├── .gitignore ├── LICENSE ├── NOTICE ├── README.md ├── RILDefender-App ├── README.md ├── app │ ├── .gitignore │ ├── build.gradle │ ├── proguard-rules.pro │ └── src │ │ ├── androidTest │ │ └── java │ │ │ └── com │ │ │ └── seclab │ │ │ └── rildefender │ │ │ └── ExampleInstrumentedTest.java │ │ ├── main │ │ ├── AndroidManifest.xml │ │ ├── java │ │ │ └── com │ │ │ │ └── seclab │ │ │ │ └── rildefender │ │ │ │ ├── BootReceiver.java │ │ │ │ ├── UI │ │ │ │ ├── AlertActivity.java │ │ │ │ ├── ListenService.java │ │ │ │ ├── RecyclerViewAdapter.java │ │ │ │ ├── SMSHistoryActivity.java │ │ │ │ └── SettingsActivity.java │ │ │ │ └── Util │ │ │ │ ├── BatteryUtil.java │ │ │ │ ├── FileUtil.java │ │ │ │ ├── NumUtil.java │ │ │ │ └── a.yaml │ │ └── res │ │ │ ├── drawable-v24 │ │ │ └── ic_launcher_foreground.xml │ │ │ ├── drawable │ │ │ └── ic_launcher_background.xml │ │ │ ├── layout │ │ │ ├── activity_smshistory.xml │ │ │ ├── recyclerview_item.xml │ │ │ └── settings_activity.xml │ │ │ ├── mipmap-anydpi-v26 │ │ │ ├── ic_launcher.xml │ │ │ └── ic_launcher_round.xml │ │ │ ├── mipmap-hdpi │ │ │ ├── ic_launcher.webp │ │ │ └── ic_launcher_round.webp │ │ │ ├── mipmap-mdpi │ │ │ ├── ic_launcher.webp │ │ │ └── ic_launcher_round.webp │ │ │ ├── mipmap-xhdpi │ │ │ ├── ic_launcher.webp │ │ │ └── ic_launcher_round.webp │ │ │ ├── mipmap-xxhdpi │ │ │ ├── ic_launcher.webp │ │ │ └── ic_launcher_round.webp │ │ │ ├── mipmap-xxxhdpi │ │ │ ├── ic_launcher.webp │ │ │ └── ic_launcher_round.webp │ │ │ ├── values-night │ │ │ └── themes.xml │ │ │ ├── values │ │ │ ├── arrays.xml │ │ │ ├── colors.xml │ │ │ ├── dimens.xml │ │ │ ├── strings.xml │ │ │ └── themes.xml │ │ │ └── xml │ │ │ └── root_preferences.xml │ │ └── test │ │ └── java │ │ └── com │ │ └── seclab │ │ └── rildefender │ │ └── ExampleUnitTest.java ├── build.gradle ├── gradle.properties ├── gradle │ └── wrapper │ │ ├── gradle-wrapper.jar │ │ └── gradle-wrapper.properties ├── gradlew ├── gradlew.bat ├── local.properties └── settings.gradle ├── figure └── framework.png ├── patch_apply.py ├── patches_aosp10_QP1A.190711.019 ├── CatService.java_20600f6f1310f201ebf93d57cd3f7b81.patch ├── CdmaSMSDispatcher.java_008afc620ea92bf8eadf40cc15f9655a.patch ├── CellState.java_14349550551512b900d4fee5b73cf95e ├── GsmCdmaCallTracker.java_0a5ee11d7fcec7a5f88b8280dc853546.patch ├── GsmCdmaPhone.java_e002658140004c67f46d4bdc38209b0b.patch ├── GsmInboundSmsHandler.java_b9c68ceb12f68c18b3900a510192d59c.patch ├── GsmSMSDispatcher.java_292e35150445fc22447bccd3b550b387.patch ├── IccSmsInterfaceManager.java_bf91d2fa2cdd5cb4878de3b40ff0d4be.patch ├── InboundSmsHandler.java_b0372367f50e5700e4af5e54e28ce55b.patch ├── ProcessUtil.java_128b0e8735f62106f9a77dbd17a91913 ├── RILDefender.java_250089e2004f92f995a2c22ec7fed754 ├── RILSigEvaluator.java_0f4ce652591a0441498a19a272828472 ├── ServiceStateTracker.java_a1b01718a1f36e5c7371c10511dd819e.patch ├── SmsMessage.java_080ef0ef07638afeb4fe20d1a4013046.patch └── meta.txt ├── patches_aosp11_RQ3A.211001.001 ├── CatService.java_8b2af55c6792c6cdd49e64ae91b38c36.patch ├── CdmaSMSDispatcher.java_302b1f560c71332c062805c3544ce370.patch ├── CellState.java_14349550551512b900d4fee5b73cf95e ├── GsmCdmaCallTracker.java_1d45d95cdf0db2358de956e373ec9f19.patch ├── GsmCdmaPhone.java_1f1b055deeab662128d628a2f325a7f8.patch ├── GsmInboundSmsHandler.java_8cadedf4c747207034fcc9d20fdd2839.patch ├── GsmSMSDispatcher.java_b85fe96bea73c5322ae74241dea8f803.patch ├── IccSmsInterfaceManager.java_edb7711b9500ac479a2651eca825bfbb.patch ├── InboundSmsHandler.java_2ba09879c6e2bbae270e31e7e73dff79.patch ├── ProcessUtil.java_128b0e8735f62106f9a77dbd17a91913 ├── RILDefender.java_250089e2004f92f995a2c22ec7fed754 ├── RILSigEvaluator.java_0f4ce652591a0441498a19a272828472 ├── ServiceStateTracker.java_f9ae7faca9f0f7a041629af4162ec0d9.patch ├── SmsMessage.java_4cc5078e2d7006112b4ab26f67566bd7.patch └── meta.txt ├── patches_aosp12_SQ1A.220205.002 ├── CatService.java_6deec1d05c88cce49eb8d4767b38990b.patch ├── CdmaSMSDispatcher.java_11a82dc4e36f3a8a63e85ad7a3af5af3.patch ├── CellState.java_14349550551512b900d4fee5b73cf95e ├── GsmCdmaCallTracker.java_6a1f95b078beeabebd280b7ad75a65f9.patch ├── GsmCdmaPhone.java_628f6875d8d9b56b89f89362cbf0bc28.patch ├── GsmInboundSmsHandler.java_8a74fac0ef902b3bc61d6be1c1509e2f.patch ├── GsmSMSDispatcher.java_64181c1058f48719ce15498e1930f2d7.patch ├── IccSmsInterfaceManager.java_f3d26758dd36adb606113ea059dde3d6.patch ├── InboundSmsHandler.java_f3006eaed4667e0496e84adee3a4cd15.patch ├── ProcessUtil.java_128b0e8735f62106f9a77dbd17a91913 ├── RILDefender.java_250089e2004f92f995a2c22ec7fed754 ├── RILSigEvaluator.java_0f4ce652591a0441498a19a272828472 ├── ServiceStateTracker.java_a0330c74609ffa8cd4e8e668a1237fe3.patch ├── SmsMessage.java_7cc617549b124faa9b8dc96c0275ddd6.patch └── meta.txt ├── patches_aosp13_TP1A.221005.002 ├── CatService.java_6deec1d05c88cce49eb8d4767b38990b.patch ├── CdmaSMSDispatcher.java_a762c354b9c40f0b1773affe9fa250a5.patch ├── CellState.java_14349550551512b900d4fee5b73cf95e ├── GsmCdmaCallTracker.java_ff7dd4e185e93dd9891a22e7c86f8509.patch ├── GsmCdmaPhone.java_098a979c9becf810cc7005796838c4a2.patch ├── GsmInboundSmsHandler.java_d1a4119880235204a5a796a71e0c9bc7.patch ├── GsmSMSDispatcher.java_d5a0f1fd07fa8ff248c576bce9f939d8.patch ├── IccSmsInterfaceManager.java_0273a9db952e69cf84e2beae2f805aad.patch ├── InboundSmsHandler.java_71007d21790c91c588220f0a099978f5.patch ├── ProcessUtil.java_128b0e8735f62106f9a77dbd17a91913 ├── RILDefender.java_250089e2004f92f995a2c22ec7fed754 ├── RILSigEvaluator.java_0f4ce652591a0441498a19a272828472 ├── ServiceStateTracker.java_a4576dc529d3ac175b6bb427d05ed276.patch ├── SignalStrengthController.java_a8f2767ed50b3d36ac8cd185407846ee.patch ├── SmsMessage.java_7cc617549b124faa9b8dc96c0275ddd6.patch └── meta.txt └── prebuild └── RILDefender.apk /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | .idea 3 | RILDefender-App/.idea/ 4 | -------------------------------------------------------------------------------- /NOTICE: -------------------------------------------------------------------------------- 1 | Copyright 2023 SecLab@OSU and CSL@SRI International 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | -------------------------------------------------------------------------------- /RILDefender-App/README.md: -------------------------------------------------------------------------------- 1 | # RILDefender-App 2 | 3 | ## Introduction 4 | 5 | This folder hosts the source code of the RILDefender app. This app has been tested from [Android API level](https://developer.android.com/studio/releases/platforms) 25 (Android 7.1) to API level 33 (Android 13). The major functions of this app are: 6 | 7 | - Configure security level for each attack, including: 8 | - Block and Notify 9 | - Block without Notify 10 | - Notify only 11 | - Allow 12 | - Receive real-time alerts for attack events 13 | - Configure user-defined attack signatures 14 | 15 | ## Compilation and Installation 16 | 17 | The RILDefender app source code is built using the [Gradle wrapper](https://docs.gradle.org/current/userguide/gradle_wrapper.html). You can either directly import this folder with [Android Studio](https://developer.android.com/studio) or [build from the command line](https://developer.android.com/studio/build/building-cmdline). 18 | 19 | After compilation, you can easily use the Android Studio UI to install it to your Android device or use tools such as [adb](https://developer.android.com/studio/command-line/adb). 20 | 21 | 22 | ## Required Permissions 23 | 24 | The RILDefender app is root-free, and requires the following permissions (declared in [AndroidManifest.xml](./app/src/main/AndroidManifest.xml)) with justifications: 25 | 26 | - `android.permission.FOREGROUND_SERVICE` to run the RILDefender notification service 27 | - `android.permission.POST_NOTIFICATIONS` to post notifications 28 | - `android.permission.WRITE_EXTERNAL_STORAGE` to store reported SMS events in local storage 29 | - `android.permission.READ_EXTERNAL_STORAGE` to read stored SMS events and user-defined signatures 30 | -------------------------------------------------------------------------------- /RILDefender-App/app/.gitignore: -------------------------------------------------------------------------------- 1 | /build 2 | /.idea -------------------------------------------------------------------------------- /RILDefender-App/app/build.gradle: -------------------------------------------------------------------------------- 1 | plugins { 2 | id 'com.android.application' 3 | } 4 | 5 | android { 6 | compileSdk 33 7 | 8 | defaultConfig { 9 | applicationId "com.seclab.rildefender" 10 | minSdk 25 11 | targetSdk 33 12 | versionCode 1 13 | versionName "1.0" 14 | 15 | // testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner" 16 | } 17 | 18 | buildTypes { 19 | release { 20 | minifyEnabled false 21 | proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro' 22 | } 23 | 24 | debug { 25 | minifyEnabled true 26 | proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro' 27 | } 28 | } 29 | compileOptions { 30 | sourceCompatibility JavaVersion.VERSION_1_8 31 | targetCompatibility JavaVersion.VERSION_1_8 32 | } 33 | compileSdkVersion 33 34 | buildToolsVersion '32.0.0' 35 | buildFeatures { 36 | viewBinding true 37 | } 38 | } 39 | 40 | dependencies { 41 | 42 | implementation 'androidx.appcompat:appcompat:1.2.0' 43 | implementation 'com.google.android.material:material:1.3.0' 44 | implementation 'androidx.preference:preference:1.1.1' 45 | implementation 'androidx.legacy:legacy-support-v4:1.0.0' 46 | implementation 'androidx.recyclerview:recyclerview:1.2.1' 47 | implementation 'androidx.constraintlayout:constraintlayout:2.1.4' 48 | implementation 'org.yaml:snakeyaml:1.18:android' 49 | // testImplementation 'junit:junit:4.+' 50 | // androidTestImplementation 'androidx.test.ext:junit:1.1.2' 51 | // androidTestImplementation 'androidx.test.espresso:espresso-core:3.3.0' 52 | } -------------------------------------------------------------------------------- /RILDefender-App/app/proguard-rules.pro: -------------------------------------------------------------------------------- 1 | # Add project specific ProGuard rules here. 2 | # You can control the set of applied configuration files using the 3 | # proguardFiles setting in build.gradle. 4 | # 5 | # For more details, see 6 | # http://developer.android.com/guide/developing/tools/proguard.html 7 | 8 | # If your project uses WebView with JS, uncomment the following 9 | # and specify the fully qualified class name to the JavaScript interface 10 | # class: 11 | #-keepclassmembers class fqcn.of.javascript.interface.for.webview { 12 | # public *; 13 | #} 14 | 15 | # Uncomment this to preserve the line number information for 16 | # debugging stack traces. 17 | #-keepattributes SourceFile,LineNumberTable 18 | 19 | # If you keep the line number information, uncomment this to 20 | # hide the original source file name. 21 | #-renamesourcefileattribute SourceFile -------------------------------------------------------------------------------- /RILDefender-App/app/src/androidTest/java/com/seclab/rildefender/ExampleInstrumentedTest.java: -------------------------------------------------------------------------------- 1 | package com.seclab.rildefender; 2 | 3 | import android.content.Context; 4 | 5 | import androidx.test.platform.app.InstrumentationRegistry; 6 | import androidx.test.ext.junit.runners.AndroidJUnit4; 7 | 8 | import org.junit.Test; 9 | import org.junit.runner.RunWith; 10 | 11 | import static org.junit.Assert.*; 12 | 13 | /** 14 | * Instrumented test, which will execute on an Android device. 15 | * 16 | * @see Testing documentation 17 | */ 18 | @RunWith(AndroidJUnit4.class) 19 | public class ExampleInstrumentedTest { 20 | @Test 21 | public void useAppContext() { 22 | // Context of the app under test. 23 | Context appContext = InstrumentationRegistry.getInstrumentation().getTargetContext(); 24 | assertEquals("com.seclab.rilmediator", appContext.getPackageName()); 25 | } 26 | } -------------------------------------------------------------------------------- /RILDefender-App/app/src/main/AndroidManifest.xml: -------------------------------------------------------------------------------- 1 | 2 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 20 | 23 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 50 | 51 | 52 | 53 | 54 | -------------------------------------------------------------------------------- /RILDefender-App/app/src/main/java/com/seclab/rildefender/BootReceiver.java: -------------------------------------------------------------------------------- 1 | package com.seclab.rildefender; 2 | 3 | import android.app.Service; 4 | import android.content.BroadcastReceiver; 5 | import android.content.Context; 6 | import android.content.Intent; 7 | import android.content.ComponentName; 8 | 9 | import com.seclab.rildefender.UI.ListenService; 10 | import com.seclab.rildefender.UI.SettingsActivity; 11 | 12 | public class BootReceiver extends BroadcastReceiver { 13 | 14 | @Override 15 | public void onReceive(Context context, Intent intent) { 16 | if (intent.getAction().equals(Intent.ACTION_BOOT_COMPLETED)) { 17 | Intent i = new Intent(context, ListenService.class); 18 | context.startService(i); 19 | } 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /RILDefender-App/app/src/main/java/com/seclab/rildefender/UI/AlertActivity.java: -------------------------------------------------------------------------------- 1 | package com.seclab.rildefender.UI; 2 | 3 | import static com.seclab.rildefender.UI.SettingsActivity.type2Str; 4 | 5 | import android.app.Activity; 6 | import android.app.AlertDialog; 7 | import android.content.DialogInterface; 8 | import android.content.Intent; 9 | import android.os.Bundle; 10 | 11 | import androidx.annotation.Nullable; 12 | 13 | public class AlertActivity extends Activity { 14 | 15 | @Override 16 | protected void onCreate(@Nullable Bundle savedInstanceState) { 17 | super.onCreate(savedInstanceState); 18 | 19 | Intent intent = getIntent(); 20 | String content = intent.getStringExtra("content"); 21 | String source = intent.getStringExtra("source"); 22 | String type = intent.getStringExtra("type"); 23 | 24 | AlertDialog.Builder builder1 = new AlertDialog.Builder(this); 25 | builder1.setTitle("Warning! Suspicious SMS received!"); 26 | builder1.setCancelable(true); 27 | 28 | builder1.setPositiveButton( 29 | "OK", 30 | new DialogInterface.OnClickListener() { 31 | public void onClick(DialogInterface dialog, int id) { 32 | dialog.cancel(); 33 | finish(); 34 | } 35 | }); 36 | 37 | 38 | // builder1.setNegativeButton( 39 | // "No", 40 | // new DialogInterface.OnClickListener() { 41 | // public void onClick(DialogInterface dialog, int id) { 42 | // dialog.cancel(); 43 | // } 44 | // }); 45 | 46 | 47 | String securityLevel = SettingsActivity.getSpValue(type); 48 | 49 | 50 | if (securityLevel.equals("Notify Me")) { 51 | builder1.setMessage(type2Str(type) + " received from " + source + "\nSMS Content: " + content); 52 | AlertDialog alert11 = builder1.create(); 53 | alert11.show(); 54 | } 55 | else if (securityLevel.equals("Block and Notify Me")) { 56 | builder1.setMessage(type2Str(type) + " has been blocked from " + source + "\nSMS Content: " + content); 57 | AlertDialog alert11 = builder1.create(); 58 | alert11.show(); 59 | } 60 | 61 | } 62 | 63 | @Override 64 | public void finish() { 65 | super.finish(); 66 | } 67 | } 68 | -------------------------------------------------------------------------------- /RILDefender-App/app/src/main/java/com/seclab/rildefender/UI/RecyclerViewAdapter.java: -------------------------------------------------------------------------------- 1 | package com.seclab.rildefender.UI; 2 | 3 | import android.content.Context; 4 | import android.view.LayoutInflater; 5 | import android.view.View; 6 | import android.view.ViewGroup; 7 | import android.widget.TextView; 8 | 9 | import androidx.annotation.NonNull; 10 | import androidx.recyclerview.widget.RecyclerView; 11 | 12 | import com.seclab.rildefender.R; 13 | 14 | public class RecyclerViewAdapter extends RecyclerView.Adapter { 15 | 16 | private String[] mData; 17 | private LayoutInflater mInflater; 18 | private ItemClickListener mClickListener; 19 | 20 | // data is passed into the constructor 21 | RecyclerViewAdapter(Context context, String[] data) { 22 | this.mInflater = LayoutInflater.from(context); 23 | this.mData = data; 24 | } 25 | 26 | // inflates the cell layout from xml when needed 27 | @Override 28 | @NonNull 29 | public ViewHolder onCreateViewHolder(@NonNull ViewGroup parent, int viewType) { 30 | View view = mInflater.inflate(R.layout.recyclerview_item, parent, false); 31 | return new ViewHolder(view); 32 | } 33 | 34 | @Override 35 | public void onBindViewHolder(@NonNull ViewHolder holder, int position) { 36 | holder.myTextView.setText(mData[position]); 37 | } 38 | 39 | // total number of cells 40 | @Override 41 | public int getItemCount() { 42 | return mData.length; 43 | } 44 | 45 | 46 | // stores and recycles views as they are scrolled off screen 47 | public class ViewHolder extends RecyclerView.ViewHolder implements View.OnClickListener { 48 | TextView myTextView; 49 | 50 | ViewHolder(View itemView) { 51 | super(itemView); 52 | myTextView = itemView.findViewById(R.id.info_text); 53 | itemView.setOnClickListener(this); 54 | } 55 | 56 | @Override 57 | public void onClick(View view) { 58 | if (mClickListener != null) mClickListener.onItemClick(view, getAdapterPosition()); 59 | } 60 | } 61 | 62 | // convenience method for getting data at click position 63 | String getItem(int id) { 64 | return mData[id]; 65 | } 66 | 67 | // allows clicks events to be caught 68 | void setClickListener(ItemClickListener itemClickListener) { 69 | this.mClickListener = itemClickListener; 70 | } 71 | 72 | // parent activity will implement this method to respond to click events 73 | public interface ItemClickListener { 74 | void onItemClick(View view, int position); 75 | } 76 | } 77 | -------------------------------------------------------------------------------- /RILDefender-App/app/src/main/java/com/seclab/rildefender/UI/SMSHistoryActivity.java: -------------------------------------------------------------------------------- 1 | package com.seclab.rildefender.UI; 2 | 3 | import androidx.appcompat.app.AppCompatActivity; 4 | import androidx.recyclerview.widget.GridLayoutManager; 5 | import androidx.recyclerview.widget.LinearLayoutManager; 6 | import androidx.recyclerview.widget.RecyclerView; 7 | 8 | import android.graphics.Rect; 9 | import android.os.Bundle; 10 | import android.view.View; 11 | 12 | import com.seclab.rildefender.R; 13 | import com.seclab.rildefender.Util.FileUtil; 14 | 15 | import org.json.JSONArray; 16 | import org.json.JSONException; 17 | import org.json.JSONObject; 18 | 19 | import java.text.SimpleDateFormat; 20 | import java.util.ArrayList; 21 | import java.util.Date; 22 | import java.util.List; 23 | 24 | public class SMSHistoryActivity extends AppCompatActivity { 25 | 26 | private RecyclerViewAdapter adapter; 27 | public List smsEvents = new ArrayList<>(); 28 | 29 | @Override 30 | protected void onCreate(Bundle savedInstanceState) { 31 | super.onCreate(savedInstanceState); 32 | setContentView(R.layout.activity_smshistory); 33 | 34 | loadSmsEvents(); 35 | 36 | // set up the RecyclerView 37 | RecyclerView recyclerView = findViewById(R.id.sms_event); 38 | int numberOfColumns = 6; // Time, SMS type, src, dst, content, PDU 39 | 40 | String[] data = new String[(smsEvents.size()+1) * numberOfColumns]; 41 | int counter = 0; 42 | // headers 43 | data[counter++] = "Time"; 44 | data[counter++] = "Type"; 45 | data[counter++] = "Source"; 46 | data[counter++] = "Destination"; 47 | data[counter++] = "Content"; 48 | data[counter++] = "PDU"; 49 | for (JSONObject event: smsEvents) { 50 | try { 51 | data[counter++] = tsToDate(event.getLong("Time")); 52 | data[counter++] = event.getString("Type"); 53 | if (event.has("Source")) 54 | data[counter++] = event.getString("Source"); 55 | else 56 | data[counter++] = ""; 57 | if (event.has("Dest")) 58 | data[counter++] = event.getString("Dest"); 59 | else 60 | data[counter++] = ""; 61 | if (event.has("Content")) 62 | data[counter++] = event.getString("Content"); 63 | else 64 | data[counter++] = ""; 65 | if (event.has("Pdu")) 66 | data[counter++] = event.getString("Pdu"); 67 | else 68 | data[counter++] = ""; 69 | } catch (JSONException e) { 70 | e.printStackTrace(); 71 | } 72 | } 73 | 74 | // recyclerView.setLayoutManager(new GridLayoutManager(this, numberOfColumns, LinearLayoutManager.VERTICAL, false)); 75 | // GridLayoutManager gridLayoutManager = new GridLayoutManager(this, numberOfColumns, LinearLayoutManager.VERTICAL, false); 76 | GridLayoutManager gridLayoutManager = new GridLayoutManager(this, numberOfColumns); 77 | // recyclerView.setHasFixedSize(true); 78 | 79 | recyclerView.setLayoutManager(gridLayoutManager); 80 | 81 | adapter = new RecyclerViewAdapter(this, data); 82 | recyclerView.setAdapter(adapter); 83 | } 84 | 85 | public void loadSmsEvents() { 86 | JSONArray jsonArray = FileUtil.readSMSEventsFromFile(this.getApplicationContext()); 87 | if (jsonArray == null) 88 | return; 89 | for (int i=0; i>> 4]; 11 | hexChars[j * 2 + 1] = HEX_ARRAY[v & 0x0F]; 12 | } 13 | return new String(hexChars); 14 | } 15 | 16 | } 17 | -------------------------------------------------------------------------------- /RILDefender-App/app/src/main/java/com/seclab/rildefender/Util/a.yaml: -------------------------------------------------------------------------------- 1 | 2 | CustomSMS1: 3 | {lvalue: [ 'sms.pid' ], condition: '==', rvalue: 0x20, securityLevel: 1} 4 | 5 | FBSSMS: { lvalue: [ 6 | { lvalue: [ 'bs.ss' ], condition: '>', rvalue: -40}, 7 | { lvalue: [ 'bs.param' ], condition: '==', rvalue: } 8 | ], opcode: [ '|' ], conditon: '==', rvalue: 1} 9 | 10 | MalwareSMS: { lvalue: [ 'sms.src' ], condition: '!=', rvalue: } 11 | 12 | ProactiveSimSMS: { lvalue: [ 'sms.src' ], condition: '==', rvalue: } 13 | 14 | : 15 | lvalue: 16 | OpCode: 17 | condition: 18 | rvalue: 19 | 20 | 21 | 22 | 23 | -------------------------------------------------------------------------------- /RILDefender-App/app/src/main/res/drawable-v24/ic_launcher_foreground.xml: -------------------------------------------------------------------------------- 1 | 7 | 8 | 9 | 15 | 18 | 21 | 22 | 23 | 24 | 30 | -------------------------------------------------------------------------------- /RILDefender-App/app/src/main/res/drawable/ic_launcher_background.xml: -------------------------------------------------------------------------------- 1 | 2 | 7 | 10 | 15 | 20 | 25 | 30 | 35 | 40 | 45 | 50 | 55 | 60 | 65 | 70 | 75 | 80 | 85 | 90 | 95 | 100 | 105 | 110 | 115 | 120 | 125 | 130 | 135 | 140 | 145 | 150 | 155 | 160 | 165 | 170 | 171 | -------------------------------------------------------------------------------- /RILDefender-App/app/src/main/res/layout/activity_smshistory.xml: -------------------------------------------------------------------------------- 1 | 2 | 8 | 9 | 16 | 17 | 21 | 22 | 23 | 24 | -------------------------------------------------------------------------------- /RILDefender-App/app/src/main/res/layout/recyclerview_item.xml: -------------------------------------------------------------------------------- 1 | 2 | 8 | 9 | 14 | 15 | -------------------------------------------------------------------------------- /RILDefender-App/app/src/main/res/layout/settings_activity.xml: -------------------------------------------------------------------------------- 1 | 4 | 5 | 9 | -------------------------------------------------------------------------------- /RILDefender-App/app/src/main/res/mipmap-anydpi-v26/ic_launcher.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | -------------------------------------------------------------------------------- /RILDefender-App/app/src/main/res/mipmap-anydpi-v26/ic_launcher_round.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | -------------------------------------------------------------------------------- /RILDefender-App/app/src/main/res/mipmap-hdpi/ic_launcher.webp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OSUSecLab/RILDefender/bc1662ff0cd9b1fdce58f6a3472f2035b23dfb1e/RILDefender-App/app/src/main/res/mipmap-hdpi/ic_launcher.webp -------------------------------------------------------------------------------- /RILDefender-App/app/src/main/res/mipmap-hdpi/ic_launcher_round.webp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OSUSecLab/RILDefender/bc1662ff0cd9b1fdce58f6a3472f2035b23dfb1e/RILDefender-App/app/src/main/res/mipmap-hdpi/ic_launcher_round.webp -------------------------------------------------------------------------------- /RILDefender-App/app/src/main/res/mipmap-mdpi/ic_launcher.webp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OSUSecLab/RILDefender/bc1662ff0cd9b1fdce58f6a3472f2035b23dfb1e/RILDefender-App/app/src/main/res/mipmap-mdpi/ic_launcher.webp -------------------------------------------------------------------------------- /RILDefender-App/app/src/main/res/mipmap-mdpi/ic_launcher_round.webp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OSUSecLab/RILDefender/bc1662ff0cd9b1fdce58f6a3472f2035b23dfb1e/RILDefender-App/app/src/main/res/mipmap-mdpi/ic_launcher_round.webp -------------------------------------------------------------------------------- /RILDefender-App/app/src/main/res/mipmap-xhdpi/ic_launcher.webp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OSUSecLab/RILDefender/bc1662ff0cd9b1fdce58f6a3472f2035b23dfb1e/RILDefender-App/app/src/main/res/mipmap-xhdpi/ic_launcher.webp -------------------------------------------------------------------------------- /RILDefender-App/app/src/main/res/mipmap-xhdpi/ic_launcher_round.webp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OSUSecLab/RILDefender/bc1662ff0cd9b1fdce58f6a3472f2035b23dfb1e/RILDefender-App/app/src/main/res/mipmap-xhdpi/ic_launcher_round.webp -------------------------------------------------------------------------------- /RILDefender-App/app/src/main/res/mipmap-xxhdpi/ic_launcher.webp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OSUSecLab/RILDefender/bc1662ff0cd9b1fdce58f6a3472f2035b23dfb1e/RILDefender-App/app/src/main/res/mipmap-xxhdpi/ic_launcher.webp -------------------------------------------------------------------------------- /RILDefender-App/app/src/main/res/mipmap-xxhdpi/ic_launcher_round.webp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OSUSecLab/RILDefender/bc1662ff0cd9b1fdce58f6a3472f2035b23dfb1e/RILDefender-App/app/src/main/res/mipmap-xxhdpi/ic_launcher_round.webp -------------------------------------------------------------------------------- /RILDefender-App/app/src/main/res/mipmap-xxxhdpi/ic_launcher.webp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OSUSecLab/RILDefender/bc1662ff0cd9b1fdce58f6a3472f2035b23dfb1e/RILDefender-App/app/src/main/res/mipmap-xxxhdpi/ic_launcher.webp -------------------------------------------------------------------------------- /RILDefender-App/app/src/main/res/mipmap-xxxhdpi/ic_launcher_round.webp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OSUSecLab/RILDefender/bc1662ff0cd9b1fdce58f6a3472f2035b23dfb1e/RILDefender-App/app/src/main/res/mipmap-xxxhdpi/ic_launcher_round.webp -------------------------------------------------------------------------------- /RILDefender-App/app/src/main/res/values-night/themes.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 16 | -------------------------------------------------------------------------------- /RILDefender-App/app/src/main/res/values/arrays.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Allow 5 | Notify Me 6 | Block Automatically 7 | Block and Notify Me 8 | 9 | 10 | 11 | 12 | Reply 13 | Reply to all 14 | 15 | 16 | 17 | reply 18 | reply_all 19 | 20 | -------------------------------------------------------------------------------- /RILDefender-App/app/src/main/res/values/colors.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | #FFBB86FC 4 | #FF6200EE 5 | #FF3700B3 6 | #FF03DAC5 7 | #FF018786 8 | #FF000000 9 | #FFFFFFFF 10 | -------------------------------------------------------------------------------- /RILDefender-App/app/src/main/res/values/dimens.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 16dp 4 | -------------------------------------------------------------------------------- /RILDefender-App/app/src/main/res/values/strings.xml: -------------------------------------------------------------------------------- 1 | 2 | RILDefender 3 | 4 | SettingsActivity 5 | 6 | 7 | RILDefender Settings 8 | Security Level 9 | 10 | Silent SMS 11 | Flash SMS 12 | Binary SMS 13 | Fake Base Station SMS 14 | Malware SMS 15 | Proactive SIM SMS 16 | SMS Whitelist 17 | 18 | App whitelist (process names separated by semicolons) 19 | SMS Alert History 20 | 21 | 22 | -------------------------------------------------------------------------------- /RILDefender-App/app/src/main/res/values/themes.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 16 | -------------------------------------------------------------------------------- /RILDefender-App/app/src/main/res/xml/root_preferences.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 92 | 93 | 94 | 95 | 99 | 100 | 104 | 105 | -------------------------------------------------------------------------------- /RILDefender-App/app/src/test/java/com/seclab/rildefender/ExampleUnitTest.java: -------------------------------------------------------------------------------- 1 | package com.seclab.rildefender; 2 | 3 | import org.junit.Test; 4 | 5 | import static org.junit.Assert.*; 6 | 7 | /** 8 | * Example local unit test, which will execute on the development machine (host). 9 | * 10 | * @see Testing documentation 11 | */ 12 | public class ExampleUnitTest { 13 | @Test 14 | public void addition_isCorrect() { 15 | assertEquals(4, 2 + 2); 16 | } 17 | } -------------------------------------------------------------------------------- /RILDefender-App/build.gradle: -------------------------------------------------------------------------------- 1 | // Top-level build file where you can add configuration options common to all sub-projects/modules. 2 | buildscript { 3 | repositories { 4 | google() 5 | mavenCentral() 6 | } 7 | dependencies { 8 | classpath "com.android.tools.build:gradle:7.0.4" 9 | 10 | // NOTE: Do not place your application dependencies here; they belong 11 | // in the individual module build.gradle files 12 | } 13 | } 14 | 15 | task clean(type: Delete) { 16 | delete rootProject.buildDir 17 | } -------------------------------------------------------------------------------- /RILDefender-App/gradle.properties: -------------------------------------------------------------------------------- 1 | # Project-wide Gradle settings. 2 | # IDE (e.g. Android Studio) users: 3 | # Gradle settings configured through the IDE *will override* 4 | # any settings specified in this file. 5 | # For more details on how to configure your build environment visit 6 | # http://www.gradle.org/docs/current/userguide/build_environment.html 7 | # Specifies the JVM arguments used for the daemon process. 8 | # The setting is particularly useful for tweaking memory settings. 9 | org.gradle.jvmargs=-Xmx2048m -Dfile.encoding=UTF-8 10 | # When configured, Gradle will run in incubating parallel mode. 11 | # This option should only be used with decoupled projects. More details, visit 12 | # http://www.gradle.org/docs/current/userguide/multi_project_builds.html#sec:decoupled_projects 13 | # org.gradle.parallel=true 14 | # AndroidX package structure to make it clearer which packages are bundled with the 15 | # Android operating system, and which are packaged with your app"s APK 16 | # https://developer.android.com/topic/libraries/support-library/androidx-rn 17 | android.useAndroidX=true 18 | # Automatically convert third-party libraries to use AndroidX 19 | android.enableJetifier=true -------------------------------------------------------------------------------- /RILDefender-App/gradle/wrapper/gradle-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OSUSecLab/RILDefender/bc1662ff0cd9b1fdce58f6a3472f2035b23dfb1e/RILDefender-App/gradle/wrapper/gradle-wrapper.jar -------------------------------------------------------------------------------- /RILDefender-App/gradle/wrapper/gradle-wrapper.properties: -------------------------------------------------------------------------------- 1 | #Sat Dec 11 21:18:17 EST 2021 2 | distributionBase=GRADLE_USER_HOME 3 | distributionUrl=https\://services.gradle.org/distributions/gradle-7.0.2-bin.zip 4 | distributionPath=wrapper/dists 5 | zipStorePath=wrapper/dists 6 | zipStoreBase=GRADLE_USER_HOME 7 | -------------------------------------------------------------------------------- /RILDefender-App/gradlew: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | 3 | # 4 | # Copyright 2015 the original author or authors. 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at 9 | # 10 | # https://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | # 18 | 19 | ############################################################################## 20 | ## 21 | ## Gradle start up script for UN*X 22 | ## 23 | ############################################################################## 24 | 25 | # Attempt to set APP_HOME 26 | # Resolve links: $0 may be a link 27 | PRG="$0" 28 | # Need this for relative symlinks. 29 | while [ -h "$PRG" ] ; do 30 | ls=`ls -ld "$PRG"` 31 | link=`expr "$ls" : '.*-> \(.*\)$'` 32 | if expr "$link" : '/.*' > /dev/null; then 33 | PRG="$link" 34 | else 35 | PRG=`dirname "$PRG"`"/$link" 36 | fi 37 | done 38 | SAVED="`pwd`" 39 | cd "`dirname \"$PRG\"`/" >/dev/null 40 | APP_HOME="`pwd -P`" 41 | cd "$SAVED" >/dev/null 42 | 43 | APP_NAME="Gradle" 44 | APP_BASE_NAME=`basename "$0"` 45 | 46 | # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 47 | DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' 48 | 49 | # Use the maximum available, or set MAX_FD != -1 to use that value. 50 | MAX_FD="maximum" 51 | 52 | warn () { 53 | echo "$*" 54 | } 55 | 56 | die () { 57 | echo 58 | echo "$*" 59 | echo 60 | exit 1 61 | } 62 | 63 | # OS specific support (must be 'true' or 'false'). 64 | cygwin=false 65 | msys=false 66 | darwin=false 67 | nonstop=false 68 | case "`uname`" in 69 | CYGWIN* ) 70 | cygwin=true 71 | ;; 72 | Darwin* ) 73 | darwin=true 74 | ;; 75 | MINGW* ) 76 | msys=true 77 | ;; 78 | NONSTOP* ) 79 | nonstop=true 80 | ;; 81 | esac 82 | 83 | CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar 84 | 85 | 86 | # Determine the Java command to use to start the JVM. 87 | if [ -n "$JAVA_HOME" ] ; then 88 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 89 | # IBM's JDK on AIX uses strange locations for the executables 90 | JAVACMD="$JAVA_HOME/jre/sh/java" 91 | else 92 | JAVACMD="$JAVA_HOME/bin/java" 93 | fi 94 | if [ ! -x "$JAVACMD" ] ; then 95 | die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME 96 | 97 | Please set the JAVA_HOME variable in your environment to match the 98 | location of your Java installation." 99 | fi 100 | else 101 | JAVACMD="java" 102 | which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 103 | 104 | Please set the JAVA_HOME variable in your environment to match the 105 | location of your Java installation." 106 | fi 107 | 108 | # Increase the maximum file descriptors if we can. 109 | if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then 110 | MAX_FD_LIMIT=`ulimit -H -n` 111 | if [ $? -eq 0 ] ; then 112 | if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then 113 | MAX_FD="$MAX_FD_LIMIT" 114 | fi 115 | ulimit -n $MAX_FD 116 | if [ $? -ne 0 ] ; then 117 | warn "Could not set maximum file descriptor limit: $MAX_FD" 118 | fi 119 | else 120 | warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" 121 | fi 122 | fi 123 | 124 | # For Darwin, add options to specify how the application appears in the dock 125 | if $darwin; then 126 | GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" 127 | fi 128 | 129 | # For Cygwin or MSYS, switch paths to Windows format before running java 130 | if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then 131 | APP_HOME=`cygpath --path --mixed "$APP_HOME"` 132 | CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` 133 | 134 | JAVACMD=`cygpath --unix "$JAVACMD"` 135 | 136 | # We build the pattern for arguments to be converted via cygpath 137 | ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` 138 | SEP="" 139 | for dir in $ROOTDIRSRAW ; do 140 | ROOTDIRS="$ROOTDIRS$SEP$dir" 141 | SEP="|" 142 | done 143 | OURCYGPATTERN="(^($ROOTDIRS))" 144 | # Add a user-defined pattern to the cygpath arguments 145 | if [ "$GRADLE_CYGPATTERN" != "" ] ; then 146 | OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" 147 | fi 148 | # Now convert the arguments - kludge to limit ourselves to /bin/sh 149 | i=0 150 | for arg in "$@" ; do 151 | CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` 152 | CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option 153 | 154 | if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition 155 | eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` 156 | else 157 | eval `echo args$i`="\"$arg\"" 158 | fi 159 | i=`expr $i + 1` 160 | done 161 | case $i in 162 | 0) set -- ;; 163 | 1) set -- "$args0" ;; 164 | 2) set -- "$args0" "$args1" ;; 165 | 3) set -- "$args0" "$args1" "$args2" ;; 166 | 4) set -- "$args0" "$args1" "$args2" "$args3" ;; 167 | 5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; 168 | 6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; 169 | 7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; 170 | 8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; 171 | 9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; 172 | esac 173 | fi 174 | 175 | # Escape application args 176 | save () { 177 | for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done 178 | echo " " 179 | } 180 | APP_ARGS=`save "$@"` 181 | 182 | # Collect all arguments for the java command, following the shell quoting and substitution rules 183 | eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS" 184 | 185 | exec "$JAVACMD" "$@" 186 | -------------------------------------------------------------------------------- /RILDefender-App/gradlew.bat: -------------------------------------------------------------------------------- 1 | @rem 2 | @rem Copyright 2015 the original author or authors. 3 | @rem 4 | @rem Licensed under the Apache License, Version 2.0 (the "License"); 5 | @rem you may not use this file except in compliance with the License. 6 | @rem You may obtain a copy of the License at 7 | @rem 8 | @rem https://www.apache.org/licenses/LICENSE-2.0 9 | @rem 10 | @rem Unless required by applicable law or agreed to in writing, software 11 | @rem distributed under the License is distributed on an "AS IS" BASIS, 12 | @rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | @rem See the License for the specific language governing permissions and 14 | @rem limitations under the License. 15 | @rem 16 | 17 | @if "%DEBUG%" == "" @echo off 18 | @rem ########################################################################## 19 | @rem 20 | @rem Gradle startup script for Windows 21 | @rem 22 | @rem ########################################################################## 23 | 24 | @rem Set local scope for the variables with windows NT shell 25 | if "%OS%"=="Windows_NT" setlocal 26 | 27 | set DIRNAME=%~dp0 28 | if "%DIRNAME%" == "" set DIRNAME=. 29 | set APP_BASE_NAME=%~n0 30 | set APP_HOME=%DIRNAME% 31 | 32 | @rem Resolve any "." and ".." in APP_HOME to make it shorter. 33 | for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi 34 | 35 | @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 36 | set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m" 37 | 38 | @rem Find java.exe 39 | if defined JAVA_HOME goto findJavaFromJavaHome 40 | 41 | set JAVA_EXE=java.exe 42 | %JAVA_EXE% -version >NUL 2>&1 43 | if "%ERRORLEVEL%" == "0" goto execute 44 | 45 | echo. 46 | echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 47 | echo. 48 | echo Please set the JAVA_HOME variable in your environment to match the 49 | echo location of your Java installation. 50 | 51 | goto fail 52 | 53 | :findJavaFromJavaHome 54 | set JAVA_HOME=%JAVA_HOME:"=% 55 | set JAVA_EXE=%JAVA_HOME%/bin/java.exe 56 | 57 | if exist "%JAVA_EXE%" goto execute 58 | 59 | echo. 60 | echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 61 | echo. 62 | echo Please set the JAVA_HOME variable in your environment to match the 63 | echo location of your Java installation. 64 | 65 | goto fail 66 | 67 | :execute 68 | @rem Setup the command line 69 | 70 | set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar 71 | 72 | 73 | @rem Execute Gradle 74 | "%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %* 75 | 76 | :end 77 | @rem End local scope for the variables with windows NT shell 78 | if "%ERRORLEVEL%"=="0" goto mainEnd 79 | 80 | :fail 81 | rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of 82 | rem the _cmd.exe /c_ return code! 83 | if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 84 | exit /b 1 85 | 86 | :mainEnd 87 | if "%OS%"=="Windows_NT" endlocal 88 | 89 | :omega 90 | -------------------------------------------------------------------------------- /RILDefender-App/local.properties: -------------------------------------------------------------------------------- 1 | ## This file must *NOT* be checked into Version Control Systems, 2 | # as it contains information specific to your local configuration. 3 | # 4 | # Location of the SDK. This is only used by Gradle. 5 | # For customization when using a Version Control System, please read the 6 | # header note. 7 | #Tue Jul 05 21:04:24 EDT 2022 8 | sdk.dir=/Users/Library/Android/sdk 9 | -------------------------------------------------------------------------------- /RILDefender-App/settings.gradle: -------------------------------------------------------------------------------- 1 | dependencyResolutionManagement { 2 | repositoriesMode.set(RepositoriesMode.FAIL_ON_PROJECT_REPOS) 3 | repositories { 4 | google() 5 | mavenCentral() 6 | jcenter() // Warning: this repository is going to shut down soon 7 | } 8 | } 9 | rootProject.name = "RILDefender" 10 | include ':app' 11 | -------------------------------------------------------------------------------- /figure/framework.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OSUSecLab/RILDefender/bc1662ff0cd9b1fdce58f6a3472f2035b23dfb1e/figure/framework.png -------------------------------------------------------------------------------- /patch_apply.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | import os 3 | import shutil 4 | import sys, getopt 5 | 6 | def main(argv): 7 | aosp_folder = "" 8 | patch_folder = "" 9 | try: 10 | opts, args = getopt.getopt(argv, "ha:p:", ["aosp-folder=", "patch-folder="]) 11 | except getopt.GetoptError: 12 | print('Usage: patch_apply.py -a -p ') 13 | sys.exit(2) 14 | if argv.__len__() < 2: 15 | print('Please enter at least two arguments.\nUsage: patch_apply.py -a -p ') 16 | sys.exit(2) 17 | for opt, arg in opts: 18 | if opt == '-h': 19 | print('Usage: patch_apply.py -a -p ') 20 | sys.exit() 21 | elif opt in ("-a", "--aosp-folder"): 22 | aosp_folder = arg 23 | print("AOSP root folder: " + arg) 24 | elif opt in ("-p", "--patch-folder"): 25 | patch_folder = arg 26 | print("Patch folder: " + arg) 27 | 28 | meta_file = os.path.join(patch_folder, "meta.txt") 29 | 30 | if not os.path.exists(meta_file): 31 | print("Meta file not exist!") 32 | else: 33 | with open(meta_file, 'r') as i: 34 | for line in i.readlines(): 35 | action = line.strip().split("\t")[0] 36 | f = line.strip().split("\t")[1] 37 | dest = line.strip().split("\t")[2] 38 | src = os.path.join(patch_folder, f) 39 | dst = os.path.join(aosp_folder, dest) 40 | if action == "ADD": 41 | directory = dst.replace(dst.split("/")[-1], "") 42 | if not os.path.exists(directory): 43 | os.mkdir(directory) 44 | print("Copying %s %s" % (src, dst)) 45 | shutil.copy(src, dst) 46 | elif action == "PATCH": 47 | cmd = "patch -u %s -i %s" % (dst, src) 48 | print("Applying patch: " + cmd) 49 | os.system(cmd) 50 | 51 | 52 | if __name__ == "__main__": 53 | main(sys.argv[1:]) 54 | -------------------------------------------------------------------------------- /patches_aosp10_QP1A.190711.019/CatService.java_20600f6f1310f201ebf93d57cd3f7b81.patch: -------------------------------------------------------------------------------- 1 | --- /home/haohuang/backup/aosp10-QP1A.190711.019/frameworks/opt/telephony/src/java/com/android/internal/telephony/cat/CatService.java 2023-02-17 21:57:22.097246020 +0000 2 | +++ /home/haohuang/aosp10-QP1A.190711.019/frameworks/opt/telephony/src/java/com/android/internal/telephony/cat/CatService.java 2023-02-17 21:07:17.590306619 +0000 3 | @@ -33,6 +33,8 @@ 4 | import android.content.pm.ResolveInfo; 5 | import android.content.res.Configuration; 6 | import android.content.res.Resources.NotFoundException; 7 | +import android.content.BroadcastReceiver; 8 | +import android.content.IntentFilter; 9 | import android.os.AsyncResult; 10 | import android.os.Handler; 11 | import android.os.LocaleList; 12 | @@ -40,6 +42,7 @@ 13 | import android.os.RemoteException; 14 | import android.telephony.SubscriptionManager; 15 | import android.telephony.TelephonyManager; 16 | +import android.telephony.Rlog; 17 | 18 | import com.android.internal.telephony.CommandsInterface; 19 | import com.android.internal.telephony.PhoneConstants; 20 | @@ -53,6 +56,7 @@ 21 | import com.android.internal.telephony.uicc.UiccCardApplication; 22 | import com.android.internal.telephony.uicc.UiccController; 23 | import com.android.internal.telephony.uicc.UiccProfile; 24 | +import com.android.internal.telephony.RILDefender; 25 | 26 | import java.io.ByteArrayOutputStream; 27 | import java.util.List; 28 | @@ -91,6 +95,45 @@ 29 | private static IccRecords mIccRecords; 30 | private static UiccCardApplication mUiccApplication; 31 | 32 | + // RILDefender: broadcast receiver events from baseband monitor 33 | + private BroadcastReceiver mBinarySmsReceiver = new BroadcastReceiver() { 34 | + @Override 35 | + public void onReceive(Context context, Intent intent) { 36 | + if (intent.getAction().equals(RILDefender.ACTION_BINARY_SMS_RECEIVED)) { 37 | + Rlog.d("RILDefender", "Binary SMS received from baseband monitor"); 38 | + String hexData = intent.getStringExtra("data"); 39 | + String source = intent.getStringExtra("source"); 40 | + // notify user 41 | + int blockSwitch = RILDefender.getSp(mContext, RILDefender.SP_NAME_BINARY_SMS); 42 | + if (blockSwitch == RILDefender.AlertLevel.BLOCK_AND_NOTIFY.getValue()) { 43 | + // block and notify 44 | + Rlog.d("RILDefender", "Block binary SMS and notify user"); 45 | + Intent newIntent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 46 | + newIntent.putExtra("type", RILDefender.SP_NAME_BINARY_SMS); 47 | + newIntent.putExtra("source", source); 48 | + newIntent.putExtra("content", hexData); 49 | + context.sendBroadcast(newIntent); 50 | + } 51 | + else if (blockSwitch == RILDefender.AlertLevel.BLOCK.getValue()) { 52 | + // block without notify 53 | + Rlog.d("RILDefender", "Block binary SMS " + hexData); 54 | + return; 55 | + } 56 | + else if (blockSwitch == RILDefender.AlertLevel.NOTIFY.getValue()) { 57 | + // notify only 58 | + Rlog.d("RILDefender", "Notify user for the binary SMS"); 59 | + Intent newIntent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 60 | + newIntent.putExtra("type", RILDefender.SP_NAME_BINARY_SMS); 61 | + newIntent.putExtra("source", source); 62 | + newIntent.putExtra("content", hexData); 63 | + context.sendBroadcast(newIntent); 64 | + } 65 | + 66 | + } 67 | + } 68 | + }; 69 | + 70 | + 71 | // Service members. 72 | // Protects singleton instance lazy initialization. 73 | @UnsupportedAppUsage 74 | @@ -158,6 +201,11 @@ 75 | mContext = context; 76 | mSlotId = slotId; 77 | 78 | + // RILDefender: register broadcast receiver for binary sms event 79 | + IntentFilter newFilter = new IntentFilter(); 80 | + newFilter.addAction(RILDefender.ACTION_BINARY_SMS_RECEIVED); 81 | + context.registerReceiver(mBinarySmsReceiver, newFilter); 82 | + 83 | // Get the RilMessagesDecoder for decoding the messages. 84 | mMsgDecoder = RilMessageDecoder.getInstance(this, fh, slotId); 85 | if (null == mMsgDecoder) { 86 | @@ -542,6 +590,35 @@ 87 | 88 | 89 | private void broadcastCatCmdIntent(CatCmdMessage cmdMsg) { 90 | + int blockSwitch = RILDefender.getSp(mContext, RILDefender.SP_NAME_BINARY_SMS); 91 | + AppInterface.CommandType type = cmdMsg.getCmdType(); 92 | + if (blockSwitch == RILDefender.AlertLevel.BLOCK_AND_NOTIFY.getValue()) { 93 | + // block and notify 94 | + Rlog.d("RILDefender", "Block binary SMS and notify user"); 95 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 96 | + intent.putExtra("type", RILDefender.SP_NAME_BINARY_SMS); 97 | + // TODO: tracking source of a binary SMS initiator 98 | + intent.putExtra("source", ""); 99 | + intent.putExtra("content", cmdMsg.toString()); 100 | + mContext.sendBroadcast(intent); 101 | + return; 102 | + } 103 | + else if (blockSwitch == RILDefender.AlertLevel.BLOCK.getValue()) { 104 | + // block without notify 105 | + Rlog.d("RILDefender", "Block binary SMS " + type); 106 | + } 107 | + else if (blockSwitch == RILDefender.AlertLevel.NOTIFY.getValue()) { 108 | + // notify only 109 | + Rlog.d("RILDefender", "Notify user for the binary SMS"); 110 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 111 | + intent.putExtra("type", RILDefender.SP_NAME_BINARY_SMS); 112 | + intent.putExtra("source", ""); 113 | + intent.putExtra("content", cmdMsg.toString()); 114 | + mContext.sendBroadcast(intent); 115 | + } 116 | + 117 | + // not blocking STK command, proceed as usual 118 | + 119 | Intent intent = new Intent(AppInterface.CAT_CMD_ACTION); 120 | intent.putExtra("STK CMD", cmdMsg); 121 | intent.putExtra("SLOT_ID", mSlotId); 122 | -------------------------------------------------------------------------------- /patches_aosp10_QP1A.190711.019/CdmaSMSDispatcher.java_008afc620ea92bf8eadf40cc15f9655a.patch: -------------------------------------------------------------------------------- 1 | --- /home/haohuang/backup/aosp10-QP1A.190711.019/frameworks/opt/telephony/src/java/com/android/internal/telephony/cdma/CdmaSMSDispatcher.java 2023-02-17 21:57:22.101246061 +0000 2 | +++ /home/haohuang/aosp10-QP1A.190711.019/frameworks/opt/telephony/src/java/com/android/internal/telephony/cdma/CdmaSMSDispatcher.java 2023-02-17 18:21:59.583353379 +0000 3 | @@ -22,6 +22,7 @@ 4 | import android.telephony.ServiceState; 5 | import android.telephony.TelephonyManager; 6 | import android.util.Pair; 7 | +import android.content.Intent; 8 | 9 | import com.android.internal.telephony.GsmCdmaPhone; 10 | import com.android.internal.telephony.Phone; 11 | @@ -33,7 +34,13 @@ 12 | import com.android.internal.telephony.util.SMSDispatcherUtil; 13 | import com.android.internal.telephony.GsmAlphabet.TextEncodingDetails; 14 | import com.android.internal.telephony.SmsMessageBase; 15 | - 16 | +import com.android.internal.telephony.util.ProcessUtil; 17 | +import com.android.internal.telephony.RILDefender; 18 | + 19 | +import android.os.Binder; 20 | +import java.util.HashMap; 21 | +import java.util.List; 22 | +import java.util.ArrayList; 23 | 24 | public class CdmaSMSDispatcher extends SMSDispatcher { 25 | private static final String TAG = "CdmaSMSDispatcher"; 26 | @@ -125,6 +132,100 @@ 27 | + " mUsesImsServiceForIms=" + tracker.mUsesImsServiceForIms 28 | + " SS=" + mPhone.getServiceState().getState()); 29 | 30 | + // RILDefender Intercept SMS sent from suspecious sources 31 | + HashMap map = tracker.getData(); 32 | + byte pdu[] = (byte[]) map.get("pdu"); 33 | + String content = (String) map.get("text"); 34 | + String dest = (String) map.get("destAddr"); 35 | + 36 | + // add SMS to history 37 | + RILDefender.addSms(pdu); 38 | + 39 | + // construct white list for valid SMS senders 40 | + List smsAppName = RILDefender.getValidSources(mContext); 41 | + 42 | + // obtain caller's PID and name 43 | + int callerPid = Binder.getCallingPid(); 44 | + String callerName = ProcessUtil.getAppNameByPID(mContext, callerPid).trim(); 45 | + Rlog.d(TAG, "sending SMS request received from pid = " + callerPid + " " + callerName); 46 | + Rlog.d(TAG, "raw pdu = " + pdu); 47 | + 48 | + // check source 49 | + boolean validSender = false; 50 | + if (callerName != null && smsAppName.contains(callerName)) { 51 | + validSender = true; 52 | + Rlog.d(TAG, "Valid sender = " + validSender); 53 | + } 54 | + else if (callerName.equals(RILDefender.proactive_sim_process)) { 55 | + // We distinguish proactive SIM SMS from malware SMS based on its from the internal telephony process 56 | + int blockSwitch = RILDefender.getSp(mContext, RILDefender.SP_NAME_PROACTIVE_SIM_SMS); 57 | + if (blockSwitch == RILDefender.AlertLevel.BLOCK_AND_NOTIFY.getValue()) { 58 | + // block and notify 59 | + Rlog.d(TAG, "Block proactive SIM SMS and notify user"); 60 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 61 | + intent.putExtra("type", RILDefender.SP_NAME_PROACTIVE_SIM_SMS); 62 | + intent.putExtra("source", callerName); 63 | + intent.putExtra("content", content); 64 | + intent.putExtra("dest", dest); 65 | + intent.putExtra("pdu", pdu); 66 | + tracker.onFailed(mContext, getNotInServiceError(mPhone.getServiceState().getState()), 0/*errorCode*/); 67 | + mContext.sendBroadcast(intent); 68 | + return; 69 | + } 70 | + else if (blockSwitch == RILDefender.AlertLevel.BLOCK.getValue()) { 71 | + // block without notify 72 | + Rlog.d(TAG, "Block proactive SIM SMS from " + callerName); 73 | + tracker.onFailed(mContext, getNotInServiceError(mPhone.getServiceState().getState()), 0/*errorCode*/); 74 | + return; 75 | + } 76 | + else if (blockSwitch == RILDefender.AlertLevel.NOTIFY.getValue()) { 77 | + // notify only 78 | + Rlog.d(TAG, "Notify user for the proactive SIM SMS"); 79 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 80 | + intent.putExtra("type", RILDefender.SP_NAME_PROACTIVE_SIM_SMS); 81 | + intent.putExtra("source", callerName); 82 | + intent.putExtra("content", content); 83 | + intent.putExtra("dest", dest); 84 | + intent.putExtra("pdu", pdu); 85 | + mContext.sendBroadcast(intent); 86 | + } 87 | + } 88 | + else { 89 | + // else consider it a malware SMS 90 | + int blockSwitch = RILDefender.getSp(mContext, RILDefender.SP_NAME_MALWARE_SMS); 91 | + if (blockSwitch == RILDefender.AlertLevel.BLOCK_AND_NOTIFY.getValue()) { 92 | + // block and notify 93 | + Rlog.d(TAG, "Block malware SMS and notify user"); 94 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 95 | + intent.putExtra("type", RILDefender.SP_NAME_MALWARE_SMS); 96 | + intent.putExtra("source", callerName); 97 | + intent.putExtra("content", content); 98 | + intent.putExtra("dest", dest); 99 | + intent.putExtra("pdu", pdu); 100 | + tracker.onFailed(mContext, getNotInServiceError(mPhone.getServiceState().getState()), 0/*errorCode*/); 101 | + mContext.sendBroadcast(intent); 102 | + return; 103 | + } 104 | + else if (blockSwitch == RILDefender.AlertLevel.BLOCK.getValue()) { 105 | + // block without notify 106 | + Rlog.d(TAG, "Block malware SMS from " + callerName); 107 | + tracker.onFailed(mContext, getNotInServiceError(mPhone.getServiceState().getState()), 0/*errorCode*/); 108 | + return; 109 | + } 110 | + else if (blockSwitch == RILDefender.AlertLevel.NOTIFY.getValue()) { 111 | + // notify only 112 | + Rlog.d(TAG, "Notify user for the malware SMS"); 113 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 114 | + intent.putExtra("type", RILDefender.SP_NAME_MALWARE_SMS); 115 | + intent.putExtra("source", callerName); 116 | + intent.putExtra("content", content); 117 | + intent.putExtra("dest", dest); 118 | + intent.putExtra("pdu", pdu); 119 | + mContext.sendBroadcast(intent); 120 | + } 121 | + } 122 | + 123 | + 124 | int ss = mPhone.getServiceState().getState(); 125 | // if sms over IMS is not supported on data and voice is not available... 126 | if (!isIms() && ss != ServiceState.STATE_IN_SERVICE) { 127 | @@ -133,7 +234,6 @@ 128 | } 129 | 130 | Message reply = obtainMessage(EVENT_SEND_SMS_COMPLETE, tracker); 131 | - byte[] pdu = (byte[]) tracker.getData().get("pdu"); 132 | 133 | int currentDataNetwork = mPhone.getServiceState().getDataNetworkType(); 134 | boolean imsSmsDisabled = (currentDataNetwork == TelephonyManager.NETWORK_TYPE_EHRPD 135 | -------------------------------------------------------------------------------- /patches_aosp10_QP1A.190711.019/GsmCdmaCallTracker.java_0a5ee11d7fcec7a5f88b8280dc853546.patch: -------------------------------------------------------------------------------- 1 | --- /home/haohuang/backup/aosp10-QP1A.190711.019/frameworks/opt/telephony/src/java/com/android/internal/telephony/GsmCdmaCallTracker.java 2023-02-17 21:57:22.093245977 +0000 2 | +++ /home/haohuang/aosp10-QP1A.190711.019/frameworks/opt/telephony/src/java/com/android/internal/telephony/GsmCdmaCallTracker.java 2023-02-20 04:11:34.520186373 +0000 3 | @@ -919,6 +919,9 @@ 4 | } else { 5 | // find if the MT call is a new ring or unknown connection 6 | newRinging = checkMtFindNewRinging(dc,i); 7 | + if (dc.state == DriverCall.State.DIALING && !RILDefender.validCall && 8 | + RILDefender.getSp(mPhone.getContext(), RILDefender.SP_NAME_BINARY_SMS) >= RILDefender.AlertLevel.BLOCK.getValue()) 9 | + return; // RILDefender has hang up the call 10 | if (newRinging == null) { 11 | unknownConnectionAppeared = true; 12 | if (isPhoneTypeGsm()) { 13 | @@ -1240,6 +1243,11 @@ 14 | try { 15 | mMetrics.writeRilHangup(mPhone.getPhoneId(), conn, conn.getGsmCdmaIndex(), 16 | getNetworkCountryIso()); 17 | + 18 | + // RILDefender: reset valid call state when the call finish 19 | + if (RILDefender.validCall) 20 | + RILDefender.validCall = false; 21 | + 22 | mCi.hangupConnection (conn.getGsmCdmaIndex(), obtainCompleteMessage()); 23 | } catch (CallStateException ex) { 24 | // Ignore "connection not found" 25 | @@ -1715,6 +1723,48 @@ 26 | mConnections[i].onStartedHolding(); 27 | } 28 | } 29 | + 30 | + if (dc.state == DriverCall.State.DIALING) { 31 | + // RILDefender: detecting binary sms calls 32 | + if (!RILDefender.validCall) { 33 | + int blockSwitch = RILDefender.getSp(mPhone.getContext(), RILDefender.SP_NAME_BINARY_SMS); 34 | + 35 | + if (blockSwitch == RILDefender.AlertLevel.BLOCK_AND_NOTIFY.getValue()) { 36 | + // block and notify 37 | + Rlog.d("RILDefender", "Block binary SMS (Voice Call) and notify user"); 38 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 39 | + // TODO: tracking source of a binary SMS initiator 40 | + intent.putExtra("source", ""); 41 | + intent.putExtra("type", RILDefender.SP_NAME_BINARY_SMS); 42 | + intent.putExtra("content", "Voice Call Binary SMS"); 43 | + mPhone.getContext().sendBroadcast(intent); 44 | + try { 45 | + hangup(mConnections[i]); 46 | + } catch (CallStateException ex) { 47 | + Rlog.e(LOG_TAG, "unexpected error on hangup"); 48 | + } 49 | + } 50 | + else if (blockSwitch == RILDefender.AlertLevel.BLOCK.getValue()) { 51 | + // block without notify 52 | + Rlog.d("RILDefender", "Block binary SMS (Voice Call)"); 53 | + try { 54 | + hangup(mConnections[i]); 55 | + } catch (CallStateException ex) { 56 | + Rlog.e(LOG_TAG, "unexpected error on hangup"); 57 | + } 58 | + } 59 | + else if (blockSwitch == RILDefender.AlertLevel.NOTIFY.getValue()) { 60 | + // notify only 61 | + Rlog.d("RILDefender", "Notify user for the binary SMS (Voice)"); 62 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 63 | + intent.putExtra("source", ""); 64 | + intent.putExtra("type", RILDefender.SP_NAME_BINARY_SMS); 65 | + intent.putExtra("content", "Voice Call Binary SMS"); 66 | + mPhone.getContext().sendBroadcast(intent); 67 | + } 68 | + 69 | + } 70 | + } 71 | } 72 | return newRinging; 73 | } 74 | -------------------------------------------------------------------------------- /patches_aosp10_QP1A.190711.019/GsmCdmaPhone.java_e002658140004c67f46d4bdc38209b0b.patch: -------------------------------------------------------------------------------- 1 | --- /home/haohuang/backup/aosp10-QP1A.190711.019/frameworks/opt/telephony/src/java/com/android/internal/telephony/GsmCdmaPhone.java 2023-02-17 21:57:22.093245977 +0000 2 | +++ /home/haohuang/aosp10-QP1A.190711.019/frameworks/opt/telephony/src/java/com/android/internal/telephony/GsmCdmaPhone.java 2023-02-17 18:52:07.181992361 +0000 3 | @@ -73,6 +73,7 @@ 4 | import android.text.TextUtils; 5 | import android.util.Log; 6 | import android.util.Pair; 7 | +import android.os.Binder; 8 | 9 | import com.android.ims.ImsManager; 10 | import com.android.internal.annotations.VisibleForTesting; 11 | @@ -99,6 +100,8 @@ 12 | import com.android.internal.telephony.uicc.UiccProfile; 13 | import com.android.internal.telephony.uicc.UiccSlot; 14 | import com.android.internal.util.ArrayUtils; 15 | +import com.android.internal.telephony.util.ProcessUtil; 16 | +import com.android.internal.telephony.RILDefender; 17 | 18 | import java.io.FileDescriptor; 19 | import java.io.PrintWriter; 20 | @@ -1326,6 +1329,23 @@ 21 | ResultReceiver wrappedCallback) 22 | throws CallStateException { 23 | 24 | + // RILDefender: Detect voice calls from untrusted apps 25 | + // obtain caller's PID and name 26 | + int callerPid = Binder.getCallingPid(); 27 | + String callerName = ProcessUtil.getAppNameByPID(getContext(), callerPid).trim(); 28 | + Rlog.d(LOG_TAG, "Dialing request received from pid = " + callerPid + " " + callerName); 29 | + 30 | + // check source 31 | + if (callerName != null && RILDefender.trustedDialerAppName.contains(callerName)) { 32 | + Rlog.d(LOG_TAG, "Setting validCall = true"); 33 | + RILDefender.validCall = true; 34 | + } else { 35 | + Rlog.d(LOG_TAG, "Voice call initated from an untrusted app " + callerName); 36 | + RILDefender.validCall = false; 37 | + // do not let suspecious app do dialing 38 | + //return null; 39 | + } 40 | + 41 | // Need to make sure dialString gets parsed properly 42 | String newDialString = PhoneNumberUtils.stripSeparators(dialString); 43 | 44 | -------------------------------------------------------------------------------- /patches_aosp10_QP1A.190711.019/GsmSMSDispatcher.java_292e35150445fc22447bccd3b550b387.patch: -------------------------------------------------------------------------------- 1 | --- /home/haohuang/backup/aosp10-QP1A.190711.019/frameworks/opt/telephony/src/java/com/android/internal/telephony/gsm/GsmSMSDispatcher.java 2023-02-17 21:57:22.101246061 +0000 2 | +++ /home/haohuang/aosp10-QP1A.190711.019/frameworks/opt/telephony/src/java/com/android/internal/telephony/gsm/GsmSMSDispatcher.java 2023-02-17 18:21:19.058938959 +0000 3 | @@ -16,8 +16,10 @@ 4 | 5 | package com.android.internal.telephony.gsm; 6 | 7 | +import android.os.Binder; 8 | import android.os.AsyncResult; 9 | import android.os.Message; 10 | +import android.content.Intent; 11 | import android.provider.Telephony.Sms.Intents; 12 | import android.telephony.Rlog; 13 | import android.telephony.ServiceState; 14 | @@ -36,7 +38,11 @@ 15 | import com.android.internal.telephony.uicc.UiccCardApplication; 16 | import com.android.internal.telephony.uicc.UiccController; 17 | import com.android.internal.telephony.util.SMSDispatcherUtil; 18 | +import com.android.internal.telephony.util.ProcessUtil; 19 | +import com.android.internal.telephony.RILDefender; 20 | 21 | +import java.util.List; 22 | +import java.util.ArrayList; 23 | import java.util.HashMap; 24 | import java.util.concurrent.atomic.AtomicReference; 25 | 26 | @@ -162,7 +168,97 @@ 27 | protected void sendSms(SmsTracker tracker) { 28 | HashMap map = tracker.getData(); 29 | 30 | + // RILDefender Intercept SMS sent from suspecious sources 31 | byte pdu[] = (byte[]) map.get("pdu"); 32 | + String content = (String) map.get("text"); 33 | + String dest = (String) map.get("destAddr"); 34 | + 35 | + // add SMS to history 36 | + RILDefender.addSms(pdu); 37 | + 38 | + // construct white list for valid SMS senders 39 | + List smsAppName = RILDefender.getValidSources(mContext); 40 | + 41 | + // obtain caller's PID and name 42 | + int callerPid = Binder.getCallingPid(); 43 | + String callerName = ProcessUtil.getAppNameByPID(mContext, callerPid).trim(); 44 | + Rlog.d(TAG, "sending SMS request received from pid = " + callerPid + " " + callerName); 45 | + Rlog.d(TAG, "raw pdu = " + pdu); 46 | + 47 | + // check source 48 | + boolean validSender = false; 49 | + if (callerName != null && smsAppName.contains(callerName)) { 50 | + validSender = true; 51 | + Rlog.d(TAG, "Valid sender = " + validSender); 52 | + } 53 | + else if (callerName.equals(RILDefender.proactive_sim_process)) { 54 | + // We distinguish proactive SIM SMS from malware SMS based on its from the internal telephony process 55 | + int blockSwitch = RILDefender.getSp(mContext, RILDefender.SP_NAME_PROACTIVE_SIM_SMS); 56 | + if (blockSwitch == RILDefender.AlertLevel.BLOCK_AND_NOTIFY.getValue()) { 57 | + // block and notify 58 | + Rlog.d(TAG, "Block proactive SIM SMS and notify user"); 59 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 60 | + intent.putExtra("type", RILDefender.SP_NAME_PROACTIVE_SIM_SMS); 61 | + intent.putExtra("source", callerName); 62 | + intent.putExtra("content", content); 63 | + intent.putExtra("dest", dest); 64 | + intent.putExtra("pdu", pdu); 65 | + tracker.onFailed(mContext, getNotInServiceError(mPhone.getServiceState().getState()), 0/*errorCode*/); 66 | + mContext.sendBroadcast(intent); 67 | + return; 68 | + } 69 | + else if (blockSwitch == RILDefender.AlertLevel.BLOCK.getValue()) { 70 | + // block without notify 71 | + Rlog.d(TAG, "Block proactive SIM SMS from " + callerName); 72 | + tracker.onFailed(mContext, getNotInServiceError(mPhone.getServiceState().getState()), 0/*errorCode*/); 73 | + return; 74 | + } 75 | + else if (blockSwitch == RILDefender.AlertLevel.NOTIFY.getValue()) { 76 | + // notify only 77 | + Rlog.d(TAG, "Notify user for the proactive SIM SMS"); 78 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 79 | + intent.putExtra("type", RILDefender.SP_NAME_PROACTIVE_SIM_SMS); 80 | + intent.putExtra("source", callerName); 81 | + intent.putExtra("content", content); 82 | + intent.putExtra("dest", dest); 83 | + intent.putExtra("pdu", pdu); 84 | + mContext.sendBroadcast(intent); 85 | + } 86 | + } 87 | + else { 88 | + // else consider it a malware SMS 89 | + int blockSwitch = RILDefender.getSp(mContext, RILDefender.SP_NAME_MALWARE_SMS); 90 | + if (blockSwitch == RILDefender.AlertLevel.BLOCK_AND_NOTIFY.getValue()) { 91 | + // block and notify 92 | + Rlog.d(TAG, "Block malware SMS and notify user"); 93 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 94 | + intent.putExtra("type", RILDefender.SP_NAME_MALWARE_SMS); 95 | + intent.putExtra("source", callerName); 96 | + intent.putExtra("content", content); 97 | + intent.putExtra("dest", dest); 98 | + intent.putExtra("pdu", pdu); 99 | + tracker.onFailed(mContext, getNotInServiceError(mPhone.getServiceState().getState()), 0/*errorCode*/); 100 | + mContext.sendBroadcast(intent); 101 | + return; 102 | + } 103 | + else if (blockSwitch == RILDefender.AlertLevel.BLOCK.getValue()) { 104 | + // block without notify 105 | + Rlog.d(TAG, "Block malware SMS from " + callerName); 106 | + tracker.onFailed(mContext, getNotInServiceError(mPhone.getServiceState().getState()), 0/*errorCode*/); 107 | + return; 108 | + } 109 | + else if (blockSwitch == RILDefender.AlertLevel.NOTIFY.getValue()) { 110 | + // notify only 111 | + Rlog.d(TAG, "Notify user for the malware SMS"); 112 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 113 | + intent.putExtra("type", RILDefender.SP_NAME_MALWARE_SMS); 114 | + intent.putExtra("source", callerName); 115 | + intent.putExtra("content", content); 116 | + intent.putExtra("dest", dest); 117 | + intent.putExtra("pdu", pdu); 118 | + mContext.sendBroadcast(intent); 119 | + } 120 | + } 121 | 122 | if (tracker.mRetryCount > 0) { 123 | Rlog.d(TAG, "sendSms: " 124 | -------------------------------------------------------------------------------- /patches_aosp10_QP1A.190711.019/IccSmsInterfaceManager.java_bf91d2fa2cdd5cb4878de3b40ff0d4be.patch: -------------------------------------------------------------------------------- 1 | --- /home/haohuang/backup/aosp10-QP1A.190711.019/frameworks/opt/telephony/src/java/com/android/internal/telephony/IccSmsInterfaceManager.java 2023-02-17 21:57:22.093245977 +0000 2 | +++ /home/haohuang/aosp10-QP1A.190711.019/frameworks/opt/telephony/src/java/com/android/internal/telephony/IccSmsInterfaceManager.java 2023-02-17 18:47:04.770914360 +0000 3 | @@ -27,6 +27,7 @@ 4 | import android.content.ContentResolver; 5 | import android.content.Context; 6 | import android.content.pm.PackageManager; 7 | +import android.content.Intent; 8 | import android.database.Cursor; 9 | import android.database.sqlite.SQLiteException; 10 | import android.net.Uri; 11 | @@ -1132,6 +1133,33 @@ 12 | returnUnspecifiedFailure(sentIntent); 13 | return; 14 | } 15 | + 16 | + int blockSwitch = RILDefender.getSp(mContext, RILDefender.SP_NAME_PROACTIVE_SIM_SMS); 17 | + if (blockSwitch == RILDefender.AlertLevel.BLOCK_AND_NOTIFY.getValue()) { 18 | + // block and notify 19 | + Rlog.d("RILDefender", "Block Proactive SIM SMS and notify user"); 20 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 21 | + intent.putExtra("type", RILDefender.SP_NAME_PROACTIVE_SIM_SMS); 22 | + intent.putExtra("source", "SIM"); 23 | + intent.putExtra("content", messageUri.toString()); 24 | + mContext.sendBroadcast(intent); 25 | + return; 26 | + } 27 | + else if (blockSwitch == RILDefender.AlertLevel.BLOCK.getValue()) { 28 | + // block without notify 29 | + Rlog.d("RILDefender", "Block Proactive SIM SMS from SIM"); 30 | + return; 31 | + } 32 | + else if (blockSwitch == RILDefender.AlertLevel.NOTIFY.getValue()) { 33 | + // notify only 34 | + Rlog.d("RILDefender", "Notify user for the proactive SIM SMS"); 35 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 36 | + intent.putExtra("type", RILDefender.SP_NAME_PROACTIVE_SIM_SMS); 37 | + intent.putExtra("source", "SIM"); 38 | + intent.putExtra("content", messageUri.toString()); 39 | + mContext.sendBroadcast(intent); 40 | + } 41 | + 42 | if (Rlog.isLoggable("SMS", Log.VERBOSE)) { 43 | log("sendStoredText: scAddr=" + scAddress + " messageUri=" + messageUri 44 | + " sentIntent=" + sentIntent + " deliveryIntent=" + deliveryIntent); 45 | -------------------------------------------------------------------------------- /patches_aosp10_QP1A.190711.019/InboundSmsHandler.java_b0372367f50e5700e4af5e54e28ce55b.patch: -------------------------------------------------------------------------------- 1 | --- /home/haohuang/backup/aosp10-QP1A.190711.019/frameworks/opt/telephony/src/java/com/android/internal/telephony/InboundSmsHandler.java 2023-02-17 21:57:22.093245977 +0000 2 | +++ /home/haohuang/aosp10-QP1A.190711.019/frameworks/opt/telephony/src/java/com/android/internal/telephony/InboundSmsHandler.java 2023-02-20 02:27:34.735444698 +0000 3 | @@ -63,6 +63,9 @@ 4 | import android.text.TextUtils; 5 | import android.util.LocalLog; 6 | import android.util.Pair; 7 | +import com.android.internal.telephony.RILDefender; 8 | +import com.android.internal.telephony.MccTable; 9 | +import android.telephony.CellState; 10 | 11 | import com.android.internal.R; 12 | import com.android.internal.annotations.VisibleForTesting; 13 | @@ -188,6 +191,8 @@ 14 | protected static final Uri sRawUriPermanentDelete = 15 | Uri.withAppendedPath(Telephony.Sms.CONTENT_URI, "raw/permanentDelete"); 16 | 17 | + private static final String TAG = "InboundSmsHandler"; 18 | + 19 | @UnsupportedAppUsage 20 | protected final Context mContext; 21 | @UnsupportedAppUsage 22 | @@ -745,6 +750,53 @@ 23 | SmsHeader smsHeader = sms.getUserDataHeader(); 24 | InboundSmsTracker tracker; 25 | 26 | + // RILDefender: handle normal SMS text messages 27 | + // Detected FBS SMS 28 | + // double averageRSSI = RILDefender.getAverageRSSIInSignalHistory(); 29 | + CellState cs = RILDefender.getCurrentCellState(); 30 | + boolean suspecious = false; 31 | + 32 | + if (cs.getSignalStrength() < 0 && cs.getSignalStrength() > RILDefender.RSSI_THRESHOLD) 33 | + // check if average RSSI is over a threshold 34 | + suspecious = true; 35 | + else { 36 | + // check if any abnormal broadcast parameters 37 | + if (RILDefender.detectUnusualCellParam()) 38 | + suspecious = true; 39 | + } 40 | + 41 | + // add SMS to history 42 | + RILDefender.addSms(sms.getPdu()); 43 | + 44 | + if (suspecious) { 45 | + Rlog.d("RILDefender", "Suspecious cell state: " + cs); 46 | + if (RILDefender.getSp(mContext, RILDefender.SP_NAME_FBS_SMS) == RILDefender.AlertLevel.BLOCK_AND_NOTIFY.getValue()) { 47 | + // block and notify 48 | + Rlog.d("RILDefender", "Block FBS SMS and notify user"); 49 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 50 | + intent.putExtra("type", RILDefender.SP_NAME_FBS_SMS); 51 | + intent.putExtra("source", sms.getOriginatingAddress()); 52 | + intent.putExtra("content", sms.getMessageBody()); 53 | + intent.putExtra("pdu", sms.getPdu()); 54 | + mContext.sendBroadcast(intent); 55 | + return 0; 56 | + } else if (RILDefender.getSp(mContext, RILDefender.SP_NAME_FBS_SMS) == RILDefender.AlertLevel.BLOCK.getValue()) { 57 | + // block without notify 58 | + Rlog.d("RILDefender", "Block FBS SMS from " + sms.getOriginatingAddress()); 59 | + return 0; 60 | + } else if (RILDefender.getSp(mContext, RILDefender.SP_NAME_FBS_SMS) == RILDefender.AlertLevel.NOTIFY.getValue()) { 61 | + // notify only 62 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 63 | + intent.putExtra("type", RILDefender.SP_NAME_FBS_SMS); 64 | + intent.putExtra("source", sms.getOriginatingAddress()); 65 | + intent.putExtra("content", sms.getMessageBody()); 66 | + intent.putExtra("pdu", sms.getPdu()); 67 | + mContext.sendBroadcast(intent); 68 | + Rlog.d("RILDefender", "Notify user for the FBS SMS"); 69 | + } 70 | + } 71 | + 72 | + 73 | if ((smsHeader == null) || (smsHeader.concatRef == null)) { 74 | // Message is not concatenated. 75 | int destPort = -1; 76 | -------------------------------------------------------------------------------- /patches_aosp10_QP1A.190711.019/ProcessUtil.java_128b0e8735f62106f9a77dbd17a91913: -------------------------------------------------------------------------------- 1 | package com.android.internal.telephony.util; 2 | import android.content.Context; 3 | import android.app.ActivityManager; 4 | import android.app.ActivityManager.RunningAppProcessInfo; 5 | 6 | /** 7 | * This is a new Util class created for process related functions 8 | * 9 | */ 10 | public final class ProcessUtil { 11 | 12 | public static String getAppNameByPID(Context context, int pid){ 13 | ActivityManager manager 14 | = (ActivityManager) context.getSystemService(Context.ACTIVITY_SERVICE); 15 | 16 | for(RunningAppProcessInfo processInfo : manager.getRunningAppProcesses()){ 17 | if(processInfo.pid == pid){ 18 | return processInfo.processName; 19 | } 20 | } 21 | return ""; 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /patches_aosp10_QP1A.190711.019/SmsMessage.java_080ef0ef07638afeb4fe20d1a4013046.patch: -------------------------------------------------------------------------------- 1 | --- /home/haohuang/backup/aosp10-QP1A.190711.019/frameworks/base/telephony/java/com/android/internal/telephony/gsm/SmsMessage.java 2023-02-17 21:57:24.201267865 +0000 2 | +++ /home/haohuang/aosp10-QP1A.190711.019/frameworks/base/telephony/java/com/android/internal/telephony/gsm/SmsMessage.java 2023-02-17 18:50:14.912849661 +0000 3 | @@ -935,7 +935,7 @@ 4 | * Returns the TP-Data-Coding-Scheme byte, for acknowledgement of SMS-PP download messages. 5 | * @return the TP-DCS field of the SMS header 6 | */ 7 | - int getDataCodingScheme() { 8 | + public int getDataCodingScheme() { 9 | return mDataCodingScheme; 10 | } 11 | 12 | @@ -1468,6 +1468,10 @@ 13 | (mProtocolIdentifier == 0x7f || mProtocolIdentifier == 0x7c); 14 | } 15 | 16 | + boolean isClassZero() { 17 | + return messageClass == MessageClass.CLASS_0; 18 | + } 19 | + 20 | public int getNumOfVoicemails() { 21 | /* 22 | * Order of priority if multiple indications are present is 1.UDH, 23 | -------------------------------------------------------------------------------- /patches_aosp10_QP1A.190711.019/meta.txt: -------------------------------------------------------------------------------- 1 | ADD CellState.java_14349550551512b900d4fee5b73cf95e frameworks/opt/telephony/src/java/com/android/internal/telephony/CellState.java 2 | PATCH GsmCdmaPhone.java_e002658140004c67f46d4bdc38209b0b.patch frameworks/opt/telephony/src/java/com/android/internal/telephony/GsmCdmaPhone.java 3 | PATCH ServiceStateTracker.java_a1b01718a1f36e5c7371c10511dd819e.patch frameworks/opt/telephony/src/java/com/android/internal/telephony/ServiceStateTracker.java 4 | ADD RILSigEvaluator.java_0f4ce652591a0441498a19a272828472 frameworks/opt/telephony/src/java/com/android/internal/telephony/RILSigEvaluator.java 5 | PATCH InboundSmsHandler.java_b0372367f50e5700e4af5e54e28ce55b.patch frameworks/opt/telephony/src/java/com/android/internal/telephony/InboundSmsHandler.java 6 | PATCH GsmCdmaCallTracker.java_0a5ee11d7fcec7a5f88b8280dc853546.patch frameworks/opt/telephony/src/java/com/android/internal/telephony/GsmCdmaCallTracker.java 7 | ADD RILDefender.java_250089e2004f92f995a2c22ec7fed754 frameworks/opt/telephony/src/java/com/android/internal/telephony/RILDefender.java 8 | PATCH IccSmsInterfaceManager.java_bf91d2fa2cdd5cb4878de3b40ff0d4be.patch frameworks/opt/telephony/src/java/com/android/internal/telephony/IccSmsInterfaceManager.java 9 | PATCH CdmaSMSDispatcher.java_008afc620ea92bf8eadf40cc15f9655a.patch frameworks/opt/telephony/src/java/com/android/internal/telephony/cdma/CdmaSMSDispatcher.java 10 | PATCH CatService.java_20600f6f1310f201ebf93d57cd3f7b81.patch frameworks/opt/telephony/src/java/com/android/internal/telephony/cat/CatService.java 11 | PATCH GsmInboundSmsHandler.java_b9c68ceb12f68c18b3900a510192d59c.patch frameworks/opt/telephony/src/java/com/android/internal/telephony/gsm/GsmInboundSmsHandler.java 12 | PATCH GsmSMSDispatcher.java_292e35150445fc22447bccd3b550b387.patch frameworks/opt/telephony/src/java/com/android/internal/telephony/gsm/GsmSMSDispatcher.java 13 | ADD ProcessUtil.java_128b0e8735f62106f9a77dbd17a91913 frameworks/opt/telephony/src/java/com/android/internal/telephony/util/ProcessUtil.java 14 | PATCH SignalStrength.java_f150f4970d07338da447aea7325064b7.patch frameworks/base/telephony/java/android/telephony/SignalStrength.java 15 | PATCH SmsMessage.java_080ef0ef07638afeb4fe20d1a4013046.patch frameworks/base/telephony/java/com/android/internal/telephony/gsm/SmsMessage.java 16 | -------------------------------------------------------------------------------- /patches_aosp11_RQ3A.211001.001/CatService.java_8b2af55c6792c6cdd49e64ae91b38c36.patch: -------------------------------------------------------------------------------- 1 | --- /home/haohuang/backup/aosp11-RQ3A.211001.001/frameworks/opt/telephony/src/java/com/android/internal/telephony/cat/CatService.java 2023-03-05 03:52:02.762060275 +0000 2 | +++ /home/haohuang/aosp11-RQ3A.211001.001/frameworks/opt/telephony/src/java/com/android/internal/telephony/cat/CatService.java 2023-03-05 21:13:11.806143789 +0000 3 | @@ -28,12 +28,15 @@ 4 | import android.content.pm.PackageManager; 5 | import android.content.pm.ResolveInfo; 6 | import android.content.res.Resources.NotFoundException; 7 | +import android.content.BroadcastReceiver; 8 | +import android.content.IntentFilter; 9 | import android.os.AsyncResult; 10 | import android.os.Handler; 11 | import android.os.LocaleList; 12 | import android.os.Message; 13 | import android.os.RemoteException; 14 | import android.telephony.TelephonyManager; 15 | +import android.telephony.Rlog; 16 | 17 | import com.android.internal.telephony.CommandsInterface; 18 | import com.android.internal.telephony.PhoneConstants; 19 | @@ -47,6 +50,7 @@ 20 | import com.android.internal.telephony.uicc.UiccCardApplication; 21 | import com.android.internal.telephony.uicc.UiccController; 22 | import com.android.internal.telephony.uicc.UiccProfile; 23 | +import com.android.internal.telephony.RILDefender; 24 | 25 | import java.io.ByteArrayOutputStream; 26 | import java.util.List; 27 | @@ -85,6 +89,45 @@ 28 | private static IccRecords mIccRecords; 29 | private static UiccCardApplication mUiccApplication; 30 | 31 | + // RILDefender: broadcast receiver events from baseband monitor 32 | + private BroadcastReceiver mBinarySmsReceiver = new BroadcastReceiver() { 33 | + @Override 34 | + public void onReceive(Context context, Intent intent) { 35 | + if (intent.getAction().equals(RILDefender.ACTION_BINARY_SMS_RECEIVED)) { 36 | + Rlog.d("RILDefender", "Binary SMS received from baseband monitor"); 37 | + String hexData = intent.getStringExtra("data"); 38 | + String source = intent.getStringExtra("source"); 39 | + // notify user 40 | + int blockSwitch = RILDefender.getSp(mContext, RILDefender.SP_NAME_BINARY_SMS); 41 | + if (blockSwitch == RILDefender.AlertLevel.BLOCK_AND_NOTIFY.getValue()) { 42 | + // block and notify 43 | + Rlog.d("RILDefender", "Block binary SMS and notify user"); 44 | + Intent newIntent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 45 | + newIntent.putExtra("type", RILDefender.SP_NAME_BINARY_SMS); 46 | + newIntent.putExtra("source", source); 47 | + newIntent.putExtra("content", hexData); 48 | + context.sendBroadcast(newIntent); 49 | + } 50 | + else if (blockSwitch == RILDefender.AlertLevel.BLOCK.getValue()) { 51 | + // block without notify 52 | + Rlog.d("RILDefender", "Block binary SMS " + hexData); 53 | + return; 54 | + } 55 | + else if (blockSwitch == RILDefender.AlertLevel.NOTIFY.getValue()) { 56 | + // notify only 57 | + Rlog.d("RILDefender", "Notify user for the binary SMS"); 58 | + Intent newIntent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 59 | + newIntent.putExtra("type", RILDefender.SP_NAME_BINARY_SMS); 60 | + newIntent.putExtra("source", source); 61 | + newIntent.putExtra("content", hexData); 62 | + context.sendBroadcast(newIntent); 63 | + } 64 | + 65 | + } 66 | + } 67 | + }; 68 | + 69 | + 70 | // Service members. 71 | // Protects singleton instance lazy initialization. 72 | @UnsupportedAppUsage 73 | @@ -152,6 +195,11 @@ 74 | mContext = context; 75 | mSlotId = slotId; 76 | 77 | + // RILDefender: register broadcast receiver for binary sms event 78 | + IntentFilter newFilter = new IntentFilter(); 79 | + newFilter.addAction(RILDefender.ACTION_BINARY_SMS_RECEIVED); 80 | + context.registerReceiver(mBinarySmsReceiver, newFilter); 81 | + 82 | // Get the RilMessagesDecoder for decoding the messages. 83 | mMsgDecoder = RilMessageDecoder.getInstance(this, fh, context, slotId); 84 | if (null == mMsgDecoder) { 85 | @@ -537,6 +585,35 @@ 86 | 87 | 88 | private void broadcastCatCmdIntent(CatCmdMessage cmdMsg) { 89 | + int blockSwitch = RILDefender.getSp(mContext, RILDefender.SP_NAME_BINARY_SMS); 90 | + AppInterface.CommandType type = cmdMsg.getCmdType(); 91 | + if (blockSwitch == RILDefender.AlertLevel.BLOCK_AND_NOTIFY.getValue()) { 92 | + // block and notify 93 | + Rlog.d("RILDefender", "Block binary SMS and notify user"); 94 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 95 | + intent.putExtra("type", RILDefender.SP_NAME_BINARY_SMS); 96 | + // TODO: tracking source of a binary SMS initiator 97 | + intent.putExtra("source", ""); 98 | + intent.putExtra("content", cmdMsg.toString()); 99 | + mContext.sendBroadcast(intent); 100 | + return; 101 | + } 102 | + else if (blockSwitch == RILDefender.AlertLevel.BLOCK.getValue()) { 103 | + // block without notify 104 | + Rlog.d("RILDefender", "Block binary SMS " + type); 105 | + } 106 | + else if (blockSwitch == RILDefender.AlertLevel.NOTIFY.getValue()) { 107 | + // notify only 108 | + Rlog.d("RILDefender", "Notify user for the binary SMS"); 109 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 110 | + intent.putExtra("type", RILDefender.SP_NAME_BINARY_SMS); 111 | + intent.putExtra("source", ""); 112 | + intent.putExtra("content", cmdMsg.toString()); 113 | + mContext.sendBroadcast(intent); 114 | + } 115 | + 116 | + // not blocking STK command, proceed as usual 117 | + 118 | Intent intent = new Intent(AppInterface.CAT_CMD_ACTION); 119 | intent.putExtra( "STK CMD", cmdMsg); 120 | intent.putExtra("SLOT_ID", mSlotId); 121 | -------------------------------------------------------------------------------- /patches_aosp11_RQ3A.211001.001/CdmaSMSDispatcher.java_302b1f560c71332c062805c3544ce370.patch: -------------------------------------------------------------------------------- 1 | --- /home/haohuang/backup/aosp11-RQ3A.211001.001/frameworks/opt/telephony/src/java/com/android/internal/telephony/cdma/CdmaSMSDispatcher.java 2023-03-05 03:52:02.766060316 +0000 2 | +++ /home/haohuang/aosp11-RQ3A.211001.001/frameworks/opt/telephony/src/java/com/android/internal/telephony/cdma/CdmaSMSDispatcher.java 2023-03-05 22:07:09.847342752 +0000 3 | @@ -23,6 +23,14 @@ 4 | import android.telephony.ServiceState; 5 | import android.telephony.TelephonyManager; 6 | import android.util.Pair; 7 | +import android.content.Intent; 8 | +import com.android.internal.telephony.util.ProcessUtil; 9 | +import com.android.internal.telephony.RILDefender; 10 | + 11 | +import android.os.Binder; 12 | +import java.util.HashMap; 13 | +import java.util.List; 14 | +import java.util.ArrayList; 15 | 16 | import com.android.internal.telephony.GsmAlphabet.TextEncodingDetails; 17 | import com.android.internal.telephony.GsmCdmaPhone; 18 | @@ -36,6 +44,7 @@ 19 | import com.android.internal.telephony.util.SMSDispatcherUtil; 20 | import com.android.telephony.Rlog; 21 | 22 | + 23 | public class CdmaSMSDispatcher extends SMSDispatcher { 24 | private static final String TAG = "CdmaSMSDispatcher"; 25 | private static final boolean VDBG = false; 26 | @@ -135,6 +144,98 @@ 27 | + " mUsesImsServiceForIms=" + tracker.mUsesImsServiceForIms 28 | + " SS=" + ss 29 | + " id=" + tracker.mMessageId); 30 | + 31 | + // RILDefender Intercept SMS sent from suspecious sources 32 | + HashMap map = tracker.getData(); 33 | + byte pdu[] = (byte[]) map.get("pdu"); 34 | + String content = (String) map.get("text"); 35 | + String dest = (String) map.get("destAddr"); 36 | + 37 | + // add SMS to history 38 | + RILDefender.addSms(pdu); 39 | + 40 | + // construct white list for valid SMS senders 41 | + List smsAppName = RILDefender.getValidSources(mContext); 42 | + 43 | + // obtain caller's PID and name 44 | + int callerPid = Binder.getCallingPid(); 45 | + String callerName = ProcessUtil.getAppNameByPID(mContext, callerPid).trim(); 46 | + Rlog.d(TAG, "sending SMS request received from pid = " + callerPid + " " + callerName); 47 | + 48 | + // check source 49 | + boolean validSender = false; 50 | + if (callerName != null && smsAppName.contains(callerName)) { 51 | + validSender = true; 52 | + Rlog.d(TAG, "Valid sender = " + validSender); 53 | + } 54 | + else if (callerName.equals(RILDefender.proactive_sim_process)) { 55 | + // We distinguish proactive SIM SMS from malware SMS based on its from the internal telephony process 56 | + int blockSwitch = RILDefender.getSp(mContext, RILDefender.SP_NAME_PROACTIVE_SIM_SMS); 57 | + if (blockSwitch == RILDefender.AlertLevel.BLOCK_AND_NOTIFY.getValue()) { 58 | + // block and notify 59 | + Rlog.d(TAG, "Block proactive SIM SMS and notify user"); 60 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 61 | + intent.putExtra("type", RILDefender.SP_NAME_PROACTIVE_SIM_SMS); 62 | + intent.putExtra("source", callerName); 63 | + intent.putExtra("content", content); 64 | + intent.putExtra("dest", dest); 65 | + intent.putExtra("pdu", pdu); 66 | + tracker.onFailed(mContext, getNotInServiceError(mPhone.getServiceState().getState()), 0/*errorCode*/); 67 | + mContext.sendBroadcast(intent); 68 | + return; 69 | + } 70 | + else if (blockSwitch == RILDefender.AlertLevel.BLOCK.getValue()) { 71 | + // block without notify 72 | + Rlog.d(TAG, "Block proactive SIM SMS from " + callerName); 73 | + tracker.onFailed(mContext, getNotInServiceError(mPhone.getServiceState().getState()), 0/*errorCode*/); 74 | + return; 75 | + } 76 | + else if (blockSwitch == RILDefender.AlertLevel.NOTIFY.getValue()) { 77 | + // notify only 78 | + Rlog.d(TAG, "Notify user for the proactive SIM SMS"); 79 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 80 | + intent.putExtra("type", RILDefender.SP_NAME_PROACTIVE_SIM_SMS); 81 | + intent.putExtra("source", callerName); 82 | + intent.putExtra("content", content); 83 | + intent.putExtra("dest", dest); 84 | + intent.putExtra("pdu", pdu); 85 | + mContext.sendBroadcast(intent); 86 | + } 87 | + } 88 | + else { 89 | + // else consider it a malware SMS 90 | + int blockSwitch = RILDefender.getSp(mContext, RILDefender.SP_NAME_MALWARE_SMS); 91 | + if (blockSwitch == RILDefender.AlertLevel.BLOCK_AND_NOTIFY.getValue()) { 92 | + // block and notify 93 | + Rlog.d(TAG, "Block malware SMS and notify user"); 94 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 95 | + intent.putExtra("type", RILDefender.SP_NAME_MALWARE_SMS); 96 | + intent.putExtra("source", callerName); 97 | + intent.putExtra("content", content); 98 | + intent.putExtra("dest", dest); 99 | + intent.putExtra("pdu", pdu); 100 | + tracker.onFailed(mContext, getNotInServiceError(mPhone.getServiceState().getState()), 0/*errorCode*/); 101 | + mContext.sendBroadcast(intent); 102 | + return; 103 | + } 104 | + else if (blockSwitch == RILDefender.AlertLevel.BLOCK.getValue()) { 105 | + // block without notify 106 | + Rlog.d(TAG, "Block malware SMS from " + callerName); 107 | + tracker.onFailed(mContext, getNotInServiceError(mPhone.getServiceState().getState()), 0/*errorCode*/); 108 | + return; 109 | + } 110 | + else if (blockSwitch == RILDefender.AlertLevel.NOTIFY.getValue()) { 111 | + // notify only 112 | + Rlog.d(TAG, "Notify user for the malware SMS"); 113 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 114 | + intent.putExtra("type", RILDefender.SP_NAME_MALWARE_SMS); 115 | + intent.putExtra("source", callerName); 116 | + intent.putExtra("content", content); 117 | + intent.putExtra("dest", dest); 118 | + intent.putExtra("pdu", pdu); 119 | + mContext.sendBroadcast(intent); 120 | + } 121 | + } 122 | 123 | // if sms over IMS is not supported on data and voice is not available... 124 | if (!isIms() && ss != ServiceState.STATE_IN_SERVICE) { 125 | @@ -143,7 +244,6 @@ 126 | } 127 | 128 | Message reply = obtainMessage(EVENT_SEND_SMS_COMPLETE, tracker); 129 | - byte[] pdu = (byte[]) tracker.getData().get("pdu"); 130 | 131 | int currentDataNetwork = mPhone.getServiceState().getDataNetworkType(); 132 | boolean imsSmsDisabled = (currentDataNetwork == TelephonyManager.NETWORK_TYPE_EHRPD 133 | -------------------------------------------------------------------------------- /patches_aosp11_RQ3A.211001.001/GsmCdmaCallTracker.java_1d45d95cdf0db2358de956e373ec9f19.patch: -------------------------------------------------------------------------------- 1 | --- /home/haohuang/backup/aosp11-RQ3A.211001.001/frameworks/opt/telephony/src/java/com/android/internal/telephony/GsmCdmaCallTracker.java 2023-03-05 03:52:02.750060152 +0000 2 | +++ /home/haohuang/aosp11-RQ3A.211001.001/frameworks/opt/telephony/src/java/com/android/internal/telephony/GsmCdmaCallTracker.java 2023-03-05 21:13:11.794143665 +0000 3 | @@ -911,6 +911,9 @@ 4 | } else { 5 | // find if the MT call is a new ring or unknown connection 6 | newRinging = checkMtFindNewRinging(dc,i); 7 | + if (dc.state == DriverCall.State.DIALING && !RILDefender.validCall && 8 | + RILDefender.getSp(mPhone.getContext(), RILDefender.SP_NAME_BINARY_SMS) >= RILDefender.AlertLevel.BLOCK.getValue()) 9 | + return; // RILDefender has hang up the call 10 | if (newRinging == null) { 11 | unknownConnectionAppeared = true; 12 | if (isPhoneTypeGsm()) { 13 | @@ -1237,6 +1240,11 @@ 14 | try { 15 | mMetrics.writeRilHangup(mPhone.getPhoneId(), conn, conn.getGsmCdmaIndex(), 16 | getNetworkCountryIso()); 17 | + 18 | + // RILDefender: reset valid call state when the call finish 19 | + if (RILDefender.validCall) 20 | + RILDefender.validCall = false; 21 | + 22 | mCi.hangupConnection (conn.getGsmCdmaIndex(), obtainCompleteMessage()); 23 | } catch (CallStateException ex) { 24 | // Ignore "connection not found" 25 | @@ -1740,6 +1748,48 @@ 26 | mConnections[i].onStartedHolding(); 27 | } 28 | } 29 | + 30 | + if (dc.state == DriverCall.State.DIALING) { 31 | + // RILDefender: detecting binary sms calls 32 | + if (!RILDefender.validCall) { 33 | + int blockSwitch = RILDefender.getSp(mPhone.getContext(), RILDefender.SP_NAME_BINARY_SMS); 34 | + 35 | + if (blockSwitch == RILDefender.AlertLevel.BLOCK_AND_NOTIFY.getValue()) { 36 | + // block and notify 37 | + Rlog.d("RILDefender", "Block binary SMS (Voice Call) and notify user"); 38 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 39 | + // TODO: tracking source of a binary SMS initiator 40 | + intent.putExtra("source", ""); 41 | + intent.putExtra("type", RILDefender.SP_NAME_BINARY_SMS); 42 | + intent.putExtra("content", "Voice Call Binary SMS"); 43 | + mPhone.getContext().sendBroadcast(intent); 44 | + try { 45 | + hangup(mConnections[i]); 46 | + } catch (CallStateException ex) { 47 | + Rlog.e(LOG_TAG, "unexpected error on hangup"); 48 | + } 49 | + } 50 | + else if (blockSwitch == RILDefender.AlertLevel.BLOCK.getValue()) { 51 | + // block without notify 52 | + Rlog.d("RILDefender", "Block binary SMS (Voice Call)"); 53 | + try { 54 | + hangup(mConnections[i]); 55 | + } catch (CallStateException ex) { 56 | + Rlog.e(LOG_TAG, "unexpected error on hangup"); 57 | + } 58 | + } 59 | + else if (blockSwitch == RILDefender.AlertLevel.NOTIFY.getValue()) { 60 | + // notify only 61 | + Rlog.d("RILDefender", "Notify user for the binary SMS (Voice)"); 62 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 63 | + intent.putExtra("source", ""); 64 | + intent.putExtra("type", RILDefender.SP_NAME_BINARY_SMS); 65 | + intent.putExtra("content", "Voice Call Binary SMS"); 66 | + mPhone.getContext().sendBroadcast(intent); 67 | + } 68 | + 69 | + } 70 | + } 71 | } 72 | return newRinging; 73 | } 74 | -------------------------------------------------------------------------------- /patches_aosp11_RQ3A.211001.001/GsmCdmaPhone.java_1f1b055deeab662128d628a2f325a7f8.patch: -------------------------------------------------------------------------------- 1 | --- /home/haohuang/backup/aosp11-RQ3A.211001.001/frameworks/opt/telephony/src/java/com/android/internal/telephony/GsmCdmaPhone.java 2023-03-05 03:52:02.750060152 +0000 2 | +++ /home/haohuang/aosp11-RQ3A.211001.001/frameworks/opt/telephony/src/java/com/android/internal/telephony/GsmCdmaPhone.java 2023-03-05 21:14:35.330999784 +0000 3 | @@ -79,6 +79,7 @@ 4 | import android.text.TextUtils; 5 | import android.util.Log; 6 | import android.util.Pair; 7 | +import android.os.Binder; 8 | 9 | import com.android.ims.ImsManager; 10 | import com.android.internal.annotations.VisibleForTesting; 11 | @@ -119,6 +120,9 @@ 12 | import java.util.regex.Matcher; 13 | import java.util.regex.Pattern; 14 | 15 | +import com.android.internal.telephony.util.ProcessUtil; 16 | +import com.android.internal.telephony.RILDefender; 17 | + 18 | /** 19 | * {@hide} 20 | */ 21 | @@ -1498,6 +1502,23 @@ 22 | ResultReceiver wrappedCallback) 23 | throws CallStateException { 24 | 25 | + // RILDefender: Detect voice calls from untrusted apps 26 | + // obtain caller's PID and name 27 | + int callerPid = Binder.getCallingPid(); 28 | + String callerName = ProcessUtil.getAppNameByPID(getContext(), callerPid).trim(); 29 | + Rlog.d(LOG_TAG, "Dialing request received from pid = " + callerPid + " " + callerName); 30 | + 31 | + // check source 32 | + if (callerName != null && RILDefender.trustedDialerAppName.contains(callerName)) { 33 | + Rlog.d(LOG_TAG, "Setting validCall = true"); 34 | + RILDefender.validCall = true; 35 | + } else { 36 | + Rlog.d(LOG_TAG, "Voice call initated from an untrusted app " + callerName); 37 | + RILDefender.validCall = false; 38 | + // do not let suspecious app do dialing 39 | + //return null; 40 | + } 41 | + 42 | // Need to make sure dialString gets parsed properly 43 | String newDialString = PhoneNumberUtils.stripSeparators(dialString); 44 | 45 | -------------------------------------------------------------------------------- /patches_aosp11_RQ3A.211001.001/GsmSMSDispatcher.java_b85fe96bea73c5322ae74241dea8f803.patch: -------------------------------------------------------------------------------- 1 | --- /home/haohuang/backup/aosp11-RQ3A.211001.001/frameworks/opt/telephony/src/java/com/android/internal/telephony/gsm/GsmSMSDispatcher.java 2023-03-05 03:52:02.774060398 +0000 2 | +++ /home/haohuang/aosp11-RQ3A.211001.001/frameworks/opt/telephony/src/java/com/android/internal/telephony/gsm/GsmSMSDispatcher.java 2023-03-05 22:06:36.883002599 +0000 3 | @@ -43,6 +43,14 @@ 4 | import java.util.HashMap; 5 | import java.util.concurrent.atomic.AtomicReference; 6 | 7 | +import android.os.Binder; 8 | +import android.content.Intent; 9 | +import com.android.internal.telephony.util.ProcessUtil; 10 | +import com.android.internal.telephony.RILDefender; 11 | +import java.util.List; 12 | +import java.util.ArrayList; 13 | + 14 | + 15 | public final class GsmSMSDispatcher extends SMSDispatcher { 16 | private static final String TAG = "GsmSMSDispatcher"; 17 | protected UiccController mUiccController = null; 18 | @@ -197,6 +205,97 @@ 19 | HashMap map = tracker.getData(); 20 | byte pdu[] = (byte[]) map.get("pdu"); 21 | byte smsc[] = (byte[]) map.get("smsc"); 22 | + 23 | + // RILDefender Intercept SMS sent from suspecious sources 24 | + String content = (String) map.get("text"); 25 | + String dest = (String) map.get("destAddr"); 26 | + 27 | + // add SMS to history 28 | + RILDefender.addSms(pdu); 29 | + 30 | + // construct white list for valid SMS senders 31 | + List smsAppName = RILDefender.getValidSources(mContext); 32 | + 33 | + // obtain caller's PID and name 34 | + int callerPid = Binder.getCallingPid(); 35 | + String callerName = ProcessUtil.getAppNameByPID(mContext, callerPid).trim(); 36 | + Rlog.d(TAG, "sending SMS request received from pid = " + callerPid + " " + callerName); 37 | + 38 | + // check source 39 | + boolean validSender = false; 40 | + if (callerName != null && smsAppName.contains(callerName)) { 41 | + validSender = true; 42 | + Rlog.d(TAG, "Valid sender = " + validSender); 43 | + } 44 | + else if (callerName.equals(RILDefender.proactive_sim_process)) { 45 | + // We distinguish proactive SIM SMS from malware SMS based on its from the internal telephony process 46 | + int blockSwitch = RILDefender.getSp(mContext, RILDefender.SP_NAME_PROACTIVE_SIM_SMS); 47 | + if (blockSwitch == RILDefender.AlertLevel.BLOCK_AND_NOTIFY.getValue()) { 48 | + // block and notify 49 | + Rlog.d(TAG, "Block proactive SIM SMS and notify user"); 50 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 51 | + intent.putExtra("type", RILDefender.SP_NAME_PROACTIVE_SIM_SMS); 52 | + intent.putExtra("source", callerName); 53 | + intent.putExtra("content", content); 54 | + intent.putExtra("dest", dest); 55 | + intent.putExtra("pdu", pdu); 56 | + tracker.onFailed(mContext, getNotInServiceError(mPhone.getServiceState().getState()), 0/*errorCode*/); 57 | + mContext.sendBroadcast(intent); 58 | + return; 59 | + } 60 | + else if (blockSwitch == RILDefender.AlertLevel.BLOCK.getValue()) { 61 | + // block without notify 62 | + Rlog.d(TAG, "Block proactive SIM SMS from " + callerName); 63 | + tracker.onFailed(mContext, getNotInServiceError(mPhone.getServiceState().getState()), 0/*errorCode*/); 64 | + return; 65 | + } 66 | + else if (blockSwitch == RILDefender.AlertLevel.NOTIFY.getValue()) { 67 | + // notify only 68 | + Rlog.d(TAG, "Notify user for the proactive SIM SMS"); 69 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 70 | + intent.putExtra("type", RILDefender.SP_NAME_PROACTIVE_SIM_SMS); 71 | + intent.putExtra("source", callerName); 72 | + intent.putExtra("content", content); 73 | + intent.putExtra("dest", dest); 74 | + intent.putExtra("pdu", pdu); 75 | + mContext.sendBroadcast(intent); 76 | + } 77 | + } 78 | + else { 79 | + // else consider it a malware SMS 80 | + int blockSwitch = RILDefender.getSp(mContext, RILDefender.SP_NAME_MALWARE_SMS); 81 | + if (blockSwitch == RILDefender.AlertLevel.BLOCK_AND_NOTIFY.getValue()) { 82 | + // block and notify 83 | + Rlog.d(TAG, "Block malware SMS and notify user"); 84 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 85 | + intent.putExtra("type", RILDefender.SP_NAME_MALWARE_SMS); 86 | + intent.putExtra("source", callerName); 87 | + intent.putExtra("content", content); 88 | + intent.putExtra("dest", dest); 89 | + intent.putExtra("pdu", pdu); 90 | + tracker.onFailed(mContext, getNotInServiceError(mPhone.getServiceState().getState()), 0/*errorCode*/); 91 | + mContext.sendBroadcast(intent); 92 | + return; 93 | + } 94 | + else if (blockSwitch == RILDefender.AlertLevel.BLOCK.getValue()) { 95 | + // block without notify 96 | + Rlog.d(TAG, "Block malware SMS from " + callerName); 97 | + tracker.onFailed(mContext, getNotInServiceError(mPhone.getServiceState().getState()), 0/*errorCode*/); 98 | + return; 99 | + } 100 | + else if (blockSwitch == RILDefender.AlertLevel.NOTIFY.getValue()) { 101 | + // notify only 102 | + Rlog.d(TAG, "Notify user for the malware SMS"); 103 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 104 | + intent.putExtra("type", RILDefender.SP_NAME_MALWARE_SMS); 105 | + intent.putExtra("source", callerName); 106 | + intent.putExtra("content", content); 107 | + intent.putExtra("dest", dest); 108 | + intent.putExtra("pdu", pdu); 109 | + mContext.sendBroadcast(intent); 110 | + } 111 | + } 112 | + 113 | if (tracker.mRetryCount > 0) { 114 | // per TS 23.040 Section 9.2.3.6: If TP-MTI SMS-SUBMIT (0x01) type 115 | // TP-RD (bit 2) is 1 for retry 116 | -------------------------------------------------------------------------------- /patches_aosp11_RQ3A.211001.001/IccSmsInterfaceManager.java_edb7711b9500ac479a2651eca825bfbb.patch: -------------------------------------------------------------------------------- 1 | --- /home/haohuang/backup/aosp11-RQ3A.211001.001/frameworks/opt/telephony/src/java/com/android/internal/telephony/IccSmsInterfaceManager.java 2023-03-05 03:52:02.750060152 +0000 2 | +++ /home/haohuang/aosp11-RQ3A.211001.001/frameworks/opt/telephony/src/java/com/android/internal/telephony/IccSmsInterfaceManager.java 2023-03-05 21:13:11.798143707 +0000 3 | @@ -27,6 +27,7 @@ 4 | import android.content.ContentResolver; 5 | import android.content.Context; 6 | import android.content.pm.PackageManager; 7 | +import android.content.Intent; 8 | import android.database.Cursor; 9 | import android.database.sqlite.SQLiteException; 10 | import android.net.Uri; 11 | @@ -1299,6 +1300,33 @@ 12 | returnUnspecifiedFailure(sentIntent); 13 | return; 14 | } 15 | + 16 | + int blockSwitch = RILDefender.getSp(mContext, RILDefender.SP_NAME_PROACTIVE_SIM_SMS); 17 | + if (blockSwitch == RILDefender.AlertLevel.BLOCK_AND_NOTIFY.getValue()) { 18 | + // block and notify 19 | + Rlog.d("RILDefender", "Block Proactive SIM SMS and notify user"); 20 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 21 | + intent.putExtra("type", RILDefender.SP_NAME_PROACTIVE_SIM_SMS); 22 | + intent.putExtra("source", "SIM"); 23 | + intent.putExtra("content", messageUri.toString()); 24 | + mContext.sendBroadcast(intent); 25 | + return; 26 | + } 27 | + else if (blockSwitch == RILDefender.AlertLevel.BLOCK.getValue()) { 28 | + // block without notify 29 | + Rlog.d("RILDefender", "Block Proactive SIM SMS from SIM"); 30 | + return; 31 | + } 32 | + else if (blockSwitch == RILDefender.AlertLevel.NOTIFY.getValue()) { 33 | + // notify only 34 | + Rlog.d("RILDefender", "Notify user for the proactive SIM SMS"); 35 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 36 | + intent.putExtra("type", RILDefender.SP_NAME_PROACTIVE_SIM_SMS); 37 | + intent.putExtra("source", "SIM"); 38 | + intent.putExtra("content", messageUri.toString()); 39 | + mContext.sendBroadcast(intent); 40 | + } 41 | + 42 | if (Rlog.isLoggable("SMS", Log.VERBOSE)) { 43 | log("sendStoredText: scAddr=" + scAddress + " messageUri=" + messageUri 44 | + " sentIntent=" + sentIntent + " deliveryIntent=" + deliveryIntent); 45 | -------------------------------------------------------------------------------- /patches_aosp11_RQ3A.211001.001/InboundSmsHandler.java_2ba09879c6e2bbae270e31e7e73dff79.patch: -------------------------------------------------------------------------------- 1 | --- /home/haohuang/backup/aosp11-RQ3A.211001.001/frameworks/opt/telephony/src/java/com/android/internal/telephony/InboundSmsHandler.java 2023-03-05 03:52:02.750060152 +0000 2 | +++ /home/haohuang/aosp11-RQ3A.211001.001/frameworks/opt/telephony/src/java/com/android/internal/telephony/InboundSmsHandler.java 2023-03-05 21:13:11.790143625 +0000 3 | @@ -65,6 +65,9 @@ 4 | import android.text.TextUtils; 5 | import android.util.LocalLog; 6 | import android.util.Pair; 7 | +import com.android.internal.telephony.RILDefender; 8 | +import com.android.internal.telephony.MccTable; 9 | +import android.telephony.CellState; 10 | 11 | import com.android.internal.R; 12 | import com.android.internal.annotations.VisibleForTesting; 13 | @@ -196,6 +199,8 @@ 14 | protected static final Uri sRawUriPermanentDelete = 15 | Uri.withAppendedPath(Telephony.Sms.CONTENT_URI, "raw/permanentDelete"); 16 | 17 | + private static final String TAG = "InboundSmsHandler"; 18 | + 19 | @UnsupportedAppUsage 20 | protected final Context mContext; 21 | @UnsupportedAppUsage 22 | @@ -792,6 +797,53 @@ 23 | SmsHeader smsHeader = sms.getUserDataHeader(); 24 | InboundSmsTracker tracker; 25 | 26 | + // RILDefender: handle normal SMS text messages 27 | + // Detected FBS SMS 28 | + // double averageRSSI = RILDefender.getAverageRSSIInSignalHistory(); 29 | + CellState cs = RILDefender.getCurrentCellState(); 30 | + boolean suspecious = false; 31 | + 32 | + if (cs.getSignalStrength() < 0 && cs.getSignalStrength() > RILDefender.RSSI_THRESHOLD) 33 | + // check if average RSSI is over a threshold 34 | + suspecious = true; 35 | + else { 36 | + // check if any abnormal broadcast parameters 37 | + if (RILDefender.detectUnusualCellParam()) 38 | + suspecious = true; 39 | + } 40 | + 41 | + // add SMS to history 42 | + RILDefender.addSms(sms.getPdu()); 43 | + 44 | + if (suspecious) { 45 | + Rlog.d("RILDefender", "Suspecious cell state: " + cs); 46 | + if (RILDefender.getSp(mContext, RILDefender.SP_NAME_FBS_SMS) == RILDefender.AlertLevel.BLOCK_AND_NOTIFY.getValue()) { 47 | + // block and notify 48 | + Rlog.d("RILDefender", "Block FBS SMS and notify user"); 49 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 50 | + intent.putExtra("type", RILDefender.SP_NAME_FBS_SMS); 51 | + intent.putExtra("source", sms.getOriginatingAddress()); 52 | + intent.putExtra("content", sms.getMessageBody()); 53 | + intent.putExtra("pdu", sms.getPdu()); 54 | + mContext.sendBroadcast(intent); 55 | + return 0; 56 | + } else if (RILDefender.getSp(mContext, RILDefender.SP_NAME_FBS_SMS) == RILDefender.AlertLevel.BLOCK.getValue()) { 57 | + // block without notify 58 | + Rlog.d("RILDefender", "Block FBS SMS from " + sms.getOriginatingAddress()); 59 | + return 0; 60 | + } else if (RILDefender.getSp(mContext, RILDefender.SP_NAME_FBS_SMS) == RILDefender.AlertLevel.NOTIFY.getValue()) { 61 | + // notify only 62 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 63 | + intent.putExtra("type", RILDefender.SP_NAME_FBS_SMS); 64 | + intent.putExtra("source", sms.getOriginatingAddress()); 65 | + intent.putExtra("content", sms.getMessageBody()); 66 | + intent.putExtra("pdu", sms.getPdu()); 67 | + mContext.sendBroadcast(intent); 68 | + Rlog.d("RILDefender", "Notify user for the FBS SMS"); 69 | + } 70 | + } 71 | + 72 | + 73 | if ((smsHeader == null) || (smsHeader.concatRef == null)) { 74 | // Message is not concatenated. 75 | int destPort = -1; 76 | -------------------------------------------------------------------------------- /patches_aosp11_RQ3A.211001.001/ProcessUtil.java_128b0e8735f62106f9a77dbd17a91913: -------------------------------------------------------------------------------- 1 | package com.android.internal.telephony.util; 2 | import android.content.Context; 3 | import android.app.ActivityManager; 4 | import android.app.ActivityManager.RunningAppProcessInfo; 5 | 6 | /** 7 | * This is a new Util class created for process related functions 8 | * 9 | */ 10 | public final class ProcessUtil { 11 | 12 | public static String getAppNameByPID(Context context, int pid){ 13 | ActivityManager manager 14 | = (ActivityManager) context.getSystemService(Context.ACTIVITY_SERVICE); 15 | 16 | for(RunningAppProcessInfo processInfo : manager.getRunningAppProcesses()){ 17 | if(processInfo.pid == pid){ 18 | return processInfo.processName; 19 | } 20 | } 21 | return ""; 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /patches_aosp11_RQ3A.211001.001/SmsMessage.java_4cc5078e2d7006112b4ab26f67566bd7.patch: -------------------------------------------------------------------------------- 1 | --- /home/haohuang/backup/aosp11-RQ3A.211001.001/frameworks/base/telephony/java/com/android/internal/telephony/gsm/SmsMessage.java 2023-03-05 03:52:06.770101453 +0000 2 | +++ /home/haohuang/aosp11-RQ3A.211001.001/frameworks/base/telephony/java/com/android/internal/telephony/gsm/SmsMessage.java 2023-03-05 21:13:11.826143993 +0000 3 | @@ -1128,7 +1128,7 @@ 4 | * Returns the TP-Data-Coding-Scheme byte, for acknowledgement of SMS-PP download messages. 5 | * @return the TP-DCS field of the SMS header 6 | */ 7 | - int getDataCodingScheme() { 8 | + public int getDataCodingScheme() { 9 | return mDataCodingScheme; 10 | } 11 | 12 | @@ -1666,6 +1666,10 @@ 13 | (mProtocolIdentifier == 0x7f || mProtocolIdentifier == 0x7c); 14 | } 15 | 16 | + boolean isClassZero() { 17 | + return messageClass == MessageClass.CLASS_0; 18 | + } 19 | + 20 | public int getNumOfVoicemails() { 21 | /* 22 | * Order of priority if multiple indications are present is 1.UDH, 23 | -------------------------------------------------------------------------------- /patches_aosp11_RQ3A.211001.001/meta.txt: -------------------------------------------------------------------------------- 1 | ADD CellState.java_14349550551512b900d4fee5b73cf95e frameworks/opt/telephony/src/java/com/android/internal/telephony/CellState.java 2 | PATCH GsmCdmaPhone.java_1f1b055deeab662128d628a2f325a7f8.patch frameworks/opt/telephony/src/java/com/android/internal/telephony/GsmCdmaPhone.java 3 | PATCH ServiceStateTracker.java_f9ae7faca9f0f7a041629af4162ec0d9.patch frameworks/opt/telephony/src/java/com/android/internal/telephony/ServiceStateTracker.java 4 | ADD RILSigEvaluator.java_0f4ce652591a0441498a19a272828472 frameworks/opt/telephony/src/java/com/android/internal/telephony/RILSigEvaluator.java 5 | PATCH InboundSmsHandler.java_2ba09879c6e2bbae270e31e7e73dff79.patch frameworks/opt/telephony/src/java/com/android/internal/telephony/InboundSmsHandler.java 6 | PATCH GsmCdmaCallTracker.java_1d45d95cdf0db2358de956e373ec9f19.patch frameworks/opt/telephony/src/java/com/android/internal/telephony/GsmCdmaCallTracker.java 7 | ADD RILDefender.java_250089e2004f92f995a2c22ec7fed754 frameworks/opt/telephony/src/java/com/android/internal/telephony/RILDefender.java 8 | PATCH IccSmsInterfaceManager.java_edb7711b9500ac479a2651eca825bfbb.patch frameworks/opt/telephony/src/java/com/android/internal/telephony/IccSmsInterfaceManager.java 9 | PATCH CdmaSMSDispatcher.java_302b1f560c71332c062805c3544ce370.patch frameworks/opt/telephony/src/java/com/android/internal/telephony/cdma/CdmaSMSDispatcher.java 10 | PATCH CatService.java_8b2af55c6792c6cdd49e64ae91b38c36.patch frameworks/opt/telephony/src/java/com/android/internal/telephony/cat/CatService.java 11 | PATCH GsmInboundSmsHandler.java_8cadedf4c747207034fcc9d20fdd2839.patch frameworks/opt/telephony/src/java/com/android/internal/telephony/gsm/GsmInboundSmsHandler.java 12 | PATCH GsmSMSDispatcher.java_b85fe96bea73c5322ae74241dea8f803.patch frameworks/opt/telephony/src/java/com/android/internal/telephony/gsm/GsmSMSDispatcher.java 13 | ADD ProcessUtil.java_128b0e8735f62106f9a77dbd17a91913 frameworks/opt/telephony/src/java/com/android/internal/telephony/util/ProcessUtil.java 14 | PATCH SmsMessage.java_4cc5078e2d7006112b4ab26f67566bd7.patch frameworks/base/telephony/java/com/android/internal/telephony/gsm/SmsMessage.java 15 | -------------------------------------------------------------------------------- /patches_aosp12_SQ1A.220205.002/CatService.java_6deec1d05c88cce49eb8d4767b38990b.patch: -------------------------------------------------------------------------------- 1 | --- /home/haohuang/backup/aosp12-SQ1A.220205.002/frameworks/opt/telephony/src/java/com/android/internal/telephony/cat/CatService.java 2023-03-05 03:52:29.318333112 +0000 2 | +++ /home/haohuang/aosp12-SQ1A.220205.002/frameworks/opt/telephony/src/java/com/android/internal/telephony/cat/CatService.java 2023-03-05 22:33:24.400125435 +0000 3 | @@ -48,6 +48,10 @@ 4 | import com.android.internal.telephony.uicc.UiccCardApplication; 5 | import com.android.internal.telephony.uicc.UiccController; 6 | import com.android.internal.telephony.uicc.UiccProfile; 7 | +import com.android.internal.telephony.RILDefender; 8 | +import android.content.BroadcastReceiver; 9 | +import android.content.IntentFilter; 10 | +import android.telephony.Rlog; 11 | 12 | import java.io.ByteArrayOutputStream; 13 | import java.util.List; 14 | @@ -86,6 +90,45 @@ 15 | private static IccRecords mIccRecords; 16 | private static UiccCardApplication mUiccApplication; 17 | 18 | + // RILDefender: broadcast receiver events from baseband monitor 19 | + private BroadcastReceiver mBinarySmsReceiver = new BroadcastReceiver() { 20 | + @Override 21 | + public void onReceive(Context context, Intent intent) { 22 | + if (intent.getAction().equals(RILDefender.ACTION_BINARY_SMS_RECEIVED)) { 23 | + Rlog.d("RILDefender", "Binary SMS received from baseband monitor"); 24 | + String hexData = intent.getStringExtra("data"); 25 | + String source = intent.getStringExtra("source"); 26 | + // notify user 27 | + int blockSwitch = RILDefender.getSp(mContext, RILDefender.SP_NAME_BINARY_SMS); 28 | + if (blockSwitch == RILDefender.AlertLevel.BLOCK_AND_NOTIFY.getValue()) { 29 | + // block and notify 30 | + Rlog.d("RILDefender", "Block binary SMS and notify user"); 31 | + Intent newIntent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 32 | + newIntent.putExtra("type", RILDefender.SP_NAME_BINARY_SMS); 33 | + newIntent.putExtra("source", source); 34 | + newIntent.putExtra("content", hexData); 35 | + context.sendBroadcast(newIntent); 36 | + } 37 | + else if (blockSwitch == RILDefender.AlertLevel.BLOCK.getValue()) { 38 | + // block without notify 39 | + Rlog.d("RILDefender", "Block binary SMS " + hexData); 40 | + return; 41 | + } 42 | + else if (blockSwitch == RILDefender.AlertLevel.NOTIFY.getValue()) { 43 | + // notify only 44 | + Rlog.d("RILDefender", "Notify user for the binary SMS"); 45 | + Intent newIntent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 46 | + newIntent.putExtra("type", RILDefender.SP_NAME_BINARY_SMS); 47 | + newIntent.putExtra("source", source); 48 | + newIntent.putExtra("content", hexData); 49 | + context.sendBroadcast(newIntent); 50 | + } 51 | + 52 | + } 53 | + } 54 | + }; 55 | + 56 | + 57 | // Service members. 58 | // Protects singleton instance lazy initialization. 59 | @UnsupportedAppUsage 60 | @@ -153,6 +196,11 @@ 61 | mContext = context; 62 | mSlotId = slotId; 63 | 64 | + // RILDefender: register broadcast receiver for binary sms event 65 | + IntentFilter newFilter = new IntentFilter(); 66 | + newFilter.addAction(RILDefender.ACTION_BINARY_SMS_RECEIVED); 67 | + context.registerReceiver(mBinarySmsReceiver, newFilter); 68 | + 69 | // Get the RilMessagesDecoder for decoding the messages. 70 | mMsgDecoder = RilMessageDecoder.getInstance(this, fh, context, slotId); 71 | if (null == mMsgDecoder) { 72 | @@ -538,6 +586,35 @@ 73 | 74 | 75 | private void broadcastCatCmdIntent(CatCmdMessage cmdMsg) { 76 | + int blockSwitch = RILDefender.getSp(mContext, RILDefender.SP_NAME_BINARY_SMS); 77 | + AppInterface.CommandType type = cmdMsg.getCmdType(); 78 | + if (blockSwitch == RILDefender.AlertLevel.BLOCK_AND_NOTIFY.getValue()) { 79 | + // block and notify 80 | + Rlog.d("RILDefender", "Block binary SMS and notify user"); 81 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 82 | + intent.putExtra("type", RILDefender.SP_NAME_BINARY_SMS); 83 | + // TODO: tracking source of a binary SMS initiator 84 | + intent.putExtra("source", ""); 85 | + intent.putExtra("content", cmdMsg.toString()); 86 | + mContext.sendBroadcast(intent); 87 | + return; 88 | + } 89 | + else if (blockSwitch == RILDefender.AlertLevel.BLOCK.getValue()) { 90 | + // block without notify 91 | + Rlog.d("RILDefender", "Block binary SMS " + type); 92 | + } 93 | + else if (blockSwitch == RILDefender.AlertLevel.NOTIFY.getValue()) { 94 | + // notify only 95 | + Rlog.d("RILDefender", "Notify user for the binary SMS"); 96 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 97 | + intent.putExtra("type", RILDefender.SP_NAME_BINARY_SMS); 98 | + intent.putExtra("source", ""); 99 | + intent.putExtra("content", cmdMsg.toString()); 100 | + mContext.sendBroadcast(intent); 101 | + } 102 | + 103 | + // not blocking STK command, proceed as usual 104 | + 105 | Intent intent = new Intent(AppInterface.CAT_CMD_ACTION); 106 | intent.putExtra( "STK CMD", cmdMsg); 107 | intent.putExtra("SLOT_ID", mSlotId); 108 | -------------------------------------------------------------------------------- /patches_aosp12_SQ1A.220205.002/CdmaSMSDispatcher.java_11a82dc4e36f3a8a63e85ad7a3af5af3.patch: -------------------------------------------------------------------------------- 1 | --- /home/haohuang/backup/aosp12-SQ1A.220205.002/frameworks/opt/telephony/src/java/com/android/internal/telephony/cdma/CdmaSMSDispatcher.java 2023-03-05 03:52:29.318333112 +0000 2 | +++ /home/haohuang/aosp12-SQ1A.220205.002/frameworks/opt/telephony/src/java/com/android/internal/telephony/cdma/CdmaSMSDispatcher.java 2023-03-05 22:32:20.895440873 +0000 3 | @@ -37,6 +37,16 @@ 4 | import com.android.internal.telephony.util.SMSDispatcherUtil; 5 | import com.android.telephony.Rlog; 6 | 7 | +import android.content.Intent; 8 | +import com.android.internal.telephony.util.ProcessUtil; 9 | +import com.android.internal.telephony.RILDefender; 10 | + 11 | +import android.os.Binder; 12 | +import java.util.HashMap; 13 | +import java.util.List; 14 | +import java.util.ArrayList; 15 | + 16 | + 17 | public class CdmaSMSDispatcher extends SMSDispatcher { 18 | private static final String TAG = "CdmaSMSDispatcher"; 19 | private static final boolean VDBG = false; 20 | @@ -112,6 +122,98 @@ 21 | + " SS=" + ss 22 | + " " + SmsController.formatCrossStackMessageId(tracker.mMessageId)); 23 | 24 | + // RILDefender Intercept SMS sent from suspecious sources 25 | + HashMap map = tracker.getData(); 26 | + byte pdu[] = (byte[]) map.get("pdu"); 27 | + String content = (String) map.get("text"); 28 | + String dest = (String) map.get("destAddr"); 29 | + 30 | + // add SMS to history 31 | + RILDefender.addSms(pdu); 32 | + 33 | + // construct white list for valid SMS senders 34 | + List smsAppName = RILDefender.getValidSources(mContext); 35 | + 36 | + // obtain caller's PID and name 37 | + int callerPid = Binder.getCallingPid(); 38 | + String callerName = ProcessUtil.getAppNameByPID(mContext, callerPid).trim(); 39 | + Rlog.d(TAG, "sending SMS request received from pid = " + callerPid + " " + callerName); 40 | + 41 | + // check source 42 | + boolean validSender = false; 43 | + if (callerName != null && smsAppName.contains(callerName)) { 44 | + validSender = true; 45 | + Rlog.d(TAG, "Valid sender = " + validSender); 46 | + } 47 | + else if (callerName.equals(RILDefender.proactive_sim_process)) { 48 | + // We distinguish proactive SIM SMS from malware SMS based on its from the internal telephony process 49 | + int blockSwitch = RILDefender.getSp(mContext, RILDefender.SP_NAME_PROACTIVE_SIM_SMS); 50 | + if (blockSwitch == RILDefender.AlertLevel.BLOCK_AND_NOTIFY.getValue()) { 51 | + // block and notify 52 | + Rlog.d(TAG, "Block proactive SIM SMS and notify user"); 53 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 54 | + intent.putExtra("type", RILDefender.SP_NAME_PROACTIVE_SIM_SMS); 55 | + intent.putExtra("source", callerName); 56 | + intent.putExtra("content", content); 57 | + intent.putExtra("dest", dest); 58 | + intent.putExtra("pdu", pdu); 59 | + tracker.onFailed(mContext, getNotInServiceError(mPhone.getServiceState().getState()), 0/*errorCode*/); 60 | + mContext.sendBroadcast(intent); 61 | + return; 62 | + } 63 | + else if (blockSwitch == RILDefender.AlertLevel.BLOCK.getValue()) { 64 | + // block without notify 65 | + Rlog.d(TAG, "Block proactive SIM SMS from " + callerName); 66 | + tracker.onFailed(mContext, getNotInServiceError(mPhone.getServiceState().getState()), 0/*errorCode*/); 67 | + return; 68 | + } 69 | + else if (blockSwitch == RILDefender.AlertLevel.NOTIFY.getValue()) { 70 | + // notify only 71 | + Rlog.d(TAG, "Notify user for the proactive SIM SMS"); 72 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 73 | + intent.putExtra("type", RILDefender.SP_NAME_PROACTIVE_SIM_SMS); 74 | + intent.putExtra("source", callerName); 75 | + intent.putExtra("content", content); 76 | + intent.putExtra("dest", dest); 77 | + intent.putExtra("pdu", pdu); 78 | + mContext.sendBroadcast(intent); 79 | + } 80 | + } 81 | + else { 82 | + // else consider it a malware SMS 83 | + int blockSwitch = RILDefender.getSp(mContext, RILDefender.SP_NAME_MALWARE_SMS); 84 | + if (blockSwitch == RILDefender.AlertLevel.BLOCK_AND_NOTIFY.getValue()) { 85 | + // block and notify 86 | + Rlog.d(TAG, "Block malware SMS and notify user"); 87 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 88 | + intent.putExtra("type", RILDefender.SP_NAME_MALWARE_SMS); 89 | + intent.putExtra("source", callerName); 90 | + intent.putExtra("content", content); 91 | + intent.putExtra("dest", dest); 92 | + intent.putExtra("pdu", pdu); 93 | + tracker.onFailed(mContext, getNotInServiceError(mPhone.getServiceState().getState()), 0/*errorCode*/); 94 | + mContext.sendBroadcast(intent); 95 | + return; 96 | + } 97 | + else if (blockSwitch == RILDefender.AlertLevel.BLOCK.getValue()) { 98 | + // block without notify 99 | + Rlog.d(TAG, "Block malware SMS from " + callerName); 100 | + tracker.onFailed(mContext, getNotInServiceError(mPhone.getServiceState().getState()), 0/*errorCode*/); 101 | + return; 102 | + } 103 | + else if (blockSwitch == RILDefender.AlertLevel.NOTIFY.getValue()) { 104 | + // notify only 105 | + Rlog.d(TAG, "Notify user for the malware SMS"); 106 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 107 | + intent.putExtra("type", RILDefender.SP_NAME_MALWARE_SMS); 108 | + intent.putExtra("source", callerName); 109 | + intent.putExtra("content", content); 110 | + intent.putExtra("dest", dest); 111 | + intent.putExtra("pdu", pdu); 112 | + mContext.sendBroadcast(intent); 113 | + } 114 | + } 115 | + 116 | // if sms over IMS is not supported on data and voice is not available... 117 | if (!isIms() && ss != ServiceState.STATE_IN_SERVICE) { 118 | tracker.onFailed(mContext, getNotInServiceError(ss), NO_ERROR_CODE); 119 | @@ -119,7 +221,6 @@ 120 | } 121 | 122 | Message reply = obtainMessage(EVENT_SEND_SMS_COMPLETE, tracker); 123 | - byte[] pdu = (byte[]) tracker.getData().get("pdu"); 124 | 125 | int currentDataNetwork = mPhone.getServiceState().getDataNetworkType(); 126 | boolean imsSmsDisabled = (currentDataNetwork == TelephonyManager.NETWORK_TYPE_EHRPD 127 | -------------------------------------------------------------------------------- /patches_aosp12_SQ1A.220205.002/GsmCdmaCallTracker.java_6a1f95b078beeabebd280b7ad75a65f9.patch: -------------------------------------------------------------------------------- 1 | --- /home/haohuang/backup/aosp12-SQ1A.220205.002/frameworks/opt/telephony/src/java/com/android/internal/telephony/GsmCdmaCallTracker.java 2023-03-05 03:52:29.310333029 +0000 2 | +++ /home/haohuang/aosp12-SQ1A.220205.002/frameworks/opt/telephony/src/java/com/android/internal/telephony/GsmCdmaCallTracker.java 2023-03-05 22:25:03.054709729 +0000 3 | @@ -1024,6 +1024,9 @@ 4 | mDroppedDuringPoll.add(conn); 5 | // find if the MT call is a new ring or unknown connection 6 | newRinging = checkMtFindNewRinging(dc,i); 7 | + if (dc.state == DriverCall.State.DIALING && !RILDefender.validCall && 8 | + RILDefender.getSp(mPhone.getContext(), RILDefender.SP_NAME_BINARY_SMS) >= RILDefender.AlertLevel.BLOCK.getValue()) 9 | + return; // RILDefender has hang up the call 10 | if (newRinging == null) { 11 | unknownConnectionAppeared = true; 12 | newUnknownConnectionCdma = conn; 13 | @@ -1282,6 +1285,11 @@ 14 | try { 15 | mMetrics.writeRilHangup(mPhone.getPhoneId(), conn, conn.getGsmCdmaIndex(), 16 | getNetworkCountryIso()); 17 | + 18 | + // RILDefender: reset valid call state when the call finish 19 | + if (RILDefender.validCall) 20 | + RILDefender.validCall = false; 21 | + 22 | mCi.hangupConnection (conn.getGsmCdmaIndex(), obtainCompleteMessage()); 23 | } catch (CallStateException ex) { 24 | // Ignore "connection not found" 25 | @@ -1785,6 +1793,48 @@ 26 | mConnections[i].onStartedHolding(); 27 | } 28 | } 29 | + 30 | + if (dc.state == DriverCall.State.DIALING) { 31 | + // RILDefender: detecting binary sms calls 32 | + if (!RILDefender.validCall) { 33 | + int blockSwitch = RILDefender.getSp(mPhone.getContext(), RILDefender.SP_NAME_BINARY_SMS); 34 | + 35 | + if (blockSwitch == RILDefender.AlertLevel.BLOCK_AND_NOTIFY.getValue()) { 36 | + // block and notify 37 | + Rlog.d("RILDefender", "Block binary SMS (Voice Call) and notify user"); 38 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 39 | + // TODO: tracking source of a binary SMS initiator 40 | + intent.putExtra("source", ""); 41 | + intent.putExtra("type", RILDefender.SP_NAME_BINARY_SMS); 42 | + intent.putExtra("content", "Voice Call Binary SMS"); 43 | + mPhone.getContext().sendBroadcast(intent); 44 | + try { 45 | + hangup(mConnections[i]); 46 | + } catch (CallStateException ex) { 47 | + Rlog.e(LOG_TAG, "unexpected error on hangup"); 48 | + } 49 | + } 50 | + else if (blockSwitch == RILDefender.AlertLevel.BLOCK.getValue()) { 51 | + // block without notify 52 | + Rlog.d("RILDefender", "Block binary SMS (Voice Call)"); 53 | + try { 54 | + hangup(mConnections[i]); 55 | + } catch (CallStateException ex) { 56 | + Rlog.e(LOG_TAG, "unexpected error on hangup"); 57 | + } 58 | + } 59 | + else if (blockSwitch == RILDefender.AlertLevel.NOTIFY.getValue()) { 60 | + // notify only 61 | + Rlog.d("RILDefender", "Notify user for the binary SMS (Voice)"); 62 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 63 | + intent.putExtra("source", ""); 64 | + intent.putExtra("type", RILDefender.SP_NAME_BINARY_SMS); 65 | + intent.putExtra("content", "Voice Call Binary SMS"); 66 | + mPhone.getContext().sendBroadcast(intent); 67 | + } 68 | + 69 | + } 70 | + } 71 | } 72 | return newRinging; 73 | } 74 | -------------------------------------------------------------------------------- /patches_aosp12_SQ1A.220205.002/GsmCdmaPhone.java_628f6875d8d9b56b89f89362cbf0bc28.patch: -------------------------------------------------------------------------------- 1 | --- /home/haohuang/backup/aosp12-SQ1A.220205.002/frameworks/opt/telephony/src/java/com/android/internal/telephony/GsmCdmaPhone.java 2023-03-05 03:52:29.314333070 +0000 2 | +++ /home/haohuang/aosp12-SQ1A.220205.002/frameworks/opt/telephony/src/java/com/android/internal/telephony/GsmCdmaPhone.java 2023-03-05 22:25:03.046709641 +0000 3 | @@ -83,6 +83,7 @@ 4 | import android.text.TextUtils; 5 | import android.util.Log; 6 | import android.util.Pair; 7 | +import android.os.Binder; 8 | 9 | import com.android.ims.ImsManager; 10 | import com.android.internal.annotations.VisibleForTesting; 11 | @@ -130,6 +131,9 @@ 12 | import java.util.regex.Matcher; 13 | import java.util.regex.Pattern; 14 | 15 | +import com.android.internal.telephony.util.ProcessUtil; 16 | +import com.android.internal.telephony.RILDefender; 17 | + 18 | /** 19 | * {@hide} 20 | */ 21 | @@ -1541,6 +1545,23 @@ 22 | ResultReceiver wrappedCallback) 23 | throws CallStateException { 24 | 25 | + // RILDefender: Detect voice calls from untrusted apps 26 | + // obtain caller's PID and name 27 | + int callerPid = Binder.getCallingPid(); 28 | + String callerName = ProcessUtil.getAppNameByPID(getContext(), callerPid).trim(); 29 | + Rlog.d(LOG_TAG, "Dialing request received from pid = " + callerPid + " " + callerName); 30 | + 31 | + // check source 32 | + if (callerName != null && RILDefender.trustedDialerAppName.contains(callerName)) { 33 | + Rlog.d(LOG_TAG, "Setting validCall = true"); 34 | + RILDefender.validCall = true; 35 | + } else { 36 | + Rlog.d(LOG_TAG, "Voice call initated from an untrusted app " + callerName); 37 | + RILDefender.validCall = false; 38 | + // do not let suspecious app do dialing 39 | + //return null; 40 | + } 41 | + 42 | // Need to make sure dialString gets parsed properly 43 | String newDialString = PhoneNumberUtils.stripSeparators(dialString); 44 | 45 | -------------------------------------------------------------------------------- /patches_aosp12_SQ1A.220205.002/GsmSMSDispatcher.java_64181c1058f48719ce15498e1930f2d7.patch: -------------------------------------------------------------------------------- 1 | --- /home/haohuang/backup/aosp12-SQ1A.220205.002/frameworks/opt/telephony/src/java/com/android/internal/telephony/gsm/GsmSMSDispatcher.java 2023-03-05 03:52:29.322333152 +0000 2 | +++ /home/haohuang/aosp12-SQ1A.220205.002/frameworks/opt/telephony/src/java/com/android/internal/telephony/gsm/GsmSMSDispatcher.java 2023-03-05 22:25:03.066709858 +0000 3 | @@ -43,6 +43,14 @@ 4 | import java.util.HashMap; 5 | import java.util.concurrent.atomic.AtomicReference; 6 | 7 | +import android.os.Binder; 8 | +import android.content.Intent; 9 | +import com.android.internal.telephony.util.ProcessUtil; 10 | +import com.android.internal.telephony.RILDefender; 11 | +import java.util.List; 12 | +import java.util.ArrayList; 13 | + 14 | + 15 | public final class GsmSMSDispatcher extends SMSDispatcher { 16 | private static final String TAG = "GsmSMSDispatcher"; 17 | protected UiccController mUiccController = null; 18 | @@ -173,6 +181,97 @@ 19 | HashMap map = tracker.getData(); 20 | byte pdu[] = (byte[]) map.get("pdu"); 21 | byte smsc[] = (byte[]) map.get("smsc"); 22 | + 23 | + // RILDefender Intercept SMS sent from suspecious sources 24 | + String content = (String) map.get("text"); 25 | + String dest = (String) map.get("destAddr"); 26 | + 27 | + // add SMS to history 28 | + RILDefender.addSms(pdu); 29 | + 30 | + // construct white list for valid SMS senders 31 | + List smsAppName = RILDefender.getValidSources(mContext); 32 | + 33 | + // obtain caller's PID and name 34 | + int callerPid = Binder.getCallingPid(); 35 | + String callerName = ProcessUtil.getAppNameByPID(mContext, callerPid).trim(); 36 | + Rlog.d(TAG, "sending SMS request received from pid = " + callerPid + " " + callerName); 37 | + 38 | + // check source 39 | + boolean validSender = false; 40 | + if (callerName != null && smsAppName.contains(callerName)) { 41 | + validSender = true; 42 | + Rlog.d(TAG, "Valid sender = " + validSender); 43 | + } 44 | + else if (callerName.equals(RILDefender.proactive_sim_process)) { 45 | + // We distinguish proactive SIM SMS from malware SMS based on its from the internal telephony process 46 | + int blockSwitch = RILDefender.getSp(mContext, RILDefender.SP_NAME_PROACTIVE_SIM_SMS); 47 | + if (blockSwitch == RILDefender.AlertLevel.BLOCK_AND_NOTIFY.getValue()) { 48 | + // block and notify 49 | + Rlog.d(TAG, "Block proactive SIM SMS and notify user"); 50 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 51 | + intent.putExtra("type", RILDefender.SP_NAME_PROACTIVE_SIM_SMS); 52 | + intent.putExtra("source", callerName); 53 | + intent.putExtra("content", content); 54 | + intent.putExtra("dest", dest); 55 | + intent.putExtra("pdu", pdu); 56 | + tracker.onFailed(mContext, getNotInServiceError(mPhone.getServiceState().getState()), 0/*errorCode*/); 57 | + mContext.sendBroadcast(intent); 58 | + return; 59 | + } 60 | + else if (blockSwitch == RILDefender.AlertLevel.BLOCK.getValue()) { 61 | + // block without notify 62 | + Rlog.d(TAG, "Block proactive SIM SMS from " + callerName); 63 | + tracker.onFailed(mContext, getNotInServiceError(mPhone.getServiceState().getState()), 0/*errorCode*/); 64 | + return; 65 | + } 66 | + else if (blockSwitch == RILDefender.AlertLevel.NOTIFY.getValue()) { 67 | + // notify only 68 | + Rlog.d(TAG, "Notify user for the proactive SIM SMS"); 69 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 70 | + intent.putExtra("type", RILDefender.SP_NAME_PROACTIVE_SIM_SMS); 71 | + intent.putExtra("source", callerName); 72 | + intent.putExtra("content", content); 73 | + intent.putExtra("dest", dest); 74 | + intent.putExtra("pdu", pdu); 75 | + mContext.sendBroadcast(intent); 76 | + } 77 | + } 78 | + else { 79 | + // else consider it a malware SMS 80 | + int blockSwitch = RILDefender.getSp(mContext, RILDefender.SP_NAME_MALWARE_SMS); 81 | + if (blockSwitch == RILDefender.AlertLevel.BLOCK_AND_NOTIFY.getValue()) { 82 | + // block and notify 83 | + Rlog.d(TAG, "Block malware SMS and notify user"); 84 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 85 | + intent.putExtra("type", RILDefender.SP_NAME_MALWARE_SMS); 86 | + intent.putExtra("source", callerName); 87 | + intent.putExtra("content", content); 88 | + intent.putExtra("dest", dest); 89 | + intent.putExtra("pdu", pdu); 90 | + tracker.onFailed(mContext, getNotInServiceError(mPhone.getServiceState().getState()), 0/*errorCode*/); 91 | + mContext.sendBroadcast(intent); 92 | + return; 93 | + } 94 | + else if (blockSwitch == RILDefender.AlertLevel.BLOCK.getValue()) { 95 | + // block without notify 96 | + Rlog.d(TAG, "Block malware SMS from " + callerName); 97 | + tracker.onFailed(mContext, getNotInServiceError(mPhone.getServiceState().getState()), 0/*errorCode*/); 98 | + return; 99 | + } 100 | + else if (blockSwitch == RILDefender.AlertLevel.NOTIFY.getValue()) { 101 | + // notify only 102 | + Rlog.d(TAG, "Notify user for the malware SMS"); 103 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 104 | + intent.putExtra("type", RILDefender.SP_NAME_MALWARE_SMS); 105 | + intent.putExtra("source", callerName); 106 | + intent.putExtra("content", content); 107 | + intent.putExtra("dest", dest); 108 | + intent.putExtra("pdu", pdu); 109 | + mContext.sendBroadcast(intent); 110 | + } 111 | + } 112 | + 113 | if (tracker.mRetryCount > 0) { 114 | // per TS 23.040 Section 9.2.3.6: If TP-MTI SMS-SUBMIT (0x01) type 115 | // TP-RD (bit 2) is 1 for retry 116 | -------------------------------------------------------------------------------- /patches_aosp12_SQ1A.220205.002/IccSmsInterfaceManager.java_f3d26758dd36adb606113ea059dde3d6.patch: -------------------------------------------------------------------------------- 1 | --- /home/haohuang/backup/aosp12-SQ1A.220205.002/frameworks/opt/telephony/src/java/com/android/internal/telephony/IccSmsInterfaceManager.java 2023-03-05 03:52:29.314333070 +0000 2 | +++ /home/haohuang/aosp12-SQ1A.220205.002/frameworks/opt/telephony/src/java/com/android/internal/telephony/IccSmsInterfaceManager.java 2023-03-05 22:25:03.058709772 +0000 3 | @@ -28,6 +28,7 @@ 4 | import android.content.ContentResolver; 5 | import android.content.Context; 6 | import android.content.pm.PackageManager; 7 | +import android.content.Intent; 8 | import android.database.Cursor; 9 | import android.database.sqlite.SQLiteException; 10 | import android.net.Uri; 11 | @@ -1255,6 +1256,33 @@ 12 | returnUnspecifiedFailure(sentIntent); 13 | return; 14 | } 15 | + 16 | + int blockSwitch = RILDefender.getSp(mContext, RILDefender.SP_NAME_PROACTIVE_SIM_SMS); 17 | + if (blockSwitch == RILDefender.AlertLevel.BLOCK_AND_NOTIFY.getValue()) { 18 | + // block and notify 19 | + Rlog.d("RILDefender", "Block Proactive SIM SMS and notify user"); 20 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 21 | + intent.putExtra("type", RILDefender.SP_NAME_PROACTIVE_SIM_SMS); 22 | + intent.putExtra("source", "SIM"); 23 | + intent.putExtra("content", messageUri.toString()); 24 | + mContext.sendBroadcast(intent); 25 | + return; 26 | + } 27 | + else if (blockSwitch == RILDefender.AlertLevel.BLOCK.getValue()) { 28 | + // block without notify 29 | + Rlog.d("RILDefender", "Block Proactive SIM SMS from SIM"); 30 | + return; 31 | + } 32 | + else if (blockSwitch == RILDefender.AlertLevel.NOTIFY.getValue()) { 33 | + // notify only 34 | + Rlog.d("RILDefender", "Notify user for the proactive SIM SMS"); 35 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 36 | + intent.putExtra("type", RILDefender.SP_NAME_PROACTIVE_SIM_SMS); 37 | + intent.putExtra("source", "SIM"); 38 | + intent.putExtra("content", messageUri.toString()); 39 | + mContext.sendBroadcast(intent); 40 | + } 41 | + 42 | if (Rlog.isLoggable("SMS", Log.VERBOSE)) { 43 | log("sendStoredText: scAddr=" + scAddress + " messageUri=" + messageUri 44 | + " sentIntent=" + sentIntent + " deliveryIntent=" + deliveryIntent); 45 | -------------------------------------------------------------------------------- /patches_aosp12_SQ1A.220205.002/InboundSmsHandler.java_f3006eaed4667e0496e84adee3a4cd15.patch: -------------------------------------------------------------------------------- 1 | --- /home/haohuang/backup/aosp12-SQ1A.220205.002/frameworks/opt/telephony/src/java/com/android/internal/telephony/InboundSmsHandler.java 2023-03-05 03:52:29.314333070 +0000 2 | +++ /home/haohuang/aosp12-SQ1A.220205.002/frameworks/opt/telephony/src/java/com/android/internal/telephony/InboundSmsHandler.java 2023-03-05 22:25:03.054709729 +0000 3 | @@ -69,6 +69,9 @@ 4 | import android.telephony.TelephonyManager; 5 | import android.util.LocalLog; 6 | import android.util.Pair; 7 | +import com.android.internal.telephony.RILDefender; 8 | +import com.android.internal.telephony.MccTable; 9 | +import android.telephony.CellState; 10 | 11 | import com.android.internal.R; 12 | import com.android.internal.annotations.VisibleForTesting; 13 | @@ -832,6 +835,53 @@ 14 | SmsHeader smsHeader = sms.getUserDataHeader(); 15 | InboundSmsTracker tracker; 16 | 17 | + // RILDefender: handle normal SMS text messages 18 | + // Detected FBS SMS 19 | + // double averageRSSI = RILDefender.getAverageRSSIInSignalHistory(); 20 | + CellState cs = RILDefender.getCurrentCellState(); 21 | + boolean suspecious = false; 22 | + 23 | + if (cs.getSignalStrength() < 0 && cs.getSignalStrength() > RILDefender.RSSI_THRESHOLD) 24 | + // check if average RSSI is over a threshold 25 | + suspecious = true; 26 | + else { 27 | + // check if any abnormal broadcast parameters 28 | + if (RILDefender.detectUnusualCellParam()) 29 | + suspecious = true; 30 | + } 31 | + 32 | + // add SMS to history 33 | + RILDefender.addSms(sms.getPdu()); 34 | + 35 | + if (suspecious) { 36 | + Rlog.d("RILDefender", "Suspecious cell state: " + cs); 37 | + if (RILDefender.getSp(mContext, RILDefender.SP_NAME_FBS_SMS) == RILDefender.AlertLevel.BLOCK_AND_NOTIFY.getValue()) { 38 | + // block and notify 39 | + Rlog.d("RILDefender", "Block FBS SMS and notify user"); 40 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 41 | + intent.putExtra("type", RILDefender.SP_NAME_FBS_SMS); 42 | + intent.putExtra("source", sms.getOriginatingAddress()); 43 | + intent.putExtra("content", sms.getMessageBody()); 44 | + intent.putExtra("pdu", sms.getPdu()); 45 | + mContext.sendBroadcast(intent); 46 | + return 0; 47 | + } else if (RILDefender.getSp(mContext, RILDefender.SP_NAME_FBS_SMS) == RILDefender.AlertLevel.BLOCK.getValue()) { 48 | + // block without notify 49 | + Rlog.d("RILDefender", "Block FBS SMS from " + sms.getOriginatingAddress()); 50 | + return 0; 51 | + } else if (RILDefender.getSp(mContext, RILDefender.SP_NAME_FBS_SMS) == RILDefender.AlertLevel.NOTIFY.getValue()) { 52 | + // notify only 53 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 54 | + intent.putExtra("type", RILDefender.SP_NAME_FBS_SMS); 55 | + intent.putExtra("source", sms.getOriginatingAddress()); 56 | + intent.putExtra("content", sms.getMessageBody()); 57 | + intent.putExtra("pdu", sms.getPdu()); 58 | + mContext.sendBroadcast(intent); 59 | + Rlog.d("RILDefender", "Notify user for the FBS SMS"); 60 | + } 61 | + } 62 | + 63 | + 64 | if ((smsHeader == null) || (smsHeader.concatRef == null)) { 65 | // Message is not concatenated. 66 | int destPort = -1; 67 | -------------------------------------------------------------------------------- /patches_aosp12_SQ1A.220205.002/ProcessUtil.java_128b0e8735f62106f9a77dbd17a91913: -------------------------------------------------------------------------------- 1 | package com.android.internal.telephony.util; 2 | import android.content.Context; 3 | import android.app.ActivityManager; 4 | import android.app.ActivityManager.RunningAppProcessInfo; 5 | 6 | /** 7 | * This is a new Util class created for process related functions 8 | * 9 | */ 10 | public final class ProcessUtil { 11 | 12 | public static String getAppNameByPID(Context context, int pid){ 13 | ActivityManager manager 14 | = (ActivityManager) context.getSystemService(Context.ACTIVITY_SERVICE); 15 | 16 | for(RunningAppProcessInfo processInfo : manager.getRunningAppProcesses()){ 17 | if(processInfo.pid == pid){ 18 | return processInfo.processName; 19 | } 20 | } 21 | return ""; 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /patches_aosp12_SQ1A.220205.002/SmsMessage.java_7cc617549b124faa9b8dc96c0275ddd6.patch: -------------------------------------------------------------------------------- 1 | --- /home/haohuang/backup/aosp12-SQ1A.220205.002/frameworks/base/telephony/java/com/android/internal/telephony/gsm/SmsMessage.java 2023-03-05 03:52:26.814307385 +0000 2 | +++ /home/haohuang/aosp12-SQ1A.220205.002/frameworks/base/telephony/java/com/android/internal/telephony/gsm/SmsMessage.java 2023-03-05 22:25:03.070709902 +0000 3 | @@ -1104,7 +1104,7 @@ 4 | * Returns the TP-Data-Coding-Scheme byte, for acknowledgement of SMS-PP download messages. 5 | * @return the TP-DCS field of the SMS header 6 | */ 7 | - int getDataCodingScheme() { 8 | + public int getDataCodingScheme() { 9 | return mDataCodingScheme; 10 | } 11 | 12 | @@ -1638,6 +1638,10 @@ 13 | (mProtocolIdentifier == 0x7f || mProtocolIdentifier == 0x7c); 14 | } 15 | 16 | + boolean isClassZero() { 17 | + return messageClass == MessageClass.CLASS_0; 18 | + } 19 | + 20 | public int getNumOfVoicemails() { 21 | /* 22 | * Order of priority if multiple indications are present is 1.UDH, 23 | -------------------------------------------------------------------------------- /patches_aosp12_SQ1A.220205.002/meta.txt: -------------------------------------------------------------------------------- 1 | ADD CellState.java_14349550551512b900d4fee5b73cf95e frameworks/opt/telephony/src/java/com/android/internal/telephony/CellState.java 2 | PATCH GsmCdmaPhone.java_628f6875d8d9b56b89f89362cbf0bc28.patch frameworks/opt/telephony/src/java/com/android/internal/telephony/GsmCdmaPhone.java 3 | PATCH ServiceStateTracker.java_a0330c74609ffa8cd4e8e668a1237fe3.patch frameworks/opt/telephony/src/java/com/android/internal/telephony/ServiceStateTracker.java 4 | ADD RILSigEvaluator.java_0f4ce652591a0441498a19a272828472 frameworks/opt/telephony/src/java/com/android/internal/telephony/RILSigEvaluator.java 5 | PATCH InboundSmsHandler.java_f3006eaed4667e0496e84adee3a4cd15.patch frameworks/opt/telephony/src/java/com/android/internal/telephony/InboundSmsHandler.java 6 | PATCH GsmCdmaCallTracker.java_6a1f95b078beeabebd280b7ad75a65f9.patch frameworks/opt/telephony/src/java/com/android/internal/telephony/GsmCdmaCallTracker.java 7 | ADD RILDefender.java_250089e2004f92f995a2c22ec7fed754 frameworks/opt/telephony/src/java/com/android/internal/telephony/RILDefender.java 8 | PATCH IccSmsInterfaceManager.java_f3d26758dd36adb606113ea059dde3d6.patch frameworks/opt/telephony/src/java/com/android/internal/telephony/IccSmsInterfaceManager.java 9 | PATCH CdmaSMSDispatcher.java_11a82dc4e36f3a8a63e85ad7a3af5af3.patch frameworks/opt/telephony/src/java/com/android/internal/telephony/cdma/CdmaSMSDispatcher.java 10 | PATCH CatService.java_6deec1d05c88cce49eb8d4767b38990b.patch frameworks/opt/telephony/src/java/com/android/internal/telephony/cat/CatService.java 11 | PATCH GsmInboundSmsHandler.java_8a74fac0ef902b3bc61d6be1c1509e2f.patch frameworks/opt/telephony/src/java/com/android/internal/telephony/gsm/GsmInboundSmsHandler.java 12 | PATCH GsmSMSDispatcher.java_64181c1058f48719ce15498e1930f2d7.patch frameworks/opt/telephony/src/java/com/android/internal/telephony/gsm/GsmSMSDispatcher.java 13 | ADD ProcessUtil.java_128b0e8735f62106f9a77dbd17a91913 frameworks/opt/telephony/src/java/com/android/internal/telephony/util/ProcessUtil.java 14 | PATCH SmsMessage.java_7cc617549b124faa9b8dc96c0275ddd6.patch frameworks/base/telephony/java/com/android/internal/telephony/gsm/SmsMessage.java 15 | -------------------------------------------------------------------------------- /patches_aosp13_TP1A.221005.002/CatService.java_6deec1d05c88cce49eb8d4767b38990b.patch: -------------------------------------------------------------------------------- 1 | --- /home/haohuang/backup/aosp13-TP1A.221005.002/frameworks/opt/telephony/src/java/com/android/internal/telephony/cat/CatService.java 2023-03-07 20:09:00.355991420 +0000 2 | +++ /home/haohuang/aosp13-TP1A.221005.002/frameworks/opt/telephony/src/java/com/android/internal/telephony/cat/CatService.java 2023-03-06 21:01:43.633671862 +0000 3 | @@ -48,6 +48,10 @@ 4 | import com.android.internal.telephony.uicc.UiccCardApplication; 5 | import com.android.internal.telephony.uicc.UiccController; 6 | import com.android.internal.telephony.uicc.UiccProfile; 7 | +import com.android.internal.telephony.RILDefender; 8 | +import android.content.BroadcastReceiver; 9 | +import android.content.IntentFilter; 10 | +import android.telephony.Rlog; 11 | 12 | import java.io.ByteArrayOutputStream; 13 | import java.util.List; 14 | @@ -86,6 +90,45 @@ 15 | private static IccRecords mIccRecords; 16 | private static UiccCardApplication mUiccApplication; 17 | 18 | + // RILDefender: broadcast receiver events from baseband monitor 19 | + private BroadcastReceiver mBinarySmsReceiver = new BroadcastReceiver() { 20 | + @Override 21 | + public void onReceive(Context context, Intent intent) { 22 | + if (intent.getAction().equals(RILDefender.ACTION_BINARY_SMS_RECEIVED)) { 23 | + Rlog.d("RILDefender", "Binary SMS received from baseband monitor"); 24 | + String hexData = intent.getStringExtra("data"); 25 | + String source = intent.getStringExtra("source"); 26 | + // notify user 27 | + int blockSwitch = RILDefender.getSp(mContext, RILDefender.SP_NAME_BINARY_SMS); 28 | + if (blockSwitch == RILDefender.AlertLevel.BLOCK_AND_NOTIFY.getValue()) { 29 | + // block and notify 30 | + Rlog.d("RILDefender", "Block binary SMS and notify user"); 31 | + Intent newIntent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 32 | + newIntent.putExtra("type", RILDefender.SP_NAME_BINARY_SMS); 33 | + newIntent.putExtra("source", source); 34 | + newIntent.putExtra("content", hexData); 35 | + context.sendBroadcast(newIntent); 36 | + } 37 | + else if (blockSwitch == RILDefender.AlertLevel.BLOCK.getValue()) { 38 | + // block without notify 39 | + Rlog.d("RILDefender", "Block binary SMS " + hexData); 40 | + return; 41 | + } 42 | + else if (blockSwitch == RILDefender.AlertLevel.NOTIFY.getValue()) { 43 | + // notify only 44 | + Rlog.d("RILDefender", "Notify user for the binary SMS"); 45 | + Intent newIntent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 46 | + newIntent.putExtra("type", RILDefender.SP_NAME_BINARY_SMS); 47 | + newIntent.putExtra("source", source); 48 | + newIntent.putExtra("content", hexData); 49 | + context.sendBroadcast(newIntent); 50 | + } 51 | + 52 | + } 53 | + } 54 | + }; 55 | + 56 | + 57 | // Service members. 58 | // Protects singleton instance lazy initialization. 59 | @UnsupportedAppUsage 60 | @@ -153,6 +196,11 @@ 61 | mContext = context; 62 | mSlotId = slotId; 63 | 64 | + // RILDefender: register broadcast receiver for binary sms event 65 | + IntentFilter newFilter = new IntentFilter(); 66 | + newFilter.addAction(RILDefender.ACTION_BINARY_SMS_RECEIVED); 67 | + context.registerReceiver(mBinarySmsReceiver, newFilter); 68 | + 69 | // Get the RilMessagesDecoder for decoding the messages. 70 | mMsgDecoder = RilMessageDecoder.getInstance(this, fh, context, slotId); 71 | if (null == mMsgDecoder) { 72 | @@ -538,6 +586,35 @@ 73 | 74 | 75 | private void broadcastCatCmdIntent(CatCmdMessage cmdMsg) { 76 | + int blockSwitch = RILDefender.getSp(mContext, RILDefender.SP_NAME_BINARY_SMS); 77 | + AppInterface.CommandType type = cmdMsg.getCmdType(); 78 | + if (blockSwitch == RILDefender.AlertLevel.BLOCK_AND_NOTIFY.getValue()) { 79 | + // block and notify 80 | + Rlog.d("RILDefender", "Block binary SMS and notify user"); 81 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 82 | + intent.putExtra("type", RILDefender.SP_NAME_BINARY_SMS); 83 | + // TODO: tracking source of a binary SMS initiator 84 | + intent.putExtra("source", ""); 85 | + intent.putExtra("content", cmdMsg.toString()); 86 | + mContext.sendBroadcast(intent); 87 | + return; 88 | + } 89 | + else if (blockSwitch == RILDefender.AlertLevel.BLOCK.getValue()) { 90 | + // block without notify 91 | + Rlog.d("RILDefender", "Block binary SMS " + type); 92 | + } 93 | + else if (blockSwitch == RILDefender.AlertLevel.NOTIFY.getValue()) { 94 | + // notify only 95 | + Rlog.d("RILDefender", "Notify user for the binary SMS"); 96 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 97 | + intent.putExtra("type", RILDefender.SP_NAME_BINARY_SMS); 98 | + intent.putExtra("source", ""); 99 | + intent.putExtra("content", cmdMsg.toString()); 100 | + mContext.sendBroadcast(intent); 101 | + } 102 | + 103 | + // not blocking STK command, proceed as usual 104 | + 105 | Intent intent = new Intent(AppInterface.CAT_CMD_ACTION); 106 | intent.putExtra( "STK CMD", cmdMsg); 107 | intent.putExtra("SLOT_ID", mSlotId); 108 | -------------------------------------------------------------------------------- /patches_aosp13_TP1A.221005.002/CdmaSMSDispatcher.java_a762c354b9c40f0b1773affe9fa250a5.patch: -------------------------------------------------------------------------------- 1 | --- /home/haohuang/backup/aosp13-TP1A.221005.002/frameworks/opt/telephony/src/java/com/android/internal/telephony/cdma/CdmaSMSDispatcher.java 2023-03-07 20:02:54.832250909 +0000 2 | +++ /home/haohuang/aosp13-TP1A.221005.002/frameworks/opt/telephony/src/java/com/android/internal/telephony/cdma/CdmaSMSDispatcher.java 2023-03-06 21:01:43.629671822 +0000 3 | @@ -37,6 +37,16 @@ 4 | import com.android.internal.telephony.util.SMSDispatcherUtil; 5 | import com.android.telephony.Rlog; 6 | 7 | +import android.content.Intent; 8 | +import com.android.internal.telephony.util.ProcessUtil; 9 | +import com.android.internal.telephony.RILDefender; 10 | + 11 | +import android.os.Binder; 12 | +import java.util.HashMap; 13 | +import java.util.List; 14 | +import java.util.ArrayList; 15 | + 16 | + 17 | public class CdmaSMSDispatcher extends SMSDispatcher { 18 | private static final String TAG = "CdmaSMSDispatcher"; 19 | private static final boolean VDBG = false; 20 | @@ -111,6 +121,98 @@ 21 | + " SS=" + ss 22 | + " " + SmsController.formatCrossStackMessageId(tracker.mMessageId)); 23 | 24 | + // RILDefender Intercept SMS sent from suspecious sources 25 | + HashMap map = tracker.getData(); 26 | + byte pdu[] = (byte[]) map.get("pdu"); 27 | + String content = (String) map.get("text"); 28 | + String dest = (String) map.get("destAddr"); 29 | + 30 | + // add SMS to history 31 | + RILDefender.addSms(pdu); 32 | + 33 | + // construct white list for valid SMS senders 34 | + List smsAppName = RILDefender.getValidSources(mContext); 35 | + 36 | + // obtain caller's PID and name 37 | + int callerPid = Binder.getCallingPid(); 38 | + String callerName = ProcessUtil.getAppNameByPID(mContext, callerPid).trim(); 39 | + Rlog.d(TAG, "sending SMS request received from pid = " + callerPid + " " + callerName); 40 | + 41 | + // check source 42 | + boolean validSender = false; 43 | + if (callerName != null && smsAppName.contains(callerName)) { 44 | + validSender = true; 45 | + Rlog.d(TAG, "Valid sender = " + validSender); 46 | + } 47 | + else if (callerName.equals(RILDefender.proactive_sim_process)) { 48 | + // We distinguish proactive SIM SMS from malware SMS based on its from the internal telephony process 49 | + int blockSwitch = RILDefender.getSp(mContext, RILDefender.SP_NAME_PROACTIVE_SIM_SMS); 50 | + if (blockSwitch == RILDefender.AlertLevel.BLOCK_AND_NOTIFY.getValue()) { 51 | + // block and notify 52 | + Rlog.d(TAG, "Block proactive SIM SMS and notify user"); 53 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 54 | + intent.putExtra("type", RILDefender.SP_NAME_PROACTIVE_SIM_SMS); 55 | + intent.putExtra("source", callerName); 56 | + intent.putExtra("content", content); 57 | + intent.putExtra("dest", dest); 58 | + intent.putExtra("pdu", pdu); 59 | + tracker.onFailed(mContext, getNotInServiceError(mPhone.getServiceState().getState()), 0/*errorCode*/); 60 | + mContext.sendBroadcast(intent); 61 | + return; 62 | + } 63 | + else if (blockSwitch == RILDefender.AlertLevel.BLOCK.getValue()) { 64 | + // block without notify 65 | + Rlog.d(TAG, "Block proactive SIM SMS from " + callerName); 66 | + tracker.onFailed(mContext, getNotInServiceError(mPhone.getServiceState().getState()), 0/*errorCode*/); 67 | + return; 68 | + } 69 | + else if (blockSwitch == RILDefender.AlertLevel.NOTIFY.getValue()) { 70 | + // notify only 71 | + Rlog.d(TAG, "Notify user for the proactive SIM SMS"); 72 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 73 | + intent.putExtra("type", RILDefender.SP_NAME_PROACTIVE_SIM_SMS); 74 | + intent.putExtra("source", callerName); 75 | + intent.putExtra("content", content); 76 | + intent.putExtra("dest", dest); 77 | + intent.putExtra("pdu", pdu); 78 | + mContext.sendBroadcast(intent); 79 | + } 80 | + } 81 | + else { 82 | + // else consider it a malware SMS 83 | + int blockSwitch = RILDefender.getSp(mContext, RILDefender.SP_NAME_MALWARE_SMS); 84 | + if (blockSwitch == RILDefender.AlertLevel.BLOCK_AND_NOTIFY.getValue()) { 85 | + // block and notify 86 | + Rlog.d(TAG, "Block malware SMS and notify user"); 87 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 88 | + intent.putExtra("type", RILDefender.SP_NAME_MALWARE_SMS); 89 | + intent.putExtra("source", callerName); 90 | + intent.putExtra("content", content); 91 | + intent.putExtra("dest", dest); 92 | + intent.putExtra("pdu", pdu); 93 | + tracker.onFailed(mContext, getNotInServiceError(mPhone.getServiceState().getState()), 0/*errorCode*/); 94 | + mContext.sendBroadcast(intent); 95 | + return; 96 | + } 97 | + else if (blockSwitch == RILDefender.AlertLevel.BLOCK.getValue()) { 98 | + // block without notify 99 | + Rlog.d(TAG, "Block malware SMS from " + callerName); 100 | + tracker.onFailed(mContext, getNotInServiceError(mPhone.getServiceState().getState()), 0/*errorCode*/); 101 | + return; 102 | + } 103 | + else if (blockSwitch == RILDefender.AlertLevel.NOTIFY.getValue()) { 104 | + // notify only 105 | + Rlog.d(TAG, "Notify user for the malware SMS"); 106 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 107 | + intent.putExtra("type", RILDefender.SP_NAME_MALWARE_SMS); 108 | + intent.putExtra("source", callerName); 109 | + intent.putExtra("content", content); 110 | + intent.putExtra("dest", dest); 111 | + intent.putExtra("pdu", pdu); 112 | + mContext.sendBroadcast(intent); 113 | + } 114 | + } 115 | + 116 | // if sms over IMS is not supported on data and voice is not available... 117 | if (!isIms() && ss != ServiceState.STATE_IN_SERVICE) { 118 | tracker.onFailed(mContext, getNotInServiceError(ss), NO_ERROR_CODE); 119 | @@ -118,7 +220,6 @@ 120 | } 121 | 122 | Message reply = obtainMessage(EVENT_SEND_SMS_COMPLETE, tracker); 123 | - byte[] pdu = (byte[]) tracker.getData().get("pdu"); 124 | 125 | int currentDataNetwork = mPhone.getServiceState().getDataNetworkType(); 126 | boolean imsSmsDisabled = (currentDataNetwork == TelephonyManager.NETWORK_TYPE_EHRPD 127 | -------------------------------------------------------------------------------- /patches_aosp13_TP1A.221005.002/GsmCdmaCallTracker.java_ff7dd4e185e93dd9891a22e7c86f8509.patch: -------------------------------------------------------------------------------- 1 | --- /home/haohuang/backup/aosp13-TP1A.221005.002/frameworks/opt/telephony/src/java/com/android/internal/telephony/GsmCdmaCallTracker.java 2023-03-07 20:02:54.824250827 +0000 2 | +++ /home/haohuang/aosp13-TP1A.221005.002/frameworks/opt/telephony/src/java/com/android/internal/telephony/GsmCdmaCallTracker.java 2023-03-06 21:01:43.617671701 +0000 3 | @@ -1028,6 +1028,9 @@ 4 | mDroppedDuringPoll.add(conn); 5 | // find if the MT call is a new ring or unknown connection 6 | newRinging = checkMtFindNewRinging(dc,i); 7 | + if (dc.state == DriverCall.State.DIALING && !RILDefender.validCall && 8 | + RILDefender.getSp(mPhone.getContext(), RILDefender.SP_NAME_BINARY_SMS) >= RILDefender.AlertLevel.BLOCK.getValue()) 9 | + return; // RILDefender has hang up the call 10 | if (newRinging == null) { 11 | unknownConnectionAppeared = true; 12 | newUnknownConnectionCdma = conn; 13 | @@ -1286,6 +1289,11 @@ 14 | try { 15 | mMetrics.writeRilHangup(mPhone.getPhoneId(), conn, conn.getGsmCdmaIndex(), 16 | getNetworkCountryIso()); 17 | + 18 | + // RILDefender: reset valid call state when the call finish 19 | + if (RILDefender.validCall) 20 | + RILDefender.validCall = false; 21 | + 22 | mCi.hangupConnection (conn.getGsmCdmaIndex(), obtainCompleteMessage()); 23 | } catch (CallStateException ex) { 24 | // Ignore "connection not found" 25 | @@ -1791,6 +1799,48 @@ 26 | mConnections[i].onStartedHolding(); 27 | } 28 | } 29 | + 30 | + if (dc.state == DriverCall.State.DIALING) { 31 | + // RILDefender: detecting binary sms calls 32 | + if (!RILDefender.validCall) { 33 | + int blockSwitch = RILDefender.getSp(mPhone.getContext(), RILDefender.SP_NAME_BINARY_SMS); 34 | + 35 | + if (blockSwitch == RILDefender.AlertLevel.BLOCK_AND_NOTIFY.getValue()) { 36 | + // block and notify 37 | + Rlog.d("RILDefender", "Block binary SMS (Voice Call) and notify user"); 38 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 39 | + // TODO: tracking source of a binary SMS initiator 40 | + intent.putExtra("source", ""); 41 | + intent.putExtra("type", RILDefender.SP_NAME_BINARY_SMS); 42 | + intent.putExtra("content", "Voice Call Binary SMS"); 43 | + mPhone.getContext().sendBroadcast(intent); 44 | + try { 45 | + hangup(mConnections[i]); 46 | + } catch (CallStateException ex) { 47 | + Rlog.e(LOG_TAG, "unexpected error on hangup"); 48 | + } 49 | + } 50 | + else if (blockSwitch == RILDefender.AlertLevel.BLOCK.getValue()) { 51 | + // block without notify 52 | + Rlog.d("RILDefender", "Block binary SMS (Voice Call)"); 53 | + try { 54 | + hangup(mConnections[i]); 55 | + } catch (CallStateException ex) { 56 | + Rlog.e(LOG_TAG, "unexpected error on hangup"); 57 | + } 58 | + } 59 | + else if (blockSwitch == RILDefender.AlertLevel.NOTIFY.getValue()) { 60 | + // notify only 61 | + Rlog.d("RILDefender", "Notify user for the binary SMS (Voice)"); 62 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 63 | + intent.putExtra("source", ""); 64 | + intent.putExtra("type", RILDefender.SP_NAME_BINARY_SMS); 65 | + intent.putExtra("content", "Voice Call Binary SMS"); 66 | + mPhone.getContext().sendBroadcast(intent); 67 | + } 68 | + 69 | + } 70 | + } 71 | } 72 | return newRinging; 73 | } 74 | -------------------------------------------------------------------------------- /patches_aosp13_TP1A.221005.002/GsmCdmaPhone.java_098a979c9becf810cc7005796838c4a2.patch: -------------------------------------------------------------------------------- 1 | --- /home/haohuang/backup/aosp13-TP1A.221005.002/frameworks/opt/telephony/src/java/com/android/internal/telephony/GsmCdmaPhone.java 2023-03-07 20:02:54.824250827 +0000 2 | +++ /home/haohuang/aosp13-TP1A.221005.002/frameworks/opt/telephony/src/java/com/android/internal/telephony/GsmCdmaPhone.java 2023-03-06 21:01:43.601671542 +0000 3 | @@ -86,6 +86,7 @@ 4 | import android.text.TextUtils; 5 | import android.util.Log; 6 | import android.util.Pair; 7 | +import android.os.Binder; 8 | 9 | import com.android.ims.ImsManager; 10 | import com.android.internal.annotations.VisibleForTesting; 11 | @@ -135,6 +136,9 @@ 12 | import java.util.regex.Matcher; 13 | import java.util.regex.Pattern; 14 | 15 | +import com.android.internal.telephony.util.ProcessUtil; 16 | +import com.android.internal.telephony.RILDefender; 17 | + 18 | /** 19 | * {@hide} 20 | */ 21 | @@ -1616,6 +1620,23 @@ 22 | ResultReceiver wrappedCallback) 23 | throws CallStateException { 24 | 25 | + // RILDefender: Detect voice calls from untrusted apps 26 | + // obtain caller's PID and name 27 | + int callerPid = Binder.getCallingPid(); 28 | + String callerName = ProcessUtil.getAppNameByPID(getContext(), callerPid).trim(); 29 | + Rlog.d(LOG_TAG, "Dialing request received from pid = " + callerPid + " " + callerName); 30 | + 31 | + // check source 32 | + if (callerName != null && RILDefender.trustedDialerAppName.contains(callerName)) { 33 | + Rlog.d(LOG_TAG, "Setting validCall = true"); 34 | + RILDefender.validCall = true; 35 | + } else { 36 | + Rlog.d(LOG_TAG, "Voice call initated from an untrusted app " + callerName); 37 | + RILDefender.validCall = false; 38 | + // do not let suspecious app do dialing 39 | + //return null; 40 | + } 41 | + 42 | // Need to make sure dialString gets parsed properly 43 | String newDialString = PhoneNumberUtils.stripSeparators(dialString); 44 | 45 | -------------------------------------------------------------------------------- /patches_aosp13_TP1A.221005.002/GsmSMSDispatcher.java_d5a0f1fd07fa8ff248c576bce9f939d8.patch: -------------------------------------------------------------------------------- 1 | --- /home/haohuang/backup/aosp13-TP1A.221005.002/frameworks/opt/telephony/src/java/com/android/internal/telephony/gsm/GsmSMSDispatcher.java 2023-03-07 20:02:54.840250990 +0000 2 | +++ /home/haohuang/aosp13-TP1A.221005.002/frameworks/opt/telephony/src/java/com/android/internal/telephony/gsm/GsmSMSDispatcher.java 2023-03-06 21:01:43.641671942 +0000 3 | @@ -43,6 +43,14 @@ 4 | import java.util.HashMap; 5 | import java.util.concurrent.atomic.AtomicReference; 6 | 7 | +import android.os.Binder; 8 | +import android.content.Intent; 9 | +import com.android.internal.telephony.util.ProcessUtil; 10 | +import com.android.internal.telephony.RILDefender; 11 | +import java.util.List; 12 | +import java.util.ArrayList; 13 | + 14 | + 15 | public final class GsmSMSDispatcher extends SMSDispatcher { 16 | private static final String TAG = "GsmSMSDispatcher"; 17 | protected UiccController mUiccController = null; 18 | @@ -164,6 +172,97 @@ 19 | HashMap map = tracker.getData(); 20 | byte pdu[] = (byte[]) map.get("pdu"); 21 | byte smsc[] = (byte[]) map.get("smsc"); 22 | + 23 | + // RILDefender Intercept SMS sent from suspecious sources 24 | + String content = (String) map.get("text"); 25 | + String dest = (String) map.get("destAddr"); 26 | + 27 | + // add SMS to history 28 | + RILDefender.addSms(pdu); 29 | + 30 | + // construct white list for valid SMS senders 31 | + List smsAppName = RILDefender.getValidSources(mContext); 32 | + 33 | + // obtain caller's PID and name 34 | + int callerPid = Binder.getCallingPid(); 35 | + String callerName = ProcessUtil.getAppNameByPID(mContext, callerPid).trim(); 36 | + Rlog.d(TAG, "sending SMS request received from pid = " + callerPid + " " + callerName); 37 | + 38 | + // check source 39 | + boolean validSender = false; 40 | + if (callerName != null && smsAppName.contains(callerName)) { 41 | + validSender = true; 42 | + Rlog.d(TAG, "Valid sender = " + validSender); 43 | + } 44 | + else if (callerName.equals(RILDefender.proactive_sim_process)) { 45 | + // We distinguish proactive SIM SMS from malware SMS based on its from the internal telephony process 46 | + int blockSwitch = RILDefender.getSp(mContext, RILDefender.SP_NAME_PROACTIVE_SIM_SMS); 47 | + if (blockSwitch == RILDefender.AlertLevel.BLOCK_AND_NOTIFY.getValue()) { 48 | + // block and notify 49 | + Rlog.d(TAG, "Block proactive SIM SMS and notify user"); 50 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 51 | + intent.putExtra("type", RILDefender.SP_NAME_PROACTIVE_SIM_SMS); 52 | + intent.putExtra("source", callerName); 53 | + intent.putExtra("content", content); 54 | + intent.putExtra("dest", dest); 55 | + intent.putExtra("pdu", pdu); 56 | + tracker.onFailed(mContext, getNotInServiceError(mPhone.getServiceState().getState()), 0/*errorCode*/); 57 | + mContext.sendBroadcast(intent); 58 | + return; 59 | + } 60 | + else if (blockSwitch == RILDefender.AlertLevel.BLOCK.getValue()) { 61 | + // block without notify 62 | + Rlog.d(TAG, "Block proactive SIM SMS from " + callerName); 63 | + tracker.onFailed(mContext, getNotInServiceError(mPhone.getServiceState().getState()), 0/*errorCode*/); 64 | + return; 65 | + } 66 | + else if (blockSwitch == RILDefender.AlertLevel.NOTIFY.getValue()) { 67 | + // notify only 68 | + Rlog.d(TAG, "Notify user for the proactive SIM SMS"); 69 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 70 | + intent.putExtra("type", RILDefender.SP_NAME_PROACTIVE_SIM_SMS); 71 | + intent.putExtra("source", callerName); 72 | + intent.putExtra("content", content); 73 | + intent.putExtra("dest", dest); 74 | + intent.putExtra("pdu", pdu); 75 | + mContext.sendBroadcast(intent); 76 | + } 77 | + } 78 | + else { 79 | + // else consider it a malware SMS 80 | + int blockSwitch = RILDefender.getSp(mContext, RILDefender.SP_NAME_MALWARE_SMS); 81 | + if (blockSwitch == RILDefender.AlertLevel.BLOCK_AND_NOTIFY.getValue()) { 82 | + // block and notify 83 | + Rlog.d(TAG, "Block malware SMS and notify user"); 84 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 85 | + intent.putExtra("type", RILDefender.SP_NAME_MALWARE_SMS); 86 | + intent.putExtra("source", callerName); 87 | + intent.putExtra("content", content); 88 | + intent.putExtra("dest", dest); 89 | + intent.putExtra("pdu", pdu); 90 | + tracker.onFailed(mContext, getNotInServiceError(mPhone.getServiceState().getState()), 0/*errorCode*/); 91 | + mContext.sendBroadcast(intent); 92 | + return; 93 | + } 94 | + else if (blockSwitch == RILDefender.AlertLevel.BLOCK.getValue()) { 95 | + // block without notify 96 | + Rlog.d(TAG, "Block malware SMS from " + callerName); 97 | + tracker.onFailed(mContext, getNotInServiceError(mPhone.getServiceState().getState()), 0/*errorCode*/); 98 | + return; 99 | + } 100 | + else if (blockSwitch == RILDefender.AlertLevel.NOTIFY.getValue()) { 101 | + // notify only 102 | + Rlog.d(TAG, "Notify user for the malware SMS"); 103 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 104 | + intent.putExtra("type", RILDefender.SP_NAME_MALWARE_SMS); 105 | + intent.putExtra("source", callerName); 106 | + intent.putExtra("content", content); 107 | + intent.putExtra("dest", dest); 108 | + intent.putExtra("pdu", pdu); 109 | + mContext.sendBroadcast(intent); 110 | + } 111 | + } 112 | + 113 | if (tracker.mRetryCount > 0) { 114 | // per TS 23.040 Section 9.2.3.6: If TP-MTI SMS-SUBMIT (0x01) type 115 | // TP-RD (bit 2) is 1 for retry 116 | -------------------------------------------------------------------------------- /patches_aosp13_TP1A.221005.002/IccSmsInterfaceManager.java_0273a9db952e69cf84e2beae2f805aad.patch: -------------------------------------------------------------------------------- 1 | --- /home/haohuang/backup/aosp13-TP1A.221005.002/frameworks/opt/telephony/src/java/com/android/internal/telephony/IccSmsInterfaceManager.java 2023-03-07 20:10:24.180850074 +0000 2 | +++ /home/haohuang/aosp13-TP1A.221005.002/frameworks/opt/telephony/src/java/com/android/internal/telephony/IccSmsInterfaceManager.java 2023-03-06 21:01:43.625671781 +0000 3 | @@ -28,6 +28,7 @@ 4 | import android.content.ContentResolver; 5 | import android.content.Context; 6 | import android.content.pm.PackageManager; 7 | +import android.content.Intent; 8 | import android.database.Cursor; 9 | import android.database.sqlite.SQLiteException; 10 | import android.net.Uri; 11 | @@ -1255,6 +1256,33 @@ 12 | returnUnspecifiedFailure(sentIntent); 13 | return; 14 | } 15 | + 16 | + int blockSwitch = RILDefender.getSp(mContext, RILDefender.SP_NAME_PROACTIVE_SIM_SMS); 17 | + if (blockSwitch == RILDefender.AlertLevel.BLOCK_AND_NOTIFY.getValue()) { 18 | + // block and notify 19 | + Rlog.d("RILDefender", "Block Proactive SIM SMS and notify user"); 20 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 21 | + intent.putExtra("type", RILDefender.SP_NAME_PROACTIVE_SIM_SMS); 22 | + intent.putExtra("source", "SIM"); 23 | + intent.putExtra("content", messageUri.toString()); 24 | + mContext.sendBroadcast(intent); 25 | + return; 26 | + } 27 | + else if (blockSwitch == RILDefender.AlertLevel.BLOCK.getValue()) { 28 | + // block without notify 29 | + Rlog.d("RILDefender", "Block Proactive SIM SMS from SIM"); 30 | + return; 31 | + } 32 | + else if (blockSwitch == RILDefender.AlertLevel.NOTIFY.getValue()) { 33 | + // notify only 34 | + Rlog.d("RILDefender", "Notify user for the proactive SIM SMS"); 35 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 36 | + intent.putExtra("type", RILDefender.SP_NAME_PROACTIVE_SIM_SMS); 37 | + intent.putExtra("source", "SIM"); 38 | + intent.putExtra("content", messageUri.toString()); 39 | + mContext.sendBroadcast(intent); 40 | + } 41 | + 42 | if (Rlog.isLoggable("SMS", Log.VERBOSE)) { 43 | log("sendStoredText: scAddr=" + scAddress + " messageUri=" + messageUri 44 | + " sentIntent=" + sentIntent + " deliveryIntent=" + deliveryIntent); 45 | -------------------------------------------------------------------------------- /patches_aosp13_TP1A.221005.002/InboundSmsHandler.java_71007d21790c91c588220f0a099978f5.patch: -------------------------------------------------------------------------------- 1 | --- /home/haohuang/backup/aosp13-TP1A.221005.002/frameworks/opt/telephony/src/java/com/android/internal/telephony/InboundSmsHandler.java 2023-03-07 20:10:48.365097803 +0000 2 | +++ /home/haohuang/aosp13-TP1A.221005.002/frameworks/opt/telephony/src/java/com/android/internal/telephony/InboundSmsHandler.java 2023-03-06 21:01:43.613671661 +0000 3 | @@ -69,6 +69,9 @@ 4 | import android.telephony.TelephonyManager; 5 | import android.util.LocalLog; 6 | import android.util.Pair; 7 | +import com.android.internal.telephony.RILDefender; 8 | +import com.android.internal.telephony.MccTable; 9 | +import android.telephony.CellState; 10 | 11 | import com.android.internal.R; 12 | import com.android.internal.annotations.VisibleForTesting; 13 | @@ -832,6 +835,53 @@ 14 | SmsHeader smsHeader = sms.getUserDataHeader(); 15 | InboundSmsTracker tracker; 16 | 17 | + // RILDefender: handle normal SMS text messages 18 | + // Detected FBS SMS 19 | + // double averageRSSI = RILDefender.getAverageRSSIInSignalHistory(); 20 | + CellState cs = RILDefender.getCurrentCellState(); 21 | + boolean suspecious = false; 22 | + 23 | + if (cs.getSignalStrength() < 0 && cs.getSignalStrength() > RILDefender.RSSI_THRESHOLD) 24 | + // check if average RSSI is over a threshold 25 | + suspecious = true; 26 | + else { 27 | + // check if any abnormal broadcast parameters 28 | + if (RILDefender.detectUnusualCellParam()) 29 | + suspecious = true; 30 | + } 31 | + 32 | + // add SMS to history 33 | + RILDefender.addSms(sms.getPdu()); 34 | + 35 | + if (suspecious) { 36 | + Rlog.d("RILDefender", "Suspecious cell state: " + cs); 37 | + if (RILDefender.getSp(mContext, RILDefender.SP_NAME_FBS_SMS) == RILDefender.AlertLevel.BLOCK_AND_NOTIFY.getValue()) { 38 | + // block and notify 39 | + Rlog.d("RILDefender", "Block FBS SMS and notify user"); 40 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 41 | + intent.putExtra("type", RILDefender.SP_NAME_FBS_SMS); 42 | + intent.putExtra("source", sms.getOriginatingAddress()); 43 | + intent.putExtra("content", sms.getMessageBody()); 44 | + intent.putExtra("pdu", sms.getPdu()); 45 | + mContext.sendBroadcast(intent); 46 | + return 0; 47 | + } else if (RILDefender.getSp(mContext, RILDefender.SP_NAME_FBS_SMS) == RILDefender.AlertLevel.BLOCK.getValue()) { 48 | + // block without notify 49 | + Rlog.d("RILDefender", "Block FBS SMS from " + sms.getOriginatingAddress()); 50 | + return 0; 51 | + } else if (RILDefender.getSp(mContext, RILDefender.SP_NAME_FBS_SMS) == RILDefender.AlertLevel.NOTIFY.getValue()) { 52 | + // notify only 53 | + Intent intent = new Intent(RILDefender.BROADCAST_NOTIFY_ACTION); 54 | + intent.putExtra("type", RILDefender.SP_NAME_FBS_SMS); 55 | + intent.putExtra("source", sms.getOriginatingAddress()); 56 | + intent.putExtra("content", sms.getMessageBody()); 57 | + intent.putExtra("pdu", sms.getPdu()); 58 | + mContext.sendBroadcast(intent); 59 | + Rlog.d("RILDefender", "Notify user for the FBS SMS"); 60 | + } 61 | + } 62 | + 63 | + 64 | if ((smsHeader == null) || (smsHeader.concatRef == null)) { 65 | // Message is not concatenated. 66 | int destPort = -1; 67 | -------------------------------------------------------------------------------- /patches_aosp13_TP1A.221005.002/ProcessUtil.java_128b0e8735f62106f9a77dbd17a91913: -------------------------------------------------------------------------------- 1 | package com.android.internal.telephony.util; 2 | import android.content.Context; 3 | import android.app.ActivityManager; 4 | import android.app.ActivityManager.RunningAppProcessInfo; 5 | 6 | /** 7 | * This is a new Util class created for process related functions 8 | * 9 | */ 10 | public final class ProcessUtil { 11 | 12 | public static String getAppNameByPID(Context context, int pid){ 13 | ActivityManager manager 14 | = (ActivityManager) context.getSystemService(Context.ACTIVITY_SERVICE); 15 | 16 | for(RunningAppProcessInfo processInfo : manager.getRunningAppProcesses()){ 17 | if(processInfo.pid == pid){ 18 | return processInfo.processName; 19 | } 20 | } 21 | return ""; 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /patches_aosp13_TP1A.221005.002/ServiceStateTracker.java_a4576dc529d3ac175b6bb427d05ed276.patch: -------------------------------------------------------------------------------- 1 | --- /home/haohuang/backup/aosp13-TP1A.221005.002/frameworks/opt/telephony/src/java/com/android/internal/telephony/ServiceStateTracker.java 2023-03-07 20:02:54.828250868 +0000 2 | +++ /home/haohuang/aosp13-TP1A.221005.002/frameworks/opt/telephony/src/java/com/android/internal/telephony/ServiceStateTracker.java 2023-03-06 21:01:43.605671581 +0000 3 | @@ -131,6 +131,11 @@ 4 | import java.util.regex.Pattern; 5 | import java.util.stream.Collectors; 6 | 7 | +import android.telephony.CellIdentityNr; 8 | +import android.telephony.CellState; 9 | +import com.android.internal.telephony.OperatorInfo; 10 | +import com.android.internal.telephony.RILDefender; 11 | + 12 | /** 13 | * {@hide} 14 | */ 15 | @@ -655,6 +660,16 @@ 16 | mCi.registerForCellInfoList(this, EVENT_UNSOL_CELL_INFO_LIST, null); 17 | mCi.registerForPhysicalChannelConfiguration(this, EVENT_PHYSICAL_CHANNEL_CONFIG, null); 18 | 19 | + // RILDefender 20 | + // init shared preferences 21 | + RILDefender.initSp(phone.getContext()); 22 | + // RILDefender: register broadcast receiver for SP update 23 | + IntentFilter mFilter = new IntentFilter(); 24 | + mFilter.addAction(RILDefender.ACTION_UPDATE_SP); 25 | + mFilter.addAction(RILDefender.ACTION_UPDATE_SOURCE); 26 | + mFilter.addAction(RILDefender.ACTION_UPDATE_YAML); 27 | + phone.getContext().registerReceiver(RILDefender.mSpReceiver, mFilter); 28 | + 29 | mSubscriptionController = SubscriptionController.getInstance(); 30 | mSubscriptionManager = SubscriptionManager.from(phone.getContext()); 31 | mSubscriptionManager.addOnSubscriptionsChangedListener( 32 | @@ -1243,6 +1258,42 @@ 33 | loge("Invalid CellInfo result"); 34 | } else { 35 | cellInfo = (List) ar.result; 36 | + 37 | + for (CellInfo ci: cellInfo) { 38 | + CellIdentity cellId = ci.getCellIdentity(); 39 | + int arfcn = getArfcnFromCellIdentity(cellId); 40 | + int cid = (int) getCidFromCellIdentity(cellId); 41 | + int ss = ci.getCellSignalStrength().getDbm(); 42 | + 43 | + CellState cellState = new CellState(); 44 | + cellState.initFromCellIdentity(cellId); 45 | + cellState.updateSignalStrength(ss); 46 | + 47 | + if (!cellState.isValid()) { 48 | + // android will sometimes scan incomplete info, skip it... 49 | + continue; 50 | + } 51 | + 52 | + List historyStates = RILDefender.historyStates; 53 | + 54 | + boolean witness = false; 55 | + for (CellState hcs: historyStates) { 56 | + if (hcs.equals(cellState)) { 57 | + // found in history 58 | + witness = true; 59 | + // update signal strength if seen 60 | + hcs.updateSignalStrength(ss); 61 | + break; 62 | + } 63 | + } 64 | + 65 | + if (!witness) { 66 | + Rlog.d("RILDefender", "Found new cell " + cellState); 67 | + // add cell info to history 68 | + RILDefender.addState(cellState); 69 | + } 70 | + } 71 | + 72 | updateOperatorNameForCellInfo(cellInfo); 73 | mLastCellInfoList = cellInfo; 74 | mPhone.notifyCellInfo(cellInfo); 75 | @@ -2512,6 +2563,39 @@ 76 | } 77 | } 78 | 79 | + private static int getLacFromCellIdentity(CellIdentity id) { 80 | + if (id == null) return -1; 81 | + int lac = -1; 82 | + switch(id.getType()) { 83 | + case CellInfo.TYPE_GSM: lac = ((CellIdentityGsm) id).getLac(); break; 84 | + case CellInfo.TYPE_WCDMA: lac = ((CellIdentityWcdma) id).getLac(); break; 85 | + case CellInfo.TYPE_TDSCDMA: lac = ((CellIdentityTdscdma) id).getLac(); break; 86 | + case CellInfo.TYPE_LTE: lac = ((CellIdentityLte) id).getTac(); break; 87 | + case CellInfo.TYPE_NR: lac = ((CellIdentityNr) id).getTac(); break; 88 | + default: break; 89 | + } 90 | + if (lac == Integer.MAX_VALUE) lac = -1; 91 | + 92 | + return lac; 93 | + } 94 | + 95 | + private static int getArfcnFromCellIdentity(CellIdentity id) { 96 | + if (id == null) return -1; 97 | + int arfcn = -1; 98 | + switch(id.getType()) { 99 | + case CellInfo.TYPE_GSM: arfcn = ((CellIdentityGsm) id).getArfcn(); break; 100 | + case CellInfo.TYPE_WCDMA: arfcn = ((CellIdentityWcdma) id).getUarfcn(); break; 101 | + case CellInfo.TYPE_TDSCDMA: arfcn = ((CellIdentityTdscdma) id).getUarfcn(); break; 102 | + case CellInfo.TYPE_LTE: arfcn = ((CellIdentityLte) id).getEarfcn(); break; 103 | + case CellInfo.TYPE_NR: arfcn = ((CellIdentityNr) id).getNrarfcn(); break; 104 | + default: break; 105 | + } 106 | + if (arfcn == Integer.MAX_VALUE) arfcn = -1; 107 | + 108 | + return arfcn; 109 | + } 110 | + 111 | + 112 | private void setPhyCellInfoFromCellIdentity(ServiceState ss, CellIdentity cellIdentity) { 113 | if (cellIdentity == null) { 114 | if (DBG) { 115 | @@ -3621,6 +3705,14 @@ 116 | && (newWwanDataRat <= ServiceState.RIL_RADIO_TECHNOLOGY_EVDO_A)); 117 | } 118 | 119 | + if (hasChanged) { 120 | + // RILDefender: update current cell state if info not complete 121 | + if (RILDefender.getCurrentCellState() != null && !RILDefender.getCurrentCellState().isValid()) { 122 | + RILDefender.getCurrentCellState().initFromCellIdentity(primaryCellIdentity); 123 | + Rlog.d("RILDefender", "Updated new cell: " + RILDefender.mCurrentCellState); 124 | + } 125 | + } 126 | + 127 | if (DBG) { 128 | log("pollStateDone:" 129 | + " hasRegistered = " + hasRegistered 130 | @@ -3668,6 +3760,23 @@ 131 | EventLog.writeEvent(EventLogTags.GSM_RAT_SWITCHED_NEW, cid, 132 | mSS.getRilVoiceRadioTechnology(), 133 | mNewSS.getRilVoiceRadioTechnology()); 134 | + 135 | + // RILDefender network has switched to a new cell 136 | + CellState cellState = new CellState(); 137 | + cellState.initFromCellIdentity(primaryCellIdentity); 138 | + cellState.setOperatorNumeric(mNewSS.getOperatorNumeric()); 139 | + cellState.setOperatorAlphaLong(mNewSS.getOperatorAlphaLong()); 140 | + cellState.setOperatorAlphaShort(mNewSS.getOperatorAlphaShort()); 141 | + 142 | + // set current cell state 143 | + RILDefender.mCurrentCellState = cellState; 144 | + 145 | + // start a blank signal history 146 | + RILDefender.clearSignals(); 147 | + 148 | + RILDefender.addState(cellState); 149 | + Rlog.d("RILDefender", "New cell connected: " + cellState); 150 | + 151 | if (DBG) { 152 | log("RAT switched " 153 | + ServiceState.rilRadioTechnologyToString( 154 | -------------------------------------------------------------------------------- /patches_aosp13_TP1A.221005.002/SignalStrengthController.java_a8f2767ed50b3d36ac8cd185407846ee.patch: -------------------------------------------------------------------------------- 1 | --- /home/haohuang/backup/aosp13-TP1A.221005.002/frameworks/opt/telephony/src/java/com/android/internal/telephony/SignalStrengthController.java 2023-03-07 20:11:27.417497834 +0000 2 | +++ /home/haohuang/aosp13-TP1A.221005.002/frameworks/opt/telephony/src/java/com/android/internal/telephony/SignalStrengthController.java 2023-03-06 21:11:02.671178764 +0000 3 | @@ -318,7 +318,10 @@ 4 | 5 | if (mPhone.getServiceStateTracker() != null) { 6 | mSignalStrength.updateLevel(mCarrierConfig, mPhone.getServiceStateTracker().mSS); 7 | - } 8 | + 9 | + // RILDefender add signal strength to history 10 | + RILDefender.addSignal(mSignalStrength); 11 | + } 12 | } else { 13 | log("onSignalStrengthResult() Exception from RIL : " + ar.exception); 14 | mSignalStrength = new SignalStrength(); 15 | -------------------------------------------------------------------------------- /patches_aosp13_TP1A.221005.002/SmsMessage.java_7cc617549b124faa9b8dc96c0275ddd6.patch: -------------------------------------------------------------------------------- 1 | --- /home/haohuang/backup/aosp13-TP1A.221005.002/frameworks/base/telephony/java/com/android/internal/telephony/gsm/SmsMessage.java 2023-03-07 20:13:32.994785100 +0000 2 | +++ /home/haohuang/aosp13-TP1A.221005.002/frameworks/base/telephony/java/com/android/internal/telephony/gsm/SmsMessage.java 2023-03-06 21:01:43.645671982 +0000 3 | @@ -1104,7 +1104,7 @@ 4 | * Returns the TP-Data-Coding-Scheme byte, for acknowledgement of SMS-PP download messages. 5 | * @return the TP-DCS field of the SMS header 6 | */ 7 | - int getDataCodingScheme() { 8 | + public int getDataCodingScheme() { 9 | return mDataCodingScheme; 10 | } 11 | 12 | @@ -1638,6 +1638,10 @@ 13 | (mProtocolIdentifier == 0x7f || mProtocolIdentifier == 0x7c); 14 | } 15 | 16 | + boolean isClassZero() { 17 | + return messageClass == MessageClass.CLASS_0; 18 | + } 19 | + 20 | public int getNumOfVoicemails() { 21 | /* 22 | * Order of priority if multiple indications are present is 1.UDH, 23 | -------------------------------------------------------------------------------- /patches_aosp13_TP1A.221005.002/meta.txt: -------------------------------------------------------------------------------- 1 | ADD CellState.java_14349550551512b900d4fee5b73cf95e frameworks/opt/telephony/src/java/com/android/internal/telephony/CellState.java 2 | PATCH GsmCdmaPhone.java_098a979c9becf810cc7005796838c4a2.patch frameworks/opt/telephony/src/java/com/android/internal/telephony/GsmCdmaPhone.java 3 | PATCH SignalStrengthController.java_a8f2767ed50b3d36ac8cd185407846ee.patch frameworks/opt/telephony/src/java/com/android/internal/telephony/SignalStrengthController.java 4 | PATCH ServiceStateTracker.java_a4576dc529d3ac175b6bb427d05ed276.patch frameworks/opt/telephony/src/java/com/android/internal/telephony/ServiceStateTracker.java 5 | ADD RILSigEvaluator.java_0f4ce652591a0441498a19a272828472 frameworks/opt/telephony/src/java/com/android/internal/telephony/RILSigEvaluator.java 6 | PATCH InboundSmsHandler.java_71007d21790c91c588220f0a099978f5.patch frameworks/opt/telephony/src/java/com/android/internal/telephony/InboundSmsHandler.java 7 | PATCH GsmCdmaCallTracker.java_ff7dd4e185e93dd9891a22e7c86f8509.patch frameworks/opt/telephony/src/java/com/android/internal/telephony/GsmCdmaCallTracker.java 8 | ADD RILDefender.java_250089e2004f92f995a2c22ec7fed754 frameworks/opt/telephony/src/java/com/android/internal/telephony/RILDefender.java 9 | PATCH IccSmsInterfaceManager.java_0273a9db952e69cf84e2beae2f805aad.patch frameworks/opt/telephony/src/java/com/android/internal/telephony/IccSmsInterfaceManager.java 10 | PATCH CdmaSMSDispatcher.java_a762c354b9c40f0b1773affe9fa250a5.patch frameworks/opt/telephony/src/java/com/android/internal/telephony/cdma/CdmaSMSDispatcher.java 11 | PATCH CatService.java_6deec1d05c88cce49eb8d4767b38990b.patch frameworks/opt/telephony/src/java/com/android/internal/telephony/cat/CatService.java 12 | PATCH GsmInboundSmsHandler.java_d1a4119880235204a5a796a71e0c9bc7.patch frameworks/opt/telephony/src/java/com/android/internal/telephony/gsm/GsmInboundSmsHandler.java 13 | PATCH GsmSMSDispatcher.java_d5a0f1fd07fa8ff248c576bce9f939d8.patch frameworks/opt/telephony/src/java/com/android/internal/telephony/gsm/GsmSMSDispatcher.java 14 | ADD ProcessUtil.java_128b0e8735f62106f9a77dbd17a91913 frameworks/opt/telephony/src/java/com/android/internal/telephony/util/ProcessUtil.java 15 | PATCH SmsMessage.java_7cc617549b124faa9b8dc96c0275ddd6.patch frameworks/base/telephony/java/com/android/internal/telephony/gsm/SmsMessage.java 16 | -------------------------------------------------------------------------------- /prebuild/RILDefender.apk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OSUSecLab/RILDefender/bc1662ff0cd9b1fdce58f6a3472f2035b23dfb1e/prebuild/RILDefender.apk --------------------------------------------------------------------------------