security patch custom config

module/customize.sh

@@ -36,7 +36,7 @@ initialize
 
 ui_print "- Finalizing..."
 find_config
-migrate_old_boot_hash
+migrate_config
 
 rm -f "$MODPATH/install_func.sh"
 

module/install_func.sh

@@ -31,10 +31,25 @@ find_config() {
     [ -d "$CONFIG_DIR" ] && rm -rf "$CONFIG_DIR"
 }
 
-migrate_old_boot_hash() {
+migrate_config() {
+    # Migrate boot_hash
     if [ ! -f "/data/adb/boot_hash" ]; then
         mv "$COMPATH/boot_hash" "/data/adb/boot_hash"
     else
         rm -f "$COMPATH/boot_hash"
     fi
+
+    # Migrate security_patch config*
+    if [ ! -s "/data/adb/security_patch" ]; then
+        echo "#Tricky Addon security patch config" > "/data/adb/security_patch"
+    fi
+    for value in auto_config custom_config all system vendor boot; do
+        if ! grep -q "^$value=" "/data/adb/security_patch"; then
+            if [ "$value" = "auto_config" ]; then
+                echo "$value=1" >> "/data/adb/security_patch"
+            else
+                echo "$value=0" >> "/data/adb/security_patch"
+            fi
+        fi
+    done
 }

module/service.sh

@@ -23,17 +23,11 @@ add_denylist_to_target() {
     done
 }
 
-# Reset verified Boot Hash
+set_security_patch() {
-hash_value=$(grep -v '^#' "/data/adb/boot_hash" | tr -d '[:space:]')
+    vendor_patch=$(getprop ro.vendor.build.security_patch | sed 's/-//g')
-if [ -n "$hash_value" ]; then
+    vendor_patch_after_1y=$(echo "$vendor_patch + 10000" | bc)
-    resetprop -n ro.boot.vbmeta.digest "$hash_value"
+    TODAY=$(date +%Y%m%d)
-fi
+    if [ "$TODAY" -ge "$vendor_patch_after_1y" ]; then
-
-# Spoof security patch if older than 1 year
-vendor_patch=$(getprop ro.vendor.build.security_patch | sed 's/-//g')
-vendor_patch_after_1y=$(echo "$vendor_patch + 10000" | bc)
-TODAY=$(date +%Y%m%d)
-if [ "$TODAY" -ge "$vendor_patch_after_1y" ]; then
     [ -f "/data/adb/modules/playintegrityfix/pif.json" ] && PIF="/data/adb/modules/playintegrityfix/pif.json"
     [ -f "/data/adb/pif.json" ] && PIF="/data/adb/pif.json"
     [ -f "/data/adb/modules/playintegrityfix/custom.pif.json" ] && PIF="/data/adb/modules/playintegrityfix/custom.pif.json"
@@ -50,9 +44,35 @@ if [ "$TODAY" -ge "$vendor_patch_after_1y" ]; then
         else
             echo "all=$formatted_security_patch" > "$TARGET_DIR/security_patch.txt"
         fi
+        fi
+    fi
+}
+
+# Spoof security patch if older than 1 year
+if grep -q "^auto_config=1" "/data/adb/security_patch"; then
+    # Auto config
+    set_security_patch
+elif grep -q "^custom_config=1" "/data/adb/security_patch"; then
+    # Custom config
+    if ! grep -q "^all=0" "/data/adb/security_patch"; then
+        echo "all=$(grep "^all=" "/data/adb/security_patch" | cut -d'=' -f2)" > "$TARGET_DIR/security_patch.txt"
+    else
+        > "$TARGET_DIR/security_patch.txt"
+        for value in system vendor boot; do
+            if grep -q "^$value=" "/data/adb/security_patch"; then
+                echo "$value=$(grep "^$value=" "/data/adb/security_patch" | cut -d'=' -f2)" >> "$TARGET_DIR/security_patch.txt"
+            fi
+        done
     fi
 fi
 
+# Reset verified Boot Hash
+hash_value=$(grep -v '^#' "/data/adb/boot_hash" | tr -d '[:space:]')
+if [ -n "$hash_value" ]; then
+    resetprop -n ro.boot.vbmeta.digest "$hash_value"
+fi
+
+
 # Disable TSupport-A auto update target to prevent overwrite
 if [ -d "$TSPA" ]; then
     touch "/storage/emulated/0/stop-tspa-auto-target"

module/uninstall.sh

@@ -10,6 +10,7 @@ fi
 # Remove residue and restore aosp keybox.
 rm -rf "/data/adb/modules/.TA_utl"
 rm -f "/data/adb/boot_hash"
+rm -f "/data/adb/security_patch"
 rm -f "/data/adb/tricky_store/target_from_denylist"
 if [ -d "$TS" ]; then
     [ -L "$TS/webroot" ] && rm -f "$TS/webroot"