[FOR INFORMATION] No signature spoofing for user builds (and other non-debuggable build types) of 21.0 in restructured branch

[petefoth]

Upstream signature spoofing support is only for debuggable build types (e.g.userdebug). To make a user build (or other non-debuggable build types , our signature spoofing patches need to be applied.

This is not done in the pf-restructure-build branch, which is currently the only way to make 21.0 builds.

Workaround is to apply the patches manually. The code to do this is in this code in the legacy branch

docker-lineage-cicd/src/build.sh

Lines 287 to 346 in c0c3ac7

	patches_applied=false
	if [ "$APPLY_PATCHES" = true ]; then
	if [ "$USER_BUILD_SPOOFING" = "yes" ]; then
	# For user builds, we need to patch the LOS signature spoofing code
	# which were disabled for user builds
	if [ -n "$user_build_spoofing_patch" ]; then
	cd frameworks/base
	echo ">> [$(date)] Applying the user build variant signature spoofing patch ($user_build_spoofing_patch) to frameworks/base"
	patch --quiet --force -p1 -i "/root/signature_spoofing_patches/$user_build_spoofing_patch"
	git clean -q -f
	cd ../..
	else
	echo ">> [$(date)] WARNING: User build signature spoofing requested, but branch ($branch) does not support built-in signature spoofing"
	fi
	fi
	# If needed, apply the microG's signature spoofing patch
	if [ "$SIGNATURE_SPOOFING" = "yes" ] || [ "$SIGNATURE_SPOOFING" = "restricted" ]; then
	patches_applied=true
	if [ -z "$frameworks_base_patch" ]; then
	echo ">> [$(date)] WARNING: Signature spoofing patches requested, but branch ($branch) does not support microG patches"
	else
	# Determine which patch should be applied to the current Android source tree
	cd frameworks/base
	if [ "$SIGNATURE_SPOOFING" = "yes" ]; then
	echo ">> [$(date)] Applying the standard signature spoofing patch ($frameworks_base_patch) to frameworks/base"
	echo ">> [$(date)] WARNING: the standard signature spoofing patch introduces a security threat"
	patch --quiet --force -p1 -i "/root/signature_spoofing_patches/$frameworks_base_patch"
	else
	echo ">> [$(date)] Applying the restricted signature spoofing patch (based on $frameworks_base_patch) to frameworks/base"
	sed 's/android:protectionLevel="dangerous"/android:protectionLevel="signature|privileged"/' "/root/signature_spoofing_patches/$frameworks_base_patch" | patch --quiet --force -p1
	fi
	git clean -q -f
	cd ../..
	if [ -n "$apps_permissioncontroller_patch" ] && [ "$SIGNATURE_SPOOFING" = "yes" ]; then
	cd packages/apps/PermissionController
	echo ">> [$(date)] Applying the apps/PermissionController patch ($apps_permissioncontroller_patch) to packages/apps/PermissionController"
	patch --quiet --force -p1 -i "/root/signature_spoofing_patches/$apps_permissioncontroller_patch"
	git clean -q -f
	cd ../../..
	fi
	if [ -n "$modules_permission_patch" ] && [ "$SIGNATURE_SPOOFING" = "yes" ]; then
	cd packages/modules/Permission
	echo ">> [$(date)] Applying the modules/Permission patch ($modules_permission_patch) to packages/modules/Permission"
	patch --quiet --force -p1 -i "/root/signature_spoofing_patches/$modules_permission_patch"
	git clean -q -f
	cd ../../..
	fi
	# Override device-specific settings for the location providers
	mkdir -p "vendor/$vendor/overlay/microg/frameworks/base/core/res/res/values/"
	cp /root/signature_spoofing_patches/frameworks_base_config.xml "vendor/$vendor/overlay/microg/frameworks/base/core/res/res/values/config.xml"
	fi
	fi
	else
	echo ">> [$(date)] Applying patches disabled"
	fi

[ale5000-git]

Why not just patch the code that check "userdebug" and enable upstream signature spoofing support for all builds?

[petefoth]

Why not just patch the code that check "userdebug" and enable upstream signature spoofing support for all builds?

Because, thanks to the changes made by LineageOS, we no longer have to create, maintain and apply any patches at all in order to make our regular monthly builds (which is the main goal of this project and our docker image). All our builds are user-debug, so the LineageOS changes work, allowing restricted signature spoofing for the microG components.

I created this issue to inform anyone who uses this project and our docker image to make other builds that signature spoofing will no longer work for them 'out of the box', and that they will need to apply the necessary patches themself. They can use the patches, and the code in the legacy branch as mentioned above, or they could patch a different part of the LineageOS code as you suggest.

This project won't be patching anything: we no longer need to to meet our objectives.

Added 'Out of scope' and 'Won't fix' labels to make that clear

[ale5000-git]

Just a suggestion:
Patching a "check" is just few bytes (so almost no divergence) compared to a completely separate spoofing patch.
user-debug is likely to get apps that check "modified" devices not working; there are apps with libraries that will likely check this (in addition to SafetyNet).

[petefoth]

@ale5000-git Thanks for the suggestion.

If anyone bumps into this issue, they could use your suggested approach instead of using our existing patches (which are no longer maintained, and won't be updated, since they are no longer needed to achieve our project's objective of providing regular builds of LineageOS for microG).