mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-24 15:09:34 -05:00
15.1: More fixes
This commit is contained in:
parent
df7979a214
commit
1fa75dcb65
@ -67,10 +67,6 @@
|
||||
<!-- END OF UNNECESSARY REPO REMOVAL -->
|
||||
|
||||
<!-- START OF BRANCH SWITCHING -->
|
||||
<!-- new recovery is overly large -->
|
||||
<remove-project name="bootable/recovery" />
|
||||
<project path="bootable/recovery" name="LineageOS/android_bootable_recovery" groups="pdk" revision="cm-14.1" />
|
||||
|
||||
<!-- master contains some necessary fixes -->
|
||||
<remove-project name="platform/external/svox" />
|
||||
<project path="external/svox" name="platform/external/svox" groups="pdk" remote="aosp" revision="master" />
|
||||
|
@ -0,0 +1,35 @@
|
||||
From b75779de1c7fd9f624d0523a8ff9020b91f918ed Mon Sep 17 00:00:00 2001
|
||||
From: Tad <tad@spotco.us>
|
||||
Date: Thu, 12 Apr 2018 08:05:32 -0400
|
||||
Subject: [PATCH] Fix -user builds for many LGE devices
|
||||
|
||||
Change-Id: I46c4191b1171055cbdb5b23e8714d24676fc48bb
|
||||
---
|
||||
public/domain.te | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/public/domain.te b/public/domain.te
|
||||
index 8640baaa..4b5b0bc6 100644
|
||||
--- a/public/domain.te
|
||||
+++ b/public/domain.te
|
||||
@@ -486,6 +486,9 @@ neverallow { domain -recovery -update_engine } system_block_device:blk_file writ
|
||||
# No domains other than install_recovery or recovery can write to recovery.
|
||||
neverallow { domain -install_recovery -recovery } recovery_block_device:blk_file write;
|
||||
|
||||
+# Select devices have policies prevented by the following neverallow
|
||||
+attribute misc_block_device_exception;
|
||||
+
|
||||
# No domains other than a select few can access the misc_block_device. This
|
||||
# block device is reserved for OTA use.
|
||||
# Do not assert this rule on userdebug/eng builds, due to some devices using
|
||||
@@ -500,6 +503,7 @@ neverallow {
|
||||
-vold
|
||||
-recovery
|
||||
-ueventd
|
||||
+ -misc_block_device_exception
|
||||
} misc_block_device:blk_file { append link relabelfrom rename write open read ioctl lock };
|
||||
|
||||
# Only (hw|vnd|)servicemanager should be able to register with binder as the context manager
|
||||
--
|
||||
2.17.0
|
||||
|
@ -66,7 +66,7 @@ patch -p1 < $patches"android_build/0001-Automated_Build_Signing.patch" #Automate
|
||||
sed -i 's/messaging/Silence/' target/product/*.mk; #Replace AOSP Messaging app with Silence
|
||||
|
||||
enterAndClear "device/qcom/sepolicy"
|
||||
patch -p1 < $patches"android_device_qcom_sepolicy/0001-Camera_Fix.patch" #Fix camera on user builds
|
||||
patch -p1 < $patches"android_device_qcom_sepolicy/0001-Camera_Fix.patch" #Fix camera on user builds XXX: REMOVE THIS TRASH
|
||||
|
||||
enterAndClear "external/sqlite"
|
||||
patch -p1 < $patches"android_external_sqlite/0001-Secure_Delete.patch" #Enable secure_delete by default. Disclaimer: From CopperheadOS 13.0
|
||||
|
@ -33,7 +33,7 @@ export -f buildDevice;
|
||||
buildAll() {
|
||||
#Select devices are userdebug due to SELinux policy issues
|
||||
#TODO: Add victara, griffin, athene, us997, us996, pme, t0lte, hlte
|
||||
brunch lineage_d852-userdebug;
|
||||
brunch lineage_d852-user;
|
||||
brunch lineage_bacon-user;
|
||||
brunch lineage_mako-user;
|
||||
#brunch lineage_clark-user; #requires blobs from https://androidfilehost.com/?w=files&flid=244563 and also broken
|
||||
@ -43,7 +43,7 @@ buildAll() {
|
||||
brunch lineage_d855-userdebug;
|
||||
brunch lineage_flo-user;
|
||||
brunch lineage_flounder-user;
|
||||
#brunch lineage_h850-userdebug; #prot_sect_kernel undefined
|
||||
#brunch lineage_h850-userdebug;
|
||||
#brunch lineage_hammerhead-user;
|
||||
brunch lineage_marlin-user;
|
||||
brunch lineage_m8-user;
|
||||
|
@ -64,7 +64,7 @@ awk -i inplace '!/PRODUCT_EXTRA_RECOVERY_KEYS/' core/product.mk;
|
||||
sed -i 's/messaging/Silence/' target/product/*.mk; #Replace AOSP Messaging app with Silence
|
||||
|
||||
enterAndClear "device/qcom/sepolicy"
|
||||
patch -p1 < $patches"android_device_qcom_sepolicy/0001-Camera_Fix.patch" #Fix camera on -user builds
|
||||
patch -p1 < $patches"android_device_qcom_sepolicy/0001-Camera_Fix.patch" #Fix camera on -user builds XXX: REMOVE THIS TRASH
|
||||
|
||||
enterAndClear "external/svox"
|
||||
git revert 1419d63b4889a26d22443fd8df1f9073bf229d3d; #Add back makefiles
|
||||
@ -157,6 +157,9 @@ cat /tmp/ar/hosts >> rootdir/etc/hosts #Merge in our HOSTS file
|
||||
git revert a6a4ce8e9a6d63014047a447c6bb3ac1fa90b3f4 #Always update recovery
|
||||
patch -p1 < $patches"android_system_core/0001-Harden_Mounts.patch" #Harden mounts with nodev/noexec/nosuid. Disclaimer: From CopperheadOS 13.0
|
||||
|
||||
enterAndClear "system/sepolicy"
|
||||
patch -p1 < $patches"android_system_sepolicy/0001-LGE_Fixes.patch" #Fix -user builds for LGE devices
|
||||
|
||||
enterAndClear "system/vold"
|
||||
patch -p1 < $patches"android_system_vold/0001-AES256.patch" #Add a variable for enabling AES-256 bit encryption
|
||||
|
||||
@ -171,7 +174,6 @@ cp -r $patches"android_vendor_lineage/firmware_deblobber" .;
|
||||
cp $patches"android_vendor_lineage/firmware_deblobber.mk" build/tasks/firmware_deblobber.mk;
|
||||
sed -i 's/LINEAGE_BUILDTYPE := UNOFFICIAL/LINEAGE_BUILDTYPE := dos/' config/common.mk; #Change buildtype
|
||||
sed -i 's/messaging/Silence/' config/telephony.mk; #Replace AOSP Messaging app with Silence
|
||||
sed -i 's/config_enableRecoveryUpdater">false/config_enableRecoveryUpdater">true/' overlay/common/packages/apps/Settings/res/values/config.xml; #Expose option to update recovery
|
||||
#
|
||||
#END OF ROM CHANGES
|
||||
#
|
||||
@ -180,6 +182,8 @@ sed -i 's/config_enableRecoveryUpdater">false/config_enableRecoveryUpdater">true
|
||||
#START OF DEVICE CHANGES
|
||||
#
|
||||
enterAndClear "device/lge/g3-common"
|
||||
sed -i '3itypeattribute hwaddrs misc_block_device_exception;' sepolicy/hwaddrs.te;
|
||||
sed -i '1itypeattribute wcnss_service misc_block_device_exception;' sepolicy/wcnss_service.te;
|
||||
echo "allow wcnss_service block_device:dir search;" >> sepolicy/wcnss_service.te; #fix incorrect Wi-Fi MAC address
|
||||
echo "/dev/block/platform/msm_sdcc\.1/by-name/pad u:object_r:misc_block_device:s0" >> sepolicy/file_contexts; #fix uncrypt denial
|
||||
|
||||
@ -201,7 +205,7 @@ cd $base
|
||||
|
||||
#Fix broken options enabled by hardenDefconfig()
|
||||
sed -i "s/CONFIG_DEBUG_RODATA=y/# CONFIG_DEBUG_RODATA is not set/" kernel/google/msm/arch/arm/configs/lineageos_*_defconfig; #Breaks on compile
|
||||
#sed -i "s/CONFIG_STRICT_MEMORY_RWX=y/# CONFIG_STRICT_MEMORY_RWX is not set/" kernel/lge/msm8996/arch/arm64/configs/lineageos_*_defconfig; #Breaks on compile
|
||||
sed -i "s/CONFIG_STRICT_MEMORY_RWX=y/# CONFIG_STRICT_MEMORY_RWX is not set/" kernel/lge/msm8996/arch/arm64/configs/lineageos_*_defconfig; #Breaks on compile
|
||||
#
|
||||
#END OF DEVICE CHANGES
|
||||
#
|
||||
|
@ -22,6 +22,7 @@ echo "Rebranding..."
|
||||
enter "bootable/recovery"
|
||||
sed -i 's|Android Recovery|DivestOS Recovery|' *_ui.cpp;
|
||||
sed -i 's|LineageOS|DivestOS|' ui.cpp;
|
||||
#TODO: Rebrand the rest of the recovery
|
||||
|
||||
enter "build/make"
|
||||
sed -i 's|echo "ro.build.user=$USER"|echo "ro.build.user=emy"|' tools/buildinfo.sh; #Override build user
|
||||
|
Loading…
Reference in New Issue
Block a user