upd patches

fix-always-enable-taskbar-toggle.patch

@@ -1,33 +1,45 @@
-From 097c997bb711427bb8dd111b63ec8f5fb5cc3382 Mon Sep 17 00:00:00 2001
+From 1b45884632a10093d455eb6aa09ebda35a0919f0 Mon Sep 17 00:00:00 2001
 From: nyyu <mail@nyyu.dev>
 Date: Sun, 18 Sep 2022 11:44:26 +0200
 Subject: [PATCH] fix: always enable taskbar toggle
 
 Change-Id: I247db667bec92fabcdbe7bd84946e79bae7e0bb6
 ---
- src/org/lineageos/lineageparts/input/ButtonSettings.java | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
+ .../lineageparts/input/ButtonSettings.java      | 17 ++++++++---------
+ 1 file changed, 8 insertions(+), 9 deletions(-)
 
 diff --git a/src/org/lineageos/lineageparts/input/ButtonSettings.java b/src/org/lineageos/lineageparts/input/ButtonSettings.java
-index a6fa54f..d73c2e1 100644
+index a6fa54f..4e326d3 100644
 --- a/src/org/lineageos/lineageparts/input/ButtonSettings.java
 +++ b/src/org/lineageos/lineageparts/input/ButtonSettings.java
-@@ -476,7 +476,7 @@ public class ButtonSettings extends SettingsPreferenceFragment
+@@ -475,15 +475,11 @@ public class ButtonSettings extends SettingsPreferenceFragment
+
          mEnableTaskbar = findPreference(KEY_ENABLE_TASKBAR);
          if (mEnableTaskbar != null) {
-             if (!isTablet(getContext()) || !hasNavigationBar()) {
+-            if (!isTablet(getContext()) || !hasNavigationBar()) {
 -                mNavigationPreferencesCat.removePreference(mEnableTaskbar);
-+                //mNavigationPreferencesCat.removePreference(mEnableTaskbar);
-             } else {
-                 mEnableTaskbar.setOnPreferenceChangeListener(this);
-                 mEnableTaskbar.setChecked(LineageSettings.System.getInt(resolver,
-@@ -867,6 +867,7 @@ public class ButtonSettings extends SettingsPreferenceFragment
+-            } else {
+-                mEnableTaskbar.setOnPreferenceChangeListener(this);
+-                mEnableTaskbar.setChecked(LineageSettings.System.getInt(resolver,
+-                        LineageSettings.System.ENABLE_TASKBAR,
+-                        isTablet(getContext()) ? 1 : 0) == 1);
+-                toggleTaskBarDependencies(mEnableTaskbar.isChecked());
+-            }
++            mEnableTaskbar.setOnPreferenceChangeListener(this);
++            mEnableTaskbar.setChecked(LineageSettings.System.getInt(resolver,
++                LineageSettings.System.ENABLE_TASKBAR,
++                isTablet(getContext()) ? 1 : 0) == 1);
++            toggleTaskBarDependencies(mEnableTaskbar.isChecked());
+         }
+
+         List<Integer> unsupportedValues = new ArrayList<>();
+@@ -867,6 +863,9 @@ public class ButtonSettings extends SettingsPreferenceFragment
              return true;
          } else if (preference == mDisableNavigationKeys) {
              mDisableNavigationKeys.setEnabled(false);
 +            mEnableTaskbar.setChecked(false);
++            LineageSettings.System.putInt(getContentResolver(),
++                LineageSettings.System.ENABLE_TASKBAR, 0);
              mNavigationPreferencesCat.setEnabled(false);
              if (!mDisableNavigationKeys.isChecked()) {
                  setButtonNavigationMode(NAV_BAR_MODE_3BUTTON_OVERLAY);
---
-2.39.0

fix-bt-le.patch

@@ -85,6 +85,3 @@ index 76f6c6f62c..4d7f10312c 100644
    CHECK(p_vcs_cplt_params->param_len > 0);
  
    const uint8_t* p = p_vcs_cplt_params->p_param_buf;
--- 
-2.37.3
-

fix-enable-more-grids-for-tablet.patch

@@ -57,5 +57,3 @@ index 8105afaa24..eef99d49bb 100644
 
          <display-option
              launcher:name="Large Phone"
---
-2.38.1

fix-rear-camera-rotation.patch

@@ -20,5 +20,3 @@ index af3c492762..8967bfca77 100644
                  break;
              default:
                  ALOGE("%s: Invalid HAL android.sensor.orientation value: %d",
---
-2.38.1

fix-trebuchet-taskbar.patch

@@ -1,26 +1,40 @@
-From 62d44fa0a9b5d4a9d379bdbba6270a36433f5920 Mon Sep 17 00:00:00 2001
+From 6fde482e5b5d0dd0adc7617c334f0bb0c0482c7d Mon Sep 17 00:00:00 2001
 From: nyyu <mail@nyyu.dev>
 Date: Fri, 23 Dec 2022 19:20:55 +0100
 Subject: [PATCH] fix: trebuchet taskbar
 
 Change-Id: I566e6a3cf799cdd8ee5d4f07221b9d6bb80d41cb
 ---
- .../src/com/android/launcher3/taskbar/TaskbarManager.java      | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
+ src/com/android/launcher3/util/SettingsCache.java | 5 +++++
+ 1 file changed, 5 insertions(+)
 
-diff --git a/quickstep/src/com/android/launcher3/taskbar/TaskbarManager.java b/quickstep/src/com/android/launcher3/taskbar/TaskbarManager.java
-index e7d102d5c3..ef0f12eae4 100644
---- a/quickstep/src/com/android/launcher3/taskbar/TaskbarManager.java
-+++ b/quickstep/src/com/android/launcher3/taskbar/TaskbarManager.java
-@@ -133,8 +133,7 @@ public class TaskbarManager {
-                     LineageSettings.System.ENABLE_TASKBAR, 0) == 1;
-             SystemUiProxy.INSTANCE.get(mContext).setTaskbarEnabled(enabled);
+diff --git a/src/com/android/launcher3/util/SettingsCache.java b/src/com/android/launcher3/util/SettingsCache.java
+index 0c5b7225d3..0a8a0bdf09 100644
+--- a/src/com/android/launcher3/util/SettingsCache.java
++++ b/src/com/android/launcher3/util/SettingsCache.java
+@@ -33,6 +33,8 @@ import java.util.Map;
+ import java.util.concurrent.ConcurrentHashMap;
+ import java.util.concurrent.CopyOnWriteArrayList;
 
--            // Restart launcher
--            System.exit(0);
-+            recreateTaskbar();
-         };
-         // TODO(b/227669780): Consolidate this w/ DisplayController callbacks
-         mComponentCallbacks = new ComponentCallbacks() {
---
-2.39.0
++import lineageos.providers.LineageSettings;
++
+ /**
+  * ContentObserver over Settings keys that also has a caching layer.
+  * Consumers can register for callbacks via {@link #register(Uri, OnChangeListener)} and
+@@ -61,6 +63,7 @@ public class SettingsCache extends ContentObserver implements SafeCloseable {
+             Settings.System.getUriFor(ACCELEROMETER_ROTATION);
+
+     private static final String SYSTEM_URI_PREFIX = Settings.System.CONTENT_URI.toString();
++    private static final String LINEAGE_URI_PREFIX = LineageSettings.System.CONTENT_URI.toString();
+
+     /**
+      * Caches the last seen value for registered keys.
+@@ -139,6 +142,8 @@ public class SettingsCache extends ContentObserver implements SafeCloseable {
+         boolean newVal;
+         if (keyUri.toString().startsWith(SYSTEM_URI_PREFIX)) {
+             newVal = Settings.System.getInt(mResolver, key, defaultValue) == 1;
++        } else if (keyUri.toString().startsWith(LINEAGE_URI_PREFIX)) {
++            newVal = LineageSettings.System.getInt(mResolver, key, defaultValue) == 1;
+         } else { // SETTING_SECURE
+             newVal = Settings.Secure.getInt(mResolver, key, defaultValue) == 1;
+         }

snet20-1.patch

@@ -0,0 +1,83 @@
+From c9a37a5a5a9e63fda74f6fcf45bc9f164957f295 Mon Sep 17 00:00:00 2001
+From: Danny Lin <danny@kdrag0n.dev>
+Date: Wed, 7 Oct 2020 00:24:54 -0700
+Subject: [PATCH] init: Set properties to make SafetyNet pass
+
+Google's SafetyNet integrity checks will check the values of these
+properties when performing basic attestation. Setting fake values helps
+us pass basic SafetyNet with no Magisk Hide or kernel patches necessary.
+
+Note that these properties need to be set very early, before parsing the
+kernel command-line, as they are read-only properties that the bootloader
+sets using androidboot kernel arguments. The bootloader's real values
+cause SafetyNet to fail with an unlocked bootloader and/or custom
+software because the verified boot chain is broken in that case.
+
+Change-Id: I66d23fd91d82906b00d5eb020668f01ae83ec31f
+
+fastboot: Revert to Android 11 method of checking lock status
+
+Now that we're setting system-wide properties for SafetyNet, which
+includes ro.boot.verifiedbootstate=green, fastbootd always detects the
+bootloader as being locked. Revert to the Android 11 method of reading
+directly from the kernel cmdline to work arround the issue.
+
+- Also don't set these in recovery
+
+Change-Id: I57f6d48acddb29748778053edf354d7bd8994bd7
+---
+ fastboot/device/utility.cpp |  7 ++++++-
+ init/property_service.cpp   | 15 +++++++++++++++
+ 2 files changed, 21 insertions(+), 1 deletion(-)
+
+diff --git a/fastboot/device/utility.cpp b/fastboot/device/utility.cpp
+index 3302c4310c9..a14eea37662 100644
+--- a/fastboot/device/utility.cpp
++++ b/fastboot/device/utility.cpp
+@@ -196,7 +196,12 @@ std::vector<std::string> ListPartitions(FastbootDevice* device) {
+ }
+ 
+ bool GetDeviceLockStatus() {
+-    return android::base::GetProperty("ro.boot.verifiedbootstate", "") != "orange";
++    std::string cmdline;
++    // Return lock status true if unable to read kernel command line.
++    if (!android::base::ReadFileToString("/proc/cmdline", &cmdline)) {
++        return true;
++    }
++    return cmdline.find("androidboot.verifiedbootstate=orange") == std::string::npos;
+ }
+ 
+ bool UpdateAllPartitionMetadata(FastbootDevice* device, const std::string& super_name,
+diff --git a/init/property_service.cpp b/init/property_service.cpp
+index 9f7c21543e9..d1e802cca19 100644
+--- a/init/property_service.cpp
++++ b/init/property_service.cpp
+@@ -1282,6 +1282,13 @@ static void ProcessBootconfig() {
+     });
+ }
+ 
++static void SetSafetyNetProps() {
++    InitPropertySet("ro.boot.flash.locked", "1");
++    InitPropertySet("ro.boot.verifiedbootstate", "green");
++    InitPropertySet("ro.boot.veritymode", "enforcing");
++    InitPropertySet("ro.boot.vbmeta.device_state", "locked");
++}
++
+ void PropertyInit() {
+     selinux_callback cb;
+     cb.func_audit = PropertyAuditCallback;
+@@ -1296,6 +1303,14 @@ void PropertyInit() {
+         LOG(FATAL) << "Failed to load serialized property info file";
+     }
+ 
++    // Report a valid verified boot chain to make Google SafetyNet integrity
++    // checks pass. This needs to be done before parsing the kernel cmdline as
++    // these properties are read-only and will be set to invalid values with
++    // androidboot cmdline arguments.
++    if (!IsRecoveryMode()) {
++      SetSafetyNetProps();
++    }
++
+     // If arguments are passed both on the command line and in DT,
+     // properties set in DT always have priority over the command-line ones.
+     ProcessKernelDt();

snet20-2.patch

@@ -0,0 +1,138 @@
+From 3db46053ca0547c175fa591075a67b8d76c4b906 Mon Sep 17 00:00:00 2001
+From: Danny Lin <danny@kdrag0n.dev>
+Date: Mon, 11 Oct 2021 19:59:51 -0700
+Subject: [PATCH] Alter model name to avoid SafetyNet HW attestation
+ enforcement
+
+As of September 2, Google is enforcing SafetyNet's previously
+opportunistic hardware-backed attestation based on device information.
+Append a space to the device model name in order to avoid such
+enforcement.
+
+Also contains:
+	Spoof build fingerprint for Google Play Services
+
+	SafetyNet's CTS profile attestation checks whether Build.FINGERPRINT
+	matches that of the device's stock OS, which has passed CTS testing.
+	Spoof the fingerprint for Google Play Services to help pass SafetyNet.
+
+	We used to set the real system build fingerprint to the stock one, but
+	Android relies on each build having a unique fingerprint in order to
+	clear the correct caches and update persistent state for system changes.
+	On devices that no longer receive updates from the OEM, the build
+	fingerprint never changes and Android doesn't account for updates
+	correctly, which causes issues when updating without wiping data.
+	Only spoofing the fingerprint for Google Play Services fixes this issue.
+
+	Corresponding vendor commit:
+	"Only use stock build fingerprint for Google Play Services"
+
+	NB: This code is under the gmscompat package, but it does not depend on
+	any code from gmscompat.
+
+	Change-Id: I26a2498eb2e2163933303b03f6d516e5fb30fe51
+
+* We don't need to spoof the fingerprint here since we do it globally, but we
+  use the Build field spoofing code it added for model
+
+Change-Id: Ib7779e0aae40cab3730a56785e9231896917ab0a
+---
+ core/java/android/app/Instrumentation.java    |  4 ++
+ .../internal/gmscompat/AttestationHooks.java  | 59 +++++++++++++++++++
+ 2 files changed, 63 insertions(+)
+ create mode 100644 core/java/com/android/internal/gmscompat/AttestationHooks.java
+
+diff --git a/core/java/android/app/Instrumentation.java b/core/java/android/app/Instrumentation.java
+index 8984c4292023..58258acaef97 100644
+--- a/core/java/android/app/Instrumentation.java
++++ b/core/java/android/app/Instrumentation.java
+@@ -57,6 +57,8 @@
+ 
+ import com.android.internal.content.ReferrerIntent;
+ 
++import com.android.internal.gmscompat.AttestationHooks;
++
+ import java.io.File;
+ import java.lang.annotation.Retention;
+ import java.lang.annotation.RetentionPolicy;
+@@ -1231,6 +1233,7 @@ public Application newApplication(ClassLoader cl, String className, Context cont
+         Application app = getFactory(context.getPackageName())
+                 .instantiateApplication(cl, className);
+         app.attach(context);
++        AttestationHooks.initApplicationBeforeOnCreate(app);
+         return app;
+     }
+     
+@@ -1248,6 +1251,7 @@ static public Application newApplication(Class<?> clazz, Context context)
+             ClassNotFoundException {
+         Application app = (Application)clazz.newInstance();
+         app.attach(context);
++        AttestationHooks.initApplicationBeforeOnCreate(app);
+         return app;
+     }
+ 
+diff --git a/core/java/com/android/internal/gmscompat/AttestationHooks.java b/core/java/com/android/internal/gmscompat/AttestationHooks.java
+new file mode 100644
+index 000000000000..621156eb84b9
+--- /dev/null
++++ b/core/java/com/android/internal/gmscompat/AttestationHooks.java
+@@ -0,0 +1,59 @@
++/*
++ * Copyright (C) 2021 The Android Open Source Project
++ *
++ * Licensed under the Apache License, Version 2.0 (the "License");
++ * you may not use this file except in compliance with the License.
++ * You may obtain a copy of the License at
++ *
++ *      http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ */
++
++package com.android.internal.gmscompat;
++
++import android.app.Application;
++import android.os.Build;
++import android.os.SystemProperties;
++import android.util.Log;
++
++import java.lang.reflect.Field;
++
++/** @hide */
++public final class AttestationHooks {
++    private static final String TAG = "GmsCompat/Attestation";
++    private static final String PACKAGE_GMS = "com.google.android.gms";
++
++    private AttestationHooks() { }
++
++    private static void setBuildField(String key, String value) {
++        try {
++            // Unlock
++            Field field = Build.class.getDeclaredField(key);
++            field.setAccessible(true);
++
++            // Edit
++            field.set(null, value);
++
++            // Lock
++            field.setAccessible(false);
++        } catch (NoSuchFieldException | IllegalAccessException e) {
++            Log.e(TAG, "Failed to spoof Build." + key, e);
++        }
++    }
++
++    private static void spoofBuildGms() {
++        // Alter model name to avoid hardware attestation enforcement
++        setBuildField("MODEL", Build.MODEL + " ");
++    }
++
++    public static void initApplicationBeforeOnCreate(Application app) {
++        if (PACKAGE_GMS.equals(app.getPackageName())) {
++            spoofBuildGms();
++        }
++    }
++}

snet20-3.patch

@@ -0,0 +1,91 @@
+From ae57183500bb34032ec426fcae2b9a14e028ce12 Mon Sep 17 00:00:00 2001
+From: Danny Lin <danny@kdrag0n.dev>
+Date: Mon, 11 Oct 2021 20:00:44 -0700
+Subject: [PATCH] keystore: Block key attestation for SafetyNet
+
+SafetyNet (part of Google Play Services) opportunistically uses
+hardware-backed key attestation via KeyStore as a strong integrity
+check. This causes SafetyNet to fail on custom ROMs because the verified
+boot key and bootloader unlock state can be detected from attestation
+certificates.
+
+As a workaround, we can take advantage of the fact that SafetyNet's
+usage of key attestation is opportunistic (i.e. falls back to basic
+integrity checks if it fails) and prevent it from getting the
+attestation certificate chain from KeyStore. This is done by checking
+the stack for DroidGuard, which is the codename for SafetyNet, and
+pretending that the device doesn't support key attestation.
+
+Key attestation has only been blocked for SafetyNet specifically, as
+Google Play Services and other apps have many valid reasons to use it.
+For example, it appears to be involved in Google's mobile security key
+ferature.
+
+Change-Id: I5146439d47f42dc6231cb45c4dab9f61540056f6
+---
+ .../internal/gmscompat/AttestationHooks.java     | 16 ++++++++++++++++
+ .../security/keystore2/AndroidKeyStoreSpi.java   |  3 +++
+ 2 files changed, 19 insertions(+)
+
+diff --git a/core/java/com/android/internal/gmscompat/AttestationHooks.java b/core/java/com/android/internal/gmscompat/AttestationHooks.java
+index 621156eb84b9..fe12dfe02a9f 100644
+--- a/core/java/com/android/internal/gmscompat/AttestationHooks.java
++++ b/core/java/com/android/internal/gmscompat/AttestationHooks.java
+@@ -22,12 +22,15 @@
+ import android.util.Log;
+ 
+ import java.lang.reflect.Field;
++import java.util.Arrays;
+ 
+ /** @hide */
+ public final class AttestationHooks {
+     private static final String TAG = "GmsCompat/Attestation";
+     private static final String PACKAGE_GMS = "com.google.android.gms";
+ 
++    private static volatile boolean sIsGms = false;
++
+     private AttestationHooks() { }
+ 
+     private static void setBuildField(String key, String value) {
+@@ -53,7 +56,20 @@ private static void spoofBuildGms() {
+ 
+     public static void initApplicationBeforeOnCreate(Application app) {
+         if (PACKAGE_GMS.equals(app.getPackageName())) {
++            sIsGms = true;
+             spoofBuildGms();
+         }
+     }
++
++    private static boolean isCallerSafetyNet() {
++        return Arrays.stream(Thread.currentThread().getStackTrace())
++                .anyMatch(elem -> elem.getClassName().contains("DroidGuard"));
++    }
++
++    public static void onEngineGetCertificateChain() {
++        // Check stack for SafetyNet
++        if (sIsGms && isCallerSafetyNet()) {
++            throw new UnsupportedOperationException();
++        }
++    }
+ }
+diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java
+index 33411e1ec5b9..133a4094d434 100644
+--- a/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java
++++ b/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java
+@@ -42,6 +42,7 @@
+ import android.util.Log;
+ 
+ import com.android.internal.annotations.VisibleForTesting;
++import com.android.internal.gmscompat.AttestationHooks;
+ 
+ import java.io.ByteArrayInputStream;
+ import java.io.IOException;
+@@ -164,6 +165,8 @@ private KeyEntryResponse getKeyMetadata(String alias) {
+ 
+     @Override
+     public Certificate[] engineGetCertificateChain(String alias) {
++        AttestationHooks.onEngineGetCertificateChain();
++
+         KeyEntryResponse response = getKeyMetadata(alias);
+ 
+         if (response == null || response.metadata.certificate == null) {

sync.sh

@@ -38,8 +38,6 @@ done
 echo -e "\n" >>"${changelog}"
 cat "${changelog}"
 
-. build/envsetup.sh
-
 cd packages/apps/LineageParts
 git am $CI_WORKSPACE/fix-always-enable-taskbar-toggle.patch || git am --abort
 cd $TOPDIR
@@ -67,5 +65,15 @@ git am $CI_WORKSPACE/fix-rear-camera-rotation.patch || git am --abort
 cd $TOPDIR
 
 #safetynet
-repopick -f 334348 -P system/core
-repopick -f 334343 334344 -P frameworks/base
+cd system/core
+#334348
+git am $CI_WORKSPACE/snet20-1.patch || git am --abort
+cd $TOPDIR
+cd frameworks/base
+#334343 334344
+git am $CI_WORKSPACE/snet20-2.patch || git am --abort
+git am $CI_WORKSPACE/snet20-3.patch || git am --abort
+cd $TOPDIR
+
+#. build/envsetup.sh
+#repopick