Defaults fixes and 256 bit encryption

Scripts/LineageOS-14.1/Defaults.sh

@@ -32,9 +32,12 @@ sed -i 's/CMSettings.System.ENABLE_REVERSE_LOOKUP, 1)/CMSettings.System.ENABLE_R
 
 cd $base"packages/apps/FDroid"
 sed -i 's|DEFAULT_ROOTED = true;|DEFAULT_ROOTED = false;|' app/src/main/java/org/fdroid/fdroid/Preferences.java; #Hide root apps
+sed -i '/string\/rooted/!b;n;s/defaultValue="true"/defaultValue="false"/' app/src/main/res/xml/preferences.xml;
 sed -i 's|DEFAULT_HIDE_ANTI_FEATURE_APPS = false;|DEFAULT_HIDE_ANTI_FEATURE_APPS = true;|' app/src/main/java/org/fdroid/fdroid/Preferences.java; #Hide anti-feature apps
+sed -i '/string\/hide_anti_feature_apps/!b;n;s/defaultValue="false"/defaultValue="true"/' app/src/main/res/xml/preferences.xml;
 
 cd $base"packages/apps/Jelly"
+#TODO: Update app/src/main/res/xml/settings.xml
 #Because someone is going to eventually ask... the reason we're disabling ads on DuckDuckgGo is because their ads are shit and are almost always just links to what you search for on some shit tier ad infested metasearch engine. Like if DuckDuckGo partnered with Amazon or something and showed sponsored Amazon links that would be a million times better, because they are actually ads.
 #sed -i 's|duckduckgo.com/?q=|duckduckgo.com/?k1=-1&kaq=-1&kap=-1&kao=-1&kak=-1&kax=-1&q=|' app/src/main/res/values/search_engines.xml; #Disable ads and popups
 #sed -i 's|default_search_engine">https://google.com/search?ie=UTF-8&source=android-browser&q={searchTerms}|default_search_engine">https://duckduckgo.com/?k1=-1&kaq=-1&kap=-1&kao=-1&kak=-1&kax=-1&q={searchTerms}|' app/src/main/res/values/strings.xml; #Change default search engine TODO: Fix me

Scripts/LineageOS-14.1/Patch.sh

@@ -173,7 +173,7 @@ enter "packages/apps/Jelly"
 git apply --3way $patches"android_packages_apps_Jelly/182322-3.patch" #Add option to remove identifying headers
 
 enter "packages/apps/Settings"
-sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/ChooseLockPassword.java; #Increase max password length
+sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 64;/' src/com/android/settings/ChooseLockPassword.java; #Increase max password length
 sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/PrivacySettings.java; #MicroG doesn't support Backup, hide the options
 
 enter "packages/apps/SetupWizard"
@@ -204,6 +204,15 @@ enter "system/core"
 cat /tmp/ar/hosts >> rootdir/etc/hosts #Merge in our HOSTS file
 patch -p1 < $patches"android_system_core/0001-Harden_Mounts.patch" #Harden mounts with nodev/noexec/nosuid
 
+enter "system/vold"
+#THESE OPTIONS MUST NOT BE CHANGED AFTER RELEASE!
+#Android's cryptfs fully supports 256-bit
+#sed -i 's|define HASH_COUNT 2000|define HASH_COUNT 5000|' cryptfs.c; #Increase pbkdf iterations
+#sed -i 's|define KEY_LEN_BYTES 16|define KEY_LEN_BYTES 32|' cryptfs.c; #128-bit -> 256-bit
+#sed -i 's|define IV_LEN_BYTES 16|define IV_LEN_BYTES 32|' cryptfs.c; #AES-CBC IV must be the same as ^
+#sed -i 's|define RSA_KEY_SIZE 2048|define RSA_KEY_SIZE 4096|' cryptfs.c; #Increase signning key size to 4096
+sed -i 's|define RETRY_MOUNT_DELAY_SECONDS 1|define RETRY_MOUNT_DELAY_SECONDS 3|' cryptfs.c;
+
 enter "vendor/cm"
 rm -rf overlay/common/vendor/cmsdk/packages #Remove analytics
 awk -i inplace '!/50-cm.sh/' config/common.mk; #Make sure our hosts is always used