[FR] Add patches needed to add signature spoofing to A14 based builds

[2lucem2]

Description

So far, there are patches for Android versions 10 through 13. I would like to build A14 based roms with signature spoofing support; however I am at a loss at how the patches located here (https://github.com/lineageos4microg/docker-lineage-cicd/tree/lineage-21/src/signature_spoofing_patches) need to be modified.

Target version

LineageOS 21

• Android 7
• Android 8
• Android 9
• Android 10
• Android 11
• Android 12
• Android 13
• Android 14

What custom OS should support that feature (add an x within the [ ] brackets, select / add all that should apply):

• Lineage OS

[petefoth]

I would like to build A14 based roms with signature spoofing support;

LineageOS made changes to their code, so that they now support 'restricted` signature spoofing (i.e. only microG is allowed to spoof signature) - see this change

however I am at a loss at how the patches located here (https://github.com/lineageos4microg/docker-lineage-cicd/tree/lineage-21/src/signature_spoofing_patches) need to be modified.

If you need to allow other apps to spoof signature ( the equivalent of SIGNATURE_SPOOFING=yes in LineageOS for microG then check the code

• here for whihc patch files to use for ANdroid 14
• here to see how they are applied.

Note that LineageOS for microG no longer make their official builds using those patches, they rely on the upstream LOS code. The patches were created - and received a limited amount of testing - before LOS 's change of heart on signature spoofing being 'lying about security features. They are kept in case anyone does rely on them to build ROMs which allow unrestricted spoofing, but that unctionality has not had a lot of testing

[steadfasterX]

@2lucem2 extendrom's way of patching for signature spoofing goes way further then the Lineage OS or lineageos4microg one so the suggestion of @petefoth is just one part of what extendrom provides.. extendrom adds a toggle and manually pre-cautions to actually enable signature spoofing. i.e even when the patches are integrated the user always has the choice to enable or disable it at any time.
besides that extendrom supports this also in user builds while LOS supports that only for eng and userdebug builds (stupid decision but..)

If the "LOS way" is enough for your needs go ahead with them, ofc. but if you want to help porting the extendrom way read on.

basically I implement it like that:

applying the "official" sig patches - in this case for A14:

• https://github.com/lineageos4microg/docker-lineage-cicd/blob/lineage-21/src/signature_spoofing_patches/packages_modules_Permission-Android14.patch
• https://github.com/lineageos4microg/docker-lineage-cicd/blob/lineage-21/src/signature_spoofing_patches/android_frameworks_base-Android14.patch

They prefer to have a single diff for all paths within one dir but as I need to support multiple OS I split the all-in-one diffs to per-file diffs. This is a bit of work (cut + paste) but it makes it easier if something needs to be adapted for other OS later.

For A14 I would copy everything from here:

• https://github.com/sfX-android/android_vendor_extendrom/tree/main/config/sigspoof/lineage/A13
  to an A14 dir and then adjust the diffs one by one with those from the lineageos4microg repo.

note: I plan to do the above anyways but I cannot tell when

[petefoth]

applying the "official" sig patches - in this case for A14:

* https://github.com/lineageos4microg/docker-lineage-cicd/blob/lineage-21/src/signature_spoofing_patches/packages_modules_Permission-Android14.patch

* https://github.com/lineageos4microg/docker-lineage-cicd/blob/lineage-21/src/signature_spoofing_patches/android_frameworks_base-Android14.patch

Just to let you that for future Android versions, los4microg will not be implementing signature spoofing patches, because LineageOS now support the level of signature spoofing that we need for microG to work