diff --git a/Patches/LineageOS-20.0/android_frameworks_base/0024-Burnin_Protection.patch b/Patches/LineageOS-20.0/android_frameworks_base/0024-Burnin_Protection.patch
index da65ed3c..f5945ee0 100644
--- a/Patches/LineageOS-20.0/android_frameworks_base/0024-Burnin_Protection.patch
+++ b/Patches/LineageOS-20.0/android_frameworks_base/0024-Burnin_Protection.patch
@@ -43,7 +43,7 @@ index e1998ce3d3ab..dc59ccd794f7 100644
+ 1dp
diff --git a/packages/SystemUI/src/com/android/systemui/navigationbar/NavigationBarView.java b/packages/SystemUI/src/com/android/systemui/navigationbar/NavigationBarView.java
-index bca52070edc3..d3f614f32086 100644
+index 8e2b65608b69..df4540bcf433 100644
--- a/packages/SystemUI/src/com/android/systemui/navigationbar/NavigationBarView.java
+++ b/packages/SystemUI/src/com/android/systemui/navigationbar/NavigationBarView.java
@@ -163,6 +163,13 @@ public class NavigationBarView extends FrameLayout implements TunerService.Tunab
@@ -60,7 +60,7 @@ index bca52070edc3..d3f614f32086 100644
/**
* Helper that is responsible for showing the right toast when a disallowed activity operation
* occurred. In pinned mode, we show instructions on how to break out of this mode, whilst in
-@@ -888,12 +895,31 @@ public class NavigationBarView extends FrameLayout implements TunerService.Tunab
+@@ -889,12 +896,31 @@ public class NavigationBarView extends FrameLayout implements TunerService.Tunab
mContextualButtonGroup.setButtonVisibility(R.id.accessibility_button, visible);
}
diff --git a/Patches/LineageOS-20.0/android_frameworks_base/0040-euicc-restrictions.patch b/Patches/LineageOS-20.0/android_frameworks_base/0040-euicc-restrictions.patch
index 64a72fb4..f6f9a154 100644
--- a/Patches/LineageOS-20.0/android_frameworks_base/0040-euicc-restrictions.patch
+++ b/Patches/LineageOS-20.0/android_frameworks_base/0040-euicc-restrictions.patch
@@ -5,13 +5,13 @@ Subject: [PATCH] integrate Google's EuiccSupportPixel package
Depends on commit: "don't crash apps that depend on missing Gservices provider"
-[tad@spotco.us]: handle OpenEUICC here too
+[tad@spotco.us]: handle OpenEUICC toggling here too
Change-Id: I49e3ff6f2ce8d74383da1c4dfd42913c713016c6
---
- data/etc/preinstalled-packages-platform.xml | 6 ++++++
- .../server/ext/PackageManagerHooks.java | 18 ++++++++++++++++++
- 2 files changed, 24 insertions(+)
+ data/etc/preinstalled-packages-platform.xml | 6 ++++
+ .../server/ext/PackageManagerHooks.java | 31 +++++++++++++++++++
+ 2 files changed, 37 insertions(+)
diff --git a/data/etc/preinstalled-packages-platform.xml b/data/etc/preinstalled-packages-platform.xml
index ff8d96dd23f2..97027ebbca2d 100644
@@ -29,21 +29,35 @@ index ff8d96dd23f2..97027ebbca2d 100644
+
diff --git a/services/core/java/com/android/server/ext/PackageManagerHooks.java b/services/core/java/com/android/server/ext/PackageManagerHooks.java
-index 007b65349e55..a69ce9999165 100644
+index 007b65349e55..890d5a37a53b 100644
--- a/services/core/java/com/android/server/ext/PackageManagerHooks.java
+++ b/services/core/java/com/android/server/ext/PackageManagerHooks.java
-@@ -16,10 +16,23 @@ import com.android.server.pm.pkg.parsing.ParsingPackage;
+@@ -6,6 +6,7 @@ import android.annotation.UserIdInt;
+ import android.content.pm.PackageManager;
+ import android.content.pm.PackageManagerInternal;
+ import android.os.Build;
++import android.os.SystemProperties;
+ import android.os.UserHandle;
+ import android.util.ArraySet;
+
+@@ -16,10 +17,29 @@ import com.android.server.pm.pkg.parsing.ParsingPackage;
public class PackageManagerHooks {
-+ public static final String OPEN_EUICC_PKG_NAME = "im.angry.openeuicc";
++ public static final String OPENEUICC_PKG_NAME = "im.angry.openeuicc";
++ public static final String OPENEUICC_TOGGLE = "persist.security.openeuicc";
+ public static final String EUICC_SUPPORT_PIXEL_PKG_NAME = "com.google.euiccpixel";
+
// Called when package enabled setting is deserialized from storage
@Nullable
public static Integer maybeOverridePackageEnabledSetting(String pkgName, @UserIdInt int userId) {
switch (pkgName) {
-+ case OPEN_EUICC_PKG_NAME:
++ case OPENEUICC_PKG_NAME:
++ if (userId == UserHandle.USER_SYSTEM && SystemProperties.getBoolean(OPENEUICC_TOGGLE, false)) {
++ return PackageManager.COMPONENT_ENABLED_STATE_DEFAULT;
++ } else {
++ return PackageManager.COMPONENT_ENABLED_STATE_DISABLED;
++ }
+ case EUICC_SUPPORT_PIXEL_PKG_NAME:
+ if (userId == UserHandle.USER_SYSTEM) {
+ // EuiccSupportPixel handles firmware updates and should always be enabled.
@@ -56,18 +70,24 @@ index 007b65349e55..a69ce9999165 100644
default:
return null;
}
-@@ -30,6 +43,10 @@ public class PackageManagerHooks {
+@@ -30,6 +50,16 @@ public class PackageManagerHooks {
String pkgName = pkg.getPackageName();
switch (pkgName) {
+ case EUICC_SUPPORT_PIXEL_PKG_NAME:
+ // EuiccSupportPixel uses INTERNET perm only as part of its dev mode
+ removeUsesPermissions(pkg, Manifest.permission.INTERNET);
++ return;
++ case OPENEUICC_PKG_NAME:
++ // this is the same as android:enabled="false" in AndroidManifest tag,
++ // it makes the package disabled by default on first boot, when there's no
++ // serialized package state
++ pkg.setEnabled(false);
+ return;
default:
return;
}
-@@ -86,5 +103,6 @@ public class PackageManagerHooks {
+@@ -86,5 +116,6 @@ public class PackageManagerHooks {
// Packages in this array are restricted from interacting with and being interacted by non-system apps
private static final ArraySet restrictedVisibilityPackages = new ArraySet<>(new String[] {
diff --git a/Patches/LineageOS-20.0/android_packages_apps_Settings/0017-OpenEUICC_Toggle.patch b/Patches/LineageOS-20.0/android_packages_apps_Settings/0017-OpenEUICC_Toggle.patch
new file mode 100644
index 00000000..922556d2
--- /dev/null
+++ b/Patches/LineageOS-20.0/android_packages_apps_Settings/0017-OpenEUICC_Toggle.patch
@@ -0,0 +1,172 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Tad
+Date: Wed, 20 Apr 2022 01:04:27 -0400
+Subject: [PATCH] Add a toggle for OpenEUICC enablement
+
+Copy and pasted from the GrapheneOS exec spawning toggle patch
+
+Change-Id: Ibea6ea9bed1c2ae3491f403d9e5c17c1d1c403f1
+Signed-off-by: Tad
+---
+ res/values/strings.xml | 3 +
+ res/xml/security_dashboard_settings.xml | 6 +
+ .../OpenEuiccPreferenceController.java | 106 ++++++++++++++++++
+ .../settings/security/SecuritySettings.java | 1 +
+ 4 files changed, 116 insertions(+)
+ create mode 100644 src/com/android/settings/security/OpenEuiccPreferenceController.java
+
+diff --git a/res/values/strings.xml b/res/values/strings.xml
+index ce056d7ab0..751f4a4037 100644
+--- a/res/values/strings.xml
++++ b/res/values/strings.xml
+@@ -759,6 +759,9 @@
+ Unprivileged microG enablement
+ Allows official builds of microG apps to function. Not supported, not recommended. May break apps and/or degrade their security model. Notes: 1) microG connects directly to Google, 2) apps talking to microG do so using proprietary Google libraries, 3) microG can download/execute proprietary code from Google.
+
++ Enable eUICC management
++ Enables the OpenEUICC app to allow management of virtual (eSIM) and physical eUICC cards. Reboot required after toggling.
++
+
+ Lock screen when trust is lost
+
+diff --git a/res/xml/security_dashboard_settings.xml b/res/xml/security_dashboard_settings.xml
+index 604e8720e6..de90cec5bc 100644
+--- a/res/xml/security_dashboard_settings.xml
++++ b/res/xml/security_dashboard_settings.xml
+@@ -92,6 +92,12 @@
+ android:title="@string/sig_spoof_title"
+ android:summary="@string/sig_spoof_summary"
+ android:persistent="false" />
++
++
+
+
+ > packages.mk; #PicoTTS needs work to compile on 18.1, use eSpeak-NG instead
+if [ "$DOS_DEBLOBBER_REMOVE_EUICC_FULL" = false ]; then echo "PRODUCT_PACKAGES += OpenEUICC" >> packages.mk; fi;
sed -i 's/OpenCamera/Aperture/' packages.mk; #Use the LineageOS camera app
awk -i inplace '!/speed-profile/' build/target/product/lowram.mk; #breaks compile on some dexpreopt devices
sed -i 's/wifi,cell/internet/' overlay/common/frameworks/base/packages/SystemUI/res/values/config.xml; #Use the modern quick tile
@@ -530,7 +532,7 @@ find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {}
find "kernel" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenDefconfig "{}"';
find "kernel" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'updateRegDb "{}"';
find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'disableAPEX "{}"';
-if [ "$DOS_DEBLOBBER_REMOVE_EUICC_FULL" = false ]; then find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'includeOE "{}"'; fi;
+#if [ "$DOS_DEBLOBBER_REMOVE_EUICC_FULL" = false ]; then find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'includeOE "{}"'; fi;
if [ "$DOS_GRAPHENE_EXEC" = true ]; then find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'disableEnforceRRO "{}"'; fi;
cd "$DOS_BUILD_BASE";
deblobAudio;