15.1: More fixes

Manifests/Manifest_LAOS-15.1.xml

@@ -67,10 +67,6 @@
 <!-- END OF UNNECESSARY REPO REMOVAL -->
 
 <!-- START OF BRANCH SWITCHING -->
-	<!-- new recovery is overly large -->
-	<remove-project name="bootable/recovery" />
-	<project path="bootable/recovery" name="LineageOS/android_bootable_recovery" groups="pdk" revision="cm-14.1" />
-
 	<!-- master contains some necessary fixes -->
 	<remove-project name="platform/external/svox" />
 	<project path="external/svox" name="platform/external/svox" groups="pdk" remote="aosp" revision="master" />

Patches/LineageOS-15.1/android_system_sepolicy/0001-LGE_Fixes.patch

@@ -0,0 +1,35 @@
+From b75779de1c7fd9f624d0523a8ff9020b91f918ed Mon Sep 17 00:00:00 2001
+From: Tad <tad@spotco.us>
+Date: Thu, 12 Apr 2018 08:05:32 -0400
+Subject: [PATCH] Fix -user builds for many LGE devices
+
+Change-Id: I46c4191b1171055cbdb5b23e8714d24676fc48bb
+---
+ public/domain.te | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/public/domain.te b/public/domain.te
+index 8640baaa..4b5b0bc6 100644
+--- a/public/domain.te
++++ b/public/domain.te
+@@ -486,6 +486,9 @@ neverallow { domain -recovery -update_engine } system_block_device:blk_file writ
+ # No domains other than install_recovery or recovery can write to recovery.
+ neverallow { domain -install_recovery -recovery } recovery_block_device:blk_file write;
+ 
++# Select devices have policies prevented by the following neverallow
++attribute misc_block_device_exception;
++
+ # No domains other than a select few can access the misc_block_device. This
+ # block device is reserved for OTA use.
+ # Do not assert this rule on userdebug/eng builds, due to some devices using
+@@ -500,6 +503,7 @@ neverallow {
+   -vold
+   -recovery
+   -ueventd
++  -misc_block_device_exception
+ } misc_block_device:blk_file { append link relabelfrom rename write open read ioctl lock };
+ 
+ # Only (hw|vnd|)servicemanager should be able to register with binder as the context manager
+-- 
+2.17.0
+

Scripts/LineageOS-14.1/Patch.sh

@@ -66,7 +66,7 @@ patch -p1 < $patches"android_build/0001-Automated_Build_Signing.patch" #Automate
 sed -i 's/messaging/Silence/' target/product/*.mk; #Replace AOSP Messaging app with Silence
 
 enterAndClear "device/qcom/sepolicy"
-patch -p1 < $patches"android_device_qcom_sepolicy/0001-Camera_Fix.patch" #Fix camera on user builds
+patch -p1 < $patches"android_device_qcom_sepolicy/0001-Camera_Fix.patch" #Fix camera on user builds XXX: REMOVE THIS TRASH
 
 enterAndClear "external/sqlite"
 patch -p1 < $patches"android_external_sqlite/0001-Secure_Delete.patch" #Enable secure_delete by default. Disclaimer: From CopperheadOS 13.0

Scripts/LineageOS-15.1/Functions.sh

@@ -33,7 +33,7 @@ export -f buildDevice;
 buildAll() {
 #Select devices are userdebug due to SELinux policy issues
 #TODO: Add victara, griffin, athene, us997, us996, pme, t0lte, hlte
-	brunch lineage_d852-userdebug;
+	brunch lineage_d852-user;
 	brunch lineage_bacon-user;
 	brunch lineage_mako-user;
 	#brunch lineage_clark-user; #requires blobs from https://androidfilehost.com/?w=files&flid=244563 and also broken
@@ -43,7 +43,7 @@ buildAll() {
 	brunch lineage_d855-userdebug;
 	brunch lineage_flo-user;
 	brunch lineage_flounder-user;
-	#brunch lineage_h850-userdebug; #prot_sect_kernel undefined
+	#brunch lineage_h850-userdebug;
 	#brunch lineage_hammerhead-user;
 	brunch lineage_marlin-user;
 	brunch lineage_m8-user;

Scripts/LineageOS-15.1/Patch.sh

@@ -64,7 +64,7 @@ awk -i inplace '!/PRODUCT_EXTRA_RECOVERY_KEYS/' core/product.mk;
 sed -i 's/messaging/Silence/' target/product/*.mk; #Replace AOSP Messaging app with Silence
 
 enterAndClear "device/qcom/sepolicy"
-patch -p1 < $patches"android_device_qcom_sepolicy/0001-Camera_Fix.patch" #Fix camera on -user builds
+patch -p1 < $patches"android_device_qcom_sepolicy/0001-Camera_Fix.patch" #Fix camera on -user builds XXX: REMOVE THIS TRASH
 
 enterAndClear "external/svox"
 git revert 1419d63b4889a26d22443fd8df1f9073bf229d3d; #Add back makefiles
@@ -157,6 +157,9 @@ cat /tmp/ar/hosts >> rootdir/etc/hosts #Merge in our HOSTS file
 git revert a6a4ce8e9a6d63014047a447c6bb3ac1fa90b3f4 #Always update recovery
 patch -p1 < $patches"android_system_core/0001-Harden_Mounts.patch" #Harden mounts with nodev/noexec/nosuid. Disclaimer: From CopperheadOS 13.0
 
+enterAndClear "system/sepolicy"
+patch -p1 < $patches"android_system_sepolicy/0001-LGE_Fixes.patch" #Fix -user builds for LGE devices
+
 enterAndClear "system/vold"
 patch -p1 < $patches"android_system_vold/0001-AES256.patch" #Add a variable for enabling AES-256 bit encryption
 
@@ -171,7 +174,6 @@ cp -r $patches"android_vendor_lineage/firmware_deblobber" .;
 cp $patches"android_vendor_lineage/firmware_deblobber.mk" build/tasks/firmware_deblobber.mk;
 sed -i 's/LINEAGE_BUILDTYPE := UNOFFICIAL/LINEAGE_BUILDTYPE := dos/' config/common.mk; #Change buildtype
 sed -i 's/messaging/Silence/' config/telephony.mk; #Replace AOSP Messaging app with Silence
-sed -i 's/config_enableRecoveryUpdater">false/config_enableRecoveryUpdater">true/' overlay/common/packages/apps/Settings/res/values/config.xml; #Expose option to update recovery
 #
 #END OF ROM CHANGES
 #
@@ -180,6 +182,8 @@ sed -i 's/config_enableRecoveryUpdater">false/config_enableRecoveryUpdater">true
 #START OF DEVICE CHANGES
 #
 enterAndClear "device/lge/g3-common"
+sed -i '3itypeattribute hwaddrs misc_block_device_exception;' sepolicy/hwaddrs.te;
+sed -i '1itypeattribute wcnss_service misc_block_device_exception;' sepolicy/wcnss_service.te;
 echo "allow wcnss_service block_device:dir search;" >> sepolicy/wcnss_service.te; #fix incorrect Wi-Fi MAC address
 echo "/dev/block/platform/msm_sdcc\.1/by-name/pad     u:object_r:misc_block_device:s0" >> sepolicy/file_contexts; #fix uncrypt denial
 
@@ -201,7 +205,7 @@ cd $base
 
 #Fix broken options enabled by hardenDefconfig()
 sed -i "s/CONFIG_DEBUG_RODATA=y/# CONFIG_DEBUG_RODATA is not set/" kernel/google/msm/arch/arm/configs/lineageos_*_defconfig; #Breaks on compile
-#sed -i "s/CONFIG_STRICT_MEMORY_RWX=y/# CONFIG_STRICT_MEMORY_RWX is not set/" kernel/lge/msm8996/arch/arm64/configs/lineageos_*_defconfig; #Breaks on compile
+sed -i "s/CONFIG_STRICT_MEMORY_RWX=y/# CONFIG_STRICT_MEMORY_RWX is not set/" kernel/lge/msm8996/arch/arm64/configs/lineageos_*_defconfig; #Breaks on compile
 #
 #END OF DEVICE CHANGES
 #

Scripts/LineageOS-15.1/Rebrand.sh

@@ -22,6 +22,7 @@ echo "Rebranding..."
 enter "bootable/recovery"
 sed -i 's|Android Recovery|DivestOS Recovery|' *_ui.cpp;
 sed -i 's|LineageOS|DivestOS|' ui.cpp;
+#TODO: Rebrand the rest of the recovery
 
 enter "build/make"
 sed -i 's|echo "ro.build.user=$USER"|echo "ro.build.user=emy"|' tools/buildinfo.sh; #Override build user