Tweaks

Signed-off-by: Tad <tad@spotco.us>
2024-10-01 01:35:54 -04:00 · 2023-07-17 23:11:30 -04:00 · 2023-07-17 23:11:30 -04:00 · af57c5c857
commit af57c5c857
parent 0f9a2c7aea
10 changed files with 332 additions and 23 deletions
--- a/Patches/LineageOS-16.0/android_frameworks_base/0021-Unprivileged_microG_Handling.patch
+++ b/Patches/LineageOS-16.0/android_frameworks_base/0021-Unprivileged_microG_Handling.patch
@ -0,0 +1,139 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Tad <tad@spotco.us>
+Date: Mon, 3 Jul 2023 12:00:12 -0400
+Subject: [PATCH] Unprivileged microG handling
+
+- Must be enabled by user
+- Must match microG package ID
+- Must meet minimum respective targetSdk and versionCode
+- Must match official microG build signing key
+
+- Only spoofs the Google package signature
+
+This is an effective merge + tweak of two existing patches, credits:
+  Dylanger Daly
+  https://github.com/dylangerdaly/platform_frameworks_base/commit/b58aa11631fadab3309a1d9268118bd9f2c2a79f
+  Chirayu Desai of CalyxOS
+  https://gitlab.com/CalyxOS/platform_frameworks_base/-/commit/76485abb36dc01b65506b010d0458e96e0116369
+  https://gitlab.com/CalyxOS/platform_frameworks_base/-/commit/97765782f942d0975c383c90fde9140ef3ccf01b
+
+Change-Id: I64a252aac9bb196a11ed7b4b5d8c7e59a3413bd4
+---
+ .../android/content/pm/PackageParser.java     | 32 +++++++++++++++
+ core/res/res/values/config.xml                |  2 +
+ .../server/pm/PackageManagerService.java      | 39 ++++++++++++++++++-
+ 3 files changed, 71 insertions(+), 2 deletions(-)
+
+diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
+index 30f873d70400..6dce09499d3b 100644
+--- a/core/java/android/content/pm/PackageParser.java
+++ b/core/java/android/content/pm/PackageParser.java
+@@ -6101,6 +6101,38 @@ public class PackageParser {
+             return false;
+         }
+ 
+        /**
+         * Return the Cerificate's Digest
+         */
+        public @Nullable String getSha256Certificate() {
+            return getSha256CertificateInternal();
+        }
+
+        private @Nullable String getSha256CertificateInternal() {
+            String digest;
+            if (this == UNKNOWN) {
+                return null;
+            }
+            if (hasPastSigningCertificates()) {
+
+                // check all past certs, except for the last one, which automatically gets all
+                // capabilities, since it is the same as the current signature, and is checked below
+                for (int i = 0; i < pastSigningCertificates.length - 1; i++) {
+                    digest = PackageUtils.computeSha256Digest(
+                            pastSigningCertificates[i].toByteArray());
+                    return digest;
+                }
+            }
+
+            // not in previous certs signing history, just check the current signer
+            if (signatures.length == 1) {
+                digest =
+                        PackageUtils.computeSha256Digest(signatures[0].toByteArray());
+                return digest;
+            }
+            return null;
+        }
+
+         /** Returns true if the signatures in this and other match exactly. */
+         public boolean signaturesMatchExactly(SigningDetails other) {
+             return Signature.areExactMatch(this.signatures, other.signatures);
+diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml
+index bd84a6d720bf..8101f1a79a2c 100644
+--- a/core/res/res/values/config.xml
+++ b/core/res/res/values/config.xml
+@@ -1716,6 +1716,8 @@
+     <string-array name="config_locationProviderPackageNames" translatable="false">
+         <!-- The standard AOSP fused location provider -->
+         <item>com.android.location.fused</item>
+        <!-- The (faked) microg fused location provider (a free reimplementation)
+        <item>com.google.android.gms</item> -->
+     </string-array>
+ 
+     <!-- This string array can be overriden to enable test location providers initially. -->
+diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
+index 443d9a1a2f91..fd031468b5ff 100644
+--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
+@@ -4063,8 +4063,20 @@ public class PackageManagerService extends IPackageManager.Stub
+                 });
+             }
+ 
+-            PackageInfo packageInfo = PackageParser.generatePackageInfo(p, gids, flags,
+-                    ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId);
+            // Allow microG GmsCore and FakeStore to spoof signature
+            final boolean isValidGmsCore = p.packageName.equals("com.google.android.gms") && p.applicationInfo.targetSdkVersion >= 29 && p.applicationInfo.versionCode >= 231657056;
+            final boolean isValidFakeStore = p.packageName.equals("com.android.vending") && p.applicationInfo.targetSdkVersion >= 24 && p.applicationInfo.versionCode >= 30;
+            final boolean isMicroG = isValidGmsCore || isValidFakeStore;
+            PackageInfo packageInfo;
+            if (isMicroG && SystemProperties.getBoolean(SPOOF_CONTROL, false)) {
+                packageInfo = fakeSignature(p, PackageParser.generatePackageInfo(p, gids, flags,
+                        ps.firstInstallTime, ps.lastUpdateTime, permissions, state,
+                        userId), permissions);
+            } else {
+                packageInfo =PackageParser.generatePackageInfo(p, gids, flags,
+                        ps.firstInstallTime, ps.lastUpdateTime, permissions, state,
+                        userId);
+            }
+ 
+             if (packageInfo == null) {
+                 return null;
+@@ -4100,6 +4112,29 @@ public class PackageManagerService extends IPackageManager.Stub
+         }
+     }
+ 
+    // The setting to control spoofing enablement.
+    private static final String SPOOF_CONTROL = "persist.security.sigspoof";
+    // The Google signature faked by microG.
+    private static final String GOOGLE_CERT = "308204433082032ba003020102020900c2e08746644a308d300d06092a864886f70d01010405003074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f6964301e170d3038303832313233313333345a170d3336303130373233313333345a3074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f696430820120300d06092a864886f70d01010105000382010d00308201080282010100ab562e00d83ba208ae0a966f124e29da11f2ab56d08f58e2cca91303e9b754d372f640a71b1dcb130967624e4656a7776a92193db2e5bfb724a91e77188b0e6a47a43b33d9609b77183145ccdf7b2e586674c9e1565b1f4c6a5955bff251a63dabf9c55c27222252e875e4f8154a645f897168c0b1bfc612eabf785769bb34aa7984dc7e2ea2764cae8307d8c17154d7ee5f64a51a44a602c249054157dc02cd5f5c0e55fbef8519fbe327f0b1511692c5a06f19d18385f5c4dbc2d6b93f68cc2979c70e18ab93866b3bd5db8999552a0e3b4c99df58fb918bedc182ba35e003c1b4b10dd244a8ee24fffd333872ab5221985edab0fc0d0b145b6aa192858e79020103a381d93081d6301d0603551d0e04160414c77d8cc2211756259a7fd382df6be398e4d786a53081a60603551d2304819e30819b8014c77d8cc2211756259a7fd382df6be398e4d786a5a178a4763074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f6964820900c2e08746644a308d300c0603551d13040530030101ff300d06092a864886f70d010104050003820101006dd252ceef85302c360aaace939bcff2cca904bb5d7a1661f8ae46b2994204d0ff4a68c7ed1a531ec4595a623ce60763b167297a7ae35712c407f208f0cb109429124d7b106219c084ca3eb3f9ad5fb871ef92269a8be28bf16d44c8d9a08e6cb2f005bb3fe2cb96447e868e731076ad45b33f6009ea19c161e62641aa99271dfd5228c5c587875ddb7f452758d661f6cc0cccb7352e424cc4365c523532f7325137593c4ae341f4db41edda0d0b1071a7c440f0fe9ea01cb627ca674369d084bd2fd911ff06cdbf2cfa10dc0f893ae35762919048c7efc64c7144178342f70581c9de573af55b390dd7fdb9418631895d5f759f30112687ff621410c069308a";
+   // The signing key hash of official microG builds.
+    private static final String MICROG_HASH = "9BD06727E62796C0130EB6DAB39B73157451582CBD138E86C468ACC395D14165";
+
+    private PackageInfo fakeSignature(PackageParser.Package p, PackageInfo pi,
+            Set<String> permissions) {
+        String hash = p.mSigningDetails.getSha256Certificate();
+        try {
+            if (hash.equals(MICROG_HASH) && p.applicationInfo.targetSdkVersion >= 24 && pi != null) {
+                    pi.signatures = new Signature[] {new Signature(GOOGLE_CERT)};
+                    if (DEBUG_PACKAGE_INFO) {
+                        Log.v(TAG, "Spoofing signature for microG");
+                    }
+            }
+        } catch (Throwable t) {
+            Log.w("Unable to fake signature!", t);
+        }
+        return pi;
+    }
+
+     @Override
+     public void checkPackageStartable(String packageName, int userId) {
+         final int callingUid = Binder.getCallingUid();
--- a/Patches/LineageOS-16.0/android_packages_apps_Settings/0014-microG_Toggle.patch
+++ b/Patches/LineageOS-16.0/android_packages_apps_Settings/0014-microG_Toggle.patch
@ -0,0 +1,176 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Tad <tad@spotco.us>
+Date: Wed, 20 Apr 2022 01:04:27 -0400
+Subject: [PATCH] Add a toggle for microG enablement
+
+Copy and pasted from the GrapheneOS exec spawning toggle patch
+
+Change-Id: Ibea6ea9bed1c2ae3491f403d9e5c17c1d1c403f1
+Signed-off-by: Tad <tad@spotco.us>
+---
+ res/values/strings.xml                        |   3 +
+ res/xml/security_dashboard_settings.xml       |   7 +-
+ .../settings/security/SecuritySettings.java   |   1 +
+ .../SigSpoofPreferenceController.java         | 106 ++++++++++++++++++
+ 4 files changed, 116 insertions(+), 1 deletion(-)
+ create mode 100644 src/com/android/settings/security/SigSpoofPreferenceController.java
+
+diff --git a/res/values/strings.xml b/res/values/strings.xml
+index 9f78d9b654..c5d856095e 100644
+--- a/res/values/strings.xml
+++ b/res/values/strings.xml
+@@ -10124,4 +10124,7 @@
+     <string name="bluetooth_connect_access_dialog_negative">Don\u2019t connect</string>
+     <!-- Strings for Dialog connect button -->
+     <string name="bluetooth_connect_access_dialog_positive">Connect</string>
+
+    <string name="sig_spoof_title">Unprivileged microG enablement</string>
+    <string name="sig_spoof_summary">Allows official builds of microG apps to function. Not supported, not recommended. May break apps and/or degrade their security model. Notes: 1) microG connects directly to Google, 2) apps talking to microG do so using proprietary Google libraries, 3) microG can download/execute proprietary code from Google.</string>
+ </resources>
+diff --git a/res/xml/security_dashboard_settings.xml b/res/xml/security_dashboard_settings.xml
+index 591d8a7c21..0a861e9b90 100644
+--- a/res/xml/security_dashboard_settings.xml
+++ b/res/xml/security_dashboard_settings.xml
+@@ -56,6 +56,11 @@
+             android:summary="@string/summary_placeholder"
+             settings:keywords="@string/keywords_fingerprint_settings"/>
+ 
+        <SwitchPreference
+            android:key="sig_spoof"
+            android:title="@string/sig_spoof_title"
+            android:summary="@string/sig_spoof_summary"
+            android:persistent="false" />
+     </PreferenceCategory>
+ 
+     <!-- work profile security section -->
+@@ -165,4 +170,4 @@
+         android:summary="@string/summary_placeholder"
+         android:fragment="com.android.settings.security.ScreenPinningSettings" />
+ 
+-</PreferenceScreen>
+\ No newline at end of file
+</PreferenceScreen>
+diff --git a/src/com/android/settings/security/SecuritySettings.java b/src/com/android/settings/security/SecuritySettings.java
+index 0839450a93..34d248ccdf 100644
+--- a/src/com/android/settings/security/SecuritySettings.java
+++ b/src/com/android/settings/security/SecuritySettings.java
+@@ -128,6 +128,7 @@ public class SecuritySettings extends DashboardFragment {
+         securityPreferenceControllers.add(new FingerprintStatusPreferenceController(context));
+         securityPreferenceControllers.add(new LockScreenPreferenceController(context, lifecycle));
+         securityPreferenceControllers.add(new ChangeScreenLockPreferenceController(context, host));
+        securityPreferenceControllers.add(new SigSpoofPreferenceController(context));
+         controllers.add(new PreferenceCategoryController(context, SECURITY_CATEGORY)
+                 .setChildren(securityPreferenceControllers));
+         controllers.addAll(securityPreferenceControllers);
+diff --git a/src/com/android/settings/security/SigSpoofPreferenceController.java b/src/com/android/settings/security/SigSpoofPreferenceController.java
+new file mode 100644
+index 0000000000..258b59b0b0
+--- /dev/null
+++ b/src/com/android/settings/security/SigSpoofPreferenceController.java
+@@ -0,0 +1,106 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+package com.android.settings.security;
+
+import android.content.Context;
+
+import android.os.UserHandle;
+import android.os.UserManager;
+import android.os.SystemProperties;
+
+import android.provider.Settings;
+
+import androidx.preference.Preference;
+import androidx.preference.PreferenceCategory;
+import androidx.preference.PreferenceGroup;
+import androidx.preference.PreferenceScreen;
+import androidx.preference.TwoStatePreference;
+import androidx.preference.SwitchPreference;
+
+import com.android.internal.widget.LockPatternUtils;
+import com.android.settings.core.PreferenceControllerMixin;
+import com.android.settingslib.core.AbstractPreferenceController;
+import com.android.settingslib.core.lifecycle.events.OnResume;
+
+public class SigSpoofPreferenceController extends AbstractPreferenceController
+        implements PreferenceControllerMixin, OnResume, Preference.OnPreferenceChangeListener {
+
+    private static final String SYS_KEY_SIG_SPOOF_ENABLE = "persist.security.sigspoof";
+    private static final String PREF_KEY_SIG_SPOOF_ENABLE = "sig_spoof";
+    private static final String PREF_KEY_SECURITY_CATEGORY = "security_category";
+
+    private PreferenceCategory mSecurityCategory;
+    private SwitchPreference mSigSpoofEnable;
+    private boolean mIsAdmin;
+    private UserManager mUm;
+
+    public SigSpoofPreferenceController(Context context) {
+        super(context);
+        mUm = UserManager.get(context);
+    }
+
+    @Override
+    public void displayPreference(PreferenceScreen screen) {
+        super.displayPreference(screen);
+        mSecurityCategory = screen.findPreference(PREF_KEY_SECURITY_CATEGORY);
+        updatePreferenceState();
+    }
+
+    @Override
+    public boolean isAvailable() {
+        mIsAdmin = mUm.isAdminUser();
+        return mIsAdmin;
+    }
+
+    @Override
+    public String getPreferenceKey() {
+        return PREF_KEY_SIG_SPOOF_ENABLE;
+    }
+
+    // TODO: should we use onCreatePreferences() instead?
+    private void updatePreferenceState() {
+        if (mSecurityCategory == null) {
+            return;
+        }
+
+        if (mIsAdmin) {
+            mSigSpoofEnable = (SwitchPreference) mSecurityCategory.findPreference(PREF_KEY_SIG_SPOOF_ENABLE);
+            mSigSpoofEnable.setChecked(SystemProperties.getInt(SYS_KEY_SIG_SPOOF_ENABLE, 0) == 1);
+        } else {
+            mSecurityCategory.removePreference(mSecurityCategory.findPreference(PREF_KEY_SIG_SPOOF_ENABLE));
+        }
+    }
+
+    @Override
+    public void onResume() {
+        updatePreferenceState();
+        if (mSigSpoofEnable != null) {
+                boolean mode = mSigSpoofEnable.isChecked();
+                SystemProperties.set(SYS_KEY_SIG_SPOOF_ENABLE, mode ? "1" : "0");
+        }
+    }
+
+    @Override
+    public boolean onPreferenceChange(Preference preference, Object value) {
+        final String key = preference.getKey();
+        if (PREF_KEY_SIG_SPOOF_ENABLE.equals(key)) {
+            final boolean mode = !mSigSpoofEnable.isChecked();
+            SystemProperties.set(SYS_KEY_SIG_SPOOF_ENABLE, mode ? "1" : "0");
+        }
+        return true;
+    }
+}
--- a/Patches/LineageOS-16.0/android_tools_apksig/360973-backport-prereq.patch
+++ b/Patches/LineageOS-16.0/android_tools_apksig/360973-backport-prereq.patch
@ -1,7 +1,7 @@
-From 011adec1a494974102930bf65a8d2fdfa8b375b5 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Khaled Abdelmohsen <khelmy@google.com>
 Date: Mon, 24 Feb 2020 16:59:21 +0000
-Subject: [PATCH 1/2] Create source stamp verifier
+Subject: [PATCH] Create source stamp verifier

 Bug: 148005911
 Test: gradlew test
@ -48,6 +48,3 @@ index 2330f6d..f15597b 100644
             public List<ApkVerifier.IssueWithParams> getErrors() {
                 return mErrors;
             }
-- 
-2.30.2
-
--- a/Patches/LineageOS-16.0/android_tools_apksig/360973-backport.patch
+++ b/Patches/LineageOS-16.0/android_tools_apksig/360973-backport.patch
@ -1,7 +1,7 @@
-From 9a80527425030dae7f962ab95eda500a720cde47 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Michael Groover <mpgroover@google.com>
 Date: Fri, 31 Mar 2023 14:30:21 -0500
-Subject: [PATCH 2/2] Limit the number of supported v1 and v2 signers
+Subject: [PATCH] Limit the number of supported v1 and v2 signers

 The v1 and v2 APK Signature Schemes support multiple signers; this
 was intended to allow multiple entities to sign an APK. Previously,
@ -1442,6 +1442,3 @@ Tg9RFHk9CIzHQe49++O|{heuzh
 literal 0
 HcmV?d00001

-- 
-2.30.2
-
--- a/Patches/LineageOS-17.1/android_frameworks_base/0021-Unprivileged_microG_Handling.patch
+++ b/Patches/LineageOS-17.1/android_frameworks_base/0021-Unprivileged_microG_Handling.patch
@ -81,7 +81,7 @@ index a84d23b624bf..1ab293758ee7 100644
 
     <!-- This string array can be overriden to enable test location providers initially. -->
 diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
-index 9483f266b1fa..eb2b66d5ce03 100644
+index 9483f266b1fa..a167afd52942 100644
 --- a/services/core/java/com/android/server/pm/PackageManagerService.java
 +++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -4203,8 +4203,20 @@ public class PackageManagerService extends IPackageManager.Stub
--- a/Patches/LineageOS-17.1/android_packages_apps_Settings/0014-microG_Toggle.patch
+++ b/Patches/LineageOS-17.1/android_packages_apps_Settings/0014-microG_Toggle.patch
@ -16,15 +16,15 @@ Signed-off-by: Tad <tad@spotco.us>
 create mode 100644 src/com/android/settings/security/SigSpoofPreferenceController.java

 diff --git a/res/values/strings.xml b/res/values/strings.xml
-index a5aab8e5d0..59c4e0aa57 100644
+index a5aab8e5d0..85985433c4 100644
 --- a/res/values/strings.xml
 +++ b/res/values/strings.xml
@@ -11330,6 +11330,9 @@
     <string name="hosts_disable_title">Disable DNS content blocker</string>
     <string name="hosts_disable_summary">Disables use of the included /etc/hosts database for data collection and malware blocking.</string>
 
-+    <string name="sig_spoof_title">microG enablement</string>
-+    <string name="sig_spoof_summary">Allows official builds of microG apps to spoof the Google signature. Not supported, not recommended. May break apps and/or degrade their security model. Notes: 1) microG connects directly to Google, 2) apps talking to microG do so using proprietary Google libraries, 3) microG can download/execute proprietary code from Google.</string>
+    <string name="sig_spoof_title">Unprivileged microG enablement</string>
+    <string name="sig_spoof_summary">Allows official builds of microG apps to function. Not supported, not recommended. May break apps and/or degrade their security model. Notes: 1) microG connects directly to Google, 2) apps talking to microG do so using proprietary Google libraries, 3) microG can download/execute proprietary code from Google.</string>
 +
     <!-- Title for the top level Privacy Settings [CHAR LIMIT=30]-->
     <string name="privacy_dashboard_title">Privacy</string>
--- a/Patches/LineageOS-18.1/android_packages_apps_Settings/0015-microG_Toggle.patch
+++ b/Patches/LineageOS-18.1/android_packages_apps_Settings/0015-microG_Toggle.patch
@ -16,15 +16,15 @@ Signed-off-by: Tad <tad@spotco.us>
 create mode 100644 src/com/android/settings/security/SigSpoofPreferenceController.java

 diff --git a/res/values/strings.xml b/res/values/strings.xml
-index c597570f35..2fe1eda202 100644
+index c597570f35..3d2b61cc58 100644
 --- a/res/values/strings.xml
 +++ b/res/values/strings.xml
@@ -11978,6 +11978,9 @@
     <string name="hosts_disable_title">Disable DNS content blocker</string>
     <string name="hosts_disable_summary">Disables use of the included /etc/hosts database for data collection and malware blocking.</string>
 
-+    <string name="sig_spoof_title">microG enablement</string>
-+    <string name="sig_spoof_summary">Allows official builds of microG apps to spoof the Google signature. Not supported, not recommended. May break apps and/or degrade their security model. Notes: 1) microG connects directly to Google, 2) apps talking to microG do so using proprietary Google libraries, 3) microG can download/execute proprietary code from Google.</string>
+    <string name="sig_spoof_title">Unprivileged microG enablement</string>
+    <string name="sig_spoof_summary">Allows official builds of microG apps to function. Not supported, not recommended. May break apps and/or degrade their security model. Notes: 1) microG connects directly to Google, 2) apps talking to microG do so using proprietary Google libraries, 3) microG can download/execute proprietary code from Google.</string>
 +
     <!-- Title for the top level Privacy Settings [CHAR LIMIT=30]-->
     <string name="privacy_dashboard_title">Privacy</string>
--- a/Patches/LineageOS-19.1/android_packages_apps_Settings/0016-microG_Toggle.patch
+++ b/Patches/LineageOS-19.1/android_packages_apps_Settings/0016-microG_Toggle.patch
@ -16,15 +16,15 @@ Signed-off-by: Tad <tad@spotco.us>
 create mode 100644 src/com/android/settings/security/SigSpoofPreferenceController.java

 diff --git a/res/values/strings.xml b/res/values/strings.xml
-index 1be8ea0677..bab35fbe60 100644
+index 1be8ea0677..6191f0a147 100644
 --- a/res/values/strings.xml
 +++ b/res/values/strings.xml
@@ -13133,6 +13133,9 @@
     <string name="hosts_disable_title">Disable DNS content blocker</string>
     <string name="hosts_disable_summary">Disables use of the included /etc/hosts database for data collection and malware blocking.</string>
 
-+    <string name="sig_spoof_title">microG enablement</string>
-+    <string name="sig_spoof_summary">Allows official builds of microG apps to spoof the Google signature. Not supported, not recommended. May break apps and/or degrade their security model. Notes: 1) microG connects directly to Google, 2) apps talking to microG do so using proprietary Google libraries, 3) microG can download/execute proprietary code from Google.</string>
+    <string name="sig_spoof_title">Unprivileged microG enablement</string>
+    <string name="sig_spoof_summary">Allows official builds of microG apps to function. Not supported, not recommended. May break apps and/or degrade their security model. Notes: 1) microG connects directly to Google, 2) apps talking to microG do so using proprietary Google libraries, 3) microG can download/execute proprietary code from Google.</string>
 +
     <!-- Title for the top level Privacy Settings [CHAR LIMIT=30]-->
     <string name="privacy_dashboard_title">Privacy</string>
--- a/Patches/LineageOS-20.0/android_packages_apps_Settings/0016-microG_Toggle.patch
+++ b/Patches/LineageOS-20.0/android_packages_apps_Settings/0016-microG_Toggle.patch
@ -23,8 +23,8 @@ index 6e619cc2c4..15247c1c93 100644
     <string name="hosts_disable_title">Disable DNS content blocker</string>
     <string name="hosts_disable_summary">Disables use of the included /etc/hosts database for data collection and malware blocking.</string>
 
-+    <string name="sig_spoof_title">microG enablement</string>
-+    <string name="sig_spoof_summary">Allows official builds of microG apps to spoof the Google signature. Not supported, not recommended. May break apps and/or degrade their security model. Notes: 1) microG connects directly to Google, 2) apps talking to microG do so using proprietary Google libraries, 3) microG can download/execute proprietary code from Google.</string>
+    <string name="sig_spoof_title">Unprivileged microG enablement</string>
+    <string name="sig_spoof_summary">Allows official builds of microG apps to function. Not supported, not recommended. May break apps and/or degrade their security model. Notes: 1) microG connects directly to Google, 2) apps talking to microG do so using proprietary Google libraries, 3) microG can download/execute proprietary code from Google.</string>
 +
     <!-- Text shown for the title of the lock when trust lost option [CHAR LIMIT=40] -->
     <string name="trust_lost_locks_screen_title">Lock screen when trust is lost</string>
--- a/Scripts/init.sh
+++ b/Scripts/init.sh
@ -42,7 +42,7 @@ export DOS_DEBLOBBER_REMOVE_ACCESSORIES=true; #Set false to allow use of externa
 export DOS_DEBLOBBER_REMOVE_ATFWD=true; #Set true to remove basic ATFWD blobs
 export DOS_DEBLOBBER_REMOVE_AUDIOFX=true; #Set true to remove AudioFX
 export DOS_DEBLOBBER_REMOVE_APTX=false; #Set true to remove aptX Bluetooth codec
-export DOS_DEBLOBBER_REMOVE_CAMEXT=true; #Set true to remove camera extensions
+export DOS_DEBLOBBER_REMOVE_CAMEXT=false; #Set true to remove camera extensions
 export DOS_DEBLOBBER_REMOVE_CNE=true; #Set true to remove all CNE blobs #XXX: Breaks Wi-Fi calling
 export DOS_DEBLOBBER_REMOVE_DPM=true; #Set true to remove all DPM blobs #XXX: Maybe breaks multi-sim and carrier aggregation (LTE+)
 export DOS_DEBLOBBER_REMOVE_DPP=false; #Set true to remove all Display Post Processing blobs #XXX: Breaks boot on select devices