From 81294c7c0606901efa07ca313f4a94a9c45ca053 Mon Sep 17 00:00:00 2001
From: FriendlyNeighborhoodShane <shane.880088.supw@gmail.com>
Date: Tue, 18 Jan 2022 22:27:07 +0530
Subject: [PATCH] res: add npem to res as part of repo

MinMicroG has always had to modify npem for its own apps, but now NanoDroid
seems to have gone on hiatus, and important changes are sitting in PRs.

I fgfure it'd be more convenient if we just maintain a clone in-tree and
keep it up to date with NanoDroid's changes.
---
 conf/resdl-download.txt |  1 -
 res/system/bin/npem     | 89 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 89 insertions(+), 1 deletion(-)
 create mode 100644 res/system/bin/npem

diff --git a/conf/resdl-download.txt b/conf/resdl-download.txt
index cd9bb8d..1acb324 100644
--- a/conf/resdl-download.txt
+++ b/conf/resdl-download.txt
@@ -32,7 +32,6 @@ stuff_download="
   /system/app/GoogleContactsSyncAdapter/-28-/GoogleContactsSyncAdapter.apk                      direct  https://gitlab.opengapps.org/opengapps/all/raw/master/app/com.google.android.syncadapters.contacts/28/nodpi/28.apk
   /system/app/GoogleContactsSyncAdapter/-29-/GoogleContactsSyncAdapter.apk                      direct  https://gitlab.opengapps.org/opengapps/all/raw/master/app/com.google.android.syncadapters.contacts/29/nodpi/29.apk
   /system/app/GoogleContactsSyncAdapter/-30-/GoogleContactsSyncAdapter.apk                      direct  https://gitlab.opengapps.org/opengapps/all/raw/master/app/com.google.android.syncadapters.contacts/30/nodpi/30.apk
-  /system/bin/npem                                                                              direct  https://gitlab.com/nanolx/nanodroid/raw/master/Full/system/bin/nanodroid-perm
   /system/framework/com.google.android.media.effects.jar                                        direct  https://gitlab.opengapps.org/opengapps/all/raw/master/framework/19/com.google.android.media.effects.jar
   /system/framework/com.google.widevine.software.drm.jar                                        direct  https://gitlab.opengapps.org/opengapps/all/raw/master/framework/19/com.google.widevine.software.drm.jar
   /system/lib/-arm--19-21-22-23-24-25-26-27-28-29-30-/libjni_keyboarddecoder.so                 direct  https://gitlab.opengapps.org/opengapps/arm/raw/master/lib/23/libjni_keyboarddecoder.so
diff --git a/res/system/bin/npem b/res/system/bin/npem
new file mode 100644
index 0000000..740cdde
--- /dev/null
+++ b/res/system/bin/npem
@@ -0,0 +1,89 @@
+#!/system/bin/sh
+# originally created by NanoDroid
+# vendored and modified for MinMicroG
+
+# Permissions
+perm_fake="android.permission.FAKE_PACKAGE_SIGNATURE"
+perm_floc="android.permission.ACCESS_FINE_LOCATION"
+perm_cloc="android.permission.ACCESS_COARSE_LOCATION"
+perm_bloc="android.permission.ACCESS_BACKGROUND_LOCATION"
+perm_calr="android.permission.READ_CALENDAR"
+perm_calw="android.permission.WRITE_CALENDAR"
+perm_conr="android.permission.READ_CONTACTS"
+perm_conw="android.permission.WRITE_CONTACTS"
+perm_gacc="android.permission.GET_ACCOUNTS"
+perm_rsms="android.permission.RECEIVE_SMS"
+
+# Packages
+microG="com.google.android.gms"
+PlayStore="com.android.vending"
+GCalSync="com.google.android.syncadapters.calendar"
+GConSync="com.google.android.syncadapters.contacts"
+nlpIchnaea="org.microg.nlp.backend.ichnaea"
+nlpDejavu="org.fitchfamily.android.dejavu"
+nlpApple="org.microg.nlp.backend.apple"
+nlpBmap="org.openbmap.unifiedNlp"
+
+# GmsCore userId
+gms_uid=$(dumpsys package com.google.android.gms | awk -F= '/userId/{print $2; exit}')
+
+error () {
+	echo "!! ${@}"
+	exit 1
+}
+
+check_package () {
+	pm list packages | grep -q "^package:${1}$" && return 0 || return 1
+}
+
+check_permission () {
+	[[ $(dumpsys package ${1} | grep -Eo "^[ ]+${2}: granted=true") ]] && return 0 || return 1
+}
+
+grant_permission () {
+	if [ -n "${3}" ]; then
+		pm grant --user ${3} ${1} ${2} 2>/dev/null
+	else
+		pm grant ${1} ${2} 2>/dev/null
+	fi
+}
+
+permissions () {
+	if check_package ${1}; then
+		echo "package ${1} found"
+		if ! check_permission ${1} ${2}; then
+			grant_permission ${1} ${2} ${3} && \
+				echo "permission ${2} granted" || \
+				echo "failed to grant permission ${2}"
+		else	echo "already has permission ${2}"
+		fi
+	fi
+}
+
+[[ $(whoami) = "root" ]] || [[ $(whoami) = "shell" ]] || error "not running as either ADB or root"
+
+# Fake Package Signature
+permissions ${microG} ${perm_fake}
+permissions ${PlayStore} ${perm_fake}
+
+# Location
+for app in ${microG} ${nlpIchnaea} ${nlpDejavu} ${nlpApple} ${nlpBmap}; do
+	permissions ${app} ${perm_cloc}
+done
+
+for app in ${microG} ${nlpIchnaea} ${nlpDejavu} ${nlpApple}; do
+	permissions ${app} ${perm_floc}
+done
+
+# Restricted permissions
+permissions ${microG} ${perm_bloc} ${gms_uid}
+permissions ${microG} ${perm_rsms} ${gms_uid}
+
+# Google Calendar Sync
+permissions ${GCalSync} ${perm_calr}
+permissions ${GCalSync} ${perm_calw}
+
+# Google Contacts Sync
+permissions ${GConSync} ${perm_conr}
+permissions ${GConSync} ${perm_conw}
+permissions ${GConSync} ${perm_gacc}