Merge branch 'release/5.233.0'

Author: github-actions[bot]

.github/workflows/privacy.yml

@@ -2,9 +2,16 @@ name: Privacy Tests
 
 on:
   pull_request:
-    types: [ labeled ]
+    types:
+      - opened
+      - synchronize
+      - reopened
+    paths:
+      - 'node_modules/@duckduckgo/content-scope-scripts/**'
+
   schedule:
     - cron: '0 3 * * *' # run at 3 AM UTC
+
   workflow_dispatch:
 
 concurrency:
@@ -13,7 +20,7 @@ concurrency:
 
 jobs:
   privacy_tests:
-    if: ${{ contains(github.event.pull_request.labels.*.name, 'content scope scripts') || github.event.schedule == '0 3 * * *' || github.event_name == 'workflow_dispatch' }}
+    if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' || github.event_name == 'pull_request' }}
     name: Privacy Tests
     runs-on: ubuntu-latest
 

anvil/anvil-annotations/src/main/java/com/duckduckgo/anvil/annotations/ContributesRemoteFeature.kt

@@ -58,9 +58,6 @@ annotation class ContributesRemoteFeature(
     @Deprecated("Not needed anymore. Settings is now supported in top-level and sub-features and Toggle#getSettings returns it")
     val settingsStore: KClass<*> = Unit::class,
 
-    /** The class that implements the [FeatureExceptions.Store] interface */
-    val exceptionsStore: KClass<*> = Unit::class,
-
     /** The class that implements the [Toggle.Store] interface */
     val toggleStore: KClass<*> = Unit::class,
 )

anvil/anvil-compiler/src/main/java/com/duckduckgo/anvil/compiler/ContributesRemoteFeatureCodeGenerator.kt

@@ -152,27 +152,6 @@ class ContributesRemoteFeatureCodeGenerator : CodeGenerator {
                                     .build(),
                             )
                         }
-                        if (!customStorePresence.exceptionStorePresent) {
-                            addFunction(
-                                FunSpec.builder("providesNoopExceptionsStore")
-                                    .addAnnotation(Provides::class.asClassName())
-                                    .addAnnotation(
-                                        AnnotationSpec.builder(RemoteFeatureStoreNamed::class.asClassName())
-                                            .addMember("value = %T::class", boundType.asClassName())
-                                            .build(),
-                                    )
-                                    .addCode(
-                                        CodeBlock.of(
-                                            """
-                                                return %T.EMPTY_STORE
-                                            """.trimIndent(),
-                                            FeatureExceptions::class.asClassName(),
-                                        ),
-                                    )
-                                    .returns(FeatureExceptions.Store::class.asClassName())
-                                    .build(),
-                            )
-                        }
                         addFunction(
                             FunSpec.builder("provides${boundType.shortName}Inventory")
                                 .addAnnotation(Provides::class.asClassName())
@@ -264,20 +243,6 @@ class ContributesRemoteFeatureCodeGenerator : CodeGenerator {
                     .primaryConstructor(
                         FunSpec.constructorBuilder()
                             .addAnnotation(AnnotationSpec.builder(Inject::class).build())
-                            .addParameter(
-                                ParameterSpec
-                                    .builder(
-                                        "exceptionStore",
-                                        FeatureExceptions.Store::class,
-                                    )
-                                    .addAnnotation(
-                                        AnnotationSpec
-                                            .builder(RemoteFeatureStoreNamed::class).addMember("value = %T::class", boundType.asClassName())
-                                            .build(),
-
-                                    )
-                                    .build(),
-                            )
                             .addParameter(
                                 ParameterSpec
                                     .builder(
@@ -298,16 +263,6 @@ class ContributesRemoteFeatureCodeGenerator : CodeGenerator {
                             .addParameter("context", context.asClassName(module))
                             .build(),
                     )
-                    .addProperty(
-                        PropertySpec
-                            .builder(
-                                "exceptionStore",
-                                FeatureExceptions.Store::class,
-                                KModifier.PRIVATE,
-                            )
-                            .initializer("exceptionStore")
-                            .build(),
-                    )
                     .addProperty(
                         PropertySpec
                             .builder(
@@ -400,18 +355,6 @@ class ContributesRemoteFeatureCodeGenerator : CodeGenerator {
                             .returns(FeatureSettings.Store::class.java.asClassName())
                             .build(),
                     )
-                    .addFunction(
-                        FunSpec.builder("bindOptionalExceptionsStore")
-                            .addModifiers(KModifier.ABSTRACT)
-                            .addAnnotation(BindsOptionalOf::class.asClassName())
-                            .addAnnotation(
-                                AnnotationSpec.builder(RemoteFeatureStoreNamed::class.asClassName())
-                                    .addMember("value = %T::class", boundType.asClassName())
-                                    .build(),
-                            )
-                            .returns(FeatureExceptions.Store::class.java.asClassName())
-                            .build(),
-                    )
                     .build(),
             )
         }
@@ -487,8 +430,6 @@ class ContributesRemoteFeatureCodeGenerator : CodeGenerator {
                     }
         
                     val exceptions = parseExceptions(feature.exceptions)
-                    // TODO: Remove once migrating everything to getExceptions()
-                    exceptionStore.insertAll(exceptions)
         
                     val isEnabled = (feature.state == "enabled") || (appBuildConfig.flavor == %T && feature.state == "internal")
                     this.feature.get().invokeMethod("self").setRawStoredState(
@@ -656,11 +597,11 @@ class ContributesRemoteFeatureCodeGenerator : CodeGenerator {
                             }
                             return featureExceptions.toList()
                         """.trimIndent(),
-                        FeatureExceptions.FeatureException::class.fqName.asClassName(module),
-                        FeatureExceptions.FeatureException::class.fqName.asClassName(module),
+                        FeatureException::class.fqName.asClassName(module),
+                        FeatureException::class.fqName.asClassName(module),
                     ).build(),
             )
-            .returns(List::class.asClassName().parameterizedBy(FeatureExceptions.FeatureException::class.asClassName()))
+            .returns(List::class.asClassName().parameterizedBy(FeatureException::class.asClassName()))
             .build()
     }
 
@@ -1025,7 +966,6 @@ class ContributesRemoteFeatureCodeGenerator : CodeGenerator {
             }
         }
 
-        var exceptionStore = false
         var settingsStore = false
         var toggleStore = false
 
@@ -1080,20 +1020,6 @@ class ContributesRemoteFeatureCodeGenerator : CodeGenerator {
                 requireFeatureAndStoreCrossReference(vmClass, this)
             }
         }
-        with(annotation.exceptionsStoreOrNull()) {
-            exceptionStore = this != null
-            if (this != null) {
-                if (this.directSuperTypeReferences()
-                    .none { it.asClassReferenceOrNull()?.fqName == FeatureExceptions.Store::class.fqName }
-                ) {
-                    throw AnvilCompilationException(
-                        "${vmClass.fqName} [exceptionsStore] must extend [FeatureExceptions.Store]",
-                        element = vmClass.clazz.identifyingElement,
-                    )
-                }
-                requireFeatureAndStoreCrossReference(vmClass, this)
-            }
-        }
         with(annotation.toggleStoreOrNull()) {
             toggleStore = this != null
             if (this != null) {
@@ -1152,30 +1078,33 @@ class ContributesRemoteFeatureCodeGenerator : CodeGenerator {
         }
 
         return CustomStorePresence(
-            exceptionStorePresent = exceptionStore,
             toggleStorePresent = toggleStore,
             settingsStorePresent = settingsStore,
         )
     }
 
+    private enum class ContributesRemoteFeatureValues {
+        SCOPE,
+        BOUND_TYPE,
+        FEATURE_NAME,
+        SETTINGS_STORE,
+        TOGGLE_STORE,
+    }
+
     private fun AnnotationReference.remoteFeatureStoreValueOrNull(): ClassReference? {
-        return argumentAt("value", 0)?.value()
+        return argumentAt("value", ContributesRemoteFeatureValues.SCOPE.ordinal)?.value()
     }
 
     private fun AnnotationReference.featureNameOrNull(): String? {
-        return argumentAt("featureName", 2)?.value()
+        return argumentAt("featureName", ContributesRemoteFeatureValues.FEATURE_NAME.ordinal)?.value()
     }
 
     private fun AnnotationReference.settingsStoreOrNull(): ClassReference? {
-        return argumentAt("settingsStore", 3)?.value()
-    }
-
-    private fun AnnotationReference.exceptionsStoreOrNull(): ClassReference? {
-        return argumentAt("exceptionsStore", 4)?.value()
+        return argumentAt("settingsStore", ContributesRemoteFeatureValues.SETTINGS_STORE.ordinal)?.value()
     }
 
     private fun AnnotationReference.toggleStoreOrNull(): ClassReference? {
-        return argumentAt("toggleStore", 5)?.value()
+        return argumentAt("toggleStore", ContributesRemoteFeatureValues.TOGGLE_STORE.ordinal)?.value()
     }
 
     private fun ClassReference.declaredFunctions(): List<MemberFunctionReference> {
@@ -1208,6 +1137,5 @@ class ContributesRemoteFeatureCodeGenerator : CodeGenerator {
 
 private data class CustomStorePresence(
     val settingsStorePresent: Boolean = false,
-    val exceptionStorePresent: Boolean = false,
     val toggleStorePresent: Boolean = false,
 )

app-tracking-protection/vpn-impl/src/main/java/com/duckduckgo/mobile/android/vpn/blocklist/AppTrackerListUpdateWorker.kt

@@ -73,12 +73,7 @@ class AppTrackerListUpdateWorker(context: Context, workerParameters: WorkerParam
                     vpnDatabase.vpnAppTrackerBlockingDao().getTrackerBlocklistMetadata()?.eTag
                 val updatedEtag = blocklist.etag.value
 
-                if (updatedEtag == currentEtag) {
-                    logcat { "Downloaded blocklist has same eTag, noop" }
-                    return Result.success()
-                }
-
-                logcat { "Updating the app tracker blocklist, eTag: ${blocklist.etag.value}" }
+                logcat { "Updating the app tracker blocklist, previous/new eTag: $currentEtag / $updatedEtag" }
 
                 vpnDatabase
                     .vpnAppTrackerBlockingDao()

app-tracking-protection/vpn-impl/src/main/java/com/duckduckgo/mobile/android/vpn/feature/settings/ExceptionListsSettingStore.kt

@@ -50,9 +50,7 @@ class ExceptionListsSettingStore @Inject constructor(
     override fun store(jsonString: String) {
         logcat { "Received configuration: $jsonString" }
         runCatching {
-            jsonAdapter.fromJson(jsonString)?.let { model ->
-
-                val exceptionLists = model.exceptionLists
+            jsonAdapter.fromJson(jsonString)?.exceptionLists?.let { exceptionLists ->
 
                 val appTrackerExceptionRuleList = exceptionLists.appTrackerAllowList.map { appTrackerAllowRule ->
                     AppTrackerExceptionRule(
@@ -78,7 +76,7 @@ class ExceptionListsSettingStore @Inject constructor(
     }
 
     private data class JsonConfigModel(
-        val exceptionLists: JsonExceptionListsModel,
+        val exceptionLists: JsonExceptionListsModel?,
     )
 
     private data class JsonExceptionListsModel(

app-tracking-protection/vpn-impl/src/main/java/com/duckduckgo/mobile/android/vpn/integration/NgVpnNetworkStack.kt

@@ -234,9 +234,15 @@ class NgVpnNetworkStack @Inject constructor(
 
             tunnelThread = Thread {
                 logcat { "Running tunnel in context $jniContext" }
-                vpnNetwork.run(jniContext, tunfd)
-                logcat(LogPriority.WARN) { "Tunnel exited" }
-                tunnelThread = null
+                try {
+                    vpnNetwork.run(jniContext, tunfd)
+                } catch (t: Throwable) {
+                    logcat(LogPriority.ERROR) { "Tunnel thread crashed: ${t.asLog()}" }
+                    deviceShieldPixels.reportTunnelThreadAbnormalCrash()
+                } finally {
+                    tunnelThread = null
+                    logcat(LogPriority.WARN) { "Tunnel exited" }
+                }
             }.also { it.start() }
 
             logcat { "Started tunnel thread" }

app-tracking-protection/vpn-impl/src/main/java/com/duckduckgo/mobile/android/vpn/pixels/DeviceShieldPixelNames.kt

@@ -212,6 +212,9 @@ enum class DeviceShieldPixelNames(override val pixelName: String, val enqueue: B
     ATP_REPORT_TUNNEL_THREAD_STOP_TIMEOUT("m_atp_ev_apptp_tunnel_thread_stop_timeout_c", enqueue = true),
     ATP_REPORT_TUNNEL_THREAD_STOP_TIMEOUT_DAILY("m_atp_ev_apptp_tunnel_thread_stop_timeout_d", enqueue = true),
 
+    ATP_REPORT_TUNNEL_THREAD_STOP_CRASH("m_atp_ev_apptp_tunnel_thread_crash_c", enqueue = true),
+    ATP_REPORT_TUNNEL_THREAD_CRASH_DAILY("m_atp_ev_apptp_tunnel_thread_crash_d", enqueue = true),
+
     REPORT_VPN_ALWAYS_ON_TRIGGERED("m_vpn_ev_always_on_triggered_c"),
     REPORT_VPN_ALWAYS_ON_TRIGGERED_DAILY("m_vpn_ev_always_on_triggered_d"),
 

app-tracking-protection/vpn-impl/src/main/java/com/duckduckgo/mobile/android/vpn/pixels/DeviceShieldPixels.kt

@@ -364,6 +364,8 @@ interface DeviceShieldPixels {
 
     fun reportTunnelThreadStopTimeout()
 
+    fun reportTunnelThreadAbnormalCrash()
+
     fun reportVpnAlwaysOnTriggered()
 
     fun notifyStartFailed()
@@ -883,6 +885,11 @@ class RealDeviceShieldPixels @Inject constructor(
         firePixel(DeviceShieldPixelNames.ATP_REPORT_TUNNEL_THREAD_STOP_TIMEOUT)
     }
 
+    override fun reportTunnelThreadAbnormalCrash() {
+        tryToFireDailyPixel(DeviceShieldPixelNames.ATP_REPORT_TUNNEL_THREAD_CRASH_DAILY)
+        firePixel(DeviceShieldPixelNames.ATP_REPORT_TUNNEL_THREAD_STOP_CRASH)
+    }
+
     override fun reportVpnAlwaysOnTriggered() {
         tryToFireDailyPixel(DeviceShieldPixelNames.REPORT_VPN_ALWAYS_ON_TRIGGERED_DAILY)
         firePixel(DeviceShieldPixelNames.REPORT_VPN_ALWAYS_ON_TRIGGERED)

app-tracking-protection/vpn-impl/src/main/java/com/duckduckgo/mobile/android/vpn/service/TrackerBlockingVpnService.kt

@@ -75,6 +75,7 @@ import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.MainScope
 import kotlinx.coroutines.asCoroutineDispatcher
 import kotlinx.coroutines.async
+import kotlinx.coroutines.delay
 import kotlinx.coroutines.launch
 import kotlinx.coroutines.runBlocking
 import kotlinx.coroutines.withContext
@@ -83,6 +84,8 @@ import logcat.LogPriority.WARN
 import logcat.asLog
 import logcat.logcat
 
+private const val DDG_VPN_SESSION = "DuckDuckGo"
+
 @InjectWith(
     scope = VpnScope::class,
     delayGeneration = true,
@@ -237,6 +240,10 @@ class TrackerBlockingVpnService : VpnService(), CoroutineScope by MainScope(), V
                 if (notifyVpnStart()) {
                     synchronized(this) {
                         launch(serviceDispatcher) {
+                            // Give Android a moment to complete foreground transition
+                            // You might think this is a hack (and it kind of is)
+                            // but it’s a workaround to avoid early establish() binding failures
+                            delay(100)
                             async {
                                 startVpn(intent.alwaysOnTriggered())
                             }.await()
@@ -422,16 +429,33 @@ class TrackerBlockingVpnService : VpnService(), CoroutineScope by MainScope(), V
         return runCatching {
             Builder().run {
                 allowFamily(AF_INET6)
-                addAddress(InetAddress.getByName("10.0.100.100"), 32)
-                addAddress(InetAddress.getByName("fd00:1:fd00:1:fd00:1:fd00:1"), 128)
+                try {
+                    addAddress(InetAddress.getByName("10.0.100.100"), 32)
+                } catch (e: Exception) {
+                    throw IllegalStateException("Failed to add IPv4 address 10.0.100.100/32", e)
+                }
+                try {
+                    addAddress(InetAddress.getByName("fd00::1"), 128)
+                } catch (e: Exception) {
+                    throw IllegalStateException("Failed to add IPv6 address fd00::1/128", e)
+                }
                 // nobody will be listening here we just want to make sure no app has connection
-                addDnsServer("10.0.100.1")
+                try {
+                    addDnsServer("10.0.100.1")
+                } catch (e: Exception) {
+                    throw IllegalStateException("Failed to add DNS server 10.0.100.1", e)
+                }
                 // just so that we can connect to our BE
                 // TODO should we protect all comms with our controller BE? other VPNs do that
                 safelyAddDisallowedApps(listOf(this@TrackerBlockingVpnService.packageName))
                 setBlocking(true)
+                setSession(DDG_VPN_SESSION)
                 setMtu(1280)
-                prepare(this@TrackerBlockingVpnService)
+                try {
+                    prepare(this@TrackerBlockingVpnService)
+                } catch (e: Exception) {
+                    throw IllegalStateException("VPN service not prepared", e)
+                }
                 establish()
             }.also {
                 logcat { "VPN log: Hole TUN created ${it?.fd}" }
@@ -506,6 +530,9 @@ class TrackerBlockingVpnService : VpnService(), CoroutineScope by MainScope(), V
             }
 
             setBlocking(true)
+            // optional in docs but apparently some OEMs may expect to have a session
+            setSession(DDG_VPN_SESSION)
+
             // Cap the max MTU value to avoid backpressure issues in the socket
             // This is effectively capping the max segment size too
             setMtu(tunnelConfig.mtu)

app-tracking-protection/vpn-impl/src/test/java/com/duckduckgo/mobile/android/vpn/feature/settings/ExceptionListsSettingStoreTest.kt

@@ -96,6 +96,12 @@ class ExceptionListsSettingStoreTest {
 
     @Test
     fun whenEmptyJsonStoreNothing() {
+        exceptionListsSettingStore.store("{}")
+        verifyNoInteractions(mockVpnDatabase)
+    }
+
+    @Test
+    fun whenInvalidJsonStoreNothingAndDoNotCrash() {
         exceptionListsSettingStore.store("")
         verifyNoInteractions(mockVpnDatabase)
     }