mirror of
https://github.com/FriendlyNeighborhoodShane/MinMicroG
synced 2024-11-18 15:25:35 +00:00
201 lines
7.4 KiB
Plaintext
201 lines
7.4 KiB
Plaintext
createwhitelist() {
|
|
|
|
ui_print " ";
|
|
ui_print "Creating priv-app whitelist...";
|
|
|
|
spoofperm=android.permission.FAKE_PACKAGE_SIGNATURE;
|
|
spoofpermod=61006e00640072006f00690064002e007000650072006d0069007300730069006f006e002e00460041004b0045005f005000410043004b004100470045005f005300490047004e00410054005500520045;
|
|
hasspoof=false;
|
|
syslist="$filedir/privlist/privperm.list";
|
|
applist="$filedir/privlist/app.lst";
|
|
permlist="$filedir/privlist/app.xml";
|
|
|
|
unzip -oq "$zipfile" "privlist/*" -d "$filedir";
|
|
|
|
case "$arch" in
|
|
arm*)
|
|
aapt="$filedir/privlist/aapt-arm";
|
|
;;
|
|
x86*)
|
|
aapt="$filedir/privlist/aapt-x86";
|
|
;;
|
|
mips*)
|
|
aapt="$filedir/privlist/aapt-mips";
|
|
;;
|
|
esac;
|
|
[ -f "$aapt" ] || abort "No AAPT available";
|
|
chmod 777 "$aapt";
|
|
|
|
"$aapt" dump xmltree "/$sysroot/system/framework/framework-res.apk" AndroidManifest.xml | \
|
|
tr -d '\n' | sed -e 's/E:/\n/g' | grep '(type 0x11)0x[137]2' | \
|
|
awk -F\" '{print $2}' | sort > "$syslist";
|
|
|
|
unzip -oq "/$sysroot/system/framework/framework-res.apk" "AndroidManifest.xml" -d "$filedir/privlist/";
|
|
|
|
grep -qF "$spoofperm" "$filedir/privlist/AndroidManifest.xml" && hasspoof=true;
|
|
od -A n -t x1 "$filedir/privlist/AndroidManifest.xml" | tr -d ' \n' | grep -qF "$spoofpermod" && hasspoof=true;
|
|
|
|
if $hasspoof; then echo "android.permission.FAKE_PACKAGE_SIGNATURE" >> "${syslist}"; else log "WHITELISTER: No native sigspoof found"; fi;
|
|
|
|
buildlist() {
|
|
|
|
"${aapt}" dump permissions "$privobject" | \
|
|
awk -F \' '/^uses-permission:/{print $2}' | \
|
|
sort > "$applist";
|
|
|
|
[ "$(cat "$applist")" ] || return 1;
|
|
|
|
echo '<?xml version="1.0" encoding="utf-8"?>
|
|
<permissions>
|
|
<privapp-permissions package="'$package'">' > "$permlist";
|
|
|
|
for perm in $(cat "$applist"); do
|
|
if grep -q "$perm" "$syslist"; then
|
|
log "WHITELISTER: $package needs privapp-whitelist $perm";
|
|
echo ' <permission name="'$perm'" />' >> "$permlist";
|
|
fi;
|
|
done;
|
|
|
|
echo ' </privapp-permissions>
|
|
</permissions>' >> "$permlist";
|
|
|
|
}
|
|
|
|
unzip -oq "$zipfile" "system/priv-app/*" -d "$filedir";
|
|
|
|
for object in $stuff; do
|
|
case $object in
|
|
/system/priv-app/*/*.apk) ;;
|
|
*) continue;;
|
|
esac;
|
|
for realobject in $filedir/$object; do
|
|
privobject="$realobject"; break;
|
|
done;
|
|
[ -f "$privobject" ] || { log "ERROR: $privobject vanished"; continue; }
|
|
package="$("$aapt" dump badging "$privobject" | awk -F \' '/^package: name/{print $2}')";
|
|
log "WHITELISTER: Building list for $object";
|
|
buildlist || continue;
|
|
mkdir -p "$filedir/system/etc/permissions/";
|
|
mv -f "$permlist" "$filedir/system/etc/permissions/$package.xml";
|
|
stuff="$stuff
|
|
/system/etc/permissions/$package.xml
|
|
";
|
|
done;
|
|
|
|
for object in $stuff_arch; do
|
|
case $object in
|
|
/system/priv-app/*/*.apk) ;;
|
|
*) continue;;
|
|
esac;
|
|
for realobject in "$filedir/$(dirname "$object")"/*-"$arch"-*/"$(basename "$object")"; do
|
|
privobject="$realobject"; break;
|
|
done;
|
|
[ -f "$privobject" ] || { log "ERROR: $privobject vanished"; continue; }
|
|
package="$("$aapt" dump badging "$privobject" | awk -F \' '/^package: name/{print $2}')";
|
|
log "WHITELISTER: Building list for $object ($cond)";
|
|
cond="$(basename "$(dirname "$privobject")")";
|
|
buildlist;
|
|
mkdir -p "$filedir/system/etc/permissions/$cond/";
|
|
mv -f "$permlist" "$filedir/system/etc/permissions/$cond/$package.xml";
|
|
stuff_arch="$stuff_arch
|
|
/system/etc/permissions/$package.xml
|
|
";
|
|
done;
|
|
|
|
for object in $stuff_sdk; do
|
|
case $object in
|
|
/system/priv-app/*/*.apk) ;;
|
|
*) continue;;
|
|
esac;
|
|
for realobject in "$filedir/$(dirname "$object")"/*-"$sdk"-*/"$(basename "$object")"; do
|
|
privobject="$realobject"; break;
|
|
done;
|
|
[ -f "$privobject" ] || { log "ERROR: $privobject vanished"; continue; }
|
|
package="$("$aapt" dump badging "$privobject" | awk -F \' '/^package: name/{print $2}')";
|
|
cond="$(basename "$(dirname "$privobject")")";
|
|
log "WHITELISTER: Building list for $object ($cond)";
|
|
buildlist;
|
|
mkdir -p "$filedir/system/etc/permissions/$cond/";
|
|
mv -f "$permlist" "$filedir/system/etc/permissions/$cond/$package.xml";
|
|
stuff_sdk="$stuff_sdk
|
|
/system/etc/permissions/$package.xml
|
|
";
|
|
done;
|
|
|
|
for object in $stuff_arch_sdk; do
|
|
case $object in
|
|
/system/priv-app/*/*.apk) ;;
|
|
*) continue;;
|
|
esac;
|
|
for realobject in "$filedir/$(dirname "$object")"/*-"$arch"-*-"$sdk"-*/"$(basename "$object")"; do
|
|
privobject="$realobject"; break;
|
|
done;
|
|
[ -f "$privobject" ] || { log "ERROR: $privobject vanished"; continue; }
|
|
package="$("$aapt" dump badging "$privobject" | awk -F \' '/^package: name/{print $2}')";
|
|
cond="$(basename "$(dirname "$privobject")")";
|
|
log "WHITELISTER: Building list for $object ($cond)";
|
|
buildlist;
|
|
mkdir -p "$filedir/system/etc/permissions/$cond/";
|
|
mv -f "$permlist" "$filedir/system/etc/permissions/$cond/$package.xml";
|
|
stuff_arch_sdk="$stuff_arch_sdk
|
|
/system/etc/permissions/$package.xml
|
|
";
|
|
done;
|
|
|
|
}
|
|
|
|
getwhitelist() {
|
|
|
|
echo " ";
|
|
echo " - Getting priv-app permissions...";
|
|
|
|
privpermlist="util/privperms.lst";
|
|
privpermurl="https://developer.android.com/reference/android/Manifest.permission";
|
|
|
|
wget -q --show-progress "$privpermurl" -O "$tmpdir/tmppage" || { echo "ERROR: Android permission docpage failed to download" >&2; return 1; }
|
|
|
|
lines="$(grep -En "<!-- [=]* [A-Z ]* [=]* -->" "$tmpdir/tmppage" | grep -A1 "ENUM CONSTANTS DETAIL" | sed "s|:| |g" | awk '{ print $1 }')";
|
|
for line in $lines; do
|
|
[ "$startline" ] && endline="$line" || startline="$line";
|
|
done;
|
|
cat "$tmpdir/tmppage" | tail -n+"$(($startline + 1))" | head -n"$(($endline - $startline - 1))" | tr -d "\n" | sed "s|<div data|\n|g" | grep "Not for use by third-party applications" | grep -oE "android.permission.[A-Z_]*" > "$tmpdir/tmplist";
|
|
echo "android.permission.FAKE_PACKAGE_SIGNATURE" >> "$tmpdir/tmplist";
|
|
|
|
cat "$resdldir/$privpermlist" "$tmpdir/tmplist" | sort -u > "$tmpdir/sortedlist";
|
|
mv -f "$tmpdir/sortedlist" "$resdldir/$privpermlist";
|
|
|
|
}
|
|
|
|
checkwhitelist() {
|
|
|
|
echo " ";
|
|
echo " - Checking priv-app permissions...";
|
|
|
|
aapt="util/aapt";
|
|
privpermlist="util/privperms.lst";
|
|
|
|
[ -f "$resdldir/$privpermlist" ] || { echo "ERROR: No privileged permission list to check" >&2; return 1; }
|
|
[ -f "$resdldir/$aapt" ] || { echo "ERROR: No aapt found" >&2; return 1; }
|
|
|
|
privlogfile="$(ls -t $reldir/update-*.log | head)";
|
|
for privappfile in $(cat "$reldir/$privlogfile" | grep -Po "FILE: [^,]*" | cut -d" " -f2 | grep -o "/system/priv-app/.*/.*.apk"); do
|
|
[ -f "$privappfile" ] || { echo "ERROR: Privapp $privappfile not found" >&2; continue; }
|
|
privperms="";
|
|
privapppackage="$("$resdldir/$aapt" dump badging "$privappfile" | grep -o "package: name=[^ ]*" | sed "s|'| |g" | awk '{ print $3 }')"
|
|
privappperms="$("$resdldir/$aapt" dump permissions "$privappfile" | grep -o "uses-permission: name=[^ ]*" | sed "s|'| |g" | awk '{ print $3 }' | sort -u)";
|
|
for privperm in in $privappperms; do
|
|
grep -q "$privperm" "$resdldir/$privpermlist" || continue;
|
|
grep -q "$privperm" "$resdir/system/etc/permissions/$privapppackage.xml" && continue;
|
|
privperms="$privperm $privperms";
|
|
done;
|
|
[ "$privperms" ] || continue;
|
|
echo " ";
|
|
echo " -- File: $privappfile";
|
|
echo " -- Package: $privapppackage";
|
|
for permentry in $privperms; do
|
|
echo " ++ Needs whitelisting perm $permentry";
|
|
done;
|
|
done;
|
|
|
|
}
|