From 1603092c509a3b1956c9d9c7a9f48cea7d49074e Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Thu, 17 Mar 2022 12:57:51 -0400
Subject: [PATCH] Not all kernels have (working) getrandom support

hammerhead 16.0 was reported not booting
and shamu 18.1 was reported to take ~15+ minutes to boot

hammerhead does not have getrandom so it failed immediately

shamu does have getrandom BUT it blocks during init
meaning it'll wait until the entropy pool slowly fills

In tested I did not discovery this
I tested on flox/mako/d852/klte/clark/sailfish/mata/cheeseburger/fajita
All the newer ones have working getrandom
All the older ones included a patch to make getrandom non blocking on init

Signed-off-by: Tad <tad@spotco.us>
---
 Misc/CVE_Handling_Issues.txt                           | 10 +++++-----
 .../0002-Broken_Cameras.patch                          |  4 ++--
 .../android_frameworks_av/0001-HM-No_RLIMIT_AS.patch   |  4 ++--
 .../LineageOS-18.1/android_bionic/0001-HM-Use_HM.patch |  2 +-
 .../0002-Graphene_Bionic_Hardening-1.patch             |  4 ++--
 Scripts/LineageOS-16.0/Patch.sh                        |  2 +-
 Scripts/LineageOS-17.1/Patch.sh                        |  2 +-
 Scripts/LineageOS-18.1/Functions.sh                    |  2 +-
 Scripts/LineageOS-18.1/Patch.sh                        |  2 +-
 9 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/Misc/CVE_Handling_Issues.txt b/Misc/CVE_Handling_Issues.txt
index 5d0f7535..ff70f996 100644
--- a/Misc/CVE_Handling_Issues.txt
+++ b/Misc/CVE_Handling_Issues.txt
@@ -1,6 +1,6 @@
 The patcher needs tweaks for the following:
-CVE-2019-19051
-CVE-2016-7117
-CVE-2013-2147
-CVE-2015-8746
-CVE-2021-Misc2/ANY/0043.patch
+- CVE-2019-19051
+- CVE-2016-7117
+- CVE-2013-2147 is meant for cciss_ioctl32_passthru but is detected in cciss_ioctl32_big_passthru
+- CVE-2015-8746 is meant for nfs_v4_2_minor_ops but is detected in nfs_v4_1_minor_ops
+- CVE-2021-Misc2/ANY/0043.patch is meant for WLANTL_RxCachedFrames but is detected in WLANTL_RxFrames
diff --git a/Patches/LineageOS-16.0/android_external_hardened_malloc/0002-Broken_Cameras.patch b/Patches/LineageOS-16.0/android_external_hardened_malloc/0002-Broken_Cameras.patch
index db6c60a2..0771cc4e 100644
--- a/Patches/LineageOS-16.0/android_external_hardened_malloc/0002-Broken_Cameras.patch
+++ b/Patches/LineageOS-16.0/android_external_hardened_malloc/0002-Broken_Cameras.patch
@@ -10,10 +10,10 @@ Change-Id: I23513ec0379bbb10829f989690334e9704fd20e2
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/h_malloc.c b/h_malloc.c
-index de693c9..f680fa6 100644
+index dbedbd4..d0cf881 100644
 --- a/h_malloc.c
 +++ b/h_malloc.c
-@@ -1058,7 +1058,8 @@ COLD static void handle_bugs(void) {
+@@ -1069,7 +1069,8 @@ COLD static void handle_bugs(void) {
      }
  
      const char camera_provider[] = "/vendor/bin/hw/android.hardware.camera.provider@2.4-service_64";
diff --git a/Patches/LineageOS-16.0/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch b/Patches/LineageOS-16.0/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch
index 271bf26d..14b02735 100644
--- a/Patches/LineageOS-16.0/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch
+++ b/Patches/LineageOS-16.0/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch
@@ -1,4 +1,4 @@
-From 14800a3e7070240a314cbd695f71984a888cc90f Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Daniel Micay <danielmicay@gmail.com>
 Date: Wed, 5 Dec 2018 09:29:25 -0500
 Subject: [PATCH] avoid setting RLIMIT_AS with hardened malloc
@@ -13,7 +13,7 @@ Change-Id: Ibfb7164d764fcb9244055953bedc9a1c424cedcb
  1 file changed, 8 insertions(+)
 
 diff --git a/media/libmedia/MediaUtils.cpp b/media/libmedia/MediaUtils.cpp
-index bcdc3bdcf..de217c70b 100644
+index bcdc3bdcfe..de217c70bf 100644
 --- a/media/libmedia/MediaUtils.cpp
 +++ b/media/libmedia/MediaUtils.cpp
 @@ -38,6 +38,14 @@ void limitProcessMemory(
diff --git a/Patches/LineageOS-18.1/android_bionic/0001-HM-Use_HM.patch b/Patches/LineageOS-18.1/android_bionic/0001-HM-Use_HM.patch
index d460af52..239467c6 100644
--- a/Patches/LineageOS-18.1/android_bionic/0001-HM-Use_HM.patch
+++ b/Patches/LineageOS-18.1/android_bionic/0001-HM-Use_HM.patch
@@ -14,7 +14,7 @@ Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
  create mode 100644 libc/bionic/h_malloc_wrapper.cpp
 
 diff --git a/libc/Android.bp b/libc/Android.bp
-index 49108bf35..d7c066890 100644
+index ce714054a..1599d5ed9 100644
 --- a/libc/Android.bp
 +++ b/libc/Android.bp
 @@ -50,6 +50,8 @@ libc_common_flags = [
diff --git a/Patches/LineageOS-18.1/android_bionic/0002-Graphene_Bionic_Hardening-1.patch b/Patches/LineageOS-18.1/android_bionic/0002-Graphene_Bionic_Hardening-1.patch
index 4dd1fcc4..ebca0264 100644
--- a/Patches/LineageOS-18.1/android_bionic/0002-Graphene_Bionic_Hardening-1.patch
+++ b/Patches/LineageOS-18.1/android_bionic/0002-Graphene_Bionic_Hardening-1.patch
@@ -22,10 +22,10 @@ optimization in the future.
  create mode 100644 libc/bionic/explicit_bzero.cpp
 
 diff --git a/libc/Android.bp b/libc/Android.bp
-index 78a7ef23c..4ee36c8df 100644
+index 1599d5ed9..d7c066890 100644
 --- a/libc/Android.bp
 +++ b/libc/Android.bp
-@@ -1055,6 +1055,7 @@ cc_library_static {
+@@ -1056,6 +1056,7 @@ cc_library_static {
          "bionic/error.cpp",
          "bionic/eventfd.cpp",
          "bionic/exec.cpp",
diff --git a/Scripts/LineageOS-16.0/Patch.sh b/Scripts/LineageOS-16.0/Patch.sh
index 2f2c393e..4694cc6e 100644
--- a/Scripts/LineageOS-16.0/Patch.sh
+++ b/Scripts/LineageOS-16.0/Patch.sh
@@ -64,7 +64,7 @@ if [ "$DOS_GRAPHENE_MALLOC" = true ]; then applyPatch "$DOS_PATCHES/android_bion
 if [ "$DOS_GRAPHENE_BIONIC" = true ]; then
 applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-1.patch"; #Add a real explicit_bzero implementation (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-2.patch"; #Replace brk and sbrk with stubs (GrapheneOS)
-applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-3.patch"; #Use blocking getrandom and avoid urandom fallback (GrapheneOS)
+#applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-3.patch"; #Use blocking getrandom and avoid urandom fallback (GrapheneOS) #XXX: boot issues
 applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-4.patch"; #Fix undefined out-of-bounds accesses in sched.h (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-5.patch"; #Stop implicitly marking mappings as mergeable (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-6.patch"; #Replace VLA formatting buffer with dprintf (GrapheneOS)
diff --git a/Scripts/LineageOS-17.1/Patch.sh b/Scripts/LineageOS-17.1/Patch.sh
index 5f628188..fe382d8c 100644
--- a/Scripts/LineageOS-17.1/Patch.sh
+++ b/Scripts/LineageOS-17.1/Patch.sh
@@ -69,7 +69,7 @@ if [ "$DOS_GRAPHENE_MALLOC" = true ]; then applyPatch "$DOS_PATCHES/android_bion
 if [ "$DOS_GRAPHENE_BIONIC" = true ]; then
 applyPatch "$DOS_PATCHES/android_bionic/0003-Graphene_Bionic_Hardening-1.patch"; #Add a real explicit_bzero implementation (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_bionic/0003-Graphene_Bionic_Hardening-2.patch"; #Replace brk and sbrk with stubs (GrapheneOS)
-applyPatch "$DOS_PATCHES/android_bionic/0003-Graphene_Bionic_Hardening-3.patch"; #Use blocking getrandom and avoid urandom fallback (GrapheneOS)
+#applyPatch "$DOS_PATCHES/android_bionic/0003-Graphene_Bionic_Hardening-3.patch"; #Use blocking getrandom and avoid urandom fallback (GrapheneOS) #XXX: boot issues
 applyPatch "$DOS_PATCHES/android_bionic/0003-Graphene_Bionic_Hardening-4.patch"; #Fix undefined out-of-bounds accesses in sched.h (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_bionic/0003-Graphene_Bionic_Hardening-5.patch"; #Stop implicitly marking mappings as mergeable (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_bionic/0003-Graphene_Bionic_Hardening-6.patch"; #Replace VLA formatting buffer with dprintf (GrapheneOS)
diff --git a/Scripts/LineageOS-18.1/Functions.sh b/Scripts/LineageOS-18.1/Functions.sh
index b3ab2d3a..063d59d3 100644
--- a/Scripts/LineageOS-18.1/Functions.sh
+++ b/Scripts/LineageOS-18.1/Functions.sh
@@ -132,7 +132,7 @@ buildAll() {
 	buildDevice alioth avb;
 	#SD670
 	buildDevice bonito avb; #error: ln: cannot create symbolic link from '/data/vendor/rfs/mpss' to 'out/target/product/bonito/vendor/rfs/msm/mpss//readwrite':
-	buildDevice sargo avb;
+	#buildDevice sargo avb;
 }
 export -f buildAll;
 
diff --git a/Scripts/LineageOS-18.1/Patch.sh b/Scripts/LineageOS-18.1/Patch.sh
index a9552143..9fa1082b 100644
--- a/Scripts/LineageOS-18.1/Patch.sh
+++ b/Scripts/LineageOS-18.1/Patch.sh
@@ -64,7 +64,7 @@ if [ "$DOS_GRAPHENE_MALLOC" = true ]; then applyPatch "$DOS_PATCHES/android_bion
 if [ "$DOS_GRAPHENE_BIONIC" = true ]; then
 applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-1.patch"; #Add a real explicit_bzero implementation (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-2.patch"; #Replace brk and sbrk with stubs (GrapheneOS)
-applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-3.patch"; #Use blocking getrandom and avoid urandom fallback (GrapheneOS)
+#applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-3.patch"; #Use blocking getrandom and avoid urandom fallback (GrapheneOS) #XXX: boot issues
 applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-4.patch"; #Fix undefined out-of-bounds accesses in sched.h (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-5.patch"; #Stop implicitly marking mappings as mergeable (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-6.patch"; #Replace VLA formatting with dprintf-like function (GrapheneOS)