├── .gitignore ├── README.md ├── build_sargo.sh ├── clean_sargo.sh ├── local_manifests ├── custom_packages.xml └── muppets-hal.xml └── userscripts ├── before.sh ├── include-opengapps-pico.patch └── unused_patches ├── disable-selinux.patch ├── dont-enforce-rro.patch └── test_patches ├── 0001-Don-t-build-in-euicc-esim-supportx.patch ├── 0001-Remove-esim-euicc-support-Crashes-carrier-services.patch ├── 0001-Revert-init-only-provide-control-message-results-for.patch ├── 0002-Revert-Reland-2-init-run-property-service-in-a-threa.patch ├── disable-bluetooth-sap.patch └── frameworks-changes.patch /.gitignore: -------------------------------------------------------------------------------- 1 | ccache 2 | logs 3 | src 4 | userscripts/test_patches 5 | zips 6 | mass_build_sargo.sh -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | # Build LineageOS 17.1 for the Pixel 3a aka sargo 3 | 4 | Installation instructions can be found below as well. 5 | 6 | These instructions will also likely work for the Pixel 3a XL aka bonito with some modification. 7 | 8 | There are two ways to build, the easy way and the hard way. The easy way uses a docker image as the build environment and applies functionality patches and optionally patches for microg support. This is the recommend way as the build dependency versions your linux distro provides may cause unexpected issues. 9 | 10 | The hard way requires you to set up your own build environment and apply the patches manually. You may want to choose this route if you want to familiarize yourself with AOSP, lineaseos, and the build process. If you choose this route I suggest using Debian Stretch. 11 | 12 | _At the bottom of this page are some troubleshooting and debug instructions_ 13 | 14 | # Get adb and fastboot 15 | _Required for both the easy and hard ways_ 16 | the platform tools provided by distros is often wayyyy out of date. We have to grab the binaries ourselves. 17 | 18 | get adb and fastboot from google https://dl.google.com/android/repository/platform-tools-latest-linux.zip 19 | cd to your home directory, and extract them: `unzip platform-tools-latest-linux.zip -d ~` 20 | and add them to your path by adding the following to your `~/.profile` 21 | ``` 22 | # add Android SDK platform tools to path 23 | if [ -d "$HOME/platform-tools" ] ; then 24 | PATH="$HOME/platform-tools:$PATH" 25 | fi 26 | ``` 27 | 28 | and run `source ~/.profile` 29 | 30 | 31 | # Build lineageos 17.1 for pixel 3a (sargo) docker aka the easy way 32 | 33 | This uses https://github.com/SolidHal/docker-lineage-cicd/ which automates the build. 34 | 35 | Install docker for your OS. Instructions can be found on the docker website. 36 | 37 | clone a copy of the repo 38 | 39 | ``` 40 | cd ~/ 41 | mkdir lineage-docker-solidhal 42 | cd lineage-docker-solidhal 43 | git clone https://github.com/SolidHal/docker-lineage-cicd.git . 44 | ``` 45 | 46 | and build the docker image 47 | 48 | ``` 49 | docker build --tag solidhal/docker-lineage-cicd . 50 | ``` 51 | 52 | Now clone a copy of this repo if you haven't already 53 | 54 | ``` 55 | cd ~/ 56 | mkdir lineage-sargo 57 | cd lineage-sargo 58 | git clone https://github.com/SolidHal/Build-lineageos-sargo.git . 59 | ``` 60 | 61 | make the directories we will pass into the docker: 62 | ``` 63 | mkdir src zips logs ccache 64 | ``` 65 | and the a directory for your signing keys. If you already have these, you can skip this step 66 | ``` 67 | mkdir ~/.android-certs 68 | ``` 69 | 70 | now we can build. 71 | 72 | `build_sargo.sh` builds lineageos with support for signature spoofing and other location providers both of which are required for microg and unifiedNLP support. 73 | It also includes the f-droid privileged extension, which allows f-droid to be used without the "unknown sources" permission and allows for a cleaner app install process. 74 | 75 | The script `before.sh` in `userscripts` applies a handful of patches to fix a bootloop, improve battery life, and fix bluetooth 76 | 77 | If all of that sounds good, you can build by running 78 | ``` 79 | ./build_sargo.sh 80 | ``` 81 | this will take over an hour most likely, especially the first time. 82 | 83 | you can watch the progress by reading the logs in `logs`. 84 | The repo log is the process of syncing all of the repos. When that is complete, a second log in the `logs/sargo` directory will track the build progress. 85 | 86 | when the build is complete, you can find the lineageos zip and the `boot.img` in `zips/sargo` 87 | 88 | ### Install 89 | _Install instructions can be found farther down this readme_ 90 | 91 | ### Customization 92 | 93 | if you don't have any interest in microg, you can remove `SIGNATURE_SPOOFING` and `SUPPORT_UNIFIEDNLP`. 94 | 95 | Additional environment variables can be added to the script to further customize the build. See https://github.com/SolidHal/docker-lineage-cicd/ for a list 96 | 97 | 98 | # Build lineageos 17.1 for pixel 3a (sargo) no docker aka the hard way 99 | This is more difficult, as you have to setup the environment yourself. It is also less reliable as build dependencies can cause unknown issues depending on the version your distro provides. 100 | 101 | 102 | Basing these instructions off of https://wiki.lineageos.org/devices/sailfish/build with modifications for the pixel 3a aka sargo 103 | 104 | Note that while the pixel 3a is codenamed `sargo`, it is very closely related to the pixel 3a XL codenamed `bonito`. Because of this, 105 | most of the files we care about are actually under `bonito` directories. This is important to keep in mind if you want to modify this process. 106 | 107 | ## Setup build enviroment 108 | 109 | In my experience, over 16GB of RAM + swap is needed to build. 110 | I have 16GB of ram but my first build failed because I only had 2GB of swap :( 111 | If you get a random failure in the build process, because something was "killed" low memeory is likely why 112 | I needed over 8GB of swap, ended up using 16GB 113 | 114 | Guides all over the internet can tell you how to grow your swap, but to start you can check it with: 115 | `free -h` 116 | 117 | You also need about 150-200GB of free disk space. 118 | 119 | 120 | install the repo command 121 | 122 | ``` 123 | curl https://storage.googleapis.com/git-repo-downloads/repo > /usr/bin/repo 124 | chmod a+x /usr/bin/repo 125 | ``` 126 | 127 | ## Setup sources 128 | make and enter a desired source directory 129 | 130 | ``` 131 | cd ~/android/lineage 132 | repo init -u https://github.com/LineageOS/android.git -b lineage-17.1 133 | ``` 134 | 135 | 136 | and now let repo grab all of the sources 137 | 138 | `repo sync` 139 | 140 | if that fails, you may have to run the following to clear any conflicts: 141 | 142 | ``` 143 | repo sync --force-sync 144 | ``` 145 | 146 | now download the device specific config and kernel: 147 | 148 | ``` 149 | source build/envsetup.sh 150 | breakfast sargo 151 | ``` 152 | 153 | ### proprietary blobs 154 | these are unfortunately required, there is no android phone without some proprietary blobs. 155 | we have to specifiy them explicitly because they are not provided by lineageos for potential copyright issues. 156 | 157 | add the following to `.repo/local_manifests/muppets.xml` 158 | ``` 159 | 160 | 161 | 162 | 163 | ``` 164 | 165 | and run `repo sync` 166 | to get the proprietary blobs. 167 | 168 | 169 | 170 | now to patch in signature spoofing and add the fdroid privileged extension: 171 | 172 | ### Fdroid & microg 173 | include the fdroid privileged extension in the build. This combined with the fdroid.apk will allow us to securely install microg from the supported fdroid repo. 174 | information on this process can be found here: https://gitlab.com/fdroid/privileged-extension/#f-droid-privileged-extension 175 | 176 | make a file called `fdroid_extension.xml` in `.repo/local_manifests` and add the following to it: 177 | ``` 178 | 179 | 180 | 181 | 182 | 185 | 186 | 187 | ``` 188 | note that when fdroid privileged extension is updated the revision (0.2.11) will need to be updated to build the new version into lineageos 189 | 190 | now run `repo sync` again to pull in the fdroid privileged extension files 191 | 192 | Next to actually include it in the build, add `F-DroidPrivilegedExtension` to the `PRODUCT_PACKAGES` list in `device/google/bonito/device-common.mk` 193 | ``` 194 | PRODUCT_PACKAGES += \ 195 | F-DroidPrivilegedExtension \ 196 | ``` 197 | 198 | after bootup, we can then install fdroid, and then installing the microg apks from there. This is the "supported" method of microg inclusion. 199 | This also provides the benefit of having a microg-free ROM if desired. 200 | 201 | 202 | *NOTE: if you run repo sync after this point, you will have to re apply the patches* 203 | 204 | _Patches can be found in the following places 205 | Signature Spoofing: 206 | _ 207 | 208 | ### Signature Spoofing patch for android 10 209 | to take advantage of microg, we need to allow signature spoofing. 210 | 211 | The patch can be found here https://github.com/SolidHal/docker-lineage-cicd/tree/master/src/signature_spoofing_patches 212 | ``` 213 | cd frameworks/base/core 214 | patch -p1 < sig_spoofing_patch/android_frameworks_base-Q.patch 215 | ``` 216 | 217 | 218 | ### UnifiedNLP patch 219 | The patch can be found here https://github.com/SolidHal/docker-lineage-cicd/tree/master/src/location_services_patches 220 | ``` 221 | cd frameworks/base/core` 222 | patch -p1 < location_patch/android_frameworks_base-Q.patch 223 | ``` 224 | 225 | ### msm patches 226 | there is one patch to prevent a bootloop that has not yet been merged. Lets cherry pick it now. 227 | 228 | `cd kernel/google/msm-4.9` 229 | `git fetch "https://github.com/LineageOS/android_kernel_google_msm-4.9" refs/changes/27/263927/2 && git cherry-pick FETCH_HEAD` 230 | 231 | ### bluetooth patch 232 | bluetooth is currently broken due to hal_bluetooth_default lacking some permissions, cherry pick the patch. This may get merged, making this step unnecessary: 233 | ``` 234 | cd device/google/bonito 235 | git fetch "https://github.com/LineageOS/android_device_google_bonito" refs/changes/45/268545/1 && git cherry-pick FETCH_HEAD 236 | ``` 237 | 238 | ### battery life improvement patch 239 | this may also get merged at some point 240 | 241 | ``` 242 | cd kernel/google/msm-4.9 243 | git fetch "https://github.com/LineageOS/android_kernel_google_msm-4.9" refs/changes/40/263940/1 && git cherry-pick FETCH_HEAD 244 | ``` 245 | 246 | Now we can get back to building. 247 | 248 | ## ccache 249 | setup ccache, I highly recommend this. Android takes a very long time to build (>1 hour). This _greatly_ speeds up subsequent builds: 250 | 251 | run: 252 | ``` 253 | export USE_CCACHE=1 254 | ``` 255 | and add that line to your `~/.bashrc` 256 | 257 | and choose a size for your ccache. The wiki recommends 50G but I went with 75G to be safe. 258 | ``` 259 | ccache -M 75G 260 | ``` 261 | 262 | ## build 263 | And finally, start the build. This will take a while. 264 | ``` 265 | croot 266 | brunch sargo 267 | ``` 268 | 269 | you can find the build results in `$OUT` which is 270 | ``` 271 | croot 272 | cd out/target/product/sargo 273 | ``` 274 | 275 | inside you'll find the `lineage-17.1-XXXXXXXX-UNOFFICIAL-sargo.zip` 276 | 277 | # Install 278 | 279 | Plug your phone into you computer, power it off, and hold down `power` + `volume down` to boot into the bootloader 280 | 281 | make sure your bootloader is unlocked. You can unlock it by running: 282 | `fastboot flashing unlock` 283 | accept the bootloader unlock, and reboot into bootloader 284 | 285 | Now to flash the recovery image we built, which is part of the boot.img 286 | for the hard way, the boot.img is located in ``out/target/product/sargo` 287 | for the easy way it is along with your lineageos image in `zips` 288 | 289 | flash boot.img by running: 290 | `fastboot flash boot boot.img` 291 | 292 | reboot into the bootloader and boot into recovery by using volume up or volume down in the bootloader 293 | Do a factory wipe of user data to avoid any issues. 294 | Next choose `Apply update from adb` 295 | Locate your built lineageos.zip and sideload it 296 | `adb sideload lineage-17.1*.zip` 297 | 298 | it will get stuck at 47% for a bit, just give it a few minutes 299 | When it is done, you will be back at the android recovery screen 300 | choose "Reboot System Now" 301 | 302 | 303 | # Fdroid and microg setup 304 | Right now you need an alpha version of fdroid to function with the privileged extension on Android 10 305 | get version `1.8-alpha1` or newer 306 | 307 | Once installed, add the microg fdroid repo. A quick search will lead you to it. 308 | 309 | Install microg services core, microg services framework proxy, fakestore, and a unified nlp backend. 310 | 311 | I found for installing microg services, I still had to give fdroid unknown sources permission. This doesn't seem to happen with any other app from fdroid. 312 | 313 | Open the microg app, give it the permissions it requests and then in the self check tap "system grants signature spoofing permission" and grant it signature spoofing 314 | 315 | Now we have to grant unified nlp location permissions. This is done easily from adb root 316 | 317 | enable adb and root adb in developer options, plug in your phone, and run: 318 | 319 | ``` 320 | adb root 321 | adb shell 322 | ``` 323 | then run the following in the adb shell 324 | ``` 325 | pm grant com.google.android.gms android.permission.ACCESS_FINE_LOCATION 326 | pm grant com.google.android.gms android.permission.ACCESS_COARSE_LOCATION 327 | ``` 328 | 329 | Finally, grant the fakestore signature spoofing permissions 330 | 331 | ``` 332 | pm grant com.android.vending android.permission.FAKE_PACKAGE_SIGNATURE 333 | ``` 334 | 335 | and reboot your phone 336 | you can now disable developer options 337 | 338 | Further troubleshooting information can be found here https://old.reddit.com/r/MicroG/wiki/issues 339 | 340 | # Debug build 341 | useful for debugging bootloops, provides access to adb functions like `adb logcat` right away. 342 | 343 | ### docker 344 | TODO 345 | 346 | ### no docker 347 | to build a debug eng image on lineageos do the following: 348 | `TARGET_BUILD_TYPE=debug breakfast sargo eng` 349 | `TARGET_BUILD_TYPE=debug brunch sargo eng` 350 | 351 | sideload the `lineage-17.1-XXXXXXXX-UNOFFICIAL-sargo.zip` like a usual build 352 | 353 | ### fastboot usage 354 | sargo is an A/B device, so you can flash either slot_a or slot_b by adding `_b` to the partition 355 | example for boot: 356 | ``` 357 | fastboot flash boot_a boot.img 358 | fastboot flash boot_b boot.img 359 | ``` 360 | 361 | ### Troubleshooting: 362 | 363 | at some point, I got stuck where I couldn't get into recovery from the bootloader. 364 | 365 | to get out I took the following from `out/target/product/sargo` and flashed them. 366 | flash `boot.img`, `dtbo.img`, `vbmeta.img` 367 | ``` 368 | fastboot flash boot boot.img 369 | fastboot flash dtbo dtbo.img 370 | fastboot flash vbmeta vbmeta.img 371 | fastboot reboot bootloader 372 | ``` 373 | then use the volume keys to choose "recovery" and boot to recovery 374 | 375 | wipe the data and system partitions 376 | 377 | 378 | ### how to debug selinux issues 379 | 380 | To test if selinux is at fault, you can apply the selinux-permissive.patch, build, and see if it is fixed 381 | 382 | check if selinux is permissive or enforcing: 383 | ``` 384 | adb root 385 | adb shell 386 | getenforce 387 | ``` 388 | 389 | in permissive mode, it will log the requests that would be denied if enforcing 390 | you can see all of the requests the sepolicy has denied by running 391 | ``` 392 | adb shell dmesg | grep denied 393 | ``` 394 | 395 | find the policy file, which end in `.te` in `device///sepolicy` or `sepolicy-lineage` 396 | 397 | you can used the old audit2allow.perl, which will turn the denieds into policies to add the the policy file 398 | 399 | get the perl script: 400 | `wget https://github.com/OpenDarwin-CVS/SEDarwin/raw/master/sedarwin7/src/sedarwin/policycoreutils/audit2allow/audit2allow.perl` 401 | give it execution permissions: 402 | `sudo chmod +x audit2allow.perl` 403 | and then run it like this: 404 | `adb shell dmesg | grep denied | perl ~/android/audit2allow.perl` 405 | 406 | this page has some information, but some of it is outdated right now https://source.android.com/security/selinux/implement 407 | 408 | ### Flashing the stock google rom 409 | 410 | the latest factory image for the 3a from here 411 | https://developers.google.com/android/images 412 | 413 | extract and run `flash-all.sh` 414 | 415 | ### Additional information I stumbled upon during this process: 416 | tried to setup debug using somgthing like this: https://groups.google.com/forum/#!topic/mozilla.dev.b2g/epQ6qhIFZ50 417 | unpacking the boot.img with with this https://github.com/xiaolu/mkbootimg_tools 418 | but that didn't work 419 | https://source.android.com/compatibility/vts/vts-on-gsi 420 | -------------------------------------------------------------------------------- /build_sargo.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | docker run \ 4 | -e "BRANCH_NAME=lineage-18.1" \ 5 | -e "DEVICE_LIST=sargo" \ 6 | -e "INCLUDE_PROPRIETARY=false" \ 7 | -e "CLEAN_AFTER_BUILD=false" \ 8 | -e "SIGN_BUILDS=true" \ 9 | -e "SIGNATURE_SPOOFING=yes" \ 10 | -e "CUSTOM_PACKAGES=GmsCore GsfProxy FakeStore FDroid FDroidPrivilegedExtension AndroidAuto" \ 11 | -v "$PWD/src:/srv/src" \ 12 | -v "$PWD/zips:/srv/zips" \ 13 | -v "$PWD/logs:/srv/logs" \ 14 | -v "$PWD/ccache:/srv/ccache" \ 15 | -v "$PWD/local_manifests:/srv/local_manifests" \ 16 | -v "$PWD/userscripts:/srv/userscripts" \ 17 | -v "$HOME/.android-certs:/srv/keys" \ 18 | solidhal/docker-lineage-cicd 19 | 20 | # Keep the android signing keys in the home directory to avoid accidentally including in a git commit 21 | 22 | # we don't include proprietary, and instead specify the proprietary repos in local_manifests because lineageos 17.1 isn't supported in the default proprietary repos. 23 | 24 | 25 | -------------------------------------------------------------------------------- /clean_sargo.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | rm -rf zips/sargo/* 4 | rm -rf logs/* -------------------------------------------------------------------------------- /local_manifests/custom_packages.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | -------------------------------------------------------------------------------- /local_manifests/muppets-hal.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | -------------------------------------------------------------------------------- /userscripts/before.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # # Apply patch to increase CONFIG_HZ to 1000 to improve performance and decrease power usage 4 | # # see https://source.android.com/devices/tech/debug/jank_jitter for source 5 | # cd kernel/google/msm-4.9 6 | # git fetch "https://github.com/LineageOS/android_kernel_google_msm-4.9" refs/changes/40/263940/1 && git cherry-pick FETCH_HEAD 7 | # cd ../../.. 8 | 9 | #used to build in opengapps if desired 10 | # cd device/google/bonito 11 | # patch -p1 < /srv/userscripts/include-opengapps-pico.patch 12 | # git commit -a -m 'build in opengapps pico' 13 | # cd ../../.. 14 | -------------------------------------------------------------------------------- /userscripts/include-opengapps-pico.patch: -------------------------------------------------------------------------------- 1 | diff --git a/device.mk b/device.mk 2 | index 65eb7052..14659094 100644 3 | --- a/device.mk 4 | +++ b/device.mk 5 | @@ -14,6 +14,8 @@ 6 | # limitations under the License. 7 | # 8 | 9 | +GAPPS_VARIANT := pico 10 | +GAPPS_EXCLUDED_PACKAGES := CarrierServices 11 | TARGET_CHIPSET := sdm710 12 | 13 | PRODUCT_SOONG_NAMESPACES += \ 14 | @@ -870,3 +872,5 @@ PRODUCT_PRODUCT_PROPERTIES += \ 15 | # Increment the SVN for any official public releases 16 | PRODUCT_PROPERTY_OVERRIDES += \ 17 | ro.vendor.build.svn=20 18 | + 19 | +$(call inherit-product, vendor/opengapps/build/opengapps-packages.mk) 20 | -------------------------------------------------------------------------------- /userscripts/unused_patches/disable-selinux.patch: -------------------------------------------------------------------------------- 1 | diff --git a/BoardConfig-common.mk b/BoardConfig-common.mk 2 | index 98d2b188..6bb70daf 100644 3 | --- a/BoardConfig-common.mk 4 | +++ b/BoardConfig-common.mk 5 | @@ -49,6 +49,7 @@ BOARD_KERNEL_CMDLINE += cgroup.memory=nokmem 6 | BOARD_KERNEL_CMDLINE += lpm_levels.sleep_disabled=1 7 | BOARD_KERNEL_CMDLINE += loop.max_part=7 8 | BOARD_KERNEL_CMDLINE += androidboot.boot_devices=soc/7c4000.sdhci 9 | +BOARD_KERNEL_CMDLINE += androidboot.selinux=permissive 10 | 11 | BOARD_KERNEL_BASE := 0x00000000 12 | BOARD_KERNEL_PAGESIZE := 4096 13 | -------------------------------------------------------------------------------- /userscripts/unused_patches/dont-enforce-rro.patch: -------------------------------------------------------------------------------- 1 | diff --git a/device.mk b/device.mk 2 | index c1d7dd42..762e232e 100644 3 | --- a/device.mk 4 | +++ b/device.mk 5 | @@ -679,7 +679,7 @@ PRODUCT_PROPERTY_OVERRIDES += \ 6 | PRODUCT_PACKAGES += \ 7 | vndk-sp 8 | 9 | -PRODUCT_ENFORCE_RRO_TARGETS := * 10 | +# PRODUCT_ENFORCE_RRO_TARGETS := * 11 | 12 | # Override heap growth limit due to high display density on device 13 | PRODUCT_PROPERTY_OVERRIDES += \ 14 | -------------------------------------------------------------------------------- /userscripts/unused_patches/test_patches/0001-Don-t-build-in-euicc-esim-supportx.patch: -------------------------------------------------------------------------------- 1 | From 6ebec46d749f5e00639e2afd0c2ab7d926ec2087 Mon Sep 17 00:00:00 2001 2 | From: SolidHal 3 | Date: Mon, 23 Mar 2020 16:32:21 -0700 4 | Subject: [PATCH] Don't build in euicc/esim supportx 5 | 6 | Change-Id: Ia3d36474fdf9834bafd66bf1841e2d4681ac48b2 7 | --- 8 | bonito/Android.bp | 24 ------------------- 9 | bonito/bonito-vendor.mk | 2 -- 10 | .../privapp-permissions-google-p.xml | 19 --------------- 11 | 3 files changed, 45 deletions(-) 12 | 13 | diff --git a/bonito/Android.bp b/bonito/Android.bp 14 | index 786221c..7de58f4 100644 15 | --- a/bonito/Android.bp 16 | +++ b/bonito/Android.bp 17 | @@ -231,30 +231,6 @@ android_app_import { 18 | product_specific: true, 19 | } 20 | 21 | -android_app_import { 22 | - name: "EuiccGoogle", 23 | - owner: "google", 24 | - apk: "proprietary/product/priv-app/EuiccGoogle/EuiccGoogle.apk", 25 | - presigned: true, 26 | - dex_preopt: { 27 | - enabled: false, 28 | - }, 29 | - privileged: true, 30 | - product_specific: true, 31 | -} 32 | - 33 | -android_app_import { 34 | - name: "EuiccSupportPixel", 35 | - owner: "google", 36 | - apk: "proprietary/product/priv-app/EuiccSupportPixel/EuiccSupportPixel.apk", 37 | - presigned: true, 38 | - dex_preopt: { 39 | - enabled: false, 40 | - }, 41 | - privileged: true, 42 | - product_specific: true, 43 | -} 44 | - 45 | android_app_import { 46 | name: "HotwordEnrollmentOKGoogleRT5514", 47 | owner: "google", 48 | diff --git a/bonito/bonito-vendor.mk b/bonito/bonito-vendor.mk 49 | index 4d5cd68..54bae0f 100644 50 | --- a/bonito/bonito-vendor.mk 51 | +++ b/bonito/bonito-vendor.mk 52 | @@ -139,8 +139,6 @@ PRODUCT_COPY_FILES += \ 53 | vendor/google/bonito/proprietary/product/lib64/libsecureuisvc_jni.so:$(TARGET_COPY_OUT_PRODUCT)/lib64/libsecureuisvc_jni.so \ 54 | vendor/google/bonito/proprietary/product/lib64/vendor.google.wifi_ext@1.0.so:$(TARGET_COPY_OUT_PRODUCT)/lib64/vendor.google.wifi_ext@1.0.so \ 55 | vendor/google/bonito/proprietary/product/lib64/vendor.qti.hardware.qdutils_disp@1.0.so:$(TARGET_COPY_OUT_PRODUCT)/lib64/vendor.qti.hardware.qdutils_disp@1.0.so \ 56 | - vendor/google/bonito/proprietary/product/priv-app/EuiccSupportPixel/esim-full-v0.img:$(TARGET_COPY_OUT_PRODUCT)/priv-app/EuiccSupportPixel/esim-full-v0.img \ 57 | - vendor/google/bonito/proprietary/product/priv-app/EuiccSupportPixel/esim-v1.img:$(TARGET_COPY_OUT_PRODUCT)/priv-app/EuiccSupportPixel/esim-v1.img \ 58 | vendor/google/bonito/proprietary/product/priv-app/MyVerizonServices/lib/arm64/libakuaf.so:$(TARGET_COPY_OUT_PRODUCT)/priv-app/MyVerizonServices/lib/arm64/libakuaf.so \ 59 | vendor/google/bonito/proprietary/product/priv-app/MyVerizonServices/lib/arm64/libmotricity.so:$(TARGET_COPY_OUT_PRODUCT)/priv-app/MyVerizonServices/lib/arm64/libmotricity.so \ 60 | vendor/google/bonito/proprietary/product/etc/cne/andsfCne.xml:$(TARGET_COPY_OUT_PRODUCT)/etc/cne/andsfCne.xml \ 61 | diff --git a/bonito/proprietary/product/etc/permissions/privapp-permissions-google-p.xml b/bonito/proprietary/product/etc/permissions/privapp-permissions-google-p.xml 62 | index 73c9506..d011cf3 100644 63 | --- a/bonito/proprietary/product/etc/permissions/privapp-permissions-google-p.xml 64 | +++ b/bonito/proprietary/product/etc/permissions/privapp-permissions-google-p.xml 65 | @@ -198,25 +198,6 @@ It allows additional grants on top of privapp-permissions-platform.xml 66 | 67 | 68 | 69 | - 70 | - 71 | - 72 | - 73 | - 74 | - 75 | - 76 | - 77 | - 78 | - 79 | - 80 | - 81 | - 82 | - 83 | - 84 | - 85 | - 86 | - 87 | - 88 | 89 | 90 | 91 | -- 92 | 2.20.1 93 | 94 | -------------------------------------------------------------------------------- /userscripts/unused_patches/test_patches/0001-Remove-esim-euicc-support-Crashes-carrier-services.patch: -------------------------------------------------------------------------------- 1 | From d4312a02666af34c0f7084b994d4adfe4c866aad Mon Sep 17 00:00:00 2001 2 | From: SolidHal 3 | Date: Fri, 20 Mar 2020 10:18:10 -0700 4 | Subject: [PATCH] Remove esim/euicc support. Crashes carrier services app if no 5 | gapps are used 6 | 7 | Change-Id: Iaee41ad6b35bc5096441530a7145ddf07a1a72c1 8 | --- 9 | bonito-proprietary-files.txt | 4 ---- 10 | device-lineage.mk | 4 ---- 11 | permissions/privapp-permissions-aosp-extended.xml | 11 ----------- 12 | 3 files changed, 19 deletions(-) 13 | 14 | diff --git a/bonito-proprietary-files.txt b/bonito-proprietary-files.txt 15 | index f8a33989..c9fb6596 100644 16 | --- a/bonito-proprietary-files.txt 17 | +++ b/bonito-proprietary-files.txt 18 | @@ -101,10 +101,6 @@ product/lib64/vendor.google.wifi_ext@1.0.so 19 | -product/priv-app/CarrierSettings/CarrierSettings.apk 20 | -product/priv-app/CarrierSetup/CarrierSetup.apk 21 | -product/priv-app/DMService/DMService.apk 22 | --product/priv-app/EuiccGoogle/EuiccGoogle.apk;PRESIGNED 23 | --product/priv-app/EuiccSupportPixel/EuiccSupportPixel.apk;PRESIGNED 24 | -product/priv-app/EuiccSupportPixel/esim-full-v0.img 25 | -product/priv-app/EuiccSupportPixel/esim-v1.img 26 | -product/priv-app/grilservice/grilservice.apk 27 | -product/priv-app/OemDmTrigger/OemDmTrigger.apk 28 | -product/priv-app/RilConfigService/RilConfigService.apk 29 | diff --git a/device-lineage.mk b/device-lineage.mk 30 | index 00b115f5..344beac8 100644 31 | --- a/device-lineage.mk 32 | +++ b/device-lineage.mk 33 | @@ -14,10 +14,6 @@ PRODUCT_PROPERTY_OVERRIDES += \ 34 | DEVICE_PACKAGE_OVERLAYS += device/google/bonito/overlay-lineage 35 | PRODUCT_ENFORCE_RRO_EXCLUDED_OVERLAYS += device/google/bonito/overlay-lineage/lineage-sdk 36 | 37 | -# EUICC 38 | -PRODUCT_COPY_FILES += \ 39 | - frameworks/native/data/etc/android.hardware.telephony.euicc.xml:system/etc/permissions/android.hardware.telephony.euicc.xml 40 | - 41 | # LiveDisplay 42 | PRODUCT_PACKAGES += \ 43 | vendor.lineage.livedisplay@2.0-service-sdm \ 44 | diff --git a/permissions/privapp-permissions-aosp-extended.xml b/permissions/privapp-permissions-aosp-extended.xml 45 | index 606095e2..60fb36be 100644 46 | --- a/permissions/privapp-permissions-aosp-extended.xml 47 | +++ b/permissions/privapp-permissions-aosp-extended.xml 48 | @@ -1,16 +1,5 @@ 49 | 50 | 51 | - 52 | - 53 | - 54 | - 55 | - 56 | - 57 | - 58 | - 59 | - 60 | - 61 | - 62 | 63 | 64 | 65 | -- 66 | 2.20.1 67 | 68 | -------------------------------------------------------------------------------- /userscripts/unused_patches/test_patches/0001-Revert-init-only-provide-control-message-results-for.patch: -------------------------------------------------------------------------------- 1 | From 4d6278bf0761befd1f96f900045e150c123075ff Mon Sep 17 00:00:00 2001 2 | From: SolidHal 3 | Date: Sun, 16 Feb 2020 21:12:42 -0800 4 | Subject: [PATCH 1/2] Revert "init: only provide control message results for 5 | devices launching > Q" 6 | 7 | This reverts commit 250a290dedabe55c72d790fca1ce311534b7bf18. 8 | --- 9 | init/property_service.cpp | 2 +- 10 | 1 file changed, 1 insertion(+), 1 deletion(-) 11 | 12 | diff --git a/init/property_service.cpp b/init/property_service.cpp 13 | index 65e9cda1c..7a229cc84 100644 14 | --- a/init/property_service.cpp 15 | +++ b/init/property_service.cpp 16 | @@ -409,7 +409,7 @@ static uint32_t SendControlMessage(const std::string& msg, const std::string& na 17 | // We must release the fd before sending it to init, otherwise there will be a race with init. 18 | // If init calls close() before Release(), then fdsan will see the wrong tag and abort(). 19 | int fd = -1; 20 | - if (socket != nullptr && SelinuxGetVendorAndroidVersion() > __ANDROID_API_Q__) { 21 | + if (socket != nullptr) { 22 | fd = socket->Release(); 23 | control_message->set_fd(fd); 24 | } 25 | -- 26 | 2.20.1 27 | 28 | -------------------------------------------------------------------------------- /userscripts/unused_patches/test_patches/0002-Revert-Reland-2-init-run-property-service-in-a-threa.patch: -------------------------------------------------------------------------------- 1 | From 2373647e22bfe899cf6c856e9179f03a45aa76a1 Mon Sep 17 00:00:00 2001 2 | From: SolidHal 3 | Date: Sun, 16 Feb 2020 21:13:26 -0800 4 | Subject: [PATCH 2/2] Revert "Reland^2: "init: run property service in a 5 | thread"" 6 | 7 | This reverts commit aa39415260171b8a5645a5c255330eb98e1de020. 8 | --- 9 | init/Android.bp | 1 - 10 | init/builtins.cpp | 25 +--- 11 | init/init.cpp | 67 +---------- 12 | init/init.h | 7 +- 13 | init/property_service.cpp | 221 ++++++++++++------------------------ 14 | init/property_service.h | 13 ++- 15 | init/property_service.proto | 44 ------- 16 | init/proto_utils.h | 62 ---------- 17 | init/reboot.cpp | 6 - 18 | init/subcontext.cpp | 64 ++++++++++- 19 | init/subcontext.proto | 6 + 20 | 11 files changed, 149 insertions(+), 367 deletions(-) 21 | delete mode 100644 init/property_service.proto 22 | delete mode 100644 init/proto_utils.h 23 | 24 | diff --git a/init/Android.bp b/init/Android.bp 25 | index 377a3740c..212ed57a9 100644 26 | --- a/init/Android.bp 27 | +++ b/init/Android.bp 28 | @@ -120,7 +120,6 @@ cc_library_static { 29 | "persistent_properties.cpp", 30 | "persistent_properties.proto", 31 | "property_service.cpp", 32 | - "property_service.proto", 33 | "property_type.cpp", 34 | "reboot.cpp", 35 | "reboot_utils.cpp", 36 | diff --git a/init/builtins.cpp b/init/builtins.cpp 37 | index 7db851ac6..855109601 100644 38 | --- a/init/builtins.cpp 39 | +++ b/init/builtins.cpp 40 | @@ -77,7 +77,6 @@ 41 | using namespace std::literals::string_literals; 42 | 43 | using android::base::Basename; 44 | -using android::base::StartsWith; 45 | using android::base::unique_fd; 46 | using android::fs_mgr::Fstab; 47 | using android::fs_mgr::ReadFstabFromFile; 48 | @@ -712,15 +711,6 @@ static Result do_swapon_all(const BuiltinArguments& args) { 49 | } 50 | 51 | static Result do_setprop(const BuiltinArguments& args) { 52 | - if (StartsWith(args[1], "ctl.")) { 53 | - return Error() 54 | - << "Cannot set ctl. properties from init; call the Service functions directly"; 55 | - } 56 | - if (args[1] == kRestoreconProperty) { 57 | - return Error() << "Cannot set '" << kRestoreconProperty 58 | - << "' from init; use the restorecon builtin directly"; 59 | - } 60 | - 61 | property_set(args[1], args[2]); 62 | return Success(); 63 | } 64 | @@ -1072,20 +1062,7 @@ static Result do_loglevel(const BuiltinArguments& args) { 65 | } 66 | 67 | static Result do_load_persist_props(const BuiltinArguments& args) { 68 | - // Devices with FDE have load_persist_props called twice; the first time when the temporary 69 | - // /data partition is mounted and then again once /data is truly mounted. We do not want to 70 | - // read persistent properties from the temporary /data partition or mark persistent properties 71 | - // as having been loaded during the first call, so we return in that case. 72 | - std::string crypto_state = android::base::GetProperty("ro.crypto.state", ""); 73 | - std::string crypto_type = android::base::GetProperty("ro.crypto.type", ""); 74 | - if (crypto_state == "encrypted" && crypto_type == "block") { 75 | - static size_t num_calls = 0; 76 | - if (++num_calls == 1) return Success(); 77 | - } 78 | - 79 | - SendLoadPersistentPropertiesMessage(); 80 | - 81 | - start_waiting_for_property("ro.persistent_properties.ready", "true"); 82 | + load_persist_props(); 83 | return Success(); 84 | } 85 | 86 | diff --git a/init/init.cpp b/init/init.cpp 87 | index 7be795ee0..1386eeb04 100644 88 | --- a/init/init.cpp 89 | +++ b/init/init.cpp 90 | @@ -28,9 +28,6 @@ 91 | #include 92 | #include 93 | 94 | -#define _REALLY_INCLUDE_SYS__SYSTEM_PROPERTIES_H_ 95 | -#include 96 | - 97 | #include 98 | #include 99 | #include 100 | @@ -63,13 +60,11 @@ 101 | #include "mount_handler.h" 102 | #include "mount_namespace.h" 103 | #include "property_service.h" 104 | -#include "proto_utils.h" 105 | #include "reboot.h" 106 | #include "reboot_utils.h" 107 | #include "security.h" 108 | #include "selinux.h" 109 | #include "sigchld_handler.h" 110 | -#include "system/core/init/property_service.pb.h" 111 | #include "util.h" 112 | 113 | using namespace std::chrono_literals; 114 | @@ -93,7 +88,6 @@ static char qemu[32]; 115 | std::string default_console = "/dev/console"; 116 | 117 | static int signal_fd = -1; 118 | -static int property_fd = -1; 119 | 120 | static std::unique_ptr waiting_for_prop(nullptr); 121 | static std::string wait_prop_name; 122 | @@ -623,60 +617,6 @@ static void UmountDebugRamdisk() { 123 | } 124 | } 125 | 126 | -void SendLoadPersistentPropertiesMessage() { 127 | - auto init_message = InitMessage{}; 128 | - init_message.set_load_persistent_properties(true); 129 | - if (auto result = SendMessage(property_fd, init_message); !result) { 130 | - LOG(ERROR) << "Failed to send load persistent properties message: " << result.error(); 131 | - } 132 | -} 133 | - 134 | -void SendStopSendingMessagesMessage() { 135 | - auto init_message = InitMessage{}; 136 | - init_message.set_stop_sending_messages(true); 137 | - if (auto result = SendMessage(property_fd, init_message); !result) { 138 | - LOG(ERROR) << "Failed to send load persistent properties message: " << result.error(); 139 | - } 140 | -} 141 | - 142 | -static void HandlePropertyFd() { 143 | - auto message = ReadMessage(property_fd); 144 | - if (!message) { 145 | - LOG(ERROR) << "Could not read message from property service: " << message.error(); 146 | - return; 147 | - } 148 | - 149 | - auto property_message = PropertyMessage{}; 150 | - if (!property_message.ParseFromString(*message)) { 151 | - LOG(ERROR) << "Could not parse message from property service"; 152 | - return; 153 | - } 154 | - 155 | - switch (property_message.msg_case()) { 156 | - case PropertyMessage::kControlMessage: { 157 | - auto& control_message = property_message.control_message(); 158 | - bool success = HandleControlMessage(control_message.msg(), control_message.name(), 159 | - control_message.pid()); 160 | - 161 | - uint32_t response = success ? PROP_SUCCESS : PROP_ERROR_HANDLE_CONTROL_MESSAGE; 162 | - if (control_message.has_fd()) { 163 | - int fd = control_message.fd(); 164 | - TEMP_FAILURE_RETRY(send(fd, &response, sizeof(response), 0)); 165 | - close(fd); 166 | - } 167 | - break; 168 | - } 169 | - case PropertyMessage::kChangedMessage: { 170 | - auto& changed_message = property_message.changed_message(); 171 | - property_changed(changed_message.name(), changed_message.value()); 172 | - break; 173 | - } 174 | - default: 175 | - LOG(ERROR) << "Unknown message type from property service: " 176 | - << property_message.msg_case(); 177 | - } 178 | -} 179 | - 180 | int SecondStageMain(int argc, char** argv) { 181 | if (REBOOT_BOOTLOADER_ON_PANIC) { 182 | InstallRebootSignalHandlers(); 183 | @@ -749,12 +689,7 @@ int SecondStageMain(int argc, char** argv) { 184 | UmountDebugRamdisk(); 185 | fs_mgr_vendor_overlay_mount_all(); 186 | export_oem_lock_status(); 187 | - 188 | - StartPropertyService(&property_fd); 189 | - if (auto result = epoll.RegisterHandler(property_fd, HandlePropertyFd); !result) { 190 | - LOG(FATAL) << "Could not register epoll handler for property fd: " << result.error(); 191 | - } 192 | - 193 | + StartPropertyService(&epoll); 194 | MountHandler mount_handler(&epoll); 195 | set_usb_controller(); 196 | 197 | diff --git a/init/init.h b/init/init.h 198 | index 0228ebdc0..90ead0edb 100644 199 | --- a/init/init.h 200 | +++ b/init/init.h 201 | @@ -40,15 +40,16 @@ extern std::vector late_import_paths; 202 | Parser CreateParser(ActionManager& action_manager, ServiceList& service_list); 203 | Parser CreateServiceOnlyParser(ServiceList& service_list); 204 | 205 | +bool HandleControlMessage(const std::string& msg, const std::string& arg, pid_t pid); 206 | + 207 | +void property_changed(const std::string& name, const std::string& value); 208 | + 209 | bool start_waiting_for_property(const char *name, const char *value); 210 | 211 | void DumpState(); 212 | 213 | void ResetWaitForProp(); 214 | 215 | -void SendLoadPersistentPropertiesMessage(); 216 | -void SendStopSendingMessagesMessage(); 217 | - 218 | int SecondStageMain(int argc, char** argv); 219 | 220 | } // namespace init 221 | diff --git a/init/property_service.cpp b/init/property_service.cpp 222 | index 7a229cc84..423e1d7fb 100644 223 | --- a/init/property_service.cpp 224 | +++ b/init/property_service.cpp 225 | @@ -42,7 +42,6 @@ 226 | #include 227 | #include 228 | #include 229 | -#include 230 | #include 231 | #include 232 | #include 233 | @@ -64,10 +63,8 @@ 234 | #include "init.h" 235 | #include "persistent_properties.h" 236 | #include "property_type.h" 237 | -#include "proto_utils.h" 238 | #include "selinux.h" 239 | #include "subcontext.h" 240 | -#include "system/core/init/property_service.pb.h" 241 | #include "util.h" 242 | #include "vendor_init.h" 243 | 244 | @@ -80,7 +77,6 @@ using android::base::StartsWith; 245 | using android::base::StringPrintf; 246 | using android::base::Timer; 247 | using android::base::Trim; 248 | -using android::base::unique_fd; 249 | using android::base::WriteStringToFile; 250 | using android::properties::BuildTrie; 251 | using android::properties::ParsePropertyInfoFile; 252 | @@ -90,13 +86,18 @@ using android::properties::PropertyInfoEntry; 253 | namespace android { 254 | namespace init { 255 | 256 | +static constexpr const char kRestoreconProperty[] = "selinux.restorecon_recursive"; 257 | + 258 | static bool persistent_properties_loaded = false; 259 | 260 | static int property_set_fd = -1; 261 | -static int init_socket = -1; 262 | 263 | static PropertyInfoAreaFile property_info_area; 264 | 265 | +uint32_t InitPropertySet(const std::string& name, const std::string& value); 266 | + 267 | +uint32_t (*property_set)(const std::string& name, const std::string& value) = InitPropertySet; 268 | + 269 | void CreateSerializedPropertyInfo(); 270 | 271 | struct PropertyAuditData { 272 | @@ -164,17 +165,6 @@ static bool CheckMacPerms(const std::string& name, const char* target_context, 273 | return has_access; 274 | } 275 | 276 | -static void SendPropertyChanged(const std::string& name, const std::string& value) { 277 | - auto property_msg = PropertyMessage{}; 278 | - auto* changed_message = property_msg.mutable_changed_message(); 279 | - changed_message->set_name(name); 280 | - changed_message->set_value(value); 281 | - 282 | - if (auto result = SendMessage(init_socket, property_msg); !result) { 283 | - LOG(ERROR) << "Failed to send property changed message: " << result.error(); 284 | - } 285 | -} 286 | - 287 | static uint32_t PropertySet(const std::string& name, const std::string& value, std::string* error) { 288 | size_t valuelen = value.size(); 289 | 290 | @@ -215,11 +205,7 @@ static uint32_t PropertySet(const std::string& name, const std::string& value, s 291 | if (persistent_properties_loaded && StartsWith(name, "persist.")) { 292 | WritePersistentProperty(name, value); 293 | } 294 | - // If init hasn't started its main loop, then it won't be handling property changed messages 295 | - // anyway, so there's no need to try to send them. 296 | - if (init_socket != -1) { 297 | - SendPropertyChanged(name, value); 298 | - } 299 | + property_changed(name, value); 300 | return PROP_SUCCESS; 301 | } 302 | 303 | @@ -259,10 +245,35 @@ class AsyncRestorecon { 304 | bool thread_started_ = false; 305 | }; 306 | 307 | +uint32_t InitPropertySet(const std::string& name, const std::string& value) { 308 | + if (StartsWith(name, "ctl.")) { 309 | + LOG(ERROR) << "InitPropertySet: Do not set ctl. properties from init; call the Service " 310 | + "functions directly"; 311 | + return PROP_ERROR_INVALID_NAME; 312 | + } 313 | + if (name == kRestoreconProperty) { 314 | + LOG(ERROR) << "InitPropertySet: Do not set '" << kRestoreconProperty 315 | + << "' from init; use the restorecon builtin directly"; 316 | + return PROP_ERROR_INVALID_NAME; 317 | + } 318 | + 319 | + uint32_t result = 0; 320 | + ucred cr = {.pid = 1, .uid = 0, .gid = 0}; 321 | + std::string error; 322 | + result = HandlePropertySet(name, value, kInitContext.c_str(), cr, &error); 323 | + if (result != PROP_SUCCESS) { 324 | + LOG(ERROR) << "Init cannot set '" << name << "' to '" << value << "': " << error; 325 | + } 326 | + 327 | + return result; 328 | +} 329 | + 330 | class SocketConnection { 331 | public: 332 | SocketConnection(int socket, const ucred& cred) : socket_(socket), cred_(cred) {} 333 | 334 | + ~SocketConnection() { close(socket_); } 335 | + 336 | bool RecvUint32(uint32_t* value, uint32_t* timeout_ms) { 337 | return RecvFully(value, sizeof(*value), timeout_ms); 338 | } 339 | @@ -299,9 +310,6 @@ class SocketConnection { 340 | } 341 | 342 | bool SendUint32(uint32_t value) { 343 | - if (socket_ == -1) { 344 | - return true; 345 | - } 346 | int result = TEMP_FAILURE_RETRY(send(socket_, &value, sizeof(value), 0)); 347 | return result == sizeof(value); 348 | } 349 | @@ -316,7 +324,7 @@ class SocketConnection { 350 | return true; 351 | } 352 | 353 | - [[nodiscard]] int Release() { return socket_.release(); } 354 | + int socket() { return socket_; } 355 | 356 | const ucred& cred() { return cred_; } 357 | 358 | @@ -387,46 +395,12 @@ class SocketConnection { 359 | return bytes_left == 0; 360 | } 361 | 362 | - unique_fd socket_; 363 | + int socket_; 364 | ucred cred_; 365 | 366 | DISALLOW_IMPLICIT_CONSTRUCTORS(SocketConnection); 367 | }; 368 | 369 | -static uint32_t SendControlMessage(const std::string& msg, const std::string& name, pid_t pid, 370 | - SocketConnection* socket, std::string* error) { 371 | - if (init_socket == -1) { 372 | - *error = "Received control message after shutdown, ignoring"; 373 | - return PROP_ERROR_HANDLE_CONTROL_MESSAGE; 374 | - } 375 | - 376 | - auto property_msg = PropertyMessage{}; 377 | - auto* control_message = property_msg.mutable_control_message(); 378 | - control_message->set_msg(msg); 379 | - control_message->set_name(name); 380 | - control_message->set_pid(pid); 381 | - 382 | - // We must release the fd before sending it to init, otherwise there will be a race with init. 383 | - // If init calls close() before Release(), then fdsan will see the wrong tag and abort(). 384 | - int fd = -1; 385 | - if (socket != nullptr) { 386 | - fd = socket->Release(); 387 | - control_message->set_fd(fd); 388 | - } 389 | - 390 | - if (auto result = SendMessage(init_socket, property_msg); !result) { 391 | - // We've already released the fd above, so if we fail to send the message to init, we need 392 | - // to manually free it here. 393 | - if (fd != -1) { 394 | - close(fd); 395 | - } 396 | - *error = "Failed to send control message: " + result.error_string(); 397 | - return PROP_ERROR_HANDLE_CONTROL_MESSAGE; 398 | - } 399 | - 400 | - return PROP_SUCCESS; 401 | -} 402 | - 403 | bool CheckControlPropertyPerms(const std::string& name, const std::string& value, 404 | const std::string& source_context, const ucred& cr) { 405 | // We check the legacy method first but these properties are dontaudit, so we only log an audit 406 | @@ -494,14 +468,15 @@ uint32_t CheckPermissions(const std::string& name, const std::string& value, 407 | 408 | // This returns one of the enum of PROP_SUCCESS or PROP_ERROR*. 409 | uint32_t HandlePropertySet(const std::string& name, const std::string& value, 410 | - const std::string& source_context, const ucred& cr, 411 | - SocketConnection* socket, std::string* error) { 412 | + const std::string& source_context, const ucred& cr, std::string* error) { 413 | if (auto ret = CheckPermissions(name, value, source_context, cr, error); ret != PROP_SUCCESS) { 414 | return ret; 415 | } 416 | 417 | if (StartsWith(name, "ctl.")) { 418 | - return SendControlMessage(name.c_str() + 4, value, cr.pid, socket, error); 419 | + return HandleControlMessage(name.c_str() + 4, value, cr.pid) 420 | + ? PROP_SUCCESS 421 | + : PROP_ERROR_HANDLE_CONTROL_MESSAGE; 422 | } 423 | 424 | // sys.powerctl is a special property that is used to make the device reboot. We want to log 425 | @@ -532,20 +507,6 @@ uint32_t HandlePropertySet(const std::string& name, const std::string& value, 426 | return PropertySet(name, value, error); 427 | } 428 | 429 | -uint32_t InitPropertySet(const std::string& name, const std::string& value) { 430 | - uint32_t result = 0; 431 | - ucred cr = {.pid = 1, .uid = 0, .gid = 0}; 432 | - std::string error; 433 | - result = HandlePropertySet(name, value, kInitContext.c_str(), cr, nullptr, &error); 434 | - if (result != PROP_SUCCESS) { 435 | - LOG(ERROR) << "Init cannot set '" << name << "' to '" << value << "': " << error; 436 | - } 437 | - 438 | - return result; 439 | -} 440 | - 441 | -uint32_t (*property_set)(const std::string& name, const std::string& value) = InitPropertySet; 442 | - 443 | static void handle_property_set_fd() { 444 | static constexpr uint32_t kDefaultSocketTimeout = 2000; /* ms */ 445 | 446 | @@ -594,8 +555,7 @@ static void handle_property_set_fd() { 447 | 448 | const auto& cr = socket.cred(); 449 | std::string error; 450 | - uint32_t result = 451 | - HandlePropertySet(prop_name, prop_value, source_context, cr, nullptr, &error); 452 | + uint32_t result = HandlePropertySet(prop_name, prop_value, source_context, cr, &error); 453 | if (result != PROP_SUCCESS) { 454 | LOG(ERROR) << "Unable to set property '" << prop_name << "' to '" << prop_value 455 | << "' from uid:" << cr.uid << " gid:" << cr.gid << " pid:" << cr.pid << ": " 456 | @@ -624,7 +584,7 @@ static void handle_property_set_fd() { 457 | 458 | const auto& cr = socket.cred(); 459 | std::string error; 460 | - uint32_t result = HandlePropertySet(name, value, source_context, cr, &socket, &error); 461 | + uint32_t result = HandlePropertySet(name, value, source_context, cr, &error); 462 | if (result != PROP_SUCCESS) { 463 | LOG(ERROR) << "Unable to set property '" << name << "' to '" << value 464 | << "' from uid:" << cr.uid << " gid:" << cr.gid << " pid:" << cr.pid << ": " 465 | @@ -788,6 +748,33 @@ static void load_override_properties() { 466 | } 467 | } 468 | 469 | +/* When booting an encrypted system, /data is not mounted when the 470 | + * property service is started, so any properties stored there are 471 | + * not loaded. Vold triggers init to load these properties once it 472 | + * has mounted /data. 473 | + */ 474 | +void load_persist_props(void) { 475 | + // Devices with FDE have load_persist_props called twice; the first time when the temporary 476 | + // /data partition is mounted and then again once /data is truly mounted. We do not want to 477 | + // read persistent properties from the temporary /data partition or mark persistent properties 478 | + // as having been loaded during the first call, so we return in that case. 479 | + std::string crypto_state = android::base::GetProperty("ro.crypto.state", ""); 480 | + std::string crypto_type = android::base::GetProperty("ro.crypto.type", ""); 481 | + if (crypto_state == "encrypted" && crypto_type == "block") { 482 | + static size_t num_calls = 0; 483 | + if (++num_calls == 1) return; 484 | + } 485 | + 486 | + load_override_properties(); 487 | + /* Read persistent properties after all default values have been loaded. */ 488 | + auto persistent_properties = LoadPersistentProperties(); 489 | + for (const auto& persistent_property_record : persistent_properties.properties()) { 490 | + property_set(persistent_property_record.name(), persistent_property_record.value()); 491 | + } 492 | + persistent_properties_loaded = true; 493 | + property_set("ro.persistent_properties.ready", "true"); 494 | +} 495 | + 496 | // If the ro.product.[brand|device|manufacturer|model|name] properties have not been explicitly 497 | // set, derive them from ro.product.${partition}.* properties 498 | static void property_initialize_ro_product_props() { 499 | @@ -1011,72 +998,9 @@ void CreateSerializedPropertyInfo() { 500 | selinux_android_restorecon(kPropertyInfosPath, 0); 501 | } 502 | 503 | -static void HandleInitSocket() { 504 | - auto message = ReadMessage(init_socket); 505 | - if (!message) { 506 | - LOG(ERROR) << "Could not read message from init_dedicated_recv_socket: " << message.error(); 507 | - return; 508 | - } 509 | - 510 | - auto init_message = InitMessage{}; 511 | - if (!init_message.ParseFromString(*message)) { 512 | - LOG(ERROR) << "Could not parse message from init"; 513 | - return; 514 | - } 515 | - 516 | - switch (init_message.msg_case()) { 517 | - case InitMessage::kLoadPersistentProperties: { 518 | - load_override_properties(); 519 | - // Read persistent properties after all default values have been loaded. 520 | - auto persistent_properties = LoadPersistentProperties(); 521 | - for (const auto& persistent_property_record : persistent_properties.properties()) { 522 | - InitPropertySet(persistent_property_record.name(), 523 | - persistent_property_record.value()); 524 | - } 525 | - InitPropertySet("ro.persistent_properties.ready", "true"); 526 | - persistent_properties_loaded = true; 527 | - break; 528 | - } 529 | - case InitMessage::kStopSendingMessages: { 530 | - init_socket = -1; 531 | - break; 532 | - } 533 | - default: 534 | - LOG(ERROR) << "Unknown message type from init: " << init_message.msg_case(); 535 | - } 536 | -} 537 | - 538 | -static void PropertyServiceThread() { 539 | - Epoll epoll; 540 | - if (auto result = epoll.Open(); !result) { 541 | - LOG(FATAL) << result.error(); 542 | - } 543 | - 544 | - if (auto result = epoll.RegisterHandler(property_set_fd, handle_property_set_fd); !result) { 545 | - LOG(FATAL) << result.error(); 546 | - } 547 | - 548 | - if (auto result = epoll.RegisterHandler(init_socket, HandleInitSocket); !result) { 549 | - LOG(FATAL) << result.error(); 550 | - } 551 | - 552 | - while (true) { 553 | - if (auto result = epoll.Wait(std::nullopt); !result) { 554 | - LOG(ERROR) << result.error(); 555 | - } 556 | - } 557 | -} 558 | - 559 | -void StartPropertyService(int* epoll_socket) { 560 | +void StartPropertyService(Epoll* epoll) { 561 | property_set("ro.property_service.version", "2"); 562 | 563 | - int sockets[2]; 564 | - if (socketpair(AF_UNIX, SOCK_SEQPACKET | SOCK_CLOEXEC, 0, sockets) != 0) { 565 | - PLOG(FATAL) << "Failed to socketpair() between property_service and init"; 566 | - } 567 | - *epoll_socket = sockets[0]; 568 | - init_socket = sockets[1]; 569 | - 570 | property_set_fd = CreateSocket(PROP_SERVICE_NAME, SOCK_STREAM | SOCK_CLOEXEC | SOCK_NONBLOCK, 571 | false, 0666, 0, 0, nullptr); 572 | if (property_set_fd == -1) { 573 | @@ -1085,12 +1009,9 @@ void StartPropertyService(int* epoll_socket) { 574 | 575 | listen(property_set_fd, 8); 576 | 577 | - std::thread{PropertyServiceThread}.detach(); 578 | - 579 | - property_set = [](const std::string& key, const std::string& value) -> uint32_t { 580 | - android::base::SetProperty(key, value); 581 | - return 0; 582 | - }; 583 | + if (auto result = epoll->RegisterHandler(property_set_fd, handle_property_set_fd); !result) { 584 | + PLOG(FATAL) << result.error(); 585 | + } 586 | } 587 | 588 | } // namespace init 589 | diff --git a/init/property_service.h b/init/property_service.h 590 | index 6a5553724..410cb68ac 100644 591 | --- a/init/property_service.h 592 | +++ b/init/property_service.h 593 | @@ -26,15 +26,18 @@ 594 | namespace android { 595 | namespace init { 596 | 597 | -static constexpr const char kRestoreconProperty[] = "selinux.restorecon_recursive"; 598 | - 599 | bool CanReadProperty(const std::string& source_context, const std::string& name); 600 | 601 | extern uint32_t (*property_set)(const std::string& name, const std::string& value); 602 | 603 | -void property_init(); 604 | -void property_load_boot_defaults(bool load_debug_prop); 605 | -void StartPropertyService(int* epoll_socket); 606 | +uint32_t HandlePropertySet(const std::string& name, const std::string& value, 607 | + const std::string& source_context, const ucred& cr, std::string* error); 608 | + 609 | +void property_init(void); 610 | +void property_load_boot_defaults(bool); 611 | +void load_persist_props(void); 612 | +void load_system_props(void); 613 | +void StartPropertyService(Epoll* epoll); 614 | 615 | } // namespace init 616 | } // namespace android 617 | diff --git a/init/property_service.proto b/init/property_service.proto 618 | deleted file mode 100644 619 | index ea454d402..000000000 620 | --- a/init/property_service.proto 621 | +++ /dev/null 622 | @@ -1,44 +0,0 @@ 623 | -/* 624 | - * Copyright (C) 2019 The Android Open Source Project 625 | - * 626 | - * Licensed under the Apache License, Version 2.0 (the "License"); 627 | - * you may not use this file except in compliance with the License. 628 | - * You may obtain a copy of the License at 629 | - * 630 | - * http://www.apache.org/licenses/LICENSE-2.0 631 | - * 632 | - * Unless required by applicable law or agreed to in writing, software 633 | - * distributed under the License is distributed on an "AS IS" BASIS, 634 | - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 635 | - * See the License for the specific language governing permissions and 636 | - * limitations under the License. 637 | - */ 638 | - 639 | -syntax = "proto2"; 640 | -option optimize_for = LITE_RUNTIME; 641 | - 642 | -message PropertyMessage { 643 | - message ControlMessage { 644 | - optional string msg = 1; 645 | - optional string name = 2; 646 | - optional int32 pid = 3; 647 | - optional int32 fd = 4; 648 | - } 649 | - 650 | - message ChangedMessage { 651 | - optional string name = 1; 652 | - optional string value = 2; 653 | - } 654 | - 655 | - oneof msg { 656 | - ControlMessage control_message = 1; 657 | - ChangedMessage changed_message = 2; 658 | - }; 659 | -} 660 | - 661 | -message InitMessage { 662 | - oneof msg { 663 | - bool load_persistent_properties = 1; 664 | - bool stop_sending_messages = 2; 665 | - }; 666 | -} 667 | diff --git a/init/proto_utils.h b/init/proto_utils.h 668 | deleted file mode 100644 669 | index 7a44021ba..000000000 670 | --- a/init/proto_utils.h 671 | +++ /dev/null 672 | @@ -1,62 +0,0 @@ 673 | -/* 674 | - * Copyright (C) 2019 The Android Open Source Project 675 | - * 676 | - * Licensed under the Apache License, Version 2.0 (the "License"); 677 | - * you may not use this file except in compliance with the License. 678 | - * You may obtain a copy of the License at 679 | - * 680 | - * http://www.apache.org/licenses/LICENSE-2.0 681 | - * 682 | - * Unless required by applicable law or agreed to in writing, software 683 | - * distributed under the License is distributed on an "AS IS" BASIS, 684 | - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 685 | - * See the License for the specific language governing permissions and 686 | - * limitations under the License. 687 | - */ 688 | - 689 | -#pragma once 690 | - 691 | -#include 692 | -#include 693 | - 694 | -#include 695 | - 696 | -#include "result.h" 697 | - 698 | -namespace android { 699 | -namespace init { 700 | - 701 | -constexpr size_t kBufferSize = 4096; 702 | - 703 | -inline Result ReadMessage(int socket) { 704 | - char buffer[kBufferSize] = {}; 705 | - auto result = TEMP_FAILURE_RETRY(recv(socket, buffer, sizeof(buffer), 0)); 706 | - if (result == 0) { 707 | - return Error(); 708 | - } else if (result < 0) { 709 | - return ErrnoError(); 710 | - } 711 | - return std::string(buffer, result); 712 | -} 713 | - 714 | -template 715 | -Result SendMessage(int socket, const T& message) { 716 | - std::string message_string; 717 | - if (!message.SerializeToString(&message_string)) { 718 | - return Error() << "Unable to serialize message"; 719 | - } 720 | - 721 | - if (message_string.size() > kBufferSize) { 722 | - return Error() << "Serialized message too long to send"; 723 | - } 724 | - 725 | - if (auto result = 726 | - TEMP_FAILURE_RETRY(send(socket, message_string.c_str(), message_string.size(), 0)); 727 | - result != static_cast(message_string.size())) { 728 | - return ErrnoError() << "send() failed to send message contents"; 729 | - } 730 | - return Success(); 731 | -} 732 | - 733 | -} // namespace init 734 | -} // namespace android 735 | diff --git a/init/reboot.cpp b/init/reboot.cpp 736 | index 3bd1bd661..5b9096930 100644 737 | --- a/init/reboot.cpp 738 | +++ b/init/reboot.cpp 739 | @@ -601,12 +601,6 @@ bool HandlePowerctlMessage(const std::string& command) { 740 | s->UnSetExec(); 741 | } 742 | 743 | - // We no longer process messages about properties changing coming from property service, so we 744 | - // need to tell property service to stop sending us these messages, otherwise it'll fill the 745 | - // buffers and block indefinitely, causing future property sets, including those that init makes 746 | - // during shutdown in Service::NotifyStateChange() to also block indefinitely. 747 | - SendStopSendingMessagesMessage(); 748 | - 749 | return true; 750 | } 751 | 752 | diff --git a/init/subcontext.cpp b/init/subcontext.cpp 753 | index 089e1c57f..092c51ceb 100644 754 | --- a/init/subcontext.cpp 755 | +++ b/init/subcontext.cpp 756 | @@ -18,16 +18,15 @@ 757 | 758 | #include 759 | #include 760 | +#include 761 | #include 762 | 763 | #include 764 | #include 765 | -#include 766 | #include 767 | #include 768 | 769 | #include "action.h" 770 | -#include "proto_utils.h" 771 | #include "util.h" 772 | 773 | #if defined(__ANDROID__) 774 | @@ -58,6 +57,45 @@ const char* const paths_and_secontexts[2][2] = { 775 | 776 | namespace { 777 | 778 | +constexpr size_t kBufferSize = 4096; 779 | + 780 | +Result ReadMessage(int socket) { 781 | + char buffer[kBufferSize] = {}; 782 | + auto result = TEMP_FAILURE_RETRY(recv(socket, buffer, sizeof(buffer), 0)); 783 | + if (result == 0) { 784 | + return Error(); 785 | + } else if (result < 0) { 786 | + return ErrnoError(); 787 | + } 788 | + return std::string(buffer, result); 789 | +} 790 | + 791 | +template 792 | +Result SendMessage(int socket, const T& message) { 793 | + std::string message_string; 794 | + if (!message.SerializeToString(&message_string)) { 795 | + return Error() << "Unable to serialize message"; 796 | + } 797 | + 798 | + if (message_string.size() > kBufferSize) { 799 | + return Error() << "Serialized message too long to send"; 800 | + } 801 | + 802 | + if (auto result = 803 | + TEMP_FAILURE_RETRY(send(socket, message_string.c_str(), message_string.size(), 0)); 804 | + result != static_cast(message_string.size())) { 805 | + return ErrnoError() << "send() failed to send message contents"; 806 | + } 807 | + return Success(); 808 | +} 809 | + 810 | +std::vector> properties_to_set; 811 | + 812 | +uint32_t SubcontextPropertySet(const std::string& name, const std::string& value) { 813 | + properties_to_set.emplace_back(name, value); 814 | + return 0; 815 | +} 816 | + 817 | class SubcontextProcess { 818 | public: 819 | SubcontextProcess(const KeywordFunctionMap* function_map, std::string context, int init_fd) 820 | @@ -91,6 +129,14 @@ void SubcontextProcess::RunCommand(const SubcontextCommand::ExecuteCommand& exec 821 | result = RunBuiltinFunction(map_result->second, args, context_); 822 | } 823 | 824 | + for (const auto& [name, value] : properties_to_set) { 825 | + auto property = reply->add_properties_to_set(); 826 | + property->set_name(name); 827 | + property->set_value(value); 828 | + } 829 | + 830 | + properties_to_set.clear(); 831 | + 832 | if (result) { 833 | reply->set_success(true); 834 | } else { 835 | @@ -176,10 +222,7 @@ int SubcontextMain(int argc, char** argv, const KeywordFunctionMap* function_map 836 | 837 | SelabelInitialize(); 838 | 839 | - property_set = [](const std::string& key, const std::string& value) -> uint32_t { 840 | - android::base::SetProperty(key, value); 841 | - return 0; 842 | - }; 843 | + property_set = SubcontextPropertySet; 844 | 845 | auto subcontext_process = SubcontextProcess(function_map, context, init_fd); 846 | subcontext_process.MainLoop(); 847 | @@ -266,6 +309,15 @@ Result Subcontext::Execute(const std::vector& args) { 848 | return subcontext_reply.error(); 849 | } 850 | 851 | + for (const auto& property : subcontext_reply->properties_to_set()) { 852 | + ucred cr = {.pid = pid_, .uid = 0, .gid = 0}; 853 | + std::string error; 854 | + if (HandlePropertySet(property.name(), property.value(), context_, cr, &error) != 0) { 855 | + LOG(ERROR) << "Subcontext init could not set '" << property.name() << "' to '" 856 | + << property.value() << "': " << error; 857 | + } 858 | + } 859 | + 860 | if (subcontext_reply->reply_case() == SubcontextReply::kFailure) { 861 | auto& failure = subcontext_reply->failure(); 862 | return ResultError(failure.error_string(), failure.error_errno()); 863 | diff --git a/init/subcontext.proto b/init/subcontext.proto 864 | index e68115e0e..c31f4fb68 100644 865 | --- a/init/subcontext.proto 866 | +++ b/init/subcontext.proto 867 | @@ -38,4 +38,10 @@ message SubcontextReply { 868 | Failure failure = 2; 869 | ExpandArgsReply expand_args_reply = 3; 870 | } 871 | + 872 | + message PropertyToSet { 873 | + optional string name = 1; 874 | + optional string value = 2; 875 | + } 876 | + repeated PropertyToSet properties_to_set = 4; 877 | } 878 | \ No newline at end of file 879 | -- 880 | 2.20.1 881 | 882 | -------------------------------------------------------------------------------- /userscripts/unused_patches/test_patches/disable-bluetooth-sap.patch: -------------------------------------------------------------------------------- 1 | diff --git a/overlay/packages/apps/Bluetooth/res/values/config.xml b/overlay/packages/apps/Bluetooth/res/values/config.xml 2 | index e4031055..2eaf05c0 100644 3 | --- a/overlay/packages/apps/Bluetooth/res/values/config.xml 4 | +++ b/overlay/packages/apps/Bluetooth/res/values/config.xml 5 | @@ -28,6 +28,6 @@ OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN 6 | IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 7 | --> 8 | 9 | - true 10 | + false 11 | true 12 | 13 | -------------------------------------------------------------------------------- /userscripts/unused_patches/test_patches/frameworks-changes.patch: -------------------------------------------------------------------------------- 1 | diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml 2 | index 7d45b963d87..04ee36a4d16 100644 3 | --- a/core/res/AndroidManifest.xml 4 | +++ b/core/res/AndroidManifest.xml 5 | @@ -2640,6 +2640,13 @@ 6 | android:description="@string/permdesc_getPackageSize" 7 | android:protectionLevel="normal" /> 8 | 9 | + 11 | + 15 | + 16 | 19 | diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml 20 | index bc53ad19dfa..1a4fe618859 100644 21 | --- a/core/res/res/values/config.xml 22 | +++ b/core/res/res/values/config.xml 23 | @@ -1872,6 +1872,8 @@ 24 | 25 | 26 | com.android.location.fused 27 | + 28 | + com.google.android.gms 29 | 30 | 31 | 32 | diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml 33 | index ae963ebec76..bb535016708 100644 34 | --- a/core/res/res/values/strings.xml 35 | +++ b/core/res/res/values/strings.xml 36 | @@ -831,6 +831,11 @@ 37 | 38 | 39 | 40 | + Spoof package signature 41 | + 42 | + Allows the app to pretend to be a different app. Malicious applications might be able to use this to access private application data. Legitimate uses include an emulator pretending to be what it emulates. Grant this permission with caution only! 43 | + 44 | + 45 | disable or modify status bar 46 | 47 | Allows the app to disable the status bar or add and remove system icons. 48 | diff --git a/services/core/java/com/android/server/ServiceWatcher.java b/services/core/java/com/android/server/ServiceWatcher.java 49 | index e3dc3b7a984..e0367d88891 100644 50 | --- a/services/core/java/com/android/server/ServiceWatcher.java 51 | +++ b/services/core/java/com/android/server/ServiceWatcher.java 52 | @@ -87,9 +87,8 @@ public class ServiceWatcher implements ServiceConnection { 53 | ArrayList> signatureSets = new ArrayList<>(packageNames.length); 54 | for (String packageName : packageNames) { 55 | try { 56 | - Signature[] signatures = pm.getPackageInfo(packageName, 57 | - PackageManager.MATCH_SYSTEM_ONLY 58 | - | PackageManager.GET_SIGNATURES).signatures; 59 | + Signature[] signatures = pm.getPackageInfo(packageName, PackageManager.GET_SIGNATURES).signatures; 60 | + 61 | 62 | HashSet set = new HashSet<>(); 63 | Collections.addAll(set, signatures); 64 | diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java 65 | index ef3d2015aa5..330f8a54b13 100644 66 | --- a/services/core/java/com/android/server/pm/PackageManagerService.java 67 | +++ b/services/core/java/com/android/server/pm/PackageManagerService.java 68 | @@ -4157,8 +4157,9 @@ public class PackageManagerService extends IPackageManager.Stub 69 | final Set permissions = ArrayUtils.isEmpty(p.requestedPermissions) 70 | ? Collections.emptySet() : permissionsState.getPermissions(userId); 71 | 72 | - PackageInfo packageInfo = PackageParser.generatePackageInfo(p, gids, flags, 73 | - ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId); 74 | + PackageInfo packageInfo = mayFakeSignature(p, PackageParser.generatePackageInfo(p, gids, flags, 75 | + ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId), 76 | + permissions); 77 | 78 | if (packageInfo == null) { 79 | return null; 80 | @@ -4194,6 +4195,24 @@ public class PackageManagerService extends IPackageManager.Stub 81 | } 82 | } 83 | 84 | + private PackageInfo mayFakeSignature(PackageParser.Package p, PackageInfo pi, 85 | + Set permissions) { 86 | + try { 87 | + if (permissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE") 88 | + && p.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1 89 | + && p.mAppMetaData != null) { 90 | + String sig = p.mAppMetaData.getString("fake-signature"); 91 | + if (sig != null) { 92 | + pi.signatures = new Signature[] {new Signature(sig)}; 93 | + } 94 | + } 95 | + } catch (Throwable t) { 96 | + // We should never die because of any failures, this is system code! 97 | + Log.w("PackageManagerService.FAKE_PACKAGE_SIGNATURE", t); 98 | + } 99 | + return pi; 100 | + } 101 | + 102 | @Override 103 | public void checkPackageStartable(String packageName, int userId) { 104 | final int callingUid = Binder.getCallingUid(); 105 | --------------------------------------------------------------------------------