[WIP] Edit android version/security patch based on boot.img
diff --git a/base.mk b/base.mk
index 584cacc..4b50763 100644
--- a/base.mk
+++ b/base.mk
@@ -44,7 +44,8 @@
device/phh/treble/nfc/libnfc-nci.conf:system/etc/libnfc-nci.conf
PRODUCT_COPY_FILES += \
- device/phh/treble/resize-system.sh:system/bin/resize-system.sh
+ device/phh/treble/rw-system.sh:system/bin/rw-system.sh \
+ device/phh/treble/fixSPL/getSPL.arm:system/bin/getSPL
PRODUCT_PACKAGES += \
treble-environ-rc
diff --git a/fixSPL/getSPL.arm b/fixSPL/getSPL.arm
new file mode 100755
index 0000000..a1f92c4
--- /dev/null
+++ b/fixSPL/getSPL.arm
Binary files differ
diff --git a/fixSPL/getSPL.c b/fixSPL/getSPL.c
new file mode 100644
index 0000000..44f4356
--- /dev/null
+++ b/fixSPL/getSPL.c
@@ -0,0 +1,38 @@
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <stdint.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <string.h>
+
+int main(int argc, char **argv) {
+ if(argc!=3) {
+ fprintf(stderr, "Usage: %s <bootimg> <android|spl>\n", argv[0]);
+ exit(-1);
+ }
+ int fd = open(argv[1], O_RDONLY);
+ lseek(fd, 11*4, SEEK_SET);
+ uint32_t val = 0;
+ read(fd, &val, sizeof(val));
+ int android = val >> 11;
+ int a = android >> 14;
+ int b = (android >> 7) & 0x7f;
+ int c = android & 0x7f;
+
+ int spl = val & 0x7ff;
+ int y = 2000 + (spl >> 4);
+ int m = spl & 0xf;
+
+ fprintf(stderr, "Android: %d.%d.%d\n", a, b, c);
+ fprintf(stderr, "SPL: %d-%d-01\n", y, m);
+
+ if(strcmp(argv[2], "android") == 0) {
+ printf("%d.%d.%d", a, b, c);
+ } else if(strcmp(argv[2], "spl") == 0) {
+ printf("%04d-%02d-%02d", y, m, 1);
+ }
+
+ return 0;
+}
diff --git a/resize-system.sh b/resize-system.sh
deleted file mode 100644
index cc90237..0000000
--- a/resize-system.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/system/bin/sh
-
-set -e
-
-if [ "grep ' /system ' /proc/mounts |cut -d ' ' -f 1 |wc -l" -ne 1 ];then
- exit 0
-fi
-
-mount -o remount,rw /system
-resize2fs $(grep ' /system ' /proc/mounts |cut -d ' ' -f 1)
-mount -o remount,ro /system
diff --git a/rw-system.sh b/rw-system.sh
new file mode 100644
index 0000000..42866e8
--- /dev/null
+++ b/rw-system.sh
@@ -0,0 +1,35 @@
+#!/system/bin/sh
+
+set -e
+
+if [ "grep ' /system ' /proc/mounts |cut -d ' ' -f 1 |wc -l" -ne 1 ];then
+ exit 0
+fi
+
+img="$(find /dev/block -type l |grep by-name |grep /kernel$(getprop ro.boot.slot_suffix) |head -n 1)"
+[ -z "$img" ] && img="$(find /dev/block -type l |grep by-name |grep /boot$(getprop ro.boot.slot_suffix) |head -n 1)"
+
+mount -o remount,rw /system
+resize2fs $(grep ' /system ' /proc/mounts |cut -d ' ' -f 1)
+if [ -n "$img" -a ! -f /system/rewrite-spl-done ];then
+ done=1
+ v="$(getSPL $img android)"
+ if [ "$(getprop ro.build.version.release)" != "$v" ];then\
+ sed -i -E "s/ro.build.version.release=.*/ro.build.version.release=$v/g" /system/build.prop
+ sed -i -E "s/ro.build.version.release=.*/ro.build.version.release=$v/g" /system/etc/prop.default
+ done=''
+ fi
+
+ v="$(getSPL $img spl)"
+ if [ "$(getprop ro.build.version.security_patch)" != "$v)" ];then
+ sed -i -E "s/ro.build.version.security_patch=.*/ro.build.version.security_patch=$v/g" /system/build.prop
+ sed -i -E "s/ro.build.version.security_patch=.*/ro.build.version.security_patch=$v/g" /system/etc/prop.default
+ done=''
+ fi
+
+ if touch /system/rewrite-spl-done && [ ! "$done" ];then
+ mount -o remount,ro /system
+ reboot
+ fi
+fi
+mount -o remount,ro /system
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index e4a62b8..3cdbabe 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -1,4 +1,4 @@
/system/bin/phh-su u:object_r:phhsu_exec:s0
/system/bin/vndk-detect u:object_r:vndk_detect_exec:s0
/system/etc/usb_audio_policy_configuration.xml u:object_r:vendor_configs_file:s0
-/system/bin/resize-system.sh u:object_r:update_engine_exec:s0
+/system/bin/rw-system.sh u:object_r:phhsu_exec:s0
diff --git a/sepolicy/resize.te b/sepolicy/resize.te
deleted file mode 100644
index 12d95c6..0000000
--- a/sepolicy/resize.te
+++ /dev/null
@@ -1,6 +0,0 @@
-allow update_engine { toolbox_exec system_file }:file rx_file_perms;
-allow update_engine labeledfs:filesystem remount;
-
-allow update_engine sysfs_fs_ext4_features:dir r_dir_perms;
-allow update_engine sysfs_fs_ext4_features:file r_file_perms;
-allow update_engine self:capability { sys_resource };
diff --git a/vndk.rc b/vndk.rc
index 7a31398..a4361a5 100644
--- a/vndk.rc
+++ b/vndk.rc
@@ -1,5 +1,5 @@
on post-fs
exec - root -- /system/bin/vndk-detect
- exec - root -- /system/bin/resize-system.sh
+ exec - root -- /system/bin/rw-system.sh
mount none /system/etc/usb_audio_policy_configuration.xml /vendor/etc/usb_audio_policy_configuration.xml bind
export LD_CONFIG_FILE /system/etc/ld.config.${persist.sys.vndk}.txt