Prevent Qualcomm location stack from reading chipset serial number

The deblobber already removes xtra-daemon which is what actually performs the requests.
This is just extra sanctity.

Signed-off-by: Tad <tad@spotco.us>

Patches/LineageOS-20.0/android_packages_apps_LineageParts/0001-Remove_Analytics.patch

@@ -14,10 +14,10 @@ Change-Id: Ic01c97d6ceac8d324609763973639b41b4581a76
  6 files changed, 59 deletions(-)
 
 diff --git a/AndroidManifest.xml b/AndroidManifest.xml
-index 19bbbb8..042d969 100644
+index 5762dc3..e4e1608 100644
 --- a/AndroidManifest.xml
 +++ b/AndroidManifest.xml
-@@ -225,31 +225,6 @@
+@@ -240,31 +240,6 @@
                  android:resource="@string/summary_empty" />
          </activity-alias>
  

Scripts/Common/Functions.sh

@@ -492,6 +492,14 @@ volteOverride() {
 }
 export -f volteOverride;
 
+hardenLocationSepolicy() {
+	#Prevent Qualcomm location stack from reading chipset serial number
+	find device -name "hal_gnss*.te" -type f -exec sh -c "awk -i inplace '!/sysfs_soc/' {}" \;
+	find device -name "location.te" -type f -exec sh -c "awk -i inplace '!/sysfs_soc/' {}" \;
+	echo "Removed serial number access to Qualcomm location stacks";
+}
+export -f hardenLocationSepolicy;
+
 hardenLocationConf() {
 	local gpsConfig=$1;
 	#Debugging: adb logcat -b all | grep -i -e locsvc -e izat -e gps -e gnss -e location -e xtra

Scripts/LineageOS-14.1/Patch.sh

@@ -591,6 +591,7 @@ find "kernel" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {}
 cd "$DOS_BUILD_BASE";
 deblobAudio;
 removeBuildFingerprints;
+hardenLocationSepolicy || true;
 changeDefaultDNS; #Change the default DNS servers
 
 #Tweaks for <2GB RAM devices

Scripts/LineageOS-15.1/Patch.sh

@@ -502,6 +502,7 @@ find "kernel" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {}
 cd "$DOS_BUILD_BASE";
 deblobAudio;
 removeBuildFingerprints;
+hardenLocationSepolicy || true;
 changeDefaultDNS; #Change the default DNS servers
 
 #Tweaks for <2GB RAM devices

Scripts/LineageOS-16.0/Patch.sh

@@ -412,6 +412,7 @@ if [ "$DOS_GRAPHENE_EXEC" = true ]; then find "device" -maxdepth 2 -mindepth 2 -
 cd "$DOS_BUILD_BASE";
 deblobAudio;
 removeBuildFingerprints;
+hardenLocationSepolicy || true;
 changeDefaultDNS; #Change the default DNS servers
 fixupCarrierConfigs || true; #Remove silly carrier restrictions
 cd "$DOS_BUILD_BASE";

Scripts/LineageOS-17.1/Patch.sh

@@ -555,6 +555,7 @@ if [ "$DOS_GRAPHENE_EXEC" = true ]; then find "device" -maxdepth 2 -mindepth 2 -
 cd "$DOS_BUILD_BASE";
 deblobAudio;
 removeBuildFingerprints;
+hardenLocationSepolicy || true;
 enableAutoVarInit || true;
 changeDefaultDNS; #Change the default DNS servers
 fixupCarrierConfigs || true; #Remove silly carrier restrictions

Scripts/LineageOS-18.1/Patch.sh

@@ -561,6 +561,7 @@ if [ "$DOS_GRAPHENE_EXEC" = true ]; then find "device" -maxdepth 2 -mindepth 2 -
 cd "$DOS_BUILD_BASE";
 deblobAudio;
 removeBuildFingerprints;
+hardenLocationSepolicy || true;
 enableAutoVarInit || true;
 changeDefaultDNS; #Change the default DNS servers
 fixupCarrierConfigs || true; #Remove silly carrier restrictions

Scripts/LineageOS-19.1/Patch.sh

@@ -450,6 +450,7 @@ if [ "$DOS_GRAPHENE_EXEC" = true ]; then find "device" -maxdepth 2 -mindepth 2 -
 cd "$DOS_BUILD_BASE";
 deblobAudio;
 removeBuildFingerprints;
+hardenLocationSepolicy || true;
 enableAutoVarInit || true;
 changeDefaultDNS; #Change the default DNS servers
 fixupCarrierConfigs || true; #Remove silly carrier restrictions

Scripts/LineageOS-20.0/Patch.sh

@@ -504,6 +504,7 @@ if [ "$DOS_GRAPHENE_EXEC" = true ]; then find "device" -maxdepth 2 -mindepth 2 -
 cd "$DOS_BUILD_BASE";
 deblobAudio;
 removeBuildFingerprints;
+hardenLocationSepolicy || true;
 enableAutoVarInit || true;
 changeDefaultDNS; #Change the default DNS servers
 fixupCarrierConfigs || true; #Remove silly carrier restrictions