diff --git a/Patches/LineageOS-16.0/android_frameworks_base/0013-Network_Permission-1.patch b/Patches/LineageOS-16.0/android_frameworks_base/0013-Network_Permission-1.patch index 64fc7d6d..2fc60a99 100644 --- a/Patches/LineageOS-16.0/android_frameworks_base/0013-Network_Permission-1.patch +++ b/Patches/LineageOS-16.0/android_frameworks_base/0013-Network_Permission-1.patch @@ -1,4 +1,4 @@ -From 09632b10185b9133949a431e27089f72b5cfeefa Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Fri, 21 Jul 2017 08:42:55 -0400 Subject: [PATCH] support new special runtime permissions @@ -11,10 +11,10 @@ need to be granted by default for all apps to maintain compatibility. 2 files changed, 25 insertions(+), 8 deletions(-) diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java -index c414abac12a7..46f02259e741 100644 +index dc44fe17722d..e9fd656478dc 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java -@@ -19462,7 +19462,8 @@ private void resetUserChangesToRuntimePermissionsAndFlagsLPw( +@@ -19704,7 +19704,8 @@ public class PackageManagerService extends IPackageManager.Stub } // If this permission was granted by default, make sure it is. @@ -25,10 +25,10 @@ index c414abac12a7..46f02259e741 100644 != PERMISSION_OPERATION_FAILURE) { writeRuntimePermissions = true; diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java -index c51a72406b53..cb8facb31020 100644 +index 79b2636481b3..9f1fe8a6414a 100644 --- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java +++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java -@@ -659,6 +659,10 @@ private void removeDynamicPermission( +@@ -730,6 +730,10 @@ public class PermissionManagerService { } } @@ -39,7 +39,7 @@ index c51a72406b53..cb8facb31020 100644 private void grantPermissions(PackageParser.Package pkg, boolean replace, String packageOfInterest, PermissionCallback callback) { // IMPORTANT: There are two types of permissions: install and runtime. -@@ -767,7 +771,8 @@ private void grantPermissions(PackageParser.Package pkg, boolean replace, +@@ -838,7 +842,8 @@ public class PermissionManagerService { // their permissions as always granted runtime ones since we need // to keep the review required permission flag per user while an // install permission's state is shared across all users. @@ -49,7 +49,7 @@ index c51a72406b53..cb8facb31020 100644 // For legacy apps dangerous permissions are install time ones. grant = GRANT_INSTALL; } else if (origPermissions.hasInstallPermission(bp.getName())) { -@@ -877,7 +882,8 @@ private void grantPermissions(PackageParser.Package pkg, boolean replace, +@@ -948,7 +953,8 @@ public class PermissionManagerService { updatedUserIds, userId); } } else if (mSettings.mPermissionReviewRequired @@ -59,7 +59,7 @@ index c51a72406b53..cb8facb31020 100644 // For legacy apps that need a permission review, every new // runtime permission is granted but it is pending a review. // We also need to review only platform defined runtime -@@ -898,7 +904,15 @@ private void grantPermissions(PackageParser.Package pkg, boolean replace, +@@ -969,7 +975,15 @@ public class PermissionManagerService { updatedUserIds = ArrayUtils.appendInt( updatedUserIds, userId); } @@ -76,7 +76,7 @@ index c51a72406b53..cb8facb31020 100644 // Propagate the permission flags. permissionsState.updatePermissionFlags(bp, userId, flags, flags); } -@@ -1350,7 +1364,7 @@ private void grantRequestedRuntimePermissionsForUser(PackageParser.Package pkg, +@@ -1421,7 +1435,7 @@ public class PermissionManagerService { && (grantedPermissions == null || ArrayUtils.contains(grantedPermissions, permission))) { final int flags = permissionsState.getPermissionFlags(permission, userId); @@ -85,7 +85,7 @@ index c51a72406b53..cb8facb31020 100644 // Installer cannot change immutable permissions. if ((flags & immutableFlags) == 0) { grantRuntimePermission(permission, pkg.packageName, false, callingUid, -@@ -1409,7 +1423,7 @@ private void grantRuntimePermission(String permName, String packageName, boolean +@@ -1480,7 +1494,7 @@ public class PermissionManagerService { // install permission's state is shared across all users. if (mSettings.mPermissionReviewRequired && pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M @@ -94,7 +94,7 @@ index c51a72406b53..cb8facb31020 100644 return; } -@@ -1445,7 +1459,8 @@ private void grantRuntimePermission(String permName, String packageName, boolean +@@ -1516,7 +1530,8 @@ public class PermissionManagerService { + permName + " for package " + packageName); } @@ -104,7 +104,7 @@ index c51a72406b53..cb8facb31020 100644 Slog.w(TAG, "Cannot grant runtime permission to a legacy app"); return; } -@@ -1530,7 +1545,8 @@ private void revokeRuntimePermission(String permName, String packageName, +@@ -1601,7 +1616,8 @@ public class PermissionManagerService { // install permission's state is shared across all users. if (mSettings.mPermissionReviewRequired && pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M diff --git a/Patches/LineageOS-16.0/android_frameworks_base/0013-Network_Permission-2.patch b/Patches/LineageOS-16.0/android_frameworks_base/0013-Network_Permission-2.patch index 02b1cd46..c956627f 100644 --- a/Patches/LineageOS-16.0/android_frameworks_base/0013-Network_Permission-2.patch +++ b/Patches/LineageOS-16.0/android_frameworks_base/0013-Network_Permission-2.patch @@ -1,4 +1,4 @@ -From 2dd00723364fcf10e6c9e6c2e022e31524fda92d Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Sun, 17 Mar 2019 11:59:15 -0400 Subject: [PATCH] make INTERNET into a special runtime permission @@ -9,10 +9,10 @@ Subject: [PATCH] make INTERNET into a special runtime permission 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml -index d0ae9dbc55ae..d0449dfc4f57 100644 +index af1a6fa9e3c5..873162098247 100644 --- a/core/res/AndroidManifest.xml +++ b/core/res/AndroidManifest.xml -@@ -1348,7 +1348,7 @@ +@@ -1361,7 +1361,7 @@ Protection level: normal diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java -index cb8facb31020..9b11c8e0ffd7 100644 +index 9f1fe8a6414a..f16f671a51dd 100644 --- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java +++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java -@@ -660,7 +660,7 @@ private void removeDynamicPermission( +@@ -731,7 +731,7 @@ public class PermissionManagerService { } public static boolean isSpecialRuntimePermission(final String permission) { diff --git a/Patches/LineageOS-16.0/android_frameworks_base/0013-Network_Permission-3.patch b/Patches/LineageOS-16.0/android_frameworks_base/0013-Network_Permission-3.patch index a1a0d5bd..5433b11f 100644 --- a/Patches/LineageOS-16.0/android_frameworks_base/0013-Network_Permission-3.patch +++ b/Patches/LineageOS-16.0/android_frameworks_base/0013-Network_Permission-3.patch @@ -1,4 +1,4 @@ -From 6ef61fd6f745b9709269d3612a3a4eea2250ebec Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Fri, 21 Jul 2017 11:23:07 -0400 Subject: [PATCH] add a NETWORK permission group for INTERNET @@ -9,10 +9,10 @@ Subject: [PATCH] add a NETWORK permission group for INTERNET 2 files changed, 15 insertions(+) diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml -index d0449dfc4f57..822cf1166539 100644 +index 873162098247..8efe5474dfea 100644 --- a/core/res/AndroidManifest.xml +++ b/core/res/AndroidManifest.xml -@@ -1342,10 +1342,20 @@ +@@ -1355,10 +1355,20 @@ @@ -34,7 +34,7 @@ index d0449dfc4f57..822cf1166539 100644 android:label="@string/permlab_createNetworkSockets" android:protectionLevel="dangerous|instant" /> diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml -index f6600462ea74..a79fa8e95b6e 100644 +index 29af7d71914f..fd30d719b996 100644 --- a/core/res/res/values/strings.xml +++ b/core/res/res/values/strings.xml @@ -747,6 +747,11 @@ diff --git a/Patches/LineageOS-16.0/android_packages_apps_PackageInstaller/0001-Network_Permission-1.patch b/Patches/LineageOS-16.0/android_packages_apps_PackageInstaller/0001-Network_Permission-1.patch index 408f120a..ec21f188 100644 --- a/Patches/LineageOS-16.0/android_packages_apps_PackageInstaller/0001-Network_Permission-1.patch +++ b/Patches/LineageOS-16.0/android_packages_apps_PackageInstaller/0001-Network_Permission-1.patch @@ -1,4 +1,4 @@ -From 880011e7af233249e1b70177daa3cd786574bc85 Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Sat, 22 Jul 2017 21:43:50 -0400 Subject: [PATCH] always treat INTERNET as a runtime permission @@ -11,7 +11,7 @@ diff --git a/src/com/android/packageinstaller/permission/model/AppPermissionGrou index aafce8df5..e6087de4c 100644 --- a/src/com/android/packageinstaller/permission/model/AppPermissionGroup.java +++ b/src/com/android/packageinstaller/permission/model/AppPermissionGroup.java -@@ -26,6 +26,7 @@ +@@ -26,6 +26,7 @@ import android.content.pm.PackageItemInfo; import android.content.pm.PackageManager; import android.content.pm.PermissionGroupInfo; import android.content.pm.PermissionInfo; @@ -19,7 +19,7 @@ index aafce8df5..e6087de4c 100644 import android.os.Build; import android.os.Process; import android.os.UserHandle; -@@ -338,7 +339,7 @@ public boolean areRuntimePermissionsGranted(String[] filterPermissions) { +@@ -338,7 +339,7 @@ public final class AppPermissionGroup implements Comparable && !ArrayUtils.contains(filterPermissions, permission.getName())) { continue; } @@ -28,7 +28,7 @@ index aafce8df5..e6087de4c 100644 if (permission.isGranted()) { return true; } -@@ -371,7 +372,7 @@ public boolean grantRuntimePermissions(boolean fixedByTheUser, String[] filterPe +@@ -371,7 +372,7 @@ public final class AppPermissionGroup implements Comparable continue; } @@ -37,7 +37,7 @@ index aafce8df5..e6087de4c 100644 // Do not touch permissions fixed by the system. if (permission.isSystemFixed()) { return false; -@@ -473,7 +474,7 @@ public boolean revokeRuntimePermissions(boolean fixedByTheUser, String[] filterP +@@ -473,7 +474,7 @@ public final class AppPermissionGroup implements Comparable continue; } diff --git a/Patches/LineageOS-16.0/android_packages_apps_PackageInstaller/0001-Network_Permission-2.patch b/Patches/LineageOS-16.0/android_packages_apps_PackageInstaller/0001-Network_Permission-2.patch index 2ae37ff7..f80ac261 100644 --- a/Patches/LineageOS-16.0/android_packages_apps_PackageInstaller/0001-Network_Permission-2.patch +++ b/Patches/LineageOS-16.0/android_packages_apps_PackageInstaller/0001-Network_Permission-2.patch @@ -1,4 +1,4 @@ -From c3c6a3206c1753cac7a8db72e2f05ddcf4c66d99 Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Fri, 21 Jul 2017 10:29:15 -0400 Subject: [PATCH] add NETWORK permission group @@ -11,7 +11,7 @@ diff --git a/src/com/android/packageinstaller/permission/utils/Utils.java b/src/ index 85a102831..423b319ee 100644 --- a/src/com/android/packageinstaller/permission/utils/Utils.java +++ b/src/com/android/packageinstaller/permission/utils/Utils.java -@@ -51,7 +51,8 @@ +@@ -51,7 +51,8 @@ public final class Utils { Manifest.permission_group.SMS, Manifest.permission_group.PHONE, Manifest.permission_group.MICROPHONE, diff --git a/Patches/LineageOS-16.0/android_packages_providers_DownloadProvider/0001-Network_Permission.patch b/Patches/LineageOS-16.0/android_packages_providers_DownloadProvider/0001-Network_Permission.patch index 882727bb..e6d86e8d 100644 --- a/Patches/LineageOS-16.0/android_packages_providers_DownloadProvider/0001-Network_Permission.patch +++ b/Patches/LineageOS-16.0/android_packages_providers_DownloadProvider/0001-Network_Permission.patch @@ -8,7 +8,7 @@ Subject: [PATCH] remove legacy NETWORK permission group reference 1 file changed, 1 deletion(-) diff --git a/AndroidManifest.xml b/AndroidManifest.xml -index 302a58e5..65f38e86 100644 +index 067bc937..930a3b6f 100644 --- a/AndroidManifest.xml +++ b/AndroidManifest.xml @@ -29,7 +29,6 @@ diff --git a/Scripts/LineageOS-16.0/Patch.sh b/Scripts/LineageOS-16.0/Patch.sh index 68594c18..0b080517 100644 --- a/Scripts/LineageOS-16.0/Patch.sh +++ b/Scripts/LineageOS-16.0/Patch.sh @@ -117,6 +117,11 @@ applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0005-User_Logout.patch"; #Allow user logout (GrapheneOS) if [ "$DOS_SENSORS_PERM" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0011-Sensors.patch"; fi; #Permission for sensors access (MSe1969) #applyPatch "$DOS_PATCHES/android_frameworks_base/0012-Private_DNS.patch"; #More 'Private DNS' options (CalyxOS) +if [ "$DOS_GRAPHENE_NETWORK_PERM" = true ]; then +applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-1.patch"; #Expose the NETWORK permission (GrapheneOS) +applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-2.patch"; +applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-3.patch"; +fi; if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0002-Signature_Spoofing.patch"; fi; #Allow packages to spoof their signature (microG) if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0003-Harden_Sig_Spoofing.patch"; fi; #Restrict signature spoofing to system apps signed with the platform key sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox internal logging service @@ -183,6 +188,10 @@ if enterAndClear "hardware/qcom/display-caf/msm8998"; then applyPatch "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8998.patch"; fi; +if enterAndClear "libcore"; then +if [ "$DOS_GRAPHENE_NETWORK_PERM" = true ]; then applyPatch "$DOS_PATCHES/android_libcore/0001-Network_Permission.patch"; fi; #Expose the NETWORK permission (GrapheneOS) +fi; + if enterAndClear "lineage-sdk"; then awk -i inplace '!/LineageWeatherManagerService/' lineage/res/res/values/config.xml; #Disable Weather if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then awk -i inplace '!/LineageAudioService/' lineage/res/res/values/config.xml; fi; #Remove AudioFX @@ -201,6 +210,13 @@ rm -rf src/org/lineageos/lineageparts/lineagestats/ res/xml/anonymous_stats.xml applyPatch "$DOS_PATCHES/android_packages_apps_LineageParts/0001-Remove_Analytics.patch"; #Remove analytics fi; +if enterAndClear "packages/apps/PackageInstaller"; then +if [ "$DOS_GRAPHENE_NETWORK_PERM" = true ]; then +applyPatch "$DOS_PATCHES/android_packages_apps_PackageInstaller/0001-Network_Permission-1.patch"; #Expose the NETWORK permission (GrapheneOS) +applyPatch "$DOS_PATCHES/android_packages_apps_PackageInstaller/0001-Network_Permission-2.patch"; +fi; +fi; + if enterAndClear "packages/apps/Settings"; then git revert --no-edit c240992b4c86c7f226290807a2f41f2619e7e5e8; #Don't hide OEM unlock applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969) @@ -234,6 +250,10 @@ applyPatch "$DOS_PATCHES_COMMON/android_packages_inputmethods_LatinIME/0001-Voic applyPatch "$DOS_PATCHES_COMMON/android_packages_inputmethods_LatinIME/0002-Disable_Personalization.patch"; #Disable personalization dictionary by default (GrapheneOS) fi; +if enterAndClear "packages/providers/DownloadProvider"; then +if [ "$DOS_GRAPHENE_NETWORK_PERM" = true ]; then applyPatch "$DOS_PATCHES/android_packages_providers_DownloadProvider/0001-Network_Permission.patch"; fi; #Expose the NETWORK permission (GrapheneOS) +fi; + if enterAndClear "packages/services/Telephony"; then git revert --no-edit 99564aaf0417c9ddf7d6aeb10d326e5b24fa8f55; applyPatch "$DOS_PATCHES/android_packages_services_Telephony/0001-PREREQ_Handle_All_Modes.patch";