From 1bbb6f9b4ee4a8a0e6f920f6f2f75aa3f239e8fc Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Mon, 28 Mar 2022 21:58:05 -0400
Subject: [PATCH] Fix and enable exec_spawning feature

This is the missing puzzle piece :)

Signed-off-by: Tad <tad@spotco.us>
---
 Scripts/Common/Functions.sh     | 9 +++++++++
 Scripts/LineageOS-16.0/Patch.sh | 2 ++
 Scripts/LineageOS-17.1/Patch.sh | 2 ++
 Scripts/LineageOS-18.1/Patch.sh | 4 +++-
 Scripts/init.sh                 | 2 +-
 5 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/Scripts/Common/Functions.sh b/Scripts/Common/Functions.sh
index 9a67f5b8..9d11e479 100644
--- a/Scripts/Common/Functions.sh
+++ b/Scripts/Common/Functions.sh
@@ -536,6 +536,15 @@ hardenBootArgs() {
 }
 export -f hardenBootArgs;
 
+disableEnforceRRO() {
+	cd "$DOS_BUILD_BASE$1";
+	awk -i inplace '!/PRODUCT_ENFORCE_RRO_TARGETS .= framework-res/' *.mk &>/dev/null || true;
+	awk -i inplace '!/PRODUCT_ENFORCE_RRO_TARGETS .= \*/' *.mk &>/dev/null || true;
+	sed -i '/PRODUCT_ENFORCE_RRO_TARGETS .= \\/,+1 d' *.mk &>/dev/null || true;
+	cd "$DOS_BUILD_BASE";
+}
+export -f disableEnforceRRO;
+
 disableAPEX() {
 	cd "$DOS_BUILD_BASE$1";
 	awk -i inplace '!/DEXPREOPT_GENERATE_APEX_IMAGE/' *.mk &>/dev/null || true;
diff --git a/Scripts/LineageOS-16.0/Patch.sh b/Scripts/LineageOS-16.0/Patch.sh
index 3e151474..56ab6014 100644
--- a/Scripts/LineageOS-16.0/Patch.sh
+++ b/Scripts/LineageOS-16.0/Patch.sh
@@ -94,6 +94,7 @@ git revert --no-edit 58544f3aa139b4603fa26c39e8d9259402d658b8; #Re-enable the do
 git revert --no-edit 271f6ffa045064abcac066e97f2cb53ccb3e5126 61f7ee9386be426fd4eadc2c8759362edb5bef8; #Add back PicoTTS and language files
 applyPatch "$DOS_PATCHES/android_build/0001-OTA_Keys.patch"; #Add correct keys to recovery for OTA verification
 applyPatch "$DOS_PATCHES/android_build/0002-Enable_fwrapv.patch"; #Use -fwrapv at a minimum (GrapheneOS)
+#if [ "$DOS_GRAPHENE_EXEC" = true ]; then sed -i 's/enforce_rro_enabled := true/enforce_rro_enabled :=/g' core/package_internal.mk; fi;
 sed -i '74i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
 if [ "$DOS_SILENCE_INCLUDED" = true ]; then sed -i 's/messaging/Silence/' target/product/aosp_base_telephony.mk target/product/treble_common.mk; fi; #Replace the Messaging app with Silence
 sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 17/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
@@ -401,6 +402,7 @@ find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {}
 find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'hardenUserdata "{}"';
 find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'hardenBootArgs "{}"';
 find "kernel" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenDefconfig "{}"';
+if [ "$DOS_GRAPHENE_EXEC" = true ]; then find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'disableEnforceRRO "{}"'; fi;
 cd "$DOS_BUILD_BASE";
 deblobAudio;
 removeBuildFingerprints;
diff --git a/Scripts/LineageOS-17.1/Patch.sh b/Scripts/LineageOS-17.1/Patch.sh
index c80b7567..77992d95 100644
--- a/Scripts/LineageOS-17.1/Patch.sh
+++ b/Scripts/LineageOS-17.1/Patch.sh
@@ -92,6 +92,7 @@ git revert --no-edit 0a9df01b268a238a623f5e0ea5221cebdfee2414; #Re-enable the do
 applyPatch "$DOS_PATCHES/android_build/0001-Restore_TTS.patch"; #Add back PicoTTS and language files
 applyPatch "$DOS_PATCHES/android_build/0002-OTA_Keys.patch"; #Add correct keys to recovery for OTA verification
 applyPatch "$DOS_PATCHES/android_build/0003-Enable_fwrapv.patch"; #Use -fwrapv at a minimum (GrapheneOS)
+#if [ "$DOS_GRAPHENE_EXEC" = true ]; then sed -i 's/enforce_rro_enabled := true/enforce_rro_enabled :=/g' core/package_internal.mk; fi;
 sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
 if [ "$DOS_SILENCE_INCLUDED" = true ]; then sed -i 's/messaging/Silence/' target/product/aosp_base_telephony.mk target/product/gsi_common.mk; fi; #Replace the Messaging app with Silence
 awk -i inplace '!/updatable_apex.mk/' target/product/mainline_system.mk; #Disable APEX
@@ -465,6 +466,7 @@ find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {}
 find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'hardenBootArgs "{}"';
 find "kernel" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenDefconfig "{}"';
 find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'disableAPEX "{}"';
+if [ "$DOS_GRAPHENE_EXEC" = true ]; then find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'disableEnforceRRO "{}"'; fi;
 cd "$DOS_BUILD_BASE";
 deblobAudio;
 removeBuildFingerprints;
diff --git a/Scripts/LineageOS-18.1/Patch.sh b/Scripts/LineageOS-18.1/Patch.sh
index d28da4d6..a42683bc 100644
--- a/Scripts/LineageOS-18.1/Patch.sh
+++ b/Scripts/LineageOS-18.1/Patch.sh
@@ -89,7 +89,8 @@ if enterAndClear "build/make"; then
 git revert --no-edit def3f14af17ae92192d2cc7d22349cabfa906fd6; #Re-enable the downgrade check
 applyPatch "$DOS_PATCHES/android_build/0001-Enable_fwrapv.patch"; #Use -fwrapv at a minimum (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_build/0002-OTA_Keys.patch"; #Add correct keys to recovery for OTA verification
-#if [ "$DOS_GRAPHENE_EXEC" = true ]; then applyPatch "$DOS_PATCHES/android_build/0003-Exec_Based_Spawning.patch"; fi; #Add exec-based spawning support (GrapheneOS) #XXX: many devices depend on RROs and most override this anyway
+if [ "$DOS_GRAPHENE_EXEC" = true ]; then applyPatch "$DOS_PATCHES/android_build/0003-Exec_Based_Spawning.patch"; fi; #Add exec-based spawning support (GrapheneOS) #XXX: most devices override this
+#if [ "$DOS_GRAPHENE_EXEC" = true ]; then sed -i 's/enforce_rro_enabled := true/enforce_rro_enabled :=/g' core/package_internal.mk; fi; #XXX: insane?
 sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
 if [ "$DOS_SILENCE_INCLUDED" = true ]; then sed -i 's/messaging/Silence/' target/product/aosp_base_telephony.mk target/product/aosp_product.mk; fi; #Replace the Messaging app with Silence
 awk -i inplace '!/updatable_apex.mk/' target/product/mainline_system.mk; #Disable APEX
@@ -553,6 +554,7 @@ find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {}
 find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'hardenBootArgs "{}"';
 find "kernel" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenDefconfig "{}"';
 find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'disableAPEX "{}"';
+if [ "$DOS_GRAPHENE_EXEC" = true ]; then find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'disableEnforceRRO "{}"'; fi;
 cd "$DOS_BUILD_BASE";
 deblobAudio;
 removeBuildFingerprints;
diff --git a/Scripts/init.sh b/Scripts/init.sh
index 0a97dff8..624987c3 100644
--- a/Scripts/init.sh
+++ b/Scripts/init.sh
@@ -60,7 +60,7 @@ export DOS_GPS_GLONASS_FORCED=false; #Enables GLONASS on all devices
 export DOS_GRAPHENE_BIONIC=true; #Enables the bionic hardening patchset on 16.0+17.1+18.1
 export DOS_GRAPHENE_CONSTIFY=true; #Enables 'Constify JNINativeMethod tables' patchset on 16.0+17.1+18.1
 export DOS_GRAPHENE_MALLOC=true; #Enables use of GrapheneOS' hardened memory allocator on 64-bit platforms on 16.0+17.1+18.1
-export DOS_GRAPHENE_EXEC=false; #Enables use of GrapheneOS' exec spawning feature on 16.0+17.1+18.1 XXX: breaks things like VoLTE
+export DOS_GRAPHENE_EXEC=true; #Enables use of GrapheneOS' exec spawning feature on 16.0+17.1+18.1
 export DOS_GRAPHENE_PTRACE_SCOPE=true; #Enables the ptrace_scope toggle patchset on 17.1+18.1
 export DOS_GRAPHENE_NETWORK_PERM=true; #Enables use of GrapheneOS' NETWORK permission on 17.1+18.1
 export DOS_TIMEOUTS=true; #Enables the GrapheneOS/CalyxOS patchset for automatic timeouts of reboot/Wi-Fi/Bluetooth on 17.1+18.1