Inline the firmware deblobber

2025-01-13 08:29:28 -05:00 · 2017-11-11 06:46:58 -05:00 · 2017-11-11 06:46:58 -05:00 · 5dfb34d47d
commit 5dfb34d47d
parent 1c5878b8cc
6 changed files with 28 additions and 8 deletions
--- a/Misc/deblob-firmware/Flashable/META-INF/com/google/android/update-binary
+++ b/Misc/deblob-firmware/Flashable/META-INF/com/google/android/update-binary
--- a/Misc/deblob-firmware/README
+++ b/Misc/deblob-firmware/README
@ -1,6 +0,0 @@
-This is a simple flashable zip used to remove firmware from the /firmware and /vendor partitions.
-This is necessary in order to remove untrusted proprietary code and to increase security.
-See https://bits-please.blogspot.com/2016/05/qsee-privilege-escalation-vulnerability.html for an exploit (CVE-2015-6639) that uses the Widevine firmware.
-
-To sign the zip
-	./build/tools/releasetools/sign_zip.py -k ../../Signing_Keys/releasekey deblob-firmware.zip deblob-firmware-signed.zip
--- a/Patches/LineageOS-14.1/android_vendor_cm/firmware_deblobber.mk
+++ b/Patches/LineageOS-14.1/android_vendor_cm/firmware_deblobber.mk
@ -0,0 +1,16 @@
+FD_PREBUILTS_PATH := vendor/cm/firmware_deblobber
+
+FD_INSTALL_OUT := $(PRODUCT_OUT)/firmware_deblobber/
+FD_INSTALL_TARGET := $(PRODUCT_OUT)/firmware_deblobber-$(TARGET_ARCH).zip
+
+$(FD_INSTALL_TARGET): $(ALL_MODULES.updater.BUILT)
+	$(hide) rm -rf $@ $(FD_INSTALL_OUT)
+	$(hide) mkdir -p $(FD_INSTALL_OUT)/META-INF/com/google/android/
+	$(hide) cp $(ALL_MODULES.updater.BUILT) $(FD_INSTALL_OUT)/META-INF/com/google/android/update-binary
+	$(hide) cp $(FD_PREBUILTS_PATH)/firmware_deblobber.sh $(FD_INSTALL_OUT)/
+	$(hide) cp $(FD_PREBUILTS_PATH)/updater-script $(FD_INSTALL_OUT)/META-INF/com/google/android/updater-script
+	$(hide) (cd $(FD_INSTALL_OUT) && zip -qr $@ *)
+
+.PHONY: firmware_deblobber
+firmware_deblobber: $(FD_INSTALL_TARGET)
+	@echo "Done: $(FD_INSTALL_TARGET)"
--- a/Patches/LineageOS-14.1/android_vendor_cm/firmware_deblobber/firmware_deblobber.sh
+++ b/Patches/LineageOS-14.1/android_vendor_cm/firmware_deblobber/firmware_deblobber.sh
--- a/Patches/LineageOS-14.1/android_vendor_cm/firmware_deblobber/updater-script
+++ b/Patches/LineageOS-14.1/android_vendor_cm/firmware_deblobber/updater-script
@ -1,8 +1,13 @@
 ui_print("DivestOS Firmware Deblobber");
+
+set_metadata("/tmp/firmware_deblobber.sh", "uid", 0, "gid", 0, "mode", 0755);
+
 unmount("/firmware");
 mount("ext4", "EMMC", "/dev/block/bootdevice/by-name/modem", "/firmware", "");
-package_extract_dir("scripts", "/tmp/scripts");
-run_program("/sbin/sh", "/tmp/scripts/firmware_deblobber.sh");
+
+run_program("/sbin/sh", "/tmp/firmware_deblobber.sh");
+
 unmount("/firmware");
+
 ui_print("Deblobbed!");
 set_progress(1.000000);
--- a/Scripts/LineageOS-14.1/Patch.sh
+++ b/Scripts/LineageOS-14.1/Patch.sh
@ -30,6 +30,9 @@
 #Generate an incremental
 #./build/tools/releasetools/ota_from_target_files --block -t 8 -i old.zip new.zip update.zip

+#Generate firmware deblobber
+#mka firmware_deblobber
+
 #
 #START OF PREPRATION
 #
@ -223,6 +226,8 @@ awk -i inplace '!/50-cm.sh/' config/common.mk; #Make sure our hosts is always us
 patch -p1 < $patches"android_vendor_cm/0001-SCE.patch" #Include our extras such as MicroG and F-Droid
 cp $patches"android_vendor_cm/sce.mk" config/sce.mk
 cp $patches"android_vendor_cm/config.xml" overlay/common/vendor/cmsdk/cm/res/res/values/config.xml; #Per app performance profiles
+cp -r $patches"android_vendor_cm/firmware_deblobber" .;
+cp $patches"android_vendor_cm/firmware_deblobber.mk" build/tasks/firmware_deblobber.mk;
 sed -i 's/CM_BUILDTYPE := UNOFFICIAL/CM_BUILDTYPE := dos/' config/common.mk; #Change buildtype
 sed -i 's/messaging/Silence/' config/telephony.mk; #Replace AOSP Messaging app with Silence
 #sed -i 's/mka bacon/mka bacon target-files-package dist/' build/envsetup.sh; #Create target-files for incrementals