PeterGSI/patches
1
0
Fork 2
Code Issues Pull requests Projects Releases Wiki Activity

Re-pick LOS patches for signature spoofing

Browse source
This commit is contained in:
Peter Cai 2025-01-22 21:49:30 -05:00
parent 827e0d2a50
commit 70205d489a
12 changed files with 659 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
frameworks/base/0001-PackageParser-support-glob-matching-for-properties.patch
View file

@ -1,7 +1,7 @@
From 2b9fc3684d24ff3276f18c4de93402cf7d92e5c3 Mon Sep 17 00:00:00 2001
From: Peter Cai <peter@typeblog.net>
Date: Tue, 12 Oct 2021 21:37:22 -0400
Subject: [PATCH 01/11] PackageParser: support glob matching for properties
Subject: [PATCH 01/12] PackageParser: support glob matching for properties
Needed to make phh's vendor overlays work
---

2
frameworks/base/0002-FrameworkParsingPackageUtils-Add-glob-matching-suppo.patch
View file

@ -1,7 +1,7 @@
From 6de413c8d88d2d6f02e81a4247af47b506ea4451 Mon Sep 17 00:00:00 2001
From: Peter Cai <peter@typeblog.net>
Date: Fri, 2 Sep 2022 21:36:06 -0400
Subject: [PATCH 02/11] FrameworkParsingPackageUtils: Add glob matching support
Subject: [PATCH 02/12] FrameworkParsingPackageUtils: Add glob matching support
for properties
This is now required in addition to the one in PackageParser in order

2
frameworks/base/0003-Global-VPN-feature-1-2.patch
View file

@ -1,7 +1,7 @@
From a5c2cffdac5181c437437fee002526d43a080c51 Mon Sep 17 00:00:00 2001
From: Oliver Scott <olivercscott@gmail.com>
Date: Thu, 8 Jul 2021 10:41:43 -0400
Subject: [PATCH 03/11] Global VPN feature [1/2]
Subject: [PATCH 03/12] Global VPN feature [1/2]
* Modify existing VPN user range functions to conditionally have traffic
from all users pass through the global VPN.

2
frameworks/base/0004-Dynamically-resize-boot-animation-to-match-screen-si.patch
View file

@ -1,7 +1,7 @@
From 1357225dd52f3f2a6a1766c33eca32506b8f7ac2 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Mon, 20 Dec 2021 15:01:41 -0500
Subject: [PATCH 04/11] Dynamically resize boot animation to match screen size
Subject: [PATCH 04/12] Dynamically resize boot animation to match screen size
Change-Id: I54e49fc6b8c670103852e212d1416e27ff976205
---

2
frameworks/base/0005-Restore-getSimStateForSlotIndex-in-SubscriptionManag.patch
View file

@ -1,7 +1,7 @@
From f89ddfd215de9269559afdd6b23e4eca56da8eef Mon Sep 17 00:00:00 2001
From: Andy CrossGate Yan <GeForce8800Ultra@gmail.com>
Date: Wed, 2 Aug 2023 20:59:53 +0800
Subject: [PATCH 05/11] Restore getSimStateForSlotIndex in SubscriptionManager
Subject: [PATCH 05/12] Restore getSimStateForSlotIndex in SubscriptionManager
MTK IMS still needs it here

2
frameworks/base/0006-Add-runWithCleanCallingIdentity-variant-with-both-ex.patch
View file

@ -1,7 +1,7 @@
From 6ed2fcbdc5aaadd1bb29f8bfd80cf9200515acb0 Mon Sep 17 00:00:00 2001
From: Andy CrossGate Yan <GeForce8800Ultra@gmail.com>
Date: Sat, 12 Aug 2023 20:11:17 +0800
Subject: [PATCH 06/11] Add runWithCleanCallingIdentity variant with both
Subject: [PATCH 06/12] Add runWithCleanCallingIdentity variant with both
executor and return value
This complements the fixup to ImsPhoneCallTracker (in fw/o/t) for U

42
frameworks/base/0007-AuthService-HIDL-and-AIDL-fingerprint-services-are-m.patch Normal file
View file

@ -0,0 +1,42 @@
From 8eec006d00e012f02a33cea8f631af15bdd14498 Mon Sep 17 00:00:00 2001
From: Peter Cai <peter@typeblog.net>
Date: Sun, 22 Sep 2024 22:53:01 -0400
Subject: [PATCH 07/12] AuthService: HIDL and AIDL fingerprint services are
mutually exclusive
...and make sure that we prioritize AIDL over HIDL. This is essential
for GSIs to boot on newer devices while having the HIDL property set for
compatibility with older ones.
Change-Id: I834297a44674820d813d8f6d376dfd294f084f3b
---
.../com/android/server/biometrics/AuthService.java | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/services/core/java/com/android/server/biometrics/AuthService.java b/services/core/java/com/android/server/biometrics/AuthService.java
index 2d802b21c..0730d634f 100644
--- a/services/core/java/com/android/server/biometrics/AuthService.java
+++ b/services/core/java/com/android/server/biometrics/AuthService.java
@@ -908,15 +908,13 @@ public class AuthService extends SystemService {
handlerProvider.getFingerprintHandler().post(() -> {
final FingerprintSensorConfigurations mFingerprintSensorConfigurations =
- new FingerprintSensorConfigurations(!(hidlConfigStrings != null
- && hidlConfigStrings.length > 0));
-
- if (hidlConfigStrings != null && hidlConfigStrings.length > 0) {
- mFingerprintSensorConfigurations.addHidlSensors(hidlConfigStrings, context);
- }
+ new FingerprintSensorConfigurations(fingerprintAidlInstances != null
+ && fingerprintAidlInstances.length > 0);
if (fingerprintAidlInstances != null && fingerprintAidlInstances.length > 0) {
mFingerprintSensorConfigurations.addAidlSensors(fingerprintAidlInstances);
+ } else if (hidlConfigStrings != null && hidlConfigStrings.length > 0) {
+ mFingerprintSensorConfigurations.addHidlSensors(hidlConfigStrings, context);
}
if (fingerprintService != null) {
--
2.44.0

150
frameworks/base/0008-fw-b-Use-ro.build.version.incremental-to-signal-OTA-.patch Normal file
View file

@ -0,0 +1,150 @@
From 0439e89b1442adc5d6bb2b876ca7bc87a0b0ebd1 Mon Sep 17 00:00:00 2001
From: dhacker29 <dhackerdvm@gmail.com>
Date: Tue, 24 Nov 2015 01:53:47 -0500
Subject: [PATCH 08/12] fw/b: Use ro.build.version.incremental to signal OTA
upgrades
Co-authored-by: maxwen <max.weninger@gmail.com>
Co-authored-by: Sam Mortimer <sam@mortimer.me.uk>
Co-authored-by: Wang Han <416810799@qq.com>
Change-Id: If0eb969ba509981f9209ffa37a949d9042ef4c2a
---
core/java/android/app/admin/SystemUpdateInfo.java | 4 ++--
core/java/android/content/pm/PackagePartitions.java | 2 +-
.../java/com/android/server/appwidget/AppWidgetXmlUtil.java | 4 ++--
.../java/com/android/server/pm/PackageManagerService.java | 5 +++--
.../com/android/server/pm/PackageManagerServiceUtils.java | 3 +--
services/core/java/com/android/server/pm/Settings.java | 2 +-
.../core/java/com/android/server/pm/ShortcutService.java | 2 +-
7 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/core/java/android/app/admin/SystemUpdateInfo.java b/core/java/android/app/admin/SystemUpdateInfo.java
index 9e6c91f4e..7459b0e05 100644
--- a/core/java/android/app/admin/SystemUpdateInfo.java
+++ b/core/java/android/app/admin/SystemUpdateInfo.java
@@ -133,7 +133,7 @@ public final class SystemUpdateInfo implements Parcelable {
out.startTag(null, tag);
out.attributeLong(null, ATTR_RECEIVED_TIME, mReceivedTime);
out.attributeInt(null, ATTR_SECURITY_PATCH_STATE, mSecurityPatchState);
- out.attribute(null, ATTR_ORIGINAL_BUILD , Build.FINGERPRINT);
+ out.attribute(null, ATTR_ORIGINAL_BUILD , Build.VERSION.INCREMENTAL);
out.endTag(null, tag);
}
@@ -142,7 +142,7 @@ public final class SystemUpdateInfo implements Parcelable {
public static SystemUpdateInfo readFromXml(TypedXmlPullParser parser) {
// If an OTA has been applied (build fingerprint has changed), discard stale info.
final String buildFingerprint = parser.getAttributeValue(null, ATTR_ORIGINAL_BUILD );
- if (!Build.FINGERPRINT.equals(buildFingerprint)) {
+ if (!Build.VERSION.INCREMENTAL.equals(buildFingerprint)) {
return null;
}
try {
diff --git a/core/java/android/content/pm/PackagePartitions.java b/core/java/android/content/pm/PackagePartitions.java
index ff80e614b..da3b68ecf 100644
--- a/core/java/android/content/pm/PackagePartitions.java
+++ b/core/java/android/content/pm/PackagePartitions.java
@@ -131,7 +131,7 @@ public class PackagePartitions {
final String partitionName = SYSTEM_PARTITIONS.get(i).getName();
digestProperties[i] = "ro." + partitionName + ".build.fingerprint";
}
- digestProperties[SYSTEM_PARTITIONS.size()] = "ro.build.fingerprint"; // build fingerprint
+ digestProperties[SYSTEM_PARTITIONS.size()] = "ro.build.version.incremental";
return SystemProperties.digestOf(digestProperties);
}
diff --git a/services/appwidget/java/com/android/server/appwidget/AppWidgetXmlUtil.java b/services/appwidget/java/com/android/server/appwidget/AppWidgetXmlUtil.java
index ce9130ad5..737ecae1c 100644
--- a/services/appwidget/java/com/android/server/appwidget/AppWidgetXmlUtil.java
+++ b/services/appwidget/java/com/android/server/appwidget/AppWidgetXmlUtil.java
@@ -117,7 +117,7 @@ public class AppWidgetXmlUtil {
out.attributeInt(null, ATTR_WIDGET_FEATURES, info.widgetFeatures);
out.attributeInt(null, ATTR_DESCRIPTION_RES, info.descriptionRes);
out.attributeBoolean(null, ATTR_PROVIDER_INHERITANCE, info.isExtendedFromAppWidgetProvider);
- out.attribute(null, ATTR_OS_FINGERPRINT, Build.FINGERPRINT);
+ out.attribute(null, ATTR_OS_FINGERPRINT, Build.VERSION.INCREMENTAL);
}
/**
@@ -128,7 +128,7 @@ public class AppWidgetXmlUtil {
@NonNull final TypedXmlPullParser parser) {
Objects.requireNonNull(parser);
final String fingerprint = parser.getAttributeValue(null, ATTR_OS_FINGERPRINT);
- if (!Build.FINGERPRINT.equals(fingerprint)) {
+ if (!Build.VERSION.INCREMENTAL.equals(fingerprint)) {
return null;
}
final AppWidgetProviderInfo info = new AppWidgetProviderInfo();
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 611e0d862..0e343e18a 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -2239,7 +2239,8 @@ public class PackageManagerService implements PackageSender, TestUtilityService
if (mIsUpgrade) {
PackageManagerServiceUtils.logCriticalInfo(Log.INFO,
"Upgrading from " + ver.fingerprint + " (" + ver.buildFingerprint + ") to "
- + PackagePartitions.FINGERPRINT + " (" + Build.FINGERPRINT + ")");
+ + PackagePartitions.FINGERPRINT
+ + " (" + Build.VERSION.INCREMENTAL + ")");
}
mPriorSdkVersion = mIsUpgrade ? ver.sdkVersion : -1;
mInitAppsHelper = new InitAppsHelper(this, mApexManager, mInstallPackageHelper,
@@ -2397,7 +2398,7 @@ public class PackageManagerService implements PackageSender, TestUtilityService
| Installer.FLAG_CLEAR_APP_DATA_KEEP_ART_PROFILES);
}
}
- ver.buildFingerprint = Build.FINGERPRINT;
+ ver.buildFingerprint = Build.VERSION.INCREMENTAL;
ver.fingerprint = PackagePartitions.FINGERPRINT;
}
diff --git a/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java b/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
index 975758241..54527a6b0 100644
--- a/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
+++ b/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
@@ -1400,8 +1400,6 @@ public class PackageManagerServiceUtils {
// that starts with "eng." to signify that this is an engineering build and not
// destined for release.
if (isUserDebugBuild && incrementalVersion.startsWith("eng.")) {
- Slog.w(TAG, "Wiping cache directory because the system partition changed.");
-
// Heuristic: If the /system directory has been modified recently due to an "adb sync"
// or a regular make, then blow away the cache. Note that mtimes are *NOT* reliable
// in general and should not be used for production changes. In this specific case,
@@ -1409,6 +1407,7 @@ public class PackageManagerServiceUtils {
File frameworkDir =
new File(Environment.getRootDirectory(), "framework");
if (cacheDir.lastModified() < frameworkDir.lastModified()) {
+ Slog.w(TAG, "Wiping cache directory because the system partition changed.");
FileUtils.deleteContents(cacheBaseDir);
cacheDir = FileUtils.createDir(cacheBaseDir, cacheName);
}
diff --git a/services/core/java/com/android/server/pm/Settings.java b/services/core/java/com/android/server/pm/Settings.java
index 1f672a093..bef67a838 100644
--- a/services/core/java/com/android/server/pm/Settings.java
+++ b/services/core/java/com/android/server/pm/Settings.java
@@ -485,7 +485,7 @@ public final class Settings implements Watchable, Snappable, ResilientAtomicFile
public void forceCurrent() {
sdkVersion = Build.VERSION.SDK_INT;
databaseVersion = CURRENT_DATABASE_VERSION;
- buildFingerprint = Build.FINGERPRINT;
+ buildFingerprint = Build.VERSION.INCREMENTAL;
fingerprint = PackagePartitions.FINGERPRINT;
}
}
diff --git a/services/core/java/com/android/server/pm/ShortcutService.java b/services/core/java/com/android/server/pm/ShortcutService.java
index 5518bfae8..e26eec659 100644
--- a/services/core/java/com/android/server/pm/ShortcutService.java
+++ b/services/core/java/com/android/server/pm/ShortcutService.java
@@ -5259,7 +5259,7 @@ public class ShortcutService extends IShortcutService.Stub {
// Injection point.
String injectBuildFingerprint() {
- return Build.FINGERPRINT;
+ return Build.VERSION.INCREMENTAL;
}
final void wtf(String message) {
--
2.44.0

134
frameworks/base/0009-WebView-Add-check-before-setting-default-or-fallback.patch Normal file
View file

@ -0,0 +1,134 @@
From e9f37a43249f7816b78c4a8ce3a82f48db779567 Mon Sep 17 00:00:00 2001
From: Pranav Vashi <neobuddy89@gmail.com>
Date: Sat, 21 Sep 2024 13:44:09 +0530
Subject: [PATCH 09/12] WebView: Add check before setting default or fallback
provider
Signed-off-by: Pranav Vashi <neobuddy89@gmail.com>
---
.../webkit/WebViewUpdateServiceImpl.java | 14 ++++++--
.../webkit/WebViewUpdateServiceImpl2.java | 34 ++++++++++++++-----
2 files changed, 38 insertions(+), 10 deletions(-)
diff --git a/services/core/java/com/android/server/webkit/WebViewUpdateServiceImpl.java b/services/core/java/com/android/server/webkit/WebViewUpdateServiceImpl.java
index b9be4a2de..e98196f9f 100644
--- a/services/core/java/com/android/server/webkit/WebViewUpdateServiceImpl.java
+++ b/services/core/java/com/android/server/webkit/WebViewUpdateServiceImpl.java
@@ -15,6 +15,7 @@
*/
package com.android.server.webkit;
+import android.app.AppGlobals;
import android.annotation.Nullable;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager.NameNotFoundException;
@@ -396,7 +397,7 @@ class WebViewUpdateServiceImpl implements WebViewUpdateServiceInterface {
@Override
public WebViewProviderInfo getDefaultWebViewPackage() {
for (WebViewProviderInfo provider : getWebViewPackages()) {
- if (provider.availableByDefault) {
+ if (provider.availableByDefault && isPackageAvailable(provider.packageName)) {
return provider;
}
}
@@ -406,6 +407,15 @@ class WebViewUpdateServiceImpl implements WebViewUpdateServiceInterface {
throw new AndroidRuntimeException("No available by default WebView Provider.");
}
+ private static boolean isPackageAvailable(String packageName) {
+ try {
+ AppGlobals.getInitialApplication().getPackageManager().getPackageInfo(packageName, 0);
+ return true;
+ } catch (NameNotFoundException e) {
+ return false;
+ }
+ }
+
private static class ProviderAndPackageInfo {
public final WebViewProviderInfo provider;
public final PackageInfo packageInfo;
@@ -644,7 +654,7 @@ class WebViewUpdateServiceImpl implements WebViewUpdateServiceInterface {
*/
private static WebViewProviderInfo getFallbackProvider(WebViewProviderInfo[] webviewPackages) {
for (WebViewProviderInfo provider : webviewPackages) {
- if (provider.isFallback) {
+ if (provider.isFallback && isPackageAvailable(provider.packageName)) {
return provider;
}
}
diff --git a/services/core/java/com/android/server/webkit/WebViewUpdateServiceImpl2.java b/services/core/java/com/android/server/webkit/WebViewUpdateServiceImpl2.java
index 307c15b72..26d1195dc 100644
--- a/services/core/java/com/android/server/webkit/WebViewUpdateServiceImpl2.java
+++ b/services/core/java/com/android/server/webkit/WebViewUpdateServiceImpl2.java
@@ -15,6 +15,7 @@
*/
package com.android.server.webkit;
+import android.app.AppGlobals;
import android.annotation.Nullable;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager.NameNotFoundException;
@@ -112,7 +113,7 @@ class WebViewUpdateServiceImpl2 implements WebViewUpdateServiceInterface {
WebViewProviderInfo defaultProvider = null;
for (WebViewProviderInfo provider : webviewProviders) {
- if (provider.availableByDefault) {
+ if (provider.availableByDefault && isPackageAvailable(provider.packageName)) {
defaultProvider = provider;
break;
}
@@ -182,6 +183,15 @@ class WebViewUpdateServiceImpl2 implements WebViewUpdateServiceInterface {
}
}
+ private static boolean isPackageAvailable(String packageName) {
+ try {
+ AppGlobals.getInitialApplication().getPackageManager().getPackageInfo(packageName, 0);
+ return true;
+ } catch (NameNotFoundException e) {
+ return false;
+ }
+ }
+
private boolean shouldTriggerRepairLocked() {
if (mAttemptedToRepairBefore) {
return false;
@@ -208,12 +218,20 @@ class WebViewUpdateServiceImpl2 implements WebViewUpdateServiceInterface {
}
mAttemptedToRepairBefore = true;
}
- Slog.w(
- TAG,
- "No provider available for all users, trying to install and enable "
- + mDefaultProvider.packageName);
- mSystemInterface.installExistingPackageForAllUsers(mDefaultProvider.packageName);
- mSystemInterface.enablePackageForAllUsers(mDefaultProvider.packageName, true);
+
+ WebViewProviderInfo[] webviewProviders = mSystemInterface.getWebViewPackages();
+ WebViewProviderInfo fallbackProvider = getFallbackProvider(webviewProviders);
+ if (fallbackProvider != null) {
+ Slog.w(TAG, "No valid provider, trying to install and enable "
+ + fallbackProvider.packageName);
+ mSystemInterface.installExistingPackageForAllUsers(fallbackProvider.packageName);
+ mSystemInterface.enablePackageForAllUsers(fallbackProvider.packageName, true);
+ } else {
+ Slog.w(TAG, "No provider available for all users, trying to install and enable "
+ + mDefaultProvider.packageName);
+ mSystemInterface.installExistingPackageForAllUsers(mDefaultProvider.packageName);
+ mSystemInterface.enablePackageForAllUsers(mDefaultProvider.packageName, true);
+ }
}
@Override
@@ -701,7 +719,7 @@ class WebViewUpdateServiceImpl2 implements WebViewUpdateServiceInterface {
*/
private static WebViewProviderInfo getFallbackProvider(WebViewProviderInfo[] webviewPackages) {
for (WebViewProviderInfo provider : webviewPackages) {
- if (provider.isFallback) {
+ if (provider.isFallback && isPackageAvailable(provider.packageName)) {
return provider;
}
}
--
2.44.0

49
frameworks/base/0010-Add-support-for-treating-virtual-biometric-sensors-a.patch Normal file
View file

@ -0,0 +1,49 @@
From 63814a8d4c25c343a7f3d3374ed4f085517fa8d0 Mon Sep 17 00:00:00 2001
From: Peter Cai <peter@typeblog.net>
Date: Sat, 21 Dec 2024 11:04:35 -0500
Subject: [PATCH 10/12] Add support for treating virtual biometric sensors as
real ones
This happens on Unihertz Jelly Max. They forgot to change their sensor
instance name from "virtual" to something else.
Change-Id: I106d41cd078e6b1e354c72ec35fa240a44397c5e
---
.../fingerprint/FingerprintSensorConfigurations.java | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/core/java/android/hardware/fingerprint/FingerprintSensorConfigurations.java b/core/java/android/hardware/fingerprint/FingerprintSensorConfigurations.java
index 48c5887d8..bec56d9a6 100644
--- a/core/java/android/hardware/fingerprint/FingerprintSensorConfigurations.java
+++ b/core/java/android/hardware/fingerprint/FingerprintSensorConfigurations.java
@@ -29,6 +29,7 @@ import android.os.Parcel;
import android.os.Parcelable;
import android.os.RemoteException;
import android.os.ServiceManager;
+import android.os.SystemProperties;
import android.util.Log;
import android.util.Slog;
@@ -172,6 +173,10 @@ public class FingerprintSensorConfigurations implements Parcelable {
* @return real fqName
*/
public static String remapFqName(String fqName) {
+ if (SystemProperties.getBoolean("persist.sys.phh.virtual_sensors_are_real", false)) {
+ return fqName;
+ }
+
if (!fqName.contains(IFingerprint.DESCRIPTOR + "/virtual")) {
return fqName; //no remap needed for real hardware HAL
} else {
@@ -185,7 +190,7 @@ public class FingerprintSensorConfigurations implements Parcelable {
* @return aidl interface
*/
public static IFingerprint getIFingerprint(String fqName) {
- if (fqName.contains("virtual")) {
+ if (fqName.contains("virtual") && !SystemProperties.getBoolean("persist.sys.phh.virtual_sensors_are_real", false)) {
String fqNameMapped = remapFqName(fqName);
Slog.i(TAG, "getIFingerprint fqName is mapped: " + fqName + "->" + fqNameMapped);
try {
--
2.44.0

229
frameworks/base/0011-Allow-signature-spoofing-for-microG-Companion-Servic.patch Normal file
View file

@ -0,0 +1,229 @@
From 73a7c9dcfd0752557d08d0e5972aa1ec9cad766a Mon Sep 17 00:00:00 2001
From: LuK1337 <priv.luk@gmail.com>
Date: Mon, 19 Feb 2024 16:20:04 +0100
Subject: [PATCH 11/12] Allow signature spoofing for microG Companion/Services
This patch enables signature spoofing when the following conditions are
met:
* Build is debuggable (userdebug/eng)
* Package name is com.android.vending or com.google.android.gms
* Package is signed with microG release keys
* Fake signature is correct
Additionally, we let these apps be forceQueryable if they so desire.
Change-Id: I8fc82ed266a2cc59636b662c7ea7e29c94f509b5
---
.../com/android/server/pm/AppsFilterImpl.java | 2 +
.../com/android/server/pm/ComputerEngine.java | 54 +++++++++++++++++++
services/core/jni/Android.bp | 7 +++
.../com_android_server_pm_ComputerEngine.cpp | 38 +++++++++++++
services/core/jni/onload.cpp | 2 +
5 files changed, 103 insertions(+)
create mode 100644 services/core/jni/com_android_server_pm_ComputerEngine.cpp
diff --git a/services/core/java/com/android/server/pm/AppsFilterImpl.java b/services/core/java/com/android/server/pm/AppsFilterImpl.java
index cc4c2b5bf..57263da93 100644
--- a/services/core/java/com/android/server/pm/AppsFilterImpl.java
+++ b/services/core/java/com/android/server/pm/AppsFilterImpl.java
@@ -36,6 +36,7 @@ import static com.android.server.pm.AppsFilterUtils.canQueryAsUpdateOwner;
import static com.android.server.pm.AppsFilterUtils.canQueryViaComponents;
import static com.android.server.pm.AppsFilterUtils.canQueryViaPackage;
import static com.android.server.pm.AppsFilterUtils.canQueryViaUsesLibrary;
+import static com.android.server.pm.ComputerEngine.isMicrogSigned;
import android.annotation.NonNull;
import android.annotation.Nullable;
@@ -599,6 +600,7 @@ public final class AppsFilterImpl extends AppsFilterLocked implements Watchable,
newIsForceQueryable = mForceQueryable.contains(newPkgSetting.getAppId())
/* shared user that is already force queryable */
|| newPkgSetting.isForceQueryableOverride() /* adb override */
+ || (newPkg.isForceQueryable() && isMicrogSigned(newPkg))
|| (newPkgSetting.isSystem() && (mSystemAppsQueryable
|| newPkg.isForceQueryable()
|| ArrayUtils.contains(mForceQueryableByDevicePackageNames,
diff --git a/services/core/java/com/android/server/pm/ComputerEngine.java b/services/core/java/com/android/server/pm/ComputerEngine.java
index 4665a72b0..2f73bb836 100644
--- a/services/core/java/com/android/server/pm/ComputerEngine.java
+++ b/services/core/java/com/android/server/pm/ComputerEngine.java
@@ -102,6 +102,7 @@ import android.content.pm.UserPackage;
import android.content.pm.VersionedPackage;
import android.os.Binder;
import android.os.Build;
+import android.os.Bundle;
import android.os.IBinder;
import android.os.ParcelableException;
import android.os.PatternMatcher;
@@ -174,6 +175,7 @@ import java.util.Collections;
import java.util.Comparator;
import java.util.List;
import java.util.Objects;
+import java.util.Optional;
import java.util.Set;
import java.util.UUID;
@@ -422,6 +424,10 @@ public class ComputerEngine implements Computer {
private final PackageManagerInternal.ExternalSourcesPolicy mExternalSourcesPolicy;
private final CrossProfileIntentResolverEngine mCrossProfileIntentResolverEngine;
+ // Signatures used by microG
+ private static final Signature MICROG_FAKE_SIGNATURE = new Signature("308204433082032ba003020102020900c2e08746644a308d300d06092a864886f70d01010405003074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f6964301e170d3038303832313233313333345a170d3336303130373233313333345a3074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f696430820120300d06092a864886f70d01010105000382010d00308201080282010100ab562e00d83ba208ae0a966f124e29da11f2ab56d08f58e2cca91303e9b754d372f640a71b1dcb130967624e4656a7776a92193db2e5bfb724a91e77188b0e6a47a43b33d9609b77183145ccdf7b2e586674c9e1565b1f4c6a5955bff251a63dabf9c55c27222252e875e4f8154a645f897168c0b1bfc612eabf785769bb34aa7984dc7e2ea2764cae8307d8c17154d7ee5f64a51a44a602c249054157dc02cd5f5c0e55fbef8519fbe327f0b1511692c5a06f19d18385f5c4dbc2d6b93f68cc2979c70e18ab93866b3bd5db8999552a0e3b4c99df58fb918bedc182ba35e003c1b4b10dd244a8ee24fffd333872ab5221985edab0fc0d0b145b6aa192858e79020103a381d93081d6301d0603551d0e04160414c77d8cc2211756259a7fd382df6be398e4d786a53081a60603551d2304819e30819b8014c77d8cc2211756259a7fd382df6be398e4d786a5a178a4763074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f6964820900c2e08746644a308d300c0603551d13040530030101ff300d06092a864886f70d010104050003820101006dd252ceef85302c360aaace939bcff2cca904bb5d7a1661f8ae46b2994204d0ff4a68c7ed1a531ec4595a623ce60763b167297a7ae35712c407f208f0cb109429124d7b106219c084ca3eb3f9ad5fb871ef92269a8be28bf16d44c8d9a08e6cb2f005bb3fe2cb96447e868e731076ad45b33f6009ea19c161e62641aa99271dfd5228c5c587875ddb7f452758d661f6cc0cccb7352e424cc4365c523532f7325137593c4ae341f4db41edda0d0b1071a7c440f0fe9ea01cb627ca674369d084bd2fd911ff06cdbf2cfa10dc0f893ae35762919048c7efc64c7144178342f70581c9de573af55b390dd7fdb9418631895d5f759f30112687ff621410c069308a");
+ private static final Signature MICROG_REAL_SIGNATURE = new Signature("308202ed308201d5a003020102020426ffa009300d06092a864886f70d01010b05003027310b300906035504061302444531183016060355040a130f4e4f47415050532050726f6a656374301e170d3132313030363132303533325a170d3337303933303132303533325a3027310b300906035504061302444531183016060355040a130f4e4f47415050532050726f6a65637430820122300d06092a864886f70d01010105000382010f003082010a02820101009a8d2a5336b0eaaad89ce447828c7753b157459b79e3215dc962ca48f58c2cd7650df67d2dd7bda0880c682791f32b35c504e43e77b43c3e4e541f86e35a8293a54fb46e6b16af54d3a4eda458f1a7c8bc1b7479861ca7043337180e40079d9cdccb7e051ada9b6c88c9ec635541e2ebf0842521c3024c826f6fd6db6fd117c74e859d5af4db04448965ab5469b71ce719939a06ef30580f50febf96c474a7d265bb63f86a822ff7b643de6b76e966a18553c2858416cf3309dd24278374bdd82b4404ef6f7f122cec93859351fc6e5ea947e3ceb9d67374fe970e593e5cd05c905e1d24f5a5484f4aadef766e498adf64f7cf04bddd602ae8137b6eea40722d0203010001a321301f301d0603551d0e04160414110b7aa9ebc840b20399f69a431f4dba6ac42a64300d06092a864886f70d01010b0500038201010007c32ad893349cf86952fb5a49cfdc9b13f5e3c800aece77b2e7e0e9c83e34052f140f357ec7e6f4b432dc1ed542218a14835acd2df2deea7efd3fd5e8f1c34e1fb39ec6a427c6e6f4178b609b369040ac1f8844b789f3694dc640de06e44b247afed11637173f36f5886170fafd74954049858c6096308fc93c1bc4dd5685fa7a1f982a422f2a3b36baa8c9500474cf2af91c39cbec1bc898d10194d368aa5e91f1137ec115087c31962d8f76cd120d28c249cf76f4c70f5baa08c70a7234ce4123be080cee789477401965cfe537b924ef36747e8caca62dfefdd1a6288dcb1c4fd2aaa6131a7ad254e9742022cfd597d2ca5c660ce9e41ff537e5a4041e37");
+
// PackageManagerService attributes that are primitives are referenced through the
// pms object directly. Primitives are the only attributes so referenced.
protected final PackageManagerService mService;
@@ -1481,6 +1487,49 @@ public class ComputerEngine implements Computer {
return result;
}
+ private static native boolean isDebuggable();
+
+ public static boolean isMicrogSigned(AndroidPackage p) {
+ if (!isDebuggable()) {
+ return false;
+ }
+
+ // Allowlist the following apps:
+ // * com.android.vending - microG Companion
+ // * com.google.android.gms - microG Services
+ if (!p.getPackageName().equals("com.android.vending") &&
+ !p.getPackageName().equals("com.google.android.gms")) {
+ return false;
+ }
+
+ return Signature.areExactMatch(
+ p.getSigningDetails(), new Signature[]{MICROG_REAL_SIGNATURE});
+ }
+
+ private static Optional<Signature> generateFakeSignature(AndroidPackage p) {
+ if (!isMicrogSigned(p)) {
+ return Optional.empty();
+ }
+
+ Bundle metadata = p.getMetaData();
+ if (metadata == null) {
+ return Optional.empty();
+ }
+
+ String fakeSignatureStr = metadata.getString("fake-signature");
+ if (TextUtils.isEmpty(fakeSignatureStr)) {
+ return Optional.empty();
+ }
+
+ // Only MICROG_FAKE_SIGNATURE can be faked
+ Signature fakeSignature = new Signature(fakeSignatureStr);
+ if (!fakeSignature.equals(MICROG_FAKE_SIGNATURE)) {
+ return Optional.empty();
+ }
+
+ return Optional.of(fakeSignature);
+ }
+
public final PackageInfo generatePackageInfo(PackageStateInternal ps,
@PackageManager.PackageInfoFlagsBits long flags, int userId) {
if (!mUserManager.exists(userId)) return null;
@@ -1536,6 +1585,11 @@ public class ComputerEngine implements Computer {
mApexManager.getActivePackageNameForApexModuleName(apexModuleName));
}
}
+
+ generateFakeSignature(p).ifPresent(fakeSignature -> {
+ packageInfo.signatures = new Signature[]{fakeSignature};
+ });
+
return packageInfo;
} else if ((flags & (MATCH_UNINSTALLED_PACKAGES | MATCH_ARCHIVED_PACKAGES)) != 0
&& PackageUserStateUtils.isAvailable(state, flags)) {
diff --git a/services/core/jni/Android.bp b/services/core/jni/Android.bp
index a5085fc31..9a1d2bc2b 100644
--- a/services/core/jni/Android.bp
+++ b/services/core/jni/Android.bp
@@ -74,6 +74,7 @@ cc_library_static {
"com_android_server_vibrator_VibratorManagerService.cpp",
"com_android_server_pdb_PersistentDataBlockService.cpp",
"com_android_server_am_LowMemDetector.cpp",
+ "com_android_server_pm_ComputerEngine.cpp",
"com_android_server_pm_PackageManagerShellCommandDataLoader.cpp",
"com_android_server_sensor_SensorService.cpp",
"com_android_server_wm_TaskFpsCallbackController.cpp",
@@ -97,6 +98,12 @@ cc_library_static {
header_libs: [
"bionic_libc_platform_headers",
],
+
+ product_variables: {
+ debuggable: {
+ cflags: ["-DANDROID_DEBUGGABLE"],
+ }
+ },
}
cc_defaults {
diff --git a/services/core/jni/com_android_server_pm_ComputerEngine.cpp b/services/core/jni/com_android_server_pm_ComputerEngine.cpp
new file mode 100644
index 000000000..bbe298097
--- /dev/null
+++ b/services/core/jni/com_android_server_pm_ComputerEngine.cpp
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2024 The LineageOS Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <nativehelper/JNIHelp.h>
+
+namespace android {
+
+static bool isDebuggable(JNIEnv* env) {
+#ifdef ANDROID_DEBUGGABLE
+ return true;
+#else
+ return false;
+#endif
+}
+
+static const JNINativeMethod method_table[] = {
+ {"isDebuggable", "()Z", (void*)isDebuggable},
+};
+
+int register_android_server_com_android_server_pm_ComputerEngine(JNIEnv* env) {
+ return jniRegisterNativeMethods(env, "com/android/server/pm/ComputerEngine",
+ method_table, NELEM(method_table));
+}
+
+} // namespace android
diff --git a/services/core/jni/onload.cpp b/services/core/jni/onload.cpp
index 3c55d1824..5fac851d9 100644
--- a/services/core/jni/onload.cpp
+++ b/services/core/jni/onload.cpp
@@ -59,6 +59,7 @@ int register_android_server_am_LowMemDetector(JNIEnv* env);
int register_android_server_utils_AnrTimer(JNIEnv *env);
int register_com_android_server_soundtrigger_middleware_AudioSessionProviderImpl(JNIEnv* env);
int register_com_android_server_soundtrigger_middleware_ExternalCaptureStateTracker(JNIEnv* env);
+int register_android_server_com_android_server_pm_ComputerEngine(JNIEnv* env);
int register_android_server_com_android_server_pm_PackageManagerShellCommandDataLoader(JNIEnv* env);
int register_android_server_AdbDebuggingManager(JNIEnv* env);
int register_android_server_FaceService(JNIEnv* env);
@@ -124,6 +125,7 @@ extern "C" jint JNI_OnLoad(JavaVM* vm, void* /* reserved */)
register_android_server_utils_AnrTimer(env);
register_com_android_server_soundtrigger_middleware_AudioSessionProviderImpl(env);
register_com_android_server_soundtrigger_middleware_ExternalCaptureStateTracker(env);
+ register_android_server_com_android_server_pm_ComputerEngine(env);
register_android_server_com_android_server_pm_PackageManagerShellCommandDataLoader(env);
register_android_server_AdbDebuggingManager(env);
register_android_server_FaceService(env);
--
2.44.0

49
frameworks/base/0012-Allow-spoofing-signingInfo-for-microG-Companion-Serv.patch Normal file
View file

@ -0,0 +1,49 @@
From 125054a90b153342a08cebf025e8752fe0113b36 Mon Sep 17 00:00:00 2001
From: Jonathan Klee <jonathan.klee@e.email>
Date: Thu, 12 Dec 2024 15:27:57 +0100
Subject: [PATCH 12/12] Allow spoofing signingInfo for microG
Companion/Services
- Spoof PackageInfo signingInfo + signatures so that
G suite apps do not complain anymore.
Change-Id: I86f182c9e1d18b0e997803842577a90ef740cfd1
Signed-off-by: althafvly <althafvly@gmail.com>
---
.../java/com/android/server/pm/ComputerEngine.java | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/services/core/java/com/android/server/pm/ComputerEngine.java b/services/core/java/com/android/server/pm/ComputerEngine.java
index 2f73bb836..4cf099aed 100644
--- a/services/core/java/com/android/server/pm/ComputerEngine.java
+++ b/services/core/java/com/android/server/pm/ComputerEngine.java
@@ -168,6 +168,7 @@ import java.io.FileOutputStream;
import java.io.IOException;
import java.io.PrintWriter;
import java.nio.charset.StandardCharsets;
+import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
@@ -1588,6 +1589,18 @@ public class ComputerEngine implements Computer {
generateFakeSignature(p).ifPresent(fakeSignature -> {
packageInfo.signatures = new Signature[]{fakeSignature};
+ try {
+ packageInfo.signingInfo = new SigningInfo(
+ new SigningDetails(
+ packageInfo.signatures,
+ SigningDetails.SignatureSchemeVersion.SIGNING_BLOCK_V3,
+ SigningDetails.toSigningKeys(packageInfo.signatures),
+ null
+ )
+ );
+ } catch (CertificateException e) {
+ Slog.e(TAG, "Caught an exception when creating signing keys: ", e);
+ }
});
return packageInfo;
--
2.44.0