From 82aeb3d402ffe4b5a7ab478e0e1170eb64105fb2 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Mon, 3 Dec 2018 21:16:52 +0100
Subject: [PATCH] Fix adbd on devices with integrity check

Some devices (Like Samsung Galaxy J6) has integrity check.
This means that all files outside of /system are signed by the OEM.
Since we replaced /sbin/adbd, that's an issue.
Workaround this by creating a new service, called adbd_system, which
will called instead of /sbin/adbd when needed
---
 base.mk                 | 3 +++
 files/adbd.rc           | 8 ++++++++
 sepolicy/vndk_detect.te | 3 +++
 vndk-detect             | 7 ++++++-
 4 files changed, 20 insertions(+), 1 deletion(-)
 create mode 100644 files/adbd.rc

diff --git a/base.mk b/base.mk
index c1f95c8..1baeb6c 100644
--- a/base.mk
+++ b/base.mk
@@ -101,3 +101,6 @@ SELINUX_IGNORE_NEVERALLOWS := true
 # Universal NoCutoutOverlay
 PRODUCT_PACKAGES += \
     NoCutoutOverlay
+
+PRODUCT_COPY_FILES += \
+	device/phh/treble/files/adbd.rc:system/etc/init/adbd.rc
diff --git a/files/adbd.rc b/files/adbd.rc
new file mode 100644
index 0000000..55b3311
--- /dev/null
+++ b/files/adbd.rc
@@ -0,0 +1,8 @@
+service adbd_system /system/bin/adbd --root_seclabel=u:r:su:s0
+	class core
+	socket adbd stream 660 system system
+	disabled
+	seclabel u:r:adbd:s0
+
+on property:sys.usb.state=adb && property:sys.phh.five=true
+	start adbd_system
diff --git a/sepolicy/vndk_detect.te b/sepolicy/vndk_detect.te
index fd49c49..df25be3 100644
--- a/sepolicy/vndk_detect.te
+++ b/sepolicy/vndk_detect.te
@@ -19,3 +19,6 @@ allow vndk_detect self:capability { sys_admin };
 #mount -o bind /system/etc/usb_audio_policy_configuration.xml /vendor/etc/usb_audio_policy_configuration.xml
 allow init vendor_configs_file:file { getattr mounton };
 
+#/sys/module/five
+allow vndk_detect sysfs:file r_file_perms;
+allow vndk_detect sysfs:dir r_dir_perms;
diff --git a/vndk-detect b/vndk-detect
index 5e59de8..3e85fc0 100644
--- a/vndk-detect
+++ b/vndk-detect
@@ -9,7 +9,12 @@ while read version;do
 	setprop persist.sys.vndk $version
 done
 
-mount -o bind /system/bin/adbd /sbin/adbd
+if [ -d /sys/module/five ];then
+	mount -o bind /system/phh/empty /sbin/adbd
+	setprop sys.phh.five true
+else
+	mount -o bind /system/bin/adbd /sbin/adbd
+fi
 if ( getprop ro.hardware | grep -qE '(kirin970|hi3660|hi6250|hi3670)' );then
 	FOUND_HUAWEI=1
 	setprop persist.sys.bt_acl_bypass true