From 714ae3bfa218b9459bc23c86b1685c640f5b2da3 Mon Sep 17 00:00:00 2001
From: chiteroman <98092901+chiteroman@users.noreply.github.com>
Date: Mon, 22 Jul 2024 11:48:49 +0200
Subject: [PATCH] Use Shamiko service.sh

---
 module/service.sh | 66 +++++++++++++++++++++++++++++++----------------
 1 file changed, 44 insertions(+), 22 deletions(-)

diff --git a/module/service.sh b/module/service.sh
index 0b9b4c1..6deaac0 100644
--- a/module/service.sh
+++ b/module/service.sh
@@ -1,15 +1,23 @@
-MODPATH="${0%/*}"
-. $MODPATH/common_func.sh
+#!/system/bin/sh
+
+check_reset_prop() {
+  local NAME=$1
+  local EXPECTED=$2
+  local VALUE=$(resetprop $NAME)
+  [ -z $VALUE ] || [ $VALUE = $EXPECTED ] || resetprop $NAME $EXPECTED
+}
+
+contains_reset_prop() {
+  local NAME=$1
+  local CONTAINS=$2
+  local NEWVAL=$3
+  [[ "$(resetprop $NAME)" = *"$CONTAINS"* ]] && resetprop $NAME $NEWVAL
+}
 
 # Conditional sensitive properties
 
-# Magisk Recovery Mode
-resetprop_if_match ro.boot.mode recovery unknown
-resetprop_if_match ro.bootmode recovery unknown
-resetprop_if_match vendor.boot.mode recovery unknown
-
 # SELinux
-resetprop_if_diff ro.boot.selinux enforcing
+check_reset_prop ro.boot.selinux enforcing
 # use delete since it can be 0 or 1 for enforcing depending on OEM
 if [ -n "$(resetprop ro.build.selinux)" ]; then
     resetprop --delete ro.build.selinux
@@ -27,18 +35,32 @@ until [[ "$(getprop sys.boot_completed)" == "1" ]]; do
     sleep 1
 done
 
-# SafetyNet/Play Integrity + OEM
-# avoid breaking Realme fingerprint scanners
-resetprop_if_diff ro.boot.flash.locked 1
-resetprop_if_diff ro.boot.realme.lockstate 1
-# avoid breaking Oppo fingerprint scanners
-resetprop_if_diff ro.boot.vbmeta.device_state locked
-# avoid breaking OnePlus display modes/fingerprint scanners
-resetprop_if_diff vendor.boot.verifiedbootstate green
-# avoid breaking OnePlus/Oppo fingerprint scanners on OOS/ColorOS 12+
-resetprop_if_diff ro.boot.verifiedbootstate green
-resetprop_if_diff ro.boot.veritymode enforcing
-resetprop_if_diff vendor.boot.vbmeta.device_state locked
+check_reset_prop "ro.boot.vbmeta.device_state" "locked"
+check_reset_prop "ro.boot.verifiedbootstate" "green"
+check_reset_prop "ro.boot.flash.locked" "1"
+check_reset_prop "ro.boot.veritymode" "enforcing"
+check_reset_prop "ro.boot.warranty_bit" "0"
+check_reset_prop "ro.warranty_bit" "0"
+check_reset_prop "ro.debuggable" "0"
+check_reset_prop "ro.force.debuggable" "0"
+check_reset_prop "ro.secure" "1"
+check_reset_prop "ro.adb.secure" "1"
+check_reset_prop "ro.build.type" "user"
+check_reset_prop "ro.build.tags" "release-keys"
+check_reset_prop "ro.vendor.boot.warranty_bit" "0"
+check_reset_prop "ro.vendor.warranty_bit" "0"
+check_reset_prop "vendor.boot.vbmeta.device_state" "locked"
+check_reset_prop "vendor.boot.verifiedbootstate" "green"
+check_reset_prop "sys.oem_unlock_allowed" "0"
 
-# Other
-resetprop_if_diff sys.oem_unlock_allowed 0
+# MIUI specific
+check_reset_prop "ro.secureboot.lockstate" "locked"
+
+# Realme specific
+check_reset_prop "ro.boot.realmebootstate" "green"
+check_reset_prop "ro.boot.realme.lockstate" "1"
+
+# Hide that we booted from recovery when magisk is in recovery mode
+contains_reset_prop "ro.bootmode" "recovery" "unknown"
+contains_reset_prop "ro.boot.bootmode" "recovery" "unknown"
+contains_reset_prop "vendor.boot.bootmode" "recovery" "unknown"