mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-28 17:09:39 -05:00
Add the exec-spawning toggle from GrapheneOS
Tested working on 18.1/klte TODO: backport to 16.0 Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
parent
a3266de8df
commit
8a03e46c7e
@ -0,0 +1,167 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Sat, 26 Mar 2022 20:35:37 -0400
|
||||
Subject: [PATCH] add exec spawning toggle
|
||||
|
||||
---
|
||||
res/values/strings.xml | 2 +
|
||||
res/xml/security_dashboard_settings.xml | 6 +
|
||||
.../ExecSpawnPreferenceController.java | 106 ++++++++++++++++++
|
||||
.../settings/security/SecuritySettings.java | 1 +
|
||||
4 files changed, 115 insertions(+)
|
||||
create mode 100644 src/com/android/settings/security/ExecSpawnPreferenceController.java
|
||||
|
||||
diff --git a/res/values/strings.xml b/res/values/strings.xml
|
||||
index fd3d1cde64..4b9b109d89 100644
|
||||
--- a/res/values/strings.xml
|
||||
+++ b/res/values/strings.xml
|
||||
@@ -11316,6 +11316,8 @@
|
||||
<!-- UI debug setting: Force enable "smart dark" UI rendering feature summary [CHAR LIMIT=NONE] -->
|
||||
<string name="hwui_force_dark_summary">Overrides the force-dark feature to be always-on</string>
|
||||
|
||||
+ <string name="exec_spawn_title">Enable secure app spawning</string>
|
||||
+ <string name="exec_spawn_summary">Launch apps in a more secure way than Android which takes slightly longer and increases memory usage by app processes.</string>
|
||||
<string name="native_debug_title">Enable native code debugging</string>
|
||||
<string name="native_debug_summary">Generate useful logs / bug reports from crashes and permit debugging native code.</string>
|
||||
|
||||
diff --git a/res/xml/security_dashboard_settings.xml b/res/xml/security_dashboard_settings.xml
|
||||
index 2c7b006f8b..08328ad7b6 100644
|
||||
--- a/res/xml/security_dashboard_settings.xml
|
||||
+++ b/res/xml/security_dashboard_settings.xml
|
||||
@@ -64,6 +64,12 @@
|
||||
android:entries="@array/auto_reboot_entries"
|
||||
android:entryValues="@array/auto_reboot_values" />
|
||||
|
||||
+ <SwitchPreference
|
||||
+ android:key="exec_spawn"
|
||||
+ android:title="@string/exec_spawn_title"
|
||||
+ android:summary="@string/exec_spawn_summary"
|
||||
+ android:persistent="false" />
|
||||
+
|
||||
<SwitchPreference
|
||||
android:key="native_debug"
|
||||
android:title="@string/native_debug_title"
|
||||
diff --git a/src/com/android/settings/security/ExecSpawnPreferenceController.java b/src/com/android/settings/security/ExecSpawnPreferenceController.java
|
||||
new file mode 100644
|
||||
index 0000000000..78f021210a
|
||||
--- /dev/null
|
||||
+++ b/src/com/android/settings/security/ExecSpawnPreferenceController.java
|
||||
@@ -0,0 +1,106 @@
|
||||
+/*
|
||||
+ * Copyright (C) 2022 The Android Open Source Project
|
||||
+ *
|
||||
+ * Licensed under the Apache License, Version 2.0 (the "License");
|
||||
+ * you may not use this file except in compliance with the License.
|
||||
+ * You may obtain a copy of the License at
|
||||
+ *
|
||||
+ * http://www.apache.org/licenses/LICENSE-2.0
|
||||
+ *
|
||||
+ * Unless required by applicable law or agreed to in writing, software
|
||||
+ * distributed under the License is distributed on an "AS IS" BASIS,
|
||||
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
+ * See the License for the specific language governing permissions and
|
||||
+ * limitations under the License
|
||||
+ */
|
||||
+
|
||||
+package com.android.settings.security;
|
||||
+
|
||||
+import android.content.Context;
|
||||
+
|
||||
+import android.os.UserHandle;
|
||||
+import android.os.UserManager;
|
||||
+import android.os.SystemProperties;
|
||||
+
|
||||
+import android.provider.Settings;
|
||||
+
|
||||
+import androidx.preference.Preference;
|
||||
+import androidx.preference.PreferenceCategory;
|
||||
+import androidx.preference.PreferenceGroup;
|
||||
+import androidx.preference.PreferenceScreen;
|
||||
+import androidx.preference.TwoStatePreference;
|
||||
+import androidx.preference.SwitchPreference;
|
||||
+
|
||||
+import com.android.internal.widget.LockPatternUtils;
|
||||
+import com.android.settings.core.PreferenceControllerMixin;
|
||||
+import com.android.settingslib.core.AbstractPreferenceController;
|
||||
+import com.android.settingslib.core.lifecycle.events.OnResume;
|
||||
+
|
||||
+public class ExecSpawnPreferenceController extends AbstractPreferenceController
|
||||
+ implements PreferenceControllerMixin, OnResume, Preference.OnPreferenceChangeListener {
|
||||
+
|
||||
+ private static final String SYS_KEY_EXEC_SPAWN = "persist.security.exec_spawn";
|
||||
+ private static final String PREF_KEY_EXEC_SPAWN = "exec_spawn";
|
||||
+ private static final String PREF_KEY_SECURITY_CATEGORY = "security_category";
|
||||
+
|
||||
+ private PreferenceCategory mSecurityCategory;
|
||||
+ private SwitchPreference mExecSpawn;
|
||||
+ private boolean mIsAdmin;
|
||||
+ private UserManager mUm;
|
||||
+
|
||||
+ public ExecSpawnPreferenceController(Context context) {
|
||||
+ super(context);
|
||||
+ mUm = UserManager.get(context);
|
||||
+ }
|
||||
+
|
||||
+ @Override
|
||||
+ public void displayPreference(PreferenceScreen screen) {
|
||||
+ super.displayPreference(screen);
|
||||
+ mSecurityCategory = screen.findPreference(PREF_KEY_SECURITY_CATEGORY);
|
||||
+ updatePreferenceState();
|
||||
+ }
|
||||
+
|
||||
+ @Override
|
||||
+ public boolean isAvailable() {
|
||||
+ mIsAdmin = mUm.isAdminUser();
|
||||
+ return mIsAdmin;
|
||||
+ }
|
||||
+
|
||||
+ @Override
|
||||
+ public String getPreferenceKey() {
|
||||
+ return PREF_KEY_EXEC_SPAWN;
|
||||
+ }
|
||||
+
|
||||
+ // TODO: should we use onCreatePreferences() instead?
|
||||
+ private void updatePreferenceState() {
|
||||
+ if (mSecurityCategory == null) {
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ if (mIsAdmin) {
|
||||
+ mExecSpawn = (SwitchPreference) mSecurityCategory.findPreference(PREF_KEY_EXEC_SPAWN);
|
||||
+ mExecSpawn.setChecked(SystemProperties.getBoolean(SYS_KEY_EXEC_SPAWN, true));
|
||||
+ } else {
|
||||
+ mSecurityCategory.removePreference(mSecurityCategory.findPreference(PREF_KEY_EXEC_SPAWN));
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ @Override
|
||||
+ public void onResume() {
|
||||
+ updatePreferenceState();
|
||||
+ if (mExecSpawn != null) {
|
||||
+ boolean mode = mExecSpawn.isChecked();
|
||||
+ SystemProperties.set(SYS_KEY_EXEC_SPAWN, Boolean.toString(mode));
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ @Override
|
||||
+ public boolean onPreferenceChange(Preference preference, Object value) {
|
||||
+ final String key = preference.getKey();
|
||||
+ if (PREF_KEY_EXEC_SPAWN.equals(key)) {
|
||||
+ final boolean mode = !mExecSpawn.isChecked();
|
||||
+ SystemProperties.set(SYS_KEY_EXEC_SPAWN, Boolean.toString(mode));
|
||||
+ }
|
||||
+ return true;
|
||||
+ }
|
||||
+}
|
||||
diff --git a/src/com/android/settings/security/SecuritySettings.java b/src/com/android/settings/security/SecuritySettings.java
|
||||
index 7aa126b75c..a5e0add739 100644
|
||||
--- a/src/com/android/settings/security/SecuritySettings.java
|
||||
+++ b/src/com/android/settings/security/SecuritySettings.java
|
||||
@@ -121,6 +121,7 @@ public class SecuritySettings extends DashboardFragment {
|
||||
securityPreferenceControllers.add(new FingerprintStatusPreferenceController(context));
|
||||
securityPreferenceControllers.add(new ChangeScreenLockPreferenceController(context, host));
|
||||
securityPreferenceControllers.add(new AutoRebootPreferenceController(context));
|
||||
+ securityPreferenceControllers.add(new ExecSpawnPreferenceController(context));
|
||||
securityPreferenceControllers.add(new NativeDebugPreferenceController(context));
|
||||
controllers.add(new PreferenceCategoryController(context, SECURITY_CATEGORY)
|
||||
.setChildren(securityPreferenceControllers));
|
@ -1,4 +1,4 @@
|
||||
From a2b51906dece2ea351b5aa4b66fa8cdefbf37ff6 Mon Sep 17 00:00:00 2001
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Thu, 17 Sep 2020 10:53:00 -0400
|
||||
Subject: [PATCH] disable enforce RRO for mainline devices
|
||||
@ -12,10 +12,10 @@ exec-based spawning in GrapheneOS.
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/target/product/mainline_system.mk b/target/product/mainline_system.mk
|
||||
index 1f22163c32..db2af7d1d2 100644
|
||||
index e9f9dde138..1199b78598 100644
|
||||
--- a/target/product/mainline_system.mk
|
||||
+++ b/target/product/mainline_system.mk
|
||||
@@ -115,7 +115,7 @@ PRODUCT_COPY_FILES += \
|
||||
@@ -118,7 +118,7 @@ PRODUCT_COPY_FILES += \
|
||||
# Enable dynamic partition size
|
||||
PRODUCT_USE_DYNAMIC_PARTITION_SIZE := true
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 14c3c1d4cd2df5dde69274e76a91b42fa383e577 Mon Sep 17 00:00:00 2001
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Sat, 14 Mar 2015 18:10:20 -0400
|
||||
Subject: [PATCH] add exec-based spawning support
|
||||
@ -135,7 +135,7 @@ diff --git a/core/java/com/android/internal/os/WrapperInit.java b/core/java/com/
|
||||
index 790d7f7ab694..4f7fd039ccd7 100644
|
||||
--- a/core/java/com/android/internal/os/WrapperInit.java
|
||||
+++ b/core/java/com/android/internal/os/WrapperInit.java
|
||||
@@ -185,7 +185,7 @@ private static Runnable wrapperInit(int targetSdkVersion, String[] argv) {
|
||||
@@ -185,7 +185,7 @@ public class WrapperInit {
|
||||
* This is acceptable here as failure will leave the wrapped app with strictly less
|
||||
* capabilities, which may make it crash, but not exceed its allowances.
|
||||
*/
|
||||
@ -148,7 +148,7 @@ diff --git a/core/java/com/android/internal/os/ZygoteConnection.java b/core/java
|
||||
index e6a3029c5b2b..a702e84813fa 100644
|
||||
--- a/core/java/com/android/internal/os/ZygoteConnection.java
|
||||
+++ b/core/java/com/android/internal/os/ZygoteConnection.java
|
||||
@@ -29,6 +29,7 @@
|
||||
@@ -29,6 +29,7 @@ import android.net.Credentials;
|
||||
import android.net.LocalSocket;
|
||||
import android.os.Parcel;
|
||||
import android.os.Process;
|
||||
@ -156,7 +156,7 @@ index e6a3029c5b2b..a702e84813fa 100644
|
||||
import android.os.Trace;
|
||||
import android.system.ErrnoException;
|
||||
import android.system.Os;
|
||||
@@ -501,6 +502,13 @@ private Runnable handleChildProc(ZygoteArguments parsedArgs,
|
||||
@@ -501,6 +502,13 @@ class ZygoteConnection {
|
||||
throw new IllegalStateException("WrapperInit.execApplication unexpectedly returned");
|
||||
} else {
|
||||
if (!isZygote) {
|
||||
|
@ -1,4 +1,4 @@
|
||||
From d414dcaa351e7a890d31c1da949421fb435ff168 Mon Sep 17 00:00:00 2001
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Wed, 11 Sep 2019 06:57:24 -0400
|
||||
Subject: [PATCH] disable preloading classloaders for exec spawning
|
||||
@ -11,7 +11,7 @@ diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/a
|
||||
index ad3b95ec67fc..0877a1668930 100644
|
||||
--- a/core/java/com/android/internal/os/ZygoteInit.java
|
||||
+++ b/core/java/com/android/internal/os/ZygoteInit.java
|
||||
@@ -135,9 +135,11 @@ static void preload(TimingsTraceLog bootTimingsTraceLog, boolean fullPreload) {
|
||||
@@ -135,9 +135,11 @@ public class ZygoteInit {
|
||||
preloadClasses();
|
||||
bootTimingsTraceLog.traceEnd(); // PreloadClasses
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
From b4cd877e3a0c2384b8939d5d1e2b6b734bbd13b2 Mon Sep 17 00:00:00 2001
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Wed, 11 Sep 2019 06:58:51 -0400
|
||||
Subject: [PATCH] disable preloading HALs for exec spawning
|
||||
@ -11,7 +11,7 @@ diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/a
|
||||
index 0877a1668930..d19868ebd9ca 100644
|
||||
--- a/core/java/com/android/internal/os/ZygoteInit.java
|
||||
+++ b/core/java/com/android/internal/os/ZygoteInit.java
|
||||
@@ -145,9 +145,11 @@ static void preload(TimingsTraceLog bootTimingsTraceLog, boolean fullPreload) {
|
||||
@@ -145,9 +145,11 @@ public class ZygoteInit {
|
||||
preloadResources();
|
||||
bootTimingsTraceLog.traceEnd(); // PreloadResources
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 98634286bbdffe967a9a03442e5aa324ec26986a Mon Sep 17 00:00:00 2001
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: anupritaisno1 <www.anuprita804@gmail.com>
|
||||
Date: Fri, 30 Oct 2020 22:26:09 +0000
|
||||
Subject: [PATCH] pass through runtime flags for exec spawning and implement
|
||||
@ -16,7 +16,7 @@ diff --git a/core/java/com/android/internal/os/ExecInit.java b/core/java/com/and
|
||||
index 830e5b562a91..749c67abf389 100644
|
||||
--- a/core/java/com/android/internal/os/ExecInit.java
|
||||
+++ b/core/java/com/android/internal/os/ExecInit.java
|
||||
@@ -31,15 +31,20 @@ public static void main(String[] args) {
|
||||
@@ -31,15 +31,20 @@ public class ExecInit {
|
||||
// Parse our mandatory argument.
|
||||
int targetSdkVersion = Integer.parseInt(args[0], 10);
|
||||
|
||||
@ -39,7 +39,7 @@ index 830e5b562a91..749c67abf389 100644
|
||||
r.run();
|
||||
}
|
||||
|
||||
@@ -52,9 +57,9 @@ public static void main(String[] args) {
|
||||
@@ -52,9 +57,9 @@ public class ExecInit {
|
||||
* @param args Arguments for {@link RuntimeInit#main}.
|
||||
*/
|
||||
public static void execApplication(String niceName, int targetSdkVersion,
|
||||
@ -51,7 +51,7 @@ index 830e5b562a91..749c67abf389 100644
|
||||
String[] argv = new String[baseArgs + args.length];
|
||||
if (VMRuntime.is64BitInstructionSet(instructionSet)) {
|
||||
argv[0] = "/system/bin/app_process64";
|
||||
@@ -68,6 +73,7 @@ public static void execApplication(String niceName, int targetSdkVersion,
|
||||
@@ -68,6 +73,7 @@ public class ExecInit {
|
||||
}
|
||||
argv[3 + niceArgs] = "com.android.internal.os.ExecInit";
|
||||
argv[4 + niceArgs] = Integer.toString(targetSdkVersion);
|
||||
@ -63,7 +63,7 @@ diff --git a/core/java/com/android/internal/os/Zygote.java b/core/java/com/andro
|
||||
index a7d9827855a2..aa874ad98a78 100644
|
||||
--- a/core/java/com/android/internal/os/Zygote.java
|
||||
+++ b/core/java/com/android/internal/os/Zygote.java
|
||||
@@ -1097,4 +1097,13 @@ static void appendQuotedShellArgs(StringBuilder command, String[] args) {
|
||||
@@ -1097,4 +1097,13 @@ public final class Zygote {
|
||||
* fully-feature Memory Tagging, rather than the static Tagged Pointers.
|
||||
*/
|
||||
public static native boolean nativeSupportsTaggedPointers();
|
||||
@ -81,7 +81,7 @@ diff --git a/core/java/com/android/internal/os/ZygoteConnection.java b/core/java
|
||||
index 9b4664178530..4ae69677f1dd 100644
|
||||
--- a/core/java/com/android/internal/os/ZygoteConnection.java
|
||||
+++ b/core/java/com/android/internal/os/ZygoteConnection.java
|
||||
@@ -505,7 +505,7 @@ private Runnable handleChildProc(ZygoteArguments parsedArgs,
|
||||
@@ -505,7 +505,7 @@ class ZygoteConnection {
|
||||
if (SystemProperties.getBoolean("sys.spawn.exec", true) &&
|
||||
(parsedArgs.mRuntimeFlags & ApplicationInfo.FLAG_DEBUGGABLE) == 0) {
|
||||
ExecInit.execApplication(parsedArgs.mNiceName, parsedArgs.mTargetSdkVersion,
|
||||
|
@ -1,4 +1,4 @@
|
||||
From ac1943345ec96411ecbac3ce9b15cb371cc03551 Mon Sep 17 00:00:00 2001
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Tue, 21 May 2019 23:54:20 -0400
|
||||
Subject: [PATCH] disable exec spawning when using debugging options
|
||||
@ -13,7 +13,7 @@ diff --git a/core/java/com/android/internal/os/ZygoteConnection.java b/core/java
|
||||
index a702e84813fa..9b4664178530 100644
|
||||
--- a/core/java/com/android/internal/os/ZygoteConnection.java
|
||||
+++ b/core/java/com/android/internal/os/ZygoteConnection.java
|
||||
@@ -502,7 +502,8 @@ private Runnable handleChildProc(ZygoteArguments parsedArgs,
|
||||
@@ -502,7 +502,8 @@ class ZygoteConnection {
|
||||
throw new IllegalStateException("WrapperInit.execApplication unexpectedly returned");
|
||||
} else {
|
||||
if (!isZygote) {
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 1abb8050413dae6ac6c1a082a38fb555c88534b9 Mon Sep 17 00:00:00 2001
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Tue, 14 May 2019 14:24:21 -0400
|
||||
Subject: [PATCH] add parameter for avoiding full preload with exec
|
||||
@ -12,7 +12,7 @@ diff --git a/core/java/com/android/internal/os/ExecInit.java b/core/java/com/and
|
||||
index 2adcab7fdbe6..830e5b562a91 100644
|
||||
--- a/core/java/com/android/internal/os/ExecInit.java
|
||||
+++ b/core/java/com/android/internal/os/ExecInit.java
|
||||
@@ -33,7 +33,7 @@ public static void main(String[] args) {
|
||||
@@ -33,7 +33,7 @@ public class ExecInit {
|
||||
|
||||
// Mimic system Zygote preloading.
|
||||
ZygoteInit.preload(new TimingsTraceLog("ExecInitTiming",
|
||||
@ -25,7 +25,7 @@ diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/a
|
||||
index 2e32730a6ecb..b9460f56d003 100644
|
||||
--- a/core/java/com/android/internal/os/ZygoteInit.java
|
||||
+++ b/core/java/com/android/internal/os/ZygoteInit.java
|
||||
@@ -125,7 +125,7 @@
|
||||
@@ -125,7 +125,7 @@ public class ZygoteInit {
|
||||
|
||||
private static boolean sPreloadComplete;
|
||||
|
||||
@ -34,7 +34,7 @@ index 2e32730a6ecb..b9460f56d003 100644
|
||||
Log.d(TAG, "begin preload");
|
||||
bootTimingsTraceLog.traceBegin("BeginPreload");
|
||||
beginPreload();
|
||||
@@ -157,6 +157,10 @@ static void preload(TimingsTraceLog bootTimingsTraceLog) {
|
||||
@@ -157,6 +157,10 @@ public class ZygoteInit {
|
||||
sPreloadComplete = true;
|
||||
}
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 2e07ab8c242551e6847bffef84546ed5eaf345cf Mon Sep 17 00:00:00 2001
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Wed, 11 Sep 2019 06:43:55 -0400
|
||||
Subject: [PATCH] pass through fullPreload to libcore
|
||||
@ -11,7 +11,7 @@ diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/a
|
||||
index b9460f56d003..467183355515 100644
|
||||
--- a/core/java/com/android/internal/os/ZygoteInit.java
|
||||
+++ b/core/java/com/android/internal/os/ZygoteInit.java
|
||||
@@ -128,7 +128,7 @@
|
||||
@@ -128,7 +128,7 @@ public class ZygoteInit {
|
||||
static void preload(TimingsTraceLog bootTimingsTraceLog, boolean fullPreload) {
|
||||
Log.d(TAG, "begin preload");
|
||||
bootTimingsTraceLog.traceBegin("BeginPreload");
|
||||
@ -20,7 +20,7 @@ index b9460f56d003..467183355515 100644
|
||||
bootTimingsTraceLog.traceEnd(); // BeginPreload
|
||||
bootTimingsTraceLog.traceBegin("PreloadClasses");
|
||||
preloadClasses();
|
||||
@@ -150,7 +150,7 @@ static void preload(TimingsTraceLog bootTimingsTraceLog, boolean fullPreload) {
|
||||
@@ -150,7 +150,7 @@ public class ZygoteInit {
|
||||
// Ask the WebViewFactory to do any initialization that must run in the zygote process,
|
||||
// for memory sharing purposes.
|
||||
WebViewFactory.prepareWebViewInZygote();
|
||||
@ -29,7 +29,7 @@ index b9460f56d003..467183355515 100644
|
||||
warmUpJcaProviders();
|
||||
Log.d(TAG, "end preload");
|
||||
|
||||
@@ -168,14 +168,14 @@ public static void lazyPreload() {
|
||||
@@ -168,14 +168,14 @@ public class ZygoteInit {
|
||||
preload(new TimingsTraceLog("ZygoteInitTiming_lazy", Trace.TRACE_TAG_DALVIK));
|
||||
}
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 0044836677b9be153e04a91dddddcb74d9585643 Mon Sep 17 00:00:00 2001
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Tue, 14 May 2019 14:28:27 -0400
|
||||
Subject: [PATCH] disable OpenGL preloading for exec spawning
|
||||
@ -11,7 +11,7 @@ diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/a
|
||||
index 467183355515..e93e70443ee6 100644
|
||||
--- a/core/java/com/android/internal/os/ZygoteInit.java
|
||||
+++ b/core/java/com/android/internal/os/ZygoteInit.java
|
||||
@@ -142,9 +142,11 @@ static void preload(TimingsTraceLog bootTimingsTraceLog, boolean fullPreload) {
|
||||
@@ -142,9 +142,11 @@ public class ZygoteInit {
|
||||
Trace.traceBegin(Trace.TRACE_TAG_DALVIK, "PreloadAppProcessHALs");
|
||||
nativePreloadAppProcessHALs();
|
||||
Trace.traceEnd(Trace.TRACE_TAG_DALVIK);
|
||||
|
@ -1,4 +1,4 @@
|
||||
From c561811fad950dce791ef9941753ef95076da4c0 Mon Sep 17 00:00:00 2001
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Tue, 14 May 2019 14:28:52 -0400
|
||||
Subject: [PATCH] disable resource preloading for exec spawning
|
||||
@ -11,7 +11,7 @@ diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/a
|
||||
index e93e70443ee6..2d1f301668a4 100644
|
||||
--- a/core/java/com/android/internal/os/ZygoteInit.java
|
||||
+++ b/core/java/com/android/internal/os/ZygoteInit.java
|
||||
@@ -136,9 +136,11 @@ static void preload(TimingsTraceLog bootTimingsTraceLog, boolean fullPreload) {
|
||||
@@ -136,9 +136,11 @@ public class ZygoteInit {
|
||||
bootTimingsTraceLog.traceBegin("CacheNonBootClasspathClassLoaders");
|
||||
cacheNonBootClasspathClassLoaders();
|
||||
bootTimingsTraceLog.traceEnd(); // CacheNonBootClasspathClassLoaders
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 7a848373efa0bd5b948af7ade19927a8706f9ea2 Mon Sep 17 00:00:00 2001
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Tue, 14 May 2019 14:30:59 -0400
|
||||
Subject: [PATCH] disable class preloading for exec spawning
|
||||
@ -11,7 +11,7 @@ diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/a
|
||||
index 2d1f301668a4..b7246d0ac5ce 100644
|
||||
--- a/core/java/com/android/internal/os/ZygoteInit.java
|
||||
+++ b/core/java/com/android/internal/os/ZygoteInit.java
|
||||
@@ -130,9 +130,11 @@ static void preload(TimingsTraceLog bootTimingsTraceLog, boolean fullPreload) {
|
||||
@@ -130,9 +130,11 @@ public class ZygoteInit {
|
||||
bootTimingsTraceLog.traceBegin("BeginPreload");
|
||||
beginPreload(fullPreload);
|
||||
bootTimingsTraceLog.traceEnd(); // BeginPreload
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 89646bdeb19463424158544c6942224320e9e180 Mon Sep 17 00:00:00 2001
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Tue, 14 May 2019 14:31:29 -0400
|
||||
Subject: [PATCH] disable WebView reservation for exec spawning
|
||||
@ -11,7 +11,7 @@ diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/a
|
||||
index b7246d0ac5ce..04a323254c72 100644
|
||||
--- a/core/java/com/android/internal/os/ZygoteInit.java
|
||||
+++ b/core/java/com/android/internal/os/ZygoteInit.java
|
||||
@@ -153,9 +153,11 @@ static void preload(TimingsTraceLog bootTimingsTraceLog, boolean fullPreload) {
|
||||
@@ -153,9 +153,11 @@ public class ZygoteInit {
|
||||
}
|
||||
preloadSharedLibraries();
|
||||
preloadTextResources();
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 2a70bbac4a8342175971498084494845b4f24546 Mon Sep 17 00:00:00 2001
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Tue, 14 May 2019 14:34:32 -0400
|
||||
Subject: [PATCH] disable JCA provider warm up for exec spawning
|
||||
@ -11,7 +11,7 @@ diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/a
|
||||
index 04a323254c72..ad3b95ec67fc 100644
|
||||
--- a/core/java/com/android/internal/os/ZygoteInit.java
|
||||
+++ b/core/java/com/android/internal/os/ZygoteInit.java
|
||||
@@ -159,7 +159,7 @@ static void preload(TimingsTraceLog bootTimingsTraceLog, boolean fullPreload) {
|
||||
@@ -159,7 +159,7 @@ public class ZygoteInit {
|
||||
WebViewFactory.prepareWebViewInZygote();
|
||||
}
|
||||
endPreload(fullPreload);
|
||||
@ -20,7 +20,7 @@ index 04a323254c72..ad3b95ec67fc 100644
|
||||
Log.d(TAG, "end preload");
|
||||
|
||||
sPreloadComplete = true;
|
||||
@@ -229,7 +229,7 @@ private static void preloadTextResources() {
|
||||
@@ -229,7 +229,7 @@ public class ZygoteInit {
|
||||
* By doing it here we avoid that each app does it when requesting a service from the provider
|
||||
* for the first time.
|
||||
*/
|
||||
@ -29,7 +29,7 @@ index 04a323254c72..ad3b95ec67fc 100644
|
||||
long startTime = SystemClock.uptimeMillis();
|
||||
Trace.traceBegin(
|
||||
Trace.TRACE_TAG_DALVIK, "Starting installation of AndroidKeyStoreProvider");
|
||||
@@ -241,15 +241,17 @@ private static void warmUpJcaProviders() {
|
||||
@@ -241,15 +241,17 @@ public class ZygoteInit {
|
||||
+ (SystemClock.uptimeMillis() - startTime) + "ms.");
|
||||
Trace.traceEnd(Trace.TRACE_TAG_DALVIK);
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 4c2635390c10512b0c79ee1f3658a25d6b671ca0 Mon Sep 17 00:00:00 2001
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Wed, 11 Sep 2019 06:46:38 -0400
|
||||
Subject: [PATCH] add parameter for avoiding full preload with exec
|
||||
@ -12,7 +12,7 @@ diff --git a/dalvik/src/main/java/dalvik/system/ZygoteHooks.java b/dalvik/src/ma
|
||||
index 7e8fe3651e..de5a056143 100644
|
||||
--- a/dalvik/src/main/java/dalvik/system/ZygoteHooks.java
|
||||
+++ b/dalvik/src/main/java/dalvik/system/ZygoteHooks.java
|
||||
@@ -48,7 +48,7 @@ private ZygoteHooks() {
|
||||
@@ -48,7 +48,7 @@ public final class ZygoteHooks {
|
||||
* Called when the zygote begins preloading classes and data.
|
||||
*/
|
||||
@libcore.api.CorePlatformApi
|
||||
@ -21,7 +21,7 @@ index 7e8fe3651e..de5a056143 100644
|
||||
// Pin ICU data in memory from this point that would normally be held by soft references.
|
||||
// Without this, any references created immediately below or during class preloading
|
||||
// would be collected when the Zygote GC runs in gcAndFinalize().
|
||||
@@ -71,7 +71,7 @@ public static void onBeginPreload() {
|
||||
@@ -71,7 +71,7 @@ public final class ZygoteHooks {
|
||||
* Called when the zygote has completed preloading classes and data.
|
||||
*/
|
||||
@libcore.api.CorePlatformApi
|
||||
|
@ -1,4 +1,4 @@
|
||||
From add34a4bc6aa69f21f012d62215b5af500bea551 Mon Sep 17 00:00:00 2001
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Wed, 11 Sep 2019 06:47:11 -0400
|
||||
Subject: [PATCH] disable ICU cache pinning for exec spawning
|
||||
@ -11,7 +11,7 @@ diff --git a/dalvik/src/main/java/dalvik/system/ZygoteHooks.java b/dalvik/src/ma
|
||||
index de5a056143..e77cec2517 100644
|
||||
--- a/dalvik/src/main/java/dalvik/system/ZygoteHooks.java
|
||||
+++ b/dalvik/src/main/java/dalvik/system/ZygoteHooks.java
|
||||
@@ -49,15 +49,17 @@ private ZygoteHooks() {
|
||||
@@ -49,15 +49,17 @@ public final class ZygoteHooks {
|
||||
*/
|
||||
@libcore.api.CorePlatformApi
|
||||
public static void onBeginPreload(boolean fullPreload) {
|
||||
@ -38,7 +38,7 @@ index de5a056143..e77cec2517 100644
|
||||
}
|
||||
|
||||
// Framework's LocalLog is used during app start-up. It indirectly uses the current ICU time
|
||||
@@ -72,8 +74,10 @@ public static void onBeginPreload(boolean fullPreload) {
|
||||
@@ -72,8 +74,10 @@ public final class ZygoteHooks {
|
||||
*/
|
||||
@libcore.api.CorePlatformApi
|
||||
public static void onEndPreload(boolean fullPreload) {
|
||||
|
@ -10,7 +10,7 @@ Subject: [PATCH] UserManager app installation restrictions
|
||||
3 files changed, 44 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/res/values/strings.xml b/res/values/strings.xml
|
||||
index 87ef39ed10..66b27f3263 100644
|
||||
index b33a94d4a6..1cd05427d1 100644
|
||||
--- a/res/values/strings.xml
|
||||
+++ b/res/values/strings.xml
|
||||
@@ -7088,6 +7088,8 @@
|
||||
|
@ -0,0 +1,167 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Sat, 26 Mar 2022 20:35:37 -0400
|
||||
Subject: [PATCH] add exec spawning toggle
|
||||
|
||||
---
|
||||
res/values/strings.xml | 2 +
|
||||
res/xml/security_dashboard_settings.xml | 6 +
|
||||
.../ExecSpawnPreferenceController.java | 106 ++++++++++++++++++
|
||||
.../settings/security/SecuritySettings.java | 1 +
|
||||
4 files changed, 115 insertions(+)
|
||||
create mode 100644 src/com/android/settings/security/ExecSpawnPreferenceController.java
|
||||
|
||||
diff --git a/res/values/strings.xml b/res/values/strings.xml
|
||||
index 87ef39ed10..b33a94d4a6 100644
|
||||
--- a/res/values/strings.xml
|
||||
+++ b/res/values/strings.xml
|
||||
@@ -11957,6 +11957,8 @@
|
||||
<!-- UI debug setting: Force enable "smart dark" UI rendering feature summary [CHAR LIMIT=NONE] -->
|
||||
<string name="hwui_force_dark_summary">Overrides the force-dark feature to be always-on</string>
|
||||
|
||||
+ <string name="exec_spawn_title">Enable secure app spawning</string>
|
||||
+ <string name="exec_spawn_summary">Launch apps in a more secure way than Android which takes slightly longer and increases memory usage by app processes.</string>
|
||||
<string name="native_debug_title">Enable native code debugging</string>
|
||||
<string name="native_debug_summary">Generate useful logs / bug reports from crashes and permit debugging native code.</string>
|
||||
|
||||
diff --git a/res/xml/security_dashboard_settings.xml b/res/xml/security_dashboard_settings.xml
|
||||
index 06b3511ceb..75cc0b261d 100644
|
||||
--- a/res/xml/security_dashboard_settings.xml
|
||||
+++ b/res/xml/security_dashboard_settings.xml
|
||||
@@ -64,6 +64,12 @@
|
||||
android:entries="@array/auto_reboot_entries"
|
||||
android:entryValues="@array/auto_reboot_values" />
|
||||
|
||||
+ <SwitchPreference
|
||||
+ android:key="exec_spawn"
|
||||
+ android:title="@string/exec_spawn_title"
|
||||
+ android:summary="@string/exec_spawn_summary"
|
||||
+ android:persistent="false" />
|
||||
+
|
||||
<SwitchPreference
|
||||
android:key="native_debug"
|
||||
android:title="@string/native_debug_title"
|
||||
diff --git a/src/com/android/settings/security/ExecSpawnPreferenceController.java b/src/com/android/settings/security/ExecSpawnPreferenceController.java
|
||||
new file mode 100644
|
||||
index 0000000000..78f021210a
|
||||
--- /dev/null
|
||||
+++ b/src/com/android/settings/security/ExecSpawnPreferenceController.java
|
||||
@@ -0,0 +1,106 @@
|
||||
+/*
|
||||
+ * Copyright (C) 2022 The Android Open Source Project
|
||||
+ *
|
||||
+ * Licensed under the Apache License, Version 2.0 (the "License");
|
||||
+ * you may not use this file except in compliance with the License.
|
||||
+ * You may obtain a copy of the License at
|
||||
+ *
|
||||
+ * http://www.apache.org/licenses/LICENSE-2.0
|
||||
+ *
|
||||
+ * Unless required by applicable law or agreed to in writing, software
|
||||
+ * distributed under the License is distributed on an "AS IS" BASIS,
|
||||
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
+ * See the License for the specific language governing permissions and
|
||||
+ * limitations under the License
|
||||
+ */
|
||||
+
|
||||
+package com.android.settings.security;
|
||||
+
|
||||
+import android.content.Context;
|
||||
+
|
||||
+import android.os.UserHandle;
|
||||
+import android.os.UserManager;
|
||||
+import android.os.SystemProperties;
|
||||
+
|
||||
+import android.provider.Settings;
|
||||
+
|
||||
+import androidx.preference.Preference;
|
||||
+import androidx.preference.PreferenceCategory;
|
||||
+import androidx.preference.PreferenceGroup;
|
||||
+import androidx.preference.PreferenceScreen;
|
||||
+import androidx.preference.TwoStatePreference;
|
||||
+import androidx.preference.SwitchPreference;
|
||||
+
|
||||
+import com.android.internal.widget.LockPatternUtils;
|
||||
+import com.android.settings.core.PreferenceControllerMixin;
|
||||
+import com.android.settingslib.core.AbstractPreferenceController;
|
||||
+import com.android.settingslib.core.lifecycle.events.OnResume;
|
||||
+
|
||||
+public class ExecSpawnPreferenceController extends AbstractPreferenceController
|
||||
+ implements PreferenceControllerMixin, OnResume, Preference.OnPreferenceChangeListener {
|
||||
+
|
||||
+ private static final String SYS_KEY_EXEC_SPAWN = "persist.security.exec_spawn";
|
||||
+ private static final String PREF_KEY_EXEC_SPAWN = "exec_spawn";
|
||||
+ private static final String PREF_KEY_SECURITY_CATEGORY = "security_category";
|
||||
+
|
||||
+ private PreferenceCategory mSecurityCategory;
|
||||
+ private SwitchPreference mExecSpawn;
|
||||
+ private boolean mIsAdmin;
|
||||
+ private UserManager mUm;
|
||||
+
|
||||
+ public ExecSpawnPreferenceController(Context context) {
|
||||
+ super(context);
|
||||
+ mUm = UserManager.get(context);
|
||||
+ }
|
||||
+
|
||||
+ @Override
|
||||
+ public void displayPreference(PreferenceScreen screen) {
|
||||
+ super.displayPreference(screen);
|
||||
+ mSecurityCategory = screen.findPreference(PREF_KEY_SECURITY_CATEGORY);
|
||||
+ updatePreferenceState();
|
||||
+ }
|
||||
+
|
||||
+ @Override
|
||||
+ public boolean isAvailable() {
|
||||
+ mIsAdmin = mUm.isAdminUser();
|
||||
+ return mIsAdmin;
|
||||
+ }
|
||||
+
|
||||
+ @Override
|
||||
+ public String getPreferenceKey() {
|
||||
+ return PREF_KEY_EXEC_SPAWN;
|
||||
+ }
|
||||
+
|
||||
+ // TODO: should we use onCreatePreferences() instead?
|
||||
+ private void updatePreferenceState() {
|
||||
+ if (mSecurityCategory == null) {
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ if (mIsAdmin) {
|
||||
+ mExecSpawn = (SwitchPreference) mSecurityCategory.findPreference(PREF_KEY_EXEC_SPAWN);
|
||||
+ mExecSpawn.setChecked(SystemProperties.getBoolean(SYS_KEY_EXEC_SPAWN, true));
|
||||
+ } else {
|
||||
+ mSecurityCategory.removePreference(mSecurityCategory.findPreference(PREF_KEY_EXEC_SPAWN));
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ @Override
|
||||
+ public void onResume() {
|
||||
+ updatePreferenceState();
|
||||
+ if (mExecSpawn != null) {
|
||||
+ boolean mode = mExecSpawn.isChecked();
|
||||
+ SystemProperties.set(SYS_KEY_EXEC_SPAWN, Boolean.toString(mode));
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ @Override
|
||||
+ public boolean onPreferenceChange(Preference preference, Object value) {
|
||||
+ final String key = preference.getKey();
|
||||
+ if (PREF_KEY_EXEC_SPAWN.equals(key)) {
|
||||
+ final boolean mode = !mExecSpawn.isChecked();
|
||||
+ SystemProperties.set(SYS_KEY_EXEC_SPAWN, Boolean.toString(mode));
|
||||
+ }
|
||||
+ return true;
|
||||
+ }
|
||||
+}
|
||||
diff --git a/src/com/android/settings/security/SecuritySettings.java b/src/com/android/settings/security/SecuritySettings.java
|
||||
index 6f939d3165..387814c406 100644
|
||||
--- a/src/com/android/settings/security/SecuritySettings.java
|
||||
+++ b/src/com/android/settings/security/SecuritySettings.java
|
||||
@@ -119,6 +119,7 @@ public class SecuritySettings extends DashboardFragment {
|
||||
securityPreferenceControllers.add(new FingerprintStatusPreferenceController(context));
|
||||
securityPreferenceControllers.add(new ChangeScreenLockPreferenceController(context, host));
|
||||
securityPreferenceControllers.add(new AutoRebootPreferenceController(context));
|
||||
+ securityPreferenceControllers.add(new ExecSpawnPreferenceController(context));
|
||||
securityPreferenceControllers.add(new NativeDebugPreferenceController(context));
|
||||
controllers.add(new PreferenceCategoryController(context, SECURITY_CATEGORY)
|
||||
.setChildren(securityPreferenceControllers));
|
@ -1 +1 @@
|
||||
Subproject commit 9a960526a5d73ec6b619d4fca0d4073829916a82
|
||||
Subproject commit 311413e58ad8e300a0ef858adc59c365dad5f6c7
|
@ -154,6 +154,7 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/0010-Exec_Based_Spawning-7.patc
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0010-Exec_Based_Spawning-8.patch";
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0010-Exec_Based_Spawning-9.patch";
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0010-Exec_Based_Spawning-10.patch";
|
||||
sed -i 's/sys.spawn.exec/persist.security.exec_spawn/' core/java/com/android/internal/os/ZygoteConnection.java;
|
||||
fi;
|
||||
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969)
|
||||
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after three failed attempts (GrapheneOS)
|
||||
|
@ -147,6 +147,7 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/0010-Exec_Based_Spawning-9.patc
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0010-Exec_Based_Spawning-10.patch";
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0010-Exec_Based_Spawning-11.patch";
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0010-Exec_Based_Spawning-12.patch";
|
||||
sed -i 's/sys.spawn.exec/persist.security.exec_spawn/' core/java/com/android/internal/os/ZygoteConnection.java;
|
||||
fi;
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after three failed attempts (GrapheneOS)
|
||||
@ -296,6 +297,7 @@ applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0006-Bluetooth_Timeout.p
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0007-WiFi_Timeout.patch"; #Timeout for Wi-Fi (CalyxOS)
|
||||
fi;
|
||||
if [ "$DOS_GRAPHENE_PTRACE_SCOPE" = true ]; then applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0008-ptrace_scope.patch"; fi; #Add native debugging setting (GrapheneOS)
|
||||
if [ "$DOS_GRAPHENE_EXEC" = true ]; then applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0009-exec_spawning_toggle.patch"; fi; #Add exec spawning toggle (GrapheneOS)
|
||||
sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase max password length (GrapheneOS)
|
||||
sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service
|
||||
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/backup/PrivacySettingsUtils.java; fi; #microG doesn't support Backup, hide the options
|
||||
|
@ -122,7 +122,7 @@ buildAll() {
|
||||
buildDevice coral avb;
|
||||
buildDevice flame avb;
|
||||
#buildDevice raphael avb; #unb + missing vendor
|
||||
#buildDevice vayu avb; #broken vendor
|
||||
buildDevice vayu avb; #needs init.qcom.sensors.sh
|
||||
#SD765
|
||||
buildDevice bramble avb;
|
||||
buildDevice redfin avb;
|
||||
|
@ -89,7 +89,7 @@ if enterAndClear "build/make"; then
|
||||
git revert --no-edit def3f14af17ae92192d2cc7d22349cabfa906fd6; #Re-enable the downgrade check
|
||||
applyPatch "$DOS_PATCHES/android_build/0001-Enable_fwrapv.patch"; #Use -fwrapv at a minimum (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_build/0002-OTA_Keys.patch"; #Add correct keys to recovery for OTA verification
|
||||
if [ "$DOS_GRAPHENE_EXEC" = true ]; then applyPatch "$DOS_PATCHES/android_build/0003-Exec_Based_Spawning.patch"; fi; #Add exec-based spawning support (GrapheneOS)
|
||||
#if [ "$DOS_GRAPHENE_EXEC" = true ]; then applyPatch "$DOS_PATCHES/android_build/0003-Exec_Based_Spawning.patch"; fi; #Add exec-based spawning support (GrapheneOS) #XXX: many devices depend on RROs and most override this anyway
|
||||
sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
|
||||
if [ "$DOS_SILENCE_INCLUDED" = true ]; then sed -i 's/messaging/Silence/' target/product/aosp_base_telephony.mk target/product/aosp_product.mk; fi; #Replace the Messaging app with Silence
|
||||
awk -i inplace '!/updatable_apex.mk/' target/product/mainline_system.mk; #Disable APEX
|
||||
@ -160,6 +160,7 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-9.patc
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-10.patch";
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-11.patch";
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-12.patch";
|
||||
sed -i 's/sys.spawn.exec/persist.security.exec_spawn/' core/java/com/android/internal/os/ZygoteConnection.java;
|
||||
fi;
|
||||
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0006-Do-not-throw-in-setAppOnInterfaceLocked.patch"; #Fix random reboots on broken kernels when an app has data restricted XXX: ugly
|
||||
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0002-Signature_Spoofing.patch"; fi; #Allow packages to spoof their signature (microG)
|
||||
@ -301,6 +302,7 @@ applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0006-Bluetooth_Timeout.p
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0007-WiFi_Timeout.patch"; #Timeout for Wi-Fi (CalyxOS)
|
||||
fi;
|
||||
if [ "$DOS_GRAPHENE_PTRACE_SCOPE" = true ]; then applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0008-ptrace_scope.patch"; fi; #Add native debugging setting (GrapheneOS)
|
||||
if [ "$DOS_GRAPHENE_EXEC" = true ]; then applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0010-exec_spawning_toggle.patch"; fi; #Add exec spawning toggle (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0009-Install_Restrictions.patch"; #UserManager app installation restrictions (GrapheneOS)
|
||||
sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service
|
||||
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/backup/PrivacySettingsUtils.java; fi; #microG doesn't support Backup, hide the options
|
||||
|
Loading…
Reference in New Issue
Block a user