From 21fdd3cec72566d9fd880bccc462828d7796c304 Mon Sep 17 00:00:00 2001 From: Tad Date: Thu, 9 Nov 2017 17:16:55 -0500 Subject: [PATCH] Defaults fixes and 256 bit encryption --- Scripts/LineageOS-14.1/Defaults.sh | 3 +++ Scripts/LineageOS-14.1/Patch.sh | 11 ++++++++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/Scripts/LineageOS-14.1/Defaults.sh b/Scripts/LineageOS-14.1/Defaults.sh index 0899967a..f5040172 100644 --- a/Scripts/LineageOS-14.1/Defaults.sh +++ b/Scripts/LineageOS-14.1/Defaults.sh @@ -32,9 +32,12 @@ sed -i 's/CMSettings.System.ENABLE_REVERSE_LOOKUP, 1)/CMSettings.System.ENABLE_R cd $base"packages/apps/FDroid" sed -i 's|DEFAULT_ROOTED = true;|DEFAULT_ROOTED = false;|' app/src/main/java/org/fdroid/fdroid/Preferences.java; #Hide root apps +sed -i '/string\/rooted/!b;n;s/defaultValue="true"/defaultValue="false"/' app/src/main/res/xml/preferences.xml; sed -i 's|DEFAULT_HIDE_ANTI_FEATURE_APPS = false;|DEFAULT_HIDE_ANTI_FEATURE_APPS = true;|' app/src/main/java/org/fdroid/fdroid/Preferences.java; #Hide anti-feature apps +sed -i '/string\/hide_anti_feature_apps/!b;n;s/defaultValue="false"/defaultValue="true"/' app/src/main/res/xml/preferences.xml; cd $base"packages/apps/Jelly" +#TODO: Update app/src/main/res/xml/settings.xml #Because someone is going to eventually ask... the reason we're disabling ads on DuckDuckgGo is because their ads are shit and are almost always just links to what you search for on some shit tier ad infested metasearch engine. Like if DuckDuckGo partnered with Amazon or something and showed sponsored Amazon links that would be a million times better, because they are actually ads. #sed -i 's|duckduckgo.com/?q=|duckduckgo.com/?k1=-1&kaq=-1&kap=-1&kao=-1&kak=-1&kax=-1&q=|' app/src/main/res/values/search_engines.xml; #Disable ads and popups #sed -i 's|default_search_engine">https://google.com/search?ie=UTF-8&source=android-browser&q={searchTerms}|default_search_engine">https://duckduckgo.com/?k1=-1&kaq=-1&kap=-1&kao=-1&kak=-1&kax=-1&q={searchTerms}|' app/src/main/res/values/strings.xml; #Change default search engine TODO: Fix me diff --git a/Scripts/LineageOS-14.1/Patch.sh b/Scripts/LineageOS-14.1/Patch.sh index 3f4e0ed7..63462001 100755 --- a/Scripts/LineageOS-14.1/Patch.sh +++ b/Scripts/LineageOS-14.1/Patch.sh @@ -173,7 +173,7 @@ enter "packages/apps/Jelly" git apply --3way $patches"android_packages_apps_Jelly/182322-3.patch" #Add option to remove identifying headers enter "packages/apps/Settings" -sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/ChooseLockPassword.java; #Increase max password length +sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 64;/' src/com/android/settings/ChooseLockPassword.java; #Increase max password length sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/PrivacySettings.java; #MicroG doesn't support Backup, hide the options enter "packages/apps/SetupWizard" @@ -204,6 +204,15 @@ enter "system/core" cat /tmp/ar/hosts >> rootdir/etc/hosts #Merge in our HOSTS file patch -p1 < $patches"android_system_core/0001-Harden_Mounts.patch" #Harden mounts with nodev/noexec/nosuid +enter "system/vold" +#THESE OPTIONS MUST NOT BE CHANGED AFTER RELEASE! +#Android's cryptfs fully supports 256-bit +#sed -i 's|define HASH_COUNT 2000|define HASH_COUNT 5000|' cryptfs.c; #Increase pbkdf iterations +#sed -i 's|define KEY_LEN_BYTES 16|define KEY_LEN_BYTES 32|' cryptfs.c; #128-bit -> 256-bit +#sed -i 's|define IV_LEN_BYTES 16|define IV_LEN_BYTES 32|' cryptfs.c; #AES-CBC IV must be the same as ^ +#sed -i 's|define RSA_KEY_SIZE 2048|define RSA_KEY_SIZE 4096|' cryptfs.c; #Increase signning key size to 4096 +sed -i 's|define RETRY_MOUNT_DELAY_SECONDS 1|define RETRY_MOUNT_DELAY_SECONDS 3|' cryptfs.c; + enter "vendor/cm" rm -rf overlay/common/vendor/cmsdk/packages #Remove analytics awk -i inplace '!/50-cm.sh/' config/common.mk; #Make sure our hosts is always used