Read only mirror of lilac: a device policy editor for ChromeOS

rainestorme 031df5ba5d Merge branch 'MercuryWorkshop:main' into main 1 yıl önce
boringssl 3b2e4b2ded fix for newer protobuf (it builds on arch again) 1 yıl önce
proto 56b5d438ae clean up source tree 1 yıl önce
.gitignore 0be9b038e6 Fix autobuild script 1 yıl önce
Makefile 3b2e4b2ded fix for newer protobuf (it builds on arch again) 1 yıl önce
README.md 1cb489b2c3 Update README.md 1 yıl önce
build.sh 0be9b038e6 Fix autobuild script 1 yıl önce
lilac.cc 0325c0cb39 freenom died + i migrated a while ago 1 yıl önce

README.md

lilac

it works lmao

blog post

build instructions

  • build boringssl - source included just clear boringssl/build folder and then install to boringssl/install
  • install protobuf
  • build the protobuf files - protoc -I proto proto/* --cpp_out=.
  • run make

You may need to set LD_LIBRARY_PATH=boringssl/install/lib to run lilac.

run instructions

  • change the release channel to testimage-channel in /etc/lsb-release
  • add --disable-policy-key-verification to command line flags (update: you only need to restart chrome with this flag once after you replace the policies)
  • run policyeditor on a policy.* in /var/lib/devicesettings
  • overwrite policies and owner.key (owner.key is saved as <filename>.key)

notes

  • you probably need to keep wifi off / fake network error / overwrite policies and restart ui for this to persist
    • apparently not... i have had lilac edited policies with wifi on for multiple weeks, it may not show as online on gac when syncing policies due to a signature error because i overwrite the policy sig
  • policies sync every time chrome starts meaning restart ui will reload policies + try to fetch them
  • protobuf bindings and even the editor may need to be adjusted for different chrome versions i.e. 81 has a completely different policy blob layout which might not allow this editing