diff --git a/Dockerfile b/Dockerfile
index e5e0279..1b751de 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -66,6 +66,11 @@ ENV KEYS_DIR ''
 # Move the resulting zips to $ZIP_DIR/$codename instead of $ZIP_DIR/
 ENV ZIP_SUBDIR false
 
+# Apply the signature spoofing patch
+# Valid values are "no", "yes" (for the original MicroG's patch) and "restricted" (to grant the
+# permission only to the privileged apps)
+ENV SIGNATURE_SPOOFING "no"
+
 # Create Volume entry points
 ############################
 
diff --git a/src/android_frameworks_base-N.patch b/src/android_frameworks_base-N.patch
index 88bd810..6e6125c 100644
--- a/src/android_frameworks_base-N.patch
+++ b/src/android_frameworks_base-N.patch
@@ -29,7 +29,7 @@ index ea0e39c..a936983 100644
 +    <!-- @hide Allows an application to change the package signature as
 +         seen by applications -->
 +    <permission android:name="android.permission.FAKE_PACKAGE_SIGNATURE"
-+        android:protectionLevel="signature|privileged"
++        android:protectionLevel="dangerous"
 +        android:label="@string/permlab_fakePackageSignature"
 +        android:description="@string/permdesc_fakePackageSignature" />
 +
diff --git a/src/build.sh b/src/build.sh
index 8904a8d..19afef4 100644
--- a/src/build.sh
+++ b/src/build.sh
@@ -26,25 +26,35 @@ if ! [ -z "$DEVICE_LIST" ]; then
   echo ">> [$(date)] Copying '$LMANIFEST_DIR/*.xml' to '$SRC_DIR/.repo/local_manifests/'" >> $DOCKER_LOG
   cp $LMANIFEST_DIR/*.xml $SRC_DIR/.repo/local_manifests/ >&$DEBUG_LOG
 
-  # Go to "vendor/cm" and reset it's current git status ( remove previous changes ) only if the directory exists
+  # Reset the current git status of "vendor/cm" (remove previous changes) if the directory exists
   if [ -d "vendor/cm" ]; then
     cd vendor/cm
     git reset --hard 2>&1 >&$DEBUG_LOG
     cd $SRC_DIR
   fi
 
+  # Reset the current git status of "frameworks/base" (remove previous changes) if the directory exists
+  if [ -d "frameworks/base" ]; then
+    cd frameworks/base
+    git reset --hard 2>&1 >&$DEBUG_LOG
+    cd $SRC_DIR
+  fi
+
   # Sync the source code
   echo ">> [$(date)] Syncing repository" >> $DOCKER_LOG
   builddate=$(date +%Y%m%d)
   repo sync 2>&1 >&$DEBUG_LOG
 
-  # If not yet done, apply the MicroG's signature spoofing patch
-  # The patch has been modified to allow only privileged apps to obtain the signature spoofing permission
+  # If needed, apply the MicroG's signature spoofing patch
   cd frameworks/base
-  if [ $(git rev-parse --abbrev-ref HEAD) != "signature_spoofing" ]; then
-    echo ">> [$(date)] Applying signature spoofing patch to frameworks/base" >> $DOCKER_LOG
-    repo start signature_spoofing
-    git am /root/android_frameworks_base-N.patch
+  if [ "$SIGNATURE_SPOOFING" = "yes" ]; then
+    echo ">> [$(date)] Applying the standard signature spoofing patch to frameworks/base" >> $DOCKER_LOG
+    patch -p1 -i /root/android_frameworks_base-N.patch
+    git clean -f
+  elif [ "$SIGNATURE_SPOOFING" = "restricted" ]; then
+    echo ">> [$(date)] Applying the restricted signature spoofing patch to frameworks/base" >> $DOCKER_LOG
+    sed 's/android:protectionLevel="dangerous"/android:protectionLevel="signature|privileged"/' /root/android_frameworks_base-N.patch | patch -p1 
+    git clean -f
   fi
   cd $SRC_DIR