Initial unified commit for Android 13, with TrebleDroid GSI target, syncing up to 20221111

2022-11-11 12:27:50 +00:00
commit cd68e3dcbc
197 changed files with 127907 additions and 0 deletions
--- a/patches_treble_td/platform_system_netd/0001-Huawei-Kirin-960-accept-broken-rpfilter-match.patch
+++ b/patches_treble_td/platform_system_netd/0001-Huawei-Kirin-960-accept-broken-rpfilter-match.patch
@@ -0,0 +1,29 @@
+From 8abdea794dc877369f57b92a503ba731b55c47e0 Mon Sep 17 00:00:00 2001
+From: Pierre-Hugues Husson <phh@phh.me>
+Date: Mon, 2 Jul 2018 22:01:43 +0200
+Subject: [PATCH 1/4] Huawei Kirin 960:: accept broken rpfilter match
+
+How bad a security flaw is this?
+People lived with rpfilter on IPv4 for a very long time...
+
+Change-Id: I9aa63d18e54a8254133adf97bf757c03d6b66757
+---
+ server/TetherController.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/server/TetherController.cpp b/server/TetherController.cpp
+index 79193574..d867cea4 100644
+--- a/server/TetherController.cpp
+++ b/server/TetherController.cpp
+@@ -718,7 +718,7 @@ int TetherController::setForwardRules(bool add, const char *intIface, const char
+         "*raw\n"
+         "%s %s -i %s -m rpfilter --invert ! -s fe80::/64 -j DROP\n"
+         "COMMIT\n", op, LOCAL_RAW_PREROUTING, intIface);
+-    if (iptablesRestoreFunction(V6, rpfilterCmd, nullptr) == -1 && add) {
+    if (iptablesRestoreFunction(V6, rpfilterCmd, nullptr) == -1 && add && false) {
+         return -EREMOTEIO;
+     }
+ 
+-- 
+2.25.1
+
--- a/patches_treble_td/platform_system_netd/0002-Don-t-fail-on-FTP-conntracking-failing.patch
+++ b/patches_treble_td/platform_system_netd/0002-Don-t-fail-on-FTP-conntracking-failing.patch
@@ -0,0 +1,45 @@
+From 104c6cdefdb3f4a17201a117f53a6c5cc779d0fe Mon Sep 17 00:00:00 2001
+From: Pierre-Hugues Husson <phh@phh.me>
+Date: Mon, 29 Jul 2019 18:09:12 +0200
+Subject: [PATCH 2/4] Don't fail on FTP conntracking failing
+
+The issue has been seen on some Samsung devices.
+See https://github.com/phhusson/treble_experimentations/issues/425
+
+Thanks @zamrih for pin-pointing the issue and validating fix
+
+Change-Id: I3d9c865eb5a4b421f9983210c2ceae62b4906234
+---
+ server/TetherController.cpp | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/server/TetherController.cpp b/server/TetherController.cpp
+index d867cea4..00c979d8 100644
+--- a/server/TetherController.cpp
+++ b/server/TetherController.cpp
+@@ -722,13 +722,19 @@ int TetherController::setForwardRules(bool add, const char *intIface, const char
+         return -EREMOTEIO;
+     }
+ 
+-    std::vector<std::string> v4 = {
+    std::vector<std::string> v4Ftp = {
+             "*raw",
+-            StringPrintf("%s %s -p tcp --dport 21 -i %s -j CT --helper ftp", op,
+-                         LOCAL_RAW_PREROUTING, intIface),
+            StringPrintf("%s %s -p tcp --dport 21 -i %s -j CT --helper ftp",
+                            op, LOCAL_RAW_PREROUTING, intIface),
+             StringPrintf("%s %s -p tcp --dport 1723 -i %s -j CT --helper pptp", op,
+                          LOCAL_RAW_PREROUTING, intIface),
+             "COMMIT",
+    };
+    if(iptablesRestoreFunction(V4, Join(v4Ftp, '\n'), nullptr) == -1) {
+            ALOGE("Failed adding iptables CT target on FTP.");
+    }
+
+    std::vector<std::string> v4 = {
+             "*filter",
+             StringPrintf("%s %s -i %s -o %s -m state --state ESTABLISHED,RELATED -g %s", op,
+                          LOCAL_FORWARD, extIface, intIface, LOCAL_TETHER_COUNTERS_CHAIN),
+-- 
+2.25.1
+
--- a/patches_treble_td/platform_system_netd/0003-Support-no-bpf-usecase.patch
+++ b/patches_treble_td/platform_system_netd/0003-Support-no-bpf-usecase.patch
@@ -0,0 +1,26 @@
+From 7589d17c5e40e3772315d4800408ccf3af28532e Mon Sep 17 00:00:00 2001
+From: ChonDoit <thphantomblog@gmail.com>
+Date: Fri, 7 Oct 2022 02:43:21 +0000
+Subject: [PATCH 3/4] Support no-bpf usecase
+
+Change-Id: Ic759e2cfaf11705169a4a6b677b0e5aca26907b3
+---
+ server/Controllers.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/server/Controllers.cpp b/server/Controllers.cpp
+index 00ee186d..faa6f135 100644
+--- a/server/Controllers.cpp
+++ b/server/Controllers.cpp
+@@ -284,7 +284,7 @@ void Controllers::init() {
+         // As such simply exit netd.  This may crash loop the system, but by failing
+         // to bootup we will trigger rollback and thus this offers us protection against
+         // a mainline update breaking things.
+-        exit(1);
+        // exit(1);
+     }
+     gLog.info("Enabling bandwidth control: %" PRId64 "us", s.getTimeAndResetUs());
+ 
+-- 
+2.25.1
+
--- a/patches_treble_td/platform_system_netd/0004-Don-t-abort-in-case-of-cgroup-bpf-setup-fail-since-s.patch
+++ b/patches_treble_td/platform_system_netd/0004-Don-t-abort-in-case-of-cgroup-bpf-setup-fail-since-s.patch
@@ -0,0 +1,26 @@
+From a8b60ea84a6cb7298e05a915373e5abeb1a44b8d Mon Sep 17 00:00:00 2001
+From: Pierre-Hugues Husson <phh@phh.me>
+Date: Wed, 26 Oct 2022 18:13:56 -0400
+Subject: [PATCH 4/4] Don't abort in case of cgroup/bpf setup fail, since some
+ devices dont have BPF
+
+---
+ server/main.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/server/main.cpp b/server/main.cpp
+index 0e81d4e5..18287d37 100644
+--- a/server/main.cpp
+++ b/server/main.cpp
+@@ -134,7 +134,7 @@ int main() {
+ 
+     if (libnetd_updatable_init(cg2_path.c_str())) {
+         ALOGE("libnetd_updatable_init failed");
+-        exit(1);
+        //exit(1);
+     }
+     gLog.info("libnetd_updatable_init success");
+ 
+-- 
+2.25.1
+