From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Tad Date: Wed, 20 Apr 2022 01:04:27 -0400 Subject: [PATCH] Add a toggle for microG enablement Copy and pasted from the GrapheneOS exec spawning toggle patch Change-Id: Ibea6ea9bed1c2ae3491f403d9e5c17c1d1c403f1 Signed-off-by: Tad --- res/values/strings.xml | 3 + res/xml/security_dashboard_settings.xml | 6 + .../settings/security/SecuritySettings.java | 1 + .../SigSpoofPreferenceController.java | 106 ++++++++++++++++++ 4 files changed, 116 insertions(+) create mode 100644 src/com/android/settings/security/SigSpoofPreferenceController.java diff --git a/res/values/strings.xml b/res/values/strings.xml index 56f80e99c1..7c42eb79c9 100644 --- a/res/values/strings.xml +++ b/res/values/strings.xml @@ -10155,4 +10155,7 @@ Disable DNS content blocker Disables use of the included /etc/hosts database for data collection and malware blocking. + + Unprivileged microG enablement + Allows official builds of microG apps to function. Not supported, not recommended. May break apps and/or degrade their security model. Notes: 1) microG connects directly to Google, 2) apps talking to microG do so using proprietary Google libraries, 3) microG can download/execute proprietary code from Google. diff --git a/res/xml/security_dashboard_settings.xml b/res/xml/security_dashboard_settings.xml index b7e7ff6d88..b146bc9b63 100644 --- a/res/xml/security_dashboard_settings.xml +++ b/res/xml/security_dashboard_settings.xml @@ -81,6 +81,12 @@ android:title="@string/hosts_disable_title" android:summary="@string/hosts_disable_summary" android:persistent="false" /> + + diff --git a/src/com/android/settings/security/SecuritySettings.java b/src/com/android/settings/security/SecuritySettings.java index 60ea0d1e87..d3918919b1 100644 --- a/src/com/android/settings/security/SecuritySettings.java +++ b/src/com/android/settings/security/SecuritySettings.java @@ -132,6 +132,7 @@ public class SecuritySettings extends DashboardFragment { securityPreferenceControllers.add(new ExecSpawnPreferenceController(context)); securityPreferenceControllers.add(new NativeDebugPreferenceController(context)); securityPreferenceControllers.add(new HostsPreferenceController(context)); + securityPreferenceControllers.add(new SigSpoofPreferenceController(context)); controllers.add(new PreferenceCategoryController(context, SECURITY_CATEGORY) .setChildren(securityPreferenceControllers)); controllers.addAll(securityPreferenceControllers); diff --git a/src/com/android/settings/security/SigSpoofPreferenceController.java b/src/com/android/settings/security/SigSpoofPreferenceController.java new file mode 100644 index 0000000000..258b59b0b0 --- /dev/null +++ b/src/com/android/settings/security/SigSpoofPreferenceController.java @@ -0,0 +1,106 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +package com.android.settings.security; + +import android.content.Context; + +import android.os.UserHandle; +import android.os.UserManager; +import android.os.SystemProperties; + +import android.provider.Settings; + +import androidx.preference.Preference; +import androidx.preference.PreferenceCategory; +import androidx.preference.PreferenceGroup; +import androidx.preference.PreferenceScreen; +import androidx.preference.TwoStatePreference; +import androidx.preference.SwitchPreference; + +import com.android.internal.widget.LockPatternUtils; +import com.android.settings.core.PreferenceControllerMixin; +import com.android.settingslib.core.AbstractPreferenceController; +import com.android.settingslib.core.lifecycle.events.OnResume; + +public class SigSpoofPreferenceController extends AbstractPreferenceController + implements PreferenceControllerMixin, OnResume, Preference.OnPreferenceChangeListener { + + private static final String SYS_KEY_SIG_SPOOF_ENABLE = "persist.security.sigspoof"; + private static final String PREF_KEY_SIG_SPOOF_ENABLE = "sig_spoof"; + private static final String PREF_KEY_SECURITY_CATEGORY = "security_category"; + + private PreferenceCategory mSecurityCategory; + private SwitchPreference mSigSpoofEnable; + private boolean mIsAdmin; + private UserManager mUm; + + public SigSpoofPreferenceController(Context context) { + super(context); + mUm = UserManager.get(context); + } + + @Override + public void displayPreference(PreferenceScreen screen) { + super.displayPreference(screen); + mSecurityCategory = screen.findPreference(PREF_KEY_SECURITY_CATEGORY); + updatePreferenceState(); + } + + @Override + public boolean isAvailable() { + mIsAdmin = mUm.isAdminUser(); + return mIsAdmin; + } + + @Override + public String getPreferenceKey() { + return PREF_KEY_SIG_SPOOF_ENABLE; + } + + // TODO: should we use onCreatePreferences() instead? + private void updatePreferenceState() { + if (mSecurityCategory == null) { + return; + } + + if (mIsAdmin) { + mSigSpoofEnable = (SwitchPreference) mSecurityCategory.findPreference(PREF_KEY_SIG_SPOOF_ENABLE); + mSigSpoofEnable.setChecked(SystemProperties.getInt(SYS_KEY_SIG_SPOOF_ENABLE, 0) == 1); + } else { + mSecurityCategory.removePreference(mSecurityCategory.findPreference(PREF_KEY_SIG_SPOOF_ENABLE)); + } + } + + @Override + public void onResume() { + updatePreferenceState(); + if (mSigSpoofEnable != null) { + boolean mode = mSigSpoofEnable.isChecked(); + SystemProperties.set(SYS_KEY_SIG_SPOOF_ENABLE, mode ? "1" : "0"); + } + } + + @Override + public boolean onPreferenceChange(Preference preference, Object value) { + final String key = preference.getKey(); + if (PREF_KEY_SIG_SPOOF_ENABLE.equals(key)) { + final boolean mode = !mSigSpoofEnable.isChecked(); + SystemProperties.set(SYS_KEY_SIG_SPOOF_ENABLE, mode ? "1" : "0"); + } + return true; + } +}