Many fixes to get bluejay booting & working proper

- Enable APEX for Pixel 6/7, necessary for camera and pKVM
  - Also drop hack removing pKVM for Pixel 6/7
  - patch from GrapheneOS

- Extend hmalloc workaround to /apex

- Deblobber:
  - actually handle wildcard f/w/b overlays
  - move some stuff around
  - remove some more Pixel blobs
  - flag and disable removal of camera extensions, being able to use the second camera is nice

- Adjust what hardenDefconfig disables, caused boot issues
  minimal impact as most of these are already default-disabled
  can be narrowed down in future

- Disable some of the bionic hardening patches, causing more boot issues
  annoying to lose, but having a phone that boots is more important

- Add LTE only mode to 17.1, 18.1, 19.1, and 20.0, credit GrapheneOS

- Remove Pixel 2 ramdisk compression reverts, fixed upstream

And yes, I know I should've split up this commit...

Signed-off-by: Tad <tad@spotco.us>

Scripts/LineageOS-20.0/Functions.sh

@@ -48,13 +48,15 @@ buildAll() {
 	umask 0022;
 	cd "$DOS_BUILD_BASE";
 	if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanWorkspaceForMalware; fi;
-	#SD835
+	#frontloaded for testing
+	buildDevice bluejay avb;
 	buildDevice taimen avb;
+	buildDevice fajita avb;
+	#SD835
 	buildDevice walleye avb;
 	buildDevice cheeseburger verity;
 	buildDevice dumpling verity;
 	#SD845
-	buildDevice fajita avb;
 	buildDevice enchilada avb;
 	buildDevice aura avb;
 	buildDevice beryllium avb;
@@ -89,7 +91,6 @@ buildAll() {
 	#Tensor
 	buildDevice oriole avb;
 	buildDevice raven avb;
-	buildDevice bluejay avb;
 	buildDevice panther avb;
 	buildDevice cheetah avb;
 }

Scripts/LineageOS-20.0/Patch.sh

@@ -71,13 +71,13 @@ applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-6.patch";
 applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-7.patch"; #Increase default pthread stack to 8MiB on 64-bit (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-8.patch"; #Make __stack_chk_guard read-only at runtime (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-9.patch"; #On 64-bit, zero the leading stack canary byte (GrapheneOS)
-applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-10.patch"; #Switch pthread_atfork handler allocation to mmap (GrapheneOS) #XXX: patches from here on are known to cause boot issues on legacy devices
+applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-10.patch"; #Switch pthread_atfork handler allocation to mmap (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-11.patch"; #Add memory protection for pthread_atfork handlers (GrapheneOS)
-applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-12.patch"; #Add XOR mangling mitigation for thread-local dtors (GrapheneOS)
-applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-13.patch"; #Use a better pthread_attr junk filling pattern (GrapheneOS)
-applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-14.patch"; #Add guard page(s) between static_tls and stack (GrapheneOS)
-applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-15.patch"; #Move pthread_internal_t behind guard page (GrapheneOS)
-applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-16.patch"; #Add secondary stack randomization (GrapheneOS)
+#applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-12.patch"; #Add XOR mangling mitigation for thread-local dtors (GrapheneOS) #XXX: patches from here on are known to cause boot issues
+#applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-13.patch"; #Use a better pthread_attr junk filling pattern (GrapheneOS)
+#applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-14.patch"; #Add guard page(s) between static_tls and stack (GrapheneOS)
+#applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-15.patch"; #Move pthread_internal_t behind guard page (GrapheneOS)
+#applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-16.patch"; #Add secondary stack randomization (GrapheneOS)
 fi;
 applyPatch "$DOS_PATCHES/android_bionic/0003-Hosts_Cache.patch"; #Sort and cache hosts file data for fast lookup (tdm)
 applyPatch "$DOS_PATCHES/android_bionic/0003-Hosts_Wildcards.patch"; #Support wildcards in cached hosts file (tdm)
@@ -93,8 +93,8 @@ git revert --no-edit 9b41333a849d14683f9c4ac30fcfd48a27945018; #Re-enable the do
 applyPatch "$DOS_PATCHES/android_build/0001-Enable_fwrapv.patch"; #Use -fwrapv at a minimum (GrapheneOS)
 #applyPatch "$DOS_PATCHES/android_build/0002-OTA_Keys.patch"; #Add correct keys to recovery for OTA verification (DivestOS)
 if [ "$DOS_GRAPHENE_EXEC" = true ]; then applyPatch "$DOS_PATCHES/android_build/0003-Exec_Based_Spawning.patch"; fi; #Add exec-based spawning support (GrapheneOS) #XXX: most devices override this
+applyPatch "$DOS_PATCHES/android_build/0004-Selective_APEX.patch"; #Only enable APEX on 6th/7th gen Pixel devices (GrapheneOS)
 sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
-awk -i inplace '!/updatable_apex.mk/' target/product/generic_system.mk; #Disable APEX
 sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_util.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
 #sed -i 's/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := true/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := false/' core/product_config.mk; #broken by hardenDefconfig
 fi;
@@ -293,6 +293,8 @@ applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0011-Random_MAC.patch";
 applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0009-Install_Restrictions.patch"; #UserManager app installation restrictions (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0012-hosts_toggle.patch"; #Add a toggle to disable /etc/hosts lookup (heavily based off of a GrapheneOS patch)
 applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0013-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (GrapheneOS)
+applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0014-LTE_Only_Mode-1.patch"; #LTE Only Mode (GrapheneOS)
+applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0014-LTE_Only_Mode-2.patch"; #Fix LTE Only mode on World Mode (GrapheneOS)
 fi;
 
 if enterAndClear "packages/apps/SetupWizard"; then
@@ -410,26 +412,15 @@ fi;
 #
 #START OF DEVICE CHANGES
 #
-if enterAndClear "device/google/gs101"; then
-sed -i '/Virtualization/,+7d' device.mk;
-fi;
-
 if enterAndClear "device/google/gs201"; then
-sed -i '/Virtualization/,+1d' device.mk;
-sed -i '/PRODUCT_BUILD_PVMFW_IMAGE/,+2d' device.mk;
 awk -i inplace '!/PRODUCT_PACKAGES/' widevine/device.mk;
 fi;
 
 if enterAndClear "device/google/redbull"; then
-awk -i inplace '!/sctp/' BoardConfig-common.mk modules.load; #fix compile after hardenDefconfig
-fi;
-
-if enterAndClear "device/google/wahoo"; then
-git revert --no-edit 4e9cf40ae5e8a334989b46405ab09dba575f61fa; #revert compressed ramdisk due to potential breakage
+if [ "$DOS_DEFCONFIG_DISABLER" = true ]; then awk -i inplace '!/sctp/' BoardConfig-common.mk modules.load; fi; #fix compile after hardenDefconfig
 fi;
 
 if enterAndClear "kernel/google/wahoo"; then
-git revert --no-edit 4fc7c2f4d9a187396cc6efb4a0cc003850f3f79d; #revert compressed ramdisk due to potential breakage
 sed -i 's/asm(SET_PSTATE_UAO(1));/asm(SET_PSTATE_UAO(1)); return 0;/' arch/arm64/mm/fault.c; #fix build with CONFIG_ARM64_UAO
 fi;