diff --git a/core/Makefile b/core/Makefile index 68179f76ffc29c16a326664002a70dc43824a962..313240b0e8a94527d0cb7d2fb5d8d3d71cf57997 100644 --- a/core/Makefile +++ b/core/Makefile @@ -7598,7 +7598,7 @@ endif # ----------------------------------------------------------------- # The SDK -ifneq ($(filter sdk,$(MAKECMDGOALS)),) +ifneq ($(filter sdk sdk_addon,$(MAKECMDGOALS)),) # The SDK includes host-specific components, so it belongs under HOST_OUT. sdk_dir := $(HOST_OUT)/sdk/$(TARGET_PRODUCT) diff --git a/core/app_prebuilt_internal.mk b/core/app_prebuilt_internal.mk index 2671956c7af5bb0bee7356adf2b970c219d3a0dc..d7fc5e277036bbcad23b79527b2559d5d8be55cf 100644 --- a/core/app_prebuilt_internal.mk +++ b/core/app_prebuilt_internal.mk @@ -245,6 +245,7 @@ ifeq ($(module_run_appcompat),true) $(call appcompat-header, aapt2) $(run-appcompat) endif # module_run_appcompat + $(patch-trichrome) $(sign-package) # No need for align-package because sign-package takes care of alignment else # LOCAL_CERTIFICATE == PRESIGNED diff --git a/core/config.mk b/core/config.mk index a8a5e5f7119f44e0e58653d744977e1e1f61a9fd..2bc2896bd95132ceaf6e3b8a273985189b379f91 100644 --- a/core/config.mk +++ b/core/config.mk @@ -749,6 +749,8 @@ JETIFIER := prebuilts/sdk/tools/jetifier/jetifier-standalone/bin/jetifier-standa EXTRACT_KERNEL := build/make/tools/extract_kernel.py +PATCH_TRICHROME := build/make/tools/chromium_trichrome_patcher.py + # Path to tools.jar HOST_JDK_TOOLS_JAR := $(ANDROID_JAVA8_HOME)/lib/tools.jar diff --git a/core/definitions.mk b/core/definitions.mk index 8a781e9982db445aeb82b590b9456be030121a56..4cf34a2e89d9451fa187a1e65470882c2a6d3e8a 100644 --- a/core/definitions.mk +++ b/core/definitions.mk @@ -4024,3 +4024,8 @@ define use_soong_sdk_libraries $(foreach l,$(1),$(if $(filter $(l),$(SOONG_SDK_VARIANT_MODULES)),\ $(l).sdk,$(l))) endef + +# Patch Trichrome to add cert digest at buildtime +define patch-trichrome +$(hide) $(PATCH_TRICHROME) $@ $(PRIVATE_CERTIFICATE) +endef diff --git a/core/sysprop.mk b/core/sysprop.mk index 0fcc92c84fc52b6ee61d23953491774d7d92320c..563916360ad1a55486d86314a842420dd8f84df5 100644 --- a/core/sysprop.mk +++ b/core/sysprop.mk @@ -220,8 +220,15 @@ BUILD_THUMBPRINT := # Define human readable strings that describe this build # +# Spoof target build variant because Whatsapp (and maybe others) +# is checking the "debug" pattern in the Build.DISPLAY variable. +SPOOFED_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT) +ifeq (userdebug,$(TARGET_BUILD_VARIANT)) + SPOOFED_TARGET_BUILD_VARIANT := user +endif + # BUILD_ID: detail info; has the same info as the build fingerprint -BUILD_DESC := $(TARGET_PRODUCT)-$(TARGET_BUILD_VARIANT) $(PLATFORM_VERSION) $(BUILD_ID) $(BUILD_NUMBER_FROM_FILE) $(BUILD_VERSION_TAGS) +BUILD_DESC := e_$(TARGET_DEVICE)-$(SPOOFED_TARGET_BUILD_VARIANT) $(PLATFORM_VERSION) $(BUILD_ID) $(BUILD_NUMBER_FROM_FILE) $(BUILD_VERSION_TAGS) # BUILD_DISPLAY_ID is shown under Settings -> About Phone ifeq ($(TARGET_BUILD_VARIANT),user) diff --git a/core/tasks/sdk-addon.mk b/core/tasks/sdk-addon.mk index 2fd4ce9ec75d0d160173314654929d921c7207c7..7d16220014417fa136906bc48f3d81befac06297 100644 --- a/core/tasks/sdk-addon.mk +++ b/core/tasks/sdk-addon.mk @@ -123,7 +123,7 @@ $(full_target): $(sdk_addon_deps) | $(SOONG_ZIP) $(hide) $(SOONG_ZIP) -o $@ -C $(dir $(PRIVATE_STAGING_DIR)) -D $(PRIVATE_STAGING_DIR) $(full_target_img): PRIVATE_STAGING_DIR := $(call append-path,$(staging),$(addon_dir_img))/images/$(TARGET_CPU_ABI) -$(full_target_img): $(full_target) $(addon_img_source_prop) | $(SOONG_ZIP) +$(full_target_img): $(full_target) $(INSTALLED_USERDATAIMAGE_TARGET) $(addon_img_source_prop) | $(SOONG_ZIP) @echo Packaging SDK Addon System-Image: $@ $(hide) mkdir -p $(dir $@) cp -R $(PRODUCT_OUT)/data $(PRIVATE_STAGING_DIR) diff --git a/tools/chromium_trichrome_patcher.py b/tools/chromium_trichrome_patcher.py new file mode 100755 index 0000000000000000000000000000000000000000..bda96b3fa66cab264936722887573ddaf570a2f1 --- /dev/null +++ b/tools/chromium_trichrome_patcher.py @@ -0,0 +1,39 @@ +#!/usr/bin/env python3 + +import os +import subprocess +import sys +import zipfile + +infilename, sign_key = sys.argv[1:] + +def ExtractFingerprint(cert): + cmd = ['openssl', 'x509', '-sha256', '-fingerprint', '-noout', '-in', cert] + proc = subprocess.run(cmd, stdout=subprocess.PIPE) + return proc.stdout.decode('utf-8').split('=')[1].replace(':', '') + +def patch_trichrome(infilename, sign_key): + orig_certdigest = "32a2fc74d731105859e5a85df16d95f102d85b22099b8064c5d8915c61dad1e0" + new_certdigest = ExtractFingerprint(sign_key).lower().rstrip() + + with zipfile.ZipFile(infilename, 'r') as zin, zipfile.ZipFile(infilename + ".patched", 'w') as zout: + for info in zin.infolist(): + data = zin.read(info.filename) + if info.filename == 'AndroidManifest.xml': + # Make sure we can find the certdigest + try: + data.rindex(orig_certdigest.encode('utf-16-le')) + except: + pass + # Replace it + data = data.replace(orig_certdigest.encode('utf-16-le'), new_certdigest.encode('utf-16-le')) + zout.writestr(info, data) + + # Delete the original file + os.remove(infilename) + + # Rename the output file to the original file name + os.rename(infilename + ".patched", infilename) + +if "Browser_" in infilename or "BrowserWebView_" in infilename: + patch_trichrome(infilename, sign_key)