From 1705545d22e8bee252fbe722aecccfa9b5a44332 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Mon, 4 Apr 2022 21:48:14 -0400
Subject: [PATCH] 19.1: Initial bringup

TODO:
- manifest
- devices
- a few small patches to rebase

Signed-off-by: Tad <tad@spotco.us>
---
 .../0001-constify_JNINativeMethod.patch       | 414 ++++++++++++++++++
 .../android_bionic/0001-HM-Use_HM.patch       | 168 +++++++
 .../0002-Graphene_Bionic_Hardening-1.patch    |  89 ++++
 .../0002-Graphene_Bionic_Hardening-10.patch   |  84 ++++
 .../0002-Graphene_Bionic_Hardening-11.patch   |  95 ++++
 .../0002-Graphene_Bionic_Hardening-12.patch   |  85 ++++
 .../0002-Graphene_Bionic_Hardening-13.patch   |  25 ++
 .../0002-Graphene_Bionic_Hardening-14.patch   |  76 ++++
 .../0002-Graphene_Bionic_Hardening-15.patch   |  58 +++
 .../0002-Graphene_Bionic_Hardening-16.patch   |  98 +++++
 .../0002-Graphene_Bionic_Hardening-2.patch    |  76 ++++
 .../0002-Graphene_Bionic_Hardening-3.patch    |  57 +++
 .../0002-Graphene_Bionic_Hardening-4.patch    |  26 ++
 .../0002-Graphene_Bionic_Hardening-5.patch    |  47 ++
 .../0002-Graphene_Bionic_Hardening-6.patch    |  40 ++
 .../0002-Graphene_Bionic_Hardening-7.patch    |  26 ++
 .../0002-Graphene_Bionic_Hardening-8.patch    |  59 +++
 .../0002-Graphene_Bionic_Hardening-9.patch    |  41 ++
 .../0001-No_SerialNum_Restrictions.patch      |  38 ++
 .../android_build/0001-Enable_fwrapv.patch    |  24 +
 .../android_build/0002-OTA_Keys.patch         |  69 +++
 .../0003-Exec_Based_Spawning.patch            |  28 ++
 .../0001-Enable_fwrapv.patch                  |  50 +++
 .../android_build_soong/0002-hm_apex.patch    |  21 +
 .../0001-constify_JNINativeMethod.patch       |  22 +
 .../0003-SUPL_No_IMSI.patch                   |  35 ++
 .../0004-Fingerprint_Lockout.patch            |  23 +
 .../0005-User_Logout.patch                    |  42 ++
 .../0007-Always_Restict_Serial.patch          |  29 ++
 .../0008-Browser_No_Location.patch            |  33 ++
 .../0009-SystemUI_No_Permission_Review.patch  |  22 +
 .../0013-Network_Permission-1.patch           |  37 ++
 .../0013-Network_Permission-2.patch           |  69 +++
 .../0013-Network_Permission-3.patch           |  49 +++
 .../0013-Sensors_Permission.patch             | 113 +++++
 .../0013-Special_Permissions.patch            |  99 +++++
 .../0014-Automatic_Reboot.patch               | 153 +++++++
 .../0015-Bluetooth_Timeout.patch              | 121 +++++
 .../0016-WiFi_Timeout.patch                   | 123 ++++++
 .../0017-constify_JNINativeMethod.patch       | 213 +++++++++
 .../0018-Exec_Based_Spawning-1.patch          | 181 ++++++++
 .../0018-Exec_Based_Spawning-10.patch         |  28 ++
 .../0018-Exec_Based_Spawning-11.patch         |  28 ++
 .../0018-Exec_Based_Spawning-12.patch         | 253 +++++++++++
 .../0018-Exec_Based_Spawning-2.patch          |  25 ++
 .../0018-Exec_Based_Spawning-3.patch          |  47 ++
 .../0018-Exec_Based_Spawning-4.patch          |  50 +++
 .../0018-Exec_Based_Spawning-5.patch          |  28 ++
 .../0018-Exec_Based_Spawning-6.patch          |  28 ++
 .../0018-Exec_Based_Spawning-7.patch          |  28 ++
 .../0018-Exec_Based_Spawning-8.patch          |  28 ++
 .../0018-Exec_Based_Spawning-9.patch          |  57 +++
 .../0020-Location_Indicators.patch            |  48 ++
 .../0001-constify_JNINativeMethod.patch       |  22 +
 .../0001-Sensors_Permission.patch             |  22 +
 .../0001-Fix_Calling.patch                    |  55 +++
 .../0001-Random_MAC.patch                     |  88 ++++
 .../0001-Unused-8996.patch                    |  58 +++
 .../0001-Unused-8998.patch                    |  60 +++
 .../0001-Unused-sdm845.patch                  |  60 +++
 .../0001-Unused-sm8150.patch                  |  58 +++
 .../0001-Network_Permission.patch             |  32 ++
 .../0002-constify_JNINativeMethod.patch       | 199 +++++++++
 .../0003-Exec_Based_Spawning-1.patch          | 112 +++++
 .../0003-Exec_Based_Spawning-2.patch          |  38 ++
 .../0001-constify_JNINativeMethod.patch       | 259 +++++++++++
 .../0001-Not_Private_Banner.patch             | 185 ++++++++
 .../0001-Remove_Analytics.patch               | 140 ++++++
 .../0001-constify_JNINativeMethod.patch       |  92 ++++
 .../0001-Captive_Portal_Toggle.patch          | 341 +++++++++++++++
 .../0004-Private_DNS.patch                    | 318 ++++++++++++++
 .../0005-Automatic_Reboot.patch               | 196 +++++++++
 .../0006-Bluetooth_Timeout.patch              | 238 ++++++++++
 .../0007-WiFi_Timeout.patch                   | 238 ++++++++++
 .../0008-ptrace_scope.patch                   | 168 +++++++
 .../0009-Install_Restrictions.patch           | 140 ++++++
 .../0010-exec_spawning_toggle.patch           | 168 +++++++
 .../0011-Random_MAC.patch                     | 145 ++++++
 .../0001-Remove_Analytics.patch               | 178 ++++++++
 .../0001-Server.patch                         |  33 ++
 .../0002-Tor_Support.patch                    | 397 +++++++++++++++++
 .../0001-Random_MAC.patch                     |  70 +++
 .../0002-Network_Permission-1.patch           |  62 +++
 .../0002-Network_Permission-2.patch           |  31 ++
 .../0003-Sensors_Permission-1.patch           |  46 ++
 .../0003-Sensors_Permission-2.patch           |  30 ++
 .../0004-Special_Permission-1.patch           | 110 +++++
 .../0004-Special_Permission-2.patch           |  73 +++
 .../0004-Special_Permission-3.patch           |  30 ++
 .../0004-Special_Permission-4.patch           |  41 ++
 .../0005-Browser_No_Location.patch            |  44 ++
 .../0006-Location_Indicators.patch            |  25 ++
 .../0001-Random_MAC.patch                     | 103 +++++
 .../0001-Network_Permission.patch             |  21 +
 .../android_system_bt/0001-alloc_size.patch   |  25 ++
 .../android_system_core/0001-Harden.patch     |  60 +++
 .../0002-ptrace_scope.patch                   |  27 ++
 .../0003-HM-Increase_vm_mmc.patch             |  23 +
 .../0001-ext4_pad_filenames.patch             |  38 ++
 .../0001-Network_Permission.patch             |  31 ++
 .../0002-protected_files.patch                |  41 ++
 .../0003-ptrace_scope-1.patch                 |  90 ++++
 .../0003-ptrace_scope-2.patch                 |  34 ++
 Scripts/Common/Functions.sh                   |   2 +-
 Scripts/LineageOS-18.1/Patch.sh               |   7 +-
 Scripts/LineageOS-19.1/Defaults.sh            |  60 +++
 Scripts/LineageOS-19.1/Functions.sh           | 112 +++++
 Scripts/LineageOS-19.1/Patch.sh               | 405 +++++++++++++++++
 Scripts/LineageOS-19.1/Rebrand.sh             |  99 +++++
 109 files changed, 9579 insertions(+), 7 deletions(-)
 create mode 100644 Patches/LineageOS-19.1/android_art/0001-constify_JNINativeMethod.patch
 create mode 100644 Patches/LineageOS-19.1/android_bionic/0001-HM-Use_HM.patch
 create mode 100644 Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-1.patch
 create mode 100644 Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-10.patch
 create mode 100644 Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-11.patch
 create mode 100644 Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-12.patch
 create mode 100644 Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-13.patch
 create mode 100644 Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-14.patch
 create mode 100644 Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-15.patch
 create mode 100644 Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-16.patch
 create mode 100644 Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-2.patch
 create mode 100644 Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-3.patch
 create mode 100644 Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-4.patch
 create mode 100644 Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-5.patch
 create mode 100644 Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-6.patch
 create mode 100644 Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-7.patch
 create mode 100644 Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-8.patch
 create mode 100644 Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-9.patch
 create mode 100644 Patches/LineageOS-19.1/android_bootable_recovery/0001-No_SerialNum_Restrictions.patch
 create mode 100644 Patches/LineageOS-19.1/android_build/0001-Enable_fwrapv.patch
 create mode 100644 Patches/LineageOS-19.1/android_build/0002-OTA_Keys.patch
 create mode 100644 Patches/LineageOS-19.1/android_build/0003-Exec_Based_Spawning.patch
 create mode 100644 Patches/LineageOS-19.1/android_build_soong/0001-Enable_fwrapv.patch
 create mode 100644 Patches/LineageOS-19.1/android_build_soong/0002-hm_apex.patch
 create mode 100644 Patches/LineageOS-19.1/android_external_conscrypt/0001-constify_JNINativeMethod.patch
 create mode 100644 Patches/LineageOS-19.1/android_frameworks_base/0003-SUPL_No_IMSI.patch
 create mode 100644 Patches/LineageOS-19.1/android_frameworks_base/0004-Fingerprint_Lockout.patch
 create mode 100644 Patches/LineageOS-19.1/android_frameworks_base/0005-User_Logout.patch
 create mode 100644 Patches/LineageOS-19.1/android_frameworks_base/0007-Always_Restict_Serial.patch
 create mode 100644 Patches/LineageOS-19.1/android_frameworks_base/0008-Browser_No_Location.patch
 create mode 100644 Patches/LineageOS-19.1/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch
 create mode 100644 Patches/LineageOS-19.1/android_frameworks_base/0013-Network_Permission-1.patch
 create mode 100644 Patches/LineageOS-19.1/android_frameworks_base/0013-Network_Permission-2.patch
 create mode 100644 Patches/LineageOS-19.1/android_frameworks_base/0013-Network_Permission-3.patch
 create mode 100644 Patches/LineageOS-19.1/android_frameworks_base/0013-Sensors_Permission.patch
 create mode 100644 Patches/LineageOS-19.1/android_frameworks_base/0013-Special_Permissions.patch
 create mode 100644 Patches/LineageOS-19.1/android_frameworks_base/0014-Automatic_Reboot.patch
 create mode 100644 Patches/LineageOS-19.1/android_frameworks_base/0015-Bluetooth_Timeout.patch
 create mode 100644 Patches/LineageOS-19.1/android_frameworks_base/0016-WiFi_Timeout.patch
 create mode 100644 Patches/LineageOS-19.1/android_frameworks_base/0017-constify_JNINativeMethod.patch
 create mode 100644 Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-1.patch
 create mode 100644 Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-10.patch
 create mode 100644 Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-11.patch
 create mode 100644 Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-12.patch
 create mode 100644 Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-2.patch
 create mode 100644 Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-3.patch
 create mode 100644 Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-4.patch
 create mode 100644 Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-5.patch
 create mode 100644 Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-6.patch
 create mode 100644 Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-7.patch
 create mode 100644 Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-8.patch
 create mode 100644 Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-9.patch
 create mode 100644 Patches/LineageOS-19.1/android_frameworks_base/0020-Location_Indicators.patch
 create mode 100644 Patches/LineageOS-19.1/android_frameworks_ex/0001-constify_JNINativeMethod.patch
 create mode 100644 Patches/LineageOS-19.1/android_frameworks_native/0001-Sensors_Permission.patch
 create mode 100644 Patches/LineageOS-19.1/android_frameworks_opt_net_ims/0001-Fix_Calling.patch
 create mode 100644 Patches/LineageOS-19.1/android_frameworks_opt_net_wifi/0001-Random_MAC.patch
 create mode 100644 Patches/LineageOS-19.1/android_hardware_qcom_audio/0001-Unused-8996.patch
 create mode 100644 Patches/LineageOS-19.1/android_hardware_qcom_audio/0001-Unused-8998.patch
 create mode 100644 Patches/LineageOS-19.1/android_hardware_qcom_audio/0001-Unused-sdm845.patch
 create mode 100644 Patches/LineageOS-19.1/android_hardware_qcom_audio/0001-Unused-sm8150.patch
 create mode 100644 Patches/LineageOS-19.1/android_libcore/0001-Network_Permission.patch
 create mode 100644 Patches/LineageOS-19.1/android_libcore/0002-constify_JNINativeMethod.patch
 create mode 100644 Patches/LineageOS-19.1/android_libcore/0003-Exec_Based_Spawning-1.patch
 create mode 100644 Patches/LineageOS-19.1/android_libcore/0003-Exec_Based_Spawning-2.patch
 create mode 100644 Patches/LineageOS-19.1/android_packages_apps_Bluetooth/0001-constify_JNINativeMethod.patch
 create mode 100644 Patches/LineageOS-19.1/android_packages_apps_Dialer/0001-Not_Private_Banner.patch
 create mode 100644 Patches/LineageOS-19.1/android_packages_apps_LineageParts/0001-Remove_Analytics.patch
 create mode 100644 Patches/LineageOS-19.1/android_packages_apps_Nfc/0001-constify_JNINativeMethod.patch
 create mode 100644 Patches/LineageOS-19.1/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch
 create mode 100644 Patches/LineageOS-19.1/android_packages_apps_Settings/0004-Private_DNS.patch
 create mode 100644 Patches/LineageOS-19.1/android_packages_apps_Settings/0005-Automatic_Reboot.patch
 create mode 100644 Patches/LineageOS-19.1/android_packages_apps_Settings/0006-Bluetooth_Timeout.patch
 create mode 100644 Patches/LineageOS-19.1/android_packages_apps_Settings/0007-WiFi_Timeout.patch
 create mode 100644 Patches/LineageOS-19.1/android_packages_apps_Settings/0008-ptrace_scope.patch
 create mode 100644 Patches/LineageOS-19.1/android_packages_apps_Settings/0009-Install_Restrictions.patch
 create mode 100644 Patches/LineageOS-19.1/android_packages_apps_Settings/0010-exec_spawning_toggle.patch
 create mode 100644 Patches/LineageOS-19.1/android_packages_apps_Settings/0011-Random_MAC.patch
 create mode 100644 Patches/LineageOS-19.1/android_packages_apps_SetupWizard/0001-Remove_Analytics.patch
 create mode 100644 Patches/LineageOS-19.1/android_packages_apps_Updater/0001-Server.patch
 create mode 100644 Patches/LineageOS-19.1/android_packages_apps_Updater/0002-Tor_Support.patch
 create mode 100644 Patches/LineageOS-19.1/android_packages_modules_NetworkStack/0001-Random_MAC.patch
 create mode 100644 Patches/LineageOS-19.1/android_packages_modules_Permission/0002-Network_Permission-1.patch
 create mode 100644 Patches/LineageOS-19.1/android_packages_modules_Permission/0002-Network_Permission-2.patch
 create mode 100644 Patches/LineageOS-19.1/android_packages_modules_Permission/0003-Sensors_Permission-1.patch
 create mode 100644 Patches/LineageOS-19.1/android_packages_modules_Permission/0003-Sensors_Permission-2.patch
 create mode 100644 Patches/LineageOS-19.1/android_packages_modules_Permission/0004-Special_Permission-1.patch
 create mode 100644 Patches/LineageOS-19.1/android_packages_modules_Permission/0004-Special_Permission-2.patch
 create mode 100644 Patches/LineageOS-19.1/android_packages_modules_Permission/0004-Special_Permission-3.patch
 create mode 100644 Patches/LineageOS-19.1/android_packages_modules_Permission/0004-Special_Permission-4.patch
 create mode 100644 Patches/LineageOS-19.1/android_packages_modules_Permission/0005-Browser_No_Location.patch
 create mode 100644 Patches/LineageOS-19.1/android_packages_modules_Permission/0006-Location_Indicators.patch
 create mode 100644 Patches/LineageOS-19.1/android_packages_modules_Wifi/0001-Random_MAC.patch
 create mode 100644 Patches/LineageOS-19.1/android_packages_providers_DownloadProvider/0001-Network_Permission.patch
 create mode 100644 Patches/LineageOS-19.1/android_system_bt/0001-alloc_size.patch
 create mode 100644 Patches/LineageOS-19.1/android_system_core/0001-Harden.patch
 create mode 100644 Patches/LineageOS-19.1/android_system_core/0002-ptrace_scope.patch
 create mode 100644 Patches/LineageOS-19.1/android_system_core/0003-HM-Increase_vm_mmc.patch
 create mode 100644 Patches/LineageOS-19.1/android_system_extras/0001-ext4_pad_filenames.patch
 create mode 100644 Patches/LineageOS-19.1/android_system_netd/0001-Network_Permission.patch
 create mode 100644 Patches/LineageOS-19.1/android_system_sepolicy/0002-protected_files.patch
 create mode 100644 Patches/LineageOS-19.1/android_system_sepolicy/0003-ptrace_scope-1.patch
 create mode 100644 Patches/LineageOS-19.1/android_system_sepolicy/0003-ptrace_scope-2.patch
 create mode 100644 Scripts/LineageOS-19.1/Defaults.sh
 create mode 100644 Scripts/LineageOS-19.1/Functions.sh
 create mode 100644 Scripts/LineageOS-19.1/Patch.sh
 create mode 100644 Scripts/LineageOS-19.1/Rebrand.sh

diff --git a/Patches/LineageOS-19.1/android_art/0001-constify_JNINativeMethod.patch b/Patches/LineageOS-19.1/android_art/0001-constify_JNINativeMethod.patch
new file mode 100644
index 00000000..755bdcbe
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_art/0001-constify_JNINativeMethod.patch
@@ -0,0 +1,414 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Sun, 10 Oct 2021 16:45:59 -0400
+Subject: [PATCH] constify JNINativeMethod tables
+
+---
+ runtime/native/dalvik_system_BaseDexClassLoader.cc             | 2 +-
+ runtime/native/dalvik_system_DexFile.cc                        | 2 +-
+ runtime/native/dalvik_system_VMDebug.cc                        | 2 +-
+ runtime/native/dalvik_system_VMRuntime.cc                      | 2 +-
+ runtime/native/dalvik_system_VMStack.cc                        | 2 +-
+ runtime/native/dalvik_system_ZygoteHooks.cc                    | 2 +-
+ runtime/native/java_lang_Class.cc                              | 2 +-
+ runtime/native/java_lang_Object.cc                             | 2 +-
+ runtime/native/java_lang_String.cc                             | 2 +-
+ runtime/native/java_lang_StringFactory.cc                      | 2 +-
+ runtime/native/java_lang_System.cc                             | 2 +-
+ runtime/native/java_lang_Thread.cc                             | 2 +-
+ runtime/native/java_lang_Throwable.cc                          | 2 +-
+ runtime/native/java_lang_VMClassLoader.cc                      | 2 +-
+ runtime/native/java_lang_invoke_MethodHandleImpl.cc            | 2 +-
+ runtime/native/java_lang_ref_FinalizerReference.cc             | 2 +-
+ runtime/native/java_lang_ref_Reference.cc                      | 2 +-
+ runtime/native/java_lang_reflect_Array.cc                      | 2 +-
+ runtime/native/java_lang_reflect_Constructor.cc                | 2 +-
+ runtime/native/java_lang_reflect_Executable.cc                 | 2 +-
+ runtime/native/java_lang_reflect_Field.cc                      | 2 +-
+ runtime/native/java_lang_reflect_Method.cc                     | 2 +-
+ runtime/native/java_lang_reflect_Parameter.cc                  | 2 +-
+ runtime/native/java_lang_reflect_Proxy.cc                      | 2 +-
+ runtime/native/java_util_concurrent_atomic_AtomicLong.cc       | 2 +-
+ runtime/native/libcore_util_CharsetUtils.cc                    | 2 +-
+ runtime/native/org_apache_harmony_dalvik_ddmc_DdmServer.cc     | 2 +-
+ runtime/native/org_apache_harmony_dalvik_ddmc_DdmVmInternal.cc | 2 +-
+ runtime/native/sun_misc_Unsafe.cc                              | 2 +-
+ 29 files changed, 29 insertions(+), 29 deletions(-)
+
+diff --git a/runtime/native/dalvik_system_BaseDexClassLoader.cc b/runtime/native/dalvik_system_BaseDexClassLoader.cc
+index 607395d308..f3d84e57a8 100644
+--- a/runtime/native/dalvik_system_BaseDexClassLoader.cc
++++ b/runtime/native/dalvik_system_BaseDexClassLoader.cc
+@@ -58,7 +58,7 @@ static jobjectArray BaseDexClassLoader_computeClassLoaderContextsNative(JNIEnv*
+   return result;
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+   NATIVE_METHOD(BaseDexClassLoader, computeClassLoaderContextsNative,
+                 "()[Ljava/lang/String;"),
+ };
+diff --git a/runtime/native/dalvik_system_DexFile.cc b/runtime/native/dalvik_system_DexFile.cc
+index f8ad7f1b7a..b0f7cd8f17 100644
+--- a/runtime/native/dalvik_system_DexFile.cc
++++ b/runtime/native/dalvik_system_DexFile.cc
+@@ -913,7 +913,7 @@ static void DexFile_setTrusted(JNIEnv* env, jclass, jobject j_cookie) {
+   }
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+   NATIVE_METHOD(DexFile, closeDexFile, "(Ljava/lang/Object;)Z"),
+   NATIVE_METHOD(DexFile,
+                 defineClassNative,
+diff --git a/runtime/native/dalvik_system_VMDebug.cc b/runtime/native/dalvik_system_VMDebug.cc
+index 5c8bd8431a..fdd0ad079d 100644
+--- a/runtime/native/dalvik_system_VMDebug.cc
++++ b/runtime/native/dalvik_system_VMDebug.cc
+@@ -489,7 +489,7 @@ static void VMDebug_setAllocTrackerStackDepth(JNIEnv* env, jclass, jint stack_de
+   }
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+   NATIVE_METHOD(VMDebug, countInstancesOfClass, "(Ljava/lang/Class;Z)J"),
+   NATIVE_METHOD(VMDebug, countInstancesOfClasses, "([Ljava/lang/Class;Z)[J"),
+   NATIVE_METHOD(VMDebug, dumpHprofData, "(Ljava/lang/String;I)V"),
+diff --git a/runtime/native/dalvik_system_VMRuntime.cc b/runtime/native/dalvik_system_VMRuntime.cc
+index 842590408d..8283f30995 100644
+--- a/runtime/native/dalvik_system_VMRuntime.cc
++++ b/runtime/native/dalvik_system_VMRuntime.cc
+@@ -506,7 +506,7 @@ static jboolean VMRuntime_isValidClassLoaderContext(JNIEnv* env,
+   return ClassLoaderContext::IsValidEncoding(encoded_class_loader_context.c_str());
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+   FAST_NATIVE_METHOD(VMRuntime, addressOf, "(Ljava/lang/Object;)J"),
+   NATIVE_METHOD(VMRuntime, bootClassPath, "()Ljava/lang/String;"),
+   NATIVE_METHOD(VMRuntime, clampGrowthLimit, "()V"),
+diff --git a/runtime/native/dalvik_system_VMStack.cc b/runtime/native/dalvik_system_VMStack.cc
+index e88516e248..58e40f6e8a 100644
+--- a/runtime/native/dalvik_system_VMStack.cc
++++ b/runtime/native/dalvik_system_VMStack.cc
+@@ -168,7 +168,7 @@ static jobjectArray VMStack_getAnnotatedThreadStackTrace(JNIEnv* env, jclass, jo
+   return GetThreadStack(soa, javaThread, fn);
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+   FAST_NATIVE_METHOD(VMStack, fillStackTraceElements, "(Ljava/lang/Thread;[Ljava/lang/StackTraceElement;)I"),
+   FAST_NATIVE_METHOD(VMStack, getCallingClassLoader, "()Ljava/lang/ClassLoader;"),
+   FAST_NATIVE_METHOD(VMStack, getClosestUserClassLoader, "()Ljava/lang/ClassLoader;"),
+diff --git a/runtime/native/dalvik_system_ZygoteHooks.cc b/runtime/native/dalvik_system_ZygoteHooks.cc
+index 050233dac5..37551d049b 100644
+--- a/runtime/native/dalvik_system_ZygoteHooks.cc
++++ b/runtime/native/dalvik_system_ZygoteHooks.cc
+@@ -456,7 +456,7 @@ static jboolean ZygoteHooks_nativeZygoteLongSuspendOk(JNIEnv* env ATTRIBUTE_UNUS
+ }
+ 
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+   NATIVE_METHOD(ZygoteHooks, nativePreFork, "()J"),
+   NATIVE_METHOD(ZygoteHooks, nativePostZygoteFork, "()V"),
+   NATIVE_METHOD(ZygoteHooks, nativePostForkSystemServer, "(I)V"),
+diff --git a/runtime/native/java_lang_Class.cc b/runtime/native/java_lang_Class.cc
+index 776b14f735..bdf3ea92ec 100644
+--- a/runtime/native/java_lang_Class.cc
++++ b/runtime/native/java_lang_Class.cc
+@@ -981,7 +981,7 @@ static jobject Class_newInstance(JNIEnv* env, jobject javaThis) {
+   return soa.AddLocalReference<jobject>(receiver.Get());
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+   FAST_NATIVE_METHOD(Class, classForName,
+                 "(Ljava/lang/String;ZLjava/lang/ClassLoader;)Ljava/lang/Class;"),
+   FAST_NATIVE_METHOD(Class, getDeclaredAnnotation,
+diff --git a/runtime/native/java_lang_Object.cc b/runtime/native/java_lang_Object.cc
+index 8fc10d1114..8740755199 100644
+--- a/runtime/native/java_lang_Object.cc
++++ b/runtime/native/java_lang_Object.cc
+@@ -54,7 +54,7 @@ static jint Object_identityHashCodeNative(JNIEnv* env, jclass, jobject javaObjec
+   return static_cast<jint>(o->IdentityHashCode());
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+   FAST_NATIVE_METHOD(Object, internalClone, "()Ljava/lang/Object;"),
+   FAST_NATIVE_METHOD(Object, notify, "()V"),
+   FAST_NATIVE_METHOD(Object, notifyAll, "()V"),
+diff --git a/runtime/native/java_lang_String.cc b/runtime/native/java_lang_String.cc
+index 86f93299d9..ec4b8a9025 100644
+--- a/runtime/native/java_lang_String.cc
++++ b/runtime/native/java_lang_String.cc
+@@ -109,7 +109,7 @@ static jcharArray String_toCharArray(JNIEnv* env, jobject java_this) {
+   return soa.AddLocalReference<jcharArray>(mirror::String::ToCharArray(s, soa.Self()));
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+   FAST_NATIVE_METHOD(String, charAt, "(I)C"),
+   FAST_NATIVE_METHOD(String, compareTo, "(Ljava/lang/String;)I"),
+   FAST_NATIVE_METHOD(String, concat, "(Ljava/lang/String;)Ljava/lang/String;"),
+diff --git a/runtime/native/java_lang_StringFactory.cc b/runtime/native/java_lang_StringFactory.cc
+index 9086ee932d..de0a81e9a5 100644
+--- a/runtime/native/java_lang_StringFactory.cc
++++ b/runtime/native/java_lang_StringFactory.cc
+@@ -264,7 +264,7 @@ static jstring StringFactory_newStringFromUtf8Bytes(JNIEnv* env, jclass, jbyteAr
+   return soa.AddLocalReference<jstring>(result);
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+   FAST_NATIVE_METHOD(StringFactory, newStringFromBytes, "([BIII)Ljava/lang/String;"),
+   FAST_NATIVE_METHOD(StringFactory, newStringFromChars, "(II[C)Ljava/lang/String;"),
+   FAST_NATIVE_METHOD(StringFactory, newStringFromString, "(Ljava/lang/String;)Ljava/lang/String;"),
+diff --git a/runtime/native/java_lang_System.cc b/runtime/native/java_lang_System.cc
+index 63cbd2c815..e7b3894aad 100644
+--- a/runtime/native/java_lang_System.cc
++++ b/runtime/native/java_lang_System.cc
+@@ -239,7 +239,7 @@ static void System_arraycopyBooleanUnchecked(JNIEnv* env,
+       javaDst, dstPos, count);
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+   FAST_NATIVE_METHOD(System, arraycopy, "(Ljava/lang/Object;ILjava/lang/Object;II)V"),
+   FAST_NATIVE_METHOD(System, arraycopyCharUnchecked, "([CI[CII)V"),
+   FAST_NATIVE_METHOD(System, arraycopyByteUnchecked, "([BI[BII)V"),
+diff --git a/runtime/native/java_lang_Thread.cc b/runtime/native/java_lang_Thread.cc
+index c3b4fe09de..8ff4e02605 100644
+--- a/runtime/native/java_lang_Thread.cc
++++ b/runtime/native/java_lang_Thread.cc
+@@ -193,7 +193,7 @@ static void Thread_yield(JNIEnv*, jobject) {
+   sched_yield();
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+   FAST_NATIVE_METHOD(Thread, currentThread, "()Ljava/lang/Thread;"),
+   FAST_NATIVE_METHOD(Thread, interrupted, "()Z"),
+   FAST_NATIVE_METHOD(Thread, isInterrupted, "()Z"),
+diff --git a/runtime/native/java_lang_Throwable.cc b/runtime/native/java_lang_Throwable.cc
+index b89e287481..5cdd70c513 100644
+--- a/runtime/native/java_lang_Throwable.cc
++++ b/runtime/native/java_lang_Throwable.cc
+@@ -38,7 +38,7 @@ static jobjectArray Throwable_nativeGetStackTrace(JNIEnv* env, jclass, jobject j
+   return Thread::InternalStackTraceToStackTraceElementArray(soa, javaStackState);
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+   FAST_NATIVE_METHOD(Throwable, nativeFillInStackTrace, "()Ljava/lang/Object;"),
+   FAST_NATIVE_METHOD(Throwable, nativeGetStackTrace, "(Ljava/lang/Object;)[Ljava/lang/StackTraceElement;"),
+ };
+diff --git a/runtime/native/java_lang_VMClassLoader.cc b/runtime/native/java_lang_VMClassLoader.cc
+index 11e02a2ce4..ce37a33086 100644
+--- a/runtime/native/java_lang_VMClassLoader.cc
++++ b/runtime/native/java_lang_VMClassLoader.cc
+@@ -155,7 +155,7 @@ static jobjectArray VMClassLoader_getBootClassPathEntries(JNIEnv* env, jclass) {
+   return array;
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+   FAST_NATIVE_METHOD(VMClassLoader, findLoadedClass, "(Ljava/lang/ClassLoader;Ljava/lang/String;)Ljava/lang/Class;"),
+   NATIVE_METHOD(VMClassLoader, getBootClassPathEntries, "()[Ljava/lang/String;"),
+ };
+diff --git a/runtime/native/java_lang_invoke_MethodHandleImpl.cc b/runtime/native/java_lang_invoke_MethodHandleImpl.cc
+index 45d9a8abef..afeaa94ec5 100644
+--- a/runtime/native/java_lang_invoke_MethodHandleImpl.cc
++++ b/runtime/native/java_lang_invoke_MethodHandleImpl.cc
+@@ -63,7 +63,7 @@ static jobject MethodHandleImpl_getMemberInternal(JNIEnv* env, jobject thiz) {
+   return soa.AddLocalReference<jobject>(h_object.Get());
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+   NATIVE_METHOD(MethodHandleImpl, getMemberInternal, "()Ljava/lang/reflect/Member;"),
+ };
+ 
+diff --git a/runtime/native/java_lang_ref_FinalizerReference.cc b/runtime/native/java_lang_ref_FinalizerReference.cc
+index 535b243411..0a8dfb6c09 100644
+--- a/runtime/native/java_lang_ref_FinalizerReference.cc
++++ b/runtime/native/java_lang_ref_FinalizerReference.cc
+@@ -42,7 +42,7 @@ static jobject FinalizerReference_getReferent(JNIEnv* env, jobject javaThis) {
+   return soa.AddLocalReference<jobject>(referent);
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+   FAST_NATIVE_METHOD(FinalizerReference, makeCircularListIfUnenqueued, "()Z"),
+   FAST_NATIVE_METHOD(FinalizerReference, getReferent, "()Ljava/lang/Object;"),
+ };
+diff --git a/runtime/native/java_lang_ref_Reference.cc b/runtime/native/java_lang_ref_Reference.cc
+index f23010bf48..e36287154f 100644
+--- a/runtime/native/java_lang_ref_Reference.cc
++++ b/runtime/native/java_lang_ref_Reference.cc
+@@ -73,7 +73,7 @@ static void Reference_clearReferent(JNIEnv* env, jobject javaThis) {
+   Runtime::Current()->GetHeap()->GetReferenceProcessor()->ClearReferent(ref);
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+   FAST_NATIVE_METHOD(Reference, getReferent, "()Ljava/lang/Object;"),
+   FAST_NATIVE_METHOD(Reference, clearReferent, "()V"),
+   FAST_NATIVE_METHOD(Reference, refersTo0, "(Ljava/lang/Object;)Z"),
+diff --git a/runtime/native/java_lang_reflect_Array.cc b/runtime/native/java_lang_reflect_Array.cc
+index ff94593cdf..e359e7d8a8 100644
+--- a/runtime/native/java_lang_reflect_Array.cc
++++ b/runtime/native/java_lang_reflect_Array.cc
+@@ -74,7 +74,7 @@ static jobject Array_createObjectArray(JNIEnv* env, jclass, jclass javaElementCl
+   return soa.AddLocalReference<jobject>(new_array);
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+   FAST_NATIVE_METHOD(Array, createMultiArray, "(Ljava/lang/Class;[I)Ljava/lang/Object;"),
+   FAST_NATIVE_METHOD(Array, createObjectArray, "(Ljava/lang/Class;I)Ljava/lang/Object;"),
+ };
+diff --git a/runtime/native/java_lang_reflect_Constructor.cc b/runtime/native/java_lang_reflect_Constructor.cc
+index 1d362c0302..16f5dedb44 100644
+--- a/runtime/native/java_lang_reflect_Constructor.cc
++++ b/runtime/native/java_lang_reflect_Constructor.cc
+@@ -128,7 +128,7 @@ static jobject Constructor_newInstanceFromSerialization(JNIEnv* env, jclass unus
+     return env->NewObject(allocClass, ctor);
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+   FAST_NATIVE_METHOD(Constructor, getExceptionTypes, "()[Ljava/lang/Class;"),
+   FAST_NATIVE_METHOD(Constructor, newInstance0, "([Ljava/lang/Object;)Ljava/lang/Object;"),
+   FAST_NATIVE_METHOD(Constructor, newInstanceFromSerialization, "(Ljava/lang/Class;Ljava/lang/Class;)Ljava/lang/Object;"),
+diff --git a/runtime/native/java_lang_reflect_Executable.cc b/runtime/native/java_lang_reflect_Executable.cc
+index fef16b9099..1acce4e5d3 100644
+--- a/runtime/native/java_lang_reflect_Executable.cc
++++ b/runtime/native/java_lang_reflect_Executable.cc
+@@ -383,7 +383,7 @@ static jint Executable_getParameterCountInternal(JNIEnv* env, jobject javaMethod
+ }
+ 
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+   FAST_NATIVE_METHOD(Executable, compareMethodParametersInternal,
+                      "(Ljava/lang/reflect/Method;)I"),
+   FAST_NATIVE_METHOD(Executable, getAnnotationNative,
+diff --git a/runtime/native/java_lang_reflect_Field.cc b/runtime/native/java_lang_reflect_Field.cc
+index cfc4a292ba..7bbff9ba36 100644
+--- a/runtime/native/java_lang_reflect_Field.cc
++++ b/runtime/native/java_lang_reflect_Field.cc
+@@ -521,7 +521,7 @@ static jboolean Field_isAnnotationPresentNative(JNIEnv* env,
+   return annotations::IsFieldAnnotationPresent(field, klass);
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+   FAST_NATIVE_METHOD(Field, get,        "(Ljava/lang/Object;)Ljava/lang/Object;"),
+   FAST_NATIVE_METHOD(Field, getBoolean, "(Ljava/lang/Object;)Z"),
+   FAST_NATIVE_METHOD(Field, getByte,    "(Ljava/lang/Object;)B"),
+diff --git a/runtime/native/java_lang_reflect_Method.cc b/runtime/native/java_lang_reflect_Method.cc
+index 2c0dd806e1..e052ba9b2c 100644
+--- a/runtime/native/java_lang_reflect_Method.cc
++++ b/runtime/native/java_lang_reflect_Method.cc
+@@ -86,7 +86,7 @@ static jobject Method_invoke(JNIEnv* env, jobject javaMethod, jobject javaReceiv
+   return InvokeMethod<kRuntimePointerSize>(soa, javaMethod, javaReceiver, javaArgs);
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+   FAST_NATIVE_METHOD(Method, getDefaultValue, "()Ljava/lang/Object;"),
+   FAST_NATIVE_METHOD(Method, getExceptionTypes, "()[Ljava/lang/Class;"),
+   FAST_NATIVE_METHOD(Method, invoke, "(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;"),
+diff --git a/runtime/native/java_lang_reflect_Parameter.cc b/runtime/native/java_lang_reflect_Parameter.cc
+index 263a56796f..92bf9078a4 100644
+--- a/runtime/native/java_lang_reflect_Parameter.cc
++++ b/runtime/native/java_lang_reflect_Parameter.cc
+@@ -98,7 +98,7 @@ static jobject Parameter_getAnnotationNative(JNIEnv* env,
+       annotations::GetAnnotationForMethodParameter(method, parameterIndex, klass));
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+   FAST_NATIVE_METHOD(
+       Parameter,
+       getAnnotationNative,
+diff --git a/runtime/native/java_lang_reflect_Proxy.cc b/runtime/native/java_lang_reflect_Proxy.cc
+index f723ed223d..c2b533de5d 100644
+--- a/runtime/native/java_lang_reflect_Proxy.cc
++++ b/runtime/native/java_lang_reflect_Proxy.cc
+@@ -37,7 +37,7 @@ static jclass Proxy_generateProxy(JNIEnv* env, jclass, jstring name, jobjectArra
+       soa, name, interfaces, loader, methods, throws));
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+   FAST_NATIVE_METHOD(Proxy, generateProxy, "(Ljava/lang/String;[Ljava/lang/Class;Ljava/lang/ClassLoader;[Ljava/lang/reflect/Method;[[Ljava/lang/Class;)Ljava/lang/Class;"),
+ };
+ 
+diff --git a/runtime/native/java_util_concurrent_atomic_AtomicLong.cc b/runtime/native/java_util_concurrent_atomic_AtomicLong.cc
+index fa288edcb8..299ac5a61d 100644
+--- a/runtime/native/java_util_concurrent_atomic_AtomicLong.cc
++++ b/runtime/native/java_util_concurrent_atomic_AtomicLong.cc
+@@ -30,7 +30,7 @@ static jboolean AtomicLong_VMSupportsCS8(JNIEnv*, jclass) {
+   return QuasiAtomic::LongAtomicsUseMutexes(kRuntimeISA) ? JNI_FALSE : JNI_TRUE;
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+   NATIVE_METHOD(AtomicLong, VMSupportsCS8, "()Z"),
+ };
+ 
+diff --git a/runtime/native/libcore_util_CharsetUtils.cc b/runtime/native/libcore_util_CharsetUtils.cc
+index f0764f1d74..d9303a9b93 100644
+--- a/runtime/native/libcore_util_CharsetUtils.cc
++++ b/runtime/native/libcore_util_CharsetUtils.cc
+@@ -183,7 +183,7 @@ static jbyteArray CharsetUtils_toUtf8Bytes(JNIEnv* env, jclass, jstring java_str
+   return soa.AddLocalReference<jbyteArray>(result);
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+   FAST_NATIVE_METHOD(CharsetUtils, asciiBytesToChars, "([BII[C)V"),
+   FAST_NATIVE_METHOD(CharsetUtils, isoLatin1BytesToChars, "([BII[C)V"),
+   FAST_NATIVE_METHOD(CharsetUtils, toAsciiBytes, "(Ljava/lang/String;II)[B"),
+diff --git a/runtime/native/org_apache_harmony_dalvik_ddmc_DdmServer.cc b/runtime/native/org_apache_harmony_dalvik_ddmc_DdmServer.cc
+index 419aed8578..ccbef4f3f4 100644
+--- a/runtime/native/org_apache_harmony_dalvik_ddmc_DdmServer.cc
++++ b/runtime/native/org_apache_harmony_dalvik_ddmc_DdmServer.cc
+@@ -38,7 +38,7 @@ static void DdmServer_nativeSendChunk(JNIEnv* env, jclass, jint type,
+   Runtime::Current()->GetRuntimeCallbacks()->DdmPublishChunk(static_cast<uint32_t>(type), chunk);
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+   FAST_NATIVE_METHOD(DdmServer, nativeSendChunk, "(I[BII)V"),
+ };
+ 
+diff --git a/runtime/native/org_apache_harmony_dalvik_ddmc_DdmVmInternal.cc b/runtime/native/org_apache_harmony_dalvik_ddmc_DdmVmInternal.cc
+index f74e1206f5..044364cc45 100644
+--- a/runtime/native/org_apache_harmony_dalvik_ddmc_DdmVmInternal.cc
++++ b/runtime/native/org_apache_harmony_dalvik_ddmc_DdmVmInternal.cc
+@@ -209,7 +209,7 @@ static jbyteArray DdmVmInternal_getThreadStats(JNIEnv* env, jclass) {
+   return result;
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+   NATIVE_METHOD(DdmVmInternal, setRecentAllocationsTrackingEnabled, "(Z)V"),
+   NATIVE_METHOD(DdmVmInternal, setThreadNotifyEnabled, "(Z)V"),
+   NATIVE_METHOD(DdmVmInternal, getStackTraceById, "(I)[Ljava/lang/StackTraceElement;"),
+diff --git a/runtime/native/sun_misc_Unsafe.cc b/runtime/native/sun_misc_Unsafe.cc
+index 5014f340cd..bb9226d1fa 100644
+--- a/runtime/native/sun_misc_Unsafe.cc
++++ b/runtime/native/sun_misc_Unsafe.cc
+@@ -541,7 +541,7 @@ static void Unsafe_unpark(JNIEnv* env, jobject, jobject jthread) {
+   }
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+   FAST_NATIVE_METHOD(Unsafe, compareAndSwapInt, "(Ljava/lang/Object;JII)Z"),
+   FAST_NATIVE_METHOD(Unsafe, compareAndSwapLong, "(Ljava/lang/Object;JJJ)Z"),
+   FAST_NATIVE_METHOD(Unsafe, compareAndSwapObject, "(Ljava/lang/Object;JLjava/lang/Object;Ljava/lang/Object;)Z"),
diff --git a/Patches/LineageOS-19.1/android_bionic/0001-HM-Use_HM.patch b/Patches/LineageOS-19.1/android_bionic/0001-HM-Use_HM.patch
new file mode 100644
index 00000000..8ff0e913
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_bionic/0001-HM-Use_HM.patch
@@ -0,0 +1,168 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Wed, 5 Dec 2018 01:51:56 -0500
+Subject: [PATCH] use Scudo on 32-bit and hardened_malloc on 64-bit
+
+Co-authored-by: anupritaisno1 <www.anuprita804@gmail.com>
+Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
+---
+ libc/Android.bp                  | 39 +++++++++++-------------
+ libc/bionic/h_malloc_wrapper.cpp | 51 ++++++++++++++++++++++++++++++++
+ libc/bionic/malloc_common.h      |  8 +++++
+ 3 files changed, 77 insertions(+), 21 deletions(-)
+ create mode 100644 libc/bionic/h_malloc_wrapper.cpp
+
+diff --git a/libc/Android.bp b/libc/Android.bp
+index 98b878151..75b06f58c 100644
+--- a/libc/Android.bp
++++ b/libc/Android.bp
+@@ -68,6 +68,8 @@ libc_common_flags = [
+ 
+     // GWP-ASan requires platform TLS.
+     "-fno-emulated-tls",
++
++    "-DH_MALLOC_PREFIX",
+ ]
+ 
+ // Define some common cflags
+@@ -113,33 +115,20 @@ cc_defaults {
+     ldflags: ["-Wl,-z,muldefs"],
+ 
+     multilib: {
+-        lib64: {
+-            product_variables: {
+-                malloc_zero_contents: {
+-                    cflags: ["-DSCUDO_ZERO_CONTENTS"],
+-                },
+-                malloc_pattern_fill_contents: {
+-                    cflags: ["-DSCUDO_PATTERN_FILL_CONTENTS"],
+-                },
+-                malloc_not_svelte: {
+-                    cflags: ["-DUSE_SCUDO"],
+-                },
+-            },
+-        },
+         lib32: {
+             product_variables: {
+                 malloc_zero_contents: {
+                     cflags: ["-DSCUDO_ZERO_CONTENTS"],
+                 },
+                 malloc_pattern_fill_contents: {
+-                    cflags: ["-DSCUDO_PATTERN_FILL_CONTENTS"],
++                     cflags: ["-DSCUDO_PATTERN_FILL_CONTENTS"],
+                 },
+                 malloc_not_svelte_libc32: {
+-                    cflags: ["-DUSE_SCUDO"],
++                   cflags: ["-DUSE_SCUDO"],
+                 },
+             },
+-        },
+-    },
++        }
++    }
+ }
+ 
+ libc_scudo_product_variables = {
+@@ -194,12 +183,20 @@ cc_defaults {
+ cc_library_static {
+     name: "libc_jemalloc_wrapper",
+     defaults: ["libc_defaults"],
+-    srcs: ["bionic/jemalloc_wrapper.cpp"],
++    multilib: {
++        lib32: {
++            // Used to pull in the jemalloc/hardened_malloc include directory so that if the
++            // library is removed, the include directory is also removed.
++            srcs: ["bionic/jemalloc_wrapper.cpp"],
++            static_libs: ["libjemalloc5"],
++        },
++        lib64: {
++            srcs: ["bionic/h_malloc_wrapper.cpp"],
++            static_libs: ["libhardened_malloc"],
++        },
++    },
+     cflags: ["-fvisibility=hidden"],
+ 
+-    // Used to pull in the jemalloc include directory so that if the
+-    // library is removed, the include directory is also removed.
+-    static_libs: ["libjemalloc5"],
+ }
+ 
+ // ========================================================
+diff --git a/libc/bionic/h_malloc_wrapper.cpp b/libc/bionic/h_malloc_wrapper.cpp
+new file mode 100644
+index 000000000..5fb0968c2
+--- /dev/null
++++ b/libc/bionic/h_malloc_wrapper.cpp
+@@ -0,0 +1,51 @@
++#include <errno.h>
++#include <malloc.h>
++#include <sys/param.h>
++#include <unistd.h>
++
++#include <private/MallocXmlElem.h>
++
++#include "h_malloc.h"
++
++__BEGIN_DECLS
++int h_malloc_info(int options, FILE* fp);
++__END_DECLS
++
++int h_malloc_info(int options, FILE* fp) {
++  if (options != 0) {
++    errno = EINVAL;
++    return -1;
++  }
++
++  fflush(fp);
++  int fd = fileno(fp);
++  MallocXmlElem root(fd, "malloc", "version=\"jemalloc-1\"");
++
++  // Dump all of the large allocations in the arenas.
++  for (size_t i = 0; i < h_mallinfo_narenas(); i++) {
++    struct mallinfo mi = h_mallinfo_arena_info(i);
++    if (mi.hblkhd != 0) {
++      MallocXmlElem arena_elem(fd, "heap", "nr=\"%d\"", i);
++      {
++        MallocXmlElem(fd, "allocated-large").Contents("%zu", mi.ordblks);
++        MallocXmlElem(fd, "allocated-huge").Contents("%zu", mi.uordblks);
++        MallocXmlElem(fd, "allocated-bins").Contents("%zu", mi.fsmblks);
++
++        size_t total = 0;
++        for (size_t j = 0; j < h_mallinfo_nbins(); j++) {
++          struct mallinfo mi = h_mallinfo_bin_info(i, j);
++          if (mi.ordblks != 0) {
++            MallocXmlElem bin_elem(fd, "bin", "nr=\"%d\"", j);
++            MallocXmlElem(fd, "allocated").Contents("%zu", mi.ordblks);
++            MallocXmlElem(fd, "nmalloc").Contents("%zu", mi.uordblks);
++            MallocXmlElem(fd, "ndalloc").Contents("%zu", mi.fordblks);
++            total += mi.ordblks;
++          }
++        }
++        MallocXmlElem(fd, "bins-total").Contents("%zu", total);
++      }
++    }
++  }
++
++  return 0;
++}
+diff --git a/libc/bionic/malloc_common.h b/libc/bionic/malloc_common.h
+index 4afcc4a8d..cca9e5202 100644
+--- a/libc/bionic/malloc_common.h
++++ b/libc/bionic/malloc_common.h
+@@ -67,8 +67,16 @@ __END_DECLS
+ 
+ #else
+ 
++#ifdef __LP64__
++#include "h_malloc.h"
++#define Malloc(function)  h_ ## function
++__BEGIN_DECLS
++int h_malloc_info(int options, FILE* fp);
++__END_DECLS
++#else
+ #include "jemalloc.h"
+ #define Malloc(function)  je_ ## function
++#endif
+ 
+ #endif
+ 
diff --git a/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-1.patch b/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-1.patch
new file mode 100644
index 00000000..22fd3d73
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-1.patch
@@ -0,0 +1,89 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: anupritaisno1 <www.anuprita804@gmail.com>
+Date: Wed, 13 Oct 2021 15:00:25 +0530
+Subject: [PATCH] add a real explicit_bzero implementation
+
+Clang, GCC and other compilers special-case standard C functions like
+memset. Calls to memset will be optimized out.
+
+OpenBSD provides explicit_bzero to work around this but Android simply
+defines it as memset so nothing prevents it from being optimized away.
+
+This implementation uses a memory read constraint via empty inline
+assembly rather than something that may be broken via link-time
+optimization in the future.
+
+Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
+Change-Id: Ia021e30f86ee4b998d541fbf7262110f9d1d6fbf
+Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
+---
+ libc/Android.bp                                        | 1 +
+ libc/bionic/explicit_bzero.cpp                         | 7 +++++++
+ libc/include/string.h                                  | 1 +
+ libc/libc.map.txt                                      | 1 +
+ libc/upstream-openbsd/android/include/openbsd-compat.h | 2 --
+ 5 files changed, 10 insertions(+), 2 deletions(-)
+ create mode 100644 libc/bionic/explicit_bzero.cpp
+
+diff --git a/libc/Android.bp b/libc/Android.bp
+index 75b06f58c..cae5d8776 100644
+--- a/libc/Android.bp
++++ b/libc/Android.bp
+@@ -1084,6 +1084,7 @@ cc_library_static {
+         "bionic/error.cpp",
+         "bionic/eventfd.cpp",
+         "bionic/exec.cpp",
++        "bionic/explicit_bzero.cpp",
+         "bionic/faccessat.cpp",
+         "bionic/fchmod.cpp",
+         "bionic/fchmodat.cpp",
+diff --git a/libc/bionic/explicit_bzero.cpp b/libc/bionic/explicit_bzero.cpp
+new file mode 100644
+index 000000000..b06daa138
+--- /dev/null
++++ b/libc/bionic/explicit_bzero.cpp
+@@ -0,0 +1,7 @@
++#include <string.h>
++
++void* explicit_bzero(void* s, size_t n) {
++  void *ptr = memset(s, 0, n);
++  __asm__ __volatile__("" : : "r"(ptr) : "memory");
++  return ptr;
++}
+diff --git a/libc/include/string.h b/libc/include/string.h
+index 0cc5611aa..befffd082 100644
+--- a/libc/include/string.h
++++ b/libc/include/string.h
+@@ -56,6 +56,7 @@ void* mempcpy(void* __dst, const void* __src, size_t __n) __INTRODUCED_IN(23);
+ #endif
+ void* memmove(void* __dst, const void* __src, size_t __n);
+ void* memset(void* __dst, int __ch, size_t __n);
++void* explicit_bzero(void *s, size_t n);
+ void* memmem(const void* __haystack, size_t __haystack_size, const void* __needle, size_t __needle_size) __attribute_pure__;
+ 
+ char* strchr(const char* __s, int __ch) __attribute_pure__;
+diff --git a/libc/libc.map.txt b/libc/libc.map.txt
+index c31e30681..cab7c1363 100644
+--- a/libc/libc.map.txt
++++ b/libc/libc.map.txt
+@@ -332,6 +332,7 @@ LIBC {
+     execvp;
+     execvpe; # introduced=21
+     exit;
++    explicit_bzero; # introduced=31
+     faccessat;
+     fallocate; # introduced=21
+     fallocate64; # introduced=21
+diff --git a/libc/upstream-openbsd/android/include/openbsd-compat.h b/libc/upstream-openbsd/android/include/openbsd-compat.h
+index 6c21c5b49..49d98c3d2 100644
+--- a/libc/upstream-openbsd/android/include/openbsd-compat.h
++++ b/libc/upstream-openbsd/android/include/openbsd-compat.h
+@@ -57,8 +57,6 @@ extern const char* __progname;
+ /* OpenBSD has this, but we can't really implement it correctly on Linux. */
+ #define issetugid() 0
+ 
+-#define explicit_bzero(p, s) memset(p, 0, s)
+-
+ /* OpenBSD has this in paths.h. But this directory doesn't normally exist.
+  * Even when it does exist, only the 'shell' user has permissions.
+  */
diff --git a/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-10.patch b/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-10.patch
new file mode 100644
index 00000000..999f642f
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-10.patch
@@ -0,0 +1,84 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Wed, 2 Dec 2015 23:37:28 -0500
+Subject: [PATCH] switch pthread_atfork handler allocation to mmap
+
+Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
+---
+ libc/bionic/pthread_atfork.cpp | 35 ++++++++++++++++++++++++++++------
+ 1 file changed, 29 insertions(+), 6 deletions(-)
+
+diff --git a/libc/bionic/pthread_atfork.cpp b/libc/bionic/pthread_atfork.cpp
+index 0dcabdfb2..6306052ee 100644
+--- a/libc/bionic/pthread_atfork.cpp
++++ b/libc/bionic/pthread_atfork.cpp
+@@ -29,6 +29,9 @@
+ #include <errno.h>
+ #include <pthread.h>
+ #include <stdlib.h>
++#include <sys/mman.h>
++#include <sys/prctl.h>
++#include <unistd.h>
+ 
+ #include "platform/bionic/macros.h"
+ 
+@@ -43,6 +46,8 @@ struct atfork_t {
+   void* dso_handle;
+ };
+ 
++static atfork_t* pool;
++
+ class atfork_list_t {
+  public:
+   constexpr atfork_list_t() : first_(nullptr), last_(nullptr) {}
+@@ -101,7 +106,8 @@ class atfork_list_t {
+       last_ = entry->prev;
+     }
+ 
+-    free(entry);
++    entry->next = pool;
++    pool = entry;
+   }
+ 
+   atfork_t* first_;
+@@ -154,18 +160,35 @@ void __bionic_atfork_run_parent() {
+ // __register_atfork is the name used by glibc
+ extern "C" int __register_atfork(void (*prepare)(void), void (*parent)(void),
+                                  void(*child)(void), void* dso) {
+-  atfork_t* entry = reinterpret_cast<atfork_t*>(malloc(sizeof(atfork_t)));
+-  if (entry == nullptr) {
+-    return ENOMEM;
++  pthread_mutex_lock(&g_atfork_list_mutex);
++
++  if (!pool) {
++    size_t page_size = getpagesize();
++    char* page = static_cast<char*>(mmap(NULL, page_size, PROT_READ|PROT_WRITE,
++                                         MAP_ANONYMOUS|MAP_PRIVATE, -1, 0));
++    if (page == MAP_FAILED) {
++      pthread_mutex_unlock(&g_atfork_list_mutex);
++      return ENOMEM;
++    }
++
++    prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME, page, page_size,
++      "atfork handlers");
++
++    for (char* it = page; it < page + page_size - sizeof(atfork_t); it += sizeof(atfork_t)) {
++      atfork_t* node = reinterpret_cast<atfork_t*>(it);
++      node->next = pool;
++      pool = node;
++    }
+   }
+ 
++  atfork_t* entry = pool;
++  pool = entry->next;
++
+   entry->prepare = prepare;
+   entry->parent = parent;
+   entry->child = child;
+   entry->dso_handle = dso;
+ 
+-  pthread_mutex_lock(&g_atfork_list_mutex);
+-
+   g_atfork_list.push_back(entry);
+ 
+   pthread_mutex_unlock(&g_atfork_list_mutex);
diff --git a/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-11.patch b/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-11.patch
new file mode 100644
index 00000000..b8635e8d
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-11.patch
@@ -0,0 +1,95 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Thu, 3 Dec 2015 12:58:31 -0500
+Subject: [PATCH] add memory protection for pthread_atfork handlers
+
+Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
+---
+ libc/bionic/pthread_atfork.cpp | 34 ++++++++++++++++++++++++++++++++--
+ 1 file changed, 32 insertions(+), 2 deletions(-)
+
+diff --git a/libc/bionic/pthread_atfork.cpp b/libc/bionic/pthread_atfork.cpp
+index 6306052ee..d59f3ae54 100644
+--- a/libc/bionic/pthread_atfork.cpp
++++ b/libc/bionic/pthread_atfork.cpp
+@@ -47,6 +47,7 @@ struct atfork_t {
+ };
+ 
+ static atfork_t* pool;
++static atfork_t* page_list;
+ 
+ class atfork_list_t {
+  public:
+@@ -160,13 +161,22 @@ void __bionic_atfork_run_parent() {
+ // __register_atfork is the name used by glibc
+ extern "C" int __register_atfork(void (*prepare)(void), void (*parent)(void),
+                                  void(*child)(void), void* dso) {
++  size_t page_size = getpagesize();
++
+   pthread_mutex_lock(&g_atfork_list_mutex);
+ 
++  for (atfork_t* page_it = page_list; page_it; page_it = page_it->next) {
++    mprotect(page_it, page_size, PROT_READ|PROT_WRITE);
++  }
++
+   if (!pool) {
+-    size_t page_size = getpagesize();
+     char* page = static_cast<char*>(mmap(NULL, page_size, PROT_READ|PROT_WRITE,
+                                          MAP_ANONYMOUS|MAP_PRIVATE, -1, 0));
+     if (page == MAP_FAILED) {
++      for (atfork_t* page_it = page_list; page_it; page_it = page_it->next) {
++        mprotect(page_it, page_size, PROT_READ);
++      }
++
+       pthread_mutex_unlock(&g_atfork_list_mutex);
+       return ENOMEM;
+     }
+@@ -174,11 +184,15 @@ extern "C" int __register_atfork(void (*prepare)(void), void (*parent)(void),
+     prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME, page, page_size,
+       "atfork handlers");
+ 
+-    for (char* it = page; it < page + page_size - sizeof(atfork_t); it += sizeof(atfork_t)) {
++    for (char* it = page + sizeof(atfork_t); it < page + page_size - sizeof(atfork_t); it += sizeof(atfork_t)) {
+       atfork_t* node = reinterpret_cast<atfork_t*>(it);
+       node->next = pool;
+       pool = node;
+     }
++
++    atfork_t* page_node = reinterpret_cast<atfork_t*>(page);
++    page_node->next = page_list;
++    page_list = page_node;
+   }
+ 
+   atfork_t* entry = pool;
+@@ -191,6 +205,10 @@ extern "C" int __register_atfork(void (*prepare)(void), void (*parent)(void),
+ 
+   g_atfork_list.push_back(entry);
+ 
++  for (atfork_t* page_it = page_list; page_it; page_it = page_it->next) {
++    mprotect(page_it, page_size, PROT_READ);
++  }
++
+   pthread_mutex_unlock(&g_atfork_list_mutex);
+ 
+   return 0;
+@@ -198,8 +216,20 @@ extern "C" int __register_atfork(void (*prepare)(void), void (*parent)(void),
+ 
+ extern "C" __LIBC_HIDDEN__ void __unregister_atfork(void* dso) {
+   pthread_mutex_lock(&g_atfork_list_mutex);
++
++  size_t page_size = getpagesize();
++
++  for (atfork_t* page_it = page_list; page_it; page_it = page_it->next) {
++    mprotect(page_it, page_size, PROT_READ|PROT_WRITE);
++  }
++
+   g_atfork_list.remove_if([&](const atfork_t* entry) {
+     return entry->dso_handle == dso;
+   });
++
++  for (atfork_t* page_it = page_list; page_it; page_it = page_it->next) {
++    mprotect(page_it, page_size, PROT_READ);
++  }
++
+   pthread_mutex_unlock(&g_atfork_list_mutex);
+ }
diff --git a/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-12.patch b/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-12.patch
new file mode 100644
index 00000000..c104f701
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-12.patch
@@ -0,0 +1,85 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Wed, 27 Jan 2016 18:02:15 -0500
+Subject: [PATCH] add XOR mangling mitigation for thread-local dtors
+
+Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
+---
+ libc/bionic/__cxa_thread_atexit_impl.cpp | 8 +++++---
+ libc/bionic/libc_init_common.cpp         | 2 ++
+ libc/private/bionic_globals.h            | 1 +
+ 3 files changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/libc/bionic/__cxa_thread_atexit_impl.cpp b/libc/bionic/__cxa_thread_atexit_impl.cpp
+index 99077c101..74608513e 100644
+--- a/libc/bionic/__cxa_thread_atexit_impl.cpp
++++ b/libc/bionic/__cxa_thread_atexit_impl.cpp
+@@ -13,15 +13,17 @@
+  * See the License for the specific language governing permissions and
+  * limitations under the License.
+  */
++#include <stdint.h>
+ #include <sys/cdefs.h>
+ 
+ #include <private/bionic_defs.h>
++#include <private/bionic_globals.h>
+ 
+ #include "pthread_internal.h"
+ 
+ class thread_local_dtor {
+  public:
+-  void (*func) (void *);
++  uintptr_t func;
+   void *arg;
+   void *dso_handle; // unused...
+   thread_local_dtor* next;
+@@ -35,7 +37,7 @@ __BIONIC_WEAK_FOR_NATIVE_BRIDGE
+ int __cxa_thread_atexit_impl(void (*func) (void *), void *arg, void *dso_handle) {
+   thread_local_dtor* dtor = new thread_local_dtor();
+ 
+-  dtor->func = func;
++  dtor->func = __libc_globals->dtor_cookie ^ reinterpret_cast<uintptr_t>(func);
+   dtor->arg = arg;
+   dtor->dso_handle = dso_handle;
+ 
+@@ -54,7 +56,7 @@ extern "C" __LIBC_HIDDEN__ void __cxa_thread_finalize() {
+     thread_local_dtor* current = thread->thread_local_dtors;
+     thread->thread_local_dtors = current->next;
+ 
+-    current->func(current->arg);
++    (reinterpret_cast<void (*)(void*)>(__libc_globals->dtor_cookie ^ current->func))(current->arg);
+     if (__loader_remove_thread_local_dtor != nullptr) {
+       __loader_remove_thread_local_dtor(current->dso_handle);
+     }
+diff --git a/libc/bionic/libc_init_common.cpp b/libc/bionic/libc_init_common.cpp
+index dd623a529..ddad1b8ad 100644
+--- a/libc/bionic/libc_init_common.cpp
++++ b/libc/bionic/libc_init_common.cpp
+@@ -45,6 +45,7 @@
+ #include <async_safe/log.h>
+ 
+ #include "private/WriteProtected.h"
++#include "private/bionic_arc4random.h"
+ #include "private/bionic_defs.h"
+ #include "private/bionic_globals.h"
+ #include "private/bionic_tls.h"
+@@ -69,6 +70,7 @@ void __libc_init_globals() {
+   __libc_globals.mutate([](libc_globals* globals) {
+     __libc_init_vdso(globals);
+     __libc_init_setjmp_cookie(globals);
++    arc4random_buf(&globals->dtor_cookie, sizeof(globals->dtor_cookie));
+   });
+ }
+ 
+diff --git a/libc/private/bionic_globals.h b/libc/private/bionic_globals.h
+index e105c18d9..ce05936b0 100644
+--- a/libc/private/bionic_globals.h
++++ b/libc/private/bionic_globals.h
+@@ -45,6 +45,7 @@
+ 
+ struct libc_globals {
+   vdso_entry vdso[VDSO_END];
++  long dtor_cookie;
+   long setjmp_cookie;
+   uintptr_t heap_pointer_tag;
+ 
diff --git a/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-13.patch b/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-13.patch
new file mode 100644
index 00000000..7cafd591
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-13.patch
@@ -0,0 +1,25 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Fri, 29 Jan 2016 20:20:09 -0500
+Subject: [PATCH] use a better pthread_attr junk filling pattern
+
+Guarantee that junk filled pointers will fault, at least on pure 64-bit.
+
+Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
+---
+ libc/bionic/pthread_attr.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libc/bionic/pthread_attr.cpp b/libc/bionic/pthread_attr.cpp
+index 89aa28966..08e237f9f 100644
+--- a/libc/bionic/pthread_attr.cpp
++++ b/libc/bionic/pthread_attr.cpp
+@@ -53,7 +53,7 @@ int pthread_attr_init(pthread_attr_t* attr) {
+ 
+ __BIONIC_WEAK_FOR_NATIVE_BRIDGE
+ int pthread_attr_destroy(pthread_attr_t* attr) {
+-  memset(attr, 0x42, sizeof(pthread_attr_t));
++  memset(attr, 0xdf, sizeof(pthread_attr_t));
+   return 0;
+ }
+ 
diff --git a/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-14.patch b/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-14.patch
new file mode 100644
index 00000000..64f93dfc
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-14.patch
@@ -0,0 +1,76 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Renlord <me@renlord.com>
+Date: Thu, 12 Sep 2019 14:51:51 +1000
+Subject: [PATCH] add guard page(s) between static_tls and stack
+
+Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
+---
+ libc/bionic/pthread_create.cpp | 29 +++++++++++++++++++----------
+ 1 file changed, 19 insertions(+), 10 deletions(-)
+
+diff --git a/libc/bionic/pthread_create.cpp b/libc/bionic/pthread_create.cpp
+index 121b26f82..31c553e25 100644
+--- a/libc/bionic/pthread_create.cpp
++++ b/libc/bionic/pthread_create.cpp
+@@ -201,9 +201,10 @@ int __init_thread(pthread_internal_t* thread) {
+ ThreadMapping __allocate_thread_mapping(size_t stack_size, size_t stack_guard_size) {
+   const StaticTlsLayout& layout = __libc_shared_globals()->static_tls_layout;
+ 
+-  // Allocate in order: stack guard, stack, static TLS, guard page.
++  // Allocate in order: stack guard, stack, guard page, static TLS, guard page.
+   size_t mmap_size;
+   if (__builtin_add_overflow(stack_size, stack_guard_size, &mmap_size)) return {};
++  if (__builtin_add_overflow(mmap_size, PTHREAD_GUARD_SIZE, &mmap_size)) return {};
+   if (__builtin_add_overflow(mmap_size, layout.size(), &mmap_size)) return {};
+   if (__builtin_add_overflow(mmap_size, PTHREAD_GUARD_SIZE, &mmap_size)) return {};
+ 
+@@ -212,8 +213,8 @@ ThreadMapping __allocate_thread_mapping(size_t stack_size, size_t stack_guard_si
+   mmap_size = __BIONIC_ALIGN(mmap_size, PAGE_SIZE);
+   if (mmap_size < unaligned_size) return {};
+ 
+-  // Create a new private anonymous map. Make the entire mapping PROT_NONE, then carve out a
+-  // read+write area in the middle.
++  // Create a new private anonymous map. Make the entire mapping PROT_NONE, then carve out
++  // read+write areas for the stack and static TLS
+   const int flags = MAP_PRIVATE | MAP_ANONYMOUS | MAP_NORESERVE;
+   char* const space = static_cast<char*>(mmap(nullptr, mmap_size, PROT_NONE, flags, -1, 0));
+   if (space == MAP_FAILED) {
+@@ -223,13 +224,21 @@ ThreadMapping __allocate_thread_mapping(size_t stack_size, size_t stack_guard_si
+                           mmap_size, strerror(errno));
+     return {};
+   }
+-  const size_t writable_size = mmap_size - stack_guard_size - PTHREAD_GUARD_SIZE;
+-  if (mprotect(space + stack_guard_size,
+-               writable_size,
+-               PROT_READ | PROT_WRITE) != 0) {
++
++  if (mprotect(space + stack_guard_size, stack_size, PROT_READ | PROT_WRITE) != 0) {
+     async_safe_format_log(ANDROID_LOG_WARN, "libc",
+                           "pthread_create failed: couldn't mprotect R+W %zu-byte thread mapping region: %s",
+-                          writable_size, strerror(errno));
++                          stack_size, strerror(errno));
++    munmap(space, mmap_size);
++    return {};
++  }
++
++  char* const static_tls_space = space + stack_guard_size + stack_size + PTHREAD_GUARD_SIZE;
++
++  if (mprotect(static_tls_space, layout.size(), PROT_READ | PROT_WRITE) != 0) {
++    async_safe_format_log(ANDROID_LOG_WARN, "libc",
++                          "pthread_create failed: couldn't mprotect R+W %zu-byte static TLS mapping region: %s",
++                          layout.size(), strerror(errno));
+     munmap(space, mmap_size);
+     return {};
+   }
+@@ -239,9 +248,9 @@ ThreadMapping __allocate_thread_mapping(size_t stack_size, size_t stack_guard_si
+   result.mmap_size = mmap_size;
+   result.mmap_base_unguarded = space + stack_guard_size;
+   result.mmap_size_unguarded = mmap_size - stack_guard_size - PTHREAD_GUARD_SIZE;
+-  result.static_tls = space + mmap_size - PTHREAD_GUARD_SIZE - layout.size();
++  result.static_tls = static_tls_space;
+   result.stack_base = space;
+-  result.stack_top = result.static_tls;
++  result.stack_top = space + stack_guard_size + stack_size;
+   return result;
+ }
+ 
diff --git a/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-15.patch b/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-15.patch
new file mode 100644
index 00000000..58fbf942
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-15.patch
@@ -0,0 +1,58 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Thu, 10 Oct 2019 22:52:49 -0400
+Subject: [PATCH] move pthread_internal_t behind guard page
+
+Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
+---
+ libc/bionic/pthread_create.cpp | 19 +++++++++----------
+ 1 file changed, 9 insertions(+), 10 deletions(-)
+
+diff --git a/libc/bionic/pthread_create.cpp b/libc/bionic/pthread_create.cpp
+index 31c553e25..627fbb25b 100644
+--- a/libc/bionic/pthread_create.cpp
++++ b/libc/bionic/pthread_create.cpp
+@@ -201,10 +201,13 @@ int __init_thread(pthread_internal_t* thread) {
+ ThreadMapping __allocate_thread_mapping(size_t stack_size, size_t stack_guard_size) {
+   const StaticTlsLayout& layout = __libc_shared_globals()->static_tls_layout;
+ 
+-  // Allocate in order: stack guard, stack, guard page, static TLS, guard page.
++  size_t thread_page_size = __BIONIC_ALIGN(sizeof(pthread_internal_t), PAGE_SIZE);
++
++  // Allocate in order: stack guard, stack, guard page, pthread_internal_t, static TLS, guard page.
+   size_t mmap_size;
+   if (__builtin_add_overflow(stack_size, stack_guard_size, &mmap_size)) return {};
+   if (__builtin_add_overflow(mmap_size, PTHREAD_GUARD_SIZE, &mmap_size)) return {};
++  if (__builtin_add_overflow(mmap_size, thread_page_size, &mmap_size)) return {};
+   if (__builtin_add_overflow(mmap_size, layout.size(), &mmap_size)) return {};
+   if (__builtin_add_overflow(mmap_size, PTHREAD_GUARD_SIZE, &mmap_size)) return {};
+ 
+@@ -233,9 +236,10 @@ ThreadMapping __allocate_thread_mapping(size_t stack_size, size_t stack_guard_si
+     return {};
+   }
+ 
+-  char* const static_tls_space = space + stack_guard_size + stack_size + PTHREAD_GUARD_SIZE;
++  char* const thread = space + stack_guard_size + stack_size + PTHREAD_GUARD_SIZE;
++  char* const static_tls_space = thread + thread_page_size;
+ 
+-  if (mprotect(static_tls_space, layout.size(), PROT_READ | PROT_WRITE) != 0) {
++  if (mprotect(thread, thread_page_size + layout.size(), PROT_READ | PROT_WRITE) != 0) {
+     async_safe_format_log(ANDROID_LOG_WARN, "libc",
+                           "pthread_create failed: couldn't mprotect R+W %zu-byte static TLS mapping region: %s",
+                           layout.size(), strerror(errno));
+@@ -280,13 +284,8 @@ static int __allocate_thread(pthread_attr_t* attr, bionic_tcb** tcbp, void** chi
+     stack_top = static_cast<char*>(attr->stack_base) + attr->stack_size;
+   }
+ 
+-  // Carve out space from the stack for the thread's pthread_internal_t. This
+-  // memory isn't counted in pthread_attr_getstacksize.
+-
+-  // To safely access the pthread_internal_t and thread stack, we need to find a 16-byte aligned boundary.
+-  stack_top = align_down(stack_top - sizeof(pthread_internal_t), 16);
+-
+-  pthread_internal_t* thread = reinterpret_cast<pthread_internal_t*>(stack_top);
++  pthread_internal_t* thread = reinterpret_cast<pthread_internal_t*>(
++      mapping.static_tls - __BIONIC_ALIGN(sizeof(pthread_internal_t), PAGE_SIZE));
+   if (!stack_clean) {
+     // If thread was not allocated by mmap(), it may not have been cleared to zero.
+     // So assume the worst and zero it.
diff --git a/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-16.patch b/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-16.patch
new file mode 100644
index 00000000..37e10f56
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-16.patch
@@ -0,0 +1,98 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Renlord <me@renlord.com>
+Date: Sun, 20 Oct 2019 08:17:11 +1100
+Subject: [PATCH] add secondary stack randomization
+
+Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
+---
+ libc/bionic/pthread_create.cpp | 32 +++++++++++++++++++++++++++-----
+ libc/include/sys/cdefs.h       |  1 +
+ 2 files changed, 28 insertions(+), 5 deletions(-)
+
+diff --git a/libc/bionic/pthread_create.cpp b/libc/bionic/pthread_create.cpp
+index 627fbb25b..1dc32be32 100644
+--- a/libc/bionic/pthread_create.cpp
++++ b/libc/bionic/pthread_create.cpp
+@@ -29,6 +29,7 @@
+ #include <pthread.h>
+ 
+ #include <errno.h>
++#include <stdlib.h>
+ #include <string.h>
+ #include <sys/auxv.h>
+ #include <sys/mman.h>
+@@ -201,12 +202,24 @@ int __init_thread(pthread_internal_t* thread) {
+ ThreadMapping __allocate_thread_mapping(size_t stack_size, size_t stack_guard_size) {
+   const StaticTlsLayout& layout = __libc_shared_globals()->static_tls_layout;
+ 
++  // round up if the given stack size is not in multiples of PAGE_SIZE
++  stack_size = __BIONIC_ALIGN(stack_size, PAGE_SIZE);
+   size_t thread_page_size = __BIONIC_ALIGN(sizeof(pthread_internal_t), PAGE_SIZE);
+ 
+-  // Allocate in order: stack guard, stack, guard page, pthread_internal_t, static TLS, guard page.
++  // Place a randomly sized gap above the stack, up to 10% as large as the stack
++  // on 32-bit and 50% on 64-bit where virtual memory is plentiful.
++#if __LP64__
++  size_t max_gap_size = stack_size / 2;
++#else
++  size_t max_gap_size = stack_size / 10;
++#endif
++  // Make sure random stack top guard size are multiples of PAGE_SIZE.
++  size_t gap_size = __BIONIC_ALIGN(arc4random_uniform(max_gap_size), PAGE_SIZE);
++
++  // Allocate in order: stack guard, stack, (random) guard page(s), pthread_internal_t, static TLS, guard page.
+   size_t mmap_size;
+   if (__builtin_add_overflow(stack_size, stack_guard_size, &mmap_size)) return {};
+-  if (__builtin_add_overflow(mmap_size, PTHREAD_GUARD_SIZE, &mmap_size)) return {};
++  if (__builtin_add_overflow(mmap_size, gap_size, &mmap_size)) return {};
+   if (__builtin_add_overflow(mmap_size, thread_page_size, &mmap_size)) return {};
+   if (__builtin_add_overflow(mmap_size, layout.size(), &mmap_size)) return {};
+   if (__builtin_add_overflow(mmap_size, PTHREAD_GUARD_SIZE, &mmap_size)) return {};
+@@ -228,15 +241,21 @@ ThreadMapping __allocate_thread_mapping(size_t stack_size, size_t stack_guard_si
+     return {};
+   }
+ 
+-  if (mprotect(space + stack_guard_size, stack_size, PROT_READ | PROT_WRITE) != 0) {
++  // Stack is at the lower end of mapped space, stack guard region is at the lower end of stack.
++  // Make the usable portion of the stack between the guard region and random gap readable and
++  // writable.
++  if (mprotect((space + stack_guard_size), stack_size, PROT_READ | PROT_WRITE) == -1) {
+     async_safe_format_log(ANDROID_LOG_WARN, "libc",
+                           "pthread_create failed: couldn't mprotect R+W %zu-byte thread mapping region: %s",
+                           stack_size, strerror(errno));
+     munmap(space, mmap_size);
+     return {};
+   }
++  prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME, space, stack_guard_size, "stack guard");
++  char* const stack_top_guard = space + stack_guard_size + stack_size;
++  prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME, stack_top_guard, gap_size, "stack top guard");
+ 
+-  char* const thread = space + stack_guard_size + stack_size + PTHREAD_GUARD_SIZE;
++  char* const thread = space + stack_guard_size + stack_size + gap_size;
+   char* const static_tls_space = thread + thread_page_size;
+ 
+   if (mprotect(thread, thread_page_size + layout.size(), PROT_READ | PROT_WRITE) != 0) {
+@@ -254,7 +273,10 @@ ThreadMapping __allocate_thread_mapping(size_t stack_size, size_t stack_guard_si
+   result.mmap_size_unguarded = mmap_size - stack_guard_size - PTHREAD_GUARD_SIZE;
+   result.static_tls = static_tls_space;
+   result.stack_base = space;
+-  result.stack_top = space + stack_guard_size + stack_size;
++  // Choose a random base within the first page of the stack. Waste no more
++  // than the space originally wasted by pthread_internal_t for compatibility.
++  result.stack_top = space + stack_guard_size + stack_size - arc4random_uniform(sizeof(pthread_internal_t));
++  result.stack_top = reinterpret_cast<char*>(__BIONIC_ALIGN_DOWN(reinterpret_cast<size_t>(result.stack_top), 16));
+   return result;
+ }
+ 
+diff --git a/libc/include/sys/cdefs.h b/libc/include/sys/cdefs.h
+index 2556d1183..1863bb70f 100644
+--- a/libc/include/sys/cdefs.h
++++ b/libc/include/sys/cdefs.h
+@@ -61,6 +61,7 @@
+ #endif
+ 
+ #define __BIONIC_ALIGN(__value, __alignment) (((__value) + (__alignment)-1) & ~((__alignment)-1))
++#define __BIONIC_ALIGN_DOWN(value, alignment) ((value) & ~((alignment) - 1))
+ 
+ /*
+  * The __CONCAT macro is used to concatenate parts of symbol names, e.g.
diff --git a/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-2.patch b/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-2.patch
new file mode 100644
index 00000000..5cb8b39d
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-2.patch
@@ -0,0 +1,76 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Sun, 8 Feb 2015 01:18:54 -0500
+Subject: [PATCH] replace brk and sbrk with stubs
+
+Pretend that there is never room to grow the heap in order to prevent
+usage of these unsafe legacy functions. There are likely no users of
+these in practice as it is inherently broken to use them outside of
+malloc.
+
+Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
+---
+ libc/bionic/brk.cpp | 48 ++++++++-------------------------------------
+ 1 file changed, 8 insertions(+), 40 deletions(-)
+
+diff --git a/libc/bionic/brk.cpp b/libc/bionic/brk.cpp
+index 566c33a7a..ef9305513 100644
+--- a/libc/bionic/brk.cpp
++++ b/libc/bionic/brk.cpp
+@@ -29,48 +29,16 @@
+ #include <errno.h>
+ #include <unistd.h>
+ 
+-#if defined(__LP64__)
+-static void* __bionic_brk;
+-#else
+-void* __bionic_brk; // Accidentally exported by the NDK.
++#if !defined(__LP64__)
++void* __bionic_brk = reinterpret_cast<void*>(-1); // Accidentally exported by the NDK.
+ #endif
+ 
+-extern "C" void* __brk(void* __addr);
+-
+-int brk(void* end_data) {
+-  __bionic_brk = __brk(end_data);
+-  if (__bionic_brk < end_data) {
+-    errno = ENOMEM;
+-    return -1;
+-  }
+-  return 0;
++int brk(void*) {
++  errno = ENOMEM;
++  return -1;
+ }
+ 
+-void* sbrk(ptrdiff_t increment) {
+-  // Initialize __bionic_brk if necessary.
+-  if (__bionic_brk == nullptr) {
+-    __bionic_brk = __brk(nullptr);
+-  }
+-
+-  // Don't ask the kernel if we already know the answer.
+-  if (increment == 0) {
+-    return __bionic_brk;
+-  }
+-
+-  // Avoid overflow.
+-  uintptr_t old_brk = reinterpret_cast<uintptr_t>(__bionic_brk);
+-  if ((increment > 0 && static_cast<uintptr_t>(increment) > (UINTPTR_MAX - old_brk)) ||
+-      (increment < 0 && static_cast<uintptr_t>(-increment) > old_brk)) {
+-    errno = ENOMEM;
+-    return reinterpret_cast<void*>(-1);
+-  }
+-
+-  void* desired_brk = reinterpret_cast<void*>(old_brk + increment);
+-  __bionic_brk = __brk(desired_brk);
+-  if (__bionic_brk < desired_brk) {
+-    errno = ENOMEM;
+-    return reinterpret_cast<void*>(-1);
+-  }
+-
+-  return reinterpret_cast<void*>(old_brk);
++void* sbrk(ptrdiff_t) {
++  errno = ENOMEM;
++  return reinterpret_cast<void*>(-1);
+ }
diff --git a/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-3.patch b/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-3.patch
new file mode 100644
index 00000000..303c4566
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-3.patch
@@ -0,0 +1,57 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Mon, 4 Mar 2019 04:26:04 -0500
+Subject: [PATCH] use blocking getrandom and avoid urandom fallback
+
+Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
+---
+ libc/bionic/getentropy.cpp | 28 +++-------------------------
+ 1 file changed, 3 insertions(+), 25 deletions(-)
+
+diff --git a/libc/bionic/getentropy.cpp b/libc/bionic/getentropy.cpp
+index 9c93e713b..c9438ad2b 100644
+--- a/libc/bionic/getentropy.cpp
++++ b/libc/bionic/getentropy.cpp
+@@ -33,22 +33,6 @@
+ 
+ #include "private/ScopedFd.h"
+ 
+-static int getentropy_urandom(void* buffer, size_t buffer_size, int saved_errno) {
+-  ScopedFd fd(TEMP_FAILURE_RETRY(open("/dev/urandom", O_RDONLY | O_NOFOLLOW | O_CLOEXEC, 0)));
+-  if (fd.get() == -1) return -1;
+-
+-  size_t collected = 0;
+-  while (collected < buffer_size) {
+-    ssize_t count = TEMP_FAILURE_RETRY(read(fd.get(), static_cast<char*>(buffer) + collected,
+-                                            buffer_size - collected));
+-    if (count == -1) return -1;
+-    collected += count;
+-  }
+-
+-  errno = saved_errno;
+-  return 0;
+-}
+-
+ int getentropy(void* buffer, size_t buffer_size) {
+   if (buffer_size > 256) {
+     errno = EIO;
+@@ -59,16 +43,10 @@ int getentropy(void* buffer, size_t buffer_size) {
+ 
+   size_t collected = 0;
+   while (collected < buffer_size) {
+-    long count = TEMP_FAILURE_RETRY(getrandom(static_cast<char*>(buffer) + collected,
+-                                              buffer_size - collected, GRND_NONBLOCK));
++    long count = TEMP_FAILURE_RETRY(
++        getrandom(static_cast<char*>(buffer) + collected, buffer_size - collected, 0));
+     if (count == -1) {
+-      // EAGAIN: there isn't enough entropy right now.
+-      // ENOSYS/EINVAL: getrandom(2) or GRND_NONBLOCK isn't supported.
+-      // EFAULT: `buffer` is invalid.
+-      // Try /dev/urandom regardless because it can't hurt,
+-      // and we don't need to optimize the EFAULT case.
+-      // See http://b/33059407 and http://b/67015565.
+-      return getentropy_urandom(buffer, buffer_size, saved_errno);
++      return -1;
+     }
+     collected += count;
+   }
diff --git a/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-4.patch b/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-4.patch
new file mode 100644
index 00000000..85560f79
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-4.patch
@@ -0,0 +1,26 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Mon, 19 Sep 2016 07:57:43 -0400
+Subject: [PATCH] fix undefined out-of-bounds accesses in sched.h
+
+Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
+---
+ libc/include/sched.h | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/libc/include/sched.h b/libc/include/sched.h
+index 3260231cf..00c2a4a45 100644
+--- a/libc/include/sched.h
++++ b/libc/include/sched.h
+@@ -70,7 +70,10 @@ int setns(int __fd, int __ns_type) __INTRODUCED_IN(21);
+ #define __CPU_MASK(x)  ((__CPU_BITTYPE)1 << ((x) & (__CPU_BITS - 1)))
+ 
+ typedef struct {
+-  __CPU_BITTYPE  __bits[ CPU_SETSIZE / __CPU_BITS ];
++  union {
++    __CPU_BITTYPE  __bits_minimum[ CPU_SETSIZE / __CPU_BITS ];
++    __CPU_BITTYPE  __bits[0];
++  };
+ } cpu_set_t;
+ 
+ int sched_setaffinity(pid_t __pid, size_t __set_size, const cpu_set_t* __set);
diff --git a/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-5.patch b/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-5.patch
new file mode 100644
index 00000000..42308ae1
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-5.patch
@@ -0,0 +1,47 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Sat, 19 Nov 2016 09:56:14 -0500
+Subject: [PATCH] stop implicitly marking mappings as mergeable
+
+Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
+---
+ libc/bionic/mmap.cpp | 19 +------------------
+ 1 file changed, 1 insertion(+), 18 deletions(-)
+
+diff --git a/libc/bionic/mmap.cpp b/libc/bionic/mmap.cpp
+index 9aad0b315..6bf0ecfd1 100644
+--- a/libc/bionic/mmap.cpp
++++ b/libc/bionic/mmap.cpp
+@@ -39,8 +39,6 @@ extern "C" void*  __mmap2(void*, size_t, int, int, int, size_t);
+ 
+ #define MMAP2_SHIFT 12 // 2**12 == 4096
+ 
+-static bool kernel_has_MADV_MERGEABLE = true;
+-
+ void* mmap64(void* addr, size_t size, int prot, int flags, int fd, off64_t offset) {
+   if (offset < 0 || (offset & ((1UL << MMAP2_SHIFT)-1)) != 0) {
+     errno = EINVAL;
+@@ -54,22 +52,7 @@ void* mmap64(void* addr, size_t size, int prot, int flags, int fd, off64_t offse
+     return MAP_FAILED;
+   }
+ 
+-  bool is_private_anonymous =
+-      (flags & (MAP_PRIVATE | MAP_ANONYMOUS)) == (MAP_PRIVATE | MAP_ANONYMOUS);
+-  bool is_stack_or_grows_down = (flags & (MAP_STACK | MAP_GROWSDOWN)) != 0;
+-
+-  void* result = __mmap2(addr, size, prot, flags, fd, offset >> MMAP2_SHIFT);
+-
+-  if (result != MAP_FAILED && kernel_has_MADV_MERGEABLE &&
+-      is_private_anonymous && !is_stack_or_grows_down) {
+-    ErrnoRestorer errno_restorer;
+-    int rc = madvise(result, size, MADV_MERGEABLE);
+-    if (rc == -1 && errno == EINVAL) {
+-      kernel_has_MADV_MERGEABLE = false;
+-    }
+-  }
+-
+-  return result;
++  return __mmap2(addr, size, prot, flags, fd, offset >> MMAP2_SHIFT);
+ }
+ 
+ void* mmap(void* addr, size_t size, int prot, int flags, int fd, off_t offset) {
diff --git a/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-6.patch b/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-6.patch
new file mode 100644
index 00000000..32c6781e
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-6.patch
@@ -0,0 +1,40 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Sat, 16 Jul 2016 23:55:16 -0400
+Subject: [PATCH] replace VLA formatting with dprintf-like function
+
+Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
+---
+ libc/bionic/bionic_systrace.cpp | 10 +---------
+ 1 file changed, 1 insertion(+), 9 deletions(-)
+
+diff --git a/libc/bionic/bionic_systrace.cpp b/libc/bionic/bionic_systrace.cpp
+index fd9771298..acd9b7681 100644
+--- a/libc/bionic/bionic_systrace.cpp
++++ b/libc/bionic/bionic_systrace.cpp
+@@ -27,8 +27,6 @@
+ #include <async_safe/log.h>
+ #include <cutils/trace.h> // For ATRACE_TAG_BIONIC.
+ 
+-#define WRITE_OFFSET   32
+-
+ static Lock g_lock;
+ static CachedProperty g_debug_atrace_tags_enableflags("debug.atrace.tags.enableflags");
+ static uint64_t g_tags;
+@@ -65,15 +63,9 @@ void bionic_trace_begin(const char* message) {
+     return;
+   }
+ 
+-  // If bionic tracing has been enabled, then write the message to the
+-  // kernel trace_marker.
+-  int length = strlen(message);
+-  char buf[length + WRITE_OFFSET];
+-  size_t len = async_safe_format_buffer(buf, length + WRITE_OFFSET, "B|%d|%s", getpid(), message);
+-
+   // Tracing may stop just after checking property and before writing the message.
+   // So the write is acceptable to fail. See b/20666100.
+-  TEMP_FAILURE_RETRY(write(trace_marker_fd, buf, len));
++  async_safe_format_fd(trace_marker_fd, "B|%d|%s", getpid(), message);
+ }
+ 
+ void bionic_trace_end() {
diff --git a/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-7.patch b/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-7.patch
new file mode 100644
index 00000000..79db2741
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-7.patch
@@ -0,0 +1,26 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Fri, 17 Jul 2015 21:32:05 -0400
+Subject: [PATCH] increase default pthread stack to 8MiB on 64-bit
+
+Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
+---
+ libc/bionic/pthread_internal.h | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/libc/bionic/pthread_internal.h b/libc/bionic/pthread_internal.h
+index 071a5bcb3..ab71e2a17 100644
+--- a/libc/bionic/pthread_internal.h
++++ b/libc/bionic/pthread_internal.h
+@@ -238,7 +238,11 @@ __LIBC_HIDDEN__ void pthread_key_clean_all(void);
+ // stack overflows, we subtracted the same amount we were using there
+ // from the default thread stack size. This should keep memory usage
+ // roughly constant.
++#ifdef __LP64__
++#define PTHREAD_STACK_SIZE_DEFAULT ((8 * 1024 * 1024) - SIGNAL_STACK_SIZE_WITHOUT_GUARD)
++#else
+ #define PTHREAD_STACK_SIZE_DEFAULT ((1 * 1024 * 1024) - SIGNAL_STACK_SIZE_WITHOUT_GUARD)
++#endif
+ 
+ // Leave room for a guard page in the internally created signal stacks.
+ #define SIGNAL_STACK_SIZE (SIGNAL_STACK_SIZE_WITHOUT_GUARD + PTHREAD_GUARD_SIZE)
diff --git a/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-8.patch b/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-8.patch
new file mode 100644
index 00000000..8f53f0f5
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-8.patch
@@ -0,0 +1,59 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Sat, 1 Oct 2016 05:11:44 -0400
+Subject: [PATCH] make __stack_chk_guard read-only at runtime
+
+Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
+---
+ libc/bionic/__libc_init_main_thread.cpp | 15 ++++++++++++---
+ 1 file changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/libc/bionic/__libc_init_main_thread.cpp b/libc/bionic/__libc_init_main_thread.cpp
+index 95f46e9fa..7e1e7cbcb 100644
+--- a/libc/bionic/__libc_init_main_thread.cpp
++++ b/libc/bionic/__libc_init_main_thread.cpp
+@@ -28,6 +28,9 @@
+ 
+ #include "libc_init_common.h"
+ 
++#include <limits.h>
++#include <sys/mman.h>
++
+ #include <async_safe/log.h>
+ 
+ #include "private/KernelArgumentBlock.h"
+@@ -35,14 +38,14 @@
+ #include "private/bionic_defs.h"
+ #include "private/bionic_elf_tls.h"
+ #include "private/bionic_globals.h"
+-#include "private/bionic_ssp.h"
+ #include "pthread_internal.h"
+ 
+ extern "C" pid_t __getpid();
+ extern "C" int __set_tid_address(int* tid_address);
+ 
+ // Declared in "private/bionic_ssp.h".
+-uintptr_t __stack_chk_guard = 0;
++__attribute__((aligned(PAGE_SIZE)))
++uintptr_t __stack_chk_guard[PAGE_SIZE / sizeof(uintptr_t)] = {0};
+ 
+ static pthread_internal_t main_thread;
+ 
+@@ -107,10 +110,16 @@ void __init_tcb_dtv(bionic_tcb* tcb) {
+ // Note in particular that it is not possible to return from any existing
+ // stack frame with stack protector enabled after this function is called.
+ extern "C" void android_reset_stack_guards() {
++  if (mprotect(__stack_chk_guard, sizeof(__stack_chk_guard), PROT_READ|PROT_WRITE) == -1) {
++    async_safe_fatal("mprotect __stack_chk_guard: %s", strerror(errno));
++  }
+   // The TLS stack guard is set from the global, so ensure that we've initialized the global
+   // before we initialize the TLS. Dynamic executables will initialize their copy of the global
+   // stack protector from the one in the main thread's TLS.
+-  __libc_safe_arc4random_buf(&__stack_chk_guard, sizeof(__stack_chk_guard));
++  __libc_safe_arc4random_buf(&__stack_chk_guard[0], sizeof(__stack_chk_guard[0]));
++  if (mprotect(__stack_chk_guard, sizeof(__stack_chk_guard), PROT_READ) == -1) {
++    async_safe_fatal("mprotect __stack_chk_guard: %s", strerror(errno));
++  }
+   __init_tcb_stack_guard(__get_bionic_tcb());
+ }
+ 
diff --git a/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-9.patch b/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-9.patch
new file mode 100644
index 00000000..df49e4bd
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_bionic/0002-Graphene_Bionic_Hardening-9.patch
@@ -0,0 +1,41 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Sun, 12 Mar 2017 17:49:13 -0400
+Subject: [PATCH] on 64-bit, zero the leading stack canary byte
+
+This reduces entropy of the canary from 64-bit to 56-bit in exchange for
+mitigating non-terminated C string overflows.
+
+Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
+---
+ libc/bionic/__libc_init_main_thread.cpp | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/libc/bionic/__libc_init_main_thread.cpp b/libc/bionic/__libc_init_main_thread.cpp
+index 7e1e7cbcb..5bdf61d2c 100644
+--- a/libc/bionic/__libc_init_main_thread.cpp
++++ b/libc/bionic/__libc_init_main_thread.cpp
+@@ -49,6 +49,12 @@ uintptr_t __stack_chk_guard[PAGE_SIZE / sizeof(uintptr_t)] = {0};
+ 
+ static pthread_internal_t main_thread;
+ 
++#if __LP64__
++static const uintptr_t canary_mask = __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ ?
++  0xffffffffffffff00UL :
++  0x00ffffffffffffffUL;
++#endif
++
+ // Setup for the main thread. For dynamic executables, this is called by the
+ // linker _before_ libc is mapped in memory. This means that all writes to
+ // globals from this function will apply to linker-private copies and will not
+@@ -117,6 +123,10 @@ extern "C" void android_reset_stack_guards() {
+   // before we initialize the TLS. Dynamic executables will initialize their copy of the global
+   // stack protector from the one in the main thread's TLS.
+   __libc_safe_arc4random_buf(&__stack_chk_guard[0], sizeof(__stack_chk_guard[0]));
++#if __LP64__
++  // Sacrifice 8 bits of entropy on 64-bit to mitigate non-terminated C string overflows
++  __stack_chk_guard[0] &= canary_mask;
++#endif
+   if (mprotect(__stack_chk_guard, sizeof(__stack_chk_guard), PROT_READ) == -1) {
+     async_safe_fatal("mprotect __stack_chk_guard: %s", strerror(errno));
+   }
diff --git a/Patches/LineageOS-19.1/android_bootable_recovery/0001-No_SerialNum_Restrictions.patch b/Patches/LineageOS-19.1/android_bootable_recovery/0001-No_SerialNum_Restrictions.patch
new file mode 100644
index 00000000..c2e7b71a
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_bootable_recovery/0001-No_SerialNum_Restrictions.patch
@@ -0,0 +1,38 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Wed, 19 Aug 2020 09:31:04 -0400
+Subject: [PATCH] reject updates with serialno constraints
+
+---
+ install/install.cpp | 16 ++--------------
+ 1 file changed, 2 insertions(+), 14 deletions(-)
+
+diff --git a/install/install.cpp b/install/install.cpp
+index d4f069d8..374f0cdc 100644
+--- a/install/install.cpp
++++ b/install/install.cpp
+@@ -221,22 +221,10 @@ bool CheckPackageMetadata(const std::map<std::string, std::string>& metadata, Ot
+     return false;
+   }
+ 
+-  // We allow the package to not have any serialno; and we also allow it to carry multiple serial
+-  // numbers split by "|"; e.g. serialno=serialno1|serialno2|serialno3 ... We will fail the
+-  // verification if the device's serialno doesn't match any of these carried numbers.
+   auto pkg_serial_no = get_value(metadata, "serialno");
+   if (!pkg_serial_no.empty()) {
+-    auto device_serial_no = android::base::GetProperty("ro.serialno", "");
+-    bool serial_number_match = false;
+-    for (const auto& number : android::base::Split(pkg_serial_no, "|")) {
+-      if (device_serial_no == android::base::Trim(number)) {
+-        serial_number_match = true;
+-      }
+-    }
+-    if (!serial_number_match) {
+-      LOG(ERROR) << "Package is for serial " << pkg_serial_no;
+-      return false;
+-    }
++    LOG(ERROR) << "Serial number constraint not permitted: " << pkg_serial_no;
++    return INSTALL_ERROR;
+   }
+ 
+   if (ota_type == OtaType::AB) {
diff --git a/Patches/LineageOS-19.1/android_build/0001-Enable_fwrapv.patch b/Patches/LineageOS-19.1/android_build/0001-Enable_fwrapv.patch
new file mode 100644
index 00000000..20417c01
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_build/0001-Enable_fwrapv.patch
@@ -0,0 +1,24 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Tue, 13 Sep 2016 22:05:56 -0400
+Subject: [PATCH] use -fwrapv when signed overflow checking is off
+
+Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
+---
+ core/config_sanitizers.mk | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/core/config_sanitizers.mk b/core/config_sanitizers.mk
+index 46f7f2477b..017aa23822 100644
+--- a/core/config_sanitizers.mk
++++ b/core/config_sanitizers.mk
+@@ -508,3 +508,9 @@ ifneq ($(findstring fsanitize,$(my_cflags)),)
+     endif
+   endif
+ endif
++
++ifeq ($(filter signed-integer-overflow integer undefined,$(my_sanitize)),)
++  ifeq ($(filter -ftrapv,$(my_cflags)),)
++    my_cflags += -fwrapv
++  endif
++endif
diff --git a/Patches/LineageOS-19.1/android_build/0002-OTA_Keys.patch b/Patches/LineageOS-19.1/android_build/0002-OTA_Keys.patch
new file mode 100644
index 00000000..c09d7f7e
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_build/0002-OTA_Keys.patch
@@ -0,0 +1,69 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Tad <tad@spotco.us>
+Date: Tue, 6 Apr 2021 05:04:32 -0400
+Subject: [PATCH] Allow setting OTA public keys from environment variable
+
+Change-Id: Ib2a00de63b0c7a8790640462d13a84daf2076fa7
+---
+ core/product_config.mk             |  5 +++++
+ target/product/security/Android.mk | 21 +++++++++++++++++----
+ 2 files changed, 22 insertions(+), 4 deletions(-)
+
+diff --git a/core/product_config.mk b/core/product_config.mk
+index 4b4ba3ccb8..dac79d1ff7 100644
+--- a/core/product_config.mk
++++ b/core/product_config.mk
+@@ -314,6 +314,11 @@ ENFORCE_SYSTEM_CERTIFICATE_ALLOW_LIST := $(PRODUCT_ARTIFACT_SYSTEM_CERTIFICATE_R
+ PRODUCT_OTA_PUBLIC_KEYS := $(sort $(PRODUCT_OTA_PUBLIC_KEYS))
+ PRODUCT_EXTRA_RECOVERY_KEYS := $(sort $(PRODUCT_EXTRA_RECOVERY_KEYS))
+ 
++ifneq ($(OTA_KEY_OVERRIDE_DIR),)
++    PRODUCT_OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem
++    PRODUCT_EXTRA_RECOVERY_KEYS := $(OTA_KEY_OVERRIDE_DIR)/extra
++endif
++
+ # Resolve and setup per-module dex-preopt configs.
+ DEXPREOPT_DISABLED_MODULES :=
+ # If a module has multiple setups, the first takes precedence.
+diff --git a/target/product/security/Android.mk b/target/product/security/Android.mk
+index cedad5b490..7eea027506 100644
+--- a/target/product/security/Android.mk
++++ b/target/product/security/Android.mk
+@@ -63,8 +63,15 @@ LOCAL_MODULE_CLASS := ETC
+ LOCAL_MODULE_STEM := otacerts.zip
+ LOCAL_MODULE_PATH := $(TARGET_OUT_ETC)/security
+ include $(BUILD_SYSTEM)/base_rules.mk
+-$(LOCAL_BUILT_MODULE): PRIVATE_CERT := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem
+-$(LOCAL_BUILT_MODULE): $(SOONG_ZIP) $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem
++
++OTA_PUBLIC_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem
++
++ifneq ($(OTA_KEY_OVERRIDE_DIR),)
++    OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem
++endif
++
++$(LOCAL_BUILT_MODULE): PRIVATE_CERT := $(OTA_PUBLIC_KEYS)
++$(LOCAL_BUILT_MODULE): $(SOONG_ZIP) $(OTA_PUBLIC_KEYS)
+ 	$(SOONG_ZIP) -o $@ -j -symlinks=false -f $(PRIVATE_CERT)
+ 
+ 
+@@ -82,11 +89,17 @@ include $(BUILD_SYSTEM)/base_rules.mk
+ 
+ extra_recovery_keys := $(patsubst %,%.x509.pem,$(PRODUCT_EXTRA_RECOVERY_KEYS))
+ 
+-$(LOCAL_BUILT_MODULE): PRIVATE_CERT := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem
+++OTA_PUBLIC_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem
+++
++ifneq ($(OTA_KEY_OVERRIDE_DIR),)
++    OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem
++endif
++
++$(LOCAL_BUILT_MODULE): PRIVATE_CERT := $(OTA_PUBLIC_KEYS)
+ $(LOCAL_BUILT_MODULE): PRIVATE_EXTRA_RECOVERY_KEYS := $(extra_recovery_keys)
+ $(LOCAL_BUILT_MODULE): \
+ 	    $(SOONG_ZIP) \
+-	    $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem \
++	    $(OTA_PUBLIC_KEYS) \
+ 	    $(extra_recovery_keys)
+ 	$(SOONG_ZIP) -o $@ -j -symlinks=false \
+ 	    $(foreach key_file, $(PRIVATE_CERT) $(PRIVATE_EXTRA_RECOVERY_KEYS), -f $(key_file))
diff --git a/Patches/LineageOS-19.1/android_build/0003-Exec_Based_Spawning.patch b/Patches/LineageOS-19.1/android_build/0003-Exec_Based_Spawning.patch
new file mode 100644
index 00000000..d69dc1c8
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_build/0003-Exec_Based_Spawning.patch
@@ -0,0 +1,28 @@
+From 8e01dd93f29aba79e15a211084582afd9681e8ab Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Thu, 17 Sep 2020 10:53:00 -0400
+Subject: [PATCH] disable enforce RRO for mainline devices
+
+This is currently incompatible with exec-based spawning. This also
+impacts the wrapper spawning model for the stock OS which is available
+by default, making it an upstream bug rather than a missing feature for
+exec-based spawning in GrapheneOS.
+
+Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
+---
+ target/product/generic_system.mk | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/target/product/generic_system.mk b/target/product/generic_system.mk
+index d930957dfb..f0a9400b86 100644
+--- a/target/product/generic_system.mk
++++ b/target/product/generic_system.mk
+@@ -113,7 +113,7 @@ PRODUCT_COPY_FILES += \
+ # Enable dynamic partition size
+ PRODUCT_USE_DYNAMIC_PARTITION_SIZE := true
+ 
+-PRODUCT_ENFORCE_RRO_TARGETS := *
++#PRODUCT_ENFORCE_RRO_TARGETS := *
+ 
+ PRODUCT_NAME := generic_system
+ PRODUCT_BRAND := generic
diff --git a/Patches/LineageOS-19.1/android_build_soong/0001-Enable_fwrapv.patch b/Patches/LineageOS-19.1/android_build_soong/0001-Enable_fwrapv.patch
new file mode 100644
index 00000000..1820db5f
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_build_soong/0001-Enable_fwrapv.patch
@@ -0,0 +1,50 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Wed, 23 Aug 2017 20:28:03 -0400
+Subject: [PATCH] use -fwrapv when signed overflow checking is off
+
+Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
+---
+ cc/cc.go       |  2 ++
+ cc/sanitize.go | 12 ++++++++++++
+ 2 files changed, 14 insertions(+)
+
+diff --git a/cc/cc.go b/cc/cc.go
+index 619acf96b..02ec906a0 100644
+--- a/cc/cc.go
++++ b/cc/cc.go
+@@ -1710,6 +1710,8 @@ func (c *Module) GenerateAndroidBuildActions(actx android.ModuleContext) {
+ 	}
+ 	if c.sanitize != nil {
+ 		flags = c.sanitize.flags(ctx, flags)
++	} else {
++		flags.Local.CFlags = append(flags.Local.CFlags, "-fwrapv")
+ 	}
+ 	if c.coverage != nil {
+ 		flags, deps = c.coverage.flags(ctx, flags, deps)
+diff --git a/cc/sanitize.go b/cc/sanitize.go
+index 941a955e5..694a3659f 100644
+--- a/cc/sanitize.go
++++ b/cc/sanitize.go
+@@ -556,9 +556,21 @@ func (sanitize *sanitize) flags(ctx ModuleContext, flags Flags) Flags {
+ 	}
+ 
+ 	if !sanitize.Properties.SanitizerEnabled && !sanitize.Properties.UbsanRuntimeDep {
++		flags.Local.CFlags = append(flags.Local.CFlags, "-fwrapv")
+ 		return flags
+ 	}
+ 
++        wrapv := true
++        for _, element := range sanitize.Properties.Sanitizers {
++                if (element == "signed-integer-overflow" || element == "integer" || element == "undefined") {
++                        wrapv = false
++                        break
++                }
++        }
++        if wrapv {
++                flags.Local.CFlags = append(flags.Local.CFlags, "-fwrapv")
++        }
++
+ 	if Bool(sanitize.Properties.Sanitize.Address) {
+ 		if ctx.Arch().ArchType == android.Arm {
+ 			// Frame pointer based unwinder in ASan requires ARM frame setup.
diff --git a/Patches/LineageOS-19.1/android_build_soong/0002-hm_apex.patch b/Patches/LineageOS-19.1/android_build_soong/0002-hm_apex.patch
new file mode 100644
index 00000000..59606924
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_build_soong/0002-hm_apex.patch
@@ -0,0 +1,21 @@
+From cc973e807d440a2cfe7bed420fbf7ae25985ddc1 Mon Sep 17 00:00:00 2001
+From: anupritaisno1 <www.anuprita804@gmail.com>
+Date: Sun, 13 Sep 2020 09:35:41 +0000
+Subject: [PATCH] make hardened malloc available to apexes
+
+---
+ apex/apex.go | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/apex/apex.go b/apex/apex.go
+index 77854074b..d7ae35c3d 100644
+--- a/apex/apex.go
++++ b/apex/apex.go
+@@ -2899,6 +2899,7 @@ func makeApexAvailableBaseline() map[string][]string {
+ 		"libdebuggerd_handler_fallback",
+ 		"libdl_static",
+ 		"libjemalloc5",
++		"libhardened_malloc",
+ 		"liblinker_main",
+ 		"liblinker_malloc",
+ 		"liblz4",
diff --git a/Patches/LineageOS-19.1/android_external_conscrypt/0001-constify_JNINativeMethod.patch b/Patches/LineageOS-19.1/android_external_conscrypt/0001-constify_JNINativeMethod.patch
new file mode 100644
index 00000000..ccb02e9e
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_external_conscrypt/0001-constify_JNINativeMethod.patch
@@ -0,0 +1,22 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Wed, 18 Nov 2020 14:28:24 -0500
+Subject: [PATCH] constify JNINativeMethod table
+
+---
+ common/src/jni/main/cpp/conscrypt/native_crypto.cc | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/common/src/jni/main/cpp/conscrypt/native_crypto.cc b/common/src/jni/main/cpp/conscrypt/native_crypto.cc
+index 5b0acf0d..f8142151 100644
+--- a/common/src/jni/main/cpp/conscrypt/native_crypto.cc
++++ b/common/src/jni/main/cpp/conscrypt/native_crypto.cc
+@@ -10354,7 +10354,7 @@ static jlong NativeCrypto_SSL_get1_session(JNIEnv* env, jclass, jlong ssl_addres
+ #define REF_X509_CRL "L" TO_STRING(JNI_JARJAR_PREFIX) "org/conscrypt/OpenSSLX509CRL;"
+ #define REF_SSL "L" TO_STRING(JNI_JARJAR_PREFIX) "org/conscrypt/NativeSsl;"
+ #define REF_SSL_CTX "L" TO_STRING(JNI_JARJAR_PREFIX) "org/conscrypt/AbstractSessionContext;"
+-static JNINativeMethod sNativeCryptoMethods[] = {
++static const JNINativeMethod sNativeCryptoMethods[] = {
+         CONSCRYPT_NATIVE_METHOD(clinit, "()V"),
+         CONSCRYPT_NATIVE_METHOD(CMAC_CTX_new, "()J"),
+         CONSCRYPT_NATIVE_METHOD(CMAC_CTX_free, "(J)V"),
diff --git a/Patches/LineageOS-19.1/android_frameworks_base/0003-SUPL_No_IMSI.patch b/Patches/LineageOS-19.1/android_frameworks_base/0003-SUPL_No_IMSI.patch
new file mode 100644
index 00000000..bf4b3de1
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_frameworks_base/0003-SUPL_No_IMSI.patch
@@ -0,0 +1,35 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: MSe1969 <mse1969@posteo.de>
+Date: Mon, 29 Oct 2018 12:14:17 +0100
+Subject: [PATCH] SUPL: Don't send IMSI / Phone number to SUPL server
+
+Change-Id: I5ccc4d61e52ac11ef33f44618d0e610089885b87
+---
+ .../android/server/location/gnss/GnssLocationProvider.java | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/services/core/java/com/android/server/location/gnss/GnssLocationProvider.java b/services/core/java/com/android/server/location/gnss/GnssLocationProvider.java
+index 9956da274263..65f5b836bfcf 100644
+--- a/services/core/java/com/android/server/location/gnss/GnssLocationProvider.java
++++ b/services/core/java/com/android/server/location/gnss/GnssLocationProvider.java
+@@ -1601,6 +1601,11 @@ public class GnssLocationProvider extends AbstractLocationProvider implements
+         int type = AGPS_SETID_TYPE_NONE;
+         String setId = null;
+ 
++        /*
++         * We don't want to tell Google our IMSI or phone number to spy on us!
++         * As devices w/o SIM card also have working GPS, providing this data does
++         * not seem to add a lot of value, at least not for the device holder
++         *
+         int ddSubId = SubscriptionManager.getDefaultDataSubscriptionId();
+         if (SubscriptionManager.isValidSubscriptionId(ddSubId)) {
+             phone = phone.createForSubscriptionId(ddSubId);
+@@ -1617,7 +1622,7 @@ public class GnssLocationProvider extends AbstractLocationProvider implements
+                 // This means the framework has the SIM card.
+                 type = AGPS_SETID_TYPE_MSISDN;
+             }
+-        }
++        } */
+ 
+         mGnssNative.setAgpsSetId(type, (setId == null) ? "" : setId);
+     }
diff --git a/Patches/LineageOS-19.1/android_frameworks_base/0004-Fingerprint_Lockout.patch b/Patches/LineageOS-19.1/android_frameworks_base/0004-Fingerprint_Lockout.patch
new file mode 100644
index 00000000..6062f6ce
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_frameworks_base/0004-Fingerprint_Lockout.patch
@@ -0,0 +1,23 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Tue, 12 Sep 2017 01:52:11 -0400
+Subject: [PATCH] use permanent fingerprint lockout immediately
+
+Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
+---
+ .../sensors/fingerprint/hidl/LockoutFrameworkImpl.java          | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/services/core/java/com/android/server/biometrics/sensors/fingerprint/hidl/LockoutFrameworkImpl.java b/services/core/java/com/android/server/biometrics/sensors/fingerprint/hidl/LockoutFrameworkImpl.java
+index dc5dace98825..efee4843aa99 100644
+--- a/services/core/java/com/android/server/biometrics/sensors/fingerprint/hidl/LockoutFrameworkImpl.java
++++ b/services/core/java/com/android/server/biometrics/sensors/fingerprint/hidl/LockoutFrameworkImpl.java
+@@ -41,7 +41,7 @@ public class LockoutFrameworkImpl implements LockoutTracker {
+     private static final String ACTION_LOCKOUT_RESET =
+             "com.android.server.biometrics.sensors.fingerprint.ACTION_LOCKOUT_RESET";
+     private static final int MAX_FAILED_ATTEMPTS_LOCKOUT_TIMED = 5;
+-    private static final int MAX_FAILED_ATTEMPTS_LOCKOUT_PERMANENT = 20;
++    private static final int MAX_FAILED_ATTEMPTS_LOCKOUT_PERMANENT = 3;
+     private static final long FAIL_LOCKOUT_TIMEOUT_MS = 30 * 1000;
+     private static final String KEY_LOCKOUT_RESET_USER = "lockout_reset_user";
+ 
diff --git a/Patches/LineageOS-19.1/android_frameworks_base/0005-User_Logout.patch b/Patches/LineageOS-19.1/android_frameworks_base/0005-User_Logout.patch
new file mode 100644
index 00000000..adad8f0e
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_frameworks_base/0005-User_Logout.patch
@@ -0,0 +1,42 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: flawedworld <flawedworld@flawed.world>
+Date: Fri, 15 Oct 2021 17:07:13 +0100
+Subject: [PATCH] enable secondary user logout support by default
+
+Ported from 11, 12 moved the isLogoutEnabled boolean to ActiveAdmin.java
+---
+ .../java/com/android/server/devicepolicy/ActiveAdmin.java     | 2 +-
+ .../server/devicepolicy/DevicePolicyManagerService.java       | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/ActiveAdmin.java b/services/devicepolicy/java/com/android/server/devicepolicy/ActiveAdmin.java
+index 37a84f3698c1..0ae88276ebda 100644
+--- a/services/devicepolicy/java/com/android/server/devicepolicy/ActiveAdmin.java
++++ b/services/devicepolicy/java/com/android/server/devicepolicy/ActiveAdmin.java
+@@ -197,7 +197,7 @@ class ActiveAdmin {
+     boolean requireAutoTime = false;
+     boolean forceEphemeralUsers = false;
+     boolean isNetworkLoggingEnabled = false;
+-    boolean isLogoutEnabled = false;
++    boolean isLogoutEnabled = true;
+ 
+     // one notification after enabling + one more after reboots
+     static final int DEF_MAXIMUM_NETWORK_LOGGING_NOTIFICATIONS_SHOWN = 2;
+diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+index dbbbd41ceeb3..5f66da8d8431 100644
+--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
++++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+@@ -15796,11 +15796,11 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
+     @Override
+     public boolean isLogoutEnabled() {
+         if (!mHasFeature) {
+-            return false;
++            return true;
+         }
+         synchronized (getLockObject()) {
+             ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked();
+-            return (deviceOwner != null) && deviceOwner.isLogoutEnabled;
++            return (deviceOwner == null) || deviceOwner.isLogoutEnabled;
+         }
+     }
+ 
diff --git a/Patches/LineageOS-19.1/android_frameworks_base/0007-Always_Restict_Serial.patch b/Patches/LineageOS-19.1/android_frameworks_base/0007-Always_Restict_Serial.patch
new file mode 100644
index 00000000..f858d90f
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_frameworks_base/0007-Always_Restict_Serial.patch
@@ -0,0 +1,29 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Wed, 6 Sep 2017 21:40:48 -0400
+Subject: [PATCH] always set deprecated Build.SERIAL to UNKNOWN
+
+Only support fetching the serial number via the new Build.getSerial()
+requiring the READ_PHONE_STATE permission.
+---
+ .../java/com/android/server/am/ActivityManagerService.java | 7 +------
+ 1 file changed, 1 insertion(+), 6 deletions(-)
+
+diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
+index 330d2ddc0a94..77521e64d603 100644
+--- a/services/core/java/com/android/server/am/ActivityManagerService.java
++++ b/services/core/java/com/android/server/am/ActivityManagerService.java
+@@ -4478,12 +4478,7 @@ public class ActivityManagerService extends IActivityManager.Stub
+ 
+             ProfilerInfo profilerInfo = mAppProfiler.setupProfilerInfoLocked(thread, app, instr);
+ 
+-            // We deprecated Build.SERIAL and it is not accessible to
+-            // Instant Apps and target APIs higher than O MR1. Since access to the serial
+-            // is now behind a permission we push down the value.
+-            final String buildSerial = (!appInfo.isInstantApp()
+-                    && appInfo.targetSdkVersion < Build.VERSION_CODES.P)
+-                            ? sTheRealBuildSerial : Build.UNKNOWN;
++            final String buildSerial = Build.UNKNOWN;
+ 
+             // Figure out whether the app needs to run in autofill compat mode.
+             AutofillOptions autofillOptions = null;
diff --git a/Patches/LineageOS-19.1/android_frameworks_base/0008-Browser_No_Location.patch b/Patches/LineageOS-19.1/android_frameworks_base/0008-Browser_No_Location.patch
new file mode 100644
index 00000000..0fc03836
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_frameworks_base/0008-Browser_No_Location.patch
@@ -0,0 +1,33 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Sun, 17 Mar 2019 19:54:30 -0400
+Subject: [PATCH] stop auto-granting location to system browsers
+
+---
+ .../pm/permission/DefaultPermissionGrantPolicy.java | 13 -------------
+ 1 file changed, 13 deletions(-)
+
+diff --git a/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java b/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java
+index cb28637e8c10..77ae50533f42 100644
+--- a/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java
++++ b/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java
+@@ -706,19 +706,6 @@ final class DefaultPermissionGrantPolicy {
+                         Intent.CATEGORY_APP_EMAIL, userId),
+                 userId, CONTACTS_PERMISSIONS, CALENDAR_PERMISSIONS);
+ 
+-        // Browser
+-        String browserPackage = ArrayUtils.firstOrNull(getKnownPackages(
+-                PackageManagerInternal.PACKAGE_BROWSER, userId));
+-        if (browserPackage == null) {
+-            browserPackage = getDefaultSystemHandlerActivityPackageForCategory(pm,
+-                    Intent.CATEGORY_APP_BROWSER, userId);
+-            if (!pm.isSystemPackage(browserPackage)) {
+-                browserPackage = null;
+-            }
+-        }
+-        grantPermissionsToPackage(pm, browserPackage, userId, false /* ignoreSystemPackage */,
+-                true /*whitelistRestrictedPermissions*/, FOREGROUND_LOCATION_PERMISSIONS);
+-
+         // Voice interaction
+         if (voiceInteractPackageNames != null) {
+             for (String voiceInteractPackageName : voiceInteractPackageNames) {
diff --git a/Patches/LineageOS-19.1/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch b/Patches/LineageOS-19.1/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch
new file mode 100644
index 00000000..3d2ca5f7
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch
@@ -0,0 +1,22 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Tue, 18 Dec 2018 08:48:14 -0500
+Subject: [PATCH] allow SystemUI to directly manage Bluetooth/WiFi
+
+---
+ packages/SystemUI/AndroidManifest.xml | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/packages/SystemUI/AndroidManifest.xml b/packages/SystemUI/AndroidManifest.xml
+index 6cf77882019c..5797aa01bfc0 100644
+--- a/packages/SystemUI/AndroidManifest.xml
++++ b/packages/SystemUI/AndroidManifest.xml
+@@ -84,6 +84,8 @@
+     <uses-permission android:name="android.permission.CONTROL_VPN" />
+     <uses-permission android:name="android.permission.PEERS_MAC_ADDRESS"/>
+     <uses-permission android:name="android.permission.READ_WIFI_CREDENTIAL"/>
++    <uses-permission android:name="android.permission.MANAGE_BLUETOOTH_WHEN_PERMISSION_REVIEW_REQUIRED" />
++    <uses-permission android:name="android.permission.MANAGE_WIFI_WHEN_PERMISSION_REVIEW_REQUIRED" />
+     <!-- Physical hardware -->
+     <uses-permission android:name="android.permission.MANAGE_USB" />
+     <uses-permission android:name="android.permission.CONTROL_DISPLAY_BRIGHTNESS" />
diff --git a/Patches/LineageOS-19.1/android_frameworks_base/0013-Network_Permission-1.patch b/Patches/LineageOS-19.1/android_frameworks_base/0013-Network_Permission-1.patch
new file mode 100644
index 00000000..47b9b463
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_frameworks_base/0013-Network_Permission-1.patch
@@ -0,0 +1,37 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Sun, 17 Mar 2019 11:59:15 -0400
+Subject: [PATCH] make INTERNET into a special runtime permission
+
+Ported from 10: 5e2898e9d21dd6802bb0b0139e7e496c41e1cd80
+---
+ core/res/AndroidManifest.xml                                    | 2 +-
+ .../android/server/pm/permission/PermissionManagerService.java  | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
+index 030310406949..7c4a046fda7b 100644
+--- a/core/res/AndroidManifest.xml
++++ b/core/res/AndroidManifest.xml
+@@ -1735,7 +1735,7 @@
+     <permission android:name="android.permission.INTERNET"
+         android:description="@string/permdesc_createNetworkSockets"
+         android:label="@string/permlab_createNetworkSockets"
+-        android:protectionLevel="normal|instant" />
++        android:protectionLevel="dangerous|instant" />
+ 
+     <!-- Allows applications to access information about networks.
+          <p>Protection level: normal
+diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+index 41b43e3c38bd..22d3fd41ea64 100644
+--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
++++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+@@ -2592,7 +2592,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
+     }
+ 
+     public static boolean isSpecialRuntimePermission(final String permission) {
+-        return false;
++        return Manifest.permission.INTERNET.equals(permission);
+     }
+ 
+     /**
diff --git a/Patches/LineageOS-19.1/android_frameworks_base/0013-Network_Permission-2.patch b/Patches/LineageOS-19.1/android_frameworks_base/0013-Network_Permission-2.patch
new file mode 100644
index 00000000..a4facad1
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_frameworks_base/0013-Network_Permission-2.patch
@@ -0,0 +1,69 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Fri, 21 Jul 2017 11:23:07 -0400
+Subject: [PATCH] add a NETWORK permission group for INTERNET
+
+Ported from 10: b5c9f9407d5f5407686ea8c02fa67573ddc07824
+
+Changes from 10:
+- Needed to run `m api-stubs-docs-non-updatable-update-current-api`
+to fix the "You have tried to change the API from what has been
+previously approved" errors.
+---
+ core/api/current.txt            | 2 ++
+ core/res/AndroidManifest.xml    | 8 ++++++++
+ core/res/res/values/strings.xml | 5 +++++
+ 3 files changed, 15 insertions(+)
+
+diff --git a/core/api/current.txt b/core/api/current.txt
+index 1dd401d04e2b..8d0391a80193 100644
+--- a/core/api/current.txt
++++ b/core/api/current.txt
+@@ -203,6 +203,8 @@ package android {
+     field public static final String LOCATION = "android.permission-group.LOCATION";
+     field public static final String MICROPHONE = "android.permission-group.MICROPHONE";
+     field public static final String NEARBY_DEVICES = "android.permission-group.NEARBY_DEVICES";
++    field public static final String NETWORK = "android.permission-group.NETWORK";
++    field public static final String OTHER_SENSORS = "android.permission-group.OTHER_SENSORS";
+     field public static final String PHONE = "android.permission-group.PHONE";
+     field public static final String SENSORS = "android.permission-group.SENSORS";
+     field public static final String SMS = "android.permission-group.SMS";
+diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
+index 7c4a046fda7b..76811630410d 100644
+--- a/core/res/AndroidManifest.xml
++++ b/core/res/AndroidManifest.xml
+@@ -1729,10 +1729,18 @@
+     <!-- ======================================= -->
+     <eat-comment />
+ 
++    <!-- Network access -->
++    <permission-group android:name="android.permission-group.NETWORK"
++        android:icon="@drawable/perm_group_network"
++        android:label="@string/permgrouplab_network"
++        android:description="@string/permgroupdesc_network"
++        android:priority="900" />
++
+     <!-- Allows applications to open network sockets.
+          <p>Protection level: normal
+     -->
+     <permission android:name="android.permission.INTERNET"
++        android:permissionGroup="android.permission-group.UNDEFINED"
+         android:description="@string/permdesc_createNetworkSockets"
+         android:label="@string/permlab_createNetworkSockets"
+         android:protectionLevel="dangerous|instant" />
+diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
+index 166d6abd1809..27c9026c863a 100644
+--- a/core/res/res/values/strings.xml
++++ b/core/res/res/values/strings.xml
+@@ -837,6 +837,11 @@
+     <!-- Description of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
+     <string name="permgroupdesc_sensors">access sensor data about your vital signs</string>
+ 
++    <!-- Title of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
++    <string name="permgrouplab_network">Network</string>
++    <!-- Description of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
++    <string name="permgroupdesc_network">access the network</string>
++
+     <!-- Title for the capability of an accessibility service to retrieve window content. -->
+     <string name="capability_title_canRetrieveWindowContent">Retrieve window content</string>
+     <!-- Description for the capability of an accessibility service to retrieve window content. -->
diff --git a/Patches/LineageOS-19.1/android_frameworks_base/0013-Network_Permission-3.patch b/Patches/LineageOS-19.1/android_frameworks_base/0013-Network_Permission-3.patch
new file mode 100644
index 00000000..b5b77bb5
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_frameworks_base/0013-Network_Permission-3.patch
@@ -0,0 +1,49 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Danny Lin <danny@kdrag0n.dev>
+Date: Tue, 5 Oct 2021 16:27:43 -0700
+Subject: [PATCH] net: Notify ConnectivityService of runtime permission changes
+
+ConnectivityService needs permission change events in order to enforce
+INTERNET permission updates correctly at runtime.
+
+Change-Id: I74b0b8a5aa70f0794b4f3d72c70167dbe2aae88d
+---
+ .../server/net/NetworkPolicyManagerService.java       | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/services/core/java/com/android/server/net/NetworkPolicyManagerService.java b/services/core/java/com/android/server/net/NetworkPolicyManagerService.java
+index 0a85854b2af8..236dd19e0982 100644
+--- a/services/core/java/com/android/server/net/NetworkPolicyManagerService.java
++++ b/services/core/java/com/android/server/net/NetworkPolicyManagerService.java
+@@ -182,6 +182,7 @@ import android.content.pm.IPackageManager;
+ import android.content.pm.PackageInfo;
+ import android.content.pm.PackageManager;
+ import android.content.pm.PackageManager.NameNotFoundException;
++import android.content.pm.PackageManagerInternal;
+ import android.content.pm.UserInfo;
+ import android.content.res.Resources;
+ import android.database.ContentObserver;
+@@ -282,6 +283,7 @@ import com.android.server.LocalServices;
+ import com.android.server.ServiceThread;
+ import com.android.server.SystemConfig;
+ import com.android.server.connectivity.MultipathPolicyTracker;
++import com.android.server.pm.permission.PermissionManagerServiceInternal;
+ import com.android.server.usage.AppStandbyInternal;
+ import com.android.server.usage.AppStandbyInternal.AppIdleStateChangeListener;
+ 
+@@ -797,6 +799,15 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
+     public void bindConnectivityManager() {
+         mConnManager = Objects.requireNonNull(mContext.getSystemService(ConnectivityManager.class),
+                 "missing ConnectivityManager");
++
++        // Listen for permission changes and forward to ConnectivityService
++        PermissionManagerServiceInternal pm = LocalServices.getService(
++                PermissionManagerServiceInternal.class);
++        PackageManagerInternal pmi = LocalServices.getService(PackageManagerInternal.class);
++        pm.addOnRuntimePermissionStateChangedListener((packageName, userId) -> {
++            int uid = pmi.getPackageUid(packageName, PackageManager.GET_PERMISSIONS, userId);
++            mConnManager.onPackagePermissionChanged(uid);
++        });
+     }
+ 
+     @GuardedBy("mUidRulesFirstLock")
diff --git a/Patches/LineageOS-19.1/android_frameworks_base/0013-Sensors_Permission.patch b/Patches/LineageOS-19.1/android_frameworks_base/0013-Sensors_Permission.patch
new file mode 100644
index 00000000..c6f58c2d
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_frameworks_base/0013-Sensors_Permission.patch
@@ -0,0 +1,113 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Sat, 7 Oct 2017 15:54:42 -0400
+Subject: [PATCH] add special runtime permission for other sensors
+
+This covers sensors not included in the existing runtime permission for
+body sensors.
+
+Ported from 10: 9ec9f7f521323552fa658b46862c8408f1a7b41b
+
+Changes from 10:
+- Needed to run `m api-stubs-docs-non-updatable-update-current-api`
+to fix the "You have tried to change the API from what has been
+previously approved" errors.
+---
+ core/api/current.txt                                 |  1 +
+ core/java/android/content/pm/PackageParser.java      |  2 ++
+ core/res/AndroidManifest.xml                         | 12 ++++++++++++
+ core/res/res/values/strings.xml                      | 12 ++++++++++++
+ .../pm/permission/PermissionManagerService.java      |  2 +-
+ 5 files changed, 28 insertions(+), 1 deletion(-)
+
+diff --git a/core/api/current.txt b/core/api/current.txt
+index 8d0391a80193..57f4821bb631 100644
+--- a/core/api/current.txt
++++ b/core/api/current.txt
+@@ -116,6 +116,7 @@ package android {
+     field public static final String NFC = "android.permission.NFC";
+     field public static final String NFC_PREFERRED_PAYMENT_INFO = "android.permission.NFC_PREFERRED_PAYMENT_INFO";
+     field public static final String NFC_TRANSACTION_EVENT = "android.permission.NFC_TRANSACTION_EVENT";
++    field public static final String OTHER_SENSORS = "android.permission.OTHER_SENSORS";
+     field public static final String PACKAGE_USAGE_STATS = "android.permission.PACKAGE_USAGE_STATS";
+     field @Deprecated public static final String PERSISTENT_ACTIVITY = "android.permission.PERSISTENT_ACTIVITY";
+     field @Deprecated public static final String PROCESS_OUTGOING_CALLS = "android.permission.PROCESS_OUTGOING_CALLS";
+diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
+index 86fef5d9df19..5edc8d35082e 100644
+--- a/core/java/android/content/pm/PackageParser.java
++++ b/core/java/android/content/pm/PackageParser.java
+@@ -283,6 +283,8 @@ public class PackageParser {
+     @UnsupportedAppUsage
+     public static final PackageParser.NewPermissionInfo NEW_PERMISSIONS[] =
+         new PackageParser.NewPermissionInfo[] {
++            new PackageParser.NewPermissionInfo(android.Manifest.permission.OTHER_SENSORS,
++                    android.os.Build.VERSION_CODES.CUR_DEVELOPMENT + 1, 0),
+             new PackageParser.NewPermissionInfo(android.Manifest.permission.WRITE_EXTERNAL_STORAGE,
+                     android.os.Build.VERSION_CODES.DONUT, 0),
+             new PackageParser.NewPermissionInfo(android.Manifest.permission.READ_PHONE_STATE,
+diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
+index 76811630410d..3053eb4e1e16 100644
+--- a/core/res/AndroidManifest.xml
++++ b/core/res/AndroidManifest.xml
+@@ -1498,6 +1498,18 @@
+         android:description="@string/permdesc_useBiometric"
+         android:protectionLevel="normal" />
+ 
++    <permission-group android:name="android.permission-group.OTHER_SENSORS"
++        android:icon="@drawable/perm_group_location"
++        android:label="@string/permgrouplab_otherSensors"
++        android:description="@string/permgroupdesc_otherSensors"
++        android:priority="1000" />
++
++    <permission android:name="android.permission.OTHER_SENSORS"
++        android:permissionGroup="android.permission-group.UNDEFINED"
++        android:label="@string/permlab_otherSensors"
++        android:description="@string/permdesc_otherSensors"
++        android:protectionLevel="dangerous" />
++
+     <!-- ====================================================================== -->
+     <!-- REMOVED PERMISSIONS                                                    -->
+     <!-- ====================================================================== -->
+diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
+index 27c9026c863a..4a8624222ae8 100644
+--- a/core/res/res/values/strings.xml
++++ b/core/res/res/values/strings.xml
+@@ -837,6 +837,11 @@
+     <!-- Description of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
+     <string name="permgroupdesc_sensors">access sensor data about your vital signs</string>
+ 
++    <!-- Title of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
++    <string name="permgrouplab_otherSensors">Sensors</string>
++    <!-- Description of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
++    <string name="permgroupdesc_otherSensors">access sensor data about orientation, movement, etc.</string>
++
+     <!-- Title of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
+     <string name="permgrouplab_network">Network</string>
+     <!-- Description of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
+@@ -1165,6 +1170,13 @@
+     <string name="permdesc_bodySensors" product="default">Allows the app to access data from sensors
+     that monitor your physical condition, such as your heart rate.</string>
+ 
++    <!-- Title of the sensors permission, listed so the user can decide whether to allow the application to access sensor data. [CHAR LIMIT=80] -->
++    <string name="permlab_otherSensors">access sensors (like the compass)
++    </string>
++    <!-- Description of the sensors permission, listed so the user can decide whether to allow the application to access data from sensors. [CHAR LIMIT=NONE] -->
++    <string name="permdesc_otherSensors" product="default">Allows the app to access data from sensors
++    monitoring orientation, movement, vibration (including low frequency sound) and environmental data</string>
++
+     <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
+     <string name="permlab_readCalendar">Read calendar events and details</string>
+     <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
+diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+index 22d3fd41ea64..60dc0a027725 100644
+--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
++++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+@@ -2592,7 +2592,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
+     }
+ 
+     public static boolean isSpecialRuntimePermission(final String permission) {
+-        return Manifest.permission.INTERNET.equals(permission);
++        return Manifest.permission.INTERNET.equals(permission) || Manifest.permission.OTHER_SENSORS.equals(permission);
+     }
+ 
+     /**
diff --git a/Patches/LineageOS-19.1/android_frameworks_base/0013-Special_Permissions.patch b/Patches/LineageOS-19.1/android_frameworks_base/0013-Special_Permissions.patch
new file mode 100644
index 00000000..04aa00a1
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_frameworks_base/0013-Special_Permissions.patch
@@ -0,0 +1,99 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: inthewaves <inthewaves@pm.me>
+Date: Sat, 12 Sep 2020 12:28:34 -0700
+Subject: [PATCH] support new special runtime permissions
+
+These are treated as a runtime permission even for legacy apps. They
+need to be granted by default for all apps to maintain compatibility.
+
+Ported from 10: 4d5d82f4e2fb9ff68158bf30f3944591bb74dd04
+
+Changes from 10:
+- It seems like parts of PackageManagerService#resetUserChangesToRuntimePermissionsAndFlagsLPw
+were refactored into PermissionManagerService#resetRuntimePermissionsInternal.
+As a result, PackageManagerService is no longer modified.
+
+[kdrag0n: Ported to Android 12]
+Signed-off-by: Danny Lin <danny@kdrag0n.dev>
+---
+ .../permission/PermissionManagerService.java  | 25 +++++++++++++++----
+ 1 file changed, 20 insertions(+), 5 deletions(-)
+
+diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+index 54a6c678e0da..41b43e3c38bd 100644
+--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
++++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+@@ -1525,7 +1525,8 @@ public class PermissionManagerService extends IPermissionManager.Stub {
+             // their permissions as always granted runtime ones since we need
+             // to keep the review required permission flag per user while an
+             // install permission's state is shared across all users.
+-            if (pkg.getTargetSdkVersion() < Build.VERSION_CODES.M && bp.isRuntime()) {
++            if (pkg.getTargetSdkVersion() < Build.VERSION_CODES.M && bp.isRuntime() &&
++                    !isSpecialRuntimePermission(permName)) {
+                 return;
+             }
+ 
+@@ -1568,7 +1569,8 @@ public class PermissionManagerService extends IPermissionManager.Stub {
+                             + " for package " + packageName);
+                 }
+ 
+-                if (pkg.getTargetSdkVersion() < Build.VERSION_CODES.M) {
++                if (pkg.getTargetSdkVersion() < Build.VERSION_CODES.M &&
++                    !isSpecialRuntimePermission(permName)) {
+                     Slog.w(TAG, "Cannot grant runtime permission to a legacy app");
+                     return;
+                 }
+@@ -1693,7 +1695,8 @@ public class PermissionManagerService extends IPermissionManager.Stub {
+             // their permissions as always granted runtime ones since we need
+             // to keep the review required permission flag per user while an
+             // install permission's state is shared across all users.
+-            if (pkg.getTargetSdkVersion() < Build.VERSION_CODES.M && bp.isRuntime()) {
++            if (pkg.getTargetSdkVersion() < Build.VERSION_CODES.M && bp.isRuntime() &&
++                    !isSpecialRuntimePermission(permName)) {
+                 return;
+             }
+ 
+@@ -1898,7 +1901,8 @@ public class PermissionManagerService extends IPermissionManager.Stub {
+ 
+             // If this permission was granted by default or role, make sure it is.
+             if ((oldFlags & FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0
+-                    || (oldFlags & FLAG_PERMISSION_GRANTED_BY_ROLE) != 0) {
++                    || (oldFlags & FLAG_PERMISSION_GRANTED_BY_ROLE) != 0
++                    || isSpecialRuntimePermission(permName)) {
+                 // PermissionPolicyService will handle the app op for runtime permissions later.
+                 grantRuntimePermissionInternal(packageName, permName, false,
+                         Process.SYSTEM_UID, userId, delayingPermCallback);
+@@ -2587,6 +2591,10 @@ public class PermissionManagerService extends IPermissionManager.Stub {
+         }
+     }
+ 
++    public static boolean isSpecialRuntimePermission(final String permission) {
++        return false;
++    }
++
+     /**
+      * Restore the permission state for a package.
+      *
+@@ -2966,6 +2974,13 @@ public class PermissionManagerService extends IPermissionManager.Stub {
+                                     }
+                                 }
+                             }
++
++                            if (isSpecialRuntimePermission(permName) &&
++                                    origPermState == null) {
++                                if (uidState.grantPermission(bp)) {
++                                    wasChanged = true;
++                                }
++                            }
+                         } else {
+                             if (origPermState == null) {
+                                 // New permission
+@@ -3803,7 +3818,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
+             if (shouldGrantPermission) {
+                 final int flags = getPermissionFlagsInternal(pkg.getPackageName(), permission,
+                         myUid, userId);
+-                if (supportsRuntimePermissions) {
++                if (supportsRuntimePermissions || isSpecialRuntimePermission(permission)) {
+                     // Installer cannot change immutable permissions.
+                     if ((flags & immutableFlags) == 0) {
+                         grantRuntimePermissionInternal(pkg.getPackageName(), permission, false,
diff --git a/Patches/LineageOS-19.1/android_frameworks_base/0014-Automatic_Reboot.patch b/Patches/LineageOS-19.1/android_frameworks_base/0014-Automatic_Reboot.patch
new file mode 100644
index 00000000..5b8c3e8e
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_frameworks_base/0014-Automatic_Reboot.patch
@@ -0,0 +1,153 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: anupritaisno1 <www.anuprita804@gmail.com>
+Date: Mon, 18 Oct 2021 04:05:40 +0530
+Subject: [PATCH] automatically reboot device after timeout if set
+
+Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
+Change-Id: If891bfbcc144c9336ba013260bad2b7c7a59c054
+---
+ core/java/android/provider/Settings.java      |  7 ++++
+ data/etc/com.android.systemui.xml             |  1 +
+ packages/SystemUI/AndroidManifest.xml         |  3 ++
+ .../keyguard/KeyguardViewMediator.java        | 35 +++++++++++++++++++
+ 4 files changed, 46 insertions(+)
+
+diff --git a/core/java/android/provider/Settings.java b/core/java/android/provider/Settings.java
+index 01e369779e1e..52103c3a3f99 100644
+--- a/core/java/android/provider/Settings.java
++++ b/core/java/android/provider/Settings.java
+@@ -16378,6 +16378,13 @@ public final class Settings {
+          * @hide
+          */
+         public static final String RESTRICTED_NETWORKING_MODE = "restricted_networking_mode";
++
++        /**
++         * Whether to automatically reboot the device after a user defined timeout
++         *
++         * @hide
++         */
++        public static final String SETTINGS_REBOOT_AFTER_TIMEOUT = "settings_reboot_after_timeout";
+     }
+ 
+     /**
+diff --git a/data/etc/com.android.systemui.xml b/data/etc/com.android.systemui.xml
+index f2a33de008d6..354fd82f3a0d 100644
+--- a/data/etc/com.android.systemui.xml
++++ b/data/etc/com.android.systemui.xml
+@@ -48,6 +48,7 @@
+         <permission name="android.permission.READ_NETWORK_USAGE_HISTORY"/>
+         <permission name="android.permission.READ_PRIVILEGED_PHONE_STATE"/>
+         <permission name="android.permission.REAL_GET_TASKS"/>
++        <permission name="android.permission.REBOOT"/>
+         <permission name="android.permission.REQUEST_NETWORK_SCORES"/>
+         <permission name="android.permission.RECEIVE_MEDIA_RESOURCE_USAGE"/>
+         <permission name="android.permission.START_ACTIVITIES_FROM_BACKGROUND" />
+diff --git a/packages/SystemUI/AndroidManifest.xml b/packages/SystemUI/AndroidManifest.xml
+index 5797aa01bfc0..cd3e8b391982 100644
+--- a/packages/SystemUI/AndroidManifest.xml
++++ b/packages/SystemUI/AndroidManifest.xml
+@@ -292,6 +292,9 @@
+ 
+     <uses-permission android:name="android.permission.READ_PEOPLE_DATA" />
+ 
++    <!-- Permission to allow rebooting the device after a user configurable amount of time -->
++    <uses-permission android:name="android.permission.REBOOT" />
++
+     <protected-broadcast android:name="com.android.settingslib.action.REGISTER_SLICE_RECEIVER" />
+     <protected-broadcast android:name="com.android.settingslib.action.UNREGISTER_SLICE_RECEIVER" />
+     <protected-broadcast android:name="com.android.settings.flashlight.action.FLASHLIGHT_CHANGED" />
+diff --git a/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java b/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java
+index 532f071132fc..bb78b6cd6eee 100644
+--- a/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java
++++ b/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java
+@@ -186,6 +186,8 @@ public class KeyguardViewMediator extends SystemUI implements Dumpable,
+ 
+     private final static String TAG = "KeyguardViewMediator";
+ 
++    private static final String DELAYED_REBOOT_ACTION =
++        "com.android.internal.policy.impl.PhoneWindowManager.DELAYED_REBOOT";
+     private static final String DELAYED_KEYGUARD_ACTION =
+         "com.android.internal.policy.impl.PhoneWindowManager.DELAYED_KEYGUARD";
+     private static final String DELAYED_LOCK_PROFILE_ACTION =
+@@ -313,6 +315,11 @@ public class KeyguardViewMediator extends SystemUI implements Dumpable,
+      */
+     private int mDelayedProfileShowingSequence;
+ 
++    /**
++     * Same as {@link #mDelayedProfileShowingSequence}, but used for our reboot implementation
++     */
++    private int mDelayedRebootSequence;
++
+     /**
+      * If the user has disabled the keyguard, then requests to exit, this is
+      * how we'll ultimately let them know whether it was successful.  We use this
+@@ -905,6 +912,7 @@ public class KeyguardViewMediator extends SystemUI implements Dumpable,
+         final IntentFilter delayedActionFilter = new IntentFilter();
+         delayedActionFilter.addAction(DELAYED_KEYGUARD_ACTION);
+         delayedActionFilter.addAction(DELAYED_LOCK_PROFILE_ACTION);
++        delayedActionFilter.addAction(DELAYED_REBOOT_ACTION);
+         mContext.registerReceiver(mDelayedLockBroadcastReceiver, delayedActionFilter,
+                 SYSTEMUI_PERMISSION, null /* scheduler */);
+ 
+@@ -1206,6 +1214,18 @@ public class KeyguardViewMediator extends SystemUI implements Dumpable,
+         }
+     }
+ 
++    private void doRebootForOwnerAfterTimeoutIfEnabled(long rebootAfterTimeout) {
++        long when = SystemClock.elapsedRealtime() + rebootAfterTimeout;
++        Intent rebootIntent = new Intent(DELAYED_REBOOT_ACTION);
++        rebootIntent.putExtra("seq", mDelayedRebootSequence);
++        rebootIntent.addFlags(Intent.FLAG_RECEIVER_FOREGROUND);
++        PendingIntent sender = PendingIntent.getBroadcast(mContext,
++                0, rebootIntent, PendingIntent.FLAG_CANCEL_CURRENT |  PendingIntent.FLAG_IMMUTABLE);
++        mAlarmManager.setExactAndAllowWhileIdle(AlarmManager.ELAPSED_REALTIME_WAKEUP, when, sender);
++        if (DEBUG) Log.d(TAG, "setting alarm to reboot device, timeout = "
++                         + String.valueOf(rebootAfterTimeout));
++    }
++
+     private void doKeyguardForChildProfilesLocked() {
+         UserManager um = UserManager.get(mContext);
+         for (int profileId : um.getEnabledProfileIds(UserHandle.myUserId())) {
+@@ -1223,6 +1243,10 @@ public class KeyguardViewMediator extends SystemUI implements Dumpable,
+         mDelayedProfileShowingSequence++;
+     }
+ 
++    private void cancelDoRebootForOwnerAfterTimeoutIfEnabled() {
++        mDelayedRebootSequence++;
++    }
++
+     /**
+      * Let's us know when the device is waking up.
+      */
+@@ -1587,6 +1611,10 @@ public class KeyguardViewMediator extends SystemUI implements Dumpable,
+ 
+         if (DEBUG) Log.d(TAG, "doKeyguard: showing the lock screen");
+         showLocked(options);
++        final long rebootAfterTimeout = Settings.Global.getLong(mContext.getContentResolver(), Settings.Global.SETTINGS_REBOOT_AFTER_TIMEOUT, 0);
++        if (rebootAfterTimeout >= 1) {
++            doRebootForOwnerAfterTimeoutIfEnabled(rebootAfterTimeout);
++        }
+     }
+ 
+     private void lockProfile(int userId) {
+@@ -1786,6 +1814,12 @@ public class KeyguardViewMediator extends SystemUI implements Dumpable,
+                         }
+                     }
+                 }
++            } else if (DELAYED_REBOOT_ACTION.equals(intent.getAction())) {
++                final int sequence = intent.getIntExtra("seq", 0);
++                if (sequence == mDelayedRebootSequence) {
++                    PowerManager pm = mContext.getSystemService(PowerManager.class);
++                    pm.reboot(null);
++                }
+             }
+         }
+     };
+@@ -2365,6 +2399,7 @@ public class KeyguardViewMediator extends SystemUI implements Dumpable,
+         mHideAnimationRun = false;
+         adjustStatusBarLocked();
+         sendUserPresentBroadcast();
++        cancelDoRebootForOwnerAfterTimeoutIfEnabled();
+     }
+ 
+     private Configuration.Builder createInteractionJankMonitorConf(String tag) {
diff --git a/Patches/LineageOS-19.1/android_frameworks_base/0015-Bluetooth_Timeout.patch b/Patches/LineageOS-19.1/android_frameworks_base/0015-Bluetooth_Timeout.patch
new file mode 100644
index 00000000..e89164e3
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_frameworks_base/0015-Bluetooth_Timeout.patch
@@ -0,0 +1,121 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: pratyush <codelab@pratyush.dev>
+Date: Thu, 1 Jul 2021 12:26:49 +0530
+Subject: [PATCH] Bluetooth auto turn off
+
+---
+ core/java/android/provider/Settings.java      |  6 ++
+ .../server/BluetoothManagerService.java       | 76 +++++++++++++++++++
+ 2 files changed, 82 insertions(+)
+
+diff --git a/core/java/android/provider/Settings.java b/core/java/android/provider/Settings.java
+index 52103c3a3f99..580f9745eea7 100644
+--- a/core/java/android/provider/Settings.java
++++ b/core/java/android/provider/Settings.java
+@@ -16385,6 +16385,12 @@ public final class Settings {
+          * @hide
+          */
+         public static final String SETTINGS_REBOOT_AFTER_TIMEOUT = "settings_reboot_after_timeout";
++        
++        /**
++         * The amount of time in milliseconds before bluetooth is turned off
++         * @hide
++         */
++        public static final String BLUETOOTH_OFF_TIMEOUT = "bluetooth_off_timeout";
+     }
+ 
+     /**
+diff --git a/services/core/java/com/android/server/BluetoothManagerService.java b/services/core/java/com/android/server/BluetoothManagerService.java
+index f5ff7a3d71a4..8123494599b6 100644
+--- a/services/core/java/com/android/server/BluetoothManagerService.java
++++ b/services/core/java/com/android/server/BluetoothManagerService.java
+@@ -29,6 +29,7 @@ import android.annotation.NonNull;
+ import android.annotation.RequiresPermission;
+ import android.annotation.SuppressLint;
+ import android.app.ActivityManager;
++import android.app.AlarmManager;
+ import android.app.AppGlobals;
+ import android.app.AppOpsManager;
+ import android.app.BroadcastOptions;
+@@ -549,6 +550,81 @@ class BluetoothManagerService extends IBluetoothManager.Stub {
+             Slog.w(TAG, "Unable to resolve SystemUI's UID.");
+         }
+         mSystemUiUid = systemUiUid;
++
++        /*
++        * System sends ACTION_STATE_CHANGED broadcast soon as any state
++        * changes. what it means in action is we don't have to take care if
++        * device reboot while BT has not been turned off automatically.
++        *
++        * A word of warning though it does not check if device as been
++        * unlocked or not what it means in real life is if you have sometime
++        * like tile ble tracker configured it will turn off BT. As result tile
++        * tracking will fail because of auto timeout. this behaviour can be
++        * changed with UserManager.isUnlocked()
++        * */
++        IntentFilter btFilter = new IntentFilter();
++        btFilter.addAction(BluetoothAdapter.ACTION_STATE_CHANGED);
++        btFilter.addAction(BluetoothAdapter.ACTION_CONNECTION_STATE_CHANGED);
++        btFilter.addAction(BluetoothAdapter.ACTION_LOCAL_NAME_CHANGED);
++        context.registerReceiver(new BroadcastReceiver() {
++            @Override
++            public void onReceive(Context broadcastContext, Intent intent) {
++                reconfigureBtTimeoutListener();
++            }
++        }, btFilter);
++
++        context.getContentResolver().registerContentObserver(
++                Settings.Global.getUriFor(Settings.Global.BLUETOOTH_OFF_TIMEOUT),
++                false,
++                new ContentObserver(new Handler(context.getMainLooper())) {
++                    @Override
++                    public void onChange(boolean selfChange) {
++                        super.onChange(selfChange);
++                        reconfigureBtTimeoutListener();
++                    }
++                });
++    }
++
++    private static final AlarmManager.OnAlarmListener listener = () -> {
++        BluetoothAdapter bluetoothAdapter = BluetoothAdapter.getDefaultAdapter();
++        if (isBtOnAndDisconnected() && bluetoothAdapter != null) {
++            bluetoothAdapter.disable();
++        }
++    };
++
++    // If device is still connected cancel timeout for now and wait for disconnected signal
++    private void reconfigureBtTimeoutListener() {
++        AlarmManager alarmManager = (AlarmManager) mContext.getSystemService(Context.ALARM_SERVICE);
++        if (isTimeoutEnabled(mContext) && isBtOnAndDisconnected()) {
++            final long timeout = SystemClock.elapsedRealtime() + btTimeoutDurationInMilli(mContext);
++            alarmManager.cancel(listener);
++            alarmManager.setExact(
++                    AlarmManager.ELAPSED_REALTIME_WAKEUP,
++                    timeout,
++                    "BT Idle Timeout",
++                    listener,
++                    new Handler(mContext.getMainLooper())
++            );
++        } else {
++            alarmManager.cancel(listener);
++        }
++    }
++
++    private static boolean isBtOnAndDisconnected() {
++        BluetoothAdapter bluetoothAdapter = BluetoothAdapter.getDefaultAdapter();
++        return bluetoothAdapter != null && bluetoothAdapter.getState() == BluetoothAdapter.STATE_ON
++                && bluetoothAdapter.getState() == BluetoothAdapter.STATE_ON &&
++                bluetoothAdapter.getConnectionState() == BluetoothAdapter.STATE_DISCONNECTED;
++    }
++
++    private static long btTimeoutDurationInMilli(Context context) {
++        return Settings.Global.getLong(context.getContentResolver(),
++                Settings.Global.BLUETOOTH_OFF_TIMEOUT, 0);
++    }
++
++    /** Zero is default and means disabled */
++    private static boolean isTimeoutEnabled(Context context) {
++        return 0 != btTimeoutDurationInMilli(context);
+     }
+ 
+     /**
diff --git a/Patches/LineageOS-19.1/android_frameworks_base/0016-WiFi_Timeout.patch b/Patches/LineageOS-19.1/android_frameworks_base/0016-WiFi_Timeout.patch
new file mode 100644
index 00000000..5ec3541c
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_frameworks_base/0016-WiFi_Timeout.patch
@@ -0,0 +1,123 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Pratyush <codelab@pratyush.dev>
+Date: Tue, 6 Jul 2021 18:18:06 +0530
+Subject: [PATCH] Wi-Fi auto turn off
+
+---
+ core/java/android/provider/Settings.java      |  6 ++
+ .../server/net/NetworkStatsService.java       | 69 +++++++++++++++++++
+ 2 files changed, 75 insertions(+)
+
+diff --git a/core/java/android/provider/Settings.java b/core/java/android/provider/Settings.java
+index 580f9745eea7..1d8745501553 100644
+--- a/core/java/android/provider/Settings.java
++++ b/core/java/android/provider/Settings.java
+@@ -16379,6 +16379,12 @@ public final class Settings {
+          */
+         public static final String RESTRICTED_NETWORKING_MODE = "restricted_networking_mode";
+ 
++        /**
++         * The amount of time in milliseconds before Wi-Fi is turned off
++         * @hide
++         */
++        public static final String WIFI_OFF_TIMEOUT = "wifi_off_timeout";
++
+         /**
+          * Whether to automatically reboot the device after a user defined timeout
+          *
+diff --git a/services/core/java/com/android/server/net/NetworkStatsService.java b/services/core/java/com/android/server/net/NetworkStatsService.java
+index 097b0711eff7..0a4fca3ec09d 100644
+--- a/services/core/java/com/android/server/net/NetworkStatsService.java
++++ b/services/core/java/com/android/server/net/NetworkStatsService.java
+@@ -96,6 +96,7 @@ import android.net.INetworkStatsSession;
+ import android.net.Network;
+ import android.net.NetworkCapabilities;
+ import android.net.NetworkIdentity;
++import android.net.NetworkInfo;
+ import android.net.NetworkSpecifier;
+ import android.net.NetworkStack;
+ import android.net.NetworkStateSnapshot;
+@@ -110,8 +111,10 @@ import android.net.Uri;
+ import android.net.netstats.provider.INetworkStatsProvider;
+ import android.net.netstats.provider.INetworkStatsProviderCallback;
+ import android.net.netstats.provider.NetworkStatsProvider;
++import android.net.wifi.WifiManager;
+ import android.os.BestClock;
+ import android.os.Binder;
++import android.os.Bundle;
+ import android.os.DropBoxManager;
+ import android.os.Environment;
+ import android.os.Handler;
+@@ -449,6 +452,72 @@ public class NetworkStatsService extends INetworkStatsService.Stub {
+         mContentResolver = mContext.getContentResolver();
+         mContentObserver = mDeps.makeContentObserver(mHandler, mSettings,
+                 mNetworkStatsSubscriptionsMonitor);
++        IntentFilter wifiFilter = new IntentFilter();
++        wifiFilter.addAction(WifiManager.NETWORK_STATE_CHANGED_ACTION);
++        wifiFilter.addAction(WifiManager.WIFI_STATE_CHANGED_ACTION);
++
++        context.registerReceiver(
++                new BroadcastReceiver() {
++                    @Override
++                    public void onReceive(Context context, Intent intent) {
++                        if (WifiManager.NETWORK_STATE_CHANGED_ACTION.equals(intent.getAction())) {
++                            Bundle bundle = intent.getExtras();
++                            NetworkInfo networkInfo = bundle.getParcelable(WifiManager.EXTRA_NETWORK_INFO);
++                            isWifiConnected = networkInfo != null && networkInfo.isConnected();
++                        }
++                        reconfigureWiFiTimeoutListener();
++                    }
++                }, wifiFilter
++        );
++
++        context.getContentResolver().registerContentObserver(
++                Global.getUriFor(Global.WIFI_OFF_TIMEOUT),
++                false,
++                new ContentObserver(new Handler(context.getMainLooper())) {
++                    @Override
++                    public void onChange(boolean selfChange) {
++                        super.onChange(selfChange);
++                        reconfigureWiFiTimeoutListener();
++                    }
++                });
++    }
++
++    private static boolean isWifiConnected = false;
++    private final AlarmManager.OnAlarmListener listener = this::turnOffWifi;
++
++    private void turnOffWifi() {
++        WifiManager wifiManager = (WifiManager) mContext.getSystemService(Context.WIFI_SERVICE);
++        if (isWifiTimeoutEnabled(mContext) && wifiManager.isWifiEnabled()) {
++            // setWifiEnabled(enabled) is deprecated, though AOSP still uses
++            // it internally and system apps/services are exempted
++            wifiManager.setWifiEnabled(false);
++        }
++    }
++
++    private void reconfigureWiFiTimeoutListener() {
++        if (isWifiTimeoutEnabled(mContext) && !isWifiConnected) {
++            final long timeout = SystemClock.elapsedRealtime() + wifiTimeoutDurationInMilli(mContext);
++            mAlarmManager.cancel(listener);
++            mAlarmManager.setExact(
++                    AlarmManager.ELAPSED_REALTIME_WAKEUP,
++                    timeout,
++                    "Wi-Fi Idle Timeout",
++                    listener,
++                    new Handler(mContext.getMainLooper())
++            );
++        } else {
++            mAlarmManager.cancel(listener);
++        }
++    }
++
++    private static long wifiTimeoutDurationInMilli(Context mContext) {
++        return Settings.Global.getLong(mContext.getContentResolver(),
++                Global.WIFI_OFF_TIMEOUT, 0);
++    }
++
++    /** Zero is default and means disabled */
++    private static boolean isWifiTimeoutEnabled(Context mContext) {
++        return 0 != wifiTimeoutDurationInMilli(mContext);
+     }
+ 
+     /**
diff --git a/Patches/LineageOS-19.1/android_frameworks_base/0017-constify_JNINativeMethod.patch b/Patches/LineageOS-19.1/android_frameworks_base/0017-constify_JNINativeMethod.patch
new file mode 100644
index 00000000..338e29e4
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_frameworks_base/0017-constify_JNINativeMethod.patch
@@ -0,0 +1,213 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Sat, 16 Oct 2021 19:44:59 -0400
+Subject: [PATCH] constify JNINativeMethod tables
+
+---
+ cmds/hid/jni/com_android_commands_hid_Device.cpp           | 2 +-
+ cmds/uinput/jni/com_android_commands_uinput_Device.cpp     | 2 +-
+ core/jni/android_app_ActivityThread.cpp                    | 2 +-
+ core/jni/android_os_HidlMemory.cpp                         | 2 +-
+ core/jni/android_os_HwBinder.cpp                           | 2 +-
+ core/jni/android_os_HwBlob.cpp                             | 2 +-
+ core/jni/android_os_HwParcel.cpp                           | 2 +-
+ core/jni/android_os_HwRemoteBinder.cpp                     | 2 +-
+ libs/hwui/jni/android_graphics_DisplayListCanvas.cpp       | 2 +-
+ media/jni/android_media_ImageWriter.cpp                    | 4 ++--
+ media/jni/android_media_MediaSync.cpp                      | 2 +-
+ media/jni/soundpool/android_media_SoundPool.cpp            | 2 +-
+ services/core/jni/com_android_server_UsbMidiDevice.cpp     | 2 +-
+ services/core/jni/com_android_server_tv_TvUinputBridge.cpp | 2 +-
+ 14 files changed, 15 insertions(+), 15 deletions(-)
+
+diff --git a/cmds/hid/jni/com_android_commands_hid_Device.cpp b/cmds/hid/jni/com_android_commands_hid_Device.cpp
+index 2cda57dd67e9..7613651e75c4 100644
+--- a/cmds/hid/jni/com_android_commands_hid_Device.cpp
++++ b/cmds/hid/jni/com_android_commands_hid_Device.cpp
+@@ -354,7 +354,7 @@ static void closeDevice(JNIEnv* /* env */, jclass /* clazz */, jlong ptr) {
+     }
+ }
+ 
+-static JNINativeMethod sMethods[] = {
++static const JNINativeMethod sMethods[] = {
+         {"nativeOpenDevice",
+          "(Ljava/lang/String;IIII[B"
+          "Lcom/android/commands/hid/Device$DeviceCallback;)J",
+diff --git a/cmds/uinput/jni/com_android_commands_uinput_Device.cpp b/cmds/uinput/jni/com_android_commands_uinput_Device.cpp
+index 06fa2aac2c7e..4c20055020a4 100644
+--- a/cmds/uinput/jni/com_android_commands_uinput_Device.cpp
++++ b/cmds/uinput/jni/com_android_commands_uinput_Device.cpp
+@@ -301,7 +301,7 @@ static void setAbsInfo(JNIEnv* env, jclass /* clazz */, jint handle, jint axisCo
+     ::ioctl(static_cast<int>(handle), UI_ABS_SETUP, &absSetup);
+ }
+ 
+-static JNINativeMethod sMethods[] = {
++static const JNINativeMethod sMethods[] = {
+         {"nativeOpenUinputDevice",
+          "(Ljava/lang/String;IIIII"
+          "Lcom/android/commands/uinput/Device$DeviceCallback;)J",
+diff --git a/core/jni/android_app_ActivityThread.cpp b/core/jni/android_app_ActivityThread.cpp
+index e9d9a20c7538..cd285238d6e2 100644
+--- a/core/jni/android_app_ActivityThread.cpp
++++ b/core/jni/android_app_ActivityThread.cpp
+@@ -40,7 +40,7 @@ static void android_app_ActivityThread_initZygoteChildHeapProfiling(JNIEnv* env,
+     android_mallopt(M_INIT_ZYGOTE_CHILD_PROFILING, nullptr, 0);
+ }
+ 
+-static JNINativeMethod gActivityThreadMethods[] = {
++static const JNINativeMethod gActivityThreadMethods[] = {
+     // ------------ Regular JNI ------------------
+     { "nPurgePendingResources",        "()V",
+       (void*) android_app_ActivityThread_purgePendingResources },
+diff --git a/core/jni/android_os_HidlMemory.cpp b/core/jni/android_os_HidlMemory.cpp
+index 69e48184c0ad..612fc95776a5 100644
+--- a/core/jni/android_os_HidlMemory.cpp
++++ b/core/jni/android_os_HidlMemory.cpp
+@@ -50,7 +50,7 @@ static void nativeFinalize(JNIEnv* env, jobject jobj) {
+     delete native;
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+         {"nativeFinalize", "()V", (void*) nativeFinalize},
+ };
+ 
+diff --git a/core/jni/android_os_HwBinder.cpp b/core/jni/android_os_HwBinder.cpp
+index 781895eeeaba..cbec79144826 100644
+--- a/core/jni/android_os_HwBinder.cpp
++++ b/core/jni/android_os_HwBinder.cpp
+@@ -352,7 +352,7 @@ static void JHwBinder_report_sysprop_change(JNIEnv * /*env*/, jclass /*clazz*/)
+     report_sysprop_change();
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+     { "native_init", "()J", (void *)JHwBinder_native_init },
+     { "native_setup", "()V", (void *)JHwBinder_native_setup },
+ 
+diff --git a/core/jni/android_os_HwBlob.cpp b/core/jni/android_os_HwBlob.cpp
+index a9db91be1d5b..ba4cf6101449 100644
+--- a/core/jni/android_os_HwBlob.cpp
++++ b/core/jni/android_os_HwBlob.cpp
+@@ -599,7 +599,7 @@ static jlong JHwBlob_native_handle(JNIEnv *env, jobject thiz) {
+     return handle;
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+     { "native_init", "()J", (void *)JHwBlob_native_init },
+     { "native_setup", "(I)V", (void *)JHwBlob_native_setup },
+ 
+diff --git a/core/jni/android_os_HwParcel.cpp b/core/jni/android_os_HwParcel.cpp
+index 4c4443fc29c3..78fd6d90691b 100644
+--- a/core/jni/android_os_HwParcel.cpp
++++ b/core/jni/android_os_HwParcel.cpp
+@@ -1068,7 +1068,7 @@ static void JHwParcel_native_writeBuffer(
+     }
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+     { "native_init", "()J", (void *)JHwParcel_native_init },
+     { "native_setup", "(Z)V", (void *)JHwParcel_native_setup },
+ 
+diff --git a/core/jni/android_os_HwRemoteBinder.cpp b/core/jni/android_os_HwRemoteBinder.cpp
+index 3af55fe810fc..feabd6a60fbf 100644
+--- a/core/jni/android_os_HwRemoteBinder.cpp
++++ b/core/jni/android_os_HwRemoteBinder.cpp
+@@ -442,7 +442,7 @@ static jint JHwRemoteBinder_hashCode(JNIEnv* env, jobject thiz) {
+     return static_cast<jint>(longHash ^ (longHash >> 32)); // See Long.hashCode()
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+     { "native_init", "()J", (void *)JHwRemoteBinder_native_init },
+ 
+     { "native_setup_empty", "()V",
+diff --git a/libs/hwui/jni/android_graphics_DisplayListCanvas.cpp b/libs/hwui/jni/android_graphics_DisplayListCanvas.cpp
+index f060bb32031a..3ebb3553ce20 100644
+--- a/libs/hwui/jni/android_graphics_DisplayListCanvas.cpp
++++ b/libs/hwui/jni/android_graphics_DisplayListCanvas.cpp
+@@ -174,7 +174,7 @@ static void android_view_DisplayListCanvas_drawWebViewFunctor(CRITICAL_JNI_PARAM
+ 
+ const char* const kClassPathName = "android/graphics/RecordingCanvas";
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+         // ------------ @CriticalNative --------------
+         {"nCreateDisplayListCanvas", "(JII)J",
+          (void*)android_view_DisplayListCanvas_createDisplayListCanvas},
+diff --git a/media/jni/android_media_ImageWriter.cpp b/media/jni/android_media_ImageWriter.cpp
+index b291ac95bf4f..1ee25c4f6421 100644
+--- a/media/jni/android_media_ImageWriter.cpp
++++ b/media/jni/android_media_ImageWriter.cpp
+@@ -1061,7 +1061,7 @@ static jobjectArray Image_createSurfacePlanes(JNIEnv* env, jobject thiz,
+ 
+ // ----------------------------------------------------------------------------
+ 
+-static JNINativeMethod gImageWriterMethods[] = {
++static const JNINativeMethod gImageWriterMethods[] = {
+     {"nativeClassInit",         "()V",                        (void*)ImageWriter_classInit },
+     {"nativeInit",              "(Ljava/lang/Object;Landroid/view/Surface;IIII)J",
+                                                               (void*)ImageWriter_init },
+@@ -1075,7 +1075,7 @@ static JNINativeMethod gImageWriterMethods[] = {
+     {"cancelImage",             "(JLandroid/media/Image;)V",   (void*)ImageWriter_cancelImage },
+ };
+ 
+-static JNINativeMethod gImageMethods[] = {
++static const JNINativeMethod gImageMethods[] = {
+     {"nativeCreatePlanes",      "(II)[Landroid/media/ImageWriter$WriterSurfaceImage$SurfacePlane;",
+                                                                (void*)Image_createSurfacePlanes },
+     {"nativeGetWidth",          "()I",                         (void*)Image_getWidth },
+diff --git a/media/jni/android_media_MediaSync.cpp b/media/jni/android_media_MediaSync.cpp
+index d1ce30a3e827..d93bda166c44 100644
+--- a/media/jni/android_media_MediaSync.cpp
++++ b/media/jni/android_media_MediaSync.cpp
+@@ -514,7 +514,7 @@ static void android_media_MediaSync_native_finalize(JNIEnv *env, jobject thiz) {
+     android_media_MediaSync_release(env, thiz);
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+     { "native_setSurface",
+       "(Landroid/view/Surface;)V",
+       (void *)android_media_MediaSync_native_setSurface },
+diff --git a/media/jni/soundpool/android_media_SoundPool.cpp b/media/jni/soundpool/android_media_SoundPool.cpp
+index a66d99fbd9f4..1665421aacd4 100644
+--- a/media/jni/soundpool/android_media_SoundPool.cpp
++++ b/media/jni/soundpool/android_media_SoundPool.cpp
+@@ -247,7 +247,7 @@ android_media_SoundPool_release(JNIEnv *env, jobject thiz)
+ // ----------------------------------------------------------------------------
+ 
+ // Dalvik VM type signatures
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+     {   "_load",
+         "(Ljava/io/FileDescriptor;JJI)I",
+         (void *)android_media_SoundPool_load_FD
+diff --git a/services/core/jni/com_android_server_UsbMidiDevice.cpp b/services/core/jni/com_android_server_UsbMidiDevice.cpp
+index d6b5bed173eb..564f71daedac 100644
+--- a/services/core/jni/com_android_server_UsbMidiDevice.cpp
++++ b/services/core/jni/com_android_server_UsbMidiDevice.cpp
+@@ -157,7 +157,7 @@ android_server_UsbMidiDevice_close(JNIEnv *env, jobject thiz, jobjectArray fds)
+     }
+ }
+ 
+-static JNINativeMethod method_table[] = {
++static const JNINativeMethod method_table[] = {
+     { "nativeGetSubdeviceCount", "(II)I", (void*)android_server_UsbMidiDevice_get_subdevice_count },
+     { "nativeOpen", "(III)[Ljava/io/FileDescriptor;", (void*)android_server_UsbMidiDevice_open },
+     { "nativeClose", "([Ljava/io/FileDescriptor;)V", (void*)android_server_UsbMidiDevice_close },
+diff --git a/services/core/jni/com_android_server_tv_TvUinputBridge.cpp b/services/core/jni/com_android_server_tv_TvUinputBridge.cpp
+index 99deab4fd652..2cb1aaef13fa 100644
+--- a/services/core/jni/com_android_server_tv_TvUinputBridge.cpp
++++ b/services/core/jni/com_android_server_tv_TvUinputBridge.cpp
+@@ -534,7 +534,7 @@ static void nativeClear(JNIEnv* env, jclass clazz, jlong ptr) {
+  * JNI registration
+  */
+ 
+-static JNINativeMethod gUinputBridgeMethods[] = {
++static const JNINativeMethod gUinputBridgeMethods[] = {
+         {"nativeOpen", "(Ljava/lang/String;Ljava/lang/String;III)J", (void*)nativeOpen},
+         {"nativeGamepadOpen", "(Ljava/lang/String;Ljava/lang/String;)J", (void*)nativeGamepadOpen},
+         {"nativeClose", "(J)V", (void*)nativeClose},
diff --git a/Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-1.patch b/Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-1.patch
new file mode 100644
index 00000000..9bb48185
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-1.patch
@@ -0,0 +1,181 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Sat, 14 Mar 2015 18:10:20 -0400
+Subject: [PATCH] add exec-based spawning support
+
+---
+ .../com/android/internal/os/ExecInit.java     | 115 ++++++++++++++++++
+ .../com/android/internal/os/WrapperInit.java  |   2 +-
+ .../android/internal/os/ZygoteConnection.java |  10 +-
+ 3 files changed, 125 insertions(+), 2 deletions(-)
+ create mode 100644 core/java/com/android/internal/os/ExecInit.java
+
+diff --git a/core/java/com/android/internal/os/ExecInit.java b/core/java/com/android/internal/os/ExecInit.java
+new file mode 100644
+index 000000000000..2adcab7fdbe6
+--- /dev/null
++++ b/core/java/com/android/internal/os/ExecInit.java
+@@ -0,0 +1,115 @@
++package com.android.internal.os;
++
++import android.os.Trace;
++import android.system.ErrnoException;
++import android.system.Os;
++import android.util.Slog;
++import android.util.TimingsTraceLog;
++import dalvik.system.VMRuntime;
++
++/**
++ * Startup class for the process.
++ * @hide
++ */
++public class ExecInit {
++    /**
++     * Class not instantiable.
++     */
++    private ExecInit() {
++    }
++
++    /**
++     * The main function called when starting a runtime application.
++     *
++     * The first argument is the target SDK version for the app.
++     *
++     * The remaining arguments are passed to the runtime.
++     *
++     * @param args The command-line arguments.
++     */
++    public static void main(String[] args) {
++        // Parse our mandatory argument.
++        int targetSdkVersion = Integer.parseInt(args[0], 10);
++
++        // Mimic system Zygote preloading.
++        ZygoteInit.preload(new TimingsTraceLog("ExecInitTiming",
++                Trace.TRACE_TAG_DALVIK));
++
++        // Launch the application.
++        String[] runtimeArgs = new String[args.length - 1];
++        System.arraycopy(args, 1, runtimeArgs, 0, runtimeArgs.length);
++        Runnable r = execInit(targetSdkVersion, runtimeArgs);
++
++        r.run();
++    }
++
++    /**
++     * Executes a runtime application with exec-based spawning.
++     * This method never returns.
++     *
++     * @param niceName The nice name for the application, or null if none.
++     * @param targetSdkVersion The target SDK version for the app.
++     * @param args Arguments for {@link RuntimeInit#main}.
++     */
++    public static void execApplication(String niceName, int targetSdkVersion,
++            String instructionSet, String[] args) {
++        int niceArgs = niceName == null ? 0 : 1;
++        int baseArgs = 5 + niceArgs;
++        String[] argv = new String[baseArgs + args.length];
++        if (VMRuntime.is64BitInstructionSet(instructionSet)) {
++            argv[0] = "/system/bin/app_process64";
++        } else {
++            argv[0] = "/system/bin/app_process32";
++        }
++        argv[1] = "/system/bin";
++        argv[2] = "--application";
++        if (niceName != null) {
++            argv[3] = "--nice-name=" + niceName;
++        }
++        argv[3 + niceArgs] = "com.android.internal.os.ExecInit";
++        argv[4 + niceArgs] = Integer.toString(targetSdkVersion);
++        System.arraycopy(args, 0, argv, baseArgs, args.length);
++
++        WrapperInit.preserveCapabilities();
++        try {
++            Os.execv(argv[0], argv);
++        } catch (ErrnoException e) {
++            throw new RuntimeException(e);
++        }
++    }
++
++    /**
++     * The main function called when an application is started with exec-based spawning.
++     *
++     * When the app starts, the runtime starts {@link RuntimeInit#main}
++     * which calls {@link main} which then calls this method.
++     * So we don't need to call commonInit() here.
++     *
++     * @param targetSdkVersion target SDK version
++     * @param argv arg strings
++     */
++    private static Runnable execInit(int targetSdkVersion, String[] argv) {
++        if (RuntimeInit.DEBUG) {
++            Slog.d(RuntimeInit.TAG, "RuntimeInit: Starting application from exec");
++        }
++
++        // Check whether the first argument is a "-cp" in argv, and assume the next argument is the
++        // classpath. If found, create a PathClassLoader and use it for applicationInit.
++        ClassLoader classLoader = null;
++        if (argv != null && argv.length > 2 && argv[0].equals("-cp")) {
++            classLoader = ZygoteInit.createPathClassLoader(argv[1], targetSdkVersion);
++
++            // Install this classloader as the context classloader, too.
++            Thread.currentThread().setContextClassLoader(classLoader);
++
++            // Remove the classpath from the arguments.
++            String removedArgs[] = new String[argv.length - 2];
++            System.arraycopy(argv, 2, removedArgs, 0, argv.length - 2);
++            argv = removedArgs;
++        }
++
++        // Perform the same initialization that would happen after the Zygote forks.
++        Zygote.nativePreApplicationInit();
++        return RuntimeInit.applicationInit(targetSdkVersion, /*disabledCompatChanges*/ null, argv, classLoader);
++    }
++}
+diff --git a/core/java/com/android/internal/os/WrapperInit.java b/core/java/com/android/internal/os/WrapperInit.java
+index 6860759eea8a..a2eef62f80be 100644
+--- a/core/java/com/android/internal/os/WrapperInit.java
++++ b/core/java/com/android/internal/os/WrapperInit.java
+@@ -186,7 +186,7 @@ public class WrapperInit {
+      *       This is acceptable here as failure will leave the wrapped app with strictly less
+      *       capabilities, which may make it crash, but not exceed its allowances.
+      */
+-    private static void preserveCapabilities() {
++    public static void preserveCapabilities() {
+         StructCapUserHeader header = new StructCapUserHeader(
+                 OsConstants._LINUX_CAPABILITY_VERSION_3, 0);
+         StructCapUserData[] data;
+diff --git a/core/java/com/android/internal/os/ZygoteConnection.java b/core/java/com/android/internal/os/ZygoteConnection.java
+index 993e4e7b4b3d..756547706f60 100644
+--- a/core/java/com/android/internal/os/ZygoteConnection.java
++++ b/core/java/com/android/internal/os/ZygoteConnection.java
+@@ -29,6 +29,7 @@ import android.net.Credentials;
+ import android.net.LocalSocket;
+ import android.os.Parcel;
+ import android.os.Process;
++import android.os.SystemProperties;
+ import android.os.Trace;
+ import android.system.ErrnoException;
+ import android.system.Os;
+@@ -247,7 +248,7 @@ class ZygoteConnection {
+                     fdsToClose[1] = zygoteFd.getInt$();
+                 }
+ 
+-                if (parsedArgs.mInvokeWith != null || parsedArgs.mStartChildZygote
++                if (parsedArgs.mInvokeWith != null || SystemProperties.getBoolean("sys.spawn.exec", true) || parsedArgs.mStartChildZygote
+                         || !multipleOK || peer.getUid() != Process.SYSTEM_UID) {
+                     // Continue using old code for now. TODO: Handle these cases in the other path.
+                     pid = Zygote.forkAndSpecialize(parsedArgs.mUid, parsedArgs.mGid,
+@@ -535,6 +536,13 @@ class ZygoteConnection {
+             throw new IllegalStateException("WrapperInit.execApplication unexpectedly returned");
+         } else {
+             if (!isZygote) {
++                if (SystemProperties.getBoolean("sys.spawn.exec", true)) {
++                    ExecInit.execApplication(parsedArgs.mNiceName, parsedArgs.mTargetSdkVersion,
++                            VMRuntime.getCurrentInstructionSet(), parsedArgs.mRemainingArgs);
++
++                    // Should not get here.
++                    throw new IllegalStateException("ExecInit.execApplication unexpectedly returned");
++                }
+                 return ZygoteInit.zygoteInit(parsedArgs.mTargetSdkVersion,
+                         parsedArgs.mDisabledCompatChanges,
+                         parsedArgs.mRemainingArgs, null /* classLoader */);
diff --git a/Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-10.patch b/Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-10.patch
new file mode 100644
index 00000000..49c8dd34
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-10.patch
@@ -0,0 +1,28 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Wed, 11 Sep 2019 06:57:24 -0400
+Subject: [PATCH] disable preloading classloaders for exec spawning
+
+---
+ core/java/com/android/internal/os/ZygoteInit.java | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/android/internal/os/ZygoteInit.java
+index 851e5e1fb5b1..231b42ba64b9 100644
+--- a/core/java/com/android/internal/os/ZygoteInit.java
++++ b/core/java/com/android/internal/os/ZygoteInit.java
+@@ -143,9 +143,11 @@ public class ZygoteInit {
+             preloadClasses();
+             bootTimingsTraceLog.traceEnd(); // PreloadClasses
+         }
+-        bootTimingsTraceLog.traceBegin("CacheNonBootClasspathClassLoaders");
+-        cacheNonBootClasspathClassLoaders();
+-        bootTimingsTraceLog.traceEnd(); // CacheNonBootClasspathClassLoaders
++        if (fullPreload) {
++            bootTimingsTraceLog.traceBegin("CacheNonBootClasspathClassLoaders");
++            cacheNonBootClasspathClassLoaders();
++            bootTimingsTraceLog.traceEnd(); // CacheNonBootClasspathClassLoaders
++        }
+         if (fullPreload) {
+             bootTimingsTraceLog.traceBegin("PreloadResources");
+             preloadResources();
diff --git a/Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-11.patch b/Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-11.patch
new file mode 100644
index 00000000..1ce4eba3
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-11.patch
@@ -0,0 +1,28 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Wed, 11 Sep 2019 06:58:51 -0400
+Subject: [PATCH] disable preloading HALs for exec spawning
+
+---
+ core/java/com/android/internal/os/ZygoteInit.java | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/android/internal/os/ZygoteInit.java
+index 231b42ba64b9..1696d2135180 100644
+--- a/core/java/com/android/internal/os/ZygoteInit.java
++++ b/core/java/com/android/internal/os/ZygoteInit.java
+@@ -153,9 +153,11 @@ public class ZygoteInit {
+             preloadResources();
+             bootTimingsTraceLog.traceEnd(); // PreloadResources
+         }
+-        Trace.traceBegin(Trace.TRACE_TAG_DALVIK, "PreloadAppProcessHALs");
+-        nativePreloadAppProcessHALs();
+-        Trace.traceEnd(Trace.TRACE_TAG_DALVIK);
++        if (fullPreload) {
++            Trace.traceBegin(Trace.TRACE_TAG_DALVIK, "PreloadAppProcessHALs");
++            nativePreloadAppProcessHALs();
++            Trace.traceEnd(Trace.TRACE_TAG_DALVIK);
++        }
+         Trace.traceBegin(Trace.TRACE_TAG_DALVIK, "PreloadGraphicsDriver");
+         maybePreloadGraphicsDriver();
+         Trace.traceEnd(Trace.TRACE_TAG_DALVIK);
diff --git a/Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-12.patch b/Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-12.patch
new file mode 100644
index 00000000..f67220e5
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-12.patch
@@ -0,0 +1,253 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: anupritaisno1 <www.anuprita804@gmail.com>
+Date: Fri, 30 Oct 2020 22:26:09 +0000
+Subject: [PATCH] pass through runtime flags for exec spawning and implement
+ them in the child
+
+Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
+---
+ .../com/android/internal/os/ExecInit.java     |  14 +-
+ core/java/com/android/internal/os/Zygote.java |   9 ++
+ .../android/internal/os/ZygoteConnection.java |   2 +-
+ core/jni/com_android_internal_os_Zygote.cpp   | 129 ++++++++++--------
+ 4 files changed, 89 insertions(+), 65 deletions(-)
+
+diff --git a/core/java/com/android/internal/os/ExecInit.java b/core/java/com/android/internal/os/ExecInit.java
+index 830e5b562a91..749c67abf389 100644
+--- a/core/java/com/android/internal/os/ExecInit.java
++++ b/core/java/com/android/internal/os/ExecInit.java
+@@ -31,15 +31,20 @@ public class ExecInit {
+         // Parse our mandatory argument.
+         int targetSdkVersion = Integer.parseInt(args[0], 10);
+ 
++        // Parse the runtime_flags.
++        int runtimeFlags = Integer.parseInt(args[1], 10);
++
+         // Mimic system Zygote preloading.
+         ZygoteInit.preload(new TimingsTraceLog("ExecInitTiming",
+                 Trace.TRACE_TAG_DALVIK), false);
+ 
+         // Launch the application.
+-        String[] runtimeArgs = new String[args.length - 1];
+-        System.arraycopy(args, 1, runtimeArgs, 0, runtimeArgs.length);
++        String[] runtimeArgs = new String[args.length - 2];
++        System.arraycopy(args, 2, runtimeArgs, 0, runtimeArgs.length);
+         Runnable r = execInit(targetSdkVersion, runtimeArgs);
+ 
++        Zygote.nativeHandleRuntimeFlags(runtimeFlags);
++
+         r.run();
+     }
+ 
+@@ -52,9 +57,9 @@ public class ExecInit {
+      * @param args Arguments for {@link RuntimeInit#main}.
+      */
+     public static void execApplication(String niceName, int targetSdkVersion,
+-            String instructionSet, String[] args) {
++            String instructionSet, int runtimeFlags, String[] args) {
+         int niceArgs = niceName == null ? 0 : 1;
+-        int baseArgs = 5 + niceArgs;
++        int baseArgs = 6 + niceArgs;
+         String[] argv = new String[baseArgs + args.length];
+         if (VMRuntime.is64BitInstructionSet(instructionSet)) {
+             argv[0] = "/system/bin/app_process64";
+@@ -68,6 +73,7 @@ public class ExecInit {
+         }
+         argv[3 + niceArgs] = "com.android.internal.os.ExecInit";
+         argv[4 + niceArgs] = Integer.toString(targetSdkVersion);
++        argv[5 + niceArgs] = Integer.toString(runtimeFlags);
+         System.arraycopy(args, 0, argv, baseArgs, args.length);
+ 
+         WrapperInit.preserveCapabilities();
+diff --git a/core/java/com/android/internal/os/Zygote.java b/core/java/com/android/internal/os/Zygote.java
+index 6d4b8c5ea1ad..1f0ac0bd6520 100644
+--- a/core/java/com/android/internal/os/Zygote.java
++++ b/core/java/com/android/internal/os/Zygote.java
+@@ -1170,4 +1170,13 @@ public final class Zygote {
+      * we failed to determine the level.
+      */
+     public static native int nativeCurrentTaggingLevel();
++
++    /**
++     * Used on GrapheneOS to set up runtime flags
++     *
++     * @param runtimeFlags flags to be passed to the native method
++     *
++     * @hide
++     */
++    public static native void nativeHandleRuntimeFlags(int runtimeFlags);
+ }
+diff --git a/core/java/com/android/internal/os/ZygoteConnection.java b/core/java/com/android/internal/os/ZygoteConnection.java
+index 27518dd4cdce..a8d9400c7992 100644
+--- a/core/java/com/android/internal/os/ZygoteConnection.java
++++ b/core/java/com/android/internal/os/ZygoteConnection.java
+@@ -539,7 +539,7 @@ class ZygoteConnection {
+                 if (SystemProperties.getBoolean("sys.spawn.exec", true) &&
+                         (parsedArgs.mRuntimeFlags & ApplicationInfo.FLAG_DEBUGGABLE) == 0) {
+                     ExecInit.execApplication(parsedArgs.mNiceName, parsedArgs.mTargetSdkVersion,
+-                            VMRuntime.getCurrentInstructionSet(), parsedArgs.mRemainingArgs);
++                            VMRuntime.getCurrentInstructionSet(), parsedArgs.mRuntimeFlags, parsedArgs.mRemainingArgs);
+ 
+                     // Should not get here.
+                     throw new IllegalStateException("ExecInit.execApplication unexpectedly returned");
+diff --git a/core/jni/com_android_internal_os_Zygote.cpp b/core/jni/com_android_internal_os_Zygote.cpp
+index bed0aae074a4..69f615a8e0f4 100644
+--- a/core/jni/com_android_internal_os_Zygote.cpp
++++ b/core/jni/com_android_internal_os_Zygote.cpp
+@@ -1552,6 +1552,69 @@ static void BindMountStorageDirs(JNIEnv* env, jobjectArray pkg_data_info_list,
+   }
+ }
+ 
++static void HandleRuntimeFlags(JNIEnv* env, jint& runtime_flags) {
++    // Set process properties to enable debugging if required.
++    if ((runtime_flags & RuntimeFlags::DEBUG_ENABLE_JDWP) != 0) {
++        EnableDebugger();
++    }
++    if ((runtime_flags & RuntimeFlags::PROFILE_FROM_SHELL) != 0) {
++        // simpleperf needs the process to be dumpable to profile it.
++        if (prctl(PR_SET_DUMPABLE, 1, 0, 0, 0) == -1) {
++            ALOGE("prctl(PR_SET_DUMPABLE) failed: %s", strerror(errno));
++            RuntimeAbort(env, __LINE__, "prctl(PR_SET_DUMPABLE, 1) failed");
++        }
++    }
++
++    HeapTaggingLevel heap_tagging_level;
++    switch (runtime_flags & RuntimeFlags::MEMORY_TAG_LEVEL_MASK) {
++        case RuntimeFlags::MEMORY_TAG_LEVEL_TBI:
++            heap_tagging_level = M_HEAP_TAGGING_LEVEL_TBI;
++            break;
++        case RuntimeFlags::MEMORY_TAG_LEVEL_ASYNC:
++            heap_tagging_level = M_HEAP_TAGGING_LEVEL_ASYNC;
++            break;
++        case RuntimeFlags::MEMORY_TAG_LEVEL_SYNC:
++            heap_tagging_level = M_HEAP_TAGGING_LEVEL_SYNC;
++            break;
++        default:
++            heap_tagging_level = M_HEAP_TAGGING_LEVEL_NONE;
++            break;
++    }
++    mallopt(M_BIONIC_SET_HEAP_TAGGING_LEVEL, heap_tagging_level);
++
++    // Now that we've used the flag, clear it so that we don't pass unknown flags to the ART
++    // runtime.
++    runtime_flags &= ~RuntimeFlags::MEMORY_TAG_LEVEL_MASK;
++
++    // Avoid heap zero initialization for applications without MTE. Zero init may
++    // cause app compat problems, use more memory, or reduce performance. While it
++    // would be nice to have them for apps, we will have to wait until they are
++    // proven out, have more efficient hardware, and/or apply them only to new
++    // applications.
++    if (!(runtime_flags & RuntimeFlags::NATIVE_HEAP_ZERO_INIT)) {
++        mallopt(M_BIONIC_ZERO_INIT, 0);
++    }
++
++    // Now that we've used the flag, clear it so that we don't pass unknown flags to the ART
++    // runtime.
++    runtime_flags &= ~RuntimeFlags::NATIVE_HEAP_ZERO_INIT;
++
++    bool forceEnableGwpAsan = false;
++    switch (runtime_flags & RuntimeFlags::GWP_ASAN_LEVEL_MASK) {
++        default:
++        case RuntimeFlags::GWP_ASAN_LEVEL_NEVER:
++            break;
++        case RuntimeFlags::GWP_ASAN_LEVEL_ALWAYS:
++            forceEnableGwpAsan = true;
++            [[fallthrough]];
++        case RuntimeFlags::GWP_ASAN_LEVEL_LOTTERY:
++            android_mallopt(M_INITIALIZE_GWP_ASAN, &forceEnableGwpAsan, sizeof(forceEnableGwpAsan));
++    }
++    // Now that we've used the flag, clear it so that we don't pass unknown flags to the ART
++    // runtime.
++    runtime_flags &= ~RuntimeFlags::GWP_ASAN_LEVEL_MASK;
++}
++
+ // Utility routine to specialize a zygote child process.
+ static void SpecializeCommon(JNIEnv* env, uid_t uid, gid_t gid, jintArray gids, jint runtime_flags,
+                              jobjectArray rlimits, jlong permitted_capabilities,
+@@ -1679,66 +1742,7 @@ static void SpecializeCommon(JNIEnv* env, uid_t uid, gid_t gid, jintArray gids,
+         }
+     }
+ 
+-    // Set process properties to enable debugging if required.
+-    if ((runtime_flags & RuntimeFlags::DEBUG_ENABLE_JDWP) != 0) {
+-        EnableDebugger();
+-    }
+-    if ((runtime_flags & RuntimeFlags::PROFILE_FROM_SHELL) != 0) {
+-        // simpleperf needs the process to be dumpable to profile it.
+-        if (prctl(PR_SET_DUMPABLE, 1, 0, 0, 0) == -1) {
+-            ALOGE("prctl(PR_SET_DUMPABLE) failed: %s", strerror(errno));
+-            RuntimeAbort(env, __LINE__, "prctl(PR_SET_DUMPABLE, 1) failed");
+-        }
+-    }
+-
+-    HeapTaggingLevel heap_tagging_level;
+-    switch (runtime_flags & RuntimeFlags::MEMORY_TAG_LEVEL_MASK) {
+-        case RuntimeFlags::MEMORY_TAG_LEVEL_TBI:
+-            heap_tagging_level = M_HEAP_TAGGING_LEVEL_TBI;
+-            break;
+-        case RuntimeFlags::MEMORY_TAG_LEVEL_ASYNC:
+-            heap_tagging_level = M_HEAP_TAGGING_LEVEL_ASYNC;
+-            break;
+-        case RuntimeFlags::MEMORY_TAG_LEVEL_SYNC:
+-            heap_tagging_level = M_HEAP_TAGGING_LEVEL_SYNC;
+-            break;
+-        default:
+-            heap_tagging_level = M_HEAP_TAGGING_LEVEL_NONE;
+-            break;
+-    }
+-    mallopt(M_BIONIC_SET_HEAP_TAGGING_LEVEL, heap_tagging_level);
+-
+-    // Now that we've used the flag, clear it so that we don't pass unknown flags to the ART
+-    // runtime.
+-    runtime_flags &= ~RuntimeFlags::MEMORY_TAG_LEVEL_MASK;
+-
+-    // Avoid heap zero initialization for applications without MTE. Zero init may
+-    // cause app compat problems, use more memory, or reduce performance. While it
+-    // would be nice to have them for apps, we will have to wait until they are
+-    // proven out, have more efficient hardware, and/or apply them only to new
+-    // applications.
+-    if (!(runtime_flags & RuntimeFlags::NATIVE_HEAP_ZERO_INIT)) {
+-        mallopt(M_BIONIC_ZERO_INIT, 0);
+-    }
+-
+-    // Now that we've used the flag, clear it so that we don't pass unknown flags to the ART
+-    // runtime.
+-    runtime_flags &= ~RuntimeFlags::NATIVE_HEAP_ZERO_INIT;
+-
+-    bool forceEnableGwpAsan = false;
+-    switch (runtime_flags & RuntimeFlags::GWP_ASAN_LEVEL_MASK) {
+-        default:
+-        case RuntimeFlags::GWP_ASAN_LEVEL_NEVER:
+-            break;
+-        case RuntimeFlags::GWP_ASAN_LEVEL_ALWAYS:
+-            forceEnableGwpAsan = true;
+-            [[fallthrough]];
+-        case RuntimeFlags::GWP_ASAN_LEVEL_LOTTERY:
+-            android_mallopt(M_INITIALIZE_GWP_ASAN, &forceEnableGwpAsan, sizeof(forceEnableGwpAsan));
+-    }
+-    // Now that we've used the flag, clear it so that we don't pass unknown flags to the ART
+-    // runtime.
+-    runtime_flags &= ~RuntimeFlags::GWP_ASAN_LEVEL_MASK;
++    HandleRuntimeFlags(env, runtime_flags);
+ 
+     if (NeedsNoRandomizeWorkaround()) {
+         // Work around ARM kernel ASLR lossage (http://b/5817320).
+@@ -2642,6 +2646,10 @@ static void com_android_internal_os_Zygote_nativeAllowFilesOpenedByPreload(JNIEn
+     gPreloadFdsExtracted = true;
+ }
+ 
++static void nativeHandleRuntimeFlagsWrapper(JNIEnv* env, jclass, jint runtime_flags) {
++    HandleRuntimeFlags(env, runtime_flags);
++}
++
+ static const JNINativeMethod gMethods[] = {
+         {"nativeForkAndSpecialize",
+          "(II[II[[IILjava/lang/String;Ljava/lang/String;[I[IZLjava/lang/String;Ljava/lang/"
+@@ -2694,6 +2702,7 @@ static const JNINativeMethod gMethods[] = {
+          (void*)com_android_internal_os_Zygote_nativeMarkOpenedFilesBeforePreload},
+         {"nativeAllowFilesOpenedByPreload", "()V",
+          (void*)com_android_internal_os_Zygote_nativeAllowFilesOpenedByPreload},
++        {"nativeHandleRuntimeFlags", "(I)V", (void*)nativeHandleRuntimeFlagsWrapper},
+ };
+ 
+ int register_com_android_internal_os_Zygote(JNIEnv* env) {
diff --git a/Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-2.patch b/Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-2.patch
new file mode 100644
index 00000000..fc5a016e
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-2.patch
@@ -0,0 +1,25 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Tue, 21 May 2019 23:54:20 -0400
+Subject: [PATCH] disable exec spawning when using debugging options
+
+The debugging options are not yet supported probably, so disable exec
+spawning when doing debugging.
+---
+ core/java/com/android/internal/os/ZygoteConnection.java | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/core/java/com/android/internal/os/ZygoteConnection.java b/core/java/com/android/internal/os/ZygoteConnection.java
+index 756547706f60..27518dd4cdce 100644
+--- a/core/java/com/android/internal/os/ZygoteConnection.java
++++ b/core/java/com/android/internal/os/ZygoteConnection.java
+@@ -536,7 +536,8 @@ class ZygoteConnection {
+             throw new IllegalStateException("WrapperInit.execApplication unexpectedly returned");
+         } else {
+             if (!isZygote) {
+-                if (SystemProperties.getBoolean("sys.spawn.exec", true)) {
++                if (SystemProperties.getBoolean("sys.spawn.exec", true) &&
++                        (parsedArgs.mRuntimeFlags & ApplicationInfo.FLAG_DEBUGGABLE) == 0) {
+                     ExecInit.execApplication(parsedArgs.mNiceName, parsedArgs.mTargetSdkVersion,
+                             VMRuntime.getCurrentInstructionSet(), parsedArgs.mRemainingArgs);
+ 
diff --git a/Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-3.patch b/Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-3.patch
new file mode 100644
index 00000000..a441b3d1
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-3.patch
@@ -0,0 +1,47 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Tue, 14 May 2019 14:24:21 -0400
+Subject: [PATCH] add parameter for avoiding full preload with exec
+
+---
+ core/java/com/android/internal/os/ExecInit.java   | 2 +-
+ core/java/com/android/internal/os/ZygoteInit.java | 6 +++++-
+ 2 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/core/java/com/android/internal/os/ExecInit.java b/core/java/com/android/internal/os/ExecInit.java
+index 2adcab7fdbe6..830e5b562a91 100644
+--- a/core/java/com/android/internal/os/ExecInit.java
++++ b/core/java/com/android/internal/os/ExecInit.java
+@@ -33,7 +33,7 @@ public class ExecInit {
+ 
+         // Mimic system Zygote preloading.
+         ZygoteInit.preload(new TimingsTraceLog("ExecInitTiming",
+-                Trace.TRACE_TAG_DALVIK));
++                Trace.TRACE_TAG_DALVIK), false);
+ 
+         // Launch the application.
+         String[] runtimeArgs = new String[args.length - 1];
+diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/android/internal/os/ZygoteInit.java
+index 89b33590ab35..fefff67a66eb 100644
+--- a/core/java/com/android/internal/os/ZygoteInit.java
++++ b/core/java/com/android/internal/os/ZygoteInit.java
+@@ -133,7 +133,7 @@ public class ZygoteInit {
+      */
+     private static ClassLoader sCachedSystemServerClassLoader = null;
+ 
+-    static void preload(TimingsTraceLog bootTimingsTraceLog) {
++    static void preload(TimingsTraceLog bootTimingsTraceLog, boolean fullPreload) {
+         Log.d(TAG, "begin preload");
+         bootTimingsTraceLog.traceBegin("BeginPreload");
+         beginPreload();
+@@ -165,6 +165,10 @@ public class ZygoteInit {
+         sPreloadComplete = true;
+     }
+ 
++    static void preload(TimingsTraceLog bootTimingsTraceLog) {
++        preload(bootTimingsTraceLog, true);
++    }
++
+     static void lazyPreload() {
+         Preconditions.checkState(!sPreloadComplete);
+         Log.i(TAG, "Lazily preloading resources.");
diff --git a/Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-4.patch b/Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-4.patch
new file mode 100644
index 00000000..4348a674
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-4.patch
@@ -0,0 +1,50 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Wed, 11 Sep 2019 06:43:55 -0400
+Subject: [PATCH] pass through fullPreload to libcore
+
+---
+ core/java/com/android/internal/os/ZygoteInit.java | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/android/internal/os/ZygoteInit.java
+index fefff67a66eb..b07173d50b9d 100644
+--- a/core/java/com/android/internal/os/ZygoteInit.java
++++ b/core/java/com/android/internal/os/ZygoteInit.java
+@@ -136,7 +136,7 @@ public class ZygoteInit {
+     static void preload(TimingsTraceLog bootTimingsTraceLog, boolean fullPreload) {
+         Log.d(TAG, "begin preload");
+         bootTimingsTraceLog.traceBegin("BeginPreload");
+-        beginPreload();
++        beginPreload(fullPreload);
+         bootTimingsTraceLog.traceEnd(); // BeginPreload
+         bootTimingsTraceLog.traceBegin("PreloadClasses");
+         preloadClasses();
+@@ -158,7 +158,7 @@ public class ZygoteInit {
+         // Ask the WebViewFactory to do any initialization that must run in the zygote process,
+         // for memory sharing purposes.
+         WebViewFactory.prepareWebViewInZygote();
+-        endPreload();
++        endPreload(fullPreload);
+         warmUpJcaProviders();
+         Log.d(TAG, "end preload");
+ 
+@@ -176,14 +176,14 @@ public class ZygoteInit {
+         preload(new TimingsTraceLog("ZygoteInitTiming_lazy", Trace.TRACE_TAG_DALVIK));
+     }
+ 
+-    private static void beginPreload() {
++    private static void beginPreload(boolean fullPreload) {
+         Log.i(TAG, "Calling ZygoteHooks.beginPreload()");
+ 
+-        ZygoteHooks.onBeginPreload();
++        ZygoteHooks.onBeginPreload(fullPreload);
+     }
+ 
+-    private static void endPreload() {
+-        ZygoteHooks.onEndPreload();
++    private static void endPreload(boolean fullPreload) {
++        ZygoteHooks.onEndPreload(fullPreload);
+ 
+         Log.i(TAG, "Called ZygoteHooks.endPreload()");
+     }
diff --git a/Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-5.patch b/Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-5.patch
new file mode 100644
index 00000000..fe726496
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-5.patch
@@ -0,0 +1,28 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Tue, 14 May 2019 14:28:27 -0400
+Subject: [PATCH] disable OpenGL preloading for exec spawning
+
+---
+ core/java/com/android/internal/os/ZygoteInit.java | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/android/internal/os/ZygoteInit.java
+index b07173d50b9d..d1f7ca14501e 100644
+--- a/core/java/com/android/internal/os/ZygoteInit.java
++++ b/core/java/com/android/internal/os/ZygoteInit.java
+@@ -150,9 +150,11 @@ public class ZygoteInit {
+         Trace.traceBegin(Trace.TRACE_TAG_DALVIK, "PreloadAppProcessHALs");
+         nativePreloadAppProcessHALs();
+         Trace.traceEnd(Trace.TRACE_TAG_DALVIK);
+-        Trace.traceBegin(Trace.TRACE_TAG_DALVIK, "PreloadGraphicsDriver");
+-        maybePreloadGraphicsDriver();
+-        Trace.traceEnd(Trace.TRACE_TAG_DALVIK);
++        if (fullPreload) {
++            Trace.traceBegin(Trace.TRACE_TAG_DALVIK, "PreloadGraphicsDriver");
++            maybePreloadGraphicsDriver();
++            Trace.traceEnd(Trace.TRACE_TAG_DALVIK);
++        }
+         preloadSharedLibraries();
+         preloadTextResources();
+         // Ask the WebViewFactory to do any initialization that must run in the zygote process,
diff --git a/Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-6.patch b/Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-6.patch
new file mode 100644
index 00000000..78b2df3e
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-6.patch
@@ -0,0 +1,28 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Tue, 14 May 2019 14:28:52 -0400
+Subject: [PATCH] disable resource preloading for exec spawning
+
+---
+ core/java/com/android/internal/os/ZygoteInit.java | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/android/internal/os/ZygoteInit.java
+index b07173d50b9d..dbb1fb83f62d 100644
+--- a/core/java/com/android/internal/os/ZygoteInit.java
++++ b/core/java/com/android/internal/os/ZygoteInit.java
+@@ -144,9 +144,11 @@ public class ZygoteInit {
+         bootTimingsTraceLog.traceBegin("CacheNonBootClasspathClassLoaders");
+         cacheNonBootClasspathClassLoaders();
+         bootTimingsTraceLog.traceEnd(); // CacheNonBootClasspathClassLoaders
+-        bootTimingsTraceLog.traceBegin("PreloadResources");
+-        preloadResources();
+-        bootTimingsTraceLog.traceEnd(); // PreloadResources
++        if (fullPreload) {
++            bootTimingsTraceLog.traceBegin("PreloadResources");
++            preloadResources();
++            bootTimingsTraceLog.traceEnd(); // PreloadResources
++        }
+         Trace.traceBegin(Trace.TRACE_TAG_DALVIK, "PreloadAppProcessHALs");
+         nativePreloadAppProcessHALs();
+         Trace.traceEnd(Trace.TRACE_TAG_DALVIK);
diff --git a/Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-7.patch b/Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-7.patch
new file mode 100644
index 00000000..dfe3348e
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-7.patch
@@ -0,0 +1,28 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Tue, 14 May 2019 14:30:59 -0400
+Subject: [PATCH] disable class preloading for exec spawning
+
+---
+ core/java/com/android/internal/os/ZygoteInit.java | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/android/internal/os/ZygoteInit.java
+index dbb1fb83f62d..2c681002eaf8 100644
+--- a/core/java/com/android/internal/os/ZygoteInit.java
++++ b/core/java/com/android/internal/os/ZygoteInit.java
+@@ -138,9 +138,11 @@ public class ZygoteInit {
+         bootTimingsTraceLog.traceBegin("BeginPreload");
+         beginPreload(fullPreload);
+         bootTimingsTraceLog.traceEnd(); // BeginPreload
+-        bootTimingsTraceLog.traceBegin("PreloadClasses");
+-        preloadClasses();
+-        bootTimingsTraceLog.traceEnd(); // PreloadClasses
++        if (fullPreload) {
++            bootTimingsTraceLog.traceBegin("PreloadClasses");
++            preloadClasses();
++            bootTimingsTraceLog.traceEnd(); // PreloadClasses
++        }
+         bootTimingsTraceLog.traceBegin("CacheNonBootClasspathClassLoaders");
+         cacheNonBootClasspathClassLoaders();
+         bootTimingsTraceLog.traceEnd(); // CacheNonBootClasspathClassLoaders
diff --git a/Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-8.patch b/Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-8.patch
new file mode 100644
index 00000000..1e83e643
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-8.patch
@@ -0,0 +1,28 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Tue, 14 May 2019 14:31:29 -0400
+Subject: [PATCH] disable WebView reservation for exec spawning
+
+---
+ core/java/com/android/internal/os/ZygoteInit.java | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/android/internal/os/ZygoteInit.java
+index 2c681002eaf8..abef5cd17126 100644
+--- a/core/java/com/android/internal/os/ZygoteInit.java
++++ b/core/java/com/android/internal/os/ZygoteInit.java
+@@ -159,9 +159,11 @@ public class ZygoteInit {
+         Trace.traceEnd(Trace.TRACE_TAG_DALVIK);
+         preloadSharedLibraries();
+         preloadTextResources();
+-        // Ask the WebViewFactory to do any initialization that must run in the zygote process,
+-        // for memory sharing purposes.
+-        WebViewFactory.prepareWebViewInZygote();
++        if (fullPreload) {
++            // Ask the WebViewFactory to do any initialization that must run in the zygote process,
++            // for memory sharing purposes.
++            WebViewFactory.prepareWebViewInZygote();
++        }
+         endPreload(fullPreload);
+         warmUpJcaProviders();
+         Log.d(TAG, "end preload");
diff --git a/Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-9.patch b/Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-9.patch
new file mode 100644
index 00000000..3b7ab7c3
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_frameworks_base/0018-Exec_Based_Spawning-9.patch
@@ -0,0 +1,57 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Tue, 14 May 2019 14:34:32 -0400
+Subject: [PATCH] disable JCA provider warm up for exec spawning
+
+---
+ .../com/android/internal/os/ZygoteInit.java   | 22 ++++++++++---------
+ 1 file changed, 12 insertions(+), 10 deletions(-)
+
+diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/android/internal/os/ZygoteInit.java
+index abef5cd17126..851e5e1fb5b1 100644
+--- a/core/java/com/android/internal/os/ZygoteInit.java
++++ b/core/java/com/android/internal/os/ZygoteInit.java
+@@ -165,7 +165,7 @@ public class ZygoteInit {
+             WebViewFactory.prepareWebViewInZygote();
+         }
+         endPreload(fullPreload);
+-        warmUpJcaProviders();
++        warmUpJcaProviders(fullPreload);
+         Log.d(TAG, "end preload");
+ 
+         sPreloadComplete = true;
+@@ -229,7 +229,7 @@ public class ZygoteInit {
+      * By doing it here we avoid that each app does it when requesting a service from the provider
+      * for the first time.
+      */
+-    private static void warmUpJcaProviders() {
++    private static void warmUpJcaProviders(boolean fullPreload) {
+         long startTime = SystemClock.uptimeMillis();
+         Trace.traceBegin(
+                 Trace.TRACE_TAG_DALVIK, "Starting installation of AndroidKeyStoreProvider");
+@@ -239,15 +239,17 @@ public class ZygoteInit {
+                 + (SystemClock.uptimeMillis() - startTime) + "ms.");
+         Trace.traceEnd(Trace.TRACE_TAG_DALVIK);
+ 
+-        startTime = SystemClock.uptimeMillis();
+-        Trace.traceBegin(
+-                Trace.TRACE_TAG_DALVIK, "Starting warm up of JCA providers");
+-        for (Provider p : Security.getProviders()) {
+-            p.warmUpServiceProvision();
++        if (fullPreload) {
++            startTime = SystemClock.uptimeMillis();
++            Trace.traceBegin(
++                    Trace.TRACE_TAG_DALVIK, "Starting warm up of JCA providers");
++            for (Provider p : Security.getProviders()) {
++                p.warmUpServiceProvision();
++            }
++            Log.i(TAG, "Warmed up JCA providers in "
++                    + (SystemClock.uptimeMillis() - startTime) + "ms.");
++            Trace.traceEnd(Trace.TRACE_TAG_DALVIK);
+         }
+-        Log.i(TAG, "Warmed up JCA providers in "
+-                + (SystemClock.uptimeMillis() - startTime) + "ms.");
+-        Trace.traceEnd(Trace.TRACE_TAG_DALVIK);
+     }
+ 
+     /**
diff --git a/Patches/LineageOS-19.1/android_frameworks_base/0020-Location_Indicators.patch b/Patches/LineageOS-19.1/android_frameworks_base/0020-Location_Indicators.patch
new file mode 100644
index 00000000..d1c44133
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_frameworks_base/0020-Location_Indicators.patch
@@ -0,0 +1,48 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Danny Lin <danny@kdrag0n.dev>
+Date: Mon, 11 Oct 2021 15:03:59 -0700
+Subject: [PATCH] SystemUI: Use new privacy indicators for location
+
+Android has had location indicators for a while, but let's use the new
+privacy indicator infrastructure for displaying them. This makes them
+integrate better with the new camera and microphone indicators.
+
+Change-Id: Ie457bb2dad17bddbf9dc3a818e3ec586023ce918
+---
+ core/java/android/permission/PermissionUsageHelper.java       | 2 +-
+ .../src/com/android/systemui/privacy/PrivacyItemController.kt | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/core/java/android/permission/PermissionUsageHelper.java b/core/java/android/permission/PermissionUsageHelper.java
+index cf2361a1026a..5ba24a3d4e7a 100644
+--- a/core/java/android/permission/PermissionUsageHelper.java
++++ b/core/java/android/permission/PermissionUsageHelper.java
+@@ -101,7 +101,7 @@ public class PermissionUsageHelper implements AppOpsManager.OnOpActiveChangedLis
+ 
+     private static boolean shouldShowLocationIndicator() {
+         return DeviceConfig.getBoolean(DeviceConfig.NAMESPACE_PRIVACY,
+-                PROPERTY_LOCATION_INDICATORS_ENABLED, false);
++                PROPERTY_LOCATION_INDICATORS_ENABLED, true);
+     }
+ 
+     private static long getRecentThreshold(Long now) {
+diff --git a/packages/SystemUI/src/com/android/systemui/privacy/PrivacyItemController.kt b/packages/SystemUI/src/com/android/systemui/privacy/PrivacyItemController.kt
+index e072b4a3646c..f7bf1c3af7a2 100644
+--- a/packages/SystemUI/src/com/android/systemui/privacy/PrivacyItemController.kt
++++ b/packages/SystemUI/src/com/android/systemui/privacy/PrivacyItemController.kt
+@@ -73,7 +73,7 @@ class PrivacyItemController @Inject constructor(
+         private const val MIC_CAMERA = SystemUiDeviceConfigFlags.PROPERTY_MIC_CAMERA_ENABLED
+         private const val LOCATION = SystemUiDeviceConfigFlags.PROPERTY_LOCATION_INDICATORS_ENABLED
+         private const val DEFAULT_MIC_CAMERA = true
+-        private const val DEFAULT_LOCATION = false
++        private const val DEFAULT_LOCATION = true
+         @VisibleForTesting const val TIME_TO_HOLD_INDICATORS = 5000L
+     }
+ 
+@@ -381,4 +381,4 @@ class PrivacyItemController @Inject constructor(
+             listeningCanceller = delegate.executeDelayed({ setListeningState() }, 0L)
+         }
+     }
+-}
+\ No newline at end of file
++}
diff --git a/Patches/LineageOS-19.1/android_frameworks_ex/0001-constify_JNINativeMethod.patch b/Patches/LineageOS-19.1/android_frameworks_ex/0001-constify_JNINativeMethod.patch
new file mode 100644
index 00000000..8dc18001
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_frameworks_ex/0001-constify_JNINativeMethod.patch
@@ -0,0 +1,22 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Mon, 4 Jan 2021 19:56:14 -0500
+Subject: [PATCH] constify JNINativeMethod table
+
+---
+ framesequence/jni/FrameSequenceJNI.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/framesequence/jni/FrameSequenceJNI.cpp b/framesequence/jni/FrameSequenceJNI.cpp
+index c701f03..4041733 100644
+--- a/framesequence/jni/FrameSequenceJNI.cpp
++++ b/framesequence/jni/FrameSequenceJNI.cpp
+@@ -141,7 +141,7 @@ static jlong JNICALL nativeGetFrame(
+     return delayMs;
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+     {   "nativeDecodeByteArray",
+         "([BII)L" JNI_PACKAGE "/FrameSequence;",
+         (void*) nativeDecodeByteArray
diff --git a/Patches/LineageOS-19.1/android_frameworks_native/0001-Sensors_Permission.patch b/Patches/LineageOS-19.1/android_frameworks_native/0001-Sensors_Permission.patch
new file mode 100644
index 00000000..f098b3c9
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_frameworks_native/0001-Sensors_Permission.patch
@@ -0,0 +1,22 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Sat, 7 Oct 2017 16:28:57 -0400
+Subject: [PATCH] require OTHER_SENSORS permission for sensors
+
+Ported from 10: ff005a6b6a38baef95c4a01d7e1fc75aac651a58
+---
+ libs/sensor/Sensor.cpp | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/libs/sensor/Sensor.cpp b/libs/sensor/Sensor.cpp
+index 0a49008584..94bac9177c 100644
+--- a/libs/sensor/Sensor.cpp
++++ b/libs/sensor/Sensor.cpp
+@@ -59,6 +59,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
+     mMinDelay = hwSensor.minDelay;
+     mFlags = 0;
+     mUuid = uuid;
++    mRequiredPermission = "android.permission.OTHER_SENSORS";
+ 
+     // Set fifo event count zero for older devices which do not support batching. Fused
+     // sensors also have their fifo counts set to zero.
diff --git a/Patches/LineageOS-19.1/android_frameworks_opt_net_ims/0001-Fix_Calling.patch b/Patches/LineageOS-19.1/android_frameworks_opt_net_ims/0001-Fix_Calling.patch
new file mode 100644
index 00000000..1fd2c2e9
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_frameworks_opt_net_ims/0001-Fix_Calling.patch
@@ -0,0 +1,55 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Tad <tad@spotco.us>
+Date: Tue, 14 Apr 2020 16:59:46 -0400
+Subject: [PATCH] Fix calling after VoLTE is removed from devices that had it
+ previously enabled
+
+Change-Id: Id5e3b8f7793d0783104b8b59581688c8ef821396
+---
+ src/java/com/android/ims/ImsManager.java | 26 +-----------------------
+ 1 file changed, 1 insertion(+), 25 deletions(-)
+
+diff --git a/src/java/com/android/ims/ImsManager.java b/src/java/com/android/ims/ImsManager.java
+index 345cbc5..fbf0389 100644
+--- a/src/java/com/android/ims/ImsManager.java
++++ b/src/java/com/android/ims/ImsManager.java
+@@ -534,13 +534,6 @@ public class ImsManager implements FeatureUpdates {
+      */
+     @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553)
+     public static boolean isEnhanced4gLteModeSettingEnabledByUser(Context context) {
+-        DefaultSubscriptionManagerProxy p = new DefaultSubscriptionManagerProxy(context);
+-        ImsManager mgr = ImsManager.getInstance(context, p.getDefaultVoicePhoneId());
+-        if (mgr != null) {
+-            return mgr.isEnhanced4gLteModeSettingEnabledByUser();
+-        }
+-        Rlog.e(TAG, "isEnhanced4gLteModeSettingEnabledByUser: ImsManager null, returning default"
+-                + " value.");
+         return false;
+     }
+ 
+@@ -555,24 +548,7 @@ public class ImsManager implements FeatureUpdates {
+      * return the default value.
+      */
+     public boolean isEnhanced4gLteModeSettingEnabledByUser() {
+-        int setting = mSubscriptionManagerProxy.getIntegerSubscriptionProperty(
+-                getSubId(), SubscriptionManager.ENHANCED_4G_MODE_ENABLED,
+-                SUB_PROPERTY_NOT_INITIALIZED);
+-        boolean onByDefault = getBooleanCarrierConfig(
+-                CarrierConfigManager.KEY_ENHANCED_4G_LTE_ON_BY_DEFAULT_BOOL);
+-        boolean isUiUnEditable =
+-                !getBooleanCarrierConfig(CarrierConfigManager.KEY_EDITABLE_ENHANCED_4G_LTE_BOOL)
+-                || getBooleanCarrierConfig(CarrierConfigManager.KEY_HIDE_ENHANCED_4G_LTE_BOOL);
+-        boolean isSettingNotInitialized = setting == SUB_PROPERTY_NOT_INITIALIZED;
+-
+-        // If Enhanced 4G LTE Mode is uneditable, hidden, not initialized and VoIMS opt-in disabled
+-        // we use the default value. If VoIMS opt-in is enabled, we will always allow the user to
+-        // change the IMS enabled setting.
+-        if ((isUiUnEditable || isSettingNotInitialized) && !isVoImsOptInEnabled()) {
+-            return onByDefault;
+-        } else {
+-            return (setting == ProvisioningManager.PROVISIONING_VALUE_ENABLED);
+-        }
++        return false;
+     }
+ 
+     /**
diff --git a/Patches/LineageOS-19.1/android_frameworks_opt_net_wifi/0001-Random_MAC.patch b/Patches/LineageOS-19.1/android_frameworks_opt_net_wifi/0001-Random_MAC.patch
new file mode 100644
index 00000000..4772dc9d
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_frameworks_opt_net_wifi/0001-Random_MAC.patch
@@ -0,0 +1,88 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: renlord <me@renlord.com>
+Date: Fri, 15 Oct 2021 19:11:18 +0530
+Subject: [PATCH] add support for always generating new random MAC
+
+To trigger re-generation of randomized MAC addressed for an already
+connected AP. User simply has to toggle on/off wifi. Otherwise, on
+re-connection, a new randomized MAC address also gets generated.
+
+based on https://github.com/GrapheneOS/platform_frameworks_opt_net_wifi/commit/a0d9bda06b71694f38fe02bbe24628ee21a7d270
+---
+ .../wifitrackerlib/StandardWifiEntry.java     | 32 ++++++++++++++-----
+ .../com/android/wifitrackerlib/WifiEntry.java |  1 +
+ 2 files changed, 25 insertions(+), 8 deletions(-)
+
+diff --git a/libs/WifiTrackerLib/src/com/android/wifitrackerlib/StandardWifiEntry.java b/libs/WifiTrackerLib/src/com/android/wifitrackerlib/StandardWifiEntry.java
+index 4f63ced83..3d3000d33 100644
+--- a/libs/WifiTrackerLib/src/com/android/wifitrackerlib/StandardWifiEntry.java
++++ b/libs/WifiTrackerLib/src/com/android/wifitrackerlib/StandardWifiEntry.java
+@@ -260,7 +260,7 @@ public class StandardWifiEntry extends WifiEntry {
+                 return wifiInfoMac;
+             }
+         }
+-        if (mTargetWifiConfig == null || getPrivacy() != PRIVACY_RANDOMIZED_MAC) {
++        if (mTargetWifiConfig == null || getPrivacy() == PRIVACY_DEVICE_MAC) {
+             final String[] factoryMacs = mWifiManager.getFactoryMacAddresses();
+             if (factoryMacs.length > 0) {
+                 return factoryMacs[0];
+@@ -522,12 +522,18 @@ public class StandardWifiEntry extends WifiEntry {
+     @Override
+     @Privacy
+     public synchronized int getPrivacy() {
+-        if (mTargetWifiConfig != null
+-                && mTargetWifiConfig.macRandomizationSetting
+-                == WifiConfiguration.RANDOMIZATION_NONE) {
+-            return PRIVACY_DEVICE_MAC;
++        if (mTargetWifiConfig != null) {
++            switch (mTargetWifiConfig.macRandomizationSetting) {
++                case WifiConfiguration.RANDOMIZATION_NONE:
++                    return PRIVACY_DEVICE_MAC;
++                case WifiConfiguration.RANDOMIZATION_ALWAYS:
++                    return PRIVACY_RANDOMIZATION_ALWAYS;
++                default:
++                    // WifiConfiguration.RANDOMIZATION_AUTO and WifiConfiguration.RANDOMIZATION_PERSISTENT
++                    return PRIVACY_RANDOMIZED_MAC;
++            }
+         } else {
+-            return PRIVACY_RANDOMIZED_MAC;
++            return PRIVACY_RANDOMIZATION_ALWAYS;
+         }
+     }
+ 
+@@ -537,11 +543,21 @@ public class StandardWifiEntry extends WifiEntry {
+             return;
+         }
+ 
+-        mTargetWifiConfig.macRandomizationSetting = privacy == PRIVACY_RANDOMIZED_MAC
+-                ? WifiConfiguration.RANDOMIZATION_AUTO : WifiConfiguration.RANDOMIZATION_NONE;
++        mTargetWifiConfig.macRandomizationSetting = translatePrivacyToWifiConfigurationValues(privacy);
+         mWifiManager.save(mTargetWifiConfig, null /* listener */);
+     }
+ 
++    private static int translatePrivacyToWifiConfigurationValues(int privacyValue) {
++        switch (privacyValue) {
++            case PRIVACY_RANDOMIZED_MAC:
++                return WifiConfiguration.RANDOMIZATION_PERSISTENT;
++            case PRIVACY_DEVICE_MAC:
++                return WifiConfiguration.RANDOMIZATION_NONE;
++            default:
++                return WifiConfiguration.RANDOMIZATION_ALWAYS;
++        }
++    }
++
+     @Override
+     public synchronized boolean isAutoJoinEnabled() {
+         if (mTargetWifiConfig == null) {
+diff --git a/libs/WifiTrackerLib/src/com/android/wifitrackerlib/WifiEntry.java b/libs/WifiTrackerLib/src/com/android/wifitrackerlib/WifiEntry.java
+index 15edf8a18..e3bc3a45b 100644
+--- a/libs/WifiTrackerLib/src/com/android/wifitrackerlib/WifiEntry.java
++++ b/libs/WifiTrackerLib/src/com/android/wifitrackerlib/WifiEntry.java
+@@ -156,6 +156,7 @@ public class WifiEntry implements Comparable<WifiEntry> {
+     public static final int PRIVACY_DEVICE_MAC = 0;
+     public static final int PRIVACY_RANDOMIZED_MAC = 1;
+     public static final int PRIVACY_UNKNOWN = 2;
++    public static final int PRIVACY_RANDOMIZATION_ALWAYS = 100;
+ 
+     @Retention(RetentionPolicy.SOURCE)
+     @IntDef(value = {
diff --git a/Patches/LineageOS-19.1/android_hardware_qcom_audio/0001-Unused-8996.patch b/Patches/LineageOS-19.1/android_hardware_qcom_audio/0001-Unused-8996.patch
new file mode 100644
index 00000000..edbd16c7
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_hardware_qcom_audio/0001-Unused-8996.patch
@@ -0,0 +1,58 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: codeworkx <daniel.hillenbrand@codeworkx.de>
+Date: Sun, 20 Jan 2019 17:48:20 +0100
+Subject: [PATCH] audio_extn: Fix unused parameter warning in utils.c
+
+The unused parameter warning appears if we are not building with
+at least one of the following cflags enabled:
+
+* DEV_ARBI_ENABLED
+* SOUND_TRIGGER_ENABLED
+* AUDIO_LISTEN_ENABLED
+
+  hardware/qcom/audio/hal/audio_extn/utils.c:2522:55: error: unused parameter 'snd_device'
+[-Werror,-Wunused-parameter]
+  void audio_extn_utils_release_snd_device(snd_device_t snd_device)
+                                                      ^
+
+Change-Id: I694c683c9bfde60343f0f6ea8d806bc5e24437e6
+(cherry picked from commit 12981fb9f3c8a67bcc362c7badfb9189bc181cda)
+---
+ hal/audio_extn/audio_extn.h | 5 +++++
+ hal/audio_extn/utils.c      | 2 ++
+ 2 files changed, 7 insertions(+)
+
+diff --git a/hal/audio_extn/audio_extn.h b/hal/audio_extn/audio_extn.h
+index 1187642d1..38ae1aed5 100644
+--- a/hal/audio_extn/audio_extn.h
++++ b/hal/audio_extn/audio_extn.h
+@@ -688,7 +688,12 @@ bool audio_extn_utils_is_dolby_format(audio_format_t format);
+ int audio_extn_utils_get_bit_width_from_string(const char *);
+ int audio_extn_utils_get_sample_rate_from_string(const char *);
+ int audio_extn_utils_get_channels_from_string(const char *);
++
++#if !defined(DEV_ARBI_ENABLED) && !defined(SOUND_TRIGGER_ENABLED) && !defined(AUDIO_LISTEN_ENABLED)
++#define audio_extn_utils_release_snd_device(snd_device) (0)
++#else
+ void audio_extn_utils_release_snd_device(snd_device_t snd_device);
++#endif
+ int audio_extn_utils_get_app_sample_rate_for_device(struct audio_device *adev,
+                                     struct audio_usecase *usecase, int snd_device);
+ 
+diff --git a/hal/audio_extn/utils.c b/hal/audio_extn/utils.c
+index cd788542f..10f1eb216 100644
+--- a/hal/audio_extn/utils.c
++++ b/hal/audio_extn/utils.c
+@@ -2520,6 +2520,7 @@ int audio_extn_utils_get_channels_from_string(const char *id_string)
+     return -EINVAL;
+ }
+ 
++#if defined(DEV_ARBI_ENABLED) || defined(SOUND_TRIGGER_ENABLED) || defined(AUDIO_LISTEN_ENABLED)
+ void audio_extn_utils_release_snd_device(snd_device_t snd_device)
+ {
+     audio_extn_dev_arbi_release(snd_device);
+@@ -2528,3 +2529,4 @@ void audio_extn_utils_release_snd_device(snd_device_t snd_device)
+     audio_extn_listen_update_device_status(snd_device,
+                                     LISTEN_EVENT_SND_DEVICE_FREE);
+ }
++#endif
diff --git a/Patches/LineageOS-19.1/android_hardware_qcom_audio/0001-Unused-8998.patch b/Patches/LineageOS-19.1/android_hardware_qcom_audio/0001-Unused-8998.patch
new file mode 100644
index 00000000..3bcf1137
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_hardware_qcom_audio/0001-Unused-8998.patch
@@ -0,0 +1,60 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: codeworkx <daniel.hillenbrand@codeworkx.de>
+Date: Sun, 20 Jan 2019 17:48:20 +0100
+Subject: [PATCH] audio_extn: Fix unused parameter warning in utils.c
+
+The unused parameter warning appears if we are not building with
+at least one of the following cflags enabled:
+
+* DEV_ARBI_ENABLED
+* SOUND_TRIGGER_ENABLED
+* AUDIO_LISTEN_ENABLED
+
+  hardware/qcom/audio/hal/audio_extn/utils.c:2522:55: error: unused parameter 'snd_device'
+[-Werror,-Wunused-parameter]
+  void audio_extn_utils_release_snd_device(snd_device_t snd_device)
+                                                      ^
+
+Change-Id: I694c683c9bfde60343f0f6ea8d806bc5e24437e6
+Signed-off-by: Atman <masteratman@gmail.com>
+---
+ hal/audio_extn/audio_extn.h | 4 ++++
+ hal/audio_extn/utils.c      | 2 ++
+ 2 files changed, 6 insertions(+)
+
+diff --git a/hal/audio_extn/audio_extn.h b/hal/audio_extn/audio_extn.h
+index f37c948ec..c6b2051a7 100644
+--- a/hal/audio_extn/audio_extn.h
++++ b/hal/audio_extn/audio_extn.h
+@@ -815,7 +815,11 @@ bool audio_extn_utils_is_dolby_format(audio_format_t format);
+ int audio_extn_utils_get_bit_width_from_string(const char *);
+ int audio_extn_utils_get_sample_rate_from_string(const char *);
+ int audio_extn_utils_get_channels_from_string(const char *);
++#if !defined(DEV_ARBI_ENABLED) && !defined(SOUND_TRIGGER_ENABLED) && !defined(AUDIO_LISTEN_ENABLED)
++#define audio_extn_utils_release_snd_device(snd_device) (0)
++#else
+ void audio_extn_utils_release_snd_device(snd_device_t snd_device);
++#endif
+ bool audio_extn_utils_is_vendor_enhanced_fwk();
+ int audio_extn_utils_get_vendor_enhanced_info();
+ int audio_extn_utils_get_app_sample_rate_for_device(struct audio_device *adev,
+diff --git a/hal/audio_extn/utils.c b/hal/audio_extn/utils.c
+index 4675fc39c..4a5d91a97 100644
+--- a/hal/audio_extn/utils.c
++++ b/hal/audio_extn/utils.c
+@@ -2917,6 +2917,7 @@ int audio_extn_utils_get_channels_from_string(const char *id_string)
+     return -EINVAL;
+ }
+ 
++#if defined(DEV_ARBI_ENABLED) || defined(SOUND_TRIGGER_ENABLED) || defined(AUDIO_LISTEN_ENABLED)
+ void audio_extn_utils_release_snd_device(snd_device_t snd_device)
+ {
+     audio_extn_dev_arbi_release(snd_device);
+@@ -2925,6 +2926,7 @@ void audio_extn_utils_release_snd_device(snd_device_t snd_device)
+     audio_extn_listen_update_device_status(snd_device,
+             LISTEN_EVENT_SND_DEVICE_FREE);
+ }
++#endif
+ 
+ int audio_extn_utils_get_license_params(
+         const struct audio_device *adev,
diff --git a/Patches/LineageOS-19.1/android_hardware_qcom_audio/0001-Unused-sdm845.patch b/Patches/LineageOS-19.1/android_hardware_qcom_audio/0001-Unused-sdm845.patch
new file mode 100644
index 00000000..9c841bdd
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_hardware_qcom_audio/0001-Unused-sdm845.patch
@@ -0,0 +1,60 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: codeworkx <daniel.hillenbrand@codeworkx.de>
+Date: Sun, 20 Jan 2019 17:48:20 +0100
+Subject: [PATCH] audio_extn: Fix unused parameter warning in utils.c
+
+The unused parameter warning appears if we are not building with
+at least one of the following cflags enabled:
+
+* DEV_ARBI_ENABLED
+* SOUND_TRIGGER_ENABLED
+* AUDIO_LISTEN_ENABLED
+
+  hardware/qcom/audio/hal/audio_extn/utils.c:2522:55: error: unused parameter 'snd_device'
+[-Werror,-Wunused-parameter]
+  void audio_extn_utils_release_snd_device(snd_device_t snd_device)
+                                                      ^
+
+Change-Id: I694c683c9bfde60343f0f6ea8d806bc5e24437e6
+Signed-off-by: Atman <masteratman@gmail.com>
+---
+ hal/audio_extn/audio_extn.h | 4 ++++
+ hal/audio_extn/utils.c      | 2 ++
+ 2 files changed, 6 insertions(+)
+
+diff --git a/hal/audio_extn/audio_extn.h b/hal/audio_extn/audio_extn.h
+index 85502ad91..95890ab12 100755
+--- a/hal/audio_extn/audio_extn.h
++++ b/hal/audio_extn/audio_extn.h
+@@ -860,7 +860,11 @@ bool audio_extn_utils_is_dolby_format(audio_format_t format);
+ int audio_extn_utils_get_bit_width_from_string(const char *);
+ int audio_extn_utils_get_sample_rate_from_string(const char *);
+ int audio_extn_utils_get_channels_from_string(const char *);
++#if !defined(DEV_ARBI_ENABLED) && !defined(SOUND_TRIGGER_ENABLED) && !defined(AUDIO_LISTEN_ENABLED)
++#define audio_extn_utils_release_snd_device(snd_device) (0)
++#else
+ void audio_extn_utils_release_snd_device(snd_device_t snd_device);
++#endif
+ bool audio_extn_utils_is_vendor_enhanced_fwk();
+ int audio_extn_utils_get_vendor_enhanced_info();
+ int audio_extn_utils_get_app_sample_rate_for_device(struct audio_device *adev,
+diff --git a/hal/audio_extn/utils.c b/hal/audio_extn/utils.c
+index 756faf544..0e25d3a39 100755
+--- a/hal/audio_extn/utils.c
++++ b/hal/audio_extn/utils.c
+@@ -3272,6 +3272,7 @@ int audio_extn_utils_get_channels_from_string(const char *id_string)
+     return -EINVAL;
+ }
+ 
++#if defined(DEV_ARBI_ENABLED) || defined(SOUND_TRIGGER_ENABLED) || defined(AUDIO_LISTEN_ENABLED)
+ void audio_extn_utils_release_snd_device(snd_device_t snd_device)
+ {
+     audio_extn_dev_arbi_release(snd_device);
+@@ -3280,6 +3281,7 @@ void audio_extn_utils_release_snd_device(snd_device_t snd_device)
+     audio_extn_listen_update_device_status(snd_device,
+             LISTEN_EVENT_SND_DEVICE_FREE);
+ }
++#endif
+ 
+ int audio_extn_utils_get_license_params(
+         const struct audio_device *adev,
diff --git a/Patches/LineageOS-19.1/android_hardware_qcom_audio/0001-Unused-sm8150.patch b/Patches/LineageOS-19.1/android_hardware_qcom_audio/0001-Unused-sm8150.patch
new file mode 100644
index 00000000..069c737a
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_hardware_qcom_audio/0001-Unused-sm8150.patch
@@ -0,0 +1,58 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: codeworkx <daniel.hillenbrand@codeworkx.de>
+Date: Mon, 1 Jul 2019 06:36:30 +0000
+Subject: [PATCH] audio_extn: Fix unused parameter warning in utils.c
+
+The unused parameter warning appears if we are not building with
+at least one of the following cflags enabled:
+
+* DEV_ARBI_ENABLED
+* SOUND_TRIGGER_ENABLED
+* AUDIO_LISTEN_ENABLED
+
+  hardware/qcom/audio/hal/audio_extn/utils.c:2522:55: error: unused parameter 'snd_device'
+[-Werror,-Wunused-parameter]
+  void audio_extn_utils_release_snd_device(snd_device_t snd_device)
+
+Change-Id: I694c683c9bfde60343f0f6ea8d806bc5e24437e6
+---
+ hal/audio_extn/audio_extn.h | 4 ++++
+ hal/audio_extn/utils.c      | 2 ++
+ 2 files changed, 6 insertions(+)
+
+diff --git a/hal/audio_extn/audio_extn.h b/hal/audio_extn/audio_extn.h
+index da986ad63..82320356e 100644
+--- a/hal/audio_extn/audio_extn.h
++++ b/hal/audio_extn/audio_extn.h
+@@ -834,7 +834,11 @@ bool audio_extn_utils_is_dolby_format(audio_format_t format);
+ int audio_extn_utils_get_bit_width_from_string(const char *);
+ int audio_extn_utils_get_sample_rate_from_string(const char *);
+ int audio_extn_utils_get_channels_from_string(const char *);
++#if !defined(DEV_ARBI_ENABLED) && !defined(SOUND_TRIGGER_ENABLED) && !defined(AUDIO_LISTEN_ENABLED)
++#define audio_extn_utils_release_snd_device(snd_device) (0)
++#else
+ void audio_extn_utils_release_snd_device(snd_device_t snd_device);
++#endif
+ bool audio_extn_utils_is_vendor_enhanced_fwk();
+ int audio_extn_utils_get_vendor_enhanced_info();
+ int audio_extn_utils_get_app_sample_rate_for_device(struct audio_device *adev,
+diff --git a/hal/audio_extn/utils.c b/hal/audio_extn/utils.c
+index 0ba2f4f82..d179f4f03 100644
+--- a/hal/audio_extn/utils.c
++++ b/hal/audio_extn/utils.c
+@@ -3072,6 +3072,7 @@ int audio_extn_utils_get_channels_from_string(const char *id_string)
+     return -EINVAL;
+ }
+ 
++#if defined(DEV_ARBI_ENABLED) || defined(SOUND_TRIGGER_ENABLED) || defined(AUDIO_LISTEN_ENABLED)
+ void audio_extn_utils_release_snd_device(snd_device_t snd_device)
+ {
+     audio_extn_dev_arbi_release(snd_device);
+@@ -3080,6 +3081,7 @@ void audio_extn_utils_release_snd_device(snd_device_t snd_device)
+     audio_extn_listen_update_device_status(snd_device,
+             LISTEN_EVENT_SND_DEVICE_FREE);
+ }
++#endif
+ 
+ int audio_extn_utils_get_license_params(
+         const struct audio_device *adev,
diff --git a/Patches/LineageOS-19.1/android_libcore/0001-Network_Permission.patch b/Patches/LineageOS-19.1/android_libcore/0001-Network_Permission.patch
new file mode 100644
index 00000000..8e8bf556
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_libcore/0001-Network_Permission.patch
@@ -0,0 +1,32 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
+Date: Tue, 14 Dec 2021 21:10:51 +0200
+Subject: [PATCH] don't throw SecurityException when INTERNET permission is
+ revoked
+
+---
+ ojluni/src/main/java/java/net/Inet6AddressImpl.java | 11 +----------
+ 1 file changed, 1 insertion(+), 10 deletions(-)
+
+diff --git a/ojluni/src/main/java/java/net/Inet6AddressImpl.java b/ojluni/src/main/java/java/net/Inet6AddressImpl.java
+index 84bcf17edae..fda9674e08e 100644
+--- a/ojluni/src/main/java/java/net/Inet6AddressImpl.java
++++ b/ojluni/src/main/java/java/net/Inet6AddressImpl.java
+@@ -141,16 +141,7 @@ class Inet6AddressImpl implements InetAddressImpl {
+             addressCache.put(host, netId, addresses);
+             return addresses;
+         } catch (GaiException gaiException) {
+-            // If the failure appears to have been a lack of INTERNET permission, throw a clear
+-            // SecurityException to aid in debugging this common mistake.
+-            // http://code.google.com/p/android/issues/detail?id=15722
+-            if (gaiException.getCause() instanceof ErrnoException) {
+-                int errno = ((ErrnoException) gaiException.getCause()).errno;
+-                if (errno == EACCES || errno == EPERM) {
+-                    throw new SecurityException("Permission denied (missing INTERNET permission?)", gaiException);
+-                }
+-            }
+-            // Otherwise, throw an UnknownHostException.
++            // Throw an UnknownHostException.
+             String detailMessage = "Unable to resolve host \"" + host + "\": " + Libcore.os.gai_strerror(gaiException.error);
+             addressCache.putUnknownHost(host, netId, detailMessage);
+             throw gaiException.rethrowAsUnknownHostException(detailMessage);
diff --git a/Patches/LineageOS-19.1/android_libcore/0002-constify_JNINativeMethod.patch b/Patches/LineageOS-19.1/android_libcore/0002-constify_JNINativeMethod.patch
new file mode 100644
index 00000000..6852442c
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_libcore/0002-constify_JNINativeMethod.patch
@@ -0,0 +1,199 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Sun, 10 Oct 2021 18:47:54 -0400
+Subject: [PATCH] constify JNINativeMethod tables
+
+---
+ luni/src/main/native/android_system_OsConstants.cpp           | 2 +-
+ luni/src/main/native/java_lang_StringToReal.cpp               | 2 +-
+ luni/src/main/native/java_lang_invoke_MethodHandle.cpp        | 2 +-
+ luni/src/main/native/java_lang_invoke_VarHandle.cpp           | 2 +-
+ luni/src/main/native/libcore_icu_ICU.cpp                      | 2 +-
+ luni/src/main/native/libcore_io_AsynchronousCloseMonitor.cpp  | 2 +-
+ luni/src/main/native/libcore_io_Linux.cpp                     | 2 +-
+ luni/src/main/native/libcore_io_Memory.cpp                    | 2 +-
+ luni/src/main/native/libcore_math_NativeBN.cpp                | 2 +-
+ .../src/main/native/libcore_util_NativeAllocationRegistry.cpp | 2 +-
+ luni/src/main/native/org_apache_harmony_xml_ExpatParser.cpp   | 4 ++--
+ luni/src/main/native/sun_misc_Unsafe.cpp                      | 2 +-
+ ojluni/src/main/native/Character.cpp                          | 2 +-
+ 13 files changed, 14 insertions(+), 14 deletions(-)
+
+diff --git a/luni/src/main/native/android_system_OsConstants.cpp b/luni/src/main/native/android_system_OsConstants.cpp
+index 50e3c104666..8ad66d2742b 100644
+--- a/luni/src/main/native/android_system_OsConstants.cpp
++++ b/luni/src/main/native/android_system_OsConstants.cpp
+@@ -722,7 +722,7 @@ static void OsConstants_initConstants(JNIEnv* env, jclass c) {
+     initConstant(env, c, "_SC_XOPEN_XCU_VERSION", _SC_XOPEN_XCU_VERSION);
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+     NATIVE_METHOD(OsConstants, initConstants, "()V"),
+ };
+ void register_android_system_OsConstants(JNIEnv* env) {
+diff --git a/luni/src/main/native/java_lang_StringToReal.cpp b/luni/src/main/native/java_lang_StringToReal.cpp
+index 7a492856394..edd71fad700 100644
+--- a/luni/src/main/native/java_lang_StringToReal.cpp
++++ b/luni/src/main/native/java_lang_StringToReal.cpp
+@@ -892,7 +892,7 @@ static jdouble StringToReal_parseDblImpl(JNIEnv* env, jclass, jstring s, jint e)
+     return createDouble(env, str.c_str(), e);
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+     NATIVE_METHOD(StringToReal, parseFltImpl, "(Ljava/lang/String;I)F"),
+     NATIVE_METHOD(StringToReal, parseDblImpl, "(Ljava/lang/String;I)D"),
+ };
+diff --git a/luni/src/main/native/java_lang_invoke_MethodHandle.cpp b/luni/src/main/native/java_lang_invoke_MethodHandle.cpp
+index 0441d4552dc..3335c6de9ac 100644
+--- a/luni/src/main/native/java_lang_invoke_MethodHandle.cpp
++++ b/luni/src/main/native/java_lang_invoke_MethodHandle.cpp
+@@ -29,7 +29,7 @@ static jobject MethodHandle_invoke(JNIEnv* env, jobject, jobjectArray) {
+     return nullptr;
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+     NATIVE_METHOD(MethodHandle, invokeExact, "([Ljava/lang/Object;)Ljava/lang/Object;"),
+     NATIVE_METHOD(MethodHandle, invoke, "([Ljava/lang/Object;)Ljava/lang/Object;"),
+ };
+diff --git a/luni/src/main/native/java_lang_invoke_VarHandle.cpp b/luni/src/main/native/java_lang_invoke_VarHandle.cpp
+index e1cc1c7f8b5..9f5215a5204 100644
+--- a/luni/src/main/native/java_lang_invoke_VarHandle.cpp
++++ b/luni/src/main/native/java_lang_invoke_VarHandle.cpp
+@@ -210,7 +210,7 @@ static jboolean VarHandle_weakCompareAndSetRelease(JNIEnv* env, jobject, jobject
+   return JNI_FALSE;
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+   NATIVE_METHOD(VarHandle, compareAndExchange, "([Ljava/lang/Object;)Ljava/lang/Object;"),
+   NATIVE_METHOD(VarHandle, compareAndExchangeAcquire, "([Ljava/lang/Object;)Ljava/lang/Object;"),
+   NATIVE_METHOD(VarHandle, compareAndExchangeRelease, "([Ljava/lang/Object;)Ljava/lang/Object;"),
+diff --git a/luni/src/main/native/libcore_icu_ICU.cpp b/luni/src/main/native/libcore_icu_ICU.cpp
+index f9401d1edb7..1531ad1ca59 100644
+--- a/luni/src/main/native/libcore_icu_ICU.cpp
++++ b/luni/src/main/native/libcore_icu_ICU.cpp
+@@ -112,7 +112,7 @@ static jstring ICU_getUnicodeVersion(JNIEnv* env, jclass) {
+     return versionString(env, unicodeVersion);
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+     NATIVE_METHOD(ICU, getAvailableLocalesNative, "()[Ljava/lang/String;"),
+     NATIVE_METHOD(ICU, getCldrVersion, "()Ljava/lang/String;"),
+     NATIVE_METHOD(ICU, getDefaultLocale, "()Ljava/lang/String;"),
+diff --git a/luni/src/main/native/libcore_io_AsynchronousCloseMonitor.cpp b/luni/src/main/native/libcore_io_AsynchronousCloseMonitor.cpp
+index e99edd6c4f9..61b75bcd358 100644
+--- a/luni/src/main/native/libcore_io_AsynchronousCloseMonitor.cpp
++++ b/luni/src/main/native/libcore_io_AsynchronousCloseMonitor.cpp
+@@ -26,7 +26,7 @@ static void AsynchronousCloseMonitor_signalBlockedThreads(JNIEnv* env, jclass, j
+     AsynchronousCloseMonitor::signalBlockedThreads(fd);
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+     NATIVE_METHOD(AsynchronousCloseMonitor, signalBlockedThreads, "(Ljava/io/FileDescriptor;)V"),
+ };
+ void register_libcore_io_AsynchronousCloseMonitor(JNIEnv* env) {
+diff --git a/luni/src/main/native/libcore_io_Linux.cpp b/luni/src/main/native/libcore_io_Linux.cpp
+index d7b6c22aa57..996085b1423 100755
+--- a/luni/src/main/native/libcore_io_Linux.cpp
++++ b/luni/src/main/native/libcore_io_Linux.cpp
+@@ -2741,7 +2741,7 @@ static jint Linux_writev(JNIEnv* env, jobject, jobject javaFd, jobjectArray buff
+ #define NATIVE_METHOD_OVERLOAD(className, functionName, signature, variant) \
+     { #functionName, signature, reinterpret_cast<void*>(className ## _ ## functionName ## variant) }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+     NATIVE_METHOD(Linux, accept, "(Ljava/io/FileDescriptor;Ljava/net/SocketAddress;)Ljava/io/FileDescriptor;"),
+     NATIVE_METHOD(Linux, access, "(Ljava/lang/String;I)Z"),
+     NATIVE_METHOD(Linux, android_fdsan_exchange_owner_tag, "(Ljava/io/FileDescriptor;JJ)V"),
+diff --git a/luni/src/main/native/libcore_io_Memory.cpp b/luni/src/main/native/libcore_io_Memory.cpp
+index b8a88450006..7dec85dab80 100644
+--- a/luni/src/main/native/libcore_io_Memory.cpp
++++ b/luni/src/main/native/libcore_io_Memory.cpp
+@@ -290,7 +290,7 @@ static void Memory_unsafeBulkPut(JNIEnv* env, jclass, jbyteArray dstArray, jint
+     env->ReleasePrimitiveArrayCritical(srcArray, srcBytes, 0);
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+     NATIVE_METHOD(Memory, memmove, "(Ljava/lang/Object;ILjava/lang/Object;IJ)V"),
+     FAST_NATIVE_METHOD(Memory, peekByte, "(J)B"),
+     NATIVE_METHOD(Memory, peekByteArray, "(J[BII)V"),
+diff --git a/luni/src/main/native/libcore_math_NativeBN.cpp b/luni/src/main/native/libcore_math_NativeBN.cpp
+index dc4b947358b..c6af376f6bc 100644
+--- a/luni/src/main/native/libcore_math_NativeBN.cpp
++++ b/luni/src/main/native/libcore_math_NativeBN.cpp
+@@ -164,7 +164,7 @@ static void NativeBN_BN_mod_exp(JNIEnv* env, jclass, jlong r, jlong a, jlong p,
+   }
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+    NATIVE_METHOD(NativeBN, BN_div, "(JJJJ)V"),
+    NATIVE_METHOD(NativeBN, BN_free, "(J)V"),
+    NATIVE_METHOD(NativeBN, BN_mod_exp, "(JJJJ)V"),
+diff --git a/luni/src/main/native/libcore_util_NativeAllocationRegistry.cpp b/luni/src/main/native/libcore_util_NativeAllocationRegistry.cpp
+index ded578a9580..faaa5c7a7c4 100644
+--- a/luni/src/main/native/libcore_util_NativeAllocationRegistry.cpp
++++ b/luni/src/main/native/libcore_util_NativeAllocationRegistry.cpp
+@@ -29,7 +29,7 @@ static void NativeAllocationRegistry_applyFreeFunction(JNIEnv*,
+     nativeFreeFunction(nativePtr);
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+     NATIVE_METHOD(NativeAllocationRegistry, applyFreeFunction, "(JJ)V"),
+ };
+ 
+diff --git a/luni/src/main/native/org_apache_harmony_xml_ExpatParser.cpp b/luni/src/main/native/org_apache_harmony_xml_ExpatParser.cpp
+index fdabcf71591..62a2cd37b76 100644
+--- a/luni/src/main/native/org_apache_harmony_xml_ExpatParser.cpp
++++ b/luni/src/main/native/org_apache_harmony_xml_ExpatParser.cpp
+@@ -1366,7 +1366,7 @@ static void ExpatParser_staticInitialize(JNIEnv* env, jobject classObject, jstri
+     emptyString = reinterpret_cast<jstring>(env->NewGlobalRef(empty));
+ }
+ 
+-static JNINativeMethod parserMethods[] = {
++static const JNINativeMethod parserMethods[] = {
+     NATIVE_METHOD(ExpatParser, appendString, "(JLjava/lang/String;Z)V"),
+     NATIVE_METHOD(ExpatParser, appendBytes, "(J[BII)V"),
+     NATIVE_METHOD(ExpatParser, appendChars, "(J[CII)V"),
+@@ -1380,7 +1380,7 @@ static JNINativeMethod parserMethods[] = {
+     NATIVE_METHOD(ExpatParser, staticInitialize, "(Ljava/lang/String;)V"),
+ };
+ 
+-static JNINativeMethod attributeMethods[] = {
++static const JNINativeMethod attributeMethods[] = {
+     NATIVE_METHOD(ExpatAttributes, freeAttributes, "(J)V"),
+     NATIVE_METHOD(ExpatAttributes, getIndexForQName, "(JLjava/lang/String;)I"),
+     NATIVE_METHOD(ExpatAttributes, getIndex, "(JLjava/lang/String;Ljava/lang/String;)I"),
+diff --git a/luni/src/main/native/sun_misc_Unsafe.cpp b/luni/src/main/native/sun_misc_Unsafe.cpp
+index 49848a2db2b..87b2feac807 100644
+--- a/luni/src/main/native/sun_misc_Unsafe.cpp
++++ b/luni/src/main/native/sun_misc_Unsafe.cpp
+@@ -23,7 +23,7 @@ static jobject Unsafe_allocateInstance(JNIEnv* env, jclass, jclass c) {
+   return env->AllocObject(c);
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+   NATIVE_METHOD(Unsafe, allocateInstance, "(Ljava/lang/Class;)Ljava/lang/Object;"),
+ };
+ void register_sun_misc_Unsafe(JNIEnv* env) {
+diff --git a/ojluni/src/main/native/Character.cpp b/ojluni/src/main/native/Character.cpp
+index 3e27c674d2f..719190c81ae 100644
+--- a/ojluni/src/main/native/Character.cpp
++++ b/ojluni/src/main/native/Character.cpp
+@@ -158,7 +158,7 @@ Character_getNameImpl(JNIEnv* env, jclass, jint codePoint) {
+     return (U_FAILURE(status) || byteCount == 0) ? NULL : env->NewStringUTF(buf);
+ }
+ 
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+   FAST_NATIVE_METHOD(Character, digitImpl, "(II)I"),
+   FAST_NATIVE_METHOD(Character, getDirectionalityImpl, "(I)B"),
+   NATIVE_METHOD(Character, getNameImpl, "(I)Ljava/lang/String;"),
diff --git a/Patches/LineageOS-19.1/android_libcore/0003-Exec_Based_Spawning-1.patch b/Patches/LineageOS-19.1/android_libcore/0003-Exec_Based_Spawning-1.patch
new file mode 100644
index 00000000..2a526798
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_libcore/0003-Exec_Based_Spawning-1.patch
@@ -0,0 +1,112 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Wed, 11 Sep 2019 06:46:38 -0400
+Subject: [PATCH] add parameter for avoiding full preload with exec
+
+---
+ api/module-lib-current.txt                    |  2 ++
+ .../main/java/dalvik/system/ZygoteHooks.java  | 26 +++++++++++++++++--
+ .../api/legacy_platform/current.txt           |  2 ++
+ .../api/stable_platform/current.txt           |  2 ++
+ 4 files changed, 30 insertions(+), 2 deletions(-)
+
+diff --git a/api/module-lib-current.txt b/api/module-lib-current.txt
+index 15741a78057..e554dd77cb8 100644
+--- a/api/module-lib-current.txt
++++ b/api/module-lib-current.txt
+@@ -366,7 +366,9 @@ package dalvik.system {
+   public final class ZygoteHooks {
+     method public static void gcAndFinalize();
+     method public static boolean isIndefiniteThreadSuspensionSafe();
++    method public static void onBeginPreload(boolean);
+     method public static void onBeginPreload();
++    method public static void onEndPreload(boolean);
+     method public static void onEndPreload();
+     method public static void postForkChild(int, boolean, boolean, String);
+     method public static void postForkCommon();
+diff --git a/dalvik/src/main/java/dalvik/system/ZygoteHooks.java b/dalvik/src/main/java/dalvik/system/ZygoteHooks.java
+index a17a2574f7b..763511d2187 100644
+--- a/dalvik/src/main/java/dalvik/system/ZygoteHooks.java
++++ b/dalvik/src/main/java/dalvik/system/ZygoteHooks.java
+@@ -62,7 +62,7 @@ public final class ZygoteHooks {
+      */
+     @SystemApi(client = MODULE_LIBRARIES)
+     @libcore.api.CorePlatformApi(status = libcore.api.CorePlatformApi.Status.STABLE)
+-    public static void onBeginPreload() {
++    public static void onBeginPreload(boolean fullPreload) {
+         com.android.i18n.system.ZygoteHooks.onBeginPreload();
+ 
+         ICU.initializeCacheInZygote();
+@@ -81,6 +81,17 @@ public final class ZygoteHooks {
+         }
+     }
+ 
++    /**
++     * Called when the zygote begins preloading classes and data.
++     *
++     * @hide
++     */
++    @SystemApi(client = MODULE_LIBRARIES)
++    @libcore.api.CorePlatformApi(status = libcore.api.CorePlatformApi.Status.STABLE)
++    public static void onBeginPreload() {
++        onBeginPreload(true);
++    }
++
+     /**
+      * Called when the zygote has completed preloading classes and data.
+      *
+@@ -88,7 +99,7 @@ public final class ZygoteHooks {
+      */
+     @SystemApi(client = MODULE_LIBRARIES)
+     @libcore.api.CorePlatformApi(status = libcore.api.CorePlatformApi.Status.STABLE)
+-    public static void onEndPreload() {
++    public static void onEndPreload(boolean fullPreload) {
+         com.android.i18n.system.ZygoteHooks.onEndPreload();
+ 
+         // Clone standard descriptors as originals closed / rebound during zygote post fork.
+@@ -97,6 +108,17 @@ public final class ZygoteHooks {
+         FileDescriptor.err.cloneForFork();
+     }
+ 
++    /**
++     * Called when the zygote has completed preloading classes and data.
++     *
++     * @hide
++     */
++    @SystemApi(client = MODULE_LIBRARIES)
++    @libcore.api.CorePlatformApi(status = libcore.api.CorePlatformApi.Status.STABLE)
++    public static void onEndPreload() {
++        onEndPreload(true);
++    }
++
+     /**
+      * Runs several special GCs to try to clean up a few generations of
+      * softly- and final-reachable objects, along with any other garbage.
+diff --git a/mmodules/core_platform_api/api/legacy_platform/current.txt b/mmodules/core_platform_api/api/legacy_platform/current.txt
+index 15741a78057..e554dd77cb8 100644
+--- a/mmodules/core_platform_api/api/legacy_platform/current.txt
++++ b/mmodules/core_platform_api/api/legacy_platform/current.txt
+@@ -366,7 +366,9 @@ package dalvik.system {
+   public final class ZygoteHooks {
+     method public static void gcAndFinalize();
+     method public static boolean isIndefiniteThreadSuspensionSafe();
++    method public static void onBeginPreload(boolean);
+     method public static void onBeginPreload();
++    method public static void onEndPreload(boolean);
+     method public static void onEndPreload();
+     method public static void postForkChild(int, boolean, boolean, String);
+     method public static void postForkCommon();
+diff --git a/mmodules/core_platform_api/api/stable_platform/current.txt b/mmodules/core_platform_api/api/stable_platform/current.txt
+index 15741a78057..e554dd77cb8 100644
+--- a/mmodules/core_platform_api/api/stable_platform/current.txt
++++ b/mmodules/core_platform_api/api/stable_platform/current.txt
+@@ -366,7 +366,9 @@ package dalvik.system {
+   public final class ZygoteHooks {
+     method public static void gcAndFinalize();
+     method public static boolean isIndefiniteThreadSuspensionSafe();
++    method public static void onBeginPreload(boolean);
+     method public static void onBeginPreload();
++    method public static void onEndPreload(boolean);
+     method public static void onEndPreload();
+     method public static void postForkChild(int, boolean, boolean, String);
+     method public static void postForkCommon();
diff --git a/Patches/LineageOS-19.1/android_libcore/0003-Exec_Based_Spawning-2.patch b/Patches/LineageOS-19.1/android_libcore/0003-Exec_Based_Spawning-2.patch
new file mode 100644
index 00000000..31f46ac4
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_libcore/0003-Exec_Based_Spawning-2.patch
@@ -0,0 +1,38 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Thu, 14 Oct 2021 17:00:10 -0400
+Subject: [PATCH] disable ICU cache pinning for exec spawning
+
+---
+ dalvik/src/main/java/dalvik/system/ZygoteHooks.java | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/dalvik/src/main/java/dalvik/system/ZygoteHooks.java b/dalvik/src/main/java/dalvik/system/ZygoteHooks.java
+index 763511d2187..179c19ac8d5 100644
+--- a/dalvik/src/main/java/dalvik/system/ZygoteHooks.java
++++ b/dalvik/src/main/java/dalvik/system/ZygoteHooks.java
+@@ -63,9 +63,11 @@ public final class ZygoteHooks {
+     @SystemApi(client = MODULE_LIBRARIES)
+     @libcore.api.CorePlatformApi(status = libcore.api.CorePlatformApi.Status.STABLE)
+     public static void onBeginPreload(boolean fullPreload) {
+-        com.android.i18n.system.ZygoteHooks.onBeginPreload();
++        if (fullPreload) {
++            com.android.i18n.system.ZygoteHooks.onBeginPreload();
+ 
+-        ICU.initializeCacheInZygote();
++            ICU.initializeCacheInZygote();
++        }
+ 
+         // Look up JaCoCo on the boot classpath, if it exists. This will be used later for enabling
+         // memory-mapped Java coverage.
+@@ -100,7 +102,9 @@ public final class ZygoteHooks {
+     @SystemApi(client = MODULE_LIBRARIES)
+     @libcore.api.CorePlatformApi(status = libcore.api.CorePlatformApi.Status.STABLE)
+     public static void onEndPreload(boolean fullPreload) {
+-        com.android.i18n.system.ZygoteHooks.onEndPreload();
++        if (fullPreload) {
++            com.android.i18n.system.ZygoteHooks.onEndPreload();
++        }
+ 
+         // Clone standard descriptors as originals closed / rebound during zygote post fork.
+         FileDescriptor.in.cloneForFork();
diff --git a/Patches/LineageOS-19.1/android_packages_apps_Bluetooth/0001-constify_JNINativeMethod.patch b/Patches/LineageOS-19.1/android_packages_apps_Bluetooth/0001-constify_JNINativeMethod.patch
new file mode 100644
index 00000000..0e0a6336
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_packages_apps_Bluetooth/0001-constify_JNINativeMethod.patch
@@ -0,0 +1,259 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Sun, 10 Oct 2021 18:35:08 -0400
+Subject: [PATCH] constify JNINativeMethod tables
+
+---
+ jni/com_android_bluetooth_a2dp.cpp                        | 2 +-
+ jni/com_android_bluetooth_a2dp_sink.cpp                   | 2 +-
+ jni/com_android_bluetooth_avrcp_controller.cpp            | 2 +-
+ jni/com_android_bluetooth_avrcp_target.cpp                | 2 +-
+ ...om_android_bluetooth_btservice_ActivityAttribution.cpp | 2 +-
+ jni/com_android_bluetooth_btservice_AdapterService.cpp    | 2 +-
+ jni/com_android_bluetooth_btservice_BluetoothKeystore.cpp | 2 +-
+ jni/com_android_bluetooth_gatt.cpp                        | 8 ++++----
+ jni/com_android_bluetooth_hearing_aid.cpp                 | 2 +-
+ jni/com_android_bluetooth_hfp.cpp                         | 2 +-
+ jni/com_android_bluetooth_hfpclient.cpp                   | 2 +-
+ jni/com_android_bluetooth_hid_device.cpp                  | 2 +-
+ jni/com_android_bluetooth_hid_host.cpp                    | 2 +-
+ jni/com_android_bluetooth_le_audio.cpp                    | 2 +-
+ jni/com_android_bluetooth_pan.cpp                         | 2 +-
+ jni/com_android_bluetooth_sdp.cpp                         | 2 +-
+ 16 files changed, 19 insertions(+), 19 deletions(-)
+
+diff --git a/jni/com_android_bluetooth_a2dp.cpp b/jni/com_android_bluetooth_a2dp.cpp
+index a94990437..1f0560860 100644
+--- a/jni/com_android_bluetooth_a2dp.cpp
++++ b/jni/com_android_bluetooth_a2dp.cpp
+@@ -505,7 +505,7 @@ static jboolean setCodecConfigPreferenceNative(JNIEnv* env, jobject object,
+   return (status == BT_STATUS_SUCCESS) ? JNI_TRUE : JNI_FALSE;
+ }
+ 
+-static JNINativeMethod sMethods[] = {
++static const JNINativeMethod sMethods[] = {
+     {"classInitNative", "()V", (void*)classInitNative},
+     {"initNative",
+      "(I[Landroid/bluetooth/BluetoothCodecConfig;[Landroid/bluetooth/BluetoothCodecConfig;)V",
+diff --git a/jni/com_android_bluetooth_a2dp_sink.cpp b/jni/com_android_bluetooth_a2dp_sink.cpp
+index d7cbeb770..08cd8f419 100644
+--- a/jni/com_android_bluetooth_a2dp_sink.cpp
++++ b/jni/com_android_bluetooth_a2dp_sink.cpp
+@@ -243,7 +243,7 @@ static jboolean setActiveDeviceNative(JNIEnv* env, jobject object,
+   return (status == BT_STATUS_SUCCESS) ? JNI_TRUE : JNI_FALSE;
+ }
+ 
+-static JNINativeMethod sMethods[] = {
++static const JNINativeMethod sMethods[] = {
+     {"classInitNative", "()V", (void*)classInitNative},
+     {"initNative", "(I)V", (void*)initNative},
+     {"cleanupNative", "()V", (void*)cleanupNative},
+diff --git a/jni/com_android_bluetooth_avrcp_controller.cpp b/jni/com_android_bluetooth_avrcp_controller.cpp
+index 86bf06879..642f73ea3 100755
+--- a/jni/com_android_bluetooth_avrcp_controller.cpp
++++ b/jni/com_android_bluetooth_avrcp_controller.cpp
+@@ -1284,7 +1284,7 @@ static void playItemNative(JNIEnv* env, jobject object, jbyteArray address,
+   env->ReleaseByteArrayElements(address, addr, 0);
+ }
+ 
+-static JNINativeMethod sMethods[] = {
++static const JNINativeMethod sMethods[] = {
+     {"classInitNative", "()V", (void*)classInitNative},
+     {"initNative", "()V", (void*)initNative},
+     {"cleanupNative", "()V", (void*)cleanupNative},
+diff --git a/jni/com_android_bluetooth_avrcp_target.cpp b/jni/com_android_bluetooth_avrcp_target.cpp
+index fb8c56086..a7434e365 100644
+--- a/jni/com_android_bluetooth_avrcp_target.cpp
++++ b/jni/com_android_bluetooth_avrcp_target.cpp
+@@ -900,7 +900,7 @@ static void setBipClientStatusNative(JNIEnv* env, jobject object,
+   sServiceInterface->SetBipClientStatus(bdaddr, status);
+ }
+ 
+-static JNINativeMethod sMethods[] = {
++static const JNINativeMethod sMethods[] = {
+     {"classInitNative", "()V", (void*)classInitNative},
+     {"initNative", "()V", (void*)initNative},
+     {"registerBipServerNative", "(I)V", (void*)registerBipServerNative},
+diff --git a/jni/com_android_bluetooth_btservice_ActivityAttribution.cpp b/jni/com_android_bluetooth_btservice_ActivityAttribution.cpp
+index 791e42a0e..cb0082244 100644
+--- a/jni/com_android_bluetooth_btservice_ActivityAttribution.cpp
++++ b/jni/com_android_bluetooth_btservice_ActivityAttribution.cpp
+@@ -157,7 +157,7 @@ static void cleanupNative(JNIEnv* env, jobject object) {
+   }
+ }
+ 
+-static JNINativeMethod sMethods[] = {
++static const JNINativeMethod sMethods[] = {
+     {"classInitNative", "()V", (void*)classInitNative},
+     {"initNative", "()V", (void*)initNative},
+     {"cleanupNative", "()V", (void*)cleanupNative},
+diff --git a/jni/com_android_bluetooth_btservice_AdapterService.cpp b/jni/com_android_bluetooth_btservice_AdapterService.cpp
+index 62c7d522d..9fa89ded9 100644
+--- a/jni/com_android_bluetooth_btservice_AdapterService.cpp
++++ b/jni/com_android_bluetooth_btservice_AdapterService.cpp
+@@ -1689,7 +1689,7 @@ static int getMetricIdNative(JNIEnv* env, jobject obj, jbyteArray address) {
+   return sBluetoothInterface->get_metric_id(addr_obj);
+ }
+ 
+-static JNINativeMethod sMethods[] = {
++static const JNINativeMethod sMethods[] = {
+     /* name, signature, funcPtr */
+     {"classInitNative", "()V", (void*)classInitNative},
+     {"initNative", "(ZZI[Ljava/lang/String;Z)Z", (void*)initNative},
+diff --git a/jni/com_android_bluetooth_btservice_BluetoothKeystore.cpp b/jni/com_android_bluetooth_btservice_BluetoothKeystore.cpp
+index bceea1d73..6b8a317bc 100644
+--- a/jni/com_android_bluetooth_btservice_BluetoothKeystore.cpp
++++ b/jni/com_android_bluetooth_btservice_BluetoothKeystore.cpp
+@@ -155,7 +155,7 @@ static void cleanupNative(JNIEnv* env, jobject object) {
+   }
+ }
+ 
+-static JNINativeMethod sMethods[] = {
++static const JNINativeMethod sMethods[] = {
+     {"classInitNative", "()V", (void*)classInitNative},
+     {"initNative", "()V", (void*)initNative},
+     {"cleanupNative", "()V", (void*)cleanupNative},
+diff --git a/jni/com_android_bluetooth_gatt.cpp b/jni/com_android_bluetooth_gatt.cpp
+index 8f996a012..5273bfacd 100644
+--- a/jni/com_android_bluetooth_gatt.cpp
++++ b/jni/com_android_bluetooth_gatt.cpp
+@@ -2343,7 +2343,7 @@ static void gattTestNative(JNIEnv* env, jobject object, jint command,
+  */
+ 
+ // JNI functions defined in AdvertiseManager class.
+-static JNINativeMethod sAdvertiseMethods[] = {
++static const JNINativeMethod sAdvertiseMethods[] = {
+     {"classInitNative", "()V", (void*)advertiseClassInitNative},
+     {"initializeNative", "()V", (void*)advertiseInitializeNative},
+     {"cleanupNative", "()V", (void*)advertiseCleanupNative},
+@@ -2370,7 +2370,7 @@ static JNINativeMethod sAdvertiseMethods[] = {
+ };
+ 
+ // JNI functions defined in PeriodicScanManager class.
+-static JNINativeMethod sPeriodicScanMethods[] = {
++static const JNINativeMethod sPeriodicScanMethods[] = {
+     {"classInitNative", "()V", (void*)periodicScanClassInitNative},
+     {"initializeNative", "()V", (void*)periodicScanInitializeNative},
+     {"cleanupNative", "()V", (void*)periodicScanCleanupNative},
+@@ -2384,7 +2384,7 @@ static JNINativeMethod sPeriodicScanMethods[] = {
+ };
+ 
+ // JNI functions defined in ScanManager class.
+-static JNINativeMethod sScanMethods[] = {
++static const JNINativeMethod sScanMethods[] = {
+     {"registerScannerNative", "(JJ)V", (void*)registerScannerNative},
+     {"unregisterScannerNative", "(I)V", (void*)unregisterScannerNative},
+     {"gattClientScanNative", "(Z)V", (void*)gattClientScanNative},
+@@ -2417,7 +2417,7 @@ static JNINativeMethod sScanMethods[] = {
+ };
+ 
+ // JNI functions defined in GattService class.
+-static JNINativeMethod sMethods[] = {
++static const JNINativeMethod sMethods[] = {
+     {"classInitNative", "()V", (void*)classInitNative},
+     {"initializeNative", "()V", (void*)initializeNative},
+     {"cleanupNative", "()V", (void*)cleanupNative},
+diff --git a/jni/com_android_bluetooth_hearing_aid.cpp b/jni/com_android_bluetooth_hearing_aid.cpp
+index e359faf8a..c72b0c915 100644
+--- a/jni/com_android_bluetooth_hearing_aid.cpp
++++ b/jni/com_android_bluetooth_hearing_aid.cpp
+@@ -218,7 +218,7 @@ static void setVolumeNative(JNIEnv* env, jclass clazz, jint volume) {
+   sHearingAidInterface->SetVolume(volume);
+ }
+ 
+-static JNINativeMethod sMethods[] = {
++static const JNINativeMethod sMethods[] = {
+     {"classInitNative", "()V", (void*)classInitNative},
+     {"initNative", "()V", (void*)initNative},
+     {"cleanupNative", "()V", (void*)cleanupNative},
+diff --git a/jni/com_android_bluetooth_hfp.cpp b/jni/com_android_bluetooth_hfp.cpp
+index 813bdd081..5b21b543b 100644
+--- a/jni/com_android_bluetooth_hfp.cpp
++++ b/jni/com_android_bluetooth_hfp.cpp
+@@ -954,7 +954,7 @@ static jboolean setActiveDeviceNative(JNIEnv* env, jobject object,
+   return (status == BT_STATUS_SUCCESS) ? JNI_TRUE : JNI_FALSE;
+ }
+ 
+-static JNINativeMethod sMethods[] = {
++static const JNINativeMethod sMethods[] = {
+     {"classInitNative", "()V", (void*)classInitNative},
+     {"initializeNative", "(IZ)V", (void*)initializeNative},
+     {"cleanupNative", "()V", (void*)cleanupNative},
+diff --git a/jni/com_android_bluetooth_hfpclient.cpp b/jni/com_android_bluetooth_hfpclient.cpp
+index 83c6b20f3..5534b00ff 100644
+--- a/jni/com_android_bluetooth_hfpclient.cpp
++++ b/jni/com_android_bluetooth_hfpclient.cpp
+@@ -836,7 +836,7 @@ static jboolean sendATCmdNative(JNIEnv* env, jobject object, jbyteArray address,
+   return (status == BT_STATUS_SUCCESS) ? JNI_TRUE : JNI_FALSE;
+ }
+ 
+-static JNINativeMethod sMethods[] = {
++static const JNINativeMethod sMethods[] = {
+     {"classInitNative", "()V", (void*)classInitNative},
+     {"initializeNative", "()V", (void*)initializeNative},
+     {"cleanupNative", "()V", (void*)cleanupNative},
+diff --git a/jni/com_android_bluetooth_hid_device.cpp b/jni/com_android_bluetooth_hid_device.cpp
+index 17b6e97c0..c3a00d5d2 100644
+--- a/jni/com_android_bluetooth_hid_device.cpp
++++ b/jni/com_android_bluetooth_hid_device.cpp
+@@ -497,7 +497,7 @@ static jboolean disconnectNative(JNIEnv* env, jobject thiz) {
+   return result;
+ }
+ 
+-static JNINativeMethod sMethods[] = {
++static const JNINativeMethod sMethods[] = {
+     {"classInitNative", "()V", (void*)classInitNative},
+     {"initNative", "()V", (void*)initNative},
+     {"cleanupNative", "()V", (void*)cleanupNative},
+diff --git a/jni/com_android_bluetooth_hid_host.cpp b/jni/com_android_bluetooth_hid_host.cpp
+index 074e39d5b..b1116ef47 100644
+--- a/jni/com_android_bluetooth_hid_host.cpp
++++ b/jni/com_android_bluetooth_hid_host.cpp
+@@ -506,7 +506,7 @@ static jboolean setIdleTimeNative(JNIEnv* env, jobject object,
+   return status == BT_STATUS_SUCCESS ? JNI_TRUE : JNI_FALSE;
+ }
+ 
+-static JNINativeMethod sMethods[] = {
++static const JNINativeMethod sMethods[] = {
+     {"classInitNative", "()V", (void*)classInitNative},
+     {"initializeNative", "()V", (void*)initializeNative},
+     {"cleanupNative", "()V", (void*)cleanupNative},
+diff --git a/jni/com_android_bluetooth_le_audio.cpp b/jni/com_android_bluetooth_le_audio.cpp
+index a8f5dbe1e..11b2a5d09 100644
+--- a/jni/com_android_bluetooth_le_audio.cpp
++++ b/jni/com_android_bluetooth_le_audio.cpp
+@@ -261,7 +261,7 @@ static void groupStopNative(JNIEnv* env, jobject object, jint group_id) {
+   sLeAudioClientInterface->GroupStop(group_id);
+ }
+ 
+-static JNINativeMethod sMethods[] = {
++static const JNINativeMethod sMethods[] = {
+     {"classInitNative", "()V", (void*)classInitNative},
+     {"initNative", "()V", (void*)initNative},
+     {"cleanupNative", "()V", (void*)cleanupNative},
+diff --git a/jni/com_android_bluetooth_pan.cpp b/jni/com_android_bluetooth_pan.cpp
+index b02ae9f9b..3edc1ad98 100644
+--- a/jni/com_android_bluetooth_pan.cpp
++++ b/jni/com_android_bluetooth_pan.cpp
+@@ -215,7 +215,7 @@ static jboolean disconnectPanNative(JNIEnv* env, jobject object,
+   return ret;
+ }
+ 
+-static JNINativeMethod sMethods[] = {
++static const JNINativeMethod sMethods[] = {
+     {"classInitNative", "()V", (void*)classInitNative},
+     {"initializeNative", "()V", (void*)initializeNative},
+     {"cleanupNative", "()V", (void*)cleanupNative},
+diff --git a/jni/com_android_bluetooth_sdp.cpp b/jni/com_android_bluetooth_sdp.cpp
+index bba109ac4..791ca06f2 100755
+--- a/jni/com_android_bluetooth_sdp.cpp
++++ b/jni/com_android_bluetooth_sdp.cpp
+@@ -510,7 +510,7 @@ static void cleanupNative(JNIEnv* env, jobject object) {
+   }
+ }
+ 
+-static JNINativeMethod sMethods[] = {
++static const JNINativeMethod sMethods[] = {
+     /* name, signature, funcPtr */
+     {"classInitNative", "()V", (void*)classInitNative},
+     {"initializeNative", "()V", (void*)initializeNative},
diff --git a/Patches/LineageOS-19.1/android_packages_apps_Dialer/0001-Not_Private_Banner.patch b/Patches/LineageOS-19.1/android_packages_apps_Dialer/0001-Not_Private_Banner.patch
new file mode 100644
index 00000000..2792383a
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_packages_apps_Dialer/0001-Not_Private_Banner.patch
@@ -0,0 +1,185 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Torsten Grote <t@grobox.de>
+Date: Thu, 18 Jun 2020 13:15:16 -0300
+Subject: [PATCH] Show privacy warning on in-call screen
+
+Includes:
+Author: Chirayu Desai <chirayudesai1@gmail.com>
+Date:   Tue Jul 28 02:23:37 2020 +0530
+
+    Move the incall warning back to the center
+
+    * Instead of left/started aligned.
+
+Change-Id: Ic9b18c110481df7042ca1daa36182e0999fe948f
+---
+ .../res/drawable/ic_baseline_warning.xml      |  9 +++++
+ .../dialer/theme/common/res/values/colors.xml |  1 +
+ .../res/layout/fragment_incoming_call.xml     |  7 +++-
+ .../contactgrid/res/layout/incall_header.xml  | 39 +++++++++++++++++++
+ .../impl/res/layout/frag_incall_voice.xml     |  7 ++++
+ .../android/incallui/res/values/strings.xml   |  3 ++
+ .../incallui/theme/res/values/styles.xml      |  4 +-
+ 7 files changed, 67 insertions(+), 3 deletions(-)
+ create mode 100644 java/com/android/dialer/common/res/drawable/ic_baseline_warning.xml
+ create mode 100644 java/com/android/incallui/contactgrid/res/layout/incall_header.xml
+
+diff --git a/java/com/android/dialer/common/res/drawable/ic_baseline_warning.xml b/java/com/android/dialer/common/res/drawable/ic_baseline_warning.xml
+new file mode 100644
+index 000000000..c2baa9bdb
+--- /dev/null
++++ b/java/com/android/dialer/common/res/drawable/ic_baseline_warning.xml
+@@ -0,0 +1,9 @@
++<?xml version="1.0" encoding="utf-8"?>
++<vector xmlns:android="http://schemas.android.com/apk/res/android"
++        android:height="16dp"
++        android:width="16dp"
++        android:viewportWidth="24"
++        android:viewportHeight="24">
++  <path android:fillColor="?attr/colorControlNormal"
++        android:pathData="M13,14H11V10H13M13,18H11V16H13M1,21H23L12,2L1,21Z"/>
++</vector>
+\ No newline at end of file
+diff --git a/java/com/android/dialer/theme/common/res/values/colors.xml b/java/com/android/dialer/theme/common/res/values/colors.xml
+index 1831862b1..6f6795cea 100644
+--- a/java/com/android/dialer/theme/common/res/values/colors.xml
++++ b/java/com/android/dialer/theme/common/res/values/colors.xml
+@@ -21,6 +21,7 @@
+   <color name="dialer_divider_line_color">#D8D8D8</color>
+   <color name="dialer_link_color">#2A56C6</color>
+   <color name="dialer_snackbar_action_text_color">#4285F4</color>
++  <color name="incall_header_background">#f3b514</color>
+ 
+   <!-- Colors for the notification actions -->
+   <color name="notification_action_accept">#097138</color>
+diff --git a/java/com/android/incallui/answer/impl/res/layout/fragment_incoming_call.xml b/java/com/android/incallui/answer/impl/res/layout/fragment_incoming_call.xml
+index 1672bf984..63de75999 100644
+--- a/java/com/android/incallui/answer/impl/res/layout/fragment_incoming_call.xml
++++ b/java/com/android/incallui/answer/impl/res/layout/fragment_incoming_call.xml
+@@ -78,18 +78,23 @@
+         android:id="@+id/incall_contact_grid"
+         android:layout_width="match_parent"
+         android:layout_height="match_parent"
+-        android:layout_marginTop="24dp"
+         android:clipChildren="false"
+         android:clipToPadding="false"
+         android:focusable="true"
+         android:gravity="top|center_horizontal"
+         android:orientation="vertical">
+ 
++      <include
++          layout="@layout/incall_header"
++          android:layout_width="match_parent"
++          android:layout_height="wrap_content"/>
++
+       <include
+           android:id="@id/contactgrid_top_row"
+           layout="@layout/incall_contactgrid_top_row"
+           android:layout_width="wrap_content"
+           android:layout_height="wrap_content"
++          android:layout_marginTop="24dp"
+           android:layout_marginBottom="8dp"
+           android:layout_marginStart="24dp"
+           android:layout_marginEnd="24dp"/>
+diff --git a/java/com/android/incallui/contactgrid/res/layout/incall_header.xml b/java/com/android/incallui/contactgrid/res/layout/incall_header.xml
+new file mode 100644
+index 000000000..7e8e90e5d
+--- /dev/null
++++ b/java/com/android/incallui/contactgrid/res/layout/incall_header.xml
+@@ -0,0 +1,39 @@
++<?xml version="1.0" encoding="utf-8"?>
++<!--
++  ~ Copyright (C) 2020 The Calyx Institute
++  ~
++  ~ Licensed under the Apache License, Version 2.0 (the "License");
++  ~ you may not use this file except in compliance with the License.
++  ~ You may obtain a copy of the License at
++  ~
++  ~      http://www.apache.org/licenses/LICENSE-2.0
++  ~
++  ~ Unless required by applicable law or agreed to in writing, software
++  ~ distributed under the License is distributed on an "AS IS" BASIS,
++  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++  ~ See the License for the specific language governing permissions and
++  ~ limitations under the License
++  -->
++<LinearLayout
++    xmlns:android="http://schemas.android.com/apk/res/android"
++    android:layout_width="match_parent"
++    android:layout_height="wrap_content"
++    android:background="@color/incall_header_background"
++    android:gravity="center"
++    android:orientation="vertical"
++    android:padding="8dp"
++    android:fitsSystemWindows="true">
++
++  <TextView
++      android:id="@+id/incall_privacy_title"
++      android:layout_width="wrap_content"
++      android:layout_height="wrap_content"
++      android:textColor="?android:attr/textColorPrimaryInverse"
++      android:drawableStart="@drawable/ic_baseline_warning"
++      android:drawablePadding="8dp"
++      android:drawableTint="?android:attr/textColorPrimaryInverse"
++      android:gravity="center"
++      android:padding="4dp"
++      android:text="@string/incall_screen_privacy_data_collection"/>
++
++</LinearLayout>
+diff --git a/java/com/android/incallui/incall/impl/res/layout/frag_incall_voice.xml b/java/com/android/incallui/incall/impl/res/layout/frag_incall_voice.xml
+index 9cc599dc7..fac420908 100644
+--- a/java/com/android/incallui/incall/impl/res/layout/frag_incall_voice.xml
++++ b/java/com/android/incallui/incall/impl/res/layout/frag_incall_voice.xml
+@@ -29,11 +29,18 @@
+       android:clipToPadding="false"
+       android:fitsSystemWindows="true">
+ 
++    <include
++        layout="@layout/incall_header"
++        android:id="@+id/incall_header"
++        android:layout_width="match_parent"
++        android:layout_height="wrap_content"/>
++
+     <LinearLayout
+         android:id="@id/incall_contact_grid"
+         android:layout_width="match_parent"
+         android:layout_height="wrap_content"
+         android:layout_marginTop="12dp"
++        android:layout_below="@+id/incall_header"
+         android:gravity="center_horizontal"
+         android:orientation="vertical">
+ 
+diff --git a/java/com/android/incallui/res/values/strings.xml b/java/com/android/incallui/res/values/strings.xml
+index c18ee495e..a5d08d3ec 100644
+--- a/java/com/android/incallui/res/values/strings.xml
++++ b/java/com/android/incallui/res/values/strings.xml
+@@ -212,4 +212,7 @@
+   <!-- Text for button to accept RTT request. [CHAR LIMIT=20] -->
+   <string name="rtt_button_accept_request">Join RTT</string>
+ 
++  <!-- Text for call not private banner. -->
++  <string name="incall_screen_privacy_data_collection">The location and audio of this call are not private.</string>
++
+ </resources>
+diff --git a/java/com/android/incallui/theme/res/values/styles.xml b/java/com/android/incallui/theme/res/values/styles.xml
+index 5b65cc3d9..19e7fdc4f 100644
+--- a/java/com/android/incallui/theme/res/values/styles.xml
++++ b/java/com/android/incallui/theme/res/values/styles.xml
+@@ -21,7 +21,7 @@
+        Theme.Black.NoTitleBar directly, since we want any popups or dialogs from the
+        InCallActivity to have the correct Material style. -->
+   <style name="Theme.InCallScreen.Light" parent="@style/Dialer.ThemeBase.NoActionBar">
+-    <item name="android:statusBarColor">@android:color/transparent</item>
++    <item name="android:statusBarColor">@color/incall_header_background</item>
+     <item name="android:navigationBarColor">@android:color/transparent</item>
+     <item name="android:windowDrawsSystemBarBackgrounds">true</item>
+ 
+@@ -36,7 +36,7 @@
+   <style name="Theme.InCallScreen" parent="@style/Dialer.Dark.ThemeBase.NoActionBar">
+     <item name="android:textColorPrimary">@android:color/white</item>
+     <item name="android:textColorSecondary">#DDFFFFFF</item>
+-    <item name="android:statusBarColor">@android:color/transparent</item>
++    <item name="android:statusBarColor">@color/incall_header_background</item>
+     <item name="android:navigationBarColor">@android:color/transparent</item>
+     <item name="android:windowDrawsSystemBarBackgrounds">true</item>
+     <item name="android:colorPrimaryDark">@color/dialer_theme_color_dark</item>
diff --git a/Patches/LineageOS-19.1/android_packages_apps_LineageParts/0001-Remove_Analytics.patch b/Patches/LineageOS-19.1/android_packages_apps_LineageParts/0001-Remove_Analytics.patch
new file mode 100644
index 00000000..f402e4e2
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_packages_apps_LineageParts/0001-Remove_Analytics.patch
@@ -0,0 +1,140 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Tad <tad@spotco.us>
+Date: Tue, 14 Apr 2020 17:03:26 -0400
+Subject: [PATCH] Remove analytics
+
+Change-Id: Ic01c97d6ceac8d324609763973639b41b4581a76
+---
+ AndroidManifest.xml           | 25 -------------------------
+ proguard.flags                |  1 -
+ res/values/config.xml         |  3 ---
+ res/values/strings.xml        | 22 ----------------------
+ res/xml/parts_catalog.xml     |  5 -----
+ res/xml/trust_preferences.xml |  3 ---
+ 6 files changed, 59 deletions(-)
+
+diff --git a/AndroidManifest.xml b/AndroidManifest.xml
+index 0c6542a..5dd522c 100644
+--- a/AndroidManifest.xml
++++ b/AndroidManifest.xml
+@@ -226,31 +226,6 @@
+                 android:resource="@string/summary_empty" />
+         </activity-alias>
+ 
+-        <!-- Anonymous Statistics -->
+-        <receiver android:name=".lineagestats.ReportingServiceManager"
+-            android:enabled="true"
+-            android:exported="false"
+-            android:label="ReportingServiceManager">
+-            <intent-filter>
+-                <action android:name="android.intent.action.BOOT_COMPLETED" />
+-                <action android:name="org.lineageos.lineageparts.action.TRIGGER_REPORT_METRICS" />
+-            </intent-filter>
+-        </receiver>
+-
+-        <service android:label="ReportingService"
+-            android:enabled="true"
+-            android:exported="false"
+-            android:name=".lineagestats.ReportingService">
+-        </service>
+-
+-        <service android:name=".lineagestats.StatsUploadJobService"
+-                 android:permission="android.permission.BIND_JOB_SERVICE" />
+-
+-        <service android:name=".lineagestats.ReportingService"
+-                 android:label="ReportingService"
+-                 android:enabled="true"
+-                 android:exported="false" />
+-
+         <activity android:name=".profiles.NFCProfile">
+             <intent-filter>
+                 <action android:name="android.nfc.action.NDEF_DISCOVERED"/>
+diff --git a/proguard.flags b/proguard.flags
+index 9de6495..911b751 100644
+--- a/proguard.flags
++++ b/proguard.flags
+@@ -7,7 +7,6 @@
+ -keep class org.lineageos.lineageparts.gestures.*
+ -keep class org.lineageos.lineageparts.hardware.*
+ -keep class org.lineageos.lineageparts.input.*
+--keep class org.lineageos.lineageparts.lineagestats.*
+ -keep class org.lineageos.lineageparts.livedisplay.*
+ -keep class org.lineageos.lineageparts.notificationlight.*
+ -keep class org.lineageos.lineageparts.power.*
+diff --git a/res/values/config.xml b/res/values/config.xml
+index a3ee437..c4532c5 100644
+--- a/res/values/config.xml
++++ b/res/values/config.xml
+@@ -17,9 +17,6 @@
+ 
+ <resources xmlns:xliff="urn:oasis:names:tc:xliff:document:1.2">
+ 
+-    <!-- Metrics server endpoint -->
+-    <string name="stats_lineage_url">https://stats.lineageos.org/api/v1/stats</string>
+-
+     <!-- Default action ids for a device's touchscreen gestures
+          The array should be sorted in the same order as the
+          touchscreen gestures advertised by the device's LineageHW impl. -->
+diff --git a/res/values/strings.xml b/res/values/strings.xml
+index 9fe4181..4be6a14 100644
+--- a/res/values/strings.xml
++++ b/res/values/strings.xml
+@@ -531,28 +531,6 @@
+                  <b>Total commits:</b> <xliff:g id="total_commits">%2$s</xliff:g><br/><br/>
+                  <b>Last update:</b> <xliff:g id="date">%3$s</xliff:g>]]></string>
+ 
+-    <!-- Anonymous Statistics #Lineage -->
+-    <!-- About device screen, list item title. Takes the user to the screen about opting in or out of anonymous statistics. -->
+-    <string name="anonymous_statistics_title">LineageOS statistics</string>
+-    <string name="anonymous_statistics_summary">Help make LineageOS better by opting into anonymous statistics reporting</string>
+-    <string name="anonymous_statistics_warning_title">About</string>
+-    <string name="anonymous_statistics_warning">Opting into LineageOS Statistics will allow non-personal data to be submitted to the
+-        developers of LineageOS to track unique installations across devices. The information submitted includes an unique identifier,
+-        which does not compromise your privacy or personal data. The data is submitted during each boot.\n\nFor an example of the data that is submitted, tap on Preview Data.</string>
+-    <string name="enable_reporting_title">Enable reporting</string>
+-    <string name="preview_data_title">Preview data</string>
+-    <string name="view_stats_title">View stats</string>
+-    <string name="anonymous_learn_more">Learn more</string>
+-
+-    <!-- Anonymous Statistics - Preview -->
+-    <string name="preview_id_title">Unique ID</string>
+-    <string name="preview_device_title">Device</string>
+-    <string name="preview_version_title">Version</string>
+-    <string name="preview_country_title">Country</string>
+-    <string name="preview_carrier_title">Carrier</string>
+-    <string name="stats_collection_title">Stats collection</string>
+-    <string name="stats_collection_summary">Allow installation metrics and device statistics to be collected</string>
+-
+     <!-- Display : Rotation  -->
+     <string name="accelerometer_title">Auto-rotate screen</string>
+     <string name="display_rotation_title">Rotation settings</string>
+diff --git a/res/xml/parts_catalog.xml b/res/xml/parts_catalog.xml
+index 803b214..371382c 100644
+--- a/res/xml/parts_catalog.xml
++++ b/res/xml/parts_catalog.xml
+@@ -70,11 +70,6 @@
+           android:fragment="org.lineageos.lineageparts.statusbar.StatusBarSettings"
+           lineage:xmlRes="@xml/status_bar_settings" />
+ 
+-    <part android:key="lineagestats"
+-          android:title="@string/anonymous_statistics_title"
+-          android:fragment="org.lineageos.lineageparts.lineagestats.AnonymousStats"
+-          lineage:xmlRes="@xml/anonymous_stats" />
+-
+     <part android:key="power_menu"
+           android:title="@string/power_menu_title"
+           android:fragment="org.lineageos.lineageparts.input.PowerMenuActions"
+diff --git a/res/xml/trust_preferences.xml b/res/xml/trust_preferences.xml
+index bdb1aa7..0097a52 100644
+--- a/res/xml/trust_preferences.xml
++++ b/res/xml/trust_preferences.xml
+@@ -45,9 +45,6 @@
+             android:summary="@string/trust_restrict_usb_summary"
+             android:defaultValue="false" />
+ 
+-        <org.lineageos.internal.lineageparts.LineagePartsPreference
+-            android:key="lineagestats" />
+-
+         <ListPreference
+             android:key="sms_security_check_limit"
+             android:defaultValue="30"
diff --git a/Patches/LineageOS-19.1/android_packages_apps_Nfc/0001-constify_JNINativeMethod.patch b/Patches/LineageOS-19.1/android_packages_apps_Nfc/0001-constify_JNINativeMethod.patch
new file mode 100644
index 00000000..fb530e40
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_packages_apps_Nfc/0001-constify_JNINativeMethod.patch
@@ -0,0 +1,92 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Sun, 17 Mar 2019 20:58:37 -0400
+Subject: [PATCH] constify JNINativeMethod tables
+
+---
+ nci/jni/NativeLlcpConnectionlessSocket.cpp | 2 +-
+ nci/jni/NativeLlcpServiceSocket.cpp        | 2 +-
+ nci/jni/NativeLlcpSocket.cpp               | 2 +-
+ nci/jni/NativeNfcManager.cpp               | 2 +-
+ nci/jni/NativeNfcTag.cpp                   | 2 +-
+ nci/jni/NativeP2pDevice.cpp                | 2 +-
+ 6 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/nci/jni/NativeLlcpConnectionlessSocket.cpp b/nci/jni/NativeLlcpConnectionlessSocket.cpp
+index 7506d80e..e1e547ec 100644
+--- a/nci/jni/NativeLlcpConnectionlessSocket.cpp
++++ b/nci/jni/NativeLlcpConnectionlessSocket.cpp
+@@ -280,7 +280,7 @@ static jboolean nativeLlcpConnectionlessSocket_doClose(JNIEnv* e, jobject o) {
+ ** Description:     JNI functions
+ **
+ *****************************************************************************/
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+     {"doSendTo", "(I[B)Z", (void*)nativeLlcpConnectionlessSocket_doSendTo},
+     {"doReceiveFrom", "(I)Lcom/android/nfc/LlcpPacket;",
+      (void*)nativeLlcpConnectionlessSocket_doReceiveFrom},
+diff --git a/nci/jni/NativeLlcpServiceSocket.cpp b/nci/jni/NativeLlcpServiceSocket.cpp
+index 76ffeea5..4d2297c4 100644
+--- a/nci/jni/NativeLlcpServiceSocket.cpp
++++ b/nci/jni/NativeLlcpServiceSocket.cpp
+@@ -128,7 +128,7 @@ static jboolean nativeLlcpServiceSocket_doClose(JNIEnv* e, jobject o) {
+ ** Description:     JNI functions
+ **
+ *****************************************************************************/
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+     {"doAccept", "(III)Lcom/android/nfc/dhimpl/NativeLlcpSocket;",
+      (void*)nativeLlcpServiceSocket_doAccept},
+     {"doClose", "()Z", (void*)nativeLlcpServiceSocket_doClose},
+diff --git a/nci/jni/NativeLlcpSocket.cpp b/nci/jni/NativeLlcpSocket.cpp
+index 0ee0d248..fa49ec94 100644
+--- a/nci/jni/NativeLlcpSocket.cpp
++++ b/nci/jni/NativeLlcpSocket.cpp
+@@ -214,7 +214,7 @@ static jint nativeLlcpSocket_doGetRemoteSocketRW(JNIEnv* e, jobject o) {
+ ** Description:     JNI functions
+ **
+ *****************************************************************************/
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+     {"doConnect", "(I)Z", (void*)nativeLlcpSocket_doConnect},
+     {"doConnectBy", "(Ljava/lang/String;)Z",
+      (void*)nativeLlcpSocket_doConnectBy},
+diff --git a/nci/jni/NativeNfcManager.cpp b/nci/jni/NativeNfcManager.cpp
+index 28ae464a..6804497b 100644
+--- a/nci/jni/NativeNfcManager.cpp
++++ b/nci/jni/NativeNfcManager.cpp
+@@ -2149,7 +2149,7 @@ static void nfcManager_doSetNfceePowerAndLinkCtrl(JNIEnv* e, jobject o,
+ ** JNI functions for android-4.0.1_r1
+ **
+ *****************************************************************************/
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+     {"doDownload", "()Z", (void*)nfcManager_doDownload},
+ 
+     {"initializeNativeStructure", "()Z", (void*)nfcManager_initNativeStruc},
+diff --git a/nci/jni/NativeNfcTag.cpp b/nci/jni/NativeNfcTag.cpp
+index cc167e67..a53c1425 100644
+--- a/nci/jni/NativeNfcTag.cpp
++++ b/nci/jni/NativeNfcTag.cpp
+@@ -1853,7 +1853,7 @@ void nativeNfcTag_releaseRfInterfaceMutexLock() {
+ ** JNI functions for Android 4.0.3
+ **
+ *****************************************************************************/
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+     {"doConnect", "(I)I", (void*)nativeNfcTag_doConnect},
+     {"doDisconnect", "()Z", (void*)nativeNfcTag_doDisconnect},
+     {"doReconnect", "()I", (void*)nativeNfcTag_doReconnect},
+diff --git a/nci/jni/NativeP2pDevice.cpp b/nci/jni/NativeP2pDevice.cpp
+index 23f5db41..396c6d0c 100644
+--- a/nci/jni/NativeP2pDevice.cpp
++++ b/nci/jni/NativeP2pDevice.cpp
+@@ -58,7 +58,7 @@ static jboolean nativeP2pDeviceDoSend(JNIEnv*, jobject, jbyteArray) {
+ ** Description:     JNI functions
+ **
+ *****************************************************************************/
+-static JNINativeMethod gMethods[] = {
++static const JNINativeMethod gMethods[] = {
+     {"doConnect", "()Z", (void*)nativeP2pDeviceDoConnect},
+     {"doDisconnect", "()Z", (void*)nativeP2pDeviceDoDisconnect},
+     {"doTransceive", "([B)[B", (void*)nativeP2pDeviceDoTransceive},
diff --git a/Patches/LineageOS-19.1/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch b/Patches/LineageOS-19.1/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch
new file mode 100644
index 00000000..d41977a7
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch
@@ -0,0 +1,341 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: MSe1969 <mse1969@posteo.de>
+Date: Mon, 10 Sep 2018 12:05:40 +0200
+Subject: [PATCH] Network & Internet Settings: Add option to switch off Captive
+ portal check
+
+ * Option added in Network & Internet Settings, which is equivalent to
+   the adb shell command 'settings put global captive_portal_mode [1/0]'
+ * Will be reset to default, if 'Reset network settings' is chosen (menu)
+ * Warning dialog is shown, when captive portal check is switched off
+ * Hidden under 'advanced'
+
+Cherry-picked from lin17-microG repo
+
+Change-Id: Ibbffdb5f3930df74ca8b4ba93d451f7fad086989
+---
+ res/values-de/cm_strings.xml                  |  3 +
+ res/values/cm_strings.xml                     |  5 ++
+ res/xml/network_and_internet.xml              |  7 ++
+ .../android/settings/ResetNetworkConfirm.java |  3 +
+ ...CaptivePortalModePreferenceController.java | 82 +++++++++++++++++++
+ .../network/CaptivePortalWarningDialog.java   | 74 +++++++++++++++++
+ .../CaptivePortalWarningDialogHost.java       | 32 ++++++++
+ .../network/NetworkDashboardFragment.java     | 17 +++-
+ 8 files changed, 222 insertions(+), 1 deletion(-)
+ create mode 100644 src/com/android/settings/network/CaptivePortalModePreferenceController.java
+ create mode 100644 src/com/android/settings/network/CaptivePortalWarningDialog.java
+ create mode 100644 src/com/android/settings/network/CaptivePortalWarningDialogHost.java
+
+diff --git a/res/values-de/cm_strings.xml b/res/values-de/cm_strings.xml
+index 1669bf4fbf..0c3ebffd3e 100644
+--- a/res/values-de/cm_strings.xml
++++ b/res/values-de/cm_strings.xml
+@@ -23,6 +23,9 @@
+     <string name="volume_link_notification_title">Klingelton- und Benachrichtigungslautstärke verknüpfen</string>
+     <string name="unlock_scramble_pin_layout_title">Zufällige Anordnung</string>
+     <string name="unlock_scramble_pin_layout_summary">Bei jedem Entsperrversuch die Ziffernanordnung zufällig neu wählen</string>
++    <string name="captive_portal_switch_title">Captive Portal Erkennung</string>
++    <string name="captive_portal_switch_summary">Ein-/Ausschalten der Captive Portal Erkennung (Vorgabe EIN).</string>
++    <string name="captive_portal_switch_warning">Nach dem Ausschalten der Captive-Portal-Erkennung empfangen Sie keine Verbindungs-Rückmeldung mehr. Wirklich fortfahren?</string>
+     <string name="lock_settings_picker_pattern_size_message">Größe des Musters auswählen</string>
+     <string name="lockpattern_settings_enable_error_path_title">Sperrmuster-Fehler anzeigen</string>
+     <string name="lockpattern_settings_enable_dots_title">Sperrmuster-Punkte anzeigen</string>
+diff --git a/res/values/cm_strings.xml b/res/values/cm_strings.xml
+index 01d746958e..9923c03f0e 100644
+--- a/res/values/cm_strings.xml
++++ b/res/values/cm_strings.xml
+@@ -78,6 +78,11 @@
+     <string name="unlock_scramble_pin_layout_title">Scramble layout</string>
+     <string name="unlock_scramble_pin_layout_summary">Scramble PIN layout when unlocking device</string>
+ 
++    <!-- Captive Portal -->
++    <string name="captive_portal_switch_title">Captive portal mode</string>
++    <string name="captive_portal_switch_summary">Enable or disable the captive portal probing for connection attempts (default ON).</string>
++    <string name="captive_portal_switch_warning">If you switch off the captive portal, you will not receive connectivity informations any longer. Really switch off?</string>
++
+     <!-- Lock screen pattern size -->
+     <string name="lock_pattern_size_3" translatable="false">3 \u00d7 3</string>
+     <string name="lock_pattern_size_4" translatable="false">4 \u00d7 4</string>
+diff --git a/res/xml/network_and_internet.xml b/res/xml/network_and_internet.xml
+index d842aad021..7f82235a2b 100644
+--- a/res/xml/network_and_internet.xml
++++ b/res/xml/network_and_internet.xml
+@@ -125,4 +125,11 @@
+         android:summary="@string/summary_placeholder"
+         android:order="25"
+         settings:controller="com.android.settings.network.AdaptiveConnectivityPreferenceController"/>
++
++    <SwitchPreference
++        android:key="captive_portal_switch"
++        android:title="@string/captive_portal_switch_title"
++        android:summary="@string/captive_portal_switch_summary"
++        android:order="30" />
++
+ </PreferenceScreen>
+diff --git a/src/com/android/settings/ResetNetworkConfirm.java b/src/com/android/settings/ResetNetworkConfirm.java
+index f79bdb2e36..aab19b4c73 100644
+--- a/src/com/android/settings/ResetNetworkConfirm.java
++++ b/src/com/android/settings/ResetNetworkConfirm.java
+@@ -142,6 +142,9 @@ public class ResetNetworkConfirm extends InstrumentedFragment {
+                 }
+             }
+ 
++            Settings.Global.putInt(mContext.getContentResolver(),
++                    Settings.Global.CAPTIVE_PORTAL_MODE, 1);
++
+             restoreDefaultApn(mContext);
+             Log.d(TAG, "network factoryReset complete. succeeded: "
+                     + String.valueOf(isResetSucceed));
+diff --git a/src/com/android/settings/network/CaptivePortalModePreferenceController.java b/src/com/android/settings/network/CaptivePortalModePreferenceController.java
+new file mode 100644
+index 0000000000..ae21b29292
+--- /dev/null
++++ b/src/com/android/settings/network/CaptivePortalModePreferenceController.java
+@@ -0,0 +1,82 @@
++/*
++ * Copyright (C) 2018 The LineageOS Project
++ *
++ * Licensed under the Apache License, Version 2.0 (the "License");
++ * you may not use this file except in compliance with the License.
++ * You may obtain a copy of the License at
++ *
++ *      http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ */
++package com.android.settings.network;
++
++import android.content.Context;
++import android.provider.Settings;
++
++import androidx.fragment.app.Fragment;
++import androidx.preference.Preference;
++import androidx.preference.SwitchPreference;
++
++import com.android.settings.core.PreferenceControllerMixin;
++import com.android.settingslib.core.AbstractPreferenceController;
++
++public class CaptivePortalModePreferenceController extends AbstractPreferenceController
++        implements PreferenceControllerMixin, Preference.OnPreferenceChangeListener {
++
++    private static final String TAG = "CaptivePortalModePreferenceController";
++    private static final String CAPTIVE_PORTAL_SWITCH_KEY = "captive_portal_switch";
++
++    private SwitchPreference mCaptivePortalMode;
++    private Preference mPreference;
++    private final Fragment mFragment;
++
++    public CaptivePortalModePreferenceController(Context context, Fragment hostFragment) {
++        super(context);
++
++        mFragment = hostFragment;
++    }
++
++    @Override
++    public void updateState(Preference preference) {
++        boolean value = (Settings.Global.getInt(mContext.getContentResolver(),
++                         Settings.Global.CAPTIVE_PORTAL_MODE,
++                         Settings.Global.CAPTIVE_PORTAL_MODE_PROMPT) != 0);
++        ((SwitchPreference) preference).setChecked(value);
++    }
++
++    @Override
++    public boolean onPreferenceChange(Preference preference, Object newValue) {
++        mPreference = preference;
++        if ((Boolean) newValue) {
++            Settings.Global.putInt(mContext.getContentResolver(),
++                    Settings.Global.CAPTIVE_PORTAL_MODE, 1);
++        } else {
++            CaptivePortalWarningDialog.show(mFragment);
++        }
++        return true;
++    }
++
++    public void onCaptivePortalSwitchOffDialogConfirmed() {
++        Settings.Global.putInt(mContext.getContentResolver(),
++                Settings.Global.CAPTIVE_PORTAL_MODE, 0);
++    }
++
++    public void onCaptivePortalSwitchOffDialogDismissed() {
++        updateState(mPreference);
++    }
++
++    @Override
++    public boolean isAvailable() {
++        return true;
++    }
++
++    @Override
++    public String getPreferenceKey() {
++        return CAPTIVE_PORTAL_SWITCH_KEY;
++    }
++}
+diff --git a/src/com/android/settings/network/CaptivePortalWarningDialog.java b/src/com/android/settings/network/CaptivePortalWarningDialog.java
+new file mode 100644
+index 0000000000..d27bd7d2f0
+--- /dev/null
++++ b/src/com/android/settings/network/CaptivePortalWarningDialog.java
+@@ -0,0 +1,74 @@
++/*
++ * Copyright (C) 2018 The LineageOS Project
++ *
++ * Licensed under the Apache License, Version 2.0 (the "License");
++ * you may not use this file except in compliance with the License.
++ * You may obtain a copy of the License at
++ *
++ *      http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ */
++
++package com.android.settings.network;
++
++import android.app.Dialog;
++import android.content.DialogInterface;
++import android.os.Bundle;
++
++import androidx.appcompat.app.AlertDialog;
++import androidx.fragment.app.Fragment;
++import androidx.fragment.app.FragmentManager;
++
++import com.android.internal.logging.nano.MetricsProto;
++import com.android.settings.R;
++import com.android.settings.core.instrumentation.InstrumentedDialogFragment;
++
++public class CaptivePortalWarningDialog extends InstrumentedDialogFragment implements
++        DialogInterface.OnClickListener, DialogInterface.OnDismissListener {
++
++    public static final String TAG = "CaptivePortalWarningDialog";
++
++    public static void show(Fragment host) {
++        final FragmentManager manager = host.getActivity().getSupportFragmentManager();
++        if (manager.findFragmentByTag(TAG) == null) {
++            final CaptivePortalWarningDialog dialog =
++                    new CaptivePortalWarningDialog();
++            dialog.setTargetFragment(host, 0 /* requestCode */);
++            dialog.show(manager, TAG);
++        }
++    }
++
++    @Override
++    public int getMetricsCategory() {
++        return MetricsProto.MetricsEvent.TYPE_UNKNOWN;
++    }
++
++    @Override
++    public Dialog onCreateDialog(Bundle savedInstanceState) {
++        return new AlertDialog.Builder(getActivity())
++                .setTitle(R.string.captive_portal_switch_title)
++                .setMessage(R.string.captive_portal_switch_warning)
++                .setIconAttribute(android.R.attr.alertDialogIcon)
++                .setPositiveButton(android.R.string.yes, this /* onClickListener */)
++                .setNegativeButton(android.R.string.no, this /* onClickListener */)
++                .create();
++    }
++
++    @Override
++    public void onClick(DialogInterface dialog, int which) {
++        final CaptivePortalWarningDialogHost host = (CaptivePortalWarningDialogHost) getTargetFragment();
++        if (host == null) {
++            return;
++        }
++        if (which == DialogInterface.BUTTON_POSITIVE) {
++            host.onCaptivePortalSwitchOffDialogConfirmed();
++        } else {
++            host.onCaptivePortalSwitchOffDialogDismissed();
++        }
++    }
++}
+diff --git a/src/com/android/settings/network/CaptivePortalWarningDialogHost.java b/src/com/android/settings/network/CaptivePortalWarningDialogHost.java
+new file mode 100644
+index 0000000000..7a04d1f831
+--- /dev/null
++++ b/src/com/android/settings/network/CaptivePortalWarningDialogHost.java
+@@ -0,0 +1,32 @@
++/*
++ * Copyright (C) 2018 The LineageOS Project
++ *
++ * Licensed under the Apache License, Version 2.0 (the "License");
++ * you may not use this file except in compliance with the License.
++ * You may obtain a copy of the License at
++ *
++ *      http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ */
++
++package com.android.settings.network;
++
++/**
++ * Interface for CaptivePortalWarningDialogHost callbacks.
++ */
++public interface CaptivePortalWarningDialogHost {
++    /**
++     * Called when the user presses YES/ok on the warning dialog.
++     */
++    void onCaptivePortalSwitchOffDialogConfirmed();
++
++    /**
++     * Called when the user presses NO/cancel on the warning dialog.
++     */
++    void onCaptivePortalSwitchOffDialogDismissed();
++}
+diff --git a/src/com/android/settings/network/NetworkDashboardFragment.java b/src/com/android/settings/network/NetworkDashboardFragment.java
+index 286e4e36e5..0eb79c5d4c 100644
+--- a/src/com/android/settings/network/NetworkDashboardFragment.java
++++ b/src/com/android/settings/network/NetworkDashboardFragment.java
+@@ -44,7 +44,7 @@ import java.util.List;
+ 
+ @SearchIndexable
+ public class NetworkDashboardFragment extends DashboardFragment implements
+-        MobilePlanPreferenceHost {
++        MobilePlanPreferenceHost, CaptivePortalWarningDialogHost {
+ 
+     private static final String TAG = "NetworkDashboardFrag";
+ 
+@@ -100,6 +100,8 @@ public class NetworkDashboardFragment extends DashboardFragment implements
+                 new VpnPreferenceController(context);
+         final PrivateDnsPreferenceController privateDnsPreferenceController =
+                 new PrivateDnsPreferenceController(context);
++        final CaptivePortalModePreferenceController captiveportalModePreferenceController =
++                new CaptivePortalModePreferenceController(context, fragment);
+ 
+         if (lifecycle != null) {
+             lifecycle.addObserver(mobilePlanPreferenceController);
+@@ -118,10 +120,23 @@ public class NetworkDashboardFragment extends DashboardFragment implements
+             controllers.add(internetPreferenceController);
+         }
+         controllers.add(privateDnsPreferenceController);
++        controllers.add(captiveportalModePreferenceController);
+         controllers.add(new NetworkProviderCallsSmsController(context, lifecycle));
+         return controllers;
+     }
+ 
++    public void onCaptivePortalSwitchOffDialogConfirmed() {
++        final CaptivePortalModePreferenceController controller =
++                use(CaptivePortalModePreferenceController.class);
++        controller.onCaptivePortalSwitchOffDialogConfirmed();
++    }
++
++    public void onCaptivePortalSwitchOffDialogDismissed() {
++        final CaptivePortalModePreferenceController controller =
++                use(CaptivePortalModePreferenceController.class);
++        controller.onCaptivePortalSwitchOffDialogDismissed();
++    }
++
+     @Override
+     public void showMobilePlanMessageDialog() {
+         showDialog(MANAGE_MOBILE_PLAN_DIALOG_ID);
diff --git a/Patches/LineageOS-19.1/android_packages_apps_Settings/0004-Private_DNS.patch b/Patches/LineageOS-19.1/android_packages_apps_Settings/0004-Private_DNS.patch
new file mode 100644
index 00000000..32d33831
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_packages_apps_Settings/0004-Private_DNS.patch
@@ -0,0 +1,318 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Tad <tad@spotco.us>
+Date: Thu, 21 Oct 2021 21:09:38 -0400
+Subject: [PATCH] Add more 'Private DNS' options
+
+This adds thirteen DNS providers as available presets.
+
+Credit: CalyxOS
+- Chirayu Desai <chirayudesai1@gmail.com>
+  https://review.calyxos.org/c/CalyxOS/platform_packages_apps_Settings/+/458
+- Pavel Shirshov <pshirshov@eml.cc>
+  https://review.calyxos.org/c/CalyxOS/platform_packages_apps_Settings/+/5357
+
+Signed-off-by: Tad <tad@spotco.us>
+Change-Id: I423ad5a3c360a687a226e61df3f75b5550f851c0
+---
+ res/layout/private_dns_mode_dialog.xml        | 52 +++++++++++
+ res/values/cm_strings.xml                     | 15 +++
+ .../PrivateDnsModeDialogPreference.java       | 92 +++++++++++++++++++
+ .../PrivateDnsPreferenceController.java       | 65 +++++++++++++
+ 4 files changed, 224 insertions(+)
+
+diff --git a/res/layout/private_dns_mode_dialog.xml b/res/layout/private_dns_mode_dialog.xml
+index 12e29e693b..b6745806b5 100644
+--- a/res/layout/private_dns_mode_dialog.xml
++++ b/res/layout/private_dns_mode_dialog.xml
+@@ -35,6 +35,58 @@
+                 android:id="@+id/private_dns_mode_off"
+                 layout="@layout/preference_widget_dialog_radiobutton"/>
+ 
++            <include
++                android:id="@+id/private_dns_mode_adguard"
++                layout="@layout/preference_widget_dialog_radiobutton"/>
++
++            <include
++                android:id="@+id/private_dns_mode_appliedprivacy"
++                layout="@layout/preference_widget_dialog_radiobutton"/>
++
++            <include
++                android:id="@+id/private_dns_mode_cira"
++                layout="@layout/preference_widget_dialog_radiobutton"/>
++
++            <include
++                android:id="@+id/private_dns_mode_cleanbrowsing"
++                layout="@layout/preference_widget_dialog_radiobutton"/>
++
++            <include
++                android:id="@+id/private_dns_mode_cloudflare"
++                layout="@layout/preference_widget_dialog_radiobutton"/>
++
++            <include
++                android:id="@+id/private_dns_mode_cznic"
++                layout="@layout/preference_widget_dialog_radiobutton"/>
++
++            <include
++                android:id="@+id/private_dns_mode_google"
++                layout="@layout/preference_widget_dialog_radiobutton"/>
++
++            <include
++                android:id="@+id/private_dns_mode_mullvad"
++                layout="@layout/preference_widget_dialog_radiobutton"/>
++
++            <include
++                android:id="@+id/private_dns_mode_quadnine"
++                layout="@layout/preference_widget_dialog_radiobutton"/>
++
++            <include
++                android:id="@+id/private_dns_mode_restena"
++                layout="@layout/preference_widget_dialog_radiobutton"/>
++
++            <include
++                android:id="@+id/private_dns_mode_switch"
++                layout="@layout/preference_widget_dialog_radiobutton"/>
++
++            <include
++                android:id="@+id/private_dns_mode_twnic"
++                layout="@layout/preference_widget_dialog_radiobutton"/>
++
++            <include
++                android:id="@+id/private_dns_mode_uncensoreddns"
++                layout="@layout/preference_widget_dialog_radiobutton"/>
++
+             <include
+                 android:id="@+id/private_dns_mode_opportunistic"
+                 layout="@layout/preference_widget_dialog_radiobutton"/>
+diff --git a/res/values/cm_strings.xml b/res/values/cm_strings.xml
+index 9923c03f0e..9495cd3d0e 100644
+--- a/res/values/cm_strings.xml
++++ b/res/values/cm_strings.xml
+@@ -74,6 +74,21 @@
+     <!-- Volume link notification -->
+     <string name="volume_link_notification_title">Link ring &amp; notification volumes</string>
+ 
++    <!-- Private DNS -->
++    <string name="private_dns_mode_adguard" translatable="false">AdGuard (CY)</string>
++    <string name="private_dns_mode_appliedprivacy" translatable="false">AppliedPrivacy (AT)</string>
++    <string name="private_dns_mode_cira" translatable="false">CIRA (CA)</string>
++    <string name="private_dns_mode_cleanbrowsing" translatable="false">CleanBrowsing (US)</string>
++    <string name="private_dns_mode_cloudflare" translatable="false">Cloudflare (US)</string>
++    <string name="private_dns_mode_cznic" translatable="false">CZ.NIC (CZ)</string>
++    <string name="private_dns_mode_google" translatable="false">Google (US)</string>
++    <string name="private_dns_mode_mullvad" translatable="false">Mullvad (SE)</string>
++    <string name="private_dns_mode_quadnine" translatable="false">Quad9 (CH)</string>
++    <string name="private_dns_mode_restena" translatable="false">Restena (LU)</string>
++    <string name="private_dns_mode_switch" translatable="false">SWITCH (CH)</string>
++    <string name="private_dns_mode_twnic" translatable="false">TW.NIC (TW)</string>
++    <string name="private_dns_mode_uncensoreddns" translatable="false">UncensoredDNS (DK)</string>
++
+     <!-- PIN scramble -->
+     <string name="unlock_scramble_pin_layout_title">Scramble layout</string>
+     <string name="unlock_scramble_pin_layout_summary">Scramble PIN layout when unlocking device</string>
+diff --git a/src/com/android/settings/network/PrivateDnsModeDialogPreference.java b/src/com/android/settings/network/PrivateDnsModeDialogPreference.java
+index 1c3fc76dba..0be44c4fee 100644
+--- a/src/com/android/settings/network/PrivateDnsModeDialogPreference.java
++++ b/src/com/android/settings/network/PrivateDnsModeDialogPreference.java
+@@ -18,6 +18,19 @@ package com.android.settings.network;
+ import static android.net.ConnectivitySettingsManager.PRIVATE_DNS_MODE_OFF;
+ import static android.net.ConnectivitySettingsManager.PRIVATE_DNS_MODE_OPPORTUNISTIC;
+ import static android.net.ConnectivitySettingsManager.PRIVATE_DNS_MODE_PROVIDER_HOSTNAME;
++import static android.net.ConnectivitySettingsManager.PRIVATE_DNS_MODE_ADGUARD;
++import static android.net.ConnectivitySettingsManager.PRIVATE_DNS_MODE_APPLIEDPRIVACY;
++import static android.net.ConnectivitySettingsManager.PRIVATE_DNS_MODE_CIRA;
++import static android.net.ConnectivitySettingsManager.PRIVATE_DNS_MODE_CLEANBROWSING;
++import static android.net.ConnectivitySettingsManager.PRIVATE_DNS_MODE_CLOUDFLARE;
++import static android.net.ConnectivitySettingsManager.PRIVATE_DNS_MODE_CZNIC;
++import static android.net.ConnectivitySettingsManager.PRIVATE_DNS_MODE_GOOGLE;
++import static android.net.ConnectivitySettingsManager.PRIVATE_DNS_MODE_MULLVAD;
++import static android.net.ConnectivitySettingsManager.PRIVATE_DNS_MODE_QUADNINE;
++import static android.net.ConnectivitySettingsManager.PRIVATE_DNS_MODE_RESTENA;
++import static android.net.ConnectivitySettingsManager.PRIVATE_DNS_MODE_SWITCH;
++import static android.net.ConnectivitySettingsManager.PRIVATE_DNS_MODE_TWNIC;
++import static android.net.ConnectivitySettingsManager.PRIVATE_DNS_MODE_UNCENSOREDDNS;
+ 
+ import static com.android.settingslib.RestrictedLockUtils.EnforcedAdmin;
+ 
+@@ -75,6 +88,19 @@ public class PrivateDnsModeDialogPreference extends CustomDialogPreferenceCompat
+     static {
+         PRIVATE_DNS_MAP = new HashMap<>();
+         PRIVATE_DNS_MAP.put(PRIVATE_DNS_MODE_OFF, R.id.private_dns_mode_off);
++        PRIVATE_DNS_MAP.put(PRIVATE_DNS_MODE_ADGUARD, R.id.private_dns_mode_adguard);
++        PRIVATE_DNS_MAP.put(PRIVATE_DNS_MODE_APPLIEDPRIVACY, R.id.private_dns_mode_appliedprivacy);
++        PRIVATE_DNS_MAP.put(PRIVATE_DNS_MODE_CIRA, R.id.private_dns_mode_cira);
++        PRIVATE_DNS_MAP.put(PRIVATE_DNS_MODE_CLEANBROWSING, R.id.private_dns_mode_cleanbrowsing);
++        PRIVATE_DNS_MAP.put(PRIVATE_DNS_MODE_CLOUDFLARE, R.id.private_dns_mode_cloudflare);
++        PRIVATE_DNS_MAP.put(PRIVATE_DNS_MODE_CZNIC, R.id.private_dns_mode_cznic);
++        PRIVATE_DNS_MAP.put(PRIVATE_DNS_MODE_GOOGLE, R.id.private_dns_mode_google);
++        PRIVATE_DNS_MAP.put(PRIVATE_DNS_MODE_MULLVAD, R.id.private_dns_mode_mullvad);
++        PRIVATE_DNS_MAP.put(PRIVATE_DNS_MODE_QUADNINE, R.id.private_dns_mode_quadnine);
++        PRIVATE_DNS_MAP.put(PRIVATE_DNS_MODE_RESTENA, R.id.private_dns_mode_restena);
++        PRIVATE_DNS_MAP.put(PRIVATE_DNS_MODE_SWITCH, R.id.private_dns_mode_switch);
++        PRIVATE_DNS_MAP.put(PRIVATE_DNS_MODE_TWNIC, R.id.private_dns_mode_twnic);
++        PRIVATE_DNS_MAP.put(PRIVATE_DNS_MODE_UNCENSOREDDNS, R.id.private_dns_mode_uncensoreddns);
+         PRIVATE_DNS_MAP.put(PRIVATE_DNS_MODE_OPPORTUNISTIC, R.id.private_dns_mode_opportunistic);
+         PRIVATE_DNS_MAP.put(PRIVATE_DNS_MODE_PROVIDER_HOSTNAME, R.id.private_dns_mode_provider);
+     }
+@@ -173,6 +199,46 @@ public class PrivateDnsModeDialogPreference extends CustomDialogPreferenceCompat
+         // Initial radio button text
+         final RadioButton offRadioButton = view.findViewById(R.id.private_dns_mode_off);
+         offRadioButton.setText(R.string.private_dns_mode_off);
++        final RadioButton adguardRadioButton =
++                view.findViewById(R.id.private_dns_mode_adguard);
++        adguardRadioButton.setText(R.string.private_dns_mode_adguard);
++        final RadioButton appliedprivacyRadioButton =
++                view.findViewById(R.id.private_dns_mode_appliedprivacy);
++        appliedprivacyRadioButton.setText(R.string.private_dns_mode_appliedprivacy);
++        final RadioButton ciraRadioButton =
++                view.findViewById(R.id.private_dns_mode_cira);
++        ciraRadioButton.setText(R.string.private_dns_mode_cira);
++        final RadioButton cleanbrowsingRadioButton =
++                view.findViewById(R.id.private_dns_mode_cleanbrowsing);
++        cleanbrowsingRadioButton.setText(R.string.private_dns_mode_cleanbrowsing);
++        final RadioButton cloudflareRadioButton =
++                view.findViewById(R.id.private_dns_mode_cloudflare);
++        cloudflareRadioButton.setText(R.string.private_dns_mode_cloudflare);
++        final RadioButton cznicRadioButton =
++                view.findViewById(R.id.private_dns_mode_cznic);
++        cznicRadioButton.setText(R.string.private_dns_mode_cznic);
++        final RadioButton googleRadioButton =
++                view.findViewById(R.id.private_dns_mode_google);
++        googleRadioButton.setText(R.string.private_dns_mode_google);
++        final RadioButton mullvadRadioButton =
++                view.findViewById(R.id.private_dns_mode_mullvad);
++        mullvadRadioButton.setText(R.string.private_dns_mode_mullvad);
++        final RadioButton quadnineRadioButton =
++                view.findViewById(R.id.private_dns_mode_quadnine);
++        quadnineRadioButton.setText(R.string.private_dns_mode_quadnine);
++        final RadioButton restenaRadioButton =
++                view.findViewById(R.id.private_dns_mode_restena);
++        restenaRadioButton.setText(R.string.private_dns_mode_restena);
++        final RadioButton switchRadioButton =
++                view.findViewById(R.id.private_dns_mode_switch);
++        switchRadioButton.setText(R.string.private_dns_mode_switch);
++        final RadioButton twnicRadioButton =
++                view.findViewById(R.id.private_dns_mode_twnic);
++        twnicRadioButton.setText(R.string.private_dns_mode_twnic);
++        final RadioButton uncensoreddnsRadioButton =
++                view.findViewById(R.id.private_dns_mode_uncensoreddns);
++        uncensoreddnsRadioButton.setText(R.string.private_dns_mode_uncensoreddns);
++
+         final RadioButton opportunisticRadioButton =
+                 view.findViewById(R.id.private_dns_mode_opportunistic);
+         opportunisticRadioButton.setText(R.string.private_dns_mode_opportunistic);
+@@ -212,6 +278,32 @@ public class PrivateDnsModeDialogPreference extends CustomDialogPreferenceCompat
+     public void onCheckedChanged(RadioGroup group, int checkedId) {
+         if (checkedId == R.id.private_dns_mode_off) {
+             mMode = PRIVATE_DNS_MODE_OFF;
++        } else if (checkedId == R.id.private_dns_mode_adguard) {
++            mMode = PRIVATE_DNS_MODE_ADGUARD;
++        } else if (checkedId == R.id.private_dns_mode_appliedprivacy) {
++            mMode = PRIVATE_DNS_MODE_APPLIEDPRIVACY;
++        } else if (checkedId == R.id.private_dns_mode_cira) {
++            mMode = PRIVATE_DNS_MODE_CIRA;
++        } else if (checkedId == R.id.private_dns_mode_cleanbrowsing) {
++            mMode = PRIVATE_DNS_MODE_CLEANBROWSING;
++        } else if (checkedId == R.id.private_dns_mode_cloudflare) {
++            mMode = PRIVATE_DNS_MODE_CLOUDFLARE;
++        } else if (checkedId == R.id.private_dns_mode_cznic) {
++            mMode = PRIVATE_DNS_MODE_CZNIC;
++        } else if (checkedId == R.id.private_dns_mode_google) {
++            mMode = PRIVATE_DNS_MODE_GOOGLE;
++        } else if (checkedId == R.id.private_dns_mode_mullvad) {
++            mMode = PRIVATE_DNS_MODE_MULLVAD;
++        } else if (checkedId == R.id.private_dns_mode_quadnine) {
++            mMode = PRIVATE_DNS_MODE_QUADNINE;
++        } else if (checkedId == R.id.private_dns_mode_restena) {
++            mMode = PRIVATE_DNS_MODE_RESTENA;
++        } else if (checkedId == R.id.private_dns_mode_switch) {
++            mMode = PRIVATE_DNS_MODE_SWITCH;
++        } else if (checkedId == R.id.private_dns_mode_twnic) {
++            mMode = PRIVATE_DNS_MODE_TWNIC;
++        } else if (checkedId == R.id.private_dns_mode_uncensoreddns) {
++            mMode = PRIVATE_DNS_MODE_UNCENSOREDDNS;
+         } else if (checkedId == R.id.private_dns_mode_opportunistic) {
+             mMode = PRIVATE_DNS_MODE_OPPORTUNISTIC;
+         } else if (checkedId == R.id.private_dns_mode_provider) {
+diff --git a/src/com/android/settings/network/PrivateDnsPreferenceController.java b/src/com/android/settings/network/PrivateDnsPreferenceController.java
+index 07d57140ec..ee9bf84faf 100644
+--- a/src/com/android/settings/network/PrivateDnsPreferenceController.java
++++ b/src/com/android/settings/network/PrivateDnsPreferenceController.java
+@@ -19,6 +19,19 @@ package com.android.settings.network;
+ import static android.net.ConnectivitySettingsManager.PRIVATE_DNS_MODE_OFF;
+ import static android.net.ConnectivitySettingsManager.PRIVATE_DNS_MODE_OPPORTUNISTIC;
+ import static android.net.ConnectivitySettingsManager.PRIVATE_DNS_MODE_PROVIDER_HOSTNAME;
++import static android.net.ConnectivitySettingsManager.PRIVATE_DNS_MODE_ADGUARD;
++import static android.net.ConnectivitySettingsManager.PRIVATE_DNS_MODE_APPLIEDPRIVACY;
++import static android.net.ConnectivitySettingsManager.PRIVATE_DNS_MODE_CIRA;
++import static android.net.ConnectivitySettingsManager.PRIVATE_DNS_MODE_CLEANBROWSING;
++import static android.net.ConnectivitySettingsManager.PRIVATE_DNS_MODE_CLOUDFLARE;
++import static android.net.ConnectivitySettingsManager.PRIVATE_DNS_MODE_CZNIC;
++import static android.net.ConnectivitySettingsManager.PRIVATE_DNS_MODE_GOOGLE;
++import static android.net.ConnectivitySettingsManager.PRIVATE_DNS_MODE_MULLVAD;
++import static android.net.ConnectivitySettingsManager.PRIVATE_DNS_MODE_QUADNINE;
++import static android.net.ConnectivitySettingsManager.PRIVATE_DNS_MODE_RESTENA;
++import static android.net.ConnectivitySettingsManager.PRIVATE_DNS_MODE_SWITCH;
++import static android.net.ConnectivitySettingsManager.PRIVATE_DNS_MODE_TWNIC;
++import static android.net.ConnectivitySettingsManager.PRIVATE_DNS_MODE_UNCENSOREDDNS;
+ import static android.provider.Settings.Global.PRIVATE_DNS_DEFAULT_MODE;
+ import static android.provider.Settings.Global.PRIVATE_DNS_MODE;
+ import static android.provider.Settings.Global.PRIVATE_DNS_SPECIFIER;
+@@ -126,6 +139,58 @@ public class PrivateDnsPreferenceController extends BasePreferenceController
+         switch (mode) {
+             case PRIVATE_DNS_MODE_OFF:
+                 return res.getString(R.string.private_dns_mode_off);
++            case PRIVATE_DNS_MODE_ADGUARD:
++                return dnsesResolved
++                        ? res.getString(R.string.private_dns_mode_adguard)
++                        : res.getString(R.string.private_dns_mode_provider_failure);
++            case PRIVATE_DNS_MODE_APPLIEDPRIVACY:
++                return dnsesResolved
++                        ? res.getString(R.string.private_dns_mode_appliedprivacy)
++                        : res.getString(R.string.private_dns_mode_provider_failure);
++            case PRIVATE_DNS_MODE_CIRA:
++                return dnsesResolved
++                        ? res.getString(R.string.private_dns_mode_cira)
++                        : res.getString(R.string.private_dns_mode_provider_failure);
++            case PRIVATE_DNS_MODE_CLEANBROWSING:
++                return dnsesResolved
++                        ? res.getString(R.string.private_dns_mode_cleanbrowsing)
++                        : res.getString(R.string.private_dns_mode_provider_failure);
++            case PRIVATE_DNS_MODE_CLOUDFLARE:
++                return dnsesResolved
++                        ? res.getString(R.string.private_dns_mode_cloudflare)
++                        : res.getString(R.string.private_dns_mode_provider_failure);
++            case PRIVATE_DNS_MODE_CZNIC:
++                return dnsesResolved
++                        ? res.getString(R.string.private_dns_mode_cznic)
++                        : res.getString(R.string.private_dns_mode_provider_failure);
++            case PRIVATE_DNS_MODE_GOOGLE:
++                return dnsesResolved
++                        ? res.getString(R.string.private_dns_mode_google)
++                        : res.getString(R.string.private_dns_mode_provider_failure);
++            case PRIVATE_DNS_MODE_MULLVAD:
++                return dnsesResolved
++                        ? res.getString(R.string.private_dns_mode_mullvad)
++                        : res.getString(R.string.private_dns_mode_provider_failure);
++            case PRIVATE_DNS_MODE_QUADNINE:
++                return dnsesResolved
++                        ? res.getString(R.string.private_dns_mode_quadnine)
++                        : res.getString(R.string.private_dns_mode_provider_failure);
++            case PRIVATE_DNS_MODE_RESTENA:
++                return dnsesResolved
++                        ? res.getString(R.string.private_dns_mode_restena)
++                        : res.getString(R.string.private_dns_mode_provider_failure);
++            case PRIVATE_DNS_MODE_SWITCH:
++                return dnsesResolved
++                        ? res.getString(R.string.private_dns_mode_switch)
++                        : res.getString(R.string.private_dns_mode_provider_failure);
++            case PRIVATE_DNS_MODE_TWNIC:
++                return dnsesResolved
++                        ? res.getString(R.string.private_dns_mode_twnic)
++                        : res.getString(R.string.private_dns_mode_provider_failure);
++            case PRIVATE_DNS_MODE_UNCENSOREDDNS:
++                return dnsesResolved
++                        ? res.getString(R.string.private_dns_mode_uncensoreddns)
++                        : res.getString(R.string.private_dns_mode_provider_failure);
+             case PRIVATE_DNS_MODE_OPPORTUNISTIC:
+                 return dnsesResolved ? res.getString(R.string.private_dns_mode_on)
+                         : res.getString(R.string.private_dns_mode_opportunistic);
diff --git a/Patches/LineageOS-19.1/android_packages_apps_Settings/0005-Automatic_Reboot.patch b/Patches/LineageOS-19.1/android_packages_apps_Settings/0005-Automatic_Reboot.patch
new file mode 100644
index 00000000..43f41996
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_packages_apps_Settings/0005-Automatic_Reboot.patch
@@ -0,0 +1,196 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: pratyush <codelab@pratyush.dev>
+Date: Mon, 7 Jun 2021 22:15:59 +0100
+Subject: [PATCH] add auto-reboot setting
+
+---
+ res/values/arrays.xml                         | 31 +++++++
+ res/values/strings.xml                        |  3 +
+ res/xml/security_dashboard_settings.xml       | 10 ++-
+ .../AutoRebootPreferenceController.java       | 82 +++++++++++++++++++
+ .../settings/security/SecuritySettings.java   |  1 +
+ 5 files changed, 126 insertions(+), 1 deletion(-)
+ create mode 100644 src/com/android/settings/security/AutoRebootPreferenceController.java
+
+diff --git a/res/values/arrays.xml b/res/values/arrays.xml
+index 0fe13feb3e..7472ef5ecd 100644
+--- a/res/values/arrays.xml
++++ b/res/values/arrays.xml
+@@ -110,6 +110,37 @@
+         <item>@string/dark_ui_auto_mode_auto</item>
+     </string-array>
+ 
++    <!-- Auto reboot settings -->
++    <string-array name="auto_reboot_entries">
++        <item>Off</item>
++        <item>10 minutes</item>
++        <item>30 minutes</item>
++        <item>1 hour</item>
++        <item>2 hours</item>
++        <item>4 hours</item>
++        <item>8 hours</item>
++        <item>12 hours</item>
++        <item>24 hours</item>
++        <item>36 hours</item>
++        <item>48 hours</item>
++        <item>72 hours</item>
++    </string-array>
++
++    <string-array name="auto_reboot_values" translatable="false">
++        <item>0</item>  <!-- Disabled -->
++        <item>600000</item>
++        <item>1800000</item>
++        <item>3600000</item>
++        <item>7200000</item>
++        <item>14400000</item>
++        <item>28800000</item>
++        <item>43200000</item>
++        <item>86400000</item>
++        <item>129600000</item>
++        <item>172800000</item>
++        <item>259200000</item>
++    </string-array>
++
+     <!-- Security settings.  The delay after screen is turned off until device locks.
+          These are shown in a list dialog. -->
+     <string-array name="lock_after_timeout_entries">
+diff --git a/res/values/strings.xml b/res/values/strings.xml
+index 79ca7a465f..76aa5de4c7 100644
+--- a/res/values/strings.xml
++++ b/res/values/strings.xml
+@@ -650,6 +650,9 @@
+     <!-- Text shown for the description of the lock when trust lost option [CHAR LIMIT=NONE -->
+     <string name="trust_lost_locks_screen_summary">If enabled, the device will lock when the last trust agent loses trust</string>
+ 
++    <string name="auto_reboot_title">Auto reboot</string>
++    <string name="auto_reboot_summary">Automatically reboot the device, if the phone hasn\'t been unlocked within the selected number of hours.</string>
++
+     <!-- Text shown for summary of owner info setting (if none set) [CHAR LIMIT=40]-->
+     <string name="owner_info_settings_summary">None</string>
+     <!-- Description of how many characters are used in owner info [CHAR LIMIT=40]-->
+diff --git a/res/xml/security_dashboard_settings.xml b/res/xml/security_dashboard_settings.xml
+index 5b687afc48..25bead6622 100644
+--- a/res/xml/security_dashboard_settings.xml
++++ b/res/xml/security_dashboard_settings.xml
+@@ -55,6 +55,14 @@
+             android:summary="@string/summary_placeholder"
+             settings:keywords="@string/keywords_face_settings" />
+ 
++        <ListPreference
++            android:key="auto_reboot"
++            android:title="@string/auto_reboot_title"
++            android:summary="@string/auto_reboot_summary"
++            android:persistent="false"
++            android:entries="@array/auto_reboot_entries"
++            android:entryValues="@array/auto_reboot_values" />
++
+         <com.android.settingslib.RestrictedPreference
+             android:key="biometric_settings"
+             android:title="@string/security_settings_biometric_preference_title"
+@@ -170,4 +178,4 @@
+ 
+     </PreferenceCategory>
+ 
+-</PreferenceScreen>
+\ No newline at end of file
++</PreferenceScreen>
+diff --git a/src/com/android/settings/security/AutoRebootPreferenceController.java b/src/com/android/settings/security/AutoRebootPreferenceController.java
+new file mode 100644
+index 0000000000..c7a75219a5
+--- /dev/null
++++ b/src/com/android/settings/security/AutoRebootPreferenceController.java
+@@ -0,0 +1,82 @@
++package com.android.settings.security;
++
++import android.content.Context;
++import android.os.UserManager;
++import android.provider.Settings;
++import android.util.Log;
++
++import androidx.preference.ListPreference;
++import androidx.preference.Preference;
++import androidx.preference.PreferenceCategory;
++import androidx.preference.PreferenceScreen;
++
++import com.android.settings.core.PreferenceControllerMixin;
++import com.android.settingslib.core.AbstractPreferenceController;
++import com.android.settingslib.core.lifecycle.events.OnResume;
++
++public class AutoRebootPreferenceController extends AbstractPreferenceController
++    implements PreferenceControllerMixin, OnResume,
++           Preference.OnPreferenceChangeListener {
++
++    private static final String KEY_AUTO_REBOOT = "auto_reboot";
++    private static final String PREF_KEY_SECURITY_CATEGORY = "security_category";
++
++    private PreferenceCategory mSecurityCategory;
++    private boolean mIsAdmin;
++    private final UserManager mUm;
++
++    public AutoRebootPreferenceController(Context context) {
++        super(context);
++        mUm = UserManager.get(context);
++    }
++
++    @Override
++    public void displayPreference(PreferenceScreen screen) {
++        super.displayPreference(screen);
++        mSecurityCategory = screen.findPreference(PREF_KEY_SECURITY_CATEGORY);
++        updatePreferenceState();
++    }
++
++    @Override
++    public boolean isAvailable() {
++        mIsAdmin = mUm.isAdminUser();
++        return mIsAdmin;
++    }
++
++    @Override
++    public String getPreferenceKey() {
++        return KEY_AUTO_REBOOT;
++    }
++
++    // TODO: should we use onCreatePreferences() instead?
++    private void updatePreferenceState() {
++        if (mSecurityCategory == null) {
++            return;
++        }
++
++        if (mIsAdmin) {
++            ListPreference autoReboot =
++                    (ListPreference) mSecurityCategory.findPreference(KEY_AUTO_REBOOT);
++            autoReboot.setValue(Long.toString(Settings.Global.getLong(
++                    mContext.getContentResolver(), Settings.Global.SETTINGS_REBOOT_AFTER_TIMEOUT, 0)));
++        } else {
++            mSecurityCategory.removePreference(
++                    mSecurityCategory.findPreference(KEY_AUTO_REBOOT));
++        }
++    }
++
++    @Override
++    public void onResume() {
++        updatePreferenceState();
++    }
++
++    @Override
++    public boolean onPreferenceChange(Preference preference, Object value) {
++        final String key = preference.getKey();
++        if (KEY_AUTO_REBOOT.equals(key) && mIsAdmin) {
++            long timeout = Long.parseLong((String) value);
++            Settings.Global.putLong(mContext.getContentResolver(), Settings.Global.SETTINGS_REBOOT_AFTER_TIMEOUT, timeout);
++        }
++        return true;
++    }
++}
+diff --git a/src/com/android/settings/security/SecuritySettings.java b/src/com/android/settings/security/SecuritySettings.java
+index be123f2339..c8776749ef 100644
+--- a/src/com/android/settings/security/SecuritySettings.java
++++ b/src/com/android/settings/security/SecuritySettings.java
+@@ -122,6 +122,7 @@ public class SecuritySettings extends DashboardFragment {
+         securityPreferenceControllers.add(new CombinedBiometricStatusPreferenceController(
+                 context, lifecycle));
+         securityPreferenceControllers.add(new ChangeScreenLockPreferenceController(context, host));
++        securityPreferenceControllers.add(new AutoRebootPreferenceController(context));
+         controllers.add(new PreferenceCategoryController(context, SECURITY_CATEGORY)
+                 .setChildren(securityPreferenceControllers));
+         controllers.addAll(securityPreferenceControllers);
diff --git a/Patches/LineageOS-19.1/android_packages_apps_Settings/0006-Bluetooth_Timeout.patch b/Patches/LineageOS-19.1/android_packages_apps_Settings/0006-Bluetooth_Timeout.patch
new file mode 100644
index 00000000..40f57130
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_packages_apps_Settings/0006-Bluetooth_Timeout.patch
@@ -0,0 +1,238 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Oliver Scott <olivercscott@gmail.com>
+Date: Fri, 2 Oct 2020 12:37:30 -0400
+Subject: [PATCH] add bluetooth auto-turn-off setting
+
+---
+ res/values/arrays.xml                         |  44 +++++++
+ res/values/strings.xml                        |  19 +++
+ res/xml/connected_devices.xml                 |   8 ++
+ .../BluetoothTimeoutPreferenceController.java | 115 ++++++++++++++++++
+ 4 files changed, 186 insertions(+)
+ create mode 100644 src/com/android/settings/bluetooth/BluetoothTimeoutPreferenceController.java
+
+diff --git a/res/values/arrays.xml b/res/values/arrays.xml
+index 7472ef5ecd..b7428c8c10 100644
+--- a/res/values/arrays.xml
++++ b/res/values/arrays.xml
+@@ -39,6 +39,50 @@
+         <item>All</item>
+     </string-array>
+ 
++    <!-- Bluetooth settings.  The delay in inactivity before bluetooth is turned off. These are shown in a list dialog. -->
++    <string-array name="bluetooth_timeout_entries">
++        <item>@string/bluetooth_timeout_summary_never</item>
++        <item>@string/bluetooth_timeout_summary_15secs</item>
++        <item>@string/bluetooth_timeout_summary_30secs</item>
++        <item>@string/bluetooth_timeout_summary_1min</item>
++        <item>@string/bluetooth_timeout_summary_2mins</item>
++        <item>@string/bluetooth_timeout_summary_5mins</item>
++        <item>@string/bluetooth_timeout_summary_10mins</item>
++        <item>@string/bluetooth_timeout_summary_30mins</item>
++        <item>@string/bluetooth_timeout_summary_1hour</item>
++        <item>@string/bluetooth_timeout_summary_2hours</item>
++        <item>@string/bluetooth_timeout_summary_4hours</item>
++        <item>@string/bluetooth_timeout_summary_8hours</item>
++    </string-array>
++
++    <!-- Do not translate. -->
++    <string-array name="bluetooth_timeout_values" translatable="false">
++        <!-- Do not translate. -->
++        <item>0</item>
++        <!-- Do not translate. -->
++        <item>15000</item>
++        <!-- Do not translate. -->
++        <item>30000</item>
++        <!-- Do not translate. -->
++        <item>60000</item>
++        <!-- Do not translate. -->
++        <item>120000</item>
++        <!-- Do not translate. -->
++        <item>300000</item>
++        <!-- Do not translate. -->
++        <item>600000</item>
++        <!-- Do not translate. -->
++        <item>1800000</item>
++        <!-- Do not translate. -->
++        <item>3600000</item>
++        <!-- Do not translate. -->
++        <item>7200000</item>
++        <!-- Do not translate. -->
++        <item>14400000</item>
++        <!-- Do not translate. -->
++        <item>28800000</item>
++    </string-array>
++
+     <!-- Display settings.  The delay in inactivity before the screen is turned off. These are shown in a list dialog. -->
+     <string-array name="screen_timeout_entries">
+         <item>15 seconds</item>
+diff --git a/res/values/strings.xml b/res/values/strings.xml
+index 76aa5de4c7..4b53b52b5b 100644
+--- a/res/values/strings.xml
++++ b/res/values/strings.xml
+@@ -27,6 +27,25 @@
+     <!-- Used in confirmation dialogs as the action that the user will tap to turn on the feature. [CHAR LIMIT=40]-->
+     <string name="confirmation_turn_on">Turn on</string>
+ 
++    <!-- Connected devices screen, setting option name to change bluetooth timeout -->
++    <string name="bluetooth_timeout">Bluetooth timeout</string>
++
++    <!-- Connected devices screen, setting option summary to change bluetooth timeout -->
++    <string name="bluetooth_timeout_summary">Bluetooth will turn off after <xliff:g id="timeout_description">%1$s</xliff:g> if no devices connected</string>
++    <string name="bluetooth_timeout_summary2">Do not automatically turn off Bluetooth</string>
++    <string name="bluetooth_timeout_summary_never">Never</string>
++    <string name="bluetooth_timeout_summary_15secs">15 seconds</string>
++    <string name="bluetooth_timeout_summary_30secs">30 seconds</string>
++    <string name="bluetooth_timeout_summary_1min">1 minute</string>
++    <string name="bluetooth_timeout_summary_2mins">2 minutes</string>
++    <string name="bluetooth_timeout_summary_5mins">5 minutes</string>
++    <string name="bluetooth_timeout_summary_10mins">10 minutes</string>
++    <string name="bluetooth_timeout_summary_30mins">30 minutes</string>
++    <string name="bluetooth_timeout_summary_1hour">1 hour</string>
++    <string name="bluetooth_timeout_summary_2hours">2 hours</string>
++    <string name="bluetooth_timeout_summary_4hours">4 hours</string>
++    <string name="bluetooth_timeout_summary_8hours">8 hours</string>
++
+     <!-- Device Info screen. Used for a status item's value when the proper value is not known -->
+     <string name="device_info_default">Unknown</string>
+     <!-- [CHAR LIMIT=NONE] Device Info screen. Countdown for user taps to enable development settings -->
+diff --git a/res/xml/connected_devices.xml b/res/xml/connected_devices.xml
+index 2ac73aef49..a823ff996e 100644
+--- a/res/xml/connected_devices.xml
++++ b/res/xml/connected_devices.xml
+@@ -52,6 +52,14 @@
+         settings:useAdminDisabledSummary="true"
+         settings:controller="com.android.settings.connecteddevice.AddDevicePreferenceController"/>
+ 
++    <androidx.preference.ListPreference
++        android:key="bluetooth_timeout"
++        android:title="@string/bluetooth_timeout"
++        android:summary="@string/summary_placeholder"
++        android:entries="@array/bluetooth_timeout_entries"
++        android:entryValues="@array/bluetooth_timeout_values"
++        settings:controller="com.android.settings.bluetooth.BluetoothTimeoutPreferenceController"/>
++
+     <PreferenceCategory
+         android:key="previously_connected_devices"
+         android:title="@string/connected_device_previously_connected_title"
+diff --git a/src/com/android/settings/bluetooth/BluetoothTimeoutPreferenceController.java b/src/com/android/settings/bluetooth/BluetoothTimeoutPreferenceController.java
+new file mode 100644
+index 0000000000..244147948a
+--- /dev/null
++++ b/src/com/android/settings/bluetooth/BluetoothTimeoutPreferenceController.java
+@@ -0,0 +1,115 @@
++/*
++ * Copyright (C) 2020 The Calyx Institute
++ *
++ * Licensed under the Apache License, Version 2.0 (the "License");
++ * you may not use this file except in compliance with the License.
++ * You may obtain a copy of the License at
++ *
++ *      http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ */
++
++package com.android.settings.bluetooth;
++
++import android.bluetooth.BluetoothAdapter;
++import android.content.Context;
++import android.provider.Settings;
++import android.util.Log;
++
++import androidx.preference.ListPreference;
++import androidx.preference.Preference;
++
++import com.android.settings.R;
++import com.android.settings.core.BasePreferenceController;
++import com.android.settings.core.PreferenceControllerMixin;
++
++public class BluetoothTimeoutPreferenceController extends BasePreferenceController implements
++        PreferenceControllerMixin, Preference.OnPreferenceChangeListener {
++    private static final String TAG = "BluetoothTimeoutPrefCtrl";
++
++    public static final int FALLBACK_BLUETOOTH_TIMEOUT_VALUE = 0;
++
++    private final String mBluetoothTimeoutKey;
++
++    protected BluetoothAdapter mBluetoothAdapter;
++
++    public BluetoothTimeoutPreferenceController(Context context, String key) {
++        super(context, key);
++        mBluetoothTimeoutKey = key;
++
++        mBluetoothAdapter = BluetoothAdapter.getDefaultAdapter();
++        if (mBluetoothAdapter == null) {
++            Log.e(TAG, "Bluetooth is not supported on this device");
++            return;
++        }
++    }
++
++    @Override
++    public int getAvailabilityStatus() {
++        return mBluetoothAdapter != null ? AVAILABLE : UNSUPPORTED_ON_DEVICE;
++    }
++
++    @Override
++    public String getPreferenceKey() {
++        return mBluetoothTimeoutKey;
++    }
++
++    @Override
++    public void updateState(Preference preference) {
++        final ListPreference timeoutListPreference = (ListPreference) preference;
++        final long currentTimeout = Settings.Global.getLong(mContext.getContentResolver(),
++                Settings.Global.BLUETOOTH_OFF_TIMEOUT, FALLBACK_BLUETOOTH_TIMEOUT_VALUE);
++        timeoutListPreference.setValue(String.valueOf(currentTimeout));
++        updateTimeoutPreferenceDescription(timeoutListPreference,
++                Long.parseLong(timeoutListPreference.getValue()));
++    }
++
++    @Override
++    public boolean onPreferenceChange(Preference preference, Object newValue) {
++        try {
++            long value = Long.parseLong((String) newValue);
++            Settings.Global.putLong(mContext.getContentResolver(), Settings.Global.BLUETOOTH_OFF_TIMEOUT, value);
++            updateTimeoutPreferenceDescription((ListPreference) preference, value);
++        } catch (NumberFormatException e) {
++            Log.e(TAG, "could not persist bluetooth timeout setting", e);
++        }
++        return true;
++    }
++
++    public static CharSequence getTimeoutDescription(
++            long currentTimeout, CharSequence[] entries, CharSequence[] values) {
++        if (currentTimeout < 0 || entries == null || values == null
++                || values.length != entries.length) {
++            return null;
++        }
++
++        for (int i = 0; i < values.length; i++) {
++            long timeout = Long.parseLong(values[i].toString());
++            if (currentTimeout == timeout) {
++                return entries[i];
++            }
++        }
++        return null;
++    }
++
++    private void updateTimeoutPreferenceDescription(ListPreference preference,
++                                                    long currentTimeout) {
++        final CharSequence[] entries = preference.getEntries();
++        final CharSequence[] values = preference.getEntryValues();
++        final CharSequence timeoutDescription = getTimeoutDescription(
++                currentTimeout, entries, values);
++        String summary = "";
++        if (timeoutDescription != null) {
++            if (currentTimeout != 0)
++                summary = mContext.getString(R.string.bluetooth_timeout_summary, timeoutDescription);
++            else
++                summary = mContext.getString(R.string.bluetooth_timeout_summary2);
++        }
++        preference.setSummary(summary);
++    }
++}
diff --git a/Patches/LineageOS-19.1/android_packages_apps_Settings/0007-WiFi_Timeout.patch b/Patches/LineageOS-19.1/android_packages_apps_Settings/0007-WiFi_Timeout.patch
new file mode 100644
index 00000000..1f96a41d
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_packages_apps_Settings/0007-WiFi_Timeout.patch
@@ -0,0 +1,238 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Oliver Scott <olivercscott@gmail.com>
+Date: Thu, 25 Feb 2021 11:31:14 -0500
+Subject: [PATCH] add Wi-Fi timeout feature
+
+---
+ res/values/arrays.xml                         |  44 +++++++
+ res/values/strings.xml                        |  19 +++
+ res/xml/wifi_configure_settings.xml           |   8 ++
+ .../wifi/WifiTimeoutPreferenceController.java | 115 ++++++++++++++++++
+ 4 files changed, 186 insertions(+)
+ create mode 100644 src/com/android/settings/wifi/WifiTimeoutPreferenceController.java
+
+diff --git a/res/values/arrays.xml b/res/values/arrays.xml
+index b7428c8c10..a474c3bde0 100644
+--- a/res/values/arrays.xml
++++ b/res/values/arrays.xml
+@@ -83,6 +83,50 @@
+         <item>28800000</item>
+     </string-array>
+ 
++    <!-- Wifi settings.  The delay in inactivity before wifi is turned off. These are shown in a list dialog. -->
++    <string-array name="wifi_timeout_entries">
++        <item>@string/wifi_timeout_summary_never</item>
++        <item>@string/wifi_timeout_summary_15secs</item>
++        <item>@string/wifi_timeout_summary_30secs</item>
++        <item>@string/wifi_timeout_summary_1min</item>
++        <item>@string/wifi_timeout_summary_2mins</item>
++        <item>@string/wifi_timeout_summary_5mins</item>
++        <item>@string/wifi_timeout_summary_10mins</item>
++        <item>@string/wifi_timeout_summary_30mins</item>
++        <item>@string/wifi_timeout_summary_1hour</item>
++        <item>@string/wifi_timeout_summary_2hours</item>
++        <item>@string/wifi_timeout_summary_4hours</item>
++        <item>@string/wifi_timeout_summary_8hours</item>
++    </string-array>
++
++    <!-- Do not translate. -->
++    <string-array name="wifi_timeout_values" translatable="false">
++        <!-- Do not translate. -->
++        <item>0</item>
++        <!-- Do not translate. -->
++        <item>15000</item>
++        <!-- Do not translate. -->
++        <item>30000</item>
++        <!-- Do not translate. -->
++        <item>60000</item>
++        <!-- Do not translate. -->
++        <item>120000</item>
++        <!-- Do not translate. -->
++        <item>300000</item>
++        <!-- Do not translate. -->
++        <item>600000</item>
++        <!-- Do not translate. -->
++        <item>1800000</item>
++        <!-- Do not translate. -->
++        <item>3600000</item>
++        <!-- Do not translate. -->
++        <item>7200000</item>
++        <!-- Do not translate. -->
++        <item>14400000</item>
++        <!-- Do not translate. -->
++        <item>28800000</item>
++    </string-array>
++
+     <!-- Display settings.  The delay in inactivity before the screen is turned off. These are shown in a list dialog. -->
+     <string-array name="screen_timeout_entries">
+         <item>15 seconds</item>
+diff --git a/res/values/strings.xml b/res/values/strings.xml
+index 4b53b52b5b..2262ef679a 100644
+--- a/res/values/strings.xml
++++ b/res/values/strings.xml
+@@ -46,6 +46,25 @@
+     <string name="bluetooth_timeout_summary_4hours">4 hours</string>
+     <string name="bluetooth_timeout_summary_8hours">8 hours</string>
+ 
++    <!--  screen, setting option name to change wifi timeout -->
++    <string name="wifi_timeout">Turn off Wi-Fi automatically</string>
++
++    <!--  screen, setting option summary to change wifi timeout -->
++    <string name="wifi_timeout_summary">Wi-Fi will turn off after <xliff:g id="timeout_description">%1$s</xliff:g> if no network connected</string>
++    <string name="wifi_timeout_summary2">Disabled</string>
++    <string name="wifi_timeout_summary_never">Never</string>
++    <string name="wifi_timeout_summary_15secs">15 seconds</string>
++    <string name="wifi_timeout_summary_30secs">30 seconds</string>
++    <string name="wifi_timeout_summary_1min">1 minute</string>
++    <string name="wifi_timeout_summary_2mins">2 minutes</string>
++    <string name="wifi_timeout_summary_5mins">5 minutes</string>
++    <string name="wifi_timeout_summary_10mins">10 minutes</string>
++    <string name="wifi_timeout_summary_30mins">30 minutes</string>
++    <string name="wifi_timeout_summary_1hour">1 hour</string>
++    <string name="wifi_timeout_summary_2hours">2 hours</string>
++    <string name="wifi_timeout_summary_4hours">4 hours</string>
++    <string name="wifi_timeout_summary_8hours">8 hours</string>
++
+     <!-- Device Info screen. Used for a status item's value when the proper value is not known -->
+     <string name="device_info_default">Unknown</string>
+     <!-- [CHAR LIMIT=NONE] Device Info screen. Countdown for user taps to enable development settings -->
+diff --git a/res/xml/wifi_configure_settings.xml b/res/xml/wifi_configure_settings.xml
+index 2ab7b6a28f..a682e2db92 100644
+--- a/res/xml/wifi_configure_settings.xml
++++ b/res/xml/wifi_configure_settings.xml
+@@ -26,6 +26,14 @@
+         android:summary="@string/wifi_wakeup_summary"
+         settings:controller="com.android.settings.wifi.WifiWakeupPreferenceController"/>
+ 
++    <ListPreference
++        android:key="wifi_timeout"
++        android:title="@string/wifi_timeout"
++        android:summary="@string/wifi_timeout_summary"
++        android:entries="@array/wifi_timeout_entries"
++        android:entryValues="@array/wifi_timeout_values"
++        settings:controller="com.android.settings.wifi.WifiTimeoutPreferenceController"/>
++
+     <SwitchPreference
+         android:key="notify_open_networks"
+         android:title="@string/wifi_notify_open_networks"
+diff --git a/src/com/android/settings/wifi/WifiTimeoutPreferenceController.java b/src/com/android/settings/wifi/WifiTimeoutPreferenceController.java
+new file mode 100644
+index 0000000000..7116c90519
+--- /dev/null
++++ b/src/com/android/settings/wifi/WifiTimeoutPreferenceController.java
+@@ -0,0 +1,115 @@
++/*
++ * Copyright (C) 2020 The Calyx Institute
++ *
++ * Licensed under the Apache License, Version 2.0 (the "License");
++ * you may not use this file except in compliance with the License.
++ * You may obtain a copy of the License at
++ *
++ *      http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ */
++
++package com.android.settings.wifi;
++
++import android.content.Context;
++import android.net.wifi.WifiManager;
++import android.provider.Settings;
++import android.util.Log;
++
++import androidx.preference.ListPreference;
++import androidx.preference.Preference;
++
++import com.android.settings.R;
++import com.android.settings.core.BasePreferenceController;
++import com.android.settings.core.PreferenceControllerMixin;
++
++public class WifiTimeoutPreferenceController extends BasePreferenceController implements
++        PreferenceControllerMixin, Preference.OnPreferenceChangeListener {
++    private static final String TAG = "WifiTimeoutPrefCtrl";
++
++    public static final int FALLBACK_WIFI_TIMEOUT_VALUE = 0;
++
++    private final String mWifiTimeoutKey;
++
++    protected WifiManager mWifiManager;
++
++    public WifiTimeoutPreferenceController(Context context, String key) {
++        super(context, key);
++        mWifiTimeoutKey = key;
++
++        mWifiManager = context.getSystemService(WifiManager.class);
++        if (mWifiManager == null) {
++            Log.e(TAG, "Wifi is not supported on this device");
++            return;
++        }
++    }
++
++    @Override
++    public int getAvailabilityStatus() {
++        return mWifiManager != null ? AVAILABLE : UNSUPPORTED_ON_DEVICE;
++    }
++
++    @Override
++    public String getPreferenceKey() {
++        return mWifiTimeoutKey;
++    }
++
++    @Override
++    public void updateState(Preference preference) {
++        final ListPreference timeoutListPreference = (ListPreference) preference;
++        final long currentTimeout = Settings.Global.getLong(mContext.getContentResolver(),
++                Settings.Global.WIFI_OFF_TIMEOUT, FALLBACK_WIFI_TIMEOUT_VALUE);
++        timeoutListPreference.setValue(String.valueOf(currentTimeout));
++        updateTimeoutPreferenceDescription(timeoutListPreference,
++                Long.parseLong(timeoutListPreference.getValue()));
++    }
++
++    @Override
++    public boolean onPreferenceChange(Preference preference, Object newValue) {
++        try {
++            long value = Long.parseLong((String) newValue);
++            Settings.Global.putLong(mContext.getContentResolver(), Settings.Global.WIFI_OFF_TIMEOUT, value);
++            updateTimeoutPreferenceDescription((ListPreference) preference, value);
++        } catch (NumberFormatException e) {
++            Log.e(TAG, "could not persist wifi timeout setting", e);
++        }
++        return true;
++    }
++
++    public static CharSequence getTimeoutDescription(
++            long currentTimeout, CharSequence[] entries, CharSequence[] values) {
++        if (currentTimeout < 0 || entries == null || values == null
++                || values.length != entries.length) {
++            return null;
++        }
++
++        for (int i = 0; i < values.length; i++) {
++            long timeout = Long.parseLong(values[i].toString());
++            if (currentTimeout == timeout) {
++                return entries[i];
++            }
++        }
++        return null;
++    }
++
++    private void updateTimeoutPreferenceDescription(ListPreference preference,
++                                                    long currentTimeout) {
++        final CharSequence[] entries = preference.getEntries();
++        final CharSequence[] values = preference.getEntryValues();
++        final CharSequence timeoutDescription = getTimeoutDescription(
++                currentTimeout, entries, values);
++        String summary = "";
++        if (timeoutDescription != null) {
++            if (currentTimeout != 0)
++                summary = mContext.getString(R.string.wifi_timeout_summary, timeoutDescription);
++            else
++                summary = mContext.getString(R.string.wifi_timeout_summary2);
++        }
++        preference.setSummary(summary);
++    }
++}
diff --git a/Patches/LineageOS-19.1/android_packages_apps_Settings/0008-ptrace_scope.patch b/Patches/LineageOS-19.1/android_packages_apps_Settings/0008-ptrace_scope.patch
new file mode 100644
index 00000000..dcf9c2f9
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_packages_apps_Settings/0008-ptrace_scope.patch
@@ -0,0 +1,168 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: flawedworld <38294951+flawedworld@users.noreply.github.com>
+Date: Tue, 6 Apr 2021 01:15:32 +0100
+Subject: [PATCH] add native debugging setting
+
+---
+ res/values/strings.xml                        |   3 +
+ res/xml/security_dashboard_settings.xml       |   6 +
+ .../NativeDebugPreferenceController.java      | 106 ++++++++++++++++++
+ .../settings/security/SecuritySettings.java   |   1 +
+ 4 files changed, 116 insertions(+)
+ create mode 100644 src/com/android/settings/security/NativeDebugPreferenceController.java
+
+diff --git a/res/values/strings.xml b/res/values/strings.xml
+index 2262ef679a..86fca902ec 100644
+--- a/res/values/strings.xml
++++ b/res/values/strings.xml
+@@ -13109,6 +13109,9 @@
+     <!-- UI debug setting: Force enable "smart dark" UI rendering feature summary [CHAR LIMIT=NONE] -->
+     <string name="hwui_force_dark_summary">Overrides the force-dark feature to be always-on</string>
+ 
++    <string name="native_debug_title">Enable native code debugging</string>
++    <string name="native_debug_summary">Generate useful logs / bug reports from crashes and permit debugging native code.</string>
++
+     <!-- Title for the top level Privacy Settings [CHAR LIMIT=30]-->
+     <string name="privacy_dashboard_title">Privacy</string>
+     <!-- Summary for the top level Privacy Settings [CHAR LIMIT=NONE]-->
+diff --git a/res/xml/security_dashboard_settings.xml b/res/xml/security_dashboard_settings.xml
+index 25bead6622..d6754c0932 100644
+--- a/res/xml/security_dashboard_settings.xml
++++ b/res/xml/security_dashboard_settings.xml
+@@ -63,6 +63,12 @@
+             android:entries="@array/auto_reboot_entries"
+             android:entryValues="@array/auto_reboot_values" />
+ 
++        <SwitchPreference
++            android:key="native_debug"
++            android:title="@string/native_debug_title"
++            android:summary="@string/native_debug_summary"
++            android:persistent="false" />
++
+         <com.android.settingslib.RestrictedPreference
+             android:key="biometric_settings"
+             android:title="@string/security_settings_biometric_preference_title"
+diff --git a/src/com/android/settings/security/NativeDebugPreferenceController.java b/src/com/android/settings/security/NativeDebugPreferenceController.java
+new file mode 100644
+index 0000000000..9271e6e21c
+--- /dev/null
++++ b/src/com/android/settings/security/NativeDebugPreferenceController.java
+@@ -0,0 +1,106 @@
++/*
++ * Copyright (C) 2020 The Android Open Source Project
++ *
++ * Licensed under the Apache License, Version 2.0 (the "License");
++ * you may not use this file except in compliance with the License.
++ * You may obtain a copy of the License at
++ *
++ *      http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License
++ */
++
++package com.android.settings.security;
++
++import android.content.Context;
++
++import android.os.UserHandle;
++import android.os.UserManager;
++import android.os.SystemProperties;
++
++import android.provider.Settings;
++
++import androidx.preference.Preference;
++import androidx.preference.PreferenceCategory;
++import androidx.preference.PreferenceGroup;
++import androidx.preference.PreferenceScreen;
++import androidx.preference.TwoStatePreference;
++import androidx.preference.SwitchPreference;
++
++import com.android.internal.widget.LockPatternUtils;
++import com.android.settings.core.PreferenceControllerMixin;
++import com.android.settingslib.core.AbstractPreferenceController;
++import com.android.settingslib.core.lifecycle.events.OnResume;
++
++public class NativeDebugPreferenceController extends AbstractPreferenceController
++        implements PreferenceControllerMixin, OnResume, Preference.OnPreferenceChangeListener {
++
++    private static final String SYS_KEY_NATIVE_DEBUG = "persist.native_debug";
++    private static final String PREF_KEY_NATIVE_DEBUG = "native_debug";
++    private static final String PREF_KEY_SECURITY_CATEGORY = "security_category";
++
++    private PreferenceCategory mSecurityCategory;
++    private SwitchPreference mNativeDebug;
++    private boolean mIsAdmin;
++    private UserManager mUm;
++
++    public NativeDebugPreferenceController(Context context) {
++        super(context);
++        mUm = UserManager.get(context);
++    }
++
++    @Override
++    public void displayPreference(PreferenceScreen screen) {
++        super.displayPreference(screen);
++        mSecurityCategory = screen.findPreference(PREF_KEY_SECURITY_CATEGORY);
++        updatePreferenceState();
++    }
++
++    @Override
++    public boolean isAvailable() {
++        mIsAdmin = mUm.isAdminUser();
++        return mIsAdmin;
++    }
++
++    @Override
++    public String getPreferenceKey() {
++        return PREF_KEY_NATIVE_DEBUG;
++    }
++
++    // TODO: should we use onCreatePreferences() instead?
++    private void updatePreferenceState() {
++        if (mSecurityCategory == null) {
++            return;
++        }
++
++        if (mIsAdmin) {
++            mNativeDebug = (SwitchPreference) mSecurityCategory.findPreference(PREF_KEY_NATIVE_DEBUG);
++            mNativeDebug.setChecked(SystemProperties.getBoolean(SYS_KEY_NATIVE_DEBUG, true));
++        } else {
++            mSecurityCategory.removePreference(mSecurityCategory.findPreference(PREF_KEY_NATIVE_DEBUG));
++        }
++    }
++
++    @Override
++    public void onResume() {
++        updatePreferenceState();
++        if (mNativeDebug != null) {
++                boolean mode = mNativeDebug.isChecked();
++                SystemProperties.set(SYS_KEY_NATIVE_DEBUG, Boolean.toString(mode));
++        }
++    }
++
++    @Override
++    public boolean onPreferenceChange(Preference preference, Object value) {
++        final String key = preference.getKey();
++        if (PREF_KEY_NATIVE_DEBUG.equals(key)) {
++            final boolean mode = !mNativeDebug.isChecked();
++            SystemProperties.set(SYS_KEY_NATIVE_DEBUG, Boolean.toString(mode));
++        }
++        return true;
++    }
++}
+diff --git a/src/com/android/settings/security/SecuritySettings.java b/src/com/android/settings/security/SecuritySettings.java
+index c8776749ef..34822e7a3e 100644
+--- a/src/com/android/settings/security/SecuritySettings.java
++++ b/src/com/android/settings/security/SecuritySettings.java
+@@ -123,6 +123,7 @@ public class SecuritySettings extends DashboardFragment {
+                 context, lifecycle));
+         securityPreferenceControllers.add(new ChangeScreenLockPreferenceController(context, host));
+         securityPreferenceControllers.add(new AutoRebootPreferenceController(context));
++        securityPreferenceControllers.add(new NativeDebugPreferenceController(context));
+         controllers.add(new PreferenceCategoryController(context, SECURITY_CATEGORY)
+                 .setChildren(securityPreferenceControllers));
+         controllers.addAll(securityPreferenceControllers);
diff --git a/Patches/LineageOS-19.1/android_packages_apps_Settings/0009-Install_Restrictions.patch b/Patches/LineageOS-19.1/android_packages_apps_Settings/0009-Install_Restrictions.patch
new file mode 100644
index 00000000..fb326849
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_packages_apps_Settings/0009-Install_Restrictions.patch
@@ -0,0 +1,140 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: flawedworld <flawedworld@flawed.world>
+Date: Wed, 1 Sep 2021 20:36:10 +0000
+Subject: [PATCH] UserManager app installation restrictions
+
+---
+ res/values/strings.xml                        |  2 +
+ res/xml/user_details_settings.xml             |  4 ++
+ .../settings/users/UserDetailsSettings.java   | 43 ++++++++++++++++---
+ 3 files changed, 44 insertions(+), 5 deletions(-)
+
+diff --git a/res/values/strings.xml b/res/values/strings.xml
+index 19d4cdec54..970533145b 100644
+--- a/res/values/strings.xml
++++ b/res/values/strings.xml
+@@ -7737,6 +7737,8 @@
+     <string name="user_enable_calling">Turn on phone calls</string>
+     <!-- Title of preference to enable calling and SMS [CHAR LIMIT=45] -->
+     <string name="user_enable_calling_sms">Turn on phone calls &amp; SMS</string>
++    <!-- Title of preference to disallow installing apps [CHAR LIMIT=45] -->
++    <string name="user_disallow_install_apps">Disallow installing apps</string>
+     <!-- Title of preference to remove the user [CHAR LIMIT=35] -->
+     <string name="user_remove_user">Delete user</string>
+     <!-- Title for confirmation of turning on calls [CHAR LIMIT=40] -->
+diff --git a/res/xml/user_details_settings.xml b/res/xml/user_details_settings.xml
+index 9280ff1163..d0a055fae2 100644
+--- a/res/xml/user_details_settings.xml
++++ b/res/xml/user_details_settings.xml
+@@ -29,6 +29,10 @@
+             android:key="app_and_content_access"
+             android:icon="@drawable/ic_lock_closed"
+             android:title="@string/user_restrictions_title" />
++    <SwitchPreference
++            android:icon="@drawable/ic_settings_install"
++            android:key="disallow_install_apps"
++            android:title="@string/user_disallow_install_apps" />
+     <com.android.settingslib.RestrictedPreference
+             android:key="remove_user"
+             android:icon="@drawable/ic_delete"
+diff --git a/src/com/android/settings/users/UserDetailsSettings.java b/src/com/android/settings/users/UserDetailsSettings.java
+index ce186f2134..0b70fa2704 100644
+--- a/src/com/android/settings/users/UserDetailsSettings.java
++++ b/src/com/android/settings/users/UserDetailsSettings.java
+@@ -62,6 +62,7 @@ public class UserDetailsSettings extends SettingsPreferenceFragment
+     private static final String KEY_ENABLE_TELEPHONY = "enable_calling";
+     private static final String KEY_REMOVE_USER = "remove_user";
+     private static final String KEY_APP_AND_CONTENT_ACCESS = "app_and_content_access";
++    private static final String KEY_DISALLOW_INSTALL_APPS = "disallow_install_apps";
+ 
+     /** Integer extra containing the userId to manage */
+     static final String EXTRA_USER_ID = "user_id";
+@@ -85,6 +86,7 @@ public class UserDetailsSettings extends SettingsPreferenceFragment
+     Preference mAppAndContentAccessPref;
+     @VisibleForTesting
+     Preference mRemoveUserPref;
++    private SwitchPreference mInstallAppsPref;
+ 
+     @VisibleForTesting
+     UserInfo mUserInfo;
+@@ -148,12 +150,37 @@ public class UserDetailsSettings extends SettingsPreferenceFragment
+ 
+     @Override
+     public boolean onPreferenceChange(Preference preference, Object newValue) {
+-        if (Boolean.TRUE.equals(newValue)) {
+-            showDialog(mUserInfo.isGuest() ? DIALOG_CONFIRM_ENABLE_CALLING
+-                    : DIALOG_CONFIRM_ENABLE_CALLING_AND_SMS);
+-            return false;
++        if (preference == mPhonePref) {
++            if (Boolean.TRUE.equals(newValue)) {
++                showDialog(mUserInfo.isGuest() ? DIALOG_CONFIRM_ENABLE_CALLING
++                        : DIALOG_CONFIRM_ENABLE_CALLING_AND_SMS);
++                return false;
++            }
++            enableCallsAndSms(false);
++        } else if (preference == mInstallAppsPref) {
++            if (mUserInfo.isGuest()) {
++                mDefaultGuestRestrictions.putBoolean(UserManager.DISALLOW_INSTALL_APPS, (Boolean) newValue);
++                mUserManager.setDefaultGuestRestrictions(mDefaultGuestRestrictions);
++
++                // Update the guest's restrictions, if there is a guest
++                // TODO: Maybe setDefaultGuestRestrictions() can internally just set the restrictions
++                // on any existing guest rather than do it here with multiple Binder calls.
++                List<UserInfo> users = mUserManager.getUsers(true);
++                for (UserInfo user: users) {
++                    if (user.isGuest()) {
++                        UserHandle userHandle = UserHandle.of(user.id);
++                        for (String key : mDefaultGuestRestrictions.keySet()) {
++                            mUserManager.setUserRestriction(
++                                    key, mDefaultGuestRestrictions.getBoolean(key), userHandle);
++                        }
++                    }
++                }
++            } else {
++                UserHandle userHandle = UserHandle.of(mUserInfo.id);
++                mUserManager.setUserRestriction(UserManager.DISALLOW_INSTALL_APPS, (Boolean) newValue,
++                        userHandle);
++            }
+         }
+-        enableCallsAndSms(false);
+         return true;
+     }
+ 
+@@ -241,6 +268,7 @@ public class UserDetailsSettings extends SettingsPreferenceFragment
+         mPhonePref = findPreference(KEY_ENABLE_TELEPHONY);
+         mRemoveUserPref = findPreference(KEY_REMOVE_USER);
+         mAppAndContentAccessPref = findPreference(KEY_APP_AND_CONTENT_ACCESS);
++        mInstallAppsPref = findPreference(KEY_DISALLOW_INSTALL_APPS);
+ 
+         mSwitchUserPref.setTitle(
+                 context.getString(com.android.settingslib.R.string.user_switch_to_user,
+@@ -258,6 +286,7 @@ public class UserDetailsSettings extends SettingsPreferenceFragment
+             removePreference(KEY_ENABLE_TELEPHONY);
+             removePreference(KEY_REMOVE_USER);
+             removePreference(KEY_APP_AND_CONTENT_ACCESS);
++            removePreference(KEY_DISALLOW_INSTALL_APPS);
+         } else {
+             if (!Utils.isVoiceCapable(context)) { // no telephony
+                 removePreference(KEY_ENABLE_TELEPHONY);
+@@ -288,10 +317,13 @@ public class UserDetailsSettings extends SettingsPreferenceFragment
+                 if (mGuestUserAutoCreated) {
+                     mRemoveUserPref.setEnabled((mUserInfo.flags & UserInfo.FLAG_INITIALIZED) != 0);
+                 }
++                removePreference(KEY_DISALLOW_INSTALL_APPS);
+             } else {
+                 mPhonePref.setChecked(!mUserManager.hasUserRestriction(
+                         UserManager.DISALLOW_OUTGOING_CALLS, new UserHandle(userId)));
+                 mRemoveUserPref.setTitle(R.string.user_remove_user);
++                mInstallAppsPref.setChecked(mUserManager.hasUserRestriction(
++                        UserManager.DISALLOW_INSTALL_APPS, new UserHandle(userId)));
+             }
+             if (RestrictedLockUtilsInternal.hasBaseUserRestriction(context,
+                     UserManager.DISALLOW_REMOVE_USER, UserHandle.myUserId())) {
+@@ -301,6 +333,7 @@ public class UserDetailsSettings extends SettingsPreferenceFragment
+             mRemoveUserPref.setOnPreferenceClickListener(this);
+             mPhonePref.setOnPreferenceChangeListener(this);
+             mAppAndContentAccessPref.setOnPreferenceClickListener(this);
++            mInstallAppsPref.setOnPreferenceChangeListener(this);
+         }
+     }
+ 
diff --git a/Patches/LineageOS-19.1/android_packages_apps_Settings/0010-exec_spawning_toggle.patch b/Patches/LineageOS-19.1/android_packages_apps_Settings/0010-exec_spawning_toggle.patch
new file mode 100644
index 00000000..639386f0
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_packages_apps_Settings/0010-exec_spawning_toggle.patch
@@ -0,0 +1,168 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Sat, 26 Mar 2022 20:35:37 -0400
+Subject: [PATCH] add exec spawning toggle
+
+---
+ res/values/strings.xml                        |   3 +
+ res/xml/security_dashboard_settings.xml       |   6 +
+ .../ExecSpawnPreferenceController.java        | 106 ++++++++++++++++++
+ .../settings/security/SecuritySettings.java   |   1 +
+ 4 files changed, 116 insertions(+)
+ create mode 100644 src/com/android/settings/security/ExecSpawnPreferenceController.java
+
+diff --git a/res/values/strings.xml b/res/values/strings.xml
+index 86fca902ec..19d4cdec54 100644
+--- a/res/values/strings.xml
++++ b/res/values/strings.xml
+@@ -13109,6 +13109,9 @@
+     <!-- UI debug setting: Force enable "smart dark" UI rendering feature summary [CHAR LIMIT=NONE] -->
+     <string name="hwui_force_dark_summary">Overrides the force-dark feature to be always-on</string>
+ 
++    <string name="exec_spawn_title">Enable secure app spawning</string>
++    <string name="exec_spawn_summary">Launch apps in a more secure way than Android which takes slightly longer and increases memory usage by app processes.</string>
++
+     <string name="native_debug_title">Enable native code debugging</string>
+     <string name="native_debug_summary">Generate useful logs / bug reports from crashes and permit debugging native code.</string>
+ 
+diff --git a/res/xml/security_dashboard_settings.xml b/res/xml/security_dashboard_settings.xml
+index d6754c0932..20f0d4df5b 100644
+--- a/res/xml/security_dashboard_settings.xml
++++ b/res/xml/security_dashboard_settings.xml
+@@ -63,6 +63,12 @@
+             android:entries="@array/auto_reboot_entries"
+             android:entryValues="@array/auto_reboot_values" />
+ 
++        <SwitchPreference
++            android:key="exec_spawn"
++            android:title="@string/exec_spawn_title"
++            android:summary="@string/exec_spawn_summary"
++            android:persistent="false" />
++
+         <SwitchPreference
+             android:key="native_debug"
+             android:title="@string/native_debug_title"
+diff --git a/src/com/android/settings/security/ExecSpawnPreferenceController.java b/src/com/android/settings/security/ExecSpawnPreferenceController.java
+new file mode 100644
+index 0000000000..78f021210a
+--- /dev/null
++++ b/src/com/android/settings/security/ExecSpawnPreferenceController.java
+@@ -0,0 +1,106 @@
++/*
++ * Copyright (C) 2022 The Android Open Source Project
++ *
++ * Licensed under the Apache License, Version 2.0 (the "License");
++ * you may not use this file except in compliance with the License.
++ * You may obtain a copy of the License at
++ *
++ *      http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License
++ */
++
++package com.android.settings.security;
++
++import android.content.Context;
++
++import android.os.UserHandle;
++import android.os.UserManager;
++import android.os.SystemProperties;
++
++import android.provider.Settings;
++
++import androidx.preference.Preference;
++import androidx.preference.PreferenceCategory;
++import androidx.preference.PreferenceGroup;
++import androidx.preference.PreferenceScreen;
++import androidx.preference.TwoStatePreference;
++import androidx.preference.SwitchPreference;
++
++import com.android.internal.widget.LockPatternUtils;
++import com.android.settings.core.PreferenceControllerMixin;
++import com.android.settingslib.core.AbstractPreferenceController;
++import com.android.settingslib.core.lifecycle.events.OnResume;
++
++public class ExecSpawnPreferenceController extends AbstractPreferenceController
++        implements PreferenceControllerMixin, OnResume, Preference.OnPreferenceChangeListener {
++
++    private static final String SYS_KEY_EXEC_SPAWN = "persist.security.exec_spawn";
++    private static final String PREF_KEY_EXEC_SPAWN = "exec_spawn";
++    private static final String PREF_KEY_SECURITY_CATEGORY = "security_category";
++
++    private PreferenceCategory mSecurityCategory;
++    private SwitchPreference mExecSpawn;
++    private boolean mIsAdmin;
++    private UserManager mUm;
++
++    public ExecSpawnPreferenceController(Context context) {
++        super(context);
++        mUm = UserManager.get(context);
++    }
++
++    @Override
++    public void displayPreference(PreferenceScreen screen) {
++        super.displayPreference(screen);
++        mSecurityCategory = screen.findPreference(PREF_KEY_SECURITY_CATEGORY);
++        updatePreferenceState();
++    }
++
++    @Override
++    public boolean isAvailable() {
++        mIsAdmin = mUm.isAdminUser();
++        return mIsAdmin;
++    }
++
++    @Override
++    public String getPreferenceKey() {
++        return PREF_KEY_EXEC_SPAWN;
++    }
++
++    // TODO: should we use onCreatePreferences() instead?
++    private void updatePreferenceState() {
++        if (mSecurityCategory == null) {
++            return;
++        }
++
++        if (mIsAdmin) {
++            mExecSpawn = (SwitchPreference) mSecurityCategory.findPreference(PREF_KEY_EXEC_SPAWN);
++            mExecSpawn.setChecked(SystemProperties.getBoolean(SYS_KEY_EXEC_SPAWN, true));
++        } else {
++            mSecurityCategory.removePreference(mSecurityCategory.findPreference(PREF_KEY_EXEC_SPAWN));
++        }
++    }
++
++    @Override
++    public void onResume() {
++        updatePreferenceState();
++        if (mExecSpawn != null) {
++                boolean mode = mExecSpawn.isChecked();
++                SystemProperties.set(SYS_KEY_EXEC_SPAWN, Boolean.toString(mode));
++        }
++    }
++
++    @Override
++    public boolean onPreferenceChange(Preference preference, Object value) {
++        final String key = preference.getKey();
++        if (PREF_KEY_EXEC_SPAWN.equals(key)) {
++            final boolean mode = !mExecSpawn.isChecked();
++            SystemProperties.set(SYS_KEY_EXEC_SPAWN, Boolean.toString(mode));
++        }
++        return true;
++    }
++}
+diff --git a/src/com/android/settings/security/SecuritySettings.java b/src/com/android/settings/security/SecuritySettings.java
+index 34822e7a3e..a940165bed 100644
+--- a/src/com/android/settings/security/SecuritySettings.java
++++ b/src/com/android/settings/security/SecuritySettings.java
+@@ -123,6 +123,7 @@ public class SecuritySettings extends DashboardFragment {
+                 context, lifecycle));
+         securityPreferenceControllers.add(new ChangeScreenLockPreferenceController(context, host));
+         securityPreferenceControllers.add(new AutoRebootPreferenceController(context));
++        securityPreferenceControllers.add(new ExecSpawnPreferenceController(context));
+         securityPreferenceControllers.add(new NativeDebugPreferenceController(context));
+         controllers.add(new PreferenceCategoryController(context, SECURITY_CATEGORY)
+                 .setChildren(securityPreferenceControllers));
diff --git a/Patches/LineageOS-19.1/android_packages_apps_Settings/0011-Random_MAC.patch b/Patches/LineageOS-19.1/android_packages_apps_Settings/0011-Random_MAC.patch
new file mode 100644
index 00000000..fa194acb
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_packages_apps_Settings/0011-Random_MAC.patch
@@ -0,0 +1,145 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: renlord <me@renlord.com>
+Date: Fri, 15 Oct 2021 20:02:51 +0530
+Subject: [PATCH] add option to always randomize MAC RANDOMIZATION_ALWAYS is
+ set as the default option
+
+---
+ res/layout/wifi_dialog.xml                    |  2 +-
+ res/values/arrays.xml                         |  7 +++++
+ res/xml/wifi_network_details_fragment2.xml    |  2 +-
+ .../WifiDetailPreferenceController2.java      |  2 +-
+ .../WifiPrivacyPreferenceController2.java     | 28 +++++++++++++++----
+ 5 files changed, 32 insertions(+), 9 deletions(-)
+
+diff --git a/res/layout/wifi_dialog.xml b/res/layout/wifi_dialog.xml
+index 8111d3aaa9..de57fb3525 100644
+--- a/res/layout/wifi_dialog.xml
++++ b/res/layout/wifi_dialog.xml
+@@ -694,7 +694,7 @@
+                          android:layout_height="wrap_content"
+                          style="@style/wifi_item_spinner"
+                          android:prompt="@string/wifi_privacy_settings"
+-                         android:entries="@array/wifi_privacy_entries"/>
++                         android:entries="@array/wifi_privacy_entries_extended"/>
+             </LinearLayout>
+ 
+             <LinearLayout
+diff --git a/res/values/arrays.xml b/res/values/arrays.xml
+index a474c3bde0..dffc6daf07 100644
+--- a/res/values/arrays.xml
++++ b/res/values/arrays.xml
+@@ -1397,6 +1397,12 @@
+         <item>Treat as unmetered</item>
+     </string-array>
+ 
++    <string-array name="wifi_privacy_entries_extended">
++        <item>Use per-connection randomized MAC (default)</item>
++        <item>Use per-network randomized MAC</item>
++        <item>Use device MAC</item>
++    </string-array>
++
+     <string-array name="wifi_privacy_entries">
+         <item>Use randomized MAC (default)</item>
+         <item>Use device MAC</item>
+@@ -1414,6 +1420,7 @@
+     </string-array>
+ 
+     <string-array name="wifi_privacy_values" translatable="false">
++        <item>100</item>
+         <item>1</item>
+         <item>0</item>
+     </string-array>
+diff --git a/res/xml/wifi_network_details_fragment2.xml b/res/xml/wifi_network_details_fragment2.xml
+index 1c4fe9147a..191b4f80ae 100644
+--- a/res/xml/wifi_network_details_fragment2.xml
++++ b/res/xml/wifi_network_details_fragment2.xml
+@@ -69,7 +69,7 @@
+         android:key="privacy"
+         android:icon="@drawable/ic_wifi_privacy_24dp"
+         android:title="@string/wifi_privacy_settings"
+-        android:entries="@array/wifi_privacy_entries"
++        android:entries="@array/wifi_privacy_entries_extended"
+         android:entryValues="@array/wifi_privacy_values"/>
+ 
+     <Preference
+diff --git a/src/com/android/settings/wifi/details2/WifiDetailPreferenceController2.java b/src/com/android/settings/wifi/details2/WifiDetailPreferenceController2.java
+index f9d0db07b2..5f46d9b71e 100644
+--- a/src/com/android/settings/wifi/details2/WifiDetailPreferenceController2.java
++++ b/src/com/android/settings/wifi/details2/WifiDetailPreferenceController2.java
+@@ -799,7 +799,7 @@ public class WifiDetailPreferenceController2 extends AbstractPreferenceControlle
+     }
+ 
+     private int getMacAddressTitle() {
+-        if (mWifiEntry.getPrivacy() == WifiEntry.PRIVACY_RANDOMIZED_MAC) {
++        if (mWifiEntry.getPrivacy() != WifiEntry.PRIVACY_DEVICE_MAC) {
+             return mWifiEntry.getConnectedState() == WifiEntry.CONNECTED_STATE_CONNECTED
+                     ? R.string.wifi_advanced_randomized_mac_address_title
+                     : R.string.wifi_advanced_randomized_mac_address_disconnected_title;
+diff --git a/src/com/android/settings/wifi/details2/WifiPrivacyPreferenceController2.java b/src/com/android/settings/wifi/details2/WifiPrivacyPreferenceController2.java
+index c484922564..d0b98b6086 100644
+--- a/src/com/android/settings/wifi/details2/WifiPrivacyPreferenceController2.java
++++ b/src/com/android/settings/wifi/details2/WifiPrivacyPreferenceController2.java
+@@ -42,6 +42,10 @@ public class WifiPrivacyPreferenceController2 extends BasePreferenceController i
+     private WifiEntry mWifiEntry;
+     private Preference mPreference;
+ 
++    private static final int PREF_RANDOMIZATION_ALWAYS = 0;
++    private static final int PREF_RANDOMIZATION_PERSISTENT = 1;
++    private static final int PREF_RANDOMIZATION_NONE = 2;
++
+     public WifiPrivacyPreferenceController2(Context context) {
+         super(context, KEY_WIFI_PRIVACY);
+ 
+@@ -99,8 +103,6 @@ public class WifiPrivacyPreferenceController2 extends BasePreferenceController i
+         return mWifiEntry.getPrivacy();
+     }
+ 
+-    private static final int PREF_RANDOMIZATION_PERSISTENT = 0;
+-    private static final int PREF_RANDOMIZATION_NONE = 1;
+ 
+     /**
+      * Returns preference index value.
+@@ -109,8 +111,14 @@ public class WifiPrivacyPreferenceController2 extends BasePreferenceController i
+      * @return index value of preference
+      */
+     public static int translateMacRandomizedValueToPrefValue(int macRandomized) {
+-        return (macRandomized == WifiEntry.PRIVACY_RANDOMIZED_MAC)
+-            ? PREF_RANDOMIZATION_PERSISTENT : PREF_RANDOMIZATION_NONE;
++        switch (macRandomized) {
++            case WifiEntry.PRIVACY_RANDOMIZED_MAC:
++                return PREF_RANDOMIZATION_PERSISTENT;
++            case WifiEntry.PRIVACY_DEVICE_MAC:
++                return PREF_RANDOMIZATION_NONE;
++            default:
++                return PREF_RANDOMIZATION_ALWAYS;
++        }
+     }
+ 
+     /**
+@@ -120,8 +128,14 @@ public class WifiPrivacyPreferenceController2 extends BasePreferenceController i
+      * @return mac randomized value
+      */
+     public static int translatePrefValueToMacRandomizedValue(int prefMacRandomized) {
+-        return (prefMacRandomized == PREF_RANDOMIZATION_PERSISTENT)
+-            ? WifiEntry.PRIVACY_RANDOMIZED_MAC : WifiEntry.PRIVACY_DEVICE_MAC;
++        switch (prefMacRandomized) {
++            case PREF_RANDOMIZATION_PERSISTENT:
++                return WifiEntry.PRIVACY_RANDOMIZED_MAC;
++            case PREF_RANDOMIZATION_NONE:
++                return WifiEntry.PRIVACY_DEVICE_MAC;
++            default:
++                return WifiEntry.PRIVACY_RANDOMIZATION_ALWAYS;
++        }
+     }
+ 
+     private void updateSummary(DropDownPreference preference, int macRandomized) {
+@@ -151,6 +165,8 @@ public class WifiPrivacyPreferenceController2 extends BasePreferenceController i
+                 return WifiEntry.PRIVACY_DEVICE_MAC;
+             case WifiConfiguration.RANDOMIZATION_PERSISTENT:
+                 return WifiEntry.PRIVACY_RANDOMIZED_MAC;
++            case WifiConfiguration.RANDOMIZATION_ALWAYS:
++                return WifiEntry.PRIVACY_RANDOMIZATION_ALWAYS;
+             default:
+                 return WifiEntry.PRIVACY_UNKNOWN;
+         }
diff --git a/Patches/LineageOS-19.1/android_packages_apps_SetupWizard/0001-Remove_Analytics.patch b/Patches/LineageOS-19.1/android_packages_apps_SetupWizard/0001-Remove_Analytics.patch
new file mode 100644
index 00000000..defe9bf3
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_packages_apps_SetupWizard/0001-Remove_Analytics.patch
@@ -0,0 +1,178 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Tad <tad@spotco.us>
+Date: Fri, 3 Sep 2021 08:52:48 -0400
+Subject: [PATCH] Remove analytics
+
+Change-Id: I044dd6b137b8a1d4a6dde3a63c0aaa454309341f
+---
+ res/layout/setup_lineage_settings.xml         | 29 -----------------
+ .../lineageos/setupwizard/FinishActivity.java | 13 --------
+ .../setupwizard/LineageSettingsActivity.java  | 32 -------------------
+ .../lineageos/setupwizard/SetupWizardApp.java |  1 -
+ 4 files changed, 75 deletions(-)
+
+diff --git a/res/layout/setup_lineage_settings.xml b/res/layout/setup_lineage_settings.xml
+index 5d206e4..db3594a 100644
+--- a/res/layout/setup_lineage_settings.xml
++++ b/res/layout/setup_lineage_settings.xml
+@@ -45,35 +45,6 @@
+                     android:layout_width="match_parent"
+                     android:layout_height="match_parent">
+ 
+-                    <!-- Whether or not to enable metrics -->
+-                    <LinearLayout
+-                        android:id="@+id/metrics"
+-                        android:orientation="horizontal"
+-                        android:layout_width="match_parent"
+-                        android:layout_height="wrap_content"
+-                        android:paddingLeft="@dimen/location_margin_left"
+-                        android:paddingRight="@dimen/content_margin_right"
+-                        android:background="?android:attr/selectableItemBackground"
+-                        android:clickable="true">
+-
+-
+-                        <CheckBox
+-                            android:id="@+id/enable_metrics_checkbox"
+-                            android:layout_width="wrap_content"
+-                            android:layout_height="wrap_content"
+-                            android:duplicateParentState="true"
+-                            android:clickable="false"
+-                            style="@style/SudCheckBox.Multiline" />
+-
+-                        <TextView
+-                            android:id="@+id/enable_metrics_summary"
+-                            android:layout_width="wrap_content"
+-                            android:layout_height="wrap_content"
+-                            android:text="@string/services_metrics_label"
+-                            style="@style/SudCheckBox.Multiline" />
+-
+-                    </LinearLayout>
+-
+                     <!-- Checkbox for using on-screen nav keys -->
+                     <LinearLayout
+                         android:id="@+id/nav_keys"
+diff --git a/src/org/lineageos/setupwizard/FinishActivity.java b/src/org/lineageos/setupwizard/FinishActivity.java
+index 95e3166..0a07369 100644
+--- a/src/org/lineageos/setupwizard/FinishActivity.java
++++ b/src/org/lineageos/setupwizard/FinishActivity.java
+@@ -26,7 +26,6 @@ import static org.lineageos.setupwizard.Manifest.permission.FINISH_SETUP;
+ import static org.lineageos.setupwizard.SetupWizardApp.ACTION_SETUP_COMPLETE;
+ import static org.lineageos.setupwizard.SetupWizardApp.DISABLE_NAV_KEYS;
+ import static org.lineageos.setupwizard.SetupWizardApp.ENABLE_RECOVERY_UPDATE;
+-import static org.lineageos.setupwizard.SetupWizardApp.KEY_SEND_METRICS;
+ import static org.lineageos.setupwizard.SetupWizardApp.LOGV;
+ import static org.lineageos.setupwizard.SetupWizardApp.NAVIGATION_OPTION_KEY;
+ import static org.lineageos.setupwizard.SetupWizardApp.UPDATE_RECOVERY_PROP;
+@@ -175,7 +174,6 @@ public class FinishActivity extends BaseSetupWizardActivity {
+     }
+ 
+     private void completeSetup() {
+-        handleEnableMetrics(mSetupWizardApp);
+         handleNavKeys(mSetupWizardApp);
+         handleRecoveryUpdate(mSetupWizardApp);
+         handleNavigationOption(mSetupWizardApp);
+@@ -189,17 +187,6 @@ public class FinishActivity extends BaseSetupWizardActivity {
+         startActivityForResult(intent, NEXT_REQUEST);
+     }
+ 
+-    private static void handleEnableMetrics(SetupWizardApp setupWizardApp) {
+-        Bundle privacyData = setupWizardApp.getSettingsBundle();
+-        if (privacyData != null
+-                && privacyData.containsKey(KEY_SEND_METRICS)) {
+-            LineageSettings.Secure.putInt(setupWizardApp.getContentResolver(),
+-                    LineageSettings.Secure.STATS_COLLECTION,
+-                    privacyData.getBoolean(KEY_SEND_METRICS)
+-                            ? 1 : 0);
+-        }
+-    }
+-
+     private static void handleNavKeys(SetupWizardApp setupWizardApp) {
+         if (setupWizardApp.getSettingsBundle().containsKey(DISABLE_NAV_KEYS)) {
+             writeDisableNavkeysOption(setupWizardApp,
+diff --git a/src/org/lineageos/setupwizard/LineageSettingsActivity.java b/src/org/lineageos/setupwizard/LineageSettingsActivity.java
+index ace417f..5f77401 100644
+--- a/src/org/lineageos/setupwizard/LineageSettingsActivity.java
++++ b/src/org/lineageos/setupwizard/LineageSettingsActivity.java
+@@ -18,7 +18,6 @@
+ package org.lineageos.setupwizard;
+ 
+ import static org.lineageos.setupwizard.SetupWizardApp.DISABLE_NAV_KEYS;
+-import static org.lineageos.setupwizard.SetupWizardApp.KEY_SEND_METRICS;
+ 
+ import android.app.Activity;
+ import android.content.Context;
+@@ -50,17 +49,10 @@ public class LineageSettingsActivity extends BaseSetupWizardActivity {
+ 
+     private SetupWizardApp mSetupWizardApp;
+ 
+-    private CheckBox mMetrics;
+     private CheckBox mNavKeys;
+ 
+     private boolean mSupportsKeyDisabler = false;
+ 
+-    private final View.OnClickListener mMetricsClickListener = view -> {
+-        boolean checked = !mMetrics.isChecked();
+-        mMetrics.setChecked(checked);
+-        mSetupWizardApp.getSettingsBundle().putBoolean(KEY_SEND_METRICS, checked);
+-    };
+-
+     private final View.OnClickListener mNavKeysClickListener = view -> {
+         boolean checked = !mNavKeys.isChecked();
+         mNavKeys.setChecked(checked);
+@@ -80,20 +72,6 @@ public class LineageSettingsActivity extends BaseSetupWizardActivity {
+                 privacyPolicy, policySummary);
+         getGlifLayout().setDescriptionText(servicesFullDescription);
+ 
+-        View metricsRow = findViewById(R.id.metrics);
+-        metricsRow.setOnClickListener(mMetricsClickListener);
+-        metricsRow.requestFocus();
+-        String metricsHelpImproveLineage =
+-                getString(R.string.services_help_improve_cm, os_name);
+-        String metricsSummary = getString(R.string.services_metrics_label,
+-                metricsHelpImproveLineage, os_name, os_name);
+-        final SpannableStringBuilder metricsSpan = new SpannableStringBuilder(metricsSummary);
+-        metricsSpan.setSpan(new android.text.style.StyleSpan(android.graphics.Typeface.BOLD),
+-                0, metricsHelpImproveLineage.length(), Spannable.SPAN_EXCLUSIVE_EXCLUSIVE);
+-        TextView metrics = (TextView) findViewById(R.id.enable_metrics_summary);
+-        metrics.setText(metricsSpan);
+-        mMetrics = (CheckBox) findViewById(R.id.enable_metrics_checkbox);
+-
+         View navKeysRow = findViewById(R.id.nav_keys);
+         navKeysRow.setOnClickListener(mNavKeysClickListener);
+         mNavKeys = (CheckBox) findViewById(R.id.nav_keys_checkbox);
+@@ -110,7 +88,6 @@ public class LineageSettingsActivity extends BaseSetupWizardActivity {
+     public void onResume() {
+         super.onResume();
+         updateDisableNavkeysOption();
+-        updateMetricsOption();
+     }
+ 
+     @Override
+@@ -134,15 +111,6 @@ public class LineageSettingsActivity extends BaseSetupWizardActivity {
+         return R.drawable.ic_features;
+     }
+ 
+-    private void updateMetricsOption() {
+-        final Bundle myPageBundle = mSetupWizardApp.getSettingsBundle();
+-        boolean metricsChecked =
+-                !myPageBundle.containsKey(KEY_SEND_METRICS) || myPageBundle
+-                        .getBoolean(KEY_SEND_METRICS);
+-        mMetrics.setChecked(metricsChecked);
+-        myPageBundle.putBoolean(KEY_SEND_METRICS, metricsChecked);
+-    }
+-
+     private void updateDisableNavkeysOption() {
+         if (mSupportsKeyDisabler) {
+             final Bundle myPageBundle = mSetupWizardApp.getSettingsBundle();
+diff --git a/src/org/lineageos/setupwizard/SetupWizardApp.java b/src/org/lineageos/setupwizard/SetupWizardApp.java
+index dcfe3bc..9466815 100644
+--- a/src/org/lineageos/setupwizard/SetupWizardApp.java
++++ b/src/org/lineageos/setupwizard/SetupWizardApp.java
+@@ -60,7 +60,6 @@ public class SetupWizardApp extends Application {
+     public static final String EXTRA_ENABLE_NEXT_ON_CONNECT = "wifi_enable_next_on_connect";
+ 
+     public static final String KEY_DETECT_CAPTIVE_PORTAL = "captive_portal_detection_enabled";
+-    public static final String KEY_SEND_METRICS = "send_metrics";
+     public static final String DISABLE_NAV_KEYS = "disable_nav_keys";
+     public static final String ENABLE_RECOVERY_UPDATE = "enable_recovery_update";
+     public static final String UPDATE_RECOVERY_PROP = "persist.vendor.recovery_update";
diff --git a/Patches/LineageOS-19.1/android_packages_apps_Updater/0001-Server.patch b/Patches/LineageOS-19.1/android_packages_apps_Updater/0001-Server.patch
new file mode 100644
index 00000000..374e514a
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_packages_apps_Updater/0001-Server.patch
@@ -0,0 +1,33 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Tad <tad@spotco.us>
+Date: Thu, 20 Sep 2018 16:43:46 -0400
+Subject: [PATCH] Switch to our update server
+
+Change-Id: I26dc2942736cf0cfe4e7b92ddfdd04b9d74dbae5
+---
+ src/org/lineageos/updater/misc/Utils.java | 11 ++---------
+ 1 file changed, 2 insertions(+), 9 deletions(-)
+
+diff --git a/src/org/lineageos/updater/misc/Utils.java b/src/org/lineageos/updater/misc/Utils.java
+index 79ded8f..69a5252 100644
+--- a/src/org/lineageos/updater/misc/Utils.java
++++ b/src/org/lineageos/updater/misc/Utils.java
+@@ -153,16 +153,9 @@ public class Utils {
+         String incrementalVersion = SystemProperties.get(Constants.PROP_BUILD_VERSION_INCREMENTAL);
+         String device = SystemProperties.get(Constants.PROP_NEXT_DEVICE,
+                 SystemProperties.get(Constants.PROP_DEVICE));
+-        String type = SystemProperties.get(Constants.PROP_RELEASE_TYPE).toLowerCase(Locale.ROOT);
++        String server = "0OTA_SERVER_CLEARNET0";
+ 
+-        String serverUrl = SystemProperties.get(Constants.PROP_UPDATER_URI);
+-        if (serverUrl.trim().isEmpty()) {
+-            serverUrl = context.getString(R.string.updater_server_url);
+-        }
+-
+-        return serverUrl.replace("{device}", device)
+-                .replace("{type}", type)
+-                .replace("{incr}", incrementalVersion);
++        return server + "?base=LineageOS&device=" + device + "&inc=" + incrementalVersion;
+     }
+ 
+     public static String getUpgradeBlockedURL(Context context) {
diff --git a/Patches/LineageOS-19.1/android_packages_apps_Updater/0002-Tor_Support.patch b/Patches/LineageOS-19.1/android_packages_apps_Updater/0002-Tor_Support.patch
new file mode 100644
index 00000000..6162627e
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_packages_apps_Updater/0002-Tor_Support.patch
@@ -0,0 +1,397 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Tad <tad@spotco.us>
+Date: Thu, 20 Sep 2018 21:44:53 -0400
+Subject: [PATCH] Add support for routing over Tor
+
+Change-Id: Ibfe080c3d801af34fb64fda1b6b8f4f39a2b1ccf
+---
+ AndroidManifest.xml                           |  4 ++
+ res/layout/preferences_dialog.xml             |  8 +++
+ res/values/strings.xml                        |  2 +
+ .../lineageos/updater/UpdatesActivity.java    | 12 ++++
+ .../updater/UpdatesCheckReceiver.java         |  4 ++
+ .../updater/controller/UpdaterController.java |  8 +++
+ .../updater/download/DownloadClient.java      |  8 ++-
+ .../download/HttpURLConnectionClient.java     | 27 ++++++--
+ src/org/lineageos/updater/misc/Constants.java |  1 +
+ src/org/lineageos/updater/misc/Utils.java     | 65 +++++++++++++++++++
+ 10 files changed, 134 insertions(+), 5 deletions(-)
+
+diff --git a/AndroidManifest.xml b/AndroidManifest.xml
+index 693ded4..91e85a3 100644
+--- a/AndroidManifest.xml
++++ b/AndroidManifest.xml
+@@ -12,6 +12,10 @@
+     <uses-permission android:name="android.permission.START_ACTIVITIES_FROM_BACKGROUND" />
+     <uses-permission android:name="android.permission.WAKE_LOCK" />
+ 
++    <queries>
++        <package android:name="org.torproject.android" />
++    </queries>
++
+     <application
+         android:allowBackup="false"
+         android:icon="@mipmap/ic_launcher"
+diff --git a/res/layout/preferences_dialog.xml b/res/layout/preferences_dialog.xml
+index c586f44..b1536ea 100644
+--- a/res/layout/preferences_dialog.xml
++++ b/res/layout/preferences_dialog.xml
+@@ -29,6 +29,14 @@
+             android:entries="@array/menu_auto_updates_check_interval_entries" />
+     </LinearLayout>
+ 
++    <androidx.appcompat.widget.SwitchCompat
++        android:id="@+id/preferences_onion_routing"
++        android:layout_width="match_parent"
++        android:layout_height="wrap_content"
++        android:layout_marginBottom="16dp"
++        android:text="@string/menu_onion_routing"
++        android:textSize="16sp" />
++
+     <androidx.appcompat.widget.SwitchCompat
+         android:id="@+id/preferences_auto_delete_updates"
+         android:layout_width="match_parent"
+diff --git a/res/values/strings.xml b/res/values/strings.xml
+index bfb2627..916e1e6 100644
+--- a/res/values/strings.xml
++++ b/res/values/strings.xml
+@@ -70,6 +70,7 @@
+     <string name="menu_auto_updates_check_interval_weekly">Once a week</string>
+     <string name="menu_auto_updates_check_interval_monthly">Once a month</string>
+     <string name="menu_auto_updates_check_interval_never">Never</string>
++    <string name="menu_onion_routing">Perform requests over Tor</string>
+     <string name="menu_auto_delete_updates">Delete updates when installed</string>
+     <string name="menu_delete_update">Delete</string>
+     <string name="menu_copy_url">Copy URL</string>
+@@ -87,6 +88,7 @@
+     <string name="snack_download_failed">The download failed. Please check your internet connection and try again later.</string>
+     <string name="snack_download_verification_failed">The update verification failed.</string>
+     <string name="snack_download_verified">Download completed.</string>
++    <string name="snack_orbot_not_available">Orbot is not installed, disabling Tor routing!</string>
+ 
+     <string name="snack_update_not_installable">This update can\'t be installed on top of the current build.</string>
+ 
+diff --git a/src/org/lineageos/updater/UpdatesActivity.java b/src/org/lineageos/updater/UpdatesActivity.java
+index 395e801..7fddc87 100644
+--- a/src/org/lineageos/updater/UpdatesActivity.java
++++ b/src/org/lineageos/updater/UpdatesActivity.java
+@@ -361,10 +361,14 @@ public class UpdatesActivity extends UpdatesListActivity {
+ 
+         final DownloadClient downloadClient;
+         try {
++            if(Utils.isOnionRoutingEnabled(getApplicationContext())) {
++                Utils.requestStartOrbot(getApplicationContext());
++            }
+             downloadClient = new DownloadClient.Builder()
+                     .setUrl(url)
+                     .setDestination(jsonFileTmp)
+                     .setDownloadCallback(callback)
++                    .setUseOnionRouting(Utils.isOnionRoutingEnabled(getApplicationContext()))
+                     .build();
+         } catch (IOException exception) {
+             Log.e(TAG, "Could not build download client");
+@@ -444,6 +448,7 @@ public class UpdatesActivity extends UpdatesListActivity {
+     private void showPreferencesDialog() {
+         View view = LayoutInflater.from(this).inflate(R.layout.preferences_dialog, null);
+         Spinner autoCheckInterval = view.findViewById(R.id.preferences_auto_updates_check_interval);
++        SwitchCompat onionRouting = view.findViewById(R.id.preferences_onion_routing);
+         SwitchCompat autoDelete = view.findViewById(R.id.preferences_auto_delete_updates);
+         SwitchCompat dataWarning = view.findViewById(R.id.preferences_mobile_data_warning);
+         SwitchCompat abPerfMode = view.findViewById(R.id.preferences_ab_perf_mode);
+@@ -455,6 +460,7 @@ public class UpdatesActivity extends UpdatesListActivity {
+ 
+         SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
+         autoCheckInterval.setSelection(Utils.getUpdateCheckSetting(this));
++        onionRouting.setChecked(prefs.getBoolean(Constants.PREF_ONION_ROUTING, false));
+         autoDelete.setChecked(prefs.getBoolean(Constants.PREF_AUTO_DELETE_UPDATES, false));
+         dataWarning.setChecked(prefs.getBoolean(Constants.PREF_MOBILE_DATA_WARNING, true));
+         abPerfMode.setChecked(prefs.getBoolean(Constants.PREF_AB_PERF_MODE, false));
+@@ -494,6 +500,8 @@ public class UpdatesActivity extends UpdatesListActivity {
+                     prefs.edit()
+                             .putInt(Constants.PREF_AUTO_UPDATES_CHECK_INTERVAL,
+                                     autoCheckInterval.getSelectedItemPosition())
++                            .putBoolean(Constants.PREF_ONION_ROUTING,
++                                    onionRouting.isChecked() && Utils.isOrbotInstalled(getApplicationContext()))
+                             .putBoolean(Constants.PREF_AUTO_DELETE_UPDATES, autoDelete.isChecked())
+                             .putBoolean(Constants.PREF_MOBILE_DATA_WARNING, dataWarning.isChecked())
+                             .putBoolean(Constants.PREF_AB_PERF_MODE, abPerfMode.isChecked())
+@@ -506,6 +514,10 @@ public class UpdatesActivity extends UpdatesListActivity {
+                         UpdatesCheckReceiver.cancelUpdatesCheck(this);
+                     }
+ 
++                    if(onionRouting.isChecked() && !Utils.isOrbotInstalled(getApplicationContext())) {
++                        showSnackbar(R.string.snack_orbot_not_available, Snackbar.LENGTH_LONG);
++                    }
++
+                     if (Utils.isABDevice()) {
+                         boolean enableABPerfMode = abPerfMode.isChecked();
+                         mUpdaterService.getUpdaterController().setPerformanceMode(enableABPerfMode);
+diff --git a/src/org/lineageos/updater/UpdatesCheckReceiver.java b/src/org/lineageos/updater/UpdatesCheckReceiver.java
+index 7fa9cd5..962fd00 100644
+--- a/src/org/lineageos/updater/UpdatesCheckReceiver.java
++++ b/src/org/lineageos/updater/UpdatesCheckReceiver.java
+@@ -110,10 +110,14 @@ public class UpdatesCheckReceiver extends BroadcastReceiver {
+         };
+ 
+         try {
++            if(Utils.isOnionRoutingEnabled(context)) {
++                Utils.requestStartOrbot(context);
++            }
+             DownloadClient downloadClient = new DownloadClient.Builder()
+                     .setUrl(url)
+                     .setDestination(jsonNew)
+                     .setDownloadCallback(callback)
++                    .setUseOnionRouting(Utils.isOnionRoutingEnabled(context))
+                     .build();
+             downloadClient.start();
+         } catch (IOException e) {
+diff --git a/src/org/lineageos/updater/controller/UpdaterController.java b/src/org/lineageos/updater/controller/UpdaterController.java
+index 5d7d51a..7ac5f5b 100644
+--- a/src/org/lineageos/updater/controller/UpdaterController.java
++++ b/src/org/lineageos/updater/controller/UpdaterController.java
+@@ -374,12 +374,16 @@ public class UpdaterController {
+         update.setFile(destination);
+         DownloadClient downloadClient;
+         try {
++            if(Utils.isOnionRoutingEnabled(mContext)) {
++                Utils.requestStartOrbot(mContext);
++            }
+             downloadClient = new DownloadClient.Builder()
+                     .setUrl(update.getDownloadUrl())
+                     .setDestination(update.getFile())
+                     .setDownloadCallback(getDownloadCallback(downloadId))
+                     .setProgressListener(getProgressListener(downloadId))
+                     .setUseDuplicateLinks(true)
++                    .setUseOnionRouting(Utils.isOnionRoutingEnabled(mContext))
+                     .build();
+         } catch (IOException exception) {
+             Log.e(TAG, "Could not build download client");
+@@ -419,6 +423,9 @@ public class UpdaterController {
+             verifyUpdateAsync(downloadId);
+             notifyUpdateChange(downloadId);
+         } else {
++            if(Utils.isOnionRoutingEnabled(mContext)) {
++                Utils.requestStartOrbot(mContext);
++            }
+             DownloadClient downloadClient;
+             try {
+                 downloadClient = new DownloadClient.Builder()
+@@ -427,6 +434,7 @@ public class UpdaterController {
+                         .setDownloadCallback(getDownloadCallback(downloadId))
+                         .setProgressListener(getProgressListener(downloadId))
+                         .setUseDuplicateLinks(true)
++                        .setUseOnionRouting(Utils.isOnionRoutingEnabled(mContext))
+                         .build();
+             } catch (IOException exception) {
+                 Log.e(TAG, "Could not build download client");
+diff --git a/src/org/lineageos/updater/download/DownloadClient.java b/src/org/lineageos/updater/download/DownloadClient.java
+index 3494947..7a7f7cf 100644
+--- a/src/org/lineageos/updater/download/DownloadClient.java
++++ b/src/org/lineageos/updater/download/DownloadClient.java
+@@ -60,6 +60,7 @@ public interface DownloadClient {
+         private DownloadClient.DownloadCallback mCallback;
+         private DownloadClient.ProgressListener mProgressListener;
+         private boolean mUseDuplicateLinks;
++        private boolean mOnionRouting;
+ 
+         public DownloadClient build() throws IOException {
+             if (mUrl == null) {
+@@ -70,7 +71,7 @@ public interface DownloadClient {
+                 throw new IllegalStateException("No download callback defined");
+             }
+             return new HttpURLConnectionClient(mUrl, mDestination, mProgressListener, mCallback,
+-                    mUseDuplicateLinks);
++                    mUseDuplicateLinks, mOnionRouting);
+         }
+ 
+         public Builder setUrl(String url) {
+@@ -97,5 +98,10 @@ public interface DownloadClient {
+             mUseDuplicateLinks = useDuplicateLinks;
+             return this;
+         }
++
++        public Builder setUseOnionRouting(boolean onionRouting) {
++            mOnionRouting = onionRouting;
++            return this;
++        }
+     }
+ }
+diff --git a/src/org/lineageos/updater/download/HttpURLConnectionClient.java b/src/org/lineageos/updater/download/HttpURLConnectionClient.java
+index b9c4b5d..b94fff0 100644
+--- a/src/org/lineageos/updater/download/HttpURLConnectionClient.java
++++ b/src/org/lineageos/updater/download/HttpURLConnectionClient.java
+@@ -18,12 +18,16 @@ package org.lineageos.updater.download;
+ import android.os.SystemClock;
+ import android.util.Log;
+ 
++import org.lineageos.updater.misc.Utils;
++
+ import java.io.File;
+ import java.io.FileOutputStream;
+ import java.io.IOException;
+ import java.io.InputStream;
+ import java.io.OutputStream;
+ import java.net.HttpURLConnection;
++import java.net.InetSocketAddress;
++import java.net.Proxy;
+ import java.net.URL;
+ import java.util.Comparator;
+ import java.util.List;
+@@ -42,6 +46,7 @@ public class HttpURLConnectionClient implements DownloadClient {
+     private final DownloadClient.ProgressListener mProgressListener;
+     private final DownloadClient.DownloadCallback mCallback;
+     private final boolean mUseDuplicateLinks;
++    private final boolean mUseOnionRouting;
+ 
+     private DownloadThread mDownloadThread;
+ 
+@@ -56,8 +61,14 @@ public class HttpURLConnectionClient implements DownloadClient {
+     HttpURLConnectionClient(String url, File destination,
+             DownloadClient.ProgressListener progressListener,
+             DownloadClient.DownloadCallback callback,
+-            boolean useDuplicateLinks) throws IOException {
+-        mClient = (HttpURLConnection) new URL(url).openConnection();
++            boolean useDuplicateLinks, boolean useOnionRouting) throws IOException {
++        mUseOnionRouting = useOnionRouting;
++        if(mUseOnionRouting) {
++            Proxy orbot = new Proxy(Proxy.Type.SOCKS, new InetSocketAddress("127.0.0.1", 9050));
++            mClient = (HttpURLConnection) new URL(url).openConnection(orbot);
++        } else {
++            mClient = (HttpURLConnection) new URL(url).openConnection();
++        }
+         mDestination = destination;
+         mProgressListener = progressListener;
+         mCallback = callback;
+@@ -177,7 +188,12 @@ public class HttpURLConnectionClient implements DownloadClient {
+         private void changeClientUrl(URL newUrl) throws IOException {
+             String range = mClient.getRequestProperty("Range");
+             mClient.disconnect();
+-            mClient = (HttpURLConnection) newUrl.openConnection();
++            if(mUseOnionRouting) {
++                Proxy orbot = new Proxy(Proxy.Type.SOCKS, new InetSocketAddress("127.0.0.1", 9050));
++                mClient = (HttpURLConnection) newUrl.openConnection(orbot);
++            } else {
++                mClient = (HttpURLConnection) newUrl.openConnection();
++            }
+             if (range != null) {
+                 mClient.setRequestProperty("Range", range);
+             }
+@@ -232,7 +248,7 @@ public class HttpURLConnectionClient implements DownloadClient {
+                     }
+                     Log.d(TAG, "Downloading from " + newUrl);
+                     changeClientUrl(url);
+-                    mClient.setConnectTimeout(5000);
++                    mClient.setConnectTimeout(mUseOnionRouting ? 45000 : 5000);
+                     mClient.connect();
+                     if (!isSuccessCode(mClient.getResponseCode())) {
+                         throw new IOException("Server replied with " + mClient.getResponseCode());
+@@ -257,6 +273,9 @@ public class HttpURLConnectionClient implements DownloadClient {
+         public void run() {
+             boolean justResumed = false;
+             try {
++                if(mUseOnionRouting) {
++                    Utils.waitUntilOrbotIsAvailable();
++                }
+                 mClient.setInstanceFollowRedirects(!mUseDuplicateLinks);
+                 mClient.connect();
+                 int responseCode = mClient.getResponseCode();
+diff --git a/src/org/lineageos/updater/misc/Constants.java b/src/org/lineageos/updater/misc/Constants.java
+index 6144ed7..37e81d8 100644
+--- a/src/org/lineageos/updater/misc/Constants.java
++++ b/src/org/lineageos/updater/misc/Constants.java
+@@ -30,6 +30,7 @@ public final class Constants {
+ 
+     public static final String PREF_LAST_UPDATE_CHECK = "last_update_check";
+     public static final String PREF_AUTO_UPDATES_CHECK_INTERVAL = "auto_updates_check_interval";
++    public static final String PREF_ONION_ROUTING = "onion_routing";
+     public static final String PREF_AUTO_DELETE_UPDATES = "auto_delete_updates";
+     public static final String PREF_AB_PERF_MODE = "ab_perf_mode";
+     public static final String PREF_MOBILE_DATA_WARNING = "pref_mobile_data_warning";
+diff --git a/src/org/lineageos/updater/misc/Utils.java b/src/org/lineageos/updater/misc/Utils.java
+index 69a5252..2b42726 100644
+--- a/src/org/lineageos/updater/misc/Utils.java
++++ b/src/org/lineageos/updater/misc/Utils.java
+@@ -44,6 +44,7 @@ import java.io.BufferedReader;
+ import java.io.File;
+ import java.io.FileReader;
+ import java.io.IOException;
++import java.net.Socket;
+ import java.util.ArrayList;
+ import java.util.Enumeration;
+ import java.util.HashSet;
+@@ -149,11 +150,75 @@ public class Utils {
+         return updates;
+     }
+ 
++    //Credit: https://stackoverflow.com/a/6758962
++    public static boolean isPackageInstalled(Context context, String packageID) {
++        PackageManager pm = context.getPackageManager();
++        try {
++            pm.getPackageInfo(packageID, PackageManager.GET_META_DATA);
++        } catch(PackageManager.NameNotFoundException e) {
++            return false;
++        }
++        return true;
++    }
++
++    public static boolean isOrbotInstalled(Context context) {
++        return isPackageInstalled(context, "org.torproject.android");
++    }
++
++    public static boolean isOnionRoutingEnabled(Context context) {
++        SharedPreferences preferences = PreferenceManager.getDefaultSharedPreferences(context);
++        return preferences.getBoolean(Constants.PREF_ONION_ROUTING, false);
++    }
++
++    //Credit: OrbotHelper/NetCipher
++    public static void requestStartOrbot(Context context) {
++        Intent intent = new Intent("org.torproject.android.intent.action.START");
++        intent.setPackage("org.torproject.android");
++        intent.putExtra("org.torproject.android.intent.extra.PACKAGE_NAME", context.getPackageName());
++        context.sendBroadcast(intent);
++    }
++
++    //Credit: https://www.geekality.net/2013/04/30/java-simple-check-to-see-if-a-server-is-listening-on-a-port/
++    public static boolean isPortListening(String host, int port) {
++        Socket s = null;
++        try {
++            s = new Socket(host, port);
++            return true;
++        } catch(Exception e) {
++            return false;
++        } finally {
++            if (s != null) {
++                try {
++                    s.close();
++                } catch(Exception e1) {
++                }
++            }
++        }
++    }
++
++    public static boolean waitUntilOrbotIsAvailable() {
++        int tries = 0;
++        boolean listening;
++        while(!(listening = isPortListening("127.0.0.1", 9050)) && tries <= 60) {
++            tries++;
++            try {
++                Thread.sleep(1000);
++            } catch(Exception e) {
++
++            }
++        }
++        return listening;
++    }
++
+     public static String getServerURL(Context context) {
+         String incrementalVersion = SystemProperties.get(Constants.PROP_BUILD_VERSION_INCREMENTAL);
+         String device = SystemProperties.get(Constants.PROP_NEXT_DEVICE,
+                 SystemProperties.get(Constants.PROP_DEVICE));
+         String server = "0OTA_SERVER_CLEARNET0";
++        String serverOnion = "0OTA_SERVER_ONION0";
++        if(serverOnion.toLowerCase().startsWith("http") && isOnionRoutingEnabled(context)) {
++            server = serverOnion;
++        }
+ 
+         return server + "?base=LineageOS&device=" + device + "&inc=" + incrementalVersion;
+     }
diff --git a/Patches/LineageOS-19.1/android_packages_modules_NetworkStack/0001-Random_MAC.patch b/Patches/LineageOS-19.1/android_packages_modules_NetworkStack/0001-Random_MAC.patch
new file mode 100644
index 00000000..6ec05efc
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_packages_modules_NetworkStack/0001-Random_MAC.patch
@@ -0,0 +1,70 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Pratyush <39559233+empratyush@users.noreply.github.com>
+Date: Thu, 20 May 2021 13:21:31 +0530
+Subject: [PATCH] avoid reusing DHCP state for full MAC randomization
+
+---
+ src/android/net/dhcp/DhcpClient.java | 29 +++++++++++++++++++++++++++-
+ 1 file changed, 28 insertions(+), 1 deletion(-)
+
+diff --git a/src/android/net/dhcp/DhcpClient.java b/src/android/net/dhcp/DhcpClient.java
+index 8e0e9d34..4876c2f1 100644
+--- a/src/android/net/dhcp/DhcpClient.java
++++ b/src/android/net/dhcp/DhcpClient.java
+@@ -76,6 +76,9 @@ import android.net.util.HostnameTransliterator;
+ import android.net.util.InterfaceParams;
+ import android.net.util.NetworkStackUtils;
+ import android.net.util.SocketUtils;
++import android.net.wifi.WifiConfiguration;
++import android.net.wifi.WifiInfo;
++import android.net.wifi.WifiManager;
+ import android.os.Build;
+ import android.os.Handler;
+ import android.os.Message;
+@@ -116,6 +119,7 @@ import java.net.SocketAddress;
+ import java.net.SocketException;
+ import java.nio.ByteBuffer;
+ import java.util.Arrays;
++import java.util.ArrayList;
+ import java.util.List;
+ import java.util.Random;
+ 
+@@ -1242,7 +1246,7 @@ public class DhcpClient extends StateMachine {
+                                 + " lease expiry: "  + attributes.assignedV4AddressExpiry
+                                 + " current time: "  + currentTime);
+                     }
+-                    if (currentTime >= attributes.assignedV4AddressExpiry) {
++                    if (currentTime >= attributes.assignedV4AddressExpiry || shouldAvoidStateReuse()) {
+                         // Lease has expired.
+                         transitionTo(mDhcpInitState);
+                         return HANDLED;
+@@ -1276,6 +1280,29 @@ public class DhcpClient extends StateMachine {
+         return true;
+     }
+ 
++    private static final int RANDOMIZATION_ALWAYS = 100;
++
++    private boolean shouldAvoidStateReuse() {
++        try {
++            WifiManager wifiManager = (WifiManager) mContext.getSystemService(Context.WIFI_SERVICE);
++            WifiInfo wifiInfo =  wifiManager.getConnectionInfo();
++            if (wifiInfo != null) {
++                int connectedNetworkId = wifiInfo.getNetworkId();
++                List<WifiConfiguration> configurationList = wifiManager.getConfiguredNetworks();
++                for (WifiConfiguration configuration : configurationList){
++                    if (configuration.networkId == connectedNetworkId){
++                        return configuration.macRandomizationSetting == RANDOMIZATION_ALWAYS;
++                    }
++                }
++            }
++        } catch (Exception e) {
++            loge(e.getLocalizedMessage(), e);
++        }
++
++        loge("ConfiguredNetworks should contain Connected network id config");
++        return true;
++    }
++
+     private void receiveOfferOrAckPacket(final DhcpPacket packet, final boolean acceptRapidCommit) {
+         if (!isValidPacket(packet)) return;
+ 
diff --git a/Patches/LineageOS-19.1/android_packages_modules_Permission/0002-Network_Permission-1.patch b/Patches/LineageOS-19.1/android_packages_modules_Permission/0002-Network_Permission-1.patch
new file mode 100644
index 00000000..49eecec5
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_packages_modules_Permission/0002-Network_Permission-1.patch
@@ -0,0 +1,62 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Sat, 22 Jul 2017 21:43:50 -0400
+Subject: [PATCH] always treat INTERNET as a runtime permission
+
+ported from 10: 6c4f112dde47f21ce5a583f5bd8b217db6de5c02
+---
+ .../permission/model/AppPermissionGroup.java                 | 5 +++--
+ .../permissioncontroller/permission/model/Permission.java    | 3 ++-
+ 2 files changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/PermissionController/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java b/PermissionController/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java
+index 869ff76ba..cb80394e5 100644
+--- a/PermissionController/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java
++++ b/PermissionController/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java
+@@ -34,6 +34,7 @@ import android.content.pm.PackageManager;
+ import android.content.pm.PackageManager.NameNotFoundException;
+ import android.content.pm.PermissionGroupInfo;
+ import android.content.pm.PermissionInfo;
++import android.Manifest;
+ import android.os.Build;
+ import android.os.UserHandle;
+ import android.permission.PermissionManager;
+@@ -872,7 +873,7 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup>
+ 
+             boolean wasGranted = permission.isGrantedIncludingAppOp();
+ 
+-            if (mAppSupportsRuntimePermissions) {
++            if (mAppSupportsRuntimePermissions || Manifest.permission.INTERNET.equals(permission.getName())) {
+                 // Do not touch permissions fixed by the system.
+                 if (permission.isSystemFixed()) {
+                     wasAllGranted = false;
+@@ -1057,7 +1058,7 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup>
+                 break;
+             }
+ 
+-            if (mAppSupportsRuntimePermissions) {
++            if (mAppSupportsRuntimePermissions || Manifest.permission.INTERNET.equals(permission.getName())) {
+                 // Revoke the permission if needed.
+                 if (permission.isGranted()) {
+                     permission.setGranted(false);
+diff --git a/PermissionController/src/com/android/permissioncontroller/permission/model/Permission.java b/PermissionController/src/com/android/permissioncontroller/permission/model/Permission.java
+index 49381db2b..3af5241af 100644
+--- a/PermissionController/src/com/android/permissioncontroller/permission/model/Permission.java
++++ b/PermissionController/src/com/android/permissioncontroller/permission/model/Permission.java
+@@ -18,6 +18,7 @@ package com.android.permissioncontroller.permission.model;
+ 
+ import android.content.pm.PackageManager;
+ import android.content.pm.PermissionInfo;
++import android.Manifest;
+ 
+ import androidx.annotation.NonNull;
+ 
+@@ -137,7 +138,7 @@ public final class Permission {
+      * @return {@code true} if the permission (and the app-op) is granted.
+      */
+     public boolean isGrantedIncludingAppOp() {
+-        return mGranted && (!affectsAppOp() || isAppOpAllowed()) && !isReviewRequired();
++        return mGranted && (!affectsAppOp() || isAppOpAllowed()) && (!isReviewRequired() || Manifest.permission.INTERNET.equals(mName));
+     }
+ 
+     public boolean isReviewRequired() {
diff --git a/Patches/LineageOS-19.1/android_packages_modules_Permission/0002-Network_Permission-2.patch b/Patches/LineageOS-19.1/android_packages_modules_Permission/0002-Network_Permission-2.patch
new file mode 100644
index 00000000..8b8f191b
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_packages_modules_Permission/0002-Network_Permission-2.patch
@@ -0,0 +1,31 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Fri, 21 Jul 2017 10:29:15 -0400
+Subject: [PATCH] add INTERNET permission toggle
+
+ported from 10: a07271ed7e45239369f2ca33496d939d2e9cbd08
+---
+ .../android/permissioncontroller/permission/utils/Utils.java   | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java b/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java
+index 68e31e5b2..79ff02e48 100644
+--- a/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java
++++ b/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java
+@@ -24,6 +24,7 @@ import static android.Manifest.permission_group.CONTACTS;
+ import static android.Manifest.permission_group.LOCATION;
+ import static android.Manifest.permission_group.MICROPHONE;
+ import static android.Manifest.permission_group.NEARBY_DEVICES;
++import static android.Manifest.permission_group.NETWORK;
+ import static android.Manifest.permission_group.PHONE;
+ import static android.Manifest.permission_group.SENSORS;
+ import static android.Manifest.permission_group.SMS;
+@@ -281,6 +282,8 @@ public final class Utils {
+ 
+         PLATFORM_PERMISSIONS.put(Manifest.permission.BODY_SENSORS, SENSORS);
+ 
++        PLATFORM_PERMISSIONS.put(Manifest.permission.INTERNET, NETWORK);
++
+         PLATFORM_PERMISSION_GROUPS = new ArrayMap<>();
+         int numPlatformPermissions = PLATFORM_PERMISSIONS.size();
+         for (int i = 0; i < numPlatformPermissions; i++) {
diff --git a/Patches/LineageOS-19.1/android_packages_modules_Permission/0003-Sensors_Permission-1.patch b/Patches/LineageOS-19.1/android_packages_modules_Permission/0003-Sensors_Permission-1.patch
new file mode 100644
index 00000000..13dcb679
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_packages_modules_Permission/0003-Sensors_Permission-1.patch
@@ -0,0 +1,46 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Sat, 7 Oct 2017 15:55:58 -0400
+Subject: [PATCH] always treat OTHER_SENSORS as a runtime permission
+
+ported from 10: a1204e6126189810018ff5540858536a1c58ac37
+---
+ .../permission/model/AppPermissionGroup.java                  | 4 ++--
+ .../permissioncontroller/permission/model/Permission.java     | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/PermissionController/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java b/PermissionController/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java
+index cb80394e5..a74a63121 100644
+--- a/PermissionController/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java
++++ b/PermissionController/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java
+@@ -873,7 +873,7 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup>
+ 
+             boolean wasGranted = permission.isGrantedIncludingAppOp();
+ 
+-            if (mAppSupportsRuntimePermissions || Manifest.permission.INTERNET.equals(permission.getName())) {
++            if (mAppSupportsRuntimePermissions || Manifest.permission.INTERNET.equals(permission.getName()) || Manifest.permission.OTHER_SENSORS.equals(permission.getName())) {
+                 // Do not touch permissions fixed by the system.
+                 if (permission.isSystemFixed()) {
+                     wasAllGranted = false;
+@@ -1058,7 +1058,7 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup>
+                 break;
+             }
+ 
+-            if (mAppSupportsRuntimePermissions || Manifest.permission.INTERNET.equals(permission.getName())) {
++            if (mAppSupportsRuntimePermissions || Manifest.permission.INTERNET.equals(permission.getName()) || Manifest.permission.OTHER_SENSORS.equals(permission.getName())) {
+                 // Revoke the permission if needed.
+                 if (permission.isGranted()) {
+                     permission.setGranted(false);
+diff --git a/PermissionController/src/com/android/permissioncontroller/permission/model/Permission.java b/PermissionController/src/com/android/permissioncontroller/permission/model/Permission.java
+index 3af5241af..f65b75a9c 100644
+--- a/PermissionController/src/com/android/permissioncontroller/permission/model/Permission.java
++++ b/PermissionController/src/com/android/permissioncontroller/permission/model/Permission.java
+@@ -138,7 +138,7 @@ public final class Permission {
+      * @return {@code true} if the permission (and the app-op) is granted.
+      */
+     public boolean isGrantedIncludingAppOp() {
+-        return mGranted && (!affectsAppOp() || isAppOpAllowed()) && (!isReviewRequired() || Manifest.permission.INTERNET.equals(mName));
++        return mGranted && (!affectsAppOp() || isAppOpAllowed()) && (!isReviewRequired() || Manifest.permission.INTERNET.equals(mName) || Manifest.permission.OTHER_SENSORS.equals(mName));
+     }
+ 
+     public boolean isReviewRequired() {
diff --git a/Patches/LineageOS-19.1/android_packages_modules_Permission/0003-Sensors_Permission-2.patch b/Patches/LineageOS-19.1/android_packages_modules_Permission/0003-Sensors_Permission-2.patch
new file mode 100644
index 00000000..990879fb
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_packages_modules_Permission/0003-Sensors_Permission-2.patch
@@ -0,0 +1,30 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Sat, 7 Oct 2017 15:56:35 -0400
+Subject: [PATCH] add OTHER_SENSORS permission group
+
+ported from 10: fc8c816e07ce39583774db8fe668e0505b6aa504
+---
+ .../android/permissioncontroller/permission/utils/Utils.java    | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java b/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java
+index 79ff02e48..fdd04c8c9 100644
+--- a/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java
++++ b/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java
+@@ -25,6 +25,7 @@ import static android.Manifest.permission_group.LOCATION;
+ import static android.Manifest.permission_group.MICROPHONE;
+ import static android.Manifest.permission_group.NEARBY_DEVICES;
+ import static android.Manifest.permission_group.NETWORK;
++import static android.Manifest.permission_group.OTHER_SENSORS;
+ import static android.Manifest.permission_group.PHONE;
+ import static android.Manifest.permission_group.SENSORS;
+ import static android.Manifest.permission_group.SMS;
+@@ -283,6 +284,7 @@ public final class Utils {
+         PLATFORM_PERMISSIONS.put(Manifest.permission.BODY_SENSORS, SENSORS);
+ 
+         PLATFORM_PERMISSIONS.put(Manifest.permission.INTERNET, NETWORK);
++        PLATFORM_PERMISSIONS.put(Manifest.permission.OTHER_SENSORS, OTHER_SENSORS);
+ 
+         PLATFORM_PERMISSION_GROUPS = new ArrayMap<>();
+         int numPlatformPermissions = PLATFORM_PERMISSIONS.size();
diff --git a/Patches/LineageOS-19.1/android_packages_modules_Permission/0004-Special_Permission-1.patch b/Patches/LineageOS-19.1/android_packages_modules_Permission/0004-Special_Permission-1.patch
new file mode 100644
index 00000000..1dc0d213
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_packages_modules_Permission/0004-Special_Permission-1.patch
@@ -0,0 +1,110 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: inthewaves <inthewaves@pm.me>
+Date: Sat, 12 Sep 2020 15:40:58 -0700
+Subject: [PATCH] refactor handling of special runtime permissions
+
+---
+ .../permission/model/AppPermissionGroup.java   |  5 ++---
+ .../permission/model/Permission.java           |  5 +++--
+ .../permission/utils/Utils.java                | 18 ++++++++++++++++++
+ 3 files changed, 23 insertions(+), 5 deletions(-)
+
+diff --git a/PermissionController/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java b/PermissionController/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java
+index a74a63121..87001d20a 100644
+--- a/PermissionController/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java
++++ b/PermissionController/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java
+@@ -34,7 +34,6 @@ import android.content.pm.PackageManager;
+ import android.content.pm.PackageManager.NameNotFoundException;
+ import android.content.pm.PermissionGroupInfo;
+ import android.content.pm.PermissionInfo;
+-import android.Manifest;
+ import android.os.Build;
+ import android.os.UserHandle;
+ import android.permission.PermissionManager;
+@@ -873,7 +872,7 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup>
+ 
+             boolean wasGranted = permission.isGrantedIncludingAppOp();
+ 
+-            if (mAppSupportsRuntimePermissions || Manifest.permission.INTERNET.equals(permission.getName()) || Manifest.permission.OTHER_SENSORS.equals(permission.getName())) {
++            if (mAppSupportsRuntimePermissions || Utils.isSpecialRuntimePermission(permission.getName())) {
+                 // Do not touch permissions fixed by the system.
+                 if (permission.isSystemFixed()) {
+                     wasAllGranted = false;
+@@ -1058,7 +1057,7 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup>
+                 break;
+             }
+ 
+-            if (mAppSupportsRuntimePermissions || Manifest.permission.INTERNET.equals(permission.getName()) || Manifest.permission.OTHER_SENSORS.equals(permission.getName())) {
++            if (mAppSupportsRuntimePermissions || Utils.isSpecialRuntimePermission(permission.getName())) {
+                 // Revoke the permission if needed.
+                 if (permission.isGranted()) {
+                     permission.setGranted(false);
+diff --git a/PermissionController/src/com/android/permissioncontroller/permission/model/Permission.java b/PermissionController/src/com/android/permissioncontroller/permission/model/Permission.java
+index f65b75a9c..3f17de882 100644
+--- a/PermissionController/src/com/android/permissioncontroller/permission/model/Permission.java
++++ b/PermissionController/src/com/android/permissioncontroller/permission/model/Permission.java
+@@ -18,10 +18,11 @@ package com.android.permissioncontroller.permission.model;
+ 
+ import android.content.pm.PackageManager;
+ import android.content.pm.PermissionInfo;
+-import android.Manifest;
+ 
+ import androidx.annotation.NonNull;
+ 
++import com.android.permissioncontroller.permission.utils.Utils;
++
+ import java.util.ArrayList;
+ import java.util.Objects;
+ 
+@@ -138,7 +139,7 @@ public final class Permission {
+      * @return {@code true} if the permission (and the app-op) is granted.
+      */
+     public boolean isGrantedIncludingAppOp() {
+-        return mGranted && (!affectsAppOp() || isAppOpAllowed()) && (!isReviewRequired() || Manifest.permission.INTERNET.equals(mName) || Manifest.permission.OTHER_SENSORS.equals(mName));
++        return mGranted && (!affectsAppOp() || isAppOpAllowed()) && (!isReviewRequired() || Utils.isSpecialRuntimePermission(mName));
+     }
+ 
+     public boolean isReviewRequired() {
+diff --git a/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java b/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java
+index fdd04c8c9..5a309a7de 100644
+--- a/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java
++++ b/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java
+@@ -178,6 +178,9 @@ public final class Utils {
+      */
+     public static final long ONE_TIME_PERMISSIONS_TIMEOUT_MILLIS = 1 * 60 * 1000; // 1 minute
+ 
++    /** Mapping permission -> group for all special runtime permissions */
++    private static final ArrayMap<String, String> SPECIAL_RUNTIME_PERMISSIONS;
++
+     /** Mapping permission -> group for all dangerous platform permissions */
+     private static final ArrayMap<String, String> PLATFORM_PERMISSIONS;
+ 
+@@ -286,6 +289,10 @@ public final class Utils {
+         PLATFORM_PERMISSIONS.put(Manifest.permission.INTERNET, NETWORK);
+         PLATFORM_PERMISSIONS.put(Manifest.permission.OTHER_SENSORS, OTHER_SENSORS);
+ 
++        SPECIAL_RUNTIME_PERMISSIONS = new ArrayMap<>();
++        SPECIAL_RUNTIME_PERMISSIONS.put(Manifest.permission.INTERNET, NETWORK);
++        SPECIAL_RUNTIME_PERMISSIONS.put(Manifest.permission.OTHER_SENSORS, OTHER_SENSORS);
++
+         PLATFORM_PERMISSION_GROUPS = new ArrayMap<>();
+         int numPlatformPermissions = PLATFORM_PERMISSIONS.size();
+         for (int i = 0; i < numPlatformPermissions; i++) {
+@@ -725,6 +732,17 @@ public final class Utils {
+         return PLATFORM_PERMISSIONS.containsKey(permission);
+     }
+ 
++    /**
++     * Is the permission a special runtime permission?
++     * These are treated as a runtime permission even for legacy apps. They
++     * need to be granted by default for all apps to maintain compatibility.
++     *
++     * @return whether the permission is a special runtime permission.
++     */
++    public static boolean isSpecialRuntimePermission(@NonNull String permission) {
++        return SPECIAL_RUNTIME_PERMISSIONS.containsKey(permission);
++    }
++
+     /**
+      * Should UI show this permission.
+      *
diff --git a/Patches/LineageOS-19.1/android_packages_modules_Permission/0004-Special_Permission-2.patch b/Patches/LineageOS-19.1/android_packages_modules_Permission/0004-Special_Permission-2.patch
new file mode 100644
index 00000000..d8395518
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_packages_modules_Permission/0004-Special_Permission-2.patch
@@ -0,0 +1,73 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: inthewaves <inthewaves@pm.me>
+Date: Wed, 16 Sep 2020 17:30:37 -0700
+Subject: [PATCH] don't auto revoke Network and Sensors
+
+These shouldn't be automatically removed since apps are currently
+granted these by default for compatibility. Users have to explicitly
+remove them rather than granting them. Apps would need to be aware of
+them and request them from the user to treat them like the standard
+permissions.
+---
+ .../data/HibernationSettingStateLiveData.kt           |  3 ++-
+ .../permission/service/AutoRevokePermissions.kt       |  3 ++-
+ .../permissioncontroller/permission/utils/Utils.java  | 11 +++++++++++
+ 3 files changed, 15 insertions(+), 2 deletions(-)
+
+diff --git a/PermissionController/src/com/android/permissioncontroller/permission/data/HibernationSettingStateLiveData.kt b/PermissionController/src/com/android/permissioncontroller/permission/data/HibernationSettingStateLiveData.kt
+index 18686875a..fad5be5b6 100644
+--- a/PermissionController/src/com/android/permissioncontroller/permission/data/HibernationSettingStateLiveData.kt
++++ b/PermissionController/src/com/android/permissioncontroller/permission/data/HibernationSettingStateLiveData.kt
+@@ -30,6 +30,7 @@ import com.android.permissioncontroller.hibernation.HibernationEnabledLiveData
+ import com.android.permissioncontroller.hibernation.isHibernationJobEnabled
+ import com.android.permissioncontroller.hibernation.isPackageHibernationExemptByUser
+ import com.android.permissioncontroller.hibernation.isPackageHibernationExemptBySystem
++import com.android.permissioncontroller.permission.utils.Utils
+ import kotlinx.coroutines.Job
+ 
+ /**
+@@ -95,7 +96,7 @@ class HibernationSettingStateLiveData private constructor(
+                     permState.permFlags and (FLAG_PERMISSION_GRANTED_BY_DEFAULT or
+                             FLAG_PERMISSION_GRANTED_BY_ROLE) != 0
+                 } ?: false
+-                if (!default) {
++                if (!default && !Utils.isSpecialRuntimePermissionGroup(groupName)) {
+                     revocableGroups.add(groupName)
+                 }
+             }
+diff --git a/PermissionController/src/com/android/permissioncontroller/permission/service/AutoRevokePermissions.kt b/PermissionController/src/com/android/permissioncontroller/permission/service/AutoRevokePermissions.kt
+index d57e79751..4cfa0d38b 100644
+--- a/PermissionController/src/com/android/permissioncontroller/permission/service/AutoRevokePermissions.kt
++++ b/PermissionController/src/com/android/permissioncontroller/permission/service/AutoRevokePermissions.kt
+@@ -100,7 +100,8 @@ suspend fun revokeAppPermissions(
+                     !group.isGrantedByDefault &&
+                     !group.isGrantedByRole &&
+                     !group.isRevokeWhenRequested &&
+-                    group.isUserSensitive) {
++                    group.isUserSensitive &&
++                    !Utils.isSpecialRuntimePermissionGroup(groupName)) {
+ 
+                     val revocablePermissions = group.permissions.keys.toList()
+ 
+diff --git a/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java b/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java
+index 5a309a7de..3df07ff43 100644
+--- a/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java
++++ b/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java
+@@ -743,6 +743,17 @@ public final class Utils {
+         return SPECIAL_RUNTIME_PERMISSIONS.containsKey(permission);
+     }
+ 
++    /**
++     * Is the permission group a special runtime permission group?
++     * These are treated as a runtime permission even for legacy apps. They
++     * need to be granted by default for all apps to maintain compatibility.
++     *
++     * @return whether the permission group is a special runtime permission group.
++     */
++    public static boolean isSpecialRuntimePermissionGroup(@NonNull String permissionGroup) {
++        return SPECIAL_RUNTIME_PERMISSIONS.containsValue(permissionGroup);
++    }
++
+     /**
+      * Should UI show this permission.
+      *
diff --git a/Patches/LineageOS-19.1/android_packages_modules_Permission/0004-Special_Permission-3.patch b/Patches/LineageOS-19.1/android_packages_modules_Permission/0004-Special_Permission-3.patch
new file mode 100644
index 00000000..92ab6848
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_packages_modules_Permission/0004-Special_Permission-3.patch
@@ -0,0 +1,30 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Pratyush <codelab@pratyush.dev>
+Date: Fri, 15 Oct 2021 08:55:52 +0530
+Subject: [PATCH] ui fix for special runtime permission
+
+Toggles were not working correctly for API < 23.
+---
+ .../permissioncontroller/permission/utils/KotlinUtils.kt        | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/PermissionController/src/com/android/permissioncontroller/permission/utils/KotlinUtils.kt b/PermissionController/src/com/android/permissioncontroller/permission/utils/KotlinUtils.kt
+index da93d4f78..96f6e356f 100644
+--- a/PermissionController/src/com/android/permissioncontroller/permission/utils/KotlinUtils.kt
++++ b/PermissionController/src/com/android/permissioncontroller/permission/utils/KotlinUtils.kt
+@@ -547,6 +547,7 @@ object KotlinUtils {
+         val pkgInfo = group.packageInfo
+         val user = UserHandle.getUserHandleForUid(pkgInfo.uid)
+         val supportsRuntime = pkgInfo.targetSdkVersion >= Build.VERSION_CODES.M
++                || Utils.isSpecialRuntimePermission(perm.name)
+         val isGrantingAllowed = (!pkgInfo.isInstantApp || perm.isInstantPerm) &&
+             (supportsRuntime || !perm.isRuntimeOnly)
+         // Do not touch permissions fixed by the system, or permissions that cannot be granted
+@@ -776,6 +777,7 @@ object KotlinUtils {
+         var newFlags = perm.flags
+         var isGranted = perm.isGrantedIncludingAppOp
+         val supportsRuntime = group.packageInfo.targetSdkVersion >= Build.VERSION_CODES.M
++                || Utils.isSpecialRuntimePermission(perm.name)
+         var shouldKill = false
+ 
+         val affectsAppOp = permissionToOp(perm.name) != null || perm.isBackgroundPermission
diff --git a/Patches/LineageOS-19.1/android_packages_modules_Permission/0004-Special_Permission-4.patch b/Patches/LineageOS-19.1/android_packages_modules_Permission/0004-Special_Permission-4.patch
new file mode 100644
index 00000000..8354f8f2
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_packages_modules_Permission/0004-Special_Permission-4.patch
@@ -0,0 +1,41 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Mon, 18 Oct 2021 03:23:42 -0400
+Subject: [PATCH] fix usage UI summary for Network/Sensors
+
+---
+ PermissionController/res/values/strings.xml                 | 3 +++
+ .../ui/handheld/PermissionUsageV2ControlPreference.java     | 6 +++++-
+ 2 files changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/PermissionController/res/values/strings.xml b/PermissionController/res/values/strings.xml
+index 7a086816d..8799a54bd 100644
+--- a/PermissionController/res/values/strings.xml
++++ b/PermissionController/res/values/strings.xml
+@@ -450,6 +450,9 @@
+         <item quantity="other"><xliff:g id="number" example="7">%s</xliff:g> apps</item>
+     </plurals>
+ 
++    <!-- Summary text if tracking permission usage is not supported [CHAR LIMIT=60] -->
++    <string name="permission_usage_preference_summary_not_supported">Tracking usage not yet supported</string>
++
+     <!-- Summary text if a permission usage is not used [CHAR LIMIT=60] -->
+     <string name="permission_usage_preference_summary_not_used">Not used in past 24 hours</string>
+ 
+diff --git a/PermissionController/src/com/android/permissioncontroller/permission/ui/handheld/PermissionUsageV2ControlPreference.java b/PermissionController/src/com/android/permissioncontroller/permission/ui/handheld/PermissionUsageV2ControlPreference.java
+index 794c760d1..6d5eaebe2 100644
+--- a/PermissionController/src/com/android/permissioncontroller/permission/ui/handheld/PermissionUsageV2ControlPreference.java
++++ b/PermissionController/src/com/android/permissioncontroller/permission/ui/handheld/PermissionUsageV2ControlPreference.java
+@@ -72,7 +72,11 @@ public class PermissionUsageV2ControlPreference extends Preference {
+ 
+         if (mCount == 0) {
+             this.setEnabled(false);
+-            setSummary(R.string.permission_usage_preference_summary_not_used);
++            if (groupName.equals(Manifest.permission_group.NETWORK) || groupName.equals(Manifest.permission_group.OTHER_SENSORS)) {
++                setSummary(R.string.permission_usage_preference_summary_not_supported);
++            } else {
++                setSummary(R.string.permission_usage_preference_summary_not_used);
++            }
+         } else if (SENSOR_DATA_PERMISSIONS.contains(groupName)) {
+             setOnPreferenceClickListener((preference) -> {
+                 Intent intent = new Intent(Intent.ACTION_REVIEW_PERMISSION_HISTORY);
diff --git a/Patches/LineageOS-19.1/android_packages_modules_Permission/0005-Browser_No_Location.patch b/Patches/LineageOS-19.1/android_packages_modules_Permission/0005-Browser_No_Location.patch
new file mode 100644
index 00000000..9eb3772f
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_packages_modules_Permission/0005-Browser_No_Location.patch
@@ -0,0 +1,44 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Tue, 19 Oct 2021 08:17:55 -0400
+Subject: [PATCH] stop auto-granting location to system browsers
+
+---
+ .../role/model/BrowserRoleBehavior.java         | 17 -----------------
+ 1 file changed, 17 deletions(-)
+
+diff --git a/PermissionController/src/com/android/permissioncontroller/role/model/BrowserRoleBehavior.java b/PermissionController/src/com/android/permissioncontroller/role/model/BrowserRoleBehavior.java
+index d359fc4ae..9765432ea 100644
+--- a/PermissionController/src/com/android/permissioncontroller/role/model/BrowserRoleBehavior.java
++++ b/PermissionController/src/com/android/permissioncontroller/role/model/BrowserRoleBehavior.java
+@@ -52,11 +52,6 @@ public class BrowserRoleBehavior implements RoleBehavior {
+             .addCategory(Intent.CATEGORY_BROWSABLE)
+             .setData(Uri.fromParts("http", "", null));
+ 
+-    private static final List<String> SYSTEM_BROWSER_PERMISSIONS = Arrays.asList(
+-            android.Manifest.permission.ACCESS_COARSE_LOCATION,
+-            android.Manifest.permission.ACCESS_FINE_LOCATION
+-    );
+-
+     @Nullable
+     @Override
+     public String getFallbackHolder(@NonNull Role role, @NonNull Context context) {
+@@ -130,18 +125,6 @@ public class BrowserRoleBehavior implements RoleBehavior {
+         return new ArrayList<>(packageNames);
+     }
+ 
+-    @Override
+-    public void grant(@NonNull Role role, @NonNull String packageName, @NonNull Context context) {
+-        // @see com.android.server.pm.permission.DefaultPermissionGrantPolicy
+-        //      #grantDefaultPermissionsToDefaultBrowser(java.lang.String, int)
+-        if (SdkLevel.isAtLeastS()) {
+-            if (PackageUtils.isSystemPackage(packageName, context)) {
+-                Permissions.grant(packageName, SYSTEM_BROWSER_PERMISSIONS, false, false, false,
+-                        true, false, context);
+-            }
+-        }
+-    }
+-
+     @Override
+     public boolean isVisibleAsUser(@NonNull Role role, @NonNull UserHandle user,
+             @NonNull Context context) {
diff --git a/Patches/LineageOS-19.1/android_packages_modules_Permission/0006-Location_Indicators.patch b/Patches/LineageOS-19.1/android_packages_modules_Permission/0006-Location_Indicators.patch
new file mode 100644
index 00000000..2c3a3859
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_packages_modules_Permission/0006-Location_Indicators.patch
@@ -0,0 +1,25 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Sun, 17 Oct 2021 22:53:22 -0400
+Subject: [PATCH] SystemUI: Use new privacy indicators for location
+
+Android has had location indicators for a while, but let's use the new
+privacy indicator infrastructure for displaying them. This makes them
+integrate better with the new camera and microphone indicators.
+---
+ .../permission/ui/handheld/dashboard/Utils.kt                   | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/PermissionController/src/com/android/permissioncontroller/permission/ui/handheld/dashboard/Utils.kt b/PermissionController/src/com/android/permissioncontroller/permission/ui/handheld/dashboard/Utils.kt
+index 29fa50ae3..72cb2eb2f 100644
+--- a/PermissionController/src/com/android/permissioncontroller/permission/ui/handheld/dashboard/Utils.kt
++++ b/PermissionController/src/com/android/permissioncontroller/permission/ui/handheld/dashboard/Utils.kt
+@@ -91,7 +91,7 @@ fun shouldShowCameraMicIndicators(): Boolean {
+  */
+ fun isLocationIndicatorsFlagEnabled(): Boolean {
+     return DeviceConfig.getBoolean(DeviceConfig.NAMESPACE_PRIVACY,
+-            PROPERTY_LOCATION_INDICATORS_ENABLED, false)
++            PROPERTY_LOCATION_INDICATORS_ENABLED, true)
+ }
+ 
+ /**
diff --git a/Patches/LineageOS-19.1/android_packages_modules_Wifi/0001-Random_MAC.patch b/Patches/LineageOS-19.1/android_packages_modules_Wifi/0001-Random_MAC.patch
new file mode 100644
index 00000000..69a5038a
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_packages_modules_Wifi/0001-Random_MAC.patch
@@ -0,0 +1,103 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: renlord <me@renlord.com>
+Date: Fri, 15 Oct 2021 19:28:34 +0530
+Subject: [PATCH] add option of always randomizing MAC addresses
+
+---
+ framework/api/system-current.txt                 |  1 +
+ .../java/android/net/wifi/WifiConfiguration.java | 16 ++++++++++++----
+ .../android/server/wifi/WifiConfigManager.java   |  7 ++++++-
+ .../server/wifi/WifiConfigurationUtil.java       |  2 +-
+ 4 files changed, 20 insertions(+), 6 deletions(-)
+
+diff --git a/framework/api/system-current.txt b/framework/api/system-current.txt
+index dda74810f..855a5c53d 100644
+--- a/framework/api/system-current.txt
++++ b/framework/api/system-current.txt
+@@ -380,6 +380,7 @@ package android.net.wifi {
+     field @Deprecated public static final int METERED_OVERRIDE_METERED = 1; // 0x1
+     field @Deprecated public static final int METERED_OVERRIDE_NONE = 0; // 0x0
+     field @Deprecated public static final int METERED_OVERRIDE_NOT_METERED = 2; // 0x2
++    field @Deprecated public static final int RANDOMIZATION_ALWAYS = 100; // 0x64
+     field @Deprecated public static final int RANDOMIZATION_AUTO = 3; // 0x3
+     field @Deprecated public static final int RANDOMIZATION_NONE = 0; // 0x0
+     field @Deprecated public static final int RANDOMIZATION_NON_PERSISTENT = 2; // 0x2
+diff --git a/framework/java/android/net/wifi/WifiConfiguration.java b/framework/java/android/net/wifi/WifiConfiguration.java
+index 924cd3345..fa96b73c0 100644
+--- a/framework/java/android/net/wifi/WifiConfiguration.java
++++ b/framework/java/android/net/wifi/WifiConfiguration.java
+@@ -1641,7 +1641,8 @@ public class WifiConfiguration implements Parcelable {
+             RANDOMIZATION_NONE,
+             RANDOMIZATION_PERSISTENT,
+             RANDOMIZATION_NON_PERSISTENT,
+-            RANDOMIZATION_AUTO})
++            RANDOMIZATION_AUTO,
++            RANDOMIZATION_ALWAYS})
+     public @interface MacRandomizationSetting {}
+ 
+     /**
+@@ -1672,16 +1673,23 @@ public class WifiConfiguration implements Parcelable {
+     @SystemApi
+     public static final int RANDOMIZATION_AUTO = 3;
+ 
++    /**
++     * @hide
++     * Generate a randomize MAC always
++     */
++    @SystemApi
++    public static final int RANDOMIZATION_ALWAYS = 100;
++
+     /**
+      * Level of MAC randomization for this network.
+      * One of {@link #RANDOMIZATION_NONE}, {@link #RANDOMIZATION_AUTO},
+-     * {@link #RANDOMIZATION_PERSISTENT} or {@link #RANDOMIZATION_NON_PERSISTENT}.
+-     * By default this field is set to {@link #RANDOMIZATION_AUTO}.
++     * {@link #RANDOMIZATION_PERSISTENT} or {@link #RANDOMIZATION_NON_PERSISTENT} or RANDOMIZATION_ALWAYS.
++     * By default this field is set to RANDOMIZATION_ALWAYS in GrapheneOS.
+      * @hide
+      */
+     @SystemApi
+     @MacRandomizationSetting
+-    public int macRandomizationSetting = RANDOMIZATION_AUTO;
++    public int macRandomizationSetting = RANDOMIZATION_ALWAYS;
+ 
+     /**
+      * Randomized MAC address to use with this particular network
+diff --git a/service/java/com/android/server/wifi/WifiConfigManager.java b/service/java/com/android/server/wifi/WifiConfigManager.java
+index 1c87eb2fa..9032bfb54 100644
+--- a/service/java/com/android/server/wifi/WifiConfigManager.java
++++ b/service/java/com/android/server/wifi/WifiConfigManager.java
+@@ -431,6 +431,10 @@ public class WifiConfigManager {
+             return false;
+         }
+ 
++        if (config.macRandomizationSetting == WifiConfiguration.RANDOMIZATION_ALWAYS) {
++            return true;
++        }
++
+         // Use enhanced randomization if it's forced on by dev option
+         if (mFrameworkFacade.getIntegerSetting(mContext,
+                 ENHANCED_MAC_RANDOMIZATION_FEATURE_FORCE_ENABLE_FLAG, 0) == 1) {
+@@ -580,7 +584,8 @@ public class WifiConfigManager {
+     private MacAddress updateRandomizedMacIfNeeded(WifiConfiguration config) {
+         boolean shouldUpdateMac = config.randomizedMacExpirationTimeMs
+                 < mClock.getWallClockMillis() || mClock.getWallClockMillis()
+-                - config.randomizedMacLastModifiedTimeMs >= ENHANCED_MAC_REFRESH_MS_MAX;
++                - config.randomizedMacLastModifiedTimeMs >= ENHANCED_MAC_REFRESH_MS_MAX ||
++                config.macRandomizationSetting == WifiConfiguration.RANDOMIZATION_ALWAYS;
+         if (!shouldUpdateMac) {
+             return config.getRandomizedMacAddress();
+         }
+diff --git a/service/java/com/android/server/wifi/WifiConfigurationUtil.java b/service/java/com/android/server/wifi/WifiConfigurationUtil.java
+index 5e0db72f6..f63ccb32d 100644
+--- a/service/java/com/android/server/wifi/WifiConfigurationUtil.java
++++ b/service/java/com/android/server/wifi/WifiConfigurationUtil.java
+@@ -225,7 +225,7 @@ public class WifiConfigurationUtil {
+     public static boolean hasMacRandomizationSettingsChanged(WifiConfiguration existingConfig,
+             WifiConfiguration newConfig) {
+         if (existingConfig == null) {
+-            return newConfig.macRandomizationSetting != WifiConfiguration.RANDOMIZATION_AUTO;
++            return newConfig.macRandomizationSetting != WifiConfiguration.RANDOMIZATION_ALWAYS;
+         }
+         return newConfig.macRandomizationSetting != existingConfig.macRandomizationSetting;
+     }
diff --git a/Patches/LineageOS-19.1/android_packages_providers_DownloadProvider/0001-Network_Permission.patch b/Patches/LineageOS-19.1/android_packages_providers_DownloadProvider/0001-Network_Permission.patch
new file mode 100644
index 00000000..5adfdc8f
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_packages_providers_DownloadProvider/0001-Network_Permission.patch
@@ -0,0 +1,21 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Sun, 6 Aug 2017 08:19:36 -0400
+Subject: [PATCH] remove legacy NETWORK permission group reference
+
+---
+ AndroidManifest.xml | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/AndroidManifest.xml b/AndroidManifest.xml
+index 43cf258e..dfce071d 100644
+--- a/AndroidManifest.xml
++++ b/AndroidManifest.xml
+@@ -29,7 +29,6 @@
+ 
+     <!-- Allows to queue downloads without a notification shown while the download runs. -->
+     <permission android:name="android.permission.DOWNLOAD_WITHOUT_NOTIFICATION"
+-        android:permissionGroup="android.permission-group.NETWORK"
+         android:label="@string/permlab_downloadWithoutNotification"
+         android:description="@string/permdesc_downloadWithoutNotification"
+         android:protectionLevel="normal"/>
diff --git a/Patches/LineageOS-19.1/android_system_bt/0001-alloc_size.patch b/Patches/LineageOS-19.1/android_system_bt/0001-alloc_size.patch
new file mode 100644
index 00000000..ffd9d2f3
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_system_bt/0001-alloc_size.patch
@@ -0,0 +1,25 @@
+From 3ee1dde662b9b42c1a344fc9c6613b12e96b80cf Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Sat, 1 Jul 2017 13:21:18 -0400
+Subject: [PATCH] add alloc_size attributes to the allocator
+
+This results in expanded _FORTIFY_SOURCE coverage.
+---
+ osi/include/allocator.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/osi/include/allocator.h b/osi/include/allocator.h
+index 3a4141f384..4fa059eb14 100644
+--- a/osi/include/allocator.h
++++ b/osi/include/allocator.h
+@@ -37,8 +37,8 @@ extern const allocator_t allocator_calloc;
+ char* osi_strdup(const char* str);
+ char* osi_strndup(const char* str, size_t len);
+ 
+-void* osi_malloc(size_t size);
+-void* osi_calloc(size_t size);
++void* osi_malloc(size_t size) __attribute__((alloc_size(1)));
++void* osi_calloc(size_t size) __attribute__((alloc_size(1)));
+ void osi_free(void* ptr);
+ 
+ // Free a buffer that was previously allocated with function |osi_malloc|
diff --git a/Patches/LineageOS-19.1/android_system_core/0001-Harden.patch b/Patches/LineageOS-19.1/android_system_core/0001-Harden.patch
new file mode 100644
index 00000000..6f45b558
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_system_core/0001-Harden.patch
@@ -0,0 +1,60 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Mon, 12 Feb 2018 03:29:58 -0500
+Subject: [PATCH] Harden
+
+Change-Id: I46e3fc4ac896a509ab8ca90ae4ce09b820da434b
+[tad@spotco.us]: added protected fifos and regular from newer GrapheneOS patches
+[tad@spotco.us]: added IPv6 privacy options TODO split into another patch
+---
+ init/first_stage_init.cpp |  6 +++---
+ rootdir/init.rc           | 11 +++++++++++
+ 2 files changed, 14 insertions(+), 3 deletions(-)
+
+diff --git a/init/first_stage_init.cpp b/init/first_stage_init.cpp
+index c7b7b0c13..3ccacf56e 100644
+--- a/init/first_stage_init.cpp
++++ b/init/first_stage_init.cpp
+@@ -202,9 +202,9 @@ int FirstStageMain(int argc, char** argv) {
+     CHECKCALL(mkdir("/dev/pts", 0755));
+     CHECKCALL(mkdir("/dev/socket", 0755));
+     CHECKCALL(mkdir("/dev/dm-user", 0755));
+-    CHECKCALL(mount("devpts", "/dev/pts", "devpts", 0, NULL));
++    CHECKCALL(mount("devpts", "/dev/pts", "devpts", MS_NOSUID|MS_NOEXEC, NULL));
+ #define MAKE_STR(x) __STRING(x)
+-    CHECKCALL(mount("proc", "/proc", "proc", 0, "hidepid=2,gid=" MAKE_STR(AID_READPROC)));
++    CHECKCALL(mount("proc", "/proc", "proc", MS_NOSUID|MS_NODEV|MS_NOEXEC, "hidepid=2,gid=" MAKE_STR(AID_READPROC)));
+ #undef MAKE_STR
+     // Don't expose the raw commandline to unprivileged processes.
+     CHECKCALL(chmod("/proc/cmdline", 0440));
+@@ -216,7 +216,7 @@ int FirstStageMain(int argc, char** argv) {
+     android::base::ReadFileToString("/proc/bootconfig", &bootconfig);
+     gid_t groups[] = {AID_READPROC};
+     CHECKCALL(setgroups(arraysize(groups), groups));
+-    CHECKCALL(mount("sysfs", "/sys", "sysfs", 0, NULL));
++    CHECKCALL(mount("sysfs", "/sys", "sysfs", MS_NOSUID|MS_NODEV|MS_NOEXEC, NULL));
+     CHECKCALL(mount("selinuxfs", "/sys/fs/selinux", "selinuxfs", 0, NULL));
+ 
+     CHECKCALL(mknod("/dev/kmsg", S_IFCHR | 0600, makedev(1, 11)));
+diff --git a/rootdir/init.rc b/rootdir/init.rc
+index 5116c0fea..08e8938cb 100644
+--- a/rootdir/init.rc
++++ b/rootdir/init.rc
+@@ -296,6 +296,17 @@ on init
+     write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
+     write /proc/sys/kernel/sched_child_runs_first 0
+ 
++    write /proc/sys/kernel/dmesg_restrict 1
++    write /proc/sys/fs/protected_hardlinks 1
++    write /proc/sys/fs/protected_symlinks 1
++    write /proc/sys/fs/protected_fifos 1
++    write /proc/sys/fs/protected_regular 1
++    write /proc/sys/net/ipv6/conf/all/use_tempaddr 2
++    write /proc/sys/net/ipv6/conf/all/max_addresses 128
++    write /proc/sys/net/ipv6/conf/all/temp_prefered_lft 21600
++    write /proc/sys/net/ipv6/conf/default/use_tempaddr 2
++    write /proc/sys/net/ipv6/conf/default/max_addresses 128
++    write /proc/sys/net/ipv6/conf/default/temp_prefered_lft 21600
+     write /proc/sys/kernel/randomize_va_space 2
+     write /proc/sys/vm/mmap_min_addr 32768
+     write /proc/sys/net/ipv4/ping_group_range "0 2147483647"
diff --git a/Patches/LineageOS-19.1/android_system_core/0002-ptrace_scope.patch b/Patches/LineageOS-19.1/android_system_core/0002-ptrace_scope.patch
new file mode 100644
index 00000000..24ddd91f
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_system_core/0002-ptrace_scope.patch
@@ -0,0 +1,27 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: flawedworld <38294951+flawedworld@users.noreply.github.com>
+Date: Mon, 5 Apr 2021 03:02:51 +0100
+Subject: [PATCH] add a property for controlling ptrace_scope
+
+Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
+---
+ rootdir/init.rc | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/rootdir/init.rc b/rootdir/init.rc
+index 08e8938cb..1617822a9 100644
+--- a/rootdir/init.rc
++++ b/rootdir/init.rc
+@@ -1174,6 +1174,12 @@ on property:perf.drop_caches=3
+ on property:net.tcp_def_init_rwnd=*
+     write /proc/sys/net/ipv4/tcp_default_init_rwnd ${net.tcp_def_init_rwnd}
+ 
++on property:persist.native_debug=true
++    write /proc/sys/kernel/yama/ptrace_scope 0
++
++on property:persist.native_debug=false
++    write /proc/sys/kernel/yama/ptrace_scope 2
++
+ # perf_event_open syscall security:
+ # Newer kernels have the ability to control the use of the syscall via SELinux
+ # hooks. init tests for this, and sets sys_init.perf_lsm_hooks to 1 if the
diff --git a/Patches/LineageOS-19.1/android_system_core/0003-HM-Increase_vm_mmc.patch b/Patches/LineageOS-19.1/android_system_core/0003-HM-Increase_vm_mmc.patch
new file mode 100644
index 00000000..ac71bcce
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_system_core/0003-HM-Increase_vm_mmc.patch
@@ -0,0 +1,23 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Thu, 13 Dec 2018 09:26:25 -0500
+Subject: [PATCH] increase max_map_count for hardened malloc
+
+Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
+---
+ rootdir/init.rc | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/rootdir/init.rc b/rootdir/init.rc
+index 1617822a9..3ae6ff654 100644
+--- a/rootdir/init.rc
++++ b/rootdir/init.rc
+@@ -1035,6 +1035,8 @@ on boot
+     mkdir /dev/sys/block/by-name 0755 system system
+     symlink /sys/devices/virtual/block/${dev.mnt.blk.data} /dev/sys/block/by-name/userdata
+ 
++    write /proc/sys/vm/max_map_count 1048576
++
+     # F2FS tuning. Set cp_interval larger than dirty_expire_centisecs, 30 secs,
+     # to avoid power consumption when system becomes mostly idle. Be careful
+     # to make it too large, since it may bring userdata loss, if they
diff --git a/Patches/LineageOS-19.1/android_system_extras/0001-ext4_pad_filenames.patch b/Patches/LineageOS-19.1/android_system_extras/0001-ext4_pad_filenames.patch
new file mode 100644
index 00000000..65c482f1
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_system_extras/0001-ext4_pad_filenames.patch
@@ -0,0 +1,38 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Wed, 9 Sep 2020 01:53:11 -0400
+Subject: [PATCH] pad filenames to 32 bytes instead of 16 or 4 bytes
+
+This was adopted before the earliest stable release of GrapheneOS, so
+backwards compatibility is not implemented anymore.
+
+Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
+---
+ libfscrypt/fscrypt.cpp | 14 ++------------
+ 1 file changed, 2 insertions(+), 12 deletions(-)
+
+diff --git a/libfscrypt/fscrypt.cpp b/libfscrypt/fscrypt.cpp
+index f6e97f11..b9cd7004 100644
+--- a/libfscrypt/fscrypt.cpp
++++ b/libfscrypt/fscrypt.cpp
+@@ -226,18 +226,8 @@ bool ParseOptionsForApiLevel(unsigned int first_api_level, const std::string& op
+         }
+     }
+ 
+-    // In the original setting of v1 policies and AES-256-CTS we used 4-byte
+-    // padding of filenames, so retain that on old first_api_levels.
+-    //
+-    // For everything else, use 16-byte padding.  This is more secure (it helps
+-    // hide the length of filenames), and it makes the inputs evenly divisible
+-    // into cipher blocks which is more efficient for encryption and decryption.
+-    if (first_api_level <= __ANDROID_API_Q__ && options->version == 1 &&
+-        options->filenames_mode == FSCRYPT_MODE_AES_256_CTS) {
+-        options->flags |= FSCRYPT_POLICY_FLAGS_PAD_4;
+-    } else {
+-        options->flags |= FSCRYPT_POLICY_FLAGS_PAD_16;
+-    }
++    // GrapheneOS has always used the maximum 32 byte padding.
++    options->flags |= FSCRYPT_POLICY_FLAGS_PAD_32;
+ 
+     // Use DIRECT_KEY for Adiantum, since it's much more efficient but just as
+     // secure since Android doesn't reuse the same master key for multiple
diff --git a/Patches/LineageOS-19.1/android_system_netd/0001-Network_Permission.patch b/Patches/LineageOS-19.1/android_system_netd/0001-Network_Permission.patch
new file mode 100644
index 00000000..5a8fa67e
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_system_netd/0001-Network_Permission.patch
@@ -0,0 +1,31 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Pratyush <codelab@pratyush.dev>
+Date: Thu, 12 Aug 2021 00:15:25 +0530
+Subject: [PATCH] use uid instead of app id for tracking INTERNET permission
+
+Change-Id: Ibec846480f3b440b5a323c86efa95c2fd1d81284
+---
+ bpf_progs/netd.c | 10 ++--------
+ 1 file changed, 2 insertions(+), 8 deletions(-)
+
+diff --git a/bpf_progs/netd.c b/bpf_progs/netd.c
+index e9e1477f..df60a59f 100644
+--- a/bpf_progs/netd.c
++++ b/bpf_progs/netd.c
+@@ -349,14 +349,8 @@ DEFINE_BPF_PROG_KVER("cgroupsock/inet/create", AID_ROOT, AID_ROOT, inet_socket_c
+                      KVER(4, 14, 0))
+ (struct bpf_sock* sk) {
+     uint64_t gid_uid = bpf_get_current_uid_gid();
+-    /*
+-     * A given app is guaranteed to have the same app ID in all the profiles in
+-     * which it is installed, and install permission is granted to app for all
+-     * user at install time so we only check the appId part of a request uid at
+-     * run time. See UserHandle#isSameApp for detail.
+-     */
+-    uint32_t appId = (gid_uid & 0xffffffff) % PER_USER_RANGE;
+-    uint8_t* permissions = bpf_uid_permission_map_lookup_elem(&appId);
++    uint32_t uid = (gid_uid & 0xffffffff);
++    uint8_t* permissions = bpf_uid_permission_map_lookup_elem(&uid);
+     if (!permissions) {
+         // UID not in map. Default to just INTERNET permission.
+         return 1;
diff --git a/Patches/LineageOS-19.1/android_system_sepolicy/0002-protected_files.patch b/Patches/LineageOS-19.1/android_system_sepolicy/0002-protected_files.patch
new file mode 100644
index 00000000..1ef62e95
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_system_sepolicy/0002-protected_files.patch
@@ -0,0 +1,41 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Thu, 18 Jul 2019 21:21:40 -0400
+Subject: [PATCH] label protected_{fifos,regular} as proc_security
+
+This is needed for init to override the default values.
+
+Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
+---
+ prebuilts/api/32.0/private/genfs_contexts | 2 ++
+ private/genfs_contexts                    | 2 ++
+ 2 files changed, 4 insertions(+)
+
+diff --git a/prebuilts/api/32.0/private/genfs_contexts b/prebuilts/api/32.0/private/genfs_contexts
+index 13bfb46e1..30f3496e6 100644
+--- a/prebuilts/api/32.0/private/genfs_contexts
++++ b/prebuilts/api/32.0/private/genfs_contexts
+@@ -39,7 +39,9 @@ genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
+ genfscon proc /kpageflags u:object_r:proc_kpageflags:s0
+ genfscon proc /sys/abi/swp u:object_r:proc_abi:s0
+ genfscon proc /sys/fs/pipe-max-size u:object_r:proc_pipe_conf:s0
++genfscon proc /sys/fs/protected_fifos u:object_r:proc_security:s0
+ genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
++genfscon proc /sys/fs/protected_regular u:object_r:proc_security:s0
+ genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
+ genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
+ genfscon proc /sys/fs/verity/require_signatures u:object_r:proc_fs_verity:s0
+diff --git a/private/genfs_contexts b/private/genfs_contexts
+index 13bfb46e1..30f3496e6 100644
+--- a/private/genfs_contexts
++++ b/private/genfs_contexts
+@@ -39,7 +39,9 @@ genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
+ genfscon proc /kpageflags u:object_r:proc_kpageflags:s0
+ genfscon proc /sys/abi/swp u:object_r:proc_abi:s0
+ genfscon proc /sys/fs/pipe-max-size u:object_r:proc_pipe_conf:s0
++genfscon proc /sys/fs/protected_fifos u:object_r:proc_security:s0
+ genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
++genfscon proc /sys/fs/protected_regular u:object_r:proc_security:s0
+ genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
+ genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
+ genfscon proc /sys/fs/verity/require_signatures u:object_r:proc_fs_verity:s0
diff --git a/Patches/LineageOS-19.1/android_system_sepolicy/0003-ptrace_scope-1.patch b/Patches/LineageOS-19.1/android_system_sepolicy/0003-ptrace_scope-1.patch
new file mode 100644
index 00000000..e2f5968c
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_system_sepolicy/0003-ptrace_scope-1.patch
@@ -0,0 +1,90 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: flawedworld <flawedworld@flawed.world>
+Date: Mon, 11 Oct 2021 02:33:31 +0100
+Subject: [PATCH] allow init to control kernel.yama.ptrace_scope
+
+---
+ prebuilts/api/32.0/private/domain.te      | 1 +
+ prebuilts/api/32.0/private/genfs_contexts | 1 +
+ prebuilts/api/32.0/public/init.te         | 3 +++
+ private/domain.te                         | 1 +
+ private/genfs_contexts                    | 1 +
+ public/init.te                            | 3 +++
+ 6 files changed, 10 insertions(+)
+
+diff --git a/prebuilts/api/32.0/private/domain.te b/prebuilts/api/32.0/private/domain.te
+index b91d36d85..d4ca398de 100644
+--- a/prebuilts/api/32.0/private/domain.te
++++ b/prebuilts/api/32.0/private/domain.te
+@@ -116,6 +116,7 @@ allow domain boringssl_self_test_marker:dir search;
+ # with other UIDs to these allowlisted domains.
+ neverallow {
+   domain
++  -init
+   -vold
+   userdebug_or_eng(`-llkd')
+   -dumpstate
+diff --git a/prebuilts/api/32.0/private/genfs_contexts b/prebuilts/api/32.0/private/genfs_contexts
+index 30f3496e6..5c3332f1a 100644
+--- a/prebuilts/api/32.0/private/genfs_contexts
++++ b/prebuilts/api/32.0/private/genfs_contexts
+@@ -76,6 +76,7 @@ genfscon proc /sys/kernel/sched_util_clamp_min_rt_default u:object_r:proc_sched:
+ genfscon proc /sys/kernel/sched_wakeup_granularity_ns u:object_r:proc_sched:s0
+ genfscon proc /sys/kernel/sysrq u:object_r:proc_sysrq:s0
+ genfscon proc /sys/kernel/usermodehelper u:object_r:usermodehelper:s0
++genfscon proc /sys/kernel/yama/ptrace_scope u:object_r:proc_security:s0
+ genfscon proc /sys/net u:object_r:proc_net:s0
+ genfscon proc /sys/vm/dirty_background_ratio u:object_r:proc_dirty:s0
+ genfscon proc /sys/vm/dirty_expire_centisecs u:object_r:proc_dirty:s0
+diff --git a/prebuilts/api/32.0/public/init.te b/prebuilts/api/32.0/public/init.te
+index ea5a9793d..49b23ee61 100644
+--- a/prebuilts/api/32.0/public/init.te
++++ b/prebuilts/api/32.0/public/init.te
+@@ -153,6 +153,9 @@ allow init self:global_capability_class_set sys_time;
+ 
+ allow init self:global_capability_class_set { sys_rawio mknod };
+ 
++# Set /proc/sys/kernel/yama/ptrace_scope
++allow init self:capability { sys_ptrace };
++
+ # Mounting filesystems from block devices.
+ allow init dev_type:blk_file r_file_perms;
+ allowxperm init dev_type:blk_file ioctl BLKROSET;
+diff --git a/private/domain.te b/private/domain.te
+index b91d36d85..d4ca398de 100644
+--- a/private/domain.te
++++ b/private/domain.te
+@@ -116,6 +116,7 @@ allow domain boringssl_self_test_marker:dir search;
+ # with other UIDs to these allowlisted domains.
+ neverallow {
+   domain
++  -init
+   -vold
+   userdebug_or_eng(`-llkd')
+   -dumpstate
+diff --git a/private/genfs_contexts b/private/genfs_contexts
+index 30f3496e6..5c3332f1a 100644
+--- a/private/genfs_contexts
++++ b/private/genfs_contexts
+@@ -76,6 +76,7 @@ genfscon proc /sys/kernel/sched_util_clamp_min_rt_default u:object_r:proc_sched:
+ genfscon proc /sys/kernel/sched_wakeup_granularity_ns u:object_r:proc_sched:s0
+ genfscon proc /sys/kernel/sysrq u:object_r:proc_sysrq:s0
+ genfscon proc /sys/kernel/usermodehelper u:object_r:usermodehelper:s0
++genfscon proc /sys/kernel/yama/ptrace_scope u:object_r:proc_security:s0
+ genfscon proc /sys/net u:object_r:proc_net:s0
+ genfscon proc /sys/vm/dirty_background_ratio u:object_r:proc_dirty:s0
+ genfscon proc /sys/vm/dirty_expire_centisecs u:object_r:proc_dirty:s0
+diff --git a/public/init.te b/public/init.te
+index ea5a9793d..49b23ee61 100644
+--- a/public/init.te
++++ b/public/init.te
+@@ -153,6 +153,9 @@ allow init self:global_capability_class_set sys_time;
+ 
+ allow init self:global_capability_class_set { sys_rawio mknod };
+ 
++# Set /proc/sys/kernel/yama/ptrace_scope
++allow init self:capability { sys_ptrace };
++
+ # Mounting filesystems from block devices.
+ allow init dev_type:blk_file r_file_perms;
+ allowxperm init dev_type:blk_file ioctl BLKROSET;
diff --git a/Patches/LineageOS-19.1/android_system_sepolicy/0003-ptrace_scope-2.patch b/Patches/LineageOS-19.1/android_system_sepolicy/0003-ptrace_scope-2.patch
new file mode 100644
index 00000000..86f6f6ca
--- /dev/null
+++ b/Patches/LineageOS-19.1/android_system_sepolicy/0003-ptrace_scope-2.patch
@@ -0,0 +1,34 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: flawedworld <flawedworld@flawed.world>
+Date: Mon, 11 Oct 2021 02:35:13 +0100
+Subject: [PATCH] allow system to use persist.native_debug
+
+---
+ prebuilts/api/32.0/private/property_contexts | 1 +
+ private/property_contexts                    | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/prebuilts/api/32.0/private/property_contexts b/prebuilts/api/32.0/private/property_contexts
+index f235b35b7..895b8f1df 100644
+--- a/prebuilts/api/32.0/private/property_contexts
++++ b/prebuilts/api/32.0/private/property_contexts
+@@ -54,6 +54,7 @@ persist.audio.          u:object_r:audio_prop:s0
+ persist.bluetooth.      u:object_r:bluetooth_prop:s0
+ persist.nfc_cfg.        u:object_r:nfc_prop:s0
+ persist.debug.          u:object_r:persist_debug_prop:s0
++persist.native_debug    u:object_r:system_prop:s0
+ logd.                   u:object_r:logd_prop:s0
+ persist.logd.           u:object_r:logd_prop:s0
+ ro.logd.                u:object_r:logd_prop:s0
+diff --git a/private/property_contexts b/private/property_contexts
+index f235b35b7..895b8f1df 100644
+--- a/private/property_contexts
++++ b/private/property_contexts
+@@ -54,6 +54,7 @@ persist.audio.          u:object_r:audio_prop:s0
+ persist.bluetooth.      u:object_r:bluetooth_prop:s0
+ persist.nfc_cfg.        u:object_r:nfc_prop:s0
+ persist.debug.          u:object_r:persist_debug_prop:s0
++persist.native_debug    u:object_r:system_prop:s0
+ logd.                   u:object_r:logd_prop:s0
+ persist.logd.           u:object_r:logd_prop:s0
+ ro.logd.                u:object_r:logd_prop:s0
diff --git a/Scripts/Common/Functions.sh b/Scripts/Common/Functions.sh
index 6ca485df..f55616f7 100644
--- a/Scripts/Common/Functions.sh
+++ b/Scripts/Common/Functions.sh
@@ -724,7 +724,7 @@ changeDefaultDNS() {
 		echo "You must first set a preset via the DOS_DEFAULT_DNS_PRESET variable in init.sh!";
 	fi;
 
-	local files="$DOS_BUILD_BASE/bionic/libc/dns/net/getaddrinfo.c $DOS_BUILD_BASE/packages/apps/Dialer/java/com/android/voicemail/impl/sync/VvmNetworkRequestCallback.java $DOS_BUILD_BASE/packages/modules/Connectivity/framework/src/android/net/util/DnsUtils.java $DOS_BUILD_BASE/packages/modules/DnsResolver/getaddrinfo.cpp core/java/android/net/util/DnsUtils.java core/res/res/values/config.xml packages/SettingsLib/res/values/strings.xml packages/Tethering/src/com/android/networkstack/tethering/TetheringConfiguration.java services/core/java/com/android/server/connectivity/NetworkDiagnostics.java services/core/java/com/android/server/connectivity/Tethering.java services/core/java/com/android/server/connectivity/tethering/TetheringConfiguration.java services/java/com/android/server/connectivity/Tethering.java";
+	local files="$DOS_BUILD_BASE/bionic/libc/dns/net/getaddrinfo.c $DOS_BUILD_BASE/packages/apps/Dialer/java/com/android/voicemail/impl/sync/VvmNetworkRequestCallback.java $DOS_BUILD_BASE/packages/modules/Connectivity/framework/src/android/net/util/DnsUtils.java $DOS_BUILD_BASE/packages/modules/DnsResolver/getaddrinfo.cpp core/java/android/net/util/DnsUtils.java core/res/res/values/config.xml packages/SettingsLib/res/values/strings.xml packages/Tethering/src/com/android/networkstack/tethering/TetheringConfiguration.java services/core/java/com/android/server/connectivity/NetworkDiagnostics.java services/core/java/com/android/server/connectivity/Tethering.java services/core/java/com/android/server/connectivity/tethering/TetheringConfiguration.java services/java/com/android/server/connectivity/Tethering.java tests/BandwidthTests/src/com/android/tests/bandwidthenforcement/BandwidthEnforcementTestService.java core/java/com/android/internal/net/VpnProfile.java";
 	sed -i "s/8\.8\.8\.8/$dnsPrimary/" $files &>/dev/null || true;
 	sed -i "s/2001:4860:4860::8888/$dnsPrimaryV6/" $files &>/dev/null || true;
 	sed -i "s/8\.8\.4\.4/$dnsSecondary/" $files &>/dev/null || true;
diff --git a/Scripts/LineageOS-18.1/Patch.sh b/Scripts/LineageOS-18.1/Patch.sh
index 267120d1..e1102ce3 100644
--- a/Scripts/LineageOS-18.1/Patch.sh
+++ b/Scripts/LineageOS-18.1/Patch.sh
@@ -354,11 +354,6 @@ applyPatch "$DOS_PATCHES/android_packages_providers_TelephonyProvider/304614.pat
 applyPatch "$DOS_PATCHES/android_packages_providers_TelephonyProvider/312102.patch"; #mnc fix
 fi;
 
-#if enterAndClear "packages/services/Telephony"; then
-#applyPatch "$DOS_PATCHES/android_packages_services_Telephony/0001-PREREQ_Handle_All_Modes.patch"; #XXX 18REBASE
-#applyPatch "$DOS_PATCHES/android_packages_services_Telephony/0002-More_Preferred_Network_Modes.patch"; #XXX 18REBASE
-#fi;
-
 if enterAndClear "system/bt"; then
 git am "$DOS_PATCHES/android_system_bt/a2dp-master-fixes.patch"; #topic
 applyPatch "$DOS_PATCHES_COMMON/android_system_bt/0001-alloc_size.patch"; #Add alloc_size attributes to the allocator (GrapheneOS)
@@ -414,7 +409,7 @@ awk -i inplace '!/PRODUCT_EXTRA_RECOVERY_KEYS/' config/*.mk; #Remove Lineage ext
 awk -i inplace '!/security\/lineage/' config/*.mk; #Remove Lineage extra keys
 awk -i inplace '!/WeatherProvider/' config/*.mk; #Remove Weather
 awk -i inplace '!/def_backup_transport/' overlay/common/frameworks/base/packages/SettingsProvider/res/values/defaults.xml; #Unset default backup provider
-if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then sed -i '25d' config/common_mobile.mk && awk -i inplace '!/AudioFX/' config/*.mk; fi; #Remove AudioFX #XXX: 18REBASE
+if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then sed -i '25d' config/common_mobile.mk && awk -i inplace '!/AudioFX/' config/*.mk; fi; #Remove AudioFX
 if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then sed -i '/Google provider/!b;n;s/com.google.android.gms/org.microg.nlp/' overlay/common/frameworks/base/core/res/res/values/config.xml; fi; #Adjust the fused providers
 sed -i 's/LINEAGE_BUILDTYPE := UNOFFICIAL/LINEAGE_BUILDTYPE := dos/' config/*.mk; #Change buildtype
 if [ "$DOS_NON_COMMERCIAL_USE_PATCHES" = true ]; then sed -i 's/LINEAGE_BUILDTYPE := dos/LINEAGE_BUILDTYPE := dosNC/' config/*.mk; fi;
diff --git a/Scripts/LineageOS-19.1/Defaults.sh b/Scripts/LineageOS-19.1/Defaults.sh
new file mode 100644
index 00000000..1b21c902
--- /dev/null
+++ b/Scripts/LineageOS-19.1/Defaults.sh
@@ -0,0 +1,60 @@
+#!/bin/bash
+#DivestOS: A privacy focused mobile distribution
+#Copyright (c) 2017-2021 Divested Computing Group
+#
+#This program is free software: you can redistribute it and/or modify
+#it under the terms of the GNU General Public License as published by
+#the Free Software Foundation, either version 3 of the License, or
+#(at your option) any later version.
+#
+#This program is distributed in the hope that it will be useful,
+#but WITHOUT ANY WARRANTY; without even the implied warranty of
+#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#GNU General Public License for more details.
+#
+#You should have received a copy of the GNU General Public License
+#along with this program.  If not, see <https://www.gnu.org/licenses/>.
+umask 0022;
+set -euo pipefail;
+source "$DOS_SCRIPTS_COMMON/Shell.sh";
+
+#Changes various default settings
+#Last verified: 2022-04-04
+
+#Useful commands
+#nano $(find . -name "config.xml" | grep "values/" | grep -v "device" | grep -v "tests")
+#nano $(find . -name "defaults.xml" | grep "values/" | grep -v "device")
+
+echo "Changing default settings...";
+
+if enter "packages/apps/Dialer"; then
+sed -i 's/ENABLE_FORWARD_LOOKUP, true)/ENABLE_FORWARD_LOOKUP, false)/' java/com/android/dialer/lookup/LookupSettings*.java; #Disable FLP
+sed -i 's/ENABLE_PEOPLE_LOOKUP, true)/ENABLE_PEOPLE_LOOKUP, false)/' java/com/android/dialer/lookup/LookupSettings*.java; #Disable PLP
+sed -i 's/ENABLE_REVERSE_LOOKUP, true)/ENABLE_REVERSE_LOOKUP, false)/' java/com/android/dialer/lookup/LookupSettings*.java; #Disable RLP
+fi;
+
+if enter "packages/apps/Nfc"; then
+sed -i 's/boolean NFC_ON_DEFAULT = true;/boolean NFC_ON_DEFAULT = false;/' src/com/android/nfc/NfcService.java; #Disable NFC
+sed -i 's/boolean NDEF_PUSH_ON_DEFAULT = true;/boolean NDEF_PUSH_ON_DEFAULT = false;/' src/com/android/nfc/NfcService.java; #Disable NDEF Push
+fi;
+
+if enter "packages/apps/Settings"; then
+sed -i 's/INSTANT_APPS_ENABLED, 1/INSTANT_APPS_ENABLED, 0/' src/com/android/settings/applications/managedomainurls/InstantAppWebActionPreferenceController.java; #Disable "Instant Apps"
+sed -i 's/DEFAULT_VALUE = 1;/DEFAULT_VALUE = 0.5f;/' src/com/android/settings/development/*ScalePreferenceController.java; #Always reset animation scales to 0.5
+fi;
+
+if enter "packages/apps/SetupWizard"; then
+sed -i 's/UPDATE_RECOVERY_PROP, false)/UPDATE_RECOVERY_PROP, true)/' src/org/lineageos/setupwizard/UpdateRecoveryActivity.java; #Always update recovery by default
+fi;
+
+if enter "packages/apps/Updater"; then
+sed -i 's/Constants.UPDATE_RECOVERY_PROPERTY, false)/Constants.UPDATE_RECOVERY_PROPERTY, true)/' src/org/lineageos/updater/UpdatesActivity.java; #Always update recovery by default
+fi;
+
+if enter "vendor/lineage"; then
+sed -i 's/ro.config.notification_sound=Argon.ogg/ro.config.notification_sound=Pong.ogg/' config/common*.mk;
+sed -i 's/ro.config.alarm_alert=Hassium.ogg/ro.config.alarm_alert=Alarm_Buzzer.ogg/' config/common*.mk;
+fi;
+
+cd "$DOS_BUILD_BASE";
+echo -e "\e[0;32m[SCRIPT COMPLETE] Default settings changed\e[0m";
diff --git a/Scripts/LineageOS-19.1/Functions.sh b/Scripts/LineageOS-19.1/Functions.sh
new file mode 100644
index 00000000..0d7154bd
--- /dev/null
+++ b/Scripts/LineageOS-19.1/Functions.sh
@@ -0,0 +1,112 @@
+#!/bin/bash
+#DivestOS: A privacy focused mobile distribution
+#Copyright (c) 2017-2021 Divested Computing Group
+#
+#This program is free software: you can redistribute it and/or modify
+#it under the terms of the GNU General Public License as published by
+#the Free Software Foundation, either version 3 of the License, or
+#(at your option) any later version.
+#
+#This program is distributed in the hope that it will be useful,
+#but WITHOUT ANY WARRANTY; without even the implied warranty of
+#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#GNU General Public License for more details.
+#
+#You should have received a copy of the GNU General Public License
+#along with this program.  If not, see <https://www.gnu.org/licenses/>.
+umask 0022;
+
+#Last verified: 2022-04-04
+
+patchAllKernels() {
+	startPatcher ""; #XXX 19REBASE
+}
+export -f patchAllKernels;
+
+resetWorkspace() {
+	umask 0022;
+	repo forall -c 'git add -A && git reset --hard' && rm -rf out DOS_PATCHED_FLAG && repo sync -j8 --force-sync --detach;
+}
+export -f resetWorkspace;
+
+scanWorkspaceForMalware() {
+	local scanQueue="$DOS_BUILD_BASE/android $DOS_BUILD_BASE/art $DOS_BUILD_BASE/bionic $DOS_BUILD_BASE/bootable $DOS_BUILD_BASE/build $DOS_BUILD_BASE/dalvik $DOS_BUILD_BASE/device $DOS_BUILD_BASE/hardware $DOS_BUILD_BASE/libcore $DOS_BUILD_BASE/libnativehelper $DOS_BUILD_BASE/packages $DOS_BUILD_BASE/pdk $DOS_BUILD_BASE/platform_testing $DOS_BUILD_BASE/sdk $DOS_BUILD_BASE/system";
+	scanQueue=$scanQueue" $DOS_BUILD_BASE/lineage-sdk $DOS_BUILD_BASE/vendor/lineage";
+	scanForMalware true "$scanQueue";
+}
+export -f scanWorkspaceForMalware;
+
+buildDevice() {
+	cd "$DOS_BUILD_BASE";
+	export OTA_KEY_OVERRIDE_DIR="$DOS_SIGNING_KEYS/$1";
+	breakfast "lineage_$1-user" && mka target-files-package otatools && processRelease $1 true $2;
+}
+export -f buildDevice;
+
+buildDeviceDebug() {
+	cd "$DOS_BUILD_BASE";
+	unset OTA_KEY_OVERRIDE_DIR;
+	brunch "lineage_$1-eng";
+}
+export -f buildDeviceDebug;
+
+buildAll() {
+	umask 0022;
+	cd "$DOS_BUILD_BASE";
+	if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanWorkspaceForMalware; fi;
+	if [ "$DOS_OPTIMIZE_IMAGES" = true ]; then optimizeImagesRecursive "$DOS_BUILD_BASE"; fi;
+	 #XXX 19REBASE
+}
+export -f buildAll;
+
+patchWorkspace() {
+	umask 0022;
+	cd "$DOS_BUILD_BASE$1";
+	touch DOS_PATCHED_FLAG;
+	if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi;
+
+	#source build/envsetup.sh;
+
+	sh "$DOS_SCRIPTS/Patch.sh";
+	sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";
+	sh "$DOS_SCRIPTS_COMMON/Copy_Keys.sh";
+	sh "$DOS_SCRIPTS/Defaults.sh";
+	sh "$DOS_SCRIPTS/Rebrand.sh";
+	sh "$DOS_SCRIPTS_COMMON/Optimize.sh";
+	sh "$DOS_SCRIPTS_COMMON/Deblob.sh";
+	sh "$DOS_SCRIPTS_COMMON/Patch_CVE.sh";
+	sh "$DOS_SCRIPTS_COMMON/Post.sh";
+	source build/envsetup.sh;
+
+	#Deblobbing fixes
+	##setup-makefiles doesn't execute properly for some devices, running it twice seems to fix whatever is wrong
+	#none yet
+}
+export -f patchWorkspace;
+
+enableDexPreOpt() {
+	cd "$DOS_BUILD_BASE$1";
+	if [ -f BoardConfig.mk ]; then
+		echo "WITH_DEXPREOPT := true" >> BoardConfig.mk;
+		echo "WITH_DEXPREOPT_DEBUG_INFO := false" >> BoardConfig.mk;
+		if true; then
+			echo "WITH_DEXPREOPT_BOOT_IMG_AND_SYSTEM_SERVER_ONLY := false" >> BoardConfig.mk;
+			echo "Enabled full dexpreopt for $1";
+		else
+			echo "WITH_DEXPREOPT_BOOT_IMG_AND_SYSTEM_SERVER_ONLY := true" >> BoardConfig.mk;
+			echo "Enabled core dexpreopt for $1";
+		fi;
+	fi;
+	cd "$DOS_BUILD_BASE";
+}
+export -f enableDexPreOpt;
+
+enableLowRam() {
+	cd "$DOS_BUILD_BASE$1";
+	if [ -f lineage.mk ]; then echo -e '\n$(call inherit-product, vendor/divested/build/target/product/lowram.mk)' >> lineage.mk; fi; #TODO: handle lineage_device.mk
+	if [ -f BoardConfig.mk ]; then echo 'MALLOC_SVELTE := true' >> BoardConfig.mk; fi;
+	if [ -f BoardConfigCommon.mk ]; then echo 'MALLOC_SVELTE := true' >> BoardConfigCommon.mk; fi;
+	echo "Enabled lowram for $1";
+	cd "$DOS_BUILD_BASE";
+}
+export -f enableLowRam;
diff --git a/Scripts/LineageOS-19.1/Patch.sh b/Scripts/LineageOS-19.1/Patch.sh
new file mode 100644
index 00000000..1ba56a74
--- /dev/null
+++ b/Scripts/LineageOS-19.1/Patch.sh
@@ -0,0 +1,405 @@
+#!/bin/bash
+#DivestOS: A privacy focused mobile distribution
+#Copyright (c) 2015-2021 Divested Computing Group
+#
+#This program is free software: you can redistribute it and/or modify
+#it under the terms of the GNU General Public License as published by
+#the Free Software Foundation, either version 3 of the License, or
+#(at your option) any later version.
+#
+#This program is distributed in the hope that it will be useful,
+#but WITHOUT ANY WARRANTY; without even the implied warranty of
+#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#GNU General Public License for more details.
+#
+#You should have received a copy of the GNU General Public License
+#along with this program.  If not, see <https://www.gnu.org/licenses/>.
+umask 0022;
+set -euo pipefail;
+source "$DOS_SCRIPTS_COMMON/Shell.sh";
+
+#Last verified: 2022-04-05
+
+#Initialize aliases
+#source ../../Scripts/init.sh
+
+#Delete Everything and Sync
+#resetWorkspace
+
+#Apply all of our changes
+#patchWorkspace
+
+#Build!
+#buildDevice [device]
+#buildAll
+
+#
+#START OF PREPRATION
+#
+#Download some (non-executable) out-of-tree files for use later on
+cd "$DOS_TMP_DIR";
+if [ "$DOS_HOSTS_BLOCKING" = true ]; then $DOS_TOR_WRAPPER wget "$DOS_HOSTS_BLOCKING_LIST" -N -O "$DOS_HOSTS_FILE"; fi;
+cd "$DOS_BUILD_BASE";
+#
+#END OF PREPRATION
+#
+
+#
+#START OF ROM CHANGES
+#
+
+#top dir
+cp -r "$DOS_PREBUILT_APPS""Fennec_DOS-Shim" "$DOS_BUILD_BASE""packages/apps/"; #Add a shim to install Fennec DOS without actually including the large APK
+cp -r "$DOS_PREBUILT_APPS""SupportDivestOS" "$DOS_BUILD_BASE""packages/apps/"; #Add the Support app
+gpgVerifyDirectory "$DOS_PREBUILT_APPS""android_vendor_FDroid_PrebuiltApps/packages";
+cp -r "$DOS_PREBUILT_APPS""android_vendor_FDroid_PrebuiltApps/." "$DOS_BUILD_BASE""vendor/fdroid_prebuilt/"; #Add the prebuilt apps
+cp -r "$DOS_PATCHES_COMMON""android_vendor_divested/." "$DOS_BUILD_BASE""vendor/divested/"; #Add our vendor files
+
+if enterAndClear "art"; then
+if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_art/0001-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS)
+fi;
+
+if enterAndClear "bionic"; then
+if [ "$DOS_GRAPHENE_MALLOC" = true ]; then applyPatch "$DOS_PATCHES/android_bionic/0001-HM-Use_HM.patch"; fi; #(GrapheneOS)
+if [ "$DOS_GRAPHENE_BIONIC" = true ]; then
+applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-1.patch"; #Add a real explicit_bzero implementation (GrapheneOS)
+#applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-2.patch"; #Replace brk and sbrk with stubs (GrapheneOS) #XXX: some vendor blobs use sbrk
+#applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-3.patch"; #Use blocking getrandom and avoid urandom fallback (GrapheneOS) #XXX: some kernels do not have (working) getrandom
+applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-4.patch"; #Fix undefined out-of-bounds accesses in sched.h (GrapheneOS)
+applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-5.patch"; #Stop implicitly marking mappings as mergeable (GrapheneOS)
+applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-6.patch"; #Replace VLA formatting with dprintf-like function (GrapheneOS)
+applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-7.patch"; #Increase default pthread stack to 8MiB on 64-bit (GrapheneOS)
+applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-8.patch"; #Make __stack_chk_guard read-only at runtime (GrapheneOS)
+applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-9.patch"; #On 64-bit, zero the leading stack canary byte (GrapheneOS)
+applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-10.patch"; #Switch pthread_atfork handler allocation to mmap (GrapheneOS) #XXX: patches from here on are known to cause boot issues on legacy devices
+applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-11.patch"; #Add memory protection for pthread_atfork handlers (GrapheneOS)
+applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-12.patch"; #Add XOR mangling mitigation for thread-local dtors (GrapheneOS)
+applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-13.patch"; #Use a better pthread_attr junk filling pattern (GrapheneOS)
+applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-14.patch"; #Add guard page(s) between static_tls and stack (GrapheneOS)
+applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-15.patch"; #Move pthread_internal_t behind guard page (GrapheneOS)
+applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-16.patch"; #Add secondary stack randomization (GrapheneOS)
+fi;
+fi;
+
+if enterAndClear "bootable/recovery"; then
+applyPatch "$DOS_PATCHES/android_bootable_recovery/0001-No_SerialNum_Restrictions.patch"; #Abort package installs if they are specific to a serial number (GrapheneOS)
+fi;
+
+if enterAndClear "build/make"; then
+git revert --no-edit 7f4b9a43f3c49a5a896dd4951be0a96584751f46; #Re-enable the downgrade check
+applyPatch "$DOS_PATCHES/android_build/0001-Enable_fwrapv.patch"; #Use -fwrapv at a minimum (GrapheneOS)
+applyPatch "$DOS_PATCHES/android_build/0002-OTA_Keys.patch"; #Add correct keys to recovery for OTA verification
+if [ "$DOS_GRAPHENE_EXEC" = true ]; then applyPatch "$DOS_PATCHES/android_build/0003-Exec_Based_Spawning.patch"; fi; #Add exec-based spawning support (GrapheneOS) #XXX: most devices override this
+sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
+if [ "$DOS_SILENCE_INCLUDED" = true ]; then sed -i 's/messaging/Silence/' target/product/aosp_base_telephony.mk target/product/aosp_product.mk; fi; #Replace the Messaging app with Silence
+awk -i inplace '!/updatable_apex.mk/' target/product/generic_system.mk; #Disable APEX
+sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
+fi;
+
+if enterAndClear "build/soong"; then
+applyPatch "$DOS_PATCHES/android_build_soong/0001-Enable_fwrapv.patch"; #Use -fwrapv at a minimum (GrapheneOS)
+if [ "$DOS_GRAPHENE_MALLOC" = true ]; then applyPatch "$DOS_PATCHES/android_build_soong/0002-hm_apex.patch"; fi; #(GrapheneOS)
+fi;
+
+if enterAndClear "external/chromium-webview"; then
+if [ "$(type -t DOS_WEBVIEW_CHERRYPICK)" = "alias" ] ; then DOS_WEBVIEW_CHERRYPICK; fi; #Update the WebView to latest if available
+if [ "$DOS_WEBVIEW_LFS" = true ]; then git lfs pull; fi; #Ensure the objects are available
+fi;
+
+if enterAndClear "external/conscrypt"; then
+if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_external_conscrypt/0001-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS)
+fi;
+
+if [ "$DOS_GRAPHENE_MALLOC" = true ]; then
+#if enterAndClear "external/hardened_malloc"; then
+#applyPatch "$DOS_PATCHES/android_external_hardened_malloc/0001-Broken_Cameras.patch"; #Expand workaround to all camera executables #XXX 19REBASE
+#fi;
+fi;
+
+if enterAndClear "frameworks/base"; then
+#applyPatch "$DOS_PATCHES/android_frameworks_base/0006-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries #XXX 19REBASE
+applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS)
+applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
+applyPatch "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch"; #Allow SystemUI to directly manage Bluetooth/WiFi (GrapheneOS) #XXX 19REBASE: maybe not needed
+applyPatch "$DOS_PATCHES/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969)
+applyPatch "$DOS_PATCHES/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after three failed attempts (GrapheneOS)
+applyPatch "$DOS_PATCHES/android_frameworks_base/0005-User_Logout.patch"; #Allow user logout (GrapheneOS)
+#applyPatch "$DOS_PATCHES/android_frameworks_base/0012-Private_DNS.patch"; #More 'Private DNS' options (CalyxOS) #XXX 19REBASE: moved
+applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Special_Permissions.patch"; #Support new special runtime permissions (GrapheneOS)
+applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-1.patch"; #Make INTERNET into a special runtime permission (GrapheneOS)
+applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-2.patch"; #Add a NETWORK permission group for INTERNET (GrapheneOS)
+applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-3.patch"; #net: Notify ConnectivityService of runtime permission changes (GrapheneOS)
+applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Sensors_Permission.patch"; #Add special runtime permission for other sensors (GrapheneOS)
+if [ "$DOS_TIMEOUTS" = true ]; then
+applyPatch "$DOS_PATCHES/android_frameworks_base/0014-Automatic_Reboot.patch"; #Timeout for reboot (GrapheneOS)
+applyPatch "$DOS_PATCHES/android_frameworks_base/0015-Bluetooth_Timeout.patch"; #Timeout for Bluetooth (GrapheneOS)
+applyPatch "$DOS_PATCHES/android_frameworks_base/0016-WiFi_Timeout.patch"; #Timeout for Wi-Fi (GrapheneOS)
+fi;
+if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0017-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS)
+if [ "$DOS_GRAPHENE_EXEC" = true ]; then
+applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-1.patch"; #Add exec-based spawning support (GrapheneOS)
+applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-2.patch";
+applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-3.patch";
+applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-4.patch";
+#applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-5.patch"; #XXX: reverted upstream
+applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-6.patch";
+applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-7.patch";
+applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-8.patch";
+applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-9.patch";
+applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-10.patch";
+applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-11.patch";
+applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-12.patch";
+sed -i 's/sys.spawn.exec/persist.security.exec_spawn/' core/java/com/android/internal/os/ZygoteConnection.java;
+fi;
+applyPatch "$DOS_PATCHES/android_frameworks_base/0020-Location_Indicators.patch"; #SystemUI: Use new privacy indicators for location (GrapheneOS)
+hardenLocationConf services/core/java/com/android/server/location/gnss/gps_debug.conf; #Harden the default GPS config
+changeDefaultDNS; #Change the default DNS servers
+sed -i 's/DEFAULT_USE_COMPACTION = false;/DEFAULT_USE_COMPACTION = true;/' services/core/java/com/android/server/am/CachedAppOptimizer.java; #Enable app compaction by default (GrapheneOS)
+sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox internal logging service
+sed -i 's/DEFAULT_MAX_FILES_LOWRAM = 300;/DEFAULT_MAX_FILES_LOWRAM = 0;/' services/core/java/com/android/server/DropBoxManagerService.java;
+sed -i 's/(notif.needNotify)/(true)/' location/java/com/android/internal/location/GpsNetInitiatedHandler.java; #Notify the user if their location is requested via SUPL
+sed -i 's/entry == null/entry == null || true/' core/java/android/os/RecoverySystem.java; #Skip strict update compatibiltity checks XXX: TEMPORARY FIX
+sed -i 's/!Build.isBuildConsistent()/false/' services/core/java/com/android/server/wm/ActivityTaskManagerService.java; #Disable partition fingerprint mismatch warnings XXX: TEMPORARY FIX
+sed -i 's/DEFAULT_STRONG_AUTH_TIMEOUT_MS = 72 \* 60 \* 60 \* 1000;/DEFAULT_STRONG_AUTH_TIMEOUT_MS = 12 * 60 * 60 * 1000;/' core/java/android/app/admin/DevicePolicyManager.java; #Decrease the strong auth prompt timeout to occur more often
+##sed -i '282i\        if(packageList != null && packageList.size() > 0) { packageList.add("net.sourceforge.opencamera"); }' core/java/android/hardware/Camera.java; #Add Open Camera to aux camera allowlist XXX: needs testing, broke boot last time
+if [ "$DOS_MICROG_INCLUDED" != "FULL" ]; then rm -rf packages/CompanionDeviceManager; fi; #Used to support Android Wear (which hard depends on GMS)
+rm -rf packages/PrintRecommendationService; #Creates popups to install proprietary print apps
+fi;
+
+if enterAndClear "frameworks/ex"; then
+if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_ex/0001-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS)
+fi;
+
+if enterAndClear "frameworks/native"; then
+then applyPatch "$DOS_PATCHES/android_frameworks_native/0001-Sensors_Permission.patch"; #Require OTHER_SENSORS permission for sensors (GrapheneOS)
+fi;
+
+if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then
+if enterAndClear "frameworks/opt/net/ims"; then
+applyPatch "$DOS_PATCHES/android_frameworks_opt_net_ims/0001-Fix_Calling.patch"; #Fix calling when IMS is removed
+fi;
+fi;
+
+if [ "$DOS_GRAPHENE_RANDOM_MAC" = true ]; then
+if enterAndClear "frameworks/opt/net/wifi"; then
+applyPatch "$DOS_PATCHES/android_frameworks_opt_net_wifi/0001-Random_MAC.patch"; #Add support for always generating new random MAC (GrapheneOS)
+fi;
+fi;
+
+if enterAndClear "hardware/qcom-caf/msm8998/audio"; then
+applyPatch "$DOS_PATCHES/android_hardware_qcom_audio/0001-Unused-8998.patch"; #audio_extn: Fix unused parameter warning in utils.c
+fi;
+
+if enterAndClear "hardware/qcom-caf/sdm845/audio"; then
+applyPatch "$DOS_PATCHES/android_hardware_qcom_audio/0001-Unused-sdm845.patch"; #audio_extn: Fix unused parameter warning in utils.c
+fi;
+
+if enterAndClear "hardware/qcom-caf/sm8150/audio"; then
+applyPatch "$DOS_PATCHES/android_hardware_qcom_audio/0001-Unused-sm8150.patch"; #audio_extn: Fix unused parameter warning in utils.c
+fi;
+
+if enterAndClear "hardware/qcom-caf/sm8250/audio"; then
+applyPatch "$DOS_PATCHES/android_hardware_qcom_audio/0001-Unused-sm8150.patch"; #audio_extn: Fix unused parameter warning in utils.c
+fi;
+
+if enterAndClear "libcore"; then
+applyPatch "$DOS_PATCHES/android_libcore/0001-Network_Permission.patch"; #Expose the NETWORK permission (GrapheneOS)
+if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_libcore/0002-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS)
+if [ "$DOS_GRAPHENE_EXEC" = true ]; then
+applyPatch "$DOS_PATCHES/android_libcore/0003-Exec_Based_Spawning-1.patch"; #Add exec-based spawning support (GrapheneOS)
+applyPatch "$DOS_PATCHES/android_libcore/0003-Exec_Based_Spawning-2.patch";
+fi;
+fi;
+
+if enterAndClear "lineage-sdk"; then
+if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then awk -i inplace '!/LineageAudioService/' lineage/res/res/values/config.xml; fi; #Remove AudioFX
+fi;
+
+if enterAndClear "packages/apps/Bluetooth"; then
+if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_packages_apps_Bluetooth/0001-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS)
+fi;
+
+if enterAndClear "packages/apps/Contacts"; then
+applyPatch "$DOS_PATCHES_COMMON/android_packages_apps_Contacts/0001-No_Google_Links.patch"; #Remove Privacy Policy and Terms of Service links (GrapheneOS)
+applyPatch "$DOS_PATCHES_COMMON/android_packages_apps_Contacts/0002-No_Google_Backup.patch"; #Backups are not sent to Google (GrapheneOS)
+fi;
+
+if enterAndClear "packages/apps/Dialer"; then
+applyPatch "$DOS_PATCHES/android_packages_apps_Dialer/0001-Not_Private_Banner.patch"; #Add a privacy warning banner to calls (CalyxOS)
+fi;
+
+if enterAndClear "packages/apps/LineageParts"; then
+rm -rf src/org/lineageos/lineageparts/lineagestats/ res/xml/anonymous_stats.xml res/xml/preview_data.xml; #Nuke part of the analytics
+applyPatch "$DOS_PATCHES/android_packages_apps_LineageParts/0001-Remove_Analytics.patch"; #Remove analytics
+fi;
+
+if enterAndClear "packages/apps/Nfc"; then
+if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_packages_apps_Nfc/0001-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS)
+fi;
+
+if enterAndClear "packages/apps/Settings"; then
+applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969)
+#applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0004-Private_DNS.patch"; #More 'Private DNS' options (CalyxOS) #XXX 19REBASE
+if [ "$DOS_TIMEOUTS" = true ]; then
+applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0005-Automatic_Reboot.patch"; #Timeout for reboot (GrapheneOS)
+applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0006-Bluetooth_Timeout.patch"; #Timeout for Bluetooth (CalyxOS)
+applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0007-WiFi_Timeout.patch"; #Timeout for Wi-Fi (CalyxOS)
+fi;
+if [ "$DOS_GRAPHENE_PTRACE_SCOPE" = true ]; then applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0008-ptrace_scope.patch"; fi; #Add native debugging setting (GrapheneOS)
+if [ "$DOS_GRAPHENE_EXEC" = true ]; then applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0010-exec_spawning_toggle.patch"; fi; #Add exec spawning toggle (GrapheneOS)
+if [ "$DOS_GRAPHENE_RANDOM_MAC" = true ]; then applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0011-Random_MAC.patch"; fi; #Add option to always randomize MAC (GrapheneOS)
+applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0009-Install_Restrictions.patch"; #UserManager app installation restrictions (GrapheneOS)
+sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service
+fi;
+
+if enterAndClear "packages/apps/SetupWizard"; then
+applyPatch "$DOS_PATCHES/android_packages_apps_SetupWizard/0001-Remove_Analytics.patch"; #Remove analytics
+fi;
+
+if enterAndClear "packages/apps/Trebuchet"; then
+cp $DOS_BUILD_BASE/vendor/divested/overlay/common/packages/apps/Trebuchet/res/xml/default_workspace_*.xml res/xml/; #XXX: Likely no longer needed
+fi;
+
+if enterAndClear "packages/apps/Updater"; then
+applyPatch "$DOS_PATCHES/android_packages_apps_Updater/0001-Server.patch"; #Switch to our server
+applyPatch "$DOS_PATCHES/android_packages_apps_Updater/0002-Tor_Support.patch"; #Add Tor support
+sed -i 's/PROP_BUILD_VERSION_INCREMENTAL);/PROP_BUILD_VERSION_INCREMENTAL).replaceAll("\\\\.", "");/' src/org/lineageos/updater/misc/Utils.java; #Remove periods from incremental version
+#TODO: Remove changelog
+fi;
+
+if enterAndClear "packages/inputmethods/LatinIME"; then
+applyPatch "$DOS_PATCHES_COMMON/android_packages_inputmethods_LatinIME/0001-Voice.patch"; #Remove voice input key
+applyPatch "$DOS_PATCHES_COMMON/android_packages_inputmethods_LatinIME/0002-Disable_Personalization.patch"; #Disable personalization dictionary by default (GrapheneOS)
+fi;
+
+if [ "$DOS_GRAPHENE_RANDOM_MAC" = true ]; then
+if enterAndClear "packages/modules/NetworkStack"; then
+applyPatch "$DOS_PATCHES/android_packages_modules_NetworkStack/0001-Random_MAC.patch"; #Avoid reusing DHCP state for full MAC randomization (GrapheneOS)
+fi;
+fi;
+
+if enterAndClear "packages/modules/Permission"; then
+applyPatch "$DOS_PATCHES/android_packages_modules_Permission/0002-Network_Permission-1.patch"; #always treat INTERNET as a runtime permission (GrapheneOS)
+applyPatch "$DOS_PATCHES/android_packages_modules_Permission/0002-Network_Permission-2.patch"; #add INTERNET permission toggle (GrapheneOS)
+applyPatch "$DOS_PATCHES/android_packages_modules_Permission/0003-Sensors_Permission-1.patch"; #always treat OTHER_SENSORS as a runtime permission (GrapheneOS)
+applyPatch "$DOS_PATCHES/android_packages_modules_Permission/0003-Sensors_Permission-2.patch"; #add OTHER_SENSORS permission group (GrapheneOS)
+applyPatch "$DOS_PATCHES/android_packages_modules_Permission/0004-Special_Permission-1.patch"; #refactor handling of special runtime permissions (GrapheneOS)
+applyPatch "$DOS_PATCHES/android_packages_modules_Permission/0004-Special_Permission-2.patch"; #don't auto revoke Network and Sensors (GrapheneOS)
+applyPatch "$DOS_PATCHES/android_packages_modules_Permission/0004-Special_Permission-3.patch"; #ui fix for special runtime permission (GrapheneOS)
+applyPatch "$DOS_PATCHES/android_packages_modules_Permission/0004-Special_Permission-4.patch"; #fix usage UI summary for Network/Sensors (GrapheneOS)
+applyPatch "$DOS_PATCHES/android_packages_modules_Permission/0005-Browser_No_Location.patch"; #stop auto-granting location to system browsers (GrapheneOS)
+applyPatch "$DOS_PATCHES/android_packages_modules_Permission/0006-Location_Indicators.patch"; #SystemUI: Use new privacy indicators for location (GrapheneOS)
+fi;
+
+if [ "$DOS_GRAPHENE_RANDOM_MAC" = true ]; then
+if enterAndClear "packages/modules/Wifi"; then
+applyPatch "$DOS_PATCHES/android_packages_modules_Wifi/0001-Random_MAC.patch"; #Add support for always generating new random MAC (GrapheneOS)
+fi;
+fi;
+
+if enterAndClear "packages/providers/DownloadProvider"; then
+applyPatch "$DOS_PATCHES/android_packages_providers_DownloadProvider/0001-Network_Permission.patch"; #Expose the NETWORK permission (GrapheneOS)
+fi;
+
+if enterAndClear "system/bt"; then
+applyPatch "$DOS_PATCHES_COMMON/android_system_bt/0001-alloc_size.patch"; #Add alloc_size attributes to the allocator (GrapheneOS)
+fi;
+
+if enterAndClear "system/core"; then
+if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file
+git revert --no-edit 07adb89d0f8c966c88869d1abffc57da0e707568; #insanity
+applyPatch "$DOS_PATCHES/android_system_core/0001-Harden.patch"; #Harden mounts with nodev/noexec/nosuid + misc sysctl changes (GrapheneOS)
+if [ "$DOS_GRAPHENE_PTRACE_SCOPE" = true ]; then applyPatch "$DOS_PATCHES/android_system_core/0002-ptrace_scope.patch"; fi; #Add a property for controlling ptrace_scope (GrapheneOS)
+if [ "$DOS_GRAPHENE_MALLOC" = true ]; then applyPatch "$DOS_PATCHES/android_system_core/0003-HM-Increase_vm_mmc.patch"; fi; #(GrapheneOS)
+fi;
+
+if enterAndClear "system/extras"; then
+applyPatch "$DOS_PATCHES/android_system_extras/0001-ext4_pad_filenames.patch"; #FBE: pad filenames more (GrapheneOS)
+fi;
+
+if enterAndClear "system/netd"; then
+applyPatch "$DOS_PATCHES/android_system_netd/0001-Network_Permission.patch"; #Expose the NETWORK permission (GrapheneOS)
+fi;
+
+if enterAndClear "system/sepolicy"; then
+applyPatch "$DOS_PATCHES/android_system_sepolicy/0002-protected_files.patch"; #Label protected_{fifos,regular} as proc_security (GrapheneOS) #XXX 19REBASE: add to other versions too
+if [ "$DOS_GRAPHENE_PTRACE_SCOPE" = true ]; then
+applyPatch "$DOS_PATCHES/android_system_sepolicy/0003-ptrace_scope-1.patch"; #Allow init to control kernel.yama.ptrace_scope (GrapheneOS)
+applyPatch "$DOS_PATCHES/android_system_sepolicy/0003-ptrace_scope-2.patch"; #Allow system to use persist.native_debug (GrapheneOS)
+fi;
+fi;
+
+if enterAndClear "system/update_engine"; then
+git revert --no-edit a5a18ac5e2a2377fe036fcae93548967a7b40470; #Do not skip payload signature verification
+fi;
+
+if enterAndClear "vendor/lineage"; then
+rm build/target/product/security/lineage.x509.pem; #Remove Lineage keys
+rm -rf overlay/common/lineage-sdk/packages/LineageSettingsProvider/res/values/defaults.xml; #Remove analytics
+rm -rf overlay/common/frameworks/base/core/res/res/drawable-*/default_wallpaper.png; #Remove Lineage wallpaper
+rm -rf overlay/common/packages/modules/NetworkStack/res/values/config.xml; #Do not set device model as DHCP hostname
+if [ "$DOS_HOSTS_BLOCKING" = true ]; then awk -i inplace '!/50-lineage.sh/' config/*.mk; fi; #Make sure our hosts is always used
+awk -i inplace '!/PRODUCT_EXTRA_RECOVERY_KEYS/' config/*.mk; #Remove Lineage extra keys
+awk -i inplace '!/security\/lineage/' config/*.mk; #Remove Lineage extra keys
+awk -i inplace '!/def_backup_transport/' overlay/common/frameworks/base/packages/SettingsProvider/res/values/defaults.xml; #Unset default backup provider
+if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then sed -i '20d' config/common_mobile.mk && awk -i inplace '!/AudioFX/' config/*.mk; fi; #Remove AudioFX
+if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then sed -i '/Google provider/!b;n;s/com.google.android.gms/org.microg.nlp/' overlay/common/frameworks/base/core/res/res/values/config.xml; fi; #Adjust the fused providers
+sed -i 's/LINEAGE_BUILDTYPE := UNOFFICIAL/LINEAGE_BUILDTYPE := dos/' config/*.mk; #Change buildtype
+if [ "$DOS_NON_COMMERCIAL_USE_PATCHES" = true ]; then sed -i 's/LINEAGE_BUILDTYPE := dos/LINEAGE_BUILDTYPE := dosNC/' config/*.mk; fi;
+echo 'include vendor/divested/divestos.mk' >> config/common.mk; #Include our customizations
+cp -f "$DOS_PATCHES_COMMON/apns-conf.xml" prebuilt/common/etc/apns-conf.xml; #Update APN list
+if [ "$DOS_SILENCE_INCLUDED" = true ]; then sed -i 's/messaging/Silence/' config/telephony.mk; fi; #Replace the Messaging app with Silence
+awk -i inplace '!/Eleven/' config/common_mobile.mk; #Remove Music Player
+fi;
+
+if enter "vendor/divested"; then
+awk -i inplace '!/_lookup/' overlay/common/lineage-sdk/packages/LineageSettingsProvider/res/values/defaults.xml; #Remove all lookup provider overrides
+if [ "$DOS_MICROG_INCLUDED" != "NONE" ]; then echo "PRODUCT_PACKAGES += DejaVuNlpBackend IchnaeaNlpBackend NominatimNlpBackend" >> packages.mk; fi; #Include UnifiedNlp backends
+if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then echo "PRODUCT_PACKAGES += UnifiedNLP" >> packages.mk; fi; #Include UnifiedNlp
+if [ "$DOS_HOSTS_BLOCKING" = false ]; then echo "PRODUCT_PACKAGES += $DOS_HOSTS_BLOCKING_APP" >> packages.mk; fi; #Include blocker app
+#echo "PRODUCT_PACKAGES += vendor.lineage.trust@1.0-service" >> packages.mk; #Add deny usb service, all of our kernels have the necessary patch #XXX 19REBASE: is this necessary?
+echo "PRODUCT_PACKAGES += eSpeakNG" >> packages.mk; #PicoTTS needs work to compile on 18.1, use eSpeak-NG instead
+fi;
+#
+#END OF ROM CHANGES
+#
+
+#
+#START OF DEVICE CHANGES
+#
+#none yet
+
+#Make changes to all devices
+cd "$DOS_BUILD_BASE";
+if [ "$DOS_LOWRAM_ENABLED" = true ]; then find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'enableLowRam "{}"'; fi;
+find "hardware/qcom/gps" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
+find "device" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
+find "vendor" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
+find "device" -type d -name "overlay" -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationFWB "{}"';
+#find "device" -name "WCNSS_qcom_cfg.\ini" -type f -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'extremeWiFiDeepSleep "{}"';
+if [ "$DOS_DEBLOBBER_REMOVE_IMS" = "false" ]; then find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'volteOverride "{}"'; fi;
+find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'enableDexPreOpt "{}"';
+find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'hardenUserdata "{}"';
+find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'hardenBootArgs "{}"';
+find "kernel" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenDefconfig "{}"';
+find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'disableAPEX "{}"';
+if [ "$DOS_GRAPHENE_EXEC" = true ]; then find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'disableEnforceRRO "{}"'; fi;
+cd "$DOS_BUILD_BASE";
+deblobAudio || true;
+removeBuildFingerprints || true;
+enableAutoVarInit || true;
+
+#Tweaks for <2GB RAM devices
+#none yet
+
+#Fix broken options enabled by hardenDefconfig()
+#none yet
+
+sed -i 's/^YYLTYPE yylloc;/extern YYLTYPE yylloc;/' kernel/*/*/scripts/dtc/dtc-lexer.l*; #Fix builds with GCC 10
+rm -v kernel/*/*/drivers/staging/greybus/tools/Android.mk || true;
+awk -i inplace '!/config_wifi_batched_scan_supported/' device/*/*/overlay/frameworks/opt/net/wifi/service/res/values/config.xml; #deprecated
+awk -i inplace '!/config_wifi_batched_scan_supported/' device/*/*/overlay/frameworks/base/core/res/res/values/config.xml; #deprecated
+#
+#END OF DEVICE CHANGES
+#
+echo -e "\e[0;32m[SCRIPT COMPLETE] Primary patching finished\e[0m";
diff --git a/Scripts/LineageOS-19.1/Rebrand.sh b/Scripts/LineageOS-19.1/Rebrand.sh
new file mode 100644
index 00000000..a98fcc66
--- /dev/null
+++ b/Scripts/LineageOS-19.1/Rebrand.sh
@@ -0,0 +1,99 @@
+#!/bin/bash
+#DivestOS: A privacy focused mobile distribution
+#Copyright (c) 2017-2021 Divested Computing Group
+#
+#This program is free software: you can redistribute it and/or modify
+#it under the terms of the GNU General Public License as published by
+#the Free Software Foundation, either version 3 of the License, or
+#(at your option) any later version.
+#
+#This program is distributed in the hope that it will be useful,
+#but WITHOUT ANY WARRANTY; without even the implied warranty of
+#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#GNU General Public License for more details.
+#
+#You should have received a copy of the GNU General Public License
+#along with this program.  If not, see <https://www.gnu.org/licenses/>.
+umask 0022;
+set -euo pipefail;
+source "$DOS_SCRIPTS_COMMON/Shell.sh";
+
+#Updates select user facing strings
+#Last verified: 2022-04-04
+
+echo "Rebranding...";
+
+if enter "bootable/recovery"; then
+#git revert --no-edit c4071b4f; #use standard animation #XXX 19REBASE
+awk -i inplace '!/DrawSurface\(logo.get\(\)/' recovery_ui/screen_ui.cpp; #Hide logo
+mogrify -format png -fill "#FF5722" -opaque "#167C80" -fuzz 10% res-*/images/*sel.png; #Recolor icons
+mogrify -format png -fill "#FF5722" -opaque "#7c4dff" -fuzz 10% res-*/images/ic_back_sel.png;
+sed -i 's|0x7c, 0x4d, 0xff|0xff, 0x57, 0x22|' recovery_ui/*ui.cpp; #Recolor accents (recovery primary)
+sed -i 's|0xf8, 0x90, 0xff|0xff, 0x98, 0x00|' recovery_ui/*ui.cpp; #Recolor accents (recovery secondar)
+sed -i 's|0xe6, 0x51, 0x00|0x4c, 0xaf, 0x50|' recovery_ui/*ui.cpp; #Recolor accents (fastboot primary)
+sed -i 's|0xfd, 0xd8, 0x35|0x8b, 0xc3, 0x4a|' recovery_ui/*ui.cpp; #Recolor accents (fastboot secondary)
+sed -i 's|0xfd, 0xd8,0x35|0x8b, 0xc3, 0x4a|' recovery_ui/*ui.cpp; #Recolor accents (fastboot secondary typo)
+#sed -i 's|0x16, 0x7c, 0x80|0x03, 0xa9, 0xf4|' recovery_ui/*ui.cpp; #Recolor text #XXX 19REBASE
+sed -i 's|Android Recovery|'"$DOS_BRANDING_NAME"' Recovery|' recovery_ui/*ui.cpp; #not used (yet)
+sed -i 's|LineageOS|'"$DOS_BRANDING_NAME"'|' recovery_ui/*ui.cpp; #not used (yet)
+sed -i 's|Lineage |'"$DOS_BRANDING_NAME"' |' recovery.cpp; #not used (yet)
+fi;
+
+if enter "build/make"; then
+sed -i 's|echo "ro.build.user=$BUILD_USERNAME"|echo "ro.build.user=emy"|' tools/buildinfo.sh; #Override build user
+sed -i 's|echo "ro.build.host=$BUILD_HOSTNAME"|echo "ro.build.host=dosbm"|' tools/buildinfo.sh; #Override build host
+fi;
+
+if enter "frameworks/base"; then
+generateBootAnimationMask "$DOS_BRANDING_NAME" "$DOS_BRANDING_BOOTANIMATION_FONT" core/res/assets/images/android-logo-mask.png;
+generateBootAnimationShine "$DOS_BRANDING_BOOTANIMATION_COLOR" "$DOS_BRANDING_BOOTANIMATION_STYLE" core/res/assets/images/android-logo-shine.png;
+fi;
+
+if enter "lineage-sdk"; then
+sed -i '/.*lineage_version/s/LineageOS/'"$DOS_BRANDING_NAME"'/' lineage/res/res/values*/strings.xml;
+sed -i '/.*lineage_updates/s/LineageOS/'"$DOS_BRANDING_NAME"'/' lineage/res/res/values*/strings.xml;
+sed -i '/.*lineageos_system_label/s/LineageOS/'"$DOS_BRANDING_NAME"'/' lineage/res/res/values*/strings.xml;
+fi;
+
+if enter "packages/apps/LineageParts"; then
+sed -i '/.*egg_title/s/LineageOS/'"$DOS_BRANDING_NAME"'/' res/values*/strings.xml;
+sed -i '/.*lineageparts_title/s/LineageOS/'"$DOS_BRANDING_NAME"'/' res/values*/strings.xml;
+sed -i '/.*privacy_settings_category/s/LineageOS/'"$DOS_BRANDING_NAME"'/' res/values*/strings.xml;
+sed -i '/.*trust_feature_security_patches_explain/s/LineageOS/'"$DOS_BRANDING_NAME"'/' res/values*/strings.xml;
+fi;
+
+if enter "packages/apps/Settings"; then
+sed -i '/.*lineagelicense_title/s/LineageOS/'"$DOS_BRANDING_NAME"'/' res/values*/cm_strings.xml;
+fi;
+
+if enter "packages/apps/SetupWizard"; then
+sed -i 's|https://lineageos.org/legal|'"$DOS_BRANDING_LINK_PRIVACY"'|' src/org/lineageos/setupwizard/LineageSettingsActivity.java;
+sed -i '/.*intro_restore/s/LineageOS/'"$DOS_BRANDING_NAME"'/' res/values*/strings.xml;
+sed -i '/.*os_name/s/LineageOS/'"$DOS_BRANDING_NAME"'/' res/values*/strings.xml;
+sed -i '/.*services/s/LineageOS/'"$DOS_BRANDING_NAME"'/g' res/values*/strings.xml;
+sed -i '/.*setup_services/s/LineageOS/'"$DOS_BRANDING_NAME"'/g' res/values*/strings.xml;
+sed -i '/.*update_recovery/s/Lineage/'"$DOS_BRANDING_NAME"'/g' res/values*/strings.xml;
+fi;
+
+if enter "packages/apps/Updater"; then
+sed -i 's|0OTA_SERVER_CLEARNET0|'"$DOS_BRANDING_SERVER_OTA"'|' src/org/lineageos/updater/misc/Utils.java;
+sed -i 's|0OTA_SERVER_ONION0|'"$DOS_BRANDING_SERVER_OTA_ONION"'|' src/org/lineageos/updater/misc/Utils.java;
+sed -i 's|>LineageOS|>'"$DOS_BRANDING_NAME"'|' res/values*/strings.xml;
+sed -i '/.*toast_forced_update_recovery/s/Lineage/'"$DOS_BRANDING_NAME"'/g' res/values*/strings.xml;
+sed -i '/.*info_dialog_message/s/Lineage/'"$DOS_BRANDING_NAME"'/g' res/values*/strings.xml;
+fi;
+
+if enter "system/core"; then
+sed -i 's/LineageOS/'"$DOS_BRANDING_NAME"'/' debuggerd/libdebuggerd/tombstone.cpp;
+fi;
+
+if enter "vendor/lineage"; then
+sed -i 's|https://lineageos.org/legal|'"$DOS_BRANDING_LINK_ABOUT"'|' build/core/main_version.mk;
+sed -i '/.*ZIPPATH=/s/lineage/'"$DOS_BRANDING_ZIP_PREFIX"'/' build/envsetup.sh;
+sed -i '/LINEAGE_TARGET_PACKAGE/s/lineage/'"$DOS_BRANDING_ZIP_PREFIX"'/' build/tasks/bacon.mk;
+sed -i '/.*config_mms_user_agent/s/LineageOS/'"$DOS_BRANDING_NAME"'/g' overlay/common/frameworks/base/core/res/res/values*/config.xml; #not used (yet)
+rm -rf bootanimation;
+fi;
+
+cd "$DOS_BUILD_BASE";
+echo -e "\e[0;32m[SCRIPT COMPLETE] Rebranding complete\e[0m";