Privacy guard improvements and update CVE patchers

This commit is contained in:
Tad 2017-12-08 08:18:39 -05:00
parent 1bd7aab805
commit 11cc70ef35
4 changed files with 154 additions and 2 deletions

11
Misc/BE.txt Normal file
View File

@ -0,0 +1,11 @@
marlin
../../../../../../kernel/google/marlin/mm/mmap.c:95:29: error: expected '=', ',', ';', 'asm' or '__attribute__' before '__ro_after_init'
pgprot_t protection_map[16] __ro_after_init = {
osprey
../../../../../../kernel/motorola/msm8916/drivers/net/wireless/wcnss/wcnss_wlan.c: In function 'wcnss_wlan_macaddr_store':
../../../../../../kernel/motorola/msm8916/drivers/net/wireless/wcnss/wcnss_wlan.c:442:4: warning: format '%hhx' expects argument of type 'unsigned char *', but argument 3 has type 'int *' [-Wformat=]
error, forbidden warning: wcnss_wlan.c:442
make[5]: *** [/mnt/Drive-1/Development/Other/Android_ROMs/Build/LineageOS-14.1/kernel/motorola/msm8916/scripts/Makefile.build:308: drivers/net/wireless/wcnss/wcnss_wlan.o] Error 1
make[5]: *** Waiting for unfinished jobs....

View File

@ -0,0 +1,141 @@
From bc77347e083fec0197da88fd940d23896f2706aa Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Fri, 8 Dec 2017 03:07:24 -0500
Subject: [PATCH] PrivacyGuard: Allow control over more permissions
Change-Id: I46fae35ec2cf6fb560de89581d935cd023b25a86
---
.../android/settings/applications/AppOpsState.java | 60 +++++++++++++++-------
1 file changed, 42 insertions(+), 18 deletions(-)
diff --git a/src/com/android/settings/applications/AppOpsState.java b/src/com/android/settings/applications/AppOpsState.java
index 6935d06931..0bcd690bcf 100644
--- a/src/com/android/settings/applications/AppOpsState.java
+++ b/src/com/android/settings/applications/AppOpsState.java
@@ -113,11 +113,11 @@ public class AppOpsState {
AppOpsManager.OP_MONITOR_HIGH_POWER_LOCATION },
new boolean[] { true,
true,
- false,
- false,
- false,
- false,
- false }
+ true,
+ true,
+ true,
+ true,
+ true }
);
public static final OpsTemplate PERSONAL_TEMPLATE = new OpsTemplate(
@@ -128,15 +128,27 @@ public class AppOpsState {
AppOpsManager.OP_READ_CALENDAR,
AppOpsManager.OP_WRITE_CALENDAR,
AppOpsManager.OP_READ_CLIPBOARD,
- AppOpsManager.OP_WRITE_CLIPBOARD },
+ AppOpsManager.OP_WRITE_CLIPBOARD,
+ AppOpsManager.OP_GET_USAGE_STATS,
+ AppOpsManager.OP_BODY_SENSORS,
+ AppOpsManager.OP_GET_ACCOUNTS,
+ AppOpsManager.OP_USE_FINGERPRINT,
+ AppOpsManager.OP_ADD_VOICEMAIL,
+ AppOpsManager.OP_WRITE_WALLPAPER },
new boolean[] { true,
true,
true,
true,
true,
true,
- false,
- false }
+ true,
+ true,
+ true,
+ true,
+ true,
+ true,
+ true,
+ true }
);
public static final OpsTemplate MESSAGING_TEMPLATE = new OpsTemplate(
@@ -148,8 +160,10 @@ public class AppOpsState {
AppOpsManager.OP_WRITE_SMS,
AppOpsManager.OP_SEND_SMS,
AppOpsManager.OP_READ_ICC_SMS,
- AppOpsManager.OP_WRITE_ICC_SMS },
+ AppOpsManager.OP_WRITE_ICC_SMS,
+ AppOpsManager.OP_READ_CELL_BROADCASTS },
new boolean[] { true,
+ true,
true,
true,
true,
@@ -175,7 +189,10 @@ public class AppOpsState {
AppOpsManager.OP_AUDIO_NOTIFICATION_VOLUME,
AppOpsManager.OP_AUDIO_BLUETOOTH_VOLUME,
AppOpsManager.OP_MUTE_MICROPHONE },
- new boolean[] { false,
+ new boolean[] { true,
+ true,
+ true,
+ true,
true,
true,
false,
@@ -185,10 +202,7 @@ public class AppOpsState {
false,
false,
false,
- false,
- false,
- false,
- false }
+ true }
);
public static final OpsTemplate DEVICE_TEMPLATE = new OpsTemplate(
@@ -205,8 +219,15 @@ public class AppOpsState {
AppOpsManager.OP_CHANGE_WIFI_STATE,
AppOpsManager.OP_BLUETOOTH_CHANGE,
AppOpsManager.OP_NFC_CHANGE,
- AppOpsManager.OP_DATA_CONNECT_CHANGE },
+ AppOpsManager.OP_DATA_CONNECT_CHANGE,
+ AppOpsManager.OP_PROCESS_OUTGOING_CALLS,
+ AppOpsManager.OP_USE_SIP,
+ AppOpsManager.OP_READ_PHONE_STATE,
+ AppOpsManager.OP_READ_EXTERNAL_STORAGE,
+ AppOpsManager.OP_WRITE_EXTERNAL_STORAGE },
new boolean[] { false,
+ true,
+ true,
true,
true,
true,
@@ -214,8 +235,11 @@ public class AppOpsState {
true,
false,
false,
- false,
- false,
+ true,
+ true,
+ true,
+ true,
+ true,
true,
true,
true,
@@ -224,7 +248,7 @@ public class AppOpsState {
public static final OpsTemplate RUN_IN_BACKGROUND_TEMPLATE = new OpsTemplate(
new int[] { AppOpsManager.OP_RUN_IN_BACKGROUND },
- new boolean[] { false }
+ new boolean[] { true }
);
public static final OpsTemplate BOOTUP_TEMPLATE = new OpsTemplate(
--
2.15.1

View File

@ -66,7 +66,6 @@ git apply $cvePatches/CVE-2017-0648/ANY/0001.patch
git apply $cvePatches/CVE-2017-0750/ANY/0001.patch
git apply $cvePatches/CVE-2017-0824/ANY/0001.patch
git apply $cvePatches/CVE-2017-1000365/3.10/0001.patch
git apply $cvePatches/CVE-2017-1000380/^4.11/0001.patch
git apply $cvePatches/CVE-2017-11024/ANY/0001.patch
git apply $cvePatches/CVE-2017-11600/3.10/0001.patch
git apply $cvePatches/CVE-2017-12153/3.2-^3.16/0001.patch

View File

@ -194,6 +194,7 @@ patch -p1 < $patches"android_packages_apps_PackageInstaller/64d8b44.diff" #Fix a
enter "packages/apps/Settings"
sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 32;/' src/com/android/settings/ChooseLockPassword.java; #Increase max password length
sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/PrivacySettings.java; #MicroG doesn't support Backup, hide the options
patch -p1 < $patches"android_packages_apps_Settings/0001-Privacy_Guard-More_Perms.patch" #Allow more control over various permissions via Privacy Guard
enter "packages/apps/SetupWizard"
patch -p1 < $patches"android_packages_apps_SetupWizard/0001-Remove_Analytics.patch" #Remove the rest of CMStats
@ -270,7 +271,7 @@ patch -p1 < $patches"android_kernel_oneplus_msm8974/0001-OverUnderClock-EXTREME.
enter "device/lge/mako"
disableDexPreOpt #bootloops
#patch -p1 < $patches"android_device_lge_mako/0001-Enable_LTE.patch" #Enable LTE support (Requires LTE hybrid modem to be flashed) XXX: Doesn't seem to work under 7.x
#patch -p1 < $patches"android_device_lge_mako/0001-Enable_LTE.patch" #Enable LTE support (Requires LTE hybrid modem to be flashed) XXX: Doesn't seem to work on 7+
enter "kernel/lge/hammerhead"
patch -p1 < $patches"android_kernel_lge_hammerhead/0001-OverUnderClock.patch" #2.26Ghz -> 2.95Ghz =+2.76Ghz XXX: Untested!