From 46518ac063b52bbead4738101af378fcd7634e34 Mon Sep 17 00:00:00 2001
From: nyyu <mail@nyyu.dev>
Date: Mon, 9 Jan 2023 21:44:06 +0100
Subject: [PATCH] fix: patch microg

---
 microg.patch | 141 +++++++++++++++++++++++++++++++++++++++++++++++++++
 sync.sh      |   1 +
 2 files changed, 142 insertions(+)
 create mode 100644 microg.patch

diff --git a/microg.patch b/microg.patch
new file mode 100644
index 0000000..9b8f845
--- /dev/null
+++ b/microg.patch
@@ -0,0 +1,141 @@
+From 437d7b1ee54df480d212ca97ddc3b8acd2944966 Mon Sep 17 00:00:00 2001
+From: maxwen <max.weninger@gmail.com>
+Date: Tue, 25 Sep 2018 09:44:26 +0200
+Subject: [PATCH] base: use better solution for MicroG FAKE_PACKAGE_SIGNATURE
+
+make it a privileged permission instead of a runtime one
+to add extra safety dont trust the signature coming from the
+package but limit to the microg signature and only allow
+from FakeStore and GmsCore package names
+
+https://github.com/microg/GmsCore/blob/master/play-services-core/src/main/res/values/signature.xml
+
+thanks for the inspiration from Chirayu Desai <chirayudesai1@gmail.com>
+
+Reference:
+https://gitlab.com/CalyxOS/platform_frameworks_base/-/commit/ba8cff41aaaafec0982f29dcb1869c1ea61a6cb4
+
+Only diff is that we keep original permission name so we can
+continue to use upstream prebuilt microg for now
+
+Change-Id: I394990d89ab427b94b04db7ca7e06206a476965b
+---
+ core/res/AndroidManifest.xml                  |  5 +++
+ core/res/res/values/custom_strings.xml        | 22 +++++++++++
+ .../com/android/server/pm/ComputerEngine.java | 37 ++++++++++++++++++-
+ 3 files changed, 62 insertions(+), 2 deletions(-)
+ create mode 100644 core/res/res/values/custom_strings.xml
+
+diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
+index 7439b2f0921ff..9b89297348992 100644
+--- a/core/res/AndroidManifest.xml
++++ b/core/res/AndroidManifest.xml
+@@ -3534,6 +3534,11 @@
+         android:description="@string/permdesc_getPackageSize"
+         android:protectionLevel="normal" />
+ 
++    <!-- @hide Allows an application to change the package signature as
++	 seen by applications -->
++    <permission android:name="android.permission.FAKE_PACKAGE_SIGNATURE"
++        android:protectionLevel="signature|privileged" />
++
+     <!-- @deprecated No longer useful, see
+          {@link android.content.pm.PackageManager#addPackageToPreferred}
+          for details. -->
+diff --git a/core/res/res/values/custom_strings.xml b/core/res/res/values/custom_strings.xml
+new file mode 100644
+index 0000000000000..aa2d50b869fec
+--- /dev/null
++++ b/core/res/res/values/custom_strings.xml
+@@ -0,0 +1,22 @@
++<?xml version="1.0" encoding="utf-8"?>
++<!--
++/* //device/apps/common/assets/res/any/strings.xml
++**
++** Copyright 2006, The Android Open Source Project
++**
++** Licensed under the Apache License, Version 2.0 (the "License");
++** you may not use this file except in compliance with the License.
++** You may obtain a copy of the License at
++**
++**     http://www.apache.org/licenses/LICENSE-2.0
++**
++** Unless required by applicable law or agreed to in writing, software
++** distributed under the License is distributed on an "AS IS" BASIS,
++** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++** See the License for the specific language governing permissions and
++** limitations under the License.
++*/
++-->
++<resources xmlns:xliff="urn:oasis:names:tc:xliff:document:1.2">
++
++</resources>
+diff --git a/services/core/java/com/android/server/pm/ComputerEngine.java b/services/core/java/com/android/server/pm/ComputerEngine.java
+index 259ca655d2b9f..d029fbf30d37a 100644
+--- a/services/core/java/com/android/server/pm/ComputerEngine.java
++++ b/services/core/java/com/android/server/pm/ComputerEngine.java
+@@ -426,6 +426,15 @@ protected ApplicationInfo androidApplication() {
+         return mLocalAndroidApplication;
+     }
+ 
++    /**
++     * The Google signature faked by microG.
++     */
++    private static final String MICROG_FAKE_SIGNATURE = "308204433082032ba003020102020900c2e08746644a308d300d06092a864886f70d01010405003074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f6964301e170d3038303832313233313333345a170d3336303130373233313333345a3074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f696430820120300d06092a864886f70d01010105000382010d00308201080282010100ab562e00d83ba208ae0a966f124e29da11f2ab56d08f58e2cca91303e9b754d372f640a71b1dcb130967624e4656a7776a92193db2e5bfb724a91e77188b0e6a47a43b33d9609b77183145ccdf7b2e586674c9e1565b1f4c6a5955bff251a63dabf9c55c27222252e875e4f8154a645f897168c0b1bfc612eabf785769bb34aa7984dc7e2ea2764cae8307d8c17154d7ee5f64a51a44a602c249054157dc02cd5f5c0e55fbef8519fbe327f0b1511692c5a06f19d18385f5c4dbc2d6b93f68cc2979c70e18ab93866b3bd5db8999552a0e3b4c99df58fb918bedc182ba35e003c1b4b10dd244a8ee24fffd333872ab5221985edab0fc0d0b145b6aa192858e79020103a381d93081d6301d0603551d0e04160414c77d8cc2211756259a7fd382df6be398e4d786a53081a60603551d2304819e30819b8014c77d8cc2211756259a7fd382df6be398e4d786a5a178a4763074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f6964820900c2e08746644a308d300c0603551d13040530030101ff300d06092a864886f70d010104050003820101006dd252ceef85302c360aaace939bcff2cca904bb5d7a1661f8ae46b2994204d0ff4a68c7ed1a531ec4595a623ce60763b167297a7ae35712c407f208f0cb109429124d7b106219c084ca3eb3f9ad5fb871ef92269a8be28bf16d44c8d9a08e6cb2f005bb3fe2cb96447e868e731076ad45b33f6009ea19c161e62641aa99271dfd5228c5c587875ddb7f452758d661f6cc0cccb7352e424cc4365c523532f7325137593c4ae341f4db41edda0d0b1071a7c440f0fe9ea01cb627ca674369d084bd2fd911ff06cdbf2cfa10dc0f893ae35762919048c7efc64c7144178342f70581c9de573af55b390dd7fdb9418631895d5f759f30112687ff621410c069308a";
++    /**
++     * List of packages which require signature spoofing.
++     */
++    private static final List<String> MICROG_FAKE_SIGNATURE_PACKAGES = List.of("com.google.android.gms", "com.android.vending");
++
+     ComputerEngine(PackageManagerService.Snapshot args, int version) {
+         mVersion = version;
+         mSettings = new Settings(args.settings);
+@@ -1619,15 +1628,26 @@ public final PackageInfo generatePackageInfo(PackageStateInternal ps,
+             // Compute GIDs only if requested
+             final int[] gids = (flags & PackageManager.GET_GIDS) == 0 ? EMPTY_INT_ARRAY
+                     : mPermissionManager.getGidsForUid(UserHandle.getUid(userId, ps.getAppId()));
++
++            // Allow microG GmsCore and FakeStore to spoof signature
++            final boolean isMicroG = MICROG_FAKE_SIGNATURE_PACKAGES.contains(p.getPackageName());
++
+             // Compute granted permissions only if package has requested permissions
+-            final Set<String> permissions = ((flags & PackageManager.GET_PERMISSIONS) == 0
+-                    || ArrayUtils.isEmpty(p.getRequestedPermissions())) ? Collections.emptySet()
++            // or we matched a microg package
++            final Set<String> permissions = (((flags & PackageManager.GET_PERMISSIONS) == 0
++                    || ArrayUtils.isEmpty(p.getRequestedPermissions()))
++                    && !isMicroG)
++                    ? Collections.emptySet()
+                     : mPermissionManager.getGrantedPermissions(ps.getPackageName(), userId);
+ 
+             PackageInfo packageInfo = PackageInfoUtils.generate(p, gids, flags,
+                     state.getFirstInstallTime(), ps.getLastUpdateTime(), permissions, state, userId,
+                     ps);
+ 
++            if (isMicroG) {
++                packageInfo = mayFakeSignature(p, packageInfo, permissions);
++            }
++
+             if (packageInfo == null) {
+                 return null;
+             }
+@@ -1667,6 +1687,19 @@ public final PackageInfo generatePackageInfo(PackageStateInternal ps,
+         }
+     }
+ 
++    private PackageInfo mayFakeSignature(AndroidPackage p, PackageInfo pi,
++            Set<String> permissions) {
++        try {
++            if (permissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE")) {
++                pi.signatures = new Signature[] {new Signature(MICROG_FAKE_SIGNATURE)};
++            }
++        } catch (Throwable t) {
++            // We should never die because of any failures, this is system code!
++            Log.w("PackageManagerService.FAKE_PACKAGE_SIGNATURE", t);
++        }
++        return pi;
++    }
++
+     public final PackageInfo getPackageInfo(String packageName,
+             @PackageManager.PackageInfoFlagsBits long flags, int userId) {
+         return getPackageInfoInternal(packageName, PackageManager.VERSION_CODE_HIGHEST,
diff --git a/sync.sh b/sync.sh
index 58b7331..06654c5 100644
--- a/sync.sh
+++ b/sync.sh
@@ -83,6 +83,7 @@ cd frameworks/base
 #334343 334344
 git am $CI_WORKSPACE/snet20-2.patch || git am --abort
 git am $CI_WORKSPACE/snet20-3.patch || git am --abort
+git am $CI_WORKSPACE/microg.patch || git am --abort
 cd $TOPDIR
 
 #. build/envsetup.sh