search

celzero / rethink-app

DNS over HTTPS / DNS over Tor / DNSCrypt client, WireGuard proxifier, firewall, and connection tracker for Android.
https://rethinkfirewall.com/
Apache License 2.0
2.99k stars 152 forks source link

App crashes when activating it as an Always-on VPN on Shelter's work profile #626

Closed pmartiner closed 1 year ago

pmartiner commented 2 years ago

Hi!

Description

After updating to version v0.5.3k, Rethink crashes (it doesn't even open) on my work profile (created by Shelter) whenever it's enabled as an (always-on) VPN. This, however, does not happen on version v0.5.3j, where the work profile always-on VPN works as expected.

(On both versions Rethink works as expected on my main profile.

Device

Pixel 4, Android 13

Steps to reproduce

Prerequisites:

Steps to reproduce:

Logs

type: crash
osVersion: google/flame/flame:13/TP1A.221005.002/2022102800:user/release-keys
package: com.celzero.bravedns:22
process: com.celzero.bravedns

java.lang.IllegalArgumentException: User 10 is not the current user.
 at android.os.Parcel.createExceptionOrNull(Parcel.java:3025)
 at android.os.Parcel.createException(Parcel.java:3005)
 at android.os.Parcel.readException(Parcel.java:2981)
 at android.os.Parcel.readException(Parcel.java:2923)
 at com.android.internal.statusbar.IStatusBarService$Stub$Proxy.requestTileServiceListeningState(IStatusBarService.java:2363)
 at android.app.StatusBarManager.requestTileServiceListeningState(StatusBarManager.java:883)
 at android.service.quicksettings.TileService.requestListeningState(TileService.java:503)
 at com.celzero.bravedns.service.BraveVPNService.updateQuickSettingsTile(BraveVPNService.kt:1364)
 at com.celzero.bravedns.service.BraveVPNService.access$updateQuickSettingsTile(BraveVPNService.kt:88)
 at com.celzero.bravedns.service.BraveVPNService$onStartCommand$1.invokeSuspend(BraveVPNService.kt:1130)
 at com.celzero.bravedns.service.BraveVPNService$onStartCommand$1.invoke(Unknown Source:8)
 at com.celzero.bravedns.service.BraveVPNService$onStartCommand$1.invoke(Unknown Source:2)
 at com.celzero.bravedns.service.BraveVPNService$ui$1$1.invokeSuspend(BraveVPNService.kt:1779)
 at com.celzero.bravedns.service.BraveVPNService$ui$1$1.invoke(Unknown Source:8)
 at com.celzero.bravedns.service.BraveVPNService$ui$1$1.invoke(Unknown Source:4)
 at kotlinx.coroutines.intrinsics.UndispatchedKt.startUndispatchedOrReturn(Undispatched.kt:89)
 at kotlinx.coroutines.BuildersKt__Builders_commonKt.withContext(Builders.common.kt:169)
 at kotlinx.coroutines.BuildersKt.withContext(Unknown Source:1)
 at com.celzero.bravedns.service.BraveVPNService$ui$1.invokeSuspend(BraveVPNService.kt:1778)
 at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
 at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106)
 at android.os.Handler.handleCallback(Handler.java:942)
 at android.os.Handler.dispatchMessage(Handler.java:99)
 at android.os.Looper.loopOnce(Looper.java:201)
 at android.os.Looper.loop(Looper.java:288)
 at android.app.ActivityThread.main(ActivityThread.java:7904)
 at java.lang.reflect.Method.invoke(Native Method)
 at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:548)
 at com.android.internal.os.ExecInit.main(ExecInit.java:49)
 at com.android.internal.os.RuntimeInit.nativeFinishInit(Native Method)
 at com.android.internal.os.RuntimeInit.main(RuntimeInit.java:355)
 Suppressed: kotlinx.coroutines.DiagnosticCoroutineContextException: [StandaloneCoroutine{Cancelling}@7976e65, Dispatchers.Main]
Caused by: android.os.RemoteException: Remote stack trace:
 at com.android.server.statusbar.StatusBarManagerService.requestTileServiceListeningState(StatusBarManagerService.java:1814)
 at com.android.internal.statusbar.IStatusBarService$Stub.onTransact(IStatusBarService.java:1241)
 at android.os.Binder.execTransactInternal(Binder.java:1302)
 at android.os.Binder.execTransact(Binder.java:1265)
ignoramous commented 2 years ago

I could never get Shelter running on my Android to test this. I've got multiple reports of v053L not working but no one provided the logcat output. And so, many thanks for that. (:

We'll take a look at this on priority. Note though, we don't really test for Work Profiles (as we don't "support" it, yet) so expect it to break again... but: expect us to fix it if precise bugreports come in, too.

ignoramous commented 2 years ago

Also, it could be that this error happens on Android 13 only, due to whatever new restrictions they may have imposed... No clue. Will take a look at this bug the first thing tomorrow.

pmartiner commented 2 years ago

thank you very much :) if i can help with anything else, please let me know!

An-dz commented 1 year ago

Let me add more information, I have the same problem but I'm on Android 10 and none of my VPNs are set to Always-on.

So it's not Android version specific and Always-on is also not the problem.

And don't insist on trying to run RethinkDNS, it crashed my Android and part of my user profile had to be reset to work, Android fixed automatically but I lost some settings.

And it's not only the work profile instance that crashes, if you try to open it on the main profile it also crashes, you don't even need to open it on the work profile, if it's installed there Rethink on the main profile will crash too. And it does not even need to be Rethink, if you install DNS66 on the work profile it crashes. It does not even need to be running, I stopped it on my main profile, cloned in the work profile and now it won't open. Two instances of DNS66 work fine though so it's something specific with RethinkDNS.

ignoramous commented 1 year ago

@An-dz thanks. Do you know how to fetch logcat logs? If so, can you share the relevant bits from it here?

An-dz commented 1 year ago

@ignoramous Here's the part of the log with the parts I guess are important. It looks like instead of creating a copy Rethink re-installs itself.

rethink.log

An-dz commented 1 year ago

Well, I tried some extra options and ways of installing and completely broke Rethink, and I guess my whole phone. I could no longer configure a blocklist, it would go to a black screen and after some seconds it would get back to the DNS settings screen showing 0 selected blocklists. Uninstalling Rethink, deleting the work profile and uninstalling Shelter had no effect, it broke for good.

I re-flashed Android since I needed to upgrade to Android 12 anyway. Unfortunately I won't be able to test any further as I can't risk breaking my only phone.

ignoramous commented 1 year ago

Bummer. Thanks for trying though. I am mostly surprised an app can break an entire OS like that. It is probably Shelter and not Rethink that's wreaking havoc (I've had it do such to my Android device once, which is why I have long ceased using it).

An-dz commented 1 year ago

Yeah, I highly believe so too. I tried using Shelter, and Insular, before in the past and always had bugs as well. Maybe it's not all their fault, but the way profiles work on Android. And in this case considering they share the network, trying to set multiple VPN connections on top of the same connection does sound like a great way to break things.

An-dz commented 1 year ago

While I was on F-droid I found this app called InviZible, and under setting -> common settings there's an option enabled by default called Multi-user support with a description explaining that it adds support for Island, Shelter and work profile. Maybe you can check with them what they've done.

ignoramous commented 1 year ago

Must handle IllegalArgumentException in:

https://github.com/celzero/rethink-app/blob/0543666a3130247ae757cdea3a273b3674fe0d5a/app/src/main/java/com/celzero/bravedns/service/BraveVPNService.kt#L1480

@An-dz Thanks. It seems like InviZible doesn't do much other than detect presence of root and grant itself interact-across-users permission (which isn't available to installed apps, otherwise) (code).

ignoramous commented 1 year ago

v053l has been released on the (website | github) (expect F-Droid and Play to follow in the coming week provided it passes the app review) which fixes the crash reported here.

Note: We don't test multi-profile ourselves, but if the app still breaks, please feel free to open another bug (or reopen this one, as you see fit).

Thanks everybody for crash logs and inputs. Appreciate it.

pmartiner commented 1 year ago

@ignoramous unfortunately i'm still having the same issue with v53l:

type: crash
osVersion: google/flame/flame:13/TP1A.221005.002/2022120800:user/release-keys
package: com.celzero.bravedns:23
process: com.celzero.bravedns
processUptime: 317 + 416 ms

java.lang.IllegalArgumentException: User 10 is not the current user.
    at android.os.Parcel.createExceptionOrNull(Parcel.java:3025)
    at android.os.Parcel.createException(Parcel.java:3005)
    at android.os.Parcel.readException(Parcel.java:2981)
    at android.os.Parcel.readException(Parcel.java:2923)
    at com.android.internal.statusbar.IStatusBarService$Stub$Proxy.requestTileServiceListeningState(IStatusBarService.java:2363)
    at android.app.StatusBarManager.requestTileServiceListeningState(StatusBarManager.java:883)
    at android.service.quicksettings.TileService.requestListeningState(TileService.java:503)
    at com.celzero.bravedns.service.BraveVPNService.updateQuickSettingsTile(BraveVPNService.kt:1481)
    at com.celzero.bravedns.service.BraveVPNService.access$updateQuickSettingsTile(BraveVPNService.kt:89)
    at com.celzero.bravedns.service.BraveVPNService$onStartCommand$1.invokeSuspend(BraveVPNService.kt:1253)
    at com.celzero.bravedns.service.BraveVPNService$onStartCommand$1.invoke(Unknown Source:8)
    at com.celzero.bravedns.service.BraveVPNService$onStartCommand$1.invoke(Unknown Source:2)
    at com.celzero.bravedns.service.BraveVPNService$ui$1$1.invokeSuspend(BraveVPNService.kt:1923)
    at com.celzero.bravedns.service.BraveVPNService$ui$1$1.invoke(Unknown Source:8)
    at com.celzero.bravedns.service.BraveVPNService$ui$1$1.invoke(Unknown Source:4)
    at kotlinx.coroutines.intrinsics.UndispatchedKt.startUndispatchedOrReturn(Undispatched.kt:89)
    at kotlinx.coroutines.BuildersKt__Builders_commonKt.withContext(Builders.common.kt:169)
    at kotlinx.coroutines.BuildersKt.withContext(Unknown Source:1)
    at com.celzero.bravedns.service.BraveVPNService$ui$1.invokeSuspend(BraveVPNService.kt:1923)
    at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
    at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106)
    at android.os.Handler.handleCallback(Handler.java:942)
    at android.os.Handler.dispatchMessage(Handler.java:99)
    at android.os.Looper.loopOnce(Looper.java:201)
    at android.os.Looper.loop(Looper.java:288)
    at android.app.ActivityThread.main(ActivityThread.java:7878)
    at java.lang.reflect.Method.invoke(Native Method)
    at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:548)
    at com.android.internal.os.ExecInit.main(ExecInit.java:49)
    at com.android.internal.os.RuntimeInit.nativeFinishInit(Native Method)
    at com.android.internal.os.RuntimeInit.main(RuntimeInit.java:355)
    Suppressed: kotlinx.coroutines.DiagnosticCoroutineContextException: [StandaloneCoroutine{Cancelling}@1e34a22, Dispatchers.Main]

should we open the issue again? how else can i help? thanks!

ignoramous commented 1 year ago

The issue won't go away (since Rethink needs root access to function across user/profile boundaries) but app shouldn't crash. Is the app (version v053l) crashing for you? If so, we should reopen this bug.

pmartiner commented 1 year ago

@ignoramous yup, still crashing :(

ignoramous commented 1 year ago

Argh, so the err is we catch IllegalStateException and not IllegalArgumentException.

https://github.com/celzero/rethink-app/blob/2653757ad85acfb537ae880c90496449984347c0/app/src/main/java/com/celzero/bravedns/service/BraveVPNService.kt#L1487

See also: https://github.com/Jigsaw-Code/Intra/commit/c0230afdd3b5de4257706ecb533e56eccc02cc93

cc: @Uldiniad

ignoramous commented 1 year ago

Curiously, similar crash sent to me, but it has user 150...

12-12 23:04:56.950 15010418 14545 14545 E AndroidRuntime: FATAL EXCEPTION: main 
12-12 23:04:56.950 15010418 14545 14545 E AndroidRuntime: Process: com.celzero.bravedns, PID: 14545
12-12 23:04:56.950 15010418 14545 14545 E AndroidRuntime: java.lang.IllegalArgumentException: User 150 is not the current user.
12-12 23:04:56.950 15010418 14545 14545 E AndroidRuntime: >-at android.os.Parcel.createExceptionOrNull(Parcel.java:3027)
12-12 23:04:56.950 15010418 14545 14545 E AndroidRuntime: >-at android.os.Parcel.createException(Parcel.java:3007)
12-12 23:04:56.950 15010418 14545 14545 E AndroidRuntime: >-at android.os.Parcel.readException(Parcel.java:2990)
12-12 23:04:56.950 15010418 14545 14545 E AndroidRuntime: >-at android.os.Parcel.readException(Parcel.java:2932)
12-12 23:04:56.950 15010418 14545 14545 E AndroidRuntime: >-at com.android.internal.statusbar.IStatusBarService$Stub$Proxy.requestTileServiceListeningState(IStatusBarService.java:2856)
12-12 23:04:56.950 15010418 14545 14545 E AndroidRuntime: >-at android.app.StatusBarManager.requestTileServiceListeningState(StatusBarManager.java:995)
12-12 23:04:56.950 15010418 14545 14545 E AndroidRuntime: >-at android.service.quicksettings.TileService.requestListeningState(TileService.java:810)
12-12 23:04:56.950 15010418 14545 14545 E AndroidRuntime: >-at com.celzero.bravedns.service.BraveVPNService.updateQuickSettingsTile(BraveVPNService.kt:1481)
12-12 23:04:56.950 15010418 14545 14545 E AndroidRuntime: >-at com.celzero.bravedns.service.BraveVPNService.access$updateQuickSettingsTile(BraveVPNService.kt:89)
12-12 23:04:56.950 15010418 14545 14545 E AndroidRuntime: >-at com.celzero.bravedns.service.BraveVPNService$onStartCommand$1.invokeSuspend(BraveVPNService.kt:1253)
12-12 23:04:56.950 15010418 14545 14545 E AndroidRuntime: >-at com.celzero.bravedns.service.BraveVPNService$onStartCommand$1.invoke(Unknown Source:8)
12-12 23:04:56.950 15010418 14545 14545 E AndroidRuntime: >-at com.celzero.bravedns.service.BraveVPNService$onStartCommand$1.invoke(Unknown Source:2)
12-12 23:04:56.950 15010418 14545 14545 E AndroidRuntime: >-at com.celzero.bravedns.service.BraveVPNService$ui$1$1.invokeSuspend(BraveVPNService.kt:1923)
12-12 23:04:56.950 15010418 14545 14545 E AndroidRuntime: >-at com.celzero.bravedns.service.BraveVPNService$ui$1$1.invoke(Unknown Source:8)
12-12 23:04:56.950 15010418 14545 14545 E AndroidRuntime: >-at com.celzero.bravedns.service.BraveVPNService$ui$1$1.invoke(Unknown Source:4)
12-12 23:04:56.950 15010418 14545 14545 E AndroidRuntime: >-at kotlinx.coroutines.intrinsics.UndispatchedKt.startUndispatchedOrReturn(Undispatched.kt:89)
12-12 23:04:56.950 15010418 14545 14545 E AndroidRuntime: >-at kotlinx.coroutines.BuildersKt__Builders_commonKt.withContext(Builders.common.kt:169)
12-12 23:04:56.950 15010418 14545 14545 E AndroidRuntime: >-at kotlinx.coroutines.BuildersKt.withContext(Unknown Source:1)
12-12 23:04:56.950 15010418 14545 14545 E AndroidRuntime: >-at com.celzero.bravedns.service.BraveVPNService$ui$1.invokeSuspend(BraveVPNService.kt:1923)
12-12 23:04:56.950 15010418 14545 14545 E AndroidRuntime: >-at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
12-12 23:04:56.950 15010418 14545 14545 E AndroidRuntime: >-at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106)
12-12 23:04:56.950 15010418 14545 14545 E AndroidRuntime: >-at android.os.Handler.handleCallback(Handler.java:942)
12-12 23:04:56.950 15010418 14545 14545 E AndroidRuntime: >-at android.os.Handler.dispatchMessage(Handler.java:99)
12-12 23:04:56.950 15010418 14545 14545 E AndroidRuntime: >-at android.os.Looper.loopOnce(Looper.java:226)
12-12 23:04:56.950 15010418 14545 14545 E AndroidRuntime: >-at android.os.Looper.loop(Looper.java:313)
12-12 23:04:56.950 15010418 14545 14545 E AndroidRuntime: >-at android.app.ActivityThread.main(ActivityThread.java:8741)
12-12 23:04:56.950 15010418 14545 14545 E AndroidRuntime: >-at java.lang.reflect.Method.invoke(Native Method)
12-12 23:04:56.950 15010418 14545 14545 E AndroidRuntime: >-at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:571)
12-12 23:04:56.950 15010418 14545 14545 E AndroidRuntime: >-at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1067)
12-12 23:04:56.950 15010418 14545 14545 E AndroidRuntime: >-Suppressed: kotlinx.coroutines.DiagnosticCoroutineContextException: [StandaloneCoroutine{Cancelling}@35ba403, Dispatchers.Main]
12-12 23:04:56.950 15010418 14545 14545 E AndroidRuntime: Caused by: android.os.RemoteException: Remote stack trace:
12-12 23:04:56.950 15010418 14545 14545 E AndroidRuntime: >-at com.android.server.statusbar.StatusBarManagerService.requestTileServiceListeningState(StatusBarManagerService.java:2653)
12-12 23:04:56.950 15010418 14545 14545 E AndroidRuntime: >-at com.android.internal.statusbar.IStatusBarService$Stub.onTransact(IStatusBarService.java:1461)
12-12 23:04:56.950 15010418 14545 14545 E AndroidRuntime: >-at android.os.Binder.execTransactInternal(Binder.java:1316)
12-12 23:04:56.950 15010418 14545 14545 E AndroidRuntime: >-at android.os.Binder.execTransact(Binder.java:1280)
ignoramous commented 1 year ago

Take 2: Fixed this bug in v053n (released today on the website; play-store and f-droid flavours pending reviews). Can someone on this thread check and report back? Thanks.

Note: backup and restore from any of the previous version on to this version won't work, but an upgrade will ... should ... carry over and migrate the database just fine).

pmartiner commented 1 year ago

@ignoramous i'll test it and let you know :)

pmartiner commented 1 year ago

@ignoramous so far everything's working great on my phone (pixel 7 with grapheneos) with shelter :)

missingcharacter commented 1 year ago

@ignoramous works on my phone: Pixel 6pro stock android 13, updated to Jan 5, 2023 I use island to manage my work profile

ignoramous commented 1 year ago

Thanks @pmartiner and @missingcharacter. The bug fix here was simply handle an exception and do nothing about it (ie ignore it)...

I'm curious as to what you folks see in the "Apps" screen and in the "Network logs"?

missingcharacter commented 1 year ago

@ignoramous I will give answer these questions, just be aware, I just installed rethinkDNS today I came from netguard, because the developer is thinking about not updating it anymore

anyways, it is a mere coincidence I installed the app the same day you found solution to the problem I had.

all of this to say: take my opinions with a grain of salt since I've not that familiar with the app and I am not a long time user

anyways, be right back with answers

missingcharacter commented 1 year ago
Do apps appear with the right names?

Yes, as far as I can tell

Does it pollute or interfere in anyway with Rethink running in the usual Primary user (non Work Profile)?

it does not, when I first encountered this issue I planned on turning USB debugging on my phone and run pm grant com.celzero.bravedns android.permission.INTERACT_ACROSS_USERS, I may still try later

What happens when you tap on the Rethink Quick Tile when Rethink is running in the Work Profile?

I seem to only get a quick tile for the main profile rethink, I don't see one for the work profile's rethink

Are you able to run Rethink in both Work Profile and the Primary user without issues?

as far as I can tell, yes

ignoramous commented 1 year ago

Thanks for the confirmation. Resolving...