From bb72bccbeb6efadaf2440c47bdd7b8d7e8838b6e Mon Sep 17 00:00:00 2001 From: Tad Date: Sun, 2 Jun 2019 19:24:57 -0400 Subject: [PATCH] Two hardening patches from @MSe1969 + a backport of browser location restriction patch to 14.1 and 15.1 by @syphyr --- .../0001-Browser_No_Location.patch | 35 +++++++++++++++ .../0002-Disable_usage_stats.patch | 44 +++++++++++++++++++ .../0003-SUPL_No_IMSI.patch | 35 +++++++++++++++ Scripts/LineageOS-14.1/Patch.sh | 3 ++ Scripts/LineageOS-15.1/Patch.sh | 3 ++ Scripts/LineageOS-16.0/Patch.sh | 2 + 6 files changed, 122 insertions(+) create mode 100644 Patches/Common/android_frameworks_base/0001-Browser_No_Location.patch create mode 100644 Patches/Common/android_frameworks_base/0002-Disable_usage_stats.patch create mode 100644 Patches/Common/android_frameworks_base/0003-SUPL_No_IMSI.patch diff --git a/Patches/Common/android_frameworks_base/0001-Browser_No_Location.patch b/Patches/Common/android_frameworks_base/0001-Browser_No_Location.patch new file mode 100644 index 00000000..fb04cc55 --- /dev/null +++ b/Patches/Common/android_frameworks_base/0001-Browser_No_Location.patch @@ -0,0 +1,35 @@ +From eb1485e1ad5c6683e949006dd62e02cec70ca382 Mon Sep 17 00:00:00 2001 +From: Daniel Micay +Date: Mon, 24 Jul 2017 22:59:05 +0200 +Subject: [PATCH] stop granting location to Browser app by default + +It works fine without it and requests it after the user grants +location access to a site. + +Change-Id: Ifabc3f1ae4acf008abf1467fc928eeb90613feff +--- + .../com/android/server/pm/DefaultPermissionGrantPolicy.java | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java b/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java +index 5016ec0d4be0..027cd05bf9e9 100644 +--- a/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java ++++ b/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java +@@ -539,7 +539,7 @@ private void grantDefaultSystemHandlerPermissions(int userId) { + } + if (browserPackage != null + && doesPackageSupportRuntimePermissions(browserPackage)) { +- grantRuntimePermissionsLPw(browserPackage, LOCATION_PERMISSIONS, userId); ++ //grantRuntimePermissionsLPw(browserPackage, LOCATION_PERMISSIONS, userId); + } + + // Voice interaction +@@ -785,7 +785,7 @@ public void grantDefaultPermissionsToDefaultBrowserLPr(String packageName, int u + PackageParser.Package browserPackage = getSystemPackageLPr(packageName); + if (browserPackage != null + && doesPackageSupportRuntimePermissions(browserPackage)) { +- grantRuntimePermissionsLPw(browserPackage, LOCATION_PERMISSIONS, false, false, userId); ++ //grantRuntimePermissionsLPw(browserPackage, LOCATION_PERMISSIONS, false, false, userId); + } + } + diff --git a/Patches/Common/android_frameworks_base/0002-Disable_usage_stats.patch b/Patches/Common/android_frameworks_base/0002-Disable_usage_stats.patch new file mode 100644 index 00000000..63997bca --- /dev/null +++ b/Patches/Common/android_frameworks_base/0002-Disable_usage_stats.patch @@ -0,0 +1,44 @@ +From 20a90f9fcf1bfd3da10210cc06f1428edbe92389 Mon Sep 17 00:00:00 2001 +From: MSe1969 +Date: Thu, 20 Dec 2018 22:12:35 +0100 +Subject: [PATCH] AppOps: Default GET_USAGE_STATS to MODE_IGNORED + +The AppOp OP_GET_USAGE_STATS is defaulted with MODE_DEFAULT and this is +resolved to default to ALLOW, if the permission PACKAGE_USAGE_STATS is +requested. This can be switched off in a specific settings menu, hence +an opt-out is implemented in AOSP. + +Letting 3rd parties analyze the behavior does not really add any value +for the device holder, hence an opt-in makes more sense. Usage stats +collection is now disabled by default for apps requesting that permission. + +If the user wants to allow stats collection, he can enter the respective +menu in settings and allow the app to collect usage data. + +Change-Id: I9e08822851cf660277e45f3023aa80d8918f45ae +--- + core/java/android/app/AppOpsManager.java | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/core/java/android/app/AppOpsManager.java b/core/java/android/app/AppOpsManager.java +index e13947335d2a..19287b3c13a4 100644 +--- a/core/java/android/app/AppOpsManager.java ++++ b/core/java/android/app/AppOpsManager.java +@@ -930,7 +930,7 @@ + AppOpsManager.MODE_ALLOWED, + AppOpsManager.MODE_ALLOWED, + AppOpsManager.MODE_ALLOWED, +- AppOpsManager.MODE_DEFAULT, // OP_GET_USAGE_STATS ++ AppOpsManager.MODE_IGNORED, // OP_GET_USAGE_STATS + AppOpsManager.MODE_ALLOWED, + AppOpsManager.MODE_ALLOWED, + AppOpsManager.MODE_IGNORED, // OP_PROJECT_MEDIA +@@ -1007,7 +1007,7 @@ + AppOpsManager.MODE_ALLOWED, // OP_WAKE_LOCK + AppOpsManager.MODE_ALLOWED, // OP_MONITOR_LOCATION + AppOpsManager.MODE_ASK, // OP_MONITOR_HIGH_POWER_LOCATION +- AppOpsManager.MODE_DEFAULT, // OP_GET_USAGE_STATS ++ AppOpsManager.MODE_IGNORED, // OP_GET_USAGE_STATS + AppOpsManager.MODE_ALLOWED, // OP_MUTE_MICROPHONE + AppOpsManager.MODE_ALLOWED, // OP_TOAST_WINDOW + AppOpsManager.MODE_IGNORED, // OP_PROJECT_MEDIA diff --git a/Patches/Common/android_frameworks_base/0003-SUPL_No_IMSI.patch b/Patches/Common/android_frameworks_base/0003-SUPL_No_IMSI.patch new file mode 100644 index 00000000..30b1b141 --- /dev/null +++ b/Patches/Common/android_frameworks_base/0003-SUPL_No_IMSI.patch @@ -0,0 +1,35 @@ +From 6bdd1bbcea89fc1494e87948d1147402e9d89042 Mon Sep 17 00:00:00 2001 +From: MSe1969 +Date: Mon, 29 Oct 2018 12:14:17 +0100 +Subject: [PATCH] SUPL: Don't send IMSI / Phone number to SUPL server + +Change-Id: I5ccc4d61e52ac11ef33f44618d0e610089885b87 +--- + .../com/android/server/location/GnssLocationProvider.java | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/services/core/java/com/android/server/location/GnssLocationProvider.java b/services/core/java/com/android/server/location/GnssLocationProvider.java +index 2c11a01c7851..44163ece2c22 100644 +--- a/services/core/java/com/android/server/location/GnssLocationProvider.java ++++ b/services/core/java/com/android/server/location/GnssLocationProvider.java +@@ -2053,6 +2053,11 @@ private void requestSetID(int flags) { + int type = AGPS_SETID_TYPE_NONE; + String data = ""; + ++ /* ++ * We don't want to tell Google our IMSI or phone number to spy on us! ++ * As devices w/o SIM card also have working GPS, providing this data does ++ * not seem to add a lot of value, at least not for the device holder ++ * + if ((flags & AGPS_RIL_REQUEST_SETID_IMSI) == AGPS_RIL_REQUEST_SETID_IMSI) { + String data_temp = phone.getSubscriberId(); + if (data_temp == null) { +@@ -2072,7 +2077,7 @@ else if ((flags & AGPS_RIL_REQUEST_SETID_MSISDN) == AGPS_RIL_REQUEST_SETID_MSISD + data = data_temp; + type = AGPS_SETID_TYPE_MSISDN; + } +- } ++ } */ + native_agps_set_id(type, data); + } + diff --git a/Scripts/LineageOS-14.1/Patch.sh b/Scripts/LineageOS-14.1/Patch.sh index 1bcac879..484c6fbc 100644 --- a/Scripts/LineageOS-14.1/Patch.sh +++ b/Scripts/LineageOS-14.1/Patch.sh @@ -93,6 +93,9 @@ if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then patch -p1 < "$DOS_PATCHES/android_f changeDefaultDNS; #patch -p1 < "$DOS_PATCHES/android_frameworks_base/0007-Connectivity.patch"; #Change connectivity check URLs to ours patch -p1 < "$DOS_PATCHES/android_frameworks_base/0008-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries +patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0001-Browser_No_Location.patch"; #don't grant location permission to system browsers +patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0002-Disable_usage_stats.patch"; #don't grant usage stats permission to apps by default +patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #don't send IMSI to SUPL rm -rf packages/PrintRecommendationService; #App that just creates popups to install proprietary print apps if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then diff --git a/Scripts/LineageOS-15.1/Patch.sh b/Scripts/LineageOS-15.1/Patch.sh index 058bd3d7..4513289e 100644 --- a/Scripts/LineageOS-15.1/Patch.sh +++ b/Scripts/LineageOS-15.1/Patch.sh @@ -97,6 +97,9 @@ if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then patch -p1 < "$DOS_PATCHES/android_f changeDefaultDNS; #patch -p1 < "$DOS_PATCHES/android_frameworks_base/0005-Connectivity.patch"; #Change connectivity check URLs to ours patch -p1 < "$DOS_PATCHES/android_frameworks_base/0006-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries +patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0001-Browser_No_Location.patch"; #don't grant location permission to system browsers +patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0002-Disable_usage_stats.patch"; #don't grant usage stats permission to apps by default +patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #don't send IMSI to SUPL rm -rf packages/PrintRecommendationService; #App that just creates popups to install proprietary print apps if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then diff --git a/Scripts/LineageOS-16.0/Patch.sh b/Scripts/LineageOS-16.0/Patch.sh index 0e5126fa..16896588 100644 --- a/Scripts/LineageOS-16.0/Patch.sh +++ b/Scripts/LineageOS-16.0/Patch.sh @@ -100,6 +100,8 @@ changeDefaultDNS; patch -p1 < "$DOS_PATCHES/android_frameworks_base/0006-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries patch -p1 < "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #always restrict access to Build.SERIAL patch -p1 < "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #don't grant location permission to system browsers +patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0002-Disable_usage_stats.patch"; #don't grant usage stats permission to apps by default +patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #don't send IMSI to SUPL rm -rf packages/PrintRecommendationService; #App that just creates popups to install proprietary print apps if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then