createwhitelist() { ui_print " "; ui_print "Creating priv-app whitelist..."; spoofperm=android.permission.FAKE_PACKAGE_SIGNATURE; spoofpermod=61006e00640072006f00690064002e007000650072006d0069007300730069006f006e002e00460041004b0045005f005000410043004b004100470045005f005300490047004e00410054005500520045; hasspoof=false; syslist="$filedir/privlist/privperm.list"; applist="$filedir/privlist/app.lst"; permlist="$filedir/privlist/app.xml"; unzip -oq "$zipfile" "privlist/*" -d "$filedir"; case "$arch" in arm*) aapt="$filedir/privlist/aapt-arm"; ;; x86*) aapt="$filedir/privlist/aapt-x86"; ;; mips*) aapt="$filedir/privlist/aapt-mips"; ;; esac; [ -f "$aapt" ] || abort "No AAPT available"; chmod 777 "$aapt"; "$aapt" dump xmltree "/$sysroot/system/framework/framework-res.apk" AndroidManifest.xml | \ tr -d '\n' | sed -e 's/E:/\n/g' | grep '(type 0x11)0x[137]2' | \ awk -F\" '{print $2}' | sort > "$syslist"; unzip -oq "/$sysroot/system/framework/framework-res.apk" "AndroidManifest.xml" -d "$filedir/privlist/"; grep -qF "$spoofperm" "$filedir/privlist/AndroidManifest.xml" && hasspoof=true; od -A n -t x1 "$filedir/privlist/AndroidManifest.xml" | tr -d ' \n' | grep -qF "$spoofpermod" && hasspoof=true; if $hasspoof; then echo "android.permission.FAKE_PACKAGE_SIGNATURE" >> "${syslist}"; else log "WHITELISTER: No native sigspoof found"; fi; buildlist() { "${aapt}" dump permissions "$privobject" | \ awk -F \' '/^uses-permission:/{print $2}' | \ sort > "$applist"; [ "$(cat "$applist")" ] || return 1; echo ' ' > "$permlist"; for perm in $(cat "$applist"); do if grep -q "$perm" "$syslist"; then log "WHITELISTER: $package needs privapp-whitelist $perm"; echo ' ' >> "$permlist"; fi; done; echo ' ' >> "$permlist"; } unzip -oq "$zipfile" "system/priv-app/*" -d "$filedir"; for object in $stuff; do case $object in /system/priv-app/*/*.apk) ;; *) continue;; esac; for realobject in $filedir/$object; do privobject="$realobject"; break; done; [ -f "$privobject" ] || { log "ERROR: $privobject vanished"; continue; } package="$("$aapt" dump badging "$privobject" | awk -F \' '/^package: name/{print $2}')"; log "WHITELISTER: Building list for $object"; buildlist || continue; mkdir -p "$filedir/system/etc/permissions/"; mv -f "$permlist" "$filedir/system/etc/permissions/$package.xml"; stuff="$stuff /system/etc/permissions/$package.xml "; done; for object in $stuff_arch; do case $object in /system/priv-app/*/*.apk) ;; *) continue;; esac; for realobject in "$filedir/$(dirname "$object")"/*-"$arch"-*/"$(basename "$object")"; do privobject="$realobject"; break; done; [ -f "$privobject" ] || { log "ERROR: $privobject vanished"; continue; } package="$("$aapt" dump badging "$privobject" | awk -F \' '/^package: name/{print $2}')"; log "WHITELISTER: Building list for $object ($cond)"; cond="$(basename "$(dirname "$privobject")")"; buildlist; mkdir -p "$filedir/system/etc/permissions/$cond/"; mv -f "$permlist" "$filedir/system/etc/permissions/$cond/$package.xml"; stuff_arch="$stuff_arch /system/etc/permissions/$package.xml "; done; for object in $stuff_sdk; do case $object in /system/priv-app/*/*.apk) ;; *) continue;; esac; for realobject in "$filedir/$(dirname "$object")"/*-"$sdk"-*/"$(basename "$object")"; do privobject="$realobject"; break; done; [ -f "$privobject" ] || { log "ERROR: $privobject vanished"; continue; } package="$("$aapt" dump badging "$privobject" | awk -F \' '/^package: name/{print $2}')"; cond="$(basename "$(dirname "$privobject")")"; log "WHITELISTER: Building list for $object ($cond)"; buildlist; mkdir -p "$filedir/system/etc/permissions/$cond/"; mv -f "$permlist" "$filedir/system/etc/permissions/$cond/$package.xml"; stuff_sdk="$stuff_sdk /system/etc/permissions/$package.xml "; done; for object in $stuff_arch_sdk; do case $object in /system/priv-app/*/*.apk) ;; *) continue;; esac; for realobject in "$filedir/$(dirname "$object")"/*-"$arch"-*-"$sdk"-*/"$(basename "$object")"; do privobject="$realobject"; break; done; [ -f "$privobject" ] || { log "ERROR: $privobject vanished"; continue; } package="$("$aapt" dump badging "$privobject" | awk -F \' '/^package: name/{print $2}')"; cond="$(basename "$(dirname "$privobject")")"; log "WHITELISTER: Building list for $object ($cond)"; buildlist; mkdir -p "$filedir/system/etc/permissions/$cond/"; mv -f "$permlist" "$filedir/system/etc/permissions/$cond/$package.xml"; stuff_arch_sdk="$stuff_arch_sdk /system/etc/permissions/$package.xml "; done; } getwhitelist() { echo " "; echo " - Getting priv-app permissions..."; privpermlist="util/privperms.lst"; privpermurl="https://developer.android.com/reference/android/Manifest.permission"; wget -q --show-progress "$privpermurl" -O "$tmpdir/tmppage" || { echo "ERROR: Android permission docpage failed to download" >&2; return 1; } lines="$(grep -En "" "$tmpdir/tmppage" | grep -A1 "ENUM CONSTANTS DETAIL" | sed "s|:| |g" | awk '{ print $1 }')"; for line in $lines; do [ "$startline" ] && endline="$line" || startline="$line"; done; cat "$tmpdir/tmppage" | tail -n+"$(($startline + 1))" | head -n"$(($endline - $startline - 1))" | tr -d "\n" | sed "s|
"$tmpdir/tmplist"; echo "android.permission.FAKE_PACKAGE_SIGNATURE" >> "$tmpdir/tmplist"; cat "$resdldir/$privpermlist" "$tmpdir/tmplist" | sort -u > "$tmpdir/sortedlist"; mv -f "$tmpdir/sortedlist" "$resdldir/$privpermlist"; } checkwhitelist() { echo " "; echo " - Checking priv-app permissions..."; aapt="util/aapt"; privpermlist="util/privperms.lst"; [ -f "$resdldir/$privpermlist" ] || { echo "ERROR: No privileged permission list to check" >&2; return 1; } [ -f "$resdldir/$aapt" ] || { echo "ERROR: No aapt found" >&2; return 1; } privlogfile="$(ls -t $reldir/update-*.log | head)"; for privappfile in $(cat "$reldir/$privlogfile" | grep -Po "FILE: [^,]*" | cut -d" " -f2 | grep -o "/system/priv-app/.*/.*.apk"); do [ -f "$privappfile" ] || { echo "ERROR: Privapp $privappfile not found" >&2; continue; } privperms=""; privapppackage="$("$resdldir/$aapt" dump badging "$privappfile" | grep -o "package: name=[^ ]*" | sed "s|'| |g" | awk '{ print $3 }')" privappperms="$("$resdldir/$aapt" dump permissions "$privappfile" | grep -o "uses-permission: name=[^ ]*" | sed "s|'| |g" | awk '{ print $3 }' | sort -u)"; for privperm in in $privappperms; do grep -q "$privperm" "$resdldir/$privpermlist" || continue; grep -q "$privperm" "$resdir/system/etc/permissions/$privapppackage.xml" && continue; privperms="$privperm $privperms"; done; [ "$privperms" ] || continue; echo " "; echo " -- File: $privappfile"; echo " -- Package: $privapppackage"; for permentry in $privperms; do echo " ++ Needs whitelisting perm $permentry"; done; done; }