2016-12-27 11:40:16 -05:00
#!/bin/bash
2024-04-22 07:48:54 -04:00
#DivestOS: A mobile operating system divested from the norm.
#Copyright (c) 2015-2024 Divested Computing Group
2017-11-05 10:58:01 -05:00
#
#This program is free software: you can redistribute it and/or modify
2024-07-27 18:00:56 -04:00
#it under the terms of the GNU Affero General Public License as published by
2017-11-05 10:58:01 -05:00
#the Free Software Foundation, either version 3 of the License, or
#(at your option) any later version.
#
#This program is distributed in the hope that it will be useful,
#but WITHOUT ANY WARRANTY; without even the implied warranty of
#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
2024-07-27 18:00:56 -04:00
#GNU Affero General Public License for more details.
2017-11-05 10:58:01 -05:00
#
2024-07-27 18:00:56 -04:00
#You should have received a copy of the GNU Affero General Public License
2024-07-27 18:31:21 -04:00
#along with this program. If not, see <https://www.gnu.org/licenses/>.
2021-10-16 19:15:19 -04:00
umask 0022;
2021-10-16 15:28:15 -04:00
set -euo pipefail;
2021-10-16 19:15:19 -04:00
source " $DOS_SCRIPTS_COMMON /Shell.sh " ;
2016-12-27 11:40:16 -05:00
2021-10-16 16:28:41 -04:00
#Last verified: 2021-10-16
2018-04-27 23:49:40 -04:00
2018-01-15 15:50:29 -05:00
#Initialize aliases
2018-07-09 16:04:09 -04:00
#source ../../Scripts/init.sh
2018-01-15 15:50:29 -05:00
2017-10-29 02:43:38 -04:00
#Delete Everything and Sync
2018-01-15 15:50:29 -05:00
#resetWorkspace
2017-03-14 11:11:05 -04:00
2017-10-29 02:43:38 -04:00
#Apply all of our changes
2018-01-15 15:50:29 -05:00
#patchWorkspace
2016-12-27 11:40:16 -05:00
2017-05-21 17:28:36 -04:00
#Build!
2018-01-15 15:50:29 -05:00
#buildDevice [device]
#buildAll
2016-12-27 11:40:16 -05:00
#
#START OF PREPRATION
#
2017-10-19 21:34:13 -04:00
#Download some (non-executable) out-of-tree files for use later on
2018-07-04 15:35:16 -04:00
cd " $DOS_TMP_DIR " ;
2024-05-20 12:52:16 -04:00
if [ " $DOS_HOSTS_BLOCKING " = true ] ; then wget --no-verbose " $DOS_HOSTS_BLOCKING_LIST " -N -O " $DOS_HOSTS_FILE " ; fi ;
2018-06-29 00:55:21 -04:00
cd " $DOS_BUILD_BASE " ;
2016-12-27 11:40:16 -05:00
#
#END OF PREPRATION
#
#
#START OF ROM CHANGES
#
2017-12-19 20:01:17 -05:00
#top dir
2023-03-08 00:22:01 -05:00
cp -r " $DOS_PREBUILT_APPS /Fennec_DOS-Shim " " $DOS_BUILD_BASE /packages/apps/ " ; #Add a shim to install Fennec DOS without actually including the large APK
cp -r " $DOS_PREBUILT_APPS /SupportDivestOS " " $DOS_BUILD_BASE /packages/apps/ " ; #Add the Support app
gpgVerifyDirectory " $DOS_PREBUILT_APPS /android_vendor_FDroid_PrebuiltApps/packages " ;
cp -r " $DOS_PREBUILT_APPS /android_vendor_FDroid_PrebuiltApps/. " " $DOS_BUILD_BASE /vendor/fdroid_prebuilt/ " ; #Add the prebuilt apps
cp -r " $DOS_PATCHES_COMMON /android_vendor_divested/. " " $DOS_BUILD_BASE /vendor/divested/ " ; #Add our vendor files
2017-12-19 20:01:17 -05:00
2022-11-10 16:50:18 -05:00
if enterAndClear "art" ; then
applyPatch " $DOS_PATCHES_COMMON /android_art/0001-mmap_fix.patch " ; #Workaround for mmap error when building (AOSP)
fi ;
2021-09-05 16:30:34 -04:00
if enterAndClear "bionic" ; then
2022-04-19 23:50:29 -04:00
applyPatch " $DOS_PATCHES_COMMON /android_bionic/0001-Wildcard_Hosts.patch " ; #Support wildcards in cached hosts file (backport from 16.0+) (tdm)
2024-05-09 14:23:02 -04:00
#if [ "$DOS_GRAPHENE_MALLOC_STAGING" = true ]; then
#applyPatch "$DOS_PATCHES/android_bionic/0001-HM-Use_HM.patch"; #(GrapheneOS)
#applyPatch "$DOS_PATCHES/android_bionic/0002-Add_Decay_Timer.patch"; #Add support for modifying decay timer.
#applyPatch "$DOS_PATCHES/android_bionic/0003-Add_M_PURGE.patch"; #malloc: add M_PURGE mallopt flag
#applyPatch "$DOS_PATCHES/android_bionic/0004-Add_random.h.patch"; #Add <sys/random.h>.
#fi;
2021-09-05 16:30:34 -04:00
fi ;
2021-07-08 20:41:33 -04:00
if enterAndClear "bootable/recovery" ; then
2021-08-05 23:42:37 -04:00
git revert --no-edit 3c0d796b79c7a1ee904e0cef7c0f2e20bf84c237; #Remove sideload cache, breaks with large files
2022-04-19 23:50:29 -04:00
applyPatch " $DOS_PATCHES /android_bootable_recovery/0001-Squash_Menus.patch " ; #What's a back button? (DivestOS)
2021-08-04 21:25:18 -04:00
sed -i 's/(!has_serial_number || serial_number_matched)/!has_serial_number/' recovery.cpp; #Abort package installs if they are specific to a serial number (GrapheneOS)
2021-07-08 20:41:33 -04:00
fi ;
2018-01-20 07:36:08 -05:00
2021-07-08 20:41:33 -04:00
if enterAndClear "build" ; then
2021-10-06 17:03:22 -04:00
git revert --no-edit a47d7ee7027ecb50e217c5e4d6ea7e201d7ea033; #Re-enable the downgrade check
2022-04-19 23:50:29 -04:00
applyPatch " $DOS_PATCHES /android_build/0001-OTA_Keys.patch " ; #Add correct keys to recovery for OTA verification (DivestOS)
2021-08-04 21:25:18 -04:00
sed -i '50i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
2018-07-13 21:43:03 -04:00
sed -i '296iLOCAL_AAPT_FLAGS += --auto-add-overlay' core/package_internal.mk;
2022-02-11 14:25:30 -05:00
awk -i inplace '!/Email/' target/product/core.mk; #Remove Email
awk -i inplace '!/Exchange2/' target/product/core.mk;
2024-10-07 20:36:29 -04:00
sed -i 's/2021-06-05/2024-10-05/' core/version_defaults.mk; #Bump Security String #n-asb-2024-10 #XXX
2021-07-08 20:41:33 -04:00
fi ;
2016-12-27 11:40:16 -05:00
2021-07-08 20:41:33 -04:00
if enterAndClear "device/qcom/sepolicy" ; then
2022-04-19 23:50:29 -04:00
applyPatch " $DOS_PATCHES /android_device_qcom_sepolicy/248649.patch " ; #msm_irqbalance: Allow read for stats and interrupts (syphyr)
applyPatch " $DOS_PATCHES /android_device_qcom_sepolicy/0001-Camera_Fix.patch " ; #Fix camera on user builds XXX: REMOVE THIS TRASH (DivestOS)
2021-07-08 20:41:33 -04:00
fi ;
2017-05-29 20:08:55 -04:00
2023-08-08 23:04:17 -04:00
if enterAndClear "external/aac" ; then
2023-08-23 11:05:03 -04:00
applyPatch " $DOS_PATCHES /android_external_aac/364027.patch " ; #R_asb_2023-08 Increase patchParam array size by one and fix out-of-bounce write in resetLppTransposer().
applyPatch " $DOS_PATCHES /android_external_aac/0001-makefile.patch " ; #Add Android.mk for legacy builds (syphyr)
2023-08-08 23:04:17 -04:00
fi ;
2023-05-29 14:31:15 -04:00
if enterAndClear "external/apache-http" ; then
applyPatch " $DOS_PATCHES /android_external_apache-http/0001-Fix.patch " ; #Fix compile failure (AOSP)
fi ;
2021-07-08 20:41:33 -04:00
if enterAndClear "external/chromium-webview" ; then
2024-05-20 12:52:16 -04:00
git lfs pull; #Ensure the objects are available
2021-07-08 20:41:33 -04:00
fi ;
2021-03-04 12:55:50 -05:00
2022-09-11 12:25:11 -04:00
if enterAndClear "external/expat" ; then
applyPatch " $DOS_PATCHES /android_external_expat/337987-backport.patch " ; #n-asb-2022-09 Prevent XML_GetBuffer signed integer overflow
applyPatch " $DOS_PATCHES /android_external_expat/337988-backport.patch " ; #n-asb-2022-09 Prevent integer overflow in function doProlog
applyPatch " $DOS_PATCHES /android_external_expat/337989-backport.patch " ; #n-asb-2022-09 Prevent more integer overflows
2023-02-07 22:21:04 -05:00
applyPatch " $DOS_PATCHES /android_external_expat/348649.patch " ; #n-asb-2023-02 Fix overeager DTD destruction (fixes #649)
2024-09-08 09:31:43 -04:00
applyPatch " $DOS_PATCHES /android_external_expat/0001-Validate-parser-parameter-to-XML_UseForeignDTD.patch " ;
applyPatch " $DOS_PATCHES /android_external_expat/0002-expat.h-Fix-version-hint-on-XML_ERROR_INVALID_ARGUME.patch " ;
applyPatch " $DOS_PATCHES /android_external_expat/0003-Validate-parser-parameter-for-XML_ParseBuffer.patch " ;
applyPatch " $DOS_PATCHES /android_external_expat/0004-lib-Reject-negative-len-for-XML_ParseBuffer.patch " ;
applyPatch " $DOS_PATCHES /android_external_expat/0005-lib-Detect-integer-overflow-in-dtdCopy.patch " ;
applyPatch " $DOS_PATCHES /android_external_expat/0006-lib-Detect-integer-overflow-in-function-nextScaffold.patch " ;
applyPatch " $DOS_PATCHES /android_external_expat/0007-lib-Stop-leaking-opening-tag-bindings-after-closing-.patch " ;
2022-09-11 12:25:11 -04:00
fi ;
2023-08-23 11:05:03 -04:00
if enterAndClear "external/freetype" ; then
applyPatch " $DOS_PATCHES /android_external_freetype/0001-makefile.patch " ; #Add Android.mk for legacy builds (syphyr)
2023-09-03 17:36:23 -04:00
applyPatch " $DOS_PATCHES /android_external_freetype/0002-fixup.patch " ; #Enable png and zlib support to Android.mk (syphyr)
2023-08-23 11:05:03 -04:00
fi ;
2023-07-07 13:39:05 -04:00
2024-05-09 14:23:02 -04:00
#if [ "$DOS_GRAPHENE_MALLOC_STAGING" = true ]; then
#if enterAndClear "external/hardened_malloc"; then
2024-05-20 12:52:16 -04:00
#applyPatch "$DOS_PATCHES_COMMON/android_external_hardened_malloc/0001-Broken_Cameras-1.patch"; #Workarounds for Pixel 3 SoC era camera driver bugs (GrapheneOS)
#applyPatch "$DOS_PATCHES_COMMON/android_external_hardened_malloc/0001-Broken_Cameras-2.patch"; #Expand workaround to all camera executables (DivestOS)
#applyPatch "$DOS_PATCHES_COMMON/android_external_hardened_malloc/0002-Broken_Displays.patch"; #Add workaround for OnePlus 8 & 9 display driver crash (DivestOS)
#applyPatch "$DOS_PATCHES_COMMON/android_external_hardened_malloc/0003-Broken_Audio.patch"; #Workaround for audio service sorting bug (GrapheneOS)
2024-05-09 14:23:02 -04:00
#sed -i 's/34359738368/2147483648/' Android.bp; #revert 48-bit address space requirement
#sed -i -e '76,78d;' Android.bp; #fix compile under A13
#sed -i -e '22,24d;' androidtest/Android.bp; #fix compile under A12
#awk -i inplace '!/vendor_ramdisk_available/' Android.bp; #fix compile under A11
#rm -rfv androidtest; #fix compile under A11
#sed -i -e '76,78d;' Android.bp; #fix compile under A10
#awk -i inplace '!/ramdisk_available/' Android.bp; #fix compile under A10
#git revert --no-edit 8974af86d12f7e29b54b5090133ab3d7eea0e519; #fix compile under A10
2024-05-10 19:12:22 -04:00
#git revert --no-edit a28da3c65aed0528036da9ebd33e0c05b2c5884a; #fix compile under A9
2024-05-20 17:45:07 -04:00
#mv include/h_malloc.h . ; #fix compile under A10
2024-05-09 14:23:02 -04:00
#awk -i inplace '!/recovery_available/' Android.bp; #fix compile under A9
#awk -i inplace '!/system_shared_libs/' Android.bp; #fix compile under A9
2024-05-10 19:12:22 -04:00
#sed -i 's/c17/c11/' Android.bp; #fix compile under A9
2024-05-09 14:23:02 -04:00
#sed -i 's/struct mallinfo info = {0};/struct mallinfo info = {};/' h_malloc.c; #fix compile under A8
#fi;
#fi;
2024-05-09 13:25:09 -04:00
2022-09-11 12:25:11 -04:00
if enterAndClear "external/libavc" ; then
applyPatch " $DOS_PATCHES /android_external_libavc/315711.patch " ; #n-asb-2021-09 Decoder: Update check for increment u2_cur_slice_num
applyPatch " $DOS_PATCHES /android_external_libavc/323462.patch " ; #n-asb-2022-02 Move slice increments after completing header parsing
fi ;
if enterAndClear "external/libexif" ; then
applyPatch " $DOS_PATCHES /android_external_libexif/323459.patch " ; #n-asb-2022-02 Fix MakerNote tag size overflow issues at read time.
applyPatch " $DOS_PATCHES /android_external_libexif/323460.patch " ; #n-asb-2022-02 Ensure MakeNote data pointers are initialized with NULL.
applyPatch " $DOS_PATCHES /android_external_libexif/323461.patch " ; #n-asb-2022-02 Zero initialize ExifMnoteData<vendor> during construction with exif_mnote_data_<vendor>_new.
fi ;
if enterAndClear "external/libnfc-nci" ; then
applyPatch " $DOS_PATCHES /android_external_libnfc-nci/317037.patch " ; #n-asb-2021-10 Type confusion due to race condition on tag type change
applyPatch " $DOS_PATCHES /android_external_libnfc-nci/318515.patch " ; #n-asb-2021-11 OOBW in phNxpNciHal_process_ext_rsp
applyPatch " $DOS_PATCHES /android_external_libnfc-nci/332458.patch " ; #n-asb-2022-06 Out of Bounds Read in nfa_dm_check_set_config
applyPatch " $DOS_PATCHES /android_external_libnfc-nci/332459.patch " ; #n-asb-2022-06 OOBR in nfc_ncif_proc_ee_discover_req()
applyPatch " $DOS_PATCHES /android_external_libnfc-nci/332460.patch " ; #n-asb-2022-06 Double Free in ce_t4t_data_cback
2022-10-06 15:02:52 -04:00
applyPatch " $DOS_PATCHES /android_external_libnfc-nci/341071.patch " ; #n-asb-2022-10 The length of a packet should be non-zero
2022-11-09 18:06:19 -05:00
applyPatch " $DOS_PATCHES /android_external_libnfc-nci/343955.patch " ; #n-asb-2022-11 OOBW in phNxpNciHal_write_unlocked()
2023-04-12 15:30:57 -04:00
applyPatch " $DOS_PATCHES /android_external_libnfc-nci/353760.patch " ; #n-asb-2023-04 OOBW in nci_snd_set_routing_cmd()
2023-07-07 13:39:05 -04:00
applyPatch " $DOS_PATCHES /android_external_libnfc-nci/360898.patch " ; #n-asb-2023-07 OOBW in rw_i93_send_to_upper()
2022-09-11 12:25:11 -04:00
fi ;
2023-09-28 09:17:25 -04:00
if enterAndClear "external/libvpx" ; then
applyPatch " $DOS_PATCHES /android_external_libvpx/CVE-2023-5217-backport.patch " ; #VP8: disallow thread count changes
fi ;
2023-10-05 16:23:30 -04:00
if enterAndClear "external/libxml2" ; then
applyPatch " $DOS_PATCHES /android_external_libxml2/367634.patch " ; #n-asb-2023-10 malloc-fail: Fix OOB read after xmlRegGetCounter
fi ;
2022-09-11 12:25:11 -04:00
if enterAndClear "external/sonivox" ; then
applyPatch " $DOS_PATCHES /android_external_sonivox/317038.patch " ; #n-asb-2021-10 Fix global buffer overflow in WT_InterpolateNoLoop
2024-05-10 19:40:43 -04:00
applyPatch " $DOS_PATCHES_COMMON /android_external_sonivox/391896.patch " ; #n-asb-2024-05 Fix buffer overrun in eas_wtengine
2022-09-11 12:25:11 -04:00
fi ;
2021-07-08 20:41:33 -04:00
if enterAndClear "external/sqlite" ; then
2021-10-16 13:52:04 -04:00
applyPatch " $DOS_PATCHES /android_external_sqlite/0001-Secure_Delete.patch " ; #Enable secure_delete by default (AndroidHardening-13.0)
2021-07-08 20:41:33 -04:00
fi ;
2016-12-27 11:40:16 -05:00
2022-09-11 12:25:11 -04:00
if enterAndClear "external/tremolo" ; then
applyPatch " $DOS_PATCHES /android_external_tremolo/319986.patch " ; #n-asb-2021-12 handle cases where order isn't a multiple of dimension
fi ;
2023-09-19 20:27:58 -04:00
if enterAndClear "external/webp" ; then
applyPatch " $DOS_PATCHES /android_external_webp/0001-makefile.patch " ; #Add Android.mk for legacy builds (syphyr)
fi ;
2023-03-14 12:20:40 -04:00
if enterAndClear "external/zlib" ; then
applyPatch " $DOS_PATCHES /android_external_zlib/351107.patch " ; #n-asb-2023-03 Fix a bug when getting a gzip header extra field with inflate().
fi ;
2021-07-08 20:41:33 -04:00
if enterAndClear "frameworks/av" ; then
2022-04-19 23:50:29 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_av/212799.patch " ; #FLAC extractor CVE-2017-0592. alt: 212827/174106 (AOSP)
2022-09-11 12:25:11 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_av/319987.patch " ; #n-asb-2021-12 Fix heap-buffer-overflow in MPEG4Extractor
applyPatch " $DOS_PATCHES /android_frameworks_av/321222.patch " ; #n-asb-2022-01 SimpleDecodingSource:Prevent OOB write in heap mem
2023-06-09 17:49:40 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_av/358729.patch " ; #n-asb-2023-06 Fix NuMediaExtractor::readSampleData buffer Handling
2023-09-05 20:50:31 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_av/365698.patch " ; #n-asb-2023-09 Fix Segv on unknown address error flagged by fuzzer test.
2023-11-10 20:49:10 -05:00
applyPatch " $DOS_PATCHES /android_frameworks_av/373035.patch " ; #n-asb-2023-11 Fix for heap buffer overflow issue flagged by fuzzer test.
2024-02-07 17:17:55 -05:00
applyPatch " $DOS_PATCHES /android_frameworks_av/381852.patch " ; #n-asb-2024-02 Update mtp packet buffer
2024-03-09 11:05:06 -05:00
applyPatch " $DOS_PATCHES /android_frameworks_av/385240.patch " ; #n-asb-2024-03 Fix out of bounds read and write in onQueueFilled in outQueue
applyPatch " $DOS_PATCHES /android_frameworks_av/385243.patch " ; #n-asb-2024-03 Validate OMX Params for VPx encoders
2024-08-09 14:18:06 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_av/399268.patch " ; #n-asb-2024-08 StagefrightRecoder: Disabling B-frame support
2024-05-09 14:23:02 -04:00
#if [ "$DOS_GRAPHENE_MALLOC_STAGING" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch"; fi; #(GrapheneOS)
2021-07-08 20:41:33 -04:00
fi ;
2019-04-04 00:31:47 -04:00
2021-07-08 20:41:33 -04:00
if enterAndClear "frameworks/base" ; then
2022-09-11 12:25:11 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_base/315712.patch " ; #n-asb-2021-09 Fix race condition between lockNow() and updateLockscreenTimeout
applyPatch " $DOS_PATCHES /android_frameworks_base/315713.patch " ; #n-asb-2021-09 Improve ellipsize performance
applyPatch " $DOS_PATCHES /android_frameworks_base/315740.patch " ; #n-asb-2021-09 Fix side effects of trace-ipc and dumpheap commands
applyPatch " $DOS_PATCHES /android_frameworks_base/315741.patch " ; #n-asb-2021-09 Don't attach private Notification to A11yEvent when user locked
applyPatch " $DOS_PATCHES /android_frameworks_base/317035.patch " ; #n-asb-2021-10 Fix a potential thread safety issue in VectorDrawable
applyPatch " $DOS_PATCHES /android_frameworks_base/317036.patch " ; #n-asb-2021-10 Apply a maximum char count to the load label api
applyPatch " $DOS_PATCHES /android_frameworks_base/317049.patch " ; #n-asb-2021-10 Change ownership of the account request notification.
applyPatch " $DOS_PATCHES /android_frameworks_base/317050.patch " ; #n-asb-2021-10 Send targeted broadcasts to prevent other apps from receiving them.
applyPatch " $DOS_PATCHES /android_frameworks_base/318516.patch " ; #n-asb-2021-11 camera2: Fix exception swallowing in params classes createFromParcel
applyPatch " $DOS_PATCHES /android_frameworks_base/318517.patch " ; #n-asb-2021-11 Bluetooth: Fix formatting in getAlias()
applyPatch " $DOS_PATCHES /android_frameworks_base/319988.patch " ; #n-asb-2021-12 Fix serialization bug in GpsNavigationMessage
applyPatch " $DOS_PATCHES /android_frameworks_base/322452.patch " ; #n-asb-2022-01 Fix another AddAccountSettings memory leak
applyPatch " $DOS_PATCHES /android_frameworks_base/322453.patch " ; #n-asb-2022-01 Force-set a ClipData to prevent later migration.
applyPatch " $DOS_PATCHES /android_frameworks_base/322454.patch " ; #n-asb-2022-01 Prevent apps from spamming addAccountExplicitly.
applyPatch " $DOS_PATCHES /android_frameworks_base/331108.patch " ; #n-asb-2022-05 Always restart apps if base.apk gets updated.
applyPatch " $DOS_PATCHES /android_frameworks_base/332444.patch " ; #n-asb-2022-06 Fixed a concurrent modification crash
applyPatch " $DOS_PATCHES /android_frameworks_base/332445.patch " ; #n-asb-2022-06 Fix security hole in GateKeeperResponse
applyPatch " $DOS_PATCHES /android_frameworks_base/332446.patch " ; #n-asb-2022-06 Update GeofenceHardwareRequestParcelable to match parcel/unparcel format.
applyPatch " $DOS_PATCHES /android_frameworks_base/332447.patch " ; #n-asb-2022-06 Prevent non-admin users from deleting system apps.
applyPatch " $DOS_PATCHES /android_frameworks_base/334325.patch " ; #n-asb-2022-06-FIXUP Modify conditions for preventing updated system apps from being downgraded
applyPatch " $DOS_PATCHES /android_frameworks_base/332448.patch " ; #n-asb-2022-06 limit TelecomManager#registerPhoneAccount to 10; api doc update
applyPatch " $DOS_PATCHES /android_frameworks_base/332449.patch " ; #n-asb-2022-06 Add an OEM configurable limit for zen rules
applyPatch " $DOS_PATCHES /android_frameworks_base/334035.patch " ; #n-asb-2022-07 Crash invalid FGS notifications
applyPatch " $DOS_PATCHES /android_frameworks_base/334871.patch " ; #n-asb-2022-08 Only allow system and same app to apply relinquishTaskIdentity
applyPatch " $DOS_PATCHES /android_frameworks_base/334872.patch " ; #n-asb-2022-08 Stop using invalid URL to prevent unexpected crash
applyPatch " $DOS_PATCHES /android_frameworks_base/334873.patch " ; #n-asb-2022-08 Only allow the system server to connect to sync adapters
applyPatch " $DOS_PATCHES /android_frameworks_base/338003.patch " ; #n-asb-2022-09 IMMS: Make IMMS PendingIntents immutable
2022-11-09 18:06:19 -05:00
applyPatch " $DOS_PATCHES /android_frameworks_base/343956.patch " ; #n-asb-2022-11 Switch TelecomManager List getters to ParceledListSlice
applyPatch " $DOS_PATCHES /android_frameworks_base/343957.patch " ; #n-asb-2022-11 Check permission for VoiceInteraction
2022-11-12 23:21:49 -05:00
applyPatch " $DOS_PATCHES /android_frameworks_base/344188.patch " ; #n-asb-2022-11 Do not send new Intent to non-exported activity when navigateUpTo
applyPatch " $DOS_PATCHES /android_frameworks_base/344189.patch " ; #n-asb-2022-11 Move accountname and typeName length check from Account.java to AccountManagerService.
2022-11-13 18:03:16 -05:00
applyPatch " $DOS_PATCHES /android_frameworks_base/344217.patch " ; #n-asb-2022-11 Do not dismiss keyguard after SIM PUK unlock
2022-12-10 16:34:46 -05:00
applyPatch " $DOS_PATCHES /android_frameworks_base/345519.patch " ; #n-asb-2022-12 Validate package name passed to setApplicationRestrictions.
applyPatch " $DOS_PATCHES /android_frameworks_base/345520.patch " ; #n-asb-2022-12 Ignore malformed shortcuts
applyPatch " $DOS_PATCHES /android_frameworks_base/345521.patch " ; #n-asb-2022-12 Fix permanent denial of service via setComponentEnabledSetting
applyPatch " $DOS_PATCHES /android_frameworks_base/345522.patch " ; #n-asb-2022-12 Add safety checks on KEY_INTENT mismatch.
2023-01-06 03:18:57 -05:00
applyPatch " $DOS_PATCHES /android_frameworks_base/346948.patch " ; #n-asb-2023-01 Limit lengths of fields in Condition to a max length.
applyPatch " $DOS_PATCHES /android_frameworks_base/346949.patch " ; #n-asb-2023-01 Disable all A11yServices from an uninstalled package.
applyPatch " $DOS_PATCHES /android_frameworks_base/346950.patch " ; #n-asb-2023-01 Trim any long string inputs that come in to AutomaticZenRule
applyPatch " $DOS_PATCHES /android_frameworks_base/346951.patch " ; #n-asb-2023-01 Fix conditionId string trimming in AutomaticZenRule
2023-02-07 22:21:04 -05:00
applyPatch " $DOS_PATCHES /android_frameworks_base/348650.patch " ; #n-asb-2023-02 Correct the behavior of ACTION_PACKAGE_DATA_CLEARED
applyPatch " $DOS_PATCHES /android_frameworks_base/348651.patch " ; #n-asb-2023-02 Convert argument to intent in ChooseTypeAndAccountActivity
2023-03-25 20:35:40 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_base/352086.patch " ; #n-asb-2023-03 Revoke dev perm if app is upgrading to post 23 and perm has pre23 flag
2023-04-12 15:30:57 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_base/353756.patch " ; #n-asb-2023-04 Context#startInstrumentation could be started from SHELL only now.
applyPatch " $DOS_PATCHES /android_frameworks_base/353757.patch " ; #n-asb-2023-04 Checking if package belongs to UID before registering broadcast receiver
applyPatch " $DOS_PATCHES /android_frameworks_base/353758.patch " ; #n-asb-2023-04 Fix checkKeyIntentParceledCorrectly's bypass
applyPatch " $DOS_PATCHES /android_frameworks_base/353759.patch " ; #n-asb-2023-04 Encode Intent scheme when serializing to URI string
2023-05-06 00:12:07 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_base/355865.patch " ; #n-asb-2023-05 Uri: check authority and scheme as part of determining URI path
applyPatch " $DOS_PATCHES /android_frameworks_base/355866.patch " ; #n-asb-2023-05 Checks if AccessibilityServiceInfo is within parcelable size.
2023-05-29 14:31:15 -04:00
#applyPatch "$DOS_PATCHES/android_frameworks_base/355867.patch"; #n-asb-2023-05 Stop managed profile owner granting READ_SMS #XXX: no-op
2023-06-09 17:49:40 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_base/358732.patch " ; #n-asb-2023-06 Prevent RemoteViews crashing SystemUi
applyPatch " $DOS_PATCHES /android_frameworks_base/358733.patch " ; #n-asb-2023-06 Check key intent for selectors and prohibited flags
applyPatch " $DOS_PATCHES /android_frameworks_base/358734.patch " ; #n-asb-2023-06 Handle invalid data during job loading.
2023-07-07 13:39:05 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_base/360893.patch " ; #n-asb-2023-07 Sanitize VPN label to prevent HTML injection
applyPatch " $DOS_PATCHES /android_frameworks_base/360894.patch " ; #n-asb-2023-07 Limit the number of supported v1 and v2 signers
applyPatch " $DOS_PATCHES /android_frameworks_base/360895.patch " ; #n-asb-2023-07 Truncate ShortcutInfo Id
2023-08-08 23:04:17 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_base/364029-backport.patch " ; #R_asb_2023-08 ActivityManager#killBackgroundProcesses can kill caller's own app only
applyPatch " $DOS_PATCHES /android_frameworks_base/364033-backport.patch " ; #R_asb_2023-08 Ensure policy has no absurdly long strings
applyPatch " $DOS_PATCHES /android_frameworks_base/364036-backport.patch " ; #R_asb_2023-08 Verify URI permissions in MediaMetadata
applyPatch " $DOS_PATCHES /android_frameworks_base/364037.patch " ; #R_asb_2023-08 Use Settings.System.getIntForUser instead of getInt to make sure user specific settings are used
applyPatch " $DOS_PATCHES /android_frameworks_base/364038-backport.patch " ; #R_asb_2023-08 Resolve StatusHints image exploit across user.
2023-09-07 21:23:50 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_base/365782.patch " ; #n-asb-2023-09 Update AccountManagerService checkKeyIntentParceledCorrectly.
2023-10-05 16:23:30 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_base/367635.patch " ; #n-asb-2023-10 RingtoneManager: verify default ringtone is audio
applyPatch " $DOS_PATCHES /android_frameworks_base/367636.patch " ; #n-asb-2023-10 Fixing DatabaseUtils to detect malformed UTF-16 strings
applyPatch " $DOS_PATCHES /android_frameworks_base/367637.patch " ; #n-asb-2023-10 Do not share key mappings with JNI object
applyPatch " $DOS_PATCHES /android_frameworks_base/367638.patch " ; #n-asb-2023-10 Fix KCM key mapping cloning
2023-11-10 20:49:10 -05:00
applyPatch " $DOS_PATCHES /android_frameworks_base/373033.patch " ; #n-asb-2023-11 [SettingsProvider] verify ringtone URI before setting
applyPatch " $DOS_PATCHES /android_frameworks_base/373034.patch " ; #n-asb-2023-11 Use type safe API of readParcelableArray
2023-12-07 00:07:00 -05:00
applyPatch " $DOS_PATCHES /android_frameworks_base/376458.patch " ; #n-asb-2023-12 Drop invalid data.
applyPatch " $DOS_PATCHES /android_frameworks_base/376459.patch " ; #n-asb-2023-12 Validate userId when publishing shortcuts
applyPatch " $DOS_PATCHES /android_frameworks_base/376460.patch " ; #n-asb-2023-12 Adding in verification of calling UID in onShellCommand
2023-12-26 09:32:44 -05:00
applyPatch " $DOS_PATCHES /android_frameworks_base/377939.patch " ; #n-asb-2023-12 Require permission to unlock keyguard
2024-01-05 23:14:43 -05:00
applyPatch " $DOS_PATCHES /android_frameworks_base/378954.patch " ; #n-asb-2024-01 Truncate user data to a limit of 500 characters
applyPatch " $DOS_PATCHES /android_frameworks_base/378955.patch " ; #n-asb-2024-01 Fix vulnerability that allowed attackers to start arbitary activities
applyPatch " $DOS_PATCHES /android_frameworks_base/378956.patch " ; #n-asb-2024-01 Fix ActivityManager#killBackgroundProcesses permissions
2024-03-09 11:05:06 -05:00
applyPatch " $DOS_PATCHES /android_frameworks_base/385241.patch " ; #n-asb-2024-03 Resolve custom printer icon boundary exploit.
applyPatch " $DOS_PATCHES /android_frameworks_base/385242.patch " ; #n-asb-2024-03 Close AccountManagerService.session after timeout.
2024-04-06 15:36:12 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_base/388831.patch " ; #n-asb-2024-04 Fix security vulnerability that creates user with no restrictions when accountOptions are too long.
2024-08-11 01:07:03 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_base/399270.patch " ; #Q_asb_2024-06 Added throttle when reporting shortcut usage
2024-07-04 09:17:52 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_base/393646.patch " ; #n-asb-2024-06 Add more checkKeyIntent checks to AccountManagerService.
applyPatch " $DOS_PATCHES /android_frameworks_base/393647.patch " ; #n-asb-2024-06 Adds additional sanitization for Zygote command arguments.
applyPatch " $DOS_PATCHES /android_frameworks_base/393648.patch " ; #n-asb-2024-06 Check hidden API exemptions
applyPatch " $DOS_PATCHES /android_frameworks_base/393649.patch " ; #n-asb-2024-06 AccessibilityManagerService: remove uninstalled services from enabled list after service update.
applyPatch " $DOS_PATCHES /android_frameworks_base/396611.patch " ; #n-asb-2024-07 Verify UID of incoming Zygote connections.
2024-08-09 14:18:06 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_base/399269.patch " ; #n-asb-2024-08 Restrict USB poups while setup is in progress
2024-09-08 09:48:56 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_base/400926.patch " ; #n-asb-2024-09 Sanitized uri scheme by removing scheme delimiter
2024-10-07 20:36:29 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_base/405038.patch " ; #n-asb-2024-10 Fail parseUri if end is missing
applyPatch " $DOS_PATCHES /android_frameworks_base/405039.patch " ; #n-asb-2024-10 Update AccountManagerService checkKeyIntent.
2021-08-04 21:25:18 -04:00
git revert --no-edit 0326bb5e41219cf502727c3aa44ebf2daa19a5b3; #Re-enable doze on devices without gms
2022-04-19 23:50:29 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_base/248599.patch " ; #Make SET_TIME_ZONE permission match SET_TIME (AOSP)
applyPatch " $DOS_PATCHES /android_frameworks_base/0001-Reduced_Resolution.patch " ; #Allow reducing resolution to save power TODO: Add 800x480 (DivestOS)
2021-10-16 13:52:04 -04:00
applyPatch " $DOS_PATCHES_COMMON /android_frameworks_base/0001-Browser_No_Location.patch " ; #Don't grant location permission to system browsers (GrapheneOS)
applyPatch " $DOS_PATCHES_COMMON /android_frameworks_base/0003-SUPL_No_IMSI.patch " ; #Don't send IMSI to SUPL (MSe1969)
2021-11-05 14:44:52 -04:00
if [ " $DOS_SENSORS_PERM " = true ] ; then applyPatch " $DOS_PATCHES /android_frameworks_base/0009-Sensors-P1.patch " ; fi ; #Permission for sensors access (MSe1969)
2021-10-16 15:20:27 -04:00
hardenLocationFWB " $DOS_BUILD_BASE " ; #Harden the default GPS config
sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox internal logging service
sed -i 's/(notif.needNotify)/(true)/' location/java/com/android/internal/location/GpsNetInitiatedHandler.java; #Notify the user if their location is requested via SUPL
2022-06-07 15:32:03 -04:00
sed -i 's/return 16;/return 64;/' core/java/android/app/admin/DevicePolicyManager.java; #Increase default max password length to 64 (GrapheneOS)
2021-10-16 15:20:27 -04:00
sed -i 's/DEFAULT_STRONG_AUTH_TIMEOUT_MS = 72 \* 60 \* 60 \* 1000;/DEFAULT_STRONG_AUTH_TIMEOUT_MS = 12 * 60 * 60 * 1000;/' core/java/android/app/admin/DevicePolicyManager.java; #Decrease the strong auth prompt timeout to occur more often
2020-05-24 14:05:00 -04:00
rm -rf packages/Osu; #Automatic Wi-Fi connection non-sense
rm -rf packages/PrintRecommendationService; #Creates popups to install proprietary print apps
2021-07-08 20:41:33 -04:00
fi ;
2017-05-12 13:39:14 -04:00
2022-12-10 16:34:46 -05:00
if enterAndClear "frameworks/minikin" ; then
applyPatch " $DOS_PATCHES /android_frameworks_minikin/345523.patch " ; #n-asb-2022-12 Fix OOB read for registerLocaleList
applyPatch " $DOS_PATCHES /android_frameworks_minikin/345524.patch " ; #n-asb-2022-12 Fix OOB crash for registerLocaleList
fi ;
2021-09-24 22:49:45 -04:00
if enterAndClear "frameworks/native" ; then
2022-09-11 12:25:11 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_native/315714.patch " ; #n-asb-2021-09 Do not modify vector after getting references
applyPatch " $DOS_PATCHES /android_frameworks_native/325993.patch " ; #n-asb-2022-03 Check if the window is partially obscured for slippery enters
2023-05-06 00:12:07 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_native/355868.patch " ; #n-asb-2023-05 Check for malformed Sensor Flattenable
applyPatch " $DOS_PATCHES /android_frameworks_native/355869.patch " ; #n-asb-2023-05 Fix sanitizer in ISensorService list functions.
applyPatch " $DOS_PATCHES /android_frameworks_native/355870.patch " ; #n-asb-2023-05 Remove some new memory leaks from SensorManager
2023-09-06 15:26:45 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_native/365756.patch " ; #n-asb-2023-09 Allow sensors list to be empty
2021-11-05 14:44:52 -04:00
if [ " $DOS_SENSORS_PERM " = true ] ; then applyPatch " $DOS_PATCHES /android_frameworks_native/0001-Sensors.patch " ; fi ; #Permission for sensors access (MSe1969)
2021-09-24 22:49:45 -04:00
fi ;
2018-06-29 00:55:21 -04:00
if [ " $DOS_DEBLOBBER_REMOVE_IMS " = true ] ; then
2021-07-08 20:41:33 -04:00
if enterAndClear "frameworks/opt/net/ims" ; then
2022-04-19 23:50:29 -04:00
applyPatch " $DOS_PATCHES /android_frameworks_opt_net_ims/0001-Fix_Calling.patch " ; #Fix calling when IMS is removed (DivestOS)
2018-06-13 07:07:47 -04:00
fi ;
2021-07-08 20:41:33 -04:00
fi ;
2017-05-04 21:42:25 -04:00
2021-07-08 20:41:33 -04:00
if enterAndClear "frameworks/opt/net/wifi" ; then
2019-08-30 02:09:45 -04:00
#Fix an issue when permision review is enabled that prevents using the Wi-Fi quick tile (AndroidHardening)
2021-02-07 19:41:46 -05:00
#See https://github.com/AndroidHardening/platform_frameworks_opt_net_wifi/commit/c2a2f077a902226093b25c563e0117e923c7495b
2017-12-05 18:22:31 -05:00
sed -i 's/boolean mPermissionReviewRequired/boolean mPermissionReviewRequired = false/' service/java/com/android/server/wifi/WifiServiceImpl.java;
2017-12-05 11:31:20 -05:00
awk -i inplace '!/mPermissionReviewRequired = Build.PERMISSIONS_REVIEW_REQUIRED/' service/java/com/android/server/wifi/WifiServiceImpl.java;
awk -i inplace '!/\|\| context.getResources\(\).getBoolean\(/' service/java/com/android/server/wifi/WifiServiceImpl.java;
awk -i inplace '!/com.android.internal.R.bool.config_permissionReviewRequired/' service/java/com/android/server/wifi/WifiServiceImpl.java;
2021-07-08 20:41:33 -04:00
fi ;
2017-12-05 11:31:20 -05:00
2021-07-08 20:41:33 -04:00
if enterAndClear "hardware/ti/omap4" ; then
2022-04-19 23:50:29 -04:00
applyPatch " $DOS_PATCHES /android_hardware_ti_omap4/0001-tuna-camera.patch " ; #Fix camera on tuna (repinski)
2021-07-08 20:41:33 -04:00
fi ;
2019-02-01 02:52:54 -05:00
2021-07-08 20:41:33 -04:00
if enterAndClear "hardware/ti/wlan" ; then
2019-10-19 17:56:37 -04:00
#krack fixes
2022-04-19 23:50:29 -04:00
applyPatch " $DOS_PATCHES /android_hardware_ti_wlan/209209.patch " ; #wl12xx: Update SR and MR firmwares versions (Texas Instruments)
applyPatch " $DOS_PATCHES /android_hardware_ti_wlan/209210.patch " ; #wl12xx: Update SR PLT firmwares (Texas Instruments)
2021-07-08 20:41:33 -04:00
fi ;
2019-10-19 17:56:37 -04:00
2021-07-08 20:41:33 -04:00
if enterAndClear "hardware/qcom/display" ; then
2022-04-19 23:50:29 -04:00
applyPatch " $DOS_PATCHES_COMMON /android_hardware_qcom_display/CVE-2019-2306-msm8084.patch " --directory= "msm8084" ; #(Qualcomm)
2021-10-16 13:52:04 -04:00
applyPatch " $DOS_PATCHES_COMMON /android_hardware_qcom_display/CVE-2019-2306-msm8916.patch " --directory= "msm8226" ;
applyPatch " $DOS_PATCHES_COMMON /android_hardware_qcom_display/CVE-2019-2306-msm8960.patch " --directory= "msm8960" ;
applyPatch " $DOS_PATCHES_COMMON /android_hardware_qcom_display/CVE-2019-2306-msm8974.patch " --directory= "msm8974" ;
applyPatch " $DOS_PATCHES_COMMON /android_hardware_qcom_display/CVE-2019-2306-msm8994.patch " --directory= "msm8994" ;
2021-01-06 13:41:41 -05:00
#missing msm8909, msm8996, msm8998
2022-04-19 23:50:29 -04:00
applyPatch " $DOS_PATCHES /android_hardware_qcom_display/229952.patch " ; #n_asb_09-2018-qcom (AOSP)
2021-07-08 20:41:33 -04:00
fi ;
2021-01-06 13:41:41 -05:00
2021-07-08 20:41:33 -04:00
if enterAndClear "hardware/qcom/display-caf/apq8084" ; then
2021-10-16 13:52:04 -04:00
applyPatch " $DOS_PATCHES_COMMON /android_hardware_qcom_display/CVE-2019-2306-apq8084.patch " ;
2021-07-08 20:41:33 -04:00
fi ;
2021-01-06 13:41:41 -05:00
2021-07-08 20:41:33 -04:00
if enterAndClear "hardware/qcom/display-caf/msm8916" ; then
2021-10-16 13:52:04 -04:00
applyPatch " $DOS_PATCHES_COMMON /android_hardware_qcom_display/CVE-2019-2306-msm8916.patch " ;
2021-07-08 20:41:33 -04:00
fi ;
2021-01-06 13:41:41 -05:00
2021-07-08 20:41:33 -04:00
if enterAndClear "hardware/qcom/display-caf/msm8952" ; then
2021-10-16 13:52:04 -04:00
applyPatch " $DOS_PATCHES_COMMON /android_hardware_qcom_display/CVE-2019-2306-msm8952.patch " ;
2021-07-08 20:41:33 -04:00
fi ;
2021-01-06 13:41:41 -05:00
2021-07-08 20:41:33 -04:00
if enterAndClear "hardware/qcom/display-caf/msm8960" ; then
2021-10-16 13:52:04 -04:00
applyPatch " $DOS_PATCHES_COMMON /android_hardware_qcom_display/CVE-2019-2306-msm8960.patch " ;
2021-07-08 20:41:33 -04:00
fi ;
2021-01-06 13:41:41 -05:00
2021-07-08 20:41:33 -04:00
if enterAndClear "hardware/qcom/display-caf/msm8974" ; then
2021-10-16 13:52:04 -04:00
applyPatch " $DOS_PATCHES_COMMON /android_hardware_qcom_display/CVE-2019-2306-msm8974.patch " ;
2021-07-08 20:41:33 -04:00
fi ;
2021-01-06 13:41:41 -05:00
2021-07-08 20:41:33 -04:00
if enterAndClear "hardware/qcom/display-caf/msm8994" ; then
2021-10-16 13:52:04 -04:00
applyPatch " $DOS_PATCHES_COMMON /android_hardware_qcom_display/CVE-2019-2306-msm8994.patch " ;
2021-07-08 20:41:33 -04:00
fi ;
2021-01-06 13:41:41 -05:00
2021-07-09 21:04:08 -04:00
if enterAndClear "hardware/qcom/display-caf/msm8996" ; then
2022-04-19 23:50:29 -04:00
applyPatch " $DOS_PATCHES /android_hardware_qcom_display/227623.patch " ; #n_asb_09-2018-qcom (AOSP)
2021-07-09 21:04:08 -04:00
fi ;
if enterAndClear "hardware/qcom/display-caf/msm8998" ; then
2022-04-19 23:50:29 -04:00
applyPatch " $DOS_PATCHES /android_hardware_qcom_display/227624.patch " ; #n_asb_09-2018-qcom (AOSP)
2021-07-09 21:04:08 -04:00
fi ;
2021-07-08 20:41:33 -04:00
if enterAndClear "hardware/qcom/gps" ; then
2022-04-19 23:50:29 -04:00
applyPatch " $DOS_PATCHES /android_hardware_qcom_gps/0001-rollover.patch " ; #Fix week rollover (jlask)
2021-07-08 20:41:33 -04:00
fi ;
2020-08-09 12:14:29 -04:00
2021-07-09 21:04:08 -04:00
if enterAndClear "hardware/qcom/media" ; then
2022-04-19 23:50:29 -04:00
applyPatch " $DOS_PATCHES /android_hardware_qcom_media/229950.patch " ; #n_asb_09-2018-qcom (AOSP)
applyPatch " $DOS_PATCHES /android_hardware_qcom_media/229951.patch " ; #n_asb_09-2018-qcom (AOSP)
2021-07-09 21:04:08 -04:00
fi ;
if enterAndClear "hardware/qcom/media-caf/apq8084" ; then
2022-04-19 23:50:29 -04:00
applyPatch " $DOS_PATCHES /android_hardware_qcom_media/227620.patch " ; #n_asb_09-2018-qcom (CAF)
2021-07-09 21:04:08 -04:00
fi ;
if enterAndClear "hardware/qcom/media-caf/msm8994" ; then
2022-04-19 23:50:29 -04:00
applyPatch " $DOS_PATCHES /android_hardware_qcom_media/227622.patch " ; #n_asb_09-2018-qcom (CAF)
2021-07-09 21:04:08 -04:00
fi ;
2024-10-07 20:36:29 -04:00
if enterAndClear "libcore" ; then
applyPatch " $DOS_PATCHES /android_libcore/405037.patch " ; #n-asb-2024-10 Do not accept zip files with invalid headers.
fi ;
2022-09-11 12:25:11 -04:00
if enterAndClear "packages/apps/Bluetooth" ; then
applyPatch " $DOS_PATCHES /android_packages_apps_Bluetooth/332451.patch " ; #n-asb-2022-06 Removes app access to BluetoothAdapter#setScanMode by requiring BLUETOOTH_PRIVILEGED permission.
applyPatch " $DOS_PATCHES /android_packages_apps_Bluetooth/332452.patch " ; #n-asb-2022-06 Removes app access to BluetoothAdapter#setDiscoverableTimeout by requiring BLUETOOTH_PRIVILEGED permission.
2022-12-10 16:34:46 -05:00
applyPatch " $DOS_PATCHES /android_packages_apps_Bluetooth/345525.patch " ; #n-asb-2022-12 Fix URI check in BluetoothOppUtility.java
2023-02-07 22:21:04 -05:00
applyPatch " $DOS_PATCHES /android_packages_apps_Bluetooth/348652.patch " ; #n-asb-2023-02 Fix OPP comparison
2023-12-07 00:07:00 -05:00
applyPatch " $DOS_PATCHES /android_packages_apps_Bluetooth/376469.patch " ; #n-asb-2023-12 Fix UAF in ~CallbackEnv
2022-09-11 12:25:11 -04:00
fi ;
2022-06-02 23:03:16 -04:00
if enterAndClear "packages/apps/Contacts" ; then
2022-09-11 12:25:11 -04:00
applyPatch " $DOS_PATCHES /android_packages_apps_Contacts/318518.patch " ; #n-asb-2021-11 Add permission to start NFC activity to ensure it is from NFC stack
applyPatch " $DOS_PATCHES /android_packages_apps_Contacts/319989.patch " ; #n-asb-2021-12 Address photo editing security bug
applyPatch " $DOS_PATCHES /android_packages_apps_Contacts/332453.patch " ; #n-asb-2022-06 No longer export CallSubjectDialog
2022-06-02 23:03:16 -04:00
applyPatch " $DOS_PATCHES_COMMON /android_packages_apps_Contacts/0004-No_GMaps.patch " ; #Use common intent for directions instead of Google Maps URL (GrapheneOS)
fi ;
2021-07-08 20:41:33 -04:00
if enterAndClear "packages/apps/CMParts" ; then
2018-04-23 08:59:18 -04:00
rm -rf src/org/cyanogenmod/cmparts/cmstats/ res/xml/anonymous_stats.xml res/xml/preview_data.xml; #Nuke part of CMStats
2022-04-19 23:50:29 -04:00
applyPatch " $DOS_PATCHES /android_packages_apps_CMParts/0001-Remove_Analytics.patch " ; #Remove the rest of CMStats (DivestOS)
applyPatch " $DOS_PATCHES /android_packages_apps_CMParts/0002-Reduced_Resolution.patch " ; #Allow reducing resolution to save power (DivestOS)
2022-08-15 16:37:41 -04:00
cp -f " $DOS_PATCHES_COMMON /contributors.db " assets/contributors.db; #Update contributors cloud
2021-07-08 20:41:33 -04:00
fi ;
2017-05-29 20:08:55 -04:00
2022-09-11 12:25:11 -04:00
if enterAndClear "packages/apps/Dialer" ; then
applyPatch " $DOS_PATCHES /android_packages_apps_Dialer/332454.patch " ; #n-asb-2022-06 No longer export CallSubjectDialog
fi ;
if enterAndClear "packages/apps/KeyChain" ; then
applyPatch " $DOS_PATCHES /android_packages_apps_KeyChain/319990.patch " ; #n-asb-2021-12 Hide overlay on KeyChainActivity
applyPatch " $DOS_PATCHES /android_packages_apps_KeyChain/334036.patch " ; #n-asb-2022-07 Encode authority part of uri before showing in UI
fi ;
2023-10-03 15:17:06 -04:00
if enterAndClear "packages/apps/Messaging" ; then
applyPatch " $DOS_PATCHES_COMMON /android_packages_apps_Messaging/0001-null-fix.patch " ; #Handle null case (GrapheneOS)
fi ;
2022-09-11 12:25:11 -04:00
if enterAndClear "packages/apps/Nfc" ; then
applyPatch " $DOS_PATCHES /android_packages_apps_Nfc/315715.patch " ; #n-asb-2021-09 Add HIDE_NON_SYSTEM_OVERLAY_WINDOWS permission to Nfc
applyPatch " $DOS_PATCHES /android_packages_apps_Nfc/328308.patch " ; #n-asb-2022-04 Do not set default contactless application without user interaction
applyPatch " $DOS_PATCHES /android_packages_apps_Nfc/332455.patch " ; #n-asb-2022-06 OOB read in phNciNfc_RecvMfResp()
2023-01-06 03:18:57 -05:00
applyPatch " $DOS_PATCHES /android_packages_apps_Nfc/346953.patch " ; #n-asb-2023-01 OOBW in Mfc_Transceive()
2023-02-07 22:21:04 -05:00
applyPatch " $DOS_PATCHES /android_packages_apps_Nfc/348653.patch " ; #n-asb-2023-02 DO NOT MERGE OOBW in phNciNfc_MfCreateXchgDataHdr
2022-09-11 12:25:11 -04:00
fi ;
2021-07-08 20:41:33 -04:00
if enterAndClear "packages/apps/PackageInstaller" ; then
2022-04-19 23:50:29 -04:00
applyPatch " $DOS_PATCHES /android_packages_apps_PackageInstaller/64d8b44.patch " ; #Fix an issue with Permission Review (AOSP/452540)
2022-11-12 23:21:49 -05:00
applyPatch " $DOS_PATCHES /android_packages_apps_PackageInstaller/344187.patch " ; #n-asb-2022-11 Hide overlays on ReviewPermissionsAtivity
2021-07-08 20:41:33 -04:00
fi ;
2017-12-04 22:48:33 -05:00
2021-07-08 20:41:33 -04:00
if enterAndClear "packages/apps/Settings" ; then
2022-09-11 12:25:11 -04:00
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/315716.patch " ; #n-asb-2021-09 Update string
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/315717.patch " ; #n-asb-2021-09 Fix phishing attacks over Bluetooth due to unclear warning message
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/318519.patch " ; #n-asb-2021-11 Import translations.
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/319991.patch " ; #n-asb-2021-12 BluetoothSecurity: Add BLUETOOTH_PRIVILEGED permission for pairing dialog
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/323458.patch " ; #n-asb-2022-02 Rephrase dialog message of clear storage dialog for security concern
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/325994.patch " ; #n-asb-2022-03 Fix bypass CALL_PRIVILEGED permission in AppRestrictionsFragment
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/327099.patch " ; #n-asb-2022-03 Add caller check to com.android.credentials.RESET
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/334037.patch " ; #n-asb-2022-07 Fix LaunchAnyWhere in AppRestrictionsFragment
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/334874.patch " ; #n-asb-2022-08 Verify ringtone from ringtone picker is audio
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/334875.patch " ; #n-asb-2022-08 Fix Settings crash when setting a null ringtone
2022-12-10 16:34:46 -05:00
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/345679.patch " ; #n-asb-2022-12 Add FLAG_SECURE for ChooseLockPassword and Pattern
2023-06-09 17:49:40 -04:00
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/358738.patch " ; #n-asb-2023-06 Convert argument to intent in AddAccountSettings.
2023-10-05 16:23:30 -04:00
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/367639.patch " ; #n-asb-2023-10 Restrict ApnEditor settings
2024-09-06 14:52:17 -04:00
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/400927.patch " ; #n-asb-2024-09 Limit wifi item edit content's max length to 500
2021-08-04 21:25:18 -04:00
git revert --no-edit 2ebe6058c546194a301c1fd22963d6be4adbf961; #Don't hide OEM unlock
2022-04-19 23:50:29 -04:00
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/201113.patch " ; #wifi: Add world regulatory domain country code (syphyr)
2021-10-16 13:52:04 -04:00
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch " ; #Add option to disable captive portal checks (MSe1969)
2021-11-05 14:44:52 -04:00
if [ " $DOS_SENSORS_PERM " = true ] ; then
2021-10-16 13:52:04 -04:00
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/0002-Sensors-P1.patch " ; #Permission for sensors access (MSe1969)
applyPatch " $DOS_PATCHES /android_packages_apps_Settings/0002-Sensors-P2.patch " ;
2021-11-05 14:44:52 -04:00
fi ;
2022-06-07 15:32:03 -04:00
sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 64;/' src/com/android/settings/ChooseLockPassword.java; #Increase default max password length to 64 (GrapheneOS)
2019-01-14 03:12:50 -05:00
sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service
2021-07-08 20:41:33 -04:00
fi ;
2017-05-29 14:13:29 -04:00
2021-07-08 20:41:33 -04:00
if enterAndClear "packages/apps/SetupWizard" ; then
2022-04-19 23:50:29 -04:00
applyPatch " $DOS_PATCHES /android_packages_apps_SetupWizard/0001-Remove_Analytics.patch " ; #Remove the rest of CMStats (DivestOS)
2021-07-08 20:41:33 -04:00
fi ;
2017-10-18 07:54:56 -04:00
2023-06-09 17:49:40 -04:00
if enterAndClear "packages/apps/TvSettings" ; then
applyPatch " $DOS_PATCHES /android_packages_apps_TvSettings/358739.patch " ; #n-asb-2023-06 Convert argument to intent in addAccount TvSettings.
fi ;
2021-07-08 20:41:33 -04:00
if enterAndClear "packages/apps/Updater" ; then
2022-04-19 23:50:29 -04:00
applyPatch " $DOS_PATCHES /android_packages_apps_Updater/0001-Server.patch " ; #Switch to our server (DivestOS)
applyPatch " $DOS_PATCHES /android_packages_apps_Updater/0002-Tor_Support.patch " ; #Add Tor support (DivestOS)
2021-07-08 20:41:33 -04:00
fi ;
2017-11-05 16:49:52 -05:00
2021-07-08 20:41:33 -04:00
if enterAndClear "packages/apps/WallpaperPicker" ; then
2017-11-04 09:47:54 -04:00
rm res/drawable-nodpi/{ *.png,*.jpg} res/values-nodpi/wallpapers.xml; #Remove old ones
2018-06-29 00:55:21 -04:00
cp -r " $DOS_WALLPAPERS " 'Compressed/.' res/drawable-nodpi/; #Add ours
cp -r " $DOS_WALLPAPERS " "Thumbs/." res/drawable-nodpi/;
cp " $DOS_WALLPAPERS " "wallpapers.xml" res/values-nodpi/wallpapers.xml;
2017-11-04 16:56:52 -04:00
sed -i 's/req.touchEnabled = touchEnabled;/req.touchEnabled = true;/' src/com/android/wallpaperpicker/WallpaperCropActivity.java; #Allow scrolling
sed -i 's/mCropView.setTouchEnabled(req.touchEnabled);/mCropView.setTouchEnabled(true);/' src/com/android/wallpaperpicker/WallpaperCropActivity.java;
2018-01-20 07:36:08 -05:00
sed -i 's/WallpaperUtils.EXTRA_WALLPAPER_OFFSET, 0);/WallpaperUtils.EXTRA_WALLPAPER_OFFSET, 0.5f);/' src/com/android/wallpaperpicker/WallpaperPickerActivity.java; #Center aligned by default
2021-07-08 20:41:33 -04:00
fi ;
2017-11-04 09:47:54 -04:00
2021-07-08 20:41:33 -04:00
if enterAndClear "packages/inputmethods/LatinIME" ; then
2022-04-19 23:50:29 -04:00
applyPatch " $DOS_PATCHES_COMMON /android_packages_inputmethods_LatinIME/0001-Voice.patch " ; #Remove voice input key (DivestOS)
2021-10-16 13:52:04 -04:00
applyPatch " $DOS_PATCHES_COMMON /android_packages_inputmethods_LatinIME/0002-Disable_Personalization.patch " ; #Disable personalization dictionary by default (GrapheneOS)
2021-07-08 20:41:33 -04:00
fi ;
2017-05-29 20:27:06 -04:00
2022-09-11 12:25:11 -04:00
if enterAndClear "packages/services/Telecomm" ; then
applyPatch " $DOS_PATCHES /android_packages_services_Telecomm/332456.patch " ; #n-asb-2022-06 limit TelecomManager#registerPhoneAccount to 10
2022-11-09 18:06:19 -05:00
applyPatch " $DOS_PATCHES /android_packages_services_Telecomm/343953.patch " ; #n-asb-2022-11 Switch TelecomManager List getters to ParceledListSlice
2022-12-10 16:34:46 -05:00
applyPatch " $DOS_PATCHES /android_packages_services_Telecomm/345526.patch " ; #n-asb-2022-12 Hide overlay windows when showing phone account enable/disable screen.
2023-08-08 23:04:17 -04:00
applyPatch " $DOS_PATCHES /android_packages_services_Telecomm/364041-backport.patch " ; #R_asb_2023-08 Resolve StatusHints image exploit across user.
2022-09-11 12:25:11 -04:00
fi ;
2021-07-08 20:41:33 -04:00
if enterAndClear "packages/services/Telephony" ; then
2023-01-06 03:18:57 -05:00
applyPatch " $DOS_PATCHES /android_packages_services_Telephony/346954.patch " ; #n-asb-2023-01 Prevent overlays on the phone settings
2023-09-05 20:50:31 -04:00
applyPatch " $DOS_PATCHES /android_packages_services_Telephony/365699.patch " ; #n-asb-2023-09 Fixed leak of cross user data in multiple settings.
2022-04-19 23:50:29 -04:00
applyPatch " $DOS_PATCHES /android_packages_services_Telephony/0001-PREREQ_Handle_All_Modes.patch " ; #(DivestOS)
2021-10-16 13:52:04 -04:00
applyPatch " $DOS_PATCHES /android_packages_services_Telephony/0002-More_Preferred_Network_Modes.patch " ;
2021-07-08 20:41:33 -04:00
fi ;
2018-12-27 12:11:25 -05:00
2022-09-11 12:25:11 -04:00
if enterAndClear "packages/providers/ContactsProvider" ; then
applyPatch " $DOS_PATCHES /android_packages_providers_ContactsProvider/334876.patch " ; #n-asb-2022-08 enforce stricter CallLogProvider query
fi ;
if enterAndClear "packages/providers/MediaProvider" ; then
applyPatch " $DOS_PATCHES /android_packages_providers_MediaProvider/324248.patch " ; #n-asb-2022-02 Open all files with O_NOFOLLOW.
fi ;
2022-11-09 18:06:19 -05:00
if enterAndClear "packages/providers/TelephonyProvider" ; then
applyPatch " $DOS_PATCHES /android_packages_providers_TelephonyProvider/343954.patch " ; #n-asb-2022-11 Check dir path before updating permissions.
2023-08-08 23:04:17 -04:00
applyPatch " $DOS_PATCHES /android_packages_providers_TelephonyProvider/364040-backport.patch " ; #R_asb_2023-08 Update file permissions using canonical path
2024-05-07 17:45:55 -04:00
applyPatch " $DOS_PATCHES /android_packages_providers_TelephonyProvider/376079.patch " ; #n-asb-2023-11 Block access to sms/mms db from work profile.
2022-11-09 18:06:19 -05:00
fi ;
2021-07-08 20:41:33 -04:00
if enterAndClear "system/bt" ; then
2022-09-11 12:25:11 -04:00
applyPatch " $DOS_PATCHES /android_system_bt/315718.patch " ; #BLE: [IOT] Initiate disconnection when encryption fails during pairing #CVE-2021-1957
applyPatch " $DOS_PATCHES /android_system_bt/315719.patch " ; #n-asb-2021-09 SMP: Reject pairing if public_key.x match
applyPatch " $DOS_PATCHES /android_system_bt/320420.patch " ; #n-asb-2021-12 osi: Prevent memory allocations with MSB set
applyPatch " $DOS_PATCHES /android_system_bt/323456.patch " ; #n-asb-2022-02 security: Use-After-Free in btm_sec_[dis]connected
applyPatch " $DOS_PATCHES /android_system_bt/323457.patch " ; #n-asb-2022-02 Reset the IRK after all devices are unpaired
applyPatch " $DOS_PATCHES /android_system_bt/328306.patch " ; #n-asb-2022-04 Security fix OOB read due to invalid count in stack/avrc/avrc_pars_ct
applyPatch " $DOS_PATCHES /android_system_bt/334032.patch " ; #n-asb-2022-07 Security: Fix out of bound write in HFP client
applyPatch " $DOS_PATCHES /android_system_bt/334033.patch " ; #n-asb-2022-07 Check Avrcp packet vendor length before extracting length
applyPatch " $DOS_PATCHES /android_system_bt/334034.patch " ; #n-asb-2022-07 Security: Fix out of bound read in AT_SKIP_REST
applyPatch " $DOS_PATCHES /android_system_bt/334877.patch " ; #n-asb-2022-08 Removing bonded device when auth fails due to missing keys
applyPatch " $DOS_PATCHES /android_system_bt/337998.patch " ; #n-asb-2022-09 Fix OOB in BNEP_Write
applyPatch " $DOS_PATCHES /android_system_bt/337999.patch " ; #n-asb-2022-09 Fix OOB in bnep_is_packet_allowed
applyPatch " $DOS_PATCHES /android_system_bt/338000.patch " ; #n-asb-2022-09 Fix OOB in reassemble_and_dispatch
2022-10-06 15:02:52 -04:00
applyPatch " $DOS_PATCHES /android_system_bt/341070.patch " ; #n-asb-2022-10 Fix potential interger overflow when parsing vendor response
2022-11-09 18:06:19 -05:00
applyPatch " $DOS_PATCHES /android_system_bt/343958.patch " ; #n-asb-2022-11 Add buffer in pin_reply in bluetooth.cc
applyPatch " $DOS_PATCHES /android_system_bt/343959.patch " ; #n-asb-2022-11 Add negative length check in process_service_search_rsp
2022-12-10 16:34:46 -05:00
applyPatch " $DOS_PATCHES /android_system_bt/345527.patch " ; #n-asb-2022-12 Add length check when copy AVDTP packet
applyPatch " $DOS_PATCHES /android_system_bt/345528.patch " ; #n-asb-2022-12 Added max buffer length check
applyPatch " $DOS_PATCHES /android_system_bt/345529.patch " ; #n-asb-2022-12 Add missing increment in bnep_api.cc
applyPatch " $DOS_PATCHES /android_system_bt/345530.patch " ; #n-asb-2022-12 Add length check when copy AVDT and AVCT packet
applyPatch " $DOS_PATCHES /android_system_bt/345531.patch " ; #n-asb-2022-12 Fix integer overflow when parsing avrc response
2023-01-06 03:18:57 -05:00
applyPatch " $DOS_PATCHES /android_system_bt/346952.patch " ; #n-asb-2023-01 Once AT command is retrieved, return from method.
2023-02-07 22:21:04 -05:00
applyPatch " $DOS_PATCHES /android_system_bt/348654.patch " ; #n-asb-2023-02 Add bounds check in avdt_scb_act.cc
2023-03-14 12:20:40 -04:00
applyPatch " $DOS_PATCHES /android_system_bt/351105.patch " ; #n-asb-2023-03 Fix an OOB Write bug in gatt_check_write_long_terminate
applyPatch " $DOS_PATCHES /android_system_bt/351106.patch " ; #n-asb-2023-03 Fix an OOB write in SDP_AddAttribute
applyPatch " $DOS_PATCHES /android_system_bt/351109.patch " ; #n-asb-2023-03 AVRCP: Fix potential buffer overflow
2023-04-12 15:30:57 -04:00
applyPatch " $DOS_PATCHES /android_system_bt/353754.patch " ; #n-asb-2023-04 AVDTP: Fix a potential overflow about the media payload offset
applyPatch " $DOS_PATCHES /android_system_bt/353755.patch " ; #n-asb-2023-04 Fix an OOB bug in register_notification_rsp
2023-06-09 17:49:40 -04:00
applyPatch " $DOS_PATCHES /android_system_bt/358735.patch " ; #n-asb-2023-06 Prevent use-after-free of HID reports
applyPatch " $DOS_PATCHES /android_system_bt/358736.patch " ; #n-asb-2023-06 Revert "Revert "[RESTRICT AUTOMERGE] Validate buffer length in sdpu_build_uuid_seq""
applyPatch " $DOS_PATCHES /android_system_bt/358737.patch " ; #n-asb-2023-06 Revert "Revert "Fix wrong BR/EDR link key downgrades (P_256->P_192)""
2023-07-07 13:39:05 -04:00
applyPatch " $DOS_PATCHES /android_system_bt/360892.patch " ; #n-asb-2023-07 Fix gatt_end_operation buffer overflow
2023-09-05 20:50:31 -04:00
applyPatch " $DOS_PATCHES /android_system_bt/365694.patch " ; #n-asb-2023-09 Fix integer overflow in build_read_multi_rsp
applyPatch " $DOS_PATCHES /android_system_bt/365695.patch " ; #n-asb-2023-09 Fix reliable write.
applyPatch " $DOS_PATCHES /android_system_bt/365696.patch " ; #n-asb-2023-09 Fix UAF in gatt_cl.cc
applyPatch " $DOS_PATCHES /android_system_bt/365697.patch " ; #n-asb-2023-09 Fix an integer overflow bug in avdt_msg_asmbl
2023-12-07 00:07:00 -05:00
applyPatch " $DOS_PATCHES /android_system_bt/376461.patch " ; #n-asb-2023-12 BT: Fixing the rfc_slot_id overflow
applyPatch " $DOS_PATCHES /android_system_bt/376462.patch " ; #n-asb-2023-12 Fix OOB Write in pin_reply in bluetooth.cc
applyPatch " $DOS_PATCHES /android_system_bt/376463.patch " ; #n-asb-2023-12 Reject access to secure service authenticated from a temp bonding [1]
applyPatch " $DOS_PATCHES /android_system_bt/376464.patch " ; #n-asb-2023-12 Reject access to secure services authenticated from temp bonding [2]
applyPatch " $DOS_PATCHES /android_system_bt/376465.patch " ; #n-asb-2023-12 Reject access to secure service authenticated from a temp bonding [3]
applyPatch " $DOS_PATCHES /android_system_bt/376466.patch " ; #n-asb-2023-12 Reorganize the code for checking auth requirement
applyPatch " $DOS_PATCHES /android_system_bt/376467.patch " ; #n-asb-2023-12 Enforce authentication if encryption is required
applyPatch " $DOS_PATCHES /android_system_bt/376468.patch " ; #n-asb-2023-12 Fix timing attack in BTM_BleVerifySignature
2024-01-05 23:14:43 -05:00
applyPatch " $DOS_PATCHES /android_system_bt/378957.patch " ; #n-asb-2024-01 Separate the definition of BTM layer types from control blocks
applyPatch " $DOS_PATCHES /android_system_bt/378958.patch " ; #n-asb-2024-01 Simplify btm_ble_resolve_random_addr
applyPatch " $DOS_PATCHES /android_system_bt/378959.patch " ; #n-asb-2024-01 Simplify LE Advertising Report Event processing
applyPatch " $DOS_PATCHES /android_system_bt/378960.patch " ; #n-asb-2024-01 LE Advertising Report parsing enhancements
applyPatch " $DOS_PATCHES /android_system_bt/378961.patch " ; #n-asb-2024-01 Fix some OOB errors in BTM parsing
2024-02-07 17:17:55 -05:00
applyPatch " $DOS_PATCHES /android_system_bt/381850.patch " ; #n-asb-2024-02 Fix an OOB bug in btif_to_bta_response and attp_build_value_cmd
applyPatch " $DOS_PATCHES /android_system_bt/381851.patch " ; #n-asb-2024-02 Fix an OOB write bug in attp_build_read_by_type_value_cmd
2024-03-09 11:05:06 -05:00
applyPatch " $DOS_PATCHES /android_system_bt/385236.patch " ; #n-asb-2024-03 Fix OOB caused by invalid SMP packet length
applyPatch " $DOS_PATCHES /android_system_bt/385237.patch " ; #n-asb-2024-03 Fix an OOB bug in smp_proc_sec_req
applyPatch " $DOS_PATCHES /android_system_bt/385238.patch " ; #n-asb-2024-03 Fix an OOB write bug in attp_build_value_cmd
applyPatch " $DOS_PATCHES /android_system_bt/385239.patch " ; #n-asb-2024-03 Fix a security bypass issue in access_secure_service_from_temp_bond
2024-07-04 09:17:52 -04:00
applyPatch " $DOS_PATCHES /android_system_bt/396612.patch " ; #n-asb-2024-07 Fix an authentication bypass bug in SMP
2024-08-09 14:18:06 -04:00
applyPatch " $DOS_PATCHES /android_system_bt/399271.patch " ; #n-asb-2024-08 Fix heap-buffer overflow in sdp_utils.cc
2022-12-18 21:46:31 -05:00
applyPatch " $DOS_PATCHES /android_system_bt/229574.patch " ; #bt-sbc-hd-dualchannel-nougat: Increase maximum Bluetooth SBC codec bitrate for SBC HD (ValdikSS)
applyPatch " $DOS_PATCHES /android_system_bt/229575.patch " ; #bt-sbc-hd-dualchannel-nougat: Explicit SBC Dual Channel (SBC HD) support (ValdikSS)
2022-04-19 23:50:29 -04:00
applyPatch " $DOS_PATCHES /android_system_bt/242134.patch " ; #avrc_bld_get_attrs_rsp - fix attribute length position off by one (cprhokie)
applyPatch " $DOS_PATCHES /android_system_bt/0001-NO_READENCRKEYSIZE.patch " ; #Add an option to let devices opt-out of the HCI_READ_ENCR_KEY_SIZE_SUPPORTED assert (DivestOS)
2021-07-08 20:41:33 -04:00
fi ;
2019-10-19 17:56:37 -04:00
2023-06-17 14:50:49 -04:00
if enterAndClear "system/ca-certificates" ; then
rm -rf files; #Remove old certs
cp -r " $DOS_PATCHES_COMMON /android_system_ca-certificates/files " .; #Copy the new ones into place
fi ;
2021-07-08 20:41:33 -04:00
if enterAndClear "system/core" ; then
2022-09-11 12:25:11 -04:00
applyPatch " $DOS_PATCHES /android_system_core/332457.patch " ; #n-asb-2022-06 Backport of Win-specific suppression of potentially rogue construct that can engage
2018-07-04 15:35:16 -04:00
if [ " $DOS_HOSTS_BLOCKING " = true ] ; then cat " $DOS_HOSTS_FILE " >> rootdir/etc/hosts; fi ; #Merge in our HOSTS file
2020-01-08 21:22:35 -05:00
git revert --no-edit 0217dddeb5c16903c13ff6c75213619b79ea622b d7aa1231b6a0631f506c0c23816f2cd81645b15f; #Always update recovery XXX: This doesn't seem to work
2021-10-16 13:52:04 -04:00
applyPatch " $DOS_PATCHES /android_system_core/0001-Harden.patch " ; #Harden mounts with nodev/noexec/nosuid + misc sysctl changes (GrapheneOS)
2024-05-09 14:23:02 -04:00
#if [ "$DOS_GRAPHENE_MALLOC_STAGING" = true ]; then applyPatch "$DOS_PATCHES/android_system_core/0002-HM-Increase_vm_mmc.patch"; fi; #(GrapheneOS)
2021-10-16 15:20:27 -04:00
sed -i 's/!= 2048/< 2048/' libmincrypt/tools/DumpPublicKey.java; #Allow 4096-bit keys
2021-07-08 20:41:33 -04:00
fi ;
2017-05-29 20:05:52 -04:00
2021-07-08 20:41:33 -04:00
if enterAndClear "system/sepolicy" ; then
2022-03-06 22:53:07 -05:00
applyPatch " $DOS_PATCHES /android_system_sepolicy/0002-protected_files.patch " ; #label protected_{fifos,regular} as proc_security (GrapheneOS)
2022-04-19 23:50:29 -04:00
applyPatch " $DOS_PATCHES /android_system_sepolicy/248600.patch " ; #Restrict access to timing information in /proc (AndroidHardening)
applyPatch " $DOS_PATCHES /android_system_sepolicy/0001-LGE_Fixes.patch " ; #Fix -user builds for LGE devices (DivestOS)
2021-07-08 20:41:33 -04:00
fi ;
2018-06-28 20:11:20 -04:00
2021-07-08 20:41:33 -04:00
if enterAndClear "vendor/cm" ; then
2021-08-04 21:25:18 -04:00
rm build/target/product/security/lineage.x509.pem; #Remove Lineage keys
2018-04-23 08:59:18 -04:00
rm -rf overlay/common/vendor/cmsdk/packages; #Remove analytics
2021-08-04 21:25:18 -04:00
rm -rf overlay/common/frameworks/base/core/res/res/drawable-*/default_wallpaper.png; #Remove Lineage wallpaper
2017-05-31 16:18:43 -04:00
awk -i inplace '!/50-cm.sh/' config/common.mk; #Make sure our hosts is always used
2021-08-04 21:25:18 -04:00
awk -i inplace '!/PRODUCT_EXTRA_RECOVERY_KEYS/' config/common.mk; #Remove Lineage extra keys
awk -i inplace '!/security\/lineage/' config/common.mk; #Remove Lineage extra keys
2018-06-29 00:55:21 -04:00
if [ " $DOS_DEBLOBBER_REMOVE_AUDIOFX " = true ] ; then
2021-08-04 21:25:18 -04:00
awk -i inplace '!/AudioFX/' config/common.mk; #Remove AudioFX
2018-06-23 00:51:10 -04:00
awk -i inplace '!/AudioService/' config/common.mk;
fi ;
2023-07-06 14:50:40 -04:00
awk -i inplace '!/config_multiuserMaximumUsers/' overlay/common/frameworks/base/core/res/res/values/config.xml; #Conflict
2021-08-04 21:25:18 -04:00
awk -i inplace '!/def_backup_transport/' overlay/common/frameworks/base/packages/SettingsProvider/res/values/defaults.xml; #Unset default backup provider
2018-03-22 09:49:44 -04:00
sed -i 's/CM_BUILDTYPE := UNOFFICIAL/CM_BUILDTYPE := dos/' config/common.mk; #Change buildtype
2018-07-12 22:43:28 -04:00
echo 'include vendor/divested/divestos.mk' >> config/common.mk; #Include our customizations
2021-01-04 17:39:17 -05:00
cp -f " $DOS_PATCHES_COMMON /apns-conf.xml " prebuilt/common/etc/apns-conf.xml; #Update APN list
2022-02-11 14:25:30 -05:00
awk -i inplace '!/Eleven/' config/common.mk; #Remove Music Player
awk -i inplace '!/Exchange2/' config/common.mk; #Remove Email
2023-02-02 09:45:06 -05:00
cp -f " $DOS_PATCHES_COMMON /config_webview_packages.xml " overlay/common/frameworks/base/core/res/res/xml/config_webview_packages.xml; #Change allowed WebView providers
2021-07-08 20:41:33 -04:00
fi ;
2017-05-29 20:08:55 -04:00
2021-07-08 20:41:33 -04:00
if enterAndClear "vendor/cmsdk" ; then
2017-10-19 19:40:54 -04:00
awk -i inplace '!/WeatherManagerServiceBroker/' cm/res/res/values/config.xml; #Disable Weather
2021-08-04 21:25:18 -04:00
if [ " $DOS_DEBLOBBER_REMOVE_AUDIOFX " = true ] ; then awk -i inplace '!/CMAudioService/' cm/res/res/values/config.xml; fi ; #Remove AudioFX
2017-07-04 02:57:50 -04:00
sed -i 's/shouldUseOptimizations(weight)/true/' cm/lib/main/java/org/cyanogenmod/platform/internal/PerformanceManagerService.java; #Per app performance profiles fix
2021-07-08 20:41:33 -04:00
fi ;
2018-07-12 22:05:02 -04:00
2021-07-08 20:41:33 -04:00
if enter "vendor/divested" ; then
2021-09-06 04:18:27 -04:00
sed -i 's/TalkBack/TalkBackLegacy/' packages.mk;
2022-04-13 11:39:11 -04:00
awk -i inplace '!/downgrade_after_inactive_days/' build/target/product/lowram.mk; #exceeds length limit
2021-07-08 20:41:33 -04:00
fi ;
2016-12-27 11:40:16 -05:00
#
#END OF ROM CHANGES
#
#
#START OF DEVICE CHANGES
#
2021-07-08 20:41:33 -04:00
if enterAndClear "device/amazon/hdx-common" ; then
2021-10-06 04:52:13 -04:00
echo "TARGET_BLUETOOTH_NO_READENCRKEYSIZE := true" >> BoardConfigCommon.mk; #Fix BT crash
2018-06-08 14:15:50 -04:00
sed -i 's/,encryptable=footer//' rootdir/etc/fstab.qcom; #Using footer will break the bootloader, it might work with /misc enabled
2018-03-15 23:46:55 -04:00
#XXX: If not used with a supported recovery, it'll be thrown into a bootloop, don't worry just 'fastboot erase misc' and reboot
#echo "/dev/block/platform/msm_sdcc.1/by-name/misc /misc emmc defaults defaults" >> rootdir/etc/fstab.qcom; #Add the misc (mmcblk0p5) partition for recovery flags
2021-07-08 20:41:33 -04:00
fi ;
2018-01-31 07:43:47 -05:00
2021-07-08 20:41:33 -04:00
if enterAndClear "device/asus/grouper" ; then
2022-04-19 23:50:29 -04:00
applyPatch " $DOS_PATCHES /android_device_asus_grouper/0001-Update_Blobs.patch " ; #(harryyoud)
applyPatch " $DOS_PATCHES /android_device_asus_grouper/0002-Perf_Tweaks.patch " ; #(AndDiSa)
2018-06-26 05:57:22 -04:00
rm proprietary-blobs.txt;
2018-06-29 00:55:21 -04:00
cp " $DOS_PATCHES /android_device_asus_grouper/lineage-proprietary-files.txt " lineage-proprietary-files.txt;
2019-03-26 19:37:56 -04:00
echo "allow gpsd system_data_file:dir write;" >> sepolicy/gpsd.te;
2021-07-08 20:41:33 -04:00
fi ;
2018-06-26 05:57:22 -04:00
2021-09-06 04:18:27 -04:00
if enterAndClear "device/htc/m7-common" ; then
sed -i '38,$d' libshims/Android.mk; #Remove a breaking DRM shim
fi ;
2021-07-08 20:41:33 -04:00
if enterAndClear "device/lge/g4-common" ; then
2020-10-14 09:50:10 -04:00
sed -i '3itypeattribute hwaddrs misc_block_device_exception;' sepolicy/hwaddrs.te;
2021-07-08 20:41:33 -04:00
fi ;
2020-10-14 09:50:10 -04:00
2023-08-29 19:46:57 -04:00
if enterAndClear "device/motorola/athene" ; then
sed -i 's/camera.msm8952.so/camera.vendor.msm8952.so/' proprietary-files.txt; #Fixups
sed -i 's/libchromatix_ov13850_polaris_default_video_bu64297/libchromatix_ov13850_polaris_default_video_bu64297.so/' proprietary-files.txt;
2023-08-29 22:58:52 -04:00
awk -i inplace '!/qti-telephony-common/' proprietary-files.txt; #Fix Phone crashing
2023-08-29 19:46:57 -04:00
fi ;
2021-07-08 20:41:33 -04:00
if enterAndClear "device/samsung/exynos5420-common" ; then
2019-09-18 15:59:27 -04:00
awk -i inplace '!/shell su/' sepolicy/shell.te; #neverallow
2021-07-08 20:41:33 -04:00
fi ;
2019-09-18 15:59:27 -04:00
2021-10-07 19:54:25 -04:00
if enterAndClear "device/samsung/i9100" ; then
smallerSystem;
fi ;
2021-07-08 20:41:33 -04:00
if enterAndClear "device/samsung/manta" ; then
2020-01-08 21:22:35 -05:00
#git revert --no-edit e55bbff1c8aa50e25ffe39c8936ea3dc92a4a575; #restore releasetools #TODO
2021-03-26 16:32:02 -04:00
echo "allow audioserver sensorservice_service:service_manager find;" >> sepolicy/audioserver.te;
echo "allow mediacodec audio_device:chr_file getattr;" >> sepolicy/mediacodec.te;
echo "allow mediacodec camera_device:chr_file getattr;" >> sepolicy/mediacodec.te;
echo "allow mediacodec sysfs:file read;" >> sepolicy/mediacodec.te;
2021-07-08 20:41:33 -04:00
fi ;
2019-09-07 09:56:47 -04:00
2021-07-08 20:41:33 -04:00
if enterAndClear "device/samsung/toroplus" ; then
2019-02-22 08:38:24 -05:00
awk -i inplace '!/additional_system_update/' overlay/packages/apps/Settings/res/values*/*.xml;
2021-10-08 20:53:20 -04:00
awk -i inplace '!/has_powercontrol_widget/' overlay/packages/apps/Settings/res/values/bools.xml; #Fix Settings crash
2021-07-08 20:41:33 -04:00
fi ;
2019-02-13 21:48:57 -05:00
2021-07-08 20:41:33 -04:00
if enterAndClear "device/samsung/tuna" ; then
2020-01-08 21:22:35 -05:00
#git revert --no-edit e53eea6426da49dfb542929d5aa686667f4d416f; #restore releasetools #TODO
2019-02-01 02:52:54 -05:00
rm setup-makefiles.sh; #broken, deblobber will still function
2019-03-25 20:30:27 -04:00
sed -i 's|vendor/maguro/|vendor/|' libgps-shim/gps.c; #fix dlopen not found
2023-01-20 21:20:29 -05:00
sed -i 's|http://gllto|https://gllto|' cmhw/org/cyanogenmod/hardware/LongTermOrbits.java; #Use HTTPS for PSDS
2020-03-25 22:08:25 -04:00
#See: https://review.lineageos.org/q/topic:tuna-sepolicies
2022-04-19 23:50:29 -04:00
applyPatch " $DOS_PATCHES /android_device_samsung_tuna/0001-fix_denial.patch " ; #(nailyk)
2021-10-16 13:52:04 -04:00
applyPatch " $DOS_PATCHES /android_device_samsung_tuna/0002-fix_denial.patch " ;
applyPatch " $DOS_PATCHES /android_device_samsung_tuna/0003-fix_denial.patch " ;
applyPatch " $DOS_PATCHES /android_device_samsung_tuna/0004-fix_denial.patch " ;
2022-04-19 23:50:29 -04:00
applyPatch " $DOS_PATCHES /android_device_samsung_tuna/0005-fix_denial.patch " ; #(DivestOS)
2019-03-25 20:30:27 -04:00
echo "allow system_server system_file:file execmod;" >> sepolicy/system_server.te; #fix gps load
2021-10-08 20:53:20 -04:00
echo "PRODUCT_PROPERTY_OVERRIDES += persist.sys.force_highendgfx=true" >> device.mk; #override low_ram to fix artifacting
2021-07-08 20:41:33 -04:00
fi ;
2019-02-09 14:47:55 -05:00
2021-07-08 20:41:33 -04:00
if enter "vendor/google" ; then
2018-07-22 17:08:22 -04:00
echo "" > atv/atv-common.mk;
2021-07-08 20:41:33 -04:00
fi ;
2018-07-22 17:08:22 -04:00
2017-10-30 17:38:00 -04:00
#Make changes to all devices
2018-06-29 00:55:21 -04:00
cd " $DOS_BUILD_BASE " ;
2019-08-05 20:53:50 -04:00
find "hardware/qcom/gps" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I { } bash -c 'hardenLocationConf "{}"' ;
2023-01-20 21:49:48 -05:00
find "device" -name "gps\.conf*" -type f -print0 | xargs -0 -n 1 -P 4 -I { } bash -c 'hardenLocationConf "{}"' ;
2021-04-15 06:19:32 -04:00
find "vendor" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I { } bash -c 'hardenLocationConf "{}"' ;
2019-08-05 20:53:50 -04:00
find "device" -type d -name "overlay" -print0 | xargs -0 -n 1 -P 4 -I { } bash -c 'hardenLocationFWB "{}"' ;
2021-01-15 17:28:35 -05:00
if [ " $DOS_DEBLOBBER_REMOVE_IMS " = "false" ] ; then find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I { } bash -c 'volteOverride "{}"' ; fi ;
2023-09-04 15:36:55 -04:00
#find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'enableDexPreOpt "{}"';
2019-08-05 20:53:50 -04:00
find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I { } bash -c 'hardenUserdata "{}"' ;
find "kernel" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 4 -I { } bash -c 'hardenDefconfig "{}"' ;
2022-04-19 11:25:19 -04:00
find "kernel" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I { } bash -c 'updateRegDb "{}"' ;
2018-06-29 00:55:21 -04:00
cd " $DOS_BUILD_BASE " ;
2023-03-08 00:02:28 -05:00
deblobAudio;
removeBuildFingerprints;
2023-05-05 22:25:47 -04:00
hardenLocationSerials || true;
2023-03-08 00:02:28 -05:00
changeDefaultDNS; #Change the default DNS servers
2023-06-17 14:50:49 -04:00
removeUntrustedCerts || true;
2018-01-31 13:14:19 -05:00
2021-03-24 00:57:59 -04:00
#Tweaks for <2GB RAM devices
enableLowRam "device/asus/grouper" ;
2021-09-12 06:37:40 -04:00
enableLowRam "device/samsung/galaxys2-common" ;
2021-03-24 00:57:59 -04:00
enableLowRam "device/samsung/i9100" ;
enableLowRam "device/samsung/i9300" ;
enableLowRam "device/samsung/maguro" ;
enableLowRam "device/samsung/manta" ;
2021-09-12 06:37:40 -04:00
enableLowRam "device/samsung/smdk4412-common" ;
2021-03-24 00:57:59 -04:00
enableLowRam "device/samsung/toro" ;
enableLowRam "device/samsung/toroplus" ;
2021-09-12 06:37:40 -04:00
enableLowRam "device/samsung/tuna" ;
2022-04-14 11:42:26 -04:00
#Tweaks for <3GB RAM devices
2023-07-17 18:44:56 -04:00
#enableLowRam "device/amazon/apollo";
#enableLowRam "device/amazon/hdx-common";
#enableLowRam "device/amazon/thor";
#enableLowRam "device/htc/m7";
#enableLowRam "device/htc/m7-common";
#enableLowRam "device/htc/msm8960-common";
2023-08-29 19:46:57 -04:00
#enableLowRam "device/motorola/athene";
2023-07-17 18:44:56 -04:00
#enableLowRam "device/samsung/d2att";
#enableLowRam "device/samsung/d2-common";
#enableLowRam "device/samsung/d2spr";
#enableLowRam "device/samsung/d2tmo";
#enableLowRam "device/samsung/d2vzw";
#enableLowRam "device/samsung/i9305";
#enableLowRam "device/samsung/kona-common";
#enableLowRam "device/samsung/msm8960-common";
#enableLowRam "device/samsung/n5100";
#enableLowRam "device/samsung/n5110";
#enableLowRam "device/samsung/n5120";
2023-07-13 18:17:44 -04:00
##Tweaks for <4GB RAM devices
#enableLowRam "device/htc/himaul";
#enableLowRam "device/htc/himawl";
#enableLowRam "device/lge/h811";
#enableLowRam "device/lge/h815";
#enableLowRam "device/samsung/v1awifi";
2021-03-24 00:57:59 -04:00
2018-03-14 00:41:05 -04:00
#Fixes
2018-01-31 13:14:19 -05:00
#Fix broken options enabled by hardenDefconfig()
2023-03-08 00:02:28 -05:00
[ [ -d kernel/amazon/hdx-common ] ] && sed -i "s/# CONFIG_KPROBES is not set/CONFIG_KPROBES=y/" kernel/amazon/hdx-common/arch/arm/configs/*defconfig; #Breaks on compile
[ [ -d kernel/amazon/hdx-common ] ] && sed -i "s/CONFIG_X509_CERTIFICATE_PARSER=y/# CONFIG_X509_CERTIFICATE_PARSER is not set/" kernel/amazon/hdx-common/arch/arm/configs/*defconfig; #Breaks on compile
[ [ -d kernel/amazon/hdx-common ] ] && sed -i "s/CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y/# CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE is not set/" kernel/amazon/hdx-common/arch/arm/configs/*defconfig; #Breaks on compile
[ [ -d kernel/amazon/hdx-common ] ] && sed -i "s/CONFIG_SYSTEM_TRUSTED_KEYRING=y/# CONFIG_SYSTEM_TRUSTED_KEYRING is not set/" kernel/amazon/hdx-common/arch/arm/configs/*defconfig; #Breaks on compile
[ [ -d kernel/amazon/hdx-common ] ] && sed -i "s/CONFIG_ASYMMETRIC_KEY_TYPE=y/# CONFIG_ASYMMETRIC_KEY_TYPE is not set/" kernel/amazon/hdx-common/arch/arm/configs/*defconfig; #Breaks on compile
[ [ -d kernel/asus/grouper ] ] && sed -i "s/CONFIG_DEBUG_RODATA=y/# CONFIG_DEBUG_RODATA is not set/" kernel/asus/grouper/arch/arm/configs/grouper_defconfig; #Breaks on compile
[ [ -d kernel/lge/msm8992 ] ] && awk -i inplace '!/STACKPROTECTOR/' kernel/lge/msm8992/arch/arm64/configs/lineageos_*_defconfig; #Breaks on compile
2023-08-29 19:46:57 -04:00
[ [ -d kernel/motorola/msm8952 ] ] && awk -i inplace '!/CC_STACKPROTECTOR_STRONG/' kernel/motorola/msm8952/arch/arm/configs/athene_defconfig; #Breaks on compile
2019-02-13 21:48:57 -05:00
#tuna fixes
2023-03-07 23:41:14 -05:00
awk -i inplace '!/nfc_enhanced.mk/' device/samsung/toro*/lineage.mk || true;
awk -i inplace '!/TARGET_RECOVERY_UPDATER_LIBS/' device/samsung/toro*/BoardConfig.mk || true;
awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' device/samsung/toro*/BoardConfig.mk || true;
2023-07-22 15:03:58 -04:00
awk -i inplace '!/SDM/' vendor/samsung/toroplus/toroplus-vendor.mk || true;
awk -i inplace '!/HiddenMenu/' vendor/samsung/toroplus/toroplus-vendor.mk || true;
awk -i inplace '!/SecPhone/' vendor/samsung/toroplus/toroplus-vendor.mk || true;
2020-04-05 14:05:17 -04:00
2022-10-15 07:53:14 -04:00
sed -i 's/^YYLTYPE yylloc;/extern YYLTYPE yylloc;/' kernel/*/*/scripts/dtc/dtc-lexer.l* || true; #Fix builds with GCC 10
2021-10-16 16:28:41 -04:00
rm -v kernel/*/*/drivers/staging/greybus/tools/Android.mk || true;
2016-12-27 11:40:16 -05:00
#
#END OF DEVICE CHANGES
#
2021-10-16 15:28:15 -04:00
echo -e "\e[0;32m[SCRIPT COMPLETE] Primary patching finished\e[0m" ;