mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-25 07:29:24 -05:00
Cleanup
Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
parent
258fe8389b
commit
a9e250afd9
@ -8,8 +8,6 @@ PRODUCT_PACKAGES += \
|
||||
EtarPrebuilt \
|
||||
FennecDOS \
|
||||
SimpleGallery
|
||||
# FairEmail \
|
||||
# VanillaMusic
|
||||
|
||||
ifeq ($(findstring flox,$(TARGET_PRODUCT)),)
|
||||
PRODUCT_PACKAGES += \
|
||||
|
@ -1,97 +0,0 @@
|
||||
From 44cda6f5e47c33e91980ae35c8bc6d88e4d3763c Mon Sep 17 00:00:00 2001
|
||||
From: be-neth <bmauduit@beneth.fr>
|
||||
Date: Thu, 24 Nov 2016 13:01:30 -0500
|
||||
Subject: [PATCH] Allow packages to spoof their signature
|
||||
|
||||
Change-Id: I9acf48c7607804890d0d0fa7fe30bb36779cb40d
|
||||
---
|
||||
core/res/AndroidManifest.xml | 7 +++++++
|
||||
core/res/res/values/config.xml | 2 ++
|
||||
core/res/res/values/strings.xml | 5 +++++
|
||||
.../android/server/pm/PackageManagerService.java | 23 ++++++++++++++++++++--
|
||||
4 files changed, 35 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
|
||||
index b624305..43eec1f 100644
|
||||
--- a/core/res/AndroidManifest.xml
|
||||
+++ b/core/res/AndroidManifest.xml
|
||||
@@ -1926,6 +1926,13 @@
|
||||
android:description="@string/permdesc_getPackageSize"
|
||||
android:protectionLevel="normal" />
|
||||
|
||||
+ <!-- @hide Allows an application to change the package signature as
|
||||
+ seen by applications -->
|
||||
+ <permission android:name="android.permission.FAKE_PACKAGE_SIGNATURE"
|
||||
+ android:protectionLevel="dangerous"
|
||||
+ android:label="@string/permlab_fakePackageSignature"
|
||||
+ android:description="@string/permdesc_fakePackageSignature" />
|
||||
+
|
||||
<!-- @deprecated No longer useful, see
|
||||
{@link android.content.pm.PackageManager#addPackageToPreferred}
|
||||
for details. -->
|
||||
diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml
|
||||
index 4a95f6e..702e02a 100644
|
||||
--- a/core/res/res/values/config.xml
|
||||
+++ b/core/res/res/values/config.xml
|
||||
@@ -1383,6 +1383,8 @@
|
||||
<string-array name="config_locationProviderPackageNames" translatable="false">
|
||||
<!-- The standard AOSP fused location provider -->
|
||||
<item>com.android.location.fused</item>
|
||||
+ <!-- The (faked) microg fused location provider -->
|
||||
+ <item>com.google.android.gms</item>
|
||||
</string-array>
|
||||
|
||||
<!-- This string array can be overriden to enable test location providers initially. -->
|
||||
diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
|
||||
index 345d377..26814f1 100644
|
||||
--- a/core/res/res/values/strings.xml
|
||||
+++ b/core/res/res/values/strings.xml
|
||||
@@ -660,6 +660,11 @@
|
||||
|
||||
<!-- Permissions -->
|
||||
|
||||
+ <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
+ <string name="permlab_fakePackageSignature">Spoof package signature</string>
|
||||
+ <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
+ <string name="permdesc_fakePackageSignature">Allows the app to pretend to be a different app. Malicious applications might be able to use this to access private application data. Grant this permission with caution only!</string>
|
||||
+
|
||||
<!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
<string name="permlab_statusBar">disable or modify status bar</string>
|
||||
<!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
|
||||
index d450288..9194e69 100644
|
||||
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
|
||||
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
|
||||
@@ -3141,8 +3141,27 @@ public class PackageManagerService extends IPackageManager.Stub {
|
||||
? Collections.<String>emptySet() : permissionsState.getPermissions(userId);
|
||||
final PackageUserState state = ps.readUserState(userId);
|
||||
|
||||
- return PackageParser.generatePackageInfo(p, gids, flags,
|
||||
- ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId);
|
||||
+ return mayFakeSignature(p, PackageParser.generatePackageInfo(p, gids, flags,
|
||||
+ ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId),
|
||||
+ permissions);
|
||||
+ }
|
||||
+
|
||||
+ private PackageInfo mayFakeSignature(PackageParser.Package p, PackageInfo pi,
|
||||
+ Set<String> permissions) {
|
||||
+ try {
|
||||
+ if (permissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE")
|
||||
+ && p.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1
|
||||
+ && p.mAppMetaData != null) {
|
||||
+ String sig = p.mAppMetaData.getString("fake-signature");
|
||||
+ if (sig != null) {
|
||||
+ pi.signatures = new Signature[] {new Signature(sig)};
|
||||
+ }
|
||||
+ }
|
||||
+ } catch (Throwable t) {
|
||||
+ // We should never die because of any failures, this is system code!
|
||||
+ Log.w("PackageManagerService.FAKE_PACKAGE_SIGNATURE", t);
|
||||
+ }
|
||||
+ return pi;
|
||||
}
|
||||
|
||||
@Override
|
||||
--
|
||||
2.9.3
|
||||
|
@ -1,26 +0,0 @@
|
||||
From 6c9c966622adbfe0ad92ed90d90f93a782c99f02 Mon Sep 17 00:00:00 2001
|
||||
From: Tad <tad@spotco.us>
|
||||
Date: Sun, 18 Dec 2016 19:10:20 -0500
|
||||
Subject: [PATCH] Harden signature spoofing
|
||||
|
||||
Change-Id: I31e2a20923fff883c87fa6425408971657d3d7b3
|
||||
---
|
||||
core/res/AndroidManifest.xml | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
|
||||
index 486999b..182acbf 100644
|
||||
--- a/core/res/AndroidManifest.xml
|
||||
+++ b/core/res/AndroidManifest.xml
|
||||
@@ -1937,7 +1937,7 @@
|
||||
<!-- @hide Allows an application to change the package signature as
|
||||
seen by applications -->
|
||||
<permission android:name="android.permission.FAKE_PACKAGE_SIGNATURE"
|
||||
- android:protectionLevel="dangerous"
|
||||
+ android:protectionLevel="signature"
|
||||
android:label="@string/permlab_fakePackageSignature"
|
||||
android:description="@string/permdesc_fakePackageSignature" />
|
||||
|
||||
--
|
||||
2.9.3
|
||||
|
@ -1,29 +0,0 @@
|
||||
From 0030bc6ef203eb6ffc1300599db1fd48d4a77f78 Mon Sep 17 00:00:00 2001
|
||||
From: Tad <tad@spotco.us>
|
||||
Date: Tue, 8 May 2018 20:54:49 -0400
|
||||
Subject: [PATCH] Change connectivity check URLs to ours
|
||||
|
||||
Change-Id: Idd9bfb4a09db763c97d0ea3aabf428176e28d48f
|
||||
---
|
||||
.../java/com/android/server/connectivity/NetworkMonitor.java | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/services/core/java/com/android/server/connectivity/NetworkMonitor.java b/services/core/java/com/android/server/connectivity/NetworkMonitor.java
|
||||
index 97669d242f0..2a39f90b19b 100644
|
||||
--- a/services/core/java/com/android/server/connectivity/NetworkMonitor.java
|
||||
+++ b/services/core/java/com/android/server/connectivity/NetworkMonitor.java
|
||||
@@ -86,9 +86,9 @@ public class NetworkMonitor extends StateMachine {
|
||||
// Default configuration values for captive portal detection probes.
|
||||
// TODO: append a random length parameter to the default HTTPS url.
|
||||
// TODO: randomize browser version ids in the default User-Agent String.
|
||||
- private static final String DEFAULT_HTTPS_URL = "https://www.google.com/generate_204";
|
||||
+ private static final String DEFAULT_HTTPS_URL = "https://divestos.org/gen204.php";
|
||||
private static final String DEFAULT_HTTP_URL =
|
||||
- "http://connectivitycheck.gstatic.com/generate_204";
|
||||
+ "http://divestos.org/gen204.php";
|
||||
private static final String DEFAULT_FALLBACK_URL = "http://www.google.com/gen_204";
|
||||
private static final String DEFAULT_USER_AGENT = "Mozilla/5.0 (X11; Linux x86_64) "
|
||||
+ "AppleWebKit/537.36 (KHTML, like Gecko) "
|
||||
--
|
||||
2.17.0
|
||||
|
@ -1,78 +0,0 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Tad <tad@spotco.us>
|
||||
Date: Mon, 21 May 2018 04:23:40 -0400
|
||||
Subject: [PATCH] Disable/reduce functionality of various ad/analytics
|
||||
libraries
|
||||
|
||||
Change-Id: I84303ee26d0232e471f44ae6eff6e41a2210e42e
|
||||
---
|
||||
.../android/content/pm/PackageParser.java | 56 +++++++++++++++++++
|
||||
1 file changed, 56 insertions(+)
|
||||
|
||||
diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
|
||||
index f2e3333b67da..35073ed38d3a 100644
|
||||
--- a/core/java/android/content/pm/PackageParser.java
|
||||
+++ b/core/java/android/content/pm/PackageParser.java
|
||||
@@ -4465,6 +4465,62 @@ public class PackageParser {
|
||||
|
||||
if (data == null) {
|
||||
data = new Bundle();
|
||||
+ data.putString("acc_advertiser_id", "false");
|
||||
+ data.putString("acc_no_geoloc", "true");
|
||||
+ data.putString("acc_tracking_mode", "Restricted");
|
||||
+ data.putString("android.webkit.WebView.MetricsOptOut", "true");
|
||||
+ data.putString("AXACollectIp", "false");
|
||||
+ data.putString("batch_opted_out_by_default", "true");
|
||||
+ data.putString("CLEVERTAP_BACKGROUND_SYNC", "0");
|
||||
+ data.putString("CLEVERTAP_USE_GOOGLE_AD_ID", "0");
|
||||
+ data.putString("com.ad4screen.advertiser_id", "false");
|
||||
+ data.putString("com.ad4screen.no_geoloc", "true");
|
||||
+ data.putString("com.ad4screen.tracking_mode", "Restricted");
|
||||
+ data.putString("com.bugsnag.android.AUTO_CAPTURE_SESSIONS", "false");
|
||||
+ data.putString("com.bugsnag.android.AUTO_DETECT_ERRORS", "false");
|
||||
+ data.putString("com.bugsnag.android.AUTO_TRACK_SESSIONS", "false");
|
||||
+ data.putString("com.bugsnag.android.DETECT_ANR", "false");
|
||||
+ data.putString("com.bugsnag.android.DETECT_NDK_CRASHES", "false");
|
||||
+ data.putString("com.bugsnag.android.ENABLE_EXCEPTION_HANDLER", "false");
|
||||
+ data.putString("com.bugsnag.android.PERSIST_USER_BETWEEN_SESSIONS", "false");
|
||||
+ data.putString("com.bugsnag.android.PERSIST_USER", "false");
|
||||
+ data.putString("com.bugsnag.android.SEND_THREADS", "NEVER");
|
||||
+ data.putString("com.facebook.sdk.AdvertiserIDCollectionEnabled", "false");
|
||||
+ data.putString("com.facebook.sdk.AutoInitEnabled", "false");
|
||||
+ data.putString("com.facebook.sdk.AutoLogAppEventsEnabled", "false");
|
||||
+ data.putString("com.followanalytics.message.inapp.enable", "false");
|
||||
+ data.putString("com.followanalytics.message.push.enable", "false");
|
||||
+ data.putString("com.google.android.gms.ads.AD_MANAGER_APP", "false");
|
||||
+ data.putString("com.google.android.gms.ads.DELAY_APP_MEASUREMENT_INIT", "true");
|
||||
+ data.putString("com.mapbox.EnableEvents", "false");
|
||||
+ data.putString("com.microsoft.engagementinsights.autoCapture", "false");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.AutoCheckForSurveys", "false");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.AutoShowMixpanelUpdates", "false");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.DisableAppOpenEvent", "true");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.DisableDecideChecker", "true");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.DisableExceptionHandler", "true");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.DisableFallback", "true");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.DisableViewCrawler", "true");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.TestMode", "true");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.UseIpAddressForGeolocation", "false");
|
||||
+ data.putString("com.sprooki.LOCATION_SERVICES", "disable");
|
||||
+ data.putString("com.webengage.sdk.android.location_tracking", "false");
|
||||
+ data.putString("firebase_analytics_collection_deactivated", "true");
|
||||
+ data.putString("firebase_analytics_collection_enabled", "false");
|
||||
+ data.putString("firebase_crash_collection_enabled", "false");
|
||||
+ data.putString("firebase_crashlytics_collection_enabled", "false");
|
||||
+ data.putString("firebase_performance_collection_deactivated", "true");
|
||||
+ data.putString("google_analytics_adid_collection_enabled", "false");
|
||||
+ data.putString("google_analytics_automatic_screen_reporting_enabled", "false");
|
||||
+ data.putString("google_analytics_default_allow_ad_personalization_signals", "false");
|
||||
+ data.putString("google_analytics_ssaid_collection_enabled", "false");
|
||||
+ data.putString("SMT_USE_AD_ID", "0");
|
||||
+ data.putString("tapjoy.disable_advertising_id_check", "true");
|
||||
+ data.putString("tapjoy.disable_android_id_as_analytics_id", "true");
|
||||
+ data.putString("tapjoy.disable_automatic_session_tracking", "true");
|
||||
+ data.putString("tapjoy.disable_persistent_ids", "true");
|
||||
+ data.putString("tapjoy.disable_video_offers", "true");
|
||||
+ data.putString("tnkad_tracking", "false");
|
||||
}
|
||||
|
||||
String name = sa.getNonConfigurationString(
|
@ -1,102 +0,0 @@
|
||||
commit 4e9d677b35b9656c22c922c9abca4107ab95c9b4
|
||||
Author: Bernhard Rosenkränzer <bero@lindev.ch>
|
||||
Date: Tue Aug 29 00:34:27 2017 +0200
|
||||
|
||||
Add permission to allow an APK to fake a signature.
|
||||
|
||||
This is needed by GmsCore (https://microg.org/) to pretend
|
||||
the existence of the official Play Services to applications calling
|
||||
Google APIs.
|
||||
|
||||
Forward-ported from https://github.com/microg/android_packages_apps_GmsCore/blob/master/patches/android_frameworks_base-N.patch
|
||||
|
||||
Change-Id: I603fd09200432f7e1bf997072188cdfa6da1594f
|
||||
Signed-off-by: Bernhard Rosenkränzer <bero@lindev.ch>
|
||||
|
||||
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
|
||||
index 794d4f8b78b..b3189077256 100644
|
||||
--- a/core/res/AndroidManifest.xml
|
||||
+++ b/core/res/AndroidManifest.xml
|
||||
@@ -2075,6 +2075,13 @@
|
||||
android:description="@string/permdesc_getPackageSize"
|
||||
android:protectionLevel="normal" />
|
||||
|
||||
+ <!-- @hide Allows an application to change the package signature as
|
||||
+ seen by applications -->
|
||||
+ <permission android:name="android.permission.FAKE_PACKAGE_SIGNATURE"
|
||||
+ android:protectionLevel="dangerous"
|
||||
+ android:label="@string/permlab_fakePackageSignature"
|
||||
+ android:description="@string/permdesc_fakePackageSignature" />
|
||||
+
|
||||
<!-- @deprecated No longer useful, see
|
||||
{@link android.content.pm.PackageManager#addPackageToPreferred}
|
||||
for details. -->
|
||||
diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml
|
||||
index 3613acf44aa..d1636c862c5 100644
|
||||
--- a/core/res/res/values/config.xml
|
||||
+++ b/core/res/res/values/config.xml
|
||||
@@ -1385,6 +1385,8 @@
|
||||
<string-array name="config_locationProviderPackageNames" translatable="false">
|
||||
<!-- The standard AOSP fused location provider -->
|
||||
<item>com.android.location.fused</item>
|
||||
+ <!-- The (faked) microg fused location provider (a free reimplementation) -->
|
||||
+ <item>com.google.android.gms</item>
|
||||
</string-array>
|
||||
|
||||
<!-- This string array can be overriden to enable test location providers initially. -->
|
||||
diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
|
||||
index 3eebe7eb68d..7405386cd49 100644
|
||||
--- a/core/res/res/values/strings.xml
|
||||
+++ b/core/res/res/values/strings.xml
|
||||
@@ -764,6 +764,10 @@
|
||||
|
||||
<!-- Permissions -->
|
||||
|
||||
+ <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
+ <string name="permlab_fakePackageSignature">Spoof package signature</string>
|
||||
+ <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
+ <string name="permdesc_fakePackageSignature">Allows the app to pretend to be a different app. Malicious applications might be able to use this to access private application data. Legitimate uses include an emulator pretending to be what it emulates. Grant this permission with caution only!</string>
|
||||
<!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
<string name="permlab_statusBar">disable or modify status bar</string>
|
||||
<!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
|
||||
index f36b762c5e9..048a057d39c 100644
|
||||
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
|
||||
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
|
||||
@@ -3571,8 +3571,9 @@ public class PackageManagerService extends IPackageManager.Stub
|
||||
flags |= MATCH_ANY_USER;
|
||||
}
|
||||
|
||||
- PackageInfo packageInfo = PackageParser.generatePackageInfo(p, gids, flags,
|
||||
- ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId);
|
||||
+ PackageInfo packageInfo = mayFakeSignature(p, PackageParser.generatePackageInfo(p, gids, flags,
|
||||
+ ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId),
|
||||
+ permissions);
|
||||
|
||||
if (packageInfo == null) {
|
||||
return null;
|
||||
@@ -3584,6 +3585,24 @@ public class PackageManagerService extends IPackageManager.Stub
|
||||
return packageInfo;
|
||||
}
|
||||
|
||||
+ private PackageInfo mayFakeSignature(PackageParser.Package p, PackageInfo pi,
|
||||
+ Set<String> permissions) {
|
||||
+ try {
|
||||
+ if (permissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE")
|
||||
+ && p.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1
|
||||
+ && p.mAppMetaData != null) {
|
||||
+ String sig = p.mAppMetaData.getString("fake-signature");
|
||||
+ if (sig != null) {
|
||||
+ pi.signatures = new Signature[] {new Signature(sig)};
|
||||
+ }
|
||||
+ }
|
||||
+ } catch (Throwable t) {
|
||||
+ // We should never die because of any failures, this is system code!
|
||||
+ Log.w("PackageManagerService.FAKE_PACKAGE_SIGNATURE", t);
|
||||
+ }
|
||||
+ return pi;
|
||||
+ }
|
||||
+
|
||||
@Override
|
||||
public void checkPackageStartable(String packageName, int userId) {
|
||||
final int callingUid = Binder.getCallingUid();
|
@ -1,26 +0,0 @@
|
||||
From c018c699ddaf7f9b76cf9f11cc4dc4308054cc0b Mon Sep 17 00:00:00 2001
|
||||
From: Tad <tad@spotco.us>
|
||||
Date: Mon, 12 Feb 2018 02:55:55 -0500
|
||||
Subject: [PATCH] Harden signature spoofing
|
||||
|
||||
Change-Id: I31e2a20923fff883c87fa6425408971657d3d7b3
|
||||
---
|
||||
core/res/AndroidManifest.xml | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
|
||||
index 653caaca2a6..7f547dd07ac 100644
|
||||
--- a/core/res/AndroidManifest.xml
|
||||
+++ b/core/res/AndroidManifest.xml
|
||||
@@ -2152,7 +2152,7 @@
|
||||
<!-- @hide Allows an application to change the package signature as
|
||||
seen by applications -->
|
||||
<permission android:name="android.permission.FAKE_PACKAGE_SIGNATURE"
|
||||
- android:protectionLevel="dangerous"
|
||||
+ android:protectionLevel="signature"
|
||||
android:label="@string/permlab_fakePackageSignature"
|
||||
android:description="@string/permdesc_fakePackageSignature" />
|
||||
|
||||
--
|
||||
2.16.1
|
||||
|
@ -1,34 +0,0 @@
|
||||
From 883366830fc3af50d2232fc0b6d885f92c5d53ce Mon Sep 17 00:00:00 2001
|
||||
From: Tad <tad@spotco.us>
|
||||
Date: Tue, 8 May 2018 20:53:07 -0400
|
||||
Subject: [PATCH] Change connectivity check URLs to ours
|
||||
|
||||
Change-Id: Idd9bfb4a09db763c97d0ea3aabf428176e28d48f
|
||||
---
|
||||
.../com/android/server/connectivity/NetworkMonitor.java | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/services/core/java/com/android/server/connectivity/NetworkMonitor.java b/services/core/java/com/android/server/connectivity/NetworkMonitor.java
|
||||
index d3a93542c74..32918aa3cdc 100644
|
||||
--- a/services/core/java/com/android/server/connectivity/NetworkMonitor.java
|
||||
+++ b/services/core/java/com/android/server/connectivity/NetworkMonitor.java
|
||||
@@ -91,12 +91,12 @@ public class NetworkMonitor extends StateMachine {
|
||||
// Default configuration values for captive portal detection probes.
|
||||
// TODO: append a random length parameter to the default HTTPS url.
|
||||
// TODO: randomize browser version ids in the default User-Agent String.
|
||||
- private static final String DEFAULT_HTTPS_URL = "https://www.google.com/generate_204";
|
||||
+ private static final String DEFAULT_HTTPS_URL = "https://divestos.org/gen204.php";
|
||||
private static final String DEFAULT_HTTP_URL =
|
||||
- "http://connectivitycheck.gstatic.com/generate_204";
|
||||
- private static final String DEFAULT_FALLBACK_URL = "http://www.google.com/gen_204";
|
||||
+ "http://divestos.org/gen204.php";
|
||||
+ private static final String DEFAULT_FALLBACK_URL = "https://www.google.com/generate_204";
|
||||
private static final String DEFAULT_OTHER_FALLBACK_URLS =
|
||||
- "http://play.googleapis.com/generate_204";
|
||||
+ "http://connectivitycheck.gstatic.com/generate_204";
|
||||
private static final String DEFAULT_USER_AGENT = "Mozilla/5.0 (X11; Linux x86_64) "
|
||||
+ "AppleWebKit/537.36 (KHTML, like Gecko) "
|
||||
+ "Chrome/60.0.3112.32 Safari/537.36";
|
||||
--
|
||||
2.17.0
|
||||
|
@ -1,78 +0,0 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Tad <tad@spotco.us>
|
||||
Date: Mon, 21 May 2018 04:23:40 -0400
|
||||
Subject: [PATCH] Disable/reduce functionality of various ad/analytics
|
||||
libraries
|
||||
|
||||
Change-Id: I84303ee26d0232e471f44ae6eff6e41a2210e42e
|
||||
---
|
||||
.../android/content/pm/PackageParser.java | 56 +++++++++++++++++++
|
||||
1 file changed, 56 insertions(+)
|
||||
|
||||
diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
|
||||
index 8c66fb227cf9..4421c0ca5115 100644
|
||||
--- a/core/java/android/content/pm/PackageParser.java
|
||||
+++ b/core/java/android/content/pm/PackageParser.java
|
||||
@@ -5524,6 +5524,62 @@ public class PackageParser {
|
||||
|
||||
if (data == null) {
|
||||
data = new Bundle();
|
||||
+ data.putString("acc_advertiser_id", "false");
|
||||
+ data.putString("acc_no_geoloc", "true");
|
||||
+ data.putString("acc_tracking_mode", "Restricted");
|
||||
+ data.putString("android.webkit.WebView.MetricsOptOut", "true");
|
||||
+ data.putString("AXACollectIp", "false");
|
||||
+ data.putString("batch_opted_out_by_default", "true");
|
||||
+ data.putString("CLEVERTAP_BACKGROUND_SYNC", "0");
|
||||
+ data.putString("CLEVERTAP_USE_GOOGLE_AD_ID", "0");
|
||||
+ data.putString("com.ad4screen.advertiser_id", "false");
|
||||
+ data.putString("com.ad4screen.no_geoloc", "true");
|
||||
+ data.putString("com.ad4screen.tracking_mode", "Restricted");
|
||||
+ data.putString("com.bugsnag.android.AUTO_CAPTURE_SESSIONS", "false");
|
||||
+ data.putString("com.bugsnag.android.AUTO_DETECT_ERRORS", "false");
|
||||
+ data.putString("com.bugsnag.android.AUTO_TRACK_SESSIONS", "false");
|
||||
+ data.putString("com.bugsnag.android.DETECT_ANR", "false");
|
||||
+ data.putString("com.bugsnag.android.DETECT_NDK_CRASHES", "false");
|
||||
+ data.putString("com.bugsnag.android.ENABLE_EXCEPTION_HANDLER", "false");
|
||||
+ data.putString("com.bugsnag.android.PERSIST_USER_BETWEEN_SESSIONS", "false");
|
||||
+ data.putString("com.bugsnag.android.PERSIST_USER", "false");
|
||||
+ data.putString("com.bugsnag.android.SEND_THREADS", "NEVER");
|
||||
+ data.putString("com.facebook.sdk.AdvertiserIDCollectionEnabled", "false");
|
||||
+ data.putString("com.facebook.sdk.AutoInitEnabled", "false");
|
||||
+ data.putString("com.facebook.sdk.AutoLogAppEventsEnabled", "false");
|
||||
+ data.putString("com.followanalytics.message.inapp.enable", "false");
|
||||
+ data.putString("com.followanalytics.message.push.enable", "false");
|
||||
+ data.putString("com.google.android.gms.ads.AD_MANAGER_APP", "false");
|
||||
+ data.putString("com.google.android.gms.ads.DELAY_APP_MEASUREMENT_INIT", "true");
|
||||
+ data.putString("com.mapbox.EnableEvents", "false");
|
||||
+ data.putString("com.microsoft.engagementinsights.autoCapture", "false");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.AutoCheckForSurveys", "false");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.AutoShowMixpanelUpdates", "false");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.DisableAppOpenEvent", "true");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.DisableDecideChecker", "true");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.DisableExceptionHandler", "true");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.DisableFallback", "true");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.DisableViewCrawler", "true");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.TestMode", "true");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.UseIpAddressForGeolocation", "false");
|
||||
+ data.putString("com.sprooki.LOCATION_SERVICES", "disable");
|
||||
+ data.putString("com.webengage.sdk.android.location_tracking", "false");
|
||||
+ data.putString("firebase_analytics_collection_deactivated", "true");
|
||||
+ data.putString("firebase_analytics_collection_enabled", "false");
|
||||
+ data.putString("firebase_crash_collection_enabled", "false");
|
||||
+ data.putString("firebase_crashlytics_collection_enabled", "false");
|
||||
+ data.putString("firebase_performance_collection_deactivated", "true");
|
||||
+ data.putString("google_analytics_adid_collection_enabled", "false");
|
||||
+ data.putString("google_analytics_automatic_screen_reporting_enabled", "false");
|
||||
+ data.putString("google_analytics_default_allow_ad_personalization_signals", "false");
|
||||
+ data.putString("google_analytics_ssaid_collection_enabled", "false");
|
||||
+ data.putString("SMT_USE_AD_ID", "0");
|
||||
+ data.putString("tapjoy.disable_advertising_id_check", "true");
|
||||
+ data.putString("tapjoy.disable_android_id_as_analytics_id", "true");
|
||||
+ data.putString("tapjoy.disable_automatic_session_tracking", "true");
|
||||
+ data.putString("tapjoy.disable_persistent_ids", "true");
|
||||
+ data.putString("tapjoy.disable_video_offers", "true");
|
||||
+ data.putString("tnkad_tracking", "false");
|
||||
}
|
||||
|
||||
String name = sa.getNonConfigurationString(
|
@ -1,113 +0,0 @@
|
||||
From 37658734891a14991c74563d9d86e5430d7ce672 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Bernhard=20Rosenkr=C3=A4nzer?= <bero@lindev.ch>
|
||||
Date: Mon, 4 Mar 2019 03:26:03 -0500
|
||||
Subject: [PATCH] Add permission to allow an APK to fake a signature.
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
This is needed by GmsCore (https://microg.org/) to pretend
|
||||
the existence of the official Play Services to applications calling
|
||||
Google APIs.
|
||||
|
||||
Forward-ported from https://github.com/microg/android_packages_apps_GmsCore/blob/master/patches/android_frameworks_base-N.patch
|
||||
|
||||
Change-Id: I603fd09200432f7e1bf997072188cdfa6da1594f
|
||||
Signed-off-by: Bernhard Rosenkränzer <bero@lindev.ch>
|
||||
---
|
||||
core/res/AndroidManifest.xml | 7 ++++++
|
||||
core/res/res/values/config.xml | 2 ++
|
||||
core/res/res/values/strings.xml | 4 ++++
|
||||
.../server/pm/PackageManagerService.java | 23 +++++++++++++++++--
|
||||
4 files changed, 34 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
|
||||
index 34d26f0da90..08f95ec1fdf 100644
|
||||
--- a/core/res/AndroidManifest.xml
|
||||
+++ b/core/res/AndroidManifest.xml
|
||||
@@ -2357,6 +2357,13 @@
|
||||
android:description="@string/permdesc_getPackageSize"
|
||||
android:protectionLevel="normal" />
|
||||
|
||||
+ <!-- @hide Allows an application to change the package signature as
|
||||
+ seen by applications -->
|
||||
+ <permission android:name="android.permission.FAKE_PACKAGE_SIGNATURE"
|
||||
+ android:protectionLevel="dangerous"
|
||||
+ android:label="@string/permlab_fakePackageSignature"
|
||||
+ android:description="@string/permdesc_fakePackageSignature" />
|
||||
+
|
||||
<!-- @deprecated No longer useful, see
|
||||
{@link android.content.pm.PackageManager#addPackageToPreferred}
|
||||
for details. -->
|
||||
diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml
|
||||
index cf9bd122baf..2047c336acd 100644
|
||||
--- a/core/res/res/values/config.xml
|
||||
+++ b/core/res/res/values/config.xml
|
||||
@@ -1682,6 +1682,8 @@
|
||||
<string-array name="config_locationProviderPackageNames" translatable="false">
|
||||
<!-- The standard AOSP fused location provider -->
|
||||
<item>com.android.location.fused</item>
|
||||
+ <!-- The (faked) microg fused location provider (a free reimplementation) -->
|
||||
+ <item>com.google.android.gms</item>
|
||||
</string-array>
|
||||
|
||||
<!-- This string array can be overriden to enable test location providers initially. -->
|
||||
diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
|
||||
index f6600462ea7..bad13100a79 100644
|
||||
--- a/core/res/res/values/strings.xml
|
||||
+++ b/core/res/res/values/strings.xml
|
||||
@@ -785,6 +785,10 @@
|
||||
|
||||
<!-- Permissions -->
|
||||
|
||||
+ <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
+ <string name="permlab_fakePackageSignature">Spoof package signature</string>
|
||||
+ <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
+ <string name="permdesc_fakePackageSignature">Allows the app to pretend to be a different app. Malicious applications might be able to use this to access private application data. Legitimate uses include an emulator pretending to be what it emulates. Grant this permission with caution only!</string>
|
||||
<!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
<string name="permlab_statusBar">disable or modify status bar</string>
|
||||
<!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
|
||||
index 9b50a1545a5..58dc3fe926f 100644
|
||||
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
|
||||
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
|
||||
@@ -4001,8 +4001,9 @@ public class PackageManagerService extends IPackageManager.Stub
|
||||
final Set<String> permissions = ArrayUtils.isEmpty(p.requestedPermissions)
|
||||
? Collections.<String>emptySet() : permissionsState.getPermissions(userId);
|
||||
|
||||
- PackageInfo packageInfo = PackageParser.generatePackageInfo(p, gids, flags,
|
||||
- ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId);
|
||||
+ PackageInfo packageInfo = mayFakeSignature(p, PackageParser.generatePackageInfo(p, gids, flags,
|
||||
+ ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId),
|
||||
+ permissions);
|
||||
|
||||
if (packageInfo == null) {
|
||||
return null;
|
||||
@@ -4038,6 +4039,24 @@ public class PackageManagerService extends IPackageManager.Stub
|
||||
}
|
||||
}
|
||||
|
||||
+ private PackageInfo mayFakeSignature(PackageParser.Package p, PackageInfo pi,
|
||||
+ Set<String> permissions) {
|
||||
+ try {
|
||||
+ if (permissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE")
|
||||
+ && p.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1
|
||||
+ && p.mAppMetaData != null) {
|
||||
+ String sig = p.mAppMetaData.getString("fake-signature");
|
||||
+ if (sig != null) {
|
||||
+ pi.signatures = new Signature[] {new Signature(sig)};
|
||||
+ }
|
||||
+ }
|
||||
+ } catch (Throwable t) {
|
||||
+ // We should never die because of any failures, this is system code!
|
||||
+ Log.w("PackageManagerService.FAKE_PACKAGE_SIGNATURE", t);
|
||||
+ }
|
||||
+ return pi;
|
||||
+ }
|
||||
+
|
||||
@Override
|
||||
public void checkPackageStartable(String packageName, int userId) {
|
||||
final int callingUid = Binder.getCallingUid();
|
||||
--
|
||||
2.20.1
|
||||
|
@ -1,26 +0,0 @@
|
||||
From c018c699ddaf7f9b76cf9f11cc4dc4308054cc0b Mon Sep 17 00:00:00 2001
|
||||
From: Tad <tad@spotco.us>
|
||||
Date: Mon, 12 Feb 2018 02:55:55 -0500
|
||||
Subject: [PATCH] Harden signature spoofing
|
||||
|
||||
Change-Id: I31e2a20923fff883c87fa6425408971657d3d7b3
|
||||
---
|
||||
core/res/AndroidManifest.xml | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
|
||||
index 653caaca2a6..7f547dd07ac 100644
|
||||
--- a/core/res/AndroidManifest.xml
|
||||
+++ b/core/res/AndroidManifest.xml
|
||||
@@ -2152,7 +2152,7 @@
|
||||
<!-- @hide Allows an application to change the package signature as
|
||||
seen by applications -->
|
||||
<permission android:name="android.permission.FAKE_PACKAGE_SIGNATURE"
|
||||
- android:protectionLevel="dangerous"
|
||||
+ android:protectionLevel="signature"
|
||||
android:label="@string/permlab_fakePackageSignature"
|
||||
android:description="@string/permdesc_fakePackageSignature" />
|
||||
|
||||
--
|
||||
2.16.1
|
||||
|
@ -1,34 +0,0 @@
|
||||
From 883366830fc3af50d2232fc0b6d885f92c5d53ce Mon Sep 17 00:00:00 2001
|
||||
From: Tad <tad@spotco.us>
|
||||
Date: Tue, 8 May 2018 20:53:07 -0400
|
||||
Subject: [PATCH] Change connectivity check URLs to ours
|
||||
|
||||
Change-Id: Idd9bfb4a09db763c97d0ea3aabf428176e28d48f
|
||||
---
|
||||
.../com/android/server/connectivity/NetworkMonitor.java | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/services/core/java/com/android/server/connectivity/NetworkMonitor.java b/services/core/java/com/android/server/connectivity/NetworkMonitor.java
|
||||
index d3a93542c74..32918aa3cdc 100644
|
||||
--- a/services/core/java/com/android/server/connectivity/NetworkMonitor.java
|
||||
+++ b/services/core/java/com/android/server/connectivity/NetworkMonitor.java
|
||||
@@ -91,12 +91,12 @@ public class NetworkMonitor extends StateMachine {
|
||||
// Default configuration values for captive portal detection probes.
|
||||
// TODO: append a random length parameter to the default HTTPS url.
|
||||
// TODO: randomize browser version ids in the default User-Agent String.
|
||||
- private static final String DEFAULT_HTTPS_URL = "https://www.google.com/generate_204";
|
||||
+ private static final String DEFAULT_HTTPS_URL = "https://divestos.org/gen204.php";
|
||||
private static final String DEFAULT_HTTP_URL =
|
||||
- "http://connectivitycheck.gstatic.com/generate_204";
|
||||
- private static final String DEFAULT_FALLBACK_URL = "http://www.google.com/gen_204";
|
||||
+ "http://divestos.org/gen204.php";
|
||||
+ private static final String DEFAULT_FALLBACK_URL = "https://www.google.com/generate_204";
|
||||
private static final String DEFAULT_OTHER_FALLBACK_URLS =
|
||||
- "http://play.googleapis.com/generate_204";
|
||||
+ "http://connectivitycheck.gstatic.com/generate_204";
|
||||
private static final String DEFAULT_USER_AGENT = "Mozilla/5.0 (X11; Linux x86_64) "
|
||||
+ "AppleWebKit/537.36 (KHTML, like Gecko) "
|
||||
+ "Chrome/60.0.3112.32 Safari/537.36";
|
||||
--
|
||||
2.17.0
|
||||
|
@ -1,78 +0,0 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Tad <tad@spotco.us>
|
||||
Date: Mon, 21 May 2018 04:23:40 -0400
|
||||
Subject: [PATCH] Disable/reduce functionality of various ad/analytics
|
||||
libraries
|
||||
|
||||
Change-Id: I84303ee26d0232e471f44ae6eff6e41a2210e42e
|
||||
---
|
||||
.../android/content/pm/PackageParser.java | 56 +++++++++++++++++++
|
||||
1 file changed, 56 insertions(+)
|
||||
|
||||
diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
|
||||
index e0c2d2dc6dde..405291d46f58 100644
|
||||
--- a/core/java/android/content/pm/PackageParser.java
|
||||
+++ b/core/java/android/content/pm/PackageParser.java
|
||||
@@ -5327,6 +5327,62 @@ public class PackageParser {
|
||||
|
||||
if (data == null) {
|
||||
data = new Bundle();
|
||||
+ data.putString("acc_advertiser_id", "false");
|
||||
+ data.putString("acc_no_geoloc", "true");
|
||||
+ data.putString("acc_tracking_mode", "Restricted");
|
||||
+ data.putString("android.webkit.WebView.MetricsOptOut", "true");
|
||||
+ data.putString("AXACollectIp", "false");
|
||||
+ data.putString("batch_opted_out_by_default", "true");
|
||||
+ data.putString("CLEVERTAP_BACKGROUND_SYNC", "0");
|
||||
+ data.putString("CLEVERTAP_USE_GOOGLE_AD_ID", "0");
|
||||
+ data.putString("com.ad4screen.advertiser_id", "false");
|
||||
+ data.putString("com.ad4screen.no_geoloc", "true");
|
||||
+ data.putString("com.ad4screen.tracking_mode", "Restricted");
|
||||
+ data.putString("com.bugsnag.android.AUTO_CAPTURE_SESSIONS", "false");
|
||||
+ data.putString("com.bugsnag.android.AUTO_DETECT_ERRORS", "false");
|
||||
+ data.putString("com.bugsnag.android.AUTO_TRACK_SESSIONS", "false");
|
||||
+ data.putString("com.bugsnag.android.DETECT_ANR", "false");
|
||||
+ data.putString("com.bugsnag.android.DETECT_NDK_CRASHES", "false");
|
||||
+ data.putString("com.bugsnag.android.ENABLE_EXCEPTION_HANDLER", "false");
|
||||
+ data.putString("com.bugsnag.android.PERSIST_USER_BETWEEN_SESSIONS", "false");
|
||||
+ data.putString("com.bugsnag.android.PERSIST_USER", "false");
|
||||
+ data.putString("com.bugsnag.android.SEND_THREADS", "NEVER");
|
||||
+ data.putString("com.facebook.sdk.AdvertiserIDCollectionEnabled", "false");
|
||||
+ data.putString("com.facebook.sdk.AutoInitEnabled", "false");
|
||||
+ data.putString("com.facebook.sdk.AutoLogAppEventsEnabled", "false");
|
||||
+ data.putString("com.followanalytics.message.inapp.enable", "false");
|
||||
+ data.putString("com.followanalytics.message.push.enable", "false");
|
||||
+ data.putString("com.google.android.gms.ads.AD_MANAGER_APP", "false");
|
||||
+ data.putString("com.google.android.gms.ads.DELAY_APP_MEASUREMENT_INIT", "true");
|
||||
+ data.putString("com.mapbox.EnableEvents", "false");
|
||||
+ data.putString("com.microsoft.engagementinsights.autoCapture", "false");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.AutoCheckForSurveys", "false");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.AutoShowMixpanelUpdates", "false");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.DisableAppOpenEvent", "true");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.DisableDecideChecker", "true");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.DisableExceptionHandler", "true");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.DisableFallback", "true");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.DisableViewCrawler", "true");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.TestMode", "true");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.UseIpAddressForGeolocation", "false");
|
||||
+ data.putString("com.sprooki.LOCATION_SERVICES", "disable");
|
||||
+ data.putString("com.webengage.sdk.android.location_tracking", "false");
|
||||
+ data.putString("firebase_analytics_collection_deactivated", "true");
|
||||
+ data.putString("firebase_analytics_collection_enabled", "false");
|
||||
+ data.putString("firebase_crash_collection_enabled", "false");
|
||||
+ data.putString("firebase_crashlytics_collection_enabled", "false");
|
||||
+ data.putString("firebase_performance_collection_deactivated", "true");
|
||||
+ data.putString("google_analytics_adid_collection_enabled", "false");
|
||||
+ data.putString("google_analytics_automatic_screen_reporting_enabled", "false");
|
||||
+ data.putString("google_analytics_default_allow_ad_personalization_signals", "false");
|
||||
+ data.putString("google_analytics_ssaid_collection_enabled", "false");
|
||||
+ data.putString("SMT_USE_AD_ID", "0");
|
||||
+ data.putString("tapjoy.disable_advertising_id_check", "true");
|
||||
+ data.putString("tapjoy.disable_android_id_as_analytics_id", "true");
|
||||
+ data.putString("tapjoy.disable_automatic_session_tracking", "true");
|
||||
+ data.putString("tapjoy.disable_persistent_ids", "true");
|
||||
+ data.putString("tapjoy.disable_video_offers", "true");
|
||||
+ data.putString("tnkad_tracking", "false");
|
||||
}
|
||||
|
||||
String name = sa.getNonConfigurationString(
|
@ -1,113 +0,0 @@
|
||||
From 37658734891a14991c74563d9d86e5430d7ce672 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Bernhard=20Rosenkr=C3=A4nzer?= <bero@lindev.ch>
|
||||
Date: Mon, 4 Mar 2019 03:26:03 -0500
|
||||
Subject: [PATCH] Add permission to allow an APK to fake a signature.
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
This is needed by GmsCore (https://microg.org/) to pretend
|
||||
the existence of the official Play Services to applications calling
|
||||
Google APIs.
|
||||
|
||||
Forward-ported from https://github.com/microg/android_packages_apps_GmsCore/blob/master/patches/android_frameworks_base-N.patch
|
||||
|
||||
Change-Id: I603fd09200432f7e1bf997072188cdfa6da1594f
|
||||
Signed-off-by: Bernhard Rosenkränzer <bero@lindev.ch>
|
||||
---
|
||||
core/res/AndroidManifest.xml | 7 ++++++
|
||||
core/res/res/values/config.xml | 2 ++
|
||||
core/res/res/values/strings.xml | 4 ++++
|
||||
.../server/pm/PackageManagerService.java | 23 +++++++++++++++++--
|
||||
4 files changed, 34 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
|
||||
index 34d26f0da90..08f95ec1fdf 100644
|
||||
--- a/core/res/AndroidManifest.xml
|
||||
+++ b/core/res/AndroidManifest.xml
|
||||
@@ -2357,6 +2357,13 @@
|
||||
android:description="@string/permdesc_getPackageSize"
|
||||
android:protectionLevel="normal" />
|
||||
|
||||
+ <!-- @hide Allows an application to change the package signature as
|
||||
+ seen by applications -->
|
||||
+ <permission android:name="android.permission.FAKE_PACKAGE_SIGNATURE"
|
||||
+ android:protectionLevel="dangerous"
|
||||
+ android:label="@string/permlab_fakePackageSignature"
|
||||
+ android:description="@string/permdesc_fakePackageSignature" />
|
||||
+
|
||||
<!-- @deprecated No longer useful, see
|
||||
{@link android.content.pm.PackageManager#addPackageToPreferred}
|
||||
for details. -->
|
||||
diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml
|
||||
index cf9bd122baf..2047c336acd 100644
|
||||
--- a/core/res/res/values/config.xml
|
||||
+++ b/core/res/res/values/config.xml
|
||||
@@ -1682,6 +1682,8 @@
|
||||
<string-array name="config_locationProviderPackageNames" translatable="false">
|
||||
<!-- The standard AOSP fused location provider -->
|
||||
<item>com.android.location.fused</item>
|
||||
+ <!-- The (faked) microg fused location provider (a free reimplementation) -->
|
||||
+ <item>com.google.android.gms</item>
|
||||
</string-array>
|
||||
|
||||
<!-- This string array can be overriden to enable test location providers initially. -->
|
||||
diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
|
||||
index f6600462ea7..bad13100a79 100644
|
||||
--- a/core/res/res/values/strings.xml
|
||||
+++ b/core/res/res/values/strings.xml
|
||||
@@ -785,6 +785,10 @@
|
||||
|
||||
<!-- Permissions -->
|
||||
|
||||
+ <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
+ <string name="permlab_fakePackageSignature">Spoof package signature</string>
|
||||
+ <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
+ <string name="permdesc_fakePackageSignature">Allows the app to pretend to be a different app. Malicious applications might be able to use this to access private application data. Legitimate uses include an emulator pretending to be what it emulates. Grant this permission with caution only!</string>
|
||||
<!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
<string name="permlab_statusBar">disable or modify status bar</string>
|
||||
<!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
|
||||
index 9b50a1545a5..58dc3fe926f 100644
|
||||
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
|
||||
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
|
||||
@@ -4179,8 +4179,9 @@ public class PackageManagerService extends IPackageManager.Stub
|
||||
final Set<String> permissions = ArrayUtils.isEmpty(p.requestedPermissions)
|
||||
? Collections.emptySet() : permissionsState.getPermissions(userId);
|
||||
|
||||
- PackageInfo packageInfo = PackageParser.generatePackageInfo(p, gids, flags,
|
||||
- ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId);
|
||||
+ PackageInfo packageInfo = mayFakeSignature(p, PackageParser.generatePackageInfo(p, gids, flags,
|
||||
+ ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId),
|
||||
+ permissions);
|
||||
|
||||
if (packageInfo == null) {
|
||||
return null;
|
||||
@@ -4038,6 +4039,24 @@ public class PackageManagerService extends IPackageManager.Stub
|
||||
}
|
||||
}
|
||||
|
||||
+ private PackageInfo mayFakeSignature(PackageParser.Package p, PackageInfo pi,
|
||||
+ Set<String> permissions) {
|
||||
+ try {
|
||||
+ if (permissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE")
|
||||
+ && p.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1
|
||||
+ && p.mAppMetaData != null) {
|
||||
+ String sig = p.mAppMetaData.getString("fake-signature");
|
||||
+ if (sig != null) {
|
||||
+ pi.signatures = new Signature[] {new Signature(sig)};
|
||||
+ }
|
||||
+ }
|
||||
+ } catch (Throwable t) {
|
||||
+ // We should never die because of any failures, this is system code!
|
||||
+ Log.w("PackageManagerService.FAKE_PACKAGE_SIGNATURE", t);
|
||||
+ }
|
||||
+ return pi;
|
||||
+ }
|
||||
+
|
||||
@Override
|
||||
public void checkPackageStartable(String packageName, int userId) {
|
||||
final int callingUid = Binder.getCallingUid();
|
||||
--
|
||||
2.20.1
|
||||
|
@ -1,26 +0,0 @@
|
||||
From c018c699ddaf7f9b76cf9f11cc4dc4308054cc0b Mon Sep 17 00:00:00 2001
|
||||
From: Tad <tad@spotco.us>
|
||||
Date: Mon, 12 Feb 2018 02:55:55 -0500
|
||||
Subject: [PATCH] Harden signature spoofing
|
||||
|
||||
Change-Id: I31e2a20923fff883c87fa6425408971657d3d7b3
|
||||
---
|
||||
core/res/AndroidManifest.xml | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
|
||||
index 653caaca2a6..7f547dd07ac 100644
|
||||
--- a/core/res/AndroidManifest.xml
|
||||
+++ b/core/res/AndroidManifest.xml
|
||||
@@ -2152,7 +2152,7 @@
|
||||
<!-- @hide Allows an application to change the package signature as
|
||||
seen by applications -->
|
||||
<permission android:name="android.permission.FAKE_PACKAGE_SIGNATURE"
|
||||
- android:protectionLevel="dangerous"
|
||||
+ android:protectionLevel="signature"
|
||||
android:label="@string/permlab_fakePackageSignature"
|
||||
android:description="@string/permdesc_fakePackageSignature" />
|
||||
|
||||
--
|
||||
2.16.1
|
||||
|
@ -1,78 +0,0 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Tad <tad@spotco.us>
|
||||
Date: Mon, 21 May 2018 04:23:40 -0400
|
||||
Subject: [PATCH] Disable/reduce functionality of various ad/analytics
|
||||
libraries
|
||||
|
||||
Change-Id: I84303ee26d0232e471f44ae6eff6e41a2210e42e
|
||||
---
|
||||
.../android/content/pm/PackageParser.java | 56 +++++++++++++++++++
|
||||
1 file changed, 56 insertions(+)
|
||||
|
||||
diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
|
||||
index 861b0d922d32..1a93325f24ff 100644
|
||||
--- a/core/java/android/content/pm/PackageParser.java
|
||||
+++ b/core/java/android/content/pm/PackageParser.java
|
||||
@@ -5598,6 +5598,62 @@ public class PackageParser {
|
||||
|
||||
if (data == null) {
|
||||
data = new Bundle();
|
||||
+ data.putString("acc_advertiser_id", "false");
|
||||
+ data.putString("acc_no_geoloc", "true");
|
||||
+ data.putString("acc_tracking_mode", "Restricted");
|
||||
+ data.putString("android.webkit.WebView.MetricsOptOut", "true");
|
||||
+ data.putString("AXACollectIp", "false");
|
||||
+ data.putString("batch_opted_out_by_default", "true");
|
||||
+ data.putString("CLEVERTAP_BACKGROUND_SYNC", "0");
|
||||
+ data.putString("CLEVERTAP_USE_GOOGLE_AD_ID", "0");
|
||||
+ data.putString("com.ad4screen.advertiser_id", "false");
|
||||
+ data.putString("com.ad4screen.no_geoloc", "true");
|
||||
+ data.putString("com.ad4screen.tracking_mode", "Restricted");
|
||||
+ data.putString("com.bugsnag.android.AUTO_CAPTURE_SESSIONS", "false");
|
||||
+ data.putString("com.bugsnag.android.AUTO_DETECT_ERRORS", "false");
|
||||
+ data.putString("com.bugsnag.android.AUTO_TRACK_SESSIONS", "false");
|
||||
+ data.putString("com.bugsnag.android.DETECT_ANR", "false");
|
||||
+ data.putString("com.bugsnag.android.DETECT_NDK_CRASHES", "false");
|
||||
+ data.putString("com.bugsnag.android.ENABLE_EXCEPTION_HANDLER", "false");
|
||||
+ data.putString("com.bugsnag.android.PERSIST_USER_BETWEEN_SESSIONS", "false");
|
||||
+ data.putString("com.bugsnag.android.PERSIST_USER", "false");
|
||||
+ data.putString("com.bugsnag.android.SEND_THREADS", "NEVER");
|
||||
+ data.putString("com.facebook.sdk.AdvertiserIDCollectionEnabled", "false");
|
||||
+ data.putString("com.facebook.sdk.AutoInitEnabled", "false");
|
||||
+ data.putString("com.facebook.sdk.AutoLogAppEventsEnabled", "false");
|
||||
+ data.putString("com.followanalytics.message.inapp.enable", "false");
|
||||
+ data.putString("com.followanalytics.message.push.enable", "false");
|
||||
+ data.putString("com.google.android.gms.ads.AD_MANAGER_APP", "false");
|
||||
+ data.putString("com.google.android.gms.ads.DELAY_APP_MEASUREMENT_INIT", "true");
|
||||
+ data.putString("com.mapbox.EnableEvents", "false");
|
||||
+ data.putString("com.microsoft.engagementinsights.autoCapture", "false");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.AutoCheckForSurveys", "false");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.AutoShowMixpanelUpdates", "false");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.DisableAppOpenEvent", "true");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.DisableDecideChecker", "true");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.DisableExceptionHandler", "true");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.DisableFallback", "true");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.DisableViewCrawler", "true");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.TestMode", "true");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.UseIpAddressForGeolocation", "false");
|
||||
+ data.putString("com.sprooki.LOCATION_SERVICES", "disable");
|
||||
+ data.putString("com.webengage.sdk.android.location_tracking", "false");
|
||||
+ data.putString("firebase_analytics_collection_deactivated", "true");
|
||||
+ data.putString("firebase_analytics_collection_enabled", "false");
|
||||
+ data.putString("firebase_crash_collection_enabled", "false");
|
||||
+ data.putString("firebase_crashlytics_collection_enabled", "false");
|
||||
+ data.putString("firebase_performance_collection_deactivated", "true");
|
||||
+ data.putString("google_analytics_adid_collection_enabled", "false");
|
||||
+ data.putString("google_analytics_automatic_screen_reporting_enabled", "false");
|
||||
+ data.putString("google_analytics_default_allow_ad_personalization_signals", "false");
|
||||
+ data.putString("google_analytics_ssaid_collection_enabled", "false");
|
||||
+ data.putString("SMT_USE_AD_ID", "0");
|
||||
+ data.putString("tapjoy.disable_advertising_id_check", "true");
|
||||
+ data.putString("tapjoy.disable_android_id_as_analytics_id", "true");
|
||||
+ data.putString("tapjoy.disable_automatic_session_tracking", "true");
|
||||
+ data.putString("tapjoy.disable_persistent_ids", "true");
|
||||
+ data.putString("tapjoy.disable_video_offers", "true");
|
||||
+ data.putString("tnkad_tracking", "false");
|
||||
}
|
||||
|
||||
String name = sa.getNonConfigurationString(
|
@ -1,158 +0,0 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Philip Nagler-Frank <philip@nagler.world>
|
||||
Date: Mon, 22 Mar 2021 21:03:57 -0400
|
||||
Subject: [PATCH] Add permission to allow an APK to fake a signature.
|
||||
|
||||
Change-Id: I770c2c8b2ab6857d4ea0a4142fb814302685a64e
|
||||
---
|
||||
api/current.txt | 2 ++
|
||||
core/res/AndroidManifest.xml | 15 ++++++++++++
|
||||
core/res/res/values/config.xml | 2 ++
|
||||
core/res/res/values/strings.xml | 12 ++++++++++
|
||||
non-updatable-api/current.txt | 2 ++
|
||||
.../server/pm/PackageManagerService.java | 23 +++++++++++++++++--
|
||||
6 files changed, 54 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/api/current.txt b/api/current.txt
|
||||
index 952ccdad992c..6bd7ffe6dcb8 100644
|
||||
--- a/api/current.txt
|
||||
+++ b/api/current.txt
|
||||
@@ -77,6 +77,7 @@ package android {
|
||||
field public static final String DIAGNOSTIC = "android.permission.DIAGNOSTIC";
|
||||
field public static final String DISABLE_KEYGUARD = "android.permission.DISABLE_KEYGUARD";
|
||||
field public static final String DUMP = "android.permission.DUMP";
|
||||
+ field public static final String FAKE_PACKAGE_SIGNATURE = "android.permission.FAKE_PACKAGE_SIGNATURE";
|
||||
field public static final String EXPAND_STATUS_BAR = "android.permission.EXPAND_STATUS_BAR";
|
||||
field public static final String FACTORY_TEST = "android.permission.FACTORY_TEST";
|
||||
field public static final String FOREGROUND_SERVICE = "android.permission.FOREGROUND_SERVICE";
|
||||
@@ -182,6 +183,7 @@ package android {
|
||||
field public static final String CALL_LOG = "android.permission-group.CALL_LOG";
|
||||
field public static final String CAMERA = "android.permission-group.CAMERA";
|
||||
field public static final String CONTACTS = "android.permission-group.CONTACTS";
|
||||
+ field public static final String FAKE_PACKAGE = "android.permission-group.FAKE_PACKAGE";
|
||||
field public static final String LOCATION = "android.permission-group.LOCATION";
|
||||
field public static final String MICROPHONE = "android.permission-group.MICROPHONE";
|
||||
field public static final String PHONE = "android.permission-group.PHONE";
|
||||
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
|
||||
index ee428371a016..ad6cfd6ae501 100644
|
||||
--- a/core/res/AndroidManifest.xml
|
||||
+++ b/core/res/AndroidManifest.xml
|
||||
@@ -2852,6 +2852,21 @@
|
||||
android:description="@string/permdesc_getPackageSize"
|
||||
android:protectionLevel="normal" />
|
||||
|
||||
+ <!-- Dummy user-facing group for faking package signature -->
|
||||
+ <permission-group android:name="android.permission-group.FAKE_PACKAGE"
|
||||
+ android:label="@string/permgrouplab_fake_package_signature"
|
||||
+ android:description="@string/permgroupdesc_fake_package_signature"
|
||||
+ android:request="@string/permgrouprequest_fake_package_signature"
|
||||
+ android:priority="100" />
|
||||
+
|
||||
+ <!-- Allows an application to change the package signature as
|
||||
+ seen by applications -->
|
||||
+ <permission android:name="android.permission.FAKE_PACKAGE_SIGNATURE"
|
||||
+ android:permissionGroup="android.permission-group.UNDEFINED"
|
||||
+ android:protectionLevel="dangerous"
|
||||
+ android:label="@string/permlab_fakePackageSignature"
|
||||
+ android:description="@string/permdesc_fakePackageSignature" />
|
||||
+
|
||||
<!-- @deprecated No longer useful, see
|
||||
{@link android.content.pm.PackageManager#addPackageToPreferred}
|
||||
for details. -->
|
||||
diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml
|
||||
index f4efcc7e4eec..51b461e79492 100644
|
||||
--- a/core/res/res/values/config.xml
|
||||
+++ b/core/res/res/values/config.xml
|
||||
@@ -1654,6 +1654,8 @@
|
||||
<string-array name="config_locationProviderPackageNames" translatable="false">
|
||||
<!-- The standard AOSP fused location provider -->
|
||||
<item>com.android.location.fused</item>
|
||||
+ <!-- Google Play Services or microG (free reimplementation) location provider -->
|
||||
+ <item>com.google.android.gms</item>
|
||||
</string-array>
|
||||
|
||||
<!-- This string array can be overriden to enable test location providers initially. -->
|
||||
diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
|
||||
index 5c659123b027..4ea996c492c7 100644
|
||||
--- a/core/res/res/values/strings.xml
|
||||
+++ b/core/res/res/values/strings.xml
|
||||
@@ -847,6 +847,18 @@
|
||||
|
||||
<!-- Permissions -->
|
||||
|
||||
+ <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
+ <string name="permlab_fakePackageSignature">Spoof package signature</string>
|
||||
+ <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
+ <string name="permdesc_fakePackageSignature">Allows the app to pretend to be a different app. Malicious applications might be able to use this to access private application data. Legitimate uses include an emulator pretending to be what it emulates. Grant this permission with caution only!</string>
|
||||
+ <!-- Title of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
+ <string name="permgrouplab_fake_package_signature">Spoof package signature</string>
|
||||
+ <!-- Description of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
+ <string name="permgroupdesc_fake_package_signature">allow to spoof package signature</string>
|
||||
+ <!-- Message shown to the user when the apps requests permission from this group. If ever possible this should stay below 80 characters (assuming the parameters takes 20 characters). Don't abbreviate until the message reaches 120 characters though. [CHAR LIMIT=120] -->
|
||||
+ <string name="permgrouprequest_fake_package_signature">Allow
|
||||
+ <b><xliff:g id="app_name" example="Gmail">%1$s</xliff:g></b> to spoof package signature?</string>
|
||||
+
|
||||
<!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
<string name="permlab_statusBar">disable or modify status bar</string>
|
||||
<!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
diff --git a/non-updatable-api/current.txt b/non-updatable-api/current.txt
|
||||
index 5f15216e8400..57748a8090a2 100644
|
||||
--- a/non-updatable-api/current.txt
|
||||
+++ b/non-updatable-api/current.txt
|
||||
@@ -79,6 +79,7 @@ package android {
|
||||
field public static final String DUMP = "android.permission.DUMP";
|
||||
field public static final String EXPAND_STATUS_BAR = "android.permission.EXPAND_STATUS_BAR";
|
||||
field public static final String FACTORY_TEST = "android.permission.FACTORY_TEST";
|
||||
+ field public static final String FAKE_PACKAGE_SIGNATURE = "android.permission.FAKE_PACKAGE_SIGNATURE";
|
||||
field public static final String FOREGROUND_SERVICE = "android.permission.FOREGROUND_SERVICE";
|
||||
field public static final String GET_ACCOUNTS = "android.permission.GET_ACCOUNTS";
|
||||
field public static final String GET_ACCOUNTS_PRIVILEGED = "android.permission.GET_ACCOUNTS_PRIVILEGED";
|
||||
@@ -182,6 +183,7 @@ package android {
|
||||
field public static final String CALL_LOG = "android.permission-group.CALL_LOG";
|
||||
field public static final String CAMERA = "android.permission-group.CAMERA";
|
||||
field public static final String CONTACTS = "android.permission-group.CONTACTS";
|
||||
+ field public static final String FAKE_PACKAGE = "android.permission-group.FAKE_PACKAGE";
|
||||
field public static final String LOCATION = "android.permission-group.LOCATION";
|
||||
field public static final String MICROPHONE = "android.permission-group.MICROPHONE";
|
||||
field public static final String PHONE = "android.permission-group.PHONE";
|
||||
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
|
||||
index ea9378e98b1a..c2a677613c6d 100644
|
||||
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
|
||||
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
|
||||
@@ -4454,8 +4454,9 @@ public class PackageManagerService extends IPackageManager.Stub
|
||||
});
|
||||
}
|
||||
|
||||
- PackageInfo packageInfo = PackageInfoUtils.generate(p, gids, flags,
|
||||
- ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId, ps);
|
||||
+ PackageInfo packageInfo = mayFakeSignature(p, PackageInfoUtils.generate(p, gids, flags,
|
||||
+ ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId, ps),
|
||||
+ permissions);
|
||||
|
||||
if (packageInfo == null) {
|
||||
return null;
|
||||
@@ -4491,6 +4492,24 @@ public class PackageManagerService extends IPackageManager.Stub
|
||||
}
|
||||
}
|
||||
|
||||
+ private PackageInfo mayFakeSignature(AndroidPackage p, PackageInfo pi,
|
||||
+ Set<String> permissions) {
|
||||
+ try {
|
||||
+ if (permissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE")
|
||||
+ && p.getTargetSdkVersion() > Build.VERSION_CODES.LOLLIPOP_MR1
|
||||
+ && p.getMetaData() != null) {
|
||||
+ String sig = p.getMetaData().getString("fake-signature");
|
||||
+ if (sig != null) {
|
||||
+ pi.signatures = new Signature[] {new Signature(sig)};
|
||||
+ }
|
||||
+ }
|
||||
+ } catch (Throwable t) {
|
||||
+ // We should never die because of any failures, this is system code!
|
||||
+ Log.w("PackageManagerService.FAKE_PACKAGE_SIGNATURE", t);
|
||||
+ }
|
||||
+ return pi;
|
||||
+ }
|
||||
+
|
||||
@Override
|
||||
public void checkPackageStartable(String packageName, int userId) {
|
||||
final int callingUid = Binder.getCallingUid();
|
@ -1,23 +0,0 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Tad <tad@spotco.us>
|
||||
Date: Mon, 12 Feb 2018 02:55:55 -0500
|
||||
Subject: [PATCH] Harden signature spoofing
|
||||
|
||||
Change-Id: I31e2a20923fff883c87fa6425408971657d3d7b3
|
||||
---
|
||||
core/res/AndroidManifest.xml | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
|
||||
index ad6cfd6ae501..acd7dbbbc4b1 100644
|
||||
--- a/core/res/AndroidManifest.xml
|
||||
+++ b/core/res/AndroidManifest.xml
|
||||
@@ -2863,7 +2863,7 @@
|
||||
seen by applications -->
|
||||
<permission android:name="android.permission.FAKE_PACKAGE_SIGNATURE"
|
||||
android:permissionGroup="android.permission-group.UNDEFINED"
|
||||
- android:protectionLevel="dangerous"
|
||||
+ android:protectionLevel="signature"
|
||||
android:label="@string/permlab_fakePackageSignature"
|
||||
android:description="@string/permdesc_fakePackageSignature" />
|
||||
|
@ -1,78 +0,0 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Tad <tad@spotco.us>
|
||||
Date: Mon, 21 May 2018 04:23:40 -0400
|
||||
Subject: [PATCH] Disable/reduce functionality of various ad/analytics
|
||||
libraries
|
||||
|
||||
Change-Id: I84303ee26d0232e471f44ae6eff6e41a2210e42e
|
||||
---
|
||||
.../android/content/pm/PackageParser.java | 56 +++++++++++++++++++
|
||||
1 file changed, 56 insertions(+)
|
||||
|
||||
diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
|
||||
index 70e4e6cbf622..44feb7f38653 100644
|
||||
--- a/core/java/android/content/pm/PackageParser.java
|
||||
+++ b/core/java/android/content/pm/PackageParser.java
|
||||
@@ -5551,6 +5551,62 @@ public class PackageParser {
|
||||
|
||||
if (data == null) {
|
||||
data = new Bundle();
|
||||
+ data.putString("acc_advertiser_id", "false");
|
||||
+ data.putString("acc_no_geoloc", "true");
|
||||
+ data.putString("acc_tracking_mode", "Restricted");
|
||||
+ data.putString("android.webkit.WebView.MetricsOptOut", "true");
|
||||
+ data.putString("AXACollectIp", "false");
|
||||
+ data.putString("batch_opted_out_by_default", "true");
|
||||
+ data.putString("CLEVERTAP_BACKGROUND_SYNC", "0");
|
||||
+ data.putString("CLEVERTAP_USE_GOOGLE_AD_ID", "0");
|
||||
+ data.putString("com.ad4screen.advertiser_id", "false");
|
||||
+ data.putString("com.ad4screen.no_geoloc", "true");
|
||||
+ data.putString("com.ad4screen.tracking_mode", "Restricted");
|
||||
+ data.putString("com.bugsnag.android.AUTO_CAPTURE_SESSIONS", "false");
|
||||
+ data.putString("com.bugsnag.android.AUTO_DETECT_ERRORS", "false");
|
||||
+ data.putString("com.bugsnag.android.AUTO_TRACK_SESSIONS", "false");
|
||||
+ data.putString("com.bugsnag.android.DETECT_ANR", "false");
|
||||
+ data.putString("com.bugsnag.android.DETECT_NDK_CRASHES", "false");
|
||||
+ data.putString("com.bugsnag.android.ENABLE_EXCEPTION_HANDLER", "false");
|
||||
+ data.putString("com.bugsnag.android.PERSIST_USER_BETWEEN_SESSIONS", "false");
|
||||
+ data.putString("com.bugsnag.android.PERSIST_USER", "false");
|
||||
+ data.putString("com.bugsnag.android.SEND_THREADS", "NEVER");
|
||||
+ data.putString("com.facebook.sdk.AdvertiserIDCollectionEnabled", "false");
|
||||
+ data.putString("com.facebook.sdk.AutoInitEnabled", "false");
|
||||
+ data.putString("com.facebook.sdk.AutoLogAppEventsEnabled", "false");
|
||||
+ data.putString("com.followanalytics.message.inapp.enable", "false");
|
||||
+ data.putString("com.followanalytics.message.push.enable", "false");
|
||||
+ data.putString("com.google.android.gms.ads.AD_MANAGER_APP", "false");
|
||||
+ data.putString("com.google.android.gms.ads.DELAY_APP_MEASUREMENT_INIT", "true");
|
||||
+ data.putString("com.mapbox.EnableEvents", "false");
|
||||
+ data.putString("com.microsoft.engagementinsights.autoCapture", "false");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.AutoCheckForSurveys", "false");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.AutoShowMixpanelUpdates", "false");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.DisableAppOpenEvent", "true");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.DisableDecideChecker", "true");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.DisableExceptionHandler", "true");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.DisableFallback", "true");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.DisableViewCrawler", "true");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.TestMode", "true");
|
||||
+ data.putString("com.mixpanel.android.MPConfig.UseIpAddressForGeolocation", "false");
|
||||
+ data.putString("com.sprooki.LOCATION_SERVICES", "disable");
|
||||
+ data.putString("com.webengage.sdk.android.location_tracking", "false");
|
||||
+ data.putString("firebase_analytics_collection_deactivated", "true");
|
||||
+ data.putString("firebase_analytics_collection_enabled", "false");
|
||||
+ data.putString("firebase_crash_collection_enabled", "false");
|
||||
+ data.putString("firebase_crashlytics_collection_enabled", "false");
|
||||
+ data.putString("firebase_performance_collection_deactivated", "true");
|
||||
+ data.putString("google_analytics_adid_collection_enabled", "false");
|
||||
+ data.putString("google_analytics_automatic_screen_reporting_enabled", "false");
|
||||
+ data.putString("google_analytics_default_allow_ad_personalization_signals", "false");
|
||||
+ data.putString("google_analytics_ssaid_collection_enabled", "false");
|
||||
+ data.putString("SMT_USE_AD_ID", "0");
|
||||
+ data.putString("tapjoy.disable_advertising_id_check", "true");
|
||||
+ data.putString("tapjoy.disable_android_id_as_analytics_id", "true");
|
||||
+ data.putString("tapjoy.disable_automatic_session_tracking", "true");
|
||||
+ data.putString("tapjoy.disable_persistent_ids", "true");
|
||||
+ data.putString("tapjoy.disable_video_offers", "true");
|
||||
+ data.putString("tnkad_tracking", "false");
|
||||
}
|
||||
|
||||
String name = sa.getNonConfigurationString(
|
@ -1,31 +0,0 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Philip Nagler-Frank <philip@nagler.world>
|
||||
Date: Mon, 22 Mar 2021 21:07:09 -0400
|
||||
Subject: [PATCH] Add permission to allow an APK to fake a signature.
|
||||
|
||||
Change-Id: Iffcffde30416bd897d8afe0b4f72538a586ccab9
|
||||
---
|
||||
.../android/permissioncontroller/permission/utils/Utils.java | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/src/com/android/permissioncontroller/permission/utils/Utils.java b/src/com/android/permissioncontroller/permission/utils/Utils.java
|
||||
index 65fdd590a..fdd71e215 100644
|
||||
--- a/src/com/android/permissioncontroller/permission/utils/Utils.java
|
||||
+++ b/src/com/android/permissioncontroller/permission/utils/Utils.java
|
||||
@@ -23,6 +23,7 @@ import static android.Manifest.permission_group.CALENDAR;
|
||||
import static android.Manifest.permission_group.CALL_LOG;
|
||||
import static android.Manifest.permission_group.CAMERA;
|
||||
import static android.Manifest.permission_group.CONTACTS;
|
||||
+import static android.Manifest.permission_group.FAKE_PACKAGE;
|
||||
import static android.Manifest.permission_group.LOCATION;
|
||||
import static android.Manifest.permission_group.MICROPHONE;
|
||||
import static android.Manifest.permission_group.PHONE;
|
||||
@@ -209,6 +210,8 @@ public final class Utils {
|
||||
|
||||
PLATFORM_PERMISSIONS.put(Manifest.permission.BODY_SENSORS, SENSORS);
|
||||
|
||||
+ PLATFORM_PERMISSIONS.put(Manifest.permission.FAKE_PACKAGE_SIGNATURE, FAKE_PACKAGE);
|
||||
+
|
||||
PLATFORM_PERMISSION_GROUPS = new ArrayMap<>();
|
||||
int numPlatformPermissions = PLATFORM_PERMISSIONS.size();
|
||||
for (int i = 0; i < numPlatformPermissions; i++) {
|
@ -1 +1 @@
|
||||
Subproject commit defba989e7004809c1d67c2ba47952b66f9dd3cb
|
||||
Subproject commit 247e39cddabf7877cbe61c6d196a80d6e0ed4cc0
|
@ -16,13 +16,6 @@
|
||||
#along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
umask 0022;
|
||||
|
||||
if [ "$DOS_NON_COMMERCIAL_USE_PATCHES" = true ]; then
|
||||
echo -e "\e[0;33mWARNING: YOU HAVE ENABLED PATCHES THAT WHILE ARE OPEN SOURCE ARE ALSO ENCUMBERED BY RESTRICTIVE LICENSES\e[0m";
|
||||
echo -e "\e[0;33mPLEASE SEE THE 'LICENSES' FILE AT THE ROOT OF THIS REPOSITORY FOR MORE INFORMATION\e[0m";
|
||||
echo -e "\e[0;33mDISABLE THEM BY SETTING 'NON_COMMERCIAL_USE_PATCHES' TO 'false' IN 'Scripts/init.sh'\e[0m";
|
||||
sleep 15;
|
||||
fi;
|
||||
|
||||
startPatcher() {
|
||||
java -jar "$DOS_BINARY_PATCHER" patch workspace "$DOS_BUILD_BASE" "$DOS_WORKSPACE_ROOT""Patches/Linux/" "$DOS_SCRIPTS_CVES" $1;
|
||||
}
|
||||
@ -406,16 +399,6 @@ removeBuildFingerprints() {
|
||||
}
|
||||
export -f removeBuildFingerprints;
|
||||
|
||||
disableDexPreOpt() {
|
||||
cd "$DOS_BUILD_BASE$1";
|
||||
if [ -f BoardConfig.mk ]; then
|
||||
sed -i "s/WITH_DEXPREOPT := true/WITH_DEXPREOPT := false/" BoardConfig.mk;
|
||||
echo "Disabled dexpreopt";
|
||||
fi;
|
||||
cd "$DOS_BUILD_BASE";
|
||||
}
|
||||
export -f disableDexPreOpt;
|
||||
|
||||
compressRamdisks() {
|
||||
if [ -f BoardConfig.mk ]; then
|
||||
echo "LZMA_RAMDISK_TARGETS := boot,recovery" >> BoardConfig.mk;
|
||||
@ -424,23 +407,6 @@ compressRamdisks() {
|
||||
}
|
||||
export -f compressRamdisks;
|
||||
|
||||
addVerity() {
|
||||
echo 'ifeq ($(TARGET_BUILD_VARIANT),user)' >> device.mk;
|
||||
echo 'PRODUCT_SYSTEM_VERITY_PARTITION := /dev/block/by-name/system' >> device.mk;
|
||||
echo '$(call inherit-product, build/target/product/verity.mk)' >> device.mk;
|
||||
echo 'endif' >> device.mk;
|
||||
|
||||
sed -i '/on init/a\\ verity_load_state' rootdir/etc/init."${PWD##*/}".rc;
|
||||
sed -i '/on early-boot/a\\ verity_update_state' rootdir/etc/init."${PWD##*/}".rc;
|
||||
}
|
||||
export -f addVerity;
|
||||
|
||||
optimizeImagesRecursive() {
|
||||
find "$1" -type f -name "*.jp*g" -print0 | xargs -0 -n1 -P 16 jpegoptim;
|
||||
find "$1" -type f -name "*.png" -print0 | xargs -0 -n1 -P 16 optipng;
|
||||
}
|
||||
export -f optimizeImagesRecursive;
|
||||
|
||||
smallerSystem() {
|
||||
echo "BOARD_SYSTEMIMAGE_JOURNAL_SIZE := 0" >> BoardConfig.mk;
|
||||
echo "PRODUCT_MINIMIZE_JAVA_DEBUG_INFO := true" >> device.mk;
|
||||
@ -463,18 +429,6 @@ deblobAudio() {
|
||||
}
|
||||
export -f deblobAudio;
|
||||
|
||||
imsAllowDiag() {
|
||||
find device -name "ims.te" -type f -exec sh -c "echo 'diag_use(ims)' >> {}" \;
|
||||
find device -name "hal_imsrtp.te" -type f -exec sh -c "echo 'diag_use(hal_imsrtp)' >> {}" \;
|
||||
}
|
||||
export -f imsAllowDiag;
|
||||
|
||||
extremeWiFiDeepSleep() {
|
||||
sed -i 's/gEnablePowerSaveOffload=2/gEnablePowerSaveOffload=4/' $1;
|
||||
echo "Enabled extreme Wi-Fi deep sleep for $1";
|
||||
}
|
||||
export -f extremeWiFiDeepSleep;
|
||||
|
||||
volteOverride() {
|
||||
cd "$DOS_BUILD_BASE$1";
|
||||
if grep -sq "config_device_volte_available" "overlay/frameworks/base/core/res/res/values/config.xml"; then
|
||||
@ -558,14 +512,6 @@ hardenLocationFWB() {
|
||||
}
|
||||
export -f hardenLocationFWB;
|
||||
|
||||
enableZram() {
|
||||
cd "$DOS_BUILD_BASE$1";
|
||||
sed -i 's|#/dev/block/zram0|/dev/block/zram0|' *fstab* */*fstab* */*/*fstab* &>/dev/null || true;
|
||||
echo "Enabled zram for $1";
|
||||
cd "$DOS_BUILD_BASE";
|
||||
}
|
||||
export -f enableZram;
|
||||
|
||||
hardenUserdata() {
|
||||
cd "$DOS_BUILD_BASE$1";
|
||||
|
||||
|
@ -63,7 +63,6 @@ buildAll() {
|
||||
umask 0022;
|
||||
cd "$DOS_BUILD_BASE";
|
||||
if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanWorkspaceForMalware; fi;
|
||||
if [ "$DOS_OPTIMIZE_IMAGES" = true ]; then optimizeImagesRecursive "$DOS_BUILD_BASE"; fi;
|
||||
#Select devices are userdebug due to SELinux policy issues
|
||||
#SD600
|
||||
buildDeviceUserDebug m7;
|
||||
|
@ -98,13 +98,9 @@ if enterAndClear "frameworks/base"; then
|
||||
git revert --no-edit 0326bb5e41219cf502727c3aa44ebf2daa19a5b3; #Re-enable doze on devices without gms
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/248599.patch"; #Make SET_TIME_ZONE permission match SET_TIME
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0001-Reduced_Resolution.patch"; #Allow reducing resolution to save power TODO: Add 800x480
|
||||
#applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Connectivity.patch"; #Change connectivity check URLs to ours
|
||||
#applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries
|
||||
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0001-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969)
|
||||
if [ "$DOS_SENSORS_PERM" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0009-Sensors-P1.patch"; fi; #Permission for sensors access (MSe1969)
|
||||
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0003-Signature_Spoofing.patch"; fi; #Allow packages to spoof their signature (microG)
|
||||
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0005-Harden_Sig_Spoofing.patch"; fi; #Restrict signature spoofing to system apps signed with the platform key
|
||||
hardenLocationFWB "$DOS_BUILD_BASE"; #Harden the default GPS config
|
||||
changeDefaultDNS; #Change the default DNS servers
|
||||
sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox internal logging service
|
||||
@ -222,7 +218,6 @@ applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0002-Sensors-P2.patch";
|
||||
fi;
|
||||
sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/ChooseLockPassword.java; #Increase max password length (GrapheneOS)
|
||||
sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service
|
||||
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/PrivacySettings.java; fi; #microG doesn't support Backup, hide the options
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/apps/SetupWizard"; then
|
||||
@ -293,7 +288,6 @@ fi;
|
||||
awk -i inplace '!/def_backup_transport/' overlay/common/frameworks/base/packages/SettingsProvider/res/values/defaults.xml; #Unset default backup provider
|
||||
if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then sed -i '/Google provider/!b;n;s/com.google.android.gms/org.microg.nlp/' overlay/common/frameworks/base/core/res/res/values/config.xml; fi; #Adjust the fused providers
|
||||
sed -i 's/CM_BUILDTYPE := UNOFFICIAL/CM_BUILDTYPE := dos/' config/common.mk; #Change buildtype
|
||||
if [ "$DOS_NON_COMMERCIAL_USE_PATCHES" = true ]; then sed -i 's/CM_BUILDTYPE := dos/CM_BUILDTYPE := dosNC/' config/common.mk; fi;
|
||||
echo 'include vendor/divested/divestos.mk' >> config/common.mk; #Include our customizations
|
||||
cp -f "$DOS_PATCHES_COMMON/apns-conf.xml" prebuilt/common/etc/apns-conf.xml; #Update APN list
|
||||
if [ "$DOS_SILENCE_INCLUDED" = true ]; then sed -i 's/messaging/Silence/' config/telephony.mk; fi; #Replace the Messaging app with Silence
|
||||
@ -310,8 +304,6 @@ fi;
|
||||
if enter "vendor/divested"; then
|
||||
if [ "$DOS_MICROG_INCLUDED" != "NONE" ]; then echo "PRODUCT_PACKAGES += DejaVuNlpBackend IchnaeaNlpBackend NominatimNlpBackend" >> packages.mk; fi; #Include UnifiedNlp backends
|
||||
if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then echo "PRODUCT_PACKAGES += UnifiedNLP" >> packages.mk; fi; #Include UnifiedNlp
|
||||
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then echo "PRODUCT_PACKAGES += GmsCore GsfProxy FakeStore" >> packages.mk; fi; #Include microG
|
||||
if [ "$DOS_HOSTS_BLOCKING" = false ]; then echo "PRODUCT_PACKAGES += $DOS_HOSTS_BLOCKING_APP" >> packages.mk; fi; #Include blocker app
|
||||
sed -i 's/TalkBack/TalkBackLegacy/' packages.mk;
|
||||
fi;
|
||||
#
|
||||
|
@ -54,7 +54,6 @@ buildAll() {
|
||||
umask 0022;
|
||||
cd "$DOS_BUILD_BASE";
|
||||
if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanWorkspaceForMalware; fi;
|
||||
if [ "$DOS_OPTIMIZE_IMAGES" = true ]; then optimizeImagesRecursive "$DOS_BUILD_BASE"; fi;
|
||||
#SDS4P
|
||||
buildDevice flo; #Last version without repartitioning required + 18.1 has random power off issue
|
||||
#SD801
|
||||
|
@ -112,14 +112,10 @@ fi;
|
||||
#fi;
|
||||
|
||||
if enterAndClear "frameworks/base"; then
|
||||
#applyPatch "$DOS_PATCHES/android_frameworks_base/0005-Connectivity.patch"; #Change connectivity check URLs to ours
|
||||
#applyPatch "$DOS_PATCHES/android_frameworks_base/0006-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries
|
||||
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0001-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969)
|
||||
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after three failed attempts (GrapheneOS)
|
||||
if [ "$DOS_SENSORS_PERM" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Sensors.patch"; fi; #Permission for sensors access (MSe1969)
|
||||
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0002-Signature_Spoofing.patch"; fi; #Allow packages to spoof their signature (microG)
|
||||
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0003-Harden_Sig_Spoofing.patch"; fi; #Restrict signature spoofing to system apps signed with the platform key
|
||||
sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox internal logging service
|
||||
sed -i 's/DEFAULT_MAX_FILES_LOWRAM = 300;/DEFAULT_MAX_FILES_LOWRAM = 0;/' services/core/java/com/android/server/DropBoxManagerService.java;
|
||||
sed -i 's/(notif.needNotify)/(true)/' location/java/com/android/internal/location/GpsNetInitiatedHandler.java; #Notify the user if their location is requested via SUPL
|
||||
@ -212,7 +208,6 @@ applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0005-Sensors-P2.patch";
|
||||
fi;
|
||||
sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase max password length (GrapheneOS)
|
||||
sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service
|
||||
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/PrivacySettings.java; fi; #microG doesn't support Backup, hide the options
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/apps/SetupWizard"; then
|
||||
@ -276,7 +271,6 @@ awk -i inplace '!/def_backup_transport/' overlay/common/frameworks/base/packages
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then awk -i inplace '!/AudioFX/' config/common.mk; fi; #Remove AudioFX
|
||||
if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then sed -i '/Google provider/!b;n;s/com.google.android.gms/org.microg.nlp/' overlay/common/frameworks/base/core/res/res/values/config.xml; fi; #Adjust the fused providers
|
||||
sed -i 's/LINEAGE_BUILDTYPE := UNOFFICIAL/LINEAGE_BUILDTYPE := dos/' config/common.mk; #Change buildtype
|
||||
if [ "$DOS_NON_COMMERCIAL_USE_PATCHES" = true ]; then sed -i 's/LINEAGE_BUILDTYPE := dos/LINEAGE_BUILDTYPE := dosNC/' config/common.mk; fi;
|
||||
echo 'include vendor/divested/divestos.mk' >> config/common.mk; #Include our customizations
|
||||
cp -f "$DOS_PATCHES_COMMON/apns-conf.xml" prebuilt/common/etc/apns-conf.xml; #Update APN list
|
||||
if [ "$DOS_SILENCE_INCLUDED" = true ]; then sed -i 's/messaging/Silence/' config/telephony.mk; fi; #Replace the Messaging app with Silence
|
||||
@ -287,8 +281,6 @@ fi;
|
||||
if enter "vendor/divested"; then
|
||||
if [ "$DOS_MICROG_INCLUDED" != "NONE" ]; then echo "PRODUCT_PACKAGES += DejaVuNlpBackend IchnaeaNlpBackend NominatimNlpBackend" >> packages.mk; fi; #Include UnifiedNlp backends
|
||||
if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then echo "PRODUCT_PACKAGES += UnifiedNLP" >> packages.mk; fi; #Include UnifiedNlp
|
||||
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then echo "PRODUCT_PACKAGES += GmsCore GsfProxy FakeStore" >> packages.mk; fi; #Include microG
|
||||
if [ "$DOS_HOSTS_BLOCKING" = false ]; then echo "PRODUCT_PACKAGES += $DOS_HOSTS_BLOCKING_APP" >> packages.mk; fi; #Include blocker app
|
||||
fi;
|
||||
#
|
||||
#END OF ROM CHANGES
|
||||
|
@ -54,7 +54,6 @@ buildAll() {
|
||||
umask 0022;
|
||||
cd "$DOS_BUILD_BASE";
|
||||
if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanWorkspaceForMalware; fi;
|
||||
if [ "$DOS_OPTIMIZE_IMAGES" = true ]; then optimizeImagesRecursive "$DOS_BUILD_BASE"; fi;
|
||||
#SD800
|
||||
buildDevice hammerhead; #broken Bluetooth + maybe broken sepolicy
|
||||
#SD801
|
||||
|
@ -138,8 +138,6 @@ if [ "$DOS_GRAPHENE_MALLOC" = true ]; then applyPatch "$DOS_PATCHES/android_fram
|
||||
fi;
|
||||
|
||||
if enterAndClear "frameworks/base"; then
|
||||
#applyPatch "$DOS_PATCHES/android_frameworks_base/0005-Connectivity.patch"; #Change connectivity check URLs to ours
|
||||
#applyPatch "$DOS_PATCHES/android_frameworks_base/0006-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch"; #Allow SystemUI to directly manage Bluetooth/WiFi (GrapheneOS)
|
||||
@ -167,8 +165,6 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-2.patch
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-3.patch";
|
||||
fi;
|
||||
if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0014-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS)
|
||||
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0002-Signature_Spoofing.patch"; fi; #Allow packages to spoof their signature (microG)
|
||||
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0003-Harden_Sig_Spoofing.patch"; fi; #Restrict signature spoofing to system apps signed with the platform key
|
||||
sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox internal logging service
|
||||
sed -i 's/DEFAULT_MAX_FILES_LOWRAM = 300;/DEFAULT_MAX_FILES_LOWRAM = 0;/' services/core/java/com/android/server/DropBoxManagerService.java;
|
||||
sed -i 's/(notif.needNotify)/(true)/' location/java/com/android/internal/location/GpsNetInitiatedHandler.java; #Notify the user if their location is requested via SUPL
|
||||
@ -285,7 +281,6 @@ fi;
|
||||
#applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0004-Private_DNS.patch"; #More 'Private DNS' options (CalyxOS) #TODO: Needs work
|
||||
sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase max password length (GrapheneOS)
|
||||
sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service
|
||||
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/PrivacySettings.java; fi; #microG doesn't support Backup, hide the options
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/apps/SetupWizard"; then
|
||||
@ -357,7 +352,6 @@ awk -i inplace '!/def_backup_transport/' overlay/common/frameworks/base/packages
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then awk -i inplace '!/AudioFX/' config/*.mk; fi; #Remove AudioFX
|
||||
if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then sed -i '/Google provider/!b;n;s/com.google.android.gms/org.microg.nlp/' overlay/common/frameworks/base/core/res/res/values/config.xml; fi; #Adjust the fused providers
|
||||
sed -i 's/LINEAGE_BUILDTYPE := UNOFFICIAL/LINEAGE_BUILDTYPE := dos/' config/*.mk; #Change buildtype
|
||||
if [ "$DOS_NON_COMMERCIAL_USE_PATCHES" = true ]; then sed -i 's/LINEAGE_BUILDTYPE := dos/LINEAGE_BUILDTYPE := dosNC/' config/*.mk; fi;
|
||||
echo 'include vendor/divested/divestos.mk' >> config/common.mk; #Include our customizations
|
||||
cp -f "$DOS_PATCHES_COMMON/apns-conf.xml" prebuilt/common/etc/apns-conf.xml; #Update APN list
|
||||
if [ "$DOS_SILENCE_INCLUDED" = true ]; then sed -i 's/messaging/Silence/' config/telephony.mk; fi; #Replace the Messaging app with Silence
|
||||
@ -368,8 +362,6 @@ fi;
|
||||
if enter "vendor/divested"; then
|
||||
if [ "$DOS_MICROG_INCLUDED" != "NONE" ]; then echo "PRODUCT_PACKAGES += DejaVuNlpBackend IchnaeaNlpBackend NominatimNlpBackend" >> packages.mk; fi; #Include UnifiedNlp backends
|
||||
if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then echo "PRODUCT_PACKAGES += UnifiedNLP" >> packages.mk; fi; #Include UnifiedNlp
|
||||
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then echo "PRODUCT_PACKAGES += GmsCore GsfProxy FakeStore" >> packages.mk; fi; #Include microG
|
||||
if [ "$DOS_HOSTS_BLOCKING" = false ]; then echo "PRODUCT_PACKAGES += $DOS_HOSTS_BLOCKING_APP" >> packages.mk; fi; #Include blocker app
|
||||
echo "PRODUCT_PACKAGES += vendor.lineage.trust@1.0-service" >> packages.mk; #Add deny usb service, all of our kernels have the necessary patch
|
||||
fi;
|
||||
#
|
||||
|
@ -54,7 +54,6 @@ buildAll() {
|
||||
umask 0022;
|
||||
cd "$DOS_BUILD_BASE";
|
||||
if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanWorkspaceForMalware; fi;
|
||||
if [ "$DOS_OPTIMIZE_IMAGES" = true ]; then optimizeImagesRecursive "$DOS_BUILD_BASE"; fi;
|
||||
#SD410
|
||||
buildDevice crackling;
|
||||
buildDevice harpia;
|
||||
|
@ -131,7 +131,6 @@ awk -i inplace '!/deletePackage/' pico/src/com/svox/pico/LangPackUninstaller.jav
|
||||
fi;
|
||||
|
||||
if enterAndClear "frameworks/base"; then
|
||||
#applyPatch "$DOS_PATCHES/android_frameworks_base/0006-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch"; #Allow SystemUI to directly manage Bluetooth/WiFi (GrapheneOS)
|
||||
@ -173,8 +172,6 @@ fi;
|
||||
if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0018-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS)
|
||||
if [ "$DOS_GRAPHENE_RANDOM_MAC" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0019-Random_MAC.patch"; fi; #Add option of always randomizing MAC addresses (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0006-Do-not-throw-in-setAppOnInterfaceLocked.patch"; #Fix random reboots on broken kernels when an app has data restricted XXX: ugly
|
||||
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0002-Signature_Spoofing.patch"; fi; #Allow packages to spoof their signature (microG)
|
||||
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0003-Harden_Sig_Spoofing.patch"; fi; #Restrict signature spoofing to system apps signed with the platform key
|
||||
sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox internal logging service
|
||||
sed -i 's/DEFAULT_MAX_FILES_LOWRAM = 300;/DEFAULT_MAX_FILES_LOWRAM = 0;/' services/core/java/com/android/server/DropBoxManagerService.java;
|
||||
sed -i 's/(notif.needNotify)/(true)/' location/java/com/android/internal/location/GpsNetInitiatedHandler.java; #Notify the user if their location is requested via SUPL
|
||||
@ -307,7 +304,6 @@ applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0010-Random_MAC-2.patch"
|
||||
fi;
|
||||
sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase max password length (GrapheneOS)
|
||||
sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service
|
||||
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/backup/PrivacySettingsUtils.java; fi; #microG doesn't support Backup, hide the options
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/apps/SetupWizard"; then
|
||||
@ -401,7 +397,6 @@ awk -i inplace '!/def_backup_transport/' overlay/common/frameworks/base/packages
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then awk -i inplace '!/AudioFX/' config/*.mk; fi; #Remove AudioFX
|
||||
if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then sed -i '/Google provider/!b;n;s/com.google.android.gms/org.microg.nlp/' overlay/common/frameworks/base/core/res/res/values/config.xml; fi; #Adjust the fused providers
|
||||
sed -i 's/LINEAGE_BUILDTYPE := UNOFFICIAL/LINEAGE_BUILDTYPE := dos/' config/*.mk; #Change buildtype
|
||||
if [ "$DOS_NON_COMMERCIAL_USE_PATCHES" = true ]; then sed -i 's/LINEAGE_BUILDTYPE := dos/LINEAGE_BUILDTYPE := dosNC/' config/*.mk; fi;
|
||||
echo 'include vendor/divested/divestos.mk' >> config/common.mk; #Include our customizations
|
||||
cp -f "$DOS_PATCHES_COMMON/apns-conf.xml" prebuilt/common/etc/apns-conf.xml; #Update APN list
|
||||
if [ "$DOS_SILENCE_INCLUDED" = true ]; then sed -i 's/messaging/Silence/' config/telephony.mk; fi; #Replace the Messaging app with Silence
|
||||
@ -413,8 +408,6 @@ fi;
|
||||
if enter "vendor/divested"; then
|
||||
if [ "$DOS_MICROG_INCLUDED" != "NONE" ]; then echo "PRODUCT_PACKAGES += DejaVuNlpBackend IchnaeaNlpBackend NominatimNlpBackend" >> packages.mk; fi; #Include UnifiedNlp backends
|
||||
if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then echo "PRODUCT_PACKAGES += UnifiedNLP" >> packages.mk; fi; #Include UnifiedNlp
|
||||
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then echo "PRODUCT_PACKAGES += GmsCore GsfProxy FakeStore" >> packages.mk; fi; #Include microG
|
||||
if [ "$DOS_HOSTS_BLOCKING" = false ]; then echo "PRODUCT_PACKAGES += $DOS_HOSTS_BLOCKING_APP" >> packages.mk; fi; #Include blocker app
|
||||
echo "PRODUCT_PACKAGES += vendor.lineage.trust@1.0-service" >> packages.mk; #Add deny usb service, all of our kernels have the necessary patch
|
||||
fi;
|
||||
#
|
||||
|
@ -54,7 +54,6 @@ buildAll() {
|
||||
umask 0022;
|
||||
cd "$DOS_BUILD_BASE";
|
||||
if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanWorkspaceForMalware; fi;
|
||||
if [ "$DOS_OPTIMIZE_IMAGES" = true ]; then optimizeImagesRecursive "$DOS_BUILD_BASE"; fi;
|
||||
#SDS4P
|
||||
buildDevice flox && rm device/asus/flox/sensors/Android.bp;
|
||||
buildDevice mako;
|
||||
|
@ -122,7 +122,6 @@ fi;
|
||||
fi;
|
||||
|
||||
if enterAndClear "frameworks/base"; then
|
||||
#applyPatch "$DOS_PATCHES/android_frameworks_base/0006-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch"; #Allow SystemUI to directly manage Bluetooth/WiFi (GrapheneOS)
|
||||
@ -164,8 +163,6 @@ sed -i 's/sys.spawn.exec/persist.security.exec_spawn/' core/java/com/android/int
|
||||
fi;
|
||||
if [ "$DOS_GRAPHENE_RANDOM_MAC" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0019-Random_MAC.patch"; fi; #Add option of always randomizing MAC addresses (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0006-Do-not-throw-in-setAppOnInterfaceLocked.patch"; #Fix random reboots on broken kernels when an app has data restricted XXX: ugly
|
||||
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0002-Signature_Spoofing.patch"; fi; #Allow packages to spoof their signature (microG)
|
||||
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0003-Harden_Sig_Spoofing.patch"; fi; #Restrict signature spoofing to system apps signed with the platform key
|
||||
hardenLocationConf services/core/java/com/android/server/location/gps_debug.conf; #Harden the default GPS config
|
||||
changeDefaultDNS; #Change the default DNS servers
|
||||
sed -i 's/DEFAULT_USE_COMPACTION = false;/DEFAULT_USE_COMPACTION = true;/' services/core/java/com/android/server/am/CachedAppOptimizer.java; #Enable app compaction by default (GrapheneOS)
|
||||
@ -288,7 +285,6 @@ if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_pa
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/apps/PermissionController"; then
|
||||
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_packages_apps_PermissionController/0001-Signature_Spoofing.patch"; fi; #Allow packages to spoof their signature (microG)
|
||||
if [ "$DOS_GRAPHENE_NETWORK_PERM" = true ]; then
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_PermissionController/0002-Network_Permission-1.patch"; #Expose the NETWORK permission (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_PermissionController/0002-Network_Permission-2.patch";
|
||||
@ -316,7 +312,6 @@ applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0011-Random_MAC-2.patch"
|
||||
fi;
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0009-Install_Restrictions.patch"; #UserManager app installation restrictions (GrapheneOS)
|
||||
sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service
|
||||
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/backup/PrivacySettingsUtils.java; fi; #microG doesn't support Backup, hide the options
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/apps/SetupWizard"; then
|
||||
@ -412,7 +407,6 @@ awk -i inplace '!/def_backup_transport/' overlay/common/frameworks/base/packages
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then sed -i '25d' config/common_mobile.mk && awk -i inplace '!/AudioFX/' config/*.mk; fi; #Remove AudioFX
|
||||
if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then sed -i '/Google provider/!b;n;s/com.google.android.gms/org.microg.nlp/' overlay/common/frameworks/base/core/res/res/values/config.xml; fi; #Adjust the fused providers
|
||||
sed -i 's/LINEAGE_BUILDTYPE := UNOFFICIAL/LINEAGE_BUILDTYPE := dos/' config/*.mk; #Change buildtype
|
||||
if [ "$DOS_NON_COMMERCIAL_USE_PATCHES" = true ]; then sed -i 's/LINEAGE_BUILDTYPE := dos/LINEAGE_BUILDTYPE := dosNC/' config/*.mk; fi;
|
||||
echo 'include vendor/divested/divestos.mk' >> config/common.mk; #Include our customizations
|
||||
cp -f "$DOS_PATCHES_COMMON/apns-conf.xml" prebuilt/common/etc/apns-conf.xml; #Update APN list
|
||||
if [ "$DOS_SILENCE_INCLUDED" = true ]; then sed -i 's/messaging/Silence/' config/telephony.mk; fi; #Replace the Messaging app with Silence
|
||||
@ -425,8 +419,6 @@ if enter "vendor/divested"; then
|
||||
awk -i inplace '!/_lookup/' overlay/common/lineage-sdk/packages/LineageSettingsProvider/res/values/defaults.xml; #Remove all lookup provider overrides
|
||||
if [ "$DOS_MICROG_INCLUDED" != "NONE" ]; then echo "PRODUCT_PACKAGES += DejaVuNlpBackend IchnaeaNlpBackend NominatimNlpBackend" >> packages.mk; fi; #Include UnifiedNlp backends
|
||||
if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then echo "PRODUCT_PACKAGES += UnifiedNLP" >> packages.mk; fi; #Include UnifiedNlp
|
||||
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then echo "PRODUCT_PACKAGES += GmsCore GsfProxy FakeStore" >> packages.mk; fi; #Include microG
|
||||
if [ "$DOS_HOSTS_BLOCKING" = false ]; then echo "PRODUCT_PACKAGES += $DOS_HOSTS_BLOCKING_APP" >> packages.mk; fi; #Include blocker app
|
||||
echo "PRODUCT_PACKAGES += vendor.lineage.trust@1.0-service" >> packages.mk; #Add deny usb service, all of our kernels have the necessary patch
|
||||
echo "PRODUCT_PACKAGES += eSpeakNG" >> packages.mk; #PicoTTS needs work to compile on 18.1, use eSpeak-NG instead
|
||||
fi;
|
||||
@ -558,7 +550,6 @@ find "hardware/qcom/gps" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4
|
||||
find "device" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
|
||||
find "vendor" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
|
||||
find "device" -type d -name "overlay" -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationFWB "{}"';
|
||||
#find "device" -name "WCNSS_qcom_cfg.\ini" -type f -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'extremeWiFiDeepSleep "{}"';
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_IMS" = "false" ]; then find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'volteOverride "{}"'; fi;
|
||||
find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'enableDexPreOpt "{}"';
|
||||
find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'hardenUserdata "{}"';
|
||||
|
@ -54,7 +54,6 @@ buildAll() {
|
||||
umask 0022;
|
||||
cd "$DOS_BUILD_BASE";
|
||||
if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanWorkspaceForMalware; fi;
|
||||
if [ "$DOS_OPTIMIZE_IMAGES" = true ]; then optimizeImagesRecursive "$DOS_BUILD_BASE"; fi;
|
||||
#SD630
|
||||
buildDevice pioneer;
|
||||
buildDevice voyager;
|
||||
@ -66,7 +65,7 @@ buildAll() {
|
||||
buildDevice pro1 avb;
|
||||
buildDevice crosshatch avb;
|
||||
buildDevice blueline avb;
|
||||
buildDevice enchilada avb; #TODO: update kernel to 4.9.282 like 18.1
|
||||
buildDevice enchilada avb;
|
||||
buildDevice fajita avb;
|
||||
#SD730
|
||||
buildDevice sunfish avb;
|
||||
|
@ -116,7 +116,6 @@ fi;
|
||||
fi;
|
||||
|
||||
if enterAndClear "frameworks/base"; then
|
||||
#applyPatch "$DOS_PATCHES/android_frameworks_base/0006-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries #XXX 19REBASE
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch"; #Allow SystemUI to directly manage Bluetooth/WiFi (GrapheneOS) #XXX 19REBASE: maybe not needed
|
||||
@ -363,7 +362,6 @@ awk -i inplace '!/def_backup_transport/' overlay/common/frameworks/base/packages
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then sed -i '20d' config/common_mobile.mk && awk -i inplace '!/AudioFX/' config/*.mk; fi; #Remove AudioFX
|
||||
if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then sed -i '/Google provider/!b;n;s/com.google.android.gms/org.microg.nlp/' overlay/common/frameworks/base/core/res/res/values/config.xml; fi; #Adjust the fused providers
|
||||
sed -i 's/LINEAGE_BUILDTYPE := UNOFFICIAL/LINEAGE_BUILDTYPE := dos/' config/*.mk; #Change buildtype
|
||||
if [ "$DOS_NON_COMMERCIAL_USE_PATCHES" = true ]; then sed -i 's/LINEAGE_BUILDTYPE := dos/LINEAGE_BUILDTYPE := dosNC/' config/*.mk; fi;
|
||||
echo 'include vendor/divested/divestos.mk' >> config/common.mk; #Include our customizations
|
||||
cp -f "$DOS_PATCHES_COMMON/apns-conf.xml" prebuilt/common/etc/apns-conf.xml; #Update APN list
|
||||
awk -i inplace '!/Eleven/' config/common_mobile.mk; #Remove Music Player
|
||||
@ -373,7 +371,6 @@ if enter "vendor/divested"; then
|
||||
awk -i inplace '!/_lookup/' overlay/common/lineage-sdk/packages/LineageSettingsProvider/res/values/defaults.xml; #Remove all lookup provider overrides
|
||||
if [ "$DOS_MICROG_INCLUDED" != "NONE" ]; then echo "PRODUCT_PACKAGES += DejaVuNlpBackend IchnaeaNlpBackend NominatimNlpBackend" >> packages.mk; fi; #Include UnifiedNlp backends
|
||||
if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then echo "PRODUCT_PACKAGES += UnifiedNLP" >> packages.mk; fi; #Include UnifiedNlp
|
||||
if [ "$DOS_HOSTS_BLOCKING" = false ]; then echo "PRODUCT_PACKAGES += $DOS_HOSTS_BLOCKING_APP" >> packages.mk; fi; #Include blocker app
|
||||
#echo "PRODUCT_PACKAGES += vendor.lineage.trust@1.0-service" >> packages.mk; #Add deny usb service, all of our kernels have the necessary patch #XXX 19REBASE: is this necessary?
|
||||
echo "PRODUCT_PACKAGES += eSpeakNG" >> packages.mk; #PicoTTS needs work to compile on 18.1, use eSpeak-NG instead
|
||||
awk -i inplace '!/F-DroidPrivilegedExtensionOfficial/' packages.mk; #Appears to be broken
|
||||
@ -409,7 +406,6 @@ find "hardware/qcom/gps" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4
|
||||
find "device" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
|
||||
find "vendor" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
|
||||
find "device" -type d -name "overlay" -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationFWB "{}"';
|
||||
#find "device" -name "WCNSS_qcom_cfg.\ini" -type f -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'extremeWiFiDeepSleep "{}"';
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_IMS" = "false" ]; then find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'volteOverride "{}"'; fi;
|
||||
find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'enableDexPreOpt "{}"';
|
||||
find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'hardenUserdata "{}"';
|
||||
|
@ -66,12 +66,9 @@ export DOS_GRAPHENE_NETWORK_PERM=true; #Enables use of GrapheneOS' NETWORK permi
|
||||
export DOS_GRAPHENE_RANDOM_MAC=true; #Enables the GrapheneOS always randomize Wi-Fi MAC patchset on 17.1+18.1+19.1
|
||||
export DOS_TIMEOUTS=true; #Enables the GrapheneOS/CalyxOS patchset for automatic timeouts of reboot/Wi-Fi/Bluetooth on 17.1+18.1+19.1
|
||||
export DOS_HOSTS_BLOCKING=true; #Set false to prevent inclusion of a HOSTS file
|
||||
export DOS_HOSTS_BLOCKING_APP="DNS66"; #App installed when built-in blocking is disabled. Options: DNS66
|
||||
export DOS_HOSTS_BLOCKING_LIST="https://divested.dev/hosts-wildcards"; #Must be in the format "127.0.0.1 bad.domain.tld"
|
||||
export DOS_LOWRAM_ENABLED=false; #Set true to enable low_ram on all devices
|
||||
export DOS_MICROG_INCLUDED="NLP"; #Determines inclusion of microG. Options: NONE, NLP, FULL
|
||||
export DOS_NON_COMMERCIAL_USE_PATCHES=false; #Set true to allow inclusion of non-commercial use patches XXX: Unused, see 1dc9247
|
||||
export DOS_OPTIMIZE_IMAGES=false; #Set true to apply lossless optimizations to image resources
|
||||
export DOS_MICROG_INCLUDED="NLP"; #Determines inclusion of microG. Options: NONE, NLP, FULL (removed)
|
||||
export DOS_SILENCE_INCLUDED=true; #Set false to disable inclusion of Silence SMS app
|
||||
export DOS_SENSORS_PERM=false; #Set true to provide a per-app sensors permission for 14.1/15.1/16.0 #XXX: can break things like camera
|
||||
export DOS_SENSORS_PERM_NEW=true; #For 17.1+18.1
|
||||
|
Loading…
Reference in New Issue
Block a user