mirror/ docker-lineage-cicd
1
0
Fork 0
mirror of https://github.com/lineageos4microg/docker-lineage-cicd synced 2024-05-06 23:26:09 +02:00
Code Issues

support for lineage-19.1

This commit is contained in:
Philip Nagler-Frank 2022-02-18 12:49:24 +01:00
parent 49f2fc2a33
commit 9ebbc515ab
3 changed files with 191 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
src/build.sh
View File

@ -100,34 +100,41 @@ for branch in ${BRANCH_NAME//,/ }; do
if [ -n "$branch" ] && [ -n "$devices" ]; then
vendor=lineage
permissioncontroller_patch=""
apps_permissioncontroller_patch=""
modules_permission_patch=""
case "$branch" in
cm-14.1*)
vendor="cm"
themuppets_branch="cm-14.1"
android_version="7.1.2"
patch_name="android_frameworks_base-N.patch"
frameworks_base_patch="android_frameworks_base-N.patch"
;;
lineage-15.1*)
themuppets_branch="lineage-15.1"
android_version="8.1"
patch_name="android_frameworks_base-O.patch"
frameworks_base_patch="android_frameworks_base-O.patch"
;;
lineage-16.0*)
themuppets_branch="lineage-16.0"
android_version="9"
patch_name="android_frameworks_base-P.patch"
frameworks_base_patch="android_frameworks_base-P.patch"
;;
lineage-17.1*)
themuppets_branch="lineage-17.1"
android_version="10"
patch_name="android_frameworks_base-Q.patch"
frameworks_base_patch="android_frameworks_base-Q.patch"
;;
lineage-18.1*)
themuppets_branch="lineage-18.1"
android_version="11"
patch_name="android_frameworks_base-R.patch"
permissioncontroller_patch="packages_apps_PermissionController-R.patch"
frameworks_base_patch="android_frameworks_base-R.patch"
apps_permissioncontroller_patch="packages_apps_PermissionController-R.patch"
;;
lineage-19.1*)
themuppets_branch="lineage-19.1"
android_version="12"
frameworks_base_patch="android_frameworks_base-S.patch"
modules_permission_patch="packages_modules_Permission-S.patch"
;;
*)
echo ">> [$(date)] Building branch $branch is not (yet) suppported"
@ -144,7 +151,8 @@ for branch in ${BRANCH_NAME//,/ }; do
echo ">> [$(date)] Devices: $devices"
# Remove previous changes of vendor/cm, vendor/lineage and frameworks/base (if they exist)
for path in "vendor/cm" "vendor/lineage" "frameworks/base" "packages/apps/PermissionController"; do
# TODO: maybe reset everything using https://source.android.com/setup/develop/repo#forall
for path in "vendor/cm" "vendor/lineage" "frameworks/base" "packages/apps/PermissionController" "packages/modules/Permission"; do
if [ -d "$path" ]; then
cd "$path"
git reset -q --hard
@ -194,20 +202,28 @@ for branch in ${BRANCH_NAME//,/ }; do
# Determine which patch should be applied to the current Android source tree
cd frameworks/base
if [ "$SIGNATURE_SPOOFING" = "yes" ]; then
echo ">> [$(date)] Applying the standard signature spoofing patch ($patch_name) to frameworks/base"
echo ">> [$(date)] Applying the standard signature spoofing patch ($frameworks_base_patch) to frameworks/base"
echo ">> [$(date)] WARNING: the standard signature spoofing patch introduces a security threat"
patch --quiet --force -p1 -i "/root/signature_spoofing_patches/$patch_name"
patch --quiet --force -p1 -i "/root/signature_spoofing_patches/$frameworks_base_patch"
else
echo ">> [$(date)] Applying the restricted signature spoofing patch (based on $patch_name) to frameworks/base"
sed 's/android:protectionLevel="dangerous"/android:protectionLevel="signature|privileged"/' "/root/signature_spoofing_patches/$patch_name" | patch --quiet --force -p1
echo ">> [$(date)] Applying the restricted signature spoofing patch (based on $frameworks_base_patch) to frameworks/base"
sed 's/android:protectionLevel="dangerous"/android:protectionLevel="signature|privileged"/' "/root/signature_spoofing_patches/$frameworks_base_patch" | patch --quiet --force -p1
fi
git clean -q -f
cd ../..
if [ -n "$permissioncontroller_patch" ] && [ "$SIGNATURE_SPOOFING" = "yes" ]; then
if [ -n "$apps_permissioncontroller_patch" ] && [ "$SIGNATURE_SPOOFING" = "yes" ]; then
cd packages/apps/PermissionController
echo ">> [$(date)] Applying the PermissionController patch ($permissioncontroller_patch) to packages/apps/PermissionController"
patch --quiet --force -p1 -i "/root/signature_spoofing_patches/$permissioncontroller_patch"
echo ">> [$(date)] Applying the apps/PermissionController patch ($apps_permissioncontroller_patch) to packages/apps/PermissionController"
patch --quiet --force -p1 -i "/root/signature_spoofing_patches/$apps_permissioncontroller_patch"
git clean -q -f
cd ../../..
fi
if [ -n "$modules_permission_patch" ] && [ "$SIGNATURE_SPOOFING" = "yes" ]; then
cd packages/modules/Permission
echo ">> [$(date)] Applying the modules/Permission patch ($modules_permission_patch) to packages/modules/Permission"
patch --quiet --force -p1 -i "/root/signature_spoofing_patches/$modules_permission_patch"
git clean -q -f
cd ../../..
fi

141
src/signature_spoofing_patches/android_frameworks_base-S.patch Normal file
View File

@ -0,0 +1,141 @@
diff --git a/core/api/current.txt b/core/api/current.txt
index 1de47b548a5c..7074b33c30d9 100644
--- a/core/api/current.txt
+++ b/core/api/current.txt
@@ -82,6 +82,7 @@ package android {
field public static final String DIAGNOSTIC = "android.permission.DIAGNOSTIC";
field public static final String DISABLE_KEYGUARD = "android.permission.DISABLE_KEYGUARD";
field public static final String DUMP = "android.permission.DUMP";
+ field public static final String FAKE_PACKAGE_SIGNATURE = "android.permission.FAKE_PACKAGE_SIGNATURE";
field public static final String EXPAND_STATUS_BAR = "android.permission.EXPAND_STATUS_BAR";
field public static final String FACTORY_TEST = "android.permission.FACTORY_TEST";
field public static final String FOREGROUND_SERVICE = "android.permission.FOREGROUND_SERVICE";
@@ -199,6 +200,7 @@ package android {
field public static final String CALL_LOG = "android.permission-group.CALL_LOG";
field public static final String CAMERA = "android.permission-group.CAMERA";
field public static final String CONTACTS = "android.permission-group.CONTACTS";
+ field public static final String FAKE_PACKAGE = "android.permission-group.FAKE_PACKAGE";
field public static final String LOCATION = "android.permission-group.LOCATION";
field public static final String MICROPHONE = "android.permission-group.MICROPHONE";
field public static final String NEARBY_DEVICES = "android.permission-group.NEARBY_DEVICES";
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index 2a0a4e3483ae..1701dd50e32d 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -3197,6 +3197,21 @@
android:description="@string/permdesc_getPackageSize"
android:protectionLevel="normal" />
+ <!-- Dummy user-facing group for faking package signature -->
+ <permission-group android:name="android.permission-group.FAKE_PACKAGE"
+ android:label="@string/permgrouplab_fake_package_signature"
+ android:description="@string/permgroupdesc_fake_package_signature"
+ android:request="@string/permgrouprequest_fake_package_signature"
+ android:priority="100" />
+
+ <!-- Allows an application to change the package signature as
+ seen by applications -->
+ <permission android:name="android.permission.FAKE_PACKAGE_SIGNATURE"
+ android:permissionGroup="android.permission-group.UNDEFINED"
+ android:protectionLevel="dangerous"
+ android:label="@string/permlab_fakePackageSignature"
+ android:description="@string/permdesc_fakePackageSignature" />
+
<!-- @deprecated No longer useful, see
{@link android.content.pm.PackageManager#addPackageToPreferred}
for details. -->
diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml
index fbc14c7e2e17..f601ce35e52c 100644
--- a/core/res/res/values/config.xml
+++ b/core/res/res/values/config.xml
@@ -1775,6 +1775,8 @@
<string-array name="config_locationProviderPackageNames" translatable="false">
<!-- The standard AOSP fused location provider -->
<item>com.android.location.fused</item>
+ <!-- Google Play Services or microG (free reimplementation) location provider -->
+ <item>com.google.android.gms</item>
</string-array>
<!-- Package name(s) of Advanced Driver Assistance applications. These packages have additional
diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
index b58638cc3ade..8cf98fa56bf6 100644
--- a/core/res/res/values/strings.xml
+++ b/core/res/res/values/strings.xml
@@ -880,6 +880,18 @@
<!-- Permissions -->
+ <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
+ <string name="permlab_fakePackageSignature">Spoof package signature</string>
+ <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
+ <string name="permdesc_fakePackageSignature">Allows the app to pretend to be a different app. Malicious applications might be able to use this to access private application data. Legitimate uses include an emulator pretending to be what it emulates. Grant this permission with caution only!</string>
+ <!-- Title of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
+ <string name="permgrouplab_fake_package_signature">Spoof package signature</string>
+ <!-- Description of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
+ <string name="permgroupdesc_fake_package_signature">allow to spoof package signature</string>
+ <!-- Message shown to the user when the apps requests permission from this group. If ever possible this should stay below 80 characters (assuming the parameters takes 20 characters). Don't abbreviate until the message reaches 120 characters though. [CHAR LIMIT=120] -->
+ <string name="permgrouprequest_fake_package_signature">Allow
+ &lt;b><xliff:g id="app_name" example="Gmail">%1$s</xliff:g>&lt;/b> to spoof package signature?</string>
+
<!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
<string name="permlab_statusBar">disable or modify status bar</string>
<!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index f69922f64787..9517e4032646 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -3325,6 +3325,33 @@ public class PackageManagerService extends IPackageManager.Stub
return result;
}
+ @Nullable
+ private static String getRequestedFakeSignature(AndroidPackage p) {
+ Bundle metaData = p.getMetaData();
+ if (metaData != null) {
+ return metaData.getString("fake-signature");
+ }
+ return null;
+ }
+
+ private static PackageInfo applyFakeSignature(AndroidPackage p, PackageInfo pi,
+ Set<String> permissions) {
+ try {
+ if (permissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE")
+ && p.getTargetSdkVersion() > Build.VERSION_CODES.LOLLIPOP_MR1) {
+ String sig = getRequestedFakeSignature(p);
+ if (sig != null) {
+ pi.signatures = new Signature[] { new Signature(sig) };
+ }
+ }
+ } catch (Throwable t) {
+ // We should never die because of any failures, this is system code!
+ Log.w("PackageManagerService.FAKE_PACKAGE_SIGNATURE", t);
+ }
+ return pi;
+ }
+
+
public final PackageInfo generatePackageInfo(PackageSetting ps, int flags, int userId) {
if (!mUserManager.exists(userId)) return null;
if (ps == null) {
@@ -3353,13 +3380,17 @@ public class PackageManagerService extends IPackageManager.Stub
final int[] gids = (flags & PackageManager.GET_GIDS) == 0 ? EMPTY_INT_ARRAY
: mPermissionManager.getGidsForUid(UserHandle.getUid(userId, ps.appId));
// Compute granted permissions only if package has requested permissions
- final Set<String> permissions = ((flags & PackageManager.GET_PERMISSIONS) == 0
- || ArrayUtils.isEmpty(p.getRequestedPermissions())) ? Collections.emptySet()
- : mPermissionManager.getGrantedPermissions(ps.name, userId);
+ boolean computePermissions = !ArrayUtils.isEmpty(p.getRequestedPermissions()) &&
+ ((flags & PackageManager.GET_PERMISSIONS) != 0 || getRequestedFakeSignature(p) != null);
+ final Set<String> permissions = computePermissions ?
+ mPermissionManager.getGrantedPermissions(ps.name, userId)
+ : Collections.emptySet();
PackageInfo packageInfo = PackageInfoUtils.generate(p, gids, flags,
ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId, ps);
+ packageInfo = applyFakeSignature(p, packageInfo, permissions);
+
if (packageInfo == null) {
return null;
}

19
src/signature_spoofing_patches/packages_modules_Permission-S.patch Normal file
View File

@ -0,0 +1,19 @@
--- a/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java
+++ b/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java
@@ -21,6 +21,7 @@ import static android.Manifest.permission_group.CALENDAR;
import static android.Manifest.permission_group.CALL_LOG;
import static android.Manifest.permission_group.CAMERA;
import static android.Manifest.permission_group.CONTACTS;
+import static android.Manifest.permission_group.FAKE_PACKAGE;
import static android.Manifest.permission_group.LOCATION;
import static android.Manifest.permission_group.MICROPHONE;
import static android.Manifest.permission_group.NEARBY_DEVICES;
@@ -281,6 +282,8 @@ public final class Utils {
PLATFORM_PERMISSIONS.put(Manifest.permission.BODY_SENSORS, SENSORS);
+ PLATFORM_PERMISSIONS.put(Manifest.permission.FAKE_PACKAGE_SIGNATURE, FAKE_PACKAGE);
+
PLATFORM_PERMISSION_GROUPS = new ArrayMap<>();
int numPlatformPermissions = PLATFORM_PERMISSIONS.size();
for (int i = 0; i < numPlatformPermissions; i++) {