.CAPTIVE_PORTAL_MODE_PROMPT);
+ break;
+ case GRAPHENEOS_CAPTIVE_PORTAL_HTTP_URL_INTVAL:
+ Settings.Global.putString(cr, Settings.Global.CAPTIVE_PORTAL_HTTP_URL,
+ GRAPHENEOS_CAPTIVE_PORTAL_HTTP_URL);
+ Settings.Global.putString(cr, Settings.Global.CAPTIVE_PORTAL_HTTPS_URL,
+ GRAPHENEOS_CAPTIVE_PORTAL_HTTPS_URL);
+ Settings.Global.putString(cr, Settings.Global.CAPTIVE_PORTAL_FALLBACK_URL,
+ GRAPHENEOS_CAPTIVE_PORTAL_FALLBACK_URL);
+ Settings.Global.putString(
+ cr, Settings.Global.CAPTIVE_PORTAL_OTHER_FALLBACK_URLS,
+ GRAPHENEOS_CAPTIVE_PORTAL_OTHER_FALLBACK_URL);
+ Settings.Global.putInt(cr, Settings.Global.CAPTIVE_PORTAL_MODE,
+ Settings.Global.CAPTIVE_PORTAL_MODE_PROMPT);
+ break;
+ case DIVESTOS_CAPTIVE_PORTAL_HTTP_URL_INTVAL:
+ Settings.Global.putString(cr, Settings.Global.CAPTIVE_PORTAL_HTTP_URL,
+ DIVESTOS_HTTP_URL);
+ Settings.Global.putString(cr, Settings.Global.CAPTIVE_PORTAL_HTTPS_URL,
+ DIVESTOS_HTTPS_URL);
+ Settings.Global.putString(cr, Settings.Global.CAPTIVE_PORTAL_FALLBACK_URL,
+ DIVESTOS_HTTP_URL);
+ Settings.Global.putString(
+ cr, Settings.Global.CAPTIVE_PORTAL_OTHER_FALLBACK_URLS,
+ DIVESTOS_HTTP_URL);
+ Settings.Global.putInt(cr, Settings.Global.CAPTIVE_PORTAL_MODE,
+ Settings.Global.CAPTIVE_PORTAL_MODE_PROMPT);
+ break;
+ case OPENSUSE_CAPTIVE_PORTAL_HTTP_URL_INTVAL:
+ Settings.Global.putString(cr, Settings.Global.CAPTIVE_PORTAL_HTTP_URL,
+ OPENSUSE_HTTP_URL);
+ Settings.Global.putString(cr, Settings.Global.CAPTIVE_PORTAL_HTTPS_URL,
+ OPENSUSE_HTTPS_URL);
+ Settings.Global.putString(cr, Settings.Global.CAPTIVE_PORTAL_FALLBACK_URL,
+ OPENSUSE_HTTP_URL);
+ Settings.Global.putString(
+ cr, Settings.Global.CAPTIVE_PORTAL_OTHER_FALLBACK_URLS,
+ OPENSUSE_HTTP_URL);
+ Settings.Global.putInt(cr, Settings.Global.CAPTIVE_PORTAL_MODE,
+ Settings.Global.CAPTIVE_PORTAL_MODE_PROMPT);
+ break;
+ case UBUNTU_CAPTIVE_PORTAL_HTTP_URL_INTVAL:
+ Settings.Global.putString(cr, Settings.Global.CAPTIVE_PORTAL_HTTP_URL,
+ UBUNTU_HTTP_URL);
+ Settings.Global.putString(cr, Settings.Global.CAPTIVE_PORTAL_HTTPS_URL,
+ UBUNTU_HTTPS_URL);
+ Settings.Global.putString(cr, Settings.Global.CAPTIVE_PORTAL_FALLBACK_URL,
+ UBUNTU_HTTP_URL);
+ Settings.Global.putString(
+ cr, Settings.Global.CAPTIVE_PORTAL_OTHER_FALLBACK_URLS,
+ UBUNTU_HTTP_URL);
+ Settings.Global.putInt(cr, Settings.Global.CAPTIVE_PORTAL_MODE,
+ Settings.Global.CAPTIVE_PORTAL_MODE_PROMPT);
+ break;
+ case AMAZON_CAPTIVE_PORTAL_HTTP_URL_INTVAL:
+ Settings.Global.putString(cr, Settings.Global.CAPTIVE_PORTAL_HTTP_URL,
+ AMAZON_HTTP_URL);
+ Settings.Global.putString(cr, Settings.Global.CAPTIVE_PORTAL_HTTPS_URL,
+ AMAZON_HTTPS_URL);
+ Settings.Global.putString(cr, Settings.Global.CAPTIVE_PORTAL_FALLBACK_URL,
+ AMAZON_HTTP_URL);
+ Settings.Global.putString(
+ cr, Settings.Global.CAPTIVE_PORTAL_OTHER_FALLBACK_URLS,
+ AMAZON_HTTP_URL);
+ Settings.Global.putInt(cr, Settings.Global.CAPTIVE_PORTAL_MODE,
+ Settings.Global.CAPTIVE_PORTAL_MODE_PROMPT);
+ break;
+ case MICROSOFT_CAPTIVE_PORTAL_HTTP_URL_INTVAL:
+ Settings.Global.putString(cr, Settings.Global.CAPTIVE_PORTAL_HTTP_URL,
+ MICROSOFT_HTTP_URL);
+ Settings.Global.putString(cr, Settings.Global.CAPTIVE_PORTAL_HTTPS_URL,
+ MICROSOFT_HTTP_URL);
+ Settings.Global.putString(cr, Settings.Global.CAPTIVE_PORTAL_FALLBACK_URL,
+ MICROSOFT_HTTP_URL);
+ Settings.Global.putString(
+ cr, Settings.Global.CAPTIVE_PORTAL_OTHER_FALLBACK_URLS,
+ MICROSOFT_HTTP_URL);
+ Settings.Global.putInt(cr, Settings.Global.CAPTIVE_PORTAL_MODE,
+ Settings.Global.CAPTIVE_PORTAL_MODE_PROMPT);
+ break;
+ case KUKETZ_CAPTIVE_PORTAL_HTTP_URL_INTVAL:
+ Settings.Global.putString(cr, Settings.Global.CAPTIVE_PORTAL_HTTP_URL,
+ KUKETZ_HTTP_URL);
+ Settings.Global.putString(cr, Settings.Global.CAPTIVE_PORTAL_HTTPS_URL,
+ KUKETZ_HTTPS_URL);
+ Settings.Global.putString(cr, Settings.Global.CAPTIVE_PORTAL_FALLBACK_URL,
+ KUKETZ_HTTP_URL);
+ Settings.Global.putString(
+ cr, Settings.Global.CAPTIVE_PORTAL_OTHER_FALLBACK_URLS,
+ KUKETZ_HTTP_URL);
+ Settings.Global.putInt(cr, Settings.Global.CAPTIVE_PORTAL_MODE,
+ Settings.Global.CAPTIVE_PORTAL_MODE_PROMPT);
+ break;
+ default:
+ // Default URLs as placeholder
+ Settings.Global.putString(cr, Settings.Global.CAPTIVE_PORTAL_HTTP_URL,
+ STANDARD_HTTP_URL);
+ Settings.Global.putString(cr, Settings.Global.CAPTIVE_PORTAL_HTTPS_URL,
+ STANDARD_HTTPS_URL);
+ Settings.Global.putString(cr, Settings.Global.CAPTIVE_PORTAL_FALLBACK_URL,
+ STANDARD_FALLBACK_URL);
+ Settings.Global.putString(
+ cr, Settings.Global.CAPTIVE_PORTAL_OTHER_FALLBACK_URLS,
+ STANDARD_OTHER_FALLBACK_URLS);
+ Settings.Global.putInt(cr, Settings.Global.CAPTIVE_PORTAL_MODE,
+ Settings.Global.CAPTIVE_PORTAL_MODE_IGNORE);
+ }
+ }
+
+ @Override
+ public boolean onPreferenceChange(Preference preference, Object value) {
+ final String key = preference.getKey();
+ if (KEY_CONNECTIVITY_CHECK_SETTINGS.equals(key)) {
+ setCaptivePortalURLs(mContext.getContentResolver(),
+ Integer.parseInt((String)value));
+ return true;
+ } else {
+ return false;
+ }
+ }
+
+ private EnforcedAdmin getEnforcedAdmin() {
+ return RestrictedLockUtilsInternal.checkIfRestrictionEnforced(
+ mContext, UserManager.DISALLOW_CONFIG_PRIVATE_DNS,
+ UserHandle.myUserId());
+ }
+
+ private boolean isDisabledByAdmin() { return getEnforcedAdmin() != null; }
+}
diff --git a/src/com/android/settings/network/NetworkDashboardFragment.java b/src/com/android/settings/network/NetworkDashboardFragment.java
index 8c686a54aa..19b3ae3ea6 100644
--- a/src/com/android/settings/network/NetworkDashboardFragment.java
+++ b/src/com/android/settings/network/NetworkDashboardFragment.java
@@ -104,6 +104,8 @@ public class NetworkDashboardFragment extends DashboardFragment implements
new VpnPreferenceController(context);
final PrivateDnsPreferenceController privateDnsPreferenceController =
new PrivateDnsPreferenceController(context);
+ final ConnectivityCheckPreferenceController connectivityCheckPreferenceController =
+ new ConnectivityCheckPreferenceController(context);
if (lifecycle != null) {
lifecycle.addObserver(mobilePlanPreferenceController);
@@ -129,6 +131,7 @@ public class NetworkDashboardFragment extends DashboardFragment implements
controllers.add(mobilePlanPreferenceController);
controllers.add(wifiPreferenceController);
controllers.add(privateDnsPreferenceController);
+ controllers.add(connectivityCheckPreferenceController);
return controllers;
}

View File

@ -0,0 +1,172 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Wed, 20 Apr 2022 01:04:27 -0400
Subject: [PATCH] Add a toggle to disable /etc/hosts lookup
Copy and pasted from the GrapheneOS exec spawning toggle patch
Signed-off-by: Tad <tad@spotco.us>
Change-Id: Ic01a142722372d9d57f52947025cd9db23e58ef4
---
res/values/strings.xml | 3 +
res/xml/security_dashboard_settings.xml | 6 +
.../security/HostsPreferenceController.java | 106 ++++++++++++++++++
.../settings/security/SecuritySettings.java | 1 +
4 files changed, 116 insertions(+)
create mode 100644 src/com/android/settings/security/HostsPreferenceController.java
diff --git a/res/values/strings.xml b/res/values/strings.xml
index 88bd100122..a64940d793 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -11327,6 +11327,9 @@
<string name="native_debug_title">Enable native code debugging</string>
<string name="native_debug_summary">Generate useful logs / bug reports from crashes and permit debugging native code.</string>
+ <string name="hosts_disable_title">Disable DNS content blocker</string>
+ <string name="hosts_disable_summary">Disables use of the included /etc/hosts database for data collection and malware blocking.</string>
+
<!-- Title for the top level Privacy Settings [CHAR LIMIT=30]-->
<string name="privacy_dashboard_title">Privacy</string>
<!-- Summary for the top level Privacy Settings [CHAR LIMIT=NONE]-->
diff --git a/res/xml/security_dashboard_settings.xml b/res/xml/security_dashboard_settings.xml
index 08328ad7b6..23a39d3106 100644
--- a/res/xml/security_dashboard_settings.xml
+++ b/res/xml/security_dashboard_settings.xml
@@ -75,6 +75,12 @@
android:title="@string/native_debug_title"
android:summary="@string/native_debug_summary"
android:persistent="false" />
+
+ <SwitchPreference
+ android:key="hosts_disable"
+ android:title="@string/hosts_disable_title"
+ android:summary="@string/hosts_disable_summary"
+ android:persistent="false" />
</PreferenceCategory>
<!-- work profile security section -->
diff --git a/src/com/android/settings/security/HostsPreferenceController.java b/src/com/android/settings/security/HostsPreferenceController.java
new file mode 100644
index 0000000000..d8af6d2649
--- /dev/null
+++ b/src/com/android/settings/security/HostsPreferenceController.java
@@ -0,0 +1,106 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+package com.android.settings.security;
+
+import android.content.Context;
+
+import android.os.UserHandle;
+import android.os.UserManager;
+import android.os.SystemProperties;
+
+import android.provider.Settings;
+
+import androidx.preference.Preference;
+import androidx.preference.PreferenceCategory;
+import androidx.preference.PreferenceGroup;
+import androidx.preference.PreferenceScreen;
+import androidx.preference.TwoStatePreference;
+import androidx.preference.SwitchPreference;
+
+import com.android.internal.widget.LockPatternUtils;
+import com.android.settings.core.PreferenceControllerMixin;
+import com.android.settingslib.core.AbstractPreferenceController;
+import com.android.settingslib.core.lifecycle.events.OnResume;
+
+public class HostsPreferenceController extends AbstractPreferenceController
+ implements PreferenceControllerMixin, OnResume, Preference.OnPreferenceChangeListener {
+
+ private static final String SYS_KEY_HOSTS_DISABLE = "persist.security.hosts_disable";
+ private static final String PREF_KEY_HOSTS_DISABLE = "hosts_disable";
+ private static final String PREF_KEY_SECURITY_CATEGORY = "security_category";
+
+ private PreferenceCategory mSecurityCategory;
+ private SwitchPreference mHostsDisable;
+ private boolean mIsAdmin;
+ private UserManager mUm;
+
+ public HostsPreferenceController(Context context) {
+ super(context);
+ mUm = UserManager.get(context);
+ }
+
+ @Override
+ public void displayPreference(PreferenceScreen screen) {
+ super.displayPreference(screen);
+ mSecurityCategory = screen.findPreference(PREF_KEY_SECURITY_CATEGORY);
+ updatePreferenceState();
+ }
+
+ @Override
+ public boolean isAvailable() {
+ mIsAdmin = mUm.isAdminUser();
+ return mIsAdmin;
+ }
+
+ @Override
+ public String getPreferenceKey() {
+ return PREF_KEY_HOSTS_DISABLE;
+ }
+
+ // TODO: should we use onCreatePreferences() instead?
+ private void updatePreferenceState() {
+ if (mSecurityCategory == null) {
+ return;
+ }
+
+ if (mIsAdmin) {
+ mHostsDisable = (SwitchPreference) mSecurityCategory.findPreference(PREF_KEY_HOSTS_DISABLE);
+ mHostsDisable.setChecked(SystemProperties.getInt(SYS_KEY_HOSTS_DISABLE, 0) == 1);
+ } else {
+ mSecurityCategory.removePreference(mSecurityCategory.findPreference(PREF_KEY_HOSTS_DISABLE));
+ }
+ }
+
+ @Override
+ public void onResume() {
+ updatePreferenceState();
+ if (mHostsDisable != null) {
+ boolean mode = mHostsDisable.isChecked();
+ SystemProperties.set(SYS_KEY_HOSTS_DISABLE, mode ? "1" : "0");
+ }
+ }
+
+ @Override
+ public boolean onPreferenceChange(Preference preference, Object value) {
+ final String key = preference.getKey();
+ if (PREF_KEY_HOSTS_DISABLE.equals(key)) {
+ final boolean mode = !mHostsDisable.isChecked();
+ SystemProperties.set(SYS_KEY_HOSTS_DISABLE, mode ? "1" : "0");
+ }
+ return true;
+ }
+}
diff --git a/src/com/android/settings/security/SecuritySettings.java b/src/com/android/settings/security/SecuritySettings.java
index a5e0add739..88ba2ece3a 100644
--- a/src/com/android/settings/security/SecuritySettings.java
+++ b/src/com/android/settings/security/SecuritySettings.java
@@ -123,6 +123,7 @@ public class SecuritySettings extends DashboardFragment {
securityPreferenceControllers.add(new AutoRebootPreferenceController(context));
securityPreferenceControllers.add(new ExecSpawnPreferenceController(context));
securityPreferenceControllers.add(new NativeDebugPreferenceController(context));
+ securityPreferenceControllers.add(new HostsPreferenceController(context));
controllers.add(new PreferenceCategoryController(context, SECURITY_CATEGORY)
.setChildren(securityPreferenceControllers));
controllers.addAll(securityPreferenceControllers);

View File

@ -0,0 +1,34 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Wed, 20 Apr 2022 00:40:53 -0400
Subject: [PATCH] Add a toggle to disable /etc/hosts lookup
[tad@spotco.us]: backport to netd
Signed-off-by: Tad <tad@spotco.us>
Change-Id: Iea165003474e1107dc77980985bf9928c369dbb5
---
resolv/getaddrinfo.cpp | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/resolv/getaddrinfo.cpp b/resolv/getaddrinfo.cpp
index cf8e4d26..245132f6 100644
--- a/resolv/getaddrinfo.cpp
+++ b/resolv/getaddrinfo.cpp
@@ -56,6 +56,7 @@
#include <unistd.h>
#include <android-base/logging.h>
+#include <android-base/properties.h>
#include "netd_resolv/resolv.h"
#include "resolv_cache.h"
@@ -1550,6 +1551,9 @@ found:
}
static bool files_getaddrinfo(const char* name, const addrinfo* pai, addrinfo** res) {
+ if ((android::base::GetIntProperty("persist.security.hosts_disable", 0) != 0) && (strcmp("localhost", name) != 0) && (strcmp("ip6-localhost", name) != 0))
+ return false;
+
struct addrinfo sentinel = {};
struct addrinfo *p, *cur;
FILE* hostf = NULL;

View File

@ -23,10 +23,8 @@ Change-Id: I8a762d0f29ac42fce3dcfc7189e8ff216a8f8d1a
res/xml/network_and_internet.xml | 8 +
...ConnectivityCheckPreferenceController.java | 328 ++++++++++++++++++
.../network/NetworkDashboardFragment.java | 3 +
.../network/NetworkDashboardFragment.java.rej | 11 +
6 files changed, 377 insertions(+)
5 files changed, 366 insertions(+)
create mode 100644 src/com/android/settings/network/ConnectivityCheckPreferenceController.java
create mode 100644 src/com/android/settings/network/NetworkDashboardFragment.java.rej
diff --git a/res/values/arrays.xml b/res/values/arrays.xml
index 617548cadc..87fd6e5df6 100644
@ -94,7 +92,7 @@ index 6bf6dbaccf..8ee092aa04 100644
</PreferenceScreen>
diff --git a/src/com/android/settings/network/ConnectivityCheckPreferenceController.java b/src/com/android/settings/network/ConnectivityCheckPreferenceController.java
new file mode 100644
index 0000000000..3dc7520df3
index 0000000000..942ae750bc
--- /dev/null
+++ b/src/com/android/settings/network/ConnectivityCheckPreferenceController.java
@@ -0,0 +1,328 @@
@ -447,20 +445,3 @@ index db704ae850..c77b07821e 100644
return controllers;
}
diff --git a/src/com/android/settings/network/NetworkDashboardFragment.java.rej b/src/com/android/settings/network/NetworkDashboardFragment.java.rej
new file mode 100644
index 0000000000..491cf70863
--- /dev/null
+++ b/src/com/android/settings/network/NetworkDashboardFragment.java.rej
@@ -0,0 +1,11 @@
+diff a/src/com/android/settings/network/NetworkDashboardFragment.java b/src/com/android/settings/network/NetworkDashboardFragment.java (rejected hunks)
+@@ -119,6 +119,9 @@ public class NetworkDashboardFragment extends DashboardFragment implements
+ }
+ controllers.add(privateDnsPreferenceController);
+ controllers.add(new NetworkProviderCallsSmsController(context, lifecycle));
++ ConnectivityCheckPreferenceController connectivityCheck =
++ new ConnectivityCheckPreferenceController(context);
++ controllers.add(connectivityCheck);
+ return controllers;
+ }
+

View File

@ -84,7 +84,7 @@ index 0b4f4db6c4..ca6a2cf62d 100644
android:id="@+id/private_dns_mode_opportunistic"
layout="@layout/preference_widget_dialog_radiobutton"/>
diff --git a/res/values/cm_strings.xml b/res/values/cm_strings.xml
index 5ddfe66ec0..89341009d4 100644
index d13d4d4fe8..90f8829027 100644
--- a/res/values/cm_strings.xml
+++ b/res/values/cm_strings.xml
@@ -137,6 +137,21 @@

View File

@ -13,10 +13,10 @@ Subject: [PATCH] add auto-reboot setting
create mode 100644 src/com/android/settings/security/AutoRebootPreferenceController.java
diff --git a/res/values/arrays.xml b/res/values/arrays.xml
index 617548cadc..9caf926229 100644
index 87fd6e5df6..b2ea885d46 100644
--- a/res/values/arrays.xml
+++ b/res/values/arrays.xml
@@ -146,6 +146,37 @@
@@ -170,6 +170,37 @@
<item>1800000</item>
</string-array>
@ -55,7 +55,7 @@ index 617548cadc..9caf926229 100644
<item msgid="6490061470416867723">Small</item>
<item msgid="3579015730662088893">Default</item>
diff --git a/res/values/strings.xml b/res/values/strings.xml
index 0c6fe1a541..b9f886d492 100644
index 0173a8bf31..3d9a6548fc 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -647,6 +647,9 @@

View File

@ -12,7 +12,7 @@ Subject: [PATCH] add bluetooth auto-turn-off setting
create mode 100644 src/com/android/settings/bluetooth/BluetoothTimeoutPreferenceController.java
diff --git a/res/values/arrays.xml b/res/values/arrays.xml
index 9caf926229..d40e65e536 100644
index b2ea885d46..5317326366 100644
--- a/res/values/arrays.xml
+++ b/res/values/arrays.xml
@@ -39,6 +39,50 @@
@ -67,7 +67,7 @@ index 9caf926229..d40e65e536 100644
<string-array name="screen_timeout_entries">
<item>15 seconds</item>
diff --git a/res/values/strings.xml b/res/values/strings.xml
index b9f886d492..e925a30b3e 100644
index 3d9a6548fc..773e7ffa68 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -27,6 +27,25 @@

View File

@ -12,7 +12,7 @@ Subject: [PATCH] add Wi-Fi timeout feature
create mode 100644 src/com/android/settings/wifi/WifiTimeoutPreferenceController.java
diff --git a/res/values/arrays.xml b/res/values/arrays.xml
index d40e65e536..6259f4d1a5 100644
index 5317326366..2013c789cd 100644
--- a/res/values/arrays.xml
+++ b/res/values/arrays.xml
@@ -83,6 +83,50 @@
@ -67,7 +67,7 @@ index d40e65e536..6259f4d1a5 100644
<string-array name="screen_timeout_entries">
<item>15 seconds</item>
diff --git a/res/values/strings.xml b/res/values/strings.xml
index e925a30b3e..de6d38bcbd 100644
index 773e7ffa68..278b6ace5e 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -46,6 +46,25 @@

View File

@ -12,7 +12,7 @@ Subject: [PATCH] add native debugging setting
create mode 100644 src/com/android/settings/security/NativeDebugPreferenceController.java
diff --git a/res/values/strings.xml b/res/values/strings.xml
index de6d38bcbd..dc14819f0c 100644
index 278b6ace5e..dd813f1784 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -11957,6 +11957,9 @@

View File

@ -10,7 +10,7 @@ Subject: [PATCH] UserManager app installation restrictions
3 files changed, 44 insertions(+), 5 deletions(-)
diff --git a/res/values/strings.xml b/res/values/strings.xml
index e612651bfe..c8e830342b 100644
index 4ea24ec62e..a2c18d6cea 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -7088,6 +7088,8 @@

View File

@ -12,7 +12,7 @@ Subject: [PATCH] add exec spawning toggle
create mode 100644 src/com/android/settings/security/ExecSpawnPreferenceController.java
diff --git a/res/values/strings.xml b/res/values/strings.xml
index dc14819f0c..e612651bfe 100644
index dd813f1784..4ea24ec62e 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -11957,6 +11957,8 @@

View File

@ -13,10 +13,10 @@ RANDOMIZATION_ALWAYS is set as the default option
5 files changed, 56 insertions(+), 17 deletions(-)
diff --git a/res/values/arrays.xml b/res/values/arrays.xml
index 6259f4d1a5..e93794e955 100644
index 2013c789cd..309cbc9e77 100644
--- a/res/values/arrays.xml
+++ b/res/values/arrays.xml
@@ -1332,7 +1332,8 @@
@@ -1356,7 +1356,8 @@
</string-array>
<string-array name="wifi_privacy_entries">
@ -26,7 +26,7 @@ index 6259f4d1a5..e93794e955 100644
<item>Use device MAC</item>
</string-array>
@@ -1348,6 +1349,7 @@
@@ -1372,6 +1373,7 @@
</string-array>
<string-array name="wifi_privacy_values" translatable="false">

View File

@ -16,7 +16,7 @@ Change-Id: Ic01a142722372d9d57f52947025cd9db23e58ef4
create mode 100644 src/com/android/settings/security/HostsPreferenceController.java
diff --git a/res/values/strings.xml b/res/values/strings.xml
index c8e830342b..b04499511b 100644
index a2c18d6cea..087fd82ef9 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -11969,6 +11969,9 @@

View File

@ -11,10 +11,10 @@ Subject: [PATCH] add LTE only setting
4 files changed, 39 insertions(+), 3 deletions(-)
diff --git a/res/values/arrays.xml b/res/values/arrays.xml
index e93794e955..af140191ee 100644
index 309cbc9e77..7d6ca66e85 100644
--- a/res/values/arrays.xml
+++ b/res/values/arrays.xml
@@ -1393,6 +1393,9 @@
@@ -1417,6 +1417,9 @@
<item>4</item> <!-- AutofillManager.FLAG_ADD_CLIENT_VERBOSE -->
</string-array>
@ -24,7 +24,7 @@ index e93794e955..af140191ee 100644
<string-array name="enabled_networks_choices" translatable="false">
<item>@string/network_lte</item>
<item>@string/network_3G</item>
@@ -1482,7 +1485,7 @@
@@ -1506,7 +1509,7 @@
<item>CDMA + LTE/EvDo</item>
<item>GSM/WCDMA/LTE</item>
<item>LTE/CDMA/EvDo/GSM/WCDMA</item>
@ -34,7 +34,7 @@ index e93794e955..af140191ee 100644
<item>TDSCDMA only</item>
<item>TDSCDMA/WCDMA</item>
diff --git a/res/values/strings.xml b/res/values/strings.xml
index b04499511b..53834ef17a 100644
index 087fd82ef9..060f94a48f 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -11593,6 +11593,8 @@

View File

@ -10,7 +10,7 @@ Change-Id: Iea165003474e1107dc77980985bf9928c369dbb5
1 file changed, 4 insertions(+)
diff --git a/getaddrinfo.cpp b/getaddrinfo.cpp
index 071f6ac..955b5c2 100644
index 071f6ac..c22c11d 100644
--- a/getaddrinfo.cpp
+++ b/getaddrinfo.cpp
@@ -57,6 +57,7 @@
@ -25,7 +25,7 @@ index 071f6ac..955b5c2 100644
static bool files_getaddrinfo(const size_t netid, const char* name, const addrinfo* pai,
addrinfo** res) {
+ if (android::base::GetIntProperty("persist.security.hosts_disable", 0) != 0 && name != "localhost" && name != "ip6-localhost")
+ if ((android::base::GetIntProperty("persist.security.hosts_disable", 0) != 0) && (strcmp("localhost", name) != 0) && (strcmp("ip6-localhost", name) != 0))
+ return false;
+
struct addrinfo sentinel = {};

View File

@ -25,7 +25,7 @@ index f0c0ba8..8548b1a 100644
static bool files_getaddrinfo(const size_t netid, const char* name, const addrinfo* pai,
addrinfo** res) {
+ if (android::base::GetIntProperty("persist.security.hosts_disable", 0) != 0 && name != "localhost" && name != "ip6-localhost")
+ if ((android::base::GetIntProperty("persist.security.hosts_disable", 0) != 0) && (strcmp("localhost", name) != 0) && (strcmp("ip6-localhost", name) != 0))
+ return false;
+
struct addrinfo sentinel = {};

View File

@ -25,7 +25,7 @@ index d854293..6ff4f09 100644
static bool files_getaddrinfo(const size_t netid, const char* name, const addrinfo* pai,
addrinfo** res) {
+ if (android::base::GetIntProperty("persist.security.hosts_disable", 0) != 0 && name != "localhost" && name != "ip6-localhost")
+ if ((android::base::GetIntProperty("persist.security.hosts_disable", 0) != 0) && (strcmp("localhost", name) != 0) && (strcmp("ip6-localhost", name) != 0))
+ return false;
+
struct addrinfo sentinel = {};

View File

@ -109,8 +109,10 @@ fi;
#if [ "$DOS_GRAPHENE_MALLOC_BROKEN" = true ]; then
#if enterAndClear "external/hardened_malloc"; then
#git revert --no-edit 3d18fb80742fd80a75481b580d102deb18c74af9; #compile fix
#applyPatch "$DOS_PATCHES_COMMON/android_external_hardened_malloc/0001-Broken_Audio.patch"; #DeviceDescriptor sorting wrongly relies on malloc addresses (GrapheneOS)
#applyPatch "$DOS_PATCHES_COMMON/android_external_hardened_malloc/0002-Broken_Cameras.patch"; #Expand workaround to all camera executables (DivestOS)
#sed -i 's/struct mallinfo info = {0};/struct mallinfo info = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0};/' h_malloc.c; #compile fix
#fi;
#fi;

View File

@ -83,7 +83,6 @@ patchWorkspace() {
source build/envsetup.sh;
#repopick -it ten-firewall;
repopick -it Q_tzdb2022f;
repopick -it Q_asb_2023-01;
sh "$DOS_SCRIPTS/Patch.sh";
sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";

View File

@ -85,6 +85,7 @@ applyPatch "$DOS_PATCHES/android_bionic/0003-Graphene_Bionic_Hardening-9.patch";
#applyPatch "$DOS_PATCHES/android_bionic/0003-Graphene_Bionic_Hardening-16.patch"; #Move pthread_internal_t behind guard page (GrapheneOS)
#applyPatch "$DOS_PATCHES/android_bionic/0003-Graphene_Bionic_Hardening-17.patch"; #Add secondary stack randomization (GrapheneOS)
fi;
applyPatch "$DOS_PATCHES/android_bionic/0004-hosts_toggle.patch"; #Add a toggle to disable /etc/hosts lookup (DivestOS)
fi;
if enterAndClear "build/make"; then
@ -301,6 +302,7 @@ if enterAndClear "packages/apps/Settings"; then
git revert --no-edit 486980cfecce2ca64267f41462f9371486308e9d; #Don't hide OEM unlock
#applyPatch "$DOS_PATCHES/android_packages_apps_Settings/272651.patch"; #ten-bt-sbc-hd-dualchannel: Add Dual Channel into Bluetooth Audio Channel Mode developer options menu (ValdikSS)
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969)
#applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle-gos.patch"; #Add option to disable captive portal checks (GrapheneOS) #FIXME: needs work
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0003-Remove_SensorsOff_Tile.patch"; #Remove the Sensors Off development tile (DivestOS)
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0004-Private_DNS.patch"; #More 'Private DNS' options (heavily based off of a CalyxOS patch)
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0005-Automatic_Reboot.patch"; #Timeout for reboot (GrapheneOS)
@ -311,6 +313,7 @@ if [ "$DOS_GRAPHENE_EXEC" = true ]; then applyPatch "$DOS_PATCHES/android_packag
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0010-Random_MAC-1.patch"; #Add option to always randomize MAC (GrapheneOS)
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0010-Random_MAC-2.patch"; #Remove partial MAC randomization translations (GrapheneOS)
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0011-LTE_Only_Mode.patch"; #Add LTE-only option (GrapheneOS)
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0012-hosts_toggle.patch"; #Add a toggle to disable /etc/hosts lookup (heavily based off of a GrapheneOS patch)
sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 64;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase default max password length to 64 (GrapheneOS)
sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service
fi;
@ -374,6 +377,7 @@ fi;
if enterAndClear "system/netd"; then
applyPatch "$DOS_PATCHES/android_system_netd/0001-Network_Permission.patch"; #Expose the NETWORK permission (GrapheneOS)
applyPatch "$DOS_PATCHES/android_system_netd/0002-hosts_toggle.patch"; #Add a toggle to disable /etc/hosts lookup (DivestOS)
fi;
if enterAndClear "system/sepolicy"; then