Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
Change the gps XTRA download location to use https #499
Comments
JasperWallace
changed the title from
Change the dps XTRA download location to use https
to
Change the gps XTRA download location to use https
Nov 24, 2016
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment Hide comment|
It needs to be tested before it can be changed. |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment Hide comment|
This is implemented upstream in 7.1.1. |
thestinger
closed this
Dec 5, 2016
thestinger
added
the
upstream
label
Dec 5, 2016
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
JasperWallace commentedNov 24, 2016
At the moment they are plain text, and if there is a vulnerability in the modem an attacker who can mitm can inject a malicious xtra2.bin file.
The file is available from the same servers with https.
This may be as simple as changing http: to https: in gps.conf here:
https://github.com/CopperheadOS/device_lge_bullhead/blob/nougat-mr0.5-release/gps.conf
or might need changing this code too:
https://github.com/CopperheadOS/platform_frameworks_base/blob/nougat-mr0.5-release/services/core/java/com/android/server/location/GpsXtraDownloader.java#L116
I can look into this and test a change, but it will take me a while to setup a build server.