On Android 10 and devices with permissive SELinux, netlink RTM_GETLINK
is not blocked by sepolicy. The existing recvmsg hook covers most
callers (bionic getifaddrs, Java NetworkInterface), but code using
recv() goes through recvfrom via a bare branch — a different syscall
path. Hooking recvfrom directly breaks recv (shadowhook overwrites the
branch target), so we hook recv instead (12 bytes, safe for island mode).
Also switch diagnostic checks from recv to recvmsg so they go through
the hooked path, and add a separate recv-based check for full coverage.
- Add CheckRunnerService running in :checks process — clean process
without Vector/LSPosed runtime, so native checks (ioctl, socket)
behave exactly like a normal app
- DiagnosticsScreen communicates with service via broadcast
- Detect ECONNREFUSED on socket() (Android per-app network restriction)
and show banner with instructions to enable network access
- NETWORK_BLOCKED results shown as INFO instead of FAIL
- Auto-detect VPN via /sys/class/net + operstate (works with split tunneling)
- Auto-add self to target list on first diagnostics run
