lineage/build
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

upd patches
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details

Browse Source
This commit is contained in:
nyyu 2022-12-25 20:51:09 +01:00
parent 239c3806a5
commit 9eb9627de2
9 changed files with 381 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
fix-always-enable-taskbar-toggle.patch
View File

@ -1,33 +1,45 @@
From 097c997bb711427bb8dd111b63ec8f5fb5cc3382 Mon Sep 17 00:00:00 2001 From 1b45884632a10093d455eb6aa09ebda35a0919f0 Mon Sep 17 00:00:00 2001
From: nyyu <mail@nyyu.dev> From: nyyu <mail@nyyu.dev>
Date: Sun, 18 Sep 2022 11:44:26 +0200 Date: Sun, 18 Sep 2022 11:44:26 +0200
Subject: [PATCH] fix: always enable taskbar toggle Subject: [PATCH] fix: always enable taskbar toggle
Change-Id: I247db667bec92fabcdbe7bd84946e79bae7e0bb6 Change-Id: I247db667bec92fabcdbe7bd84946e79bae7e0bb6
--- ---
src/org/lineageos/lineageparts/input/ButtonSettings.java | 3 ++- .../lineageparts/input/ButtonSettings.java | 17 ++++++++---------
1 file changed, 2 insertions(+), 1 deletion(-) 1 file changed, 8 insertions(+), 9 deletions(-)
diff --git a/src/org/lineageos/lineageparts/input/ButtonSettings.java b/src/org/lineageos/lineageparts/input/ButtonSettings.java diff --git a/src/org/lineageos/lineageparts/input/ButtonSettings.java b/src/org/lineageos/lineageparts/input/ButtonSettings.java
index a6fa54f..d73c2e1 100644 index a6fa54f..4e326d3 100644
--- a/src/org/lineageos/lineageparts/input/ButtonSettings.java --- a/src/org/lineageos/lineageparts/input/ButtonSettings.java
+++ b/src/org/lineageos/lineageparts/input/ButtonSettings.java +++ b/src/org/lineageos/lineageparts/input/ButtonSettings.java
@@ -476,7 +476,7 @@ public class ButtonSettings extends SettingsPreferenceFragment @@ -475,15 +475,11 @@ public class ButtonSettings extends SettingsPreferenceFragment
mEnableTaskbar = findPreference(KEY_ENABLE_TASKBAR); mEnableTaskbar = findPreference(KEY_ENABLE_TASKBAR);
if (mEnableTaskbar != null) { if (mEnableTaskbar != null) {
if (!isTablet(getContext()) || !hasNavigationBar()) { - if (!isTablet(getContext()) || !hasNavigationBar()) {
- mNavigationPreferencesCat.removePreference(mEnableTaskbar); - mNavigationPreferencesCat.removePreference(mEnableTaskbar);
+ //mNavigationPreferencesCat.removePreference(mEnableTaskbar); - } else {
} else { - mEnableTaskbar.setOnPreferenceChangeListener(this);
mEnableTaskbar.setOnPreferenceChangeListener(this); - mEnableTaskbar.setChecked(LineageSettings.System.getInt(resolver,
mEnableTaskbar.setChecked(LineageSettings.System.getInt(resolver, - LineageSettings.System.ENABLE_TASKBAR,
@@ -867,6 +867,7 @@ public class ButtonSettings extends SettingsPreferenceFragment - isTablet(getContext()) ? 1 : 0) == 1);
- toggleTaskBarDependencies(mEnableTaskbar.isChecked());
- }
+ mEnableTaskbar.setOnPreferenceChangeListener(this);
+ mEnableTaskbar.setChecked(LineageSettings.System.getInt(resolver,
+ LineageSettings.System.ENABLE_TASKBAR,
+ isTablet(getContext()) ? 1 : 0) == 1);
+ toggleTaskBarDependencies(mEnableTaskbar.isChecked());
}
List<Integer> unsupportedValues = new ArrayList<>();
@@ -867,6 +863,9 @@ public class ButtonSettings extends SettingsPreferenceFragment
return true; return true;
} else if (preference == mDisableNavigationKeys) { } else if (preference == mDisableNavigationKeys) {
mDisableNavigationKeys.setEnabled(false); mDisableNavigationKeys.setEnabled(false);
+ mEnableTaskbar.setChecked(false); + mEnableTaskbar.setChecked(false);
+ LineageSettings.System.putInt(getContentResolver(),
+ LineageSettings.System.ENABLE_TASKBAR, 0);
mNavigationPreferencesCat.setEnabled(false); mNavigationPreferencesCat.setEnabled(false);
if (!mDisableNavigationKeys.isChecked()) { if (!mDisableNavigationKeys.isChecked()) {
setButtonNavigationMode(NAV_BAR_MODE_3BUTTON_OVERLAY); setButtonNavigationMode(NAV_BAR_MODE_3BUTTON_OVERLAY);
--
2.39.0

3
fix-bt-le.patch
View File

@ -85,6 +85,3 @@ index 76f6c6f62c..4d7f10312c 100644
CHECK(p_vcs_cplt_params->param_len > 0); CHECK(p_vcs_cplt_params->param_len > 0);
const uint8_t* p = p_vcs_cplt_params->p_param_buf; const uint8_t* p = p_vcs_cplt_params->p_param_buf;
--
2.37.3

2
fix-enable-more-grids-for-tablet.patch
View File

@ -57,5 +57,3 @@ index 8105afaa24..eef99d49bb 100644
<display-option <display-option
launcher:name="Large Phone" launcher:name="Large Phone"
--
2.38.1

2
fix-rear-camera-rotation.patch
View File

@ -20,5 +20,3 @@ index af3c492762..8967bfca77 100644
break; break;
default: default:
ALOGE("%s: Invalid HAL android.sensor.orientation value: %d", ALOGE("%s: Invalid HAL android.sensor.orientation value: %d",
--
2.38.1

50
fix-trebuchet-taskbar.patch
View File

@ -1,26 +1,40 @@
From 62d44fa0a9b5d4a9d379bdbba6270a36433f5920 Mon Sep 17 00:00:00 2001 From 6fde482e5b5d0dd0adc7617c334f0bb0c0482c7d Mon Sep 17 00:00:00 2001
From: nyyu <mail@nyyu.dev> From: nyyu <mail@nyyu.dev>
Date: Fri, 23 Dec 2022 19:20:55 +0100 Date: Fri, 23 Dec 2022 19:20:55 +0100
Subject: [PATCH] fix: trebuchet taskbar Subject: [PATCH] fix: trebuchet taskbar
Change-Id: I566e6a3cf799cdd8ee5d4f07221b9d6bb80d41cb Change-Id: I566e6a3cf799cdd8ee5d4f07221b9d6bb80d41cb
--- ---
.../src/com/android/launcher3/taskbar/TaskbarManager.java | 3 +-- src/com/android/launcher3/util/SettingsCache.java | 5 +++++
1 file changed, 1 insertion(+), 2 deletions(-) 1 file changed, 5 insertions(+)
diff --git a/quickstep/src/com/android/launcher3/taskbar/TaskbarManager.java b/quickstep/src/com/android/launcher3/taskbar/TaskbarManager.java diff --git a/src/com/android/launcher3/util/SettingsCache.java b/src/com/android/launcher3/util/SettingsCache.java
index e7d102d5c3..ef0f12eae4 100644 index 0c5b7225d3..0a8a0bdf09 100644
--- a/quickstep/src/com/android/launcher3/taskbar/TaskbarManager.java --- a/src/com/android/launcher3/util/SettingsCache.java
+++ b/quickstep/src/com/android/launcher3/taskbar/TaskbarManager.java +++ b/src/com/android/launcher3/util/SettingsCache.java
@@ -133,8 +133,7 @@ public class TaskbarManager { @@ -33,6 +33,8 @@ import java.util.Map;
LineageSettings.System.ENABLE_TASKBAR, 0) == 1; import java.util.concurrent.ConcurrentHashMap;
SystemUiProxy.INSTANCE.get(mContext).setTaskbarEnabled(enabled); import java.util.concurrent.CopyOnWriteArrayList;
- // Restart launcher +import lineageos.providers.LineageSettings;
- System.exit(0); +
+ recreateTaskbar(); /**
}; * ContentObserver over Settings keys that also has a caching layer.
// TODO(b/227669780): Consolidate this w/ DisplayController callbacks * Consumers can register for callbacks via {@link #register(Uri, OnChangeListener)} and
mComponentCallbacks = new ComponentCallbacks() { @@ -61,6 +63,7 @@ public class SettingsCache extends ContentObserver implements SafeCloseable {
-- Settings.System.getUriFor(ACCELEROMETER_ROTATION);
2.39.0
private static final String SYSTEM_URI_PREFIX = Settings.System.CONTENT_URI.toString();
+ private static final String LINEAGE_URI_PREFIX = LineageSettings.System.CONTENT_URI.toString();
/**
* Caches the last seen value for registered keys.
@@ -139,6 +142,8 @@ public class SettingsCache extends ContentObserver implements SafeCloseable {
boolean newVal;
if (keyUri.toString().startsWith(SYSTEM_URI_PREFIX)) {
newVal = Settings.System.getInt(mResolver, key, defaultValue) == 1;
+ } else if (keyUri.toString().startsWith(LINEAGE_URI_PREFIX)) {
+ newVal = LineageSettings.System.getInt(mResolver, key, defaultValue) == 1;
} else { // SETTING_SECURE
newVal = Settings.Secure.getInt(mResolver, key, defaultValue) == 1;
}

83
snet20-1.patch Normal file
View File

@ -0,0 +1,83 @@
From c9a37a5a5a9e63fda74f6fcf45bc9f164957f295 Mon Sep 17 00:00:00 2001
From: Danny Lin <danny@kdrag0n.dev>
Date: Wed, 7 Oct 2020 00:24:54 -0700
Subject: [PATCH] init: Set properties to make SafetyNet pass
Google's SafetyNet integrity checks will check the values of these
properties when performing basic attestation. Setting fake values helps
us pass basic SafetyNet with no Magisk Hide or kernel patches necessary.
Note that these properties need to be set very early, before parsing the
kernel command-line, as they are read-only properties that the bootloader
sets using androidboot kernel arguments. The bootloader's real values
cause SafetyNet to fail with an unlocked bootloader and/or custom
software because the verified boot chain is broken in that case.
Change-Id: I66d23fd91d82906b00d5eb020668f01ae83ec31f
fastboot: Revert to Android 11 method of checking lock status
Now that we're setting system-wide properties for SafetyNet, which
includes ro.boot.verifiedbootstate=green, fastbootd always detects the
bootloader as being locked. Revert to the Android 11 method of reading
directly from the kernel cmdline to work arround the issue.
- Also don't set these in recovery
Change-Id: I57f6d48acddb29748778053edf354d7bd8994bd7
---
fastboot/device/utility.cpp | 7 ++++++-
init/property_service.cpp | 15 +++++++++++++++
2 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/fastboot/device/utility.cpp b/fastboot/device/utility.cpp
index 3302c4310c9..a14eea37662 100644
--- a/fastboot/device/utility.cpp
+++ b/fastboot/device/utility.cpp
@@ -196,7 +196,12 @@ std::vector<std::string> ListPartitions(FastbootDevice* device) {
}
bool GetDeviceLockStatus() {
- return android::base::GetProperty("ro.boot.verifiedbootstate", "") != "orange";
+ std::string cmdline;
+ // Return lock status true if unable to read kernel command line.
+ if (!android::base::ReadFileToString("/proc/cmdline", &cmdline)) {
+ return true;
+ }
+ return cmdline.find("androidboot.verifiedbootstate=orange") == std::string::npos;
}
bool UpdateAllPartitionMetadata(FastbootDevice* device, const std::string& super_name,
diff --git a/init/property_service.cpp b/init/property_service.cpp
index 9f7c21543e9..d1e802cca19 100644
--- a/init/property_service.cpp
+++ b/init/property_service.cpp
@@ -1282,6 +1282,13 @@ static void ProcessBootconfig() {
});
}
+static void SetSafetyNetProps() {
+ InitPropertySet("ro.boot.flash.locked", "1");
+ InitPropertySet("ro.boot.verifiedbootstate", "green");
+ InitPropertySet("ro.boot.veritymode", "enforcing");
+ InitPropertySet("ro.boot.vbmeta.device_state", "locked");
+}
+
void PropertyInit() {
selinux_callback cb;
cb.func_audit = PropertyAuditCallback;
@@ -1296,6 +1303,14 @@ void PropertyInit() {
LOG(FATAL) << "Failed to load serialized property info file";
}
+ // Report a valid verified boot chain to make Google SafetyNet integrity
+ // checks pass. This needs to be done before parsing the kernel cmdline as
+ // these properties are read-only and will be set to invalid values with
+ // androidboot cmdline arguments.
+ if (!IsRecoveryMode()) {
+ SetSafetyNetProps();
+ }
+
// If arguments are passed both on the command line and in DT,
// properties set in DT always have priority over the command-line ones.
ProcessKernelDt();

138
snet20-2.patch Normal file
View File

@ -0,0 +1,138 @@
From 3db46053ca0547c175fa591075a67b8d76c4b906 Mon Sep 17 00:00:00 2001
From: Danny Lin <danny@kdrag0n.dev>
Date: Mon, 11 Oct 2021 19:59:51 -0700
Subject: [PATCH] Alter model name to avoid SafetyNet HW attestation
enforcement
As of September 2, Google is enforcing SafetyNet's previously
opportunistic hardware-backed attestation based on device information.
Append a space to the device model name in order to avoid such
enforcement.
Also contains:
Spoof build fingerprint for Google Play Services
SafetyNet's CTS profile attestation checks whether Build.FINGERPRINT
matches that of the device's stock OS, which has passed CTS testing.
Spoof the fingerprint for Google Play Services to help pass SafetyNet.
We used to set the real system build fingerprint to the stock one, but
Android relies on each build having a unique fingerprint in order to
clear the correct caches and update persistent state for system changes.
On devices that no longer receive updates from the OEM, the build
fingerprint never changes and Android doesn't account for updates
correctly, which causes issues when updating without wiping data.
Only spoofing the fingerprint for Google Play Services fixes this issue.
Corresponding vendor commit:
"Only use stock build fingerprint for Google Play Services"
NB: This code is under the gmscompat package, but it does not depend on
any code from gmscompat.
Change-Id: I26a2498eb2e2163933303b03f6d516e5fb30fe51
* We don't need to spoof the fingerprint here since we do it globally, but we
use the Build field spoofing code it added for model
Change-Id: Ib7779e0aae40cab3730a56785e9231896917ab0a
---
core/java/android/app/Instrumentation.java | 4 ++
.../internal/gmscompat/AttestationHooks.java | 59 +++++++++++++++++++
2 files changed, 63 insertions(+)
create mode 100644 core/java/com/android/internal/gmscompat/AttestationHooks.java
diff --git a/core/java/android/app/Instrumentation.java b/core/java/android/app/Instrumentation.java
index 8984c4292023..58258acaef97 100644
--- a/core/java/android/app/Instrumentation.java
+++ b/core/java/android/app/Instrumentation.java
@@ -57,6 +57,8 @@
import com.android.internal.content.ReferrerIntent;
+import com.android.internal.gmscompat.AttestationHooks;
+
import java.io.File;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
@@ -1231,6 +1233,7 @@ public Application newApplication(ClassLoader cl, String className, Context cont
Application app = getFactory(context.getPackageName())
.instantiateApplication(cl, className);
app.attach(context);
+ AttestationHooks.initApplicationBeforeOnCreate(app);
return app;
}
@@ -1248,6 +1251,7 @@ static public Application newApplication(Class<?> clazz, Context context)
ClassNotFoundException {
Application app = (Application)clazz.newInstance();
app.attach(context);
+ AttestationHooks.initApplicationBeforeOnCreate(app);
return app;
}
diff --git a/core/java/com/android/internal/gmscompat/AttestationHooks.java b/core/java/com/android/internal/gmscompat/AttestationHooks.java
new file mode 100644
index 000000000000..621156eb84b9
--- /dev/null
+++ b/core/java/com/android/internal/gmscompat/AttestationHooks.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.internal.gmscompat;
+
+import android.app.Application;
+import android.os.Build;
+import android.os.SystemProperties;
+import android.util.Log;
+
+import java.lang.reflect.Field;
+
+/** @hide */
+public final class AttestationHooks {
+ private static final String TAG = "GmsCompat/Attestation";
+ private static final String PACKAGE_GMS = "com.google.android.gms";
+
+ private AttestationHooks() { }
+
+ private static void setBuildField(String key, String value) {
+ try {
+ // Unlock
+ Field field = Build.class.getDeclaredField(key);
+ field.setAccessible(true);
+
+ // Edit
+ field.set(null, value);
+
+ // Lock
+ field.setAccessible(false);
+ } catch (NoSuchFieldException | IllegalAccessException e) {
+ Log.e(TAG, "Failed to spoof Build." + key, e);
+ }
+ }
+
+ private static void spoofBuildGms() {
+ // Alter model name to avoid hardware attestation enforcement
+ setBuildField("MODEL", Build.MODEL + " ");
+ }
+
+ public static void initApplicationBeforeOnCreate(Application app) {
+ if (PACKAGE_GMS.equals(app.getPackageName())) {
+ spoofBuildGms();
+ }
+ }
+}

91
snet20-3.patch Normal file
View File

@ -0,0 +1,91 @@
From ae57183500bb34032ec426fcae2b9a14e028ce12 Mon Sep 17 00:00:00 2001
From: Danny Lin <danny@kdrag0n.dev>
Date: Mon, 11 Oct 2021 20:00:44 -0700
Subject: [PATCH] keystore: Block key attestation for SafetyNet
SafetyNet (part of Google Play Services) opportunistically uses
hardware-backed key attestation via KeyStore as a strong integrity
check. This causes SafetyNet to fail on custom ROMs because the verified
boot key and bootloader unlock state can be detected from attestation
certificates.
As a workaround, we can take advantage of the fact that SafetyNet's
usage of key attestation is opportunistic (i.e. falls back to basic
integrity checks if it fails) and prevent it from getting the
attestation certificate chain from KeyStore. This is done by checking
the stack for DroidGuard, which is the codename for SafetyNet, and
pretending that the device doesn't support key attestation.
Key attestation has only been blocked for SafetyNet specifically, as
Google Play Services and other apps have many valid reasons to use it.
For example, it appears to be involved in Google's mobile security key
ferature.
Change-Id: I5146439d47f42dc6231cb45c4dab9f61540056f6
---
.../internal/gmscompat/AttestationHooks.java | 16 ++++++++++++++++
.../security/keystore2/AndroidKeyStoreSpi.java | 3 +++
2 files changed, 19 insertions(+)
diff --git a/core/java/com/android/internal/gmscompat/AttestationHooks.java b/core/java/com/android/internal/gmscompat/AttestationHooks.java
index 621156eb84b9..fe12dfe02a9f 100644
--- a/core/java/com/android/internal/gmscompat/AttestationHooks.java
+++ b/core/java/com/android/internal/gmscompat/AttestationHooks.java
@@ -22,12 +22,15 @@
import android.util.Log;
import java.lang.reflect.Field;
+import java.util.Arrays;
/** @hide */
public final class AttestationHooks {
private static final String TAG = "GmsCompat/Attestation";
private static final String PACKAGE_GMS = "com.google.android.gms";
+ private static volatile boolean sIsGms = false;
+
private AttestationHooks() { }
private static void setBuildField(String key, String value) {
@@ -53,7 +56,20 @@ private static void spoofBuildGms() {
public static void initApplicationBeforeOnCreate(Application app) {
if (PACKAGE_GMS.equals(app.getPackageName())) {
+ sIsGms = true;
spoofBuildGms();
}
}
+
+ private static boolean isCallerSafetyNet() {
+ return Arrays.stream(Thread.currentThread().getStackTrace())
+ .anyMatch(elem -> elem.getClassName().contains("DroidGuard"));
+ }
+
+ public static void onEngineGetCertificateChain() {
+ // Check stack for SafetyNet
+ if (sIsGms && isCallerSafetyNet()) {
+ throw new UnsupportedOperationException();
+ }
+ }
}
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java
index 33411e1ec5b9..133a4094d434 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java
@@ -42,6 +42,7 @@
import android.util.Log;
import com.android.internal.annotations.VisibleForTesting;
+import com.android.internal.gmscompat.AttestationHooks;
import java.io.ByteArrayInputStream;
import java.io.IOException;
@@ -164,6 +165,8 @@ private KeyEntryResponse getKeyMetadata(String alias) {
@Override
public Certificate[] engineGetCertificateChain(String alias) {
+ AttestationHooks.onEngineGetCertificateChain();
+
KeyEntryResponse response = getKeyMetadata(alias);
if (response == null || response.metadata.certificate == null) {

16
sync.sh
View File

@ -38,8 +38,6 @@ done
echo -e "\n" >>"${changelog}" echo -e "\n" >>"${changelog}"
cat "${changelog}" cat "${changelog}"
. build/envsetup.sh
cd packages/apps/LineageParts cd packages/apps/LineageParts
git am $CI_WORKSPACE/fix-always-enable-taskbar-toggle.patch || git am --abort git am $CI_WORKSPACE/fix-always-enable-taskbar-toggle.patch || git am --abort
cd $TOPDIR cd $TOPDIR
@ -67,5 +65,15 @@ git am $CI_WORKSPACE/fix-rear-camera-rotation.patch || git am --abort
cd $TOPDIR cd $TOPDIR
#safetynet #safetynet
repopick -f 334348 -P system/core cd system/core
repopick -f 334343 334344 -P frameworks/base #334348
git am $CI_WORKSPACE/snet20-1.patch || git am --abort
cd $TOPDIR
cd frameworks/base
#334343 334344
git am $CI_WORKSPACE/snet20-2.patch || git am --abort
git am $CI_WORKSPACE/snet20-3.patch || git am --abort
cd $TOPDIR
#. build/envsetup.sh
#repopick