Remove User-Agent (and serial) from source built libloc

Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
Tad 2023-05-05 22:25:47 -04:00
parent 14c191ffb5
commit 6d2a255eef
No known key found for this signature in database
GPG Key ID: B286E9F57A07424B
8 changed files with 21 additions and 10 deletions

View File

@ -492,13 +492,24 @@ volteOverride() {
} }
export -f volteOverride; export -f volteOverride;
hardenLocationSepolicy() { hardenLocationSerials() {
#Prevent Qualcomm location stack from reading chipset serial number #Prevent Qualcomm location stack from sending chipset serial number
#Devices using blob xtra-daemon (which Deblob.sh removes)
find device -name "hal_gnss*.te" -type f -exec sh -c "awk -i inplace '!/sysfs_soc/' {}" \; find device -name "hal_gnss*.te" -type f -exec sh -c "awk -i inplace '!/sysfs_soc/' {}" \;
find device -name "location.te" -type f -exec sh -c "awk -i inplace '!/sysfs_soc/' {}" \; find device -name "location.te" -type f -exec sh -c "awk -i inplace '!/sysfs_soc/' {}" \;
#Devices using source built libloc, these ones typically have broad /sys access
## Null out the User-Agent header
find device -name "LocEngAdapter.cpp" -type f -exec sh -c "sed -i 's/userAgent, strlen(userAgent)/\"-\", 1/' {}" \;
find hardware -name "LocEngAdapter.cpp" -type f -exec sh -c "sed -i 's/userAgent, strlen(userAgent)/\"-\", 1/' {}" \;
## Prevent reading the serial number
find device -name "LocEngAdapter.cpp" -type f -exec sh -c "sed -i 's|soc0/serial_number|soc0/invalid|' {}" \;
find hardware -name "LocEngAdapter.cpp" -type f -exec sh -c "sed -i 's|soc0/serial_number|soc0/invalid|' {}" \;
echo "Removed serial number access to Qualcomm location stacks"; echo "Removed serial number access to Qualcomm location stacks";
} }
export -f hardenLocationSepolicy; export -f hardenLocationSerials;
hardenLocationConf() { hardenLocationConf() {
local gpsConfig=$1; local gpsConfig=$1;

View File

@ -591,7 +591,7 @@ find "kernel" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {}
cd "$DOS_BUILD_BASE"; cd "$DOS_BUILD_BASE";
deblobAudio; deblobAudio;
removeBuildFingerprints; removeBuildFingerprints;
hardenLocationSepolicy || true; hardenLocationSerials || true;
changeDefaultDNS; #Change the default DNS servers changeDefaultDNS; #Change the default DNS servers
#Tweaks for <2GB RAM devices #Tweaks for <2GB RAM devices

View File

@ -502,7 +502,7 @@ find "kernel" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {}
cd "$DOS_BUILD_BASE"; cd "$DOS_BUILD_BASE";
deblobAudio; deblobAudio;
removeBuildFingerprints; removeBuildFingerprints;
hardenLocationSepolicy || true; hardenLocationSerials || true;
changeDefaultDNS; #Change the default DNS servers changeDefaultDNS; #Change the default DNS servers
#Tweaks for <2GB RAM devices #Tweaks for <2GB RAM devices

View File

@ -412,7 +412,7 @@ if [ "$DOS_GRAPHENE_EXEC" = true ]; then find "device" -maxdepth 2 -mindepth 2 -
cd "$DOS_BUILD_BASE"; cd "$DOS_BUILD_BASE";
deblobAudio; deblobAudio;
removeBuildFingerprints; removeBuildFingerprints;
hardenLocationSepolicy || true; hardenLocationSerials || true;
changeDefaultDNS; #Change the default DNS servers changeDefaultDNS; #Change the default DNS servers
fixupCarrierConfigs || true; #Remove silly carrier restrictions fixupCarrierConfigs || true; #Remove silly carrier restrictions
cd "$DOS_BUILD_BASE"; cd "$DOS_BUILD_BASE";

View File

@ -555,7 +555,7 @@ if [ "$DOS_GRAPHENE_EXEC" = true ]; then find "device" -maxdepth 2 -mindepth 2 -
cd "$DOS_BUILD_BASE"; cd "$DOS_BUILD_BASE";
deblobAudio; deblobAudio;
removeBuildFingerprints; removeBuildFingerprints;
hardenLocationSepolicy || true; hardenLocationSerials || true;
enableAutoVarInit || true; enableAutoVarInit || true;
changeDefaultDNS; #Change the default DNS servers changeDefaultDNS; #Change the default DNS servers
fixupCarrierConfigs || true; #Remove silly carrier restrictions fixupCarrierConfigs || true; #Remove silly carrier restrictions

View File

@ -561,7 +561,7 @@ if [ "$DOS_GRAPHENE_EXEC" = true ]; then find "device" -maxdepth 2 -mindepth 2 -
cd "$DOS_BUILD_BASE"; cd "$DOS_BUILD_BASE";
deblobAudio; deblobAudio;
removeBuildFingerprints; removeBuildFingerprints;
hardenLocationSepolicy || true; hardenLocationSerials || true;
enableAutoVarInit || true; enableAutoVarInit || true;
changeDefaultDNS; #Change the default DNS servers changeDefaultDNS; #Change the default DNS servers
fixupCarrierConfigs || true; #Remove silly carrier restrictions fixupCarrierConfigs || true; #Remove silly carrier restrictions

View File

@ -450,7 +450,7 @@ if [ "$DOS_GRAPHENE_EXEC" = true ]; then find "device" -maxdepth 2 -mindepth 2 -
cd "$DOS_BUILD_BASE"; cd "$DOS_BUILD_BASE";
deblobAudio; deblobAudio;
removeBuildFingerprints; removeBuildFingerprints;
hardenLocationSepolicy || true; hardenLocationSerials || true;
enableAutoVarInit || true; enableAutoVarInit || true;
changeDefaultDNS; #Change the default DNS servers changeDefaultDNS; #Change the default DNS servers
fixupCarrierConfigs || true; #Remove silly carrier restrictions fixupCarrierConfigs || true; #Remove silly carrier restrictions

View File

@ -504,7 +504,7 @@ if [ "$DOS_GRAPHENE_EXEC" = true ]; then find "device" -maxdepth 2 -mindepth 2 -
cd "$DOS_BUILD_BASE"; cd "$DOS_BUILD_BASE";
deblobAudio; deblobAudio;
removeBuildFingerprints; removeBuildFingerprints;
hardenLocationSepolicy || true; hardenLocationSerials || true;
enableAutoVarInit || true; enableAutoVarInit || true;
changeDefaultDNS; #Change the default DNS servers changeDefaultDNS; #Change the default DNS servers
fixupCarrierConfigs || true; #Remove silly carrier restrictions fixupCarrierConfigs || true; #Remove silly carrier restrictions