From d534185d48a6b17f23ec16ed622154e541f70234 Mon Sep 17 00:00:00 2001 From: KOWX712 Date: Tue, 11 Feb 2025 12:59:54 +0800 Subject: [PATCH] security patch custom config --- module/customize.sh | 2 +- module/install_func.sh | 17 ++++++++++++++++- module/service.sh | 42 +++++++++++++++++++++++++++++++----------- module/uninstall.sh | 1 + 4 files changed, 49 insertions(+), 13 deletions(-) diff --git a/module/customize.sh b/module/customize.sh index c04ada7..11f72b1 100644 --- a/module/customize.sh +++ b/module/customize.sh @@ -36,7 +36,7 @@ initialize ui_print "- Finalizing..." find_config -migrate_old_boot_hash +migrate_config rm -f "$MODPATH/install_func.sh" diff --git a/module/install_func.sh b/module/install_func.sh index bcccc47..744e77a 100644 --- a/module/install_func.sh +++ b/module/install_func.sh @@ -31,10 +31,25 @@ find_config() { [ -d "$CONFIG_DIR" ] && rm -rf "$CONFIG_DIR" } -migrate_old_boot_hash() { +migrate_config() { + # Migrate boot_hash if [ ! -f "/data/adb/boot_hash" ]; then mv "$COMPATH/boot_hash" "/data/adb/boot_hash" else rm -f "$COMPATH/boot_hash" fi + + # Migrate security_patch config* + if [ ! -s "/data/adb/security_patch" ]; then + echo "#Tricky Addon security patch config" > "/data/adb/security_patch" + fi + for value in auto_config custom_config all system vendor boot; do + if ! grep -q "^$value=" "/data/adb/security_patch"; then + if [ "$value" = "auto_config" ]; then + echo "$value=1" >> "/data/adb/security_patch" + else + echo "$value=0" >> "/data/adb/security_patch" + fi + fi + done } diff --git a/module/service.sh b/module/service.sh index 2c403c3..677f4a2 100644 --- a/module/service.sh +++ b/module/service.sh @@ -23,17 +23,11 @@ add_denylist_to_target() { done } -# Reset verified Boot Hash -hash_value=$(grep -v '^#' "/data/adb/boot_hash" | tr -d '[:space:]') -if [ -n "$hash_value" ]; then - resetprop -n ro.boot.vbmeta.digest "$hash_value" -fi - -# Spoof security patch if older than 1 year -vendor_patch=$(getprop ro.vendor.build.security_patch | sed 's/-//g') -vendor_patch_after_1y=$(echo "$vendor_patch + 10000" | bc) -TODAY=$(date +%Y%m%d) -if [ "$TODAY" -ge "$vendor_patch_after_1y" ]; then +set_security_patch() { + vendor_patch=$(getprop ro.vendor.build.security_patch | sed 's/-//g') + vendor_patch_after_1y=$(echo "$vendor_patch + 10000" | bc) + TODAY=$(date +%Y%m%d) + if [ "$TODAY" -ge "$vendor_patch_after_1y" ]; then [ -f "/data/adb/modules/playintegrityfix/pif.json" ] && PIF="/data/adb/modules/playintegrityfix/pif.json" [ -f "/data/adb/pif.json" ] && PIF="/data/adb/pif.json" [ -f "/data/adb/modules/playintegrityfix/custom.pif.json" ] && PIF="/data/adb/modules/playintegrityfix/custom.pif.json" @@ -50,9 +44,35 @@ if [ "$TODAY" -ge "$vendor_patch_after_1y" ]; then else echo "all=$formatted_security_patch" > "$TARGET_DIR/security_patch.txt" fi + fi + fi +} + +# Spoof security patch if older than 1 year +if grep -q "^auto_config=1" "/data/adb/security_patch"; then + # Auto config + set_security_patch +elif grep -q "^custom_config=1" "/data/adb/security_patch"; then + # Custom config + if ! grep -q "^all=0" "/data/adb/security_patch"; then + echo "all=$(grep "^all=" "/data/adb/security_patch" | cut -d'=' -f2)" > "$TARGET_DIR/security_patch.txt" + else + > "$TARGET_DIR/security_patch.txt" + for value in system vendor boot; do + if grep -q "^$value=" "/data/adb/security_patch"; then + echo "$value=$(grep "^$value=" "/data/adb/security_patch" | cut -d'=' -f2)" >> "$TARGET_DIR/security_patch.txt" + fi + done fi fi +# Reset verified Boot Hash +hash_value=$(grep -v '^#' "/data/adb/boot_hash" | tr -d '[:space:]') +if [ -n "$hash_value" ]; then + resetprop -n ro.boot.vbmeta.digest "$hash_value" +fi + + # Disable TSupport-A auto update target to prevent overwrite if [ -d "$TSPA" ]; then touch "/storage/emulated/0/stop-tspa-auto-target" diff --git a/module/uninstall.sh b/module/uninstall.sh index 115d2dd..7b75e36 100644 --- a/module/uninstall.sh +++ b/module/uninstall.sh @@ -10,6 +10,7 @@ fi # Remove residue and restore aosp keybox. rm -rf "/data/adb/modules/.TA_utl" rm -f "/data/adb/boot_hash" +rm -f "/data/adb/security_patch" rm -f "/data/adb/tricky_store/target_from_denylist" if [ -d "$TS" ]; then [ -L "$TS/webroot" ] && rm -f "$TS/webroot"