Two hardening patches from @MSe1969

+ a backport of browser location restriction patch to 14.1 and 15.1 by @syphyr
2025-10-30 14:09:00 -04:00 · 2019-06-02 19:24:57 -04:00 · 2019-06-02 19:24:57 -04:00 · bb72bccbeb
commit bb72bccbeb
parent 163fdb1f68
6 changed files with 122 additions and 0 deletions
--- a/Patches/Common/android_frameworks_base/0001-Browser_No_Location.patch
+++ b/Patches/Common/android_frameworks_base/0001-Browser_No_Location.patch
@ -0,0 +1,35 @@
+From eb1485e1ad5c6683e949006dd62e02cec70ca382 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Mon, 24 Jul 2017 22:59:05 +0200
+Subject: [PATCH] stop granting location to Browser app by default
+
+It works fine without it and requests it after the user grants
+location access to a site.
+
+Change-Id: Ifabc3f1ae4acf008abf1467fc928eeb90613feff
+---
+ .../com/android/server/pm/DefaultPermissionGrantPolicy.java   | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java b/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java
+index 5016ec0d4be0..027cd05bf9e9 100644
+--- a/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java
+++ b/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java
+@@ -539,7 +539,7 @@ private void grantDefaultSystemHandlerPermissions(int userId) {
+             }
+             if (browserPackage != null
+                     && doesPackageSupportRuntimePermissions(browserPackage)) {
+-                grantRuntimePermissionsLPw(browserPackage, LOCATION_PERMISSIONS, userId);
+                //grantRuntimePermissionsLPw(browserPackage, LOCATION_PERMISSIONS, userId);
+             }
+ 
+             // Voice interaction
+@@ -785,7 +785,7 @@ public void grantDefaultPermissionsToDefaultBrowserLPr(String packageName, int u
+         PackageParser.Package browserPackage = getSystemPackageLPr(packageName);
+         if (browserPackage != null
+                 && doesPackageSupportRuntimePermissions(browserPackage)) {
+-            grantRuntimePermissionsLPw(browserPackage, LOCATION_PERMISSIONS, false, false, userId);
+            //grantRuntimePermissionsLPw(browserPackage, LOCATION_PERMISSIONS, false, false, userId);
+         }
+     }
+ 
--- a/Patches/Common/android_frameworks_base/0002-Disable_usage_stats.patch
+++ b/Patches/Common/android_frameworks_base/0002-Disable_usage_stats.patch
@ -0,0 +1,44 @@
+From 20a90f9fcf1bfd3da10210cc06f1428edbe92389 Mon Sep 17 00:00:00 2001
+From: MSe1969 <mse1969@posteo.de>
+Date: Thu, 20 Dec 2018 22:12:35 +0100
+Subject: [PATCH] AppOps: Default GET_USAGE_STATS to MODE_IGNORED
+
+The AppOp OP_GET_USAGE_STATS is defaulted with MODE_DEFAULT and this is
+resolved to default to ALLOW, if the permission PACKAGE_USAGE_STATS is
+requested. This can be switched off in a specific settings menu, hence
+an opt-out is implemented in AOSP.
+
+Letting 3rd parties analyze the behavior does not really add any value
+for the device holder, hence an opt-in makes more sense. Usage stats
+collection is now disabled by default for apps requesting that permission.
+
+If the user wants to allow stats collection, he can enter the respective
+menu in settings and allow the app to collect usage data.
+
+Change-Id: I9e08822851cf660277e45f3023aa80d8918f45ae
+---
+ core/java/android/app/AppOpsManager.java | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/core/java/android/app/AppOpsManager.java b/core/java/android/app/AppOpsManager.java
+index e13947335d2a..19287b3c13a4 100644
+--- a/core/java/android/app/AppOpsManager.java
+++ b/core/java/android/app/AppOpsManager.java
+@@ -930,7 +930,7 @@
+             AppOpsManager.MODE_ALLOWED,
+             AppOpsManager.MODE_ALLOWED,
+             AppOpsManager.MODE_ALLOWED,
+-            AppOpsManager.MODE_DEFAULT, // OP_GET_USAGE_STATS
+            AppOpsManager.MODE_IGNORED, // OP_GET_USAGE_STATS
+             AppOpsManager.MODE_ALLOWED,
+             AppOpsManager.MODE_ALLOWED,
+             AppOpsManager.MODE_IGNORED, // OP_PROJECT_MEDIA
+@@ -1007,7 +1007,7 @@
+             AppOpsManager.MODE_ALLOWED, // OP_WAKE_LOCK
+             AppOpsManager.MODE_ALLOWED, // OP_MONITOR_LOCATION
+             AppOpsManager.MODE_ASK,     // OP_MONITOR_HIGH_POWER_LOCATION
+-            AppOpsManager.MODE_DEFAULT, // OP_GET_USAGE_STATS
+            AppOpsManager.MODE_IGNORED, // OP_GET_USAGE_STATS
+             AppOpsManager.MODE_ALLOWED, // OP_MUTE_MICROPHONE
+             AppOpsManager.MODE_ALLOWED, // OP_TOAST_WINDOW
+             AppOpsManager.MODE_IGNORED, // OP_PROJECT_MEDIA
--- a/Patches/Common/android_frameworks_base/0003-SUPL_No_IMSI.patch
+++ b/Patches/Common/android_frameworks_base/0003-SUPL_No_IMSI.patch
@ -0,0 +1,35 @@
+From 6bdd1bbcea89fc1494e87948d1147402e9d89042 Mon Sep 17 00:00:00 2001
+From: MSe1969 <mse1969@posteo.de>
+Date: Mon, 29 Oct 2018 12:14:17 +0100
+Subject: [PATCH] SUPL: Don't send IMSI / Phone number to SUPL server
+
+Change-Id: I5ccc4d61e52ac11ef33f44618d0e610089885b87
+---
+ .../com/android/server/location/GnssLocationProvider.java  | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/services/core/java/com/android/server/location/GnssLocationProvider.java b/services/core/java/com/android/server/location/GnssLocationProvider.java
+index 2c11a01c7851..44163ece2c22 100644
+--- a/services/core/java/com/android/server/location/GnssLocationProvider.java
+++ b/services/core/java/com/android/server/location/GnssLocationProvider.java
+@@ -2053,6 +2053,11 @@ private void requestSetID(int flags) {
+         int type = AGPS_SETID_TYPE_NONE;
+         String data = "";
+ 
+        /*
+         * We don't want to tell Google our IMSI or phone number to spy on us!
+         * As devices w/o SIM card also have working GPS, providing this data does
+         * not seem to add a lot of value, at least not for the device holder
+         *
+         if ((flags & AGPS_RIL_REQUEST_SETID_IMSI) == AGPS_RIL_REQUEST_SETID_IMSI) {
+             String data_temp = phone.getSubscriberId();
+             if (data_temp == null) {
+@@ -2072,7 +2077,7 @@ else if ((flags & AGPS_RIL_REQUEST_SETID_MSISDN) == AGPS_RIL_REQUEST_SETID_MSISD
+                 data = data_temp;
+                 type = AGPS_SETID_TYPE_MSISDN;
+             }
+-        }
+        } */
+         native_agps_set_id(type, data);
+     }
+ 
--- a/Scripts/LineageOS-14.1/Patch.sh
+++ b/Scripts/LineageOS-14.1/Patch.sh
@ -93,6 +93,9 @@ if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then patch -p1 < "$DOS_PATCHES/android_f
 changeDefaultDNS;
 #patch -p1 < "$DOS_PATCHES/android_frameworks_base/0007-Connectivity.patch"; #Change connectivity check URLs to ours
 patch -p1 < "$DOS_PATCHES/android_frameworks_base/0008-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries
+patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0001-Browser_No_Location.patch"; #don't grant location permission to system browsers
+patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0002-Disable_usage_stats.patch"; #don't grant usage stats permission to apps by default
+patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #don't send IMSI to SUPL
 rm -rf packages/PrintRecommendationService; #App that just creates popups to install proprietary print apps

 if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then
--- a/Scripts/LineageOS-15.1/Patch.sh
+++ b/Scripts/LineageOS-15.1/Patch.sh
@ -97,6 +97,9 @@ if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then patch -p1 < "$DOS_PATCHES/android_f
 changeDefaultDNS;
 #patch -p1 < "$DOS_PATCHES/android_frameworks_base/0005-Connectivity.patch"; #Change connectivity check URLs to ours
 patch -p1 < "$DOS_PATCHES/android_frameworks_base/0006-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries
+patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0001-Browser_No_Location.patch"; #don't grant location permission to system browsers
+patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0002-Disable_usage_stats.patch"; #don't grant usage stats permission to apps by default
+patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #don't send IMSI to SUPL
 rm -rf packages/PrintRecommendationService; #App that just creates popups to install proprietary print apps

 if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then
--- a/Scripts/LineageOS-16.0/Patch.sh
+++ b/Scripts/LineageOS-16.0/Patch.sh
@ -100,6 +100,8 @@ changeDefaultDNS;
 patch -p1 < "$DOS_PATCHES/android_frameworks_base/0006-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries
 patch -p1 < "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #always restrict access to Build.SERIAL
 patch -p1 < "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #don't grant location permission to system browsers
+patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0002-Disable_usage_stats.patch"; #don't grant usage stats permission to apps by default
+patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #don't send IMSI to SUPL
 rm -rf packages/PrintRecommendationService; #App that just creates popups to install proprietary print apps

 if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then