From f10d8e2c5b996ef7e7ba032e357b3d19629bcc67 Mon Sep 17 00:00:00 2001 From: Rasmus Moorats Date: Tue, 9 Apr 2024 15:14:25 +0300 Subject: [PATCH 1/7] Disable old signature spoofing patch for LOS 21 LineageOS 21 introduced built-in support for signature spoofing. The commit removes the old signature spoofing for LOS 21 (which failed to build properly) and instead replaces it with a patch which enables signature spoofing even on builds that aren't "debuggable" like dev and userdebug, meaning regular user builds also support signature spoofing. However, since the LineageOS signature spoofing functionality specifically only applies to microG, this means that "unrestricted" signature spoofing is no longer possible for LOS 21. Related GitHub issue: #607 --- src/build.sh | 1 - .../android_frameworks_base-Android14.patch | 143 +++--------------- ...ackages_modules_Permission-Android14.patch | 12 -- 3 files changed, 23 insertions(+), 133 deletions(-) delete mode 100644 src/signature_spoofing_patches/packages_modules_Permission-Android14.patch diff --git a/src/build.sh b/src/build.sh index ce50f35..be2d75f 100755 --- a/src/build.sh +++ b/src/build.sh @@ -192,7 +192,6 @@ for branch in ${BRANCH_NAME//,/ }; do themuppets_branch="lineage-21.0" android_version="14" frameworks_base_patch="android_frameworks_base-Android14.patch" - modules_permission_patch="packages_modules_Permission-Android14.patch" ;; *) echo ">> [$(date)] Building branch $branch is not (yet) suppported" diff --git a/src/signature_spoofing_patches/android_frameworks_base-Android14.patch b/src/signature_spoofing_patches/android_frameworks_base-Android14.patch index 9ec072c..00d3103 100644 --- a/src/signature_spoofing_patches/android_frameworks_base-Android14.patch +++ b/src/signature_spoofing_patches/android_frameworks_base-Android14.patch @@ -1,124 +1,27 @@ -diff --git a/core/api/current.txt b/core/api/current.txt -index 288ab479c0fb..2124d89c6e6f 100644 ---- a/core/api/current.txt -+++ b/core/api/current.txt -@@ -95,6 +95,7 @@ package android { - field public static final String EXECUTE_APP_ACTION = "android.permission.EXECUTE_APP_ACTION"; - field public static final String EXPAND_STATUS_BAR = "android.permission.EXPAND_STATUS_BAR"; - field public static final String FACTORY_TEST = "android.permission.FACTORY_TEST"; -+ field public static final String FAKE_PACKAGE_SIGNATURE = "android.permission.FAKE_PACKAGE_SIGNATURE"; - field public static final String FOREGROUND_SERVICE = "android.permission.FOREGROUND_SERVICE"; - field public static final String FOREGROUND_SERVICE_CAMERA = "android.permission.FOREGROUND_SERVICE_CAMERA"; - field public static final String FOREGROUND_SERVICE_CONNECTED_DEVICE = "android.permission.FOREGROUND_SERVICE_CONNECTED_DEVICE"; -@@ -326,6 +327,7 @@ package android { - field public static final String CALL_LOG = "android.permission-group.CALL_LOG"; - field public static final String CAMERA = "android.permission-group.CAMERA"; - field public static final String CONTACTS = "android.permission-group.CONTACTS"; -+ field public static final String FAKE_PACKAGE = "android.permission-group.FAKE_PACKAGE"; - field public static final String LOCATION = "android.permission-group.LOCATION"; - field public static final String MICROPHONE = "android.permission-group.MICROPHONE"; - field public static final String NEARBY_DEVICES = "android.permission-group.NEARBY_DEVICES"; -diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml -index 14cb052b121f..593999bc4ef7 100644 ---- a/core/res/AndroidManifest.xml -+++ b/core/res/AndroidManifest.xml -@@ -4258,6 +4258,22 @@ - android:description="@string/permdesc_getPackageSize" - android:protectionLevel="normal" /> - -+ -+ -+ -+ -+ -+ -+ - -diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml -index 9c018c30f9e3..661297bab701 100644 ---- a/core/res/res/values/strings.xml -+++ b/core/res/res/values/strings.xml -@@ -990,6 +990,19 @@ - Preview, %1$s - - -+ -+ -+ Spoof package signature -+ -+ Allows the app to pretend to be a different app. Malicious applications might be able to use this to access private application data. Legitimate uses include an emulator pretending to be what it emulates. Grant this permission with caution only! -+ -+ Spoof package signature -+ -+ allow to spoof package signature -+ -+ Allow -+ <b>%1$s</b> to spoof package signature? -+ - - - disable or modify status bar +From d467f4bdb09f16988965a44d6a42f0f180f7e6d7 Mon Sep 17 00:00:00 2001 +From: Rasmus Moorats +Date: Tue, 9 Apr 2024 13:18:17 +0300 +Subject: [PATCH] Remove the check to isDebuggable() + +This makes the microG signature spoofing work in regular user builds. +--- + services/core/java/com/android/server/pm/ComputerEngine.java | 4 ---- + 1 file changed, 4 deletions(-) + diff --git a/services/core/java/com/android/server/pm/ComputerEngine.java b/services/core/java/com/android/server/pm/ComputerEngine.java -index 78f1fa60b69f..1e29d3697b89 100644 +index d8cbe9d5..13af78f5 100644 --- a/services/core/java/com/android/server/pm/ComputerEngine.java +++ b/services/core/java/com/android/server/pm/ComputerEngine.java -@@ -1450,6 +1450,29 @@ public class ComputerEngine implements Computer { - return result; - } +@@ -1472,10 +1472,6 @@ public class ComputerEngine implements Computer { + private static native boolean isDebuggable(); -+ private boolean requestsFakeSignature(AndroidPackage p) { -+ return p.getMetaData() != null && -+ p.getMetaData().getString("fake-signature") != null; -+ } -+ -+ private PackageInfo mayFakeSignature(AndroidPackage p, PackageInfo pi, -+ Set permissions) { -+ try { -+ if (p.getMetaData() != null && -+ p.getTargetSdkVersion() > Build.VERSION_CODES.LOLLIPOP_MR1) { -+ String sig = p.getMetaData().getString("fake-signature"); -+ if (sig != null && -+ permissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE")) { -+ pi.signatures = new Signature[] {new Signature(sig)}; -+ } -+ } -+ } catch (Throwable t) { -+ // We should never die because of any failures, this is system code! -+ Log.w("PackageManagerService.FAKE_PACKAGE_SIGNATURE", t); -+ } -+ return pi; -+ } -+ - public final PackageInfo generatePackageInfo(PackageStateInternal ps, - @PackageManager.PackageInfoFlagsBits long flags, int userId) { - if (!mUserManager.exists(userId)) return null; -@@ -1483,13 +1506,15 @@ public class ComputerEngine implements Computer { - || ArrayUtils.isEmpty(p.getPermissions())) ? Collections.emptySet() - : mPermissionManager.getInstalledPermissions(ps.getPackageName()); - // Compute granted permissions only if package has requested permissions -- final Set grantedPermissions = ((flags & PackageManager.GET_PERMISSIONS) == 0 -+ final Set grantedPermissions = (((flags & PackageManager.GET_PERMISSIONS) == 0 -+ && !requestsFakeSignature(p)) - || ArrayUtils.isEmpty(p.getRequestedPermissions())) ? Collections.emptySet() - : mPermissionManager.getGrantedPermissions(ps.getPackageName(), userId); - -- PackageInfo packageInfo = PackageInfoUtils.generate(p, gids, flags, -+ PackageInfo packageInfo = mayFakeSignature(p, PackageInfoUtils.generate(p, gids, flags, - state.getFirstInstallTimeMillis(), ps.getLastUpdateTime(), installedPermissions, -- grantedPermissions, state, userId, ps); -+ grantedPermissions, state, userId, ps), -+ grantedPermissions); - - if (packageInfo == null) { - return null; + public static boolean isMicrogSigned(AndroidPackage p) { +- if (!isDebuggable()) { +- return false; +- } +- + // Allowlist the following apps: + // * com.android.vending - microG Companion + // * com.google.android.gms - microG Services +-- +2.44.0 diff --git a/src/signature_spoofing_patches/packages_modules_Permission-Android14.patch b/src/signature_spoofing_patches/packages_modules_Permission-Android14.patch deleted file mode 100644 index 9aace22..0000000 --- a/src/signature_spoofing_patches/packages_modules_Permission-Android14.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff --git a/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java b/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java -index d4354bd72..4b90f9327 100644 ---- a/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java -+++ b/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java -@@ -21,6 +21,7 @@ import static android.Manifest.permission_group.CALENDAR; - import static android.Manifest.permission_group.CALL_LOG; - import static android.Manifest.permission_group.CAMERA; - import static android.Manifest.permission_group.CONTACTS; -+import static android.Manifest.permission_group.FAKE_PACKAGE; - import static android.Manifest.permission_group.LOCATION; - import static android.Manifest.permission_group.MICROPHONE; - import static android.Manifest.permission_group.NEARBY_DEVICES; From 451b0a11eb0410fb90f4e54061a561ecf2b341f6 Mon Sep 17 00:00:00 2001 From: Rasmus Moorats Date: Tue, 9 Apr 2024 15:47:49 +0300 Subject: [PATCH 2/7] Update documentation to reflect status of signature spoofing in LOS 21 --- Dockerfile | 8 ++++++++ README.md | 18 +++++++++++++++++- 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 8b9cb52..a364ab6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -94,6 +94,14 @@ ENV ZIP_SUBDIR true ENV LOGS_SUBDIR true # Apply the MicroG's signature spoofing patch +# Since LineageOS 21, signature spoofing for microG is built into LineageOS +# itself and no patches are required if you're building an userdebug or eng +# variant. In this case, this value can be left set to "no". +# You may set the value to "restricted" if you wish to build an user variant +# with signature spoofing enabled; otherwise, it will be disabled in user +# builds. +# +# For LineageOS 20 and older: # Valid values are "no", "yes" (for the original MicroG's patch) and # "restricted" (to grant the permission only to the system privileged apps). # diff --git a/README.md b/README.md index dc70687..e59433b 100644 --- a/README.md +++ b/README.md @@ -108,7 +108,8 @@ Include the repo with another manifest file like this: And when starting the build, set the `CUSTOM_PACKAGES` variable to a list of app names (defined by `LOCAL_MODULE` in `Android.mk`) separated by spaces. -#### Signature spoofing + +#### Signature spoofing (up until LineageOS 20) There are two options for the [signature spoofing patch][signature-spoofing] required for [microG][microg]: @@ -134,6 +135,21 @@ FAKE_SIGNATURE permission must be included in the build as system apps (e.g. as part of GMS or `CUSTOM_PACKAGES`) +#### Signature spoofing (starting from LineageOS 21) + +LineageOS 21 introduced built-in signature spoofing specifically for microG. +The "Original" and restricted patches applied to previous versions of LineageOS +have been dropped in favor of the built-in functionality. + +This means that signature spoofing will work for microG even if the environment +variable `SIGNATURE_SPOOFING` is set to `no`. + +It should be noted that by default, signature spoofing is only enabled on +"debuggable" builds (`eng` and `userdebug` build variants). It is possible to +enable signature spoofing on the `user` build variant as well by setting the +`SIGNATURE_SPOOFING` variable to `restricted`. + + #### Proprietary files Some proprietary files are needed to create a LineageOS build, but they're not From d9f25d3b5506166eb8fe4f9b520f802a77774433 Mon Sep 17 00:00:00 2001 From: Rasmus Moorats Date: Tue, 9 Apr 2024 17:14:55 +0300 Subject: [PATCH 3/7] Revert "Update documentation to reflect status of signature spoofing in LOS 21" This reverts commit 451b0a11eb0410fb90f4e54061a561ecf2b341f6. --- Dockerfile | 8 -------- README.md | 18 +----------------- 2 files changed, 1 insertion(+), 25 deletions(-) diff --git a/Dockerfile b/Dockerfile index a364ab6..8b9cb52 100644 --- a/Dockerfile +++ b/Dockerfile @@ -94,14 +94,6 @@ ENV ZIP_SUBDIR true ENV LOGS_SUBDIR true # Apply the MicroG's signature spoofing patch -# Since LineageOS 21, signature spoofing for microG is built into LineageOS -# itself and no patches are required if you're building an userdebug or eng -# variant. In this case, this value can be left set to "no". -# You may set the value to "restricted" if you wish to build an user variant -# with signature spoofing enabled; otherwise, it will be disabled in user -# builds. -# -# For LineageOS 20 and older: # Valid values are "no", "yes" (for the original MicroG's patch) and # "restricted" (to grant the permission only to the system privileged apps). # diff --git a/README.md b/README.md index e59433b..dc70687 100644 --- a/README.md +++ b/README.md @@ -108,8 +108,7 @@ Include the repo with another manifest file like this: And when starting the build, set the `CUSTOM_PACKAGES` variable to a list of app names (defined by `LOCAL_MODULE` in `Android.mk`) separated by spaces. - -#### Signature spoofing (up until LineageOS 20) +#### Signature spoofing There are two options for the [signature spoofing patch][signature-spoofing] required for [microG][microg]: @@ -135,21 +134,6 @@ FAKE_SIGNATURE permission must be included in the build as system apps (e.g. as part of GMS or `CUSTOM_PACKAGES`) -#### Signature spoofing (starting from LineageOS 21) - -LineageOS 21 introduced built-in signature spoofing specifically for microG. -The "Original" and restricted patches applied to previous versions of LineageOS -have been dropped in favor of the built-in functionality. - -This means that signature spoofing will work for microG even if the environment -variable `SIGNATURE_SPOOFING` is set to `no`. - -It should be noted that by default, signature spoofing is only enabled on -"debuggable" builds (`eng` and `userdebug` build variants). It is possible to -enable signature spoofing on the `user` build variant as well by setting the -`SIGNATURE_SPOOFING` variable to `restricted`. - - #### Proprietary files Some proprietary files are needed to create a LineageOS build, but they're not From fc017cb2ed8c2fea3960f9b90dffe75981bbda9f Mon Sep 17 00:00:00 2001 From: Rasmus Moorats Date: Tue, 9 Apr 2024 17:41:00 +0300 Subject: [PATCH 4/7] Introduce env var USER_BUILD_SPOOFING If set to "yes", applies a patch which allows LineageOS' built-in signature spoofing to function even in the user build variant, not just userdebug or eng. --- Dockerfile | 8 +++++++ README.md | 23 ++++++++++++++----- src/build.sh | 19 +++++++++++++-- ... android_frameworks_base-user_build.patch} | 0 4 files changed, 42 insertions(+), 8 deletions(-) rename src/signature_spoofing_patches/{android_frameworks_base-Android14.patch => android_frameworks_base-user_build.patch} (100%) diff --git a/Dockerfile b/Dockerfile index 8b9cb52..99fa040 100644 --- a/Dockerfile +++ b/Dockerfile @@ -102,8 +102,16 @@ ENV LOGS_SUBDIR true # restricted patch and embedding the apps that requires it as system privileged # apps is a much secure option. See the README.md ("Custom mode") for an # example. +# +# LineageOS versions 18.1, 19.1, 20.0 and 21.0 and up include built-in +# signature spoofing for microG, and custom patches are not required. They may +# still, however, optionally be enabled ENV SIGNATURE_SPOOFING "no" +# Enable the built-in signature spoofing for the user build type, not just +# userdebug and eng +ENV USER_BUILD_SPOOFING "no" + # Delete old zips in $ZIP_DIR, keep only the N latest one (0 to disable) ENV DELETE_OLD_ZIPS 0 diff --git a/README.md b/README.md index dc70687..678e5a2 100644 --- a/README.md +++ b/README.md @@ -110,8 +110,14 @@ And when starting the build, set the `CUSTOM_PACKAGES` variable to a list of app #### Signature spoofing -There are two options for the [signature spoofing patch][signature-spoofing] -required for [microG][microg]: +For LineageOS versions 18.1, 19.1, 20.0 and 21.0, built-in support for +signature spoofing has been added. This specifically only allows microG to +spoof its signature; no other apps are allowed to do so. If this is fine, the +`SIGNATURE_SPOOFING` environment variable may be left unset (defaulting to +`no`). + +If not, two custom [signature spoofing patches][signature-spoofing] are +provided: * "Original" [patches][signature-spoofing-patches] * Restricted patches @@ -124,15 +130,19 @@ A more strict option is the restricted patch, where the FAKE_SIGNATURE permission can be obtained only by privileged system apps, embedded in the ROM during the build process. -The signature spoofing patch can be optionally included with: +The custom signature spoofing patch can be optionally included with: * `SIGNATURE_SPOOFING (no)`: `yes` to use the original patch, `restricted` for - the restricted one, `no` for none of them + the restricted one, `no` for none of them to and default to built-in + signature spoofing. If in doubt, use `restricted`: note that packages that requires the FAKE_SIGNATURE permission must be included in the build as system apps (e.g. as part of GMS or `CUSTOM_PACKAGES`) +These patches are currently disabled for LineageOS 21 entirely. If you have an +use case which requires the use of custom patches on 21, +[please open an issue][issue-tracker]. #### Proprietary files @@ -409,7 +419,7 @@ The LineageOS for MicroG project is not in a position to offer much by way of te - the number of active volunteer maintainers / contributors is very small, and we spend what time we have trying to ensure that the process of making regular builds keeps going. We can generally investigate problems with the build tools, but not with the ROM itself; - we don't have access to any devices for testing / debugging -The [project issue tracker](https://github.com/lineageos4microg/docker-lineage-cicd/issues) is mostly for tracking problems with the Docker build tool. It is ***not*** intended for tracking problems with ***installing*** or ***running*** the LineageOS for MicroG ROM. If you run into such problems, our advice is to work through the following steps to see if they help. (Make a backup of your user apps & data first): +The [project issue tracker][issue-tracker] is mostly for tracking problems with the Docker build tool. It is ***not*** intended for tracking problems with ***installing*** or ***running*** the LineageOS for MicroG ROM. If you run into such problems, our advice is to work through the following steps to see if they help. (Make a backup of your user apps & data first): - full power off and restart - factory reset - format data partition @@ -469,7 +479,7 @@ We build for the same devices as LineageOS using [their list of build targets](h We currently make builds monthly, starting on the first day of the month. The devices included in a build run are defined by the content of the [LOS target list](https://github.com/LineageOS/hudson/blob/master/lineage-build-targets) ***at the point the build run starts***. Our monthly build run takes 15-16 days to complete. You can see the current status of the build in [the dedicated matrix room](https://matrix.to/#/#microg-lineage-os-builds:matrix.domainepublic.net) -If builds for any devices fail during a build run, we will try the build again ***after the main build run has completed***. If you do not see a new build for your device when you expect it, please check whether the build failure was reported in the matrix room. If it was, there is no need to report it - we will deal with it! If the failure was not reported in the matrix room, then please report it in [our issue tracker](https://github.com/lineageos4microg/docker-lineage-cicd/issues) or in [the XDA Forums thread](https://xdaforums.com/t/lineageos-for-microg.3700997/) +If builds for any devices fail during a build run, we will try the build again ***after the main build run has completed***. If you do not see a new build for your device when you expect it, please check whether the build failure was reported in the matrix room. If it was, there is no need to report it - we will deal with it! If the failure was not reported in the matrix room, then please report it in [our issue tracker][issue-tracker] or in [the XDA Forums thread](https://xdaforums.com/t/lineageos-for-microg.3700997/) ### Project Scope @@ -553,3 +563,4 @@ Upstream projects have their own channels for supporting users. [a6000-xda]: https://xdaforums.com/t/eol-rom-8-1-0_r43-f2fs-lineageos-15-1-arm-stable-final-android-go.3733747/ [a6000-device-tree-deps]: https://github.com/dev-harsh1998/android_device_lenovo_a6000/blob/lineage-15.1/lineage.dependencies [a6000-common-tree-deps]: https://github.com/dev-harsh1998/android_device_lenovo_msm8916-common/blob/lineage-15.1/lineage.dependencies +[issue-tracker]: https://github.com/lineageos4microg/docker-lineage-cicd/issues diff --git a/src/build.sh b/src/build.sh index be2d75f..757b4e0 100755 --- a/src/build.sh +++ b/src/build.sh @@ -175,23 +175,26 @@ for branch in ${BRANCH_NAME//,/ }; do android_version="11" frameworks_base_patch="android_frameworks_base-R.patch" apps_permissioncontroller_patch="packages_apps_PermissionController-R.patch" + user_build_spoofing_patch="android_frameworks_base-user_build.patch" ;; lineage-19.1*) themuppets_branch="lineage-19.1" android_version="12" frameworks_base_patch="android_frameworks_base-S.patch" modules_permission_patch="packages_modules_Permission-S.patch" + user_build_spoofing_patch="android_frameworks_base-user_build.patch" ;; lineage-20.0*) themuppets_branch="lineage-20.0" android_version="13" frameworks_base_patch="android_frameworks_base-Android13.patch" modules_permission_patch="packages_modules_Permission-Android13.patch" + user_build_spoofing_patch="android_frameworks_base-user_build.patch" ;; lineage-21.0*) themuppets_branch="lineage-21.0" android_version="14" - frameworks_base_patch="android_frameworks_base-Android14.patch" + user_build_spoofing_patch="android_frameworks_base-user_build.patch" ;; *) echo ">> [$(date)] Building branch $branch is not (yet) suppported" @@ -278,7 +281,19 @@ for branch in ${BRANCH_NAME//,/ }; do los_ver="$los_ver_major.$los_ver_minor" if [ "$APPLY_PATCHES" = true ]; then - # If needed, apply the microG's signature spoofing patch + # If user build variant should also enable LOS signature spoofing + if [ "$USER_BUILD_SPOOFING" = "yes" ]; then + if [ -n "$user_build_spoofing_patch" ]; then + cd frameworks/base + echo ">> [$(date)] Applying the user build variant signature spoofing patch ($user_build_spoofing_patch) to frameworks/base" + patch --quiet --force -p1 -i "/root/signature_spoofing_patches/$user_build_spoofing_patch" + git clean -q -f + cd ../.. + else + echo ">> [$(date)] WARNING: User build signature spoofing requested, but branch ($branch) does not support built-in signature spoofing" + fi + fi + # If needed, apply the microG's signature spoofing patch if [ "$SIGNATURE_SPOOFING" = "yes" ] || [ "$SIGNATURE_SPOOFING" = "restricted" ]; then # Determine which patch should be applied to the current Android source tree cd frameworks/base diff --git a/src/signature_spoofing_patches/android_frameworks_base-Android14.patch b/src/signature_spoofing_patches/android_frameworks_base-user_build.patch similarity index 100% rename from src/signature_spoofing_patches/android_frameworks_base-Android14.patch rename to src/signature_spoofing_patches/android_frameworks_base-user_build.patch From baf7001457e08e0f619965d178a035c1f6374346 Mon Sep 17 00:00:00 2001 From: Rasmus Moorats Date: Tue, 9 Apr 2024 21:19:51 +0300 Subject: [PATCH 5/7] ensure that build doesn't fail when SIGNATURE_SPOOFING is set but no patches are present --- src/build.sh | 61 ++++++++++++++++++++++++++++------------------------ 1 file changed, 33 insertions(+), 28 deletions(-) diff --git a/src/build.sh b/src/build.sh index 757b4e0..aeb9c49 100755 --- a/src/build.sh +++ b/src/build.sh @@ -293,40 +293,45 @@ for branch in ${BRANCH_NAME//,/ }; do echo ">> [$(date)] WARNING: User build signature spoofing requested, but branch ($branch) does not support built-in signature spoofing" fi fi + # If needed, apply the microG's signature spoofing patch if [ "$SIGNATURE_SPOOFING" = "yes" ] || [ "$SIGNATURE_SPOOFING" = "restricted" ]; then - # Determine which patch should be applied to the current Android source tree - cd frameworks/base - if [ "$SIGNATURE_SPOOFING" = "yes" ]; then - echo ">> [$(date)] Applying the standard signature spoofing patch ($frameworks_base_patch) to frameworks/base" - echo ">> [$(date)] WARNING: the standard signature spoofing patch introduces a security threat" - patch --quiet --force -p1 -i "/root/signature_spoofing_patches/$frameworks_base_patch" + if [ -n "$frameworks_base_patch" ]; then + echo ">> [$(date)] WARNING: Signature spoofing patches requested, but branch ($branch) does not support microG patches" else - echo ">> [$(date)] Applying the restricted signature spoofing patch (based on $frameworks_base_patch) to frameworks/base" - sed 's/android:protectionLevel="dangerous"/android:protectionLevel="signature|privileged"/' "/root/signature_spoofing_patches/$frameworks_base_patch" | patch --quiet --force -p1 - fi - git clean -q -f - cd ../.. - - if [ -n "$apps_permissioncontroller_patch" ] && [ "$SIGNATURE_SPOOFING" = "yes" ]; then - cd packages/apps/PermissionController - echo ">> [$(date)] Applying the apps/PermissionController patch ($apps_permissioncontroller_patch) to packages/apps/PermissionController" - patch --quiet --force -p1 -i "/root/signature_spoofing_patches/$apps_permissioncontroller_patch" + # Determine which patch should be applied to the current Android source tree + cd frameworks/base + if [ "$SIGNATURE_SPOOFING" = "yes" ]; then + echo ">> [$(date)] Applying the standard signature spoofing patch ($frameworks_base_patch) to frameworks/base" + echo ">> [$(date)] WARNING: the standard signature spoofing patch introduces a security threat" + patch --quiet --force -p1 -i "/root/signature_spoofing_patches/$frameworks_base_patch" + else + echo ">> [$(date)] Applying the restricted signature spoofing patch (based on $frameworks_base_patch) to frameworks/base" + sed 's/android:protectionLevel="dangerous"/android:protectionLevel="signature|privileged"/' "/root/signature_spoofing_patches/$frameworks_base_patch" | patch --quiet --force -p1 + fi git clean -q -f - cd ../../.. - fi + cd ../.. - if [ -n "$modules_permission_patch" ] && [ "$SIGNATURE_SPOOFING" = "yes" ]; then - cd packages/modules/Permission - echo ">> [$(date)] Applying the modules/Permission patch ($modules_permission_patch) to packages/modules/Permission" - patch --quiet --force -p1 -i "/root/signature_spoofing_patches/$modules_permission_patch" - git clean -q -f - cd ../../.. - fi + if [ -n "$apps_permissioncontroller_patch" ] && [ "$SIGNATURE_SPOOFING" = "yes" ]; then + cd packages/apps/PermissionController + echo ">> [$(date)] Applying the apps/PermissionController patch ($apps_permissioncontroller_patch) to packages/apps/PermissionController" + patch --quiet --force -p1 -i "/root/signature_spoofing_patches/$apps_permissioncontroller_patch" + git clean -q -f + cd ../../.. + fi - # Override device-specific settings for the location providers - mkdir -p "vendor/$vendor/overlay/microg/frameworks/base/core/res/res/values/" - cp /root/signature_spoofing_patches/frameworks_base_config.xml "vendor/$vendor/overlay/microg/frameworks/base/core/res/res/values/config.xml" + if [ -n "$modules_permission_patch" ] && [ "$SIGNATURE_SPOOFING" = "yes" ]; then + cd packages/modules/Permission + echo ">> [$(date)] Applying the modules/Permission patch ($modules_permission_patch) to packages/modules/Permission" + patch --quiet --force -p1 -i "/root/signature_spoofing_patches/$modules_permission_patch" + git clean -q -f + cd ../../.. + fi + + # Override device-specific settings for the location providers + mkdir -p "vendor/$vendor/overlay/microg/frameworks/base/core/res/res/values/" + cp /root/signature_spoofing_patches/frameworks_base_config.xml "vendor/$vendor/overlay/microg/frameworks/base/core/res/res/values/config.xml" + fi fi else echo ">> [$(date)] Applying patches disabled" From 5954c5c652f153cfabf02a1e8c214f377c11db4e Mon Sep 17 00:00:00 2001 From: Rasmus Moorats Date: Tue, 9 Apr 2024 21:23:41 +0300 Subject: [PATCH 6/7] fix typo in readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 678e5a2..52cfe23 100644 --- a/README.md +++ b/README.md @@ -133,7 +133,7 @@ during the build process. The custom signature spoofing patch can be optionally included with: * `SIGNATURE_SPOOFING (no)`: `yes` to use the original patch, `restricted` for - the restricted one, `no` for none of them to and default to built-in + the restricted one, `no` for none of them and to default to built-in signature spoofing. If in doubt, use `restricted`: note that packages that requires the From ad19be594261c2ffa65e85a88942e58fc4669dd1 Mon Sep 17 00:00:00 2001 From: FintasticMan Date: Wed, 24 Apr 2024 17:59:42 +0200 Subject: [PATCH 7/7] Restore A14 patches (not working), fix user patch This restores the (still currently non-functional) Android 14 signature spoofing patches, so that, once they have been fixed, users will be able to create unrestricted patches. These changes also mean that the error faced by @gwstorm is fixed. --- src/build.sh | 2 + .../android_frameworks_base-Android14.patch | 124 ++++++++++++++++++ ...ackages_modules_Permission-Android14.patch | 12 ++ 3 files changed, 138 insertions(+) create mode 100644 src/signature_spoofing_patches/android_frameworks_base-Android14.patch create mode 100644 src/signature_spoofing_patches/packages_modules_Permission-Android14.patch diff --git a/src/build.sh b/src/build.sh index aeb9c49..dbce782 100755 --- a/src/build.sh +++ b/src/build.sh @@ -194,6 +194,8 @@ for branch in ${BRANCH_NAME//,/ }; do lineage-21.0*) themuppets_branch="lineage-21.0" android_version="14" + frameworks_base_patch="android_frameworks_base-Android14.patch" + modules_permission_patch="packages_modules_Permission-Android14.patch" user_build_spoofing_patch="android_frameworks_base-user_build.patch" ;; *) diff --git a/src/signature_spoofing_patches/android_frameworks_base-Android14.patch b/src/signature_spoofing_patches/android_frameworks_base-Android14.patch new file mode 100644 index 0000000..9ec072c --- /dev/null +++ b/src/signature_spoofing_patches/android_frameworks_base-Android14.patch @@ -0,0 +1,124 @@ +diff --git a/core/api/current.txt b/core/api/current.txt +index 288ab479c0fb..2124d89c6e6f 100644 +--- a/core/api/current.txt ++++ b/core/api/current.txt +@@ -95,6 +95,7 @@ package android { + field public static final String EXECUTE_APP_ACTION = "android.permission.EXECUTE_APP_ACTION"; + field public static final String EXPAND_STATUS_BAR = "android.permission.EXPAND_STATUS_BAR"; + field public static final String FACTORY_TEST = "android.permission.FACTORY_TEST"; ++ field public static final String FAKE_PACKAGE_SIGNATURE = "android.permission.FAKE_PACKAGE_SIGNATURE"; + field public static final String FOREGROUND_SERVICE = "android.permission.FOREGROUND_SERVICE"; + field public static final String FOREGROUND_SERVICE_CAMERA = "android.permission.FOREGROUND_SERVICE_CAMERA"; + field public static final String FOREGROUND_SERVICE_CONNECTED_DEVICE = "android.permission.FOREGROUND_SERVICE_CONNECTED_DEVICE"; +@@ -326,6 +327,7 @@ package android { + field public static final String CALL_LOG = "android.permission-group.CALL_LOG"; + field public static final String CAMERA = "android.permission-group.CAMERA"; + field public static final String CONTACTS = "android.permission-group.CONTACTS"; ++ field public static final String FAKE_PACKAGE = "android.permission-group.FAKE_PACKAGE"; + field public static final String LOCATION = "android.permission-group.LOCATION"; + field public static final String MICROPHONE = "android.permission-group.MICROPHONE"; + field public static final String NEARBY_DEVICES = "android.permission-group.NEARBY_DEVICES"; +diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml +index 14cb052b121f..593999bc4ef7 100644 +--- a/core/res/AndroidManifest.xml ++++ b/core/res/AndroidManifest.xml +@@ -4258,6 +4258,22 @@ + android:description="@string/permdesc_getPackageSize" + android:protectionLevel="normal" /> + ++ ++ ++ ++ ++ ++ ++ + +diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml +index 9c018c30f9e3..661297bab701 100644 +--- a/core/res/res/values/strings.xml ++++ b/core/res/res/values/strings.xml +@@ -990,6 +990,19 @@ + Preview, %1$s + + ++ ++ ++ Spoof package signature ++ ++ Allows the app to pretend to be a different app. Malicious applications might be able to use this to access private application data. Legitimate uses include an emulator pretending to be what it emulates. Grant this permission with caution only! ++ ++ Spoof package signature ++ ++ allow to spoof package signature ++ ++ Allow ++ <b>%1$s</b> to spoof package signature? ++ + + + disable or modify status bar +diff --git a/services/core/java/com/android/server/pm/ComputerEngine.java b/services/core/java/com/android/server/pm/ComputerEngine.java +index 78f1fa60b69f..1e29d3697b89 100644 +--- a/services/core/java/com/android/server/pm/ComputerEngine.java ++++ b/services/core/java/com/android/server/pm/ComputerEngine.java +@@ -1450,6 +1450,29 @@ public class ComputerEngine implements Computer { + return result; + } + ++ private boolean requestsFakeSignature(AndroidPackage p) { ++ return p.getMetaData() != null && ++ p.getMetaData().getString("fake-signature") != null; ++ } ++ ++ private PackageInfo mayFakeSignature(AndroidPackage p, PackageInfo pi, ++ Set permissions) { ++ try { ++ if (p.getMetaData() != null && ++ p.getTargetSdkVersion() > Build.VERSION_CODES.LOLLIPOP_MR1) { ++ String sig = p.getMetaData().getString("fake-signature"); ++ if (sig != null && ++ permissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE")) { ++ pi.signatures = new Signature[] {new Signature(sig)}; ++ } ++ } ++ } catch (Throwable t) { ++ // We should never die because of any failures, this is system code! ++ Log.w("PackageManagerService.FAKE_PACKAGE_SIGNATURE", t); ++ } ++ return pi; ++ } ++ + public final PackageInfo generatePackageInfo(PackageStateInternal ps, + @PackageManager.PackageInfoFlagsBits long flags, int userId) { + if (!mUserManager.exists(userId)) return null; +@@ -1483,13 +1506,15 @@ public class ComputerEngine implements Computer { + || ArrayUtils.isEmpty(p.getPermissions())) ? Collections.emptySet() + : mPermissionManager.getInstalledPermissions(ps.getPackageName()); + // Compute granted permissions only if package has requested permissions +- final Set grantedPermissions = ((flags & PackageManager.GET_PERMISSIONS) == 0 ++ final Set grantedPermissions = (((flags & PackageManager.GET_PERMISSIONS) == 0 ++ && !requestsFakeSignature(p)) + || ArrayUtils.isEmpty(p.getRequestedPermissions())) ? Collections.emptySet() + : mPermissionManager.getGrantedPermissions(ps.getPackageName(), userId); + +- PackageInfo packageInfo = PackageInfoUtils.generate(p, gids, flags, ++ PackageInfo packageInfo = mayFakeSignature(p, PackageInfoUtils.generate(p, gids, flags, + state.getFirstInstallTimeMillis(), ps.getLastUpdateTime(), installedPermissions, +- grantedPermissions, state, userId, ps); ++ grantedPermissions, state, userId, ps), ++ grantedPermissions); + + if (packageInfo == null) { + return null; diff --git a/src/signature_spoofing_patches/packages_modules_Permission-Android14.patch b/src/signature_spoofing_patches/packages_modules_Permission-Android14.patch new file mode 100644 index 0000000..9aace22 --- /dev/null +++ b/src/signature_spoofing_patches/packages_modules_Permission-Android14.patch @@ -0,0 +1,12 @@ +diff --git a/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java b/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java +index d4354bd72..4b90f9327 100644 +--- a/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java ++++ b/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java +@@ -21,6 +21,7 @@ import static android.Manifest.permission_group.CALENDAR; + import static android.Manifest.permission_group.CALL_LOG; + import static android.Manifest.permission_group.CAMERA; + import static android.Manifest.permission_group.CONTACTS; ++import static android.Manifest.permission_group.FAKE_PACKAGE; + import static android.Manifest.permission_group.LOCATION; + import static android.Manifest.permission_group.MICROPHONE; + import static android.Manifest.permission_group.NEARBY_DEVICES;