Add ConnectivityUtil #28
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Android 12's privacy dashboard shows permission usage timelines for location, camera, and microphone. However, there's no reason to limit it to those specific permissions; all the infrastructure is in place for other permissions. To enable the usage timeline for more permissions, keep discrete app op history for all permission groups shown in the privacy dashboard. The list of permission group -> app op mappings was obtained from AppOpsManager.RUNTIME_AND_APPOP_PERMISSION_OPS with a few additional ops from PrivacyItemController, and each op was resolved to its respective enum ordinal from frameworks/proto_logging/stats/enums/app/enums.proto. Change-Id: I6b1c476ea4c0edbc0b3fdf2e3e5cfcb11da77e33
…tivity. (GrapheneOS#2) This is the partner commit to the addition of an option in Settings for the same feature. This config can be enabled by an overlay for devices that support increased touch sensitivity (otherwise known as "Glove Mode") via the persist.vendor.touch_sensitivity_mode system property. Signed-off-by: Diab Neiroukh <[email protected]>
India, Japan and Korea have either industry standards or regulations for phones sold within the country enforcing camera sounds. It's trivially bypassed by taking out the SIM card, using video, using a headset or turning off the volume. It doesn't make sense for us to enforce this.
Generated with Android 12 Extensions v9.0.0-test2 [1] using #1565C0 (light link accent color from GrapheneOS website) as a seed color, with all other settings left at themelib [2] and colorkt [3] defaults. [1] https://github.com/kdrag0n/android12-extensions/ [2] https://github.com/ProtonAOSP/android_external_themelib [3] https://github.com/kdrag0n/colorkt
This switches to secure-by-default instead of crash-by-default for API 31 to work around apps which have updated to API 31 without specifying either FLAG_MUTABLE or FLAG_IMMUTABLE for PendingIntents. If the app ends up needing the FLAG_MUTABLE behavior, it may crash later, but it should still be obvious why it happened. There are many apps with outdated Play services client libraries lacking support for Android 12 which are nonetheless targeting API 31 or higher and will crash in certain situations. Google Play services will ask the client library to request runtime permissions from the user on behalf of it when it thinks that they're required for an operation that's requested. The older client libraries will cause a crash in the app by trying to create a PendingIntent with no FLAG_MUTABLE or FLAG_IMMUTABLE specified. This is a much more common issue on GrapheneOS since Play services is a regular user installed app with no special access or privileges, and starts without any standard runtime permissions granted to it. Ported from 13: 94363af7c45a Co-authored-by: Dmitry Muhomor <[email protected]>
It doesn't make sense to show a generic Android letter version icon for USB. Change-Id: I0441fc76fa8beab16675ac91e92e9b0490044dec
This change makes sharesheet way more useful by increasing the amount of visible ranked apps. Change-Id: Ic092f1d1784259c9f3c0870eda1dd1ae8544c697
The debugging options are not yet supported probably, so disable exec spawning when doing debugging.
This reverts commit 5a8d91b5fac0a1ae597de359128e0706776ce3a7.
When an unhandled exception occured, binder connections were closed with IPCThreadState::stopProcess() before the invocation of java.lang.Thread#dispatchUncaughtException(). By default, that method tries to report the crash via ActivityManager#handleApplicationCrash(), which always failed due to the closed binder connection. This meant that the crash dialog was never shown and additional crash handling was skipped. Zygote-based spawning never calls IPCThreadState::stopProcess().
Needed for exec spawning, to pass custom flags to the kernel.
Chromium browser and its derivatives setup a seccomp syscall filter in their isolated processes, which blocks creation of new userfaultfds. Since 14 QPR2, ART uses a new userfaultfd-based GC. When zygote-based process spawning is used, userfaultfd GC is initialized before any of app's code is executed, i.e. before Chromium's seccomp syscall filter is installed. When exec spawning is used, userfaultfd GC initialization is delayed until first garbage collection. Chromium's seccomp syscall filter is already installed at that point. This leads to crashes of isolated Chromium processes (both browser and WebView), with the following log messages: E cr_seccomp: ../../sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc:**CRASHING**:seccomp-bpf failure in syscall E cr_seccomp: nr=0x11a arg1=0x80001 arg2=0xc arg3=0xffffffffffffffff arg4=0xc As a workaround, perform early initialization of ART userfaultfd GC in isolated processes by calling System.gc() before executing app's code. On Pixel 8, this increases startup latency by around 4 to 10 milliseconds.
Add workaround for some PackageManager code not handling package parser cache dir being null, despite it being nullable upstream.
- ignore SELinux flags on debuggable builds that use kernels without support for SELinux flags - show a debug-build-only notification when kernel doesn't support SELinux flags
On existing installs, GmsCore uses GSF to perform a one-time migration of GSF databases into itself.
…ons"" This reverts commit 0e82c70.
Pixel stock OS now enables FRP by default for everyone who has secure lock screen and a Google account.
That toggle was a no-op due to a recent change.
GrapheneOS doesn't ship face unlock.
bac848b removed a null check for defaultAppPackageName. defaultAppPackageName is null when there's no current Wallet app role holder. This led to getWalletServiceInfo() returning a reference to an arbitrary app that declared support for the wallet app interface, if any was present, when there was no current Wallet app role holder. SystemUI automatically adds wallet quick access tile that links the current Wallet app role holder, which linked that arbitrary app instead in this case.
Crash report snippet: signal: 11 (SIGSEGV), code 9 (SEGV_MTESERR), faultAddr 300d6a4a30c285c threadName: BG Thread GrapheneOS#2 backtrace: /product/priv-app/PixelCameraServices/PixelCameraServices.apk!libHdrPlusJni.so (Java_com_google_googlex_gcam_GcamModuleJNI_FrameRequest_1type_1get+0, pc 1495320) /system/framework/arm64/boot.oat (art_jni_trampoline+124, pc 9c76c) /data/dalvik-cache/arm64/product@priv-app@[email protected]@classes.dex (td.h+2748, pc 46472c) /data/dalvik-cache/arm64/product@priv-app@[email protected]@classes.dex (tc.b+104, pc 53bee8) /data/dalvik-cache/arm64/product@priv-app@[email protected]@classes.dex (bwv.aq+96, pc 4224f0) /data/dalvik-cache/arm64/product@priv-app@[email protected]@classes.dex (cat.run+1016, pc 4239c8) /data/dalvik-cache/arm64/product@priv-app@[email protected]@classes.dex (aph.run+180, pc 1a27c4) /data/dalvik-cache/arm64/product@priv-app@[email protected]@classes.dex (akd.run+72, pc 17c6a8) /data/dalvik-cache/arm64/product@priv-app@[email protected]@classes.dex (bjf.run+464, pc 21ab80) /data/dalvik-cache/arm64/product@priv-app@[email protected]@classes.dex (mf.run+2440, pc 305da8) /data/dalvik-cache/arm64/product@priv-app@[email protected]@classes.dex (alo.run+404, pc 1810f4)
onUserStopped() method name was misleading, it's called from onUserStopping(), while the user is still running. Initial research was done by maade93791 <[email protected]> Co-authored-by: maade93791 <[email protected]>
u-fred
force-pushed
the
15-connectivity-util
branch
from
1501565 to
32c58a4
Compare
muhomorr
requested changes
Nov 17, 2024
|
|
||
| ContentResolver cr = context.createContextAsUser(UserHandle.getUserHandleForUid( | ||
| uid), 0).getContentResolver(); | ||
| return Settings.Secure.getInt(cr, Settings.Secure.ALWAYS_ON_VPN_LOCKDOWN, 0) == 1; |
There was a problem hiding this comment.
There's Settings.Secure.getIntForUser(), no need to create a new Context.
| } | ||
|
|
||
| public static boolean isRegularAppWithLockdownVpnEnabled(@NonNull Context context, int uid) { | ||
| if (isSystem(context, uid)) { |
There was a problem hiding this comment.
ALWAYS_ON_VPN_LOCKDOWN check should be done first, it's much faster than isSystem() check in most cases.
thestinger
force-pushed
the
15
branch
2 times, most recently
from
61879fc to
2103ff4
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Port of #27
Required by GrapheneOS/platform_packages_modules_Connectivity#17 and GrapheneOS/platform_packages_modules_Connectivity#18