Use SNFix module scripts

2025-01-18 11:02:40 +02:00 · 2024-07-24 13:41:18 +02:00 · 2024-07-24 13:41:18 +02:00 · cd2cc03499
commit cd2cc03499
parent 6955a3ce55
3 changed files with 54 additions and 68 deletions
--- a/module/common_func.sh
+++ b/module/common_func.sh
@ -1,17 +0,0 @@
-# resetprop_if_diff <prop name> <expected value>
-resetprop_if_diff() {
-    local NAME="$1"
-    local EXPECTED="$2"
-    local CURRENT="$(resetprop "$NAME")"
-
-    [ -z "$CURRENT" ] || [ "$CURRENT" = "$EXPECTED" ] || resetprop -n "$NAME" "$EXPECTED"
-}
-
-# resetprop_if_match <prop name> <value match string> <new value>
-resetprop_if_match() {
-    local NAME="$1"
-    local CONTAINS="$2"
-    local VALUE="$3"
-
-    [[ "$(resetprop "$NAME")" = *"$CONTAINS"* ]] && resetprop -n "$NAME" "$VALUE"
-}
--- a/module/post-fs-data.sh
+++ b/module/post-fs-data.sh
@ -1,12 +1,18 @@
-MODPATH="${0%/*}"
-. $MODPATH/common_func.sh
-
-# Remove Play Services from Magisk DenyList when set to Enforce in normal mode
+# Remove Play Services from the Magisk Denylist when set to enforcing.
 if magisk --denylist status; then
    magisk --denylist rm com.google.android.gms
 fi

-# Conditional early sensitive properties
+resetprop_if_diff() {
+    local NAME="$1"
+    local EXPECTED="$2"
+    local CURRENT="$(resetprop "$NAME")"
+    
+    [ -z "$CURRENT" ] || [ "$CURRENT" = "$EXPECTED" ] || resetprop -n "$NAME" "$EXPECTED"
+}
+
+# RootBeer, Microsoft
+resetprop_if_diff ro.build.tags release-keys

 # Samsung
 resetprop_if_diff ro.boot.warranty_bit 0
@ -14,24 +20,10 @@ resetprop_if_diff ro.vendor.boot.warranty_bit 0
 resetprop_if_diff ro.vendor.warranty_bit 0
 resetprop_if_diff ro.warranty_bit 0

-# Xiaomi
-resetprop_if_diff ro.secureboot.lockstate locked
-
-# Realme
-resetprop_if_diff ro.boot.realmebootstate green
-
 # OnePlus
 resetprop_if_diff ro.is_ever_orange 0

-# Microsoft
-for PROP in $(resetprop | grep -oE 'ro.*.build.tags'); do
-    resetprop_if_diff $PROP release-keys
-done
-
 # Other
-for PROP in $(resetprop | grep -oE 'ro.*.build.type'); do
-    resetprop_if_diff $PROP user
-done
+resetprop_if_diff ro.build.type user
 resetprop_if_diff ro.debuggable 0
-resetprop_if_diff ro.force.debuggable 0
 resetprop_if_diff ro.secure 1
--- a/module/service.sh
+++ b/module/service.sh
@ -1,44 +1,55 @@
-MODPATH="${0%/*}"
-. $MODPATH/common_func.sh
+# Sensitive properties

-# Conditional sensitive properties
+resetprop_if_diff() {
+    local NAME="$1"
+    local EXPECTED="$2"
+    local CURRENT="$(resetprop "$NAME")"
+    
+    [ -z "$CURRENT" ] || [ "$CURRENT" = "$EXPECTED" ] || resetprop -n "$NAME" "$EXPECTED"
+}

-# Magisk Recovery Mode
-resetprop_if_match ro.boot.mode recovery unknown
+resetprop_if_match() {
+    local NAME="$1"
+    local CONTAINS="$2"
+    local VALUE="$3"
+    
+    [[ "$(resetprop "$NAME")" = *"$CONTAINS"* ]] && resetprop -n "$NAME" "$VALUE"
+}
+
+# Magisk recovery mode
 resetprop_if_match ro.bootmode recovery unknown
+resetprop_if_match ro.boot.mode recovery unknown
 resetprop_if_match vendor.boot.mode recovery unknown

-# SELinux
+# Hiding SELinux | Permissive status
 resetprop_if_diff ro.boot.selinux enforcing
-# use delete since it can be 0 or 1 for enforcing depending on OEM
 if [ -n "$(resetprop ro.build.selinux)" ]; then
    resetprop --delete ro.build.selinux
 fi
-# use toybox to protect stat access time reading
-if [ "$(toybox cat /sys/fs/selinux/enforce)" = "0" ]; then
+
+# Hiding SELinux | Use toybox to protect *stat* access time reading
+if [[ "$(toybox cat /sys/fs/selinux/enforce)" == "0" ]]; then
    chmod 640 /sys/fs/selinux/enforce
    chmod 440 /sys/fs/selinux/policy
 fi

-# Conditional late sensitive properties
-
-# must be set after boot_completed for various OEMs
-until [[ "$(getprop sys.boot_completed)" == "1" ]]; do
-    sleep 1
-done
-
-# SafetyNet/Play Integrity + OEM
-# avoid breaking Realme fingerprint scanners
-resetprop_if_diff ro.boot.flash.locked 1
-resetprop_if_diff ro.boot.realme.lockstate 1
-# avoid breaking Oppo fingerprint scanners
-resetprop_if_diff ro.boot.vbmeta.device_state locked
-# avoid breaking OnePlus display modes/fingerprint scanners
-resetprop_if_diff vendor.boot.verifiedbootstate green
-# avoid breaking OnePlus/Oppo fingerprint scanners on OOS/ColorOS 12+
-resetprop_if_diff ro.boot.verifiedbootstate green
-resetprop_if_diff ro.boot.veritymode enforcing
-resetprop_if_diff vendor.boot.vbmeta.device_state locked
-
-# Other
-resetprop_if_diff sys.oem_unlock_allowed 0
+# Late props which must be set after boot_completed
+{
+    until [[ "$(getprop sys.boot_completed)" == "1" ]]; do
+        sleep 1
+    done
+    
+    # SafetyNet/Play Integrity | Avoid breaking Realme fingerprint scanners
+    resetprop_if_diff ro.boot.flash.locked 1
+    
+    # SafetyNet/Play Integrity | Avoid breaking Oppo fingerprint scanners
+    resetprop_if_diff ro.boot.vbmeta.device_state locked
+    
+    # SafetyNet/Play Integrity | Avoid breaking OnePlus display modes/fingerprint scanners
+    resetprop_if_diff vendor.boot.verifiedbootstate green
+    
+    # SafetyNet/Play Integrity | Avoid breaking OnePlus display modes/fingerprint scanners on OOS 12
+    resetprop_if_diff ro.boot.verifiedbootstate green
+    resetprop_if_diff ro.boot.veritymode enforcing
+    resetprop_if_diff vendor.boot.vbmeta.device_state locked
+}&