From 11cc70ef35d0d44cd1166d5454d9145534f58cee Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Fri, 8 Dec 2017 08:18:39 -0500
Subject: [PATCH] Privacy guard improvements and update CVE patchers

---
 Misc/BE.txt                                   |  11 ++
 .../0001-Privacy_Guard-More_Perms.patch       | 141 ++++++++++++++++++
 .../CVE_Patchers/android_kernel_moto_shamu.sh |   1 -
 Scripts/LineageOS-14.1/Patch.sh               |   3 +-
 4 files changed, 154 insertions(+), 2 deletions(-)
 create mode 100644 Misc/BE.txt
 create mode 100644 Patches/LineageOS-14.1/android_packages_apps_Settings/0001-Privacy_Guard-More_Perms.patch

diff --git a/Misc/BE.txt b/Misc/BE.txt
new file mode 100644
index 00000000..316e91f7
--- /dev/null
+++ b/Misc/BE.txt
@@ -0,0 +1,11 @@
+marlin
+../../../../../../kernel/google/marlin/mm/mmap.c:95:29: error: expected '=', ',', ';', 'asm' or '__attribute__' before '__ro_after_init'
+ pgprot_t protection_map[16] __ro_after_init = {
+
+osprey
+../../../../../../kernel/motorola/msm8916/drivers/net/wireless/wcnss/wcnss_wlan.c: In function 'wcnss_wlan_macaddr_store':
+../../../../../../kernel/motorola/msm8916/drivers/net/wireless/wcnss/wcnss_wlan.c:442:4: warning: format '%hhx' expects argument of type 'unsigned char *', but argument 3 has type 'int *' [-Wformat=]
+error, forbidden warning: wcnss_wlan.c:442
+make[5]: *** [/mnt/Drive-1/Development/Other/Android_ROMs/Build/LineageOS-14.1/kernel/motorola/msm8916/scripts/Makefile.build:308: drivers/net/wireless/wcnss/wcnss_wlan.o] Error 1
+make[5]: *** Waiting for unfinished jobs....
+
diff --git a/Patches/LineageOS-14.1/android_packages_apps_Settings/0001-Privacy_Guard-More_Perms.patch b/Patches/LineageOS-14.1/android_packages_apps_Settings/0001-Privacy_Guard-More_Perms.patch
new file mode 100644
index 00000000..8d8708ee
--- /dev/null
+++ b/Patches/LineageOS-14.1/android_packages_apps_Settings/0001-Privacy_Guard-More_Perms.patch
@@ -0,0 +1,141 @@
+From bc77347e083fec0197da88fd940d23896f2706aa Mon Sep 17 00:00:00 2001
+From: Tad <tad@spotco.us>
+Date: Fri, 8 Dec 2017 03:07:24 -0500
+Subject: [PATCH] PrivacyGuard: Allow control over more permissions
+
+Change-Id: I46fae35ec2cf6fb560de89581d935cd023b25a86
+---
+ .../android/settings/applications/AppOpsState.java | 60 +++++++++++++++-------
+ 1 file changed, 42 insertions(+), 18 deletions(-)
+
+diff --git a/src/com/android/settings/applications/AppOpsState.java b/src/com/android/settings/applications/AppOpsState.java
+index 6935d06931..0bcd690bcf 100644
+--- a/src/com/android/settings/applications/AppOpsState.java
++++ b/src/com/android/settings/applications/AppOpsState.java
+@@ -113,11 +113,11 @@ public class AppOpsState {
+                     AppOpsManager.OP_MONITOR_HIGH_POWER_LOCATION },
+             new boolean[] { true,
+                     true,
+-                    false,
+-                    false,
+-                    false,
+-                    false,
+-                    false }
++                    true,
++                    true,
++                    true,
++                    true,
++                    true }
+             );
+ 
+     public static final OpsTemplate PERSONAL_TEMPLATE = new OpsTemplate(
+@@ -128,15 +128,27 @@ public class AppOpsState {
+                     AppOpsManager.OP_READ_CALENDAR,
+                     AppOpsManager.OP_WRITE_CALENDAR,
+                     AppOpsManager.OP_READ_CLIPBOARD,
+-                    AppOpsManager.OP_WRITE_CLIPBOARD },
++                    AppOpsManager.OP_WRITE_CLIPBOARD,
++                    AppOpsManager.OP_GET_USAGE_STATS,
++                    AppOpsManager.OP_BODY_SENSORS,
++                    AppOpsManager.OP_GET_ACCOUNTS,
++                    AppOpsManager.OP_USE_FINGERPRINT,
++                    AppOpsManager.OP_ADD_VOICEMAIL,
++                    AppOpsManager.OP_WRITE_WALLPAPER },
+             new boolean[] { true,
+                     true,
+                     true,
+                     true,
+                     true,
+                     true,
+-                    false,
+-                    false }
++                    true,
++                    true,
++                    true,
++                    true,
++                    true,
++                    true,
++                    true,
++                    true }
+             );
+ 
+     public static final OpsTemplate MESSAGING_TEMPLATE = new OpsTemplate(
+@@ -148,8 +160,10 @@ public class AppOpsState {
+                     AppOpsManager.OP_WRITE_SMS,
+                     AppOpsManager.OP_SEND_SMS,
+                     AppOpsManager.OP_READ_ICC_SMS,
+-                    AppOpsManager.OP_WRITE_ICC_SMS },
++                    AppOpsManager.OP_WRITE_ICC_SMS,
++                    AppOpsManager.OP_READ_CELL_BROADCASTS },
+             new boolean[] { true,
++                    true,
+                     true,
+                     true,
+                     true,
+@@ -175,7 +189,10 @@ public class AppOpsState {
+                     AppOpsManager.OP_AUDIO_NOTIFICATION_VOLUME,
+                     AppOpsManager.OP_AUDIO_BLUETOOTH_VOLUME,
+                     AppOpsManager.OP_MUTE_MICROPHONE },
+-            new boolean[] { false,
++            new boolean[] { true,
++                    true,
++                    true,
++                    true,
+                     true,
+                     true,
+                     false,
+@@ -185,10 +202,7 @@ public class AppOpsState {
+                     false,
+                     false,
+                     false,
+-                    false,
+-                    false,
+-                    false,
+-                    false }
++                    true }
+             );
+ 
+     public static final OpsTemplate DEVICE_TEMPLATE = new OpsTemplate(
+@@ -205,8 +219,15 @@ public class AppOpsState {
+                     AppOpsManager.OP_CHANGE_WIFI_STATE,
+                     AppOpsManager.OP_BLUETOOTH_CHANGE,
+                     AppOpsManager.OP_NFC_CHANGE,
+-                    AppOpsManager.OP_DATA_CONNECT_CHANGE },
++                    AppOpsManager.OP_DATA_CONNECT_CHANGE,
++                    AppOpsManager.OP_PROCESS_OUTGOING_CALLS,
++                    AppOpsManager.OP_USE_SIP,
++                    AppOpsManager.OP_READ_PHONE_STATE,
++                    AppOpsManager.OP_READ_EXTERNAL_STORAGE,
++                    AppOpsManager.OP_WRITE_EXTERNAL_STORAGE },
+             new boolean[] { false,
++                    true,
++                    true,
+                     true,
+                     true,
+                     true,
+@@ -214,8 +235,11 @@ public class AppOpsState {
+                     true,
+                     false,
+                     false,
+-                    false,
+-                    false,
++                    true,
++                    true,
++                    true,
++                    true,
++                    true,
+                     true,
+                     true,
+                     true,
+@@ -224,7 +248,7 @@ public class AppOpsState {
+ 
+     public static final OpsTemplate RUN_IN_BACKGROUND_TEMPLATE = new OpsTemplate(
+             new int[] { AppOpsManager.OP_RUN_IN_BACKGROUND },
+-            new boolean[] { false }
++            new boolean[] { true }
+             );
+ 
+     public static final OpsTemplate BOOTUP_TEMPLATE = new OpsTemplate(
+-- 
+2.15.1
+
diff --git a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_moto_shamu.sh b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_moto_shamu.sh
index e6795cb6..7c883148 100644
--- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_moto_shamu.sh
+++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_moto_shamu.sh
@@ -66,7 +66,6 @@ git apply $cvePatches/CVE-2017-0648/ANY/0001.patch
 git apply $cvePatches/CVE-2017-0750/ANY/0001.patch
 git apply $cvePatches/CVE-2017-0824/ANY/0001.patch
 git apply $cvePatches/CVE-2017-1000365/3.10/0001.patch
-git apply $cvePatches/CVE-2017-1000380/^4.11/0001.patch
 git apply $cvePatches/CVE-2017-11024/ANY/0001.patch
 git apply $cvePatches/CVE-2017-11600/3.10/0001.patch
 git apply $cvePatches/CVE-2017-12153/3.2-^3.16/0001.patch
diff --git a/Scripts/LineageOS-14.1/Patch.sh b/Scripts/LineageOS-14.1/Patch.sh
index 0f626dc2..7468e143 100755
--- a/Scripts/LineageOS-14.1/Patch.sh
+++ b/Scripts/LineageOS-14.1/Patch.sh
@@ -194,6 +194,7 @@ patch -p1 < $patches"android_packages_apps_PackageInstaller/64d8b44.diff" #Fix a
 enter "packages/apps/Settings"
 sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 32;/' src/com/android/settings/ChooseLockPassword.java; #Increase max password length
 sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/PrivacySettings.java; #MicroG doesn't support Backup, hide the options
+patch -p1 < $patches"android_packages_apps_Settings/0001-Privacy_Guard-More_Perms.patch" #Allow more control over various permissions via Privacy Guard
 
 enter "packages/apps/SetupWizard"
 patch -p1 < $patches"android_packages_apps_SetupWizard/0001-Remove_Analytics.patch" #Remove the rest of CMStats
@@ -270,7 +271,7 @@ patch -p1 < $patches"android_kernel_oneplus_msm8974/0001-OverUnderClock-EXTREME.
 
 enter "device/lge/mako"
 disableDexPreOpt #bootloops
-#patch -p1 < $patches"android_device_lge_mako/0001-Enable_LTE.patch" #Enable LTE support (Requires LTE hybrid modem to be flashed) XXX: Doesn't seem to work under 7.x
+#patch -p1 < $patches"android_device_lge_mako/0001-Enable_LTE.patch" #Enable LTE support (Requires LTE hybrid modem to be flashed) XXX: Doesn't seem to work on 7+
 
 enter "kernel/lge/hammerhead"
 patch -p1 < $patches"android_kernel_lge_hammerhead/0001-OverUnderClock.patch" #2.26Ghz -> 2.95Ghz	=+2.76Ghz XXX: Untested!