From 01be57813765f60a3b851971fe7e02b19678d56d Mon Sep 17 00:00:00 2001 From: Tad Date: Tue, 18 Dec 2018 15:39:55 -0500 Subject: [PATCH] 11.0: Initial restore I think this is like the 6th time I've done this. I always remove it, wait a few months, pull out a device that I want to run it on and then spend hours restoring and bringing it back. I always think to myself do I really need to toy with this device? No, I don't, but I do it anyway. :) --- Manifests/Manifest_LAOS-11.0.xml | 94 +++ .../0001-Secure_Delete.patch | 27 + .../0001-Signature_Spoofing.patch | 66 ++ .../0002-Harden_Sig_Spoofing.patch | 26 + .../0001-MDP-Fix.patch | 24 + .../0001-CMStats.patch | 673 ++++++++++++++++++ .../0001-Harden_Mounts.patch | 30 + Scripts/Common/Deblob.sh | 0 .../android_kernel_asus_grouper.sh | 75 ++ .../android_kernel_zte_msm8930.sh | 136 ++++ Scripts/LineageOS-11.0/Defaults.sh | 44 ++ Scripts/LineageOS-11.0/Functions.sh | 70 ++ Scripts/LineageOS-11.0/Optimize.sh | 27 + Scripts/LineageOS-11.0/Patch.sh | 151 ++++ Scripts/LineageOS-11.0/Rebrand.sh | 51 ++ Scripts/LineageOS-14.1/Patch.sh | 1 - Scripts/LineageOS-15.1/Patch.sh | 3 - 17 files changed, 1494 insertions(+), 4 deletions(-) create mode 100644 Manifests/Manifest_LAOS-11.0.xml create mode 100644 Patches/LineageOS-11.0/android_external_sqlite/0001-Secure_Delete.patch create mode 100644 Patches/LineageOS-11.0/android_frameworks_base/0001-Signature_Spoofing.patch create mode 100644 Patches/LineageOS-11.0/android_frameworks_base/0002-Harden_Sig_Spoofing.patch create mode 100644 Patches/LineageOS-11.0/android_kernel_zte_msm8930/0001-MDP-Fix.patch create mode 100644 Patches/LineageOS-11.0/android_packages_apps_Settings/0001-CMStats.patch create mode 100644 Patches/LineageOS-11.0/android_system_core/0001-Harden_Mounts.patch mode change 100755 => 100644 Scripts/Common/Deblob.sh create mode 100644 Scripts/LineageOS-11.0/CVE_Patchers/android_kernel_asus_grouper.sh create mode 100644 Scripts/LineageOS-11.0/CVE_Patchers/android_kernel_zte_msm8930.sh create mode 100644 Scripts/LineageOS-11.0/Defaults.sh create mode 100644 Scripts/LineageOS-11.0/Functions.sh create mode 100644 Scripts/LineageOS-11.0/Optimize.sh create mode 100644 Scripts/LineageOS-11.0/Patch.sh create mode 100644 Scripts/LineageOS-11.0/Rebrand.sh mode change 100755 => 100644 Scripts/LineageOS-14.1/Patch.sh mode change 100755 => 100644 Scripts/LineageOS-15.1/Patch.sh diff --git a/Manifests/Manifest_LAOS-11.0.xml b/Manifests/Manifest_LAOS-11.0.xml new file mode 100644 index 00000000..d3d3a18d --- /dev/null +++ b/Manifests/Manifest_LAOS-11.0.xml @@ -0,0 +1,94 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/Patches/LineageOS-11.0/android_external_sqlite/0001-Secure_Delete.patch b/Patches/LineageOS-11.0/android_external_sqlite/0001-Secure_Delete.patch new file mode 100644 index 00000000..1f5c8e6d --- /dev/null +++ b/Patches/LineageOS-11.0/android_external_sqlite/0001-Secure_Delete.patch @@ -0,0 +1,27 @@ +From de55e0158ad3a6f89718c1d9fb19d336dea34937 Mon Sep 17 00:00:00 2001 +From: Daniel Micay +Date: Tue, 10 Jul 2018 08:09:29 -0400 +Subject: [PATCH] Enable secure_delete by default + +Change-Id: Iad6cea9f6489759faee04926213163a56dab1b9b +--- + dist/Android.mk | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/dist/Android.mk b/dist/Android.mk +index 96e3035..4692f3f 100644 +--- a/dist/Android.mk ++++ b/dist/Android.mk +@@ -28,7 +28,8 @@ common_sqlite_flags := \ + -DSQLITE_OMIT_COMPILEOPTION_DIAGS \ + -DSQLITE_OMIT_LOAD_EXTENSION \ + -DSQLITE_DEFAULT_FILE_PERMISSIONS=0600 \ +- -Dfdatasync=fdatasync ++ -Dfdatasync=fdatasync \ ++ -DSQLITE_SECURE_DELETE + + common_src_files := sqlite3.c + +-- +2.18.0 + diff --git a/Patches/LineageOS-11.0/android_frameworks_base/0001-Signature_Spoofing.patch b/Patches/LineageOS-11.0/android_frameworks_base/0001-Signature_Spoofing.patch new file mode 100644 index 00000000..5571a587 --- /dev/null +++ b/Patches/LineageOS-11.0/android_frameworks_base/0001-Signature_Spoofing.patch @@ -0,0 +1,66 @@ +diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java +index e6da288..66684d3 100644 +--- a/core/java/android/content/pm/PackageParser.java ++++ b/core/java/android/content/pm/PackageParser.java +@@ -447,10 +447,23 @@ public class PackageParser { + } + } + if ((flags&PackageManager.GET_SIGNATURES) != 0) { +- int N = (p.mSignatures != null) ? p.mSignatures.length : 0; +- if (N > 0) { +- pi.signatures = new Signature[N]; +- System.arraycopy(p.mSignatures, 0, pi.signatures, 0, N); ++ boolean handledFakeSignature = false; ++ try { ++ if (p.requestedPermissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE") && p.mAppMetaData != null ++ && p.mAppMetaData.get("fake-signature") instanceof String) { ++ pi.signatures = new Signature[] {new Signature(p.mAppMetaData.getString("fake-signature"))}; ++ handledFakeSignature = true; ++ } ++ } catch (Throwable t) { ++ // We should never die because of any failures, this is system code! ++ Log.w("PackageParser.FAKE_PACKAGE_SIGNATURE", t); ++ } ++ if (!handledFakeSignature) { ++ int N = (p.mSignatures != null) ? p.mSignatures.length : 0; ++ if (N > 0) { ++ pi.signatures = new Signature[N]; ++ System.arraycopy(p.mSignatures, 0, pi.signatures, 0, N); ++ } + } + } + return pi; +diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml +index 558a475..4e7aa65 100644 +--- a/core/res/AndroidManifest.xml ++++ b/core/res/AndroidManifest.xml +@@ -1562,6 +1562,13 @@ + android:label="@string/permlab_getPackageSize" + android:description="@string/permdesc_getPackageSize" /> + ++ ++ ++ + +diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml +index 790e166..8e66470 100644 +--- a/core/res/res/values/strings.xml ++++ b/core/res/res/values/strings.xml +@@ -1135,6 +1135,11 @@ + Allows the app to retrieve its code, data, and cache sizes + + ++ mimic package signature ++ ++ Allows the app to use mimic another app\'s package signature. ++ ++ + directly install apps + + Allows the app to install new or updated diff --git a/Patches/LineageOS-11.0/android_frameworks_base/0002-Harden_Sig_Spoofing.patch b/Patches/LineageOS-11.0/android_frameworks_base/0002-Harden_Sig_Spoofing.patch new file mode 100644 index 00000000..2a4976e9 --- /dev/null +++ b/Patches/LineageOS-11.0/android_frameworks_base/0002-Harden_Sig_Spoofing.patch @@ -0,0 +1,26 @@ +From 79c65fa6741cecda0b38a4881a07ec54a4896b69 Mon Sep 17 00:00:00 2001 +From: Tad +Date: Tue, 10 Jul 2018 08:13:23 -0400 +Subject: [PATCH] Harden signature spoofing + +Change-Id: Iad362df358cb9cdf6e2ce9d511f09ee6b77a90e2 +--- + core/res/AndroidManifest.xml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml +index 1e5a7ad1f9..224fea23c8 100644 +--- a/core/res/AndroidManifest.xml ++++ b/core/res/AndroidManifest.xml +@@ -1598,7 +1598,7 @@ + + + +-- +2.18.0 + diff --git a/Patches/LineageOS-11.0/android_kernel_zte_msm8930/0001-MDP-Fix.patch b/Patches/LineageOS-11.0/android_kernel_zte_msm8930/0001-MDP-Fix.patch new file mode 100644 index 00000000..50df78a2 --- /dev/null +++ b/Patches/LineageOS-11.0/android_kernel_zte_msm8930/0001-MDP-Fix.patch @@ -0,0 +1,24 @@ +From f67900ad9370a7e7f0186b3f459dad2c74db7aae Mon Sep 17 00:00:00 2001 +From: Tad +Date: Sun, 11 Dec 2016 23:15:20 -0500 +Subject: [PATCH] Fixes + +Change-Id: I55eb4f1af258b649ddc36bd822d9b28f9fd64ce9 +--- + include/linux/msm_mdp.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/include/linux/msm_mdp.h b/include/linux/msm_mdp.h +index 8f829ef..cf6d3d0 100644 +--- a/include/linux/msm_mdp.h ++++ b/include/linux/msm_mdp.h +@@ -574,6 +574,7 @@ struct mdp_buf_sync { + uint32_t acq_fen_fd_cnt; + int *acq_fen_fd; + int *rel_fen_fd; ++ int *retire_fen_fd; + }; + + struct mdp_buf_fence { +-- +2.9.3 diff --git a/Patches/LineageOS-11.0/android_packages_apps_Settings/0001-CMStats.patch b/Patches/LineageOS-11.0/android_packages_apps_Settings/0001-CMStats.patch new file mode 100644 index 00000000..86f87a54 --- /dev/null +++ b/Patches/LineageOS-11.0/android_packages_apps_Settings/0001-CMStats.patch @@ -0,0 +1,673 @@ +From 587a8d5cfc2db51381303579b73854f06ef99d66 Mon Sep 17 00:00:00 2001 +From: Tad +Date: Mon, 6 Nov 2017 19:01:08 -0500 +Subject: [PATCH] Remove CMStats + +Change-Id: I073b062a3e71c33dab4379c7c60a016595579562 +--- + AndroidManifest.xml | 8 -- + res/xml/security_settings_cyanogenmod.xml | 30 ----- + src/com/android/settings/Settings.java | 1 - + .../android/settings/cmstats/AnonymousStats.java | 127 ------------------ + src/com/android/settings/cmstats/PreviewData.java | 49 ------- + .../android/settings/cmstats/ReportingService.java | 149 --------------------- + .../settings/cmstats/ReportingServiceManager.java | 113 ---------------- + src/com/android/settings/cmstats/Utilities.java | 99 -------------- + .../settings/cyanogenmod/PrivacySettings.java | 1 - + 9 files changed, 577 deletions(-) + delete mode 100644 res/xml/security_settings_cyanogenmod.xml + delete mode 100644 src/com/android/settings/cmstats/AnonymousStats.java + delete mode 100644 src/com/android/settings/cmstats/PreviewData.java + delete mode 100644 src/com/android/settings/cmstats/ReportingService.java + delete mode 100644 src/com/android/settings/cmstats/ReportingServiceManager.java + delete mode 100644 src/com/android/settings/cmstats/Utilities.java + +diff --git a/AndroidManifest.xml b/AndroidManifest.xml +index 3f53b75d5..f0f89bec5 100644 +--- a/AndroidManifest.xml ++++ b/AndroidManifest.xml +@@ -1871,14 +1871,6 @@ + + + +- +- +- +- + + + +diff --git a/res/xml/security_settings_cyanogenmod.xml b/res/xml/security_settings_cyanogenmod.xml +deleted file mode 100644 +index 68aba9510..000000000 +--- a/res/xml/security_settings_cyanogenmod.xml ++++ /dev/null +@@ -1,30 +0,0 @@ +- +- +- +- +- +- +- +- +- +- +- +- +diff --git a/src/com/android/settings/Settings.java b/src/com/android/settings/Settings.java +index 81b8cf65e..464258166 100644 +--- a/src/com/android/settings/Settings.java ++++ b/src/com/android/settings/Settings.java +@@ -1403,7 +1403,6 @@ public class Settings extends PreferenceActivity + public static class PaymentSettingsActivity extends Settings { /* empty */ } + public static class PrintSettingsActivity extends Settings { /* empty */ } + public static class PrintJobSettingsActivity extends Settings { /* empty */ } +- public static class AnonymousStatsActivity extends Settings { /* empty */ } + public static class ApnSettingsActivity extends Settings { /* empty */ } + public static class ApnEditorActivity extends Settings { /* empty */ } + public static class BlacklistSettingsActivity extends Settings { /* empty */ } +diff --git a/src/com/android/settings/cmstats/AnonymousStats.java b/src/com/android/settings/cmstats/AnonymousStats.java +deleted file mode 100644 +index 2e6d016b7..000000000 +--- a/src/com/android/settings/cmstats/AnonymousStats.java ++++ /dev/null +@@ -1,127 +0,0 @@ +-/* +- * Copyright (C) 2012 The CyanogenMod Project +- * +- * Licensed under the Apache License, Version 2.0 (the "License"); +- * you may not use this file except in compliance with the License. +- * You may obtain a copy of the License at +- * +- * http://www.apache.org/licenses/LICENSE-2.0 +- * +- * Unless required by applicable law or agreed to in writing, software +- * distributed under the License is distributed on an "AS IS" BASIS, +- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +- * See the License for the specific language governing permissions and +- * limitations under the License. +- */ +- +-package com.android.settings.cmstats; +- +-import android.app.AlertDialog; +-import android.app.Dialog; +-import android.content.Context; +-import android.content.DialogInterface; +-import android.content.Intent; +-import android.content.SharedPreferences; +-import android.net.Uri; +-import android.os.Bundle; +-import android.preference.CheckBoxPreference; +-import android.preference.Preference; +-import android.preference.PreferenceScreen; +- +-import android.provider.Settings; +-import com.android.settings.R; +-import com.android.settings.SettingsPreferenceFragment; +- +-public class AnonymousStats extends SettingsPreferenceFragment implements +- DialogInterface.OnClickListener, DialogInterface.OnDismissListener, +- Preference.OnPreferenceChangeListener { +- private static final String VIEW_STATS = "pref_view_stats"; +- +- private static final String PREF_FILE_NAME = "CMStats"; +- /* package */ static final String ANONYMOUS_OPT_IN = "pref_anonymous_opt_in"; +- /* package */ static final String ANONYMOUS_LAST_CHECKED = "pref_anonymous_checked_in"; +- +- private CheckBoxPreference mEnableReporting; +- private Preference mViewStats; +- +- private Dialog mOkDialog; +- private boolean mOkClicked; +- +- private SharedPreferences mPrefs; +- +- public static SharedPreferences getPreferences(Context context) { +- return context.getSharedPreferences(PREF_FILE_NAME, 0); +- } +- +- @Override +- public void onCreate(Bundle savedInstanceState) { +- super.onCreate(savedInstanceState); +- +- addPreferencesFromResource(R.xml.anonymous_stats); +- +- mPrefs = getPreferences(getActivity()); +- +- PreferenceScreen prefSet = getPreferenceScreen(); +- mEnableReporting = (CheckBoxPreference) prefSet.findPreference(ANONYMOUS_OPT_IN); +- mViewStats = (Preference) prefSet.findPreference(VIEW_STATS); +- } +- +- @Override +- public boolean onPreferenceTreeClick(PreferenceScreen preferenceScreen, Preference preference) { +- if (preference == mEnableReporting) { +- if (mEnableReporting.isChecked()) { +- // Display the confirmation dialog +- mOkClicked = false; +- if (mOkDialog != null) { +- mOkDialog.dismiss(); +- } +- mOkDialog = new AlertDialog.Builder(getActivity()) +- .setMessage(R.string.anonymous_statistics_warning) +- .setTitle(R.string.anonymous_statistics_warning_title) +- .setIconAttribute(android.R.attr.alertDialogIcon) +- .setPositiveButton(android.R.string.yes, this) +- .setNeutralButton(R.string.anonymous_learn_more, this) +- .setNegativeButton(android.R.string.no, this) +- .show(); +- mOkDialog.setOnDismissListener(this); +- } else { +- // Disable reporting +- Utilities.setStatsCollectionEnabled(getActivity(), false); +- } +- } else if (preference == mViewStats) { +- // Display the stats page +- Uri uri = Uri.parse("http://stats.cyanogenmod.org"); +- startActivity(new Intent(Intent.ACTION_VIEW, uri)); +- } else { +- // If we didn't handle it, let preferences handle it. +- return super.onPreferenceTreeClick(preferenceScreen, preference); +- } +- return true; +- } +- +- @Override +- public boolean onPreferenceChange(Preference preference, Object newValue) { +- return false; +- } +- +- @Override +- public void onDismiss(DialogInterface dialog) { +- if (!mOkClicked) { +- mEnableReporting.setChecked(false); +- } +- } +- +- @Override +- public void onClick(DialogInterface dialog, int which) { +- if (which == DialogInterface.BUTTON_POSITIVE) { +- mOkClicked = true; +- Utilities.setStatsCollectionEnabled(getActivity(), true); +- ReportingServiceManager.launchService(getActivity()); +- } else if (which == DialogInterface.BUTTON_NEGATIVE) { +- mEnableReporting.setChecked(false); +- } else { +- Uri uri = Uri.parse("http://www.cyanogenmod.org/blog/cmstats-what-it-is-and-why-you-should-opt-in"); +- startActivity(new Intent(Intent.ACTION_VIEW, uri)); +- } +- } +-} +diff --git a/src/com/android/settings/cmstats/PreviewData.java b/src/com/android/settings/cmstats/PreviewData.java +deleted file mode 100644 +index 7a78aea51..000000000 +--- a/src/com/android/settings/cmstats/PreviewData.java ++++ /dev/null +@@ -1,49 +0,0 @@ +-/* +- * Copyright (C) 2012 The CyanogenMod Project +- * +- * Licensed under the Apache License, Version 2.0 (the "License"); +- * you may not use this file except in compliance with the License. +- * You may obtain a copy of the License at +- * +- * http://www.apache.org/licenses/LICENSE-2.0 +- * +- * Unless required by applicable law or agreed to in writing, software +- * distributed under the License is distributed on an "AS IS" BASIS, +- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +- * See the License for the specific language governing permissions and +- * limitations under the License. +- */ +- +-package com.android.settings.cmstats; +- +-import android.content.Context; +-import android.os.Bundle; +-import android.preference.Preference; +-import android.preference.PreferenceScreen; +- +-import com.android.settings.R; +-import com.android.settings.SettingsPreferenceFragment; +- +-public class PreviewData extends SettingsPreferenceFragment { +- private static final String UNIQUE_ID = "preview_id"; +- private static final String DEVICE = "preview_device"; +- private static final String VERSION = "preview_version"; +- private static final String COUNTRY = "preview_country"; +- private static final String CARRIER = "preview_carrier"; +- +- @Override +- public void onCreate(Bundle savedInstanceState) { +- super.onCreate(savedInstanceState); +- +- addPreferencesFromResource(R.xml.preview_data); +- +- final PreferenceScreen prefSet = getPreferenceScreen(); +- final Context context = getActivity(); +- +- prefSet.findPreference(UNIQUE_ID).setSummary(Utilities.getUniqueID(context)); +- prefSet.findPreference(DEVICE).setSummary(Utilities.getDevice()); +- prefSet.findPreference(VERSION).setSummary(Utilities.getModVersion()); +- prefSet.findPreference(COUNTRY).setSummary(Utilities.getCountryCode(context)); +- prefSet.findPreference(CARRIER).setSummary(Utilities.getCarrier(context)); +- } +-} +diff --git a/src/com/android/settings/cmstats/ReportingService.java b/src/com/android/settings/cmstats/ReportingService.java +deleted file mode 100644 +index 32db82011..000000000 +--- a/src/com/android/settings/cmstats/ReportingService.java ++++ /dev/null +@@ -1,149 +0,0 @@ +-/* +- * Copyright (C) 2012 The CyanogenMod Project +- * +- * Licensed under the Apache License, Version 2.0 (the "License"); +- * you may not use this file except in compliance with the License. +- * You may obtain a copy of the License at +- * +- * http://www.apache.org/licenses/LICENSE-2.0 +- * +- * Unless required by applicable law or agreed to in writing, software +- * distributed under the License is distributed on an "AS IS" BASIS, +- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +- * See the License for the specific language governing permissions and +- * limitations under the License. +- */ +- +-package com.android.settings.cmstats; +- +-import android.app.Service; +-import android.content.Context; +-import android.content.Intent; +-import android.content.SharedPreferences; +-import android.os.AsyncTask; +-import android.os.IBinder; +-import android.util.Log; +- +-import com.android.settings.R; +-import com.android.settings.Settings; +- +-import com.google.analytics.tracking.android.GoogleAnalytics; +-import com.google.analytics.tracking.android.Tracker; +- +-import org.apache.http.NameValuePair; +-import org.apache.http.client.HttpClient; +-import org.apache.http.client.entity.UrlEncodedFormEntity; +-import org.apache.http.client.methods.HttpPost; +-import org.apache.http.impl.client.DefaultHttpClient; +-import org.apache.http.message.BasicNameValuePair; +- +-import java.io.IOException; +-import java.util.ArrayList; +-import java.util.List; +- +-public class ReportingService extends Service { +- /* package */ static final String TAG = "CMStats"; +- +- private StatsUploadTask mTask; +- +- @Override +- public IBinder onBind(Intent intent) { +- return null; +- } +- +- @Override +- public int onStartCommand (Intent intent, int flags, int startId) { +- Log.d(TAG, "User has opted in -- reporting."); +- +- if (mTask == null || mTask.getStatus() == AsyncTask.Status.FINISHED) { +- mTask = new StatsUploadTask(); +- mTask.execute(); +- } +- +- return Service.START_REDELIVER_INTENT; +- } +- +- private class StatsUploadTask extends AsyncTask { +- @Override +- protected Boolean doInBackground(Void... params) { +- String deviceId = Utilities.getUniqueID(getApplicationContext()); +- String deviceName = Utilities.getDevice(); +- String deviceVersion = Utilities.getModVersion(); +- String deviceCountry = Utilities.getCountryCode(getApplicationContext()); +- String deviceCarrier = Utilities.getCarrier(getApplicationContext()); +- String deviceCarrierId = Utilities.getCarrierId(getApplicationContext()); +- +- Log.d(TAG, "SERVICE: Device ID=" + deviceId); +- Log.d(TAG, "SERVICE: Device Name=" + deviceName); +- Log.d(TAG, "SERVICE: Device Version=" + deviceVersion); +- Log.d(TAG, "SERVICE: Country=" + deviceCountry); +- Log.d(TAG, "SERVICE: Carrier=" + deviceCarrier); +- Log.d(TAG, "SERVICE: Carrier ID=" + deviceCarrierId); +- +- // report to google analytics +- GoogleAnalytics ga = GoogleAnalytics.getInstance(ReportingService.this); +- Tracker tracker = ga.getTracker(getString(R.string.ga_trackingId)); +- tracker.sendEvent(deviceName, deviceVersion, deviceCountry, null); +- +- // this really should be set at build time... +- // format of version should be: +- // version[-date-type]-device +- String[] parts = deviceVersion.split("-"); +- String deviceVersionNoDevice = null; +- if (parts.length == 2) { +- deviceVersionNoDevice = parts[0]; +- } else if (parts.length == 4) { +- deviceVersionNoDevice = parts[0] + "-" + parts[2]; +- } +- +- if (deviceVersionNoDevice != null) { +- tracker.sendEvent("checkin", deviceName, deviceVersionNoDevice, null); +- } +- tracker.close(); +- +- // report to the cmstats service +- HttpClient httpClient = new DefaultHttpClient(); +- HttpPost httpPost = new HttpPost("https://stats.cyanogenmod.org/submit"); +- boolean success = false; +- +- try { +- List kv = new ArrayList(5); +- kv.add(new BasicNameValuePair("device_hash", deviceId)); +- kv.add(new BasicNameValuePair("device_name", deviceName)); +- kv.add(new BasicNameValuePair("device_version", deviceVersion)); +- kv.add(new BasicNameValuePair("device_country", deviceCountry)); +- kv.add(new BasicNameValuePair("device_carrier", deviceCarrier)); +- kv.add(new BasicNameValuePair("device_carrier_id", deviceCarrierId)); +- +- httpPost.setEntity(new UrlEncodedFormEntity(kv)); +- httpClient.execute(httpPost); +- +- success = true; +- } catch (IOException e) { +- Log.w(TAG, "Could not upload stats checkin", e); +- } +- +- return success; +- } +- +- @Override +- protected void onPostExecute(Boolean result) { +- final Context context = ReportingService.this; +- long interval; +- +- if (result) { +- final SharedPreferences prefs = AnonymousStats.getPreferences(context); +- prefs.edit().putLong(AnonymousStats.ANONYMOUS_LAST_CHECKED, +- System.currentTimeMillis()).apply(); +- // use set interval +- interval = 0; +- } else { +- // error, try again in 3 hours +- interval = 3L * 60L * 60L * 1000L; +- } +- +- ReportingServiceManager.setAlarm(context, interval); +- stopSelf(); +- } +- } +-} +diff --git a/src/com/android/settings/cmstats/ReportingServiceManager.java b/src/com/android/settings/cmstats/ReportingServiceManager.java +deleted file mode 100644 +index 540f55e4d..000000000 +--- a/src/com/android/settings/cmstats/ReportingServiceManager.java ++++ /dev/null +@@ -1,113 +0,0 @@ +-/* +- * Copyright (C) 2012 The CyanogenMod Project +- * +- * Licensed under the Apache License, Version 2.0 (the "License"); +- * you may not use this file except in compliance with the License. +- * You may obtain a copy of the License at +- * +- * http://www.apache.org/licenses/LICENSE-2.0 +- * +- * Unless required by applicable law or agreed to in writing, software +- * distributed under the License is distributed on an "AS IS" BASIS, +- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +- * See the License for the specific language governing permissions and +- * limitations under the License. +- */ +- +-package com.android.settings.cmstats; +- +-import android.app.AlarmManager; +-import android.app.PendingIntent; +-import android.content.BroadcastReceiver; +-import android.content.Context; +-import android.content.Intent; +-import android.content.SharedPreferences; +-import android.net.ConnectivityManager; +-import android.net.NetworkInfo; +-import android.provider.Settings; +-import android.util.Log; +- +-public class ReportingServiceManager extends BroadcastReceiver { +- private static final long MILLIS_PER_HOUR = 60L * 60L * 1000L; +- private static final long MILLIS_PER_DAY = 24L * MILLIS_PER_HOUR; +- private static final long UPDATE_INTERVAL = 1L * MILLIS_PER_DAY; +- +- @Override +- public void onReceive(Context context, Intent intent) { +- if (intent.getAction().equals(Intent.ACTION_BOOT_COMPLETED)) { +- setAlarm(context, 0); +- } else { +- launchService(context); +- } +- } +- +- public static void setAlarm(Context context, long millisFromNow) { +- SharedPreferences prefs = AnonymousStats.getPreferences(context); +- if (prefs.contains(AnonymousStats.ANONYMOUS_OPT_IN)) { +- migrate(context, prefs); +- } +- if (!Utilities.isStatsCollectionEnabled(context)) { +- return; +- } +- +- if (millisFromNow <= 0) { +- long lastSynced = prefs.getLong(AnonymousStats.ANONYMOUS_LAST_CHECKED, 0); +- if (lastSynced == 0) { +- // never synced, so let's fake out that the last sync was just now. +- // this will allow the user tFrame time to opt out before it will start +- // sending up anonymous stats. +- lastSynced = System.currentTimeMillis(); +- prefs.edit().putLong(AnonymousStats.ANONYMOUS_LAST_CHECKED, lastSynced).apply(); +- Log.d(ReportingService.TAG, "Set alarm for first sync."); +- } +- millisFromNow = (lastSynced + UPDATE_INTERVAL) - System.currentTimeMillis(); +- } +- +- Intent intent = new Intent(ConnectivityManager.CONNECTIVITY_ACTION); +- intent.setClass(context, ReportingServiceManager.class); +- +- AlarmManager alarmManager = (AlarmManager) context.getSystemService(Context.ALARM_SERVICE); +- alarmManager.set(AlarmManager.RTC_WAKEUP, System.currentTimeMillis() + millisFromNow, +- PendingIntent.getBroadcast(context, 0, intent, 0)); +- Log.d(ReportingService.TAG, "Next sync attempt in : " + millisFromNow / MILLIS_PER_HOUR + " hours"); +- } +- +- public static void launchService(Context context) { +- ConnectivityManager cm = (ConnectivityManager) +- context.getSystemService(Context.CONNECTIVITY_SERVICE); +- +- NetworkInfo networkInfo = cm.getActiveNetworkInfo(); +- if (networkInfo == null || !networkInfo.isConnected()) { +- return; +- } +- +- SharedPreferences prefs = AnonymousStats.getPreferences(context); +- +- if (!Utilities.isStatsCollectionEnabled(context)) { +- return; +- } +- +- long lastSynced = prefs.getLong(AnonymousStats.ANONYMOUS_LAST_CHECKED, 0); +- if (lastSynced == 0) { +- setAlarm(context, 0); +- return; +- } +- long timeElapsed = System.currentTimeMillis() - lastSynced; +- if (timeElapsed < UPDATE_INTERVAL) { +- long timeLeft = UPDATE_INTERVAL - timeElapsed; +- Log.d(ReportingService.TAG, "Waiting for next sync : " + timeLeft / MILLIS_PER_HOUR + " hours"); +- return; +- } +- +- Intent intent = new Intent(); +- intent.setClass(context, ReportingService.class); +- context.startService(intent); +- } +- +- private static void migrate(Context context, SharedPreferences prefs) { +- Utilities.setStatsCollectionEnabled(context, +- prefs.getBoolean(AnonymousStats.ANONYMOUS_OPT_IN, true)); +- prefs.edit().remove(AnonymousStats.ANONYMOUS_OPT_IN).commit(); +- } +- +-} +diff --git a/src/com/android/settings/cmstats/Utilities.java b/src/com/android/settings/cmstats/Utilities.java +deleted file mode 100644 +index 4d4ff48fa..000000000 +--- a/src/com/android/settings/cmstats/Utilities.java ++++ /dev/null +@@ -1,99 +0,0 @@ +-/* +- * Copyright (C) 2012 The CyanogenMod Project +- * +- * Licensed under the Apache License, Version 2.0 (the "License"); +- * you may not use this file except in compliance with the License. +- * You may obtain a copy of the License at +- * +- * http://www.apache.org/licenses/LICENSE-2.0 +- * +- * Unless required by applicable law or agreed to in writing, software +- * distributed under the License is distributed on an "AS IS" BASIS, +- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +- * See the License for the specific language governing permissions and +- * limitations under the License. +- */ +- +-package com.android.settings.cmstats; +- +-import android.content.Context; +-import android.os.SystemProperties; +-import android.provider.Settings; +-import android.telephony.TelephonyManager; +-import android.text.TextUtils; +- +-import java.math.BigInteger; +-import java.net.NetworkInterface; +-import java.security.MessageDigest; +- +-public class Utilities { +- public static String getUniqueID(Context context) { +- final String id = Settings.Secure.getString(context.getContentResolver(), Settings.Secure.ANDROID_ID); +- return digest(context.getPackageName() + id); +- } +- +- public static String getCarrier(Context context) { +- TelephonyManager tm = (TelephonyManager) context.getSystemService(Context.TELEPHONY_SERVICE); +- String carrier = tm.getNetworkOperatorName(); +- if (TextUtils.isEmpty(carrier)) { +- carrier = "Unknown"; +- } +- return carrier; +- } +- +- public static String getCarrierId(Context context) { +- TelephonyManager tm = (TelephonyManager) context.getSystemService(Context.TELEPHONY_SERVICE); +- String carrierId = tm.getNetworkOperator(); +- if (TextUtils.isEmpty(carrierId)) { +- carrierId = "0"; +- } +- return carrierId; +- } +- +- public static String getCountryCode(Context context) { +- TelephonyManager tm = (TelephonyManager) context.getSystemService(Context.TELEPHONY_SERVICE); +- String countryCode = tm.getNetworkCountryIso(); +- if (TextUtils.isEmpty(countryCode)) { +- countryCode = "Unknown"; +- } +- return countryCode; +- } +- +- public static String getDevice() { +- return SystemProperties.get("ro.cm.device"); +- } +- +- public static String getModVersion() { +- return SystemProperties.get("ro.cm.version"); +- } +- +- public static String digest(String input) { +- try { +- MessageDigest md = MessageDigest.getInstance("MD5"); +- return new BigInteger(1, md.digest(input.getBytes())).toString(16).toUpperCase(); +- } catch (Exception e) { +- return null; +- } +- } +- +- /** +- * Check to see if global stats are enabled. +- * @param context +- * @return Whether or not stats collection is enabled. +- */ +- public static boolean isStatsCollectionEnabled(Context context) { +- return Settings.System.getInt(context.getContentResolver(), +- Settings.System.STATS_COLLECTION, 1) != 0; +- } +- +- /** +- * Enabled or disable stats collection +- * @param context +- * @param enabled Boolean that sets collection being enabled. +- */ +- public static void setStatsCollectionEnabled(Context context, boolean enabled) { +- int enable = (enabled) ? 1 : 0; +- Settings.System.putInt(context.getContentResolver(), +- Settings.System.STATS_COLLECTION, enable); +- } +-} +diff --git a/src/com/android/settings/cyanogenmod/PrivacySettings.java b/src/com/android/settings/cyanogenmod/PrivacySettings.java +index 49bc7b497..6c6021f76 100644 +--- a/src/com/android/settings/cyanogenmod/PrivacySettings.java ++++ b/src/com/android/settings/cyanogenmod/PrivacySettings.java +@@ -54,7 +54,6 @@ public class PrivacySettings extends SettingsPreferenceFragment { + mBlacklist = null; + } + +- addPreferencesFromResource(R.xml.security_settings_cyanogenmod); + } + + @Override +-- +2.15.0 + diff --git a/Patches/LineageOS-11.0/android_system_core/0001-Harden_Mounts.patch b/Patches/LineageOS-11.0/android_system_core/0001-Harden_Mounts.patch new file mode 100644 index 00000000..ac9ad436 --- /dev/null +++ b/Patches/LineageOS-11.0/android_system_core/0001-Harden_Mounts.patch @@ -0,0 +1,30 @@ +From f19ab3bce2115c6ddf24528885305c3ba038f29b Mon Sep 17 00:00:00 2001 +From: Daniel Micay +Date: Tue, 10 Jul 2018 08:22:08 -0400 +Subject: [PATCH] Harden mounts + +Change-Id: I2db94882224672cac3e54f7d8422d1e036828378 +--- + init/init.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/init/init.c b/init/init.c +index 53e0dae1..d022253b 100644 +--- a/init/init.c ++++ b/init/init.c +@@ -1136,9 +1136,9 @@ int main(int argc, char **argv) + mount("tmpfs", "/dev", "tmpfs", MS_NOSUID, "mode=0755"); + mkdir("/dev/pts", 0755); + mkdir("/dev/socket", 0755); +- mount("devpts", "/dev/pts", "devpts", 0, NULL); +- mount("proc", "/proc", "proc", 0, NULL); +- mount("sysfs", "/sys", "sysfs", 0, NULL); ++ mount("devpts", "/dev/pts", "devpts", MS_NOSUID|MS_NOEXEC, NULL); ++ mount("proc", "/proc", "proc", MS_NOSUID|MS_NODEV|MS_NOEXEC, NULL); ++ mount("sysfs", "/sys", "sysfs", MS_NOSUID|MS_NODEV|MS_NOEXEC, NULL); + + /* indicate that booting is in progress to background fw loaders, etc */ + close(open("/dev/.booting", O_WRONLY | O_CREAT, 0000)); +-- +2.18.0 + diff --git a/Scripts/Common/Deblob.sh b/Scripts/Common/Deblob.sh old mode 100755 new mode 100644 diff --git a/Scripts/LineageOS-11.0/CVE_Patchers/android_kernel_asus_grouper.sh b/Scripts/LineageOS-11.0/CVE_Patchers/android_kernel_asus_grouper.sh new file mode 100644 index 00000000..112adf9e --- /dev/null +++ b/Scripts/LineageOS-11.0/CVE_Patchers/android_kernel_asus_grouper.sh @@ -0,0 +1,75 @@ +#!/bin/bash +cd "$DOS_BUILD_BASE""kernel/asus/grouper" +git apply $DOS_PATCHES_LINUX_CVES/0014-GCC_Patches/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6689/^3.5/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6701/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6704/^3.5/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-2015/^3.8/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-1739/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-2523/^3.13/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-4656/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9420/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9683/^3.18/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9715/^3.14/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9895/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9900/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-1534/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-2041/^3.19/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-2686/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7550/^4.3/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8215/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8944/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-0723/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-0821/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2185/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2186/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2384/^4.5/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2438/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2544/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2545/^4.4/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2546/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2549/^4.4/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3134/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3857/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4569/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4578/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4578/ANY/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5829/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6753/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6828/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-7117/^4.5/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-7910/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-7915/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8399/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8406/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9604/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9793/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9794/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0403/3.0-^3.18/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0404/^3.18/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0648/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0786/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000380/^4.11/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11090/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11473/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13080/ANY/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13215/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13246/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15265/^4.14/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16526/^4.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16532/^4.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16533/^4.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16537/^4.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0005.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17806/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6074/^4.9/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6345/^4.9/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6348/^4.9/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7308/ANY/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7487/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/Untracked/ANY/0008-nfsd-check-for-oversized-NFSv2-v3-arguments.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000111/ANY/0001.patch +editKernelLocalversion "-dos.p71" +cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-11.0/CVE_Patchers/android_kernel_zte_msm8930.sh b/Scripts/LineageOS-11.0/CVE_Patchers/android_kernel_zte_msm8930.sh new file mode 100644 index 00000000..22092626 --- /dev/null +++ b/Scripts/LineageOS-11.0/CVE_Patchers/android_kernel_zte_msm8930.sh @@ -0,0 +1,136 @@ +#!/bin/bash +cd "$DOS_BUILD_BASE""kernel/zte/msm8930" +git apply $DOS_PATCHES_LINUX_CVES/0012-Copperhead-Deny_USB/3.4/3.4-Backport.patch +git apply $DOS_PATCHES_LINUX_CVES/0013-syskaller-Misc/ANY/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/0014-GCC_Patches/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6657/^3.5/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6701/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6703/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6703/ANY/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6704/^3.5/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-2015/^3.8/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-0196/3.4/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-1739/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-2523/^3.13/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-3153/ANY/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-3153/ANY/0004.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-4323/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-4655/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-4656/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-7822/3.2-^3.16/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-7970/3.4/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-8709/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9420/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9683/^3.18/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9715/^3.14/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9870/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9888/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9900/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-1420/3.2-^3.19/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-1593/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-1805/3.4/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-2041/^3.19/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-2686/ANY/0001.patch +#git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-2922/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-3636/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7550/^4.3/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8215/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8937/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8939/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8944/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-0723/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-0774/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-0806/prima/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-0806/prima/0004.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-0806/prima/0006.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-0806/prima/0007.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-0806/prima/0010.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-0821/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-10233/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2185/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2186/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2384/^4.5/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2438/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2544/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2545/^4.4/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2546/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2549/^4.4/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3134/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3138/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3854/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3857/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3865/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3894/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4569/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4578/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4578/ANY/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4805/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5829/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6672/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6728/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6753/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6791/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6828/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-7117/^4.5/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-7910/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-7915/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8399/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8404/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8406/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8463/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8650/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9576/3.4/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9604/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9793/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9794/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0403/3.0-^3.18/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0404/^3.18/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0524/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0611/3.4/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0648/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0710/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0751/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0786/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000251/3.4/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000380/^4.11/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11015/prima/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11015/prima/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11089/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11090/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11473/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-12153/3.2-^3.16/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13080/ANY/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13080-Extra/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13080-Extra/ANY/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13080-Extra/ANY/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13080-Extra/ANY/0004.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13215/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13246/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15265/^4.14/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16526/^4.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16532/^4.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16533/^4.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16535/^4.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16537/^4.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16650/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0005.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17806/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-2671/^4.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6074/^4.9/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6345/^4.9/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6348/^4.9/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6951/^3.14/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7308/ANY/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7487/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7533/3.4/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8246/3.4/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8246/3.4/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8254/3.4/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8254/3.4/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9242/^4.11/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/Untracked/ANY/0008-nfsd-check-for-oversized-NFSv2-v3-arguments.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000111/ANY/0001.patch +editKernelLocalversion "-dos.p132" +cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-11.0/Defaults.sh b/Scripts/LineageOS-11.0/Defaults.sh new file mode 100644 index 00000000..d1e221e8 --- /dev/null +++ b/Scripts/LineageOS-11.0/Defaults.sh @@ -0,0 +1,44 @@ +#!/bin/bash +#DivestOS: A privacy oriented Android distribution +#Copyright (c) 2017-2018 Divested Computing, Inc. +# +#This program is free software: you can redistribute it and/or modify +#it under the terms of the GNU General Public License as published by +#the Free Software Foundation, either version 3 of the License, or +#(at your option) any later version. +# +#This program is distributed in the hope that it will be useful, +#but WITHOUT ANY WARRANTY; without even the implied warranty of +#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +#GNU General Public License for more details. +# +#You should have received a copy of the GNU General Public License +#along with this program. If not, see . + +#Changes various default settings +#Last verified: 2018-07-10 + +#Useful commands +#nano $(find . -name "config.xml" | grep "values/" | grep -v "device" | grep -v "tests") +#nano $(find . -name "defaults.xml" | grep "values/" | grep -v "device") + +echo "Changing default settings..."; + +enter "packages/apps/Dialer"; +sed -i 's/ENABLE_FORWARD_LOOKUP, 1)/ENABLE_FORWARD_LOOKUP, 0)/' src/com/android/dialer/*/LookupSettings*.java; #Disable FLP +sed -i 's/ENABLE_PEOPLE_LOOKUP, 1)/ENABLE_PEOPLE_LOOKUP, 0)/' src/com/android/dialer/*/LookupSettings*.java; #Disable PLP +sed -i 's/ENABLE_REVERSE_LOOKUP, 1)/ENABLE_REVERSE_LOOKUP, 0)/' src/com/android/dialer/*/LookupSettings*.java; #Disable RLP + +enter "packages/apps/Nfc"; +sed -i 's/boolean NFC_ON_DEFAULT = true;/boolean NFC_ON_DEFAULT = false;/' src/com/android/nfc/NfcService.java; #Disable NFC +sed -i 's/boolean NDEF_PUSH_ON_DEFAULT = true;/boolean NDEF_PUSH_ON_DEFAULT = false;/' src/com/android/nfc/NfcService.java; #Disable NDEF Push + +enter "packages/apps/Settings"; +sed -i 's/Float.parseFloat(newValue.toString()) : 1;/Float.parseFloat(newValue.toString()) : 0.5f;/' src/com/android/settings/DevelopmentSettings.java; #Always reset animation scales to 0.5 + +enter "vendor/cm"; +sed -i 's/ro.config.notification_sound=Argon.ogg/ro.config.notification_sound=Pong.ogg/' config/common*.mk; +sed -i 's/ro.config.alarm_alert=Hassium.ogg/ro.config.alarm_alert=Alarm_Buzzer.ogg/' config/common*.mk; + +cd "$DOS_BUILD_BASE"; +echo "Default settings changed!"; diff --git a/Scripts/LineageOS-11.0/Functions.sh b/Scripts/LineageOS-11.0/Functions.sh new file mode 100644 index 00000000..00c405cb --- /dev/null +++ b/Scripts/LineageOS-11.0/Functions.sh @@ -0,0 +1,70 @@ +#!/bin/bash +#DivestOS: A privacy oriented Android distribution +#Copyright (c) 2017-2018 Divested Computing, Inc. +# +#This program is free software: you can redistribute it and/or modify +#it under the terms of the GNU General Public License as published by +#the Free Software Foundation, either version 3 of the License, or +#(at your option) any later version. +# +#This program is distributed in the hope that it will be useful, +#but WITHOUT ANY WARRANTY; without even the implied warranty of +#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +#GNU General Public License for more details. +# +#You should have received a copy of the GNU General Public License +#along with this program. If not, see . + +#Last verified: 2018-07-10 + +patchAllKernels() { + startPatcher "kernel_asus_grouper kernel_zte_msm8930"; +} +export -f patchAllKernels; + +resetWorkspace() { + repo forall -c 'git add -A && git reset --hard' && rm -rf packages/apps/{FDroid,GmsCore} out && repo sync -j20 --force-sync; +} +export -f resetWorkspace; + +scanWorkspaceForMalware() { + scanQueue="$DOS_BUILD_BASE/abi $DOS_BUILD_BASE/android $DOS_BUILD_BASE/bionic $DOS_BUILD_BASE/bootable $DOS_BUILD_BASE/build $DOS_BUILD_BASE/dalvik $DOS_BUILD_BASE/device $DOS_BUILD_BASE/hardware $DOS_BUILD_BASE/libcore $DOS_BUILD_BASE/libnativehelper $DOS_BUILD_BASE/ndk $DOS_BUILD_BASE/packages $DOS_BUILD_BASE/pdk $DOS_BUILD_BASE/sdk $DOS_BUILD_BASE/system"; + scanQueue=$scanQueue" $DOS_BUILD_BASE/vendor/cm $DOS_BUILD_BASE/vendor/cmsdk"; + scanForMalware true $scanQueue; +} +export -f scanWorkspaceForMalware; + +buildDevice() { + brunch "cm_$1-user"; +} +export -f buildDevice; + +buildDeviceDebug() { + unset SIGNING_KEY_DIR; + unset OTA_PACKAGE_SIGNING_KEY; + brunch "cm_$1-eng"; +} +export -f buildDeviceDebug; + +buildAll() { + if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanWorkspaceForMalware; fi; + #Select devices are userdebug due to SELinux policy issues + brunch lineage_grouper-userdebug; + brunch lineage_nex-userdebug; +} +export -f buildAll; + +patchWorkspace() { + if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/cm"; fi; + #source build/envsetup.sh; + + source "$DOS_SCRIPTS/Patch.sh"; + source "$DOS_SCRIPTS/Defaults.sh"; + source "$DOS_SCRIPTS/Rebrand.sh"; + #if [ "$DOS_OVERCLOCKS_ENABLED" = true ]; then source "$DOS_SCRIPTS/Overclock.sh"; fi; + source "$DOS_SCRIPTS/Optimize.sh"; + source "$DOS_SCRIPTS_COMMON/Deblob.sh"; + source "$DOS_SCRIPTS_COMMON/Patch_CVE.sh"; + source build/envsetup.sh; +} +export -f patchWorkspace; diff --git a/Scripts/LineageOS-11.0/Optimize.sh b/Scripts/LineageOS-11.0/Optimize.sh new file mode 100644 index 00000000..01437c3b --- /dev/null +++ b/Scripts/LineageOS-11.0/Optimize.sh @@ -0,0 +1,27 @@ +#!/bin/bash +#DivestOS: A privacy oriented Android distribution +#Copyright (c) 2017-2018 Divested Computing, Inc. +# +#This program is free software: you can redistribute it and/or modify +#it under the terms of the GNU General Public License as published by +#the Free Software Foundation, either version 3 of the License, or +#(at your option) any later version. +# +#This program is distributed in the hope that it will be useful, +#but WITHOUT ANY WARRANTY; without even the implied warranty of +#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +#GNU General Public License for more details. +# +#You should have received a copy of the GNU General Public License +#along with this program. If not, see . + +#Attempts to increase performance and battery life +#Last verified: 2018-07-10 + +echo "Optimizing..."; + +enter "kernel" +sed -i "s/#define VM_MAX_READAHEAD\t128/#define VM_MAX_READAHEAD\t512/" ./*/*/include/linux/mm.h; #Lee Susman : Change the VM_MAX_READAHEAD value from the default 128KB to 512KB. This will allow the readahead window to grow to a maximum size of 512KB, which greatly benefits to sequential read throughput. + +cd "$DOS_BUILD_BASE"; +echo "Optimizing complete!"; diff --git a/Scripts/LineageOS-11.0/Patch.sh b/Scripts/LineageOS-11.0/Patch.sh new file mode 100644 index 00000000..6da47932 --- /dev/null +++ b/Scripts/LineageOS-11.0/Patch.sh @@ -0,0 +1,151 @@ +#!/bin/bash +#DivestOS: A privacy oriented Android distribution +#Copyright (c) 2015-2018 Divested Computing, Inc. +# +#This program is free software: you can redistribute it and/or modify +#it under the terms of the GNU General Public License as published by +#the Free Software Foundation, either version 3 of the License, or +#(at your option) any later version. +# +#This program is distributed in the hope that it will be useful, +#but WITHOUT ANY WARRANTY; without even the implied warranty of +#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +#GNU General Public License for more details. +# +#You should have received a copy of the GNU General Public License +#along with this program. If not, see . + +#Last verified: 2018-07-10 + +#Initialize aliases +#source ../../Scripts/init.sh + +#Delete Everything and Sync +#resetWorkspace + +#Apply all of our changes +#patchWorkspace + +#Build! +#buildDevice [device] +#buildAll + +#Generate an incremental +#./build/tools/releasetools/ota_from_target_files --block -t 8 -i old.zip new.zip update.zip + +#Generate firmware deblobber +#mka firmware_deblobber + +# +#START OF PREPRATION +# +#Download some (non-executable) out-of-tree files for use later on +cd "$DOS_TMP_DIR"; +if [ "$DOS_HOSTS_BLOCKING" = true ]; then wget "$DOS_HOSTS_BLOCKING_LIST" -N; fi; +cd "$DOS_BUILD_BASE"; + +#Accept all SDK licences, not normally needed but Gradle managed apps fail without it +mkdir -p "$ANDROID_HOME/licenses"; +echo -e "\n8933bad161af4178b1185d1a37fbf41ea5269c55\nd56f5187479451eabf01fb78af6dfcb131a6481e" > "$ANDROID_HOME/licenses/android-sdk-license"; +echo -e "\n84831b9409646a918e30573bab4c9c91346d8abd" > "$ANDROID_HOME/licenses/android-sdk-preview-license"; +# +#END OF PREPRATION +# + +# +#START OF ROM CHANGES +# + +#top dir +cp -r "$DOS_PREBUILT_APPS""Fennec_DOS-Shim" "$DOS_BUILD_BASE""packages/apps/"; #Add a shim to install Fennec DOS without actually including the large APK +gpgVerifyDirectory "$DOS_PREBUILT_APPS""android_vendor_FDroid_PrebuiltApps/packages"; +cp -r "$DOS_PREBUILT_APPS""android_vendor_FDroid_PrebuiltApps/." "$DOS_BUILD_BASE""vendor/fdroid_prebuilt/"; #Add the prebuilt apps +cp -r "$DOS_PATCHES_COMMON""android_vendor_divested/." "$DOS_BUILD_BASE""vendor/divested/"; #Add our vendor files + +enterAndClear "build"; +#patch -p1 < "$DOS_PATCHES/android_build/0001-Automated_Build_Signing.patch"; #Automated build signing (CopperheadOS-13.0) #TODO +sed -i 's/Mms/Silence/' target/product/*.mk; #Replace AOSP Messaging app with Silence +sed -i '50i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #TODO PR FIX ME +sed -i '296iLOCAL_AAPT_FLAGS += --auto-add-overlay' core/package_internal.mk; + +enterAndClear "external/sqlite"; +patch -p1 < "$DOS_PATCHES/android_external_sqlite/0001-Secure_Delete.patch"; #Enable secure_delete by default (CopperheadOS-13.0) + +enterAndClear "frameworks/base"; +sed -i 's/com.android.mms/org.smssecure.smssecure/' core/res/res/values/config.xml; #Change default SMS app to Silence +sed -i 's|db_default_journal_mode">PERSIST|db_default_journal_mode">TRUNCATE|' core/res/res/values/config.xml; #Mirror SQLite secure_delete +if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_base/0001-Signature_Spoofing.patch"; fi; #Allow packages to spoof their signature (microG) +if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_base/0002-Harden_Sig_Spoofing.patch"; fi; #Restrict signature spoofing to system apps signed with the platform key +changeDefaultDNS; +#patch -p1 < "$DOS_PATCHES/android_frameworks_base/0008-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries #TODO + +enterAndClear "packages/apps/Settings"; +sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/ChooseLockPassword.java; #Increase max password length +if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/PrivacySettings.java; fi; #microG doesn't support Backup, hide the options +#patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0001-CMStats.patch"; #Remove CMStats #TOOD + + +enterAndClear "packages/apps/Trebuchet"; +#cp -r "$DOS_PATCHES_COMMON/android_packages_apps_Trebuchet/default_workspace/." "res/xml/"; #TODO +sed -i 's/mCropView.setTouchEnabled(touchEnabled);/mCropView.setTouchEnabled(true);/' WallpaperPicker/src/com/android/launcher3/WallpaperCropActivity.java; + +enterAndClear "system/core"; +if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file +patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden_Mounts.patch"; #Harden mounts with nodev/noexec/nosuid (CopperheadOS-13.0) + +enterAndClear "vendor/cm"; +rm -rf terminal; +awk -i inplace '!/50-cm.sh/' config/common.mk; #Make sure our hosts is always used +if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then + awk -i inplace '!/DSPManager/' config/common.mk; +fi; +if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then sed -i '/Google provider/!b;n;s/com.google.android.gms/org.microg.nlp/' overlay/common/frameworks/base/core/res/res/values/config.xml; fi; +sed -i 's/CM_BUILDTYPE := UNOFFICIAL/CM_BUILDTYPE := dos/' config/common.mk; #Change buildtype +if [ "$DOS_NON_COMMERCIAL_USE_PATCHES" = true ]; then sed -i 's/CM_BUILDTYPE := dos/CM_BUILDTYPE := dosNC/' config/common.mk; fi; +sed -i 's/Mms/Silence/' config/telephony.mk; #Replace AOSP Messaging app with Silence +echo 'include vendor/divested/divestos.mk' >> config/common.mk; #Include our customizations + +enter "vendor/divested"; +if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then echo "PRODUCT_PACKAGES += GmsCore GsfProxy FakeStore" >> packages.mk; fi; +if [ "$DOS_HOSTS_BLOCKING" = false ]; then echo "PRODUCT_PACKAGES += $DOS_HOSTS_BLOCKING_APP" >> packages.mk; fi; +# +#END OF ROM CHANGES +# + +# +#START OF DEVICE CHANGES +# +enterAndClear "device/asus/grouper"; +mv cm.mk lineage.mk; +sed -i 's/cm_/lineage_/' lineage.mk; +#In proprietary/Android.mk +# Remove widevine and tf_daemon + +enterAndClear "device/zte/nex" +sed -i 's/ro.sf.lcd_density=240/ro.sf.lcd_density=180/' system.prop; +echo "TARGET_DISPLAY_USE_RETIRE_FENCE := true" >> BoardConfig.mk; +sed -i 's/libm libc/libm libc libutils/' charger/Android.mk; +mv cm.mk lineage.mk; +sed -i 's/cm_/lineage_/' lineage.mk vendorsetup.sh; +awk -i inplace '!/WCNSS_qcom_wlan_nv_2.bin/' proprietary-files.txt; +#In nex-vendor-blobs.mk +# "system/lib/libtime_genoff.so" -> "obj/lib/libtime_genoff.so" + +enterAndClear "kernel/zte/msm8930" +patch -p1 < $patches"/android_kernel_zte_msm8930/0001-MDP-Fix.patch"; + +#Make changes to all devices +cd "$DOS_BUILD_BASE"; +find "hardware/qcom/gps" -name "gps\.conf" -type f -exec bash -c 'hardenLocation "$0"' {} \;; +find "device" -name "gps\.conf" -type f -exec bash -c 'hardenLocation "$0"' {} \;; +find "device" -maxdepth 2 -mindepth 2 -type d -exec bash -c 'hardenUserdata "$0"' {} \;; +find "kernel" -maxdepth 2 -mindepth 2 -type d -exec bash -c 'hardenDefconfig "$0"' {} \;; +cd "$DOS_BUILD_BASE"; + +#Fixes +#Fix broken options enabled by hardenDefconfig() +#sed -i "s/CONFIG_DEBUG_RODATA=y/# CONFIG_DEBUG_RODATA is not set/" kernel/google/msm/arch/arm/configs/lineageos_*_defconfig; +sed -i "s/# CONFIG_COMPAT_BRK is not set/CONFIG_COMPAT_BRK=y/" kernel/zte/msm8930/arch/arm/configs/msm8960-nex_defconfig; +# +#END OF DEVICE CHANGES +# diff --git a/Scripts/LineageOS-11.0/Rebrand.sh b/Scripts/LineageOS-11.0/Rebrand.sh new file mode 100644 index 00000000..7dc89163 --- /dev/null +++ b/Scripts/LineageOS-11.0/Rebrand.sh @@ -0,0 +1,51 @@ +#!/bin/bash +#DivestOS: A privacy oriented Android distribution +#Copyright (c) 2017-2018 Divested Computing, Inc. +# +#This program is free software: you can redistribute it and/or modify +#it under the terms of the GNU General Public License as published by +#the Free Software Foundation, either version 3 of the License, or +#(at your option) any later version. +# +#This program is distributed in the hope that it will be useful, +#but WITHOUT ANY WARRANTY; without even the implied warranty of +#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +#GNU General Public License for more details. +# +#You should have received a copy of the GNU General Public License +#along with this program. If not, see . + +#Updates select user facing strings +#Last verified: 2018-04-27 + +echo "Rebranding..."; + +enter "bootable/recovery-cm"; +sed -i 's|CyanogenMod Simple Recovery|'"$DOS_BRANDING_NAME"' Recovery|' ./recovery.cpp; + +enter "build"; +sed -i 's|echo "ro.build.user=$USER"|echo "ro.build.user=emy"|' tools/buildinfo.sh; #Override build user +sed -i 's|echo "ro.build.host=`hostname`"|echo "ro.build.host=dosbm"|' tools/buildinfo.sh; #Override build host +sed -i '/CM_TARGET_PACKAGE/s/lineage/'"$DOS_BRANDING_ZIP_PREFIX"'/' core/Makefile; + +enter "frameworks/base"; +generateBootAnimationMask "$DOS_BRANDING_NAME" "$DOS_BRANDING_BOOTANIMATION_FONT" core/res/assets/images/android-logo-mask.png; +generateBootAnimationShine "$DOS_BRANDING_BOOTANIMATION_COLOR" "$DOS_BRANDING_BOOTANIMATION_STYLE" core/res/assets/images/android-logo-shine.png; + +enter "packages/apps/Settings"; +sed -i '/.*cmlicense_title/s/LineageOS/'"$DOS_BRANDING_NAME"'/' res/values*/cm_strings.xml +sed -i '/.*cmlicense_activity_title/s/LineageOS/'"$DOS_BRANDING_NAME"'/' res/values*/cm_strings.xml +sed -i '/.*cmupdate_settings_title/s/LineageOS/'"$DOS_BRANDING_NAME"'/' res/values*/cm_strings.xml +sed -i '/.*mod_version/s/LineageOS/'"$DOS_BRANDING_NAME"'/' res/values*/cm_strings.xml +sed -i '/.*privacy_settings_cyanogenmod_category/s/LineageOS/'"$DOS_BRANDING_NAME"'/' res/values*/cm_strings.xml + +enter "packages/apps/CMUpdater"; +sed -i 's|https://download.cyanogenmod.org/api|'"$DOS_BRANDING_SERVER_OTA"'|' res/values/config.xml; + +enter "vendor/cm"; +sed -i 's|https://lineageos.org/legal|'"$DOS_BRANDING_LINK_ABOUT"'|' config/common.mk; +sed -i '/.*ZIPPATH=/s/lineage/'"$DOS_BRANDING_ZIP_PREFIX"'/' build/envsetup.sh; +rm -rf bootanimation; + +cd "$DOS_BUILD_BASE"; +echo "Rebranding complete!"; diff --git a/Scripts/LineageOS-14.1/Patch.sh b/Scripts/LineageOS-14.1/Patch.sh old mode 100755 new mode 100644 index db9a9e06..4bc31cb1 --- a/Scripts/LineageOS-14.1/Patch.sh +++ b/Scripts/LineageOS-14.1/Patch.sh @@ -86,7 +86,6 @@ changeDefaultDNS; #patch -p1 < "$DOS_PATCHES/android_frameworks_base/0007-Connectivity.patch"; #Change connectivity check URLs to ours patch -p1 < "$DOS_PATCHES/android_frameworks_base/0008-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries rm -rf packages/PrintRecommendationService; #App that just creates popups to install proprietary print apps -rm -f core/res/res/*/*.orig; if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then enterAndClear "frameworks/opt/net/ims"; diff --git a/Scripts/LineageOS-15.1/Patch.sh b/Scripts/LineageOS-15.1/Patch.sh old mode 100755 new mode 100644 index 1208104e..ed34d77a --- a/Scripts/LineageOS-15.1/Patch.sh +++ b/Scripts/LineageOS-15.1/Patch.sh @@ -87,7 +87,6 @@ changeDefaultDNS; #patch -p1 < "$DOS_PATCHES/android_frameworks_base/0005-Connectivity.patch"; #Change connectivity check URLs to ours patch -p1 < "$DOS_PATCHES/android_frameworks_base/0006-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries rm -rf packages/PrintRecommendationService; #App that just creates popups to install proprietary print apps -rm -f core/res/res/*/*.orig; if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then enterAndClear "frameworks/opt/net/ims"; @@ -109,7 +108,6 @@ if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then awk -i inplace '!/LineageAud enterAndClear "packages/apps/LineageParts"; rm -rf src/org/lineageos/lineageparts/lineagestats/ res/xml/anonymous_stats.xml res/xml/preview_data.xml #Nuke part of the analytics patch -p1 < "$DOS_PATCHES/android_packages_apps_LineageParts/0001-Remove_Analytics.patch"; #Remove analytics -rm -f AndroidManifest.xml.orig res/*/*.orig; enterAndClear "packages/apps/Settings"; git revert a96df110e84123fe1273bff54feca3b4ca484dcd; #don't hide oem unlock @@ -117,7 +115,6 @@ patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Tog patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0004-PDB_Fixes.patch"; #Fix crashes when the PersistentDataBlockManager service isn't available sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase max password length if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/PrivacySettings.java; fi; #microG doesn't support Backup, hide the options -rm -f res/*/*.orig; enterAndClear "packages/apps/SetupWizard"; patch -p1 < "$DOS_PATCHES/android_packages_apps_SetupWizard/0001-Remove_Analytics.patch"; #Remove analytics