Enable the opt-in unprivileged microG enablement patchset

Runtime tested: 17.1, 18.1, 20.0
Compile tested: 19.1

Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
Tad 2023-07-03 18:23:26 -04:00
parent b7d37053c3
commit a96f74ca28
No known key found for this signature in database
GPG Key ID: B286E9F57A07424B
10 changed files with 16 additions and 23 deletions

View File

@ -89,8 +89,8 @@ index 9483f266b1fa..7e5a46cfd72f 100644
- PackageInfo packageInfo = PackageParser.generatePackageInfo(p, gids, flags,
- ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId);
+ // Allow microG GmsCore and FakeStore to spoof signature
+ final boolean isValidGmsCore = p.packageName.equals("com.google.android.gms") && p.applicationInfo.targetSdkVersion >= 29 && p.versionCode >= 231657056;
+ final boolean isValidFakeStore = p.packageName.equals("com.android.vending") && p.applicationInfo.targetSdkVersion >= 24 && p.versionCode >= 30;
+ final boolean isValidGmsCore = p.packageName.equals("com.google.android.gms") && p.applicationInfo.targetSdkVersion >= 29 && p.applicationInfo.versionCode >= 231657056;
+ final boolean isValidFakeStore = p.packageName.equals("com.android.vending") && p.applicationInfo.targetSdkVersion >= 24 && p.applicationInfo.versionCode >= 30;
+ final boolean isMicroG = isValidGmsCore || isValidFakeStore;
+ PackageInfo packageInfo;
+ if (isMicroG && SystemProperties.getBoolean(SPOOF_CONTROL, false)) {

View File

@ -23,10 +23,10 @@ Change-Id: I64a252aac9bb196a11ed7b4b5d8c7e59a3413bd4
3 files changed, 71 insertions(+), 2 deletions(-)
diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
index 57f8a713ec13..ec2cf1ace99f 100644
index c63fea6e3e0e..a9e49921efba 100644
--- a/core/java/android/content/pm/PackageParser.java
+++ b/core/java/android/content/pm/PackageParser.java
@@ -6457,6 +6457,38 @@ public class PackageParser {
@@ -6459,6 +6459,38 @@ public class PackageParser {
return false;
}

View File

@ -16,10 +16,10 @@ Signed-off-by: Tad <tad@spotco.us>
create mode 100644 src/com/android/settings/security/SigSpoofPreferenceController.java
diff --git a/res/values/strings.xml b/res/values/strings.xml
index 5af3638555..6d410415bc 100644
index c597570f35..f04d49d6f1 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -11972,6 +11972,9 @@
@@ -11978,6 +11978,9 @@
<string name="hosts_disable_title">Disable DNS content blocker</string>
<string name="hosts_disable_summary">Disables use of the included /etc/hosts database for data collection and malware blocking.</string>

View File

@ -23,10 +23,10 @@ Change-Id: I64a252aac9bb196a11ed7b4b5d8c7e59a3413bd4
3 files changed, 71 insertions(+), 2 deletions(-)
diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
index f92c2951fdef..052d7db60379 100644
index 8f5df4672dc0..c326ed2eb09c 100644
--- a/core/java/android/content/pm/PackageParser.java
+++ b/core/java/android/content/pm/PackageParser.java
@@ -6567,6 +6567,38 @@ public class PackageParser {
@@ -6569,6 +6569,38 @@ public class PackageParser {
return false;
}
@ -66,7 +66,7 @@ index f92c2951fdef..052d7db60379 100644
public boolean signaturesMatchExactly(SigningDetails other) {
return Signature.areExactMatch(this.signatures, other.signatures);
diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml
index a7d55479d2c3..d295fc5df234 100644
index 35af82fb39a2..403680089a8d 100644
--- a/core/res/res/values/config.xml
+++ b/core/res/res/values/config.xml
@@ -1804,6 +1804,8 @@

View File

@ -16,10 +16,10 @@ Signed-off-by: Tad <tad@spotco.us>
create mode 100644 src/com/android/settings/security/SigSpoofPreferenceController.java
diff --git a/res/values/strings.xml b/res/values/strings.xml
index 67c47bc7b3..efab810360 100644
index 1be8ea0677..24b8cbe581 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -13127,6 +13127,9 @@
@@ -13133,6 +13133,9 @@
<string name="hosts_disable_title">Disable DNS content blocker</string>
<string name="hosts_disable_summary">Disables use of the included /etc/hosts database for data collection and malware blocking.</string>

View File

@ -92,7 +92,7 @@ index a01ec67630de..20ab9e79ae79 100644
<!-- Package name(s) of Advanced Driver Assistance applications. These packages have additional
diff --git a/services/core/java/com/android/server/pm/ComputerEngine.java b/services/core/java/com/android/server/pm/ComputerEngine.java
index 58448bfefdaf..a01995c536a9 100644
index 58448bfefdaf..50678f515dde 100644
--- a/services/core/java/com/android/server/pm/ComputerEngine.java
+++ b/services/core/java/com/android/server/pm/ComputerEngine.java
@@ -99,6 +99,7 @@ import android.os.IBinder;
@ -112,8 +112,8 @@ index 58448bfefdaf..a01995c536a9 100644
- ps);
+
+ // Allow microG GmsCore and FakeStore to spoof signature
+ final boolean isValidGmsCore = p.getPackageName().equals("com.google.android.gms") && p.getTargetSdkVersion() >= 29 && p.getVersionCode() >= 231657056;
+ final boolean isValidFakeStore = p.getPackageName().equals("com.android.vending") && p.getTargetSdkVersion() >= 24 && p.getVersionCode() >= 30;
+ final boolean isValidGmsCore = p.getPackageName().equals("com.google.android.gms") && p.getTargetSdkVersion() >= 29 && ps.getVersionCode() >= 231657056;
+ final boolean isValidFakeStore = p.getPackageName().equals("com.android.vending") && p.getTargetSdkVersion() >= 24 && ps.getVersionCode() >= 30;
+ final boolean isMicroG = isValidGmsCore || isValidFakeStore;
+ PackageInfo packageInfo;
+ if (isMicroG && SystemProperties.getBoolean(SPOOF_CONTROL, false)) {

View File

@ -16,7 +16,7 @@ Signed-off-by: Tad <tad@spotco.us>
create mode 100644 src/com/android/settings/security/SigSpoofPreferenceController.java
diff --git a/res/values/strings.xml b/res/values/strings.xml
index 6e619cc2c4..0677bede10 100644
index 6e619cc2c4..8bc598e4bd 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -756,6 +756,9 @@

View File

@ -95,7 +95,6 @@ sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aap
awk -i inplace '!/updatable_apex.mk/' target/product/mainline_system.mk; #Disable APEX
sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
#sed -i 's/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := true/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := false/' core/product_config.mk; #broken by hardenDefconfig
sed -i 's/2023-05-05/2023-06-05/' core/version_defaults.mk; #Bump Security String #R_asb_2023-06 #XXX
fi;
if enterAndClear "build/soong"; then

View File

@ -97,7 +97,6 @@ sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aap
awk -i inplace '!/updatable_apex.mk/' target/product/generic_system.mk; #Disable APEX
sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
#sed -i 's/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := true/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := false/' core/product_config.mk; #broken by hardenDefconfig
sed -i 's/2023-05-05/2023-06-05/' core/version_defaults.mk; #Bump Security String #S_asb_2023-06 #XXX
fi;
if enterAndClear "build/soong"; then
@ -317,11 +316,6 @@ if enterAndClear "packages/apps/ThemePicker"; then
applyPatch "$DOS_PATCHES/android_packages_apps_ThemePicker/0001-Monet_Toggle.patch"; #Add a UI for enabling Material You (GrapheneOS)
fi;
if enterAndClear "packages/apps/Traceur"; then
git fetch https://github.com/LineageOS/android_packages_apps_Traceur refs/changes/65/358265/1 && git cherry-pick FETCH_HEAD; #S_asb_2023-06
git fetch https://github.com/LineageOS/android_packages_apps_Traceur refs/changes/66/358266/1 && git cherry-pick FETCH_HEAD;
fi;
if enterAndClear "packages/apps/Trebuchet"; then
cp $DOS_BUILD_BASE/vendor/divested/overlay/common/packages/apps/Trebuchet/res/xml/default_workspace_*.xml res/xml/; #XXX: Likely no longer needed
fi;

View File

@ -65,7 +65,7 @@ export DOS_GRAPHENE_MALLOC=true; #Enables use of GrapheneOS' hardened memory all
export DOS_GRAPHENE_EXEC=true; #Enables use of GrapheneOS' exec spawning feature on 16.0+17.1+18.1+19.1+20.0
export DOS_HOSTS_BLOCKING=true; #Set false to prevent inclusion of a HOSTS file
export DOS_HOSTS_BLOCKING_LIST="https://divested.dev/hosts-wildcards"; #Must be in the format "127.0.0.1 bad.domain.tld"
export DOS_MICROG_SUPPORT=false; #Opt-in unprivileged microG support on 17.1+18.1+19.1+20.0
export DOS_MICROG_SUPPORT=true; #Opt-in unprivileged microG support on 17.1+18.1+19.1+20.0
export DOS_SENSORS_PERM=false; #Set true to provide a per-app sensors permission for 14.1/15.1 #XXX: can break things like camera
export DOS_STRONG_ENCRYPTION_ENABLED=false; #Set true to enable AES 256-bit FDE encryption on 14.1+15.1 XXX: THIS WILL **DESTROY** EXISTING INSTALLS!
export DOS_WEBVIEW_LFS=true; #Whether to `git lfs pull` in the WebView repository