Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
Tad 2022-04-07 00:37:20 -04:00
parent 258fe8389b
commit a9e250afd9
35 changed files with 3 additions and 1340 deletions

View File

@ -8,8 +8,6 @@ PRODUCT_PACKAGES += \
EtarPrebuilt \
FennecDOS \
SimpleGallery
# FairEmail \
# VanillaMusic
ifeq ($(findstring flox,$(TARGET_PRODUCT)),)
PRODUCT_PACKAGES += \

View File

@ -1,97 +0,0 @@
From 44cda6f5e47c33e91980ae35c8bc6d88e4d3763c Mon Sep 17 00:00:00 2001
From: be-neth <bmauduit@beneth.fr>
Date: Thu, 24 Nov 2016 13:01:30 -0500
Subject: [PATCH] Allow packages to spoof their signature
Change-Id: I9acf48c7607804890d0d0fa7fe30bb36779cb40d
---
core/res/AndroidManifest.xml | 7 +++++++
core/res/res/values/config.xml | 2 ++
core/res/res/values/strings.xml | 5 +++++
.../android/server/pm/PackageManagerService.java | 23 ++++++++++++++++++++--
4 files changed, 35 insertions(+), 2 deletions(-)
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index b624305..43eec1f 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -1926,6 +1926,13 @@
android:description="@string/permdesc_getPackageSize"
android:protectionLevel="normal" />
+ <!-- @hide Allows an application to change the package signature as
+ seen by applications -->
+ <permission android:name="android.permission.FAKE_PACKAGE_SIGNATURE"
+ android:protectionLevel="dangerous"
+ android:label="@string/permlab_fakePackageSignature"
+ android:description="@string/permdesc_fakePackageSignature" />
+
<!-- @deprecated No longer useful, see
{@link android.content.pm.PackageManager#addPackageToPreferred}
for details. -->
diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml
index 4a95f6e..702e02a 100644
--- a/core/res/res/values/config.xml
+++ b/core/res/res/values/config.xml
@@ -1383,6 +1383,8 @@
<string-array name="config_locationProviderPackageNames" translatable="false">
<!-- The standard AOSP fused location provider -->
<item>com.android.location.fused</item>
+ <!-- The (faked) microg fused location provider -->
+ <item>com.google.android.gms</item>
</string-array>
<!-- This string array can be overriden to enable test location providers initially. -->
diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
index 345d377..26814f1 100644
--- a/core/res/res/values/strings.xml
+++ b/core/res/res/values/strings.xml
@@ -660,6 +660,11 @@
<!-- Permissions -->
+ <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
+ <string name="permlab_fakePackageSignature">Spoof package signature</string>
+ <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
+ <string name="permdesc_fakePackageSignature">Allows the app to pretend to be a different app. Malicious applications might be able to use this to access private application data. Grant this permission with caution only!</string>
+
<!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
<string name="permlab_statusBar">disable or modify status bar</string>
<!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index d450288..9194e69 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -3141,8 +3141,27 @@ public class PackageManagerService extends IPackageManager.Stub {
? Collections.<String>emptySet() : permissionsState.getPermissions(userId);
final PackageUserState state = ps.readUserState(userId);
- return PackageParser.generatePackageInfo(p, gids, flags,
- ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId);
+ return mayFakeSignature(p, PackageParser.generatePackageInfo(p, gids, flags,
+ ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId),
+ permissions);
+ }
+
+ private PackageInfo mayFakeSignature(PackageParser.Package p, PackageInfo pi,
+ Set<String> permissions) {
+ try {
+ if (permissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE")
+ && p.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1
+ && p.mAppMetaData != null) {
+ String sig = p.mAppMetaData.getString("fake-signature");
+ if (sig != null) {
+ pi.signatures = new Signature[] {new Signature(sig)};
+ }
+ }
+ } catch (Throwable t) {
+ // We should never die because of any failures, this is system code!
+ Log.w("PackageManagerService.FAKE_PACKAGE_SIGNATURE", t);
+ }
+ return pi;
}
@Override
--
2.9.3

View File

@ -1,26 +0,0 @@
From 6c9c966622adbfe0ad92ed90d90f93a782c99f02 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Sun, 18 Dec 2016 19:10:20 -0500
Subject: [PATCH] Harden signature spoofing
Change-Id: I31e2a20923fff883c87fa6425408971657d3d7b3
---
core/res/AndroidManifest.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index 486999b..182acbf 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -1937,7 +1937,7 @@
<!-- @hide Allows an application to change the package signature as
seen by applications -->
<permission android:name="android.permission.FAKE_PACKAGE_SIGNATURE"
- android:protectionLevel="dangerous"
+ android:protectionLevel="signature"
android:label="@string/permlab_fakePackageSignature"
android:description="@string/permdesc_fakePackageSignature" />
--
2.9.3

View File

@ -1,29 +0,0 @@
From 0030bc6ef203eb6ffc1300599db1fd48d4a77f78 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Tue, 8 May 2018 20:54:49 -0400
Subject: [PATCH] Change connectivity check URLs to ours
Change-Id: Idd9bfb4a09db763c97d0ea3aabf428176e28d48f
---
.../java/com/android/server/connectivity/NetworkMonitor.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/services/core/java/com/android/server/connectivity/NetworkMonitor.java b/services/core/java/com/android/server/connectivity/NetworkMonitor.java
index 97669d242f0..2a39f90b19b 100644
--- a/services/core/java/com/android/server/connectivity/NetworkMonitor.java
+++ b/services/core/java/com/android/server/connectivity/NetworkMonitor.java
@@ -86,9 +86,9 @@ public class NetworkMonitor extends StateMachine {
// Default configuration values for captive portal detection probes.
// TODO: append a random length parameter to the default HTTPS url.
// TODO: randomize browser version ids in the default User-Agent String.
- private static final String DEFAULT_HTTPS_URL = "https://www.google.com/generate_204";
+ private static final String DEFAULT_HTTPS_URL = "https://divestos.org/gen204.php";
private static final String DEFAULT_HTTP_URL =
- "http://connectivitycheck.gstatic.com/generate_204";
+ "http://divestos.org/gen204.php";
private static final String DEFAULT_FALLBACK_URL = "http://www.google.com/gen_204";
private static final String DEFAULT_USER_AGENT = "Mozilla/5.0 (X11; Linux x86_64) "
+ "AppleWebKit/537.36 (KHTML, like Gecko) "
--
2.17.0

View File

@ -1,78 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Mon, 21 May 2018 04:23:40 -0400
Subject: [PATCH] Disable/reduce functionality of various ad/analytics
libraries
Change-Id: I84303ee26d0232e471f44ae6eff6e41a2210e42e
---
.../android/content/pm/PackageParser.java | 56 +++++++++++++++++++
1 file changed, 56 insertions(+)
diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
index f2e3333b67da..35073ed38d3a 100644
--- a/core/java/android/content/pm/PackageParser.java
+++ b/core/java/android/content/pm/PackageParser.java
@@ -4465,6 +4465,62 @@ public class PackageParser {
if (data == null) {
data = new Bundle();
+ data.putString("acc_advertiser_id", "false");
+ data.putString("acc_no_geoloc", "true");
+ data.putString("acc_tracking_mode", "Restricted");
+ data.putString("android.webkit.WebView.MetricsOptOut", "true");
+ data.putString("AXACollectIp", "false");
+ data.putString("batch_opted_out_by_default", "true");
+ data.putString("CLEVERTAP_BACKGROUND_SYNC", "0");
+ data.putString("CLEVERTAP_USE_GOOGLE_AD_ID", "0");
+ data.putString("com.ad4screen.advertiser_id", "false");
+ data.putString("com.ad4screen.no_geoloc", "true");
+ data.putString("com.ad4screen.tracking_mode", "Restricted");
+ data.putString("com.bugsnag.android.AUTO_CAPTURE_SESSIONS", "false");
+ data.putString("com.bugsnag.android.AUTO_DETECT_ERRORS", "false");
+ data.putString("com.bugsnag.android.AUTO_TRACK_SESSIONS", "false");
+ data.putString("com.bugsnag.android.DETECT_ANR", "false");
+ data.putString("com.bugsnag.android.DETECT_NDK_CRASHES", "false");
+ data.putString("com.bugsnag.android.ENABLE_EXCEPTION_HANDLER", "false");
+ data.putString("com.bugsnag.android.PERSIST_USER_BETWEEN_SESSIONS", "false");
+ data.putString("com.bugsnag.android.PERSIST_USER", "false");
+ data.putString("com.bugsnag.android.SEND_THREADS", "NEVER");
+ data.putString("com.facebook.sdk.AdvertiserIDCollectionEnabled", "false");
+ data.putString("com.facebook.sdk.AutoInitEnabled", "false");
+ data.putString("com.facebook.sdk.AutoLogAppEventsEnabled", "false");
+ data.putString("com.followanalytics.message.inapp.enable", "false");
+ data.putString("com.followanalytics.message.push.enable", "false");
+ data.putString("com.google.android.gms.ads.AD_MANAGER_APP", "false");
+ data.putString("com.google.android.gms.ads.DELAY_APP_MEASUREMENT_INIT", "true");
+ data.putString("com.mapbox.EnableEvents", "false");
+ data.putString("com.microsoft.engagementinsights.autoCapture", "false");
+ data.putString("com.mixpanel.android.MPConfig.AutoCheckForSurveys", "false");
+ data.putString("com.mixpanel.android.MPConfig.AutoShowMixpanelUpdates", "false");
+ data.putString("com.mixpanel.android.MPConfig.DisableAppOpenEvent", "true");
+ data.putString("com.mixpanel.android.MPConfig.DisableDecideChecker", "true");
+ data.putString("com.mixpanel.android.MPConfig.DisableExceptionHandler", "true");
+ data.putString("com.mixpanel.android.MPConfig.DisableFallback", "true");
+ data.putString("com.mixpanel.android.MPConfig.DisableViewCrawler", "true");
+ data.putString("com.mixpanel.android.MPConfig.TestMode", "true");
+ data.putString("com.mixpanel.android.MPConfig.UseIpAddressForGeolocation", "false");
+ data.putString("com.sprooki.LOCATION_SERVICES", "disable");
+ data.putString("com.webengage.sdk.android.location_tracking", "false");
+ data.putString("firebase_analytics_collection_deactivated", "true");
+ data.putString("firebase_analytics_collection_enabled", "false");
+ data.putString("firebase_crash_collection_enabled", "false");
+ data.putString("firebase_crashlytics_collection_enabled", "false");
+ data.putString("firebase_performance_collection_deactivated", "true");
+ data.putString("google_analytics_adid_collection_enabled", "false");
+ data.putString("google_analytics_automatic_screen_reporting_enabled", "false");
+ data.putString("google_analytics_default_allow_ad_personalization_signals", "false");
+ data.putString("google_analytics_ssaid_collection_enabled", "false");
+ data.putString("SMT_USE_AD_ID", "0");
+ data.putString("tapjoy.disable_advertising_id_check", "true");
+ data.putString("tapjoy.disable_android_id_as_analytics_id", "true");
+ data.putString("tapjoy.disable_automatic_session_tracking", "true");
+ data.putString("tapjoy.disable_persistent_ids", "true");
+ data.putString("tapjoy.disable_video_offers", "true");
+ data.putString("tnkad_tracking", "false");
}
String name = sa.getNonConfigurationString(

View File

@ -1,102 +0,0 @@
commit 4e9d677b35b9656c22c922c9abca4107ab95c9b4
Author: Bernhard Rosenkränzer <bero@lindev.ch>
Date: Tue Aug 29 00:34:27 2017 +0200
Add permission to allow an APK to fake a signature.
This is needed by GmsCore (https://microg.org/) to pretend
the existence of the official Play Services to applications calling
Google APIs.
Forward-ported from https://github.com/microg/android_packages_apps_GmsCore/blob/master/patches/android_frameworks_base-N.patch
Change-Id: I603fd09200432f7e1bf997072188cdfa6da1594f
Signed-off-by: Bernhard Rosenkränzer <bero@lindev.ch>
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index 794d4f8b78b..b3189077256 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -2075,6 +2075,13 @@
android:description="@string/permdesc_getPackageSize"
android:protectionLevel="normal" />
+ <!-- @hide Allows an application to change the package signature as
+ seen by applications -->
+ <permission android:name="android.permission.FAKE_PACKAGE_SIGNATURE"
+ android:protectionLevel="dangerous"
+ android:label="@string/permlab_fakePackageSignature"
+ android:description="@string/permdesc_fakePackageSignature" />
+
<!-- @deprecated No longer useful, see
{@link android.content.pm.PackageManager#addPackageToPreferred}
for details. -->
diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml
index 3613acf44aa..d1636c862c5 100644
--- a/core/res/res/values/config.xml
+++ b/core/res/res/values/config.xml
@@ -1385,6 +1385,8 @@
<string-array name="config_locationProviderPackageNames" translatable="false">
<!-- The standard AOSP fused location provider -->
<item>com.android.location.fused</item>
+ <!-- The (faked) microg fused location provider (a free reimplementation) -->
+ <item>com.google.android.gms</item>
</string-array>
<!-- This string array can be overriden to enable test location providers initially. -->
diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
index 3eebe7eb68d..7405386cd49 100644
--- a/core/res/res/values/strings.xml
+++ b/core/res/res/values/strings.xml
@@ -764,6 +764,10 @@
<!-- Permissions -->
+ <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
+ <string name="permlab_fakePackageSignature">Spoof package signature</string>
+ <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
+ <string name="permdesc_fakePackageSignature">Allows the app to pretend to be a different app. Malicious applications might be able to use this to access private application data. Legitimate uses include an emulator pretending to be what it emulates. Grant this permission with caution only!</string>
<!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
<string name="permlab_statusBar">disable or modify status bar</string>
<!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index f36b762c5e9..048a057d39c 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -3571,8 +3571,9 @@ public class PackageManagerService extends IPackageManager.Stub
flags |= MATCH_ANY_USER;
}
- PackageInfo packageInfo = PackageParser.generatePackageInfo(p, gids, flags,
- ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId);
+ PackageInfo packageInfo = mayFakeSignature(p, PackageParser.generatePackageInfo(p, gids, flags,
+ ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId),
+ permissions);
if (packageInfo == null) {
return null;
@@ -3584,6 +3585,24 @@ public class PackageManagerService extends IPackageManager.Stub
return packageInfo;
}
+ private PackageInfo mayFakeSignature(PackageParser.Package p, PackageInfo pi,
+ Set<String> permissions) {
+ try {
+ if (permissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE")
+ && p.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1
+ && p.mAppMetaData != null) {
+ String sig = p.mAppMetaData.getString("fake-signature");
+ if (sig != null) {
+ pi.signatures = new Signature[] {new Signature(sig)};
+ }
+ }
+ } catch (Throwable t) {
+ // We should never die because of any failures, this is system code!
+ Log.w("PackageManagerService.FAKE_PACKAGE_SIGNATURE", t);
+ }
+ return pi;
+ }
+
@Override
public void checkPackageStartable(String packageName, int userId) {
final int callingUid = Binder.getCallingUid();

View File

@ -1,26 +0,0 @@
From c018c699ddaf7f9b76cf9f11cc4dc4308054cc0b Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Mon, 12 Feb 2018 02:55:55 -0500
Subject: [PATCH] Harden signature spoofing
Change-Id: I31e2a20923fff883c87fa6425408971657d3d7b3
---
core/res/AndroidManifest.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index 653caaca2a6..7f547dd07ac 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -2152,7 +2152,7 @@
<!-- @hide Allows an application to change the package signature as
seen by applications -->
<permission android:name="android.permission.FAKE_PACKAGE_SIGNATURE"
- android:protectionLevel="dangerous"
+ android:protectionLevel="signature"
android:label="@string/permlab_fakePackageSignature"
android:description="@string/permdesc_fakePackageSignature" />
--
2.16.1

View File

@ -1,34 +0,0 @@
From 883366830fc3af50d2232fc0b6d885f92c5d53ce Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Tue, 8 May 2018 20:53:07 -0400
Subject: [PATCH] Change connectivity check URLs to ours
Change-Id: Idd9bfb4a09db763c97d0ea3aabf428176e28d48f
---
.../com/android/server/connectivity/NetworkMonitor.java | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/services/core/java/com/android/server/connectivity/NetworkMonitor.java b/services/core/java/com/android/server/connectivity/NetworkMonitor.java
index d3a93542c74..32918aa3cdc 100644
--- a/services/core/java/com/android/server/connectivity/NetworkMonitor.java
+++ b/services/core/java/com/android/server/connectivity/NetworkMonitor.java
@@ -91,12 +91,12 @@ public class NetworkMonitor extends StateMachine {
// Default configuration values for captive portal detection probes.
// TODO: append a random length parameter to the default HTTPS url.
// TODO: randomize browser version ids in the default User-Agent String.
- private static final String DEFAULT_HTTPS_URL = "https://www.google.com/generate_204";
+ private static final String DEFAULT_HTTPS_URL = "https://divestos.org/gen204.php";
private static final String DEFAULT_HTTP_URL =
- "http://connectivitycheck.gstatic.com/generate_204";
- private static final String DEFAULT_FALLBACK_URL = "http://www.google.com/gen_204";
+ "http://divestos.org/gen204.php";
+ private static final String DEFAULT_FALLBACK_URL = "https://www.google.com/generate_204";
private static final String DEFAULT_OTHER_FALLBACK_URLS =
- "http://play.googleapis.com/generate_204";
+ "http://connectivitycheck.gstatic.com/generate_204";
private static final String DEFAULT_USER_AGENT = "Mozilla/5.0 (X11; Linux x86_64) "
+ "AppleWebKit/537.36 (KHTML, like Gecko) "
+ "Chrome/60.0.3112.32 Safari/537.36";
--
2.17.0

View File

@ -1,78 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Mon, 21 May 2018 04:23:40 -0400
Subject: [PATCH] Disable/reduce functionality of various ad/analytics
libraries
Change-Id: I84303ee26d0232e471f44ae6eff6e41a2210e42e
---
.../android/content/pm/PackageParser.java | 56 +++++++++++++++++++
1 file changed, 56 insertions(+)
diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
index 8c66fb227cf9..4421c0ca5115 100644
--- a/core/java/android/content/pm/PackageParser.java
+++ b/core/java/android/content/pm/PackageParser.java
@@ -5524,6 +5524,62 @@ public class PackageParser {
if (data == null) {
data = new Bundle();
+ data.putString("acc_advertiser_id", "false");
+ data.putString("acc_no_geoloc", "true");
+ data.putString("acc_tracking_mode", "Restricted");
+ data.putString("android.webkit.WebView.MetricsOptOut", "true");
+ data.putString("AXACollectIp", "false");
+ data.putString("batch_opted_out_by_default", "true");
+ data.putString("CLEVERTAP_BACKGROUND_SYNC", "0");
+ data.putString("CLEVERTAP_USE_GOOGLE_AD_ID", "0");
+ data.putString("com.ad4screen.advertiser_id", "false");
+ data.putString("com.ad4screen.no_geoloc", "true");
+ data.putString("com.ad4screen.tracking_mode", "Restricted");
+ data.putString("com.bugsnag.android.AUTO_CAPTURE_SESSIONS", "false");
+ data.putString("com.bugsnag.android.AUTO_DETECT_ERRORS", "false");
+ data.putString("com.bugsnag.android.AUTO_TRACK_SESSIONS", "false");
+ data.putString("com.bugsnag.android.DETECT_ANR", "false");
+ data.putString("com.bugsnag.android.DETECT_NDK_CRASHES", "false");
+ data.putString("com.bugsnag.android.ENABLE_EXCEPTION_HANDLER", "false");
+ data.putString("com.bugsnag.android.PERSIST_USER_BETWEEN_SESSIONS", "false");
+ data.putString("com.bugsnag.android.PERSIST_USER", "false");
+ data.putString("com.bugsnag.android.SEND_THREADS", "NEVER");
+ data.putString("com.facebook.sdk.AdvertiserIDCollectionEnabled", "false");
+ data.putString("com.facebook.sdk.AutoInitEnabled", "false");
+ data.putString("com.facebook.sdk.AutoLogAppEventsEnabled", "false");
+ data.putString("com.followanalytics.message.inapp.enable", "false");
+ data.putString("com.followanalytics.message.push.enable", "false");
+ data.putString("com.google.android.gms.ads.AD_MANAGER_APP", "false");
+ data.putString("com.google.android.gms.ads.DELAY_APP_MEASUREMENT_INIT", "true");
+ data.putString("com.mapbox.EnableEvents", "false");
+ data.putString("com.microsoft.engagementinsights.autoCapture", "false");
+ data.putString("com.mixpanel.android.MPConfig.AutoCheckForSurveys", "false");
+ data.putString("com.mixpanel.android.MPConfig.AutoShowMixpanelUpdates", "false");
+ data.putString("com.mixpanel.android.MPConfig.DisableAppOpenEvent", "true");
+ data.putString("com.mixpanel.android.MPConfig.DisableDecideChecker", "true");
+ data.putString("com.mixpanel.android.MPConfig.DisableExceptionHandler", "true");
+ data.putString("com.mixpanel.android.MPConfig.DisableFallback", "true");
+ data.putString("com.mixpanel.android.MPConfig.DisableViewCrawler", "true");
+ data.putString("com.mixpanel.android.MPConfig.TestMode", "true");
+ data.putString("com.mixpanel.android.MPConfig.UseIpAddressForGeolocation", "false");
+ data.putString("com.sprooki.LOCATION_SERVICES", "disable");
+ data.putString("com.webengage.sdk.android.location_tracking", "false");
+ data.putString("firebase_analytics_collection_deactivated", "true");
+ data.putString("firebase_analytics_collection_enabled", "false");
+ data.putString("firebase_crash_collection_enabled", "false");
+ data.putString("firebase_crashlytics_collection_enabled", "false");
+ data.putString("firebase_performance_collection_deactivated", "true");
+ data.putString("google_analytics_adid_collection_enabled", "false");
+ data.putString("google_analytics_automatic_screen_reporting_enabled", "false");
+ data.putString("google_analytics_default_allow_ad_personalization_signals", "false");
+ data.putString("google_analytics_ssaid_collection_enabled", "false");
+ data.putString("SMT_USE_AD_ID", "0");
+ data.putString("tapjoy.disable_advertising_id_check", "true");
+ data.putString("tapjoy.disable_android_id_as_analytics_id", "true");
+ data.putString("tapjoy.disable_automatic_session_tracking", "true");
+ data.putString("tapjoy.disable_persistent_ids", "true");
+ data.putString("tapjoy.disable_video_offers", "true");
+ data.putString("tnkad_tracking", "false");
}
String name = sa.getNonConfigurationString(

View File

@ -1,113 +0,0 @@
From 37658734891a14991c74563d9d86e5430d7ce672 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bernhard=20Rosenkr=C3=A4nzer?= <bero@lindev.ch>
Date: Mon, 4 Mar 2019 03:26:03 -0500
Subject: [PATCH] Add permission to allow an APK to fake a signature.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This is needed by GmsCore (https://microg.org/) to pretend
the existence of the official Play Services to applications calling
Google APIs.
Forward-ported from https://github.com/microg/android_packages_apps_GmsCore/blob/master/patches/android_frameworks_base-N.patch
Change-Id: I603fd09200432f7e1bf997072188cdfa6da1594f
Signed-off-by: Bernhard Rosenkränzer <bero@lindev.ch>
---
core/res/AndroidManifest.xml | 7 ++++++
core/res/res/values/config.xml | 2 ++
core/res/res/values/strings.xml | 4 ++++
.../server/pm/PackageManagerService.java | 23 +++++++++++++++++--
4 files changed, 34 insertions(+), 2 deletions(-)
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index 34d26f0da90..08f95ec1fdf 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -2357,6 +2357,13 @@
android:description="@string/permdesc_getPackageSize"
android:protectionLevel="normal" />
+ <!-- @hide Allows an application to change the package signature as
+ seen by applications -->
+ <permission android:name="android.permission.FAKE_PACKAGE_SIGNATURE"
+ android:protectionLevel="dangerous"
+ android:label="@string/permlab_fakePackageSignature"
+ android:description="@string/permdesc_fakePackageSignature" />
+
<!-- @deprecated No longer useful, see
{@link android.content.pm.PackageManager#addPackageToPreferred}
for details. -->
diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml
index cf9bd122baf..2047c336acd 100644
--- a/core/res/res/values/config.xml
+++ b/core/res/res/values/config.xml
@@ -1682,6 +1682,8 @@
<string-array name="config_locationProviderPackageNames" translatable="false">
<!-- The standard AOSP fused location provider -->
<item>com.android.location.fused</item>
+ <!-- The (faked) microg fused location provider (a free reimplementation) -->
+ <item>com.google.android.gms</item>
</string-array>
<!-- This string array can be overriden to enable test location providers initially. -->
diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
index f6600462ea7..bad13100a79 100644
--- a/core/res/res/values/strings.xml
+++ b/core/res/res/values/strings.xml
@@ -785,6 +785,10 @@
<!-- Permissions -->
+ <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
+ <string name="permlab_fakePackageSignature">Spoof package signature</string>
+ <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
+ <string name="permdesc_fakePackageSignature">Allows the app to pretend to be a different app. Malicious applications might be able to use this to access private application data. Legitimate uses include an emulator pretending to be what it emulates. Grant this permission with caution only!</string>
<!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
<string name="permlab_statusBar">disable or modify status bar</string>
<!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 9b50a1545a5..58dc3fe926f 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -4001,8 +4001,9 @@ public class PackageManagerService extends IPackageManager.Stub
final Set<String> permissions = ArrayUtils.isEmpty(p.requestedPermissions)
? Collections.<String>emptySet() : permissionsState.getPermissions(userId);
- PackageInfo packageInfo = PackageParser.generatePackageInfo(p, gids, flags,
- ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId);
+ PackageInfo packageInfo = mayFakeSignature(p, PackageParser.generatePackageInfo(p, gids, flags,
+ ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId),
+ permissions);
if (packageInfo == null) {
return null;
@@ -4038,6 +4039,24 @@ public class PackageManagerService extends IPackageManager.Stub
}
}
+ private PackageInfo mayFakeSignature(PackageParser.Package p, PackageInfo pi,
+ Set<String> permissions) {
+ try {
+ if (permissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE")
+ && p.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1
+ && p.mAppMetaData != null) {
+ String sig = p.mAppMetaData.getString("fake-signature");
+ if (sig != null) {
+ pi.signatures = new Signature[] {new Signature(sig)};
+ }
+ }
+ } catch (Throwable t) {
+ // We should never die because of any failures, this is system code!
+ Log.w("PackageManagerService.FAKE_PACKAGE_SIGNATURE", t);
+ }
+ return pi;
+ }
+
@Override
public void checkPackageStartable(String packageName, int userId) {
final int callingUid = Binder.getCallingUid();
--
2.20.1

View File

@ -1,26 +0,0 @@
From c018c699ddaf7f9b76cf9f11cc4dc4308054cc0b Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Mon, 12 Feb 2018 02:55:55 -0500
Subject: [PATCH] Harden signature spoofing
Change-Id: I31e2a20923fff883c87fa6425408971657d3d7b3
---
core/res/AndroidManifest.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index 653caaca2a6..7f547dd07ac 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -2152,7 +2152,7 @@
<!-- @hide Allows an application to change the package signature as
seen by applications -->
<permission android:name="android.permission.FAKE_PACKAGE_SIGNATURE"
- android:protectionLevel="dangerous"
+ android:protectionLevel="signature"
android:label="@string/permlab_fakePackageSignature"
android:description="@string/permdesc_fakePackageSignature" />
--
2.16.1

View File

@ -1,34 +0,0 @@
From 883366830fc3af50d2232fc0b6d885f92c5d53ce Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Tue, 8 May 2018 20:53:07 -0400
Subject: [PATCH] Change connectivity check URLs to ours
Change-Id: Idd9bfb4a09db763c97d0ea3aabf428176e28d48f
---
.../com/android/server/connectivity/NetworkMonitor.java | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/services/core/java/com/android/server/connectivity/NetworkMonitor.java b/services/core/java/com/android/server/connectivity/NetworkMonitor.java
index d3a93542c74..32918aa3cdc 100644
--- a/services/core/java/com/android/server/connectivity/NetworkMonitor.java
+++ b/services/core/java/com/android/server/connectivity/NetworkMonitor.java
@@ -91,12 +91,12 @@ public class NetworkMonitor extends StateMachine {
// Default configuration values for captive portal detection probes.
// TODO: append a random length parameter to the default HTTPS url.
// TODO: randomize browser version ids in the default User-Agent String.
- private static final String DEFAULT_HTTPS_URL = "https://www.google.com/generate_204";
+ private static final String DEFAULT_HTTPS_URL = "https://divestos.org/gen204.php";
private static final String DEFAULT_HTTP_URL =
- "http://connectivitycheck.gstatic.com/generate_204";
- private static final String DEFAULT_FALLBACK_URL = "http://www.google.com/gen_204";
+ "http://divestos.org/gen204.php";
+ private static final String DEFAULT_FALLBACK_URL = "https://www.google.com/generate_204";
private static final String DEFAULT_OTHER_FALLBACK_URLS =
- "http://play.googleapis.com/generate_204";
+ "http://connectivitycheck.gstatic.com/generate_204";
private static final String DEFAULT_USER_AGENT = "Mozilla/5.0 (X11; Linux x86_64) "
+ "AppleWebKit/537.36 (KHTML, like Gecko) "
+ "Chrome/60.0.3112.32 Safari/537.36";
--
2.17.0

View File

@ -1,78 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Mon, 21 May 2018 04:23:40 -0400
Subject: [PATCH] Disable/reduce functionality of various ad/analytics
libraries
Change-Id: I84303ee26d0232e471f44ae6eff6e41a2210e42e
---
.../android/content/pm/PackageParser.java | 56 +++++++++++++++++++
1 file changed, 56 insertions(+)
diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
index e0c2d2dc6dde..405291d46f58 100644
--- a/core/java/android/content/pm/PackageParser.java
+++ b/core/java/android/content/pm/PackageParser.java
@@ -5327,6 +5327,62 @@ public class PackageParser {
if (data == null) {
data = new Bundle();
+ data.putString("acc_advertiser_id", "false");
+ data.putString("acc_no_geoloc", "true");
+ data.putString("acc_tracking_mode", "Restricted");
+ data.putString("android.webkit.WebView.MetricsOptOut", "true");
+ data.putString("AXACollectIp", "false");
+ data.putString("batch_opted_out_by_default", "true");
+ data.putString("CLEVERTAP_BACKGROUND_SYNC", "0");
+ data.putString("CLEVERTAP_USE_GOOGLE_AD_ID", "0");
+ data.putString("com.ad4screen.advertiser_id", "false");
+ data.putString("com.ad4screen.no_geoloc", "true");
+ data.putString("com.ad4screen.tracking_mode", "Restricted");
+ data.putString("com.bugsnag.android.AUTO_CAPTURE_SESSIONS", "false");
+ data.putString("com.bugsnag.android.AUTO_DETECT_ERRORS", "false");
+ data.putString("com.bugsnag.android.AUTO_TRACK_SESSIONS", "false");
+ data.putString("com.bugsnag.android.DETECT_ANR", "false");
+ data.putString("com.bugsnag.android.DETECT_NDK_CRASHES", "false");
+ data.putString("com.bugsnag.android.ENABLE_EXCEPTION_HANDLER", "false");
+ data.putString("com.bugsnag.android.PERSIST_USER_BETWEEN_SESSIONS", "false");
+ data.putString("com.bugsnag.android.PERSIST_USER", "false");
+ data.putString("com.bugsnag.android.SEND_THREADS", "NEVER");
+ data.putString("com.facebook.sdk.AdvertiserIDCollectionEnabled", "false");
+ data.putString("com.facebook.sdk.AutoInitEnabled", "false");
+ data.putString("com.facebook.sdk.AutoLogAppEventsEnabled", "false");
+ data.putString("com.followanalytics.message.inapp.enable", "false");
+ data.putString("com.followanalytics.message.push.enable", "false");
+ data.putString("com.google.android.gms.ads.AD_MANAGER_APP", "false");
+ data.putString("com.google.android.gms.ads.DELAY_APP_MEASUREMENT_INIT", "true");
+ data.putString("com.mapbox.EnableEvents", "false");
+ data.putString("com.microsoft.engagementinsights.autoCapture", "false");
+ data.putString("com.mixpanel.android.MPConfig.AutoCheckForSurveys", "false");
+ data.putString("com.mixpanel.android.MPConfig.AutoShowMixpanelUpdates", "false");
+ data.putString("com.mixpanel.android.MPConfig.DisableAppOpenEvent", "true");
+ data.putString("com.mixpanel.android.MPConfig.DisableDecideChecker", "true");
+ data.putString("com.mixpanel.android.MPConfig.DisableExceptionHandler", "true");
+ data.putString("com.mixpanel.android.MPConfig.DisableFallback", "true");
+ data.putString("com.mixpanel.android.MPConfig.DisableViewCrawler", "true");
+ data.putString("com.mixpanel.android.MPConfig.TestMode", "true");
+ data.putString("com.mixpanel.android.MPConfig.UseIpAddressForGeolocation", "false");
+ data.putString("com.sprooki.LOCATION_SERVICES", "disable");
+ data.putString("com.webengage.sdk.android.location_tracking", "false");
+ data.putString("firebase_analytics_collection_deactivated", "true");
+ data.putString("firebase_analytics_collection_enabled", "false");
+ data.putString("firebase_crash_collection_enabled", "false");
+ data.putString("firebase_crashlytics_collection_enabled", "false");
+ data.putString("firebase_performance_collection_deactivated", "true");
+ data.putString("google_analytics_adid_collection_enabled", "false");
+ data.putString("google_analytics_automatic_screen_reporting_enabled", "false");
+ data.putString("google_analytics_default_allow_ad_personalization_signals", "false");
+ data.putString("google_analytics_ssaid_collection_enabled", "false");
+ data.putString("SMT_USE_AD_ID", "0");
+ data.putString("tapjoy.disable_advertising_id_check", "true");
+ data.putString("tapjoy.disable_android_id_as_analytics_id", "true");
+ data.putString("tapjoy.disable_automatic_session_tracking", "true");
+ data.putString("tapjoy.disable_persistent_ids", "true");
+ data.putString("tapjoy.disable_video_offers", "true");
+ data.putString("tnkad_tracking", "false");
}
String name = sa.getNonConfigurationString(

View File

@ -1,113 +0,0 @@
From 37658734891a14991c74563d9d86e5430d7ce672 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bernhard=20Rosenkr=C3=A4nzer?= <bero@lindev.ch>
Date: Mon, 4 Mar 2019 03:26:03 -0500
Subject: [PATCH] Add permission to allow an APK to fake a signature.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This is needed by GmsCore (https://microg.org/) to pretend
the existence of the official Play Services to applications calling
Google APIs.
Forward-ported from https://github.com/microg/android_packages_apps_GmsCore/blob/master/patches/android_frameworks_base-N.patch
Change-Id: I603fd09200432f7e1bf997072188cdfa6da1594f
Signed-off-by: Bernhard Rosenkränzer <bero@lindev.ch>
---
core/res/AndroidManifest.xml | 7 ++++++
core/res/res/values/config.xml | 2 ++
core/res/res/values/strings.xml | 4 ++++
.../server/pm/PackageManagerService.java | 23 +++++++++++++++++--
4 files changed, 34 insertions(+), 2 deletions(-)
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index 34d26f0da90..08f95ec1fdf 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -2357,6 +2357,13 @@
android:description="@string/permdesc_getPackageSize"
android:protectionLevel="normal" />
+ <!-- @hide Allows an application to change the package signature as
+ seen by applications -->
+ <permission android:name="android.permission.FAKE_PACKAGE_SIGNATURE"
+ android:protectionLevel="dangerous"
+ android:label="@string/permlab_fakePackageSignature"
+ android:description="@string/permdesc_fakePackageSignature" />
+
<!-- @deprecated No longer useful, see
{@link android.content.pm.PackageManager#addPackageToPreferred}
for details. -->
diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml
index cf9bd122baf..2047c336acd 100644
--- a/core/res/res/values/config.xml
+++ b/core/res/res/values/config.xml
@@ -1682,6 +1682,8 @@
<string-array name="config_locationProviderPackageNames" translatable="false">
<!-- The standard AOSP fused location provider -->
<item>com.android.location.fused</item>
+ <!-- The (faked) microg fused location provider (a free reimplementation) -->
+ <item>com.google.android.gms</item>
</string-array>
<!-- This string array can be overriden to enable test location providers initially. -->
diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
index f6600462ea7..bad13100a79 100644
--- a/core/res/res/values/strings.xml
+++ b/core/res/res/values/strings.xml
@@ -785,6 +785,10 @@
<!-- Permissions -->
+ <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
+ <string name="permlab_fakePackageSignature">Spoof package signature</string>
+ <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
+ <string name="permdesc_fakePackageSignature">Allows the app to pretend to be a different app. Malicious applications might be able to use this to access private application data. Legitimate uses include an emulator pretending to be what it emulates. Grant this permission with caution only!</string>
<!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
<string name="permlab_statusBar">disable or modify status bar</string>
<!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 9b50a1545a5..58dc3fe926f 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -4179,8 +4179,9 @@ public class PackageManagerService extends IPackageManager.Stub
final Set<String> permissions = ArrayUtils.isEmpty(p.requestedPermissions)
? Collections.emptySet() : permissionsState.getPermissions(userId);
- PackageInfo packageInfo = PackageParser.generatePackageInfo(p, gids, flags,
- ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId);
+ PackageInfo packageInfo = mayFakeSignature(p, PackageParser.generatePackageInfo(p, gids, flags,
+ ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId),
+ permissions);
if (packageInfo == null) {
return null;
@@ -4038,6 +4039,24 @@ public class PackageManagerService extends IPackageManager.Stub
}
}
+ private PackageInfo mayFakeSignature(PackageParser.Package p, PackageInfo pi,
+ Set<String> permissions) {
+ try {
+ if (permissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE")
+ && p.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1
+ && p.mAppMetaData != null) {
+ String sig = p.mAppMetaData.getString("fake-signature");
+ if (sig != null) {
+ pi.signatures = new Signature[] {new Signature(sig)};
+ }
+ }
+ } catch (Throwable t) {
+ // We should never die because of any failures, this is system code!
+ Log.w("PackageManagerService.FAKE_PACKAGE_SIGNATURE", t);
+ }
+ return pi;
+ }
+
@Override
public void checkPackageStartable(String packageName, int userId) {
final int callingUid = Binder.getCallingUid();
--
2.20.1

View File

@ -1,26 +0,0 @@
From c018c699ddaf7f9b76cf9f11cc4dc4308054cc0b Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Mon, 12 Feb 2018 02:55:55 -0500
Subject: [PATCH] Harden signature spoofing
Change-Id: I31e2a20923fff883c87fa6425408971657d3d7b3
---
core/res/AndroidManifest.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index 653caaca2a6..7f547dd07ac 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -2152,7 +2152,7 @@
<!-- @hide Allows an application to change the package signature as
seen by applications -->
<permission android:name="android.permission.FAKE_PACKAGE_SIGNATURE"
- android:protectionLevel="dangerous"
+ android:protectionLevel="signature"
android:label="@string/permlab_fakePackageSignature"
android:description="@string/permdesc_fakePackageSignature" />
--
2.16.1

View File

@ -1,78 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Mon, 21 May 2018 04:23:40 -0400
Subject: [PATCH] Disable/reduce functionality of various ad/analytics
libraries
Change-Id: I84303ee26d0232e471f44ae6eff6e41a2210e42e
---
.../android/content/pm/PackageParser.java | 56 +++++++++++++++++++
1 file changed, 56 insertions(+)
diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
index 861b0d922d32..1a93325f24ff 100644
--- a/core/java/android/content/pm/PackageParser.java
+++ b/core/java/android/content/pm/PackageParser.java
@@ -5598,6 +5598,62 @@ public class PackageParser {
if (data == null) {
data = new Bundle();
+ data.putString("acc_advertiser_id", "false");
+ data.putString("acc_no_geoloc", "true");
+ data.putString("acc_tracking_mode", "Restricted");
+ data.putString("android.webkit.WebView.MetricsOptOut", "true");
+ data.putString("AXACollectIp", "false");
+ data.putString("batch_opted_out_by_default", "true");
+ data.putString("CLEVERTAP_BACKGROUND_SYNC", "0");
+ data.putString("CLEVERTAP_USE_GOOGLE_AD_ID", "0");
+ data.putString("com.ad4screen.advertiser_id", "false");
+ data.putString("com.ad4screen.no_geoloc", "true");
+ data.putString("com.ad4screen.tracking_mode", "Restricted");
+ data.putString("com.bugsnag.android.AUTO_CAPTURE_SESSIONS", "false");
+ data.putString("com.bugsnag.android.AUTO_DETECT_ERRORS", "false");
+ data.putString("com.bugsnag.android.AUTO_TRACK_SESSIONS", "false");
+ data.putString("com.bugsnag.android.DETECT_ANR", "false");
+ data.putString("com.bugsnag.android.DETECT_NDK_CRASHES", "false");
+ data.putString("com.bugsnag.android.ENABLE_EXCEPTION_HANDLER", "false");
+ data.putString("com.bugsnag.android.PERSIST_USER_BETWEEN_SESSIONS", "false");
+ data.putString("com.bugsnag.android.PERSIST_USER", "false");
+ data.putString("com.bugsnag.android.SEND_THREADS", "NEVER");
+ data.putString("com.facebook.sdk.AdvertiserIDCollectionEnabled", "false");
+ data.putString("com.facebook.sdk.AutoInitEnabled", "false");
+ data.putString("com.facebook.sdk.AutoLogAppEventsEnabled", "false");
+ data.putString("com.followanalytics.message.inapp.enable", "false");
+ data.putString("com.followanalytics.message.push.enable", "false");
+ data.putString("com.google.android.gms.ads.AD_MANAGER_APP", "false");
+ data.putString("com.google.android.gms.ads.DELAY_APP_MEASUREMENT_INIT", "true");
+ data.putString("com.mapbox.EnableEvents", "false");
+ data.putString("com.microsoft.engagementinsights.autoCapture", "false");
+ data.putString("com.mixpanel.android.MPConfig.AutoCheckForSurveys", "false");
+ data.putString("com.mixpanel.android.MPConfig.AutoShowMixpanelUpdates", "false");
+ data.putString("com.mixpanel.android.MPConfig.DisableAppOpenEvent", "true");
+ data.putString("com.mixpanel.android.MPConfig.DisableDecideChecker", "true");
+ data.putString("com.mixpanel.android.MPConfig.DisableExceptionHandler", "true");
+ data.putString("com.mixpanel.android.MPConfig.DisableFallback", "true");
+ data.putString("com.mixpanel.android.MPConfig.DisableViewCrawler", "true");
+ data.putString("com.mixpanel.android.MPConfig.TestMode", "true");
+ data.putString("com.mixpanel.android.MPConfig.UseIpAddressForGeolocation", "false");
+ data.putString("com.sprooki.LOCATION_SERVICES", "disable");
+ data.putString("com.webengage.sdk.android.location_tracking", "false");
+ data.putString("firebase_analytics_collection_deactivated", "true");
+ data.putString("firebase_analytics_collection_enabled", "false");
+ data.putString("firebase_crash_collection_enabled", "false");
+ data.putString("firebase_crashlytics_collection_enabled", "false");
+ data.putString("firebase_performance_collection_deactivated", "true");
+ data.putString("google_analytics_adid_collection_enabled", "false");
+ data.putString("google_analytics_automatic_screen_reporting_enabled", "false");
+ data.putString("google_analytics_default_allow_ad_personalization_signals", "false");
+ data.putString("google_analytics_ssaid_collection_enabled", "false");
+ data.putString("SMT_USE_AD_ID", "0");
+ data.putString("tapjoy.disable_advertising_id_check", "true");
+ data.putString("tapjoy.disable_android_id_as_analytics_id", "true");
+ data.putString("tapjoy.disable_automatic_session_tracking", "true");
+ data.putString("tapjoy.disable_persistent_ids", "true");
+ data.putString("tapjoy.disable_video_offers", "true");
+ data.putString("tnkad_tracking", "false");
}
String name = sa.getNonConfigurationString(

View File

@ -1,158 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Philip Nagler-Frank <philip@nagler.world>
Date: Mon, 22 Mar 2021 21:03:57 -0400
Subject: [PATCH] Add permission to allow an APK to fake a signature.
Change-Id: I770c2c8b2ab6857d4ea0a4142fb814302685a64e
---
api/current.txt | 2 ++
core/res/AndroidManifest.xml | 15 ++++++++++++
core/res/res/values/config.xml | 2 ++
core/res/res/values/strings.xml | 12 ++++++++++
non-updatable-api/current.txt | 2 ++
.../server/pm/PackageManagerService.java | 23 +++++++++++++++++--
6 files changed, 54 insertions(+), 2 deletions(-)
diff --git a/api/current.txt b/api/current.txt
index 952ccdad992c..6bd7ffe6dcb8 100644
--- a/api/current.txt
+++ b/api/current.txt
@@ -77,6 +77,7 @@ package android {
field public static final String DIAGNOSTIC = "android.permission.DIAGNOSTIC";
field public static final String DISABLE_KEYGUARD = "android.permission.DISABLE_KEYGUARD";
field public static final String DUMP = "android.permission.DUMP";
+ field public static final String FAKE_PACKAGE_SIGNATURE = "android.permission.FAKE_PACKAGE_SIGNATURE";
field public static final String EXPAND_STATUS_BAR = "android.permission.EXPAND_STATUS_BAR";
field public static final String FACTORY_TEST = "android.permission.FACTORY_TEST";
field public static final String FOREGROUND_SERVICE = "android.permission.FOREGROUND_SERVICE";
@@ -182,6 +183,7 @@ package android {
field public static final String CALL_LOG = "android.permission-group.CALL_LOG";
field public static final String CAMERA = "android.permission-group.CAMERA";
field public static final String CONTACTS = "android.permission-group.CONTACTS";
+ field public static final String FAKE_PACKAGE = "android.permission-group.FAKE_PACKAGE";
field public static final String LOCATION = "android.permission-group.LOCATION";
field public static final String MICROPHONE = "android.permission-group.MICROPHONE";
field public static final String PHONE = "android.permission-group.PHONE";
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index ee428371a016..ad6cfd6ae501 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -2852,6 +2852,21 @@
android:description="@string/permdesc_getPackageSize"
android:protectionLevel="normal" />
+ <!-- Dummy user-facing group for faking package signature -->
+ <permission-group android:name="android.permission-group.FAKE_PACKAGE"
+ android:label="@string/permgrouplab_fake_package_signature"
+ android:description="@string/permgroupdesc_fake_package_signature"
+ android:request="@string/permgrouprequest_fake_package_signature"
+ android:priority="100" />
+
+ <!-- Allows an application to change the package signature as
+ seen by applications -->
+ <permission android:name="android.permission.FAKE_PACKAGE_SIGNATURE"
+ android:permissionGroup="android.permission-group.UNDEFINED"
+ android:protectionLevel="dangerous"
+ android:label="@string/permlab_fakePackageSignature"
+ android:description="@string/permdesc_fakePackageSignature" />
+
<!-- @deprecated No longer useful, see
{@link android.content.pm.PackageManager#addPackageToPreferred}
for details. -->
diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml
index f4efcc7e4eec..51b461e79492 100644
--- a/core/res/res/values/config.xml
+++ b/core/res/res/values/config.xml
@@ -1654,6 +1654,8 @@
<string-array name="config_locationProviderPackageNames" translatable="false">
<!-- The standard AOSP fused location provider -->
<item>com.android.location.fused</item>
+ <!-- Google Play Services or microG (free reimplementation) location provider -->
+ <item>com.google.android.gms</item>
</string-array>
<!-- This string array can be overriden to enable test location providers initially. -->
diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
index 5c659123b027..4ea996c492c7 100644
--- a/core/res/res/values/strings.xml
+++ b/core/res/res/values/strings.xml
@@ -847,6 +847,18 @@
<!-- Permissions -->
+ <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
+ <string name="permlab_fakePackageSignature">Spoof package signature</string>
+ <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
+ <string name="permdesc_fakePackageSignature">Allows the app to pretend to be a different app. Malicious applications might be able to use this to access private application data. Legitimate uses include an emulator pretending to be what it emulates. Grant this permission with caution only!</string>
+ <!-- Title of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
+ <string name="permgrouplab_fake_package_signature">Spoof package signature</string>
+ <!-- Description of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
+ <string name="permgroupdesc_fake_package_signature">allow to spoof package signature</string>
+ <!-- Message shown to the user when the apps requests permission from this group. If ever possible this should stay below 80 characters (assuming the parameters takes 20 characters). Don't abbreviate until the message reaches 120 characters though. [CHAR LIMIT=120] -->
+ <string name="permgrouprequest_fake_package_signature">Allow
+ &lt;b><xliff:g id="app_name" example="Gmail">%1$s</xliff:g>&lt;/b> to spoof package signature?</string>
+
<!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
<string name="permlab_statusBar">disable or modify status bar</string>
<!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
diff --git a/non-updatable-api/current.txt b/non-updatable-api/current.txt
index 5f15216e8400..57748a8090a2 100644
--- a/non-updatable-api/current.txt
+++ b/non-updatable-api/current.txt
@@ -79,6 +79,7 @@ package android {
field public static final String DUMP = "android.permission.DUMP";
field public static final String EXPAND_STATUS_BAR = "android.permission.EXPAND_STATUS_BAR";
field public static final String FACTORY_TEST = "android.permission.FACTORY_TEST";
+ field public static final String FAKE_PACKAGE_SIGNATURE = "android.permission.FAKE_PACKAGE_SIGNATURE";
field public static final String FOREGROUND_SERVICE = "android.permission.FOREGROUND_SERVICE";
field public static final String GET_ACCOUNTS = "android.permission.GET_ACCOUNTS";
field public static final String GET_ACCOUNTS_PRIVILEGED = "android.permission.GET_ACCOUNTS_PRIVILEGED";
@@ -182,6 +183,7 @@ package android {
field public static final String CALL_LOG = "android.permission-group.CALL_LOG";
field public static final String CAMERA = "android.permission-group.CAMERA";
field public static final String CONTACTS = "android.permission-group.CONTACTS";
+ field public static final String FAKE_PACKAGE = "android.permission-group.FAKE_PACKAGE";
field public static final String LOCATION = "android.permission-group.LOCATION";
field public static final String MICROPHONE = "android.permission-group.MICROPHONE";
field public static final String PHONE = "android.permission-group.PHONE";
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index ea9378e98b1a..c2a677613c6d 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -4454,8 +4454,9 @@ public class PackageManagerService extends IPackageManager.Stub
});
}
- PackageInfo packageInfo = PackageInfoUtils.generate(p, gids, flags,
- ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId, ps);
+ PackageInfo packageInfo = mayFakeSignature(p, PackageInfoUtils.generate(p, gids, flags,
+ ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId, ps),
+ permissions);
if (packageInfo == null) {
return null;
@@ -4491,6 +4492,24 @@ public class PackageManagerService extends IPackageManager.Stub
}
}
+ private PackageInfo mayFakeSignature(AndroidPackage p, PackageInfo pi,
+ Set<String> permissions) {
+ try {
+ if (permissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE")
+ && p.getTargetSdkVersion() > Build.VERSION_CODES.LOLLIPOP_MR1
+ && p.getMetaData() != null) {
+ String sig = p.getMetaData().getString("fake-signature");
+ if (sig != null) {
+ pi.signatures = new Signature[] {new Signature(sig)};
+ }
+ }
+ } catch (Throwable t) {
+ // We should never die because of any failures, this is system code!
+ Log.w("PackageManagerService.FAKE_PACKAGE_SIGNATURE", t);
+ }
+ return pi;
+ }
+
@Override
public void checkPackageStartable(String packageName, int userId) {
final int callingUid = Binder.getCallingUid();

View File

@ -1,23 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Mon, 12 Feb 2018 02:55:55 -0500
Subject: [PATCH] Harden signature spoofing
Change-Id: I31e2a20923fff883c87fa6425408971657d3d7b3
---
core/res/AndroidManifest.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index ad6cfd6ae501..acd7dbbbc4b1 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -2863,7 +2863,7 @@
seen by applications -->
<permission android:name="android.permission.FAKE_PACKAGE_SIGNATURE"
android:permissionGroup="android.permission-group.UNDEFINED"
- android:protectionLevel="dangerous"
+ android:protectionLevel="signature"
android:label="@string/permlab_fakePackageSignature"
android:description="@string/permdesc_fakePackageSignature" />

View File

@ -1,78 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Mon, 21 May 2018 04:23:40 -0400
Subject: [PATCH] Disable/reduce functionality of various ad/analytics
libraries
Change-Id: I84303ee26d0232e471f44ae6eff6e41a2210e42e
---
.../android/content/pm/PackageParser.java | 56 +++++++++++++++++++
1 file changed, 56 insertions(+)
diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
index 70e4e6cbf622..44feb7f38653 100644
--- a/core/java/android/content/pm/PackageParser.java
+++ b/core/java/android/content/pm/PackageParser.java
@@ -5551,6 +5551,62 @@ public class PackageParser {
if (data == null) {
data = new Bundle();
+ data.putString("acc_advertiser_id", "false");
+ data.putString("acc_no_geoloc", "true");
+ data.putString("acc_tracking_mode", "Restricted");
+ data.putString("android.webkit.WebView.MetricsOptOut", "true");
+ data.putString("AXACollectIp", "false");
+ data.putString("batch_opted_out_by_default", "true");
+ data.putString("CLEVERTAP_BACKGROUND_SYNC", "0");
+ data.putString("CLEVERTAP_USE_GOOGLE_AD_ID", "0");
+ data.putString("com.ad4screen.advertiser_id", "false");
+ data.putString("com.ad4screen.no_geoloc", "true");
+ data.putString("com.ad4screen.tracking_mode", "Restricted");
+ data.putString("com.bugsnag.android.AUTO_CAPTURE_SESSIONS", "false");
+ data.putString("com.bugsnag.android.AUTO_DETECT_ERRORS", "false");
+ data.putString("com.bugsnag.android.AUTO_TRACK_SESSIONS", "false");
+ data.putString("com.bugsnag.android.DETECT_ANR", "false");
+ data.putString("com.bugsnag.android.DETECT_NDK_CRASHES", "false");
+ data.putString("com.bugsnag.android.ENABLE_EXCEPTION_HANDLER", "false");
+ data.putString("com.bugsnag.android.PERSIST_USER_BETWEEN_SESSIONS", "false");
+ data.putString("com.bugsnag.android.PERSIST_USER", "false");
+ data.putString("com.bugsnag.android.SEND_THREADS", "NEVER");
+ data.putString("com.facebook.sdk.AdvertiserIDCollectionEnabled", "false");
+ data.putString("com.facebook.sdk.AutoInitEnabled", "false");
+ data.putString("com.facebook.sdk.AutoLogAppEventsEnabled", "false");
+ data.putString("com.followanalytics.message.inapp.enable", "false");
+ data.putString("com.followanalytics.message.push.enable", "false");
+ data.putString("com.google.android.gms.ads.AD_MANAGER_APP", "false");
+ data.putString("com.google.android.gms.ads.DELAY_APP_MEASUREMENT_INIT", "true");
+ data.putString("com.mapbox.EnableEvents", "false");
+ data.putString("com.microsoft.engagementinsights.autoCapture", "false");
+ data.putString("com.mixpanel.android.MPConfig.AutoCheckForSurveys", "false");
+ data.putString("com.mixpanel.android.MPConfig.AutoShowMixpanelUpdates", "false");
+ data.putString("com.mixpanel.android.MPConfig.DisableAppOpenEvent", "true");
+ data.putString("com.mixpanel.android.MPConfig.DisableDecideChecker", "true");
+ data.putString("com.mixpanel.android.MPConfig.DisableExceptionHandler", "true");
+ data.putString("com.mixpanel.android.MPConfig.DisableFallback", "true");
+ data.putString("com.mixpanel.android.MPConfig.DisableViewCrawler", "true");
+ data.putString("com.mixpanel.android.MPConfig.TestMode", "true");
+ data.putString("com.mixpanel.android.MPConfig.UseIpAddressForGeolocation", "false");
+ data.putString("com.sprooki.LOCATION_SERVICES", "disable");
+ data.putString("com.webengage.sdk.android.location_tracking", "false");
+ data.putString("firebase_analytics_collection_deactivated", "true");
+ data.putString("firebase_analytics_collection_enabled", "false");
+ data.putString("firebase_crash_collection_enabled", "false");
+ data.putString("firebase_crashlytics_collection_enabled", "false");
+ data.putString("firebase_performance_collection_deactivated", "true");
+ data.putString("google_analytics_adid_collection_enabled", "false");
+ data.putString("google_analytics_automatic_screen_reporting_enabled", "false");
+ data.putString("google_analytics_default_allow_ad_personalization_signals", "false");
+ data.putString("google_analytics_ssaid_collection_enabled", "false");
+ data.putString("SMT_USE_AD_ID", "0");
+ data.putString("tapjoy.disable_advertising_id_check", "true");
+ data.putString("tapjoy.disable_android_id_as_analytics_id", "true");
+ data.putString("tapjoy.disable_automatic_session_tracking", "true");
+ data.putString("tapjoy.disable_persistent_ids", "true");
+ data.putString("tapjoy.disable_video_offers", "true");
+ data.putString("tnkad_tracking", "false");
}
String name = sa.getNonConfigurationString(

View File

@ -1,31 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Philip Nagler-Frank <philip@nagler.world>
Date: Mon, 22 Mar 2021 21:07:09 -0400
Subject: [PATCH] Add permission to allow an APK to fake a signature.
Change-Id: Iffcffde30416bd897d8afe0b4f72538a586ccab9
---
.../android/permissioncontroller/permission/utils/Utils.java | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/com/android/permissioncontroller/permission/utils/Utils.java b/src/com/android/permissioncontroller/permission/utils/Utils.java
index 65fdd590a..fdd71e215 100644
--- a/src/com/android/permissioncontroller/permission/utils/Utils.java
+++ b/src/com/android/permissioncontroller/permission/utils/Utils.java
@@ -23,6 +23,7 @@ import static android.Manifest.permission_group.CALENDAR;
import static android.Manifest.permission_group.CALL_LOG;
import static android.Manifest.permission_group.CAMERA;
import static android.Manifest.permission_group.CONTACTS;
+import static android.Manifest.permission_group.FAKE_PACKAGE;
import static android.Manifest.permission_group.LOCATION;
import static android.Manifest.permission_group.MICROPHONE;
import static android.Manifest.permission_group.PHONE;
@@ -209,6 +210,8 @@ public final class Utils {
PLATFORM_PERMISSIONS.put(Manifest.permission.BODY_SENSORS, SENSORS);
+ PLATFORM_PERMISSIONS.put(Manifest.permission.FAKE_PACKAGE_SIGNATURE, FAKE_PACKAGE);
+
PLATFORM_PERMISSION_GROUPS = new ArrayMap<>();
int numPlatformPermissions = PLATFORM_PERMISSIONS.size();
for (int i = 0; i < numPlatformPermissions; i++) {

@ -1 +1 @@
Subproject commit defba989e7004809c1d67c2ba47952b66f9dd3cb
Subproject commit 247e39cddabf7877cbe61c6d196a80d6e0ed4cc0

View File

@ -16,13 +16,6 @@
#along with this program. If not, see <https://www.gnu.org/licenses/>.
umask 0022;
if [ "$DOS_NON_COMMERCIAL_USE_PATCHES" = true ]; then
echo -e "\e[0;33mWARNING: YOU HAVE ENABLED PATCHES THAT WHILE ARE OPEN SOURCE ARE ALSO ENCUMBERED BY RESTRICTIVE LICENSES\e[0m";
echo -e "\e[0;33mPLEASE SEE THE 'LICENSES' FILE AT THE ROOT OF THIS REPOSITORY FOR MORE INFORMATION\e[0m";
echo -e "\e[0;33mDISABLE THEM BY SETTING 'NON_COMMERCIAL_USE_PATCHES' TO 'false' IN 'Scripts/init.sh'\e[0m";
sleep 15;
fi;
startPatcher() {
java -jar "$DOS_BINARY_PATCHER" patch workspace "$DOS_BUILD_BASE" "$DOS_WORKSPACE_ROOT""Patches/Linux/" "$DOS_SCRIPTS_CVES" $1;
}
@ -406,16 +399,6 @@ removeBuildFingerprints() {
}
export -f removeBuildFingerprints;
disableDexPreOpt() {
cd "$DOS_BUILD_BASE$1";
if [ -f BoardConfig.mk ]; then
sed -i "s/WITH_DEXPREOPT := true/WITH_DEXPREOPT := false/" BoardConfig.mk;
echo "Disabled dexpreopt";
fi;
cd "$DOS_BUILD_BASE";
}
export -f disableDexPreOpt;
compressRamdisks() {
if [ -f BoardConfig.mk ]; then
echo "LZMA_RAMDISK_TARGETS := boot,recovery" >> BoardConfig.mk;
@ -424,23 +407,6 @@ compressRamdisks() {
}
export -f compressRamdisks;
addVerity() {
echo 'ifeq ($(TARGET_BUILD_VARIANT),user)' >> device.mk;
echo 'PRODUCT_SYSTEM_VERITY_PARTITION := /dev/block/by-name/system' >> device.mk;
echo '$(call inherit-product, build/target/product/verity.mk)' >> device.mk;
echo 'endif' >> device.mk;
sed -i '/on init/a\\ verity_load_state' rootdir/etc/init."${PWD##*/}".rc;
sed -i '/on early-boot/a\\ verity_update_state' rootdir/etc/init."${PWD##*/}".rc;
}
export -f addVerity;
optimizeImagesRecursive() {
find "$1" -type f -name "*.jp*g" -print0 | xargs -0 -n1 -P 16 jpegoptim;
find "$1" -type f -name "*.png" -print0 | xargs -0 -n1 -P 16 optipng;
}
export -f optimizeImagesRecursive;
smallerSystem() {
echo "BOARD_SYSTEMIMAGE_JOURNAL_SIZE := 0" >> BoardConfig.mk;
echo "PRODUCT_MINIMIZE_JAVA_DEBUG_INFO := true" >> device.mk;
@ -463,18 +429,6 @@ deblobAudio() {
}
export -f deblobAudio;
imsAllowDiag() {
find device -name "ims.te" -type f -exec sh -c "echo 'diag_use(ims)' >> {}" \;
find device -name "hal_imsrtp.te" -type f -exec sh -c "echo 'diag_use(hal_imsrtp)' >> {}" \;
}
export -f imsAllowDiag;
extremeWiFiDeepSleep() {
sed -i 's/gEnablePowerSaveOffload=2/gEnablePowerSaveOffload=4/' $1;
echo "Enabled extreme Wi-Fi deep sleep for $1";
}
export -f extremeWiFiDeepSleep;
volteOverride() {
cd "$DOS_BUILD_BASE$1";
if grep -sq "config_device_volte_available" "overlay/frameworks/base/core/res/res/values/config.xml"; then
@ -558,14 +512,6 @@ hardenLocationFWB() {
}
export -f hardenLocationFWB;
enableZram() {
cd "$DOS_BUILD_BASE$1";
sed -i 's|#/dev/block/zram0|/dev/block/zram0|' *fstab* */*fstab* */*/*fstab* &>/dev/null || true;
echo "Enabled zram for $1";
cd "$DOS_BUILD_BASE";
}
export -f enableZram;
hardenUserdata() {
cd "$DOS_BUILD_BASE$1";

View File

@ -63,7 +63,6 @@ buildAll() {
umask 0022;
cd "$DOS_BUILD_BASE";
if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanWorkspaceForMalware; fi;
if [ "$DOS_OPTIMIZE_IMAGES" = true ]; then optimizeImagesRecursive "$DOS_BUILD_BASE"; fi;
#Select devices are userdebug due to SELinux policy issues
#SD600
buildDeviceUserDebug m7;

View File

@ -98,13 +98,9 @@ if enterAndClear "frameworks/base"; then
git revert --no-edit 0326bb5e41219cf502727c3aa44ebf2daa19a5b3; #Re-enable doze on devices without gms
applyPatch "$DOS_PATCHES/android_frameworks_base/248599.patch"; #Make SET_TIME_ZONE permission match SET_TIME
applyPatch "$DOS_PATCHES/android_frameworks_base/0001-Reduced_Resolution.patch"; #Allow reducing resolution to save power TODO: Add 800x480
#applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Connectivity.patch"; #Change connectivity check URLs to ours
#applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0001-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969)
if [ "$DOS_SENSORS_PERM" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0009-Sensors-P1.patch"; fi; #Permission for sensors access (MSe1969)
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0003-Signature_Spoofing.patch"; fi; #Allow packages to spoof their signature (microG)
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0005-Harden_Sig_Spoofing.patch"; fi; #Restrict signature spoofing to system apps signed with the platform key
hardenLocationFWB "$DOS_BUILD_BASE"; #Harden the default GPS config
changeDefaultDNS; #Change the default DNS servers
sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox internal logging service
@ -222,7 +218,6 @@ applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0002-Sensors-P2.patch";
fi;
sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/ChooseLockPassword.java; #Increase max password length (GrapheneOS)
sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/PrivacySettings.java; fi; #microG doesn't support Backup, hide the options
fi;
if enterAndClear "packages/apps/SetupWizard"; then
@ -293,7 +288,6 @@ fi;
awk -i inplace '!/def_backup_transport/' overlay/common/frameworks/base/packages/SettingsProvider/res/values/defaults.xml; #Unset default backup provider
if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then sed -i '/Google provider/!b;n;s/com.google.android.gms/org.microg.nlp/' overlay/common/frameworks/base/core/res/res/values/config.xml; fi; #Adjust the fused providers
sed -i 's/CM_BUILDTYPE := UNOFFICIAL/CM_BUILDTYPE := dos/' config/common.mk; #Change buildtype
if [ "$DOS_NON_COMMERCIAL_USE_PATCHES" = true ]; then sed -i 's/CM_BUILDTYPE := dos/CM_BUILDTYPE := dosNC/' config/common.mk; fi;
echo 'include vendor/divested/divestos.mk' >> config/common.mk; #Include our customizations
cp -f "$DOS_PATCHES_COMMON/apns-conf.xml" prebuilt/common/etc/apns-conf.xml; #Update APN list
if [ "$DOS_SILENCE_INCLUDED" = true ]; then sed -i 's/messaging/Silence/' config/telephony.mk; fi; #Replace the Messaging app with Silence
@ -310,8 +304,6 @@ fi;
if enter "vendor/divested"; then
if [ "$DOS_MICROG_INCLUDED" != "NONE" ]; then echo "PRODUCT_PACKAGES += DejaVuNlpBackend IchnaeaNlpBackend NominatimNlpBackend" >> packages.mk; fi; #Include UnifiedNlp backends
if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then echo "PRODUCT_PACKAGES += UnifiedNLP" >> packages.mk; fi; #Include UnifiedNlp
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then echo "PRODUCT_PACKAGES += GmsCore GsfProxy FakeStore" >> packages.mk; fi; #Include microG
if [ "$DOS_HOSTS_BLOCKING" = false ]; then echo "PRODUCT_PACKAGES += $DOS_HOSTS_BLOCKING_APP" >> packages.mk; fi; #Include blocker app
sed -i 's/TalkBack/TalkBackLegacy/' packages.mk;
fi;
#

View File

@ -54,7 +54,6 @@ buildAll() {
umask 0022;
cd "$DOS_BUILD_BASE";
if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanWorkspaceForMalware; fi;
if [ "$DOS_OPTIMIZE_IMAGES" = true ]; then optimizeImagesRecursive "$DOS_BUILD_BASE"; fi;
#SDS4P
buildDevice flo; #Last version without repartitioning required + 18.1 has random power off issue
#SD801

View File

@ -112,14 +112,10 @@ fi;
#fi;
if enterAndClear "frameworks/base"; then
#applyPatch "$DOS_PATCHES/android_frameworks_base/0005-Connectivity.patch"; #Change connectivity check URLs to ours
#applyPatch "$DOS_PATCHES/android_frameworks_base/0006-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0001-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969)
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after three failed attempts (GrapheneOS)
if [ "$DOS_SENSORS_PERM" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Sensors.patch"; fi; #Permission for sensors access (MSe1969)
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0002-Signature_Spoofing.patch"; fi; #Allow packages to spoof their signature (microG)
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0003-Harden_Sig_Spoofing.patch"; fi; #Restrict signature spoofing to system apps signed with the platform key
sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox internal logging service
sed -i 's/DEFAULT_MAX_FILES_LOWRAM = 300;/DEFAULT_MAX_FILES_LOWRAM = 0;/' services/core/java/com/android/server/DropBoxManagerService.java;
sed -i 's/(notif.needNotify)/(true)/' location/java/com/android/internal/location/GpsNetInitiatedHandler.java; #Notify the user if their location is requested via SUPL
@ -212,7 +208,6 @@ applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0005-Sensors-P2.patch";
fi;
sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase max password length (GrapheneOS)
sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/PrivacySettings.java; fi; #microG doesn't support Backup, hide the options
fi;
if enterAndClear "packages/apps/SetupWizard"; then
@ -276,7 +271,6 @@ awk -i inplace '!/def_backup_transport/' overlay/common/frameworks/base/packages
if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then awk -i inplace '!/AudioFX/' config/common.mk; fi; #Remove AudioFX
if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then sed -i '/Google provider/!b;n;s/com.google.android.gms/org.microg.nlp/' overlay/common/frameworks/base/core/res/res/values/config.xml; fi; #Adjust the fused providers
sed -i 's/LINEAGE_BUILDTYPE := UNOFFICIAL/LINEAGE_BUILDTYPE := dos/' config/common.mk; #Change buildtype
if [ "$DOS_NON_COMMERCIAL_USE_PATCHES" = true ]; then sed -i 's/LINEAGE_BUILDTYPE := dos/LINEAGE_BUILDTYPE := dosNC/' config/common.mk; fi;
echo 'include vendor/divested/divestos.mk' >> config/common.mk; #Include our customizations
cp -f "$DOS_PATCHES_COMMON/apns-conf.xml" prebuilt/common/etc/apns-conf.xml; #Update APN list
if [ "$DOS_SILENCE_INCLUDED" = true ]; then sed -i 's/messaging/Silence/' config/telephony.mk; fi; #Replace the Messaging app with Silence
@ -287,8 +281,6 @@ fi;
if enter "vendor/divested"; then
if [ "$DOS_MICROG_INCLUDED" != "NONE" ]; then echo "PRODUCT_PACKAGES += DejaVuNlpBackend IchnaeaNlpBackend NominatimNlpBackend" >> packages.mk; fi; #Include UnifiedNlp backends
if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then echo "PRODUCT_PACKAGES += UnifiedNLP" >> packages.mk; fi; #Include UnifiedNlp
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then echo "PRODUCT_PACKAGES += GmsCore GsfProxy FakeStore" >> packages.mk; fi; #Include microG
if [ "$DOS_HOSTS_BLOCKING" = false ]; then echo "PRODUCT_PACKAGES += $DOS_HOSTS_BLOCKING_APP" >> packages.mk; fi; #Include blocker app
fi;
#
#END OF ROM CHANGES

View File

@ -54,7 +54,6 @@ buildAll() {
umask 0022;
cd "$DOS_BUILD_BASE";
if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanWorkspaceForMalware; fi;
if [ "$DOS_OPTIMIZE_IMAGES" = true ]; then optimizeImagesRecursive "$DOS_BUILD_BASE"; fi;
#SD800
buildDevice hammerhead; #broken Bluetooth + maybe broken sepolicy
#SD801

View File

@ -138,8 +138,6 @@ if [ "$DOS_GRAPHENE_MALLOC" = true ]; then applyPatch "$DOS_PATCHES/android_fram
fi;
if enterAndClear "frameworks/base"; then
#applyPatch "$DOS_PATCHES/android_frameworks_base/0005-Connectivity.patch"; #Change connectivity check URLs to ours
#applyPatch "$DOS_PATCHES/android_frameworks_base/0006-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries
applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS)
applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
applyPatch "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch"; #Allow SystemUI to directly manage Bluetooth/WiFi (GrapheneOS)
@ -167,8 +165,6 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-2.patch
applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-3.patch";
fi;
if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0014-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS)
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0002-Signature_Spoofing.patch"; fi; #Allow packages to spoof their signature (microG)
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0003-Harden_Sig_Spoofing.patch"; fi; #Restrict signature spoofing to system apps signed with the platform key
sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox internal logging service
sed -i 's/DEFAULT_MAX_FILES_LOWRAM = 300;/DEFAULT_MAX_FILES_LOWRAM = 0;/' services/core/java/com/android/server/DropBoxManagerService.java;
sed -i 's/(notif.needNotify)/(true)/' location/java/com/android/internal/location/GpsNetInitiatedHandler.java; #Notify the user if their location is requested via SUPL
@ -285,7 +281,6 @@ fi;
#applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0004-Private_DNS.patch"; #More 'Private DNS' options (CalyxOS) #TODO: Needs work
sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase max password length (GrapheneOS)
sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/PrivacySettings.java; fi; #microG doesn't support Backup, hide the options
fi;
if enterAndClear "packages/apps/SetupWizard"; then
@ -357,7 +352,6 @@ awk -i inplace '!/def_backup_transport/' overlay/common/frameworks/base/packages
if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then awk -i inplace '!/AudioFX/' config/*.mk; fi; #Remove AudioFX
if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then sed -i '/Google provider/!b;n;s/com.google.android.gms/org.microg.nlp/' overlay/common/frameworks/base/core/res/res/values/config.xml; fi; #Adjust the fused providers
sed -i 's/LINEAGE_BUILDTYPE := UNOFFICIAL/LINEAGE_BUILDTYPE := dos/' config/*.mk; #Change buildtype
if [ "$DOS_NON_COMMERCIAL_USE_PATCHES" = true ]; then sed -i 's/LINEAGE_BUILDTYPE := dos/LINEAGE_BUILDTYPE := dosNC/' config/*.mk; fi;
echo 'include vendor/divested/divestos.mk' >> config/common.mk; #Include our customizations
cp -f "$DOS_PATCHES_COMMON/apns-conf.xml" prebuilt/common/etc/apns-conf.xml; #Update APN list
if [ "$DOS_SILENCE_INCLUDED" = true ]; then sed -i 's/messaging/Silence/' config/telephony.mk; fi; #Replace the Messaging app with Silence
@ -368,8 +362,6 @@ fi;
if enter "vendor/divested"; then
if [ "$DOS_MICROG_INCLUDED" != "NONE" ]; then echo "PRODUCT_PACKAGES += DejaVuNlpBackend IchnaeaNlpBackend NominatimNlpBackend" >> packages.mk; fi; #Include UnifiedNlp backends
if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then echo "PRODUCT_PACKAGES += UnifiedNLP" >> packages.mk; fi; #Include UnifiedNlp
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then echo "PRODUCT_PACKAGES += GmsCore GsfProxy FakeStore" >> packages.mk; fi; #Include microG
if [ "$DOS_HOSTS_BLOCKING" = false ]; then echo "PRODUCT_PACKAGES += $DOS_HOSTS_BLOCKING_APP" >> packages.mk; fi; #Include blocker app
echo "PRODUCT_PACKAGES += vendor.lineage.trust@1.0-service" >> packages.mk; #Add deny usb service, all of our kernels have the necessary patch
fi;
#

View File

@ -54,7 +54,6 @@ buildAll() {
umask 0022;
cd "$DOS_BUILD_BASE";
if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanWorkspaceForMalware; fi;
if [ "$DOS_OPTIMIZE_IMAGES" = true ]; then optimizeImagesRecursive "$DOS_BUILD_BASE"; fi;
#SD410
buildDevice crackling;
buildDevice harpia;

View File

@ -131,7 +131,6 @@ awk -i inplace '!/deletePackage/' pico/src/com/svox/pico/LangPackUninstaller.jav
fi;
if enterAndClear "frameworks/base"; then
#applyPatch "$DOS_PATCHES/android_frameworks_base/0006-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries
applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS)
applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
applyPatch "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch"; #Allow SystemUI to directly manage Bluetooth/WiFi (GrapheneOS)
@ -173,8 +172,6 @@ fi;
if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0018-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS)
if [ "$DOS_GRAPHENE_RANDOM_MAC" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0019-Random_MAC.patch"; fi; #Add option of always randomizing MAC addresses (GrapheneOS)
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0006-Do-not-throw-in-setAppOnInterfaceLocked.patch"; #Fix random reboots on broken kernels when an app has data restricted XXX: ugly
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0002-Signature_Spoofing.patch"; fi; #Allow packages to spoof their signature (microG)
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0003-Harden_Sig_Spoofing.patch"; fi; #Restrict signature spoofing to system apps signed with the platform key
sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox internal logging service
sed -i 's/DEFAULT_MAX_FILES_LOWRAM = 300;/DEFAULT_MAX_FILES_LOWRAM = 0;/' services/core/java/com/android/server/DropBoxManagerService.java;
sed -i 's/(notif.needNotify)/(true)/' location/java/com/android/internal/location/GpsNetInitiatedHandler.java; #Notify the user if their location is requested via SUPL
@ -307,7 +304,6 @@ applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0010-Random_MAC-2.patch"
fi;
sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase max password length (GrapheneOS)
sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/backup/PrivacySettingsUtils.java; fi; #microG doesn't support Backup, hide the options
fi;
if enterAndClear "packages/apps/SetupWizard"; then
@ -401,7 +397,6 @@ awk -i inplace '!/def_backup_transport/' overlay/common/frameworks/base/packages
if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then awk -i inplace '!/AudioFX/' config/*.mk; fi; #Remove AudioFX
if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then sed -i '/Google provider/!b;n;s/com.google.android.gms/org.microg.nlp/' overlay/common/frameworks/base/core/res/res/values/config.xml; fi; #Adjust the fused providers
sed -i 's/LINEAGE_BUILDTYPE := UNOFFICIAL/LINEAGE_BUILDTYPE := dos/' config/*.mk; #Change buildtype
if [ "$DOS_NON_COMMERCIAL_USE_PATCHES" = true ]; then sed -i 's/LINEAGE_BUILDTYPE := dos/LINEAGE_BUILDTYPE := dosNC/' config/*.mk; fi;
echo 'include vendor/divested/divestos.mk' >> config/common.mk; #Include our customizations
cp -f "$DOS_PATCHES_COMMON/apns-conf.xml" prebuilt/common/etc/apns-conf.xml; #Update APN list
if [ "$DOS_SILENCE_INCLUDED" = true ]; then sed -i 's/messaging/Silence/' config/telephony.mk; fi; #Replace the Messaging app with Silence
@ -413,8 +408,6 @@ fi;
if enter "vendor/divested"; then
if [ "$DOS_MICROG_INCLUDED" != "NONE" ]; then echo "PRODUCT_PACKAGES += DejaVuNlpBackend IchnaeaNlpBackend NominatimNlpBackend" >> packages.mk; fi; #Include UnifiedNlp backends
if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then echo "PRODUCT_PACKAGES += UnifiedNLP" >> packages.mk; fi; #Include UnifiedNlp
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then echo "PRODUCT_PACKAGES += GmsCore GsfProxy FakeStore" >> packages.mk; fi; #Include microG
if [ "$DOS_HOSTS_BLOCKING" = false ]; then echo "PRODUCT_PACKAGES += $DOS_HOSTS_BLOCKING_APP" >> packages.mk; fi; #Include blocker app
echo "PRODUCT_PACKAGES += vendor.lineage.trust@1.0-service" >> packages.mk; #Add deny usb service, all of our kernels have the necessary patch
fi;
#

View File

@ -54,7 +54,6 @@ buildAll() {
umask 0022;
cd "$DOS_BUILD_BASE";
if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanWorkspaceForMalware; fi;
if [ "$DOS_OPTIMIZE_IMAGES" = true ]; then optimizeImagesRecursive "$DOS_BUILD_BASE"; fi;
#SDS4P
buildDevice flox && rm device/asus/flox/sensors/Android.bp;
buildDevice mako;

View File

@ -122,7 +122,6 @@ fi;
fi;
if enterAndClear "frameworks/base"; then
#applyPatch "$DOS_PATCHES/android_frameworks_base/0006-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries
applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS)
applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
applyPatch "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch"; #Allow SystemUI to directly manage Bluetooth/WiFi (GrapheneOS)
@ -164,8 +163,6 @@ sed -i 's/sys.spawn.exec/persist.security.exec_spawn/' core/java/com/android/int
fi;
if [ "$DOS_GRAPHENE_RANDOM_MAC" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0019-Random_MAC.patch"; fi; #Add option of always randomizing MAC addresses (GrapheneOS)
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0006-Do-not-throw-in-setAppOnInterfaceLocked.patch"; #Fix random reboots on broken kernels when an app has data restricted XXX: ugly
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0002-Signature_Spoofing.patch"; fi; #Allow packages to spoof their signature (microG)
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0003-Harden_Sig_Spoofing.patch"; fi; #Restrict signature spoofing to system apps signed with the platform key
hardenLocationConf services/core/java/com/android/server/location/gps_debug.conf; #Harden the default GPS config
changeDefaultDNS; #Change the default DNS servers
sed -i 's/DEFAULT_USE_COMPACTION = false;/DEFAULT_USE_COMPACTION = true;/' services/core/java/com/android/server/am/CachedAppOptimizer.java; #Enable app compaction by default (GrapheneOS)
@ -288,7 +285,6 @@ if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_pa
fi;
if enterAndClear "packages/apps/PermissionController"; then
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_packages_apps_PermissionController/0001-Signature_Spoofing.patch"; fi; #Allow packages to spoof their signature (microG)
if [ "$DOS_GRAPHENE_NETWORK_PERM" = true ]; then
applyPatch "$DOS_PATCHES/android_packages_apps_PermissionController/0002-Network_Permission-1.patch"; #Expose the NETWORK permission (GrapheneOS)
applyPatch "$DOS_PATCHES/android_packages_apps_PermissionController/0002-Network_Permission-2.patch";
@ -316,7 +312,6 @@ applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0011-Random_MAC-2.patch"
fi;
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0009-Install_Restrictions.patch"; #UserManager app installation restrictions (GrapheneOS)
sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/backup/PrivacySettingsUtils.java; fi; #microG doesn't support Backup, hide the options
fi;
if enterAndClear "packages/apps/SetupWizard"; then
@ -412,7 +407,6 @@ awk -i inplace '!/def_backup_transport/' overlay/common/frameworks/base/packages
if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then sed -i '25d' config/common_mobile.mk && awk -i inplace '!/AudioFX/' config/*.mk; fi; #Remove AudioFX
if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then sed -i '/Google provider/!b;n;s/com.google.android.gms/org.microg.nlp/' overlay/common/frameworks/base/core/res/res/values/config.xml; fi; #Adjust the fused providers
sed -i 's/LINEAGE_BUILDTYPE := UNOFFICIAL/LINEAGE_BUILDTYPE := dos/' config/*.mk; #Change buildtype
if [ "$DOS_NON_COMMERCIAL_USE_PATCHES" = true ]; then sed -i 's/LINEAGE_BUILDTYPE := dos/LINEAGE_BUILDTYPE := dosNC/' config/*.mk; fi;
echo 'include vendor/divested/divestos.mk' >> config/common.mk; #Include our customizations
cp -f "$DOS_PATCHES_COMMON/apns-conf.xml" prebuilt/common/etc/apns-conf.xml; #Update APN list
if [ "$DOS_SILENCE_INCLUDED" = true ]; then sed -i 's/messaging/Silence/' config/telephony.mk; fi; #Replace the Messaging app with Silence
@ -425,8 +419,6 @@ if enter "vendor/divested"; then
awk -i inplace '!/_lookup/' overlay/common/lineage-sdk/packages/LineageSettingsProvider/res/values/defaults.xml; #Remove all lookup provider overrides
if [ "$DOS_MICROG_INCLUDED" != "NONE" ]; then echo "PRODUCT_PACKAGES += DejaVuNlpBackend IchnaeaNlpBackend NominatimNlpBackend" >> packages.mk; fi; #Include UnifiedNlp backends
if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then echo "PRODUCT_PACKAGES += UnifiedNLP" >> packages.mk; fi; #Include UnifiedNlp
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then echo "PRODUCT_PACKAGES += GmsCore GsfProxy FakeStore" >> packages.mk; fi; #Include microG
if [ "$DOS_HOSTS_BLOCKING" = false ]; then echo "PRODUCT_PACKAGES += $DOS_HOSTS_BLOCKING_APP" >> packages.mk; fi; #Include blocker app
echo "PRODUCT_PACKAGES += vendor.lineage.trust@1.0-service" >> packages.mk; #Add deny usb service, all of our kernels have the necessary patch
echo "PRODUCT_PACKAGES += eSpeakNG" >> packages.mk; #PicoTTS needs work to compile on 18.1, use eSpeak-NG instead
fi;
@ -558,7 +550,6 @@ find "hardware/qcom/gps" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4
find "device" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
find "vendor" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
find "device" -type d -name "overlay" -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationFWB "{}"';
#find "device" -name "WCNSS_qcom_cfg.\ini" -type f -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'extremeWiFiDeepSleep "{}"';
if [ "$DOS_DEBLOBBER_REMOVE_IMS" = "false" ]; then find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'volteOverride "{}"'; fi;
find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'enableDexPreOpt "{}"';
find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'hardenUserdata "{}"';

View File

@ -54,7 +54,6 @@ buildAll() {
umask 0022;
cd "$DOS_BUILD_BASE";
if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanWorkspaceForMalware; fi;
if [ "$DOS_OPTIMIZE_IMAGES" = true ]; then optimizeImagesRecursive "$DOS_BUILD_BASE"; fi;
#SD630
buildDevice pioneer;
buildDevice voyager;
@ -66,7 +65,7 @@ buildAll() {
buildDevice pro1 avb;
buildDevice crosshatch avb;
buildDevice blueline avb;
buildDevice enchilada avb; #TODO: update kernel to 4.9.282 like 18.1
buildDevice enchilada avb;
buildDevice fajita avb;
#SD730
buildDevice sunfish avb;

View File

@ -116,7 +116,6 @@ fi;
fi;
if enterAndClear "frameworks/base"; then
#applyPatch "$DOS_PATCHES/android_frameworks_base/0006-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries #XXX 19REBASE
applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS)
applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
applyPatch "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch"; #Allow SystemUI to directly manage Bluetooth/WiFi (GrapheneOS) #XXX 19REBASE: maybe not needed
@ -363,7 +362,6 @@ awk -i inplace '!/def_backup_transport/' overlay/common/frameworks/base/packages
if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then sed -i '20d' config/common_mobile.mk && awk -i inplace '!/AudioFX/' config/*.mk; fi; #Remove AudioFX
if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then sed -i '/Google provider/!b;n;s/com.google.android.gms/org.microg.nlp/' overlay/common/frameworks/base/core/res/res/values/config.xml; fi; #Adjust the fused providers
sed -i 's/LINEAGE_BUILDTYPE := UNOFFICIAL/LINEAGE_BUILDTYPE := dos/' config/*.mk; #Change buildtype
if [ "$DOS_NON_COMMERCIAL_USE_PATCHES" = true ]; then sed -i 's/LINEAGE_BUILDTYPE := dos/LINEAGE_BUILDTYPE := dosNC/' config/*.mk; fi;
echo 'include vendor/divested/divestos.mk' >> config/common.mk; #Include our customizations
cp -f "$DOS_PATCHES_COMMON/apns-conf.xml" prebuilt/common/etc/apns-conf.xml; #Update APN list
awk -i inplace '!/Eleven/' config/common_mobile.mk; #Remove Music Player
@ -373,7 +371,6 @@ if enter "vendor/divested"; then
awk -i inplace '!/_lookup/' overlay/common/lineage-sdk/packages/LineageSettingsProvider/res/values/defaults.xml; #Remove all lookup provider overrides
if [ "$DOS_MICROG_INCLUDED" != "NONE" ]; then echo "PRODUCT_PACKAGES += DejaVuNlpBackend IchnaeaNlpBackend NominatimNlpBackend" >> packages.mk; fi; #Include UnifiedNlp backends
if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then echo "PRODUCT_PACKAGES += UnifiedNLP" >> packages.mk; fi; #Include UnifiedNlp
if [ "$DOS_HOSTS_BLOCKING" = false ]; then echo "PRODUCT_PACKAGES += $DOS_HOSTS_BLOCKING_APP" >> packages.mk; fi; #Include blocker app
#echo "PRODUCT_PACKAGES += vendor.lineage.trust@1.0-service" >> packages.mk; #Add deny usb service, all of our kernels have the necessary patch #XXX 19REBASE: is this necessary?
echo "PRODUCT_PACKAGES += eSpeakNG" >> packages.mk; #PicoTTS needs work to compile on 18.1, use eSpeak-NG instead
awk -i inplace '!/F-DroidPrivilegedExtensionOfficial/' packages.mk; #Appears to be broken
@ -409,7 +406,6 @@ find "hardware/qcom/gps" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4
find "device" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
find "vendor" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
find "device" -type d -name "overlay" -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationFWB "{}"';
#find "device" -name "WCNSS_qcom_cfg.\ini" -type f -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'extremeWiFiDeepSleep "{}"';
if [ "$DOS_DEBLOBBER_REMOVE_IMS" = "false" ]; then find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'volteOverride "{}"'; fi;
find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'enableDexPreOpt "{}"';
find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'hardenUserdata "{}"';

View File

@ -66,12 +66,9 @@ export DOS_GRAPHENE_NETWORK_PERM=true; #Enables use of GrapheneOS' NETWORK permi
export DOS_GRAPHENE_RANDOM_MAC=true; #Enables the GrapheneOS always randomize Wi-Fi MAC patchset on 17.1+18.1+19.1
export DOS_TIMEOUTS=true; #Enables the GrapheneOS/CalyxOS patchset for automatic timeouts of reboot/Wi-Fi/Bluetooth on 17.1+18.1+19.1
export DOS_HOSTS_BLOCKING=true; #Set false to prevent inclusion of a HOSTS file
export DOS_HOSTS_BLOCKING_APP="DNS66"; #App installed when built-in blocking is disabled. Options: DNS66
export DOS_HOSTS_BLOCKING_LIST="https://divested.dev/hosts-wildcards"; #Must be in the format "127.0.0.1 bad.domain.tld"
export DOS_LOWRAM_ENABLED=false; #Set true to enable low_ram on all devices
export DOS_MICROG_INCLUDED="NLP"; #Determines inclusion of microG. Options: NONE, NLP, FULL
export DOS_NON_COMMERCIAL_USE_PATCHES=false; #Set true to allow inclusion of non-commercial use patches XXX: Unused, see 1dc9247
export DOS_OPTIMIZE_IMAGES=false; #Set true to apply lossless optimizations to image resources
export DOS_MICROG_INCLUDED="NLP"; #Determines inclusion of microG. Options: NONE, NLP, FULL (removed)
export DOS_SILENCE_INCLUDED=true; #Set false to disable inclusion of Silence SMS app
export DOS_SENSORS_PERM=false; #Set true to provide a per-app sensors permission for 14.1/15.1/16.0 #XXX: can break things like camera
export DOS_SENSORS_PERM_NEW=true; #For 17.1+18.1