mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2025-02-02 10:25:22 -05:00
Enable the opt-in unprivileged microG enablement patchset
Runtime tested: 17.1, 18.1, 20.0 Compile tested: 19.1 Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
parent
b7d37053c3
commit
a96f74ca28
@ -89,8 +89,8 @@ index 9483f266b1fa..7e5a46cfd72f 100644
|
||||
- PackageInfo packageInfo = PackageParser.generatePackageInfo(p, gids, flags,
|
||||
- ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId);
|
||||
+ // Allow microG GmsCore and FakeStore to spoof signature
|
||||
+ final boolean isValidGmsCore = p.packageName.equals("com.google.android.gms") && p.applicationInfo.targetSdkVersion >= 29 && p.versionCode >= 231657056;
|
||||
+ final boolean isValidFakeStore = p.packageName.equals("com.android.vending") && p.applicationInfo.targetSdkVersion >= 24 && p.versionCode >= 30;
|
||||
+ final boolean isValidGmsCore = p.packageName.equals("com.google.android.gms") && p.applicationInfo.targetSdkVersion >= 29 && p.applicationInfo.versionCode >= 231657056;
|
||||
+ final boolean isValidFakeStore = p.packageName.equals("com.android.vending") && p.applicationInfo.targetSdkVersion >= 24 && p.applicationInfo.versionCode >= 30;
|
||||
+ final boolean isMicroG = isValidGmsCore || isValidFakeStore;
|
||||
+ PackageInfo packageInfo;
|
||||
+ if (isMicroG && SystemProperties.getBoolean(SPOOF_CONTROL, false)) {
|
||||
|
@ -23,10 +23,10 @@ Change-Id: I64a252aac9bb196a11ed7b4b5d8c7e59a3413bd4
|
||||
3 files changed, 71 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
|
||||
index 57f8a713ec13..ec2cf1ace99f 100644
|
||||
index c63fea6e3e0e..a9e49921efba 100644
|
||||
--- a/core/java/android/content/pm/PackageParser.java
|
||||
+++ b/core/java/android/content/pm/PackageParser.java
|
||||
@@ -6457,6 +6457,38 @@ public class PackageParser {
|
||||
@@ -6459,6 +6459,38 @@ public class PackageParser {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
@ -16,10 +16,10 @@ Signed-off-by: Tad <tad@spotco.us>
|
||||
create mode 100644 src/com/android/settings/security/SigSpoofPreferenceController.java
|
||||
|
||||
diff --git a/res/values/strings.xml b/res/values/strings.xml
|
||||
index 5af3638555..6d410415bc 100644
|
||||
index c597570f35..f04d49d6f1 100644
|
||||
--- a/res/values/strings.xml
|
||||
+++ b/res/values/strings.xml
|
||||
@@ -11972,6 +11972,9 @@
|
||||
@@ -11978,6 +11978,9 @@
|
||||
<string name="hosts_disable_title">Disable DNS content blocker</string>
|
||||
<string name="hosts_disable_summary">Disables use of the included /etc/hosts database for data collection and malware blocking.</string>
|
||||
|
||||
|
@ -23,10 +23,10 @@ Change-Id: I64a252aac9bb196a11ed7b4b5d8c7e59a3413bd4
|
||||
3 files changed, 71 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
|
||||
index f92c2951fdef..052d7db60379 100644
|
||||
index 8f5df4672dc0..c326ed2eb09c 100644
|
||||
--- a/core/java/android/content/pm/PackageParser.java
|
||||
+++ b/core/java/android/content/pm/PackageParser.java
|
||||
@@ -6567,6 +6567,38 @@ public class PackageParser {
|
||||
@@ -6569,6 +6569,38 @@ public class PackageParser {
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -66,7 +66,7 @@ index f92c2951fdef..052d7db60379 100644
|
||||
public boolean signaturesMatchExactly(SigningDetails other) {
|
||||
return Signature.areExactMatch(this.signatures, other.signatures);
|
||||
diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml
|
||||
index a7d55479d2c3..d295fc5df234 100644
|
||||
index 35af82fb39a2..403680089a8d 100644
|
||||
--- a/core/res/res/values/config.xml
|
||||
+++ b/core/res/res/values/config.xml
|
||||
@@ -1804,6 +1804,8 @@
|
||||
|
@ -16,10 +16,10 @@ Signed-off-by: Tad <tad@spotco.us>
|
||||
create mode 100644 src/com/android/settings/security/SigSpoofPreferenceController.java
|
||||
|
||||
diff --git a/res/values/strings.xml b/res/values/strings.xml
|
||||
index 67c47bc7b3..efab810360 100644
|
||||
index 1be8ea0677..24b8cbe581 100644
|
||||
--- a/res/values/strings.xml
|
||||
+++ b/res/values/strings.xml
|
||||
@@ -13127,6 +13127,9 @@
|
||||
@@ -13133,6 +13133,9 @@
|
||||
<string name="hosts_disable_title">Disable DNS content blocker</string>
|
||||
<string name="hosts_disable_summary">Disables use of the included /etc/hosts database for data collection and malware blocking.</string>
|
||||
|
||||
|
@ -92,7 +92,7 @@ index a01ec67630de..20ab9e79ae79 100644
|
||||
|
||||
<!-- Package name(s) of Advanced Driver Assistance applications. These packages have additional
|
||||
diff --git a/services/core/java/com/android/server/pm/ComputerEngine.java b/services/core/java/com/android/server/pm/ComputerEngine.java
|
||||
index 58448bfefdaf..a01995c536a9 100644
|
||||
index 58448bfefdaf..50678f515dde 100644
|
||||
--- a/services/core/java/com/android/server/pm/ComputerEngine.java
|
||||
+++ b/services/core/java/com/android/server/pm/ComputerEngine.java
|
||||
@@ -99,6 +99,7 @@ import android.os.IBinder;
|
||||
@ -112,8 +112,8 @@ index 58448bfefdaf..a01995c536a9 100644
|
||||
- ps);
|
||||
+
|
||||
+ // Allow microG GmsCore and FakeStore to spoof signature
|
||||
+ final boolean isValidGmsCore = p.getPackageName().equals("com.google.android.gms") && p.getTargetSdkVersion() >= 29 && p.getVersionCode() >= 231657056;
|
||||
+ final boolean isValidFakeStore = p.getPackageName().equals("com.android.vending") && p.getTargetSdkVersion() >= 24 && p.getVersionCode() >= 30;
|
||||
+ final boolean isValidGmsCore = p.getPackageName().equals("com.google.android.gms") && p.getTargetSdkVersion() >= 29 && ps.getVersionCode() >= 231657056;
|
||||
+ final boolean isValidFakeStore = p.getPackageName().equals("com.android.vending") && p.getTargetSdkVersion() >= 24 && ps.getVersionCode() >= 30;
|
||||
+ final boolean isMicroG = isValidGmsCore || isValidFakeStore;
|
||||
+ PackageInfo packageInfo;
|
||||
+ if (isMicroG && SystemProperties.getBoolean(SPOOF_CONTROL, false)) {
|
||||
|
@ -16,7 +16,7 @@ Signed-off-by: Tad <tad@spotco.us>
|
||||
create mode 100644 src/com/android/settings/security/SigSpoofPreferenceController.java
|
||||
|
||||
diff --git a/res/values/strings.xml b/res/values/strings.xml
|
||||
index 6e619cc2c4..0677bede10 100644
|
||||
index 6e619cc2c4..8bc598e4bd 100644
|
||||
--- a/res/values/strings.xml
|
||||
+++ b/res/values/strings.xml
|
||||
@@ -756,6 +756,9 @@
|
||||
|
@ -95,7 +95,6 @@ sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aap
|
||||
awk -i inplace '!/updatable_apex.mk/' target/product/mainline_system.mk; #Disable APEX
|
||||
sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
|
||||
#sed -i 's/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := true/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := false/' core/product_config.mk; #broken by hardenDefconfig
|
||||
sed -i 's/2023-05-05/2023-06-05/' core/version_defaults.mk; #Bump Security String #R_asb_2023-06 #XXX
|
||||
fi;
|
||||
|
||||
if enterAndClear "build/soong"; then
|
||||
|
@ -97,7 +97,6 @@ sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aap
|
||||
awk -i inplace '!/updatable_apex.mk/' target/product/generic_system.mk; #Disable APEX
|
||||
sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
|
||||
#sed -i 's/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := true/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := false/' core/product_config.mk; #broken by hardenDefconfig
|
||||
sed -i 's/2023-05-05/2023-06-05/' core/version_defaults.mk; #Bump Security String #S_asb_2023-06 #XXX
|
||||
fi;
|
||||
|
||||
if enterAndClear "build/soong"; then
|
||||
@ -317,11 +316,6 @@ if enterAndClear "packages/apps/ThemePicker"; then
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_ThemePicker/0001-Monet_Toggle.patch"; #Add a UI for enabling Material You (GrapheneOS)
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/apps/Traceur"; then
|
||||
git fetch https://github.com/LineageOS/android_packages_apps_Traceur refs/changes/65/358265/1 && git cherry-pick FETCH_HEAD; #S_asb_2023-06
|
||||
git fetch https://github.com/LineageOS/android_packages_apps_Traceur refs/changes/66/358266/1 && git cherry-pick FETCH_HEAD;
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/apps/Trebuchet"; then
|
||||
cp $DOS_BUILD_BASE/vendor/divested/overlay/common/packages/apps/Trebuchet/res/xml/default_workspace_*.xml res/xml/; #XXX: Likely no longer needed
|
||||
fi;
|
||||
|
@ -65,7 +65,7 @@ export DOS_GRAPHENE_MALLOC=true; #Enables use of GrapheneOS' hardened memory all
|
||||
export DOS_GRAPHENE_EXEC=true; #Enables use of GrapheneOS' exec spawning feature on 16.0+17.1+18.1+19.1+20.0
|
||||
export DOS_HOSTS_BLOCKING=true; #Set false to prevent inclusion of a HOSTS file
|
||||
export DOS_HOSTS_BLOCKING_LIST="https://divested.dev/hosts-wildcards"; #Must be in the format "127.0.0.1 bad.domain.tld"
|
||||
export DOS_MICROG_SUPPORT=false; #Opt-in unprivileged microG support on 17.1+18.1+19.1+20.0
|
||||
export DOS_MICROG_SUPPORT=true; #Opt-in unprivileged microG support on 17.1+18.1+19.1+20.0
|
||||
export DOS_SENSORS_PERM=false; #Set true to provide a per-app sensors permission for 14.1/15.1 #XXX: can break things like camera
|
||||
export DOS_STRONG_ENCRYPTION_ENABLED=false; #Set true to enable AES 256-bit FDE encryption on 14.1+15.1 XXX: THIS WILL **DESTROY** EXISTING INSTALLS!
|
||||
export DOS_WEBVIEW_LFS=true; #Whether to `git lfs pull` in the WebView repository
|
||||
|
Loading…
x
Reference in New Issue
Block a user