Add the GrapheneOS always randomize MAC option to 17.1 and 18.1

The DHCP state patch was backported to 17.1

Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
Tad 2022-03-29 22:27:06 -04:00
parent 09834b568f
commit f481055ae9
13 changed files with 3612 additions and 1 deletions

View File

@ -0,0 +1,32 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Renlord <me@renlord.com>
Date: Fri, 13 Dec 2019 22:44:39 +1100
Subject: [PATCH] add option of always randomizing MAC addresses
---
wifi/java/android/net/wifi/WifiConfiguration.java | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/wifi/java/android/net/wifi/WifiConfiguration.java b/wifi/java/android/net/wifi/WifiConfiguration.java
index 88f2bb2ad6e8..24a9b043b75c 100644
--- a/wifi/java/android/net/wifi/WifiConfiguration.java
+++ b/wifi/java/android/net/wifi/WifiConfiguration.java
@@ -1015,12 +1015,17 @@ public class WifiConfiguration implements Parcelable {
* Generate a randomized MAC once and reuse it for all connections to this network
*/
public static final int RANDOMIZATION_PERSISTENT = 1;
+ /**
+ * @hide
+ * Generate a randomize MAC always
+ */
+ public static final int RANDOMIZATION_ALWAYS = 100;
/**
* @hide
* Level of MAC randomization for this network
*/
- public int macRandomizationSetting = RANDOMIZATION_PERSISTENT;
+ public int macRandomizationSetting = RANDOMIZATION_ALWAYS;
/**
* @hide

View File

@ -0,0 +1,105 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Renlord <me@renlord.com>
Date: Sat, 21 Dec 2019 00:33:56 +1100
Subject: [PATCH] add support for always generating new random MAC
To trigger re-generation of randomized MAC addressed for an already
connected AP. User simply has to toggle on/off wifi. Otherwise, on
re-connection, a new randomized MAC address also gets generated.
---
.../java/com/android/server/wifi/ClientModeImpl.java | 9 +++++++--
.../com/android/server/wifi/WifiConfigManager.java | 10 ++++++++--
.../com/android/server/wifi/WifiConfigurationUtil.java | 2 +-
service/java/com/android/server/wifi/WifiMetrics.java | 4 ++--
4 files changed, 18 insertions(+), 7 deletions(-)
diff --git a/service/java/com/android/server/wifi/ClientModeImpl.java b/service/java/com/android/server/wifi/ClientModeImpl.java
index d91b7f8b8..befc92fb4 100644
--- a/service/java/com/android/server/wifi/ClientModeImpl.java
+++ b/service/java/com/android/server/wifi/ClientModeImpl.java
@@ -3407,7 +3407,12 @@ public class ClientModeImpl extends StateMachine {
String currentMacString = mWifiNative.getMacAddress(mInterfaceName);
MacAddress currentMac = currentMacString == null ? null :
MacAddress.fromString(currentMacString);
- MacAddress newMac = config.getOrCreateRandomizedMacAddress();
+ MacAddress newMac;
+ if (config.macRandomizationSetting == WifiConfiguration.RANDOMIZATION_PERSISTENT) {
+ newMac = config.getOrCreateRandomizedMacAddress();
+ } else {
+ newMac = MacAddress.createRandomUnicastAddress();
+ }
mWifiConfigManager.setNetworkRandomizedMacAddress(config.networkId, newMac);
if (!WifiConfiguration.isValidMacAddressForRandomization(newMac)) {
Log.wtf(TAG, "Config generated an invalid MAC address");
@@ -4310,7 +4315,7 @@ public class ClientModeImpl extends StateMachine {
reportConnectionAttemptStart(config, mTargetRoamBSSID,
WifiMetricsProto.ConnectionEvent.ROAM_UNRELATED);
if (config.macRandomizationSetting
- == WifiConfiguration.RANDOMIZATION_PERSISTENT
+ != WifiConfiguration.RANDOMIZATION_NONE
&& mConnectedMacRandomzationSupported) {
configureRandomizedMacAddress(config);
} else {
diff --git a/service/java/com/android/server/wifi/WifiConfigManager.java b/service/java/com/android/server/wifi/WifiConfigManager.java
index 393a5c395..cb44fb4ab 100644
--- a/service/java/com/android/server/wifi/WifiConfigManager.java
+++ b/service/java/com/android/server/wifi/WifiConfigManager.java
@@ -1113,7 +1113,13 @@ public class WifiConfigManager {
packageName != null ? packageName : mContext.getPackageManager().getNameForUid(uid);
newInternalConfig.creationTime = newInternalConfig.updateTime =
createDebugTimeStampString(mClock.getWallClockMillis());
- MacAddress randomizedMac = getPersistentMacAddress(newInternalConfig);
+
+ MacAddress randomizedMac;
+ if (externalConfig.macRandomizationSetting == WifiConfiguration.RANDOMIZATION_PERSISTENT) {
+ randomizedMac = getPersistentMacAddress(newInternalConfig);
+ } else {
+ randomizedMac = MacAddress.createRandomUnicastAddress();
+ }
if (randomizedMac != null) {
newInternalConfig.setRandomizedMacAddress(randomizedMac);
}
@@ -1533,7 +1539,7 @@ public class WifiConfigManager {
public boolean isInFlakyRandomizationSsidHotlist(int networkId) {
WifiConfiguration config = getConfiguredNetwork(networkId);
return config != null
- && config.macRandomizationSetting == WifiConfiguration.RANDOMIZATION_PERSISTENT
+ && config.macRandomizationSetting != WifiConfiguration.RANDOMIZATION_NONE
&& mRandomizationFlakySsidHotlist.contains(config.SSID);
}
diff --git a/service/java/com/android/server/wifi/WifiConfigurationUtil.java b/service/java/com/android/server/wifi/WifiConfigurationUtil.java
index b8992a011..f47f42d1b 100644
--- a/service/java/com/android/server/wifi/WifiConfigurationUtil.java
+++ b/service/java/com/android/server/wifi/WifiConfigurationUtil.java
@@ -242,7 +242,7 @@ public class WifiConfigurationUtil {
public static boolean hasMacRandomizationSettingsChanged(WifiConfiguration existingConfig,
WifiConfiguration newConfig) {
if (existingConfig == null) {
- return newConfig.macRandomizationSetting != WifiConfiguration.RANDOMIZATION_PERSISTENT;
+ return newConfig.macRandomizationSetting != WifiConfiguration.RANDOMIZATION_ALWAYS;
}
return newConfig.macRandomizationSetting != existingConfig.macRandomizationSetting;
}
diff --git a/service/java/com/android/server/wifi/WifiMetrics.java b/service/java/com/android/server/wifi/WifiMetrics.java
index 6db4e9955..5ea824ee3 100644
--- a/service/java/com/android/server/wifi/WifiMetrics.java
+++ b/service/java/com/android/server/wifi/WifiMetrics.java
@@ -1115,7 +1115,7 @@ public class WifiMetrics {
if (config != null) {
mCurrentConnectionEvent.mConnectionEvent.useRandomizedMac =
config.macRandomizationSetting
- == WifiConfiguration.RANDOMIZATION_PERSISTENT;
+ != WifiConfiguration.RANDOMIZATION_NONE;
mCurrentConnectionEvent.mConnectionEvent.connectionNominator =
mNetworkIdToNominatorId.get(config.networkId,
WifiMetricsProto.ConnectionEvent.NOMINATOR_UNKNOWN);
@@ -3037,7 +3037,7 @@ public class WifiMetrics {
if (config.isPasspoint()) {
mWifiLogProto.numPasspointNetworks++;
}
- if (config.macRandomizationSetting == WifiConfiguration.RANDOMIZATION_PERSISTENT) {
+ if (config.macRandomizationSetting != WifiConfiguration.RANDOMIZATION_NONE) {
mWifiLogProto.numSavedNetworksWithMacRandomization++;
}
}

View File

@ -0,0 +1,106 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Renlord <me@renlord.com>
Date: Sun, 8 Dec 2019 23:58:24 +0100
Subject: [PATCH] add option to always randomize MAC
RANDOMIZATION_ALWAYS is set as the default option
---
res/values/arrays.xml | 4 ++-
.../WifiDetailPreferenceController.java | 3 +-
.../WifiPrivacyPreferenceController.java | 31 ++++++++++++++-----
3 files changed, 29 insertions(+), 9 deletions(-)
diff --git a/res/values/arrays.xml b/res/values/arrays.xml
index b983f467df..e1e7581deb 100644
--- a/res/values/arrays.xml
+++ b/res/values/arrays.xml
@@ -1120,7 +1120,8 @@
</string-array>
<string-array name="wifi_privacy_entries">
- <item>Use randomized MAC (default)</item>
+ <item>Use fully randomized MAC (default)</item>
+ <item>Use per-network randomized MAC</item>
<item>Use device MAC</item>
</string-array>
@@ -1136,6 +1137,7 @@
</string-array>
<string-array name="wifi_privacy_values" translatable="false">
+ <item>100</item>
<item>1</item>
<item>0</item>
</string-array>
diff --git a/src/com/android/settings/wifi/details/WifiDetailPreferenceController.java b/src/com/android/settings/wifi/details/WifiDetailPreferenceController.java
index afcf883fb6..ce45108f22 100644
--- a/src/com/android/settings/wifi/details/WifiDetailPreferenceController.java
+++ b/src/com/android/settings/wifi/details/WifiDetailPreferenceController.java
@@ -700,7 +700,8 @@ public class WifiDetailPreferenceController extends AbstractPreferenceController
// return randomized MAC address
if (mWifiConfig != null &&
- mWifiConfig.macRandomizationSetting == WifiConfiguration.RANDOMIZATION_PERSISTENT) {
+ (mWifiConfig.macRandomizationSetting == WifiConfiguration.RANDOMIZATION_PERSISTENT
+ || mWifiConfig.macRandomizationSetting == WifiConfiguration.RANDOMIZATION_ALWAYS)) {
return mWifiConfig.getRandomizedMacAddress().toString();
}
diff --git a/src/com/android/settings/wifi/details/WifiPrivacyPreferenceController.java b/src/com/android/settings/wifi/details/WifiPrivacyPreferenceController.java
index 950cc131f4..1ed9646a7f 100644
--- a/src/com/android/settings/wifi/details/WifiPrivacyPreferenceController.java
+++ b/src/com/android/settings/wifi/details/WifiPrivacyPreferenceController.java
@@ -112,11 +112,12 @@ public class WifiPrivacyPreferenceController extends BasePreferenceController im
if (mWifiConfiguration != null) {
return mWifiConfiguration.macRandomizationSetting;
}
- return WifiConfiguration.RANDOMIZATION_PERSISTENT;
+ return WifiConfiguration.RANDOMIZATION_ALWAYS;
}
- private static final int PREF_RANDOMIZATION_PERSISTENT = 0;
- private static final int PREF_RANDOMIZATION_NONE = 1;
+ private static final int PREF_RANDOMIZATION_ALWAYS = 0;
+ private static final int PREF_RANDOMIZATION_PERSISTENT = 1;
+ private static final int PREF_RANDOMIZATION_NONE = 2;
/**
* Returns preference index value.
@@ -125,8 +126,16 @@ public class WifiPrivacyPreferenceController extends BasePreferenceController im
* @return index value of preference
*/
public static int translateMacRandomizedValueToPrefValue(int macRandomized) {
- return (macRandomized == WifiConfiguration.RANDOMIZATION_PERSISTENT)
- ? PREF_RANDOMIZATION_PERSISTENT : PREF_RANDOMIZATION_NONE;
+ switch (macRandomized) {
+ case WifiConfiguration.RANDOMIZATION_ALWAYS:
+ return PREF_RANDOMIZATION_ALWAYS;
+ case WifiConfiguration.RANDOMIZATION_PERSISTENT:
+ return PREF_RANDOMIZATION_PERSISTENT;
+ case WifiConfiguration.RANDOMIZATION_NONE:
+ return PREF_RANDOMIZATION_NONE;
+ default:
+ return PREF_RANDOMIZATION_ALWAYS;
+ }
}
/**
@@ -136,8 +145,16 @@ public class WifiPrivacyPreferenceController extends BasePreferenceController im
* @return mac randomized value
*/
public static int translatePrefValueToMacRandomizedValue(int prefMacRandomized) {
- return (prefMacRandomized == PREF_RANDOMIZATION_PERSISTENT)
- ? WifiConfiguration.RANDOMIZATION_PERSISTENT : WifiConfiguration.RANDOMIZATION_NONE;
+ switch (prefMacRandomized) {
+ case PREF_RANDOMIZATION_ALWAYS:
+ return WifiConfiguration.RANDOMIZATION_ALWAYS;
+ case PREF_RANDOMIZATION_PERSISTENT:
+ return WifiConfiguration.RANDOMIZATION_PERSISTENT;
+ case PREF_RANDOMIZATION_NONE:
+ return WifiConfiguration.RANDOMIZATION_NONE;
+ default:
+ return WifiConfiguration.RANDOMIZATION_ALWAYS;
+ }
}
private void updateSummary(DropDownPreference preference, int macRandomized) {

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,71 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Pratyush <39559233+empratyush@users.noreply.github.com>
Date: Thu, 20 May 2021 13:21:31 +0530
Subject: [PATCH] avoid reusing DHCP state for full MAC randomization
---
src/android/net/dhcp/DhcpClient.java | 30 +++++++++++++++++++++++++++-
1 file changed, 29 insertions(+), 1 deletion(-)
diff --git a/src/android/net/dhcp/DhcpClient.java b/src/android/net/dhcp/DhcpClient.java
index c45fc82..b62239c 100644
--- a/src/android/net/dhcp/DhcpClient.java
+++ b/src/android/net/dhcp/DhcpClient.java
@@ -60,6 +60,9 @@ import android.net.metrics.IpConnectivityLog;
import android.net.util.InterfaceParams;
import android.net.util.NetworkStackUtils;
import android.net.util.SocketUtils;
+import android.net.wifi.WifiConfiguration;
+import android.net.wifi.WifiInfo;
+import android.net.wifi.WifiManager;
import android.os.Message;
import android.os.SystemClock;
import android.system.ErrnoException;
@@ -84,6 +87,8 @@ import java.net.SocketAddress;
import java.net.SocketException;
import java.nio.ByteBuffer;
import java.util.Arrays;
+import java.util.ArrayList;
+import java.util.List;
import java.util.Random;
/**
@@ -917,7 +922,7 @@ public class DhcpClient extends StateMachine {
+ " lease expiry: " + attributes.assignedV4AddressExpiry
+ " current time: " + currentTime);
}
- if (currentTime >= attributes.assignedV4AddressExpiry) {
+ if (currentTime >= attributes.assignedV4AddressExpiry || shouldAvoidStateReuse()) {
// Lease has expired.
transitionTo(mDhcpInitState);
return HANDLED;
@@ -941,6 +946,29 @@ public class DhcpClient extends StateMachine {
}
}
+ private static final int RANDOMIZATION_ALWAYS = 100;
+
+ private boolean shouldAvoidStateReuse() {
+ try {
+ WifiManager wifiManager = (WifiManager) mContext.getSystemService(Context.WIFI_SERVICE);
+ WifiInfo wifiInfo = wifiManager.getConnectionInfo();
+ if (wifiInfo != null) {
+ int connectedNetworkId = wifiInfo.getNetworkId();
+ List<WifiConfiguration> configurationList = wifiManager.getConfiguredNetworks();
+ for (WifiConfiguration configuration : configurationList){
+ if (configuration.networkId == connectedNetworkId){
+ return configuration.macRandomizationSetting == RANDOMIZATION_ALWAYS;
+ }
+ }
+ }
+ } catch (Exception e) {
+ loge(e.getLocalizedMessage(), e);
+ }
+
+ loge("ConfiguredNetworks should contain Connected network id config");
+ return true;
+ }
+
class DhcpInitState extends PacketRetransmittingState {
public DhcpInitState() {
super();

View File

@ -0,0 +1,75 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Renlord <me@renlord.com>
Date: Fri, 13 Dec 2019 22:44:39 +1100
Subject: [PATCH] add option of always randomizing MAC addresses
---
api/system-current.txt | 1 +
wifi/api/system-current.txt | 1 +
wifi/java/android/net/wifi/WifiConfiguration.java | 15 +++++++++++----
3 files changed, 13 insertions(+), 4 deletions(-)
diff --git a/api/system-current.txt b/api/system-current.txt
index f07ebaf19cb6..21dbbbc244a6 100755
--- a/api/system-current.txt
+++ b/api/system-current.txt
@@ -7117,6 +7117,7 @@ package android.net.wifi {
field @Deprecated public static final int METERED_OVERRIDE_METERED = 1; // 0x1
field @Deprecated public static final int METERED_OVERRIDE_NONE = 0; // 0x0
field @Deprecated public static final int METERED_OVERRIDE_NOT_METERED = 2; // 0x2
+ field @Deprecated public static final int RANDOMIZATION_ALWAYS = 100; // 0x64
field @Deprecated public static final int RANDOMIZATION_NONE = 0; // 0x0
field @Deprecated public static final int RANDOMIZATION_PERSISTENT = 1; // 0x1
field @Deprecated public static final int RECENT_FAILURE_AP_UNABLE_TO_HANDLE_NEW_STA = 17; // 0x11
diff --git a/wifi/api/system-current.txt b/wifi/api/system-current.txt
index 07793c1eb02a..2a9fa1093774 100644
--- a/wifi/api/system-current.txt
+++ b/wifi/api/system-current.txt
@@ -320,6 +320,7 @@ package android.net.wifi {
field @Deprecated public static final int METERED_OVERRIDE_METERED = 1; // 0x1
field @Deprecated public static final int METERED_OVERRIDE_NONE = 0; // 0x0
field @Deprecated public static final int METERED_OVERRIDE_NOT_METERED = 2; // 0x2
+ field @Deprecated public static final int RANDOMIZATION_ALWAYS = 100; // 0x64
field @Deprecated public static final int RANDOMIZATION_NONE = 0; // 0x0
field @Deprecated public static final int RANDOMIZATION_PERSISTENT = 1; // 0x1
field @Deprecated public static final int RECENT_FAILURE_AP_UNABLE_TO_HANDLE_NEW_STA = 17; // 0x11
diff --git a/wifi/java/android/net/wifi/WifiConfiguration.java b/wifi/java/android/net/wifi/WifiConfiguration.java
index 71f0ab8087ab..8f52ba46a409 100644
--- a/wifi/java/android/net/wifi/WifiConfiguration.java
+++ b/wifi/java/android/net/wifi/WifiConfiguration.java
@@ -1130,7 +1130,8 @@ public class WifiConfiguration implements Parcelable {
@Retention(RetentionPolicy.SOURCE)
@IntDef(prefix = {"RANDOMIZATION_"}, value = {
RANDOMIZATION_NONE,
- RANDOMIZATION_PERSISTENT})
+ RANDOMIZATION_PERSISTENT,
+ RANDOMIZATION_ALWAYS})
public @interface MacRandomizationSetting {}
/**
@@ -1145,16 +1146,22 @@ public class WifiConfiguration implements Parcelable {
*/
@SystemApi
public static final int RANDOMIZATION_PERSISTENT = 1;
+ /**
+ * @hide
+ * Generate a randomize MAC always
+ */
+ @SystemApi
+ public static final int RANDOMIZATION_ALWAYS = 100;
/**
* Level of MAC randomization for this network.
- * One of {@link #RANDOMIZATION_NONE} or {@link #RANDOMIZATION_PERSISTENT}.
- * By default this field is set to {@link #RANDOMIZATION_PERSISTENT}.
+ * One of {@link #RANDOMIZATION_NONE} or {@link #RANDOMIZATION_PERSISTENT} or RANDOMIZATION_ALWAYS.
+ * By default this field is set to RANDOMIZATION_ALWAYS in GrapheneOS.
* @hide
*/
@SystemApi
@MacRandomizationSetting
- public int macRandomizationSetting = RANDOMIZATION_PERSISTENT;
+ public int macRandomizationSetting = RANDOMIZATION_ALWAYS;
/**
* @hide

View File

@ -0,0 +1,192 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Renlord <me@renlord.com>
Date: Sat, 21 Dec 2019 00:33:56 +1100
Subject: [PATCH] add support for always generating new random MAC
To trigger re-generation of randomized MAC addressed for an already
connected AP. User simply has to toggle on/off wifi. Otherwise, on
re-connection, a new randomized MAC address also gets generated.
---
.../wifitrackerlib/StandardWifiEntry.java | 34 ++++++++++++++-----
.../com/android/wifitrackerlib/WifiEntry.java | 1 +
.../android/server/wifi/ClientModeImpl.java | 5 +--
.../server/wifi/WifiConfigManager.java | 13 +++++--
.../server/wifi/WifiConfigurationUtil.java | 2 +-
.../com/android/server/wifi/WifiMetrics.java | 4 +--
6 files changed, 43 insertions(+), 16 deletions(-)
diff --git a/libs/WifiTrackerLib/src/com/android/wifitrackerlib/StandardWifiEntry.java b/libs/WifiTrackerLib/src/com/android/wifitrackerlib/StandardWifiEntry.java
index 51270545b..a96ba03e3 100644
--- a/libs/WifiTrackerLib/src/com/android/wifitrackerlib/StandardWifiEntry.java
+++ b/libs/WifiTrackerLib/src/com/android/wifitrackerlib/StandardWifiEntry.java
@@ -324,7 +324,7 @@ public class StandardWifiEntry extends WifiEntry {
return wifiInfoMac;
}
}
- if (mWifiConfig == null || getPrivacy() != PRIVACY_RANDOMIZED_MAC) {
+ if (mWifiConfig == null || getPrivacy() == PRIVACY_DEVICE_MAC) {
final String[] factoryMacs = mWifiManager.getFactoryMacAddresses();
if (factoryMacs.length > 0) {
return factoryMacs[0];
@@ -578,11 +578,19 @@ public class StandardWifiEntry extends WifiEntry {
@Override
@Privacy
public int getPrivacy() {
- if (mWifiConfig != null
- && mWifiConfig.macRandomizationSetting == WifiConfiguration.RANDOMIZATION_NONE) {
- return PRIVACY_DEVICE_MAC;
+ if (mWifiConfig != null) {
+ switch(mWifiConfig.macRandomizationSetting) {
+ case WifiConfiguration.RANDOMIZATION_NONE:
+ return PRIVACY_DEVICE_MAC;
+ case WifiConfiguration.RANDOMIZATION_PERSISTENT:
+ return PRIVACY_RANDOMIZED_MAC;
+ case WifiConfiguration.RANDOMIZATION_ALWAYS:
+ return PRIVACY_FULLY_RANDOMIZED_MAC;
+ default:
+ return PRIVACY_FULLY_RANDOMIZED_MAC;
+ }
} else {
- return PRIVACY_RANDOMIZED_MAC;
+ return PRIVACY_FULLY_RANDOMIZED_MAC;
}
}
@@ -591,9 +599,7 @@ public class StandardWifiEntry extends WifiEntry {
if (!canSetPrivacy()) {
return;
}
-
- mWifiConfig.macRandomizationSetting = privacy == PRIVACY_RANDOMIZED_MAC
- ? WifiConfiguration.RANDOMIZATION_PERSISTENT : WifiConfiguration.RANDOMIZATION_NONE;
+ mWifiConfig.macRandomizationSetting = translatePrivacyToWifiConfigurationValues(privacy);
mWifiManager.save(mWifiConfig, null /* listener */);
}
@@ -929,4 +935,16 @@ public class StandardWifiEntry extends WifiEntry {
String getNetworkSelectionDescription() {
return Utils.getNetworkSelectionDescription(getWifiConfiguration());
}
+
+ private static int translatePrivacyToWifiConfigurationValues(int privacy_value) {
+ switch(privacy_value) {
+ case PRIVACY_FULLY_RANDOMIZED_MAC:
+ return WifiConfiguration.RANDOMIZATION_ALWAYS;
+ case PRIVACY_RANDOMIZED_MAC:
+ return WifiConfiguration.RANDOMIZATION_PERSISTENT;
+ case PRIVACY_DEVICE_MAC:
+ return WifiConfiguration.RANDOMIZATION_NONE;
+ }
+ return WifiConfiguration.RANDOMIZATION_ALWAYS;
+ }
}
diff --git a/libs/WifiTrackerLib/src/com/android/wifitrackerlib/WifiEntry.java b/libs/WifiTrackerLib/src/com/android/wifitrackerlib/WifiEntry.java
index 92c2ed531..3cd333fd3 100644
--- a/libs/WifiTrackerLib/src/com/android/wifitrackerlib/WifiEntry.java
+++ b/libs/WifiTrackerLib/src/com/android/wifitrackerlib/WifiEntry.java
@@ -149,6 +149,7 @@ public abstract class WifiEntry implements Comparable<WifiEntry> {
public static final int PRIVACY_DEVICE_MAC = 0;
public static final int PRIVACY_RANDOMIZED_MAC = 1;
public static final int PRIVACY_UNKNOWN = 2;
+ public static final int PRIVACY_FULLY_RANDOMIZED_MAC = 100;
@Retention(RetentionPolicy.SOURCE)
@IntDef(value = {
diff --git a/service/java/com/android/server/wifi/ClientModeImpl.java b/service/java/com/android/server/wifi/ClientModeImpl.java
index 14866c87e..8db407fa3 100644
--- a/service/java/com/android/server/wifi/ClientModeImpl.java
+++ b/service/java/com/android/server/wifi/ClientModeImpl.java
@@ -6452,7 +6452,8 @@ public class ClientModeImpl extends StateMachine {
}
if (isConnectedMacRandomizationEnabled()) {
- if (config.macRandomizationSetting == WifiConfiguration.RANDOMIZATION_PERSISTENT) {
+ if (config.macRandomizationSetting == WifiConfiguration.RANDOMIZATION_PERSISTENT ||
+ config.macRandomizationSetting == WifiConfiguration.RANDOMIZATION_ALWAYS) {
configureRandomizedMacAddress(config);
} else {
setCurrentMacToFactoryMac(config);
@@ -6489,7 +6490,7 @@ public class ClientModeImpl extends StateMachine {
(config.getIpAssignment() == IpConfiguration.IpAssignment.STATIC);
final boolean isUsingMacRandomization =
config.macRandomizationSetting
- == WifiConfiguration.RANDOMIZATION_PERSISTENT
+ != WifiConfiguration.RANDOMIZATION_NONE
&& isConnectedMacRandomizationEnabled();
if (mVerboseLoggingEnabled) {
final String key = config.getKey();
diff --git a/service/java/com/android/server/wifi/WifiConfigManager.java b/service/java/com/android/server/wifi/WifiConfigManager.java
index 8fc91cb09..25304cca4 100644
--- a/service/java/com/android/server/wifi/WifiConfigManager.java
+++ b/service/java/com/android/server/wifi/WifiConfigManager.java
@@ -425,9 +425,14 @@ public class WifiConfigManager {
*/
public boolean shouldUseAggressiveRandomization(WifiConfiguration config) {
if (!isMacRandomizationSupported()
- || config.macRandomizationSetting != WifiConfiguration.RANDOMIZATION_PERSISTENT) {
+ || config.macRandomizationSetting < WifiConfiguration.RANDOMIZATION_PERSISTENT) {
return false;
}
+
+ if (config.macRandomizationSetting == WifiConfiguration.RANDOMIZATION_ALWAYS) {
+ return true;
+ }
+
if (mFrameworkFacade.getIntegerSetting(mContext,
ENHANCED_MAC_RANDOMIZATION_FEATURE_FORCE_ENABLE_FLAG, 0) == 1) {
return true;
@@ -546,7 +551,9 @@ public class WifiConfigManager {
*/
private MacAddress updateRandomizedMacIfNeeded(WifiConfiguration config) {
boolean shouldUpdateMac = config.randomizedMacExpirationTimeMs
- < mClock.getWallClockMillis();
+ < mClock.getWallClockMillis() ||
+ config.macRandomizationSetting == WifiConfiguration.RANDOMIZATION_ALWAYS;
+
if (!shouldUpdateMac) {
return config.getRandomizedMacAddress();
}
@@ -1579,7 +1586,7 @@ public class WifiConfigManager {
public boolean isInFlakyRandomizationSsidHotlist(int networkId) {
WifiConfiguration config = getConfiguredNetwork(networkId);
return config != null
- && config.macRandomizationSetting == WifiConfiguration.RANDOMIZATION_PERSISTENT
+ && config.macRandomizationSetting != WifiConfiguration.RANDOMIZATION_NONE
&& mDeviceConfigFacade.getRandomizationFlakySsidHotlist().contains(config.SSID);
}
diff --git a/service/java/com/android/server/wifi/WifiConfigurationUtil.java b/service/java/com/android/server/wifi/WifiConfigurationUtil.java
index 336d97810..9c3e074ae 100644
--- a/service/java/com/android/server/wifi/WifiConfigurationUtil.java
+++ b/service/java/com/android/server/wifi/WifiConfigurationUtil.java
@@ -203,7 +203,7 @@ public class WifiConfigurationUtil {
public static boolean hasMacRandomizationSettingsChanged(WifiConfiguration existingConfig,
WifiConfiguration newConfig) {
if (existingConfig == null) {
- return newConfig.macRandomizationSetting != WifiConfiguration.RANDOMIZATION_PERSISTENT;
+ return newConfig.macRandomizationSetting != WifiConfiguration.RANDOMIZATION_ALWAYS;
}
return newConfig.macRandomizationSetting != existingConfig.macRandomizationSetting;
}
diff --git a/service/java/com/android/server/wifi/WifiMetrics.java b/service/java/com/android/server/wifi/WifiMetrics.java
index 75d53fc95..4ef2e5f8e 100644
--- a/service/java/com/android/server/wifi/WifiMetrics.java
+++ b/service/java/com/android/server/wifi/WifiMetrics.java
@@ -1556,7 +1556,7 @@ public class WifiMetrics {
if (config != null) {
mCurrentConnectionEvent.mConnectionEvent.useRandomizedMac =
config.macRandomizationSetting
- == WifiConfiguration.RANDOMIZATION_PERSISTENT;
+ != WifiConfiguration.RANDOMIZATION_NONE;
mCurrentConnectionEvent.mConnectionEvent.useAggressiveMac =
mWifiConfigManager.shouldUseAggressiveRandomization(config);
mCurrentConnectionEvent.mConnectionEvent.connectionNominator =
@@ -3958,7 +3958,7 @@ public class WifiMetrics {
if (config.isPasspoint()) {
mWifiLogProto.numPasspointNetworks++;
}
- if (config.macRandomizationSetting == WifiConfiguration.RANDOMIZATION_PERSISTENT) {
+ if (config.macRandomizationSetting != WifiConfiguration.RANDOMIZATION_NONE) {
mWifiLogProto.numSavedNetworksWithMacRandomization++;
}
}

View File

@ -0,0 +1,193 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Renlord <me@renlord.com>
Date: Sun, 8 Dec 2019 23:58:24 +0100
Subject: [PATCH] add option to always randomize MAC
RANDOMIZATION_ALWAYS is set as the default option
---
res/values/arrays.xml | 4 ++-
.../WifiDetailPreferenceController.java | 5 +--
.../WifiPrivacyPreferenceController.java | 31 ++++++++++++++-----
.../WifiDetailPreferenceController2.java | 2 +-
.../WifiPrivacyPreferenceController2.java | 31 +++++++++++++++----
5 files changed, 56 insertions(+), 17 deletions(-)
diff --git a/res/values/arrays.xml b/res/values/arrays.xml
index 6259f4d1a5..e93794e955 100644
--- a/res/values/arrays.xml
+++ b/res/values/arrays.xml
@@ -1332,7 +1332,8 @@
</string-array>
<string-array name="wifi_privacy_entries">
- <item>Use randomized MAC (default)</item>
+ <item>Use fully randomized MAC (default)</item>
+ <item>Use per-network randomized MAC</item>
<item>Use device MAC</item>
</string-array>
@@ -1348,6 +1349,7 @@
</string-array>
<string-array name="wifi_privacy_values" translatable="false">
+ <item>100</item>
<item>1</item>
<item>0</item>
</string-array>
diff --git a/src/com/android/settings/wifi/details/WifiDetailPreferenceController.java b/src/com/android/settings/wifi/details/WifiDetailPreferenceController.java
index 8dd8d7ad6a..d900bc6a27 100644
--- a/src/com/android/settings/wifi/details/WifiDetailPreferenceController.java
+++ b/src/com/android/settings/wifi/details/WifiDetailPreferenceController.java
@@ -822,7 +822,8 @@ public class WifiDetailPreferenceController extends AbstractPreferenceController
// return randomized MAC address
if (mWifiConfig != null &&
- mWifiConfig.macRandomizationSetting == WifiConfiguration.RANDOMIZATION_PERSISTENT) {
+ (mWifiConfig.macRandomizationSetting == WifiConfiguration.RANDOMIZATION_PERSISTENT
+ || mWifiConfig.macRandomizationSetting == WifiConfiguration.RANDOMIZATION_ALWAYS)) {
return mWifiConfig.getRandomizedMacAddress().toString();
}
@@ -1288,7 +1289,7 @@ public class WifiDetailPreferenceController extends AbstractPreferenceController
mMacAddressPref.setTitle(
(mWifiConfig.macRandomizationSetting
- == WifiConfiguration.RANDOMIZATION_PERSISTENT)
+ != WifiConfiguration.RANDOMIZATION_NONE)
? R.string.wifi_advanced_randomized_mac_address_title
: R.string.wifi_advanced_device_mac_address_title);
diff --git a/src/com/android/settings/wifi/details/WifiPrivacyPreferenceController.java b/src/com/android/settings/wifi/details/WifiPrivacyPreferenceController.java
index 6658411479..2266805808 100644
--- a/src/com/android/settings/wifi/details/WifiPrivacyPreferenceController.java
+++ b/src/com/android/settings/wifi/details/WifiPrivacyPreferenceController.java
@@ -115,11 +115,12 @@ public class WifiPrivacyPreferenceController extends BasePreferenceController im
if (mWifiConfiguration != null) {
return mWifiConfiguration.macRandomizationSetting;
}
- return WifiConfiguration.RANDOMIZATION_PERSISTENT;
+ return WifiConfiguration.RANDOMIZATION_ALWAYS;
}
- private static final int PREF_RANDOMIZATION_PERSISTENT = 0;
- private static final int PREF_RANDOMIZATION_NONE = 1;
+ private static final int PREF_RANDOMIZATION_ALWAYS = 0;
+ private static final int PREF_RANDOMIZATION_PERSISTENT = 1;
+ private static final int PREF_RANDOMIZATION_NONE = 2;
/**
* Returns preference index value.
@@ -128,8 +129,16 @@ public class WifiPrivacyPreferenceController extends BasePreferenceController im
* @return index value of preference
*/
public static int translateMacRandomizedValueToPrefValue(int macRandomized) {
- return (macRandomized == WifiConfiguration.RANDOMIZATION_PERSISTENT)
- ? PREF_RANDOMIZATION_PERSISTENT : PREF_RANDOMIZATION_NONE;
+ switch (macRandomized) {
+ case WifiConfiguration.RANDOMIZATION_ALWAYS:
+ return PREF_RANDOMIZATION_ALWAYS;
+ case WifiConfiguration.RANDOMIZATION_PERSISTENT:
+ return PREF_RANDOMIZATION_PERSISTENT;
+ case WifiConfiguration.RANDOMIZATION_NONE:
+ return PREF_RANDOMIZATION_NONE;
+ default:
+ return PREF_RANDOMIZATION_ALWAYS;
+ }
}
/**
@@ -139,8 +148,16 @@ public class WifiPrivacyPreferenceController extends BasePreferenceController im
* @return mac randomized value
*/
public static int translatePrefValueToMacRandomizedValue(int prefMacRandomized) {
- return (prefMacRandomized == PREF_RANDOMIZATION_PERSISTENT)
- ? WifiConfiguration.RANDOMIZATION_PERSISTENT : WifiConfiguration.RANDOMIZATION_NONE;
+ switch (prefMacRandomized) {
+ case PREF_RANDOMIZATION_ALWAYS:
+ return WifiConfiguration.RANDOMIZATION_ALWAYS;
+ case PREF_RANDOMIZATION_PERSISTENT:
+ return WifiConfiguration.RANDOMIZATION_PERSISTENT;
+ case PREF_RANDOMIZATION_NONE:
+ return WifiConfiguration.RANDOMIZATION_NONE;
+ default:
+ return WifiConfiguration.RANDOMIZATION_ALWAYS;
+ }
}
private void updateSummary(DropDownPreference preference, int macRandomized) {
diff --git a/src/com/android/settings/wifi/details2/WifiDetailPreferenceController2.java b/src/com/android/settings/wifi/details2/WifiDetailPreferenceController2.java
index 9b305777fd..f04bbcd38f 100644
--- a/src/com/android/settings/wifi/details2/WifiDetailPreferenceController2.java
+++ b/src/com/android/settings/wifi/details2/WifiDetailPreferenceController2.java
@@ -749,7 +749,7 @@ public class WifiDetailPreferenceController2 extends AbstractPreferenceControlle
mMacAddressPref.setVisible(true);
- mMacAddressPref.setTitle((mWifiEntry.getPrivacy() == WifiEntry.PRIVACY_RANDOMIZED_MAC)
+ mMacAddressPref.setTitle((mWifiEntry.getPrivacy() != WifiEntry.PRIVACY_DEVICE_MAC)
? R.string.wifi_advanced_randomized_mac_address_title
: R.string.wifi_advanced_device_mac_address_title);
diff --git a/src/com/android/settings/wifi/details2/WifiPrivacyPreferenceController2.java b/src/com/android/settings/wifi/details2/WifiPrivacyPreferenceController2.java
index d6e1b6054d..ab51c59e1a 100644
--- a/src/com/android/settings/wifi/details2/WifiPrivacyPreferenceController2.java
+++ b/src/com/android/settings/wifi/details2/WifiPrivacyPreferenceController2.java
@@ -100,8 +100,9 @@ public class WifiPrivacyPreferenceController2 extends BasePreferenceController i
return mWifiEntry.getPrivacy();
}
- private static final int PREF_RANDOMIZATION_PERSISTENT = 0;
- private static final int PREF_RANDOMIZATION_NONE = 1;
+ private static final int PREF_RANDOMIZATION_ALWAYS = 0;
+ private static final int PREF_RANDOMIZATION_PERSISTENT = 1;
+ private static final int PREF_RANDOMIZATION_NONE = 2;
/**
* Returns preference index value.
@@ -110,8 +111,16 @@ public class WifiPrivacyPreferenceController2 extends BasePreferenceController i
* @return index value of preference
*/
public static int translateMacRandomizedValueToPrefValue(int macRandomized) {
- return (macRandomized == WifiEntry.PRIVACY_RANDOMIZED_MAC)
- ? PREF_RANDOMIZATION_PERSISTENT : PREF_RANDOMIZATION_NONE;
+ switch (macRandomized) {
+ case WifiConfiguration.RANDOMIZATION_ALWAYS:
+ return PREF_RANDOMIZATION_ALWAYS;
+ case WifiConfiguration.RANDOMIZATION_PERSISTENT:
+ return PREF_RANDOMIZATION_PERSISTENT;
+ case WifiConfiguration.RANDOMIZATION_NONE:
+ return PREF_RANDOMIZATION_NONE;
+ default:
+ return PREF_RANDOMIZATION_ALWAYS;
+ }
}
/**
@@ -121,8 +130,16 @@ public class WifiPrivacyPreferenceController2 extends BasePreferenceController i
* @return mac randomized value
*/
public static int translatePrefValueToMacRandomizedValue(int prefMacRandomized) {
- return (prefMacRandomized == PREF_RANDOMIZATION_PERSISTENT)
- ? WifiEntry.PRIVACY_RANDOMIZED_MAC : WifiEntry.PRIVACY_DEVICE_MAC;
+ switch (prefMacRandomized) {
+ case PREF_RANDOMIZATION_ALWAYS:
+ return WifiConfiguration.RANDOMIZATION_ALWAYS;
+ case PREF_RANDOMIZATION_PERSISTENT:
+ return WifiConfiguration.RANDOMIZATION_PERSISTENT;
+ case PREF_RANDOMIZATION_NONE:
+ return WifiConfiguration.RANDOMIZATION_NONE;
+ default:
+ return WifiConfiguration.RANDOMIZATION_ALWAYS;
+ }
}
private void updateSummary(DropDownPreference preference, int macRandomized) {
@@ -152,6 +169,8 @@ public class WifiPrivacyPreferenceController2 extends BasePreferenceController i
return WifiEntry.PRIVACY_DEVICE_MAC;
case WifiConfiguration.RANDOMIZATION_PERSISTENT:
return WifiEntry.PRIVACY_RANDOMIZED_MAC;
+ case WifiConfiguration.RANDOMIZATION_ALWAYS:
+ return WifiEntry.PRIVACY_FULLY_RANDOMIZED_MAC;
default:
return WifiEntry.PRIVACY_UNKNOWN;
}

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,71 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Pratyush <39559233+empratyush@users.noreply.github.com>
Date: Thu, 20 May 2021 13:21:31 +0530
Subject: [PATCH] avoid reusing DHCP state for full MAC randomization
---
src/android/net/dhcp/DhcpClient.java | 30 +++++++++++++++++++++++++++-
1 file changed, 29 insertions(+), 1 deletion(-)
diff --git a/src/android/net/dhcp/DhcpClient.java b/src/android/net/dhcp/DhcpClient.java
index 4fedf308..5b613a2a 100644
--- a/src/android/net/dhcp/DhcpClient.java
+++ b/src/android/net/dhcp/DhcpClient.java
@@ -74,6 +74,9 @@ import android.net.util.InterfaceParams;
import android.net.util.NetworkStackUtils;
import android.net.util.PacketReader;
import android.net.util.SocketUtils;
+import android.net.wifi.WifiConfiguration;
+import android.net.wifi.WifiInfo;
+import android.net.wifi.WifiManager;
import android.os.Build;
import android.os.Handler;
import android.os.Message;
@@ -111,6 +114,8 @@ import java.net.SocketAddress;
import java.net.SocketException;
import java.nio.ByteBuffer;
import java.util.Arrays;
+import java.util.ArrayList;
+import java.util.List;
import java.util.Random;
/**
@@ -1198,7 +1203,7 @@ public class DhcpClient extends StateMachine {
+ " lease expiry: " + attributes.assignedV4AddressExpiry
+ " current time: " + currentTime);
}
- if (currentTime >= attributes.assignedV4AddressExpiry) {
+ if (currentTime >= attributes.assignedV4AddressExpiry || shouldAvoidStateReuse()) {
// Lease has expired.
transitionTo(mDhcpInitState);
return HANDLED;
@@ -1223,6 +1228,29 @@ public class DhcpClient extends StateMachine {
}
}
+ private static final int RANDOMIZATION_ALWAYS = 100;
+
+ private boolean shouldAvoidStateReuse() {
+ try {
+ WifiManager wifiManager = (WifiManager) mContext.getSystemService(Context.WIFI_SERVICE);
+ WifiInfo wifiInfo = wifiManager.getConnectionInfo();
+ if (wifiInfo != null) {
+ int connectedNetworkId = wifiInfo.getNetworkId();
+ List<WifiConfiguration> configurationList = wifiManager.getConfiguredNetworks();
+ for (WifiConfiguration configuration : configurationList){
+ if (configuration.networkId == connectedNetworkId){
+ return configuration.macRandomizationSetting == RANDOMIZATION_ALWAYS;
+ }
+ }
+ }
+ } catch (Exception e) {
+ loge(e.getLocalizedMessage(), e);
+ }
+
+ loge("ConfiguredNetworks should contain Connected network id config");
+ return true;
+ }
+
private void receiveOfferOrAckPacket(final DhcpPacket packet, final boolean acceptRapidCommit) {
if (!isValidPacket(packet)) return;

View File

@ -171,6 +171,7 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/0016-Bluetooth_Timeout.patch";
applyPatch "$DOS_PATCHES/android_frameworks_base/0017-WiFi_Timeout.patch"; #Timeout for Wi-Fi (GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0017-WiFi_Timeout.patch"; #Timeout for Wi-Fi (GrapheneOS)
fi; fi;
if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0018-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS) if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0018-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS)
if [ "$DOS_GRAPHENE_RANDOM_MAC" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0019-Random_MAC.patch"; fi; #Add option of always randomizing MAC addresses (GrapheneOS)
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0006-Do-not-throw-in-setAppOnInterfaceLocked.patch"; #Fix random reboots on broken kernels when an app has data restricted XXX: ugly applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0006-Do-not-throw-in-setAppOnInterfaceLocked.patch"; #Fix random reboots on broken kernels when an app has data restricted XXX: ugly
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0002-Signature_Spoofing.patch"; fi; #Allow packages to spoof their signature (microG) if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0002-Signature_Spoofing.patch"; fi; #Allow packages to spoof their signature (microG)
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0003-Harden_Sig_Spoofing.patch"; fi; #Restrict signature spoofing to system apps signed with the platform key if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0003-Harden_Sig_Spoofing.patch"; fi; #Restrict signature spoofing to system apps signed with the platform key
@ -200,6 +201,7 @@ fi;
if enterAndClear "frameworks/opt/net/wifi"; then if enterAndClear "frameworks/opt/net/wifi"; then
if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_opt_net_wifi/0001-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS) if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_opt_net_wifi/0001-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS)
if [ "$DOS_GRAPHENE_RANDOM_MAC" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_opt_net_wifi/0002-Random_MAC.patch"; fi; #Add support for always generating new random MAC (GrapheneOS)
fi; fi;
if enterAndClear "hardware/qcom/display"; then if enterAndClear "hardware/qcom/display"; then
@ -299,6 +301,10 @@ applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0007-WiFi_Timeout.patch"
fi; fi;
if [ "$DOS_GRAPHENE_PTRACE_SCOPE" = true ]; then applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0008-ptrace_scope.patch"; fi; #Add native debugging setting (GrapheneOS) if [ "$DOS_GRAPHENE_PTRACE_SCOPE" = true ]; then applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0008-ptrace_scope.patch"; fi; #Add native debugging setting (GrapheneOS)
if [ "$DOS_GRAPHENE_EXEC" = true ]; then applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0009-exec_spawning_toggle.patch"; fi; #Add exec spawning toggle (GrapheneOS) if [ "$DOS_GRAPHENE_EXEC" = true ]; then applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0009-exec_spawning_toggle.patch"; fi; #Add exec spawning toggle (GrapheneOS)
if [ "$DOS_GRAPHENE_RANDOM_MAC" = true ]; then
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0010-Random_MAC-1.patch"; #Add option to always randomize MAC (GrapheneOS)
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0010-Random_MAC-2.patch"; #Remove partial MAC randomization translations (GrapheneOS)
fi;
sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase max password length (GrapheneOS) sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase max password length (GrapheneOS)
sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/backup/PrivacySettingsUtils.java; fi; #microG doesn't support Backup, hide the options if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/backup/PrivacySettingsUtils.java; fi; #microG doesn't support Backup, hide the options
@ -324,6 +330,12 @@ applyPatch "$DOS_PATCHES_COMMON/android_packages_inputmethods_LatinIME/0001-Voic
applyPatch "$DOS_PATCHES_COMMON/android_packages_inputmethods_LatinIME/0002-Disable_Personalization.patch"; #Disable personalization dictionary by default (GrapheneOS) applyPatch "$DOS_PATCHES_COMMON/android_packages_inputmethods_LatinIME/0002-Disable_Personalization.patch"; #Disable personalization dictionary by default (GrapheneOS)
fi; fi;
if [ "$DOS_GRAPHENE_RANDOM_MAC" = true ]; then
if enterAndClear "packages/modules/NetworkStack"; then
applyPatch "$DOS_PATCHES/android_packages_modules_NetworkStack/0001-Random_MAC.patch"; #Avoid reusing DHCP state for full MAC randomization (GrapheneOS)
fi;
fi;
if enterAndClear "packages/providers/DownloadProvider"; then if enterAndClear "packages/providers/DownloadProvider"; then
if [ "$DOS_GRAPHENE_NETWORK_PERM" = true ]; then applyPatch "$DOS_PATCHES/android_packages_providers_DownloadProvider/0001-Network_Permission.patch"; fi; #Expose the NETWORK permission (GrapheneOS) if [ "$DOS_GRAPHENE_NETWORK_PERM" = true ]; then applyPatch "$DOS_PATCHES/android_packages_providers_DownloadProvider/0001-Network_Permission.patch"; fi; #Expose the NETWORK permission (GrapheneOS)
fi; fi;

View File

@ -163,6 +163,7 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-11.pat
applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-12.patch"; applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-12.patch";
sed -i 's/sys.spawn.exec/persist.security.exec_spawn/' core/java/com/android/internal/os/ZygoteConnection.java; sed -i 's/sys.spawn.exec/persist.security.exec_spawn/' core/java/com/android/internal/os/ZygoteConnection.java;
fi; fi;
if [ "$DOS_GRAPHENE_RANDOM_MAC" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0019-Random_MAC.patch"; fi; #Add option of always randomizing MAC addresses (GrapheneOS)
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0006-Do-not-throw-in-setAppOnInterfaceLocked.patch"; #Fix random reboots on broken kernels when an app has data restricted XXX: ugly applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0006-Do-not-throw-in-setAppOnInterfaceLocked.patch"; #Fix random reboots on broken kernels when an app has data restricted XXX: ugly
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0002-Signature_Spoofing.patch"; fi; #Allow packages to spoof their signature (microG) if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0002-Signature_Spoofing.patch"; fi; #Allow packages to spoof their signature (microG)
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0003-Harden_Sig_Spoofing.patch"; fi; #Restrict signature spoofing to system apps signed with the platform key if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0003-Harden_Sig_Spoofing.patch"; fi; #Restrict signature spoofing to system apps signed with the platform key
@ -196,6 +197,12 @@ applyPatch "$DOS_PATCHES/android_frameworks_opt_net_ims/0001-Fix_Calling.patch";
fi; fi;
fi; fi;
if [ "$DOS_GRAPHENE_RANDOM_MAC" = true ]; then
if enterAndClear "frameworks/opt/net/wifi"; then
applyPatch "$DOS_PATCHES/android_frameworks_opt_net_wifi/0001-Random_MAC.patch"; #Add support for always generating new random MAC (GrapheneOS)
fi;
fi;
if enterAndClear "hardware/qcom/display"; then if enterAndClear "hardware/qcom/display"; then
applyPatch "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8084.patch" --directory="msm8084"; applyPatch "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8084.patch" --directory="msm8084";
applyPatch "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8916.patch" --directory="msm8226"; applyPatch "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8916.patch" --directory="msm8226";
@ -304,6 +311,10 @@ applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0007-WiFi_Timeout.patch"
fi; fi;
if [ "$DOS_GRAPHENE_PTRACE_SCOPE" = true ]; then applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0008-ptrace_scope.patch"; fi; #Add native debugging setting (GrapheneOS) if [ "$DOS_GRAPHENE_PTRACE_SCOPE" = true ]; then applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0008-ptrace_scope.patch"; fi; #Add native debugging setting (GrapheneOS)
if [ "$DOS_GRAPHENE_EXEC" = true ]; then applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0010-exec_spawning_toggle.patch"; fi; #Add exec spawning toggle (GrapheneOS) if [ "$DOS_GRAPHENE_EXEC" = true ]; then applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0010-exec_spawning_toggle.patch"; fi; #Add exec spawning toggle (GrapheneOS)
if [ "$DOS_GRAPHENE_RANDOM_MAC" = true ]; then
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0011-Random_MAC-1.patch"; #Add option to always randomize MAC (GrapheneOS)
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0011-Random_MAC-2.patch"; #Remove partial MAC randomization translations (GrapheneOS)
fi;
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0009-Install_Restrictions.patch"; #UserManager app installation restrictions (GrapheneOS) applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0009-Install_Restrictions.patch"; #UserManager app installation restrictions (GrapheneOS)
sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/backup/PrivacySettingsUtils.java; fi; #microG doesn't support Backup, hide the options if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/backup/PrivacySettingsUtils.java; fi; #microG doesn't support Backup, hide the options
@ -329,6 +340,12 @@ applyPatch "$DOS_PATCHES_COMMON/android_packages_inputmethods_LatinIME/0001-Voic
applyPatch "$DOS_PATCHES_COMMON/android_packages_inputmethods_LatinIME/0002-Disable_Personalization.patch"; #Disable personalization dictionary by default (GrapheneOS) applyPatch "$DOS_PATCHES_COMMON/android_packages_inputmethods_LatinIME/0002-Disable_Personalization.patch"; #Disable personalization dictionary by default (GrapheneOS)
fi; fi;
if [ "$DOS_GRAPHENE_RANDOM_MAC" = true ]; then
if enterAndClear "packages/modules/NetworkStack"; then
applyPatch "$DOS_PATCHES/android_packages_modules_NetworkStack/0001-Random_MAC.patch"; #Avoid reusing DHCP state for full MAC randomization (GrapheneOS)
fi;
fi;
if enterAndClear "packages/providers/DownloadProvider"; then if enterAndClear "packages/providers/DownloadProvider"; then
if [ "$DOS_GRAPHENE_NETWORK_PERM" = true ]; then applyPatch "$DOS_PATCHES/android_packages_providers_DownloadProvider/0001-Network_Permission.patch"; fi; #Expose the NETWORK permission (GrapheneOS) if [ "$DOS_GRAPHENE_NETWORK_PERM" = true ]; then applyPatch "$DOS_PATCHES/android_packages_providers_DownloadProvider/0001-Network_Permission.patch"; fi; #Expose the NETWORK permission (GrapheneOS)
fi; fi;

View File

@ -61,8 +61,9 @@ export DOS_GRAPHENE_BIONIC=true; #Enables the bionic hardening patchset on 16.0+
export DOS_GRAPHENE_CONSTIFY=true; #Enables 'Constify JNINativeMethod tables' patchset on 16.0+17.1+18.1 export DOS_GRAPHENE_CONSTIFY=true; #Enables 'Constify JNINativeMethod tables' patchset on 16.0+17.1+18.1
export DOS_GRAPHENE_MALLOC=true; #Enables use of GrapheneOS' hardened memory allocator on 64-bit platforms on 16.0+17.1+18.1 export DOS_GRAPHENE_MALLOC=true; #Enables use of GrapheneOS' hardened memory allocator on 64-bit platforms on 16.0+17.1+18.1
export DOS_GRAPHENE_EXEC=true; #Enables use of GrapheneOS' exec spawning feature on 16.0+17.1+18.1 export DOS_GRAPHENE_EXEC=true; #Enables use of GrapheneOS' exec spawning feature on 16.0+17.1+18.1
export DOS_GRAPHENE_PTRACE_SCOPE=true; #Enables the ptrace_scope toggle patchset on 17.1+18.1 export DOS_GRAPHENE_PTRACE_SCOPE=true; #Enables the GrapheneOS ptrace_scope toggle patchset on 17.1+18.1
export DOS_GRAPHENE_NETWORK_PERM=true; #Enables use of GrapheneOS' NETWORK permission on 17.1+18.1 export DOS_GRAPHENE_NETWORK_PERM=true; #Enables use of GrapheneOS' NETWORK permission on 17.1+18.1
export DOS_GRAPHENE_RANDOM_MAC=true; #Enables the GrapheneOS always randomize Wi-Fi MAC patchset on 17.1+18.1
export DOS_TIMEOUTS=true; #Enables the GrapheneOS/CalyxOS patchset for automatic timeouts of reboot/Wi-Fi/Bluetooth on 17.1+18.1 export DOS_TIMEOUTS=true; #Enables the GrapheneOS/CalyxOS patchset for automatic timeouts of reboot/Wi-Fi/Bluetooth on 17.1+18.1
export DOS_HOSTS_BLOCKING=true; #Set false to prevent inclusion of a HOSTS file export DOS_HOSTS_BLOCKING=true; #Set false to prevent inclusion of a HOSTS file
export DOS_HOSTS_BLOCKING_APP="DNS66"; #App installed when built-in blocking is disabled. Options: DNS66 export DOS_HOSTS_BLOCKING_APP="DNS66"; #App installed when built-in blocking is disabled. Options: DNS66