Add phh-securize.sh to switch to `user` build, copy vendor fingerprint, and tighten adb security
This commit is contained in:
Pierre-Hugues Husson
parent
2b4b3d6398
commit
c80de8d3fe
6
base.mk
6
base.mk
|
|
@ -132,3 +132,9 @@ PRODUCT_PACKAGES += \
|
|||
|
||||
PRODUCT_PACKAGES += \
|
||||
Stk
|
||||
|
||||
PRODUCT_PACKAGES += \
|
||||
resetprop
|
||||
PRODUCT_COPY_FILES += \
|
||||
device/phh/treble/phh-securize.sh:system/bin/phh-securize.sh \
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,15 @@
|
|||
#!/system/bin/sh
|
||||
|
||||
mount -o remount,rw /
|
||||
mount -o remount,rw /system
|
||||
|
||||
touch /system/phh/secure
|
||||
umount -l /system/xbin/su
|
||||
rm /system/xbin/su
|
||||
rm /system/bin/phh-su
|
||||
rm /system/etc/init/su.rc
|
||||
rm -Rf /system/bin/me.phh.superuser/
|
||||
mount -o remount,ro /
|
||||
mount -o remount,ro /system
|
||||
sync
|
||||
reboot
|
||||
40
rw-system.sh
40
rw-system.sh
|
|
@ -366,4 +366,44 @@ if getprop ro.vendor.build.fingerprint | grep -qiE '^samsung/' && [ "$vndk" -ge
|
|||
|
||||
chown system:system /sys/class/sec/tsp/input/enabled
|
||||
fi
|
||||
|
||||
fi
|
||||
|
||||
if [ -f /system/phh/secure ];then
|
||||
copyprop() {
|
||||
p="$(getprop "$2")"
|
||||
if [ "$p" ]; then
|
||||
resetprop "$1" "$(getprop "$2")"
|
||||
fi
|
||||
}
|
||||
|
||||
copyprop ro.build.device ro.vendor.build.device
|
||||
copyprop ro.bootimage.build.fingerprint ro.vendor.build.fingerprint
|
||||
copyprop ro.build.fingerprint ro.vendor.build.fingerprint
|
||||
copyprop ro.build.device ro.vendor.product.device
|
||||
copyprop ro.product.device ro.vendor.product.device
|
||||
copyprop ro.product.device ro.product.vendor.device
|
||||
copyprop ro.product.name ro.vendor.product.name
|
||||
copyprop ro.product.name ro.product.vendor.device
|
||||
copyprop ro.product.brand ro.vendor.product.brand
|
||||
copyprop ro.product.model ro.vendor.product.model
|
||||
copyprop ro.product.model ro.product.vendor.model
|
||||
copyprop ro.build.product ro.vendor.product.model
|
||||
copyprop ro.build.product ro.product.vendor.model
|
||||
copyprop ro.product.manufacturer ro.vendor.product.manufacturer
|
||||
copyprop ro.product.manufacturer ro.product.vendor.manufacturer
|
||||
resetprop ro.build.tags release-keys
|
||||
resetprop ro.boot.vbmeta.device_state locked
|
||||
resetprop ro.boot.verifiedbootstate green
|
||||
resetprop ro.boot.flash.locked 1
|
||||
resetprop ro.boot.veritymode enforcing
|
||||
resetprop ro.boot.warranty_bit 0
|
||||
resetprop ro.warranty_bit 0
|
||||
resetprop ro.debuggable 0
|
||||
resetprop ro.secure 1
|
||||
resetprop ro.build.type user
|
||||
resetprop ro.build.selinux 0
|
||||
|
||||
resetprop ro.adb.secure 1
|
||||
setprop ctl.restart adbd
|
||||
fi
|
||||
|
|
|
|||
Loading…
Reference in New Issue