20.0: eUICC for all

TODO: move this setting to the cell menu

Signed-off-by: Tad <tad@spotco.us>

Patches/LineageOS-20.0/android_frameworks_base/0024-Burnin_Protection.patch

@@ -43,7 +43,7 @@ index e1998ce3d3ab..dc59ccd794f7 100644
 +    <dimen name="burnin_protection_vertical_shift">1dp</dimen>
  </resources>
 diff --git a/packages/SystemUI/src/com/android/systemui/navigationbar/NavigationBarView.java b/packages/SystemUI/src/com/android/systemui/navigationbar/NavigationBarView.java
-index bca52070edc3..d3f614f32086 100644
+index 8e2b65608b69..df4540bcf433 100644
 --- a/packages/SystemUI/src/com/android/systemui/navigationbar/NavigationBarView.java
 +++ b/packages/SystemUI/src/com/android/systemui/navigationbar/NavigationBarView.java
 @@ -163,6 +163,13 @@ public class NavigationBarView extends FrameLayout implements TunerService.Tunab
@@ -60,7 +60,7 @@ index bca52070edc3..d3f614f32086 100644
      /**
       * Helper that is responsible for showing the right toast when a disallowed activity operation
       * occurred. In pinned mode, we show instructions on how to break out of this mode, whilst in
-@@ -888,12 +895,31 @@ public class NavigationBarView extends FrameLayout implements TunerService.Tunab
+@@ -889,12 +896,31 @@ public class NavigationBarView extends FrameLayout implements TunerService.Tunab
          mContextualButtonGroup.setButtonVisibility(R.id.accessibility_button, visible);
      }
  

Patches/LineageOS-20.0/android_frameworks_base/0040-euicc-restrictions.patch

@@ -5,13 +5,13 @@ Subject: [PATCH] integrate Google's EuiccSupportPixel package
 
 Depends on commit: "don't crash apps that depend on missing Gservices provider"
 
-[tad@spotco.us]: handle OpenEUICC here too
+[tad@spotco.us]: handle OpenEUICC toggling here too
 
 Change-Id: I49e3ff6f2ce8d74383da1c4dfd42913c713016c6
 ---
- data/etc/preinstalled-packages-platform.xml    |  6 ++++++
- .../server/ext/PackageManagerHooks.java        | 18 ++++++++++++++++++
- 2 files changed, 24 insertions(+)
+ data/etc/preinstalled-packages-platform.xml   |  6 ++++
+ .../server/ext/PackageManagerHooks.java       | 31 +++++++++++++++++++
+ 2 files changed, 37 insertions(+)
 
 diff --git a/data/etc/preinstalled-packages-platform.xml b/data/etc/preinstalled-packages-platform.xml
 index ff8d96dd23f2..97027ebbca2d 100644
@@ -29,21 +29,35 @@ index ff8d96dd23f2..97027ebbca2d 100644
 +    </install-in-user-type>
  </config>
 diff --git a/services/core/java/com/android/server/ext/PackageManagerHooks.java b/services/core/java/com/android/server/ext/PackageManagerHooks.java
-index 007b65349e55..a69ce9999165 100644
+index 007b65349e55..890d5a37a53b 100644
 --- a/services/core/java/com/android/server/ext/PackageManagerHooks.java
 +++ b/services/core/java/com/android/server/ext/PackageManagerHooks.java
-@@ -16,10 +16,23 @@ import com.android.server.pm.pkg.parsing.ParsingPackage;
+@@ -6,6 +6,7 @@ import android.annotation.UserIdInt;
+ import android.content.pm.PackageManager;
+ import android.content.pm.PackageManagerInternal;
+ import android.os.Build;
++import android.os.SystemProperties;
+ import android.os.UserHandle;
+ import android.util.ArraySet;
+ 
+@@ -16,10 +17,29 @@ import com.android.server.pm.pkg.parsing.ParsingPackage;
  
  public class PackageManagerHooks {
  
-+    public static final String OPEN_EUICC_PKG_NAME = "im.angry.openeuicc";
++    public static final String OPENEUICC_PKG_NAME = "im.angry.openeuicc";
++    public static final String OPENEUICC_TOGGLE = "persist.security.openeuicc";
 +    public static final String EUICC_SUPPORT_PIXEL_PKG_NAME = "com.google.euiccpixel";
 +
      // Called when package enabled setting is deserialized from storage
      @Nullable
      public static Integer maybeOverridePackageEnabledSetting(String pkgName, @UserIdInt int userId) {
          switch (pkgName) {
-+            case OPEN_EUICC_PKG_NAME:
++            case OPENEUICC_PKG_NAME:
++                if (userId == UserHandle.USER_SYSTEM && SystemProperties.getBoolean(OPENEUICC_TOGGLE, false)) {
++                    return PackageManager.COMPONENT_ENABLED_STATE_DEFAULT;
++                } else {
++                    return PackageManager.COMPONENT_ENABLED_STATE_DISABLED;
++                }
 +            case EUICC_SUPPORT_PIXEL_PKG_NAME:
 +                if (userId == UserHandle.USER_SYSTEM) {
 +                    // EuiccSupportPixel handles firmware updates and should always be enabled.
@@ -56,18 +70,24 @@ index 007b65349e55..a69ce9999165 100644
              default:
                  return null;
          }
-@@ -30,6 +43,10 @@ public class PackageManagerHooks {
+@@ -30,6 +50,16 @@ public class PackageManagerHooks {
          String pkgName = pkg.getPackageName();
  
          switch (pkgName) {
 +            case EUICC_SUPPORT_PIXEL_PKG_NAME:
 +                // EuiccSupportPixel uses INTERNET perm only as part of its dev mode
 +                removeUsesPermissions(pkg, Manifest.permission.INTERNET);
++                return;
++            case OPENEUICC_PKG_NAME:
++                // this is the same as android:enabled="false" in <application> AndroidManifest tag,
++                // it makes the package disabled by default on first boot, when there's no
++                // serialized package state
++                pkg.setEnabled(false);
 +                return;
              default:
                  return;
          }
-@@ -86,5 +103,6 @@ public class PackageManagerHooks {
+@@ -86,5 +116,6 @@ public class PackageManagerHooks {
  
      // Packages in this array are restricted from interacting with and being interacted by non-system apps
      private static final ArraySet<String> restrictedVisibilityPackages = new ArraySet<>(new String[] {

Patches/LineageOS-20.0/android_packages_apps_Settings/0017-OpenEUICC_Toggle.patch

@@ -0,0 +1,172 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Tad <tad@spotco.us>
+Date: Wed, 20 Apr 2022 01:04:27 -0400
+Subject: [PATCH] Add a toggle for OpenEUICC enablement
+
+Copy and pasted from the GrapheneOS exec spawning toggle patch
+
+Change-Id: Ibea6ea9bed1c2ae3491f403d9e5c17c1d1c403f1
+Signed-off-by: Tad <tad@spotco.us>
+---
+ res/values/strings.xml                        |   3 +
+ res/xml/security_dashboard_settings.xml       |   6 +
+ .../OpenEuiccPreferenceController.java        | 106 ++++++++++++++++++
+ .../settings/security/SecuritySettings.java   |   1 +
+ 4 files changed, 116 insertions(+)
+ create mode 100644 src/com/android/settings/security/OpenEuiccPreferenceController.java
+
+diff --git a/res/values/strings.xml b/res/values/strings.xml
+index ce056d7ab0..751f4a4037 100644
+--- a/res/values/strings.xml
++++ b/res/values/strings.xml
+@@ -759,6 +759,9 @@
+     <string name="sig_spoof_title">Unprivileged microG enablement</string>
+     <string name="sig_spoof_summary">Allows official builds of microG apps to function. Not supported, not recommended. May break apps and/or degrade their security model. Notes: 1) microG connects directly to Google, 2) apps talking to microG do so using proprietary Google libraries, 3) microG can download/execute proprietary code from Google.</string>
+ 
++    <string name="openeuicc_title">Enable eUICC management</string>
++    <string name="openeuicc_summary">Enables the OpenEUICC app to allow management of virtual (eSIM) and physical eUICC cards. Reboot required after toggling.</string>
++
+     <!-- Text shown for the title of the lock when trust lost option [CHAR LIMIT=40] -->
+     <string name="trust_lost_locks_screen_title">Lock screen when trust is lost</string>
+     <!-- Text shown for the description of the lock when trust lost option [CHAR LIMIT=NONE -->
+diff --git a/res/xml/security_dashboard_settings.xml b/res/xml/security_dashboard_settings.xml
+index 604e8720e6..de90cec5bc 100644
+--- a/res/xml/security_dashboard_settings.xml
++++ b/res/xml/security_dashboard_settings.xml
+@@ -92,6 +92,12 @@
+             android:title="@string/sig_spoof_title"
+             android:summary="@string/sig_spoof_summary"
+             android:persistent="false" />
++
++        <SwitchPreference
++            android:key="openeuicc"
++            android:title="@string/openeuicc_title"
++            android:summary="@string/openeuicc_summary"
++            android:persistent="false" />
+     </PreferenceCategory>
+ 
+     <Preference
+diff --git a/src/com/android/settings/security/OpenEuiccPreferenceController.java b/src/com/android/settings/security/OpenEuiccPreferenceController.java
+new file mode 100644
+index 0000000000..026d92b7d2
+--- /dev/null
++++ b/src/com/android/settings/security/OpenEuiccPreferenceController.java
+@@ -0,0 +1,106 @@
++/*
++ * Copyright (C) 2022 The Android Open Source Project
++ *
++ * Licensed under the Apache License, Version 2.0 (the "License");
++ * you may not use this file except in compliance with the License.
++ * You may obtain a copy of the License at
++ *
++ *      http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License
++ */
++
++package com.android.settings.security;
++
++import android.content.Context;
++
++import android.os.UserHandle;
++import android.os.UserManager;
++import android.os.SystemProperties;
++
++import android.provider.Settings;
++
++import androidx.preference.Preference;
++import androidx.preference.PreferenceCategory;
++import androidx.preference.PreferenceGroup;
++import androidx.preference.PreferenceScreen;
++import androidx.preference.TwoStatePreference;
++import androidx.preference.SwitchPreference;
++
++import com.android.internal.widget.LockPatternUtils;
++import com.android.settings.core.PreferenceControllerMixin;
++import com.android.settingslib.core.AbstractPreferenceController;
++import com.android.settingslib.core.lifecycle.events.OnResume;
++
++public class OpenEuiccPreferenceController extends AbstractPreferenceController
++        implements PreferenceControllerMixin, OnResume, Preference.OnPreferenceChangeListener {
++
++    private static final String SYS_KEY_OPENEUICC_ENABLE = "persist.security.openeuicc";
++    private static final String PREF_KEY_OPENEUICC_ENABLE = "openeuicc";
++    private static final String PREF_KEY_SECURITY_CATEGORY = "security_category";
++
++    private PreferenceCategory mSecurityCategory;
++    private SwitchPreference mOpenEuiccEnable;
++    private boolean mIsAdmin;
++    private UserManager mUm;
++
++    public OpenEuiccPreferenceController(Context context) {
++        super(context);
++        mUm = UserManager.get(context);
++    }
++
++    @Override
++    public void displayPreference(PreferenceScreen screen) {
++        super.displayPreference(screen);
++        mSecurityCategory = screen.findPreference(PREF_KEY_SECURITY_CATEGORY);
++        updatePreferenceState();
++    }
++
++    @Override
++    public boolean isAvailable() {
++        mIsAdmin = mUm.isAdminUser();
++        return mIsAdmin;
++    }
++
++    @Override
++    public String getPreferenceKey() {
++        return PREF_KEY_OPENEUICC_ENABLE;
++    }
++
++    // TODO: should we use onCreatePreferences() instead?
++    private void updatePreferenceState() {
++        if (mSecurityCategory == null) {
++            return;
++        }
++
++        if (mIsAdmin) {
++            mOpenEuiccEnable = (SwitchPreference) mSecurityCategory.findPreference(PREF_KEY_OPENEUICC_ENABLE);
++            mOpenEuiccEnable.setChecked(SystemProperties.getInt(SYS_KEY_OPENEUICC_ENABLE, 0) == 1);
++        } else {
++            mSecurityCategory.removePreference(mSecurityCategory.findPreference(PREF_KEY_OPENEUICC_ENABLE));
++        }
++    }
++
++    @Override
++    public void onResume() {
++        updatePreferenceState();
++        if (mOpenEuiccEnable != null) {
++                boolean mode = mOpenEuiccEnable.isChecked();
++                SystemProperties.set(SYS_KEY_OPENEUICC_ENABLE, mode ? "1" : "0");
++        }
++    }
++
++    @Override
++    public boolean onPreferenceChange(Preference preference, Object value) {
++        final String key = preference.getKey();
++        if (PREF_KEY_OPENEUICC_ENABLE.equals(key)) {
++            final boolean mode = !mOpenEuiccEnable.isChecked();
++            SystemProperties.set(SYS_KEY_OPENEUICC_ENABLE, mode ? "1" : "0");
++        }
++        return true;
++    }
++}
+diff --git a/src/com/android/settings/security/SecuritySettings.java b/src/com/android/settings/security/SecuritySettings.java
+index 0076663587..ef92897f88 100644
+--- a/src/com/android/settings/security/SecuritySettings.java
++++ b/src/com/android/settings/security/SecuritySettings.java
+@@ -110,6 +110,7 @@ public class SecuritySettings extends DashboardFragment {
+         securityPreferenceControllers.add(new NativeDebugPreferenceController(context));
+         securityPreferenceControllers.add(new HostsPreferenceController(context));
+         securityPreferenceControllers.add(new SigSpoofPreferenceController(context));
++        securityPreferenceControllers.add(new OpenEuiccPreferenceController(context));
+         controllers.add(new PreferenceCategoryController(context, SECURITY_CATEGORY)
+                 .setChildren(securityPreferenceControllers));
+         controllers.addAll(securityPreferenceControllers);

Scripts/LineageOS-20.0/Patch.sh

@@ -316,6 +316,7 @@ applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0014-LTE_Only_Mode-1.pat
 applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0014-LTE_Only_Mode-2.patch"; #Fix LTE Only mode on World Mode (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0015-SUPL_Toggle.patch"; #Add a toggle for forcibly disabling SUPL (GrapheneOS)
 if [ "$DOS_MICROG_SUPPORT" = true ]; then applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0016-microG_Toggle.patch"; fi; #Add a toggle for microG enablement (heavily based off of a GrapheneOS patch)
+if [ "$DOS_DEBLOBBER_REMOVE_EUICC_FULL" = false ]; then applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0017-OpenEUICC_Toggle.patch"; fi; #Add a toggle for OpenEUICC enablement (heavily based off of a GrapheneOS patch)
 applyPatch "$DOS_PATCHES_COMMON/android_packages_apps_Settings/0001-disable_apps.patch"; #Add an ability to disable non-system apps from the "App info" screen (GrapheneOS)
 fi;
 
@@ -436,6 +437,7 @@ fi;
 if enter "vendor/divested"; then
 awk -i inplace '!/_lookup/' overlay/common/lineage-sdk/packages/LineageSettingsProvider/res/values/defaults.xml; #Remove all lookup provider overrides
 echo "PRODUCT_PACKAGES += eSpeakNG" >> packages.mk; #PicoTTS needs work to compile on 18.1, use eSpeak-NG instead
+if [ "$DOS_DEBLOBBER_REMOVE_EUICC_FULL" = false ]; then echo "PRODUCT_PACKAGES += OpenEUICC" >> packages.mk; fi;
 sed -i 's/OpenCamera/Aperture/' packages.mk; #Use the LineageOS camera app
 awk -i inplace '!/speed-profile/' build/target/product/lowram.mk; #breaks compile on some dexpreopt devices
 sed -i 's/wifi,cell/internet/' overlay/common/frameworks/base/packages/SystemUI/res/values/config.xml; #Use the modern quick tile
@@ -530,7 +532,7 @@ find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {}
 find "kernel" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenDefconfig "{}"';
 find "kernel" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'updateRegDb "{}"';
 find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'disableAPEX "{}"';
-if [ "$DOS_DEBLOBBER_REMOVE_EUICC_FULL" = false ]; then find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'includeOE "{}"'; fi;
+#if [ "$DOS_DEBLOBBER_REMOVE_EUICC_FULL" = false ]; then find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'includeOE "{}"'; fi;
 if [ "$DOS_GRAPHENE_EXEC" = true ]; then find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'disableEnforceRRO "{}"'; fi;
 cd "$DOS_BUILD_BASE";
 deblobAudio;