From 6d2a255eef125aad2fd7992e134d27b834a9c5af Mon Sep 17 00:00:00 2001 From: Tad Date: Fri, 5 May 2023 22:25:47 -0400 Subject: [PATCH] Remove User-Agent (and serial) from source built libloc Signed-off-by: Tad --- Scripts/Common/Functions.sh | 17 ++++++++++++++--- Scripts/LineageOS-14.1/Patch.sh | 2 +- Scripts/LineageOS-15.1/Patch.sh | 2 +- Scripts/LineageOS-16.0/Patch.sh | 2 +- Scripts/LineageOS-17.1/Patch.sh | 2 +- Scripts/LineageOS-18.1/Patch.sh | 2 +- Scripts/LineageOS-19.1/Patch.sh | 2 +- Scripts/LineageOS-20.0/Patch.sh | 2 +- 8 files changed, 21 insertions(+), 10 deletions(-) diff --git a/Scripts/Common/Functions.sh b/Scripts/Common/Functions.sh index 16f57e7a..2dd08a38 100644 --- a/Scripts/Common/Functions.sh +++ b/Scripts/Common/Functions.sh @@ -492,13 +492,24 @@ volteOverride() { } export -f volteOverride; -hardenLocationSepolicy() { - #Prevent Qualcomm location stack from reading chipset serial number +hardenLocationSerials() { + #Prevent Qualcomm location stack from sending chipset serial number + + #Devices using blob xtra-daemon (which Deblob.sh removes) find device -name "hal_gnss*.te" -type f -exec sh -c "awk -i inplace '!/sysfs_soc/' {}" \; find device -name "location.te" -type f -exec sh -c "awk -i inplace '!/sysfs_soc/' {}" \; + + #Devices using source built libloc, these ones typically have broad /sys access + ## Null out the User-Agent header + find device -name "LocEngAdapter.cpp" -type f -exec sh -c "sed -i 's/userAgent, strlen(userAgent)/\"-\", 1/' {}" \; + find hardware -name "LocEngAdapter.cpp" -type f -exec sh -c "sed -i 's/userAgent, strlen(userAgent)/\"-\", 1/' {}" \; + ## Prevent reading the serial number + find device -name "LocEngAdapter.cpp" -type f -exec sh -c "sed -i 's|soc0/serial_number|soc0/invalid|' {}" \; + find hardware -name "LocEngAdapter.cpp" -type f -exec sh -c "sed -i 's|soc0/serial_number|soc0/invalid|' {}" \; + echo "Removed serial number access to Qualcomm location stacks"; } -export -f hardenLocationSepolicy; +export -f hardenLocationSerials; hardenLocationConf() { local gpsConfig=$1; diff --git a/Scripts/LineageOS-14.1/Patch.sh b/Scripts/LineageOS-14.1/Patch.sh index 38e1aa2a..1c4a6cc3 100644 --- a/Scripts/LineageOS-14.1/Patch.sh +++ b/Scripts/LineageOS-14.1/Patch.sh @@ -591,7 +591,7 @@ find "kernel" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} cd "$DOS_BUILD_BASE"; deblobAudio; removeBuildFingerprints; -hardenLocationSepolicy || true; +hardenLocationSerials || true; changeDefaultDNS; #Change the default DNS servers #Tweaks for <2GB RAM devices diff --git a/Scripts/LineageOS-15.1/Patch.sh b/Scripts/LineageOS-15.1/Patch.sh index ba6ed8da..14131824 100644 --- a/Scripts/LineageOS-15.1/Patch.sh +++ b/Scripts/LineageOS-15.1/Patch.sh @@ -502,7 +502,7 @@ find "kernel" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} cd "$DOS_BUILD_BASE"; deblobAudio; removeBuildFingerprints; -hardenLocationSepolicy || true; +hardenLocationSerials || true; changeDefaultDNS; #Change the default DNS servers #Tweaks for <2GB RAM devices diff --git a/Scripts/LineageOS-16.0/Patch.sh b/Scripts/LineageOS-16.0/Patch.sh index 3aa6df77..0d886b7e 100644 --- a/Scripts/LineageOS-16.0/Patch.sh +++ b/Scripts/LineageOS-16.0/Patch.sh @@ -412,7 +412,7 @@ if [ "$DOS_GRAPHENE_EXEC" = true ]; then find "device" -maxdepth 2 -mindepth 2 - cd "$DOS_BUILD_BASE"; deblobAudio; removeBuildFingerprints; -hardenLocationSepolicy || true; +hardenLocationSerials || true; changeDefaultDNS; #Change the default DNS servers fixupCarrierConfigs || true; #Remove silly carrier restrictions cd "$DOS_BUILD_BASE"; diff --git a/Scripts/LineageOS-17.1/Patch.sh b/Scripts/LineageOS-17.1/Patch.sh index dcfc117c..ed9fe64c 100644 --- a/Scripts/LineageOS-17.1/Patch.sh +++ b/Scripts/LineageOS-17.1/Patch.sh @@ -555,7 +555,7 @@ if [ "$DOS_GRAPHENE_EXEC" = true ]; then find "device" -maxdepth 2 -mindepth 2 - cd "$DOS_BUILD_BASE"; deblobAudio; removeBuildFingerprints; -hardenLocationSepolicy || true; +hardenLocationSerials || true; enableAutoVarInit || true; changeDefaultDNS; #Change the default DNS servers fixupCarrierConfigs || true; #Remove silly carrier restrictions diff --git a/Scripts/LineageOS-18.1/Patch.sh b/Scripts/LineageOS-18.1/Patch.sh index 7f41c72a..05670a60 100644 --- a/Scripts/LineageOS-18.1/Patch.sh +++ b/Scripts/LineageOS-18.1/Patch.sh @@ -561,7 +561,7 @@ if [ "$DOS_GRAPHENE_EXEC" = true ]; then find "device" -maxdepth 2 -mindepth 2 - cd "$DOS_BUILD_BASE"; deblobAudio; removeBuildFingerprints; -hardenLocationSepolicy || true; +hardenLocationSerials || true; enableAutoVarInit || true; changeDefaultDNS; #Change the default DNS servers fixupCarrierConfigs || true; #Remove silly carrier restrictions diff --git a/Scripts/LineageOS-19.1/Patch.sh b/Scripts/LineageOS-19.1/Patch.sh index a5c7a332..51ae5662 100644 --- a/Scripts/LineageOS-19.1/Patch.sh +++ b/Scripts/LineageOS-19.1/Patch.sh @@ -450,7 +450,7 @@ if [ "$DOS_GRAPHENE_EXEC" = true ]; then find "device" -maxdepth 2 -mindepth 2 - cd "$DOS_BUILD_BASE"; deblobAudio; removeBuildFingerprints; -hardenLocationSepolicy || true; +hardenLocationSerials || true; enableAutoVarInit || true; changeDefaultDNS; #Change the default DNS servers fixupCarrierConfigs || true; #Remove silly carrier restrictions diff --git a/Scripts/LineageOS-20.0/Patch.sh b/Scripts/LineageOS-20.0/Patch.sh index 20aa4bbe..c04c9130 100644 --- a/Scripts/LineageOS-20.0/Patch.sh +++ b/Scripts/LineageOS-20.0/Patch.sh @@ -504,7 +504,7 @@ if [ "$DOS_GRAPHENE_EXEC" = true ]; then find "device" -maxdepth 2 -mindepth 2 - cd "$DOS_BUILD_BASE"; deblobAudio; removeBuildFingerprints; -hardenLocationSepolicy || true; +hardenLocationSerials || true; enableAutoVarInit || true; changeDefaultDNS; #Change the default DNS servers fixupCarrierConfigs || true; #Remove silly carrier restrictions