mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-10-01 01:35:54 -04:00
Fixes
Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
Tad
parent
63cbd1f483
commit
b78f573eb9
@ -13,11 +13,11 @@ export them via the standard sharing UI.
|
|||||||
core/res/res/layout/app_error_dialog.xml | 4 +-
|
core/res/res/layout/app_error_dialog.xml | 4 +-
|
||||||
core/res/res/values/strings.xml | 3 +
|
core/res/res/values/strings.xml | 3 +
|
||||||
core/res/res/values/symbols.xml | 3 +
|
core/res/res/values/symbols.xml | 3 +
|
||||||
packages/SystemUI/AndroidManifest.xml | 12 ++
|
packages/SystemUI/AndroidManifest.xml | 13 ++
|
||||||
packages/SystemUI/res/values/strings.xml | 5 +
|
packages/SystemUI/res/values/strings.xml | 5 +
|
||||||
.../android/systemui/ErrorReportActivity.kt | 159 ++++++++++++++++++
|
.../android/systemui/ErrorReportActivity.kt | 159 ++++++++++++++++++
|
||||||
.../java/com/android/server/am/AppErrors.java | 1 +
|
.../java/com/android/server/am/AppErrors.java | 1 +
|
||||||
9 files changed, 199 insertions(+), 6 deletions(-)
|
9 files changed, 200 insertions(+), 6 deletions(-)
|
||||||
create mode 100644 packages/SystemUI/src/com/android/systemui/ErrorReportActivity.kt
|
create mode 100644 packages/SystemUI/src/com/android/systemui/ErrorReportActivity.kt
|
||||||
|
|
||||||
diff --git a/core/java/android/app/ApplicationErrorReport.java b/core/java/android/app/ApplicationErrorReport.java
|
diff --git a/core/java/android/app/ApplicationErrorReport.java b/core/java/android/app/ApplicationErrorReport.java
|
||||||
@ -110,10 +110,10 @@ index c3b149a1e295..a47b82018377 100644
|
|||||||
|
|
||||||
<Button
|
<Button
|
||||||
diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
|
diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
|
||||||
index b153a36f65db..3f03f5726b23 100644
|
index 2ea89de7d5cb..94e33f151798 100644
|
||||||
--- a/core/res/res/values/strings.xml
|
--- a/core/res/res/values/strings.xml
|
||||||
+++ b/core/res/res/values/strings.xml
|
+++ b/core/res/res/values/strings.xml
|
||||||
@@ -6343,4 +6343,7 @@ ul.</string>
|
@@ -6360,4 +6360,7 @@ ul.</string>
|
||||||
|
|
||||||
<!-- Title for preference of the system default locale. [CHAR LIMIT=50]-->
|
<!-- Title for preference of the system default locale. [CHAR LIMIT=50]-->
|
||||||
<string name="system_locale_title">System default</string>
|
<string name="system_locale_title">System default</string>
|
||||||
@ -122,10 +122,10 @@ index b153a36f65db..3f03f5726b23 100644
|
|||||||
+ <string name="aerr_show_details">Show details</string>
|
+ <string name="aerr_show_details">Show details</string>
|
||||||
</resources>
|
</resources>
|
||||||
diff --git a/core/res/res/values/symbols.xml b/core/res/res/values/symbols.xml
|
diff --git a/core/res/res/values/symbols.xml b/core/res/res/values/symbols.xml
|
||||||
index 5aecc53bac78..37358f38aaef 100644
|
index 888cd7a79bf6..c9733c9fa4f7 100644
|
||||||
--- a/core/res/res/values/symbols.xml
|
--- a/core/res/res/values/symbols.xml
|
||||||
+++ b/core/res/res/values/symbols.xml
|
+++ b/core/res/res/values/symbols.xml
|
||||||
@@ -4803,6 +4803,9 @@
|
@@ -4852,6 +4852,9 @@
|
||||||
<java-symbol type="id" name="language_picker_item" />
|
<java-symbol type="id" name="language_picker_item" />
|
||||||
<java-symbol type="id" name="language_picker_header" />
|
<java-symbol type="id" name="language_picker_header" />
|
||||||
|
|
||||||
@ -136,13 +136,14 @@ index 5aecc53bac78..37358f38aaef 100644
|
|||||||
|
|
||||||
<java-symbol type="bool" name="system_server_plays_face_haptics" />
|
<java-symbol type="bool" name="system_server_plays_face_haptics" />
|
||||||
diff --git a/packages/SystemUI/AndroidManifest.xml b/packages/SystemUI/AndroidManifest.xml
|
diff --git a/packages/SystemUI/AndroidManifest.xml b/packages/SystemUI/AndroidManifest.xml
|
||||||
index b89bdf3991d8..0803cfae3ad5 100644
|
index 2cc47823a109..b1ee372bd61a 100644
|
||||||
--- a/packages/SystemUI/AndroidManifest.xml
|
--- a/packages/SystemUI/AndroidManifest.xml
|
||||||
+++ b/packages/SystemUI/AndroidManifest.xml
|
+++ b/packages/SystemUI/AndroidManifest.xml
|
||||||
@@ -941,5 +941,17 @@
|
@@ -969,5 +969,18 @@
|
||||||
|
<action android:name="com.android.systemui.action.DISMISS_VOLUME_PANEL_DIALOG" />
|
||||||
</intent-filter>
|
</intent-filter>
|
||||||
</receiver>
|
</receiver>
|
||||||
|
+
|
||||||
+ <activity
|
+ <activity
|
||||||
+ android:name=".ErrorReportActivity"
|
+ android:name=".ErrorReportActivity"
|
||||||
+ android:exported="true"
|
+ android:exported="true"
|
||||||
@ -158,13 +159,13 @@ index b89bdf3991d8..0803cfae3ad5 100644
|
|||||||
</application>
|
</application>
|
||||||
</manifest>
|
</manifest>
|
||||||
diff --git a/packages/SystemUI/res/values/strings.xml b/packages/SystemUI/res/values/strings.xml
|
diff --git a/packages/SystemUI/res/values/strings.xml b/packages/SystemUI/res/values/strings.xml
|
||||||
index e144b43294c6..2ac23ad4e433 100644
|
index 53f1227383b7..6abeae8f9c35 100644
|
||||||
--- a/packages/SystemUI/res/values/strings.xml
|
--- a/packages/SystemUI/res/values/strings.xml
|
||||||
+++ b/packages/SystemUI/res/values/strings.xml
|
+++ b/packages/SystemUI/res/values/strings.xml
|
||||||
@@ -2552,4 +2552,9 @@
|
@@ -2607,4 +2607,9 @@
|
||||||
=1 {# notification}
|
|
||||||
other {# notifications}
|
<!-- Time format for the Dream Time Complication for 24-hour time format [CHAR LIMIT=NONE] -->
|
||||||
}</string>
|
<string name="dream_time_complication_24_hr_time_format">kk:mm</string>
|
||||||
+
|
+
|
||||||
+ <string name="error_report_title">Error in %1$s</string>
|
+ <string name="error_report_title">Error in %1$s</string>
|
||||||
+ <string name="copy_to_clipboard">Copy to clipboard</string>
|
+ <string name="copy_to_clipboard">Copy to clipboard</string>
|
||||||
|
|||||||
@ -1,101 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Tommy Webb <tommy@calyxinstitute.org>
|
|
||||||
Date: Mon, 5 Dec 2022 14:42:38 +0100
|
|
||||||
Subject: [PATCH] Reland "Fix network leaks with split-tunnel VPNs"
|
|
||||||
|
|
||||||
This does two things:
|
|
||||||
1. Revert the portion of I48e08f34 "fw/b: Add support for allowing
|
|
||||||
/disallowing apps on cellular, vpn and wifi networks" that was
|
|
||||||
previously responsible for updating the restricted mode allowlist
|
|
||||||
based on changes to the default network.
|
|
||||||
2. Bring in Ib4bcf5ae "Fix network leaks with split-tunnel VPNs", which
|
|
||||||
meets the same goal of updating the allowlist, but in a wider range
|
|
||||||
of conditions. Retaining the prior implementation led to a race
|
|
||||||
condition which caused crashes and soft reboots, because the calls
|
|
||||||
to `updateRestrictedModeAllowlistUL()` were not being appropriately
|
|
||||||
guarded by `mUidRulesFirstLock`.
|
|
||||||
|
|
||||||
Ultimately, this patch should probably be squashed into I48e08f34.
|
|
||||||
|
|
||||||
Co-authored-by: Oliver Scott <olivercscott@gmail.com>
|
|
||||||
Issue: calyxos#1081
|
|
||||||
Change-Id: I84c7667824cc840724a07e7d0435f5ec59a67986
|
|
||||||
---
|
|
||||||
.../net/NetworkPolicyManagerService.java | 43 ++++++-------------
|
|
||||||
1 file changed, 12 insertions(+), 31 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/services/core/java/com/android/server/net/NetworkPolicyManagerService.java b/services/core/java/com/android/server/net/NetworkPolicyManagerService.java
|
|
||||||
index 8102d892c2d7..7addf69a28af 100644
|
|
||||||
--- a/services/core/java/com/android/server/net/NetworkPolicyManagerService.java
|
|
||||||
+++ b/services/core/java/com/android/server/net/NetworkPolicyManagerService.java
|
|
||||||
@@ -1105,14 +1105,6 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
|
|
||||||
ACTION_CARRIER_CONFIG_CHANGED);
|
|
||||||
mContext.registerReceiver(mCarrierConfigReceiver, carrierConfigFilter, null, mHandler);
|
|
||||||
|
|
||||||
- for (UserInfo userInfo : mUserManager.getAliveUsers()) {
|
|
||||||
- mConnManager.registerDefaultNetworkCallbackForUid(
|
|
||||||
- UserHandle.getUid(userInfo.id, Process.myUid()),
|
|
||||||
- mDefaultNetworkCallback,
|
|
||||||
- mUidEventHandler
|
|
||||||
- );
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
// listen for meteredness changes
|
|
||||||
mConnManager.registerNetworkCallback(
|
|
||||||
new NetworkRequest.Builder().build(), mNetworkCallback);
|
|
||||||
@@ -1303,11 +1295,6 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
|
|
||||||
ConnectivitySettingsManager.getUidsAllowedOnRestrictedNetworks(
|
|
||||||
mContext);
|
|
||||||
if (action == ACTION_USER_ADDED) {
|
|
||||||
- mConnManager.registerDefaultNetworkCallbackForUid(
|
|
||||||
- UserHandle.getUid(userId, Process.myUid()),
|
|
||||||
- mDefaultNetworkCallback,
|
|
||||||
- mUidEventHandler
|
|
||||||
- );
|
|
||||||
// Add apps that are allowed by default.
|
|
||||||
addDefaultRestrictBackgroundAllowlistUidsUL(userId);
|
|
||||||
try {
|
|
||||||
@@ -1443,24 +1430,6 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
|
|
||||||
return changed;
|
|
||||||
}
|
|
||||||
|
|
||||||
- private final NetworkCallback mDefaultNetworkCallback = new NetworkCallback() {
|
|
||||||
- @Override
|
|
||||||
- public void onAvailable(@NonNull Network network) {
|
|
||||||
- updateRestrictedModeAllowlistUL();
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- @Override
|
|
||||||
- public void onCapabilitiesChanged(@NonNull Network network,
|
|
||||||
- @NonNull NetworkCapabilities networkCapabilities) {
|
|
||||||
- final int[] newTransports = networkCapabilities.getTransportTypes();
|
|
||||||
- final boolean transportsChanged = updateTransportChange(
|
|
||||||
- mNetworkTransports, newTransports, network);
|
|
||||||
- if (transportsChanged) {
|
|
||||||
- updateRestrictedModeAllowlistUL();
|
|
||||||
- }
|
|
||||||
- }
|
|
||||||
- };
|
|
||||||
-
|
|
||||||
private final NetworkCallback mNetworkCallback = new NetworkCallback() {
|
|
||||||
@Override
|
|
||||||
public void onCapabilitiesChanged(@NonNull Network network,
|
|
||||||
@@ -1888,6 +1857,18 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
|
|
||||||
updateSubscriptions();
|
|
||||||
|
|
||||||
synchronized (mUidRulesFirstLock) {
|
|
||||||
+ /* With split-tunnel VPNs (those that only include specific apps),
|
|
||||||
+ * the usual NetworkCallback handlers are never called, because the call to
|
|
||||||
+ * registerDefaultNetworkCallbackForUid only detects changes that affect this
|
|
||||||
+ * process; if this process is not covered by the VPN, it won't get callbacks.
|
|
||||||
+ * Ordinarily, updateRestrictedModeAllowlistUL() would be called from those.
|
|
||||||
+ * Firewall restrictions for apps will not be updated properly on VPN connect
|
|
||||||
+ * or disconnect if we don't call it from somewhere else, like here. */
|
|
||||||
+ // TODO: Come up with an appropriate callback that runs more promptly.
|
|
||||||
+ // updateNetworksInternal runs later than NetworkCallback handlers run, so
|
|
||||||
+ // this may present a window of opportunity for unauthorized network access.
|
|
||||||
+ updateRestrictedModeAllowlistUL();
|
|
||||||
+
|
|
||||||
synchronized (mNetworkPoliciesSecondLock) {
|
|
||||||
ensureActiveCarrierPolicyAL();
|
|
||||||
normalizePoliciesNL();
|
|
||||||
@ -177,7 +177,6 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/0023-Skip_Screen_Animation.patc
|
|||||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0026-Crash_Details.patch"; #Add an option to show the details of an application error to the user (GrapheneOS)
|
applyPatch "$DOS_PATCHES/android_frameworks_base/0026-Crash_Details.patch"; #Add an option to show the details of an application error to the user (GrapheneOS)
|
||||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0027-Installer_Glitch.patch"; #Make sure PackageInstaller UI returns a result (GrapheneOS)
|
applyPatch "$DOS_PATCHES/android_frameworks_base/0027-Installer_Glitch.patch"; #Make sure PackageInstaller UI returns a result (GrapheneOS)
|
||||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0028-Remove_Legacy_Package_Query.patch"; #Don't leak device-wide package list to apps when work profile is present (GrapheneOS)
|
applyPatch "$DOS_PATCHES/android_frameworks_base/0028-Remove_Legacy_Package_Query.patch"; #Don't leak device-wide package list to apps when work profile is present (GrapheneOS)
|
||||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0029-Split_Tunnel_Fixes.patch"; #Reland "Fix network leaks with split-tunnel VPNs" (CalyxOS)
|
|
||||||
hardenLocationConf services/core/java/com/android/server/location/gnss/gps_debug.conf; #Harden the default GPS config
|
hardenLocationConf services/core/java/com/android/server/location/gnss/gps_debug.conf; #Harden the default GPS config
|
||||||
changeDefaultDNS; #Change the default DNS servers
|
changeDefaultDNS; #Change the default DNS servers
|
||||||
sed -i 's/DEFAULT_USE_COMPACTION = false;/DEFAULT_USE_COMPACTION = true;/' services/core/java/com/android/server/am/CachedAppOptimizer.java; #Enable app compaction by default (GrapheneOS)
|
sed -i 's/DEFAULT_USE_COMPACTION = false;/DEFAULT_USE_COMPACTION = true;/' services/core/java/com/android/server/am/CachedAppOptimizer.java; #Enable app compaction by default (GrapheneOS)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user