feat(phone_focus_mode): enable curfew per-UID network allow-list; build companion button

Flip CURFEW_NET_ENABLED to 1 after proving it on-device: under curfew the
FOCUS_CURFEW_NET chain allows night-whitelist UIDs (mBank reachable) +
root/system/shell + DNS and REJECTs the rest of the app UID range; clean
teardown on curfew-off.

Companion 'Suspend curfew' button built (Unity-bundled SDK) and verified:
the action toggles the curfew_override file (suspend / re-arm).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Krzysztof kuhy Rudnicki 2026-06-13 16:58:49 +02:00
parent d67e872a0d
commit 565eaf8d4e
2 changed files with 9 additions and 4 deletions

View File

@ -44,9 +44,14 @@
"evidence": "deploy.sh restarted the stack (daemon PID 31404, curfew_enforcer PID 31396). curfew-test-on: org.mozilla.fenix + com.discord + com.facebook.orca became disabled; pl.mbank + com.google.android.inputmethod.latin + com.google.android.apps.maps stayed enabled; daltonizer_enabled=1, zen_mode=3 (alarms-only). curfew-test-off: all three re-enabled (reconcile), daltonizer_enabled=0, zen_mode=0. Device returned to clean daytime state." "evidence": "deploy.sh restarted the stack (daemon PID 31404, curfew_enforcer PID 31396). curfew-test-on: org.mozilla.fenix + com.discord + com.facebook.orca became disabled; pl.mbank + com.google.android.inputmethod.latin + com.google.android.apps.maps stayed enabled; daltonizer_enabled=1, zen_mode=3 (alarms-only). curfew-test-off: all three re-enabled (reconcile), daltonizer_enabled=0, zen_mode=0. Device returned to clean daytime state."
}, },
{ {
"command": "Companion APK rebuild (new Suspend-curfew button) ; pre-commit", "command": "Companion APK build + button toggle (built with the Unity-bundled Android SDK)",
"result": "pending", "result": "pass",
"evidence": "APK rebuild needs the Android SDK, absent on this PC; deploy.sh now warns and keeps the prior APK instead of aborting, so the curfew core still deployed. The button code is on-device-decision-tested; build/install of the new APK is deferred until the SDK is present. pre-commit run at commit time." "evidence": "build.sh produced focus_status.apk (16.8 KB) via the Unity SDK (build-tools 36.0.0); deploy installed it. CurfewToggleReceiver is registered (dumpsys). Firing the action as root toggled /data/local/tmp/focus_mode/curfew_override: tap1 -> present (suspended), tap2 -> absent (re-armed). A shell-uid broadcast is correctly denied (receiver exported=false); the real notification tap fires as the app's own uid."
},
{
"command": "Per-UID internet allow-list (CURFEW_NET_ENABLED=1) live on device",
"result": "pass",
"evidence": "Under curfew the FOCUS_CURFEW_NET chain is built: loopback + ESTABLISHED + uid 0/1000/2000 + DNS 53 ACCEPT, an ACCEPT per night-whitelist UID (mBank 10242, Maps 10198 present), then REJECT for uid 10000-19999. mBank (whitelisted) reachable to 1.1.1.1:443 through the chain; device stays online. curfew-test-off removes the chain and OUTPUT jump cleanly. A clean functional negative is not obtainable on-device (non-whitelisted apps are disabled; synthetic UIDs lack inet/SELinux context), so the REJECT is evidenced by the deterministic chain structure rather than a live drop."
} }
], ],
"risks": [ "risks": [

View File

@ -91,7 +91,7 @@ export CURFEW_DND_ENABLED=1
# unattended at 23:00. When on, only $NIGHT_WHITELIST app UIDs (plus # unattended at 23:00. When on, only $NIGHT_WHITELIST app UIDs (plus
# root/system/shell + DNS) get network; every other app is cut off. It is also # root/system/shell + DNS) get network; every other app is cut off. It is also
# largely redundant with the app-disable layer, so leaving it off is safe. # largely redundant with the app-disable layer, so leaving it off is safe.
export CURFEW_NET_ENABLED=0 export CURFEW_NET_ENABLED=1
export CURFEW_NET_IPT_CHAIN="FOCUS_CURFEW_NET" export CURFEW_NET_IPT_CHAIN="FOCUS_CURFEW_NET"
# Manual test toggle: `focus_ctl.sh curfew-test-on` writes this file to force # Manual test toggle: `focus_ctl.sh curfew-test-on` writes this file to force
# curfew ACTIVE regardless of clock, so the whole stack can be validated during # curfew ACTIVE regardless of clock, so the whole stack can be validated during