diff --git a/Misc/Features/GrapheneOS.txt b/Misc/Features/GrapheneOS.txt index c939b3c5..94a79a39 100644 --- a/Misc/Features/GrapheneOS.txt +++ b/Misc/Features/GrapheneOS.txt @@ -214,13 +214,13 @@ nojit 11 https://github.com/GrapheneOS/platform_frameworks_base/commit/3afe69fda4e6d89c90bb5d35e43ed2cc272e20dc 11 https://github.com/GrapheneOS/platform_packages_apps_Settings/commit/607919bb5de5aa42558f73840a1f1c06fc5c04fd -[implemented] Bluetooth auto turn off (partial CalyxOS? +[implemented] Bluetooth auto turn off (partial CalyxOS) 12 https://github.com/GrapheneOS/platform_frameworks_base/commit/6577307ef97cfeb4ba951d0c9e2696a21bd1237a 12 https://github.com/GrapheneOS/platform_packages_apps_Settings/commit/cfc5b87c62cc67b5a242a3030eba7fff934871b5 11 https://github.com/GrapheneOS/platform_frameworks_base/commit/e9d17cd4807dbfa837b16296b3a2e4434c060002 11 https://github.com/GrapheneOS/platform_packages_apps_Settings/commit/43ca9fac87286bab5db3be5ee079e0047a469a66 -[implemented] Wi-Fi auto turn off (partial CalyxOS?) +[implemented] Wi-Fi auto turn off (partial CalyxOS) 12 https://github.com/GrapheneOS/platform_frameworks_base/commit/b008fb6e05af55577bad6046af4a91af4fccaeca 12 https://github.com/GrapheneOS/platform_packages_apps_Settings/commit/0f8a16323cfe431da8146e5ae58972c42b4d32d6 11 https://github.com/GrapheneOS/platform_frameworks_base/commit/423f3e151beae0c608881d4bf16b8dff22b5efc6 diff --git a/Patches/LineageOS-19.1/android_bionic/0001-HM-Use_HM.patch b/Patches/LineageOS-19.1/android_bionic/0001-HM-Use_HM.patch index 7b87586a..8ce4dc09 100644 --- a/Patches/LineageOS-19.1/android_bionic/0001-HM-Use_HM.patch +++ b/Patches/LineageOS-19.1/android_bionic/0001-HM-Use_HM.patch @@ -7,14 +7,14 @@ Co-authored-by: anupritaisno1 Signed-off-by: anupritaisno1 [tad@spotco.us]: kept Lineage's scudo 32-bit workaround --- - libc/Android.bp | 39 +++++++++++------------- - libc/bionic/h_malloc_wrapper.cpp | 51 ++++++++++++++++++++++++++++++++ + libc/Android.bp | 54 +++++++++++++++----------------- + libc/bionic/h_malloc_wrapper.cpp | 51 ++++++++++++++++++++++++++++++ libc/bionic/malloc_common.h | 8 +++++ - 3 files changed, 77 insertions(+), 21 deletions(-) + 3 files changed, 84 insertions(+), 29 deletions(-) create mode 100644 libc/bionic/h_malloc_wrapper.cpp diff --git a/libc/Android.bp b/libc/Android.bp -index 98b878151..75b06f58c 100644 +index 98b878151..4bc0a77b3 100644 --- a/libc/Android.bp +++ b/libc/Android.bp @@ -68,6 +68,8 @@ libc_common_flags = [ @@ -26,7 +26,7 @@ index 98b878151..75b06f58c 100644 ] // Define some common cflags -@@ -113,33 +115,20 @@ cc_defaults { +@@ -113,19 +115,6 @@ cc_defaults { ldflags: ["-Wl,-z,muldefs"], multilib: { @@ -46,15 +46,8 @@ index 98b878151..75b06f58c 100644 lib32: { product_variables: { malloc_zero_contents: { - cflags: ["-DSCUDO_ZERO_CONTENTS"], - }, - malloc_pattern_fill_contents: { -- cflags: ["-DSCUDO_PATTERN_FILL_CONTENTS"], -+ cflags: ["-DSCUDO_PATTERN_FILL_CONTENTS"], - }, - malloc_not_svelte_libc32: { -- cflags: ["-DUSE_SCUDO"], -+ cflags: ["-DUSE_SCUDO"], +@@ -138,8 +127,8 @@ cc_defaults { + cflags: ["-DUSE_SCUDO"], }, }, - }, @@ -64,7 +57,37 @@ index 98b878151..75b06f58c 100644 } libc_scudo_product_variables = { -@@ -194,12 +183,20 @@ cc_defaults { +@@ -173,20 +162,19 @@ libc32_scudo_product_variables = { + // ======================================================== + cc_defaults { + name: "libc_native_allocator_defaults", +- +- whole_static_libs: [ +- "libjemalloc5", +- "libc_jemalloc_wrapper", +- ], +- header_libs: ["gwp_asan_headers"], ++ whole_static_libs: ["libc_jemalloc_wrapper"], + multilib: { +- lib64: { +- product_variables: libc_scudo_product_variables, +- }, + lib32: { ++ whole_static_libs: ["libjemalloc5"], + product_variables: libc32_scudo_product_variables, +- } ++ }, ++ lib64: { ++ cflags: ["-DH_MALLOC_PREFIX"], ++ whole_static_libs: ["libhardened_malloc"], ++ }, + }, ++ ++ header_libs: ["gwp_asan_headers"], + } + + // Functions not implemented by jemalloc directly, or that need to +@@ -194,12 +182,20 @@ cc_defaults { cc_library_static { name: "libc_jemalloc_wrapper", defaults: ["libc_defaults"], diff --git a/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-1.patch b/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-1.patch index 22fd3d73..d3759d9d 100644 --- a/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-1.patch +++ b/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-1.patch @@ -26,10 +26,10 @@ Signed-off-by: anupritaisno1 create mode 100644 libc/bionic/explicit_bzero.cpp diff --git a/libc/Android.bp b/libc/Android.bp -index 75b06f58c..cae5d8776 100644 +index 4bc0a77b3..bcb3861d8 100644 --- a/libc/Android.bp +++ b/libc/Android.bp -@@ -1084,6 +1084,7 @@ cc_library_static { +@@ -1083,6 +1083,7 @@ cc_library_static { "bionic/error.cpp", "bionic/eventfd.cpp", "bionic/exec.cpp", diff --git a/Patches/LineageOS-19.1/android_build/0002-OTA_Keys.patch b/Patches/LineageOS-19.1/android_build/0002-OTA_Keys.patch index e5c298a0..4535d120 100644 --- a/Patches/LineageOS-19.1/android_build/0002-OTA_Keys.patch +++ b/Patches/LineageOS-19.1/android_build/0002-OTA_Keys.patch @@ -26,6 +26,7 @@ index 4b4ba3ccb8..dac79d1ff7 100644 DEXPREOPT_DISABLED_MODULES := # If a module has multiple setups, the first takes precedence. diff --git a/target/product/security/Android.mk b/target/product/security/Android.mk +index cedad5b490..76d3e5ad1d 100644 --- a/target/product/security/Android.mk +++ b/target/product/security/Android.mk @@ -63,8 +63,15 @@ LOCAL_MODULE_CLASS := ETC diff --git a/Patches/LineageOS-19.1/android_frameworks_base/0013-Network_Permission-4.patch b/Patches/LineageOS-19.1/android_frameworks_base/0013-Network_Permission-4.patch index 2c5fcd7b..595d21a4 100644 --- a/Patches/LineageOS-19.1/android_frameworks_base/0013-Network_Permission-4.patch +++ b/Patches/LineageOS-19.1/android_frameworks_base/0013-Network_Permission-4.patch @@ -1,4 +1,4 @@ -From 2f262ed47122e57283ee85c2cca138728559ef35 Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Dmitry Muhomor Date: Mon, 10 Jan 2022 15:50:33 +0200 Subject: [PATCH] make DownloadManager.enqueue() a no-op when INTERNET @@ -9,7 +9,7 @@ Subject: [PATCH] make DownloadManager.enqueue() a no-op when INTERNET 1 file changed, 8 insertions(+) diff --git a/core/java/android/app/DownloadManager.java b/core/java/android/app/DownloadManager.java -index 355092378279..cb4a16641953 100644 +index c209660f4197..ed0ba8b4b642 100644 --- a/core/java/android/app/DownloadManager.java +++ b/core/java/android/app/DownloadManager.java @@ -16,6 +16,7 @@ @@ -20,7 +20,7 @@ index 355092378279..cb4a16641953 100644 import android.annotation.NonNull; import android.annotation.Nullable; import android.annotation.RequiresPermission; -@@ -31,6 +32,7 @@ +@@ -31,6 +32,7 @@ import android.content.ContentResolver; import android.content.ContentUris; import android.content.ContentValues; import android.content.Context; @@ -28,7 +28,7 @@ index 355092378279..cb4a16641953 100644 import android.database.Cursor; import android.database.CursorWrapper; import android.database.DatabaseUtils; -@@ -1115,6 +1117,12 @@ public void onMediaStoreDownloadsDeleted(@NonNull LongSparseArray idToMi +@@ -1123,6 +1125,12 @@ public class DownloadManager { * calls related to this download. */ public long enqueue(Request request) { diff --git a/Patches/LineageOS-19.1/android_frameworks_base/0013-Network_Permission-5.patch b/Patches/LineageOS-19.1/android_frameworks_base/0013-Network_Permission-5.patch index 46cff73d..06f9d94b 100644 --- a/Patches/LineageOS-19.1/android_frameworks_base/0013-Network_Permission-5.patch +++ b/Patches/LineageOS-19.1/android_frameworks_base/0013-Network_Permission-5.patch @@ -9,10 +9,10 @@ Subject: [PATCH] make DownloadManager.query() a no-op when INTERNET permission 1 file changed, 7 insertions(+) diff --git a/core/java/android/app/DownloadManager.java b/core/java/android/app/DownloadManager.java -index c209660f4197..2b141e17a80b 100644 +index ed0ba8b4b642..97757b51aaeb 100644 --- a/core/java/android/app/DownloadManager.java +++ b/core/java/android/app/DownloadManager.java -@@ -34,6 +34,7 @@ import android.content.Context; +@@ -36,6 +36,7 @@ import android.content.pm.PackageManager; import android.database.Cursor; import android.database.CursorWrapper; import android.database.DatabaseUtils; @@ -20,7 +20,7 @@ index c209660f4197..2b141e17a80b 100644 import android.net.ConnectivityManager; import android.net.NetworkPolicyManager; import android.net.Uri; -@@ -1170,6 +1171,12 @@ public class DownloadManager { +@@ -1178,6 +1179,12 @@ public class DownloadManager { /** @hide */ public Cursor query(Query query, String[] projection) { diff --git a/Patches/LineageOS-19.1/android_frameworks_base/0021-Boot_Animation.patch b/Patches/LineageOS-19.1/android_frameworks_base/0021-Boot_Animation.patch new file mode 100644 index 00000000..e21d5054 --- /dev/null +++ b/Patches/LineageOS-19.1/android_frameworks_base/0021-Boot_Animation.patch @@ -0,0 +1,39 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Tad +Date: Wed, 6 Apr 2022 01:10:00 -0400 +Subject: [PATCH] Use basic boot animation + +Signed-off-by: Tad +Change-Id: I0c87ddd9aec21fc610f3d17701192c04150308d7 +--- + cmds/bootanimation/BootAnimation.cpp | 10 ++-------- + 1 file changed, 2 insertions(+), 8 deletions(-) + +diff --git a/cmds/bootanimation/BootAnimation.cpp b/cmds/bootanimation/BootAnimation.cpp +index 6c8cab7783b6..73a98dcc56b3 100644 +--- a/cmds/bootanimation/BootAnimation.cpp ++++ b/cmds/bootanimation/BootAnimation.cpp +@@ -725,7 +725,7 @@ GLuint linkShader(GLuint vertexShader, GLuint fragmentShader) { + } + + void BootAnimation::initShaders() { +- bool dynamicColoringEnabled = mAnimation != nullptr && mAnimation->dynamicColoringEnabled; ++ bool dynamicColoringEnabled = false; + GLuint vertexShader = compileShader(GL_VERTEX_SHADER, (const GLchar *)VERTEX_SHADER_SOURCE); + GLuint imageFragmentShader = + compileShader(GL_FRAGMENT_SHADER, dynamicColoringEnabled +@@ -761,13 +761,7 @@ bool BootAnimation::threadLoop() { + bool result; + initShaders(); + +- // We have no bootanimation file, so we use the stock android logo +- // animation. +- if (mZipFileName.isEmpty()) { +- result = android(); +- } else { +- result = movie(); +- } ++ result = android(); + + mCallbacks->shutdown(); + eglMakeCurrent(mDisplay, EGL_NO_SURFACE, EGL_NO_SURFACE, EGL_NO_CONTEXT); diff --git a/Patches/LineageOS-19.1/android_packages_modules_DnsResolver/0001-Hosts_Cache.patch b/Patches/LineageOS-19.1/android_packages_modules_DnsResolver/0001-Hosts_Cache.patch new file mode 100644 index 00000000..d2ecad39 --- /dev/null +++ b/Patches/LineageOS-19.1/android_packages_modules_DnsResolver/0001-Hosts_Cache.patch @@ -0,0 +1,659 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Tom Marshall +Date: Tue, 25 Aug 2020 08:31:32 -0700 +Subject: [PATCH] DnsResolver: Sort and cache hosts file data for fast lookup + +The hosts file is normally searched linearly. This is very slow when +the file is large. To mitigate this, read the hosts file and sort the +entries in an in-memory cache. When an address is requested via +gethostbyname or getaddrinfo, binary search the cache. + +In case where the cache is not available, return a suitable error code +and fall back to the existing lookup code. + +This has been written to behave as much like the existing lookup code as +possible. But note bionic and glibc differ in behavior for some corner +cases. Choose the most standard compliant behavior for these where +possible. Otherwise choose the behavior that seems most reasonable. + +Note: this change is the analogue of the bionic change of the same name. +Both should be kept in sync. + +Change-Id: I5926493864d4b1291ae83f8b601bf5dcc54085cd +--- + Android.bp | 1 + + getaddrinfo.cpp | 9 + + hosts_cache.cpp | 523 ++++++++++++++++++++++++++++++++++++++++++++++++ + hosts_cache.h | 28 +++ + sethostent.cpp | 7 + + 5 files changed, 568 insertions(+) + create mode 100644 hosts_cache.cpp + create mode 100644 hosts_cache.h + +diff --git a/Android.bp b/Android.bp +index 696d721..86c9cf9 100644 +--- a/Android.bp ++++ b/Android.bp +@@ -164,6 +164,7 @@ cc_library { + "getaddrinfo.cpp", + "gethnamaddr.cpp", + "sethostent.cpp", ++ "hosts_cache.cpp", + "res_cache.cpp", + "res_comp.cpp", + "res_debug.cpp", +diff --git a/getaddrinfo.cpp b/getaddrinfo.cpp +index 23e7e44..f0c0ba8 100644 +--- a/getaddrinfo.cpp ++++ b/getaddrinfo.cpp +@@ -66,6 +66,8 @@ + #include "resolv_private.h" + #include "util.h" + ++#include "hosts_cache.h" ++ + #define ANY 0 + + using android::net::NetworkDnsEventReported; +@@ -1557,6 +1559,13 @@ static bool files_getaddrinfo(const size_t netid, const char* name, const addrin + FILE* hostf = nullptr; + + cur = &sentinel; ++ ++ int hc_error = hc_getaddrinfo(name, pai, &cur); ++ if (hc_error != EAI_SYSTEM) { ++ *res = sentinel.ai_next; ++ return sentinel.ai_next != NULL; ++ } ++ + _sethtent(&hostf); + while ((p = _gethtent(&hostf, name, pai)) != nullptr) { + cur->ai_next = p; +diff --git a/hosts_cache.cpp b/hosts_cache.cpp +new file mode 100644 +index 0000000..a40fb40 +--- /dev/null ++++ b/hosts_cache.cpp +@@ -0,0 +1,523 @@ ++/* ++ * Copyright (C) 2016 The CyanogenMod Project ++ * Copyright (C) 2020 The LineageOS Project ++ * ++ * Licensed under the Apache License, Version 2.0 (the "License"); ++ * you may not use this file except in compliance with the License. ++ * You may obtain a copy of the License at ++ * ++ * http://www.apache.org/licenses/LICENSE-2.0 ++ * ++ * Unless required by applicable law or agreed to in writing, software ++ * distributed under the License is distributed on an "AS IS" BASIS, ++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++ * See the License for the specific language governing permissions and ++ * limitations under the License. ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include ++#include ++#include ++ ++#include "hostent.h" ++#include "resolv_private.h" ++ ++constexpr int MAXALIASES = 35; ++constexpr int MAXADDRS = 35; ++ ++#define MAX_ADDRLEN (INET6_ADDRSTRLEN - (1 + 5)) ++#define MAX_HOSTLEN MAXHOSTNAMELEN ++ ++#define ESTIMATED_LINELEN 32 ++#define HCFILE_ALLOC_SIZE 256 ++ ++/* From sethostent.c */ ++#define ALIGNBYTES (sizeof(uintptr_t) - 1) ++#define ALIGN(p) (((uintptr_t)(p) + ALIGNBYTES) &~ ALIGNBYTES) ++ ++/* ++ * Host cache entry for hcfile.c_data. ++ * Offsets are into hcfile.h_data. ++ * Strings are *not* terminated by NULL, but by whitespace (isspace) or '#'. ++ * Use hstr* functions with these. ++ */ ++struct hcent ++{ ++ uint32_t addr; ++ uint32_t name; ++}; ++ ++/* ++ * Overall host cache file state. ++ */ ++struct hcfile ++{ ++ int h_fd; ++ struct stat h_st; ++ char* h_data; ++ ++ uint32_t c_alloc; ++ uint32_t c_len; ++ struct hcent* c_data; ++}; ++static struct hcfile hcfile; ++static pthread_mutex_t hclock = PTHREAD_MUTEX_INITIALIZER; ++ ++static size_t hstrlen(const char *s) ++{ ++ const char *p = s; ++ while (*p && *p != '#' && !isspace(*p)) ++ ++p; ++ return p - s; ++} ++ ++static int hstrcmp(const char *a, const char *b) ++{ ++ size_t alen = hstrlen(a); ++ size_t blen = hstrlen(b); ++ int res = strncmp(a, b, MIN(alen, blen)); ++ if (res == 0) ++ res = alen - blen; ++ return res; ++} ++ ++static char *hstrcpy(char *dest, const char *src) ++{ ++ size_t len = hstrlen(src); ++ memcpy(dest, src, len); ++ dest[len] = '\0'; ++ return dest; ++} ++ ++static char *hstrdup(const char *s) ++{ ++ size_t len = hstrlen(s); ++ char *dest = (char *)malloc(len + 1); ++ if (!dest) ++ return NULL; ++ memcpy(dest, s, len); ++ dest[len] = '\0'; ++ return dest; ++} ++ ++static int cmp_hcent_name(const void *a, const void *b) ++{ ++ struct hcent *ea = (struct hcent *)a; ++ const char *na = hcfile.h_data + ea->name; ++ struct hcent *eb = (struct hcent *)b; ++ const char *nb = hcfile.h_data + eb->name; ++ ++ return hstrcmp(na, nb); ++} ++ ++static struct hcent *_hcfindname(const char *name) ++{ ++ size_t first, last, mid; ++ struct hcent *cur = NULL; ++ int cmp; ++ ++ if (hcfile.c_len == 0) ++ return NULL; ++ ++ first = 0; ++ last = hcfile.c_len - 1; ++ mid = (first + last) / 2; ++ while (first <= last) { ++ cur = hcfile.c_data + mid; ++ cmp = hstrcmp(hcfile.h_data + cur->name, name); ++ if (cmp == 0) ++ goto found; ++ if (cmp < 0) ++ first = mid + 1; ++ else { ++ if (mid > 0) ++ last = mid - 1; ++ else ++ return NULL; ++ } ++ mid = (first + last) / 2; ++ } ++ return NULL; ++ ++found: ++ while (cur > hcfile.c_data) { ++ struct hcent *prev = cur - 1; ++ cmp = cmp_hcent_name(cur, prev); ++ if (cmp) ++ break; ++ cur = prev; ++ } ++ ++ return cur; ++} ++ ++/* ++ * Find next name on line, if any. ++ * ++ * Assumes that line is terminated by LF. ++ */ ++static const char *_hcnextname(const char *name) ++{ ++ while (!isspace(*name)) { ++ if (*name == '#') ++ return NULL; ++ ++name; ++ } ++ while (isspace(*name)) { ++ if (*name == '\n') ++ return NULL; ++ ++name; ++ } ++ if (*name == '#') ++ return NULL; ++ return name; ++} ++ ++static int _hcfilemmap(void) ++{ ++ struct stat st; ++ int h_fd; ++ char *h_addr; ++ const char *p, *pend; ++ uint32_t c_alloc; ++ ++ h_fd = open(_PATH_HOSTS, O_CLOEXEC); ++ if (h_fd < 0) ++ return -1; ++ if (flock(h_fd, LOCK_EX) != 0) { ++ close(h_fd); ++ return -1; ++ } ++ ++ if (hcfile.h_data) { ++ memset(&st, 0, sizeof(st)); ++ if (fstat(h_fd, &st) == 0) { ++ if (st.st_size == hcfile.h_st.st_size && ++ st.st_mtime == hcfile.h_st.st_mtime) { ++ flock(h_fd, LOCK_UN); ++ close(h_fd); ++ return 0; ++ } ++ } ++ free(hcfile.c_data); ++ munmap(hcfile.h_data, hcfile.h_st.st_size); ++ close(hcfile.h_fd); ++ memset(&hcfile, 0, sizeof(struct hcfile)); ++ } ++ ++ if (fstat(h_fd, &st) != 0) { ++ flock(h_fd, LOCK_UN); ++ close(h_fd); ++ return -1; ++ } ++ h_addr = (char*)mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, h_fd, 0); ++ if (h_addr == MAP_FAILED) { ++ flock(h_fd, LOCK_UN); ++ close(h_fd); ++ return -1; ++ } ++ ++ hcfile.h_fd = h_fd; ++ hcfile.h_st = st; ++ hcfile.h_data = h_addr; ++ ++ c_alloc = 0; ++ /* ++ * Do an initial allocation if the file is "large". Estimate ++ * 32 bytes per line and define "large" as more than half of ++ * the alloc growth size (256 entries). ++ */ ++ if (st.st_size >= ESTIMATED_LINELEN * HCFILE_ALLOC_SIZE / 2) { ++ c_alloc = st.st_size / ESTIMATED_LINELEN; ++ hcfile.c_data = (struct hcent*)malloc(c_alloc * sizeof(struct hcent)); ++ if (!hcfile.c_data) { ++ goto oom; ++ } ++ } ++ ++ p = (const char *)h_addr; ++ pend = p + st.st_size; ++ while (p < pend) { ++ const char *eol, *addr, *name; ++ size_t len; ++ addr = p; ++ eol = (const char*)memchr(p, '\n', pend - p); ++ if (!eol) ++ break; ++ p = eol + 1; ++ if (*addr == '#' || *addr == '\n') ++ continue; ++ len = hstrlen(addr); ++ if (len > MAX_ADDRLEN) ++ continue; ++ name = addr + len; ++ while (name < eol && isspace(*name)) ++ ++name; ++ while (name < eol) { ++ len = hstrlen(name); ++ if (len == 0) ++ break; ++ if (len < MAX_HOSTLEN) { ++ struct hcent *ent; ++ if (c_alloc <= hcfile.c_len) { ++ struct hcent *c_data; ++ c_alloc += HCFILE_ALLOC_SIZE; ++ c_data = (struct hcent*)realloc(hcfile.c_data, c_alloc * sizeof(struct hcent)); ++ if (!c_data) { ++ goto oom; ++ } ++ hcfile.c_data = c_data; ++ } ++ ent = hcfile.c_data + hcfile.c_len; ++ ent->addr = addr - h_addr; ++ ent->name = name - h_addr; ++ ++hcfile.c_len; ++ } ++ name += len; ++ while (name < eol && isspace(*name)) ++ ++name; ++ } ++ } ++ ++ qsort(hcfile.c_data, hcfile.c_len, ++ sizeof(struct hcent), cmp_hcent_name); ++ ++ flock(h_fd, LOCK_UN); ++ ++ return 0; ++ ++oom: ++ free(hcfile.c_data); ++ munmap(hcfile.h_data, hcfile.h_st.st_size); ++ flock(hcfile.h_fd, LOCK_UN); ++ close(hcfile.h_fd); ++ memset(&hcfile, 0, sizeof(struct hcfile)); ++ return -1; ++} ++ ++/* ++ * Caching version of getaddrinfo. ++ * ++ * If we find the requested host name in the cache, use getaddrinfo to ++ * populate the result for each address we find. ++ * ++ * Note glibc and bionic differ in the handling of ai_canonname. POSIX ++ * says that ai_canonname is only populated in the first result entry. ++ * glibc does this. bionic populates ai_canonname in all result entries. ++ * We choose the POSIX/glibc way here. ++ */ ++int hc_getaddrinfo(const char *name, const struct addrinfo* hints, struct addrinfo** result) ++{ ++ int ret = 0; ++ struct hcent *ent, *cur; ++ struct addrinfo *ai; ++ struct addrinfo rhints; ++ struct addrinfo *last; ++ int canonname = 0; ++ int cmp; ++ ++ if (getenv("ANDROID_HOSTS_CACHE_DISABLE") != NULL) ++ return EAI_SYSTEM; ++ ++ if (!name) ++ return EAI_SYSTEM; ++ ++ pthread_mutex_lock(&hclock); ++ ++ if (_hcfilemmap() != 0) { ++ ret = EAI_SYSTEM; ++ goto out; ++ } ++ ent = _hcfindname(name); ++ if (!ent) { ++ ret = EAI_NONAME; ++ goto out; ++ } ++ ++ if (hints) { ++ canonname = (hints->ai_flags & AI_CANONNAME); ++ memcpy(&rhints, hints, sizeof(rhints)); ++ rhints.ai_flags &= ~AI_CANONNAME; ++ } ++ else { ++ memset(&rhints, 0, sizeof(rhints)); ++ } ++ rhints.ai_flags |= AI_NUMERICHOST; ++ ++ last = NULL; ++ cur = ent; ++ do { ++ char addrstr[MAX_ADDRLEN]; ++ struct addrinfo *res; ++ ++ hstrcpy(addrstr, hcfile.h_data + cur->addr); ++ ++ if (getaddrinfo_numeric(addrstr, nullptr, rhints, &res) == 0) { ++ if (!last) ++ (*result)->ai_next = res; ++ else ++ last->ai_next = res; ++ last = res; ++ while (last->ai_next) ++ last = last->ai_next; ++ } ++ ++ if(cur + 1 >= hcfile.c_data + hcfile.c_len) ++ break; ++ cmp = cmp_hcent_name(cur, cur + 1); ++ cur = cur + 1; ++ } ++ while (!cmp); ++ ++ if (last == NULL) { ++ /* This check is equivalent to (*result)->ai_next == NULL */ ++ ret = EAI_NODATA; ++ goto out; ++ } ++ ++ if (canonname) { ++ ai = (*result)->ai_next; ++ free(ai->ai_canonname); ++ ai->ai_canonname = hstrdup(hcfile.h_data + ent->name); ++ } ++ ++out: ++ pthread_mutex_unlock(&hclock); ++ return ret; ++} ++ ++/* ++ * Caching version of gethtbyname. ++ * ++ * Note glibc and bionic differ in the handling of aliases. glibc returns ++ * all aliases for all entries, regardless of whether they match h_addrtype. ++ * bionic returns only the aliases for the first hosts entry. We return all ++ * aliases for all IPv4 entries. ++ * ++ * Additionally, if an alias is IPv6 and the primary name for an alias also ++ * has an IPv4 entry, glibc will return the IPv4 address(es), but bionic ++ * will not. Neither do we. ++ */ ++int hc_gethtbyname(const char *host, int af, struct getnamaddr *info) ++{ ++ int ret = NETDB_SUCCESS; ++ struct hcent *ent, *cur; ++ int cmp; ++ size_t addrlen; ++ unsigned int naliases = 0; ++ char *aliases[MAXALIASES]; ++ unsigned int naddrs = 0; ++ char *addr_ptrs[MAXADDRS]; ++ unsigned int n; ++ ++ if (getenv("ANDROID_HOSTS_CACHE_DISABLE") != NULL) ++ return NETDB_INTERNAL; ++ ++ switch (af) { ++ case AF_INET: addrlen = NS_INADDRSZ; break; ++ case AF_INET6: addrlen = NS_IN6ADDRSZ; break; ++ default: ++ return NETDB_INTERNAL; ++ } ++ ++ pthread_mutex_lock(&hclock); ++ ++ if (_hcfilemmap() != 0) { ++ ret = NETDB_INTERNAL; ++ goto out; ++ } ++ ++ ent = _hcfindname(host); ++ if (!ent) { ++ ret = HOST_NOT_FOUND; ++ goto out; ++ } ++ ++ cur = ent; ++ do { ++ char addr[16]; ++ char addrstr[MAX_ADDRLEN]; ++ char namestr[MAX_HOSTLEN]; ++ const char *name; ++ ++ hstrcpy(addrstr, hcfile.h_data + cur->addr); ++ if (inet_pton(af, addrstr, &addr) == 1) { ++ char *aligned; ++ /* First match is considered the official hostname */ ++ if (naddrs == 0) { ++ hstrcpy(namestr, hcfile.h_data + cur->name); ++ HENT_SCOPY(info->hp->h_name, namestr, info->buf, info->buflen); ++ } ++ for (name = hcfile.h_data + cur->name; name; name = _hcnextname(name)) { ++ if (!hstrcmp(name, host)) ++ continue; ++ hstrcpy(namestr, name); ++ HENT_SCOPY(aliases[naliases], namestr, info->buf, info->buflen); ++ ++naliases; ++ if (naliases >= MAXALIASES) ++ goto nospc; ++ } ++ aligned = (char *)ALIGN(info->buf); ++ if (info->buf != aligned) { ++ if ((ptrdiff_t)info->buflen < (aligned - info->buf)) ++ goto nospc; ++ info->buflen -= (aligned - info->buf); ++ info->buf = aligned; ++ } ++ HENT_COPY(addr_ptrs[naddrs], addr, addrlen, info->buf, info->buflen); ++ ++naddrs; ++ if (naddrs >= MAXADDRS) ++ goto nospc; ++ } ++ ++ if(cur + 1 >= hcfile.c_data + hcfile.c_len) ++ break; ++ cmp = cmp_hcent_name(cur, cur + 1); ++ cur = cur + 1; ++ } ++ while (!cmp); ++ ++ if (naddrs == 0) { ++ ret = HOST_NOT_FOUND; ++ goto out; ++ } ++ ++ addr_ptrs[naddrs++] = NULL; ++ aliases[naliases++] = NULL; ++ ++ /* hp->h_name already populated */ ++ HENT_ARRAY(info->hp->h_aliases, naliases, info->buf, info->buflen); ++ for (n = 0; n < naliases; ++n) { ++ info->hp->h_aliases[n] = aliases[n]; ++ } ++ info->hp->h_addrtype = af; ++ info->hp->h_length = addrlen; ++ HENT_ARRAY(info->hp->h_addr_list, naddrs, info->buf, info->buflen); ++ for (n = 0; n < naddrs; ++n) { ++ info->hp->h_addr_list[n] = addr_ptrs[n]; ++ } ++ ++out: ++ pthread_mutex_unlock(&hclock); ++ return ret; ++ ++nospc: ++ ret = NETDB_INTERNAL; ++ goto out; ++} +diff --git a/hosts_cache.h b/hosts_cache.h +new file mode 100644 +index 0000000..55138dc +--- /dev/null ++++ b/hosts_cache.h +@@ -0,0 +1,28 @@ ++/* ++ * Copyright (C) 2016 The CyanogenMod Project ++ * Copyright (C) 2020 The LineageOS Project ++ * ++ * Licensed under the Apache License, Version 2.0 (the "License"); ++ * you may not use this file except in compliance with the License. ++ * You may obtain a copy of the License at ++ * ++ * http://www.apache.org/licenses/LICENSE-2.0 ++ * ++ * Unless required by applicable law or agreed to in writing, software ++ * distributed under the License is distributed on an "AS IS" BASIS, ++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++ * See the License for the specific language governing permissions and ++ * limitations under the License. ++ */ ++ ++#ifndef NETD_RESOLV_HOSTS_CACHE_H ++#define NETD_RESOLV_HOSTS_CACHE_H ++ ++struct getnamaddr; ++ ++int hc_getaddrinfo(const char* name, const struct addrinfo* hints, ++ struct addrinfo** result); ++ ++int hc_gethtbyname(const char *host, int af, struct getnamaddr *info); ++ ++#endif +diff --git a/sethostent.cpp b/sethostent.cpp +index de94fce..64de4c3 100644 +--- a/sethostent.cpp ++++ b/sethostent.cpp +@@ -43,6 +43,8 @@ + #include "hostent.h" + #include "resolv_private.h" + ++#include "hosts_cache.h" ++ + constexpr int MAXALIASES = 35; + constexpr int MAXADDRS = 35; + +@@ -72,6 +74,11 @@ int _hf_gethtbyname2(const char* name, int af, getnamaddr* info) { + char* aliases[MAXALIASES]; + char* addr_ptrs[MAXADDRS]; + ++ int rc = hc_gethtbyname(name, af, info); ++ if (rc != NETDB_INTERNAL) { ++ return (rc == NETDB_SUCCESS ? 0 : EAI_NODATA); ++ } ++ + FILE* hf = NULL; + sethostent_r(&hf); + if (hf == NULL) { diff --git a/Patches/LineageOS-19.1/android_packages_modules_DnsResolver/0002-Hosts_Wildcards.patch b/Patches/LineageOS-19.1/android_packages_modules_DnsResolver/0002-Hosts_Wildcards.patch new file mode 100644 index 00000000..f664bd45 --- /dev/null +++ b/Patches/LineageOS-19.1/android_packages_modules_DnsResolver/0002-Hosts_Wildcards.patch @@ -0,0 +1,72 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Tom Marshall +Date: Thu, 16 Jan 2020 13:07:04 -0800 +Subject: [PATCH] DnsResolver: Support wildcards in cached hosts file + +If an exact name is not found in the hosts file and the host name +contains at least one dot, search for entries of the form "*.domain", +where domain is the portion of the host name after the first dot. If +that is not found, repeat using the domain. + +Example: a.b.c.example.com would search for the following in turn: + a.b.c.example.com + *.b.c.example.com + *.c.example.com + *.example.com + *.com + +Note: this change is the analogue of the bionic change of the same name. +Both should be kept in sync. + +Change-Id: I4b0bb81699151d5b371850daebf785e35ec9b170 +--- + hosts_cache.cpp | 29 ++++++++++++++++++++++++++++- + 1 file changed, 28 insertions(+), 1 deletion(-) + +diff --git a/hosts_cache.cpp b/hosts_cache.cpp +index a40fb40..258eac1 100644 +--- a/hosts_cache.cpp ++++ b/hosts_cache.cpp +@@ -126,7 +126,7 @@ static int cmp_hcent_name(const void *a, const void *b) + return hstrcmp(na, nb); + } + +-static struct hcent *_hcfindname(const char *name) ++static struct hcent *_hcfindname_exact(const char *name) + { + size_t first, last, mid; + struct hcent *cur = NULL; +@@ -167,6 +167,33 @@ found: + return cur; + } + ++static struct hcent *_hcfindname(const char *name) ++{ ++ struct hcent *ent; ++ char namebuf[MAX_HOSTLEN]; ++ char *p; ++ char *dot; ++ ++ ent = _hcfindname_exact(name); ++ if (!ent && strlen(name) < sizeof(namebuf)) { ++ strlcpy(namebuf, name, sizeof(namebuf)); ++ p = namebuf; ++ do { ++ dot = strchr(p, '.'); ++ if (!dot) ++ break; ++ if (dot > p) { ++ *(dot - 1) = '*'; ++ ent = _hcfindname_exact(dot - 1); ++ } ++ p = dot + 1; ++ } ++ while (!ent); ++ } ++ ++ return ent; ++} ++ + /* + * Find next name on line, if any. + * diff --git a/Scripts/Common/Post.sh b/Scripts/Common/Post.sh index 9f6dae7a..6c9217d7 100644 --- a/Scripts/Common/Post.sh +++ b/Scripts/Common/Post.sh @@ -35,7 +35,7 @@ sed -i 's/static bool slab_nomerge __ro_after_init = !IS_ENABLED(CONFIG_SLAB_MER #sed -i 's/= IS_ENABLED(CONFIG_PAGE_POISONING_ENABLE_DEFAULT);/= true;/' kernel/*/*/mm/page_poison.c &>/dev/null || true; #4.4+ #XXX: shouldn't be enabled past 5.3 #Build speedup -sed -i 's/flags.Tidy = true/flags.Tidy = false/' build/soong/cc/tidy.go &>/dev/null || true; #Disable clang-tidy (GrapheneOS/kdrag0n) +sed -i 's/flags.Tidy = true/flags.Tidy = false/' build/soong/cc/tidy.go &>/dev/null || true; #Disable clang-tidy (kdrag0n) cd "$DOS_BUILD_BASE"; echo -e "\e[0;32m[SCRIPT COMPLETE] Post tweaks complete\e[0m"; diff --git a/Scripts/LineageOS-18.1/Patch.sh b/Scripts/LineageOS-18.1/Patch.sh index 03b42aa2..05b82fd2 100644 --- a/Scripts/LineageOS-18.1/Patch.sh +++ b/Scripts/LineageOS-18.1/Patch.sh @@ -168,8 +168,8 @@ if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_fr if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0003-Harden_Sig_Spoofing.patch"; fi; #Restrict signature spoofing to system apps signed with the platform key hardenLocationConf services/core/java/com/android/server/location/gps_debug.conf; #Harden the default GPS config changeDefaultDNS; #Change the default DNS servers -#sed -i 's/DEFAULT_USE_COMPACTION = false;/DEFAULT_USE_COMPACTION = true;/' services/core/java/com/android/server/am/CachedAppOptimizer.java; #Enable app compaction by default (GrapheneOS) -#sed -i 's/DEFAULT_USE_FREEZER = false;/DEFAULT_USE_FREEZER = true;/' services/core/java/com/android/server/am/CachedAppOptimizer.java; #Enable app freezer by default (GrapheneOS) +sed -i 's/DEFAULT_USE_COMPACTION = false;/DEFAULT_USE_COMPACTION = true;/' services/core/java/com/android/server/am/CachedAppOptimizer.java; #Enable app compaction by default (GrapheneOS) +sed -i 's/DEFAULT_USE_FREEZER = false;/DEFAULT_USE_FREEZER = true;/' services/core/java/com/android/server/am/CachedAppOptimizer.java; #Enable app freezer by default (GrapheneOS) sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox internal logging service sed -i 's/DEFAULT_MAX_FILES_LOWRAM = 300;/DEFAULT_MAX_FILES_LOWRAM = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; sed -i 's/(notif.needNotify)/(true)/' location/java/com/android/internal/location/GpsNetInitiatedHandler.java; #Notify the user if their location is requested via SUPL diff --git a/Scripts/LineageOS-19.1/Patch.sh b/Scripts/LineageOS-19.1/Patch.sh index 3d69da25..93e9a90b 100644 --- a/Scripts/LineageOS-19.1/Patch.sh +++ b/Scripts/LineageOS-19.1/Patch.sh @@ -153,6 +153,7 @@ sed -i 's/sys.spawn.exec/persist.security.exec_spawn/' core/java/com/android/int fi; applyPatch "$DOS_PATCHES/android_frameworks_base/0020-Location_Indicators-1.patch"; #SystemUI: Use new privacy indicators for location (GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0020-Location_Indicators-2.patch"; #Exclude Bluetooth app from Location indicators (GrapheneOS) +applyPatch "$DOS_PATCHES/android_frameworks_base/0021-Boot_Animation.patch"; #Use basic boot animation hardenLocationConf services/core/java/com/android/server/location/gnss/gps_debug.conf; #Harden the default GPS config changeDefaultDNS; #Change the default DNS servers sed -i 's/DEFAULT_USE_COMPACTION = false;/DEFAULT_USE_COMPACTION = true;/' services/core/java/com/android/server/am/CachedAppOptimizer.java; #Enable app compaction by default (GrapheneOS) @@ -239,7 +240,7 @@ if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_pa fi; if enterAndClear "packages/apps/Settings"; then -applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969) +#applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969) #XXX 19REBASE: broken? #applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0004-Private_DNS.patch"; #More 'Private DNS' options (CalyxOS) #XXX 19REBASE if [ "$DOS_TIMEOUTS" = true ]; then applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0005-Automatic_Reboot.patch"; #Timeout for reboot (GrapheneOS) @@ -280,6 +281,11 @@ applyPatch "$DOS_PATCHES/android_packages_modules_Connectivity/0001-Network_Perm #applyPatch "$DOS_PATCHES/android_packages_modules_Connectivity/0002-Private_DNS.patch"; #More 'Private DNS' options (CalyxOS) #XXX 19REBASE fi; +if enterAndClear "packages/modules/DnsResolver"; then +applyPatch "$DOS_PATCHES/android_packages_modules_DnsResolver/0001-Hosts_Cache.patch"; #DnsResolver: Sort and cache hosts file data for fast lookup (LineageOS) +applyPatch "$DOS_PATCHES/android_packages_modules_DnsResolver/0002-Hosts_Wildcards.patch"; #DnsResolver: Support wildcards in cached hosts file (LineageOS) +fi; + if [ "$DOS_GRAPHENE_RANDOM_MAC" = true ]; then if enterAndClear "packages/modules/NetworkStack"; then applyPatch "$DOS_PATCHES/android_packages_modules_NetworkStack/0001-Random_MAC.patch"; #Avoid reusing DHCP state for full MAC randomization (GrapheneOS) @@ -366,6 +372,7 @@ if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then echo "PRODUCT_PACKAGES += UnifiedNLP if [ "$DOS_HOSTS_BLOCKING" = false ]; then echo "PRODUCT_PACKAGES += $DOS_HOSTS_BLOCKING_APP" >> packages.mk; fi; #Include blocker app #echo "PRODUCT_PACKAGES += vendor.lineage.trust@1.0-service" >> packages.mk; #Add deny usb service, all of our kernels have the necessary patch #XXX 19REBASE: is this necessary? echo "PRODUCT_PACKAGES += eSpeakNG" >> packages.mk; #PicoTTS needs work to compile on 18.1, use eSpeak-NG instead +awk -i inplace '!/F-DroidPrivilegedExtensionOfficial/' packages.mk; #Appears to be broken fi; # #END OF ROM CHANGES diff --git a/Scripts/LineageOS-19.1/Rebrand.sh b/Scripts/LineageOS-19.1/Rebrand.sh index a98fcc66..38a656e9 100644 --- a/Scripts/LineageOS-19.1/Rebrand.sh +++ b/Scripts/LineageOS-19.1/Rebrand.sh @@ -24,7 +24,7 @@ source "$DOS_SCRIPTS_COMMON/Shell.sh"; echo "Rebranding..."; if enter "bootable/recovery"; then -#git revert --no-edit c4071b4f; #use standard animation #XXX 19REBASE +git revert --no-edit b8aba40343b694ddd03e2c03be5027c6c9a08371; #use standard animation awk -i inplace '!/DrawSurface\(logo.get\(\)/' recovery_ui/screen_ui.cpp; #Hide logo mogrify -format png -fill "#FF5722" -opaque "#167C80" -fuzz 10% res-*/images/*sel.png; #Recolor icons mogrify -format png -fill "#FF5722" -opaque "#7c4dff" -fuzz 10% res-*/images/ic_back_sel.png; @@ -33,7 +33,7 @@ sed -i 's|0xf8, 0x90, 0xff|0xff, 0x98, 0x00|' recovery_ui/*ui.cpp; #Recolor acce sed -i 's|0xe6, 0x51, 0x00|0x4c, 0xaf, 0x50|' recovery_ui/*ui.cpp; #Recolor accents (fastboot primary) sed -i 's|0xfd, 0xd8, 0x35|0x8b, 0xc3, 0x4a|' recovery_ui/*ui.cpp; #Recolor accents (fastboot secondary) sed -i 's|0xfd, 0xd8,0x35|0x8b, 0xc3, 0x4a|' recovery_ui/*ui.cpp; #Recolor accents (fastboot secondary typo) -#sed -i 's|0x16, 0x7c, 0x80|0x03, 0xa9, 0xf4|' recovery_ui/*ui.cpp; #Recolor text #XXX 19REBASE +sed -i 's|0x16, 0x7c, 0x80|0x03, 0xa9, 0xf4|' recovery_ui/*ui.cpp; #Recolor text sed -i 's|Android Recovery|'"$DOS_BRANDING_NAME"' Recovery|' recovery_ui/*ui.cpp; #not used (yet) sed -i 's|LineageOS|'"$DOS_BRANDING_NAME"'|' recovery_ui/*ui.cpp; #not used (yet) sed -i 's|Lineage |'"$DOS_BRANDING_NAME"' |' recovery.cpp; #not used (yet)