Deblobber improvements

Deblobber
- Remove more diag blobs
- Remove more AT blobs
- Remove IPA blobs by default now
- Support removal of IPC security exceptions

+ also disable earjack debugger via hardenDefconfig()
This commit is contained in:
Tad 2018-08-24 18:35:53 -04:00
parent e078d37b82
commit 48d7f11919
3 changed files with 26 additions and 11 deletions

View File

@ -35,6 +35,7 @@ echo "Deblobbing..."
blobs=""; #Delimited using "|"
makes="";
overlay="";
ipcSec="";
kernels=""; #Delimited using " "
sepolicy="";
@ -51,9 +52,10 @@ echo "Deblobbing..."
#aptX (Bluetooth Audio Compression Codec) [Qualcomm]
blobs=$blobs"|.*aptX.*";
#ATFWD [Qualcomm]
blobs=$blobs"|ATFWD-daemon|atfwd.apk";
sepolicy=$sepolicy" atfwd.te";
#AT Command Handling/Forwarding
blobs=$blobs"|bin[/]atd|ATFWD-daemon|atfwd.apk|port-bridge|drexe|log_serial_arm";
#blobs=$blobs"libqmi.so|wankit|nvm_server|mmgr";
sepolicy=$sepolicy" atfwd.te port-bridge.te";
#AudioFX (Audio Effects) [Qualcomm]
if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then
@ -78,8 +80,10 @@ echo "Deblobbing..."
makes=$makes"libcnefeatureconfig";
sepolicy=$sepolicy" cnd.te qcneservice.te";
#Diagnostics [Qualcomm]
blobs=$blobs"|[/]diag[/]|diag_callback_client|diag_dci_sample|diag_klog|diag_mdlog|diag_mdlog-getlogs|diag_mdlog-wrap|diag[/]mdm|diag_qshrink4_daemon|diag_socket_log|diag_uart_log|drmdiagapp|ibdrmdiag.so|ssr_diag|test_diag";
#Diagnostics
blobs=$blobs"|[/]diag[/]|diag_callback_client|diag_dci_sample|diag_klog|diag_mdlog|diag_mdlog-getlogs|diag_mdlog-wrap|diag[/]mdm|diag_qshrink4_daemon|diag_socket_log|diag_uart_log|drmdiagapp|ibdrmdiag.so|ssr_diag|test_diag|cnss_diag";
blobs=$blobs"|libdiag.so|libsdm-diag.so|libDiagService.so";
ipcSec="4097:4294967295:2002:2950:3009:2901|4097:4294967295:3009";
#Dirac (Audio Codec + Effects) [Dirac]
blobs=$blobs"|libDiracAPI_SHARED.so|.*dirac.*";
@ -99,6 +103,7 @@ echo "Deblobbing..."
#DPM (Data Power Management) [Qualcomm]
blobs=$blobs"|com.qti.dpmframework.jar|com.qti.dpmframework.xml|dpmapi.jar|dpmapi.xml|dpm.conf|dpmd|dpmserviceapp.apk|libdpmctmgr.so|libdpmfdmgr.so|libdpmframework.so|libdpmnsrm.so|libdpmtcm.so|NsrmConfiguration.xml|tcmclient.jar";
sepolicy=$sepolicy" dpmd.te";
ipcSec=$ipcSec"|47:4294967295:1001:3004|48:4294967295:1000:3004";
#DRM
blobs=$blobs"|lib-sec-disp.so|libSecureUILib.so|libsecureui.so|libsecureuisvc_jni.so|libsecureui_svcsock.so";
@ -172,14 +177,17 @@ echo "Deblobbing..."
blobs=$blobs"|ims.apk|ims.xml|libimsmedia_jni.so";
blobs=$blobs"|volte_modem[/]";
sepolicy=$sepolicy" ims.te imscm.te imswmsproxy.te";
ipcSec=$ipcSec"|32:4294967295:1001";
fi;
#IPA (Internet Packet Accelerator) [Qualcomm]
#This is actually open source (excluding -diag)
#blobs=$blobs"|ipacm";
blobs=$blobs"|ipacm-diag";
#makes=$makes"|ipacm|IPACM_cfg.xml";
#kernels=$kernels" drivers/platform/msm/ipa";
if [ "$DOS_DEBLOBBER_REMOVE_IPA" = true ]; then
blobs=$blobs"|ipacm";
makes=$makes"|ipacm|IPACM_cfg.xml";
kernels=$kernels" drivers/platform/msm/ipa";
fi;
#IS? (DRM) [?]
blobs=$blobs"|isdbtmm.*";
@ -235,6 +243,7 @@ echo "Deblobbing..."
#RCS (Proprietary messaging protocol)
blobs=$blobs"|rcsimssettings.jar|rcsimssettings.xml|rcsservice.jar|rcsservice.xml|lib-imsrcscmclient.so|lib-ims-rcscmjni.so|lib-imsrcscmservice.so|lib-imsrcscm.so|lib-imsrcs.so|lib-rcsimssjni.so|lib-rcsjni.so|RCSBootstraputil.apk|RcsImsBootstraputil.apk|uceShimService.apk"; #RCS
makes=$makes"|rcs_service.*";
ipcSec=$ipcSec"|18:4294967295:1001:3004";
#SecProtect [Qualcomm]
blobs=$blobs"|SecProtect.apk";
@ -244,6 +253,7 @@ echo "Deblobbing..."
#[Sprint]
blobs=$blobs"|com.android.omadm.service.xml|ConnMO.apk|CQATest.apk|DCMO.apk|DiagMon.apk|DMConfigUpdate.apk|DMService.apk|GCS.apk|HiddenMenu.apk|libdmengine.so|libdmjavaplugin.so|LifetimeData.apk|SprintDM.apk|SprintHM.apk|whitelist_com.android.omadm.service.xml|LifeTimerService.apk";
ipcSec=$ipcSec"|238:4294967295:1001:3004";
#Thermal Throttling [Qualcomm]
#blobs=$blobs"|libthermalclient.so|libthermalioctl.so|thermal-engine";
@ -281,6 +291,7 @@ echo "Deblobbing..."
export blobs;
export makes;
export overlay;
export ipcSec;
export kernels;
export sepolicy;
#
@ -415,9 +426,12 @@ deblobDevice() {
rm -f board/qcom-cne.mk product/qcom-cne.mk; #Remove CNE
rm -f rootdir/etc/init.qti.ims.sh rootdir/init.qti.ims.sh init.qti.ims.sh; #Remove IMS startup script
rm -rf IMSEnabler; #Remove IMS compatibility module
#rm -rf data-ipa-cfg-mgr; #Remove IPA
if [ "$DOS_DEBLOBBER_REMOVE_IPA" = true ]; then rm -rf data-ipa-cfg-mgr; fi; #Remove IPA
rm -rf libshimwvm libshims/wvm_shim.cpp; #Remove Google Widevine compatibility module
rm -rf board/qcom-wipower.mk product/qcom-wipower.mk; #Remove WiPower makefiles
if [ -f configs/sec_config ]; then
awk -i inplace '!/'$ipcSec'/' configs/sec_config; #Remove all IPC security exceptions from sec_config
fi;
if [ -f setup-makefiles.sh ]; then
awk -i inplace '!/'$blobs'/' ./*proprietary*.txt; #Remove all blob references from blob manifest
bash -c "cd $DOS_BUILD_BASE$devicePath && ./setup-makefiles.sh"; #Update the makefiles

View File

@ -307,8 +307,8 @@ hardenDefconfig() {
fi;
done
#Disable supported options
#TODO: Disable earjack/uart debugger
declare -a optionsNo=("CONFIG_ACPI_CUSTOM_METHOD" "CONFIG_BINFMT_MISC" "CONFIG_COMPAT_BRK" "CONFIG_COMPAT_VDSO" "CONFIG_CP_ACCESS64" "CONFIG_DEVKMEM" "CONFIG_DEVMEM" "CONFIG_DEVPORT" "CONFIG_HIBERNATION" "CONFIG_INET_DIAG" "CONFIG_KEXEC" "CONFIG_LEGACY_PTYS" "CONFIG_MSM_BUSPM_DEV" "CONFIG_OABI_COMPAT" "CONFIG_PROC_KCORE" "CONFIG_PROC_VMCORE" "CONFIG_SECURITY_SELINUX_DISABLE" "CONFIG_SLAB_MERGE_DEFAULT" "CONFIG_WLAN_FEATURE_MEMDUMP")
declare -a optionsNo=("CONFIG_ACPI_CUSTOM_METHOD" "CONFIG_BINFMT_MISC" "CONFIG_COMPAT_BRK" "CONFIG_COMPAT_VDSO" "CONFIG_CP_ACCESS64" "CONFIG_DEVKMEM" "CONFIG_DEVMEM" "CONFIG_DEVPORT" "CONFIG_HIBERNATION" "CONFIG_INET_DIAG" "CONFIG_KEXEC" "CONFIG_LEGACY_PTYS" "CONFIG_MSM_BUSPM_DEV" "CONFIG_OABI_COMPAT" "CONFIG_PROC_KCORE" "CONFIG_PROC_VMCORE" "CONFIG_SECURITY_SELINUX_DISABLE" "CONFIG_SLAB_MERGE_DEFAULT" "CONFIG_WLAN_FEATURE_MEMDUMP" "CONFIG_EARJACK_DEBUGGER");
#if [ "$DOS_DEBLOBBER_REMOVE_IPA" = true ]; then optionsNo+=("CONFIG_MSM"); fi;
for option in "${optionsNo[@]}"
do
sed -i 's/'"$option"'=y/# '"$option"' is not set/' $defconfigPath &>/dev/null || true;

View File

@ -27,6 +27,7 @@ export DOS_DEBLOBBER_REMOVE_AUDIOFX=true; #Set true to remove AudioFX
export DOS_DEBLOBBER_REMOVE_GRAPHICS=false; #Set true to remove all graphics blobs and use SwiftShader CPU renderer
export DOS_DEBLOBBER_REMOVE_FP=false; #Set true to remove all fingerprint reader blobs
export DOS_DEBLOBBER_REMOVE_IMS=false; #Set true to remove all IMS blobs
export DOS_DEBLOBBER_REMOVE_IPA=true; #Set true to remove all IPA blobs
export DOS_DEBLOBBER_REMOVE_IR=false; #Set true to remove all IR blobs
export DOS_DEBLOBBER_REPLACE_TIME=false; #Set true to replace Qualcomm Time Services with the open source Sony TimeKeep reimplementation #TODO: Needs work
export DOS_DEFAULT_DNS_PRESET="Cloudflare"; #Sets default DNS. Options: Cloudflare, OpenNIC, DNSWATCH, Google, OpenDNS, Quad9, Quad9U, Verisign