android/device_phh_treble
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add phh-securize.sh to switch to user build, copy vendor fingerprint, and tighten adb security

Browse Source
This commit is contained in:
Pierre-Hugues Husson 2019-08-22 00:35:41 +02:00
parent 2b4b3d6398
commit c80de8d3fe
3 changed files with 61 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
base.mk
View File

@ -132,3 +132,9 @@ PRODUCT_PACKAGES += \
PRODUCT_PACKAGES += \ PRODUCT_PACKAGES += \
Stk Stk
PRODUCT_PACKAGES += \
resetprop
PRODUCT_COPY_FILES += \
device/phh/treble/phh-securize.sh:system/bin/phh-securize.sh \

15
phh-securize.sh Normal file
View File

@ -0,0 +1,15 @@
#!/system/bin/sh
mount -o remount,rw /
mount -o remount,rw /system
touch /system/phh/secure
umount -l /system/xbin/su
rm /system/xbin/su
rm /system/bin/phh-su
rm /system/etc/init/su.rc
rm -Rf /system/bin/me.phh.superuser/
mount -o remount,ro /
mount -o remount,ro /system
sync
reboot

40
rw-system.sh
View File

@ -366,4 +366,44 @@ if getprop ro.vendor.build.fingerprint | grep -qiE '^samsung/' && [ "$vndk" -ge
chown system:system /sys/class/sec/tsp/input/enabled chown system:system /sys/class/sec/tsp/input/enabled
fi fi
fi
if [ -f /system/phh/secure ];then
copyprop() {
p="$(getprop "$2")"
if [ "$p" ]; then
resetprop "$1" "$(getprop "$2")"
fi
}
copyprop ro.build.device ro.vendor.build.device
copyprop ro.bootimage.build.fingerprint ro.vendor.build.fingerprint
copyprop ro.build.fingerprint ro.vendor.build.fingerprint
copyprop ro.build.device ro.vendor.product.device
copyprop ro.product.device ro.vendor.product.device
copyprop ro.product.device ro.product.vendor.device
copyprop ro.product.name ro.vendor.product.name
copyprop ro.product.name ro.product.vendor.device
copyprop ro.product.brand ro.vendor.product.brand
copyprop ro.product.model ro.vendor.product.model
copyprop ro.product.model ro.product.vendor.model
copyprop ro.build.product ro.vendor.product.model
copyprop ro.build.product ro.product.vendor.model
copyprop ro.product.manufacturer ro.vendor.product.manufacturer
copyprop ro.product.manufacturer ro.product.vendor.manufacturer
resetprop ro.build.tags release-keys
resetprop ro.boot.vbmeta.device_state locked
resetprop ro.boot.verifiedbootstate green
resetprop ro.boot.flash.locked 1
resetprop ro.boot.veritymode enforcing
resetprop ro.boot.warranty_bit 0
resetprop ro.warranty_bit 0
resetprop ro.debuggable 0
resetprop ro.secure 1
resetprop ro.build.type user
resetprop ro.build.selinux 0
resetprop ro.adb.secure 1
setprop ctl.restart adbd
fi fi