From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Wed, 20 Apr 2022 01:04:27 -0400
Subject: [PATCH] Add a toggle for microG enablement

Copy and pasted from the GrapheneOS exec spawning toggle patch

Change-Id: Ibea6ea9bed1c2ae3491f403d9e5c17c1d1c403f1
Signed-off-by: Tad <tad@spotco.us>
---
 res/values/strings.xml                        |   3 +
 res/xml/security_dashboard_settings.xml       |   6 +
 .../settings/security/SecuritySettings.java   |   1 +
 .../SigSpoofPreferenceController.java         | 106 ++++++++++++++++++
 4 files changed, 116 insertions(+)
 create mode 100644 src/com/android/settings/security/SigSpoofPreferenceController.java

diff --git a/res/values/strings.xml b/res/values/strings.xml
index 56f80e99c1..7c42eb79c9 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -10155,4 +10155,7 @@
 
     <string name="hosts_disable_title">Disable DNS content blocker</string>
     <string name="hosts_disable_summary">Disables use of the included /etc/hosts database for data collection and malware blocking.</string>
+
+    <string name="sig_spoof_title">Unprivileged microG enablement</string>
+    <string name="sig_spoof_summary">Allows official builds of microG apps to function. Not supported, not recommended. May break apps and/or degrade their security model. Notes: 1) microG connects directly to Google, 2) apps talking to microG do so using proprietary Google libraries, 3) microG can download/execute proprietary code from Google.</string>
 </resources>
diff --git a/res/xml/security_dashboard_settings.xml b/res/xml/security_dashboard_settings.xml
index b7e7ff6d88..b146bc9b63 100644
--- a/res/xml/security_dashboard_settings.xml
+++ b/res/xml/security_dashboard_settings.xml
@@ -81,6 +81,12 @@
             android:title="@string/hosts_disable_title"
             android:summary="@string/hosts_disable_summary"
             android:persistent="false" />
+
+        <SwitchPreference
+            android:key="sig_spoof"
+            android:title="@string/sig_spoof_title"
+            android:summary="@string/sig_spoof_summary"
+            android:persistent="false" />
     </PreferenceCategory>
 
     <!-- work profile security section -->
diff --git a/src/com/android/settings/security/SecuritySettings.java b/src/com/android/settings/security/SecuritySettings.java
index 60ea0d1e87..d3918919b1 100644
--- a/src/com/android/settings/security/SecuritySettings.java
+++ b/src/com/android/settings/security/SecuritySettings.java
@@ -132,6 +132,7 @@ public class SecuritySettings extends DashboardFragment {
         securityPreferenceControllers.add(new ExecSpawnPreferenceController(context));
         securityPreferenceControllers.add(new NativeDebugPreferenceController(context));
         securityPreferenceControllers.add(new HostsPreferenceController(context));
+        securityPreferenceControllers.add(new SigSpoofPreferenceController(context));
         controllers.add(new PreferenceCategoryController(context, SECURITY_CATEGORY)
                 .setChildren(securityPreferenceControllers));
         controllers.addAll(securityPreferenceControllers);
diff --git a/src/com/android/settings/security/SigSpoofPreferenceController.java b/src/com/android/settings/security/SigSpoofPreferenceController.java
new file mode 100644
index 0000000000..258b59b0b0
--- /dev/null
+++ b/src/com/android/settings/security/SigSpoofPreferenceController.java
@@ -0,0 +1,106 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+package com.android.settings.security;
+
+import android.content.Context;
+
+import android.os.UserHandle;
+import android.os.UserManager;
+import android.os.SystemProperties;
+
+import android.provider.Settings;
+
+import androidx.preference.Preference;
+import androidx.preference.PreferenceCategory;
+import androidx.preference.PreferenceGroup;
+import androidx.preference.PreferenceScreen;
+import androidx.preference.TwoStatePreference;
+import androidx.preference.SwitchPreference;
+
+import com.android.internal.widget.LockPatternUtils;
+import com.android.settings.core.PreferenceControllerMixin;
+import com.android.settingslib.core.AbstractPreferenceController;
+import com.android.settingslib.core.lifecycle.events.OnResume;
+
+public class SigSpoofPreferenceController extends AbstractPreferenceController
+        implements PreferenceControllerMixin, OnResume, Preference.OnPreferenceChangeListener {
+
+    private static final String SYS_KEY_SIG_SPOOF_ENABLE = "persist.security.sigspoof";
+    private static final String PREF_KEY_SIG_SPOOF_ENABLE = "sig_spoof";
+    private static final String PREF_KEY_SECURITY_CATEGORY = "security_category";
+
+    private PreferenceCategory mSecurityCategory;
+    private SwitchPreference mSigSpoofEnable;
+    private boolean mIsAdmin;
+    private UserManager mUm;
+
+    public SigSpoofPreferenceController(Context context) {
+        super(context);
+        mUm = UserManager.get(context);
+    }
+
+    @Override
+    public void displayPreference(PreferenceScreen screen) {
+        super.displayPreference(screen);
+        mSecurityCategory = screen.findPreference(PREF_KEY_SECURITY_CATEGORY);
+        updatePreferenceState();
+    }
+
+    @Override
+    public boolean isAvailable() {
+        mIsAdmin = mUm.isAdminUser();
+        return mIsAdmin;
+    }
+
+    @Override
+    public String getPreferenceKey() {
+        return PREF_KEY_SIG_SPOOF_ENABLE;
+    }
+
+    // TODO: should we use onCreatePreferences() instead?
+    private void updatePreferenceState() {
+        if (mSecurityCategory == null) {
+            return;
+        }
+
+        if (mIsAdmin) {
+            mSigSpoofEnable = (SwitchPreference) mSecurityCategory.findPreference(PREF_KEY_SIG_SPOOF_ENABLE);
+            mSigSpoofEnable.setChecked(SystemProperties.getInt(SYS_KEY_SIG_SPOOF_ENABLE, 0) == 1);
+        } else {
+            mSecurityCategory.removePreference(mSecurityCategory.findPreference(PREF_KEY_SIG_SPOOF_ENABLE));
+        }
+    }
+
+    @Override
+    public void onResume() {
+        updatePreferenceState();
+        if (mSigSpoofEnable != null) {
+                boolean mode = mSigSpoofEnable.isChecked();
+                SystemProperties.set(SYS_KEY_SIG_SPOOF_ENABLE, mode ? "1" : "0");
+        }
+    }
+
+    @Override
+    public boolean onPreferenceChange(Preference preference, Object value) {
+        final String key = preference.getKey();
+        if (PREF_KEY_SIG_SPOOF_ENABLE.equals(key)) {
+            final boolean mode = !mSigSpoofEnable.isChecked();
+            SystemProperties.set(SYS_KEY_SIG_SPOOF_ENABLE, mode ? "1" : "0");
+        }
+        return true;
+    }
+}