mirror of
https://github.com/lineageos4microg/docker-lineage-cicd
synced 2024-11-09 10:09:56 +01:00
Disable old signature spoofing patch for LOS 21
LineageOS 21 introduced built-in support for signature spoofing. The commit removes the old signature spoofing for LOS 21 (which failed to build properly) and instead replaces it with a patch which enables signature spoofing even on builds that aren't "debuggable" like dev and userdebug, meaning regular user builds also support signature spoofing. However, since the LineageOS signature spoofing functionality specifically only applies to microG, this means that "unrestricted" signature spoofing is no longer possible for LOS 21. Related GitHub issue: #607
This commit is contained in:
parent
77fd74aa66
commit
f10d8e2c5b
@ -192,7 +192,6 @@ for branch in ${BRANCH_NAME//,/ }; do
|
|||||||
themuppets_branch="lineage-21.0"
|
themuppets_branch="lineage-21.0"
|
||||||
android_version="14"
|
android_version="14"
|
||||||
frameworks_base_patch="android_frameworks_base-Android14.patch"
|
frameworks_base_patch="android_frameworks_base-Android14.patch"
|
||||||
modules_permission_patch="packages_modules_Permission-Android14.patch"
|
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
echo ">> [$(date)] Building branch $branch is not (yet) suppported"
|
echo ">> [$(date)] Building branch $branch is not (yet) suppported"
|
||||||
|
@ -1,124 +1,27 @@
|
|||||||
diff --git a/core/api/current.txt b/core/api/current.txt
|
From d467f4bdb09f16988965a44d6a42f0f180f7e6d7 Mon Sep 17 00:00:00 2001
|
||||||
index 288ab479c0fb..2124d89c6e6f 100644
|
From: Rasmus Moorats <xx@nns.ee>
|
||||||
--- a/core/api/current.txt
|
Date: Tue, 9 Apr 2024 13:18:17 +0300
|
||||||
+++ b/core/api/current.txt
|
Subject: [PATCH] Remove the check to isDebuggable()
|
||||||
@@ -95,6 +95,7 @@ package android {
|
|
||||||
field public static final String EXECUTE_APP_ACTION = "android.permission.EXECUTE_APP_ACTION";
|
This makes the microG signature spoofing work in regular user builds.
|
||||||
field public static final String EXPAND_STATUS_BAR = "android.permission.EXPAND_STATUS_BAR";
|
---
|
||||||
field public static final String FACTORY_TEST = "android.permission.FACTORY_TEST";
|
services/core/java/com/android/server/pm/ComputerEngine.java | 4 ----
|
||||||
+ field public static final String FAKE_PACKAGE_SIGNATURE = "android.permission.FAKE_PACKAGE_SIGNATURE";
|
1 file changed, 4 deletions(-)
|
||||||
field public static final String FOREGROUND_SERVICE = "android.permission.FOREGROUND_SERVICE";
|
|
||||||
field public static final String FOREGROUND_SERVICE_CAMERA = "android.permission.FOREGROUND_SERVICE_CAMERA";
|
|
||||||
field public static final String FOREGROUND_SERVICE_CONNECTED_DEVICE = "android.permission.FOREGROUND_SERVICE_CONNECTED_DEVICE";
|
|
||||||
@@ -326,6 +327,7 @@ package android {
|
|
||||||
field public static final String CALL_LOG = "android.permission-group.CALL_LOG";
|
|
||||||
field public static final String CAMERA = "android.permission-group.CAMERA";
|
|
||||||
field public static final String CONTACTS = "android.permission-group.CONTACTS";
|
|
||||||
+ field public static final String FAKE_PACKAGE = "android.permission-group.FAKE_PACKAGE";
|
|
||||||
field public static final String LOCATION = "android.permission-group.LOCATION";
|
|
||||||
field public static final String MICROPHONE = "android.permission-group.MICROPHONE";
|
|
||||||
field public static final String NEARBY_DEVICES = "android.permission-group.NEARBY_DEVICES";
|
|
||||||
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
|
|
||||||
index 14cb052b121f..593999bc4ef7 100644
|
|
||||||
--- a/core/res/AndroidManifest.xml
|
|
||||||
+++ b/core/res/AndroidManifest.xml
|
|
||||||
@@ -4258,6 +4258,22 @@
|
|
||||||
android:description="@string/permdesc_getPackageSize"
|
|
||||||
android:protectionLevel="normal" />
|
|
||||||
|
|
||||||
+ <!-- Dummy user-facing group for faking package signature -->
|
|
||||||
+ <permission-group android:name="android.permission-group.FAKE_PACKAGE"
|
|
||||||
+ android:label="@string/permgrouplab_fake_package_signature"
|
|
||||||
+ android:description="@string/permgroupdesc_fake_package_signature"
|
|
||||||
+ android:request="@string/permgrouprequest_fake_package_signature"
|
|
||||||
+ android:priority="100" />
|
|
||||||
+
|
|
||||||
+ <!-- Allows an application to change the package signature as
|
|
||||||
+ seen by applications -->
|
|
||||||
+ <permission android:name="android.permission.FAKE_PACKAGE_SIGNATURE"
|
|
||||||
+ android:permissionGroup="android.permission-group.UNDEFINED"
|
|
||||||
+ android:protectionLevel="dangerous"
|
|
||||||
+ android:label="@string/permlab_fakePackageSignature"
|
|
||||||
+ android:description="@string/permdesc_fakePackageSignature" />
|
|
||||||
+
|
|
||||||
+
|
|
||||||
<!-- @deprecated No longer useful, see
|
|
||||||
{@link android.content.pm.PackageManager#addPackageToPreferred}
|
|
||||||
for details. -->
|
|
||||||
diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
|
|
||||||
index 9c018c30f9e3..661297bab701 100644
|
|
||||||
--- a/core/res/res/values/strings.xml
|
|
||||||
+++ b/core/res/res/values/strings.xml
|
|
||||||
@@ -990,6 +990,19 @@
|
|
||||||
<string name="dream_preview_title">Preview, <xliff:g id="dream_name" example="Clock">%1$s</xliff:g></string>
|
|
||||||
|
|
||||||
<!-- Permissions -->
|
|
||||||
+
|
|
||||||
+ <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
|
|
||||||
+ <string name="permlab_fakePackageSignature">Spoof package signature</string>
|
|
||||||
+ <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
|
|
||||||
+ <string name="permdesc_fakePackageSignature">Allows the app to pretend to be a different app. Malicious applications might be able to use this to access private application data. Legitimate uses include an emulator pretending to be what it emulates. Grant this permission with caution only!</string>
|
|
||||||
+ <!-- Title of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
|
|
||||||
+ <string name="permgrouplab_fake_package_signature">Spoof package signature</string>
|
|
||||||
+ <!-- Description of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
|
|
||||||
+ <string name="permgroupdesc_fake_package_signature">allow to spoof package signature</string>
|
|
||||||
+ <!-- Message shown to the user when the apps requests permission from this group. If ever possible this should stay below 80 characters (assuming the parameters takes 20 characters). Don't abbreviate until the message reaches 120 characters though. [CHAR LIMIT=120] -->
|
|
||||||
+ <string name="permgrouprequest_fake_package_signature">Allow
|
|
||||||
+ <b><xliff:g id="app_name" example="Gmail">%1$s</xliff:g></b> to spoof package signature?</string>
|
|
||||||
+
|
|
||||||
|
|
||||||
<!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
|
|
||||||
<string name="permlab_statusBar">disable or modify status bar</string>
|
|
||||||
diff --git a/services/core/java/com/android/server/pm/ComputerEngine.java b/services/core/java/com/android/server/pm/ComputerEngine.java
|
diff --git a/services/core/java/com/android/server/pm/ComputerEngine.java b/services/core/java/com/android/server/pm/ComputerEngine.java
|
||||||
index 78f1fa60b69f..1e29d3697b89 100644
|
index d8cbe9d5..13af78f5 100644
|
||||||
--- a/services/core/java/com/android/server/pm/ComputerEngine.java
|
--- a/services/core/java/com/android/server/pm/ComputerEngine.java
|
||||||
+++ b/services/core/java/com/android/server/pm/ComputerEngine.java
|
+++ b/services/core/java/com/android/server/pm/ComputerEngine.java
|
||||||
@@ -1450,6 +1450,29 @@ public class ComputerEngine implements Computer {
|
@@ -1472,10 +1472,6 @@ public class ComputerEngine implements Computer {
|
||||||
return result;
|
private static native boolean isDebuggable();
|
||||||
}
|
|
||||||
|
|
||||||
+ private boolean requestsFakeSignature(AndroidPackage p) {
|
public static boolean isMicrogSigned(AndroidPackage p) {
|
||||||
+ return p.getMetaData() != null &&
|
- if (!isDebuggable()) {
|
||||||
+ p.getMetaData().getString("fake-signature") != null;
|
- return false;
|
||||||
+ }
|
- }
|
||||||
+
|
-
|
||||||
+ private PackageInfo mayFakeSignature(AndroidPackage p, PackageInfo pi,
|
// Allowlist the following apps:
|
||||||
+ Set<String> permissions) {
|
// * com.android.vending - microG Companion
|
||||||
+ try {
|
// * com.google.android.gms - microG Services
|
||||||
+ if (p.getMetaData() != null &&
|
--
|
||||||
+ p.getTargetSdkVersion() > Build.VERSION_CODES.LOLLIPOP_MR1) {
|
2.44.0
|
||||||
+ String sig = p.getMetaData().getString("fake-signature");
|
|
||||||
+ if (sig != null &&
|
|
||||||
+ permissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE")) {
|
|
||||||
+ pi.signatures = new Signature[] {new Signature(sig)};
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ } catch (Throwable t) {
|
|
||||||
+ // We should never die because of any failures, this is system code!
|
|
||||||
+ Log.w("PackageManagerService.FAKE_PACKAGE_SIGNATURE", t);
|
|
||||||
+ }
|
|
||||||
+ return pi;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
public final PackageInfo generatePackageInfo(PackageStateInternal ps,
|
|
||||||
@PackageManager.PackageInfoFlagsBits long flags, int userId) {
|
|
||||||
if (!mUserManager.exists(userId)) return null;
|
|
||||||
@@ -1483,13 +1506,15 @@ public class ComputerEngine implements Computer {
|
|
||||||
|| ArrayUtils.isEmpty(p.getPermissions())) ? Collections.emptySet()
|
|
||||||
: mPermissionManager.getInstalledPermissions(ps.getPackageName());
|
|
||||||
// Compute granted permissions only if package has requested permissions
|
|
||||||
- final Set<String> grantedPermissions = ((flags & PackageManager.GET_PERMISSIONS) == 0
|
|
||||||
+ final Set<String> grantedPermissions = (((flags & PackageManager.GET_PERMISSIONS) == 0
|
|
||||||
+ && !requestsFakeSignature(p))
|
|
||||||
|| ArrayUtils.isEmpty(p.getRequestedPermissions())) ? Collections.emptySet()
|
|
||||||
: mPermissionManager.getGrantedPermissions(ps.getPackageName(), userId);
|
|
||||||
|
|
||||||
- PackageInfo packageInfo = PackageInfoUtils.generate(p, gids, flags,
|
|
||||||
+ PackageInfo packageInfo = mayFakeSignature(p, PackageInfoUtils.generate(p, gids, flags,
|
|
||||||
state.getFirstInstallTimeMillis(), ps.getLastUpdateTime(), installedPermissions,
|
|
||||||
- grantedPermissions, state, userId, ps);
|
|
||||||
+ grantedPermissions, state, userId, ps),
|
|
||||||
+ grantedPermissions);
|
|
||||||
|
|
||||||
if (packageInfo == null) {
|
|
||||||
return null;
|
|
||||||
|
@ -1,12 +0,0 @@
|
|||||||
diff --git a/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java b/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java
|
|
||||||
index d4354bd72..4b90f9327 100644
|
|
||||||
--- a/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java
|
|
||||||
+++ b/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java
|
|
||||||
@@ -21,6 +21,7 @@ import static android.Manifest.permission_group.CALENDAR;
|
|
||||||
import static android.Manifest.permission_group.CALL_LOG;
|
|
||||||
import static android.Manifest.permission_group.CAMERA;
|
|
||||||
import static android.Manifest.permission_group.CONTACTS;
|
|
||||||
+import static android.Manifest.permission_group.FAKE_PACKAGE;
|
|
||||||
import static android.Manifest.permission_group.LOCATION;
|
|
||||||
import static android.Manifest.permission_group.MICROPHONE;
|
|
||||||
import static android.Manifest.permission_group.NEARBY_DEVICES;
|
|
Loading…
Reference in New Issue
Block a user