Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: TrackerControl/tracker-control-android
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: master
Choose a base ref
...
head repository: TrackerControl/tracker-control-android
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: work-profile-diagnostics
Choose a head ref
Checking mergeability… Don’t worry, you can still create the pull request.
  • 2 commits
  • 6 files changed
  • 1 contributor

Commits on Apr 2, 2026

  1. Add work profile diagnostic instrumentation for debugging logging issues 

    A user reports that tracker blocking and traffic logging don't work when
running TC in a work profile (Shelter). To help diagnose the root cause:

- Add WorkProfileDiagnostics class: collects system info, preferences,
  DNS config, VPN routing state, per-app SharedPreferences, and a ring
  buffer of runtime events. Exports everything plus filtered logcat to
  a text file via Settings > Development > Export diagnostics.

- Instrument ServiceSinkhole: log VPN lifecycle (onCreate, start,
  builder config, app exclusions), packet flow summaries (every 60s),
  DNS resolution events, log pipeline health, native errors/exits.

- Instrument ReceiverAutostart.upgrade: log migration state including
  work profile detection and SharedPreferences entry counts.

- Add "Enable traffic log" toggle and "Export diagnostics" button to
  Settings > Development > Debug Diagnostics section.

The diagnostics file will show whether the VPN establishes, how many
apps are routed vs excluded, whether DNS queries are captured, whether
packets reach the log pipeline, and the full preference state - enough
to pinpoint where the pipeline breaks in work profiles.

https://claude.ai/code/session_013NayXYhZViADqMfUXT4VuF
    @claude
    claude committed Apr 2, 2026
    Configuration menu
    Copy the full SHA
    bfb401a View commit details
    Browse the repository at this point in the history

  2. Fix SecurityException crash in work profiles for getPackagesForUid 

    In work profiles (e.g. Shelter), getPackagesForUid() throws
SecurityException for cross-user UIDs because the app lacks
INTERACT_ACROSS_USERS_FULL permission. This was already known and
handled in AdapterLog.java but NOT in the critical packet processing
path.

The unhandled exception in shouldTrackApp() propagates up through
blockKnownTracker() and log(), causing BOTH tracker blocking AND
traffic logging to silently fail for every packet - the exception
is caught by the outer handleMessage() try-catch and swallowed.

Fix: wrap getPackagesForUid() in try-catch SecurityException at all
three unprotected call sites in ServiceSinkhole:
- shouldTrackApp() (blocking + logging pipeline) - default to tracking
- prepareUidIPFilters() (lockdown check) - skip lockdown filter
- showNewInstallNotification() - skip notification gracefully

This is very likely the root cause of the reported work profile issue
where "tracker blocking and traffic log doesn't work in Shelter."

https://claude.ai/code/session_013NayXYhZViADqMfUXT4VuF
    @claude
    claude committed Apr 2, 2026
    Configuration menu
    Copy the full SHA
    c592b97 View commit details
    Browse the repository at this point in the history
Loading