Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
Tad 2022-12-10 20:30:01 -05:00
parent 63cbd1f483
commit b78f573eb9
No known key found for this signature in database
GPG Key ID: B286E9F57A07424B
3 changed files with 15 additions and 116 deletions

View File

@ -13,11 +13,11 @@ export them via the standard sharing UI.
core/res/res/layout/app_error_dialog.xml | 4 +- core/res/res/layout/app_error_dialog.xml | 4 +-
core/res/res/values/strings.xml | 3 + core/res/res/values/strings.xml | 3 +
core/res/res/values/symbols.xml | 3 + core/res/res/values/symbols.xml | 3 +
packages/SystemUI/AndroidManifest.xml | 12 ++ packages/SystemUI/AndroidManifest.xml | 13 ++
packages/SystemUI/res/values/strings.xml | 5 + packages/SystemUI/res/values/strings.xml | 5 +
.../android/systemui/ErrorReportActivity.kt | 159 ++++++++++++++++++ .../android/systemui/ErrorReportActivity.kt | 159 ++++++++++++++++++
.../java/com/android/server/am/AppErrors.java | 1 + .../java/com/android/server/am/AppErrors.java | 1 +
9 files changed, 199 insertions(+), 6 deletions(-) 9 files changed, 200 insertions(+), 6 deletions(-)
create mode 100644 packages/SystemUI/src/com/android/systemui/ErrorReportActivity.kt create mode 100644 packages/SystemUI/src/com/android/systemui/ErrorReportActivity.kt
diff --git a/core/java/android/app/ApplicationErrorReport.java b/core/java/android/app/ApplicationErrorReport.java diff --git a/core/java/android/app/ApplicationErrorReport.java b/core/java/android/app/ApplicationErrorReport.java
@ -110,10 +110,10 @@ index c3b149a1e295..a47b82018377 100644
<Button <Button
diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
index b153a36f65db..3f03f5726b23 100644 index 2ea89de7d5cb..94e33f151798 100644
--- a/core/res/res/values/strings.xml --- a/core/res/res/values/strings.xml
+++ b/core/res/res/values/strings.xml +++ b/core/res/res/values/strings.xml
@@ -6343,4 +6343,7 @@ ul.</string> @@ -6360,4 +6360,7 @@ ul.</string>
<!-- Title for preference of the system default locale. [CHAR LIMIT=50]--> <!-- Title for preference of the system default locale. [CHAR LIMIT=50]-->
<string name="system_locale_title">System default</string> <string name="system_locale_title">System default</string>
@ -122,10 +122,10 @@ index b153a36f65db..3f03f5726b23 100644
+ <string name="aerr_show_details">Show details</string> + <string name="aerr_show_details">Show details</string>
</resources> </resources>
diff --git a/core/res/res/values/symbols.xml b/core/res/res/values/symbols.xml diff --git a/core/res/res/values/symbols.xml b/core/res/res/values/symbols.xml
index 5aecc53bac78..37358f38aaef 100644 index 888cd7a79bf6..c9733c9fa4f7 100644
--- a/core/res/res/values/symbols.xml --- a/core/res/res/values/symbols.xml
+++ b/core/res/res/values/symbols.xml +++ b/core/res/res/values/symbols.xml
@@ -4803,6 +4803,9 @@ @@ -4852,6 +4852,9 @@
<java-symbol type="id" name="language_picker_item" /> <java-symbol type="id" name="language_picker_item" />
<java-symbol type="id" name="language_picker_header" /> <java-symbol type="id" name="language_picker_header" />
@ -136,13 +136,14 @@ index 5aecc53bac78..37358f38aaef 100644
<java-symbol type="bool" name="system_server_plays_face_haptics" /> <java-symbol type="bool" name="system_server_plays_face_haptics" />
diff --git a/packages/SystemUI/AndroidManifest.xml b/packages/SystemUI/AndroidManifest.xml diff --git a/packages/SystemUI/AndroidManifest.xml b/packages/SystemUI/AndroidManifest.xml
index b89bdf3991d8..0803cfae3ad5 100644 index 2cc47823a109..b1ee372bd61a 100644
--- a/packages/SystemUI/AndroidManifest.xml --- a/packages/SystemUI/AndroidManifest.xml
+++ b/packages/SystemUI/AndroidManifest.xml +++ b/packages/SystemUI/AndroidManifest.xml
@@ -941,5 +941,17 @@ @@ -969,5 +969,18 @@
<action android:name="com.android.systemui.action.DISMISS_VOLUME_PANEL_DIALOG" />
</intent-filter> </intent-filter>
</receiver> </receiver>
+
+ <activity + <activity
+ android:name=".ErrorReportActivity" + android:name=".ErrorReportActivity"
+ android:exported="true" + android:exported="true"
@ -158,13 +159,13 @@ index b89bdf3991d8..0803cfae3ad5 100644
</application> </application>
</manifest> </manifest>
diff --git a/packages/SystemUI/res/values/strings.xml b/packages/SystemUI/res/values/strings.xml diff --git a/packages/SystemUI/res/values/strings.xml b/packages/SystemUI/res/values/strings.xml
index e144b43294c6..2ac23ad4e433 100644 index 53f1227383b7..6abeae8f9c35 100644
--- a/packages/SystemUI/res/values/strings.xml --- a/packages/SystemUI/res/values/strings.xml
+++ b/packages/SystemUI/res/values/strings.xml +++ b/packages/SystemUI/res/values/strings.xml
@@ -2552,4 +2552,9 @@ @@ -2607,4 +2607,9 @@
=1 {# notification}
other {# notifications} <!-- Time format for the Dream Time Complication for 24-hour time format [CHAR LIMIT=NONE] -->
}</string> <string name="dream_time_complication_24_hr_time_format">kk:mm</string>
+ +
+ <string name="error_report_title">Error in %1$s</string> + <string name="error_report_title">Error in %1$s</string>
+ <string name="copy_to_clipboard">Copy to clipboard</string> + <string name="copy_to_clipboard">Copy to clipboard</string>

View File

@ -1,101 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Tommy Webb <tommy@calyxinstitute.org>
Date: Mon, 5 Dec 2022 14:42:38 +0100
Subject: [PATCH] Reland "Fix network leaks with split-tunnel VPNs"
This does two things:
1. Revert the portion of I48e08f34 "fw/b: Add support for allowing
/disallowing apps on cellular, vpn and wifi networks" that was
previously responsible for updating the restricted mode allowlist
based on changes to the default network.
2. Bring in Ib4bcf5ae "Fix network leaks with split-tunnel VPNs", which
meets the same goal of updating the allowlist, but in a wider range
of conditions. Retaining the prior implementation led to a race
condition which caused crashes and soft reboots, because the calls
to `updateRestrictedModeAllowlistUL()` were not being appropriately
guarded by `mUidRulesFirstLock`.
Ultimately, this patch should probably be squashed into I48e08f34.
Co-authored-by: Oliver Scott <olivercscott@gmail.com>
Issue: calyxos#1081
Change-Id: I84c7667824cc840724a07e7d0435f5ec59a67986
---
.../net/NetworkPolicyManagerService.java | 43 ++++++-------------
1 file changed, 12 insertions(+), 31 deletions(-)
diff --git a/services/core/java/com/android/server/net/NetworkPolicyManagerService.java b/services/core/java/com/android/server/net/NetworkPolicyManagerService.java
index 8102d892c2d7..7addf69a28af 100644
--- a/services/core/java/com/android/server/net/NetworkPolicyManagerService.java
+++ b/services/core/java/com/android/server/net/NetworkPolicyManagerService.java
@@ -1105,14 +1105,6 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
ACTION_CARRIER_CONFIG_CHANGED);
mContext.registerReceiver(mCarrierConfigReceiver, carrierConfigFilter, null, mHandler);
- for (UserInfo userInfo : mUserManager.getAliveUsers()) {
- mConnManager.registerDefaultNetworkCallbackForUid(
- UserHandle.getUid(userInfo.id, Process.myUid()),
- mDefaultNetworkCallback,
- mUidEventHandler
- );
- }
-
// listen for meteredness changes
mConnManager.registerNetworkCallback(
new NetworkRequest.Builder().build(), mNetworkCallback);
@@ -1303,11 +1295,6 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
ConnectivitySettingsManager.getUidsAllowedOnRestrictedNetworks(
mContext);
if (action == ACTION_USER_ADDED) {
- mConnManager.registerDefaultNetworkCallbackForUid(
- UserHandle.getUid(userId, Process.myUid()),
- mDefaultNetworkCallback,
- mUidEventHandler
- );
// Add apps that are allowed by default.
addDefaultRestrictBackgroundAllowlistUidsUL(userId);
try {
@@ -1443,24 +1430,6 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
return changed;
}
- private final NetworkCallback mDefaultNetworkCallback = new NetworkCallback() {
- @Override
- public void onAvailable(@NonNull Network network) {
- updateRestrictedModeAllowlistUL();
- }
-
- @Override
- public void onCapabilitiesChanged(@NonNull Network network,
- @NonNull NetworkCapabilities networkCapabilities) {
- final int[] newTransports = networkCapabilities.getTransportTypes();
- final boolean transportsChanged = updateTransportChange(
- mNetworkTransports, newTransports, network);
- if (transportsChanged) {
- updateRestrictedModeAllowlistUL();
- }
- }
- };
-
private final NetworkCallback mNetworkCallback = new NetworkCallback() {
@Override
public void onCapabilitiesChanged(@NonNull Network network,
@@ -1888,6 +1857,18 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
updateSubscriptions();
synchronized (mUidRulesFirstLock) {
+ /* With split-tunnel VPNs (those that only include specific apps),
+ * the usual NetworkCallback handlers are never called, because the call to
+ * registerDefaultNetworkCallbackForUid only detects changes that affect this
+ * process; if this process is not covered by the VPN, it won't get callbacks.
+ * Ordinarily, updateRestrictedModeAllowlistUL() would be called from those.
+ * Firewall restrictions for apps will not be updated properly on VPN connect
+ * or disconnect if we don't call it from somewhere else, like here. */
+ // TODO: Come up with an appropriate callback that runs more promptly.
+ // updateNetworksInternal runs later than NetworkCallback handlers run, so
+ // this may present a window of opportunity for unauthorized network access.
+ updateRestrictedModeAllowlistUL();
+
synchronized (mNetworkPoliciesSecondLock) {
ensureActiveCarrierPolicyAL();
normalizePoliciesNL();

View File

@ -177,7 +177,6 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/0023-Skip_Screen_Animation.patc
applyPatch "$DOS_PATCHES/android_frameworks_base/0026-Crash_Details.patch"; #Add an option to show the details of an application error to the user (GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0026-Crash_Details.patch"; #Add an option to show the details of an application error to the user (GrapheneOS)
applyPatch "$DOS_PATCHES/android_frameworks_base/0027-Installer_Glitch.patch"; #Make sure PackageInstaller UI returns a result (GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0027-Installer_Glitch.patch"; #Make sure PackageInstaller UI returns a result (GrapheneOS)
applyPatch "$DOS_PATCHES/android_frameworks_base/0028-Remove_Legacy_Package_Query.patch"; #Don't leak device-wide package list to apps when work profile is present (GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0028-Remove_Legacy_Package_Query.patch"; #Don't leak device-wide package list to apps when work profile is present (GrapheneOS)
applyPatch "$DOS_PATCHES/android_frameworks_base/0029-Split_Tunnel_Fixes.patch"; #Reland "Fix network leaks with split-tunnel VPNs" (CalyxOS)
hardenLocationConf services/core/java/com/android/server/location/gnss/gps_debug.conf; #Harden the default GPS config hardenLocationConf services/core/java/com/android/server/location/gnss/gps_debug.conf; #Harden the default GPS config
changeDefaultDNS; #Change the default DNS servers changeDefaultDNS; #Change the default DNS servers
sed -i 's/DEFAULT_USE_COMPACTION = false;/DEFAULT_USE_COMPACTION = true;/' services/core/java/com/android/server/am/CachedAppOptimizer.java; #Enable app compaction by default (GrapheneOS) sed -i 's/DEFAULT_USE_COMPACTION = false;/DEFAULT_USE_COMPACTION = true;/' services/core/java/com/android/server/am/CachedAppOptimizer.java; #Enable app compaction by default (GrapheneOS)