"Block any app not in use" turns itself off after a phone reboot

celzero / rethink-app

DNS over HTTPS / DNS over Tor / DNSCrypt client, WireGuard proxifier, firewall, and connection tracker for Android.

https://rethinkfirewall.com/

Apache License 2.0

2.88k stars 147 forks source link

"Block any app not in use" turns itself off after a phone reboot #968

Open d07434b2c08f opened 1 year ago

d07434b2c08f commented 1 year ago

I have four universal rules enabled:

Block any app not in use
Block when source app is unknown
Block when DNS is bypassed
Block newly installed apps by default

When I reboot my phone (Pixel 7 Pro, Android 13), Rethink will start up automatically just fine, but the not-in-use universal rule will be disabled, leaving the other three rules enabled. This doesn't happen every time I reboot, but does happen most of the time, and seems random.

ignoramous commented 1 year ago

Rethink may have turned the setting off because its Accessibility permission (which is used to track the active/top window) is removed by the OS? This should ideally result in a notification sent by Rethink informing the user to re-grant the permission, but I guess, in your case, you don't see any such notifications?

When you turn the setting back ON, does it ask you to re-grant / grant Accessibility permission or does it turn back ON as-is?

d07434b2c08f commented 1 year ago

I think this may be the issue:

08-13 02:17:27.382 D AccessibilityManagerService: Ignoring non-encryption-aware service ComponentInfo{com.celzero.bravedns/com.celzero.bravedns.util.BackgroundAccessibilityService}
08-13 02:17:38.111 W VpnLifecycle: accessibility service not functional, disable bg-block

Since as far as I can tell the accessibility permission is never actually turned off:

ignoramous commented 1 year ago

Ignoring non-encryption-aware service

I believe this is okay and shouldn't hinder Rethink's ability to start its Accessibility Service once user is present (user has password-authenticated past the keyguard after reboot).

accessibility service not functional, disable bg-block

This points to the fact that Rethink has the permission but its Accessibility Service wasn't started by the OS anyway. This usually happens when OS deems Rethink as crashing too often and/or draining too much battery.

Could it be that Rethink has long stopped getting Accessibility Events from the OS (Rethink typically should throw a user notification when this happens, and if it isn't, it is a bug we need to fix) but you only notice it only after a reboot?

ignoramous commented 1 year ago

At least one user reported that on Pixel, this setting wouldn't be applied because the OS refused to start Rethink's accessibility service (as it isn't encryption aware): #468 But reading from AOSP code, it didn't seem like not being encryption aware is a deal breaker... So, unlikely to be the cause.

TyraVex commented 1 year ago

On MIUI 14 (Xiaomi.eu), the accessibility service need to be restarted around 4-5 times a day for some reason.

And I can't skip the 10sec unskippable MIUI warning when granting this permission, which is annoying.

Has anyone have a workaround? I have Magisk v26.2 installed if that can help.

TyraVex commented 1 year ago

Note: Actvating, using, and deactivating the accessibility shortcut skips the 10sec warning, which is better, but the core issue remains.