From 45bdd3ba19226d2d171b7237fb9a3a22d6166f5d Mon Sep 17 00:00:00 2001 From: Nishith Khanna Date: Thu, 13 Feb 2025 18:57:31 +0530 Subject: [PATCH 1/4] Change build description in Settings > About Phone https://gitlab.e.foundation/e/os/android_build/-/commit/4a574954065d7f03e9d9f1d8e24a09068b552b9f --- scripts/gen_build_prop.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/gen_build_prop.py b/scripts/gen_build_prop.py index ac2c6ff7cb..67ba6e0ba2 100644 --- a/scripts/gen_build_prop.py +++ b/scripts/gen_build_prop.py @@ -109,7 +109,7 @@ def parse_args(): # build_desc is human readable strings that describe this build. This has the same info as the # build fingerprint. # e.g. "aosp_cf_x86_64_phone-userdebug VanillaIceCream MAIN eng.20240319.143939 test-keys" - config["BuildDesc"] = f"{config['DeviceProduct']}-{config['BuildVariant']} " \ + config["BuildDesc"] = f"e_{config['DeviceName']}-{config['BuildVariant']} " \ f"{config['Platform_version_name']} {config['BuildId']} " \ f"{config['BuildNumber']} {config['BuildVersionTags']}" -- GitLab From 44a5598861fd1b503f24370dd57b5e98b1a20dd2 Mon Sep 17 00:00:00 2001 From: Nishith Khanna Date: Wed, 19 Feb 2025 16:06:20 +0530 Subject: [PATCH 2/4] Spoof build variant by removing "debug" in Settings > About Phone https://gitlab.e.foundation/e/os/android_build/-/commit/1f0bb7f9415326f3326a8a95a19c2af5f6b0c0ab --- scripts/gen_build_prop.py | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/scripts/gen_build_prop.py b/scripts/gen_build_prop.py index 67ba6e0ba2..e87c180fb0 100644 --- a/scripts/gen_build_prop.py +++ b/scripts/gen_build_prop.py @@ -33,6 +33,14 @@ def get_build_variant(product_config): else: return "user" +# Spoof build variant because Whatsapp (and maybe others) +# is checking the "debug" pattern in the Build.DISPLAY variable. +def get_spoofed_build_variant(product_config): + if product_config["Eng"]: + return "eng" + else: + return "user" + def get_build_flavor(product_config): build_flavor = product_config["DeviceProduct"] + "-" + get_build_variant(product_config) if "address" in product_config.get("SanitizeDevice", []) and "_asan" not in build_flavor: @@ -89,6 +97,7 @@ def parse_args(): config["BuildFlavor"] = get_build_flavor(config) config["BuildKeys"] = get_build_keys(config) config["BuildVariant"] = get_build_variant(config) + config["SpoofedBuildVariant"] = get_spoofed_build_variant(config) config["BuildFingerprint"] = args.build_fingerprint_file.read().strip() config["BuildHostname"] = args.build_hostname_file.read().strip() @@ -109,7 +118,7 @@ def parse_args(): # build_desc is human readable strings that describe this build. This has the same info as the # build fingerprint. # e.g. "aosp_cf_x86_64_phone-userdebug VanillaIceCream MAIN eng.20240319.143939 test-keys" - config["BuildDesc"] = f"e_{config['DeviceName']}-{config['BuildVariant']} " \ + config["BuildDesc"] = f"e_{config['DeviceName']}-{config['SpoofedBuildVariant']} " \ f"{config['Platform_version_name']} {config['BuildId']} " \ f"{config['BuildNumber']} {config['BuildVersionTags']}" -- GitLab From 66c837bc09261e12112f6dac590d784b8a45e383 Mon Sep 17 00:00:00 2001 From: althafvly Date: Thu, 13 Feb 2025 22:49:52 +0530 Subject: [PATCH 3/4] soong: Use our keys for otacerts if it exists Change-Id: I7a19294237964d1aaa74afa6665c10f1350832c9 --- etc/otacerts_zip.go | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/etc/otacerts_zip.go b/etc/otacerts_zip.go index b6f175a2df..0140643b73 100644 --- a/etc/otacerts_zip.go +++ b/etc/otacerts_zip.go @@ -112,8 +112,17 @@ func (m *otacertsZipModule) outputFileName() string { } func (m *otacertsZipModule) GenerateAndroidBuildActions(ctx android.ModuleContext) { - // Read .x509.pem file defined in PRODUCT_DEFAULT_DEV_CERTIFICATE or the default test key. - pem, _ := ctx.Config().DefaultAppCertificate(ctx) + // Check if user-keys/releasekey.x509.pem exists + const userKeyPath = "user-keys/releasekey" + + var pem android.SourcePath + if android.ExistentPathForSource(ctx, userKeyPath + ".x509.pem").Valid() && + android.ExistentPathForSource(ctx,userKeyPath + ".pk8").Valid() { + pem, _ = android.PathForSource(ctx, userKeyPath + ".x509.pem"), android.PathForSource(ctx, userKeyPath + ".pk8") + } else { + // Read .x509.pem file defined in PRODUCT_DEFAULT_DEV_CERTIFICATE or the default test key. + pem, _ = ctx.Config().DefaultAppCertificate(ctx) + } // Read .x509.pem files listed in PRODUCT_EXTRA_OTA_KEYS or PRODUCT_EXTRA_RECOVERY_KEYS. extras := ctx.Config().ExtraOtaKeys(ctx, m.InRecovery()) srcPaths := append([]android.SourcePath{pem}, extras...) -- GitLab From e3aaa522fb048cd4e809ba94c36d5cf0af15f16a Mon Sep 17 00:00:00 2001 From: althafvly Date: Wed, 26 Feb 2025 19:02:06 +0530 Subject: [PATCH 4/4] Browser: Sign with user-keys if its available --- java/app.go | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/java/app.go b/java/app.go index c9f931fcc4..45570e878d 100644 --- a/java/app.go +++ b/java/app.go @@ -755,9 +755,21 @@ func processMainCert(m android.ModuleBase, certPropValue string, certificates [] var mainCert Certificate if certPropValue != "" { defaultDir := ctx.Config().DefaultAppCertificateDir(ctx) - mainCert = Certificate{ - Pem: defaultDir.Join(ctx, certPropValue+".x509.pem"), - Key: defaultDir.Join(ctx, certPropValue+".pk8"), + + userKeyBasePath := "user-keys/" + certPropValue + userPemPath := android.ExistentPathForSource(ctx, userKeyBasePath+".x509.pem") + userKeyPath := android.ExistentPathForSource(ctx, userKeyBasePath+".pk8") + + if certPropValue == "platform" && userPemPath.Valid() && userKeyPath.Valid() { + mainCert = Certificate{ + Pem: userPemPath.Path(), + Key: userKeyPath.Path(), + } + } else { + mainCert = Certificate{ + Pem: defaultDir.Join(ctx, certPropValue+".x509.pem"), + Key: defaultDir.Join(ctx, certPropValue+".pk8"), + } } } else { pem, key := ctx.Config().DefaultAppCertificate(ctx) -- GitLab