From 1a9eb9d2e7ba8b6075716749c49074baf146e338 Mon Sep 17 00:00:00 2001
From: osm0sis <osm0sis@outlook.com>
Date: Wed, 29 Nov 2023 00:19:14 -0400
Subject: [PATCH] Module scripts fixes/improvements

- add back check_resetprop but rename functions to make their use more clear (thanks HuskyDG)
- combine system.prop (runs at post-fs-data) entries into service.sh so that they're only set if needed (note that they therefore wouldn't need to be late props)
- use a uniform style in all scripts (only necessary quoting and brackets, add trailing newlines, spaces not tabs :P)
- remove GMS data pif.prop/pif.json files left over from previous releases to ensure they don't trigger detection at some point (these lines can be removed again in a later release once we're satisfied everyone affected has this resolved)
---
 module/customize.sh    | 16 +++++----
 module/post-fs-data.sh | 10 +++---
 module/service.sh      | 76 +++++++++++++++++++++++++++---------------
 module/system.prop     | 16 ---------
 4 files changed, 64 insertions(+), 54 deletions(-)
 delete mode 100644 module/system.prop

diff --git a/module/customize.sh b/module/customize.sh
index ea07489..00c20a4 100644
--- a/module/customize.sh
+++ b/module/customize.sh
@@ -1,10 +1,14 @@
 # Error on < Android 8
 if [ "$API" -lt 26 ]; then
-    abort "!!! You can't use this module on Android < 8.0."
+    abort "!!! You can't use this module on Android < 8.0"
 fi
 
-# safetynet-fix module is incompatible
-if [ -d "/data/adb/modules/safetynet-fix" ]; then
-    touch "/data/adb/modules/safetynet-fix/remove"
-	ui_print "- 'safetynet-fix' module will be removed in next reboot."
-fi
\ No newline at end of file
+# Remove safetynet-fix module if installed
+if [ -d /data/adb/modules/safetynet-fix ]; then
+    touch /data/adb/modules/safetynet-fix/remove
+    ui_print "- 'safetynet-fix' module will be removed on next reboot"
+fi
+
+# Clean up any leftover files from previous deprecated methods
+rm -f /data/data/com.google.android.gms/cache/pif.prop /data/data/com.google.android.gms/pif.prop
+rm -f /data/data/com.google.android.gms/cache/pif.json /data/data/com.google.android.gms/pif.json
diff --git a/module/post-fs-data.sh b/module/post-fs-data.sh
index 1593e37..6196daf 100644
--- a/module/post-fs-data.sh
+++ b/module/post-fs-data.sh
@@ -1,9 +1,9 @@
-# Remove Play Services from the Magisk Denylist when set to enforcing
+# Remove Play Services from Magisk Denylist when set to enforcing
 if magisk --denylist status; then
     magisk --denylist rm com.google.android.gms
 fi
 
-# Check if safetynet-fix is installed
-if [ -d "/data/adb/modules/safetynet-fix" ]; then
-    touch "/data/adb/modules/safetynet-fix/remove"
-fi
\ No newline at end of file
+# Remove safetynet-fix module if installed
+if [ -d /data/adb/modules/safetynet-fix ]; then
+    touch /data/adb/modules/safetynet-fix/remove
+fi
diff --git a/module/service.sh b/module/service.sh
index 307ea1c..0c2d8d0 100644
--- a/module/service.sh
+++ b/module/service.sh
@@ -1,46 +1,68 @@
-# Sensitive properties
+# Conditional sensitive properties
 
-maybe_set_prop() {
-    local prop="$1"
-    local contains="$2"
-    local value="$3"
+resetprop_if_diff() {
+    local NAME=$1
+    local EXPECTED=$2
+    local CURRENT=$(resetprop $NAME)
 
-    if [[ "$(getprop "$prop")" == *"$contains"* ]]; then
-        resetprop "$prop" "$value"
-    fi
+    [ -z "$CURRENT" ] || [ "$CURRENT" == "$EXPECTED" ] || resetprop $NAME $EXPECTED
+}
+resetprop_if_match() {
+    local NAME=$1
+    local CONTAINS=$2
+    local VALUE=$3
+
+    [[ "$(resetprop $NAME)" == *"$CONTAINS"* ]] && resetprop $NAME $VALUE
 }
 
+# RootBeer, Microsoft
+resetprop_if_diff ro.build.tags release-keys
+
+# Samsung
+resetprop_if_diff ro.boot.warranty_bit 0
+resetprop_if_diff ro.vendor.boot.warranty_bit 0
+resetprop_if_diff ro.vendor.warranty_bit 0
+resetprop_if_diff ro.warranty_bit 0
+
+# OnePlus
+resetprop_if_diff ro.is_ever_orange 0
+
+# Other
+resetprop_if_diff ro.build.type user
+resetprop_if_diff ro.debuggable 0
+resetprop_if_diff ro.secure 1
+
 # Magisk recovery mode
-maybe_set_prop ro.bootmode recovery unknown
-maybe_set_prop ro.boot.mode recovery unknown
-maybe_set_prop vendor.boot.mode recovery unknown
+resetprop_if_match ro.bootmode recovery unknown
+resetprop_if_match ro.boot.mode recovery unknown
+resetprop_if_match vendor.boot.mode recovery unknown
 
-# Hiding SELinux | Permissive status
+# SELinux
 resetprop --delete ro.build.selinux
-
-# Hiding SELinux | Use toybox to protect *stat* access time reading
-if [[ "$(toybox cat /sys/fs/selinux/enforce)" == "0" ]]; then
+# use toybox to protect *stat* access time reading
+if [ "$(toybox cat /sys/fs/selinux/enforce)" == "0" ]; then
     chmod 640 /sys/fs/selinux/enforce
     chmod 440 /sys/fs/selinux/policy
 fi
 
-# Late props which must be set after boot_completed
+# SafetyNet/Play Integrity
 {
-    until [[ "$(getprop sys.boot_completed)" == "1" ]]; do
+    # late props which must be set after boot_completed for various OEMs
+    until [ "$(getprop sys.boot_completed)" == "1" ]; do
         sleep 1
     done
 
-    # SafetyNet/Play Integrity | Avoid breaking Realme fingerprint scanners
-    resetprop ro.boot.flash.locked 1
+    # Avoid breaking Realme fingerprint scanners
+    resetprop_if_diff ro.boot.flash.locked 1
 
-    # SafetyNet/Play Integrity | Avoid breaking Oppo fingerprint scanners
-    resetprop ro.boot.vbmeta.device_state locked
+    # Avoid breaking Oppo fingerprint scanners
+    resetprop_if_diff ro.boot.vbmeta.device_state locked
 
-    # SafetyNet/Play Integrity | Avoid breaking OnePlus display modes/fingerprint scanners
-    resetprop vendor.boot.verifiedbootstate green
+    # Avoid breaking OnePlus display modes/fingerprint scanners
+    resetprop_if_diff vendor.boot.verifiedbootstate green
 
-    # SafetyNet/Play Integrity | Avoid breaking OnePlus display modes/fingerprint scanners on OOS 12
-    resetprop ro.boot.verifiedbootstate green
-    resetprop ro.boot.veritymode enforcing
-    resetprop vendor.boot.vbmeta.device_state locked
+    # Avoid breaking OnePlus/Oppo display fingerprint scanners on OOS/ColorOS 12+
+    resetprop_if_diff ro.boot.verifiedbootstate green
+    resetprop_if_diff ro.boot.veritymode enforcing
+    resetprop_if_diff vendor.boot.vbmeta.device_state locked
 }&
diff --git a/module/system.prop b/module/system.prop
deleted file mode 100644
index a1dfa57..0000000
--- a/module/system.prop
+++ /dev/null
@@ -1,16 +0,0 @@
-# RootBeer, Microsoft
-ro.build.tags=release-keys
-
-# Samsung
-ro.boot.warranty_bit=0
-ro.vendor.boot.warranty_bit=0
-ro.vendor.warranty_bit=0
-ro.warranty_bit=0
-
-# OnePlus
-ro.is_ever_orange=0
-
-# Other
-ro.build.type=user
-ro.debuggable=0
-ro.secure=1