mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2025-05-02 06:26:20 -04:00
Many fixes to get bluejay booting & working proper
- Enable APEX for Pixel 6/7, necessary for camera and pKVM - Also drop hack removing pKVM for Pixel 6/7 - patch from GrapheneOS - Extend hmalloc workaround to /apex - Deblobber: - actually handle wildcard f/w/b overlays - move some stuff around - remove some more Pixel blobs - flag and disable removal of camera extensions, being able to use the second camera is nice - Adjust what hardenDefconfig disables, caused boot issues minimal impact as most of these are already default-disabled can be narrowed down in future - Disable some of the bionic hardening patches, causing more boot issues annoying to lose, but having a phone that boots is more important - Add LTE only mode to 17.1, 18.1, 19.1, and 20.0, credit GrapheneOS - Remove Pixel 2 ramdisk compression reverts, fixed upstream And yes, I know I should've split up this commit... Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
Tad
parent
751d1e8d72
commit
06254708be
19 changed files with 884 additions and 100 deletions
|
|
@ -107,7 +107,7 @@ echo "Deblobbing...";
|
|||
#CMN (?) [?]
|
||||
#blobs=$blobs"|cmnlib.*";
|
||||
|
||||
#CNE (Automatic Cell/Wi-Fi Switching) [Qualcomm]
|
||||
#CNE (VoWiFi) [Qualcomm]
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_CNE" = true ]; then
|
||||
#blobs=$blobs"|libcneapiclient.so|libNimsWrap.so|com.quicinc.cne.*.so"; #XXX: Breaks radio
|
||||
blobs=$blobs"|andsfCne.xml|ATT_profile.*.xml|cneapiclient.xml|com.quicinc.cne.xml|ConnectivityExt.xml|profile1.xml|profile2.xml|profile3.xml|profile4.xml|profile5.xml|ROW_profile.*.xml|SwimConfig.xml|VZW_profile.*.xml";
|
||||
|
|
@ -120,6 +120,9 @@ echo "Deblobbing...";
|
|||
#makes=$makes"|libcnefeatureconfig"; XXX: breaks radio
|
||||
sepolicy=$sepolicy" cnd.te qcneservice.te";
|
||||
manifests=$manifests"|com.quicinc.cne|iwlan";
|
||||
blobs=$blobs"|QualifiedNetworksService.apk"; #Google
|
||||
blobs=$blobs"|qualifiednetworksservice.xml";
|
||||
makes=$makes"|Iwlan";
|
||||
fi;
|
||||
|
||||
#CPPF (DRM) [?]
|
||||
|
|
@ -268,17 +271,16 @@ echo "Deblobbing...";
|
|||
#[Google]
|
||||
blobs=$blobs"|TetheringEntitlement.apk|CarrierLocation.apk|CarrierWifi.apk";
|
||||
blobs=$blobs"|CarrierSettings.apk|CarrierSetup.apk";
|
||||
blobs=$blobs"|CarrierServices.apk";
|
||||
blobs=$blobs"|HardwareInfo.apk";
|
||||
blobs=$blobs"|SCONE.apk"; #???
|
||||
blobs=$blobs"|DevicePersonalizationPrebuilt.*.apk|DeviceIntelligence.*.apk";
|
||||
blobs=$blobs"|QualifiedNetworksService.apk";
|
||||
blobs=$blobs"|qualifiednetworksservice.xml";
|
||||
blobs=$blobs"|libhwinfo.jar|com.google.android.hardwareinfo.xml";
|
||||
overlay=$overlay"|config_defaultAttentionService|config_defaultSystemCaptionsManagerService|config_defaultSystemCaptionsService|config_systemAmbientAudioIntelligence|config_systemAudioIntelligence|config_systemNotificationIntelligence|config_systemTextIntelligence|config_systemUiIntelligence|config_systemVisualIntelligence|config_defaultContentSuggestionsService";
|
||||
overlay=$overlay"|config_defaultWellbeingPackage|config_defaultSupervisionProfileOwnerComponent";
|
||||
overlay=$overlay"|platform_carrier_config_package";
|
||||
|
||||
#EUICC (Virtual SIM) [Google]
|
||||
#eUICC (Virtual SIM) [Google]
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ] || [ "$DOS_DEBLOBBER_REMOVE_EUICC" = true ]; then
|
||||
blobs=$blobs"|EuiccGoogle.apk|EuiccSupportPixel.apk|EuiccSupportPixelPermissions.apk|EuiccGoogleOverlay.apk"; #EUICC is useless without GMS
|
||||
blobs=$blobs"|esim0.img|esim-v1.img|esim-full-v0.img|esim-a1.img|esim-a2.img";
|
||||
|
|
@ -288,7 +290,9 @@ echo "Deblobbing...";
|
|||
fi;
|
||||
|
||||
#Google Camera
|
||||
blobs=$blobs"|com.google.android.camera.*|PixelCameraServices.*.apk";
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_CAMEXT" = true ]; then
|
||||
blobs=$blobs"|com.google.android.camera.*|PixelCameraServices.*.apk";
|
||||
fi;
|
||||
|
||||
#Google NFC
|
||||
blobs=$blobs"|PixelNfc.apk";
|
||||
|
|
@ -297,6 +301,8 @@ echo "Deblobbing...";
|
|||
blobs=$blobs"|grilservice.apk|RilConfigService.apk";
|
||||
blobs=$blobs"|google-ril.jar|RadioConfigLib.jar";
|
||||
blobs=$blobs"|google-ril.xml";
|
||||
blobs=$blobs"|ConnectivityThermalPowerManager.apk";
|
||||
overlay=$overlay"|config_show_adaptive_connectivity";
|
||||
|
||||
#Google Setup Wizard
|
||||
blobs=$blobs"|DreamlinerPrebuilt.apk|DreamlinerUpdater.apk";
|
||||
|
|
@ -350,6 +356,7 @@ echo "Deblobbing...";
|
|||
blobs=$blobs"|imscmservice|imsdatadaemon|imsqmidaemon";
|
||||
blobs=$blobs"|imscm.xml|ims.xml|android.hardware.telephony.ims.xml";
|
||||
blobs=$blobs"|qti_permissions.xml|qti-vzw-ims-internal.xml";
|
||||
blobs=$blobs"|ShannonIms.apk";
|
||||
blobs=$blobs"|imssettings.apk|ims.apk";
|
||||
blobs=$blobs"|imscmlibrary.jar|qti-vzw-ims-internal.jar";
|
||||
blobs=$blobs"|com.qualcomm.qti.imscmservice.*|vendor.qti.ims.*";
|
||||
|
|
@ -364,9 +371,6 @@ echo "Deblobbing...";
|
|||
ipcSec=$ipcSec"|32:4294967295:1001";
|
||||
manifests=$manifests"|qti.ims|radio.ims";
|
||||
fi;
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ] || [ "$DOS_DEBLOBBER_REMOVE_EUICC" = true ]; then
|
||||
blobs=$blobs"|CarrierServices.apk"; #XXX: must be removed along with euicc
|
||||
fi;
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ] || [ "$DOS_DEBLOBBER_REMOVE_RCS" = true ]; then
|
||||
#RCS (Proprietary messaging protocol)
|
||||
#https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/rcs-service/ [useless]
|
||||
|
|
@ -445,7 +449,7 @@ echo "Deblobbing...";
|
|||
|
||||
#Music Detection [Google]
|
||||
blobs=$blobs"|AmbientSensePrebuilt.apk";
|
||||
blobs=$blobs"|dnd.descriptor|dnd.sound_model|music_detector.descriptor|music_detector.sound_model";
|
||||
blobs=$blobs"|dnd.descriptor|dnd.sound_model|music_detector.descriptor|music_detector.sound_model|matcher_tah.leveldb";
|
||||
|
||||
#[Motorola] #See: http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html
|
||||
blobs=$blobs"|BuaContactAdapter.apk|com.motorola.DirectedSMSProxy.xml|com.motorola.msimsettings.xml";
|
||||
|
|
@ -720,7 +724,7 @@ deblobDevice() {
|
|||
sed -i 's/bluetooth.emb_wp_mode=true/bluetooth.emb_wp_mode=false/' *.prop *.mk &>/dev/null || true; #Disable WiPower
|
||||
sed -i 's/bluetooth.wipower=true/bluetooth.wipower=false/' *.prop *.mk &>/dev/null || true; #Disable WiPower
|
||||
sed -i 's/wfd.enable=1/wfd.enable=0/' *.prop *.mk &>/dev/null || true; #Disable Wi-Fi display
|
||||
awk -i inplace '!/vendor.camera.extensions/' *.prop *.mk &>/dev/null || true; #Disable camera extensions
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_CAMEXT" = true ]; then awk -i inplace '!/vendor.camera.extensions/' *.prop *.mk &>/dev/null || true; fi; #Disable camera extensions
|
||||
if [ -f system.prop ]; then
|
||||
if ! grep -q "drm.service.enabled=false" system.prop; then echo "drm.service.enabled=false" >> system.prop; fi; #Disable DRM server
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_GRAPHICS" = true ]; then
|
||||
|
|
@ -730,7 +734,6 @@ deblobDevice() {
|
|||
sed -i 's/opengles.version=.*/opengles.version=131072/' system.prop;
|
||||
fi;
|
||||
fi
|
||||
#Disable IMS
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then
|
||||
sed -i 's/ims.volte=true/ims.volte=false/' *.prop *.mk &>/dev/null || true;
|
||||
sed -i 's/ims.vt=true/ims.vt=false/' *.prop *.mk &>/dev/null || true;
|
||||
|
|
@ -746,10 +749,18 @@ deblobDevice() {
|
|||
sed -i 's/dbg.ims_volte_enable=./dbg.ims_volte_enable=0/' *.prop *.mk &>/dev/null || true;
|
||||
sed -i 's/dbg.volte_avail_ovr=1/dbg.volte_avail_ovr=0/' *.prop *.mk &>/dev/null || true;
|
||||
sed -i 's/dbg.vt_avail_ovr=1/dbg.vt_avail_ovr=0/' *.prop *.mk &>/dev/null || true;
|
||||
sed -i 's|<bool name="config_carrier_volte_available">true</bool>|<bool name="config_carrier_volte_available">false</bool>|' overlay*/frameworks/base/core/res/res/values/config.xml &>/dev/null || true;
|
||||
sed -i 's|<bool name="config_carrier_vt_available">true</bool>|<bool name="config_carrier_vt_available">false</bool>|' overlay*/frameworks/base/core/res/res/values/config.xml &>/dev/null || true;
|
||||
sed -i 's|<bool name="config_device_volte_available">true</bool>|<bool name="config_device_volte_available">false</bool>|' overlay*/frameworks/base/core/res/res/values/config.xml &>/dev/null || true;
|
||||
sed -i 's|<bool name="config_device_vt_available">true</bool>|<bool name="config_device_vt_available">false</bool>|' overlay*/frameworks/base/core/res/res/values/config.xml &>/dev/null || true;
|
||||
sed -i 's|<bool name="config_dynamic_bind_ims">true</bool>|<bool name="config_dynamic_bind_ims">false</bool>|' overlay*/frameworks/base/core/res/res/values/config.xml &>/dev/null || true;
|
||||
awk -i inplace '!/config_ims_package/' overlay*/frameworks/base/core/res/res/values/config.xml &>/dev/null || true;
|
||||
fi;
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ] || [ "$DOS_DEBLOBBER_REMOVE_CNE" = true ]; then
|
||||
sed -i 's/data.iwlan.enable=true/data.iwlan.enable=false/' *.prop *.mk &>/dev/null || true;
|
||||
sed -i 's/dbg.wfc_avail_ovr=1/dbg.wfc_avail_ovr=0/' *.prop *.mk &>/dev/null || true;
|
||||
sed -i 's|<bool name="config_device_wfc_ims_available">true</bool>|<bool name="config_device_wfc_ims_available">false</bool>|' overlay*/frameworks/base/core/res/res/values/config.xml &>/dev/null || true;
|
||||
sed -i 's|<bool name="config_carrier_wfc_ims_available">true</bool>|<bool name="config_carrier_wfc_ims_available">false</bool>|' overlay*/frameworks/base/core/res/res/values/config.xml &>/dev/null || true;
|
||||
fi;
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ] || [ "$DOS_DEBLOBBER_REMOVE_RCS" = true ]; then
|
||||
sed -i 's/rcs.supported=./rcs.supported=0/' *.prop *.mk &>/dev/null || true; #Disable RCS
|
||||
|
|
@ -773,27 +784,11 @@ deblobDevice() {
|
|||
sed -i 's/property_set("persist.rcs.supported", ".");/property_set("persist.rcs.supported", "0");/' init/init_*.cpp; #Disable RCS
|
||||
fi;
|
||||
fi;
|
||||
if [ -f overlay/frameworks/base/core/res/res/values/config.xml ]; then
|
||||
awk -i inplace '!/'$overlay'/' overlay*/frameworks/base/core/res/res/values/config.xml;
|
||||
sed -i 's|<bool name="config_enableWifiDisplay">true</bool>|<bool name="config_enableWifiDisplay">false</bool>|' overlay*/frameworks/base/core/res/res/values/config.xml;
|
||||
sed -i 's|<bool name="config_uiBlurEnabled">true</bool>|<bool name="config_uiBlurEnabled">false</bool>|' overlay*/frameworks/base/core/res/res/values/config.xml; #Disable UIBlur
|
||||
#Disable IMS
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then
|
||||
sed -i 's|<bool name="config_carrier_volte_available">true</bool>|<bool name="config_carrier_volte_available">false</bool>|' overlay*/frameworks/base/core/res/res/values/config.xml;
|
||||
sed -i 's|<bool name="config_carrier_vt_available">true</bool>|<bool name="config_carrier_vt_available">false</bool>|' overlay*/frameworks/base/core/res/res/values/config.xml;
|
||||
sed -i 's|<bool name="config_device_volte_available">true</bool>|<bool name="config_device_volte_available">false</bool>|' overlay*/frameworks/base/core/res/res/values/config.xml;
|
||||
sed -i 's|<bool name="config_device_vt_available">true</bool>|<bool name="config_device_vt_available">false</bool>|' overlay*/frameworks/base/core/res/res/values/config.xml;
|
||||
sed -i 's|<bool name="config_dynamic_bind_ims">true</bool>|<bool name="config_dynamic_bind_ims">false</bool>|' overlay*/frameworks/base/core/res/res/values/config.xml;
|
||||
awk -i inplace '!/config_ims_package/' overlay*/frameworks/base/core/res/res/values/config.xml;
|
||||
fi;
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ] || [ "$DOS_DEBLOBBER_REMOVE_CNE" = true ]; then
|
||||
sed -i 's|<bool name="config_device_wfc_ims_available">true</bool>|<bool name="config_device_wfc_ims_available">false</bool>|' overlay*/frameworks/base/core/res/res/values/config.xml;
|
||||
sed -i 's|<bool name="config_carrier_wfc_ims_available">true</bool>|<bool name="config_carrier_wfc_ims_available">false</bool>|' overlay*/frameworks/base/core/res/res/values/config.xml;
|
||||
fi;
|
||||
fi;
|
||||
if [ -f overlay/packages/services/Telephony/res/values/config.xml ]; then
|
||||
awk -i inplace '!/platform_carrier_config_package/' overlay*/packages/services/Telephony/res/values/config.xml;
|
||||
fi;
|
||||
awk -i inplace '!/'$overlay'/' overlay*/frameworks/base/core/res/res/values/config.xml &>/dev/null || true;
|
||||
sed -i 's|<bool name="config_enableWifiDisplay">true</bool>|<bool name="config_enableWifiDisplay">false</bool>|' overlay*/frameworks/base/core/res/res/values/config.xml &>/dev/null || true;
|
||||
sed -i 's|<bool name="config_uiBlurEnabled">true</bool>|<bool name="config_uiBlurEnabled">false</bool>|' overlay*/frameworks/base/core/res/res/values/config.xml &>/dev/null || true; #Disable UIBlur
|
||||
awk -i inplace '!/platform_carrier_config_package/' overlay*/packages/services/Telephony/res/values/config.xml &>/dev/null || true;
|
||||
awk -i inplace '!/config_show_adaptive_connectivity/' overlay*/packages/apps/Settings/res/values/config.xml &>/dev/null || true;
|
||||
if [ -d sepolicy ]; then
|
||||
if [ -z "$replaceTime" ]; then
|
||||
numfiles=(*); numfiles=${#numfiles[@]};
|
||||
|
|
|
|||
|
|
@ -633,9 +633,13 @@ export -f disableEnforceRRO;
|
|||
|
||||
disableAPEX() {
|
||||
cd "$DOS_BUILD_BASE$1";
|
||||
awk -i inplace '!/DEXPREOPT_GENERATE_APEX_IMAGE/' *.mk &>/dev/null || true;
|
||||
awk -i inplace '!/updatable_apex.mk/' *.mk &>/dev/null || true;
|
||||
echo "Disabled APEX for $1";
|
||||
if [[ "$1" != *"device/google/gs101"* ]] && [[ "$1" != *"device/google/gs201"* ]] && [[ "$1" != *"device/google/oriole"* ]] && [[ "$1" != *"device/google/raven"* ]] && [[ "$1" != *"device/google/raviole"* ]] && [[ "$1" != *"device/google/bluejay"* ]] && [[ "$1" != *"device/google/panther"* ]] && [[ "$1" != *"device/google/cheetah"* ]] && [[ "$1" != *"device/google/pantah"* ]]; then
|
||||
awk -i inplace '!/DEXPREOPT_GENERATE_APEX_IMAGE/' *.mk &>/dev/null || true;
|
||||
awk -i inplace '!/updatable_apex.mk/' *.mk &>/dev/null || true;
|
||||
echo "Disabled APEX for $1";
|
||||
else
|
||||
echo "Skipped disabling APEX for $1";
|
||||
fi;
|
||||
cd "$DOS_BUILD_BASE";
|
||||
}
|
||||
export -f disableAPEX;
|
||||
|
|
@ -966,25 +970,26 @@ hardenDefconfig() {
|
|||
declare -a optionsNo=("ACPI_APEI_EINJ" "ACPI_CUSTOM_METHOD" "ACPI_TABLE_UPGRADE");
|
||||
optionsNo+=("CHECKPOINT_RESTORE" "MEM_SOFT_DIRTY");
|
||||
optionsNo+=("CP_ACCESS64" "WLAN_FEATURE_MEMDUMP");
|
||||
optionsNo+=("DEBUG_ATOMIC_SLEEP" "DEBUG_BUS_VOTER" "DEBUG_MUTEXES" "DEBUG_KMEMLEAK" "DEBUG_PAGEALLOC" "DEBUG_STACK_USAGE" "DEBUG_SPINLOCK");
|
||||
optionsNo+=("DEVKMEM" "DEVMEM" "DEVPORT" "EARJACK_DEBUGGER" "PROC_KCORE" "PROC_VMCORE" "X86_PTDUMP");
|
||||
optionsNo+=("HWPOISON_INJECT" "NOTIFIER_ERROR_INJECTION");
|
||||
optionsNo+=("INPUT_EVBUG");
|
||||
optionsNo+=("IOMMU_DEBUG" "IOMMU_DEBUG_TRACKING" "IOMMU_NON_SECURE" "IOMMU_TESTS");
|
||||
optionsNo+=("L2TP_DEBUGFS" "LOCKUP_DETECTOR" "LOG_BUF_MAGIC" "PREEMPT_TRACER");
|
||||
optionsNo+=("MMIOTRACE" "MMIOTRACE_TEST");
|
||||
optionsNo+=("LOG_BUF_MAGIC");
|
||||
optionsNo+=("L2TP_DEBUGFS");
|
||||
optionsNo+=("PAGE_OWNER");
|
||||
optionsNo+=("SLUB_DEBUG" "SLUB_DEBUG_ON");
|
||||
optionsNo+=("TIMER_STATS" "ZSMALLOC_STAT");
|
||||
optionsNo+=("UPROBES");
|
||||
#optionsNo+=("SLUB_DEBUG" "SLUB_DEBUG_ON");
|
||||
#optionsNo+=("STACKLEAK_METRICS" "STACKLEAK_RUNTIME_DISABLE"); #GCC only
|
||||
if [[ $kernelVersion == "4."* ]] || [[ $kernelVersion == "5."* ]]; then
|
||||
#optionsNo+=("DEBUG_FS");
|
||||
optionsNo+=("FTRACE" "KPROBE_EVENTS" "UPROBE_EVENTS" "GENERIC_TRACER" "FUNCTION_TRACER" "STACK_TRACER" "HIST_TRIGGERS" "BLK_DEV_IO_TRACE" "FAIL_FUTEX" "DYNAMIC_DEBUG");
|
||||
fi;
|
||||
if [[ "$1" != *"kernel/oneplus/sm8250"* ]]; then
|
||||
optionsNo+=("CORESIGHT_CSR" "CORESIGHT_CTI_SAVE_DISABLE" "CORESIGHT_CTI" "CORESIGHT_DBGUI" "CORESIGHT_ETM" "CORESIGHT_ETMV4" "CORESIGHT_EVENT" "CORESIGHT_FUNNEL" "CORESIGHT_FUSE" "CORESIGHT_HWEVENT" "CORESIGHT_QPDI" "CORESIGHT_REMOTE_ETM" "CORESIGHT_REPLICATOR" "CORESIGHT_STM_DEFAULT_ENABLE" "CORESIGHT_STM" "CORESIGHT_TMC" "CORESIGHT_TPDA" "CORESIGHT_TPDM_DEFAULT_ENABLE" "CORESIGHT_TPDM" "CORESIGHT_TPIU" "CORESIGHT" "OF_CORESIGHT");
|
||||
fi;
|
||||
#optionsNo+=("MMIOTRACE" "MMIOTRACE_TEST");
|
||||
#optionsNo+=("IOMMU_DEBUG" "IOMMU_DEBUG_TRACKING" "IOMMU_NON_SECURE" "IOMMU_TESTS");
|
||||
#optionsNo+=("DEBUG_ATOMIC_SLEEP" "DEBUG_BUS_VOTER" "DEBUG_MUTEXES" "DEBUG_KMEMLEAK" "DEBUG_PAGEALLOC" "DEBUG_STACK_USAGE" "DEBUG_SPINLOCK");
|
||||
#if [[ $kernelVersion == "4."* ]] || [[ $kernelVersion == "5."* ]]; then
|
||||
# #optionsNo+=("DEBUG_FS");
|
||||
# optionsNo+=("FTRACE" "KPROBE_EVENTS" "UPROBE_EVENTS" "GENERIC_TRACER" "FUNCTION_TRACER" "STACK_TRACER" "HIST_TRIGGERS" "BLK_DEV_IO_TRACE" "FAIL_FUTEX" "DYNAMIC_DEBUG" "PREEMPT_TRACER");
|
||||
#fi;
|
||||
#if [[ "$1" != *"kernel/oneplus/sm8250"* ]]; then
|
||||
# optionsNo+=("CORESIGHT_CSR" "CORESIGHT_CTI_SAVE_DISABLE" "CORESIGHT_CTI" "CORESIGHT_DBGUI" "CORESIGHT_ETM" "CORESIGHT_ETMV4" "CORESIGHT_EVENT" "CORESIGHT_FUNNEL" "CORESIGHT_FUSE" "CORESIGHT_HWEVENT" "CORESIGHT_QPDI" "CORESIGHT_REMOTE_ETM" "CORESIGHT_REPLICATOR" "CORESIGHT_STM_DEFAULT_ENABLE" "CORESIGHT_STM" "CORESIGHT_TMC" "CORESIGHT_TPDA" "CORESIGHT_TPDM_DEFAULT_ENABLE" "CORESIGHT_TPDM" "CORESIGHT_TPIU" "CORESIGHT" "OF_CORESIGHT");
|
||||
#fi;
|
||||
#legacy
|
||||
optionsNo+=("BINFMT_AOUT" "BINFMT_MISC");
|
||||
optionsNo+=("COMPAT_BRK" "COMPAT_VDSO");
|
||||
|
|
@ -1008,7 +1013,7 @@ hardenDefconfig() {
|
|||
optionsNo+=("SLAB_MERGE_DEFAULT");
|
||||
if [[ "$DOS_VERSION" != "LineageOS-20.0" ]]; then optionsNo+=("USERFAULTFD"); fi;
|
||||
#optionsNo+=("CFI_PERMISSIVE");
|
||||
#???
|
||||
#misc
|
||||
optionsNo+=("FB_MSM_MDSS_XLOG_DEBUG" "MSM_BUSPM_DEV" "MSMB_CAMERA_DEBUG" "MSM_CAMERA_DEBUG" "MSM_SMD_DEBUG");
|
||||
optionsNo+=("NEEDS_SYSCALL_FOR_CMPXCHG");
|
||||
optionsNo+=("TSC" "TSPP2");
|
||||
|
|
@ -1022,13 +1027,15 @@ hardenDefconfig() {
|
|||
#optionsNo+=("PROC_PAGE_MONITOR"); #breaks memory stats
|
||||
#optionsNo+=("SCHED_DEBUG"); #breaks compile
|
||||
|
||||
for option in "${optionsNo[@]}"
|
||||
do
|
||||
#If the option is enabled, disable it
|
||||
sed -i 's/CONFIG_'"$option"'=y/CONFIG_'"$option"'=n/' $defconfigPath &>/dev/null || true;
|
||||
#If the option isn't present, add it disabled
|
||||
sed -zi '/CONFIG_'"$option"'=n/!s/$/\nCONFIG_'"$option"'=n/' $defconfigPath &>/dev/null || true;
|
||||
done
|
||||
if [ "$DOS_DEFCONFIG_DISABLER" = true ]; then
|
||||
for option in "${optionsNo[@]}"
|
||||
do
|
||||
#If the option is enabled, disable it
|
||||
sed -i 's/CONFIG_'"$option"'=y/CONFIG_'"$option"'=n/' $defconfigPath &>/dev/null || true;
|
||||
#If the option isn't present, add it disabled
|
||||
sed -zi '/CONFIG_'"$option"'=n/!s/$/\nCONFIG_'"$option"'=n/' $defconfigPath &>/dev/null || true;
|
||||
done
|
||||
fi;
|
||||
|
||||
#Extras
|
||||
sed -i 's/CONFIG_ARCH_MMAP_RND_BITS=8/CONFIG_ARCH_MMAP_RND_BITS=16/' $defconfigPath &>/dev/null || true;
|
||||
|
|
|
|||
|
|
@ -310,6 +310,7 @@ applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0008-ptrace_scope.patch"
|
|||
if [ "$DOS_GRAPHENE_EXEC" = true ]; then applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0009-exec_spawning_toggle.patch"; fi; #Add exec spawning toggle (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0010-Random_MAC-1.patch"; #Add option to always randomize MAC (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0010-Random_MAC-2.patch"; #Remove partial MAC randomization translations (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0011-LTE_Only_Mode.patch"; #Add LTE-only option (GrapheneOS)
|
||||
sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 64;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase default max password length to 64 (GrapheneOS)
|
||||
sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service
|
||||
fi;
|
||||
|
|
@ -346,11 +347,6 @@ fi;
|
|||
#cp $DOS_PATCHES_COMMON/android_packages_providers_TelephonyProvider/carrier_list.* assets/;
|
||||
#fi;
|
||||
|
||||
#if enterAndClear "packages/services/Telephony"; then
|
||||
#applyPatch "$DOS_PATCHES/android_packages_services_Telephony/0001-PREREQ_Handle_All_Modes.patch"; #XXX 17REBASE (DivestOS)
|
||||
#applyPatch "$DOS_PATCHES/android_packages_services_Telephony/0002-More_Preferred_Network_Modes.patch"; #XXX 17REBASE
|
||||
#fi;
|
||||
|
||||
if enterAndClear "prebuilts/abi-dumps/vndk"; then
|
||||
applyPatch "$DOS_PATCHES/android_prebuilts_abi-dumps_vndk/0001-protobuf-avi.patch"; #Work around ABI changes from compiler hardening (GrapheneOS)
|
||||
fi;
|
||||
|
|
|
|||
|
|
@ -318,6 +318,9 @@ applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0011-Random_MAC-1.patch"
|
|||
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0011-Random_MAC-2.patch"; #Remove partial MAC randomization translations (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0009-Install_Restrictions.patch"; #UserManager app installation restrictions (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0012-hosts_toggle.patch"; #Add a toggle to disable /etc/hosts lookup (heavily based off of a GrapheneOS patch)
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0013-LTE_Only_Mode-1.patch"; #Add LTE only setting (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0013-LTE_Only_Mode-2.patch"; #Show preferred network options no matter the carrier configuration (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0013-LTE_Only_Mode-3.patch"; #Add LTE only entry when carrier enables world mode (GrapheneOS)
|
||||
sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service
|
||||
fi;
|
||||
|
||||
|
|
|
|||
|
|
@ -71,13 +71,13 @@ applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-6.patch";
|
|||
applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-7.patch"; #Increase default pthread stack to 8MiB on 64-bit (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-8.patch"; #Make __stack_chk_guard read-only at runtime (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-9.patch"; #On 64-bit, zero the leading stack canary byte (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-10.patch"; #Switch pthread_atfork handler allocation to mmap (GrapheneOS) #XXX: patches from here on are known to cause boot issues on legacy devices
|
||||
applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-10.patch"; #Switch pthread_atfork handler allocation to mmap (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-11.patch"; #Add memory protection for pthread_atfork handlers (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-12.patch"; #Add XOR mangling mitigation for thread-local dtors (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-13.patch"; #Use a better pthread_attr junk filling pattern (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-14.patch"; #Add guard page(s) between static_tls and stack (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-15.patch"; #Move pthread_internal_t behind guard page (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-16.patch"; #Add secondary stack randomization (GrapheneOS)
|
||||
#applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-12.patch"; #Add XOR mangling mitigation for thread-local dtors (GrapheneOS) #XXX: patches from here on are known to cause boot issues
|
||||
#applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-13.patch"; #Use a better pthread_attr junk filling pattern (GrapheneOS)
|
||||
#applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-14.patch"; #Add guard page(s) between static_tls and stack (GrapheneOS)
|
||||
#applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-15.patch"; #Move pthread_internal_t behind guard page (GrapheneOS)
|
||||
#applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-16.patch"; #Add secondary stack randomization (GrapheneOS)
|
||||
fi;
|
||||
applyPatch "$DOS_PATCHES/android_bionic/0003-Hosts_Cache.patch"; #Sort and cache hosts file data for fast lookup (tdm)
|
||||
applyPatch "$DOS_PATCHES/android_bionic/0003-Hosts_Wildcards.patch"; #Support wildcards in cached hosts file (tdm)
|
||||
|
|
@ -291,6 +291,7 @@ applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0011-Random_MAC.patch";
|
|||
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0009-Install_Restrictions.patch"; #UserManager app installation restrictions (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0012-hosts_toggle.patch"; #Add a toggle to disable /etc/hosts lookup (heavily based off of a GrapheneOS patch)
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0013-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0014-LTE_Only_Mode.patch"; #Add LTE only setting (GrapheneOS)
|
||||
sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service
|
||||
fi;
|
||||
|
||||
|
|
|
|||
|
|
@ -48,13 +48,15 @@ buildAll() {
|
|||
umask 0022;
|
||||
cd "$DOS_BUILD_BASE";
|
||||
if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanWorkspaceForMalware; fi;
|
||||
#SD835
|
||||
#frontloaded for testing
|
||||
buildDevice bluejay avb;
|
||||
buildDevice taimen avb;
|
||||
buildDevice fajita avb;
|
||||
#SD835
|
||||
buildDevice walleye avb;
|
||||
buildDevice cheeseburger verity;
|
||||
buildDevice dumpling verity;
|
||||
#SD845
|
||||
buildDevice fajita avb;
|
||||
buildDevice enchilada avb;
|
||||
buildDevice aura avb;
|
||||
buildDevice beryllium avb;
|
||||
|
|
@ -89,7 +91,6 @@ buildAll() {
|
|||
#Tensor
|
||||
buildDevice oriole avb;
|
||||
buildDevice raven avb;
|
||||
buildDevice bluejay avb;
|
||||
buildDevice panther avb;
|
||||
buildDevice cheetah avb;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -71,13 +71,13 @@ applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-6.patch";
|
|||
applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-7.patch"; #Increase default pthread stack to 8MiB on 64-bit (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-8.patch"; #Make __stack_chk_guard read-only at runtime (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-9.patch"; #On 64-bit, zero the leading stack canary byte (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-10.patch"; #Switch pthread_atfork handler allocation to mmap (GrapheneOS) #XXX: patches from here on are known to cause boot issues on legacy devices
|
||||
applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-10.patch"; #Switch pthread_atfork handler allocation to mmap (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-11.patch"; #Add memory protection for pthread_atfork handlers (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-12.patch"; #Add XOR mangling mitigation for thread-local dtors (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-13.patch"; #Use a better pthread_attr junk filling pattern (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-14.patch"; #Add guard page(s) between static_tls and stack (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-15.patch"; #Move pthread_internal_t behind guard page (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-16.patch"; #Add secondary stack randomization (GrapheneOS)
|
||||
#applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-12.patch"; #Add XOR mangling mitigation for thread-local dtors (GrapheneOS) #XXX: patches from here on are known to cause boot issues
|
||||
#applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-13.patch"; #Use a better pthread_attr junk filling pattern (GrapheneOS)
|
||||
#applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-14.patch"; #Add guard page(s) between static_tls and stack (GrapheneOS)
|
||||
#applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-15.patch"; #Move pthread_internal_t behind guard page (GrapheneOS)
|
||||
#applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-16.patch"; #Add secondary stack randomization (GrapheneOS)
|
||||
fi;
|
||||
applyPatch "$DOS_PATCHES/android_bionic/0003-Hosts_Cache.patch"; #Sort and cache hosts file data for fast lookup (tdm)
|
||||
applyPatch "$DOS_PATCHES/android_bionic/0003-Hosts_Wildcards.patch"; #Support wildcards in cached hosts file (tdm)
|
||||
|
|
@ -93,8 +93,8 @@ git revert --no-edit 9b41333a849d14683f9c4ac30fcfd48a27945018; #Re-enable the do
|
|||
applyPatch "$DOS_PATCHES/android_build/0001-Enable_fwrapv.patch"; #Use -fwrapv at a minimum (GrapheneOS)
|
||||
#applyPatch "$DOS_PATCHES/android_build/0002-OTA_Keys.patch"; #Add correct keys to recovery for OTA verification (DivestOS)
|
||||
if [ "$DOS_GRAPHENE_EXEC" = true ]; then applyPatch "$DOS_PATCHES/android_build/0003-Exec_Based_Spawning.patch"; fi; #Add exec-based spawning support (GrapheneOS) #XXX: most devices override this
|
||||
applyPatch "$DOS_PATCHES/android_build/0004-Selective_APEX.patch"; #Only enable APEX on 6th/7th gen Pixel devices (GrapheneOS)
|
||||
sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
|
||||
awk -i inplace '!/updatable_apex.mk/' target/product/generic_system.mk; #Disable APEX
|
||||
sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_util.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
|
||||
#sed -i 's/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := true/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := false/' core/product_config.mk; #broken by hardenDefconfig
|
||||
fi;
|
||||
|
|
@ -293,6 +293,8 @@ applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0011-Random_MAC.patch";
|
|||
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0009-Install_Restrictions.patch"; #UserManager app installation restrictions (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0012-hosts_toggle.patch"; #Add a toggle to disable /etc/hosts lookup (heavily based off of a GrapheneOS patch)
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0013-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0014-LTE_Only_Mode-1.patch"; #LTE Only Mode (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0014-LTE_Only_Mode-2.patch"; #Fix LTE Only mode on World Mode (GrapheneOS)
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/apps/SetupWizard"; then
|
||||
|
|
@ -410,26 +412,15 @@ fi;
|
|||
#
|
||||
#START OF DEVICE CHANGES
|
||||
#
|
||||
if enterAndClear "device/google/gs101"; then
|
||||
sed -i '/Virtualization/,+7d' device.mk;
|
||||
fi;
|
||||
|
||||
if enterAndClear "device/google/gs201"; then
|
||||
sed -i '/Virtualization/,+1d' device.mk;
|
||||
sed -i '/PRODUCT_BUILD_PVMFW_IMAGE/,+2d' device.mk;
|
||||
awk -i inplace '!/PRODUCT_PACKAGES/' widevine/device.mk;
|
||||
fi;
|
||||
|
||||
if enterAndClear "device/google/redbull"; then
|
||||
awk -i inplace '!/sctp/' BoardConfig-common.mk modules.load; #fix compile after hardenDefconfig
|
||||
fi;
|
||||
|
||||
if enterAndClear "device/google/wahoo"; then
|
||||
git revert --no-edit 4e9cf40ae5e8a334989b46405ab09dba575f61fa; #revert compressed ramdisk due to potential breakage
|
||||
if [ "$DOS_DEFCONFIG_DISABLER" = true ]; then awk -i inplace '!/sctp/' BoardConfig-common.mk modules.load; fi; #fix compile after hardenDefconfig
|
||||
fi;
|
||||
|
||||
if enterAndClear "kernel/google/wahoo"; then
|
||||
git revert --no-edit 4fc7c2f4d9a187396cc6efb4a0cc003850f3f79d; #revert compressed ramdisk due to potential breakage
|
||||
sed -i 's/asm(SET_PSTATE_UAO(1));/asm(SET_PSTATE_UAO(1)); return 0;/' arch/arm64/mm/fault.c; #fix build with CONFIG_ARM64_UAO
|
||||
fi;
|
||||
|
||||
|
|
|
|||
|
|
@ -43,12 +43,13 @@ export DOS_DEBLOBBER_REMOVE_ACCESSORIES=true; #Set false to allow use of externa
|
|||
export DOS_DEBLOBBER_REMOVE_ATFWD=true; #Set true to remove basic ATFWD blobs
|
||||
export DOS_DEBLOBBER_REMOVE_AUDIOFX=true; #Set true to remove AudioFX
|
||||
export DOS_DEBLOBBER_REMOVE_APTX=false; #Set true to remove aptX Bluetooth codec
|
||||
export DOS_DEBLOBBER_REMOVE_CAMEXT=false; #Set true to remove camera extensions
|
||||
export DOS_DEBLOBBER_REMOVE_CNE=true; #Set true to remove all CNE blobs #XXX: Breaks Wi-Fi calling
|
||||
export DOS_DEBLOBBER_REMOVE_DPM=true; #Set true to remove all DPM blobs #XXX: Breaks multi-sim and link aggregation (LTE+)
|
||||
export DOS_DEBLOBBER_REMOVE_DPM=true; #Set true to remove all DPM blobs #XXX: Maybe breaks multi-sim and carrier aggregation (LTE+)
|
||||
export DOS_DEBLOBBER_REMOVE_DPP=false; #Set true to remove all Display Post Processing blobs #XXX: Breaks boot on select devices
|
||||
export DOS_DEBLOBBER_REMOVE_FP=false; #Set true to remove all fingerprint reader blobs
|
||||
export DOS_DEBLOBBER_REMOVE_GRAPHICS=false; #Set true to remove all graphics blobs and use SwiftShader CPU renderer #TODO: Needs work
|
||||
export DOS_DEBLOBBER_REMOVE_EUICC=true; #Set true to remove all EUICC blobs
|
||||
export DOS_DEBLOBBER_REMOVE_EUICC=true; #Set true to remove all eUICC blobs
|
||||
export DOS_DEBLOBBER_REMOVE_IMS=false; #Set true to remove all IMS blobs XXX: Carriers are phasing out 3G, making IMS mandatory for calls
|
||||
export DOS_DEBLOBBER_REMOVE_IPA=false; #Set true to remove all IPA blobs
|
||||
export DOS_DEBLOBBER_REMOVE_IR=false; #Set true to remove all IR blobs
|
||||
|
|
@ -58,10 +59,11 @@ export DOS_DEBLOBBER_REPLACE_TIME=false; #Set true to replace Qualcomm Time Serv
|
|||
|
||||
#Features
|
||||
export DOS_GPS_GLONASS_FORCED=false; #Enables GLONASS on all devices
|
||||
export DOS_GRAPHENE_BIONIC=true; #Enables the bionic hardening patchset on 16.0+17.1+18.1+19.1
|
||||
export DOS_GRAPHENE_CONSTIFY=true; #Enables 'Constify JNINativeMethod tables' patchset on 16.0+17.1+18.1+19.1
|
||||
export DOS_GRAPHENE_MALLOC=true; #Enables use of GrapheneOS' hardened memory allocator on 64-bit platforms on 16.0+17.1+18.1+19.1
|
||||
export DOS_GRAPHENE_EXEC=true; #Enables use of GrapheneOS' exec spawning feature on 16.0+17.1+18.1+19.1
|
||||
export DOS_DEFCONFIG_DISABLER=true; #Enables the disablement of various kernel options
|
||||
export DOS_GRAPHENE_BIONIC=true; #Enables the bionic hardening patchset on 16.0+17.1+18.1+19.1+20.0
|
||||
export DOS_GRAPHENE_CONSTIFY=true; #Enables 'Constify JNINativeMethod tables' patchset on 16.0+17.1+18.1+19.1+20.0
|
||||
export DOS_GRAPHENE_MALLOC=true; #Enables use of GrapheneOS' hardened memory allocator on 64-bit platforms on 16.0+17.1+18.1+19.1+20.0
|
||||
export DOS_GRAPHENE_EXEC=true; #Enables use of GrapheneOS' exec spawning feature on 16.0+17.1+18.1+19.1+20.0
|
||||
export DOS_HOSTS_BLOCKING=true; #Set false to prevent inclusion of a HOSTS file
|
||||
export DOS_HOSTS_BLOCKING_LIST="https://divested.dev/hosts-wildcards"; #Must be in the format "127.0.0.1 bad.domain.tld"
|
||||
export DOS_SENSORS_PERM=false; #Set true to provide a per-app sensors permission for 14.1/15.1 #XXX: can break things like camera
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue