nehemiah-zb/lineage_patches_unified
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Changes for March 2024

Browse Source
This commit is contained in:
Andy CrossGate Yan 2024-03-17 22:35:10 +08:00
parent cd8e39e830
commit e3b20ace1c
27 changed files with 652 additions and 36317 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
patches_platform/frameworks_base/0001-Disable-FP-lockouts-optionally.patch
View File

@ -1,4 +1,4 @@
From fdfbffda2815c0ac2270eae0efd0c31eb19e2dda Mon Sep 17 00:00:00 2001 From d893b5c1cedb6f2b2369a6d517ba6701484c3e3c Mon Sep 17 00:00:00 2001
From: AndyCGYan <GeForce8800Ultra@gmail.com> From: AndyCGYan <GeForce8800Ultra@gmail.com>
Date: Fri, 22 Mar 2019 00:41:20 +0800 Date: Fri, 22 Mar 2019 00:41:20 +0800
Subject: [PATCH 01/22] Disable FP lockouts optionally Subject: [PATCH 01/22] Disable FP lockouts optionally

6
patches_platform/frameworks_base/0002-Disable-vendor-mismatch-warning.patch
View File

@ -1,4 +1,4 @@
From f48a8e1bb482cde1c1e0a628aea218796586130a Mon Sep 17 00:00:00 2001 From ffdf0faddb6e152b67714077bf79fa9109312217 Mon Sep 17 00:00:00 2001
From: Andy CrossGate Yan <GeForce8800Ultra@gmail.com> From: Andy CrossGate Yan <GeForce8800Ultra@gmail.com>
Date: Thu, 5 Apr 2018 10:01:19 +0800 Date: Thu, 5 Apr 2018 10:01:19 +0800
Subject: [PATCH 02/22] Disable vendor mismatch warning Subject: [PATCH 02/22] Disable vendor mismatch warning
@ -9,10 +9,10 @@ Change-Id: Ieb8fe91e2f02462f074312ed0f4885d183e9780b
1 file changed, 2 insertions(+), 14 deletions(-) 1 file changed, 2 insertions(+), 14 deletions(-)
diff --git a/services/core/java/com/android/server/wm/ActivityTaskManagerService.java b/services/core/java/com/android/server/wm/ActivityTaskManagerService.java diff --git a/services/core/java/com/android/server/wm/ActivityTaskManagerService.java b/services/core/java/com/android/server/wm/ActivityTaskManagerService.java
index ca45e087b60c..1d1da07f2942 100644 index 98091148c5bf..1d03092cfc64 100644
--- a/services/core/java/com/android/server/wm/ActivityTaskManagerService.java --- a/services/core/java/com/android/server/wm/ActivityTaskManagerService.java
+++ b/services/core/java/com/android/server/wm/ActivityTaskManagerService.java +++ b/services/core/java/com/android/server/wm/ActivityTaskManagerService.java
@@ -5875,20 +5875,8 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub { @@ -5886,20 +5886,8 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub {
} }
if (!Build.isBuildConsistent()) { if (!Build.isBuildConsistent()) {

6
patches_platform/frameworks_base/0003-Keyguard-Fix-colors-of-slices-not-updating-on-doze.patch
View File

@ -1,4 +1,4 @@
From d8dea7b3e03976fa4ab292f3d6fdcae84e039196 Mon Sep 17 00:00:00 2001 From 13ecef904ab561f69164fcd716ff13174edb9172 Mon Sep 17 00:00:00 2001
From: Andy CrossGate Yan <GeForce8800Ultra@gmail.com> From: Andy CrossGate Yan <GeForce8800Ultra@gmail.com>
Date: Tue, 17 Jan 2023 17:19:19 +0000 Date: Tue, 17 Jan 2023 17:19:19 +0000
Subject: [PATCH 03/22] Keyguard: Fix colors of slices not updating on doze Subject: [PATCH 03/22] Keyguard: Fix colors of slices not updating on doze
@ -31,10 +31,10 @@ index f4c581552bc4..c0f983551877 100644
* Set which clock should be displayed on the keyguard. The other one will be automatically * Set which clock should be displayed on the keyguard. The other one will be automatically
* hidden. * hidden.
diff --git a/packages/SystemUI/src/com/android/systemui/shade/NotificationPanelViewController.java b/packages/SystemUI/src/com/android/systemui/shade/NotificationPanelViewController.java diff --git a/packages/SystemUI/src/com/android/systemui/shade/NotificationPanelViewController.java b/packages/SystemUI/src/com/android/systemui/shade/NotificationPanelViewController.java
index 1394c68ceeb7..6cb1da129b60 100644 index 673ce312618f..ad1804e9562e 100644
--- a/packages/SystemUI/src/com/android/systemui/shade/NotificationPanelViewController.java --- a/packages/SystemUI/src/com/android/systemui/shade/NotificationPanelViewController.java
+++ b/packages/SystemUI/src/com/android/systemui/shade/NotificationPanelViewController.java +++ b/packages/SystemUI/src/com/android/systemui/shade/NotificationPanelViewController.java
@@ -4422,6 +4422,7 @@ public final class NotificationPanelViewController implements Dumpable { @@ -4425,6 +4425,7 @@ public final class NotificationPanelViewController implements Dumpable {
public void onDozeAmountChanged(float linearAmount, float amount) { public void onDozeAmountChanged(float linearAmount, float amount) {
mInterpolatedDarkAmount = amount; mInterpolatedDarkAmount = amount;
mLinearDarkAmount = linearAmount; mLinearDarkAmount = linearAmount;

2
patches_platform/frameworks_base/0004-UI-Adjust-default-navbar-layouts.patch
View File

@ -1,4 +1,4 @@
From b92f1ca708133033601f8f0e70a872c5a30052df Mon Sep 17 00:00:00 2001 From 538a4a35df63db0ee0596662bb8964e536b7b0ed Mon Sep 17 00:00:00 2001
From: Andy CrossGate Yan <GeForce8800Ultra@gmail.com> From: Andy CrossGate Yan <GeForce8800Ultra@gmail.com>
Date: Sat, 16 Oct 2021 02:23:48 +0000 Date: Sat, 16 Oct 2021 02:23:48 +0000
Subject: [PATCH 04/22] UI: Adjust default navbar layouts Subject: [PATCH 04/22] UI: Adjust default navbar layouts

2
patches_platform/frameworks_base/0005-UI-Disable-wallpaper-zoom.patch
View File

@ -1,4 +1,4 @@
From 09662a87b7db9b520aa5f996c5b837717fadfdec Mon Sep 17 00:00:00 2001 From a296a678b65aadf9e7865bafac04a94da852c9e0 Mon Sep 17 00:00:00 2001
From: Andy CrossGate Yan <GeForce8800Ultra@gmail.com> From: Andy CrossGate Yan <GeForce8800Ultra@gmail.com>
Date: Sun, 10 Jan 2021 11:44:29 +0000 Date: Sun, 10 Jan 2021 11:44:29 +0000
Subject: [PATCH 05/22] UI: Disable wallpaper zoom Subject: [PATCH 05/22] UI: Disable wallpaper zoom

2
patches_platform/frameworks_base/0006-UI-Follow-Monet-and-light-dark-theme-in-user-1-icon.patch
View File

@ -1,4 +1,4 @@
From 6662339ff0a5507899d0f8bca883dbef8f748f1b Mon Sep 17 00:00:00 2001 From 6d6a5a9ffbb0028b4c9d30fc6129e58cdd7f49e4 Mon Sep 17 00:00:00 2001
From: Andy CrossGate Yan <GeForce8800Ultra@gmail.com> From: Andy CrossGate Yan <GeForce8800Ultra@gmail.com>
Date: Sun, 25 Sep 2022 02:20:52 +0000 Date: Sun, 25 Sep 2022 02:20:52 +0000
Subject: [PATCH 06/22] UI: Follow Monet and light/dark theme in user 1 icon Subject: [PATCH 06/22] UI: Follow Monet and light/dark theme in user 1 icon

2
patches_platform/frameworks_base/0007-UI-Increase-default-status-bar-height.patch
View File

@ -1,4 +1,4 @@
From 2249465d16cea6251df69dd13d331ed2fae270f0 Mon Sep 17 00:00:00 2001 From 90df0cb7c884014f7eb2beb7dcaec6e034538d93 Mon Sep 17 00:00:00 2001
From: Andy CrossGate Yan <GeForce8800Ultra@gmail.com> From: Andy CrossGate Yan <GeForce8800Ultra@gmail.com>
Date: Wed, 3 Jun 2020 01:31:34 +0000 Date: Wed, 3 Jun 2020 01:31:34 +0000
Subject: [PATCH 07/22] UI: Increase default status bar height Subject: [PATCH 07/22] UI: Increase default status bar height

2
patches_platform/frameworks_base/0008-UI-Remove-QS-footer-background.patch
View File

@ -1,4 +1,4 @@
From 380d8dff252dcde3b490cc3080bd56d2e3d21ec4 Mon Sep 17 00:00:00 2001 From d49dca61169377d8a07d0a19148f431adba94ba7 Mon Sep 17 00:00:00 2001
From: Andy CrossGate Yan <GeForce8800Ultra@gmail.com> From: Andy CrossGate Yan <GeForce8800Ultra@gmail.com>
Date: Sun, 25 Sep 2022 02:20:20 +0000 Date: Sun, 25 Sep 2022 02:20:20 +0000
Subject: [PATCH 08/22] UI: Remove QS footer background Subject: [PATCH 08/22] UI: Remove QS footer background

2
patches_platform/frameworks_base/0009-UI-Restore-split-screen-divider-to-pre-Sv2-looks.patch
View File

@ -1,4 +1,4 @@
From 9f047b03021034b2cb21e7b8c2845eb8dfd577d1 Mon Sep 17 00:00:00 2001 From 2e4761e20020c1e0624fa5b2e76a07fb63564f3b Mon Sep 17 00:00:00 2001
From: Andy CrossGate Yan <GeForce8800Ultra@gmail.com> From: Andy CrossGate Yan <GeForce8800Ultra@gmail.com>
Date: Sat, 19 Mar 2022 09:22:24 +0000 Date: Sat, 19 Mar 2022 09:22:24 +0000
Subject: [PATCH 09/22] UI: Restore split-screen divider to pre-Sv2 looks Subject: [PATCH 09/22] UI: Restore split-screen divider to pre-Sv2 looks

2
patches_platform/frameworks_base/0010-UI-Revive-navbar-layout-tuning-via-sysui_nav_bar-tun.patch
View File

@ -1,4 +1,4 @@
From 31f4647fa3e8662e372a3dacb08a64765f29915f Mon Sep 17 00:00:00 2001 From 42b0fe72055afc643d20629ef2b614ff0a744534 Mon Sep 17 00:00:00 2001
From: Andy CrossGate Yan <GeForce8800Ultra@gmail.com> From: Andy CrossGate Yan <GeForce8800Ultra@gmail.com>
Date: Tue, 6 Oct 2020 01:41:16 +0000 Date: Tue, 6 Oct 2020 01:41:16 +0000
Subject: [PATCH 10/22] UI: Revive navbar layout tuning via sysui_nav_bar Subject: [PATCH 10/22] UI: Revive navbar layout tuning via sysui_nav_bar

2
patches_platform/frameworks_base/0011-UI-Use-SNAP_FIXED_RATIO-for-multi-window-globally.patch
View File

@ -1,4 +1,4 @@
From d81745ad081c1e8bbabd346deb3fa5cb3b3a1017 Mon Sep 17 00:00:00 2001 From a5566575757350417b9eec5b5aa2f00febbd17f9 Mon Sep 17 00:00:00 2001
From: Andy CrossGate Yan <GeForce8800Ultra@gmail.com> From: Andy CrossGate Yan <GeForce8800Ultra@gmail.com>
Date: Sun, 26 Apr 2020 08:56:13 +0000 Date: Sun, 26 Apr 2020 08:56:13 +0000
Subject: [PATCH 11/22] UI: Use SNAP_FIXED_RATIO for multi-window globally Subject: [PATCH 11/22] UI: Use SNAP_FIXED_RATIO for multi-window globally

2
patches_platform/frameworks_base/0012-core-Remove-old-app-target-SDK-dialog.patch
View File

@ -1,4 +1,4 @@
From a1b87f1cc52bd1d906554b94657634976b9fb776 Mon Sep 17 00:00:00 2001 From ef1bad1d4c5f0f00d960423f3946bfaec846339f Mon Sep 17 00:00:00 2001
From: Danny Lin <danny@kdrag0n.dev> From: Danny Lin <danny@kdrag0n.dev>
Date: Tue, 3 Nov 2020 22:43:12 -0800 Date: Tue, 3 Nov 2020 22:43:12 -0800
Subject: [PATCH 12/22] core: Remove old app target SDK dialog Subject: [PATCH 12/22] core: Remove old app target SDK dialog

2
patches_platform/frameworks_base/0013-Paint-Enable-subpixel-text-positioning-by-default.patch
View File

@ -1,4 +1,4 @@
From 8b17b1dc3b1f373a0ae8a44d16a8adec599915b3 Mon Sep 17 00:00:00 2001 From 8f569b44cd1dbf6187be86e28d987f61cb74c89c Mon Sep 17 00:00:00 2001
From: Danny Lin <danny@kdrag0n.dev> From: Danny Lin <danny@kdrag0n.dev>
Date: Tue, 5 Oct 2021 21:01:50 -0700 Date: Tue, 5 Oct 2021 21:01:50 -0700
Subject: [PATCH 13/22] Paint: Enable subpixel text positioning by default Subject: [PATCH 13/22] Paint: Enable subpixel text positioning by default

163
patches_platform/frameworks_base/0014-Add-support-for-app-signature-spoofing.patch
View File

@ -1,163 +0,0 @@
From 482d15491c36aeb11a0e8b5c9a5205d389507034 Mon Sep 17 00:00:00 2001
From: Danny Lin <danny@kdrag0n.dev>
Date: Sat, 16 Oct 2021 05:27:57 -0700
Subject: [PATCH 14/22] Add support for app signature spoofing
This is needed by microG GmsCore to pretend to be the official Google
Play Services package, because client apps check the package signature
to make sure it matches Google's official certificate.
This was forward-ported from the Android 10 patch by gudenau:
https://github.com/microg/android_packages_apps_GmsCore/pull/957
Changes made for Android 11:
- Updated PackageInfo calls
- Added new permission to public API surface, needed for
PermissionController which is now an updatable APEX on 11
- Added a dummy permission group to allow users to manage the
permission through the PermissionController UI
(by Vachounet <vachounet@live.fr>)
- Updated location provider comment for conciseness
Changes made for Android 12:
- Moved mayFakeSignature into lock-free Computer subclass
- Always get permissions for packages that request signature spoofing
(otherwise permissions are usually ommitted and thus the permission
check doesn't work properly)
- Optimize mayFakeSignature check order to improve performance
Changes made for Android 13:
- Computer subclass is now an independent class.
Change-Id: Ied7d6ce0b83a2d2345c3abba0429998d86494a88
---
core/api/current.txt | 2 ++
core/res/AndroidManifest.xml | 15 ++++++++++
core/res/res/values/strings.xml | 12 ++++++++
.../com/android/server/pm/ComputerEngine.java | 30 +++++++++++++++++--
4 files changed, 56 insertions(+), 3 deletions(-)
diff --git a/core/api/current.txt b/core/api/current.txt
index 487e57d114c9..04e69741b9fd 100644
--- a/core/api/current.txt
+++ b/core/api/current.txt
@@ -87,6 +87,7 @@ package android {
field public static final String DUMP = "android.permission.DUMP";
field public static final String EXPAND_STATUS_BAR = "android.permission.EXPAND_STATUS_BAR";
field public static final String FACTORY_TEST = "android.permission.FACTORY_TEST";
+ field public static final String FAKE_PACKAGE_SIGNATURE = "android.permission.FAKE_PACKAGE_SIGNATURE";
field public static final String FOREGROUND_SERVICE = "android.permission.FOREGROUND_SERVICE";
field public static final String GET_ACCOUNTS = "android.permission.GET_ACCOUNTS";
field public static final String GET_ACCOUNTS_PRIVILEGED = "android.permission.GET_ACCOUNTS_PRIVILEGED";
@@ -222,6 +223,7 @@ package android {
field public static final String CALL_LOG = "android.permission-group.CALL_LOG";
field public static final String CAMERA = "android.permission-group.CAMERA";
field public static final String CONTACTS = "android.permission-group.CONTACTS";
+ field public static final String FAKE_PACKAGE = "android.permission-group.FAKE_PACKAGE";
field public static final String LOCATION = "android.permission-group.LOCATION";
field public static final String MICROPHONE = "android.permission-group.MICROPHONE";
field public static final String NEARBY_DEVICES = "android.permission-group.NEARBY_DEVICES";
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index bbc3a7369423..af04d9d18fbd 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -3577,6 +3577,21 @@
android:description="@string/permdesc_getPackageSize"
android:protectionLevel="normal" />
+ <!-- Dummy user-facing group for faking package signature -->
+ <permission-group android:name="android.permission-group.FAKE_PACKAGE"
+ android:label="@string/permgrouplab_fake_package_signature"
+ android:description="@string/permgroupdesc_fake_package_signature"
+ android:request="@string/permgrouprequest_fake_package_signature"
+ android:priority="100" />
+
+ <!-- Allows an application to change the package signature as
+ seen by applications -->
+ <permission android:name="android.permission.FAKE_PACKAGE_SIGNATURE"
+ android:permissionGroup="android.permission-group.UNDEFINED"
+ android:protectionLevel="signature|privileged"
+ android:label="@string/permlab_fakePackageSignature"
+ android:description="@string/permdesc_fakePackageSignature" />
+
<!-- @deprecated No longer useful, see
{@link android.content.pm.PackageManager#addPackageToPreferred}
for details. -->
diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
index 2091c0502b6f..6888edcf7d3c 100644
--- a/core/res/res/values/strings.xml
+++ b/core/res/res/values/strings.xml
@@ -982,6 +982,18 @@
<!-- Permissions -->
+ <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
+ <string name="permlab_fakePackageSignature">Spoof package signature</string>
+ <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
+ <string name="permdesc_fakePackageSignature">Allows the app to pretend to be a different app. Malicious applications might be able to use this to access private application data. Legitimate uses include an emulator pretending to be what it emulates. Grant this permission with caution only!</string>
+ <!-- Title of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
+ <string name="permgrouplab_fake_package_signature">Spoof package signature</string>
+ <!-- Description of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
+ <string name="permgroupdesc_fake_package_signature">allow to spoof package signature</string>
+ <!-- Message shown to the user when the apps requests permission from this group. If ever possible this should stay below 80 characters (assuming the parameters takes 20 characters). Don't abbreviate until the message reaches 120 characters though. [CHAR LIMIT=120] -->
+ <string name="permgrouprequest_fake_package_signature">Allow
+ &lt;b><xliff:g id="app_name" example="Gmail">%1$s</xliff:g>&lt;/b> to spoof package signature?</string>
+
<!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
<string name="permlab_statusBar">disable or modify status bar</string>
<!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
diff --git a/services/core/java/com/android/server/pm/ComputerEngine.java b/services/core/java/com/android/server/pm/ComputerEngine.java
index 46b7460dff1b..40549962436f 100644
--- a/services/core/java/com/android/server/pm/ComputerEngine.java
+++ b/services/core/java/com/android/server/pm/ComputerEngine.java
@@ -1603,6 +1603,29 @@ public class ComputerEngine implements Computer {
return result;
}
+ private boolean requestsFakeSignature(AndroidPackage p) {
+ return p.getMetaData() != null &&
+ p.getMetaData().getString("fake-signature") != null;
+ }
+
+ private PackageInfo mayFakeSignature(AndroidPackage p, PackageInfo pi,
+ Set<String> permissions) {
+ try {
+ if (p.getMetaData() != null &&
+ p.getTargetSdkVersion() > Build.VERSION_CODES.LOLLIPOP_MR1) {
+ String sig = p.getMetaData().getString("fake-signature");
+ if (sig != null &&
+ permissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE")) {
+ pi.signatures = new Signature[] {new Signature(sig)};
+ }
+ }
+ } catch (Throwable t) {
+ // We should never die because of any failures, this is system code!
+ Log.w("PackageManagerService.FAKE_PACKAGE_SIGNATURE", t);
+ }
+ return pi;
+ }
+
public final PackageInfo generatePackageInfo(PackageStateInternal ps,
@PackageManager.PackageInfoFlagsBits long flags, int userId) {
if (!mUserManager.exists(userId)) return null;
@@ -1632,13 +1655,14 @@ public class ComputerEngine implements Computer {
final int[] gids = (flags & PackageManager.GET_GIDS) == 0 ? EMPTY_INT_ARRAY
: mPermissionManager.getGidsForUid(UserHandle.getUid(userId, ps.getAppId()));
// Compute granted permissions only if package has requested permissions
- final Set<String> permissions = ((flags & PackageManager.GET_PERMISSIONS) == 0
+ final Set<String> permissions = (((flags & PackageManager.GET_PERMISSIONS) == 0
+ && !requestsFakeSignature(p))
|| ArrayUtils.isEmpty(p.getRequestedPermissions())) ? Collections.emptySet()
: mPermissionManager.getGrantedPermissions(ps.getPackageName(), userId);
- PackageInfo packageInfo = PackageInfoUtils.generate(p, gids, flags,
+ PackageInfo packageInfo = mayFakeSignature(p, PackageInfoUtils.generate(p, gids, flags,
state.getFirstInstallTime(), ps.getLastUpdateTime(), permissions, state, userId,
- ps);
+ ps), permissions);
if (packageInfo == null) {
return null;
--
2.34.1

28
patches_platform/frameworks_base/0014-Remove-debuggable-requirement-for-signature-spoofing.patch Normal file
View File

@ -0,0 +1,28 @@
From e899e501d403be5c654356d3e7830fb113468a06 Mon Sep 17 00:00:00 2001
From: Andy CrossGate Yan <GeForce8800Ultra@gmail.com>
Date: Sun, 17 Mar 2024 17:10:38 +0800
Subject: [PATCH 14/22] Remove debuggable requirement for signature spoofing
Change-Id: I8d637ddbbd117a9c5b1d9c5e462b0f4b30d98333
---
services/core/java/com/android/server/pm/ComputerEngine.java | 4 ----
1 file changed, 4 deletions(-)
diff --git a/services/core/java/com/android/server/pm/ComputerEngine.java b/services/core/java/com/android/server/pm/ComputerEngine.java
index 63e3deffe97a..f6a5a7d4beec 100644
--- a/services/core/java/com/android/server/pm/ComputerEngine.java
+++ b/services/core/java/com/android/server/pm/ComputerEngine.java
@@ -1612,10 +1612,6 @@ public class ComputerEngine implements Computer {
private static native boolean isDebuggable();
public static boolean isMicrogSigned(AndroidPackage p) {
- if (!isDebuggable()) {
- return false;
- }
-
// Allowlist the following apps:
// * com.android.vending - microG Companion
// * com.google.android.gms - microG Services
--
2.34.1

2
patches_platform/frameworks_base/0015-Spoof-product-name-for-Google-Play-Services.patch
View File

@ -1,4 +1,4 @@
From db27d27f48658841c6a74e55f543f417ddb16e76 Mon Sep 17 00:00:00 2001 From ee6873d2d3a1de9850c8076ae4436de789a131e4 Mon Sep 17 00:00:00 2001
From: Danny Lin <danny@kdrag0n.dev> From: Danny Lin <danny@kdrag0n.dev>
Date: Mon, 11 Oct 2021 19:59:51 -0700 Date: Mon, 11 Oct 2021 19:59:51 -0700
Subject: [PATCH 15/22] Spoof product name for Google Play Services Subject: [PATCH 15/22] Spoof product name for Google Play Services

2
patches_platform/frameworks_base/0016-keystore-Block-key-attestation-for-SafetyNet.patch
View File

@ -1,4 +1,4 @@
From dc4bd0f140c6946e01e0a3c31bfc71c884138981 Mon Sep 17 00:00:00 2001 From e065f29eb6d625f9fd7a2cbd7e12fe49bde437ab Mon Sep 17 00:00:00 2001
From: Danny Lin <danny@kdrag0n.dev> From: Danny Lin <danny@kdrag0n.dev>
Date: Mon, 11 Oct 2021 20:00:44 -0700 Date: Mon, 11 Oct 2021 20:00:44 -0700
Subject: [PATCH 16/22] keystore: Block key attestation for SafetyNet Subject: [PATCH 16/22] keystore: Block key attestation for SafetyNet

2
patches_platform/frameworks_base/0017-Limit-SafetyNet-workarounds-to-unstable-GMS-process.patch
View File

@ -1,4 +1,4 @@
From 05bc5fa10b4e2ebc539c32db04abbc995906ff05 Mon Sep 17 00:00:00 2001 From b5749dfcd4609d8e1da94bf3955b1f57206d68ce Mon Sep 17 00:00:00 2001
From: Danny Lin <danny@kdrag0n.dev> From: Danny Lin <danny@kdrag0n.dev>
Date: Mon, 1 Nov 2021 20:06:48 -0700 Date: Mon, 1 Nov 2021 20:06:48 -0700
Subject: [PATCH 17/22] Limit SafetyNet workarounds to unstable GMS process Subject: [PATCH 17/22] Limit SafetyNet workarounds to unstable GMS process

2
patches_platform/frameworks_base/0018-gmscompat-Apply-the-SafetyNet-workaround-to-Play-Sto.patch
View File

@ -1,4 +1,4 @@
From ace6036332743c6f1a5614b2fd573464ddbffef7 Mon Sep 17 00:00:00 2001 From 610a08dd91e00c97f96ea3591e39075279b0ed63 Mon Sep 17 00:00:00 2001
From: Dyneteve <dyneteve@hentaios.com> From: Dyneteve <dyneteve@hentaios.com>
Date: Tue, 23 Aug 2022 18:57:05 +0200 Date: Tue, 23 Aug 2022 18:57:05 +0200
Subject: [PATCH 18/22] gmscompat: Apply the SafetyNet workaround to Play Store Subject: [PATCH 18/22] gmscompat: Apply the SafetyNet workaround to Play Store

2
patches_platform/frameworks_base/0019-gmscompat-Use-Nexus-6P-fingerprint-for-CTS-Integrity.patch
View File

@ -1,4 +1,4 @@
From d67897a23c6e182294d6a6d137d7ccc430a1abe0 Mon Sep 17 00:00:00 2001 From 408575a46fdc4defebe1fd5007ca93414811d56f Mon Sep 17 00:00:00 2001
From: Dyneteve <dyneteve@hentaios.com> From: Dyneteve <dyneteve@hentaios.com>
Date: Thu, 8 Sep 2022 14:39:52 +0200 Date: Thu, 8 Sep 2022 14:39:52 +0200
Subject: [PATCH 19/22] gmscompat: Use Nexus 6P fingerprint for CTS/Integrity Subject: [PATCH 19/22] gmscompat: Use Nexus 6P fingerprint for CTS/Integrity

2
patches_platform/frameworks_base/0020-gmscompat-Use-actual-device-model-name.patch
View File

@ -1,4 +1,4 @@
From 7893f246007a1989420583ab8728a5ced89e944d Mon Sep 17 00:00:00 2001 From 68768e51898fb5ce2a33bf71e0d8aa7ca4b11ef8 Mon Sep 17 00:00:00 2001
From: Dyneteve <dyneteve@hentaios.com> From: Dyneteve <dyneteve@hentaios.com>
Date: Tue, 6 Dec 2022 15:59:08 +0100 Date: Tue, 6 Dec 2022 15:59:08 +0100
Subject: [PATCH 20/22] gmscompat: Use actual device model name Subject: [PATCH 20/22] gmscompat: Use actual device model name

2
patches_platform/frameworks_base/0021-gmscompat-Set-shipping-level-to-32-for-devices-33.patch
View File

@ -1,4 +1,4 @@
From dd5e4484df6868958941773ac310396b281e5ceb Mon Sep 17 00:00:00 2001 From b9bd0ca2011b6b36a6ce46f5585d1a27ea368868 Mon Sep 17 00:00:00 2001
From: Anirudh Gupta <anirudhgupta109@aosip.dev> From: Anirudh Gupta <anirudhgupta109@aosip.dev>
Date: Wed, 4 Jan 2023 18:20:56 +0000 Date: Wed, 4 Jan 2023 18:20:56 +0000
Subject: [PATCH 21/22] gmscompat: Set shipping level to 32 for devices >=33 Subject: [PATCH 21/22] gmscompat: Set shipping level to 32 for devices >=33

2
patches_platform/frameworks_base/0022-gmscompat-Make-CTS-Play-Integrity-pass-again.patch
View File

@ -1,4 +1,4 @@
From 4ffed064b21d9662631ee70d20dfd8441fcec574 Mon Sep 17 00:00:00 2001 From 2294242196f5d82cdc929dfb0174ae08d4e67d85 Mon Sep 17 00:00:00 2001
From: Dyneteve <dyneteve@hentaios.com> From: Dyneteve <dyneteve@hentaios.com>
Date: Wed, 8 Feb 2023 15:21:01 +0000 Date: Wed, 8 Feb 2023 15:21:01 +0000
Subject: [PATCH 22/22] gmscompat: Make CTS/Play Integrity pass again Subject: [PATCH 22/22] gmscompat: Make CTS/Play Integrity pass again

309
patches_treble/packages_apps_Settings/0001-Revert-Wi-Fi-Remove-Do-not-validate-option-in-CA-cer.patch Normal file
View File

@ -0,0 +1,309 @@
From f68ae539a97bd8f1ec566a34cf68f5ee4a14af00 Mon Sep 17 00:00:00 2001
From: TogoFire <italomellopereira@gmail.com>
Date: Fri, 6 Aug 2021 08:54:07 -0300
Subject: [PATCH 1/2] Revert "[Wi-Fi] Remove 'Do not validate' option in CA
certificate spinner"
This is not a definitive fix, so revert it. WPA2-Enterprise (802.1X) or
WPA2-PSK.
[xawlw]:
- Sometimes we can't connect to some Enterprise WiFi networks because we
don't know its domain so let's revert this 'Security' feature
- Read more about it here:
https://www.xda-developers.com/android-11-break-enterprise-wifi-connection/
This reverts commit 33cde5dbeee934269f16d72e26e651d56a13733e.
This reverts commit 94b8579607c6f1201cea9d6601e88cec897b2ff6.
Signed-off-by: TogoFire <italomellopereira@gmail.com>
Signed-off-by: xawlw <abdulazizawlw@gmail.com>
Change-Id: I3cec92b74a419b5463c5e5db496863e66d034703
---
res/layout/wifi_network_config.xml | 12 +++++++
res/values/custom_strings.xml | 5 +++
.../settings/wifi/WifiConfigController.java | 33 +++++++++++++------
.../settings/wifi/WifiConfigController2.java | 33 +++++++++++++------
4 files changed, 63 insertions(+), 20 deletions(-)
create mode 100644 res/values/custom_strings.xml
diff --git a/res/layout/wifi_network_config.xml b/res/layout/wifi_network_config.xml
index f91f7385c1..e7b8df3c2a 100644
--- a/res/layout/wifi_network_config.xml
+++ b/res/layout/wifi_network_config.xml
@@ -206,6 +206,18 @@
android:entries="@array/eap_ocsp_type"/>
</LinearLayout>
+ <LinearLayout android:id="@+id/no_ca_cert_warning"
+ android:layout_width="match_parent"
+ android:layout_height="wrap_content"
+ android:visibility="gone"
+ style="@style/wifi_item" >
+ <TextView
+ android:layout_width="wrap_content"
+ android:layout_height="wrap_content"
+ style="@style/wifi_item_warning"
+ android:text="@string/wifi_do_not_validate_eap_server_warning" />
+ </LinearLayout>
+
<LinearLayout android:id="@+id/l_domain"
android:layout_width="match_parent"
android:layout_height="wrap_content"
diff --git a/res/values/custom_strings.xml b/res/values/custom_strings.xml
new file mode 100644
index 0000000000..14462c36a4
--- /dev/null
+++ b/res/values/custom_strings.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="utf-8"?>
+<resources xmlns:xliff="urn:oasis:names:tc:xliff:document:1.2">
+ <!-- Warning message displayed if user choses not to validate the EAP server -->
+ <string name="wifi_do_not_validate_eap_server_warning">No certificate specified. Your connection will not be private.</string>
+</resources>
\ No newline at end of file
diff --git a/src/com/android/settings/wifi/WifiConfigController.java b/src/com/android/settings/wifi/WifiConfigController.java
index 0c063db8a7..306576d102 100644
--- a/src/com/android/settings/wifi/WifiConfigController.java
+++ b/src/com/android/settings/wifi/WifiConfigController.java
@@ -166,6 +166,7 @@ public class WifiConfigController implements TextWatcher,
private String mMultipleCertSetString;
private String mUseSystemCertsString;
private String mDoNotProvideEapUserCertString;
+ private String mDoNotValidateEapServerString;
private Spinner mSecuritySpinner;
@VisibleForTesting Spinner mEapMethodSpinner;
@@ -272,6 +273,8 @@ public class WifiConfigController implements TextWatcher,
mUseSystemCertsString = mContext.getString(R.string.wifi_use_system_certs);
mDoNotProvideEapUserCertString =
mContext.getString(R.string.wifi_do_not_provide_eap_user_cert);
+ mDoNotValidateEapServerString =
+ mContext.getString(R.string.wifi_do_not_validate_eap_server);
mSsidScanButton = (ImageButton) mView.findViewById(R.id.ssid_scanner_button);
mIpSettingsSpinner = (Spinner) mView.findViewById(R.id.ip_settings);
@@ -544,7 +547,8 @@ public class WifiConfigController implements TextWatcher,
// Disallow submit if the user has not selected a CA certificate for an EAP network
// configuration.
enabled = false;
- } else if (mEapDomainView != null
+ } else if (!caCertSelection.equals(mDoNotValidateEapServerString)
+ && mEapDomainView != null
&& mView.findViewById(R.id.l_domain).getVisibility() != View.GONE
&& TextUtils.isEmpty(mEapDomainView.getText().toString())) {
// Disallow submit if the user chooses to use a certificate for EAP server
@@ -566,6 +570,7 @@ public class WifiConfigController implements TextWatcher,
}
void showWarningMessagesIfAppropriate() {
+ mView.findViewById(R.id.no_ca_cert_warning).setVisibility(View.GONE);
mView.findViewById(R.id.no_user_cert_warning).setVisibility(View.GONE);
mView.findViewById(R.id.no_domain_warning).setVisibility(View.GONE);
mView.findViewById(R.id.ssid_too_long_warning).setVisibility(View.GONE);
@@ -578,7 +583,13 @@ public class WifiConfigController implements TextWatcher,
}
if (mEapCaCertSpinner != null
&& mView.findViewById(R.id.l_ca_cert).getVisibility() != View.GONE) {
- if (mEapDomainView != null
+ String caCertSelection = (String) mEapCaCertSpinner.getSelectedItem();
+ if (caCertSelection.equals(mDoNotValidateEapServerString)) {
+ // Display warning if user chooses not to validate the EAP server with a
+ // user-supplied CA certificate in an EAP network configuration.
+ mView.findViewById(R.id.no_ca_cert_warning).setVisibility(View.VISIBLE);
+ } else if (!caCertSelection.equals(mUnspecifiedCertString)
+ && mEapDomainView != null
&& mView.findViewById(R.id.l_domain).getVisibility() != View.GONE
&& TextUtils.isEmpty(mEapDomainView.getText().toString())) {
// Display warning if user chooses to use a certificate without restricting the
@@ -719,7 +730,8 @@ public class WifiConfigController implements TextWatcher,
config.enterpriseConfig.setCaCertificateAliases(null);
config.enterpriseConfig.setCaPath(null);
config.enterpriseConfig.setDomainSuffixMatch(mEapDomainView.getText().toString());
- if (caCert.equals(mUnspecifiedCertString)) {
+ if (caCert.equals(mUnspecifiedCertString)
+ || caCert.equals(mDoNotValidateEapServerString)) {
// ca_cert already set to null, so do nothing.
} else if (caCert.equals(mUseSystemCertsString)) {
config.enterpriseConfig.setCaPath(SYSTEM_CA_STORE_PATH);
@@ -753,7 +765,8 @@ public class WifiConfigController implements TextWatcher,
}
// Only set OCSP option if there is a valid CA certificate.
- if (caCert.equals(mUnspecifiedCertString)) {
+ if (caCert.equals(mUnspecifiedCertString)
+ || caCert.equals(mDoNotValidateEapServerString)) {
config.enterpriseConfig.setOcsp(WifiEnterpriseConfig.OCSP_NONE);
} else {
config.enterpriseConfig.setOcsp(mEapOcspSpinner.getSelectedItemPosition());
@@ -1057,7 +1070,7 @@ public class WifiConfigController implements TextWatcher,
loadCertificates(
mEapCaCertSpinner,
androidKeystoreAliasLoader.getCaCertAliases(),
- null /* noCertificateString */,
+ mDoNotValidateEapServerString /* noCertificateString */,
false /* showMultipleCerts */,
true /* showUsePreinstalledCertOption */);
loadCertificates(
@@ -1141,7 +1154,7 @@ public class WifiConfigController implements TextWatcher,
} else {
String[] caCerts = enterpriseConfig.getCaCertificateAliases();
if (caCerts == null) {
- setSelection(mEapCaCertSpinner, mUnspecifiedCertString);
+ setSelection(mEapCaCertSpinner, mDoNotValidateEapServerString);
} else if (caCerts.length == 1) {
setSelection(mEapCaCertSpinner, caCerts[0]);
} else {
@@ -1152,7 +1165,7 @@ public class WifiConfigController implements TextWatcher,
loadCertificates(
mEapCaCertSpinner,
androidKeystoreAliasLoader.getCaCertAliases(),
- null /* noCertificateString */,
+ mDoNotValidateEapServerString /* noCertificateString */,
true /* showMultipleCerts */,
true /* showUsePreinstalledCertOption */);
setSelection(mEapCaCertSpinner, mMultipleCertSetString);
@@ -1285,7 +1298,8 @@ public class WifiConfigController implements TextWatcher,
if (mView.findViewById(R.id.l_ca_cert).getVisibility() != View.GONE) {
String eapCertSelection = (String) mEapCaCertSpinner.getSelectedItem();
- if (eapCertSelection.equals(mUnspecifiedCertString)) {
+ if (eapCertSelection.equals(mDoNotValidateEapServerString)
+ || eapCertSelection.equals(mUnspecifiedCertString)) {
// Domain suffix matching is not relevant if the user hasn't chosen a CA
// certificate yet, or chooses not to validate the EAP server.
setDomainInvisible();
@@ -1546,8 +1560,7 @@ public class WifiConfigController implements TextWatcher,
}).collect(Collectors.toList()));
}
- if (!TextUtils.isEmpty(noCertificateString)
- && mAccessPointSecurity != AccessPoint.SECURITY_EAP_SUITE_B) {
+ if (mAccessPointSecurity != AccessPoint.SECURITY_EAP_SUITE_B) {
certs.add(noCertificateString);
}
diff --git a/src/com/android/settings/wifi/WifiConfigController2.java b/src/com/android/settings/wifi/WifiConfigController2.java
index ab13405232..01353b38fc 100644
--- a/src/com/android/settings/wifi/WifiConfigController2.java
+++ b/src/com/android/settings/wifi/WifiConfigController2.java
@@ -172,6 +172,7 @@ public class WifiConfigController2 implements TextWatcher,
private String mUseSystemCertsString;
private String mTrustOnFirstUse;
private String mDoNotProvideEapUserCertString;
+ private String mDoNotValidateEapServerString;
@VisibleForTesting String mInstallCertsString;
private Spinner mSecuritySpinner;
@@ -275,6 +276,8 @@ public class WifiConfigController2 implements TextWatcher,
mTrustOnFirstUse = mContext.getString(R.string.wifi_trust_on_first_use);
mDoNotProvideEapUserCertString =
mContext.getString(R.string.wifi_do_not_provide_eap_user_cert);
+ mDoNotValidateEapServerString =
+ mContext.getString(R.string.wifi_do_not_validate_eap_server);
mInstallCertsString = mContext.getString(R.string.wifi_install_credentials);
mSsidScanButton = (ImageButton) mView.findViewById(R.id.ssid_scanner_button);
@@ -528,7 +531,8 @@ public class WifiConfigController2 implements TextWatcher,
// Disallow submit if the user has not selected a CA certificate for an EAP network
// configuration.
enabled = false;
- } else if (mEapDomainView != null
+ } else if (!caCertSelection.equals(mDoNotValidateEapServerString)
+ && mEapDomainView != null
&& mView.findViewById(R.id.l_domain).getVisibility() != View.GONE
&& TextUtils.isEmpty(mEapDomainView.getText().toString())) {
// Disallow submit if the user chooses to use a certificate for EAP server
@@ -550,6 +554,7 @@ public class WifiConfigController2 implements TextWatcher,
}
void showWarningMessagesIfAppropriate() {
+ mView.findViewById(R.id.no_ca_cert_warning).setVisibility(View.GONE);
mView.findViewById(R.id.no_user_cert_warning).setVisibility(View.GONE);
mView.findViewById(R.id.no_domain_warning).setVisibility(View.GONE);
mView.findViewById(R.id.ssid_too_long_warning).setVisibility(View.GONE);
@@ -562,7 +567,13 @@ public class WifiConfigController2 implements TextWatcher,
}
if (mEapCaCertSpinner != null
&& mView.findViewById(R.id.l_ca_cert).getVisibility() != View.GONE) {
- if (mEapDomainView != null
+ String caCertSelection = (String) mEapCaCertSpinner.getSelectedItem();
+ if (caCertSelection.equals(mDoNotValidateEapServerString)) {
+ // Display warning if user chooses not to validate the EAP server with a
+ // user-supplied CA certificate in an EAP network configuration.
+ mView.findViewById(R.id.no_ca_cert_warning).setVisibility(View.VISIBLE);
+ } else if (!caCertSelection.equals(mUnspecifiedCertString)
+ && mEapDomainView != null
&& mView.findViewById(R.id.l_domain).getVisibility() != View.GONE
&& TextUtils.isEmpty(mEapDomainView.getText().toString())) {
// Display warning if user chooses to use a certificate without restricting the
@@ -710,7 +721,8 @@ public class WifiConfigController2 implements TextWatcher,
config.enterpriseConfig.setCaCertificateAliases(null);
config.enterpriseConfig.setCaPath(null);
config.enterpriseConfig.setDomainSuffixMatch(mEapDomainView.getText().toString());
- if (caCert.equals(mUnspecifiedCertString)) {
+ if (caCert.equals(mUnspecifiedCertString)
+ || caCert.equals(mDoNotValidateEapServerString)) {
// ca_cert already set to null, so do nothing.
} else if (mIsTrustOnFirstUseSupported && caCert.equals(mTrustOnFirstUse)) {
config.enterpriseConfig.enableTrustOnFirstUse(true);
@@ -745,7 +757,8 @@ public class WifiConfigController2 implements TextWatcher,
}
// Only set OCSP option if there is a valid CA certificate.
- if (caCert.equals(mUnspecifiedCertString)) {
+ if (caCert.equals(mUnspecifiedCertString)
+ || caCert.equals(mDoNotValidateEapServerString)) {
config.enterpriseConfig.setOcsp(WifiEnterpriseConfig.OCSP_NONE);
} else {
config.enterpriseConfig.setOcsp(mEapOcspSpinner.getSelectedItemPosition());
@@ -1045,7 +1058,7 @@ public class WifiConfigController2 implements TextWatcher,
loadCertificates(
mEapCaCertSpinner,
androidKeystoreAliasLoader.getCaCertAliases(),
- null /* noCertificateString */,
+ mDoNotValidateEapServerString /* noCertificateString */,
false /* showMultipleCerts */,
true /* showUsePreinstalledCertOption */);
loadCertificates(
@@ -1131,7 +1144,7 @@ public class WifiConfigController2 implements TextWatcher,
&& enterpriseConfig.isTrustOnFirstUseEnabled()) {
setSelection(mEapCaCertSpinner, mTrustOnFirstUse);
} else {
- setSelection(mEapCaCertSpinner, mUnspecifiedCertString);
+ setSelection(mEapCaCertSpinner, mDoNotValidateEapServerString);
}
} else if (caCerts.length == 1) {
setSelection(mEapCaCertSpinner, caCerts[0]);
@@ -1142,7 +1155,7 @@ public class WifiConfigController2 implements TextWatcher,
loadCertificates(
mEapCaCertSpinner,
androidKeystoreAliasLoader.getCaCertAliases(),
- null /* noCertificateString */,
+ mDoNotValidateEapServerString /* noCertificateString */,
true /* showMultipleCerts */,
true /* showUsePreinstalledCertOption */);
setSelection(mEapCaCertSpinner, mMultipleCertSetString);
@@ -1277,7 +1290,8 @@ public class WifiConfigController2 implements TextWatcher,
String eapCertSelection = (String) mEapCaCertSpinner.getSelectedItem();
if (eapCertSelection.equals(mUnspecifiedCertString)
|| (mIsTrustOnFirstUseSupported
- && eapCertSelection.equals(mTrustOnFirstUse))) {
+ && eapCertSelection.equals(mTrustOnFirstUse))
+ || eapCertSelection.equals(mUnspecifiedCertString)) {
// Domain suffix matching is not relevant if the user hasn't chosen a CA
// certificate yet, or chooses not to validate the EAP server.
setDomainInvisible();
@@ -1550,8 +1564,7 @@ public class WifiConfigController2 implements TextWatcher,
}).collect(Collectors.toList()));
}
- if (!TextUtils.isEmpty(noCertificateString)
- && mWifiEntrySecurity != WifiEntry.SECURITY_EAP_SUITE_B) {
+ if (mWifiEntrySecurity != WifiEntry.SECURITY_EAP_SUITE_B) {
certs.add(noCertificateString);
}
--
2.34.1

191
patches_treble/packages_apps_Settings/0002-Revert-Wi-Fi-Check-if-domain-field-is-not-empty-when.patch Normal file
View File

@ -0,0 +1,191 @@
From f6313909d7124630fc1146b72d847f19a026dcf6 Mon Sep 17 00:00:00 2001
From: Andy CrossGate Yan <GeForce8800Ultra@gmail.com>
Date: Fri, 16 Feb 2024 22:06:59 +0800
Subject: [PATCH 2/2] Revert "[Wi-Fi] Check if domain field is not empty when
users choose a ca certificate"
This reverts commit 8d5c8c2611adadbd5baf81d8157871005ff87497.
---
.../settings/wifi/WifiConfigController.java | 16 +++++-----
.../settings/wifi/WifiConfigController2.java | 16 +++++-----
.../wifi/WifiConfigController2Test.java | 29 -------------------
.../wifi/WifiConfigControllerTest.java | 29 -------------------
4 files changed, 18 insertions(+), 72 deletions(-)
diff --git a/src/com/android/settings/wifi/WifiConfigController.java b/src/com/android/settings/wifi/WifiConfigController.java
index 306576d102..53053c28ad 100644
--- a/src/com/android/settings/wifi/WifiConfigController.java
+++ b/src/com/android/settings/wifi/WifiConfigController.java
@@ -547,11 +547,12 @@ public class WifiConfigController implements TextWatcher,
// Disallow submit if the user has not selected a CA certificate for an EAP network
// configuration.
enabled = false;
- } else if (!caCertSelection.equals(mDoNotValidateEapServerString)
+ }
+ if (caCertSelection.equals(mUseSystemCertsString)
&& mEapDomainView != null
&& mView.findViewById(R.id.l_domain).getVisibility() != View.GONE
&& TextUtils.isEmpty(mEapDomainView.getText().toString())) {
- // Disallow submit if the user chooses to use a certificate for EAP server
+ // Disallow submit if the user chooses to use system certificates for EAP server
// validation, but does not provide a domain.
enabled = false;
}
@@ -588,12 +589,14 @@ public class WifiConfigController implements TextWatcher,
// Display warning if user chooses not to validate the EAP server with a
// user-supplied CA certificate in an EAP network configuration.
mView.findViewById(R.id.no_ca_cert_warning).setVisibility(View.VISIBLE);
- } else if (!caCertSelection.equals(mUnspecifiedCertString)
+ }
+ if (caCertSelection.equals(mUseSystemCertsString)
&& mEapDomainView != null
&& mView.findViewById(R.id.l_domain).getVisibility() != View.GONE
&& TextUtils.isEmpty(mEapDomainView.getText().toString())) {
- // Display warning if user chooses to use a certificate without restricting the
- // server domain that these certificates can be used to validate.
+ // Display warning if user chooses to use pre-installed public CA certificates
+ // without restricting the server domain that these certificates can be used to
+ // validate.
mView.findViewById(R.id.no_domain_warning).setVisibility(View.VISIBLE);
}
}
@@ -1793,8 +1796,7 @@ public class WifiConfigController implements TextWatcher,
mContext.getResources().getStringArray(contentStringArrayResId));
}
- @VisibleForTesting
- ArrayAdapter<CharSequence> getSpinnerAdapter(
+ private ArrayAdapter<CharSequence> getSpinnerAdapter(
String[] contentStringArray) {
ArrayAdapter<CharSequence> spinnerAdapter = new ArrayAdapter<>(mContext,
android.R.layout.simple_spinner_item, contentStringArray);
diff --git a/src/com/android/settings/wifi/WifiConfigController2.java b/src/com/android/settings/wifi/WifiConfigController2.java
index 01353b38fc..b08315c0f5 100644
--- a/src/com/android/settings/wifi/WifiConfigController2.java
+++ b/src/com/android/settings/wifi/WifiConfigController2.java
@@ -531,11 +531,12 @@ public class WifiConfigController2 implements TextWatcher,
// Disallow submit if the user has not selected a CA certificate for an EAP network
// configuration.
enabled = false;
- } else if (!caCertSelection.equals(mDoNotValidateEapServerString)
+ }
+ if (caCertSelection.equals(mUseSystemCertsString)
&& mEapDomainView != null
&& mView.findViewById(R.id.l_domain).getVisibility() != View.GONE
&& TextUtils.isEmpty(mEapDomainView.getText().toString())) {
- // Disallow submit if the user chooses to use a certificate for EAP server
+ // Disallow submit if the user chooses to use system certificates for EAP server
// validation, but does not provide a domain.
enabled = false;
}
@@ -572,12 +573,14 @@ public class WifiConfigController2 implements TextWatcher,
// Display warning if user chooses not to validate the EAP server with a
// user-supplied CA certificate in an EAP network configuration.
mView.findViewById(R.id.no_ca_cert_warning).setVisibility(View.VISIBLE);
- } else if (!caCertSelection.equals(mUnspecifiedCertString)
+ }
+ if (caCertSelection.equals(mUseSystemCertsString)
&& mEapDomainView != null
&& mView.findViewById(R.id.l_domain).getVisibility() != View.GONE
&& TextUtils.isEmpty(mEapDomainView.getText().toString())) {
- // Display warning if user chooses to use a certificate without restricting the
- // server domain that these certificates can be used to validate.
+ // Display warning if user chooses to use pre-installed public CA certificates
+ // without restricting the server domain that these certificates can be used to
+ // validate.
mView.findViewById(R.id.no_domain_warning).setVisibility(View.VISIBLE);
}
}
@@ -1858,8 +1861,7 @@ public class WifiConfigController2 implements TextWatcher,
mContext.getResources().getStringArray(contentStringArrayResId));
}
- @VisibleForTesting
- ArrayAdapter<CharSequence> getSpinnerAdapter(
+ private ArrayAdapter<CharSequence> getSpinnerAdapter(
String[] contentStringArray) {
ArrayAdapter<CharSequence> spinnerAdapter = new ArrayAdapter<>(mContext,
android.R.layout.simple_spinner_item, contentStringArray);
diff --git a/tests/robotests/src/com/android/settings/wifi/WifiConfigController2Test.java b/tests/robotests/src/com/android/settings/wifi/WifiConfigController2Test.java
index 9139a285e1..d2de325d00 100644
--- a/tests/robotests/src/com/android/settings/wifi/WifiConfigController2Test.java
+++ b/tests/robotests/src/com/android/settings/wifi/WifiConfigController2Test.java
@@ -269,35 +269,6 @@ public class WifiConfigController2Test {
assertThat(mController.isSubmittable()).isTrue();
}
- @Test
- public void isSubmittable_caCertWithoutDomain_shouldReturnFalse() {
- when(mWifiEntry.getSecurity()).thenReturn(WifiEntry.SECURITY_EAP);
- mController = new TestWifiConfigController2(mConfigUiBase, mView, mWifiEntry,
- WifiConfigUiBase2.MODE_CONNECT);
- mView.findViewById(R.id.l_ca_cert).setVisibility(View.VISIBLE);
- final Spinner eapCaCertSpinner = mView.findViewById(R.id.ca_cert);
- eapCaCertSpinner.setAdapter(mController.getSpinnerAdapter(new String[]{"certificate"}));
- eapCaCertSpinner.setSelection(0);
- mView.findViewById(R.id.l_domain).setVisibility(View.VISIBLE);
-
- assertThat(mController.isSubmittable()).isFalse();
- }
-
- @Test
- public void isSubmittable_caCertWithDomain_shouldReturnTrue() {
- when(mWifiEntry.getSecurity()).thenReturn(WifiEntry.SECURITY_EAP);
- mController = new TestWifiConfigController2(mConfigUiBase, mView, mWifiEntry,
- WifiConfigUiBase2.MODE_CONNECT);
- mView.findViewById(R.id.l_ca_cert).setVisibility(View.VISIBLE);
- final Spinner eapCaCertSpinner = mView.findViewById(R.id.ca_cert);
- eapCaCertSpinner.setAdapter(mController.getSpinnerAdapter(new String[]{"certificate"}));
- eapCaCertSpinner.setSelection(0);
- mView.findViewById(R.id.l_domain).setVisibility(View.VISIBLE);
- ((TextView) mView.findViewById(R.id.domain)).setText("fakeDomain");
-
- assertThat(mController.isSubmittable()).isTrue();
- }
-
@Test
public void getSignalString_notReachable_shouldHaveNoSignalString() {
when(mWifiEntry.getLevel()).thenReturn(WifiEntry.WIFI_LEVEL_UNREACHABLE);
diff --git a/tests/robotests/src/com/android/settings/wifi/WifiConfigControllerTest.java b/tests/robotests/src/com/android/settings/wifi/WifiConfigControllerTest.java
index 8ecbaf64b1..a8fde6dd29 100644
--- a/tests/robotests/src/com/android/settings/wifi/WifiConfigControllerTest.java
+++ b/tests/robotests/src/com/android/settings/wifi/WifiConfigControllerTest.java
@@ -228,35 +228,6 @@ public class WifiConfigControllerTest {
assertThat(mController.isSubmittable()).isTrue();
}
- @Test
- public void isSubmittable_caCertWithoutDomain_shouldReturnFalse() {
- when(mAccessPoint.getSecurity()).thenReturn(AccessPoint.SECURITY_EAP);
- mController = new TestWifiConfigController(mConfigUiBase, mView, mAccessPoint,
- WifiConfigUiBase.MODE_CONNECT);
- mView.findViewById(R.id.l_ca_cert).setVisibility(View.VISIBLE);
- final Spinner eapCaCertSpinner = mView.findViewById(R.id.ca_cert);
- eapCaCertSpinner.setAdapter(mController.getSpinnerAdapter(new String[]{"certificate"}));
- eapCaCertSpinner.setSelection(0);
- mView.findViewById(R.id.l_domain).setVisibility(View.VISIBLE);
-
- assertThat(mController.isSubmittable()).isFalse();
- }
-
- @Test
- public void isSubmittable_caCertWithDomain_shouldReturnTrue() {
- when(mAccessPoint.getSecurity()).thenReturn(AccessPoint.SECURITY_EAP);
- mController = new TestWifiConfigController(mConfigUiBase, mView, mAccessPoint,
- WifiConfigUiBase.MODE_CONNECT);
- mView.findViewById(R.id.l_ca_cert).setVisibility(View.VISIBLE);
- final Spinner eapCaCertSpinner = mView.findViewById(R.id.ca_cert);
- eapCaCertSpinner.setAdapter(mController.getSpinnerAdapter(new String[]{"certificate"}));
- eapCaCertSpinner.setSelection(0);
- mView.findViewById(R.id.l_domain).setVisibility(View.VISIBLE);
- ((TextView) mView.findViewById(R.id.domain)).setText("fakeDomain");
-
- assertThat(mController.isSubmittable()).isTrue();
- }
-
@Test
public void getSignalString_notReachable_shouldHaveNoSignalString() {
when(mAccessPoint.isReachable()).thenReturn(false);
--
2.34.1

99
patches_treble/treble_app/0001-Simplify-Securize-to-CheckBoxPreference-and-persist-.patch Normal file
View File

@ -0,0 +1,99 @@
From 1f423ec35afe9be5dcde2acf9a600190dd13f982 Mon Sep 17 00:00:00 2001
From: Andy CrossGate Yan <GeForce8800Ultra@gmail.com>
Date: Thu, 29 Dec 2022 15:08:49 +0000
Subject: [PATCH] Simplify Securize to CheckBoxPreference and persist prop
For "Securize on-demand"
---
app/src/main/java/me/phh/treble/app/Misc.kt | 5 +++
.../java/me/phh/treble/app/MiscSettings.kt | 33 -------------------
app/src/main/res/xml/pref_misc.xml | 7 ++--
3 files changed, 10 insertions(+), 35 deletions(-)
diff --git a/app/src/main/java/me/phh/treble/app/Misc.kt b/app/src/main/java/me/phh/treble/app/Misc.kt
index cc01af2..fc59faf 100644
--- a/app/src/main/java/me/phh/treble/app/Misc.kt
+++ b/app/src/main/java/me/phh/treble/app/Misc.kt
@@ -303,6 +303,10 @@ object Misc: EntryStartup {
val value = sp.getBoolean(key, false)
SystemProperties.set("persist.sys.phh.wifi_disable_sae", if (value) "true" else "false")
}
+ MiscSettings.securize -> {
+ val value = sp.getBoolean(key, false)
+ SystemProperties.set("persist.sys.phh.securize", if (value) "true" else "false")
+ }
}
}
@@ -330,5 +334,6 @@ object Misc: EntryStartup {
spListener.onSharedPreferenceChanged(sp, MiscSettings.noHwcomposer)
spListener.onSharedPreferenceChanged(sp, MiscSettings.storageFUSE)
spListener.onSharedPreferenceChanged(sp, MiscSettings.dt2w)
+ spListener.onSharedPreferenceChanged(sp, MiscSettings.securize)
}
}
diff --git a/app/src/main/java/me/phh/treble/app/MiscSettings.kt b/app/src/main/java/me/phh/treble/app/MiscSettings.kt
index 4ce9d97..f227ce1 100644
--- a/app/src/main/java/me/phh/treble/app/MiscSettings.kt
+++ b/app/src/main/java/me/phh/treble/app/MiscSettings.kt
@@ -56,39 +56,6 @@ class MiscSettingsFragment : SettingsFragment() {
override fun onCreatePreferences(savedInstanceState: Bundle?, rootKey: String?) {
super.onCreatePreferences(savedInstanceState, rootKey)
- val securizePref = findPreference<Preference>(MiscSettings.securize)
- securizePref!!.setOnPreferenceClickListener {
- val builder = AlertDialog.Builder( this.getActivity() )
- builder.setTitle(getString(R.string.remove_root))
- builder.setMessage(getString(R.string.continue_question))
-
- builder.setPositiveButton(android.R.string.yes) { dialog, which ->
-
- var cmds = listOf(
- arrayOf("/sbin/su", "-c", "/system/bin/phh-securize.sh"),
- arrayOf("/system/xbin/su", "-c", "/system/bin/phh-securize.sh"),
- arrayOf("/system/xbin/phh-su", "-c", "/system/bin/phh-securize.sh"),
- arrayOf("/sbin/su", "0", "/system/bin/phh-securize.sh"),
- arrayOf("/system/xbin/su", "0", "/system/bin/phh-securize.sh"),
- arrayOf("/system/xbin/phh-su", "0", "/system/bin/phh-securize.sh")
- )
- for (cmd in cmds) {
- try {
- Runtime.getRuntime().exec(cmd).waitFor()
- break
- } catch (t: Throwable) {
- Log.d("PHH", "Failed to exec \"" + cmd.joinToString(separator = " ") + "\", skipping")
- }
- }
- }
-
- builder.setNegativeButton(android.R.string.no) { dialog, which ->
- }
-
- builder.show()
- return@setOnPreferenceClickListener true
- }
-
val removeTelephonyPref = findPreference<Preference>(MiscSettings.removeTelephony)
removeTelephonyPref!!.setOnPreferenceClickListener {
diff --git a/app/src/main/res/xml/pref_misc.xml b/app/src/main/res/xml/pref_misc.xml
index 9a12f16..3d6f7de 100644
--- a/app/src/main/res/xml/pref_misc.xml
+++ b/app/src/main/res/xml/pref_misc.xml
@@ -193,8 +193,11 @@
android:entryValues="@array/pref_misc_fod_color_values"
android:key="key_misc_fod_color"
android:title="Under-display fp color" />
- <Preference android:title="Securize"
- android:key="key_misc_securize" />
+ <CheckBoxPreference
+ android:defaultValue="false"
+ android:key="key_misc_securize"
+ android:title="Spoof system properties"
+ android:summary="For better chances of passing SafetyNet\nMight cause bootloop on some devices" />
</PreferenceCategory>
<PreferenceCategory android:title="Debugging">
<Preference android:title="Debug Sensors">
--
2.34.1

36129
patches_treble/vendor_hardware_overlay/0001-TEMP-Up-TrebleApp-to-20231214.patch
View File

File diff suppressed because it is too large Load Diff