#!/bin/sh
# postinst script for android-permissions
#
# see: dh_installdeb(1)

set -e

# summary of how this script can be called:
#        * <postinst> `configure' <most-recently-configured-version>
#        * <old-postinst> `abort-upgrade' <new version>
#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
#          <new-version>
#        * <postinst> `abort-remove'
#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
#          <failed-install-package> <version> `removing'
#          <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package


usergroupadd() {
    if grep -q ^$2: /etc/group; then
        echo "group $2 exists, forcing to gid $1 to match Android"
        sed -i "s,^$2:x:[0-9][0-9]*:,$2:x:$1:," /etc/group
    else
        groupadd --system --gid $1  $2
    fi
    if grep -q ^$2: /etc/passwd; then
        echo "ERROR: user $2 exists, skipping ($1 $2 '$3')"
    else
        useradd --system --gid $1 --uid $1 --home /system --comment "$3"  $2
    fi
}

case "$1" in
    configure)

# these are derived from this source:
# https://android.googlesource.com/platform/system/core/+/master/include/private/android_filesystem_config.h

	# Add UID/GID values statically defined in Bionic Libc
	    usergroupadd 1000 system       "system server"
	    usergroupadd 1001 radio        "telephony subsystem, RIL"
	    usergroupadd 1002 bluetooth    "bluetooth subsystem"
	    usergroupadd 1003 graphics     "graphics devices"
	    usergroupadd 1004 input        "input devices"
	    usergroupadd 1005 audio        "audio devices"
	    usergroupadd 1006 camera       "camera devices"
	    usergroupadd 1007 log          "log devices"
	    usergroupadd 1008 compass      "compass device"
	    usergroupadd 1009 mount        "mountd socket"
	    usergroupadd 1010 wifi         "wifi subsystem"
	    usergroupadd 1011 adb          "android debug bridge (adbd)"
	    usergroupadd 1012 install      "group for installing packages"
	    usergroupadd 1013 media        "mediaserver process"
	    usergroupadd 1014 dhcp         "dhcp client"
	    usergroupadd 1015 sdcard_rw    "external storage write access"
	    usergroupadd 1016 vpn          "vpn system"
	    usergroupadd 1017 keystore     "keystore subsystem"
	# Next 3 are unimplemented on SGT(Froyo), 1018 is fm_radio on Huawei S7
	    usergroupadd 1018 usb          "USB devices"
	    usergroupadd 1019 drm          "DRM server"
	    usergroupadd 1020 mdnsr        "MulticastDNSResponder (service discovery)"
	    usergroupadd 1021 gps          "GPS daemon"
	    usergroupadd 1022 unused1      "deprecated, DO NOT USE" # in Gingerbread, this was "NFC subsystem"
	    usergroupadd 1023 media_rw     "internal media storage write access"
	    usergroupadd 1024 mtp          "MTP USB driver access"
	    usergroupadd 1025 unused2      "deprecated, DO NOT USE"
	    usergroupadd 1026 drmrpc       "group for drm rpc"
	    usergroupadd 1027 nfc          "nfc subsystem"
	    usergroupadd 1028 sdread_r     "external storage read access"
	    usergroupadd 1029 clat         "clat part of nat464"
	    usergroupadd 1030 loop_radio   "loop radio devices"
	    usergroupadd 1031 media_drm    "MediaDrm plugins"
	    usergroupadd 1032 package_info "access to installed package details"
	    usergroupadd 1033 sdcard_pics  "external storage photos access"
	    usergroupadd 1034 sdcard_ac    "external storage audio/video access"
	    usergroupadd 1035 sdcard_all   "access all users external storage"
	    usergroupadd 1036 logd         "log daemon"
	    usergroupadd 1037 shared_relro "creator of shared GNU RELRO files"

	    usergroupadd 2000 shell        "adb and debug shell user"
	    usergroupadd 2001 cache        "cache access"
	    usergroupadd 2002 diag         "access to diagnostic resources"

    # The 3000 series are intended for use as supplemental group id's only.
    # They indicate special Android capabilities that the kernel is aware of.
	    usergroupadd 3001 net_bt_admin  "bluetooth, create any socket"
	    usergroupadd 3002 net_bt        "bluetooth, create sco, rfcomm or l2cap sockets"
	    usergroupadd 3003 inet          "can create AF_INET and AF_INET6 sockets"
	    usergroupadd 3004 net_raw       "can create raw INET sockets"
	    usergroupadd 3005 net_admin     "can configure interfaces and routing tables"
	    usergroupadd 3006 net_bw_stats  "read bandwidth statistics"
	    usergroupadd 3007 net_bw_acct   "change bandwidth statistics accounting"
	    usergroupadd 3008 net_bt_stack  "bluetooth, access config files"

	    usergroupadd 9997 everybody    "shared between all apps in the same profile"
	    usergroupadd 9998 misc         "access to misc storage"
	    usergroupadd 9999 a_nobody     "Android nobody (nobody UID exists on Debian)"

    # the first 100 user accounts for app
        usergroupadd 10000 u0_a0       "app user 10000"
        usergroupadd 10001 u0_a1       "app user 10001"
        usergroupadd 10002 u0_a2       "app user 10002"
        usergroupadd 10003 u0_a3       "app user 10003"
        usergroupadd 10004 u0_a4       "app user 10004"
        usergroupadd 10005 u0_a5       "app user 10005"
        usergroupadd 10006 u0_a6       "app user 10006"
        usergroupadd 10007 u0_a7       "app user 10007"
        usergroupadd 10008 u0_a8       "app user 10008"
        usergroupadd 10009 u0_a9       "app user 10009"
        usergroupadd 10010 u0_a10      "app user 10010"
        usergroupadd 10011 u0_a11      "app user 10011"
        usergroupadd 10012 u0_a12      "app user 10012"
        usergroupadd 10013 u0_a13      "app user 10013"
        usergroupadd 10014 u0_a14      "app user 10014"
        usergroupadd 10015 u0_a15      "app user 10015"
        usergroupadd 10016 u0_a16      "app user 10016"
        usergroupadd 10017 u0_a17      "app user 10017"
        usergroupadd 10018 u0_a18      "app user 10018"
        usergroupadd 10019 u0_a19      "app user 10019"
        usergroupadd 10020 u0_a20      "app user 10020"
        usergroupadd 10021 u0_a21      "app user 10021"
        usergroupadd 10022 u0_a22      "app user 10022"
        usergroupadd 10023 u0_a23      "app user 10023"
        usergroupadd 10024 u0_a24      "app user 10024"
        usergroupadd 10025 u0_a25      "app user 10025"
        usergroupadd 10026 u0_a26      "app user 10026"
        usergroupadd 10027 u0_a27      "app user 10027"
        usergroupadd 10028 u0_a28      "app user 10028"
        usergroupadd 10029 u0_a29      "app user 10029"
        usergroupadd 10030 u0_a30      "app user 10030"
        usergroupadd 10031 u0_a31      "app user 10031"
        usergroupadd 10032 u0_a32      "app user 10032"
        usergroupadd 10033 u0_a33      "app user 10033"
        usergroupadd 10034 u0_a34      "app user 10034"
        usergroupadd 10035 u0_a35      "app user 10035"
        usergroupadd 10036 u0_a36      "app user 10036"
        usergroupadd 10037 u0_a37      "app user 10037"
        usergroupadd 10038 u0_a38      "app user 10038"
        usergroupadd 10039 u0_a39      "app user 10039"
        usergroupadd 10040 u0_a40      "app user 10040"
        usergroupadd 10041 u0_a41      "app user 10041"
        usergroupadd 10042 u0_a42      "app user 10042"
        usergroupadd 10043 u0_a43      "app user 10043"
        usergroupadd 10044 u0_a44      "app user 10044"
        usergroupadd 10045 u0_a45      "app user 10045"
        usergroupadd 10046 u0_a46      "app user 10046"
        usergroupadd 10047 u0_a47      "app user 10047"
        usergroupadd 10048 u0_a48      "app user 10048"
        usergroupadd 10049 u0_a49      "app user 10049"
        usergroupadd 10050 u0_a50      "app user 10050"
        usergroupadd 10051 u0_a51      "app user 10051"
        usergroupadd 10052 u0_a52      "app user 10052"
        usergroupadd 10053 u0_a53      "app user 10053"
        usergroupadd 10054 u0_a54      "app user 10054"
        usergroupadd 10055 u0_a55      "app user 10055"
        usergroupadd 10056 u0_a56      "app user 10056"
        usergroupadd 10057 u0_a57      "app user 10057"
        usergroupadd 10058 u0_a58      "app user 10058"
        usergroupadd 10059 u0_a59      "app user 10059"
        usergroupadd 10060 u0_a60      "app user 10060"
        usergroupadd 10061 u0_a61      "app user 10061"
        usergroupadd 10062 u0_a62      "app user 10062"
        usergroupadd 10063 u0_a63      "app user 10063"
        usergroupadd 10064 u0_a64      "app user 10064"
        usergroupadd 10065 u0_a65      "app user 10065"
        usergroupadd 10066 u0_a66      "app user 10066"
        usergroupadd 10067 u0_a67      "app user 10067"
        usergroupadd 10068 u0_a68      "app user 10068"
        usergroupadd 10069 u0_a69      "app user 10069"
        usergroupadd 10070 u0_a70      "app user 10070"
        usergroupadd 10071 u0_a71      "app user 10071"
        usergroupadd 10072 u0_a72      "app user 10072"
        usergroupadd 10073 u0_a73      "app user 10073"
        usergroupadd 10074 u0_a74      "app user 10074"
        usergroupadd 10075 u0_a75      "app user 10075"
        usergroupadd 10076 u0_a76      "app user 10076"
        usergroupadd 10077 u0_a77      "app user 10077"
        usergroupadd 10078 u0_a78      "app user 10078"
        usergroupadd 10079 u0_a79      "app user 10079"
        usergroupadd 10080 u0_a80      "app user 10080"
        usergroupadd 10081 u0_a81      "app user 10081"
        usergroupadd 10082 u0_a82      "app user 10082"
        usergroupadd 10083 u0_a83      "app user 10083"
        usergroupadd 10084 u0_a84      "app user 10084"
        usergroupadd 10085 u0_a85      "app user 10085"
        usergroupadd 10086 u0_a86      "app user 10086"
        usergroupadd 10087 u0_a87      "app user 10087"
        usergroupadd 10088 u0_a88      "app user 10088"
        usergroupadd 10089 u0_a89      "app user 10089"
        usergroupadd 10090 u0_a90      "app user 10090"
        usergroupadd 10091 u0_a91      "app user 10091"
        usergroupadd 10092 u0_a92      "app user 10092"
        usergroupadd 10093 u0_a93      "app user 10093"
        usergroupadd 10094 u0_a94      "app user 10094"
        usergroupadd 10095 u0_a95      "app user 10095"
        usergroupadd 10096 u0_a96      "app user 10096"
        usergroupadd 10097 u0_a97      "app user 10097"
        usergroupadd 10098 u0_a98      "app user 10098"
        usergroupadd 10099 u0_a99      "app user 10099"
        usergroupadd 10100 u0_a100      "app user 10100"

    # fully isolated sandboxed processes (99000-99999)
        usergroupadd 99000 aid_isolated_000 "fully sandboxed process 99000"
        usergroupadd 99001 aid_isolated_001 "fully sandboxed process 99001"
        usergroupadd 99002 aid_isolated_002 "fully sandboxed process 99002"
        usergroupadd 99003 aid_isolated_003 "fully sandboxed process 99003"
        usergroupadd 99004 aid_isolated_004 "fully sandboxed process 99004"
        usergroupadd 99005 aid_isolated_005 "fully sandboxed process 99005"
        usergroupadd 99006 aid_isolated_006 "fully sandboxed process 99006"
        usergroupadd 99007 aid_isolated_007 "fully sandboxed process 99007"
        usergroupadd 99008 aid_isolated_008 "fully sandboxed process 99008"
        usergroupadd 99009 aid_isolated_009 "fully sandboxed process 99009"
        usergroupadd 99010 aid_isolated_010 "fully sandboxed process 99010"

    # Android 4.2.2 added multiple user accounts
        usergroupadd 100000 aid_user_0000   "Android account user 100000"
        usergroupadd 100001 aid_user_0001   "Android account user 100001"
        usergroupadd 100002 aid_user_0002   "Android account user 100002"
        usergroupadd 100003 aid_user_0003   "Android account user 100003"
        usergroupadd 100004 aid_user_0004   "Android account user 100004"
        usergroupadd 100005 aid_user_0005   "Android account user 100005"
        usergroupadd 100006 aid_user_0006   "Android account user 100006"
        usergroupadd 100007 aid_user_0007   "Android account user 100007"
        usergroupadd 100008 aid_user_0008   "Android account user 100008"
        usergroupadd 100009 aid_user_0009   "Android account user 100009"
        usergroupadd 100010 aid_user_0010   "Android account user 100010"

        usergroupadd 50000 aid_shared_gid_0000   "Android shared gid for each user 50000"
        usergroupadd 50001 aid_shared_gid_0001   "Android shared gid for each user 50001"
        usergroupadd 50002 aid_shared_gid_0002   "Android shared gid for each user 50002"
        usergroupadd 50003 aid_shared_gid_0003   "Android shared gid for each user 50003"
        usergroupadd 50004 aid_shared_gid_0004   "Android shared gid for each user 50004"
        usergroupadd 50005 aid_shared_gid_0005   "Android shared gid for each user 50005"
        usergroupadd 50006 aid_shared_gid_0006   "Android shared gid for each user 50006"
        usergroupadd 50007 aid_shared_gid_0007   "Android shared gid for each user 50007"
        usergroupadd 50008 aid_shared_gid_0008   "Android shared gid for each user 50008"
        usergroupadd 50009 aid_shared_gid_0009   "Android shared gid for each user 50009"
        usergroupadd 50010 aid_shared_gid_0010   "Android shared gid for each user 50010"

	# Create new users/groups with 5000-9999. Note, that interactive UID/GID on Android is 10000+random
	    sed -i -e '
		    s/^[[:space:]]*\([GU]ID_MIN[[:space:]]\+\)[[:digit:]]\+/\15000/
		    s/^[[:space:]]*\([GU]ID_MAX[[:space:]]\+\)[[:digit:]]\+/\18999/
        ' /etc/login.defs
	    sed -i -e '
		    s/^[[:space:]]*\(FIRST_[GU]ID[[:space:]]*=[[:space:]]*\)[[:digit:]]\+/\15000/
		    s/^[[:space:]]*\(LAST_[GU]ID[[:space:]]*=[[:space:]]*\)[[:digit:]]\+/\18999/
		    s/^[[:space:]]*#\?[[:space:]]*\(ADD_EXTRA_GROUPS[[:space:]]*=[[:space:]]*\)[[:digit:]]\+/\11/
		    s/^[[:space:]]*#\?[[:space:]]*\(EXTRA_GROUPS[[:space:]]*=[[:space:]]*\).*/\1"shell graphics input log adb sdcard_rw net_bt_admin net_bt inet"/
        ' /etc/adduser.conf

    # update shadow in case any groups had their gid changed to match Android's
        grpconv
        ;;
    
    abort-upgrade|abort-remove|abort-deconfigure)
        ;;
    
    *)
        echo "postinst called with unknown argument \`$1'" >&2
        exit 1
        ;;
esac

# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.

#DEBHELPER#

exit 0
