lineage/build
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: lineage:lineage-20_mondrian
Branches Tags
lineage:lineage-20_mondrian
lineage:lineage-20
lineage:lineage-20_lte
lineage:lineage-19.1
lineage:lineage-18.1
..
compare: lineage:lineage-18.1
Branches Tags
lineage:lineage-20_mondrian
lineage:lineage-20
lineage:lineage-20_lte
lineage:lineage-19.1
lineage:lineage-18.1

6 Commits
lineage-20 ... lineage-18

Author SHA1 Message Date
nyyu
26c747a737 fix changelog if one commit 2022-12-23 11:02:44 +01:00
nyyu
3735fab2cf remove empty changelog
All checks were successful
continuous-integration/drone Build is passing
Details
2022-10-04 07:26:06 +02:00
nyyu
61fbe7242c fix changelog
All checks were successful
continuous-integration/drone Build is passing
Details
2022-08-23 09:39:14 +02:00
nyyu
edd5667917 exclude lineage infra from changelog 2022-08-22 21:16:09 +02:00
nyyu
bee27b3e97 add changelog 2022-08-22 19:01:46 +02:00
nyyu
2b434ca830 lineage 18.1 2022-08-19 12:08:08 +02:00
23 changed files with 155 additions and 1129 deletions
Show Stats Expand all files Collapse all files

105
.drone.yml Normal file
View File

@ -0,0 +1,105 @@
kind: pipeline
type: docker
name: mondrianwifi
environment:
device: mondrianwifi
version: 18.1
steps:
- name: sync
pull: always
image: docker.nyyu.dev/lineage/android:latest
commands:
- cd /build
- rm -rf .repo/repo
- repo init -u https://github.com/LineageOS/android.git -b lineage-$version
- mkdir -p .repo/local_manifests
- cp $DRONE_WORKSPACE_BASE/$device.xml .repo/local_manifests/roomservice.xml
- bash $DRONE_WORKSPACE_BASE/sync.sh
volumes:
- name: build
path: /build
- name: build
pull: always
image: docker.nyyu.dev/lineage/android:latest
commands:
- cd /build
- bash -c ". build/envsetup.sh && lunch lineage_$device-userdebug && mka bacon -j6"
volumes:
- name: build
path: /build
- name: copy
pull: always
image: docker.nyyu.dev/lineage/android:latest
commands:
- rm -f /http/lineage-$version-*-UNOFFICIAL-$device.zip*
- mv -f /build/out/target/product/$device/lineage-$version-*-UNOFFICIAL-$device.zip* /http/
- cat /build/changelog-$device-$version.md >> /http/changelog-$device-$version.md
- ls -lh /http/lineage-$version-*-UNOFFICIAL-$device.zip*
volumes:
- name: build
path: /build
- name: http
path: /http
- name: clean
pull: always
image: docker.nyyu.dev/lineage/android:latest
commands:
- rm -f /build/out/target/product/$device/lineage-$version-*-UNOFFICIAL-$device.zip_* /build/out/target/product/$device/lineage_$device-ota-eng.*.zip
- rm -f /build/changelog-$device-$version.md
volumes:
- name: build
path: /build
trigger:
event:
- custom
- cron
volumes:
- name: http
host:
path: /srv/http/drone
- name: build
host:
path: /drone/lineage-18.1
image_pull_secrets:
- dockerconfig
---
kind: pipeline
type: docker
name: mondrianwifi-publish
environment:
device: mondrianwifi
version: 18.1
steps:
- name: publish
pull: always
image: docker.nyyu.dev/lineage/android:latest
commands:
- mv /http/lineage-$version-*-UNOFFICIAL-$device.zip* /publish/$version/$device/
- cat /http/changelog-$device-$version.md >> /publish/$version/$device/changelog.md
- rm -f /http/changelog-$device-$version.md
- ls -lh /publish/$version/$device/
volumes:
- name: http
path: /http
- name: publish
path: /publish
trigger:
event:
- promote
volumes:
- name: http
host:
path: /srv/http/drone
- name: publish
host:
path: /mnt/android/lineage
image_pull_secrets:
- dockerconfig

5
.vscode/settings.json vendored
View File

@ -1,5 +0,0 @@
{
"yaml.schemas": {
"https://raw.githubusercontent.com/woodpecker-ci/woodpecker/master/pipeline/schema/schema.json": "file:///home/nyyu/dev/lineage/build/.woodpecker/.build.yml"
}
}

33
.woodpecker/.build-lte.yml
View File

@ -1,33 +0,0 @@
variables:
- &build_vol '/media/fast/lineage/lineage-20.0:/build'
- &tools_vol '/media/fast/lineage/tools:/tools'
matrix:
include:
- device: mondrianlte
version: 20.0
skip_clone: true
pipeline:
build:
pull: true
image: docker.nyyu.dev/lineage/android
environment:
- BUILD_HOSTNAME=docker
commands:
- export HOME=/build
- cd /build
- find /build/out/target/product/$device -type f -name '*.prop' -exec rm -vf {} + || true
- bash -c ". build/envsetup.sh && lunch lineage_$device-userdebug && (mka bacon -j6 || (cat out/build_error && exit 1))"
volumes:
- *build_vol
- *tools_vol
when:
event:
- manual
- cron
depends_on:
- sync
- build-wifi

32
.woodpecker/.build-wifi.yml
View File

@ -1,32 +0,0 @@
variables:
- &build_vol '/media/fast/lineage/lineage-20.0:/build'
- &tools_vol '/media/fast/lineage/tools:/tools'
matrix:
include:
- device: mondrianwifi
version: 20.0
skip_clone: true
pipeline:
build:
pull: true
image: docker.nyyu.dev/lineage/android
environment:
- BUILD_HOSTNAME=docker
commands:
- export HOME=/build
- cd /build
- find /build/out/target/product/$device -type f -name '*.prop' -exec rm -vf {} + || true
- bash -c ". build/envsetup.sh && lunch lineage_$device-userdebug && (mka bacon -j6 || (cat out/build_error && exit 1))"
volumes:
- *build_vol
- *tools_vol
when:
event:
- manual
- cron
depends_on:
- sync

24
.woodpecker/.changelog.yml
View File

@ -1,24 +0,0 @@
variables:
- &build_vol '/media/fast/lineage/lineage-20.0:/build'
matrix:
include:
- device: mondrian
version: 20.0
pipeline:
sync:
image: docker.nyyu.dev/lineage/android
commands:
- cd /build
- bash $CI_WORKSPACE/changelog.sh
volumes:
- *build_vol
when:
event:
- manual
- cron
depends_on:
- build-wifi
- build-lte

45
.woodpecker/.copy.yml
View File

@ -1,45 +0,0 @@
variables:
- &build_vol '/media/fast/lineage/lineage-20.0:/build'
- &http_vol '/srv/http/drone:/http'
matrix:
include:
- device: mondrianwifi
version: 20.0
- device: mondrianlte
version: 20.0
skip_clone: true
pipeline:
copy:
pull: true
image: alpine
commands:
- rm -f /http/lineage-$version-*-UNOFFICIAL-$device.zip*
- mv -f /build/out/target/product/$device/lineage-$version-*-UNOFFICIAL-$device.zip* /http/
- cat /build/changelog-mondrian-$version.md >> /http/changelog-$device-$version.md
- ls -lh /http/lineage-$version-*-UNOFFICIAL-$device.zip*
volumes:
- *build_vol
- *http_vol
when:
event:
- manual
- cron
clean:
pull: true
image: alpine
commands:
- rm -f /build/out/target/product/$device/lineage-$version-*-UNOFFICIAL-$device.zip_* /build/out/target/product/$device/lineage_$device-ota-eng.*.zip
- rm -rf /build/out/target/product/$device/obj/PACKAGING/target_files_intermediates/*
- rm -f /build/changelog-$device-$version.md
volumes:
- *build_vol
when:
event:
- manual
- cron
depends_on:
- changelog

28
.woodpecker/.publish.yml
View File

@ -1,28 +0,0 @@
variables:
- &http_vol '/srv/http/drone:/http'
- &pub_vol '/mnt/android/lineage:/publish'
matrix:
include:
- device: mondrianwifi
version: 20.0
- device: mondrianlte
version: 20.0
skip_clone: true
pipeline:
publish:
pull: true
image: alpine
commands:
- mv /http/lineage-$version-*-UNOFFICIAL-$device.zip* /publish/$version/$device/
- cat /http/changelog-$device-$version.md >> /publish/$version/$device/changelog.md
- rm -f /http/changelog-$device-$version.md
- ls -lh /publish/$version/$device/
volumes:
- *http_vol
- *pub_vol
when:
event:
- deployment

32
.woodpecker/.sync.yml
View File

@ -1,32 +0,0 @@
variables:
- &build_vol '/media/fast/lineage/lineage-20.0:/build'
matrix:
include:
- device: mondrian
version: 20.0
pipeline:
sync:
pull: true
image: docker.nyyu.dev/lineage/android
commands:
- HOME=/home/drone
- git config --global user.email 'drone@nyyu.dev'
- git config --global user.name 'drone'
- cd /build
- rm -rf .repo/repo
- rm -f .repo/local_manifests/roomservice.xml
- repo init -u https://github.com/LineageOS-UL/android.git -b lineage-$version -g default,-darwin --git-lfs
- mkdir -p .repo/local_manifests
- cp -f $CI_WORKSPACE/$device.xml .repo/local_manifests/roomservice.xml
- repo forall -c 'git reset --hard --quiet' || true
- bash $CI_WORKSPACE/sync.sh
environment:
version: '20.0'
volumes:
- *build_vol
when:
event:
- manual
- cron

41
changelog.sh
View File

@ -1,41 +0,0 @@
#!/bin/bash -e
# shellcheck disable=SC2154,SC2207,SC2016,SC2086,SC2250,SC2312,SC2162
TOPDIR=$(pwd)
changelog=${TOPDIR}/changelog-${device}-${version}.md
declare -A before
if [[ -f gitstate-${device}-${version}.txt ]]
then
read -a tmp < gitstate-${device}-${version}.txt
else
tmp=($(repo forall -c 'echo "${REPO_PATH}:$(git rev-parse --short HEAD)"'))
fi
for i in "${tmp[@]}"; do
IFS=: read -r folder commit <<<"${i}"
before[${folder}]=${commit}
done
echo -e "# Build $(date '+%Y-%m-%d %H:%M:%S %Z')\n" >>"${changelog}"
tmp=($(repo forall -c 'echo "${REPO_PATH}:$(git rev-parse --short HEAD)"'))
for i in "${tmp[@]}"; do
IFS=: read -r folder commit <<<"${i}"
if [[ "${folder}" != lineage/* && "${before[${folder}]}" != "${commit}" ]]; then
cd "${folder}" || continue
log=$(git --no-pager log --pretty=format:"- %s" "${before[${folder}]}".."${commit}" | grep -v XXXHIDEXXX)
if [[ $(echo -n "$log" | wc -c) != 0 ]]; then
{
echo "## ${folder} ${before[${folder}]}..${commit}"
echo "$log"
echo
} >>"${changelog}"
fi
cd "${TOPDIR}" || continue
fi
done
cat "${changelog}"
echo "${tmp[@]}" > gitstate-${device}-${version}.txt

86
fix-NetworkStats-disable-BPF.patch
View File

@ -1,86 +0,0 @@
From 50173432aab792769a56d2a7d451d1a65e831532 Mon Sep 17 00:00:00 2001
From: nyyu <mail@nyyu.dev>
Date: Sun, 25 Dec 2022 22:35:09 +0100
Subject: [PATCH] XXXHIDEXXX NetworkStats: disable BPF
---
.../native/libs/libnetworkstats/BpfNetworkStats.cpp | 10 +++++-----
.../com/android/server/net/NetworkStatsFactory.java | 2 +-
service/src/com/android/server/BpfNetMaps.java | 4 ++--
3 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/service-t/native/libs/libnetworkstats/BpfNetworkStats.cpp b/service-t/native/libs/libnetworkstats/BpfNetworkStats.cpp
index ee30f3db3..a68407044 100644
--- a/service-t/native/libs/libnetworkstats/BpfNetworkStats.cpp
+++ b/service-t/native/libs/libnetworkstats/BpfNetworkStats.cpp
@@ -104,13 +104,13 @@ int bpfGetIfaceStats(const char* iface, Stats* stats) {
int ret;
if (!ifaceStatsMap.isValid() || !ifaceStatsMap.isOk()) {
ret = -errno;
- ALOGE("get ifaceStats map fd failed: %s", strerror(errno));
+ //ALOGE("get ifaceStats map fd failed: %s", strerror(errno));
return ret;
}
BpfMapRO<uint32_t, IfaceValue> ifaceIndexNameMap(IFACE_INDEX_NAME_MAP_PATH);
if (!ifaceIndexNameMap.isValid() || !ifaceStatsMap.isOk()) {
ret = -errno;
- ALOGE("get ifaceIndexName map fd failed: %s", strerror(errno));
+ //ALOGE("get ifaceIndexName map fd failed: %s", strerror(errno));
return ret;
}
return bpfGetIfaceStatsInternal(iface, stats, ifaceStatsMap, ifaceIndexNameMap);
@@ -189,7 +189,7 @@ int parseBpfNetworkStatsDetail(std::vector<stats_line>* lines,
BpfMapRO<uint32_t, IfaceValue> ifaceIndexNameMap(IFACE_INDEX_NAME_MAP_PATH);
if (!ifaceIndexNameMap.isValid()) {
int ret = -errno;
- ALOGE("get ifaceIndexName map fd failed: %s", strerror(errno));
+ //ALOGE("get ifaceIndexName map fd failed: %s", strerror(errno));
return ret;
}
@@ -266,14 +266,14 @@ int parseBpfNetworkStatsDev(std::vector<stats_line>* lines) {
BpfMapRO<uint32_t, IfaceValue> ifaceIndexNameMap(IFACE_INDEX_NAME_MAP_PATH);
if (!ifaceIndexNameMap.isValid()) {
ret = -errno;
- ALOGE("get ifaceIndexName map fd failed: %s", strerror(errno));
+ //ALOGE("get ifaceIndexName map fd failed: %s", strerror(errno));
return ret;
}
BpfMapRO<uint32_t, StatsValue> ifaceStatsMap(IFACE_STATS_MAP_PATH);
if (!ifaceStatsMap.isValid()) {
ret = -errno;
- ALOGE("get ifaceStats map fd failed: %s", strerror(errno));
+ //ALOGE("get ifaceStats map fd failed: %s", strerror(errno));
return ret;
}
return parseBpfNetworkStatsDevInternal(lines, ifaceStatsMap, ifaceIndexNameMap);
diff --git a/service-t/src/com/android/server/net/NetworkStatsFactory.java b/service-t/src/com/android/server/net/NetworkStatsFactory.java
index 3b93f1a19..191400841 100644
--- a/service-t/src/com/android/server/net/NetworkStatsFactory.java
+++ b/service-t/src/com/android/server/net/NetworkStatsFactory.java
@@ -164,7 +164,7 @@ public class NetworkStatsFactory {
}
public NetworkStatsFactory(@NonNull Context ctx) {
- this(ctx, new File("/proc/"), true);
+ this(ctx, new File("/proc/"), false);
}
@VisibleForTesting
diff --git a/service/src/com/android/server/BpfNetMaps.java b/service/src/com/android/server/BpfNetMaps.java
index c006bc605..3d1fc9b71 100644
--- a/service/src/com/android/server/BpfNetMaps.java
+++ b/service/src/com/android/server/BpfNetMaps.java
@@ -67,9 +67,9 @@ public class BpfNetMaps {
}
private void maybeThrow(final int err, final String msg) {
- if (err != 0) {
+ /*if (err != 0) {
throw new ServiceSpecificException(err, msg + ": " + Os.strerror(err));
- }
+ }*/
}
/**

45
fix-always-enable-taskbar-toggle.patch
View File

@ -1,45 +0,0 @@
From 1b45884632a10093d455eb6aa09ebda35a0919f0 Mon Sep 17 00:00:00 2001
From: nyyu <mail@nyyu.dev>
Date: Sun, 18 Sep 2022 11:44:26 +0200
Subject: [PATCH] XXXHIDEXXX fix: always enable taskbar toggle
Change-Id: I247db667bec92fabcdbe7bd84946e79bae7e0bb6
---
.../lineageparts/input/ButtonSettings.java | 17 ++++++++---------
1 file changed, 8 insertions(+), 9 deletions(-)
diff --git a/src/org/lineageos/lineageparts/input/ButtonSettings.java b/src/org/lineageos/lineageparts/input/ButtonSettings.java
index a6fa54f..4e326d3 100644
--- a/src/org/lineageos/lineageparts/input/ButtonSettings.java
+++ b/src/org/lineageos/lineageparts/input/ButtonSettings.java
@@ -475,15 +475,11 @@ public class ButtonSettings extends SettingsPreferenceFragment
mEnableTaskbar = findPreference(KEY_ENABLE_TASKBAR);
if (mEnableTaskbar != null) {
- if (!isTablet(getContext()) || !hasNavigationBar()) {
- mNavigationPreferencesCat.removePreference(mEnableTaskbar);
- } else {
- mEnableTaskbar.setOnPreferenceChangeListener(this);
- mEnableTaskbar.setChecked(LineageSettings.System.getInt(resolver,
- LineageSettings.System.ENABLE_TASKBAR,
- isTablet(getContext()) ? 1 : 0) == 1);
- toggleTaskBarDependencies(mEnableTaskbar.isChecked());
- }
+ mEnableTaskbar.setOnPreferenceChangeListener(this);
+ mEnableTaskbar.setChecked(LineageSettings.System.getInt(resolver,
+ LineageSettings.System.ENABLE_TASKBAR,
+ isTablet(getContext()) ? 1 : 0) == 1);
+ toggleTaskBarDependencies(mEnableTaskbar.isChecked());
}
List<Integer> unsupportedValues = new ArrayList<>();
@@ -867,6 +863,9 @@ public class ButtonSettings extends SettingsPreferenceFragment
return true;
} else if (preference == mDisableNavigationKeys) {
mDisableNavigationKeys.setEnabled(false);
+ mEnableTaskbar.setChecked(false);
+ LineageSettings.System.putInt(getContentResolver(),
+ LineageSettings.System.ENABLE_TASKBAR, 0);
mNavigationPreferencesCat.setEnabled(false);
if (!mDisableNavigationKeys.isChecked()) {
setButtonNavigationMode(NAV_BAR_MODE_3BUTTON_OVERLAY);

87
fix-bt-le.patch
View File

@ -1,87 +0,0 @@
From 6ad0718fa87dfbaa2bd95ab23f60f485a896e84b Mon Sep 17 00:00:00 2001
From: nyyu <mail@nyyu.dev>
Date: Fri, 30 Sep 2022 22:40:43 +0200
Subject: [PATCH] XXXHIDEXXX bt: disable le
Change-Id: I5c258b1401fcd6fbfa98c98849db209688f52d3c
---
system/gd/hci/controller.cc | 13 +++++++------
system/gd/hci/hci_layer.cc | 4 ++--
system/stack/btm/btm_ble_gap.cc | 4 +++-
3 files changed, 12 insertions(+), 9 deletions(-)
diff --git a/system/gd/hci/controller.cc b/system/gd/hci/controller.cc
index dbece21c6e..572df09bce 100644
--- a/system/gd/hci/controller.cc
+++ b/system/gd/hci/controller.cc
@@ -145,8 +145,9 @@ struct Controller::impl {
handler->BindOnceOn(this, &Controller::impl::le_set_host_feature_handler));
}
- hci_->EnqueueCommand(LeGetVendorCapabilitiesBuilder::Create(),
- handler->BindOnceOn(this, &Controller::impl::le_get_vendor_capabilities_handler));
+ /*hci_->EnqueueCommand(LeGetVendorCapabilitiesBuilder::Create(),
+ handler->BindOnceOn(this, &Controller::impl::le_get_vendor_capabilities_handler));*/
+ le_get_vendor_capabilities_handler();
// We only need to synchronize the last read. Make BD_ADDR to be the last one.
std::promise<void> promise;
@@ -400,8 +401,8 @@ struct Controller::impl {
le_periodic_advertiser_list_size_ = complete_view.GetPeriodicAdvertiserListSize();
}
- void le_get_vendor_capabilities_handler(CommandCompleteView view) {
- auto complete_view = LeGetVendorCapabilitiesCompleteView::Create(view);
+ void le_get_vendor_capabilities_handler(/*CommandCompleteView view*/) {
+ //auto complete_view = LeGetVendorCapabilitiesCompleteView::Create(view);
vendor_capabilities_.is_supported_ = 0x00;
vendor_capabilities_.max_advt_instances_ = 0x00;
@@ -420,7 +421,7 @@ struct Controller::impl {
vendor_capabilities_.a2dp_source_offload_capability_mask_ = 0x00;
vendor_capabilities_.bluetooth_quality_report_support_ = 0x00;
- if (complete_view.IsValid()) {
+ /*if (complete_view.IsValid()) {
vendor_capabilities_.is_supported_ = 0x01;
// v0.55
@@ -471,7 +472,7 @@ struct Controller::impl {
}
vendor_capabilities_.a2dp_source_offload_capability_mask_ = v98.GetA2dpSourceOffloadCapabilityMask();
vendor_capabilities_.bluetooth_quality_report_support_ = v98.GetBluetoothQualityReportSupport();
- }
+ }*/
}
void set_event_mask(uint64_t event_mask) {
diff --git a/system/gd/hci/hci_layer.cc b/system/gd/hci/hci_layer.cc
index b5a9d065be..fa0be65701 100644
--- a/system/gd/hci/hci_layer.cc
+++ b/system/gd/hci/hci_layer.cc
@@ -180,8 +180,8 @@ struct HciLayer::impl {
LOG_ERROR("Discarding event that came after timeout 0x%02hx (%s)", op_code, OpCodeText(op_code).c_str());
return;
}
- ASSERT_LOG(waiting_command_ == op_code, "Waiting for 0x%02hx (%s), got 0x%02hx (%s)", waiting_command_,
- OpCodeText(waiting_command_).c_str(), op_code, OpCodeText(op_code).c_str());
+ /*ASSERT_LOG(waiting_command_ == op_code, "Waiting for 0x%02hx (%s), got 0x%02hx (%s)", waiting_command_,
+ OpCodeText(waiting_command_).c_str(), op_code, OpCodeText(op_code).c_str());*/
bool is_vendor_specific = static_cast<int>(op_code) & (0x3f << 10);
CommandStatusView status_view = CommandStatusView::Create(event);
diff --git a/system/stack/btm/btm_ble_gap.cc b/system/stack/btm/btm_ble_gap.cc
index 76f6c6f62c..4d7f10312c 100644
--- a/system/stack/btm/btm_ble_gap.cc
+++ b/system/stack/btm/btm_ble_gap.cc
@@ -619,7 +619,9 @@ static void btm_ble_vendor_capability_vsc_cmpl_cback(
BTM_TRACE_DEBUG("%s", __func__);
/* Check status of command complete event */
- CHECK(p_vcs_cplt_params->opcode == HCI_BLE_VENDOR_CAP);
+ if(p_vcs_cplt_params->opcode != HCI_BLE_VENDOR_CAP)
+ return;
+
CHECK(p_vcs_cplt_params->param_len > 0);
const uint8_t* p = p_vcs_cplt_params->p_param_buf;

59
fix-enable-more-grids-for-tablet.patch
View File

@ -1,59 +0,0 @@
From 74d6bf5b114dfe94ca84e94d111d191ae5155a8e Mon Sep 17 00:00:00 2001
From: nyyu <mail@nyyu.dev>
Date: Sat, 10 Dec 2022 10:46:10 +0100
Subject: [PATCH] XXXHIDEXXX fix: enable more grids for tablet
Change-Id: I18c617760f5ad94d0baca06865525d7e73ee45ca
---
res/xml/device_profiles.xml | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/res/xml/device_profiles.xml b/res/xml/device_profiles.xml
index 8105afaa24..eef99d49bb 100644
--- a/res/xml/device_profiles.xml
+++ b/res/xml/device_profiles.xml
@@ -103,7 +103,7 @@
launcher:dbFile="launcher_4_by_5.db"
launcher:inlineNavButtonsEndSpacing="@dimen/taskbar_button_margin_split"
launcher:defaultLayoutId="@xml/default_workspace_4x5"
- launcher:deviceCategory="phone|multi_display" >
+ launcher:deviceCategory="phone|tablet|multi_display" >
<display-option
launcher:name="Short Stubby"
@@ -167,7 +167,7 @@
launcher:dbFile="launcher.db"
launcher:inlineNavButtonsEndSpacing="@dimen/taskbar_button_margin_split"
launcher:defaultLayoutId="@xml/default_workspace_5x5"
- launcher:deviceCategory="phone|multi_display" >
+ launcher:deviceCategory="phone|tablet|multi_display" >
<display-option
launcher:name="Large Phone"
@@ -210,7 +210,7 @@
launcher:numHotseatIcons="5"
launcher:dbFile="launcher_5_by_6.db"
launcher:defaultLayoutId="@xml/default_workspace_5x6"
- launcher:deviceCategory="phone|multi_display" >
+ launcher:deviceCategory="phone|tablet|multi_display" >
<display-option
launcher:name="Large Phone"
@@ -233,7 +233,7 @@
launcher:numHotseatIcons="5"
launcher:dbFile="launcher_5_by_7.db"
launcher:defaultLayoutId="@xml/default_workspace_5x7"
- launcher:deviceCategory="phone|multi_display" >
+ launcher:deviceCategory="phone|tablet|multi_display" >
<display-option
launcher:name="Large Phone"
@@ -304,7 +304,7 @@
launcher:numHotseatIcons="6"
launcher:dbFile="launcher_6_by_6.db"
launcher:defaultLayoutId="@xml/default_workspace_6x6"
- launcher:deviceCategory="phone|multi_display" >
+ launcher:deviceCategory="phone|tablet|multi_display" >
<display-option
launcher:name="Large Phone"

22
fix-rear-camera-rotation.patch
View File

@ -1,22 +0,0 @@
From d2022bc573e304388ec55b8f2ba710e8d960c18b Mon Sep 17 00:00:00 2001
From: nyyu <mail@nyyu.dev>
Date: Sun, 4 Dec 2022 10:25:36 +0100
Subject: [PATCH] XXXHIDEXXX fix: rear camera rotation
---
camera/CameraUtils.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/camera/CameraUtils.cpp b/camera/CameraUtils.cpp
index af3c492762..8967bfca77 100644
--- a/camera/CameraUtils.cpp
+++ b/camera/CameraUtils.cpp
@@ -69,7 +69,7 @@ status_t CameraUtils::getRotationTransform(const CameraMetadata& staticInfo,
flags = NATIVE_WINDOW_TRANSFORM_ROT_180;
break;
case 270:
- flags = NATIVE_WINDOW_TRANSFORM_ROT_270;
+ flags = NATIVE_WINDOW_TRANSFORM_ROT_90;
break;
default:
ALOGE("%s: Invalid HAL android.sensor.orientation value: %d",

38
fix-store-build-prop-zip.patch
View File

@ -1,38 +0,0 @@
From 497ae885d6a92d473ec3c603bd39e4510380240d Mon Sep 17 00:00:00 2001
From: nyyu <mail@nyyu.dev>
Date: Sat, 7 Jan 2023 10:54:05 +0100
Subject: [PATCH] XXXHIDEXXX releasetools: Store the build.prop file in the OTA zip
Change-Id: I81825a8a4633dff294a372ccf4de8e3aef99750c
---
tools/releasetools/non_ab_ota.py | 3 +++
tools/releasetools/ota_utils.py | 2 +-
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/tools/releasetools/non_ab_ota.py b/tools/releasetools/non_ab_ota.py
index ad9cbcc82..91492ad76 100644
--- a/tools/releasetools/non_ab_ota.py
+++ b/tools/releasetools/non_ab_ota.py
@@ -308,6 +308,9 @@ endif;
script.AddToZip(input_zip, output_zip, input_path=OPTIONS.updater_binary)
metadata.required_cache = script.required_cache
+ common.ZipWriteStr(output_zip, "system/build.prop",
+ input_zip.read("SYSTEM/build.prop").decode())
+
# We haven't written the metadata entry, which will be done in
# FinalizeMetadata.
common.ZipClose(output_zip)
diff --git a/tools/releasetools/ota_utils.py b/tools/releasetools/ota_utils.py
index ff98ba9fb..1fb78db61 100644
--- a/tools/releasetools/ota_utils.py
+++ b/tools/releasetools/ota_utils.py
@@ -39,7 +39,7 @@ OPTIONS.boot_variable_file = None
METADATA_NAME = 'META-INF/com/android/metadata'
METADATA_PROTO_NAME = 'META-INF/com/android/metadata.pb'
-UNZIP_PATTERN = ['IMAGES/*', 'INSTALL/*', 'META/*', 'OTA/*', 'RADIO/*']
+UNZIP_PATTERN = ['IMAGES/*', 'INSTALL/*', 'META/*', 'OTA/*', 'RADIO/*', 'SYSTEM/build.prop']
SECURITY_PATCH_LEVEL_PROP_NAME = "ro.build.version.security_patch"

40
fix-trebuchet-taskbar.patch
View File

@ -1,40 +0,0 @@
From 6fde482e5b5d0dd0adc7617c334f0bb0c0482c7d Mon Sep 17 00:00:00 2001
From: nyyu <mail@nyyu.dev>
Date: Fri, 23 Dec 2022 19:20:55 +0100
Subject: [PATCH] XXXHIDEXXX fix: trebuchet taskbar
Change-Id: I566e6a3cf799cdd8ee5d4f07221b9d6bb80d41cb
---
src/com/android/launcher3/util/SettingsCache.java | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/com/android/launcher3/util/SettingsCache.java b/src/com/android/launcher3/util/SettingsCache.java
index 0c5b7225d3..0a8a0bdf09 100644
--- a/src/com/android/launcher3/util/SettingsCache.java
+++ b/src/com/android/launcher3/util/SettingsCache.java
@@ -33,6 +33,8 @@ import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.CopyOnWriteArrayList;
+import lineageos.providers.LineageSettings;
+
/**
* ContentObserver over Settings keys that also has a caching layer.
* Consumers can register for callbacks via {@link #register(Uri, OnChangeListener)} and
@@ -61,6 +63,7 @@ public class SettingsCache extends ContentObserver implements SafeCloseable {
Settings.System.getUriFor(ACCELEROMETER_ROTATION);
private static final String SYSTEM_URI_PREFIX = Settings.System.CONTENT_URI.toString();
+ private static final String LINEAGE_URI_PREFIX = LineageSettings.System.CONTENT_URI.toString();
/**
* Caches the last seen value for registered keys.
@@ -139,6 +142,8 @@ public class SettingsCache extends ContentObserver implements SafeCloseable {
boolean newVal;
if (keyUri.toString().startsWith(SYSTEM_URI_PREFIX)) {
newVal = Settings.System.getInt(mResolver, key, defaultValue) == 1;
+ } else if (keyUri.toString().startsWith(LINEAGE_URI_PREFIX)) {
+ newVal = LineageSettings.System.getInt(mResolver, key, defaultValue) == 1;
} else { // SETTING_SECURE
newVal = Settings.Secure.getInt(mResolver, key, defaultValue) == 1;
}

141
microg.patch
View File

@ -1,141 +0,0 @@
From 437d7b1ee54df480d212ca97ddc3b8acd2944966 Mon Sep 17 00:00:00 2001
From: maxwen <max.weninger@gmail.com>
Date: Tue, 25 Sep 2018 09:44:26 +0200
Subject: [PATCH] XXXHIDEXXX base: use better solution for MicroG FAKE_PACKAGE_SIGNATURE
make it a privileged permission instead of a runtime one
to add extra safety dont trust the signature coming from the
package but limit to the microg signature and only allow
from FakeStore and GmsCore package names
https://github.com/microg/GmsCore/blob/master/play-services-core/src/main/res/values/signature.xml
thanks for the inspiration from Chirayu Desai <chirayudesai1@gmail.com>
Reference:
https://gitlab.com/CalyxOS/platform_frameworks_base/-/commit/ba8cff41aaaafec0982f29dcb1869c1ea61a6cb4
Only diff is that we keep original permission name so we can
continue to use upstream prebuilt microg for now
Change-Id: I394990d89ab427b94b04db7ca7e06206a476965b
---
core/res/AndroidManifest.xml | 5 +++
core/res/res/values/custom_strings.xml | 22 +++++++++++
.../com/android/server/pm/ComputerEngine.java | 37 ++++++++++++++++++-
3 files changed, 62 insertions(+), 2 deletions(-)
create mode 100644 core/res/res/values/custom_strings.xml
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index 7439b2f0921ff..9b89297348992 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -3534,6 +3534,11 @@
android:description="@string/permdesc_getPackageSize"
android:protectionLevel="normal" />
+ <!-- @hide Allows an application to change the package signature as
+ seen by applications -->
+ <permission android:name="android.permission.FAKE_PACKAGE_SIGNATURE"
+ android:protectionLevel="signature|privileged" />
+
<!-- @deprecated No longer useful, see
{@link android.content.pm.PackageManager#addPackageToPreferred}
for details. -->
diff --git a/core/res/res/values/custom_strings.xml b/core/res/res/values/custom_strings.xml
new file mode 100644
index 0000000000000..aa2d50b869fec
--- /dev/null
+++ b/core/res/res/values/custom_strings.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+/* //device/apps/common/assets/res/any/strings.xml
+**
+** Copyright 2006, The Android Open Source Project
+**
+** Licensed under the Apache License, Version 2.0 (the "License");
+** you may not use this file except in compliance with the License.
+** You may obtain a copy of the License at
+**
+** http://www.apache.org/licenses/LICENSE-2.0
+**
+** Unless required by applicable law or agreed to in writing, software
+** distributed under the License is distributed on an "AS IS" BASIS,
+** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+** See the License for the specific language governing permissions and
+** limitations under the License.
+*/
+-->
+<resources xmlns:xliff="urn:oasis:names:tc:xliff:document:1.2">
+
+</resources>
diff --git a/services/core/java/com/android/server/pm/ComputerEngine.java b/services/core/java/com/android/server/pm/ComputerEngine.java
index 259ca655d2b9f..d029fbf30d37a 100644
--- a/services/core/java/com/android/server/pm/ComputerEngine.java
+++ b/services/core/java/com/android/server/pm/ComputerEngine.java
@@ -426,6 +426,15 @@ protected ApplicationInfo androidApplication() {
return mLocalAndroidApplication;
}
+ /**
+ * The Google signature faked by microG.
+ */
+ private static final String MICROG_FAKE_SIGNATURE = "308204433082032ba003020102020900c2e08746644a308d300d06092a864886f70d01010405003074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f6964301e170d3038303832313233313333345a170d3336303130373233313333345a3074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f696430820120300d06092a864886f70d01010105000382010d00308201080282010100ab562e00d83ba208ae0a966f124e29da11f2ab56d08f58e2cca91303e9b754d372f640a71b1dcb130967624e4656a7776a92193db2e5bfb724a91e77188b0e6a47a43b33d9609b77183145ccdf7b2e586674c9e1565b1f4c6a5955bff251a63dabf9c55c27222252e875e4f8154a645f897168c0b1bfc612eabf785769bb34aa7984dc7e2ea2764cae8307d8c17154d7ee5f64a51a44a602c249054157dc02cd5f5c0e55fbef8519fbe327f0b1511692c5a06f19d18385f5c4dbc2d6b93f68cc2979c70e18ab93866b3bd5db8999552a0e3b4c99df58fb918bedc182ba35e003c1b4b10dd244a8ee24fffd333872ab5221985edab0fc0d0b145b6aa192858e79020103a381d93081d6301d0603551d0e04160414c77d8cc2211756259a7fd382df6be398e4d786a53081a60603551d2304819e30819b8014c77d8cc2211756259a7fd382df6be398e4d786a5a178a4763074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f6964820900c2e08746644a308d300c0603551d13040530030101ff300d06092a864886f70d010104050003820101006dd252ceef85302c360aaace939bcff2cca904bb5d7a1661f8ae46b2994204d0ff4a68c7ed1a531ec4595a623ce60763b167297a7ae35712c407f208f0cb109429124d7b106219c084ca3eb3f9ad5fb871ef92269a8be28bf16d44c8d9a08e6cb2f005bb3fe2cb96447e868e731076ad45b33f6009ea19c161e62641aa99271dfd5228c5c587875ddb7f452758d661f6cc0cccb7352e424cc4365c523532f7325137593c4ae341f4db41edda0d0b1071a7c440f0fe9ea01cb627ca674369d084bd2fd911ff06cdbf2cfa10dc0f893ae35762919048c7efc64c7144178342f70581c9de573af55b390dd7fdb9418631895d5f759f30112687ff621410c069308a";
+ /**
+ * List of packages which require signature spoofing.
+ */
+ private static final List<String> MICROG_FAKE_SIGNATURE_PACKAGES = List.of("com.google.android.gms", "com.android.vending");
+
ComputerEngine(PackageManagerService.Snapshot args, int version) {
mVersion = version;
mSettings = new Settings(args.settings);
@@ -1619,15 +1628,26 @@ public final PackageInfo generatePackageInfo(PackageStateInternal ps,
// Compute GIDs only if requested
final int[] gids = (flags & PackageManager.GET_GIDS) == 0 ? EMPTY_INT_ARRAY
: mPermissionManager.getGidsForUid(UserHandle.getUid(userId, ps.getAppId()));
+
+ // Allow microG GmsCore and FakeStore to spoof signature
+ final boolean isMicroG = MICROG_FAKE_SIGNATURE_PACKAGES.contains(p.getPackageName());
+
// Compute granted permissions only if package has requested permissions
- final Set<String> permissions = ((flags & PackageManager.GET_PERMISSIONS) == 0
- || ArrayUtils.isEmpty(p.getRequestedPermissions())) ? Collections.emptySet()
+ // or we matched a microg package
+ final Set<String> permissions = (((flags & PackageManager.GET_PERMISSIONS) == 0
+ || ArrayUtils.isEmpty(p.getRequestedPermissions()))
+ && !isMicroG)
+ ? Collections.emptySet()
: mPermissionManager.getGrantedPermissions(ps.getPackageName(), userId);
PackageInfo packageInfo = PackageInfoUtils.generate(p, gids, flags,
state.getFirstInstallTime(), ps.getLastUpdateTime(), permissions, state, userId,
ps);
+ if (isMicroG) {
+ packageInfo = mayFakeSignature(p, packageInfo, permissions);
+ }
+
if (packageInfo == null) {
return null;
}
@@ -1667,6 +1687,19 @@ public final PackageInfo generatePackageInfo(PackageStateInternal ps,
}
}
+ private PackageInfo mayFakeSignature(AndroidPackage p, PackageInfo pi,
+ Set<String> permissions) {
+ try {
+ if (permissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE")) {
+ pi.signatures = new Signature[] {new Signature(MICROG_FAKE_SIGNATURE)};
+ }
+ } catch (Throwable t) {
+ // We should never die because of any failures, this is system code!
+ Log.w("PackageManagerService.FAKE_PACKAGE_SIGNATURE", t);
+ }
+ return pi;
+ }
+
public final PackageInfo getPackageInfo(String packageName,
@PackageManager.PackageInfoFlagsBits long flags, int userId) {
return getPackageInfoInternal(packageName, PackageManager.VERSION_CODE_HIGHEST,

13
mondrian.xml
View File

@ -1,13 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<manifest>
<remote name="nyyu" fetch="https://git.nyyu.dev" />
<project name="lineage/android_device_samsung_mondrianwifi" path="device/samsung/mondrianwifi" remote="nyyu" revision="lineage-20" />
<project name="lineage/android_device_samsung_mondrianlte" path="device/samsung/mondrianlte" remote="nyyu" revision="lineage-20" />
<project name="lineage/android_kernel_samsung_msm8974" path="kernel/samsung/msm8974_tab" remote="nyyu" revision="lineage-20_pro" />
<project name="lineage/android_vendor_samsung_mondrianwifi" path="vendor/samsung/mondrianwifi" remote="nyyu" revision="lineage-20" />
<project name="lineage/android_vendor_samsung_mondrianlte" path="vendor/samsung/mondrianlte" remote="nyyu" revision="lineage-20" />
<project name="lineage/android_device_samsung_msm8974-common" path="device/samsung/msm8974-common" remote="nyyu" revision="lineage-20" />
<project name="LineageOS/android_device_samsung_qcom-common" path="device/samsung/qcom-common" remote="github" revision="lineage-20" />
<project name="LineageOS/android_hardware_samsung" path="hardware/samsung" remote="github" revision="lineage-20" />
<project name="lineage/proprietary_vendor_samsung" path="vendor/samsung" remote="nyyu" revision="lineage-20" />
</manifest>

22
mondrianwifi.xml Normal file
View File

@ -0,0 +1,22 @@
<?xml version="1.0" encoding="UTF-8"?>
<manifest>
<remote name="nyyu" fetch="https://git.nyyu.dev" />
<project name="lineage/android_device_samsung_mondrianwifi" path="device/samsung/mondrianwifi" remote="nyyu" />
<project name="lineage/android_kernel_samsung_msm8974" path="kernel/samsung/msm8974_tab" remote="nyyu" revision="lineage-18.1_pro" />
<project name="lineage/android_vendor_samsung_mondrianwifi" path="vendor/samsung/mondrianwifi" remote="nyyu" />
<project name="LineageOS/android_device_samsung_msm8974-common" path="device/samsung/msm8974-common" remote="github" />
<project name="LineageOS/android_device_samsung_qcom-common" path="device/samsung/qcom-common" remote="github" />
<project name="LineageOS/android_hardware_samsung" path="hardware/samsung" remote="github" />
<project name="LineageOS/android_hardware_sony_timekeep" path="hardware/sony/timekeep" remote="github" />
<project name="TheMuppets/proprietary_vendor_samsung" path="vendor/samsung" remote="github" />
<remove-project name="platform/prebuilts/clang/host/darwin-x86" />
<remove-project name="LineageOS/android_prebuilts_gcc_darwin-x86_aarch64_aarch64-linux-android-4.9" />
<remove-project name="LineageOS/android_prebuilts_gcc_darwin-x86_arm_arm-linux-androideabi-4.9" />
<remove-project name="platform/prebuilts/gcc/darwin-x86/host/i686-apple-darwin-4.2.1" />
<remove-project name="LineageOS/android_prebuilts_gcc_darwin-x86_x86_x86_64-linux-android-4.9" />
<remove-project name="platform/prebuilts/gdb/darwin-x86" />
<remove-project name="platform/prebuilts/go/darwin-x86" />
<remove-project name="platform/prebuilts/python/darwin-x86/2.7.5" />
</manifest>

83
snet20-1.patch
View File

@ -1,83 +0,0 @@
From c9a37a5a5a9e63fda74f6fcf45bc9f164957f295 Mon Sep 17 00:00:00 2001
From: Danny Lin <danny@kdrag0n.dev>
Date: Wed, 7 Oct 2020 00:24:54 -0700
Subject: [PATCH] XXXHIDEXXX init: Set properties to make SafetyNet pass
Google's SafetyNet integrity checks will check the values of these
properties when performing basic attestation. Setting fake values helps
us pass basic SafetyNet with no Magisk Hide or kernel patches necessary.
Note that these properties need to be set very early, before parsing the
kernel command-line, as they are read-only properties that the bootloader
sets using androidboot kernel arguments. The bootloader's real values
cause SafetyNet to fail with an unlocked bootloader and/or custom
software because the verified boot chain is broken in that case.
Change-Id: I66d23fd91d82906b00d5eb020668f01ae83ec31f
fastboot: Revert to Android 11 method of checking lock status
Now that we're setting system-wide properties for SafetyNet, which
includes ro.boot.verifiedbootstate=green, fastbootd always detects the
bootloader as being locked. Revert to the Android 11 method of reading
directly from the kernel cmdline to work arround the issue.
- Also don't set these in recovery
Change-Id: I57f6d48acddb29748778053edf354d7bd8994bd7
---
fastboot/device/utility.cpp | 7 ++++++-
init/property_service.cpp | 15 +++++++++++++++
2 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/fastboot/device/utility.cpp b/fastboot/device/utility.cpp
index 3302c4310c9..a14eea37662 100644
--- a/fastboot/device/utility.cpp
+++ b/fastboot/device/utility.cpp
@@ -196,7 +196,12 @@ std::vector<std::string> ListPartitions(FastbootDevice* device) {
}
bool GetDeviceLockStatus() {
- return android::base::GetProperty("ro.boot.verifiedbootstate", "") != "orange";
+ std::string cmdline;
+ // Return lock status true if unable to read kernel command line.
+ if (!android::base::ReadFileToString("/proc/cmdline", &cmdline)) {
+ return true;
+ }
+ return cmdline.find("androidboot.verifiedbootstate=orange") == std::string::npos;
}
bool UpdateAllPartitionMetadata(FastbootDevice* device, const std::string& super_name,
diff --git a/init/property_service.cpp b/init/property_service.cpp
index 9f7c21543e9..d1e802cca19 100644
--- a/init/property_service.cpp
+++ b/init/property_service.cpp
@@ -1282,6 +1282,13 @@ static void ProcessBootconfig() {
});
}
+static void SetSafetyNetProps() {
+ InitPropertySet("ro.boot.flash.locked", "1");
+ InitPropertySet("ro.boot.verifiedbootstate", "green");
+ InitPropertySet("ro.boot.veritymode", "enforcing");
+ InitPropertySet("ro.boot.vbmeta.device_state", "locked");
+}
+
void PropertyInit() {
selinux_callback cb;
cb.func_audit = PropertyAuditCallback;
@@ -1296,6 +1303,14 @@ void PropertyInit() {
LOG(FATAL) << "Failed to load serialized property info file";
}
+ // Report a valid verified boot chain to make Google SafetyNet integrity
+ // checks pass. This needs to be done before parsing the kernel cmdline as
+ // these properties are read-only and will be set to invalid values with
+ // androidboot cmdline arguments.
+ if (!IsRecoveryMode()) {
+ SetSafetyNetProps();
+ }
+
// If arguments are passed both on the command line and in DT,
// properties set in DT always have priority over the command-line ones.
ProcessKernelDt();

138
snet20-2.patch
View File

@ -1,138 +0,0 @@
From 3db46053ca0547c175fa591075a67b8d76c4b906 Mon Sep 17 00:00:00 2001
From: Danny Lin <danny@kdrag0n.dev>
Date: Mon, 11 Oct 2021 19:59:51 -0700
Subject: [PATCH] XXXHIDEXXX Alter model name to avoid SafetyNet HW attestation
enforcement
As of September 2, Google is enforcing SafetyNet's previously
opportunistic hardware-backed attestation based on device information.
Append a space to the device model name in order to avoid such
enforcement.
Also contains:
Spoof build fingerprint for Google Play Services
SafetyNet's CTS profile attestation checks whether Build.FINGERPRINT
matches that of the device's stock OS, which has passed CTS testing.
Spoof the fingerprint for Google Play Services to help pass SafetyNet.
We used to set the real system build fingerprint to the stock one, but
Android relies on each build having a unique fingerprint in order to
clear the correct caches and update persistent state for system changes.
On devices that no longer receive updates from the OEM, the build
fingerprint never changes and Android doesn't account for updates
correctly, which causes issues when updating without wiping data.
Only spoofing the fingerprint for Google Play Services fixes this issue.
Corresponding vendor commit:
"Only use stock build fingerprint for Google Play Services"
NB: This code is under the gmscompat package, but it does not depend on
any code from gmscompat.
Change-Id: I26a2498eb2e2163933303b03f6d516e5fb30fe51
* We don't need to spoof the fingerprint here since we do it globally, but we
use the Build field spoofing code it added for model
Change-Id: Ib7779e0aae40cab3730a56785e9231896917ab0a
---
core/java/android/app/Instrumentation.java | 4 ++
.../internal/gmscompat/AttestationHooks.java | 59 +++++++++++++++++++
2 files changed, 63 insertions(+)
create mode 100644 core/java/com/android/internal/gmscompat/AttestationHooks.java
diff --git a/core/java/android/app/Instrumentation.java b/core/java/android/app/Instrumentation.java
index 8984c4292023..58258acaef97 100644
--- a/core/java/android/app/Instrumentation.java
+++ b/core/java/android/app/Instrumentation.java
@@ -57,6 +57,8 @@
import com.android.internal.content.ReferrerIntent;
+import com.android.internal.gmscompat.AttestationHooks;
+
import java.io.File;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
@@ -1231,6 +1233,7 @@ public Application newApplication(ClassLoader cl, String className, Context cont
Application app = getFactory(context.getPackageName())
.instantiateApplication(cl, className);
app.attach(context);
+ AttestationHooks.initApplicationBeforeOnCreate(app);
return app;
}
@@ -1248,6 +1251,7 @@ static public Application newApplication(Class<?> clazz, Context context)
ClassNotFoundException {
Application app = (Application)clazz.newInstance();
app.attach(context);
+ AttestationHooks.initApplicationBeforeOnCreate(app);
return app;
}
diff --git a/core/java/com/android/internal/gmscompat/AttestationHooks.java b/core/java/com/android/internal/gmscompat/AttestationHooks.java
new file mode 100644
index 000000000000..621156eb84b9
--- /dev/null
+++ b/core/java/com/android/internal/gmscompat/AttestationHooks.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.internal.gmscompat;
+
+import android.app.Application;
+import android.os.Build;
+import android.os.SystemProperties;
+import android.util.Log;
+
+import java.lang.reflect.Field;
+
+/** @hide */
+public final class AttestationHooks {
+ private static final String TAG = "GmsCompat/Attestation";
+ private static final String PACKAGE_GMS = "com.google.android.gms";
+
+ private AttestationHooks() { }
+
+ private static void setBuildField(String key, String value) {
+ try {
+ // Unlock
+ Field field = Build.class.getDeclaredField(key);
+ field.setAccessible(true);
+
+ // Edit
+ field.set(null, value);
+
+ // Lock
+ field.setAccessible(false);
+ } catch (NoSuchFieldException | IllegalAccessException e) {
+ Log.e(TAG, "Failed to spoof Build." + key, e);
+ }
+ }
+
+ private static void spoofBuildGms() {
+ // Alter model name to avoid hardware attestation enforcement
+ setBuildField("MODEL", Build.MODEL + " ");
+ }
+
+ public static void initApplicationBeforeOnCreate(Application app) {
+ if (PACKAGE_GMS.equals(app.getPackageName())) {
+ spoofBuildGms();
+ }
+ }
+}

91
snet20-3.patch
View File

@ -1,91 +0,0 @@
From ae57183500bb34032ec426fcae2b9a14e028ce12 Mon Sep 17 00:00:00 2001
From: Danny Lin <danny@kdrag0n.dev>
Date: Mon, 11 Oct 2021 20:00:44 -0700
Subject: [PATCH] XXXHIDEXXX keystore: Block key attestation for SafetyNet
SafetyNet (part of Google Play Services) opportunistically uses
hardware-backed key attestation via KeyStore as a strong integrity
check. This causes SafetyNet to fail on custom ROMs because the verified
boot key and bootloader unlock state can be detected from attestation
certificates.
As a workaround, we can take advantage of the fact that SafetyNet's
usage of key attestation is opportunistic (i.e. falls back to basic
integrity checks if it fails) and prevent it from getting the
attestation certificate chain from KeyStore. This is done by checking
the stack for DroidGuard, which is the codename for SafetyNet, and
pretending that the device doesn't support key attestation.
Key attestation has only been blocked for SafetyNet specifically, as
Google Play Services and other apps have many valid reasons to use it.
For example, it appears to be involved in Google's mobile security key
ferature.
Change-Id: I5146439d47f42dc6231cb45c4dab9f61540056f6
---
.../internal/gmscompat/AttestationHooks.java | 16 ++++++++++++++++
.../security/keystore2/AndroidKeyStoreSpi.java | 3 +++
2 files changed, 19 insertions(+)
diff --git a/core/java/com/android/internal/gmscompat/AttestationHooks.java b/core/java/com/android/internal/gmscompat/AttestationHooks.java
index 621156eb84b9..fe12dfe02a9f 100644
--- a/core/java/com/android/internal/gmscompat/AttestationHooks.java
+++ b/core/java/com/android/internal/gmscompat/AttestationHooks.java
@@ -22,12 +22,15 @@
import android.util.Log;
import java.lang.reflect.Field;
+import java.util.Arrays;
/** @hide */
public final class AttestationHooks {
private static final String TAG = "GmsCompat/Attestation";
private static final String PACKAGE_GMS = "com.google.android.gms";
+ private static volatile boolean sIsGms = false;
+
private AttestationHooks() { }
private static void setBuildField(String key, String value) {
@@ -53,7 +56,20 @@ private static void spoofBuildGms() {
public static void initApplicationBeforeOnCreate(Application app) {
if (PACKAGE_GMS.equals(app.getPackageName())) {
+ sIsGms = true;
spoofBuildGms();
}
}
+
+ private static boolean isCallerSafetyNet() {
+ return Arrays.stream(Thread.currentThread().getStackTrace())
+ .anyMatch(elem -> elem.getClassName().contains("DroidGuard"));
+ }
+
+ public static void onEngineGetCertificateChain() {
+ // Check stack for SafetyNet
+ if (sIsGms && isCallerSafetyNet()) {
+ throw new UnsupportedOperationException();
+ }
+ }
}
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java
index 33411e1ec5b9..133a4094d434 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java
@@ -42,6 +42,7 @@
import android.util.Log;
import com.android.internal.annotations.VisibleForTesting;
+import com.android.internal.gmscompat.AttestationHooks;
import java.io.ByteArrayInputStream;
import java.io.IOException;
@@ -164,6 +165,8 @@ private KeyEntryResponse getKeyMetadata(String alias) {
@Override
public Certificate[] engineGetCertificateChain(String alias) {
+ AttestationHooks.onEngineGetCertificateChain();
+
KeyEntryResponse response = getKeyMetadata(alias);
if (response == null || response.metadata.certificate == null) {

74
sync.sh Executable file → Normal file
View File

@ -1,52 +1,34 @@
#!/bin/bash -e
# shellcheck disable=SC2250,SC2154,SC2086,SC2207,SC2016
#!/bin/bash
TOPDIR=$(pwd)
changelog=${TOPDIR}/changelog-${device}-${version}.md
repo sync -q -c -j 6 --fail-fast --force-sync --no-tags || repo sync -q -c -j 6 --fail-fast --force-sync --no-tags || exit 1
declare -A before
tmp=($(repo forall -c 'echo "${REPO_PATH}:$(git rev-parse HEAD)"'))
for i in "${tmp[@]}"; do
IFS=: read -r folder commit <<<"${i}"
before[${folder}]=${commit}
done
cd build/tools
git am $CI_WORKSPACE/fix-store-build-prop-zip.patch || git am --abort
cd $TOPDIR
repo sync -q -c -j 6 --fail-fast --force-sync --no-tags
cd packages/apps/LineageParts
git am $CI_WORKSPACE/fix-always-enable-taskbar-toggle.patch || git am --abort
cd $TOPDIR
echo -e "# Build $(date '+%Y-%m-%d %H:%M:%S') UTC\n" >>"${changelog}"
cd packages/apps/Trebuchet
git am $CI_WORKSPACE/fix-enable-more-grids-for-tablet.patch || git am --abort
git am $CI_WORKSPACE/fix-trebuchet-taskbar.patch || git am --abort
cd $TOPDIR
#bluetooth
cd packages/modules/Bluetooth
git am $CI_WORKSPACE/fix-bt-le.patch || git am --abort
cd $TOPDIR
#connectivity
cd packages/modules/Connectivity
git am $CI_WORKSPACE/fix-NetworkStats-disable-BPF.patch || git am --abort
cd $TOPDIR
#av
cd frameworks/av
git am $CI_WORKSPACE/fix-rear-camera-rotation.patch || git am --abort
cd $TOPDIR
#safetynet
cd system/core
#334348
git am $CI_WORKSPACE/snet20-1.patch || git am --abort
cd $TOPDIR
cd frameworks/base
#334343 334344
git am $CI_WORKSPACE/snet20-2.patch || git am --abort
git am $CI_WORKSPACE/snet20-3.patch || git am --abort
git am $CI_WORKSPACE/microg.patch || git am --abort
cd $TOPDIR
cd hardware/qcom-caf/wlan
git reset --hard e0f934b
cd $TOPDIR
#. build/envsetup.sh
#repopick
tmp=($(repo forall -c 'echo "${REPO_PATH}:$(git rev-parse --short HEAD)"'))
for i in "${tmp[@]}"; do
IFS=: read -r folder commit <<<"${i}"
if [[ "${folder}" != lineage/* && "${before[${folder}]}" != "${commit}" ]]; then
cd "${folder}" || continue
log=$(git --no-pager log --pretty=format:"- %s" "${before[${folder}]}".."${commit}")
if [[ $(echo -n "$log" | wc -c) != 0 ]]; then
{
echo "## ${folder} ${before[${folder}]}..${commit}"
echo "$log"
echo
} >>"${changelog}"
fi
cd "${TOPDIR}" || continue
fi
done
echo -e "\n" >>"${changelog}"
cat "${changelog}"