Enable the opt-in unprivileged microG enablement patchset

Runtime tested: 17.1, 18.1, 20.0
Compile tested: 19.1

Signed-off-by: Tad <tad@spotco.us>

Patches/LineageOS-17.1/android_frameworks_base/0021-Hardened-signature-spoofing.patch

@@ -89,8 +89,8 @@ index 9483f266b1fa..7e5a46cfd72f 100644
 -            PackageInfo packageInfo = PackageParser.generatePackageInfo(p, gids, flags,
 -                    ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId);
 +            // Allow microG GmsCore and FakeStore to spoof signature
-+            final boolean isValidGmsCore = p.packageName.equals("com.google.android.gms") && p.applicationInfo.targetSdkVersion >= 29 && p.versionCode >= 231657056;
-+            final boolean isValidFakeStore = p.packageName.equals("com.android.vending") && p.applicationInfo.targetSdkVersion >= 24 && p.versionCode >= 30;
++            final boolean isValidGmsCore = p.packageName.equals("com.google.android.gms") && p.applicationInfo.targetSdkVersion >= 29 && p.applicationInfo.versionCode >= 231657056;
++            final boolean isValidFakeStore = p.packageName.equals("com.android.vending") && p.applicationInfo.targetSdkVersion >= 24 && p.applicationInfo.versionCode >= 30;
 +            final boolean isMicroG = isValidGmsCore || isValidFakeStore;
 +            PackageInfo packageInfo;
 +            if (isMicroG && SystemProperties.getBoolean(SPOOF_CONTROL, false)) {

Patches/LineageOS-18.1/android_frameworks_base/0024-Hardened-signature-spoofing.patch

@@ -23,10 +23,10 @@ Change-Id: I64a252aac9bb196a11ed7b4b5d8c7e59a3413bd4
  3 files changed, 71 insertions(+), 2 deletions(-)
 
 diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
-index 57f8a713ec13..ec2cf1ace99f 100644
+index c63fea6e3e0e..a9e49921efba 100644
 --- a/core/java/android/content/pm/PackageParser.java
 +++ b/core/java/android/content/pm/PackageParser.java
-@@ -6457,6 +6457,38 @@ public class PackageParser {
+@@ -6459,6 +6459,38 @@ public class PackageParser {
              return false;
          }
  

Patches/LineageOS-18.1/android_packages_apps_Settings/0015-signature_spoofing_toggle.patch

@@ -16,10 +16,10 @@ Signed-off-by: Tad <tad@spotco.us>
  create mode 100644 src/com/android/settings/security/SigSpoofPreferenceController.java
 
 diff --git a/res/values/strings.xml b/res/values/strings.xml
-index 5af3638555..6d410415bc 100644
+index c597570f35..f04d49d6f1 100644
 --- a/res/values/strings.xml
 +++ b/res/values/strings.xml
-@@ -11972,6 +11972,9 @@
+@@ -11978,6 +11978,9 @@
      <string name="hosts_disable_title">Disable DNS content blocker</string>
      <string name="hosts_disable_summary">Disables use of the included /etc/hosts database for data collection and malware blocking.</string>
  

Patches/LineageOS-19.1/android_frameworks_base/0031-Hardened-signature-spoofing.patch

@@ -23,10 +23,10 @@ Change-Id: I64a252aac9bb196a11ed7b4b5d8c7e59a3413bd4
  3 files changed, 71 insertions(+), 2 deletions(-)
 
 diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
-index f92c2951fdef..052d7db60379 100644
+index 8f5df4672dc0..c326ed2eb09c 100644
 --- a/core/java/android/content/pm/PackageParser.java
 +++ b/core/java/android/content/pm/PackageParser.java
-@@ -6567,6 +6567,38 @@ public class PackageParser {
+@@ -6569,6 +6569,38 @@ public class PackageParser {
              return false;
          }
  
@@ -66,7 +66,7 @@ index f92c2951fdef..052d7db60379 100644
          public boolean signaturesMatchExactly(SigningDetails other) {
              return Signature.areExactMatch(this.signatures, other.signatures);
 diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml
-index a7d55479d2c3..d295fc5df234 100644
+index 35af82fb39a2..403680089a8d 100644
 --- a/core/res/res/values/config.xml
 +++ b/core/res/res/values/config.xml
 @@ -1804,6 +1804,8 @@

Patches/LineageOS-19.1/android_packages_apps_Settings/0016-signature_spoofing_toggle.patch

@@ -16,10 +16,10 @@ Signed-off-by: Tad <tad@spotco.us>
  create mode 100644 src/com/android/settings/security/SigSpoofPreferenceController.java
 
 diff --git a/res/values/strings.xml b/res/values/strings.xml
-index 67c47bc7b3..efab810360 100644
+index 1be8ea0677..24b8cbe581 100644
 --- a/res/values/strings.xml
 +++ b/res/values/strings.xml
-@@ -13127,6 +13127,9 @@
+@@ -13133,6 +13133,9 @@
      <string name="hosts_disable_title">Disable DNS content blocker</string>
      <string name="hosts_disable_summary">Disables use of the included /etc/hosts database for data collection and malware blocking.</string>
  

Patches/LineageOS-20.0/android_frameworks_base/0036-Hardened-signature-spoofing.patch

@@ -92,7 +92,7 @@ index a01ec67630de..20ab9e79ae79 100644
  
      <!-- Package name(s) of Advanced Driver Assistance applications. These packages have additional
 diff --git a/services/core/java/com/android/server/pm/ComputerEngine.java b/services/core/java/com/android/server/pm/ComputerEngine.java
-index 58448bfefdaf..a01995c536a9 100644
+index 58448bfefdaf..50678f515dde 100644
 --- a/services/core/java/com/android/server/pm/ComputerEngine.java
 +++ b/services/core/java/com/android/server/pm/ComputerEngine.java
 @@ -99,6 +99,7 @@ import android.os.IBinder;
@@ -112,8 +112,8 @@ index 58448bfefdaf..a01995c536a9 100644
 -                    ps);
 +
 +            // Allow microG GmsCore and FakeStore to spoof signature
-+            final boolean isValidGmsCore = p.getPackageName().equals("com.google.android.gms") && p.getTargetSdkVersion() >= 29 && p.getVersionCode() >= 231657056;
-+            final boolean isValidFakeStore = p.getPackageName().equals("com.android.vending") && p.getTargetSdkVersion() >= 24 && p.getVersionCode() >= 30;
++            final boolean isValidGmsCore = p.getPackageName().equals("com.google.android.gms") && p.getTargetSdkVersion() >= 29 && ps.getVersionCode() >= 231657056;
++            final boolean isValidFakeStore = p.getPackageName().equals("com.android.vending") && p.getTargetSdkVersion() >= 24 && ps.getVersionCode() >= 30;
 +            final boolean isMicroG = isValidGmsCore || isValidFakeStore;
 +            PackageInfo packageInfo;
 +            if (isMicroG && SystemProperties.getBoolean(SPOOF_CONTROL, false)) {

Patches/LineageOS-20.0/android_packages_apps_Settings/0016-signature_spoofing_toggle.patch

@@ -16,7 +16,7 @@ Signed-off-by: Tad <tad@spotco.us>
  create mode 100644 src/com/android/settings/security/SigSpoofPreferenceController.java
 
 diff --git a/res/values/strings.xml b/res/values/strings.xml
-index 6e619cc2c4..0677bede10 100644
+index 6e619cc2c4..8bc598e4bd 100644
 --- a/res/values/strings.xml
 +++ b/res/values/strings.xml
 @@ -756,6 +756,9 @@

Scripts/LineageOS-18.1/Patch.sh

@@ -95,7 +95,6 @@ sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aap
 awk -i inplace '!/updatable_apex.mk/' target/product/mainline_system.mk; #Disable APEX
 sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
 #sed -i 's/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := true/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := false/' core/product_config.mk; #broken by hardenDefconfig
-sed -i 's/2023-05-05/2023-06-05/' core/version_defaults.mk; #Bump Security String #R_asb_2023-06 #XXX
 fi;
 
 if enterAndClear "build/soong"; then

Scripts/LineageOS-19.1/Patch.sh

@@ -97,7 +97,6 @@ sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aap
 awk -i inplace '!/updatable_apex.mk/' target/product/generic_system.mk; #Disable APEX
 sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
 #sed -i 's/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := true/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := false/' core/product_config.mk; #broken by hardenDefconfig
-sed -i 's/2023-05-05/2023-06-05/' core/version_defaults.mk; #Bump Security String #S_asb_2023-06 #XXX
 fi;
 
 if enterAndClear "build/soong"; then
@@ -317,11 +316,6 @@ if enterAndClear "packages/apps/ThemePicker"; then
 applyPatch "$DOS_PATCHES/android_packages_apps_ThemePicker/0001-Monet_Toggle.patch"; #Add a UI for enabling Material You (GrapheneOS)
 fi;
 
-if enterAndClear "packages/apps/Traceur"; then
-git fetch https://github.com/LineageOS/android_packages_apps_Traceur refs/changes/65/358265/1 && git cherry-pick FETCH_HEAD; #S_asb_2023-06
-git fetch https://github.com/LineageOS/android_packages_apps_Traceur refs/changes/66/358266/1 && git cherry-pick FETCH_HEAD;
-fi;
-
 if enterAndClear "packages/apps/Trebuchet"; then
 cp $DOS_BUILD_BASE/vendor/divested/overlay/common/packages/apps/Trebuchet/res/xml/default_workspace_*.xml res/xml/; #XXX: Likely no longer needed
 fi;

Scripts/init.sh

@@ -65,7 +65,7 @@ export DOS_GRAPHENE_MALLOC=true; #Enables use of GrapheneOS' hardened memory all
 export DOS_GRAPHENE_EXEC=true; #Enables use of GrapheneOS' exec spawning feature on 16.0+17.1+18.1+19.1+20.0
 export DOS_HOSTS_BLOCKING=true; #Set false to prevent inclusion of a HOSTS file
 export DOS_HOSTS_BLOCKING_LIST="https://divested.dev/hosts-wildcards"; #Must be in the format "127.0.0.1 bad.domain.tld"
-export DOS_MICROG_SUPPORT=false; #Opt-in unprivileged microG support on 17.1+18.1+19.1+20.0
+export DOS_MICROG_SUPPORT=true; #Opt-in unprivileged microG support on 17.1+18.1+19.1+20.0
 export DOS_SENSORS_PERM=false; #Set true to provide a per-app sensors permission for 14.1/15.1 #XXX: can break things like camera
 export DOS_STRONG_ENCRYPTION_ENABLED=false; #Set true to enable AES 256-bit FDE encryption on 14.1+15.1 XXX: THIS WILL **DESTROY** EXISTING INSTALLS!
 export DOS_WEBVIEW_LFS=true; #Whether to `git lfs pull` in the WebView repository