Sync boot scripts to PlayIntegrityFork b427736

snake-4 · Sep 4, 2024 · 1304dca · 1304dca
1 parent 8b20a94
commit 1304dca
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 16 deletions.
diff --git a/module/template/post-fs-data.sh b/module/template/post-fs-data.sh
@@ -24,6 +24,7 @@ done
 for PROP in $(resetprop | grep -oE 'ro.*.build.type'); do
     resetprop_if_diff $PROP user
 done
+resetprop_if_diff ro.adb.secure 1
 resetprop_if_diff ro.debuggable 0
 resetprop_if_diff ro.force.debuggable 0
-resetprop_if_diff ro.secure 1
+resetprop_if_diff ro.secure 1
diff --git a/module/template/service.sh b/module/template/service.sh
@@ -1,7 +1,7 @@
 MODPATH="${0%/*}"
 . $MODPATH/common_func.sh
 
-### Conditional sensitive properties
+# Conditional sensitive properties
 
 # Magisk Recovery Mode
 resetprop_if_match ro.boot.mode recovery unknown
@@ -10,43 +10,40 @@ resetprop_if_match vendor.boot.mode recovery unknown
 
 # SELinux
 resetprop_if_diff ro.boot.selinux enforcing
+# use delete since it can be 0 or 1 for enforcing depending on OEM
 if [ -n "$(resetprop ro.build.selinux)" ]; then
     resetprop --delete ro.build.selinux
 fi
-
-# Toybox cat is used to preserve the file access time
+# use toybox to protect stat access time reading
 if [ "$(toybox cat /sys/fs/selinux/enforce)" = "0" ]; then
     chmod 640 /sys/fs/selinux/enforce
     chmod 440 /sys/fs/selinux/policy
 fi
 
-### Conditional late sensitive properties
+# Conditional late sensitive properties
 
+# must be set after boot_completed for various OEMs
 {
 until [ "$(getprop sys.boot_completed)" = "1" ]; do
     sleep 1
 done
 
-# Avoid bootloop on some Xiaomi devices
+# SafetyNet/Play Integrity + OEM
+# avoid bootloop on some Xiaomi devices
 resetprop_if_diff ro.secureboot.lockstate locked
-
-# Avoid breaking Realme fingerprint scanners
+# avoid breaking Realme fingerprint scanners
 resetprop_if_diff ro.boot.flash.locked 1
 resetprop_if_diff ro.boot.realme.lockstate 1
-
-# Avoid breaking Oppo fingerprint scanners
+# avoid breaking Oppo fingerprint scanners
 resetprop_if_diff ro.boot.vbmeta.device_state locked
-
-# Avoid breaking OnePlus display modes/fingerprint scanners
+# avoid breaking OnePlus display modes/fingerprint scanners
 resetprop_if_diff vendor.boot.verifiedbootstate green
-
-# Avoid breaking OnePlus/Oppo fingerprint scanners on OOS/ColorOS 12+
+# avoid breaking OnePlus/Oppo fingerprint scanners on OOS/ColorOS 12+
 resetprop_if_diff ro.boot.verifiedbootstate green
 resetprop_if_diff ro.boot.veritymode enforcing
 resetprop_if_diff vendor.boot.vbmeta.device_state locked
 
 # Other
 resetprop_if_diff sys.oem_unlock_allowed 0
-resetprop_if_diff ro.adb.secure 1
 
-}&
+}&