GitHub/opengapps
1
0
Fork 0
mirror of https://github.com/opengapps/opengapps.git synced 2025-11-08 07:54:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Initial version of runtime-permissions script support #93

Browse Source
This commit is contained in:
mfonville
2016-01-13 00:37:35 +01:00
parent 8ee1fb8352
commit 6fd25d07fc
2 changed files with 113 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
scripts/inc.compatibility.sh
+47
View File
@@ -205,6 +205,53 @@ minapihack(){
esac
}
runtimepermissionshack(){
tee -a "$build/META-INF/com/google/android/update-binary" > /dev/null <<'EOFILE'
install -d "$(dirname "$run_perms")"
if [ ! -e "$run_perms" ]; then
fingerprint="$(file_getprop "$BPROP" "ro.build.fingerprint")"
echo "<?xml version='1.0' encoding='utf-8' standalone='yes' ?>
<runtime-permissions fingerprint=\"$fingerprint\">
</runtime-permissions>" > "$run_perms"
fi
#We (only) set permissions of apps that are part of core or that are direct replacements of AOSP/Stock apps with a high level of system integration
fixpkgperms "com.android.vending" "CONTACTS_PERMISSIONS" "LOCATION_PERMISSIONS" "PHONE_PERMISSIONS" "SMS_PERMISSIONS"
fixpkgperms "com.google.android.apps.gcs" "CONTACTS_PERMISSIONS" "LOCATION_PERMISSIONS"
fixpkgperms "com.google.android.apps.messaging" "CAMERA_PERMISSIONS" "CONTACTS_PERMISSIONS" "LOCATION_PERMISSIONS" "MICROPHONE_PERMISSIONS" "PHONE_PERMISSIONS" "SMS_PERMISSIONS" "STORAGE_PERMISSIONS"
fixpkgperms "com.google.android.backuptransport" "CONTACTS_PERMISSIONS"
fixpkgperms "com.google.android.contacts" "CONTACTS_PERMISSIONS" "PHONE_PERMISSIONS" "STORAGE_PERMISSIONS"
fixpkgperms "com.google.android.dialer" "CONTACTS_PERMISSIONS" "PHONE_PERMISSIONS" "ADDITIONAL_PERMISSIONS" #uses non-AOSP permissions
fixpkgperms "com.google.android.GoogleCamera" "CAMERA_PERMISSIONS" "LOCATION_PERMISSIONS" "MICROPHONE_PERMISSIONS" "STORAGE_PERMISSIONS" #mind the capitals in the packagename
fixpkgperms "com.google.android.gm.exchange" "CALENDAR_PERMISSIONS" "CONTACTS_PERMISSIONS"
fixpkgperms "com.google.android.gms" "CALENDAR_PERMISSIONS" "CAMERA_PERMISSIONS" "CONTACTS_PERMISSIONS" "LOCATION_PERMISSIONS" "MICROPHONE_PERMISSIONS" "PHONE_PERMISSIONS" "SENSORS_PERMISSIONS" "SMS_PERMISSIONS" "STORAGE_PERMISSIONS"
fixpkgperms "com.google.android.googlequicksearchbox" "CALENDAR_PERMISSIONS" "CAMERA_PERMISSIONS" "CONTACTS_PERMISSION" "LOCATION_PERMISSIONS" "MICROPHONE_PERMISSIONS" "PHONE_PERMISSIONS" "SMS_PERMISSIONS" "STORAGE_PERMISSIONS"
fixpkgperms "com.google.android.gsf" "CONTACTS_PERMISSIONS" "PHONE_PERMISSIONS"
fixpkgperms "com.google.android.gsf.login" "CONTACTS_PERMISSIONS" "PHONE_PERMISSIONS"
fixpkgperms "com.google.android.packageinstaller" "STORAGE_PERMISSIONS"
fixpkgperms "com.google.android.setupwizard" "CONTACTS_PERMISSIONS" "PHONE_PERMISSIONS"
fixpkgperms "com.google.android.syncadapters.contacts" "CONTACTS_PERMISSIONS"
fixpkgperms "com.google.android.talk" "CAMERA_PERMISSIONS" "CONTACTS_PERMISSIONS" "LOCATION_PERMISSIONS" "MICROPHONE_PERMISSIONS" "PHONE_PERMISSIONS" "SMS_PERMISSIONS" "STORAGE_PERMISSIONS"
#faceunlock
#calsync
#googlefeedback
#googleonetimeinitializer
#googlepartnersetup
#googletts
#googletag
#clockgoogle
#calculatorgoogle
#androidforwork
#dmagent
#projectfi
fixuserperms "com.google.android.calendar.uid.shared" "CALENDAR_PERMISSIONS" "READ_CONTACTS" #note that READ_CONTACTS is not a permission group
fixuserperms "com.google.uid.shared" "CALENDAR_PERMISSIONS" "CONTACTS_PERMISSIONS" "LOCATION_PERMISSIONS" "MICROPHONE_PERMISSIONS" "PHONE_PERMISSIONS" "SENSORS_PERMISSIONS" "SMS_PERMISSIONS" "STORAGE_PERMISSIONS"
EOFILE
}
systemlibhack(){
case "$package" in
com.google.android.webview) if [ "$API" -lt "23" ]; then #webview libs are only on /system/lib/ on pre-Marshmallow
scripts/inc.updatebinary.sh
+66
View File
@@ -39,6 +39,7 @@ calc_log=/tmp/calc.log;
conflicts_log=/tmp/conflicts.log;
rec_cache_log=/cache/recovery/log;
rec_tmp_log=/tmp/recovery.log;
run_perms="/data/system/users/0/runtime-permissions.xml"
user_remove_notfound_log=/tmp/user_remove_notfound.log;
user_remove_multiplefound_log=/tmp/user_remove_multiplefound.log;
@@ -324,6 +325,59 @@ which_dpi() {
fi;
}
# _____________________________________________________________________________________________________________________
# Define Runtime Permissions Functions
fixpkgperms() {
currentperms="$(awk "/<pkg name=\"$1\">/,/<\/pkg>/" "$run_perms")"
if [ -z "$currentperms" ]; then #if the packagename is not yet in the permissions
sed -i "/<runtime-permissions/a\ \ <pkg name=\"$1\">\n\ \ <\/pkg>" "$run_perms"
fi
for permissionsets in "$@"; do
if [ "$permissionsets" = "$1" ]; then #skip first entry since that is the packagename (posix-style)
continue
fi
getruntimeperms "$permissionsets"
for permission in $permissions; do
if ! echo "$currentperms" | grep -q "<item name=\"android.permission.$permission\""; then
sed -i "/<pkg name=\"$1\">/a\ \ \ \ <item name=\"android.permission.$permission\" granted=\"true\" flags=\"30\" />" "$run_perms"
fi
done
done
}
fixuserperms() {
currentperms="$(awk "/<shared-user name=\"$1\">/,/<\/shared-user>/" "$run_perms")"
if [ -z "$currentperms" ]; then #if the packagename is not yet in the permissions
sed -i "/<runtime-permissions/a\ \ <shared-user name=\"$1\">\n\ \ <\/shared-user>" "$run_perms"
fi
for permissionsets in "$@"; do
if [ "$permissionsets" = "$1" ]; then #skip first entry since that is the packagename (posix-style)
continue
fi
getruntimeperms "$permissionsets"
for permission in $permissions; do
if ! echo "$currentperms" | grep -q "<item name=\"android.permission.$permission\""; then
sed -i "/<shared-user name=\"$1\">/a\ \ \ \ <item name=\"android.permission.$permission\" granted=\"true\" flags=\"30\" />" "$run_perms"
fi
done
done
}
getruntimeperms(){
case "$1" in
PHONE_PERMISSIONS) permissions="READ_PHONE_STATE CALL_PHONE READ_CALL_LOG WRITE_CALL_LOG ADD_VOICEMAIL USE_SIP PROCESS_OUTGOING_CALLS";;
CONTACTS_PERMISSIONS) permissions="READ_CONTACTS WRITE_CONTACTS GET_ACCOUNTS";;
LOCATION_PERMISSIONS) permissions="ACCESS_FINE_LOCATION ACCESS_COARSE_LOCATION";;
CALENDAR_PERMISSIONS) permissions="READ_CALENDAR WRITE_CALENDAR";;
SMS_PERMISSIONS) permissions="SEND_SMS RECEIVE_SMS READ_SMS RECEIVE_WAP_PUSH RECEIVE_MMS READ_CELL_BROADCASTS";;
MICROPHONE_PERMISSIONS) permissions="RECORD_AUDIO";;
CAMERA_PERMISSIONS) permissions="CAMERA";;
SENSORS_PERMISSIONS) permissions="BODY_SENSORS";;
STORAGE_PERMISSIONS) permissions="READ_EXTERNAL_STORAGE WRITE_EXTERNAL_STORAGE";;
ADDITIONAL_PERMISSIONS) permissions="ACCESS_NETWORK_STATE ACCESS_WIFI_STATE CONTROL_INCALL_EXPERIENCE GET_ACCOUNTS READ_PROFILE READ_SYNC_SETTINGS RECEIVE_BOOT_COMPLETED USE_CREDENTIALS";; #not in AOSP, used in Dialer
*) permissions="$1";; #just give the literal permission back
esac
}
# _____________________________________________________________________________________________________________________
# Gather Pre-Install Info
# Get GApps Version and GApps Type from g.prop extracted at top of script
gapps_version=$(file_getprop /tmp/g.prop ro.addon.open_version);
@@ -1419,6 +1473,18 @@ set_progress 0.83;
ui_print " ";
ui_print "- Fixing permissions & contexts";
ui_print " ";
EOFILE
if [ "$API" -ge "23" ]; then
runtimepermissionshack #marshmallow needs runtime permissions set
fi
tee -a "$build/META-INF/com/google/android/update-binary" > /dev/null <<'EOFILE'
set_perm 1000 1000 771 "/data/"
set_perm 1000 1000 775 "/data/system"
set_perm 1000 1000 775 "/data/system/users"
set_perm 1000 1000 700 "$(dirname "$run_perms")"
set_perm 1000 1000 600 "$run_perms"
set_perm_recursive 0 0 755 644 "/system/app" "/system/framework" "/system/lib" "/system/lib64" "/system/priv-app" "/system/usr/srec" "/system/vendor/pittpatt" "/system/etc/permissions" "/system/etc/preferred-apps";
set_progress 0.85;