PlayIntegrityFix/module/service.sh

MODPATH="${0%/*}"
. $MODPATH/common_func.sh

# Conditional sensitive properties

# Magisk Recovery Mode
resetprop_if_match ro.boot.mode recovery unknown
resetprop_if_match ro.bootmode recovery unknown
resetprop_if_match vendor.boot.mode recovery unknown

# SELinux
resetprop_if_diff ro.boot.selinux enforcing
# use delete since it can be 0 or 1 for enforcing depending on OEM
if [ -n "$(resetprop ro.build.selinux)" ]; then
    resetprop --delete ro.build.selinux
fi
# use toybox to protect stat access time reading
if [ "$(toybox cat /sys/fs/selinux/enforce)" = "0" ]; then
    chmod 640 /sys/fs/selinux/enforce
    chmod 440 /sys/fs/selinux/policy
fi

# Conditional late sensitive properties

# must be set after boot_completed for various OEMs
until [[ "$(getprop sys.boot_completed)" == "1" ]]; do
    sleep 1
done

# SafetyNet/Play Integrity + OEM
# avoid breaking Realme fingerprint scanners
resetprop_if_diff ro.boot.flash.locked 1
resetprop_if_diff ro.boot.realme.lockstate 1
# avoid breaking Oppo fingerprint scanners
resetprop_if_diff ro.boot.vbmeta.device_state locked
# avoid breaking OnePlus display modes/fingerprint scanners
resetprop_if_diff vendor.boot.verifiedbootstate green
# avoid breaking OnePlus/Oppo fingerprint scanners on OOS/ColorOS 12+
resetprop_if_diff ro.boot.verifiedbootstate green
resetprop_if_diff ro.boot.veritymode enforcing
resetprop_if_diff vendor.boot.vbmeta.device_state locked

# Other
resetprop_if_diff sys.oem_unlock_allowed 0
Revert "Use Shamiko service.sh" This reverts commit 714ae3bfa218b9459bc23c86b1685c640f5b2da3. 2024-07-24 14:35:19 +03:00			`MODPATH="${0%/*}"`
			`. $MODPATH/common_func.sh`
Rebase PIF 2024-07-21 19:34:45 +03:00
Use Shamiko service.sh 2024-07-22 12:48:49 +03:00			`# Conditional sensitive properties`
Rebase PIF 2024-07-21 19:34:45 +03:00
Revert "Use Shamiko service.sh" This reverts commit 714ae3bfa218b9459bc23c86b1685c640f5b2da3. 2024-07-24 14:35:19 +03:00			`# Magisk Recovery Mode`
			`resetprop_if_match ro.boot.mode recovery unknown`
			`resetprop_if_match ro.bootmode recovery unknown`
			`resetprop_if_match vendor.boot.mode recovery unknown`

Rebase PIF 2024-07-21 19:34:45 +03:00			`# SELinux`
Revert "Use Shamiko service.sh" This reverts commit 714ae3bfa218b9459bc23c86b1685c640f5b2da3. 2024-07-24 14:35:19 +03:00			`resetprop_if_diff ro.boot.selinux enforcing`
Rebase PIF 2024-07-21 19:34:45 +03:00			`# use delete since it can be 0 or 1 for enforcing depending on OEM`
			`if [ -n "$(resetprop ro.build.selinux)" ]; then`
			`resetprop --delete ro.build.selinux`
			`fi`
			`# use toybox to protect stat access time reading`
			`if [ "$(toybox cat /sys/fs/selinux/enforce)" = "0" ]; then`
			`chmod 640 /sys/fs/selinux/enforce`
			`chmod 440 /sys/fs/selinux/policy`
			`fi`

			`# Conditional late sensitive properties`

			`# must be set after boot_completed for various OEMs`
			`until [[ "$(getprop sys.boot_completed)" == "1" ]]; do`
			`sleep 1`
			`done`

Revert "Use Shamiko service.sh" This reverts commit 714ae3bfa218b9459bc23c86b1685c640f5b2da3. 2024-07-24 14:35:19 +03:00			`# SafetyNet/Play Integrity + OEM`
			`# avoid breaking Realme fingerprint scanners`
			`resetprop_if_diff ro.boot.flash.locked 1`
			`resetprop_if_diff ro.boot.realme.lockstate 1`
			`# avoid breaking Oppo fingerprint scanners`
			`resetprop_if_diff ro.boot.vbmeta.device_state locked`
			`# avoid breaking OnePlus display modes/fingerprint scanners`
			`resetprop_if_diff vendor.boot.verifiedbootstate green`
			`# avoid breaking OnePlus/Oppo fingerprint scanners on OOS/ColorOS 12+`
			`resetprop_if_diff ro.boot.verifiedbootstate green`
			`resetprop_if_diff ro.boot.veritymode enforcing`
			`resetprop_if_diff vendor.boot.vbmeta.device_state locked`

			`# Other`
			`resetprop_if_diff sys.oem_unlock_allowed 0`