From bcaa4327b91d6c7e28e31ca420eba62b9474b8bb Mon Sep 17 00:00:00 2001
From: chiteroman <98092901+chiteroman@users.noreply.github.com>
Date: Mon, 27 Nov 2023 19:09:13 +0100
Subject: [PATCH] Add module files

---
 .../META-INF/com/google/android/update-binary | 33 +++++++++++++
 .../com/google/android/updater-script         |  1 +
 module/customize.sh                           | 10 ++++
 module/module.prop                            |  7 +++
 module/post-fs-data.sh                        |  9 ++++
 module/service.sh                             | 46 +++++++++++++++++++
 module/system.prop                            | 16 +++++++
 7 files changed, 122 insertions(+)
 create mode 100644 module/META-INF/com/google/android/update-binary
 create mode 100644 module/META-INF/com/google/android/updater-script
 create mode 100644 module/customize.sh
 create mode 100644 module/module.prop
 create mode 100644 module/post-fs-data.sh
 create mode 100644 module/service.sh
 create mode 100644 module/system.prop

diff --git a/module/META-INF/com/google/android/update-binary b/module/META-INF/com/google/android/update-binary
new file mode 100644
index 0000000..28b48e5
--- /dev/null
+++ b/module/META-INF/com/google/android/update-binary
@@ -0,0 +1,33 @@
+#!/sbin/sh
+
+#################
+# Initialization
+#################
+
+umask 022
+
+# echo before loading util_functions
+ui_print() { echo "$1"; }
+
+require_new_magisk() {
+  ui_print "*******************************"
+  ui_print " Please install Magisk v20.4+! "
+  ui_print "*******************************"
+  exit 1
+}
+
+#########################
+# Load util_functions.sh
+#########################
+
+OUTFD=$2
+ZIPFILE=$3
+
+mount /data 2>/dev/null
+
+[ -f /data/adb/magisk/util_functions.sh ] || require_new_magisk
+. /data/adb/magisk/util_functions.sh
+[ $MAGISK_VER_CODE -lt 20400 ] && require_new_magisk
+
+install_module
+exit 0
diff --git a/module/META-INF/com/google/android/updater-script b/module/META-INF/com/google/android/updater-script
new file mode 100644
index 0000000..11d5c96
--- /dev/null
+++ b/module/META-INF/com/google/android/updater-script
@@ -0,0 +1 @@
+#MAGISK
diff --git a/module/customize.sh b/module/customize.sh
new file mode 100644
index 0000000..ea07489
--- /dev/null
+++ b/module/customize.sh
@@ -0,0 +1,10 @@
+# Error on < Android 8
+if [ "$API" -lt 26 ]; then
+    abort "!!! You can't use this module on Android < 8.0."
+fi
+
+# safetynet-fix module is incompatible
+if [ -d "/data/adb/modules/safetynet-fix" ]; then
+    touch "/data/adb/modules/safetynet-fix/remove"
+	ui_print "- 'safetynet-fix' module will be removed in next reboot."
+fi
\ No newline at end of file
diff --git a/module/module.prop b/module/module.prop
new file mode 100644
index 0000000..437c586
--- /dev/null
+++ b/module/module.prop
@@ -0,0 +1,7 @@
+id=playintegrityfix
+name=Play Integrity Fix
+version=v13.8
+versionCode=138
+author=chiteroman
+description=Fix CTS profile (SafetyNet) and DEVICE verdict (Play Integrity).
+updateJson=https://raw.githubusercontent.com/chiteroman/PlayIntegrityFix/main/update.json
\ No newline at end of file
diff --git a/module/post-fs-data.sh b/module/post-fs-data.sh
new file mode 100644
index 0000000..1593e37
--- /dev/null
+++ b/module/post-fs-data.sh
@@ -0,0 +1,9 @@
+# Remove Play Services from the Magisk Denylist when set to enforcing
+if magisk --denylist status; then
+    magisk --denylist rm com.google.android.gms
+fi
+
+# Check if safetynet-fix is installed
+if [ -d "/data/adb/modules/safetynet-fix" ]; then
+    touch "/data/adb/modules/safetynet-fix/remove"
+fi
\ No newline at end of file
diff --git a/module/service.sh b/module/service.sh
new file mode 100644
index 0000000..307ea1c
--- /dev/null
+++ b/module/service.sh
@@ -0,0 +1,46 @@
+# Sensitive properties
+
+maybe_set_prop() {
+    local prop="$1"
+    local contains="$2"
+    local value="$3"
+
+    if [[ "$(getprop "$prop")" == *"$contains"* ]]; then
+        resetprop "$prop" "$value"
+    fi
+}
+
+# Magisk recovery mode
+maybe_set_prop ro.bootmode recovery unknown
+maybe_set_prop ro.boot.mode recovery unknown
+maybe_set_prop vendor.boot.mode recovery unknown
+
+# Hiding SELinux | Permissive status
+resetprop --delete ro.build.selinux
+
+# Hiding SELinux | Use toybox to protect *stat* access time reading
+if [[ "$(toybox cat /sys/fs/selinux/enforce)" == "0" ]]; then
+    chmod 640 /sys/fs/selinux/enforce
+    chmod 440 /sys/fs/selinux/policy
+fi
+
+# Late props which must be set after boot_completed
+{
+    until [[ "$(getprop sys.boot_completed)" == "1" ]]; do
+        sleep 1
+    done
+
+    # SafetyNet/Play Integrity | Avoid breaking Realme fingerprint scanners
+    resetprop ro.boot.flash.locked 1
+
+    # SafetyNet/Play Integrity | Avoid breaking Oppo fingerprint scanners
+    resetprop ro.boot.vbmeta.device_state locked
+
+    # SafetyNet/Play Integrity | Avoid breaking OnePlus display modes/fingerprint scanners
+    resetprop vendor.boot.verifiedbootstate green
+
+    # SafetyNet/Play Integrity | Avoid breaking OnePlus display modes/fingerprint scanners on OOS 12
+    resetprop ro.boot.verifiedbootstate green
+    resetprop ro.boot.veritymode enforcing
+    resetprop vendor.boot.vbmeta.device_state locked
+}&
diff --git a/module/system.prop b/module/system.prop
new file mode 100644
index 0000000..a1dfa57
--- /dev/null
+++ b/module/system.prop
@@ -0,0 +1,16 @@
+# RootBeer, Microsoft
+ro.build.tags=release-keys
+
+# Samsung
+ro.boot.warranty_bit=0
+ro.vendor.boot.warranty_bit=0
+ro.vendor.warranty_bit=0
+ro.warranty_bit=0
+
+# OnePlus
+ro.is_ever_orange=0
+
+# Other
+ro.build.type=user
+ro.debuggable=0
+ro.secure=1
-- 
GitLab