Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2025-05-02 06:26:20 -04:00
Code Issues Projects Releases Packages Wiki Activity

14.1: work on integrating hardened_malloc

Browse source 
untested as all currently supported 14.1 devices are 32-bit

Signed-off-by: Tavi <tavi@divested.dev>
This commit is contained in:
Tavi 2024-05-09 13:25:09 -04:00
parent 31a147ab98
commit 0c88720caa
No known key found for this signature in database
GPG key ID: E599F62ECBAEAF2E
9 changed files with 1095 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

31
Scripts/LineageOS-14.1/Patch.sh
View file

@ -61,6 +61,12 @@ fi;
if enterAndClear "bionic"; then
applyPatch "$DOS_PATCHES_COMMON/android_bionic/0001-Wildcard_Hosts.patch"; #Support wildcards in cached hosts file (backport from 16.0+) (tdm)
if [ "$DOS_GRAPHENE_MALLOC_STAGING" = true ]; then
applyPatch "$DOS_PATCHES/android_bionic/0001-HM-Use_HM.patch"; #(GrapheneOS)
applyPatch "$DOS_PATCHES/android_bionic/0002-Add_Decay_Timer.patch"; #Add support for modifying decay timer.
applyPatch "$DOS_PATCHES/android_bionic/0003-Add_M_PURGE.patch"; #malloc: add M_PURGE mallopt flag
applyPatch "$DOS_PATCHES/android_bionic/0004-Add_random.h.patch"; #Add <sys/random.h>.
fi;
fi;
if enterAndClear "bootable/recovery"; then
@ -110,6 +116,29 @@ applyPatch "$DOS_PATCHES/android_external_freetype/0001-makefile.patch"; #Add An
applyPatch "$DOS_PATCHES/android_external_freetype/0002-fixup.patch"; #Enable png and zlib support to Android.mk (syphyr)
fi;
if [ "$DOS_GRAPHENE_MALLOC_STAGING" = true ]; then
if enterAndClear "external/hardened_malloc"; then
applyPatch "$DOS_PATCHES_COMMON/android_external_hardened_malloc-modern/0001-Broken_Cameras-1.patch"; #Workarounds for Pixel 3 SoC era camera driver bugs (GrapheneOS)
applyPatch "$DOS_PATCHES_COMMON/android_external_hardened_malloc-modern/0001-Broken_Cameras-2.patch"; #Expand workaround to all camera executables (DivestOS)
applyPatch "$DOS_PATCHES_COMMON/android_external_hardened_malloc-modern/0002-Broken_Displays.patch"; #Add workaround for OnePlus 8 & 9 display driver crash (DivestOS)
applyPatch "$DOS_PATCHES_COMMON/android_external_hardened_malloc-modern/0003-Broken_Audio.patch"; #Workaround for audio service sorting bug (GrapheneOS)
sed -i 's/34359738368/2147483648/' Android.bp; #revert 48-bit address space requirement
sed -i -e '76,78d;' Android.bp; #fix compile under A13
sed -i -e '22,24d;' androidtest/Android.bp; #fix compile under A12
awk -i inplace '!/vendor_ramdisk_available/' Android.bp; #fix compile under A11
rm -rfv androidtest;
sed -i -e '76,78d;' Android.bp; #fix compile under A10
awk -i inplace '!/ramdisk_available/' Android.bp;
git revert --no-edit 8974af86d12f7e29b54b5090133ab3d7eea0e519;
mv include/h_malloc.h .
awk -i inplace '!/recovery_available/' Android.bp; #fix compile under A8
awk -i inplace '!/system_shared_libs/' Android.bp;
sed -i 's/c17/c11/' Android.bp;
git revert --no-edit a28da3c65aed0528036da9ebd33e0c05b2c5884a
sed -i 's/struct mallinfo info = {0};/struct mallinfo info = {};/' h_malloc.c;
fi;
fi;
if enterAndClear "external/libavc"; then
applyPatch "$DOS_PATCHES/android_external_libavc/315711.patch"; #n-asb-2021-09 Decoder: Update check for increment u2_cur_slice_num
applyPatch "$DOS_PATCHES/android_external_libavc/323462.patch"; #n-asb-2022-02 Move slice increments after completing header parsing
@ -172,6 +201,7 @@ applyPatch "$DOS_PATCHES/android_frameworks_av/373035.patch"; #n-asb-2023-11 Fix
applyPatch "$DOS_PATCHES/android_frameworks_av/381852.patch"; #n-asb-2024-02 Update mtp packet buffer
applyPatch "$DOS_PATCHES/android_frameworks_av/385240.patch"; #n-asb-2024-03 Fix out of bounds read and write in onQueueFilled in outQueue
applyPatch "$DOS_PATCHES/android_frameworks_av/385243.patch"; #n-asb-2024-03 Validate OMX Params for VPx encoders
if [ "$DOS_GRAPHENE_MALLOC_STAGING" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch"; fi; #(GrapheneOS)
fi;
if enterAndClear "frameworks/base"; then
@ -569,6 +599,7 @@ applyPatch "$DOS_PATCHES/android_system_core/332457.patch"; #n-asb-2022-06 Backp
if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file
git revert --no-edit 0217dddeb5c16903c13ff6c75213619b79ea622b d7aa1231b6a0631f506c0c23816f2cd81645b15f; #Always update recovery XXX: This doesn't seem to work
applyPatch "$DOS_PATCHES/android_system_core/0001-Harden.patch"; #Harden mounts with nodev/noexec/nosuid + misc sysctl changes (GrapheneOS)
if [ "$DOS_GRAPHENE_MALLOC_STAGING" = true ]; then applyPatch "$DOS_PATCHES/android_system_core/0002-HM-Increase_vm_mmc.patch"; fi; #(GrapheneOS)
sed -i 's/!= 2048/< 2048/' libmincrypt/tools/DumpPublicKey.java; #Allow 4096-bit keys
fi;

2
Scripts/init.sh
View file

@ -62,7 +62,7 @@ export DOS_GPS_GLONASS_FORCED=false; #Enables GLONASS on all devices
export DOS_DEFCONFIG_DISABLER=true; #Enables the disablement of various kernel options
export DOS_GRAPHENE_BIONIC=true; #Enables the bionic hardening patchset on 16.0+17.1+18.1+19.1+20.0
export DOS_GRAPHENE_CONSTIFY=true; #Enables 'Constify JNINativeMethod tables' patchset on 16.0+17.1+18.1+19.1+20.0
export DOS_GRAPHENE_MALLOC=true; #Enables use of GrapheneOS' hardened memory allocator on 64-bit platforms on 16.0+17.1+18.1+19.1+20.0
export DOS_GRAPHENE_MALLOC=true; #Enables use of GrapheneOS' hardened memory allocator on 64-bit platforms on 15.1+16.0+17.1+18.1+19.1+20.0
export DOS_GRAPHENE_EXEC=true; #Enables use of GrapheneOS' exec spawning feature on 16.0+17.1+18.1+19.1+20.0
export DOS_HOSTS_BLOCKING=true; #Set false to prevent inclusion of a HOSTS file
export DOS_HOSTS_BLOCKING_LIST="https://divested.dev/hosts-wildcards"; #Must be in the format "127.0.0.1 bad.domain.tld"