2020-04-14 16:15:33 -04:00
#!/bin/bash
2024-04-22 07:48:54 -04:00
#DivestOS: A mobile operating system divested from the norm.
#Copyright (c) 2015-2024 Divested Computing Group
2020-04-14 16:15:33 -04:00
#
#This program is free software: you can redistribute it and/or modify
2024-07-27 18:00:56 -04:00
#it under the terms of the GNU Affero General Public License as published by
2020-04-14 16:15:33 -04:00
#the Free Software Foundation, either version 3 of the License, or
#(at your option) any later version.
#
#This program is distributed in the hope that it will be useful,
#but WITHOUT ANY WARRANTY; without even the implied warranty of
#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
2024-07-27 18:00:56 -04:00
#GNU Affero General Public License for more details.
2020-04-14 16:15:33 -04:00
#
2024-07-27 18:00:56 -04:00
#You should have received a copy of the GNU Affero General Public License
2024-07-27 18:31:21 -04:00
#along with this program. If not, see <https://www.gnu.org/licenses/>.
2021-10-16 19:15:19 -04:00
umask 0022;
2021-10-16 15:28:15 -04:00
set -euo pipefail;
2021-10-16 19:15:19 -04:00
source " $DOS_SCRIPTS_COMMON /Shell.sh " ;
2020-04-14 16:15:33 -04:00
2021-10-16 16:28:41 -04:00
#Last verified: 2021-10-16
2020-04-14 16:15:33 -04:00
#Initialize aliases
#source ../../Scripts/init.sh
#Delete Everything and Sync
#resetWorkspace
#Apply all of our changes
#patchWorkspace
#Build!
#buildDevice [device]
#buildAll
#
#START OF PREPRATION
#
#Download some (non-executable) out-of-tree files for use later on
cd " $DOS_TMP_DIR " ;
2024-05-20 12:52:16 -04:00
if [ " $DOS_HOSTS_BLOCKING " = true ] ; then wget --no-verbose " $DOS_HOSTS_BLOCKING_LIST " -N -O " $DOS_HOSTS_FILE " ; fi ;
2020-04-14 16:15:33 -04:00
cd " $DOS_BUILD_BASE " ;
#
#END OF PREPRATION
#
#
#START OF ROM CHANGES
#
#top dir
2023-03-08 00:22:01 -05:00
cp -r " $DOS_PREBUILT_APPS /Fennec_DOS-Shim " " $DOS_BUILD_BASE /packages/apps/ " ; #Add a shim to install Fennec DOS without actually including the large APK
cp -r " $DOS_PREBUILT_APPS /SupportDivestOS " " $DOS_BUILD_BASE /packages/apps/ " ; #Add the Support app
gpgVerifyDirectory " $DOS_PREBUILT_APPS /android_vendor_FDroid_PrebuiltApps/packages " ;
cp -r " $DOS_PREBUILT_APPS /android_vendor_FDroid_PrebuiltApps/. " " $DOS_BUILD_BASE /vendor/fdroid_prebuilt/ " ; #Add the prebuilt apps
cp -r " $DOS_PATCHES_COMMON /android_vendor_divested/. " " $DOS_BUILD_BASE /vendor/divested/ " ; #Add our vendor files
2020-04-14 16:15:33 -04:00
2022-03-15 14:57:53 -04:00
if enterAndClear "art" ; then
2024-05-20 12:52:16 -04:00
applyPatch " $DOS_PATCHES /android_art/0001-constify_JNINativeMethod.patch " ; #Constify JNINativeMethod tables (GrapheneOS)
2022-03-15 14:57:53 -04:00
fi ;
2021-07-08 20:41:33 -04:00
if enterAndClear "bootable/recovery" ; then
2021-10-16 13:52:04 -04:00
applyPatch " $DOS_PATCHES /android_bootable_recovery/0001-No_SerialNum_Restrictions.patch " ; #Abort package installs if they are specific to a serial number (GrapheneOS)
2021-07-08 20:41:33 -04:00
fi ;
2020-09-02 14:15:21 -04:00
2021-07-08 20:41:33 -04:00
if enterAndClear "bionic" ; then
2024-05-20 12:52:16 -04:00
applyPatch " $DOS_PATCHES /android_bionic/0001-HM-Use_HM.patch " ; #(GrapheneOS)
applyPatch " $DOS_PATCHES /android_bionic/0002-Symbol_Ordering.patch " ; #(GrapheneOS)
2022-03-15 16:34:57 -04:00
applyPatch " $DOS_PATCHES /android_bionic/0003-Graphene_Bionic_Hardening-1.patch " ; #Add a real explicit_bzero implementation (GrapheneOS)
2022-03-19 15:46:00 -04:00
#applyPatch "$DOS_PATCHES/android_bionic/0003-Graphene_Bionic_Hardening-2.patch"; #Replace brk and sbrk with stubs (GrapheneOS) #XXX: some vendor blobs use sbrk
#applyPatch "$DOS_PATCHES/android_bionic/0003-Graphene_Bionic_Hardening-3.patch"; #Use blocking getrandom and avoid urandom fallback (GrapheneOS) #XXX: some kernels do not have (working) getrandom
2022-03-15 16:34:57 -04:00
applyPatch " $DOS_PATCHES /android_bionic/0003-Graphene_Bionic_Hardening-4.patch " ; #Fix undefined out-of-bounds accesses in sched.h (GrapheneOS)
2023-07-14 15:45:35 -04:00
if [ " $DOS_USE_KSM " = false ] ; then applyPatch " $DOS_PATCHES /android_bionic/0003-Graphene_Bionic_Hardening-5.patch " ; fi ; #Stop implicitly marking mappings as mergeable (GrapheneOS)
2022-03-15 16:34:57 -04:00
applyPatch " $DOS_PATCHES /android_bionic/0003-Graphene_Bionic_Hardening-6.patch " ; #Replace VLA formatting buffer with dprintf (GrapheneOS)
applyPatch " $DOS_PATCHES /android_bionic/0003-Graphene_Bionic_Hardening-7.patch " ; #Increase default pthread stack to 8MiB on 64-bit (GrapheneOS)
applyPatch " $DOS_PATCHES /android_bionic/0003-Graphene_Bionic_Hardening-8.patch " ; #Make __stack_chk_guard read-only at runtime (GrapheneOS)
applyPatch " $DOS_PATCHES /android_bionic/0003-Graphene_Bionic_Hardening-9.patch " ; #On 64-bit, zero the leading stack canary byte (GrapheneOS)
2022-03-19 20:24:19 -04:00
#applyPatch "$DOS_PATCHES/android_bionic/0003-Graphene_Bionic_Hardening-10.patch"; #Switch pthread_atfork handler allocation to mmap (GrapheneOS)
#applyPatch "$DOS_PATCHES/android_bionic/0003-Graphene_Bionic_Hardening-11.patch"; #Add memory protection for pthread_atfork handlers (GrapheneOS)
#applyPatch "$DOS_PATCHES/android_bionic/0003-Graphene_Bionic_Hardening-12.patch"; #Add memory protection for at_quick_exit (GrapheneOS)
#applyPatch "$DOS_PATCHES/android_bionic/0003-Graphene_Bionic_Hardening-13.patch"; #Add XOR mangling mitigation for thread-local dtors (GrapheneOS)
#applyPatch "$DOS_PATCHES/android_bionic/0003-Graphene_Bionic_Hardening-14.patch"; #Use a better pthread_attr junk filling pattern (GrapheneOS)
#applyPatch "$DOS_PATCHES/android_bionic/0003-Graphene_Bionic_Hardening-15.patch"; #Add guard page(s) between static_tls and stack (GrapheneOS)
#applyPatch "$DOS_PATCHES/android_bionic/0003-Graphene_Bionic_Hardening-16.patch"; #Move pthread_internal_t behind guard page (GrapheneOS)
#applyPatch "$DOS_PATCHES/android_bionic/0003-Graphene_Bionic_Hardening-17.patch"; #Add secondary stack randomization (GrapheneOS)
2023-01-20 14:45:46 -05:00
applyPatch " $DOS_PATCHES /android_bionic/0004-hosts_toggle.patch " ; #Add a toggle to disable /etc/hosts lookup (DivestOS)
2021-07-08 20:41:33 -04:00
fi ;
2020-04-14 16:15:33 -04:00
2021-07-08 20:41:33 -04:00
if enterAndClear "build/make" ; then
2021-10-06 17:03:22 -04:00
git revert --no-edit 0a9df01b268a238a623f5e0ea5221cebdfee2414; #Re-enable the downgrade check
2022-04-19 23:50:29 -04:00
applyPatch " $DOS_PATCHES /android_build/0001-Restore_TTS.patch " ; #Add back PicoTTS and language files (DivestOS)
applyPatch " $DOS_PATCHES /android_build/0002-OTA_Keys.patch " ; #Add correct keys to recovery for OTA verification (DivestOS)
2021-10-16 13:52:04 -04:00
applyPatch " $DOS_PATCHES /android_build/0003-Enable_fwrapv.patch " ; #Use -fwrapv at a minimum (GrapheneOS)
2023-08-11 18:52:41 -04:00
applyPatch " $DOS_PATCHES_COMMON /android_build/0001-verity-openssl3.patch " ; #Fix VB 1.0 failure due to openssl output format change
2021-08-04 21:25:18 -04:00
sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
2021-03-29 17:09:12 -04:00
awk -i inplace '!/updatable_apex.mk/' target/product/mainline_system.mk; #Disable APEX
2021-08-04 21:25:18 -04:00
sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
2024-10-16 20:23:44 -04:00
sed -i 's/2023-02-05/2024-10-05/' core/version_defaults.mk; #Bump Security String #x_asb_2024-10
2021-07-08 20:41:33 -04:00
fi ;
2021-06-26 15:17:41 -04:00
2021-07-08 20:41:33 -04:00
if enterAndClear "build/soong" ; then
2021-10-16 13:52:04 -04:00
applyPatch " $DOS_PATCHES /android_build_soong/0001-Enable_fwrapv.patch " ; #Use -fwrapv at a minimum (GrapheneOS)
2022-03-31 22:04:50 -04:00
applyPatch " $DOS_PATCHES /android_build_soong/0002-auto_var_init.patch " ; #Enable -ftrivial-auto-var-init=zero (GrapheneOS)
2021-07-08 20:41:33 -04:00
fi ;
2020-04-14 16:15:33 -04:00
2021-07-08 20:41:33 -04:00
if enterAndClear "device/qcom/sepolicy-legacy" ; then
2022-04-19 23:50:29 -04:00
applyPatch " $DOS_PATCHES /android_device_qcom_sepolicy-legacy/0001-Camera_Fix.patch " ; #Fix camera on -user builds XXX: REMOVE THIS TRASH (DivestOS)
2021-08-04 21:25:18 -04:00
echo "SELINUX_IGNORE_NEVERALLOWS := true" >> sepolicy.mk; #Ignore neverallow violations XXX: necessary for -user builds of legacy devices
2021-07-08 20:41:33 -04:00
fi ;
2020-04-14 16:15:33 -04:00
2024-05-08 11:49:25 -04:00
if enterAndClear "external/aac" ; then
applyPatch " $DOS_PATCHES /android_external_aac/365445.patch " ; #Q_asb_2023-08 Increase patchParam array size by one and fix out-of-bounce write in resetLppTransposer().
fi ;
2021-07-08 20:41:33 -04:00
if enterAndClear "external/chromium-webview" ; then
2024-05-20 12:52:16 -04:00
git lfs pull; #Ensure the objects are available
2021-07-08 20:41:33 -04:00
fi ;
2021-03-04 12:55:50 -05:00
2022-03-15 14:57:53 -04:00
if enterAndClear "external/conscrypt" ; then
2024-05-20 12:52:16 -04:00
applyPatch " $DOS_PATCHES /android_external_conscrypt/0001-constify_JNINativeMethod.patch " ; #Constify JNINativeMethod tables (GrapheneOS)
2022-03-15 14:57:53 -04:00
fi ;
2024-09-04 12:40:55 -04:00
if enterAndClear "external/expat" ; then
applyPatch " $DOS_PATCHES /android_external_expat/0001-lib-Reject-negative-len-for-XML_ParseBuffer.patch " ;
2024-09-15 12:40:58 -04:00
applyPatch " $DOS_PATCHES /android_external_expat/0002-lib-Detect-integer-overflow-in-dtdCopy.patch " ;
2024-09-04 12:40:55 -04:00
applyPatch " $DOS_PATCHES /android_external_expat/0003-lib-Detect-integer-overflow-in-function-nextScaffold.patch " ;
2024-09-14 12:07:02 -04:00
applyPatch " $DOS_PATCHES /android_external_expat/0004-lib-Stop-leaking-opening-tag-bindings-after-closing-.patch " ;
2024-09-04 12:40:55 -04:00
fi ;
2024-05-08 11:49:25 -04:00
if enterAndClear "external/freetype" ; then
applyPatch " $DOS_PATCHES /android_external_freetype/365406.patch " ; #Q_asb_2023-07 Cherry-pick two upstream changes
applyPatch " $DOS_PATCHES /android_external_freetype/365446.patch " ; #Q_asb_2023-08 Cherrypick following three changes
applyPatch " $DOS_PATCHES /android_external_freetype/378047.patch " ; #Q_asb_2023-12 Make `glyph_name' parameter to `FT_Get_Name_Index' a `const'.
fi ;
2022-03-15 22:22:32 -04:00
if enterAndClear "external/hardened_malloc" ; then
2024-05-20 12:52:16 -04:00
applyPatch " $DOS_PATCHES_COMMON /android_external_hardened_malloc/0001-Broken_Cameras-1.patch " ; #Workarounds for Pixel 3 SoC era camera driver bugs (GrapheneOS)
applyPatch " $DOS_PATCHES_COMMON /android_external_hardened_malloc/0001-Broken_Cameras-2.patch " ; #Expand workaround to all camera executables (DivestOS)
applyPatch " $DOS_PATCHES_COMMON /android_external_hardened_malloc/0002-Broken_Displays.patch " ; #Add workaround for OnePlus 8 & 9 display driver crash (DivestOS)
applyPatch " $DOS_PATCHES_COMMON /android_external_hardened_malloc/0003-Broken_Audio.patch " ; #Workaround for audio service sorting bug (GrapheneOS)
2024-05-06 16:49:46 -04:00
sed -i 's/34359738368/2147483648/' Android.bp; #revert 48-bit address space requirement
sed -i -e '76,78d;' Android.bp; #fix compile under A13
sed -i -e '22,24d;' androidtest/Android.bp; #fix compile under A12
awk -i inplace '!/vendor_ramdisk_available/' Android.bp; #fix compile under A11
2024-05-09 14:23:02 -04:00
rm -rfv androidtest; #fix compile under A11
2024-05-06 16:49:46 -04:00
sed -i -e '76,78d;' Android.bp; #fix compile under A10
2024-05-09 14:23:02 -04:00
awk -i inplace '!/ramdisk_available/' Android.bp; #fix compile under A10
git revert --no-edit 8974af86d12f7e29b54b5090133ab3d7eea0e519; #fix compile under A10
2024-05-20 17:45:07 -04:00
mv include/h_malloc.h . ; #fix compile under A10
2022-03-15 22:22:32 -04:00
fi ;
2023-11-13 15:54:48 -05:00
if enterAndClear "external/libcups" ; then
2023-12-11 18:45:22 -05:00
git fetch https://github.com/LineageOS/android_external_libcups refs/changes/95/376595/1 && git cherry-pick FETCH_HEAD; #Q_asb_2023-11 Upgrade libcups to v2.3.1
git fetch https://github.com/LineageOS/android_external_libcups refs/changes/96/376596/1 && git cherry-pick FETCH_HEAD; #Q_asb_2023-11 Upgrade libcups to v2.3.3
2023-11-13 15:54:48 -05:00
fi ;
2023-09-28 09:17:25 -04:00
if enterAndClear "external/libvpx" ; then
applyPatch " $DOS_PATCHES_COMMON /android_external_libvpx/CVE-2023-5217.patch " ; #VP8: disallow thread count changes
fi ;
2023-10-09 17:04:49 -04:00
if enterAndClear "external/libxml2" ; then
applyPatch " $DOS_PATCHES /android_external_libxml2/368053.patch " ; #R_asb_2023-10 malloc-fail: Fix OOB read after xmlRegGetCounter
fi ;
2023-12-26 09:32:44 -05:00
if enterAndClear "external/pdfium" ; then
git fetch https://github.com/LineageOS/android_external_pdfium refs/changes/83/378083/1 && git cherry-pick FETCH_HEAD; #Q_asb_2023-12
git fetch https://github.com/LineageOS/android_external_pdfium refs/changes/84/378084/1 && git cherry-pick FETCH_HEAD;
git fetch https://github.com/LineageOS/android_external_pdfium refs/changes/85/378085/1 && git cherry-pick FETCH_HEAD;
git fetch https://github.com/LineageOS/android_external_pdfium refs/changes/86/378086/1 && git cherry-pick FETCH_HEAD;
git fetch https://github.com/LineageOS/android_external_pdfium refs/changes/87/378087/1 && git cherry-pick FETCH_HEAD;
git fetch https://github.com/LineageOS/android_external_pdfium refs/changes/88/378088/1 && git cherry-pick FETCH_HEAD;
2024-01-08 21:57:56 -05:00
git fetch https://github.com/LineageOS/android_external_pdfium refs/changes/14/378314/1 && git cherry-pick FETCH_HEAD;
git fetch https://github.com/LineageOS/android_external_pdfium refs/changes/15/378315/1 && git cherry-pick FETCH_HEAD;
2023-12-26 09:32:44 -05:00
fi ;
2024-05-10 19:40:43 -04:00
if enterAndClear "external/sonivox" ; then
applyPatch " $DOS_PATCHES_COMMON /android_external_sonivox/391896.patch " ; #n-asb-2024-05 Fix buffer overrun in eas_wtengine
fi ;
2021-07-08 20:41:33 -04:00
if enterAndClear "external/svox" ; then
2020-04-14 16:15:33 -04:00
git revert --no-edit 1419d63b4889a26d22443fd8df1f9073bf229d3d; #Add back Makefiles
sed -i '12iLOCAL_SDK_VERSION := current' pico/Android.mk; #Fix build under Pie
sed -i 's/about to delete/unable to delete/' pico/src/com/svox/pico/LangPackUninstaller.java;
awk -i inplace '!/deletePackage/' pico/src/com/svox/pico/LangPackUninstaller.java;
2021-07-08 20:41:33 -04:00
fi ;
2020-04-14 16:15:33 -04:00
2023-03-21 11:57:39 -04:00
if enterAndClear "external/zlib" ; then
2024-05-08 11:49:25 -04:00
applyPatch " $DOS_PATCHES /android_external_zlib/352570.patch " ; #Q_asb_2023-03 Fix a bug when getting a gzip header extra field with inflate().
2023-06-09 22:29:55 -04:00
fi ;
2024-03-14 20:03:59 -04:00
if enterAndClear "frameworks/av" ; then
2024-05-08 11:49:25 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_av/359385.patch " ; #Q_asb_2023-06 Fix NuMediaExtractor::readSampleData buffer Handling
applyPatch " $DOS_PATCHES /android_frameworks_av/368004.patch " ; #Q_asb_2023-09 Fix Segv on unknown address error flagged by fuzzer test.
applyPatch " $DOS_PATCHES /android_frameworks_av/376598.patch " ; #Q_asb_2023-11 Fix for heap buffer overflow issue flagged by fuzzer test.
applyPatch " $DOS_PATCHES /android_frameworks_av/376599.patch " ; #Q_asb_2023-11 Fix heap-use-after-free issue flagged by fuzzer test.
applyPatch " $DOS_PATCHES /android_frameworks_av/378048.patch " ; #Q_asb_2023-12 httplive: fix use-after-free
applyPatch " $DOS_PATCHES /android_frameworks_av/380560.patch " ; #Q_asb_2024-01 Codec2BufferUtils: Use cropped dimensions in RGB to YUV conversion
applyPatch " $DOS_PATCHES /android_frameworks_av/380561.patch " ; #Q_asb_2024-01 Fix convertYUV420Planar16ToY410 overflow issue for unsupported cropwidth.
applyPatch " $DOS_PATCHES /android_frameworks_av/383255.patch " ; #Q_asb_2024-02 Update mtp packet buffer
applyPatch " $DOS_PATCHES /android_frameworks_av/391906.patch " ; #Q_asb_2024-03 Validate OMX Params for VPx encoders
applyPatch " $DOS_PATCHES /android_frameworks_av/391907.patch " ; #Q_asb_2024-03 SoftVideoDecodeOMXComponent: validate OMX params for dynamic HDR
applyPatch " $DOS_PATCHES /android_frameworks_av/391908.patch " ; #Q_asb_2024-03 Fix out of bounds read and write in onQueueFilled in outQueue
2024-09-14 12:07:02 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_av/402601.patch " ; #Q_asb_2024-08 Fix flag check in JAudioTrack.cpp
applyPatch " $DOS_PATCHES /android_frameworks_av/402602.patch " ; #Q_asb_2024-08 StagefrightRecoder: Disabling B-frame support
2024-10-16 19:54:14 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_av/403300.patch " ; #Q_asb_2024-09 omx: check HDR10+ info param size
2024-03-14 20:03:59 -04:00
fi ;
2024-02-08 20:17:09 -05:00
2021-07-08 20:41:33 -04:00
if enterAndClear "frameworks/base" ; then
2024-05-08 11:49:25 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_base/353117.patch " ; #Q_asb_2023-01 Fix sharing to another profile where an app has multiple targets
applyPatch " $DOS_PATCHES /android_frameworks_base/352555.patch " ; #Q_asb_2023-03 Revert "Trim the activity info of another uid if no privilege"
applyPatch " $DOS_PATCHES /android_frameworks_base/352556.patch " ; #Q_asb_2023-03 Move service initialization
applyPatch " $DOS_PATCHES /android_frameworks_base/352557.patch " ; #Q_asb_2023-03 Stop managed profile owner granting READ_SMS
applyPatch " $DOS_PATCHES /android_frameworks_base/352558.patch " ; #Q_asb_2023-03 Enable user graularity for lockdown mode
applyPatch " $DOS_PATCHES /android_frameworks_base/352559.patch " ; #Q_asb_2023-03 Revoke dev perm if app is upgrading to post 23 and perm has pre23 flag
applyPatch " $DOS_PATCHES /android_frameworks_base/352560.patch " ; #Q_asb_2023-03 Reconcile WorkSource parcel and unparcel code.
applyPatch " $DOS_PATCHES /android_frameworks_base/352561.patch " ; #Q_asb_2023-03 Revert "Ensure that only SysUI can override pending intent launch flags"
applyPatch " $DOS_PATCHES /android_frameworks_base/355351.patch " ; #Q_asb_2023-04 Context#startInstrumentation could be started from SHELL only now.
applyPatch " $DOS_PATCHES /android_frameworks_base/355352.patch " ; #Q_asb_2023-04 Checking if package belongs to UID before registering broadcast receiver
applyPatch " $DOS_PATCHES /android_frameworks_base/355353.patch " ; #Q_asb_2023-04 Fix checkKeyIntentParceledCorrectly's bypass
applyPatch " $DOS_PATCHES /android_frameworks_base/355354.patch " ; #Q_asb_2023-04 Encode Intent scheme when serializing to URI string RESTRICT AUTOMERGE
applyPatch " $DOS_PATCHES /android_frameworks_base/355355.patch " ; #Q_asb_2023-04 Backport BAL restrictions from S to R, this blocks apps from using AlarmManager to bypass BAL restrictions.
applyPatch " $DOS_PATCHES /android_frameworks_base/355356.patch " ; #Q_asb_2023-04 Strip part of the activity info of another uid if no privilege
applyPatch " $DOS_PATCHES /android_frameworks_base/355357.patch " ; #Q_asb_2023-04 Add a limit on channel group creation
applyPatch " $DOS_PATCHES /android_frameworks_base/355358.patch " ; #Q_asb_2023-04 Fix bypass BG-FGS and BAL via package manager APIs
applyPatch " $DOS_PATCHES /android_frameworks_base/356352.patch " ; #Q_asb_2023-05 [pm] prevent system app downgrades of versions lower than preload
applyPatch " $DOS_PATCHES /android_frameworks_base/356353.patch " ; #Q_asb_2023-05 [pm] still allow debuggable for system app downgrades
applyPatch " $DOS_PATCHES /android_frameworks_base/356354.patch " ; #Q_asb_2023-05 Checks if AccessibilityServiceInfo is within parcelable size.
applyPatch " $DOS_PATCHES /android_frameworks_base/356355.patch " ; #Q_asb_2023-05 Uri: check authority and scheme as part of determining URI path
applyPatch " $DOS_PATCHES /android_frameworks_base/356356.patch " ; #Q_asb_2023-05 enforce stricter rules when registering phoneAccounts
applyPatch " $DOS_PATCHES /android_frameworks_base/359387.patch " ; #Q_asb_2023-06 Prevent sharesheet from previewing unowned URIs
applyPatch " $DOS_PATCHES /android_frameworks_base/359388.patch " ; #Q_asb_2023-06 Wait for preloading images to complete before inflating notifications
applyPatch " $DOS_PATCHES /android_frameworks_base/359410.patch " ; #Q_asb_2023-06 Check key intent for selectors and prohibited flags
applyPatch " $DOS_PATCHES /android_frameworks_base/359411.patch " ; #Q_asb_2023-06 Handle invalid data during job loading.
applyPatch " $DOS_PATCHES /android_frameworks_base/378090.patch " ; #Q_asb_2023-06 Remove Activity if it enters PiP without window
applyPatch " $DOS_PATCHES /android_frameworks_base/378091.patch " ; #Q_asb_2023-06 Prevent RemoteViews crashing SystemUi
applyPatch " $DOS_PATCHES /android_frameworks_base/378092.patch " ; #Q_asb_2023-06 Allow filtering of services
applyPatch " $DOS_PATCHES /android_frameworks_base/378093.patch " ; #Q_asb_2023-06 Add BubbleMetadata detection to block FSI
applyPatch " $DOS_PATCHES /android_frameworks_base/365409.patch " ; #Q_asb_2023-07 Limit the number of supported v1 and v2 signers
applyPatch " $DOS_PATCHES /android_frameworks_base/365410.patch " ; #Q_asb_2023-07 Import translations.
applyPatch " $DOS_PATCHES /android_frameworks_base/365411.patch " ; #Q_asb_2023-07 Add size check on PPS#policy
applyPatch " $DOS_PATCHES /android_frameworks_base/365412.patch " ; #Q_asb_2023-07 Limit the ServiceFriendlyNames
applyPatch " $DOS_PATCHES /android_frameworks_base/365413.patch " ; #Q_asb_2023-07 Only allow NEW_TASK flag when adjusting pending intents
applyPatch " $DOS_PATCHES /android_frameworks_base/365414.patch " ; #Q_asb_2023-07 Dismiss keyguard when simpin auth'd and...
applyPatch " $DOS_PATCHES /android_frameworks_base/365415.patch " ; #Q_asb_2023-07 Increase notification channel limit.
applyPatch " $DOS_PATCHES /android_frameworks_base/365417.patch " ; #Q_asb_2023-07 Visit URIs in landscape/portrait custom remote views.
applyPatch " $DOS_PATCHES /android_frameworks_base/378094.patch " ; #Q_asb_2023-07 Passpoint Add more check to limit the config size
applyPatch " $DOS_PATCHES /android_frameworks_base/378095.patch " ; #Q_asb_2023-07 Sanitize VPN label to prevent HTML injection
applyPatch " $DOS_PATCHES /android_frameworks_base/378096.patch " ; #Q_asb_2023-07 Truncate ShortcutInfo Id
applyPatch " $DOS_PATCHES /android_frameworks_base/365447.patch " ; #Q_asb_2023-08 ActivityManager#killBackgroundProcesses can kill caller's own app only
applyPatch " $DOS_PATCHES /android_frameworks_base/365448.patch " ; #Q_asb_2023-08 ActivityManagerService: Allow openContentUri from vendor/system/product.
applyPatch " $DOS_PATCHES /android_frameworks_base/365450.patch " ; #Q_asb_2023-08 On device lockdown, always show the keyguard
applyPatch " $DOS_PATCHES /android_frameworks_base/365452.patch " ; #Q_asb_2023-08 Implement visitUris for RemoteViews ViewGroupActionAdd.
applyPatch " $DOS_PATCHES /android_frameworks_base/378097.patch " ; #Q_asb_2023-08 Verify URI permissions for notification shortcutIcon.
applyPatch " $DOS_PATCHES /android_frameworks_base/365453.patch " ; #Q_asb_2023-08 Check URIs in notification public version.
applyPatch " $DOS_PATCHES /android_frameworks_base/365455.patch " ; #Q_asb_2023-08 Use Settings.System.getIntForUser instead of getInt to make sure user specific settings are used
applyPatch " $DOS_PATCHES /android_frameworks_base/365457.patch " ; #Q_asb_2023-08 Add `PackageParser.Package getPackage(int uid)`
applyPatch " $DOS_PATCHES /android_frameworks_base/378098.patch " ; #Q_asb_2023-08 Ensure policy has no absurdly long strings
applyPatch " $DOS_PATCHES /android_frameworks_base/378099.patch " ; #Q_asb_2023-08 Verify URI permissions in MediaMetadata
applyPatch " $DOS_PATCHES /android_frameworks_base/378100.patch " ; #Q_asb_2023-08 Resolve StatusHints image exploit across user.
applyPatch " $DOS_PATCHES /android_frameworks_base/368007.patch " ; #Q_asb_2023-09 Update AccountManagerService checkKeyIntentParceledCorrectly.
applyPatch " $DOS_PATCHES /android_frameworks_base/378101.patch " ; #Q_asb_2023-09 Grant carrier privileges if package has carrier config access.
applyPatch " $DOS_PATCHES /android_frameworks_base/378102.patch " ; #Q_asb_2023-09 Forbid granting access to NLSes with too-long component names
applyPatch " $DOS_PATCHES /android_frameworks_base/369694.patch " ; #Q_asb_2023-10 RingtoneManager: verify default ringtone is audio
applyPatch " $DOS_PATCHES /android_frameworks_base/369695.patch " ; #Q_asb_2023-10 Do not share key mappings with JNI object
applyPatch " $DOS_PATCHES /android_frameworks_base/369697.patch " ; #Q_asb_2023-10 Fix KCM key mapping cloning
applyPatch " $DOS_PATCHES /android_frameworks_base/369698.patch " ; #Q_asb_2023-10 Disallow loading icon from content URI to PipMenu
applyPatch " $DOS_PATCHES /android_frameworks_base/369699.patch " ; #Q_asb_2023-10 Fixing DatabaseUtils to detect malformed UTF-16 strings
applyPatch " $DOS_PATCHES /android_frameworks_base/369700.patch " ; #Q_asb_2023-10 Revert "Dismiss keyguard when simpin auth'd and..."
applyPatch " $DOS_PATCHES /android_frameworks_base/378104.patch " ; #Q_asb_2023-10 Verify URI Permissions in Autofill RemoteViews
applyPatch " $DOS_PATCHES /android_frameworks_base/376600.patch " ; #Q_asb_2023-11 Fix BAL via notification.publicVersion
applyPatch " $DOS_PATCHES /android_frameworks_base/376601.patch " ; #Q_asb_2023-11 Check caller's uid in backupAgentCreated callback
applyPatch " $DOS_PATCHES /android_frameworks_base/376602.patch " ; #Q_asb_2023-11 Use type safe API of readParcelableArray
applyPatch " $DOS_PATCHES /android_frameworks_base/376604.patch " ; #Q_asb_2023-11 [SettingsProvider] verify ringtone URI before setting
applyPatch " $DOS_PATCHES /android_frameworks_base/378105.patch " ; #Q_asb_2023-11 Make log reader thread a class member
applyPatch " $DOS_PATCHES /android_frameworks_base/378049.patch " ; #Q_asb_2023-12 Visit Uris added by WearableExtender
applyPatch " $DOS_PATCHES /android_frameworks_base/378050.patch " ; #Q_asb_2023-12 Fix bypass BAL via `requestGeofence`
applyPatch " $DOS_PATCHES /android_frameworks_base/378051.patch " ; #Q_asb_2023-12 Make sure we visit the icon URIs of Person objects on Notifications
applyPatch " $DOS_PATCHES /android_frameworks_base/378053.patch " ; #Q_asb_2023-12 Drop invalid data.
applyPatch " $DOS_PATCHES /android_frameworks_base/378054.patch " ; #Q_asb_2023-12 Validate URI-based shortcut icon at creation time.
applyPatch " $DOS_PATCHES /android_frameworks_base/378055.patch " ; #Q_asb_2023-12 Require permission to unlock keyguard
applyPatch " $DOS_PATCHES /android_frameworks_base/378056.patch " ; #Q_asb_2023-12 Use readUniqueFileDescriptor in incidentd service
applyPatch " $DOS_PATCHES /android_frameworks_base/378057.patch " ; #Q_asb_2023-12 Validate userId when publishing shortcuts
applyPatch " $DOS_PATCHES /android_frameworks_base/378058.patch " ; #Q_asb_2023-12 Revert "On device lockdown, always show the keyguard"
applyPatch " $DOS_PATCHES /android_frameworks_base/378059.patch " ; #Q_asb_2023-12 Adding in verification of calling UID in onShellCommand
applyPatch " $DOS_PATCHES /android_frameworks_base/378060.patch " ; #Q_asb_2023-12 Updated: always show the keyguard on device lockdown
applyPatch " $DOS_PATCHES /android_frameworks_base/378061.patch " ; #Q_asb_2023-12 Fix the use of pdfium
applyPatch " $DOS_PATCHES /android_frameworks_base/378106.patch " ; #Q_asb_2023-12 Visit Uris related to Notification style extras
applyPatch " $DOS_PATCHES /android_frameworks_base/380562.patch " ; #Q_asb_2024-01 Ensure finish lockscreen when usersetup incomplete
applyPatch " $DOS_PATCHES /android_frameworks_base/380563.patch " ; #Q_asb_2024-01 Truncate user data to a limit of 500 characters
applyPatch " $DOS_PATCHES /android_frameworks_base/380564.patch " ; #Q_asb_2024-01 [CDM] Validate component name length before requesting notification access.
applyPatch " $DOS_PATCHES /android_frameworks_base/380565.patch " ; #Q_asb_2024-01 Log to detect usage of whitelistToken when sending non-PI target
applyPatch " $DOS_PATCHES /android_frameworks_base/380566.patch " ; #Q_asb_2024-01 Fix vulnerability that allowed attackers to start arbitary activities
2024-01-09 14:43:40 -05:00
applyPatch " $DOS_PATCHES /android_frameworks_base/379136.patch " ; #R_asb_2024-01 Fix ActivityManager#killBackgroundProcesses permissions
2024-05-08 11:49:25 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_base/383256.patch " ; #Q_asb_2024-02 Disallow Wallpaper service to launch activity from background.
applyPatch " $DOS_PATCHES /android_frameworks_base/383257.patch " ; #Q_asb_2024-02 Unbind TileService onNullBinding
applyPatch " $DOS_PATCHES /android_frameworks_base/383258.patch " ; #Q_asb_2024-02 Restrict activity launch when caller is running in the background
applyPatch " $DOS_PATCHES /android_frameworks_base/383259.patch " ; #Q_asb_2024-02 Check permission of Autofill icon URIs
applyPatch " $DOS_PATCHES /android_frameworks_base/391909.patch " ; #Q_asb_2024-03 Resolve custom printer icon boundary exploit.
applyPatch " $DOS_PATCHES /android_frameworks_base/391910.patch " ; #Q_asb_2024-03 Add PackageInstaller SessionParams restrictions
applyPatch " $DOS_PATCHES /android_frameworks_base/391911.patch " ; #Q_asb_2024-03 Validate package names passed to the installer.
applyPatch " $DOS_PATCHES /android_frameworks_base/391912.patch " ; #Q_asb_2024-03 Disallow system apps to be installed/updated as instant.
applyPatch " $DOS_PATCHES /android_frameworks_base/391913.patch " ; #Q_asb_2024-03 Close AccountManagerService.session after timeout.
2024-05-11 11:06:20 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_base/392204.patch " ; #Q_asb_2024-04 isUserInLockDown can be true when there are other strong auth requirements
applyPatch " $DOS_PATCHES /android_frameworks_base/392205.patch " ; #Q_asb_2024-04 Fix security vulnerability that creates user with no restrictions when accountOptions are too long.
2024-06-03 14:39:12 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_base/393587.patch " ; #Q_asb_2024-05 Prioritize system toasts
applyPatch " $DOS_PATCHES /android_frameworks_base/393588.patch " ; #Q_asb_2024-05 Don't try to show the current toast again while it's showing.
2024-08-05 16:03:46 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_base/399072.patch " ; #Q_asb_2024-06 ActivityManager#killBackgroundProcesses can kill caller's own app only
applyPatch " $DOS_PATCHES /android_frameworks_base/399073.patch " ; #Q_asb_2024-06 Fix ActivityManager#killBackgroundProcesses permissions
applyPatch " $DOS_PATCHES /android_frameworks_base/399074.patch " ; #Q_asb_2024-06 Verify URI permission for channel sound update from NotificationListenerService
applyPatch " $DOS_PATCHES /android_frameworks_base/399075.patch " ; #Q_asb_2024-06 Added throttle when reporting shortcut usage
applyPatch " $DOS_PATCHES /android_frameworks_base/399076.patch " ; #Q_asb_2024-06 Prevend user spoofing in isRequestPinItemSupported
applyPatch " $DOS_PATCHES /android_frameworks_base/399077.patch " ; #Q_asb_2024-06 Check for NLS bind permission when rebinding services
2024-08-09 14:18:06 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_base/399414.patch " ; #Q_asb_2024-06 Hide window immediately if itself doesn't run hide animation
2024-08-05 16:03:46 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_base/399078.patch " ; #Q_asb_2024-06 Fix error handling for non-dynamic permissions
applyPatch " $DOS_PATCHES /android_frameworks_base/399079.patch " ; #Q_asb_2024-06 Add more checkKeyIntent checks to AccountManagerService.
applyPatch " $DOS_PATCHES /android_frameworks_base/399080.patch " ; #Q_asb_2024-06 [Autofill Framework] Add in check for intent filter when setting/updating service
applyPatch " $DOS_PATCHES /android_frameworks_base/399081.patch " ; #Q_asb_2024-06 Check hidden API exemptions
applyPatch " $DOS_PATCHES /android_frameworks_base/399082.patch " ; #Q_asb_2024-06 Add StatusBarNotification::getNormalizedUserId
applyPatch " $DOS_PATCHES /android_frameworks_base/399083.patch " ; #Q_asb_2024-06 Add Context.createContextAsUser()
applyPatch " $DOS_PATCHES /android_frameworks_base/399084.patch " ; #Q_asb_2024-06 Explicitly take flags in createContextAsUser()
applyPatch " $DOS_PATCHES /android_frameworks_base/399085.patch " ; #Q_asb_2024-06 Resolve message/conversation image Uris with the correct user id
applyPatch " $DOS_PATCHES /android_frameworks_base/399086.patch " ; #Q_asb_2024-06 AccessibilityManagerService: remove uninstalled services from enabled list after service update.
2024-08-09 14:18:06 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_base/399413.patch " ; #Q_asb_2024-06 Check permissions for CDM shell commands
2024-08-05 16:03:46 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_base/399088.patch " ; #Q_asb_2024-07 Verify UID of incoming Zygote connections.
applyPatch " $DOS_PATCHES /android_frameworks_base/399089.patch " ; #Q_asb_2024-07 Fix security vulnerability of non-dynamic permission removal
2024-09-14 12:07:02 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_base/402603.patch " ; #Q_asb_2024-08 Stop using UserHandle' hidden constructor.
applyPatch " $DOS_PATCHES /android_frameworks_base/402604.patch " ; #Q_asb_2024-08 Backport preventing BAL bypass via bound service
applyPatch " $DOS_PATCHES /android_frameworks_base/402605.patch " ; #Q_asb_2024-08 Restrict USB poups while setup is in progress
applyPatch " $DOS_PATCHES /android_frameworks_base/402606.patch " ; #Q_asb_2024-08 Hide SAW subwindows
2024-10-16 19:54:14 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_base/403301.patch " ; #Q_asb_2024-09 Sanitized uri scheme by removing scheme delimiter
2024-10-16 20:23:44 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_base/405515.patch " ; #R_asb_2024-10 Update AccountManagerService checkKeyIntent.
applyPatch " $DOS_PATCHES /android_frameworks_base/405516.patch " ; #R_asb_2024-10 Fail parseUri if end is missing
applyPatch " $DOS_PATCHES /android_frameworks_base/405518.patch " ; #R_asb_2024-10 Check whether installerPackageName contains only valid characters
2022-12-18 21:46:31 -05:00
#applyPatch "$DOS_PATCHES/android_frameworks_base/272645.patch"; #ten-bt-sbc-hd-dualchannel: Add CHANNEL_MODE_DUAL_CHANNEL constant (ValdikSS)
#applyPatch "$DOS_PATCHES/android_frameworks_base/272646-forwardport.patch"; #ten-bt-sbc-hd-dualchannel: Add Dual Channel into Bluetooth Audio Channel Mode developer options menu (ValdikSS)
#applyPatch "$DOS_PATCHES/android_frameworks_base/272647.patch"; #ten-bt-sbc-hd-dualchannel: Allow SBC as HD audio codec in Bluetooth device configuration (ValdikSS)
2021-10-16 13:52:04 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_base/0007-Always_Restict_Serial.patch " ; #Always restrict access to Build.SERIAL (GrapheneOS)
applyPatch " $DOS_PATCHES /android_frameworks_base/0008-Browser_No_Location.patch " ; #Don't grant location permission to system browsers (GrapheneOS)
applyPatch " $DOS_PATCHES /android_frameworks_base/0009-SystemUI_No_Permission_Review.patch " ; #Allow SystemUI to directly manage Bluetooth/WiFi (GrapheneOS)
2022-03-15 15:41:05 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_base/0010-Exec_Based_Spawning-1.patch " ; #Add exec-based spawning support (GrapheneOS)
applyPatch " $DOS_PATCHES /android_frameworks_base/0010-Exec_Based_Spawning-2.patch " ;
applyPatch " $DOS_PATCHES /android_frameworks_base/0010-Exec_Based_Spawning-3.patch " ;
applyPatch " $DOS_PATCHES /android_frameworks_base/0010-Exec_Based_Spawning-4.patch " ;
applyPatch " $DOS_PATCHES /android_frameworks_base/0010-Exec_Based_Spawning-5.patch " ;
applyPatch " $DOS_PATCHES /android_frameworks_base/0010-Exec_Based_Spawning-6.patch " ;
applyPatch " $DOS_PATCHES /android_frameworks_base/0010-Exec_Based_Spawning-7.patch " ;
applyPatch " $DOS_PATCHES /android_frameworks_base/0010-Exec_Based_Spawning-8.patch " ;
applyPatch " $DOS_PATCHES /android_frameworks_base/0010-Exec_Based_Spawning-9.patch " ;
applyPatch " $DOS_PATCHES /android_frameworks_base/0010-Exec_Based_Spawning-10.patch " ;
applyPatch " $DOS_PATCHES /android_frameworks_base/0010-Exec_Based_Spawning-11.patch " ;
applyPatch " $DOS_PATCHES /android_frameworks_base/0010-Exec_Based_Spawning-12.patch " ;
2022-09-13 09:57:57 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_base/0010-Exec_Based_Spawning-13.patch " ;
2022-04-12 16:44:53 -04:00
sed -i 's/sys.spawn.exec/persist.security.exec_spawn_new/' core/java/com/android/internal/os/ZygoteConnection.java;
2021-10-16 13:52:04 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_base/0003-SUPL_No_IMSI.patch " ; #Don't send IMSI to SUPL (MSe1969)
2023-04-12 15:23:39 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_base/0004-Fingerprint_Lockout.patch " ; #Enable fingerprint lockout after five failed attempts (GrapheneOS)
2022-01-24 05:28:15 -05:00
applyPatch " $DOS_PATCHES_COMMON /android_frameworks_base/0005-User_Logout.patch " ; #Allow user logout (GrapheneOS)
2022-04-19 23:50:29 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_base/0012-Restore_SensorsOff.patch " ; #Restore the Sensors Off tile (DivestOS)
2022-04-20 00:42:18 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_base/0013-Private_DNS.patch " ; #More 'Private DNS' options (heavily based off of a CalyxOS patch)
2022-04-10 20:24:01 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_base/0014-Special_Permissions.patch " ; #Support new special runtime permissions (GrapheneOS)
applyPatch " $DOS_PATCHES /android_frameworks_base/0014-Network_Permission-1.patch " ; #Make INTERNET into a special runtime permission (GrapheneOS)
applyPatch " $DOS_PATCHES /android_frameworks_base/0014-Network_Permission-2.patch " ; #Add a NETWORK permission group for INTERNET (GrapheneOS)
applyPatch " $DOS_PATCHES /android_frameworks_base/0014-Network_Permission-3.patch " ; #Enforce INTERNET as a runtime permission. (GrapheneOS)
applyPatch " $DOS_PATCHES /android_frameworks_base/0014-Network_Permission-4.patch " ; #Fix INTERNET enforcement for secondary users (GrapheneOS)
applyPatch " $DOS_PATCHES /android_frameworks_base/0014-Network_Permission-5.patch " ; #Send uid for each user instead of just owner/admin user (GrapheneOS)
applyPatch " $DOS_PATCHES /android_frameworks_base/0014-Network_Permission-6.patch " ; #Skip reportNetworkConnectivity() when permission is revoked (GrapheneOS)
applyPatch " $DOS_PATCHES /android_frameworks_base/0014-Sensors_Permission.patch " ; #Add special runtime permission for other sensors (GrapheneOS)
2022-03-20 22:56:25 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_base/0015-Automatic_Reboot.patch " ; #Timeout for reboot (GrapheneOS)
applyPatch " $DOS_PATCHES /android_frameworks_base/0016-Bluetooth_Timeout.patch " ; #Timeout for Bluetooth (GrapheneOS)
applyPatch " $DOS_PATCHES /android_frameworks_base/0017-WiFi_Timeout.patch " ; #Timeout for Wi-Fi (GrapheneOS)
2024-05-20 12:52:16 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_base/0018-constify_JNINativeMethod.patch " ; #Constify JNINativeMethod tables (GrapheneOS)
2022-05-14 21:05:54 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_base/0019-Random_MAC.patch " ; #Add option of always randomizing MAC addresses (GrapheneOS)
2023-02-11 10:58:39 -05:00
applyPatch " $DOS_PATCHES /android_frameworks_base/0020-SUPL_Toggle.patch " ; #Add a setting for forcibly disabling SUPL (GrapheneOS)
2024-05-20 12:52:16 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_base/0021-Unprivileged_microG_Handling.patch " ; #Unprivileged microG handling (heavily based off of a CalyxOS patch)
2022-04-19 23:50:29 -04:00
applyPatch " $DOS_PATCHES_COMMON /android_frameworks_base/0006-Do-not-throw-in-setAppOnInterfaceLocked.patch " ; #Fix random reboots on broken kernels when an app has data restricted XXX: ugly (DivestOS)
applyPatch " $DOS_PATCHES_COMMON /android_frameworks_base/0007-ABI_Warning.patch " ; #Warn when running activity from 32 bit app on ARM64 devices. (AOSP)
2023-03-31 11:21:35 -04:00
applyPatch " $DOS_PATCHES_COMMON /android_frameworks_base/0008-No_Crash_GSF.patch " ; #Don't crash apps that depend on missing Gservices provider (GrapheneOS)
2021-10-16 15:20:27 -04:00
sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox internal logging service
sed -i 's/DEFAULT_MAX_FILES_LOWRAM = 300;/DEFAULT_MAX_FILES_LOWRAM = 0;/' services/core/java/com/android/server/DropBoxManagerService.java;
sed -i 's/(notif.needNotify)/(true)/' location/java/com/android/internal/location/GpsNetInitiatedHandler.java; #Notify the user if their location is requested via SUPL
sed -i 's/entry == null/entry == null || true/' core/java/android/os/RecoverySystem.java; #Skip strict update compatibiltity checks XXX: TEMPORARY FIX
sed -i 's/!Build.isBuildConsistent()/false/' services/core/java/com/android/server/wm/ActivityTaskManagerService.java; #Disable partition fingerprint mismatch warnings XXX: TEMPORARY FIX
2022-06-07 15:32:03 -04:00
sed -i 's/return 16;/return 64;/' core/java/android/app/admin/DevicePolicyManager.java; #Increase default max password length to 64 (GrapheneOS)
2021-10-16 15:20:27 -04:00
sed -i 's/DEFAULT_STRONG_AUTH_TIMEOUT_MS = 72 \* 60 \* 60 \* 1000;/DEFAULT_STRONG_AUTH_TIMEOUT_MS = 12 * 60 * 60 * 1000;/' core/java/android/app/admin/DevicePolicyManager.java; #Decrease the strong auth prompt timeout to occur more often
hardenLocationConf services/core/java/com/android/server/location/gps_debug.conf; #Harden the default GPS config
2023-03-25 20:20:56 -04:00
#rm -rf packages/CompanionDeviceManager; #Used to support Android Wear (which hard depends on GMS)
2021-08-04 21:25:18 -04:00
#sed -i '295i\ if(packageList != null && packageList.size() > 0) { packageList.add("net.sourceforge.opencamera"); }' core/java/android/hardware/Camera.java; #Add Open Camera to aux camera allowlist XXX: needs testing, broke boot last time
2020-05-24 14:05:00 -04:00
rm -rf packages/OsuLogin; #Automatic Wi-Fi connection non-sense
rm -rf packages/PrintRecommendationService; #Creates popups to install proprietary print apps
2021-07-08 20:41:33 -04:00
fi ;
2020-04-14 16:15:33 -04:00
2021-09-24 22:49:45 -04:00
if enterAndClear "frameworks/native" ; then
2024-05-08 11:49:25 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_native/355359.patch " ; #Q_asb_2023-04 Mitigate the security vulnerability by sanitizing the transaction flags.
applyPatch " $DOS_PATCHES /android_frameworks_native/356357.patch " ; #Q_asb_2023-05 Check for malformed Sensor Flattenable
applyPatch " $DOS_PATCHES /android_frameworks_native/356358.patch " ; #Q_asb_2023-05 Remove some new memory leaks from SensorManager
applyPatch " $DOS_PATCHES /android_frameworks_native/356359.patch " ; #Q_asb_2023-05 Add removeInstanceForPackageMethod to SensorManager
applyPatch " $DOS_PATCHES /android_frameworks_native/368009.patch " ; #Q_asb_2023-09 Allow sensors list to be empty
2022-04-10 20:24:01 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_native/0001-Sensors.patch " ; #Require OTHER_SENSORS permission for sensors (GrapheneOS)
2021-09-24 22:49:45 -04:00
fi ;
2020-04-14 16:15:33 -04:00
if [ " $DOS_DEBLOBBER_REMOVE_IMS " = true ] ; then
2021-07-08 20:41:33 -04:00
if enterAndClear "frameworks/opt/net/ims" ; then
2022-04-19 23:50:29 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_opt_net_ims/0001-Fix_Calling.patch " ; #Fix calling when IMS is removed (DivestOS)
2021-07-08 20:41:33 -04:00
fi ;
fi ;
2020-04-14 16:15:33 -04:00
2022-03-15 14:57:53 -04:00
if enterAndClear "frameworks/opt/net/wifi" ; then
2024-05-08 11:49:25 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_opt_net_wifi/352562.patch " ; #Q_asb_2023-03 Revert "wifi: remove certificates for network factory reset"
applyPatch " $DOS_PATCHES /android_frameworks_opt_net_wifi/355360.patch " ; #Q_asb_2023-04 Revert "Revert "wifi: remove certificates for network factory reset""
applyPatch " $DOS_PATCHES /android_frameworks_opt_net_wifi/378139.patch " ; #Q_asb_2023-07 Limit the number of Passpoint per App
2024-05-20 12:52:16 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_opt_net_wifi/0001-constify_JNINativeMethod.patch " ; #Constify JNINativeMethod tables (GrapheneOS)
2022-05-14 21:05:54 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_opt_net_wifi/0002-Random_MAC.patch " ; #Add support for always generating new random MAC (GrapheneOS)
2022-03-15 14:57:53 -04:00
fi ;
2021-07-08 20:41:33 -04:00
if enterAndClear "hardware/qcom/display" ; then
2022-04-19 23:50:29 -04:00
applyPatch " $DOS_PATCHES_COMMON /android_hardware_qcom_display/CVE-2019-2306-msm8084.patch " --directory= "msm8084" ; #(Qualcomm)
2021-10-16 13:52:04 -04:00
applyPatch " $DOS_PATCHES_COMMON /android_hardware_qcom_display/CVE-2019-2306-msm8916.patch " --directory= "msm8226" ;
applyPatch " $DOS_PATCHES_COMMON /android_hardware_qcom_display/CVE-2019-2306-msm8960.patch " --directory= "msm8960" ;
applyPatch " $DOS_PATCHES_COMMON /android_hardware_qcom_display/CVE-2019-2306-msm8974.patch " --directory= "msm8974" ;
applyPatch " $DOS_PATCHES_COMMON /android_hardware_qcom_display/CVE-2019-2306-msm8994.patch " --directory= "msm8994" ;
2021-01-06 13:41:41 -05:00
#TODO: missing msm8909, msm8996, msm8998, sdm845, sdm8150
2021-07-08 20:41:33 -04:00
fi ;
2021-01-06 13:41:41 -05:00
2021-07-08 20:41:33 -04:00
if enterAndClear "hardware/qcom-caf/apq8084/display" ; then
2021-10-16 13:52:04 -04:00
applyPatch " $DOS_PATCHES_COMMON /android_hardware_qcom_display/CVE-2019-2306-apq8084.patch " ;
2021-07-08 20:41:33 -04:00
fi ;
2021-01-06 13:41:41 -05:00
2021-07-08 20:41:33 -04:00
if enterAndClear "hardware/qcom-caf/msm8952/display" ; then
2021-10-16 13:52:04 -04:00
applyPatch " $DOS_PATCHES_COMMON /android_hardware_qcom_display/CVE-2019-2306-msm8952.patch " ;
2021-07-08 20:41:33 -04:00
fi ;
2021-01-06 13:41:41 -05:00
2021-07-08 20:41:33 -04:00
if enterAndClear "hardware/qcom-caf/msm8960/display" ; then
2021-10-16 13:52:04 -04:00
applyPatch " $DOS_PATCHES_COMMON /android_hardware_qcom_display/CVE-2019-2306-msm8960.patch " ;
2021-07-08 20:41:33 -04:00
fi ;
2021-01-06 13:41:41 -05:00
2021-07-08 20:41:33 -04:00
if enterAndClear "hardware/qcom-caf/msm8974/display" ; then
2021-10-16 13:52:04 -04:00
applyPatch " $DOS_PATCHES_COMMON /android_hardware_qcom_display/CVE-2019-2306-msm8974.patch " ;
2021-07-08 20:41:33 -04:00
fi ;
2021-01-06 13:41:41 -05:00
2021-07-08 20:41:33 -04:00
if enterAndClear "hardware/qcom-caf/msm8994/display" ; then
2021-10-16 13:52:04 -04:00
applyPatch " $DOS_PATCHES_COMMON /android_hardware_qcom_display/CVE-2019-2306-msm8994.patch " ;
2021-07-08 20:41:33 -04:00
fi ;
2021-01-06 13:41:41 -05:00
2021-07-08 20:41:33 -04:00
if enterAndClear "hardware/qcom-caf/msm8996/audio" ; then
2022-04-19 23:50:29 -04:00
applyPatch " $DOS_PATCHES /android_hardware_qcom_audio/0001-Unused-8996.patch " ; #audio_extn: Fix unused parameter warning in utils.c (codeworkx)
2021-07-08 20:41:33 -04:00
fi ;
2020-11-09 00:29:29 -05:00
2021-07-08 20:41:33 -04:00
if enterAndClear "hardware/qcom-caf/msm8998/audio" ; then
2022-04-19 23:50:29 -04:00
applyPatch " $DOS_PATCHES /android_hardware_qcom_audio/0001-Unused-8998.patch " ; #audio_extn: Fix unused parameter warning in utils.c (codeworkx)
2021-07-08 20:41:33 -04:00
fi ;
2020-04-19 13:19:22 -04:00
2021-09-12 06:37:40 -04:00
if enterAndClear "hardware/qcom-caf/sm8150/audio" ; then
2022-04-19 23:50:29 -04:00
applyPatch " $DOS_PATCHES /android_hardware_qcom_audio/0001-Unused-sm8150.patch " ; #audio_extn: Fix unused parameter warning in utils.c (codeworkx)
2021-09-12 06:37:40 -04:00
fi ;
2021-07-08 20:41:33 -04:00
if enterAndClear "libcore" ; then
2024-10-16 20:23:44 -04:00
applyPatch " $DOS_PATCHES /android_libcore/405541.patch " ; #R_asb_2024-10 Do not accept zip files with invalid headers.
2022-03-15 15:41:05 -04:00
applyPatch " $DOS_PATCHES /android_libcore/0001-Exec_Based_Spawning-1.patch " ; #Add exec-based spawning support (GrapheneOS)
applyPatch " $DOS_PATCHES /android_libcore/0001-Exec_Based_Spawning-2.patch " ;
2022-04-10 20:24:01 -04:00
applyPatch " $DOS_PATCHES /android_libcore/0003-Network_Permission.patch " ; #Expose the NETWORK permission (GrapheneOS)
2024-05-20 12:52:16 -04:00
applyPatch " $DOS_PATCHES /android_libcore/0004-constify_JNINativeMethod.patch " ; #Constify JNINativeMethod tables (GrapheneOS)
2021-07-08 20:41:33 -04:00
fi ;
2020-04-14 16:15:33 -04:00
2021-07-08 20:41:33 -04:00
if enterAndClear "lineage-sdk" ; then
2020-04-14 16:15:33 -04:00
awk -i inplace '!/LineageWeatherManagerService/' lineage/res/res/values/config.xml; #Disable Weather
2021-08-04 21:25:18 -04:00
if [ " $DOS_DEBLOBBER_REMOVE_AUDIOFX " = true ] ; then awk -i inplace '!/LineageAudioService/' lineage/res/res/values/config.xml; fi ; #Remove AudioFX
2021-07-08 20:41:33 -04:00
fi ;
2020-04-14 16:15:33 -04:00
2022-03-15 14:57:53 -04:00
if enterAndClear "packages/apps/Bluetooth" ; then
2024-05-08 11:49:25 -04:00
applyPatch " $DOS_PATCHES /android_packages_apps_Bluetooth/378135.patch " ; #Q_asb_2023-12 Fix UAF in ~CallbackEnv
2024-10-16 20:47:28 -04:00
applyPatch " $DOS_PATCHES /android_packages_apps_Bluetooth/405835-backport.patch " ; #P_asb_2024-10 Disallow unexpected incoming HID connections 2/2
2022-12-18 21:46:31 -05:00
#applyPatch "$DOS_PATCHES/android_packages_apps_Bluetooth/272652.patch"; #ten-bt-sbc-hd-dualchannel: SBC Dual Channel (SBC HD Audio) support (ValdikSS)
#applyPatch "$DOS_PATCHES/android_packages_apps_Bluetooth/272653.patch"; #ten-bt-sbc-hd-dualchannel: Assume optional codecs are supported if were supported previously (ValdikSS)
2024-05-20 12:52:16 -04:00
applyPatch " $DOS_PATCHES /android_packages_apps_Bluetooth/0001-constify_JNINativeMethod.patch " ; #Constify JNINativeMethod tables (GrapheneOS)
2022-03-15 14:57:53 -04:00
fi ;
2024-05-08 11:49:25 -04:00
if enterAndClear "packages/apps/Camera2" ; then
applyPatch " $DOS_PATCHES /android_packages_apps_Camera2/380567.patch " ; #Q_asb_2024-01 Camera2: Do not pass location info for startActivity case
fi ;
if enterAndClear "packages/apps/Car/Settings" ; then
applyPatch " $DOS_PATCHES /android_packages_apps_Car_Settings/378111.patch " ; #Q_asb_2023-06 Convert argument to Intent in car settings AddAccountActivity.
fi ;
2021-07-08 20:41:33 -04:00
if enterAndClear "packages/apps/Contacts" ; then
2021-10-16 13:52:04 -04:00
applyPatch " $DOS_PATCHES_COMMON /android_packages_apps_Contacts/0001-No_Google_Links.patch " ; #Remove Privacy Policy and Terms of Service links (GrapheneOS)
applyPatch " $DOS_PATCHES_COMMON /android_packages_apps_Contacts/0002-No_Google_Backup.patch " ; #Backups are not sent to Google (GrapheneOS)
2022-06-02 23:03:16 -04:00
applyPatch " $DOS_PATCHES_COMMON /android_packages_apps_Contacts/0003-Skip_Accounts.patch " ; #Don't prompt to add account when creating a contact (CalyxOS)
applyPatch " $DOS_PATCHES_COMMON /android_packages_apps_Contacts/0004-No_GMaps.patch " ; #Use common intent for directions instead of Google Maps URL (GrapheneOS)
2023-04-04 12:50:09 -04:00
applyPatch " $DOS_PATCHES_COMMON /android_packages_apps_Contacts/0005-vCard-Four.patch " ; #Add basic support for vCard 4.0 (GrapheneOS)
2021-07-08 20:41:33 -04:00
fi ;
2020-04-14 16:15:33 -04:00
2021-07-08 20:41:33 -04:00
if enterAndClear "packages/apps/Dialer" ; then
2021-10-16 13:52:04 -04:00
applyPatch " $DOS_PATCHES /android_packages_apps_Dialer/0001-Not_Private_Banner.patch " ; #Add a privacy warning banner to calls (CalyxOS)
2021-07-08 20:41:33 -04:00
fi ;
2021-06-08 02:14:07 -04:00
2021-07-08 20:41:33 -04:00
if enterAndClear "packages/apps/LineageParts" ; then
2020-04-14 16:15:33 -04:00
rm -rf src/org/lineageos/lineageparts/lineagestats/ res/xml/anonymous_stats.xml res/xml/preview_data.xml; #Nuke part of the analytics
2022-04-19 23:50:29 -04:00
applyPatch " $DOS_PATCHES /android_packages_apps_LineageParts/0001-Remove_Analytics.patch " ; #Remove analytics (DivestOS)
2022-08-15 16:37:41 -04:00
cp -f " $DOS_PATCHES_COMMON /contributors.db " assets/contributors.db; #Update contributors cloud
2021-07-08 20:41:33 -04:00
fi ;
2020-04-14 16:15:33 -04:00
2023-10-03 15:17:06 -04:00
if enterAndClear "packages/apps/Messaging" ; then
applyPatch " $DOS_PATCHES_COMMON /android_packages_apps_Messaging/0001-null-fix.patch " ; #Handle null case (GrapheneOS)
2023-11-05 19:09:27 -05:00
applyPatch " $DOS_PATCHES_COMMON /android_packages_apps_Messaging/0002-missing-channels.patch " ; #Add notification channels where missing (LineageOS)
2023-10-03 15:17:06 -04:00
fi ;
2022-03-15 14:57:53 -04:00
if enterAndClear "packages/apps/Nfc" ; then
2024-05-08 11:49:25 -04:00
applyPatch " $DOS_PATCHES /android_packages_apps_Nfc/368010.patch " ; #Q_asb_2023-09 Ensure that SecureNFC setting cannot be bypassed
applyPatch " $DOS_PATCHES /android_packages_apps_Nfc/380568.patch " ; #Q_asb_2024-01 Possible deadlock on the NfcService object
2024-05-20 12:52:16 -04:00
applyPatch " $DOS_PATCHES /android_packages_apps_Nfc/0001-constify_JNINativeMethod.patch " ; #Constify JNINativeMethod tables (GrapheneOS)
2022-03-15 14:57:53 -04:00
fi ;
2022-02-25 13:38:36 -05:00
if enterAndClear "packages/apps/PermissionController" ; then
2024-05-08 11:49:25 -04:00
applyPatch " $DOS_PATCHES /android_packages_apps_PackageInstaller/352563.patch " ; #Q_asb_2023-03 Stop managed profile owner granting READ_SMS
2022-04-10 20:24:01 -04:00
applyPatch " $DOS_PATCHES /android_packages_apps_PermissionController/0001-Network_Permission-1.patch " ; #Always treat INTERNET as a runtime permission (GrapheneOS)
applyPatch " $DOS_PATCHES /android_packages_apps_PermissionController/0001-Network_Permission-2.patch " ; #Add INTERNET permission toggle (GrapheneOS)
applyPatch " $DOS_PATCHES /android_packages_apps_PermissionController/0001-Sensors_Permission-1.patch " ; #Always treat OTHER_SENSORS as a runtime permission (GrapheneOS)
applyPatch " $DOS_PATCHES /android_packages_apps_PermissionController/0001-Sensors_Permission-2.patch " ; #Add OTHER_SENSORS permission group (GrapheneOS)
2022-02-25 13:38:36 -05:00
fi ;
2021-07-08 20:41:33 -04:00
if enterAndClear "packages/apps/Settings" ; then
2024-05-08 11:49:25 -04:00
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/352564.patch " ; #Q_asb_2023-03 FRP bypass defense in the settings app
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/352565.patch " ; #Q_asb_2023-03 Add DISALLOW_APPS_CONTROL check into uninstall app for all users
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/355361.patch " ; #Q_asb_2023-04 Only primary user is allowed to control secure nfc
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/359415.patch " ; #Q_asb_2023-06 [Settings] Move display of VPN version into summary text
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/378107.patch " ; #Q_asb_2023-06 Import translations.
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/378108.patch " ; #Q_asb_2023-06 Convert argument to intent in AddAccountSettings.
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/368012.patch " ; #Q_asb_2023-09 Prevent non-system IME from becoming device admin
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/378109.patch " ; #Q_asb_2023-09 Settings: don't try to allow NLSes with too-long component names
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/378110.patch " ; #Q_asb_2023-10 Restrict ApnEditor settings
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/380569.patch " ; #Q_asb_2024-01 Validate ringtone URIs before setting
2024-10-16 19:54:14 -04:00
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/403302.patch " ; #Q_asb_2024-09 Limit wifi item edit content's max length to 500
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/403303.patch " ; #Q_asb_2024-09 Replace getCallingActivity() with getLaunchedFromPackage()
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/403304.patch " ; #Q_asb_2024-09 Ignore fragment attr from ext authenticator resource
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/403305.patch " ; #Q_asb_2024-09 Restrict Settings Homepage prior to provisioning
2024-10-16 20:23:44 -04:00
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/405534.patch " ; #R_asb_2024-10 FRP bypass defense in App battery usage page
2021-08-04 21:25:18 -04:00
git revert --no-edit 486980cfecce2ca64267f41462f9371486308e9d; #Don't hide OEM unlock
2022-12-18 21:46:31 -05:00
#applyPatch "$DOS_PATCHES/android_packages_apps_Settings/272651.patch"; #ten-bt-sbc-hd-dualchannel: Add Dual Channel into Bluetooth Audio Channel Mode developer options menu (ValdikSS)
2021-10-16 13:52:04 -04:00
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch " ; #Add option to disable captive portal checks (MSe1969)
2023-01-20 14:45:46 -05:00
#applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle-gos.patch"; #Add option to disable captive portal checks (GrapheneOS) #FIXME: needs work
2022-04-19 23:50:29 -04:00
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/0003-Remove_SensorsOff_Tile.patch " ; #Remove the Sensors Off development tile (DivestOS)
2022-04-20 00:42:18 -04:00
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/0004-Private_DNS.patch " ; #More 'Private DNS' options (heavily based off of a CalyxOS patch)
2022-03-20 22:56:25 -04:00
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/0005-Automatic_Reboot.patch " ; #Timeout for reboot (GrapheneOS)
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/0006-Bluetooth_Timeout.patch " ; #Timeout for Bluetooth (CalyxOS)
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/0007-WiFi_Timeout.patch " ; #Timeout for Wi-Fi (CalyxOS)
2022-05-14 21:05:54 -04:00
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/0008-ptrace_scope.patch " ; #Add native debugging setting (GrapheneOS)
2024-05-20 12:52:16 -04:00
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/0009-exec_spawning_toggle.patch " ; #Add exec spawning toggle (GrapheneOS)
2022-03-29 22:27:06 -04:00
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/0010-Random_MAC-1.patch " ; #Add option to always randomize MAC (GrapheneOS)
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/0010-Random_MAC-2.patch " ; #Remove partial MAC randomization translations (GrapheneOS)
Many fixes to get bluejay booting & working proper
- Enable APEX for Pixel 6/7, necessary for camera and pKVM
- Also drop hack removing pKVM for Pixel 6/7
- patch from GrapheneOS
- Extend hmalloc workaround to /apex
- Deblobber:
- actually handle wildcard f/w/b overlays
- move some stuff around
- remove some more Pixel blobs
- flag and disable removal of camera extensions, being able to use the second camera is nice
- Adjust what hardenDefconfig disables, caused boot issues
minimal impact as most of these are already default-disabled
can be narrowed down in future
- Disable some of the bionic hardening patches, causing more boot issues
annoying to lose, but having a phone that boots is more important
- Add LTE only mode to 17.1, 18.1, 19.1, and 20.0, credit GrapheneOS
- Remove Pixel 2 ramdisk compression reverts, fixed upstream
And yes, I know I should've split up this commit...
Signed-off-by: Tad <tad@spotco.us>
2022-12-23 22:00:31 -05:00
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/0011-LTE_Only_Mode.patch " ; #Add LTE-only option (GrapheneOS)
2023-01-20 14:45:46 -05:00
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/0012-hosts_toggle.patch " ; #Add a toggle to disable /etc/hosts lookup (heavily based off of a GrapheneOS patch)
2023-02-11 10:58:39 -05:00
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/0013-SUPL_Toggle.patch " ; #Add a toggle for forcibly disabling SUPL (GrapheneOS)
2024-05-20 12:52:16 -04:00
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/0014-microG_Toggle.patch " ; #Add a toggle for microG enablement (heavily based off of a GrapheneOS patch)
2023-07-13 10:45:43 -04:00
applyPatch " $DOS_PATCHES_COMMON /android_packages_apps_Settings/0001-disable_apps.patch " ; #Add an ability to disable non-system apps from the "App info" screen (GrapheneOS)
2022-06-07 15:32:03 -04:00
sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 64;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase default max password length to 64 (GrapheneOS)
2020-04-14 16:15:33 -04:00
sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service
2021-07-08 20:41:33 -04:00
fi ;
2020-04-14 16:15:33 -04:00
2021-07-08 20:41:33 -04:00
if enterAndClear "packages/apps/SetupWizard" ; then
2022-04-19 23:50:29 -04:00
applyPatch " $DOS_PATCHES /android_packages_apps_SetupWizard/0001-Remove_Analytics.patch " ; #Remove analytics (DivestOS)
2021-07-08 20:41:33 -04:00
fi ;
2020-04-14 16:15:33 -04:00
2024-05-08 11:49:25 -04:00
if enterAndClear "packages/apps/Traceur" ; then
applyPatch " $DOS_PATCHES /android_packages_apps_Traceur/359418.patch " ; #Q_asb_2023-06 Block Traceur MainTvActivity when development options disabled.
applyPatch " $DOS_PATCHES /android_packages_apps_Traceur/359419.patch " ; #Q_asb_2023-06 Initialize developer options ContentObserver at app start
applyPatch " $DOS_PATCHES /android_packages_apps_Traceur/378119.patch " ; #Q_asb_2023-06 Update Traceur to check admin user status
applyPatch " $DOS_PATCHES /android_packages_apps_Traceur/359421.patch " ; #Q_asb_2023-06 Add DISALLOW_DEBUGGING_FEATURES check
fi ;
2021-07-08 20:41:33 -04:00
if enterAndClear "packages/apps/Trebuchet" ; then
2024-05-08 11:49:25 -04:00
applyPatch " $DOS_PATCHES /android_packages_apps_Trebuchet/368013.patch " ; #Q_asb_2023-09 Fix permission issue in legacy shortcut
applyPatch " $DOS_PATCHES /android_packages_apps_Trebuchet/378063.patch " ; #Q_asb_2023-12 Fix permission bypass in legacy shortcut
2020-12-22 13:53:29 -05:00
cp $DOS_BUILD_BASE /vendor/divested/overlay/common/packages/apps/Trebuchet/res/xml/default_workspace_*.xml res/xml/; #XXX: Likely no longer needed
2021-07-08 20:41:33 -04:00
fi ;
2020-04-14 16:15:33 -04:00
2024-05-08 11:49:25 -04:00
if enterAndClear "packages/apps/TvSettings" ; then
applyPatch " $DOS_PATCHES /android_packages_apps_TvSettings/359422.patch " ; #Q_asb_2023-06 Convert argument to intent in addAccount TvSettings.
fi ;
2021-07-08 20:41:33 -04:00
if enterAndClear "packages/apps/Updater" ; then
2022-04-19 23:50:29 -04:00
applyPatch " $DOS_PATCHES /android_packages_apps_Updater/0001-Server.patch " ; #Switch to our server (DivestOS)
applyPatch " $DOS_PATCHES /android_packages_apps_Updater/0002-Tor_Support.patch " ; #Add Tor support (DivestOS)
2020-04-14 16:15:33 -04:00
sed -i 's/PROP_BUILD_VERSION_INCREMENTAL);/PROP_BUILD_VERSION_INCREMENTAL).replaceAll("\\\\.", "");/' src/org/lineageos/updater/misc/Utils.java; #Remove periods from incremental version
2021-07-08 20:41:33 -04:00
fi ;
2020-04-14 16:15:33 -04:00
2021-07-08 20:41:33 -04:00
if enterAndClear "packages/inputmethods/LatinIME" ; then
2022-04-19 23:50:29 -04:00
applyPatch " $DOS_PATCHES_COMMON /android_packages_inputmethods_LatinIME/0001-Voice.patch " ; #Remove voice input key (DivestOS)
2021-10-16 13:52:04 -04:00
applyPatch " $DOS_PATCHES_COMMON /android_packages_inputmethods_LatinIME/0002-Disable_Personalization.patch " ; #Disable personalization dictionary by default (GrapheneOS)
2021-07-08 20:41:33 -04:00
fi ;
2020-04-14 16:15:33 -04:00
2022-04-01 07:35:28 -04:00
#if enterAndClear "packages/modules/NetworkStack"; then
#applyPatch "$DOS_PATCHES/android_packages_modules_NetworkStack/0001-Random_MAC.patch"; #Avoid reusing DHCP state for full MAC randomization (GrapheneOS) #FIXME: DhcpClient.java:960: error: cannot find symbol
#fi;
2022-03-29 22:27:06 -04:00
2022-02-25 13:38:36 -05:00
if enterAndClear "packages/providers/DownloadProvider" ; then
2022-04-10 20:24:01 -04:00
applyPatch " $DOS_PATCHES /android_packages_providers_DownloadProvider/0001-Network_Permission.patch " ; #Expose the NETWORK permission (GrapheneOS)
2022-02-25 13:38:36 -05:00
fi ;
2024-05-08 11:49:25 -04:00
if enterAndClear "packages/providers/MediaProvider" ; then
applyPatch " $DOS_PATCHES /android_packages_providers_MediaProvider/355362.patch " ; #Q_asb_2023-04 Canonicalise path before extracting relative path
applyPatch " $DOS_PATCHES /android_packages_providers_MediaProvider/378137.patch " ; #Q_asb_2023-09 Canonicalize file path for insertion by legacy apps
applyPatch " $DOS_PATCHES /android_packages_providers_MediaProvider/378138.patch " ; #Q_asb_2023-10 Fix path traversal vulnerabilities in MediaProvider
2024-08-05 16:03:46 -04:00
applyPatch " $DOS_PATCHES /android_packages_providers_MediaProvider/399090.patch " ; #Q_asb_2024-07 Prevent insertion in other users storage volumes
2024-05-08 11:49:25 -04:00
fi ;
if enterAndClear "packages/providers/TelephonyProvider" ; then
applyPatch " $DOS_PATCHES /android_packages_providers_TelephonyProvider/365458.patch " ; #Q_asb_2023-08 Update file permissions using canonical path
applyPatch " $DOS_PATCHES /android_packages_providers_TelephonyProvider/376605.patch " ; #Q_asb_2023-11 Block access to sms/mms db from work profile.
fi ;
if enterAndClear "packages/services/BuiltInPrintService" ; then
applyPatch " $DOS_PATCHES /android_packages_services_BuiltInPrintService/376606.patch " ; #Q_asb_2023-11 Adjust APIs for CUPS 2.3.3
fi
if enterAndClear "packages/services/Telecomm" ; then
applyPatch " $DOS_PATCHES /android_packages_services_Telecomm/355363.patch " ; #Q_asb_2023-04 Ensure service unbind when receiving a null call screening service in onBind.
applyPatch " $DOS_PATCHES /android_packages_services_Telecomm/355364.patch " ; #Q_asb_2023-04 do not process content uri in call Intents
applyPatch " $DOS_PATCHES /android_packages_services_Telecomm/356360.patch " ; #Q_asb_2023-05 enforce stricter rules when registering phoneAccounts
applyPatch " $DOS_PATCHES /android_packages_services_Telecomm/378120.patch " ; #Q_asb_2023-06 Call Redirection: unbind service when onBind returns null
applyPatch " $DOS_PATCHES /android_packages_services_Telecomm/378122.patch " ; #Q_asb_2023-08 Resolve StatusHints image exploit across user.
applyPatch " $DOS_PATCHES /android_packages_services_Telecomm/369703.patch " ; #Q_asb_2023-12 Fix vulnerability in CallRedirectionService.
applyPatch " $DOS_PATCHES /android_packages_services_Telecomm/378123.patch " ; #Q_asb_2023-12 Support for API cleanups.
applyPatch " $DOS_PATCHES /android_packages_services_Telecomm/378065.patch " ; #Q_asb_2023-12 Resolve account image icon profile boundary exploit.
2024-10-16 19:54:14 -04:00
applyPatch " $DOS_PATCHES /android_packages_services_Telecomm/403306.patch " ; #Q_asb_2024-09 Unbind CS if connection is not created within 15 seconds.
applyPatch " $DOS_PATCHES /android_packages_services_Telecomm/403307.patch " ; #Q_asb_2024-09 Unbind CallScreeningService when timeout reached.
2024-05-08 11:49:25 -04:00
fi ;
if enterAndClear "packages/services/Telephony" ; then
applyPatch " $DOS_PATCHES /android_packages_services_Telephony/368015.patch " ; #Q_asb_2023-09 Grant carrier privileges if package has carrier config access.
applyPatch " $DOS_PATCHES /android_packages_services_Telephony/378161.patch " ; #Q_asb_2023-09 Fixed leak of cross user data in multiple settings.
fi
2023-10-09 17:04:49 -04:00
2022-04-01 07:35:28 -04:00
if enterAndClear "prebuilts/abi-dumps/vndk" ; then
applyPatch " $DOS_PATCHES /android_prebuilts_abi-dumps_vndk/0001-protobuf-avi.patch " ; #Work around ABI changes from compiler hardening (GrapheneOS)
fi ;
2022-03-15 14:38:08 -04:00
if enterAndClear "system/bt" ; then
2024-05-08 11:49:25 -04:00
applyPatch " $DOS_PATCHES /android_system_bt/352276.patch " ; #Q_asb_2023-03 Fix an OOB Write bug in gatt_check_write_long_terminate
applyPatch " $DOS_PATCHES /android_system_bt/352277.patch " ; #Q_asb_2023-03 Fix an OOB access bug in A2DP_BuildMediaPayloadHeaderSbc
applyPatch " $DOS_PATCHES /android_system_bt/352278.patch " ; #Q_asb_2023-03 Fix an OOB write in SDP_AddAttribute
applyPatch " $DOS_PATCHES /android_system_bt/355365.patch " ; #Q_asb_2023-04 Fix OOB access in avdt_scb_hdl_pkt_no_frag
applyPatch " $DOS_PATCHES /android_system_bt/355366.patch " ; #Q_asb_2023-04 Fix an OOB bug in register_notification_rsp
applyPatch " $DOS_PATCHES /android_system_bt/359424.patch " ; #Q_asb_2023-06 Prevent use-after-free of HID reports
applyPatch " $DOS_PATCHES /android_system_bt/359425.patch " ; #Q_asb_2023-06 Revert "Revert "Validate buffer length in sdpu_build_uuid_seq""
applyPatch " $DOS_PATCHES /android_system_bt/359426.patch " ; #Q_asb_2023-06 Revert "Revert "Fix wrong BR/EDR link key downgrades (P_256->P_192)""
applyPatch " $DOS_PATCHES /android_system_bt/365419.patch " ; #Q_asb_2023-07 Fix gatt_end_operation buffer overflow
applyPatch " $DOS_PATCHES /android_system_bt/368017.patch " ; #Q_asb_2023-09 Fix an integer overflow bug in avdt_msg_asmbl
applyPatch " $DOS_PATCHES /android_system_bt/368018.patch " ; #Q_asb_2023-09 Fix integer overflow in build_read_multi_rsp
applyPatch " $DOS_PATCHES /android_system_bt/368019.patch " ; #Q_asb_2023-09 Fix potential abort in btu_av_act.cc
applyPatch " $DOS_PATCHES /android_system_bt/368020.patch " ; #Q_asb_2023-09 Fix UAF in gatt_cl.cc
applyPatch " $DOS_PATCHES /android_system_bt/378066.patch " ; #Q_asb_2023-12 Reject access to secure service authenticated from a temp bonding [1]
applyPatch " $DOS_PATCHES /android_system_bt/378067.patch " ; #Q_asb_2023-12 Reject access to secure services authenticated from temp bonding [2]
applyPatch " $DOS_PATCHES /android_system_bt/378068.patch " ; #Q_asb_2023-12 Reject access to secure service authenticated from a temp bonding [3]
applyPatch " $DOS_PATCHES /android_system_bt/378069.patch " ; #Q_asb_2023-12 Reorganize the code for checking auth requirement
applyPatch " $DOS_PATCHES /android_system_bt/378070.patch " ; #Q_asb_2023-12 Enforce authentication if encryption is required
applyPatch " $DOS_PATCHES /android_system_bt/378072.patch " ; #Q_asb_2023-12 Fix `find_rfc_slot_by_pending_sdp` not finding active slot with max ID
applyPatch " $DOS_PATCHES /android_system_bt/378073.patch " ; #Q_asb_2023-12 Fix OOB Write in pin_reply in bluetooth.cc
applyPatch " $DOS_PATCHES /android_system_bt/378089.patch " ; #Q_asb_2023-12 Fix timing attack in BTM_BleVerifySignature
applyPatch " $DOS_PATCHES /android_system_bt/380570.patch " ; #Q_asb_2024-01 Fix some OOB errors in BTM parsing
applyPatch " $DOS_PATCHES /android_system_bt/383260.patch " ; #Q_asb_2024-02 Fix an OOB bug in btif_to_bta_response and attp_build_value_cmd
applyPatch " $DOS_PATCHES /android_system_bt/383261.patch " ; #Q_asb_2024-02 Fix an OOB write bug in attp_build_read_by_type_value_cmd
applyPatch " $DOS_PATCHES /android_system_bt/391914.patch " ; #Q_asb_2024-03 Fix an OOB bug in smp_proc_sec_req
applyPatch " $DOS_PATCHES /android_system_bt/391915.patch " ; #Q_asb_2024-03 Reland: Fix an OOB write bug in attp_build_value_cmd
applyPatch " $DOS_PATCHES /android_system_bt/391916.patch " ; #Q_asb_2024-03 Fix a security bypass issue in access_secure_service_from_temp_bond
2024-08-05 16:03:46 -04:00
applyPatch " $DOS_PATCHES /android_system_bt/399092.patch " ; #Q_asb_2024-07 Fix an authentication bypass bug in SMP
2024-09-14 12:07:02 -04:00
applyPatch " $DOS_PATCHES /android_system_bt/402607.patch " ; #Q_asb_2024-08 Fix heap-buffer overflow in sdp_utils.cc
2024-10-16 19:54:14 -04:00
applyPatch " $DOS_PATCHES /android_system_bt/403308.patch " ; #Q_asb_2024-09 Clean up BTM_SEC_MODE
applyPatch " $DOS_PATCHES /android_system_bt/403309.patch " ; #Q_asb_2024-09 Add getters to stack/btm/security_device_record::tBTM_SEC_DEV_REC
applyPatch " $DOS_PATCHES /android_system_bt/403310.patch " ; #Q_asb_2024-09 Add APIs stack/btm/security_device_record::
applyPatch " $DOS_PATCHES /android_system_bt/403311.patch " ; #Q_asb_2024-09 Add tACL_CONN::SupportsSecureConnections
applyPatch " $DOS_PATCHES /android_system_bt/403312.patch " ; #Q_asb_2024-09 Use tACL_CONN::SupportsSecureConnections
applyPatch " $DOS_PATCHES /android_system_bt/403313.patch " ; #Q_asb_2024-09 Refactor btm_sec_set_peer_sec_caps
applyPatch " $DOS_PATCHES /android_system_bt/403314.patch " ; #Q_asb_2024-09 Use btm_sec_set_peer_sec_caps to store features
applyPatch " $DOS_PATCHES /android_system_bt/403315.patch " ; #Q_asb_2024-09 Add support for checking security downgrade
applyPatch " $DOS_PATCHES /android_system_bt/403316.patch " ; #Q_asb_2024-09 Disallow connect with Secure Connections downgrade
applyPatch " $DOS_PATCHES /android_system_bt/403317.patch " ; #Q_asb_2024-09 Disallow connect with key length downgrade
2024-10-16 20:23:44 -04:00
applyPatch " $DOS_PATCHES /android_system_bt/405536.patch " ; #R_asb_2024-10 Add btif/include/btif_hh::btif_hh_status_text
2024-10-16 20:47:28 -04:00
applyPatch " $DOS_PATCHES /android_system_bt/405834-backport.patch " ; #P_asb_2024-10 Disallow unexpected incoming HID connections 1/2
2022-03-15 17:07:25 -04:00
applyPatch " $DOS_PATCHES_COMMON /android_system_bt/0001-alloc_size.patch " ; #Add alloc_size attributes to the allocator (GrapheneOS)
2022-12-18 21:46:31 -05:00
#applyPatch "$DOS_PATCHES/android_system_bt/272648.patch"; #ten-bt-sbc-hd-dualchannel: Increase maximum Bluetooth SBC codec bitrate for SBC HD (ValdikSS)
#applyPatch "$DOS_PATCHES/android_system_bt/272649.patch"; #ten-bt-sbc-hd-dualchannel: Explicit SBC Dual Channel (SBC HD) support (ValdikSS)
#applyPatch "$DOS_PATCHES/android_system_bt/272650.patch"; #ten-bt-sbc-hd-dualchannel: Allow using alternative (higher) SBC HD bitrates with a property (ValdikSS)
2022-03-15 14:38:08 -04:00
fi ;
2023-06-17 14:50:49 -04:00
if enterAndClear "system/ca-certificates" ; then
rm -rf files; #Remove old certs
cp -r " $DOS_PATCHES_COMMON /android_system_ca-certificates/files " .; #Copy the new ones into place
fi ;
2021-07-08 20:41:33 -04:00
if enterAndClear "system/core" ; then
2024-05-08 11:49:25 -04:00
applyPatch " $DOS_PATCHES /android_system_core/383262.patch " ; #Q_asb_2024-02 Add seal if ashmem-dev is backed by memfd
2020-04-14 16:15:33 -04:00
if [ " $DOS_HOSTS_BLOCKING " = true ] ; then cat " $DOS_HOSTS_FILE " >> rootdir/etc/hosts; fi ; #Merge in our HOSTS file
2021-02-05 16:43:01 -05:00
git revert --no-edit 3032c7aa5ce90c0ae9c08fe271052c6e0304a1e7 01266f589e6deaef30b782531ae14435cdd2f18e; #insanity
2020-04-14 16:15:33 -04:00
git revert --no-edit bd4142eab8b3cead0c25a2e660b4b048d1315d3c; #Always update recovery
2021-10-16 13:52:04 -04:00
applyPatch " $DOS_PATCHES /android_system_core/0001-Harden.patch " ; #Harden mounts with nodev/noexec/nosuid + misc sysctl changes (GrapheneOS)
2024-05-20 12:52:16 -04:00
applyPatch " $DOS_PATCHES /android_system_core/0002-HM-Increase_vm_mmc.patch " ; #(GrapheneOS)
applyPatch " $DOS_PATCHES /android_system_core/0003-Zero_Sensitive_Info.patch " ; #Zero sensitive information with explicit_bzero (GrapheneOS)
2022-05-14 21:05:54 -04:00
applyPatch " $DOS_PATCHES /android_system_core/0004-ptrace_scope.patch " ; #Add a property for controlling ptrace_scope (GrapheneOS)
2021-07-08 20:41:33 -04:00
fi ;
2020-04-14 16:15:33 -04:00
2021-07-08 20:41:33 -04:00
if enterAndClear "system/extras" ; then
2021-10-16 13:52:04 -04:00
applyPatch " $DOS_PATCHES /android_system_extras/0001-ext4_pad_filenames.patch " ; #FBE: pad filenames more (GrapheneOS)
2021-07-08 20:41:33 -04:00
fi ;
2020-11-04 09:48:12 -05:00
2024-08-05 16:03:46 -04:00
if enterAndClear "system/libfmq" ; then
2024-08-05 16:38:56 -04:00
applyPatch " $DOS_PATCHES_COMMON /android_system_libfmq/399071.patch " ; #Q_asb_2024-06 Use the values of the ptrs that we check
2024-08-05 16:03:46 -04:00
fi ;
2022-02-25 13:38:36 -05:00
if enterAndClear "system/netd" ; then
2024-05-08 11:49:25 -04:00
applyPatch " $DOS_PATCHES /android_system_netd/376607.patch " ; #Q_asb_2023-11 Fix use-after-free in DNS64 discovery thread
applyPatch " $DOS_PATCHES /android_system_netd/378074.patch " ; #Q_asb_2023-12 Fix Heap-use-after-free in MDnsSdListener::Monitor::run
2022-04-10 20:24:01 -04:00
applyPatch " $DOS_PATCHES /android_system_netd/0001-Network_Permission.patch " ; #Expose the NETWORK permission (GrapheneOS)
2023-01-20 14:45:46 -05:00
applyPatch " $DOS_PATCHES /android_system_netd/0002-hosts_toggle.patch " ; #Add a toggle to disable /etc/hosts lookup (DivestOS)
2024-07-31 22:19:21 -04:00
#applyPatch "$DOS_PATCHES/android_system_netd/0003-Fix_DNS_leaks.patch"; #Fix DNS leak in VPN lockdown mode when VPN is down (GrapheneOS)
#applyPatch "$DOS_PATCHES/android_system_netd/0003-Fix_DNS_leaks-relaxed.patch"; #Relax VPN DNS leak prevention for incompatible apps (GrapheneOS)
2022-02-25 13:38:36 -05:00
fi ;
2024-05-08 11:49:25 -04:00
if enterAndClear "system/nfc" ; then
applyPatch " $DOS_PATCHES /android_system_nfc/355367.patch " ; #Q_asb_2023-04 OOBW in nci_snd_set_routing_cmd()
applyPatch " $DOS_PATCHES /android_system_nfc/365420.patch " ; #Q_asb_2023-07 OOBW in rw_i93_send_to_upper()
fi ;
2021-07-08 20:41:33 -04:00
if enterAndClear "system/sepolicy" ; then
2022-03-06 22:53:07 -05:00
applyPatch " $DOS_PATCHES /android_system_sepolicy/0002-protected_files.patch " ; #label protected_{fifos,regular} as proc_security (GrapheneOS)
2022-03-20 22:56:25 -04:00
applyPatch " $DOS_PATCHES /android_system_sepolicy/0003-ptrace_scope-1.patch " ; #Allow init to control kernel.yama.ptrace_scope (GrapheneOS)
applyPatch " $DOS_PATCHES /android_system_sepolicy/0003-ptrace_scope-2.patch " ; #Allow system to use persist.native_debug (GrapheneOS)
2022-04-19 23:50:29 -04:00
git am " $DOS_PATCHES /android_system_sepolicy/0001-LGE_Fixes.patch " ; #Fix -user builds for LGE devices (DivestOS)
2020-04-30 17:27:13 -04:00
patch -p1 < " $DOS_PATCHES /android_system_sepolicy/0001-LGE_Fixes.patch " --directory= "prebuilts/api/29.0" ;
patch -p1 < " $DOS_PATCHES /android_system_sepolicy/0001-LGE_Fixes.patch " --directory= "prebuilts/api/28.0" ;
patch -p1 < " $DOS_PATCHES /android_system_sepolicy/0001-LGE_Fixes.patch " --directory= "prebuilts/api/27.0" ;
patch -p1 < " $DOS_PATCHES /android_system_sepolicy/0001-LGE_Fixes.patch " --directory= "prebuilts/api/26.0" ;
2020-04-14 16:15:33 -04:00
awk -i inplace '!/true cannot be used in user builds/' Android.mk; #Allow ignoring neverallows under -user
2021-07-08 20:41:33 -04:00
fi ;
2020-04-14 16:15:33 -04:00
2021-07-08 20:41:33 -04:00
if enterAndClear "system/update_engine" ; then
2021-01-18 07:11:54 -05:00
git revert --no-edit c68499e3ff10f2a31f913e14f66aafb4ed94d42d; #Do not skip payload signature verification
2021-07-08 20:41:33 -04:00
fi ;
2021-01-18 07:11:54 -05:00
2023-07-09 14:49:49 -04:00
if enterAndClear "tools/apksig" ; then
2024-05-08 11:49:25 -04:00
applyPatch " $DOS_PATCHES /android_tools_apksig/376559.patch " ; #Q_asb_2023-07 Limit the number of supported v1 and v2 signers
fi ;
if enterAndClear "vendor/nxp/opensource/commonsys/external/libnfc-nci" ; then
applyPatch " $DOS_PATCHES /android_vendor_nxp_opensource_external_libnfc-nci/355368.patch " ; #Q_asb_2023-04 OOBW in nci_snd_set_routing_cmd()
applyPatch " $DOS_PATCHES /android_vendor_nxp_opensource_external_libnfc-nci/378160.patch " ; #Q_asb_2023-07 OOBW in rw_i93_send_to_upper()
fi ;
if enterAndClear "vendor/nxp/opensource/pn5xx/halimpl" ; then
applyPatch " $DOS_PATCHES /android_vendor_nxp_opensource_halimpl/355369.patch " ; #Q_asb_2023-04 OOBW in nci_snd_set_routing_cmd()
fi ;
if enterAndClear "vendor/nxp/opensource/commonsys/packages/apps/Nfc" ; then
applyPatch " $DOS_PATCHES /android_vendor_nxp_opensource_packages_apps_Nfc/378163.patch " ; #Q_asb_2023-09 Ensure that SecureNFC setting cannot be bypassed
applyPatch " $DOS_PATCHES /android_vendor_nxp_opensource_packages_apps_Nfc/380571.patch " ; #Q_asb_2024-01 Possible deadlock on the NfcService object
fi ;
if enterAndClear "vendor/qcom/opensource/commonsys/packages/apps/Bluetooth" ; then
applyPatch " $DOS_PATCHES /android_vendor_qcom_opensource_packages_apps_Bluetooth/378136.patch " ; #Q_asb_2023-12 Fix UAF in ~CallbackEnv
2024-10-16 20:47:28 -04:00
applyPatch " $DOS_PATCHES /android_vendor_qcom_opensource_packages_apps_Bluetooth/405585-backport.patch " ; #R_asb_2024-10 Disallow unexpected incoming HID connections 2/2
2024-05-08 11:49:25 -04:00
fi ;
if enterAndClear "vendor/qcom/opensource/commonsys/system/bt" ; then
applyPatch " $DOS_PATCHES /android_vendor_qcom_opensource_system_bt/352566.patch " ; #Q_asb_2023-03 Fix an OOB Write bug in gatt_check_write_long_terminate
applyPatch " $DOS_PATCHES /android_vendor_qcom_opensource_system_bt/352567.patch " ; #Q_asb_2023-03 Fix an OOB access bug in A2DP_BuildMediaPayloadHeaderSbc
applyPatch " $DOS_PATCHES /android_vendor_qcom_opensource_system_bt/352568.patch " ; #Q_asb_2023-03 Fix an OOB write in SDP_AddAttribute
applyPatch " $DOS_PATCHES /android_vendor_qcom_opensource_system_bt/352569.patch " ; #Q_asb_2023-03 AVRCP: Fix potential buffer overflow
applyPatch " $DOS_PATCHES /android_vendor_qcom_opensource_system_bt/355370.patch " ; #Q_asb_2023-04 Fix an OOB bug in register_notification_rsp
applyPatch " $DOS_PATCHES /android_vendor_qcom_opensource_system_bt/355371.patch " ; #Q_asb_2023-04 AVDTP: Fix a potential overflow about the media payload offset
applyPatch " $DOS_PATCHES /android_vendor_qcom_opensource_system_bt/365442.patch " ; #Q_asb_2023-06 Fix gatt_end_operation buffer overflow
applyPatch " $DOS_PATCHES /android_vendor_qcom_opensource_system_bt/378124.patch " ; #Q_asb_2023-06 Revert "Revert "Fix wrong BR/EDR link key downgrades (P_256->P_192)""
applyPatch " $DOS_PATCHES /android_vendor_qcom_opensource_system_bt/378125.patch " ; #Q_asb_2023-06 Prevent use-after-free of HID reports
applyPatch " $DOS_PATCHES /android_vendor_qcom_opensource_system_bt/378126.patch " ; #Q_asb_2023-06 Revert^2 "Validate buffer length in sdpu_build_uuid_seq"
applyPatch " $DOS_PATCHES /android_vendor_qcom_opensource_system_bt/368022.patch " ; #Q_asb_2023-12 Fix an integer overflow bug in avdt_msg_asmbl
applyPatch " $DOS_PATCHES /android_vendor_qcom_opensource_system_bt/368023.patch " ; #Q_asb_2023-12 Fix integer overflow in build_read_multi_rsp
applyPatch " $DOS_PATCHES /android_vendor_qcom_opensource_system_bt/368024.patch " ; #Q_asb_2023-12 Fix potential abort in btu_av_act.cc
applyPatch " $DOS_PATCHES /android_vendor_qcom_opensource_system_bt/368025.patch " ; #Q_asb_2023-12 Fix UAF in gatt_cl.cc
applyPatch " $DOS_PATCHES /android_vendor_qcom_opensource_system_bt/378077.patch " ; #Q_asb_2023-12 Reject access to secure services authenticated from temp bonding [2]
applyPatch " $DOS_PATCHES /android_vendor_qcom_opensource_system_bt/378078.patch " ; #Q_asb_2023-12 Reject access to secure service authenticated from a temp bonding [3]
applyPatch " $DOS_PATCHES /android_vendor_qcom_opensource_system_bt/378079.patch " ; #Q_asb_2023-12 Fix OOB Write in pin_reply in bluetooth.cc
applyPatch " $DOS_PATCHES /android_vendor_qcom_opensource_system_bt/378080.patch " ; #Q_asb_2023-12 BT: Fixing the rfc_slot_id overflow
applyPatch " $DOS_PATCHES /android_vendor_qcom_opensource_system_bt/378082.patch " ; #Q_asb_2023-12 Fix `find_rfc_slot_by_pending_sdp` not finding active slot with max ID
applyPatch " $DOS_PATCHES /android_vendor_qcom_opensource_system_bt/378133.patch " ; #Q_asb_2023-12 Reject access to secure service authenticated from a temp bonding [1]
applyPatch " $DOS_PATCHES /android_vendor_qcom_opensource_system_bt/378134.patch " ; #Q_asb_2023-12 Fix timing attack in BTM_BleVerifySignature
applyPatch " $DOS_PATCHES /android_vendor_qcom_opensource_system_bt/380572.patch " ; #Q_asb_2024-01 Fix some OOB errors in BTM parsing
applyPatch " $DOS_PATCHES /android_vendor_qcom_opensource_system_bt/383263.patch " ; #Q_asb_2024-02 Fix an OOB bug in btif_to_bta_response and attp_build_value_cmd
applyPatch " $DOS_PATCHES /android_vendor_qcom_opensource_system_bt/383264.patch " ; #Q_asb_2024-02 Fix an OOB write bug in attp_build_read_by_type_value_cmd
applyPatch " $DOS_PATCHES /android_vendor_qcom_opensource_system_bt/391917.patch " ; #Q_asb_2024-03 Fix an OOB bug in smp_proc_sec_req
applyPatch " $DOS_PATCHES /android_vendor_qcom_opensource_system_bt/391918.patch " ; #Q_asb_2024-03 Fix a security bypass issue in access_secure_service_from_temp_bond
applyPatch " $DOS_PATCHES /android_vendor_qcom_opensource_system_bt/391919.patch " ; #Q_asb_2024-03 Reland: Fix an OOB write bug in attp_build_value_cmd
2024-08-05 16:03:46 -04:00
applyPatch " $DOS_PATCHES /android_vendor_qcom_opensource_system_bt/399091.patch " ; #Q_asb_2024-07 Fix an authentication bypass bug in SMP
2024-09-14 12:07:02 -04:00
applyPatch " $DOS_PATCHES /android_vendor_qcom_opensource_system_bt/402608.patch " ; #Q_asb_2024-08 Fix heap-buffer overflow in sdp_utils.cc
2024-10-16 19:54:14 -04:00
applyPatch " $DOS_PATCHES /android_vendor_qcom_opensource_system_bt/403318.patch " ; #Q_asb_2024-09 Clean up BTM_SEC_MODE
applyPatch " $DOS_PATCHES /android_vendor_qcom_opensource_system_bt/403319.patch " ; #Q_asb_2024-09 Add getters to stack/btm/security_device_record::tBTM_SEC_DEV_REC
applyPatch " $DOS_PATCHES /android_vendor_qcom_opensource_system_bt/403320.patch " ; #Q_asb_2024-09 Add APIs stack/btm/security_device_record::
applyPatch " $DOS_PATCHES /android_vendor_qcom_opensource_system_bt/403321.patch " ; #Q_asb_2024-09 Add tACL_CONN::SupportsSecureConnections
applyPatch " $DOS_PATCHES /android_vendor_qcom_opensource_system_bt/403322.patch " ; #Q_asb_2024-09 Use tACL_CONN::SupportsSecureConnections
applyPatch " $DOS_PATCHES /android_vendor_qcom_opensource_system_bt/403323.patch " ; #Q_asb_2024-09 Refactor btm_sec_set_peer_sec_caps
applyPatch " $DOS_PATCHES /android_vendor_qcom_opensource_system_bt/403324.patch " ; #Q_asb_2024-09 Use btm_sec_set_peer_sec_caps to store features
applyPatch " $DOS_PATCHES /android_vendor_qcom_opensource_system_bt/403325.patch " ; #Q_asb_2024-09 Add support for checking security downgrade
applyPatch " $DOS_PATCHES /android_vendor_qcom_opensource_system_bt/403326.patch " ; #Q_asb_2024-09 Disallow connect with Secure Connections downgrade
applyPatch " $DOS_PATCHES /android_vendor_qcom_opensource_system_bt/403327.patch " ; #Q_asb_2024-09 Disallow connect with key length downgrade
2024-10-16 20:23:44 -04:00
applyPatch " $DOS_PATCHES /android_vendor_qcom_opensource_system_bt/405583.patch " ; #R_asb_2024-10 Add btif/include/btif_hh::btif_hh_status_text
applyPatch " $DOS_PATCHES /android_vendor_qcom_opensource_system_bt/405584.patch " ; #R_asb_2024-10 Disallow unexpected incoming HID connections 1/2
2024-03-14 20:03:59 -04:00
fi ;
2024-02-08 20:17:09 -05:00
2021-07-08 20:41:33 -04:00
if enterAndClear "vendor/lineage" ; then
2021-08-04 21:25:18 -04:00
rm build/target/product/security/lineage.x509.pem; #Remove Lineage keys
2020-04-14 16:15:33 -04:00
rm -rf overlay/common/lineage-sdk/packages/LineageSettingsProvider/res/values/defaults.xml; #Remove analytics
2021-08-04 21:25:18 -04:00
rm -rf overlay/common/frameworks/base/core/res/res/drawable-*/default_wallpaper.png; #Remove Lineage wallpaper
2020-04-25 12:19:54 -04:00
if [ " $DOS_HOSTS_BLOCKING " = true ] ; then awk -i inplace '!/50-lineage.sh/' config/*.mk; fi ; #Make sure our hosts is always used
2021-08-04 21:25:18 -04:00
awk -i inplace '!/PRODUCT_EXTRA_RECOVERY_KEYS/' config/*.mk; #Remove Lineage extra keys
awk -i inplace '!/security\/lineage/' config/*.mk; #Remove Lineage extra keys
awk -i inplace '!/WeatherProvider/' config/*.mk; #Remove Weather
2023-07-06 14:50:40 -04:00
awk -i inplace '!/config_multiuserMaximumUsers/' overlay/common/frameworks/base/core/res/res/values/config.xml; #Conflict
2021-08-04 21:25:18 -04:00
awk -i inplace '!/def_backup_transport/' overlay/common/frameworks/base/packages/SettingsProvider/res/values/defaults.xml; #Unset default backup provider
if [ " $DOS_DEBLOBBER_REMOVE_AUDIOFX " = true ] ; then awk -i inplace '!/AudioFX/' config/*.mk; fi ; #Remove AudioFX
2020-04-25 12:19:54 -04:00
sed -i 's/LINEAGE_BUILDTYPE := UNOFFICIAL/LINEAGE_BUILDTYPE := dos/' config/*.mk; #Change buildtype
2020-04-14 16:15:33 -04:00
echo 'include vendor/divested/divestos.mk' >> config/common.mk; #Include our customizations
2021-01-04 17:39:17 -05:00
cp -f " $DOS_PATCHES_COMMON /apns-conf.xml " prebuilt/common/etc/apns-conf.xml; #Update APN list
2022-02-11 14:25:30 -05:00
awk -i inplace '!/Eleven/' config/common_mobile.mk; #Remove Music Player
awk -i inplace '!/Email/' config/common_mobile.mk; #Remove Email
awk -i inplace '!/Exchange2/' config/common_mobile.mk;
2023-02-02 09:45:06 -05:00
cp -f " $DOS_PATCHES_COMMON /config_webview_packages.xml " overlay/common/frameworks/base/core/res/res/xml/config_webview_packages.xml; #Change allowed WebView providers
2023-07-24 03:59:03 -04:00
awk -i inplace '!/com.android.vending/' overlay/common/frameworks/base/core/res/res/values/vendor_required_apps*.xml; #Remove unwanted apps
awk -i inplace '!/com.google.android/' overlay/common/frameworks/base/core/res/res/values/vendor_required_apps*.xml;
2021-07-08 20:41:33 -04:00
fi ;
2020-04-14 16:15:33 -04:00
2021-07-08 20:41:33 -04:00
if enter "vendor/divested" ; then
2021-08-05 23:42:37 -04:00
echo "PRODUCT_PACKAGES += vendor.lineage.trust@1.0-service" >> packages.mk; #Add deny usb service, all of our kernels have the necessary patch
2022-04-13 11:39:11 -04:00
awk -i inplace '!/speed-profile/' build/target/product/lowram.mk; #breaks compile on some dexpreopt devices
2021-07-08 20:41:33 -04:00
fi ;
2020-04-14 16:15:33 -04:00
#
#END OF ROM CHANGES
#
#
#START OF DEVICE CHANGES
#
2021-07-08 20:41:33 -04:00
if enterAndClear "device/cyanogen/msm8916-common" ; then
2021-04-01 23:06:27 -04:00
awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' BoardConfigCommon.mk; #broken releasetools
2021-07-08 20:41:33 -04:00
fi ;
2021-01-23 23:08:00 -05:00
2021-07-08 20:41:33 -04:00
if enterAndClear "device/motorola/clark" ; then
2021-12-13 00:10:50 -05:00
echo "allow mm-qcamerad camera_prop:property_service set;" >> sepolicy/mm-qcamerad.te;
echo "allow mm-qcamerad property_socket:sock_file write;" >> sepolicy/mm-qcamerad.te;
echo "allow mm-qcamerad camera_prop:file read;" >> sepolicy/mm-qcamerad.te;
echo "set_prop(mm-qcamerad, camera_prop)" >> sepolicy/mm-qcamerad.te;
2021-11-06 11:22:43 -04:00
echo "recovery_only(\`" >> sepolicy/recovery.te; #304224: Allow recovery to unzip and chmod modem firmware
2021-06-12 17:17:11 -04:00
echo " allow firmware_file labeledfs:filesystem associate;" >> sepolicy/recovery.te;
2021-10-27 22:35:33 -04:00
echo " allow recovery firmware_file:dir rw_dir_perms;" >> sepolicy/recovery.te;
echo " allow recovery firmware_file:file create_file_perms;" >> sepolicy/recovery.te;
echo "')" >> sepolicy/recovery.te;
fi ;
if enterAndClear "device/motorola/msm8916-common" ; then
rm sepolicy/recovery.te;
2021-11-06 11:22:43 -04:00
echo "recovery_only(\`" >> sepolicy/recovery.te; #304224: Allow recovery to unzip and chmod modem firmware
2021-10-27 22:35:33 -04:00
echo " allow firmware_file labeledfs:filesystem associate;" >> sepolicy/recovery.te;
echo " allow recovery firmware_file:dir rw_dir_perms;" >> sepolicy/recovery.te;
echo " allow recovery firmware_file:file create_file_perms;" >> sepolicy/recovery.te;
2021-06-12 17:17:11 -04:00
echo "')" >> sepolicy/recovery.te;
2021-07-08 20:41:33 -04:00
fi ;
2020-11-17 10:11:40 -05:00
2021-07-08 20:41:33 -04:00
if enterAndClear "device/oneplus/oneplus2" ; then
2020-05-30 14:09:56 -04:00
sed -i 's|etc/permissions/qti_libpermissions.xml|vendor/etc/permissions/qti_libpermissions.xml|' proprietary-files.txt;
2021-05-30 21:39:25 -04:00
echo "allow mm-qcamerad camera_data_file:file create_file_perms;" >> sepolicy/mm-qcamerad.te; #Likely some of these could be removed
echo "allow mm-qcamerad node:tcp_socket node_bind;" >> sepolicy/mm-qcamerad.te;
echo "allow mm-qcamerad port:tcp_socket name_bind;" >> sepolicy/mm-qcamerad.te;
echo "allow mm-qcamerad self:tcp_socket { accept listen };" >> sepolicy/mm-qcamerad.te;
echo "allow mm-qcamerad self:tcp_socket { bind create setopt };" >> sepolicy/mm-qcamerad.te;
2021-05-29 22:46:37 -04:00
echo "allow mm-qcamerad camera_prop:file read;" >> sepolicy/mm-qcamerad.te;
echo "set_prop(mm-qcamerad, camera_prop)" >> sepolicy/mm-qcamerad.te;
2021-07-08 20:41:33 -04:00
fi ;
2020-05-30 14:09:56 -04:00
2021-07-08 20:41:33 -04:00
if enterAndClear "device/oppo/common" ; then
2020-05-30 14:09:56 -04:00
awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' BoardConfigCommon.mk; #disable releasetools to fix delta ota generation
2021-07-08 20:41:33 -04:00
fi ;
2020-05-30 14:09:56 -04:00
2023-09-04 14:18:47 -04:00
if enterAndClear "device/xiaomi/davinci" ; then
smallerSystem;
fi ;
if enterAndClear "device/xiaomi/sm6150-common" ; then
smallerSystem;
fi ;
2020-04-14 16:15:33 -04:00
#Make changes to all devices
cd " $DOS_BUILD_BASE " ;
find "hardware/qcom/gps" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I { } bash -c 'hardenLocationConf "{}"' ;
2023-01-20 21:49:48 -05:00
find "device" -name "gps\.conf*" -type f -print0 | xargs -0 -n 1 -P 4 -I { } bash -c 'hardenLocationConf "{}"' ;
2021-04-15 06:19:32 -04:00
find "vendor" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I { } bash -c 'hardenLocationConf "{}"' ;
2020-04-14 16:15:33 -04:00
find "device" -type d -name "overlay" -print0 | xargs -0 -n 1 -P 4 -I { } bash -c 'hardenLocationFWB "{}"' ;
2021-01-15 17:28:35 -05:00
if [ " $DOS_DEBLOBBER_REMOVE_IMS " = "false" ] ; then find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I { } bash -c 'volteOverride "{}"' ; fi ;
2020-04-14 16:15:33 -04:00
find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I { } bash -c 'enableDexPreOpt "{}"' ;
find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I { } bash -c 'hardenUserdata "{}"' ;
find "kernel" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 4 -I { } bash -c 'hardenDefconfig "{}"' ;
2022-04-19 11:25:19 -04:00
find "kernel" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I { } bash -c 'updateRegDb "{}"' ;
2021-03-29 17:09:12 -04:00
find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I { } bash -c 'disableAPEX "{}"' ;
2024-05-20 12:52:16 -04:00
find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I { } bash -c 'disableEnforceRRO "{}"' ;
2020-04-14 16:15:33 -04:00
cd " $DOS_BUILD_BASE " ;
2023-03-08 00:02:28 -05:00
deblobAudio;
removeBuildFingerprints;
2023-05-05 22:25:47 -04:00
hardenLocationSerials || true;
2022-04-02 02:18:30 -04:00
enableAutoVarInit || true;
2023-03-08 00:02:28 -05:00
changeDefaultDNS; #Change the default DNS servers
2023-02-03 22:05:01 -05:00
fixupCarrierConfigs || true; #Remove silly carrier restrictions
2023-06-17 14:50:49 -04:00
removeUntrustedCerts || true;
2022-09-23 10:25:36 -04:00
cd " $DOS_BUILD_BASE " ;
#rm -rfv device/*/*/overlay/CarrierConfigResCommon device/*/*/rro_overlays/CarrierConfigOverlay device/*/*/overlay/packages/apps/CarrierConfig/res/xml/vendor.xml;
2020-04-14 16:15:33 -04:00
2021-08-04 14:22:16 -04:00
#Tweaks for <2GB RAM devices
2022-04-13 11:39:11 -04:00
enableLowRam "device/motorola/harpia" "harpia" ;
enableLowRam "device/motorola/merlin" "merlin" ;
enableLowRam "device/motorola/msm8916-common" "msm8916-common" ;
enableLowRam "device/motorola/osprey" "osprey" ;
enableLowRam "device/motorola/surnia" "surnia" ;
2022-04-11 23:04:42 -04:00
#Tweaks for <3GB RAM devices
enableLowRam "device/cyanogen/msm8916-common" "msm8916-common" ;
enableLowRam "device/wileyfox/crackling" "crackling" ;
2023-07-13 18:17:44 -04:00
#Tweaks for 3GB/4GB RAM devices
#enableLowRam "device/oneplus/oneplus2" "oneplus2";
2021-08-04 14:22:16 -04:00
2020-04-14 16:15:33 -04:00
#Fix broken options enabled by hardenDefconfig()
2023-04-17 13:06:09 -04:00
#none yet
2020-04-14 16:15:33 -04:00
2022-10-15 07:53:14 -04:00
sed -i 's/^YYLTYPE yylloc;/extern YYLTYPE yylloc;/' kernel/*/*/scripts/dtc/dtc-lexer.l* || true; #Fix builds with GCC 10
2021-10-16 16:28:41 -04:00
rm -v kernel/*/*/drivers/staging/greybus/tools/Android.mk || true;
2024-05-06 16:49:46 -04:00
sed -i '117ioutputEntry.setCompressedSize(-1);' external/jarjar/src/main/com/tonicsystems/jarjar/util/IoUtil.java; #Fix compile error
2020-04-14 16:15:33 -04:00
#
#END OF DEVICE CHANGES
#
2021-10-16 15:28:15 -04:00
echo -e "\e[0;32m[SCRIPT COMPLETE] Primary patching finished\e[0m" ;