From 9eb9627de2a0e1652f1a435b06137ad086c002e5 Mon Sep 17 00:00:00 2001 From: nyyu Date: Sun, 25 Dec 2022 20:51:09 +0100 Subject: [PATCH] upd patches --- fix-always-enable-taskbar-toggle.patch | 38 ++++--- fix-bt-le.patch | 3 - fix-enable-more-grids-for-tablet.patch | 2 - fix-rear-camera-rotation.patch | 2 - fix-trebuchet-taskbar.patch | 50 +++++---- snet20-1.patch | 83 +++++++++++++++ snet20-2.patch | 138 +++++++++++++++++++++++++ snet20-3.patch | 91 ++++++++++++++++ sync.sh | 16 ++- 9 files changed, 381 insertions(+), 42 deletions(-) create mode 100644 snet20-1.patch create mode 100644 snet20-2.patch create mode 100644 snet20-3.patch diff --git a/fix-always-enable-taskbar-toggle.patch b/fix-always-enable-taskbar-toggle.patch index 0828212..0f5eb9e 100644 --- a/fix-always-enable-taskbar-toggle.patch +++ b/fix-always-enable-taskbar-toggle.patch @@ -1,33 +1,45 @@ -From 097c997bb711427bb8dd111b63ec8f5fb5cc3382 Mon Sep 17 00:00:00 2001 +From 1b45884632a10093d455eb6aa09ebda35a0919f0 Mon Sep 17 00:00:00 2001 From: nyyu Date: Sun, 18 Sep 2022 11:44:26 +0200 Subject: [PATCH] fix: always enable taskbar toggle Change-Id: I247db667bec92fabcdbe7bd84946e79bae7e0bb6 --- - src/org/lineageos/lineageparts/input/ButtonSettings.java | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) + .../lineageparts/input/ButtonSettings.java | 17 ++++++++--------- + 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/src/org/lineageos/lineageparts/input/ButtonSettings.java b/src/org/lineageos/lineageparts/input/ButtonSettings.java -index a6fa54f..d73c2e1 100644 +index a6fa54f..4e326d3 100644 --- a/src/org/lineageos/lineageparts/input/ButtonSettings.java +++ b/src/org/lineageos/lineageparts/input/ButtonSettings.java -@@ -476,7 +476,7 @@ public class ButtonSettings extends SettingsPreferenceFragment +@@ -475,15 +475,11 @@ public class ButtonSettings extends SettingsPreferenceFragment + mEnableTaskbar = findPreference(KEY_ENABLE_TASKBAR); if (mEnableTaskbar != null) { - if (!isTablet(getContext()) || !hasNavigationBar()) { +- if (!isTablet(getContext()) || !hasNavigationBar()) { - mNavigationPreferencesCat.removePreference(mEnableTaskbar); -+ //mNavigationPreferencesCat.removePreference(mEnableTaskbar); - } else { - mEnableTaskbar.setOnPreferenceChangeListener(this); - mEnableTaskbar.setChecked(LineageSettings.System.getInt(resolver, -@@ -867,6 +867,7 @@ public class ButtonSettings extends SettingsPreferenceFragment +- } else { +- mEnableTaskbar.setOnPreferenceChangeListener(this); +- mEnableTaskbar.setChecked(LineageSettings.System.getInt(resolver, +- LineageSettings.System.ENABLE_TASKBAR, +- isTablet(getContext()) ? 1 : 0) == 1); +- toggleTaskBarDependencies(mEnableTaskbar.isChecked()); +- } ++ mEnableTaskbar.setOnPreferenceChangeListener(this); ++ mEnableTaskbar.setChecked(LineageSettings.System.getInt(resolver, ++ LineageSettings.System.ENABLE_TASKBAR, ++ isTablet(getContext()) ? 1 : 0) == 1); ++ toggleTaskBarDependencies(mEnableTaskbar.isChecked()); + } + + List unsupportedValues = new ArrayList<>(); +@@ -867,6 +863,9 @@ public class ButtonSettings extends SettingsPreferenceFragment return true; } else if (preference == mDisableNavigationKeys) { mDisableNavigationKeys.setEnabled(false); + mEnableTaskbar.setChecked(false); ++ LineageSettings.System.putInt(getContentResolver(), ++ LineageSettings.System.ENABLE_TASKBAR, 0); mNavigationPreferencesCat.setEnabled(false); if (!mDisableNavigationKeys.isChecked()) { setButtonNavigationMode(NAV_BAR_MODE_3BUTTON_OVERLAY); --- -2.39.0 diff --git a/fix-bt-le.patch b/fix-bt-le.patch index caa907a..c4e41ca 100644 --- a/fix-bt-le.patch +++ b/fix-bt-le.patch @@ -85,6 +85,3 @@ index 76f6c6f62c..4d7f10312c 100644 CHECK(p_vcs_cplt_params->param_len > 0); const uint8_t* p = p_vcs_cplt_params->p_param_buf; --- -2.37.3 - diff --git a/fix-enable-more-grids-for-tablet.patch b/fix-enable-more-grids-for-tablet.patch index 0e0568d..501defc 100644 --- a/fix-enable-more-grids-for-tablet.patch +++ b/fix-enable-more-grids-for-tablet.patch @@ -57,5 +57,3 @@ index 8105afaa24..eef99d49bb 100644 Date: Fri, 23 Dec 2022 19:20:55 +0100 Subject: [PATCH] fix: trebuchet taskbar Change-Id: I566e6a3cf799cdd8ee5d4f07221b9d6bb80d41cb --- - .../src/com/android/launcher3/taskbar/TaskbarManager.java | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) + src/com/android/launcher3/util/SettingsCache.java | 5 +++++ + 1 file changed, 5 insertions(+) -diff --git a/quickstep/src/com/android/launcher3/taskbar/TaskbarManager.java b/quickstep/src/com/android/launcher3/taskbar/TaskbarManager.java -index e7d102d5c3..ef0f12eae4 100644 ---- a/quickstep/src/com/android/launcher3/taskbar/TaskbarManager.java -+++ b/quickstep/src/com/android/launcher3/taskbar/TaskbarManager.java -@@ -133,8 +133,7 @@ public class TaskbarManager { - LineageSettings.System.ENABLE_TASKBAR, 0) == 1; - SystemUiProxy.INSTANCE.get(mContext).setTaskbarEnabled(enabled); +diff --git a/src/com/android/launcher3/util/SettingsCache.java b/src/com/android/launcher3/util/SettingsCache.java +index 0c5b7225d3..0a8a0bdf09 100644 +--- a/src/com/android/launcher3/util/SettingsCache.java ++++ b/src/com/android/launcher3/util/SettingsCache.java +@@ -33,6 +33,8 @@ import java.util.Map; + import java.util.concurrent.ConcurrentHashMap; + import java.util.concurrent.CopyOnWriteArrayList; -- // Restart launcher -- System.exit(0); -+ recreateTaskbar(); - }; - // TODO(b/227669780): Consolidate this w/ DisplayController callbacks - mComponentCallbacks = new ComponentCallbacks() { --- -2.39.0 ++import lineageos.providers.LineageSettings; ++ + /** + * ContentObserver over Settings keys that also has a caching layer. + * Consumers can register for callbacks via {@link #register(Uri, OnChangeListener)} and +@@ -61,6 +63,7 @@ public class SettingsCache extends ContentObserver implements SafeCloseable { + Settings.System.getUriFor(ACCELEROMETER_ROTATION); + + private static final String SYSTEM_URI_PREFIX = Settings.System.CONTENT_URI.toString(); ++ private static final String LINEAGE_URI_PREFIX = LineageSettings.System.CONTENT_URI.toString(); + + /** + * Caches the last seen value for registered keys. +@@ -139,6 +142,8 @@ public class SettingsCache extends ContentObserver implements SafeCloseable { + boolean newVal; + if (keyUri.toString().startsWith(SYSTEM_URI_PREFIX)) { + newVal = Settings.System.getInt(mResolver, key, defaultValue) == 1; ++ } else if (keyUri.toString().startsWith(LINEAGE_URI_PREFIX)) { ++ newVal = LineageSettings.System.getInt(mResolver, key, defaultValue) == 1; + } else { // SETTING_SECURE + newVal = Settings.Secure.getInt(mResolver, key, defaultValue) == 1; + } diff --git a/snet20-1.patch b/snet20-1.patch new file mode 100644 index 0000000..d203ad1 --- /dev/null +++ b/snet20-1.patch @@ -0,0 +1,83 @@ +From c9a37a5a5a9e63fda74f6fcf45bc9f164957f295 Mon Sep 17 00:00:00 2001 +From: Danny Lin +Date: Wed, 7 Oct 2020 00:24:54 -0700 +Subject: [PATCH] init: Set properties to make SafetyNet pass + +Google's SafetyNet integrity checks will check the values of these +properties when performing basic attestation. Setting fake values helps +us pass basic SafetyNet with no Magisk Hide or kernel patches necessary. + +Note that these properties need to be set very early, before parsing the +kernel command-line, as they are read-only properties that the bootloader +sets using androidboot kernel arguments. The bootloader's real values +cause SafetyNet to fail with an unlocked bootloader and/or custom +software because the verified boot chain is broken in that case. + +Change-Id: I66d23fd91d82906b00d5eb020668f01ae83ec31f + +fastboot: Revert to Android 11 method of checking lock status + +Now that we're setting system-wide properties for SafetyNet, which +includes ro.boot.verifiedbootstate=green, fastbootd always detects the +bootloader as being locked. Revert to the Android 11 method of reading +directly from the kernel cmdline to work arround the issue. + +- Also don't set these in recovery + +Change-Id: I57f6d48acddb29748778053edf354d7bd8994bd7 +--- + fastboot/device/utility.cpp | 7 ++++++- + init/property_service.cpp | 15 +++++++++++++++ + 2 files changed, 21 insertions(+), 1 deletion(-) + +diff --git a/fastboot/device/utility.cpp b/fastboot/device/utility.cpp +index 3302c4310c9..a14eea37662 100644 +--- a/fastboot/device/utility.cpp ++++ b/fastboot/device/utility.cpp +@@ -196,7 +196,12 @@ std::vector ListPartitions(FastbootDevice* device) { + } + + bool GetDeviceLockStatus() { +- return android::base::GetProperty("ro.boot.verifiedbootstate", "") != "orange"; ++ std::string cmdline; ++ // Return lock status true if unable to read kernel command line. ++ if (!android::base::ReadFileToString("/proc/cmdline", &cmdline)) { ++ return true; ++ } ++ return cmdline.find("androidboot.verifiedbootstate=orange") == std::string::npos; + } + + bool UpdateAllPartitionMetadata(FastbootDevice* device, const std::string& super_name, +diff --git a/init/property_service.cpp b/init/property_service.cpp +index 9f7c21543e9..d1e802cca19 100644 +--- a/init/property_service.cpp ++++ b/init/property_service.cpp +@@ -1282,6 +1282,13 @@ static void ProcessBootconfig() { + }); + } + ++static void SetSafetyNetProps() { ++ InitPropertySet("ro.boot.flash.locked", "1"); ++ InitPropertySet("ro.boot.verifiedbootstate", "green"); ++ InitPropertySet("ro.boot.veritymode", "enforcing"); ++ InitPropertySet("ro.boot.vbmeta.device_state", "locked"); ++} ++ + void PropertyInit() { + selinux_callback cb; + cb.func_audit = PropertyAuditCallback; +@@ -1296,6 +1303,14 @@ void PropertyInit() { + LOG(FATAL) << "Failed to load serialized property info file"; + } + ++ // Report a valid verified boot chain to make Google SafetyNet integrity ++ // checks pass. This needs to be done before parsing the kernel cmdline as ++ // these properties are read-only and will be set to invalid values with ++ // androidboot cmdline arguments. ++ if (!IsRecoveryMode()) { ++ SetSafetyNetProps(); ++ } ++ + // If arguments are passed both on the command line and in DT, + // properties set in DT always have priority over the command-line ones. + ProcessKernelDt(); diff --git a/snet20-2.patch b/snet20-2.patch new file mode 100644 index 0000000..729979e --- /dev/null +++ b/snet20-2.patch @@ -0,0 +1,138 @@ +From 3db46053ca0547c175fa591075a67b8d76c4b906 Mon Sep 17 00:00:00 2001 +From: Danny Lin +Date: Mon, 11 Oct 2021 19:59:51 -0700 +Subject: [PATCH] Alter model name to avoid SafetyNet HW attestation + enforcement + +As of September 2, Google is enforcing SafetyNet's previously +opportunistic hardware-backed attestation based on device information. +Append a space to the device model name in order to avoid such +enforcement. + +Also contains: + Spoof build fingerprint for Google Play Services + + SafetyNet's CTS profile attestation checks whether Build.FINGERPRINT + matches that of the device's stock OS, which has passed CTS testing. + Spoof the fingerprint for Google Play Services to help pass SafetyNet. + + We used to set the real system build fingerprint to the stock one, but + Android relies on each build having a unique fingerprint in order to + clear the correct caches and update persistent state for system changes. + On devices that no longer receive updates from the OEM, the build + fingerprint never changes and Android doesn't account for updates + correctly, which causes issues when updating without wiping data. + Only spoofing the fingerprint for Google Play Services fixes this issue. + + Corresponding vendor commit: + "Only use stock build fingerprint for Google Play Services" + + NB: This code is under the gmscompat package, but it does not depend on + any code from gmscompat. + + Change-Id: I26a2498eb2e2163933303b03f6d516e5fb30fe51 + +* We don't need to spoof the fingerprint here since we do it globally, but we + use the Build field spoofing code it added for model + +Change-Id: Ib7779e0aae40cab3730a56785e9231896917ab0a +--- + core/java/android/app/Instrumentation.java | 4 ++ + .../internal/gmscompat/AttestationHooks.java | 59 +++++++++++++++++++ + 2 files changed, 63 insertions(+) + create mode 100644 core/java/com/android/internal/gmscompat/AttestationHooks.java + +diff --git a/core/java/android/app/Instrumentation.java b/core/java/android/app/Instrumentation.java +index 8984c4292023..58258acaef97 100644 +--- a/core/java/android/app/Instrumentation.java ++++ b/core/java/android/app/Instrumentation.java +@@ -57,6 +57,8 @@ + + import com.android.internal.content.ReferrerIntent; + ++import com.android.internal.gmscompat.AttestationHooks; ++ + import java.io.File; + import java.lang.annotation.Retention; + import java.lang.annotation.RetentionPolicy; +@@ -1231,6 +1233,7 @@ public Application newApplication(ClassLoader cl, String className, Context cont + Application app = getFactory(context.getPackageName()) + .instantiateApplication(cl, className); + app.attach(context); ++ AttestationHooks.initApplicationBeforeOnCreate(app); + return app; + } + +@@ -1248,6 +1251,7 @@ static public Application newApplication(Class clazz, Context context) + ClassNotFoundException { + Application app = (Application)clazz.newInstance(); + app.attach(context); ++ AttestationHooks.initApplicationBeforeOnCreate(app); + return app; + } + +diff --git a/core/java/com/android/internal/gmscompat/AttestationHooks.java b/core/java/com/android/internal/gmscompat/AttestationHooks.java +new file mode 100644 +index 000000000000..621156eb84b9 +--- /dev/null ++++ b/core/java/com/android/internal/gmscompat/AttestationHooks.java +@@ -0,0 +1,59 @@ ++/* ++ * Copyright (C) 2021 The Android Open Source Project ++ * ++ * Licensed under the Apache License, Version 2.0 (the "License"); ++ * you may not use this file except in compliance with the License. ++ * You may obtain a copy of the License at ++ * ++ * http://www.apache.org/licenses/LICENSE-2.0 ++ * ++ * Unless required by applicable law or agreed to in writing, software ++ * distributed under the License is distributed on an "AS IS" BASIS, ++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++ * See the License for the specific language governing permissions and ++ * limitations under the License. ++ */ ++ ++package com.android.internal.gmscompat; ++ ++import android.app.Application; ++import android.os.Build; ++import android.os.SystemProperties; ++import android.util.Log; ++ ++import java.lang.reflect.Field; ++ ++/** @hide */ ++public final class AttestationHooks { ++ private static final String TAG = "GmsCompat/Attestation"; ++ private static final String PACKAGE_GMS = "com.google.android.gms"; ++ ++ private AttestationHooks() { } ++ ++ private static void setBuildField(String key, String value) { ++ try { ++ // Unlock ++ Field field = Build.class.getDeclaredField(key); ++ field.setAccessible(true); ++ ++ // Edit ++ field.set(null, value); ++ ++ // Lock ++ field.setAccessible(false); ++ } catch (NoSuchFieldException | IllegalAccessException e) { ++ Log.e(TAG, "Failed to spoof Build." + key, e); ++ } ++ } ++ ++ private static void spoofBuildGms() { ++ // Alter model name to avoid hardware attestation enforcement ++ setBuildField("MODEL", Build.MODEL + " "); ++ } ++ ++ public static void initApplicationBeforeOnCreate(Application app) { ++ if (PACKAGE_GMS.equals(app.getPackageName())) { ++ spoofBuildGms(); ++ } ++ } ++} diff --git a/snet20-3.patch b/snet20-3.patch new file mode 100644 index 0000000..025ef1a --- /dev/null +++ b/snet20-3.patch @@ -0,0 +1,91 @@ +From ae57183500bb34032ec426fcae2b9a14e028ce12 Mon Sep 17 00:00:00 2001 +From: Danny Lin +Date: Mon, 11 Oct 2021 20:00:44 -0700 +Subject: [PATCH] keystore: Block key attestation for SafetyNet + +SafetyNet (part of Google Play Services) opportunistically uses +hardware-backed key attestation via KeyStore as a strong integrity +check. This causes SafetyNet to fail on custom ROMs because the verified +boot key and bootloader unlock state can be detected from attestation +certificates. + +As a workaround, we can take advantage of the fact that SafetyNet's +usage of key attestation is opportunistic (i.e. falls back to basic +integrity checks if it fails) and prevent it from getting the +attestation certificate chain from KeyStore. This is done by checking +the stack for DroidGuard, which is the codename for SafetyNet, and +pretending that the device doesn't support key attestation. + +Key attestation has only been blocked for SafetyNet specifically, as +Google Play Services and other apps have many valid reasons to use it. +For example, it appears to be involved in Google's mobile security key +ferature. + +Change-Id: I5146439d47f42dc6231cb45c4dab9f61540056f6 +--- + .../internal/gmscompat/AttestationHooks.java | 16 ++++++++++++++++ + .../security/keystore2/AndroidKeyStoreSpi.java | 3 +++ + 2 files changed, 19 insertions(+) + +diff --git a/core/java/com/android/internal/gmscompat/AttestationHooks.java b/core/java/com/android/internal/gmscompat/AttestationHooks.java +index 621156eb84b9..fe12dfe02a9f 100644 +--- a/core/java/com/android/internal/gmscompat/AttestationHooks.java ++++ b/core/java/com/android/internal/gmscompat/AttestationHooks.java +@@ -22,12 +22,15 @@ + import android.util.Log; + + import java.lang.reflect.Field; ++import java.util.Arrays; + + /** @hide */ + public final class AttestationHooks { + private static final String TAG = "GmsCompat/Attestation"; + private static final String PACKAGE_GMS = "com.google.android.gms"; + ++ private static volatile boolean sIsGms = false; ++ + private AttestationHooks() { } + + private static void setBuildField(String key, String value) { +@@ -53,7 +56,20 @@ private static void spoofBuildGms() { + + public static void initApplicationBeforeOnCreate(Application app) { + if (PACKAGE_GMS.equals(app.getPackageName())) { ++ sIsGms = true; + spoofBuildGms(); + } + } ++ ++ private static boolean isCallerSafetyNet() { ++ return Arrays.stream(Thread.currentThread().getStackTrace()) ++ .anyMatch(elem -> elem.getClassName().contains("DroidGuard")); ++ } ++ ++ public static void onEngineGetCertificateChain() { ++ // Check stack for SafetyNet ++ if (sIsGms && isCallerSafetyNet()) { ++ throw new UnsupportedOperationException(); ++ } ++ } + } +diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java +index 33411e1ec5b9..133a4094d434 100644 +--- a/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java ++++ b/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java +@@ -42,6 +42,7 @@ + import android.util.Log; + + import com.android.internal.annotations.VisibleForTesting; ++import com.android.internal.gmscompat.AttestationHooks; + + import java.io.ByteArrayInputStream; + import java.io.IOException; +@@ -164,6 +165,8 @@ private KeyEntryResponse getKeyMetadata(String alias) { + + @Override + public Certificate[] engineGetCertificateChain(String alias) { ++ AttestationHooks.onEngineGetCertificateChain(); ++ + KeyEntryResponse response = getKeyMetadata(alias); + + if (response == null || response.metadata.certificate == null) { diff --git a/sync.sh b/sync.sh index 259a7c7..a978c76 100644 --- a/sync.sh +++ b/sync.sh @@ -38,8 +38,6 @@ done echo -e "\n" >>"${changelog}" cat "${changelog}" -. build/envsetup.sh - cd packages/apps/LineageParts git am $CI_WORKSPACE/fix-always-enable-taskbar-toggle.patch || git am --abort cd $TOPDIR @@ -67,5 +65,15 @@ git am $CI_WORKSPACE/fix-rear-camera-rotation.patch || git am --abort cd $TOPDIR #safetynet -repopick -f 334348 -P system/core -repopick -f 334343 334344 -P frameworks/base +cd system/core +#334348 +git am $CI_WORKSPACE/snet20-1.patch || git am --abort +cd $TOPDIR +cd frameworks/base +#334343 334344 +git am $CI_WORKSPACE/snet20-2.patch || git am --abort +git am $CI_WORKSPACE/snet20-3.patch || git am --abort +cd $TOPDIR + +#. build/envsetup.sh +#repopick