patch.d-env

#!/bin/sh

tmp=/tmp/kernel-flasher

console=$(cat /tmp/console)
[ "$console" ] || console=/proc/$$/fd/1

cd "$tmp"
. config.sh

cmdline=$split_img/cmdline
default_prop=$ramdisk/default.prop
build_prop=/system/build.prop
ueventd=$ramdisk/ueventd.rc
sepolicy=$ramdisk/sepolicy
file_contexts=$ramdisk/file_contexts
seinject=$bin/sepolicy-inject
# default Android API to KitKat, use policy check to determine actual version
android_api=19

found_prop=false
[ -f "$default_prop" ] && found_prop=true

found_build_prop=false
[ -f "$build_prop" ] && found_build_prop=true

found_ueventd=false
[ -f "$ueventd" ] && found_ueventd=true

found_sepolicy=false
[ -f "$sepolicy" ] && found_sepolicy=true

found_file_contexts=false
[ -f "$file_contexts" ] && found_file_contexts=true

print() {
	if [ "$1" ]; then
		echo "ui_print -- $1" > "$console"
	else
		echo "ui_print  " > "$console"
	fi
	echo
}

abort() {
	[ "$1" ] && print "Error: $1"
	exit 1
}

# sinject_test
# tests for Android API and sets seinject binary accordingly
seinject_test() {
	$found_sepolicy || return 1
	[ -x "$seinject" ] || return 1
	if   "$seinject" -e -c filesystem -P "$sepolicy" &&
	   ! "$seinject-M" -e -c filesystem -P "$sepolicy"; then
		# Android 7.0+ (Nougat)
		android_api=24
		return
	fi
	seinject="$seinject-M"
	[ -x "$seinject" ] || return 1
	if "$seinject" -e -s gatekeeper_service -P "$sepolicy"; then
		# Android 6.0 (Marshmallow)
		android_api=23
		return
	fi
	if "$seinject" -e -c service_manager -P "$sepolicy"; then
		# Android 5.1 (Lollipop MR1)
		android_api=21
		return
	fi
}

# setperm <directory permissions> <file permissions> <directory>
# recursively sets permissions of files & directories
setperm() {
	find "$3" -type d -exec chmod "$1" {} \;
	find "$3" -type f -exec chmod "$2" {} \;
}

# replace_file <old file> <new file> (preserving metadata)
# replace a file, preserving metadata (using cat)
replace_file() {
	cat "$2" > "$1" || return
	rm -f "$2"
}

# replace_line <file> <line match pattern> <replacement line>
# replace a matching line in a file with another line
replace_line() {
	sed -i "s/[[:space:]]*$2[[:space:]]*$/$3/" "$1"
}

# insert_after_last <file> <line match pattern> <inserted line>
# insert a specified line after the last matching line
insert_after_last() {
	grep -q "^$3$" "$1" || {
		line=$(($(grep -n "^[[:space:]]*$2[[:space:]]*$" "$1" | tail -1 | cut -d: -f1) + 1))
		sed -i "${line}i$3" "$1"
	}
}

# setcmdline <key> <value>
# set a key's value on the boot image's initial command line
setcmdline() {
	[ -f "$cmdline" ] || touch "$cmdline"
	grep -q "\b$1=" "$cmdline" && sed -i "s|\b$1=.*\b|$1=$2|g" "$cmdline" && return
	sed -i "1 s/$/ $1=$2/" "$cmdline"
}

# setprop <prop> <value>
# set a prop value in default.prop
setprop() {
	$found_prop || return
	if grep -q "^[[:space:]]*$1[[:space:]]*=" "$default_prop"; then
		sed -i "s/^[[:space:]]*$1[[:space:]]*=.*$/$1=$2/g" "$default_prop"
	else
		echo "$1=$2" >> "$default_prop"
	fi
}

# delprop <prop>
# delete a prop from both default.prop and build.prop
delprop() {
	$found_prop && sed -i "/^[[:space:]]*$1[[:space:]]*=/d" "$default_prop"
	$found_build_prop && sed -i "/^[[:space:]]*$1[[:space:]]*=/d" "$build_prop"
}

# disable_service <service name>
# this only sets a service to disabled, it won't prevent it from being started manually
disable_service() {
	for rc in "$ramdisk"/*.rc; do
		grep -q "^[[:space:]]*service[[:space:]]\+$1\b" "$rc" || continue
		echo "Found service $1 in $rc"
		awk -vsc_name="$1" '
			$1 == "service" || $1 == "on" { in_sc = 0 }
			in_sc && $1 == "disabled" { next }
			{ print }
			$1 == "service" && $2 == sc_name {
				print "    disabled"
				in_sc = 1
			}
		' "$rc" > "$rc-"
		replace_file "$rc" "$rc-"
	done
}

# remove_service <service name>
# this comments out a service entry entirely, as well as commands referencing it
remove_service() {
	for rc in "$ramdisk"/*.rc; do
		grep -q "^[[:space:]]*\(service\|start\|stop\|restart\)[[:space:]]\+$1\b" "$rc" || continue
		echo "Found service $1 in $rc"
		awk -vsc_name="$1" '
			!NF || $1 ~ /^#/ { print; next }
			$1 == "service" || $1 == "on" { in_sc = 0 }
			$1 == "service" && $2 == sc_name { in_sc = 1 }
			in_sc || ($2 == sc_name && ($1 == "start" || $1 == "stop" || $1 == "restart")) { printf "#" }
			{ print }
		' "$rc" > "$rc-"
		replace_file "$rc" "$rc-"
	done
}

# ueventd_set <device node> <permissions> <chown> <chgrp>
# use this to set permissions of /dev nodes
ueventd_set() {
	$found_ueventd || return
	awk -vdev="$1" -vperm="$2" -vuser="$3" -vgroup="$4" '
		function pdev() {
			printf "%-25s %-6s %-10s %s\n", dev, perm, user, group
			set = 1
		}
		$1 == dev && !set { pdev() }
		$1 == dev { next }
		{ print }
		END { if (!set) pdev() }
	' "$ueventd" > "$ueventd-"
	replace_file "$ueventd" "$ueventd-"
}

# context_set <file path regex> <context>
# use this to set selinux contexts of file paths
context_set() {
	$found_file_contexts || return
	awk -vfile="$1" -vcontext="$2" '
		function pfcon() {
			printf "%-48s %s\n", file, context
			set = 1
		}
		$1 == file && !set { pfcon() }
		$1 == file { next }
		{ print }
		END { if (!set) pfcon() }
	' "$file_contexts" > "$file_contexts-"
	replace_file "$file_contexts" "$file_contexts-"
}

# import_rc <rc file>
# adds an init rc file as an import to init.rc, it will be imported last
import_rc() {
	insert_after_last "$ramdisk/init.rc" "import .*\.rc" "import /$1"
}

# secheck [-s <source type>] [-c <class>]
# check if a given context label or class exists in the sepolicy
secheck() {
	$found_sepolicy || return
	"$seinject" -e -P "$sepolicy" "$@" 2> /dev/null
}

# seadd [-Z / -z <domain> | -s <source type>] [-t <target type>] [-c <class>] [-z <domain>] [-p <perm,list>] [-a <type attr>]
# add a new policy rule/domain to the sepolicy
seadd() {
	$found_sepolicy || return
	"$seinject" -P "$sepolicy" "$@"
}

seinject_test

cd "$ramdisk" || abort "Unable to enter ramdisk directory!"