From 3f0b507b701ea417eb662bed08360a69b6dd6741 Mon Sep 17 00:00:00 2001 From: Philip Nagler-Frank Date: Sat, 1 Oct 2022 21:34:44 +0200 Subject: [PATCH] prepare for lineage-20 --- src/build.sh | 6 + .../android_frameworks_base-Android13.patch | 140 ++++++++++++++++++ ...ackages_modules_Permission-Android13.patch | 21 +++ 3 files changed, 167 insertions(+) create mode 100644 src/signature_spoofing_patches/android_frameworks_base-Android13.patch create mode 100644 src/signature_spoofing_patches/packages_modules_Permission-Android13.patch diff --git a/src/build.sh b/src/build.sh index 9c9beb7..fe584ce 100755 --- a/src/build.sh +++ b/src/build.sh @@ -136,6 +136,12 @@ for branch in ${BRANCH_NAME//,/ }; do frameworks_base_patch="android_frameworks_base-S.patch" modules_permission_patch="packages_modules_Permission-S.patch" ;; + lineage-20*) + themuppets_branch="lineage-20" + android_version="13" + frameworks_base_patch="android_frameworks_base-Android13.patch" + modules_permission_patch="packages_modules_Permission-Android13.patch" + ;; *) echo ">> [$(date)] Building branch $branch is not (yet) suppported" exit 1 diff --git a/src/signature_spoofing_patches/android_frameworks_base-Android13.patch b/src/signature_spoofing_patches/android_frameworks_base-Android13.patch new file mode 100644 index 0000000..117bdef --- /dev/null +++ b/src/signature_spoofing_patches/android_frameworks_base-Android13.patch @@ -0,0 +1,140 @@ +diff --git a/core/api/current.txt b/core/api/current.txt +index c8a43db2f9c2..cb812f0f0d73 100644 +--- a/core/api/current.txt ++++ b/core/api/current.txt +@@ -85,6 +85,7 @@ package android { + field public static final String DIAGNOSTIC = "android.permission.DIAGNOSTIC"; + field public static final String DISABLE_KEYGUARD = "android.permission.DISABLE_KEYGUARD"; + field public static final String DUMP = "android.permission.DUMP"; ++ field public static final String FAKE_PACKAGE_SIGNATURE = "android.permission.FAKE_PACKAGE_SIGNATURE"; + field public static final String EXPAND_STATUS_BAR = "android.permission.EXPAND_STATUS_BAR"; + field public static final String FACTORY_TEST = "android.permission.FACTORY_TEST"; + field public static final String FOREGROUND_SERVICE = "android.permission.FOREGROUND_SERVICE"; +@@ -222,6 +223,7 @@ package android { + field public static final String CALL_LOG = "android.permission-group.CALL_LOG"; + field public static final String CAMERA = "android.permission-group.CAMERA"; + field public static final String CONTACTS = "android.permission-group.CONTACTS"; ++ field public static final String FAKE_PACKAGE = "android.permission-group.FAKE_PACKAGE"; + field public static final String LOCATION = "android.permission-group.LOCATION"; + field public static final String MICROPHONE = "android.permission-group.MICROPHONE"; + field public static final String NEARBY_DEVICES = "android.permission-group.NEARBY_DEVICES"; +diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml +index 6e48de5ba31f..32b0cd346e91 100644 +--- a/core/res/AndroidManifest.xml ++++ b/core/res/AndroidManifest.xml +@@ -3542,6 +3542,21 @@ + android:description="@string/permdesc_getPackageSize" + android:protectionLevel="normal" /> + ++ ++ ++ ++ ++ ++ + +diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml +index 34b5589bf81f..fd6507736347 100644 +--- a/core/res/res/values/config.xml ++++ b/core/res/res/values/config.xml +@@ -1913,6 +1913,8 @@ + + + com.android.location.fused ++ ++ com.google.android.gms + + + + ++ ++ Spoof package signature ++ ++ Allows the app to pretend to be a different app. Malicious applications might be able to use this to access private application data. Legitimate uses include an emulator pretending to be what it emulates. Grant this permission with caution only! ++ ++ Spoof package signature ++ ++ allow to spoof package signature ++ ++ Allow ++ <b>%1$s</b> to spoof package signature? ++ + + disable or modify status bar + +diff --git a/services/core/java/com/android/server/pm/ComputerEngine.java b/services/core/java/com/android/server/pm/ComputerEngine.java +index 259ca655d2b9..f78a82b35ef2 100644 +--- a/services/core/java/com/android/server/pm/ComputerEngine.java ++++ b/services/core/java/com/android/server/pm/ComputerEngine.java +@@ -1591,6 +1591,31 @@ public class ComputerEngine implements Computer { + return result; + } + ++ private static String getRequestedFakeSignature(AndroidPackage p) { ++ Bundle metaData = p.getMetaData(); ++ if (metaData != null) { ++ return metaData.getString("fake-signature"); ++ } ++ return null; ++ } ++ ++ private static PackageInfo applyFakeSignature(AndroidPackage p, PackageInfo pi, ++ Set permissions) { ++ try { ++ if (permissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE") ++ && p.getTargetSdkVersion() > Build.VERSION_CODES.LOLLIPOP_MR1) { ++ String sig = getRequestedFakeSignature(p); ++ if (sig != null) { ++ pi.signatures = new Signature[] { new Signature(sig) }; ++ } ++ } ++ } catch (Throwable t) { ++ // We should never die because of any failures, this is system code! ++ Log.w("PackageManagerService.FAKE_PACKAGE_SIGNATURE", t); ++ } ++ return pi; ++ } ++ + public final PackageInfo generatePackageInfo(PackageStateInternal ps, + @PackageManager.PackageInfoFlagsBits long flags, int userId) { + if (!mUserManager.exists(userId)) return null; +@@ -1620,14 +1645,18 @@ public class ComputerEngine implements Computer { + final int[] gids = (flags & PackageManager.GET_GIDS) == 0 ? EMPTY_INT_ARRAY + : mPermissionManager.getGidsForUid(UserHandle.getUid(userId, ps.getAppId())); + // Compute granted permissions only if package has requested permissions +- final Set permissions = ((flags & PackageManager.GET_PERMISSIONS) == 0 +- || ArrayUtils.isEmpty(p.getRequestedPermissions())) ? Collections.emptySet() +- : mPermissionManager.getGrantedPermissions(ps.getPackageName(), userId); ++ boolean computePermissions = !ArrayUtils.isEmpty(p.getRequestedPermissions()) && ++ ((flags & PackageManager.GET_PERMISSIONS) != 0 || getRequestedFakeSignature(p) != null); ++ final Set permissions = computePermissions ? ++ mPermissionManager.getGrantedPermissions(ps.name, userId) ++ : Collections.emptySet(); + + PackageInfo packageInfo = PackageInfoUtils.generate(p, gids, flags, + state.getFirstInstallTime(), ps.getLastUpdateTime(), permissions, state, userId, + ps); + ++ packageInfo = applyFakeSignature(p, packageInfo, permissions); ++ + if (packageInfo == null) { + return null; + } diff --git a/src/signature_spoofing_patches/packages_modules_Permission-Android13.patch b/src/signature_spoofing_patches/packages_modules_Permission-Android13.patch new file mode 100644 index 0000000..f6d7994 --- /dev/null +++ b/src/signature_spoofing_patches/packages_modules_Permission-Android13.patch @@ -0,0 +1,21 @@ +diff --git a/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java b/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java +index 48793ab51..d75a58360 100644 +--- a/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java ++++ b/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java +@@ -21,6 +21,7 @@ import static android.Manifest.permission_group.CALENDAR; + import static android.Manifest.permission_group.CALL_LOG; + import static android.Manifest.permission_group.CAMERA; + import static android.Manifest.permission_group.CONTACTS; ++import static android.Manifest.permission_group.FAKE_PACKAGE; + import static android.Manifest.permission_group.LOCATION; + import static android.Manifest.permission_group.MICROPHONE; + import static android.Manifest.permission_group.NEARBY_DEVICES; +@@ -341,6 +342,8 @@ public final class Utils { + PLATFORM_PERMISSIONS.put(Manifest.permission.BODY_SENSORS_BACKGROUND, SENSORS); + } + ++ PLATFORM_PERMISSIONS.put(Manifest.permission.FAKE_PACKAGE_SIGNATURE, FAKE_PACKAGE); ++ + PLATFORM_PERMISSION_GROUPS = new ArrayMap<>(); + int numPlatformPermissions = PLATFORM_PERMISSIONS.size(); + for (int i = 0; i < numPlatformPermissions; i++) {