PlayIntegrityFix/module/service.sh

55 lines
1.4 KiB
Bash
Raw Permalink Normal View History

# Conditional sensitive properties
2023-11-24 21:58:30 +02:00
resetprop_if_diff() {
2024-02-08 13:33:37 +02:00
local NAME="$1"
local EXPECTED="$2"
local CURRENT="$(resetprop "$NAME")"
[ -z "$CURRENT" ] || [ "$CURRENT" = "$EXPECTED" ] || resetprop "$NAME" "$EXPECTED"
2023-11-24 21:58:30 +02:00
}
2023-11-30 19:28:01 +02:00
resetprop_if_match() {
2024-02-08 13:33:37 +02:00
local NAME="$1"
local CONTAINS="$2"
local VALUE="$3"
[[ "$(resetprop "$NAME")" = *"$CONTAINS"* ]] && resetprop "$NAME" "$VALUE"
}
2023-11-24 21:58:30 +02:00
# Magisk recovery mode
resetprop_if_match ro.bootmode recovery unknown
resetprop_if_match ro.boot.mode recovery unknown
resetprop_if_match vendor.boot.mode recovery unknown
2023-11-24 21:58:30 +02:00
# SELinux
2024-02-16 03:50:50 +02:00
resetprop_if_diff ro.boot.selinux enforcing
# use delete since it can be 0 or 1 for enforcing depending on OEM
if [ -n "$(resetprop ro.build.selinux)" ]; then
resetprop --delete ro.build.selinux
fi
2023-11-30 19:28:01 +02:00
# use toybox to protect *stat* access time reading
2024-02-16 03:50:50 +02:00
if [ "$(toybox cat /sys/fs/selinux/enforce)" = "0" ]; then
2023-11-25 03:13:22 +02:00
chmod 640 /sys/fs/selinux/enforce
chmod 440 /sys/fs/selinux/policy
fi
2024-02-16 03:50:50 +02:00
# Late props which must be set after boot_completed
2024-02-08 13:33:37 +02:00
{
until [ "$(getprop sys.boot_completed)" = "1" ]; do
sleep 1
done
2024-02-08 13:33:37 +02:00
resetprop_if_diff ro.boot.flash.locked 1
2023-12-28 02:18:58 +02:00
2024-02-08 13:33:37 +02:00
resetprop_if_diff ro.boot.vbmeta.device_state locked
2024-01-12 14:32:32 +02:00
2024-02-08 13:33:37 +02:00
resetprop_if_diff ro.boot.verifiedbootstate green
2024-02-16 03:50:50 +02:00
2024-02-08 13:33:37 +02:00
resetprop_if_diff ro.boot.veritymode enforcing
2024-01-12 14:32:32 +02:00
2024-02-16 03:50:50 +02:00
resetprop_if_diff vendor.boot.verifiedbootstate green
resetprop_if_diff vendor.boot.vbmeta.device_state locked
2024-02-08 13:33:37 +02:00
}&