Initial unified commit for Android 12, syncing up to v400.a

2021-10-20 14:54:55 +00:00
commit 796726eb09
166 changed files with 20826 additions and 0 deletions
--- a/patches_treble_phh/platform_system_netd/0001-Support-no-bpf-usecase.patch
+++ b/patches_treble_phh/platform_system_netd/0001-Support-no-bpf-usecase.patch
@@ -0,0 +1,28 @@
+From ffe0c464a2466a4a20ced24f2197af4de9c22c49 Mon Sep 17 00:00:00 2001
+From: Pierre-Hugues Husson <phh@phh.me>
+Date: Wed, 13 Oct 2021 10:59:09 -0400
+Subject: [PATCH 1/3] Support no-bpf usecase
+
+Change-Id: I639e15bdc321666c64683ea7ccfd42b2ba317cd2
+---
+ server/Controllers.cpp | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/server/Controllers.cpp b/server/Controllers.cpp
+index 1f2bac22..02a87a1b 100644
+--- a/server/Controllers.cpp
+++ b/server/Controllers.cpp
+@@ -289,8 +289,8 @@ void Controllers::init() {
+         // The expected reason we get here is a major kernel or other code bug, as such
+         // the probability that things will succeed on restart of netd is pretty small.
+         // So, let's wait a minute to at least try to limit the log spam a little bit.
+-        sleep(60);
+-        exit(1);
+        //sleep(60);
+        //exit(1);
+     }
+     gLog.info("Initializing traffic control: %" PRId64 "us", s.getTimeAndResetUs());
+ 
+-- 
+2.29.2
+
--- a/patches_treble_phh/platform_system_netd/0002-device-Huawei-Kirin-960-accept-broken-rpfilter-match.patch
+++ b/patches_treble_phh/platform_system_netd/0002-device-Huawei-Kirin-960-accept-broken-rpfilter-match.patch
@@ -0,0 +1,30 @@
+From ec7d6c92018cf34c51ee2a2d7a4816d37f82178e Mon Sep 17 00:00:00 2001
+From: Pierre-Hugues Husson <phh@phh.me>
+Date: Mon, 2 Jul 2018 22:01:43 +0200
+Subject: [PATCH 2/3] [device] ::Huawei Kirin 960:: accept broken rpfilter
+ match
+
+How bad a security flaw is this?
+People lived with rpfilter on IPv4 for a very long time...
+
+Change-Id: I9aa63d18e54a8254133adf97bf757c03d6b66757
+---
+ server/TetherController.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/server/TetherController.cpp b/server/TetherController.cpp
+index 325fc413..7b106933 100644
+--- a/server/TetherController.cpp
+++ b/server/TetherController.cpp
+@@ -719,7 +719,7 @@ int TetherController::setForwardRules(bool add, const char *intIface, const char
+         "*raw\n"
+         "%s %s -i %s -m rpfilter --invert ! -s fe80::/64 -j DROP\n"
+         "COMMIT\n", op, LOCAL_RAW_PREROUTING, intIface);
+-    if (iptablesRestoreFunction(V6, rpfilterCmd, nullptr) == -1 && add) {
+    if (iptablesRestoreFunction(V6, rpfilterCmd, nullptr) == -1 && add && false) {
+         return -EREMOTEIO;
+     }
+ 
+-- 
+2.29.2
+
--- a/patches_treble_phh/platform_system_netd/0003-Don-t-fail-on-FTP-conntracking-failing.patch
+++ b/patches_treble_phh/platform_system_netd/0003-Don-t-fail-on-FTP-conntracking-failing.patch
@@ -0,0 +1,45 @@
+From 0db2b933659bb71fc5873dd09b1d2be5ce8843ca Mon Sep 17 00:00:00 2001
+From: Pierre-Hugues Husson <phh@phh.me>
+Date: Mon, 29 Jul 2019 18:09:12 +0200
+Subject: [PATCH 3/3] Don't fail on FTP conntracking failing
+
+The issue has been seen on some Samsung devices.
+See https://github.com/phhusson/treble_experimentations/issues/425
+
+Thanks @zamrih for pin-pointing the issue and validating fix
+
+Change-Id: I3d9c865eb5a4b421f9983210c2ceae62b4906234
+---
+ server/TetherController.cpp | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/server/TetherController.cpp b/server/TetherController.cpp
+index 7b106933..0c666b9c 100644
+--- a/server/TetherController.cpp
+++ b/server/TetherController.cpp
+@@ -723,13 +723,19 @@ int TetherController::setForwardRules(bool add, const char *intIface, const char
+         return -EREMOTEIO;
+     }
+ 
+-    std::vector<std::string> v4 = {
+    std::vector<std::string> v4Ftp = {
+             "*raw",
+-            StringPrintf("%s %s -p tcp --dport 21 -i %s -j CT --helper ftp", op,
+-                         LOCAL_RAW_PREROUTING, intIface),
+            StringPrintf("%s %s -p tcp --dport 21 -i %s -j CT --helper ftp",
+                            op, LOCAL_RAW_PREROUTING, intIface),
+             StringPrintf("%s %s -p tcp --dport 1723 -i %s -j CT --helper pptp", op,
+                          LOCAL_RAW_PREROUTING, intIface),
+             "COMMIT",
+    };
+    if(iptablesRestoreFunction(V4, Join(v4Ftp, '\n'), nullptr) == -1) {
+            ALOGE("Failed adding iptables CT target on FTP.");
+    }
+
+    std::vector<std::string> v4 = {
+             "*filter",
+             StringPrintf("%s %s -i %s -o %s -m state --state ESTABLISHED,RELATED -g %s", op,
+                          LOCAL_FORWARD, extIface, intIface, LOCAL_TETHER_COUNTERS_CHAIN),
+-- 
+2.29.2
+