Use GrapheneOS' hardened memory allocator

+ 16.0: some other misc hardening patches from GrapheneOS
  - always restrict access to Build.SERIAL
  - don't grant location permission to system browsers
  - fbe: pad filenames more
+ 16.0: Contacts: remove Privacy Policy and Terms of Service links

Manifests/Manifest_LAOS-14.1.xml

@@ -67,6 +67,9 @@
 	<!-- F-Droid -->
 	<remote name="fdroid" fetch="https://gitlab.com/fdroid/" />
 
+	<!-- GrapheneOS -->
+	<project path="external/hardened_malloc" name="GrapheneOS/hardened_malloc" remote="github" revision="master" />
+
 	<!-- WireGuard -->
 	<remote name="zx2c4" fetch="https://git.zx2c4.com/" />
 	<project name="android_kernel_wireguard" path="kernel/wireguard" remote="zx2c4" revision="master" sync-s="true" />

Manifests/Manifest_LAOS-15.1.xml

@@ -68,6 +68,9 @@
 	<!-- F-Droid -->
 	<remote name="fdroid" fetch="https://gitlab.com/fdroid/" />
 
+	<!-- GrapheneOS -->
+	<project path="external/hardened_malloc" name="GrapheneOS/hardened_malloc" remote="github" revision="master" />
+
 	<!-- WireGuard -->
 	<remote name="zx2c4" fetch="https://git.zx2c4.com/" />
 	<project name="android_kernel_wireguard" path="kernel/wireguard" remote="zx2c4" revision="master" sync-s="true" />

Manifests/Manifest_LAOS-16.0.xml

@@ -66,6 +66,9 @@
 	<!-- F-Droid -->
 	<remote name="fdroid" fetch="https://gitlab.com/fdroid/" />
 
+	<!-- GrapheneOS -->
+	<project path="external/hardened_malloc" name="GrapheneOS/hardened_malloc" remote="github" revision="master" />
+
 	<!-- WireGuard -->
 	<remote name="zx2c4" fetch="https://git.zx2c4.com/" />
 	<project name="android_kernel_wireguard" path="kernel/wireguard" remote="zx2c4" revision="master" sync-s="true" />

Patches/Common/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch

@@ -0,0 +1,33 @@
+From 14800a3e7070240a314cbd695f71984a888cc90f Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Wed, 5 Dec 2018 09:29:25 -0500
+Subject: [PATCH] avoid setting RLIMIT_AS with hardened malloc
+
+This needs to be ported to a better mechanism like memory control groups
+in order to remain compatible with hardening mechanisms based on large
+PROT_NONE address space reservations.
+
+Change-Id: Ibfb7164d764fcb9244055953bedc9a1c424cedcb
+---
+ media/libmedia/MediaUtils.cpp | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/media/libmedia/MediaUtils.cpp b/media/libmedia/MediaUtils.cpp
+index bcdc3bdcf..de217c70b 100644
+--- a/media/libmedia/MediaUtils.cpp
++++ b/media/libmedia/MediaUtils.cpp
+@@ -38,6 +38,14 @@ void limitProcessMemory(
+         return;
+     }
+ 
++#ifdef __LP64__
++    // This needs to be ported to a better mechanism like memory control groups
++    // in order to remain compatible with hardening mechanisms based on large
++    // PROT_NONE address space reservations.
++    ALOGW("Running with hardened malloc implementation, skip enforcing memory limitations.");
++    return;
++#endif
++
+     long pageSize = sysconf(_SC_PAGESIZE);
+     long numPages = sysconf(_SC_PHYS_PAGES);
+     size_t maxMem = SIZE_MAX;

Patches/Common/android_system_core/0001-HM-Increase_vm_mmc.patch

@@ -0,0 +1,22 @@
+From 17d64eda868006dc8c5596d27299143af8e45485 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Thu, 13 Dec 2018 09:26:25 -0500
+Subject: [PATCH] increase max_map_count for hardened malloc
+
+---
+ rootdir/init.rc | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/rootdir/init.rc b/rootdir/init.rc
+index b9464e7fd8..2149abe2bd 100644
+--- a/rootdir/init.rc
++++ b/rootdir/init.rc
+@@ -597,6 +597,8 @@ on boot
+     chown root system /sys/module/lowmemorykiller/parameters/minfree
+     chmod 0664 /sys/module/lowmemorykiller/parameters/minfree
+ 
++    write /proc/sys/vm/max_map_count 524240
++
+     # Tweak background writeout
+     write /proc/sys/vm/dirty_expire_centisecs 200
+     write /proc/sys/vm/dirty_background_ratio  5

Patches/LineageOS-14.1/android_bionic/0001-HM-Use_HM.patch

@@ -0,0 +1,129 @@
+From f6ce62a62d47d3f8469ef6aa4749e07e644de5d0 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Wed, 5 Dec 2018 01:51:56 -0500
+Subject: [PATCH] add hardened_malloc library
+
+---
+ libc/Android.bp               | 48 ++++++++++++++++++++++++++++-------
+ libc/bionic/malloc_common.cpp |  5 ++++
+ 2 files changed, 44 insertions(+), 9 deletions(-)
+
+diff --git a/libc/Android.bp b/libc/Android.bp
+index c92acf70b..877ff7f4f 100644
+--- a/libc/Android.bp
++++ b/libc/Android.bp
+@@ -83,6 +83,8 @@ cc_defaults {
+         "-Werror=int-to-pointer-cast",
+         "-Werror=type-limits",
+         "-Werror",
++
++        "-DH_MALLOC_PREFIX",
+     ],
+     // TODO: split out the asflags.
+     asflags: [
+@@ -96,10 +98,21 @@ cc_defaults {
+         "-Werror=int-to-pointer-cast",
+         "-Werror=type-limits",
+         "-Werror",
++
++        "-DH_MALLOC_PREFIX",
+     ],
+     conlyflags: ["-std=gnu99"],
+     cppflags: [],
+-    include_dirs: ["external/jemalloc/include"],
++    include_dirs: [],
++
++    multilib: {
++        lib32: {
++            include_dirs: ["external/jemalloc/include"],
++        },
++        lib64: {
++            include_dirs: ["external/hardened_malloc/"],
++        },
++    },
+ 
+     arch: {
+         // Clang/llvm has incompatible long double (fp128) for x86_64.
+@@ -1601,11 +1614,6 @@ cc_library_static {
+     name: "libc_ndk",
+     defaults: ["libc_defaults"],
+     srcs: libc_common_src_files + ["bionic/malloc_common.cpp"],
+-    multilib: {
+-        lib32: {
+-            srcs: libc_common_src_files_32,
+-        },
+-    },
+     arch: {
+         arm: {
+             srcs: [
+@@ -1635,8 +1643,17 @@ cc_library_static {
+         "libc_syscalls",
+         "libc_tzcode",
+         "libm",
+-        "libjemalloc",
+     ],
++
++    multilib: {
++        lib32: {
++            srcs: libc_common_src_files_32,
++            whole_static_libs: ["libjemalloc"],
++        },
++        lib64: {
++            whole_static_libs: ["libhardened_malloc"],
++        },
++    },
+ }
+ 
+ // ========================================================
+@@ -1714,7 +1731,11 @@ cc_library_static {
+ // ========================================================
+ cc_library_static {
+     defaults: ["libc_defaults"],
+-    srcs: ["bionic/jemalloc_wrapper.cpp"],
++    multilib: {
++        lib32: {
++            srcs: ["bionic/jemalloc_wrapper.cpp"],
++        },
++    },
+     cflags: ["-fvisibility=hidden"],
+ 
+     name: "libc_malloc",
+@@ -1765,7 +1786,16 @@ cc_library {
+     // you wanted!
+ 
+     shared_libs: ["libdl"],
+-    whole_static_libs: ["libc_common", "libjemalloc"],
++    whole_static_libs: ["libc_common"],
++
++    multilib: {
++        lib32: {
++            whole_static_libs: ["libjemalloc"],
++        },
++        lib64: {
++            whole_static_libs: ["libhardened_malloc"],
++        },
++    },
+ 
+     // We'd really like to do this for all architectures, but since this wasn't done
+     // before, these symbols must continue to be exported on LP32 for binary
+diff --git a/libc/bionic/malloc_common.cpp b/libc/bionic/malloc_common.cpp
+index e05061917..af544f3e1 100644
+--- a/libc/bionic/malloc_common.cpp
++++ b/libc/bionic/malloc_common.cpp
+@@ -46,8 +46,13 @@
+ #include <private/bionic_globals.h>
+ #include <private/bionic_malloc_dispatch.h>
+ 
++#ifdef __LP64__
++#include "h_malloc.h"
++#define Malloc(function)  h_ ## function
++#else
+ #include "jemalloc.h"
+ #define Malloc(function)  je_ ## function
++#endif
+ 
+ static constexpr MallocDispatch __libc_malloc_default_dispatch
+   __attribute__((unused)) = {
+-- 
+2.20.1
+

Patches/LineageOS-14.1/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch

@@ -0,0 +1,36 @@
+From 0896379253e9f87f6bdf19147068b800d0a7ef76 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Wed, 5 Dec 2018 09:29:25 -0500
+Subject: [PATCH] avoid setting RLIMIT_AS with hardened malloc
+
+This needs to be ported to a better mechanism like memory control groups
+in order to remain compatible with hardening mechanisms based on large
+PROT_NONE address space reservations.
+
+Change-Id: Ibfb7164d764fcb9244055953bedc9a1c424cedcb
+---
+ media/libmedia/MediaUtils.cpp | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/media/libmedia/MediaUtils.cpp b/media/libmedia/MediaUtils.cpp
+index a02ca65a7..bb93e3d27 100644
+--- a/media/libmedia/MediaUtils.cpp
++++ b/media/libmedia/MediaUtils.cpp
+@@ -31,6 +31,14 @@ void limitProcessMemory(
+     size_t numberOfBytes,
+     size_t percentageOfTotalMem) {
+ 
++#ifdef __LP64__
++    // This needs to be ported to a better mechanism like memory control groups
++    // in order to remain compatible with hardening mechanisms based on large
++    // PROT_NONE address space reservations.
++    ALOGW("Running with hardened malloc implementation, skip enforcing memory limitations.");
++    return;
++#endif
++
+     long pageSize = sysconf(_SC_PAGESIZE);
+     long numPages = sysconf(_SC_PHYS_PAGES);
+     size_t maxMem = SIZE_MAX;
+-- 
+2.20.1
+

Patches/LineageOS-15.1/android_bionic/0001-HM-Use_HM.patch

@@ -0,0 +1,126 @@
+From 2fbd005f1c87938133f94b574b96caa5dbd8f3fd Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Wed, 5 Dec 2018 01:51:56 -0500
+Subject: [PATCH] add hardened_malloc library
+
+---
+ libc/Android.bp               | 45 ++++++++++++++++++++++++++++-------
+ libc/bionic/malloc_common.cpp |  5 ++++
+ 2 files changed, 41 insertions(+), 9 deletions(-)
+
+diff --git a/libc/Android.bp b/libc/Android.bp
+index c339b0451..6b3066e07 100644
+--- a/libc/Android.bp
++++ b/libc/Android.bp
+@@ -48,6 +48,8 @@ libc_common_flags = [
+     "-Werror=int-to-pointer-cast",
+     "-Werror=type-limits",
+     "-Werror",
++
++    "-DH_MALLOC_PREFIX",
+ ]
+ 
+ // Define some common cflags
+@@ -61,9 +63,17 @@ cc_defaults {
+     cppflags: [],
+     include_dirs: [
+         "bionic/libc/async_safe/include",
+-        "external/jemalloc/include",
+     ],
+ 
++    multilib: {
++        lib32: {
++            include_dirs: ["external/jemalloc/include"],
++        },
++        lib64: {
++            include_dirs: ["external/hardened_malloc/"],
++        },
++    },
++
+     stl: "none",
+     system_shared_libs: [],
+     sanitize: {
+@@ -1641,11 +1651,6 @@ cc_library_static {
+     name: "libc_ndk",
+     defaults: ["libc_defaults"],
+     srcs: libc_common_src_files + ["bionic/malloc_common.cpp"],
+-    multilib: {
+-        lib32: {
+-            srcs: libc_common_src_files_32,
+-        },
+-    },
+     arch: {
+         arm: {
+             srcs: [
+@@ -1676,9 +1681,18 @@ cc_library_static {
+         "libc_syscalls",
+         "libc_tzcode",
+         "libm",
+-        "libjemalloc",
+         "libstdc++",
+     ],
++
++    multilib: {
++        lib32: {
++            srcs: libc_common_src_files_32,
++            whole_static_libs: ["libjemalloc"],
++        },
++        lib64: {
++            whole_static_libs: ["libhardened_malloc"],
++        },
++    },
+ }
+ 
+ // ========================================================
+@@ -1755,7 +1769,11 @@ cc_library_static {
+ // ========================================================
+ cc_library_static {
+     defaults: ["libc_defaults"],
+-    srcs: ["bionic/jemalloc_wrapper.cpp"],
++    multilib: {
++        lib32: {
++            srcs: ["bionic/jemalloc_wrapper.cpp"],
++        },
++    },
+     cflags: ["-fvisibility=hidden"],
+ 
+     name: "libc_malloc",
+@@ -1814,7 +1832,16 @@ cc_library {
+     // you wanted!
+ 
+     shared_libs: ["libdl"],
+-    whole_static_libs: ["libc_common", "libjemalloc"],
++    whole_static_libs: ["libc_common"],
++
++    multilib: {
++        lib32: {
++            whole_static_libs: ["libjemalloc"],
++        },
++        lib64: {
++            whole_static_libs: ["libhardened_malloc"],
++        },
++    },
+ 
+     nocrt: true,
+ 
+diff --git a/libc/bionic/malloc_common.cpp b/libc/bionic/malloc_common.cpp
+index 1f201d1ca..06f85b40d 100644
+--- a/libc/bionic/malloc_common.cpp
++++ b/libc/bionic/malloc_common.cpp
+@@ -46,8 +46,13 @@
+ #include <private/bionic_globals.h>
+ #include <private/bionic_malloc_dispatch.h>
+ 
++#ifdef __LP64__
++#include "h_malloc.h"
++#define Malloc(function)  h_ ## function
++#else
+ #include "jemalloc.h"
+ #define Malloc(function)  je_ ## function
++#endif
+ 
+ static constexpr MallocDispatch __libc_malloc_default_dispatch
+   __attribute__((unused)) = {
+-- 
+2.20.1
+

Patches/LineageOS-16.0/android_bionic/0001-HM-Use_HM.patch

@@ -0,0 +1,124 @@
+From a0f883810d372c01632846d9bb3bd90807498fba Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Wed, 5 Dec 2018 01:51:56 -0500
+Subject: [PATCH] add hardened_malloc library
+
+---
+ libc/Android.bp               | 44 ++++++++++++++++++++++++++++-------
+ libc/bionic/malloc_common.cpp |  5 ++++
+ 2 files changed, 40 insertions(+), 9 deletions(-)
+
+diff --git a/libc/Android.bp b/libc/Android.bp
+index 6ba7cce9b..26ffc73b6 100644
+--- a/libc/Android.bp
++++ b/libc/Android.bp
+@@ -51,6 +51,8 @@ libc_common_flags = [
+     // Clang's exit-time destructor registration hides __dso_handle, but
+     // __dso_handle needs to have default visibility on ARM32. See b/73485611.
+     "-Wexit-time-destructors",
++
++    "-DH_MALLOC_PREFIX",
+ ]
+ 
+ // Define some common cflags
+@@ -64,9 +66,17 @@ cc_defaults {
+     cppflags: [],
+     include_dirs: [
+         "bionic/libc/async_safe/include",
+-        "external/jemalloc/include",
+     ],
+ 
++    multilib: {
++        lib32: {
++            include_dirs: ["external/jemalloc/include"],
++        },
++        lib64: {
++            include_dirs: ["external/hardened_malloc/"],
++        },
++    },
++
+     stl: "none",
+     system_shared_libs: [],
+     sanitize: {
+@@ -1577,11 +1587,6 @@ cc_library_static {
+     name: "libc_ndk",
+     defaults: ["libc_defaults"],
+     srcs: libc_common_src_files + ["bionic/malloc_common.cpp"],
+-    multilib: {
+-        lib32: {
+-            srcs: libc_common_src_files_32,
+-        },
+-    },
+     arch: {
+         arm: {
+             srcs: [
+@@ -1613,9 +1618,18 @@ cc_library_static {
+         "libc_syscalls",
+         "libc_tzcode",
+         "libm",
+-        "libjemalloc",
+         "libstdc++",
+     ],
++
++    multilib: {
++        lib32: {
++            srcs: libc_common_src_files_32,
++            whole_static_libs: ["libjemalloc"],
++        },
++        lib64: {
++            whole_static_libs: ["libhardened_malloc"],
++        },
++    },
+ }
+ 
+ // ========================================================
+@@ -1705,7 +1719,11 @@ cc_library_static {
+ // ========================================================
+ cc_library_static {
+     defaults: ["libc_defaults"],
+-    srcs: ["bionic/jemalloc_wrapper.cpp"],
++    multilib: {
++        lib32: {
++            srcs: ["bionic/jemalloc_wrapper.cpp"],
++        },
++    },
+     cflags: ["-fvisibility=hidden"],
+ 
+     name: "libc_malloc",
+@@ -1768,9 +1786,17 @@ cc_library {
+     ],
+     whole_static_libs: [
+         "libc_common",
+-        "libjemalloc",
+     ],
+ 
++    multilib: {
++        lib32: {
++            whole_static_libs: ["libjemalloc"],
++        },
++        lib64: {
++            whole_static_libs: ["libhardened_malloc"],
++        },
++    },
++
+     nocrt: true,
+ 
+     arch: {
+diff --git a/libc/bionic/malloc_common.cpp b/libc/bionic/malloc_common.cpp
+index 1ea4ac1a3..c86fbdaea 100644
+--- a/libc/bionic/malloc_common.cpp
++++ b/libc/bionic/malloc_common.cpp
+@@ -46,8 +46,13 @@
+ #include <private/bionic_globals.h>
+ #include <private/bionic_malloc_dispatch.h>
+ 
++#ifdef __LP64__
++#include "h_malloc.h"
++#define Malloc(function)  h_ ## function
++#else
+ #include "jemalloc.h"
+ #define Malloc(function)  je_ ## function
++#endif
+ 
+ static constexpr MallocDispatch __libc_malloc_default_dispatch
+   __attribute__((unused)) = {

Patches/LineageOS-16.0/android_frameworks_base/0007-Always_Restict_Serial.patch

@@ -0,0 +1,30 @@
+From 138790c0a2eba54f7ebb4c3b8fd5efac32559fea Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Wed, 6 Sep 2017 21:40:48 -0400
+Subject: [PATCH] always set deprecated Build.SERIAL to UNKNOWN
+
+Only support fetching the serial number via the new Build.getSerial()
+requiring the READ_PHONE_STATE permission.
+---
+ .../com/android/server/am/ActivityManagerService.java     | 8 +-------
+ 1 file changed, 1 insertion(+), 7 deletions(-)
+
+diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
+index a1d42c09133..b5b3c68d563 100644
+--- a/services/core/java/com/android/server/am/ActivityManagerService.java
++++ b/services/core/java/com/android/server/am/ActivityManagerService.java
+@@ -7762,13 +7762,7 @@ private final boolean attachApplicationLocked(IApplicationThread thread,
+                 }
+             }
+ 
+-            // We deprecated Build.SERIAL and it is not accessible to
+-            // apps that target the v2 security sandbox and to apps that
+-            // target APIs higher than O MR1. Since access to the serial
+-            // is now behind a permission we push down the value.
+-            final String buildSerial = (appInfo.targetSandboxVersion < 2
+-                    && appInfo.targetSdkVersion < Build.VERSION_CODES.P)
+-                            ? sTheRealBuildSerial : Build.UNKNOWN;
++            final String buildSerial = Build.UNKNOWN;
+ 
+             // Check if this is a secondary process that should be incorporated into some
+             // currently active instrumentation.  (Note we do this AFTER all of the profiling

Patches/LineageOS-16.0/android_frameworks_base/0008-Browser_No_Location.patch

@@ -0,0 +1,31 @@
+From 1ddf24a6dafc98fba1dade12b3701a83a74e33bc Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Sun, 17 Mar 2019 19:54:30 -0400
+Subject: [PATCH] stop auto-granting location to system browsers
+
+---
+ .../server/pm/permission/DefaultPermissionGrantPolicy.java    | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java b/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java
+index 1ae59cbea45..0b8231b1669 100644
+--- a/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java
++++ b/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java
+@@ -643,7 +643,7 @@ private void grantDefaultSystemHandlerPermissions(int userId) {
+         }
+         if (browserPackage != null
+                 && doesPackageSupportRuntimePermissions(browserPackage)) {
+-            grantRuntimePermissions(browserPackage, LOCATION_PERMISSIONS, userId);
++            //grantRuntimePermissions(browserPackage, LOCATION_PERMISSIONS, userId);
+         }
+ 
+         // Voice interaction
+@@ -1053,7 +1053,7 @@ public void grantDefaultPermissionsToDefaultBrowser(String packageName, int user
+         PackageParser.Package browserPackage = getSystemPackage(packageName);
+         if (browserPackage != null
+                 && doesPackageSupportRuntimePermissions(browserPackage)) {
+-            grantRuntimePermissions(browserPackage, LOCATION_PERMISSIONS, false, false, userId);
++            //grantRuntimePermissions(browserPackage, LOCATION_PERMISSIONS, false, false, userId);
+         }
+     }
+ 

Patches/LineageOS-16.0/android_packages_apps_Contacts/0001-No_Google_Links.patch

@@ -0,0 +1,77 @@
+From f20cd64f7015fde23744ff24a378505485a666b9 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Thu, 27 Jul 2017 17:26:39 -0400
+Subject: [PATCH] remove useless no-op privacy policy / terms of use
+
+---
+ res/xml/preference_about.xml                  | 12 --------
+ .../preference/AboutPreferenceFragment.java   | 28 -------------------
+ 2 files changed, 40 deletions(-)
+
+diff --git a/res/xml/preference_about.xml b/res/xml/preference_about.xml
+index a109db68e..6b31d238f 100644
+--- a/res/xml/preference_about.xml
++++ b/res/xml/preference_about.xml
+@@ -25,16 +25,4 @@
+             android:key="@string/pref_open_source_licenses_key"
+             android:title="@string/about_open_source_licenses"
+             android:summary="@string/about_open_source_licenses_summary"/>
+-
+-    <Preference
+-            android:icon="@null"
+-            android:key="@string/pref_privacy_policy_key"
+-            android:title="@string/about_privacy_policy">
+-    </Preference>
+-
+-    <Preference
+-            android:icon="@null"
+-            android:key="@string/pref_terms_of_service_key"
+-            android:title="@string/about_terms_of_service">
+-    </Preference>
+ </PreferenceScreen>
+diff --git a/src/com/android/contacts/preference/AboutPreferenceFragment.java b/src/com/android/contacts/preference/AboutPreferenceFragment.java
+index 378948033..721ab0460 100644
+--- a/src/com/android/contacts/preference/AboutPreferenceFragment.java
++++ b/src/com/android/contacts/preference/AboutPreferenceFragment.java
+@@ -34,10 +34,6 @@
+  * This fragment shows the preferences for "about".
+  */
+ public class AboutPreferenceFragment extends PreferenceFragment {
+-
+-    public static final String PRIVACY_POLICY_URL = "http://www.google.com/policies/privacy";
+-    public static final String TERMS_OF_SERVICE_URL = "http://www.google.com/policies/terms";
+-
+     public static AboutPreferenceFragment newInstance() {
+         return new AboutPreferenceFragment();
+     }
+@@ -63,30 +59,6 @@ public void onCreate(Bundle savedInstanceState) {
+         final Preference licensePreference = findPreference(
+                 getString(R.string.pref_open_source_licenses_key));
+         licensePreference.setIntent(new Intent(getActivity(), LicenseActivity.class));
+-
+-        final Preference privacyPolicyPreference = findPreference("pref_privacy_policy");
+-        final Preference termsOfServicePreference = findPreference("pref_terms_of_service");
+-
+-        final Preference.OnPreferenceClickListener listener =
+-                new Preference.OnPreferenceClickListener() {
+-            @Override
+-            public boolean onPreferenceClick(Preference preference) {
+-                try {
+-                    if (preference == privacyPolicyPreference) {
+-                        startActivityForUrl(PRIVACY_POLICY_URL);
+-                    } else if (preference == termsOfServicePreference) {
+-                        startActivityForUrl(TERMS_OF_SERVICE_URL);
+-                    }
+-                } catch (ActivityNotFoundException ex) {
+-                    Toast.makeText(getContext(), getString(R.string.url_open_error_toast),
+-                            Toast.LENGTH_SHORT).show();
+-                }
+-                return true;
+-            }
+-        };
+-
+-        privacyPolicyPreference.setOnPreferenceClickListener(listener);
+-        termsOfServicePreference.setOnPreferenceClickListener(listener);
+     }
+ 
+     @Override

Patches/LineageOS-16.0/android_system_extras/0001-ext4_pad_filenames.patch

@@ -0,0 +1,66 @@
+From d0715a364f5a6f366cbd3582b01d21a22a0a0ca2 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Thu, 15 Dec 2016 17:22:41 -0500
+Subject: [PATCH] ext4_crypt: pad filenames to 32 bytes, not 16 or 4
+
+This is done in a way that's backwards compatible with old installations
+by leaving them with the previous padding settings until factory reset.
+---
+ ext4_utils/ext4_crypt.cpp | 23 +++++++++++++++++++++--
+ 1 file changed, 21 insertions(+), 2 deletions(-)
+
+diff --git a/ext4_utils/ext4_crypt.cpp b/ext4_utils/ext4_crypt.cpp
+index 36fe11f7..c5d5fde2 100644
+--- a/ext4_utils/ext4_crypt.cpp
++++ b/ext4_utils/ext4_crypt.cpp
+@@ -133,7 +133,7 @@ static bool is_dir_empty(const char *dirname, bool *is_empty)
+     return true;
+ }
+ 
+-static uint8_t e4crypt_get_policy_flags(int filenames_encryption_mode) {
++static uint8_t e4crypt_get_policy_flags_old(int filenames_encryption_mode) {
+     if (filenames_encryption_mode == EXT4_ENCRYPTION_MODE_AES_256_CTS) {
+         // Use legacy padding with our original filenames encryption mode.
+         return EXT4_POLICY_FLAGS_PAD_4;
+@@ -145,6 +145,15 @@ static uint8_t e4crypt_get_policy_flags(int filenames_encryption_mode) {
+     return EXT4_POLICY_FLAGS_PAD_16;
+ }
+ 
++static uint8_t e4crypt_get_policy_flags(int filenames_encryption_mode) {
++    return EXT4_POLICY_FLAGS_PAD_32;
++}
++
++static bool e4crypt_policy_check(const char *directory, const char *policy,
++                                 size_t policy_length,
++                                 int contents_encryption_mode,
++                                 int filenames_encryption_mode);
++
+ static bool e4crypt_policy_set(const char *directory, const char *policy,
+                                size_t policy_length,
+                                int contents_encryption_mode,
+@@ -163,6 +172,14 @@ static bool e4crypt_policy_set(const char *directory, const char *policy,
+     }
+ 
+     ext4_encryption_policy eep;
++    memset(&eep, 0, sizeof(ext4_encryption_policy));
++
++    if (ioctl(fd, EXT4_IOC_GET_ENCRYPTION_POLICY, &eep) == 0) {
++        close(fd);
++        return e4crypt_policy_check(directory, policy, policy_length,
++                                    contents_encryption_mode, filenames_encryption_mode);
++    }
++
+     eep.version = 0;
+     eep.contents_encryption_mode = contents_encryption_mode;
+     eep.filenames_encryption_mode = filenames_encryption_mode;
+@@ -210,7 +227,9 @@ static bool e4crypt_policy_get(const char *directory, char *policy,
+             || (eep.contents_encryption_mode != contents_encryption_mode)
+             || (eep.filenames_encryption_mode != filenames_encryption_mode)
+             || (eep.flags !=
+-                e4crypt_get_policy_flags(filenames_encryption_mode))) {
++                e4crypt_get_policy_flags(filenames_encryption_mode) &&
++                eep.flags !=
++                e4crypt_get_policy_flags_old(filenames_encryption_mode))) {
+         LOG(ERROR) << "Failed to find matching encryption policy for " << directory;
+         return false;
+     }

Scripts/LineageOS-14.1/Patch.sh

@@ -62,6 +62,9 @@ gpgVerifyDirectory "$DOS_PREBUILT_APPS""android_vendor_FDroid_PrebuiltApps/packa
 cp -r "$DOS_PREBUILT_APPS""android_vendor_FDroid_PrebuiltApps/." "$DOS_BUILD_BASE""vendor/fdroid_prebuilt/"; #Add the prebuilt apps
 cp -r "$DOS_PATCHES_COMMON""android_vendor_divested/." "$DOS_BUILD_BASE""vendor/divested/"; #Add our vendor files
 
+enterAndClear "bionic";
+if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_bionic/0001-HM-Use_HM.patch"; fi;
+
 enterAndClear "bootable/recovery";
 patch -p1 < "$DOS_PATCHES/android_bootable_recovery/0001-Squash_Menus.patch"; #What's a back button?
 
@@ -76,6 +79,9 @@ patch -p1 < "$DOS_PATCHES/android_device_qcom_sepolicy/0001-Camera_Fix.patch"; #
 enterAndClear "external/sqlite";
 patch -p1 < "$DOS_PATCHES/android_external_sqlite/0001-Secure_Delete.patch"; #Enable secure_delete by default (CopperheadOS-13.0)
 
+enterAndClear "frameworks/av";
+if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch"; fi;
+
 enterAndClear "frameworks/base";
 hardenLocationFWB "$DOS_BUILD_BASE";
 git revert 0326bb5e41219cf502727c3aa44ebf2daa19a5b3; #re-enable doze on devices without gms
@@ -155,6 +161,7 @@ enterAndClear "system/core";
 if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file
 git revert 0217dddeb5c16903c13ff6c75213619b79ea622b d7aa1231b6a0631f506c0c23816f2cd81645b15f; #Always update recovery XXX: This doesn't seem to work
 patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden_Mounts.patch"; #Harden mounts with nodev/noexec/nosuid (CopperheadOS-13.0)
+if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_system_core/0001-HM-Increase_vm_mmc.patch"; fi;
 
 enterAndClear "system/sepolicy";
 patch -p1 < "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch"; #Fix -user builds for LGE devices

Scripts/LineageOS-15.1/Patch.sh

@@ -62,6 +62,9 @@ gpgVerifyDirectory "$DOS_PREBUILT_APPS""android_vendor_FDroid_PrebuiltApps/packa
 cp -r "$DOS_PREBUILT_APPS""android_vendor_FDroid_PrebuiltApps/." "$DOS_BUILD_BASE""vendor/fdroid_prebuilt/"; #Add the prebuilt apps
 cp -r "$DOS_PATCHES_COMMON""android_vendor_divested/." "$DOS_BUILD_BASE""vendor/divested/"; #Add our vendor files
 
+enterAndClear "bionic";
+if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_bionic/0001-HM-Use_HM.patch"; fi;
+
 enterAndClear "build/make";
 patch -p1 < "$DOS_PATCHES/android_build/0001-Automated_Build_Signing.patch"; #Automated build signing (CopperheadOS-13.0)
 awk -i inplace '!/PRODUCT_EXTRA_RECOVERY_KEYS/' core/product.mk;
@@ -78,6 +81,9 @@ patch -p1 < "$DOS_PATCHES/android_device_qcom_sepolicy/0001-Camera_Fix.patch"; #
 enterAndClear "external/svox";
 git revert 1419d63b4889a26d22443fd8df1f9073bf229d3d; #Add back Makefiles
 
+enterAndClear "frameworks/av";
+if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch"; fi;
+
 enterAndClear "frameworks/base";
 hardenLocationFWB "$DOS_BUILD_BASE";
 sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox
@@ -151,6 +157,7 @@ enterAndClear "system/core";
 if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file
 git revert a6a4ce8e9a6d63014047a447c6bb3ac1fa90b3f4; #Always update recovery
 patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden_Mounts.patch"; #Harden mounts with nodev/noexec/nosuid (CopperheadOS-13.0)
+if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_system_core/0001-HM-Increase_vm_mmc.patch"; fi;
 
 enterAndClear "system/sepolicy";
 patch -p1 < "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch"; #Fix -user builds for LGE devices

Scripts/LineageOS-16.0/Patch.sh

@@ -62,6 +62,9 @@ gpgVerifyDirectory "$DOS_PREBUILT_APPS""android_vendor_FDroid_PrebuiltApps/packa
 cp -r "$DOS_PREBUILT_APPS""android_vendor_FDroid_PrebuiltApps/." "$DOS_BUILD_BASE""vendor/fdroid_prebuilt/"; #Add the prebuilt apps
 cp -r "$DOS_PATCHES_COMMON""android_vendor_divested/." "$DOS_BUILD_BASE""vendor/divested/"; #Add our vendor files
 
+enterAndClear "bionic";
+if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_bionic/0001-HM-Use_HM.patch"; fi;
+
 enterAndClear "build/make";
 git revert 271f6ffa045064abcac066e97f2cb53ccb3e5126 61f7ee9386be426fd4eadc2c8759362edb5bef8; #Add back PicoTTS and language files
 patch -p1 < "$DOS_PATCHES/android_build/0001-Automated_Build_Signing.patch"; #Automated build signing (CopperheadOS-13.0)
@@ -78,6 +81,9 @@ sed -i '12iLOCAL_SDK_VERSION := current' pico/Android.mk; #Fix build under Pie
 sed -i 's/about to delete/unable to delete/' pico/src/com/svox/pico/LangPackUninstaller.java;
 awk -i inplace '!/deletePackage/' pico/src/com/svox/pico/LangPackUninstaller.java;
 
+enterAndClear "frameworks/av";
+if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch"; fi;
+
 enterAndClear "frameworks/base";
 hardenLocationFWB "$DOS_BUILD_BASE";
 sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox
@@ -88,6 +94,8 @@ if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then patch -p1 < "$DOS_PATCHES/android_f
 changeDefaultDNS;
 #patch -p1 < "$DOS_PATCHES/android_frameworks_base/0005-Connectivity.patch"; #Change connectivity check URLs to ours
 patch -p1 < "$DOS_PATCHES/android_frameworks_base/0006-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries
+patch -p1 < "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #always restrict access to Build.SERIAL
+patch -p1 < "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #don't grant location permission to system browsers
 rm -rf packages/PrintRecommendationService; #App that just creates popups to install proprietary print apps
 
 if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then
@@ -114,6 +122,9 @@ enterAndClear "lineage-sdk";
 awk -i inplace '!/LineageWeatherManagerService/' lineage/res/res/values/config.xml; #Disable Weather
 if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then awk -i inplace '!/LineageAudioService/' lineage/res/res/values/config.xml; fi;
 
+enterAndClear "packages/apps/Contacts";
+patch -p1 < "$DOS_PATCHES/android_packages_apps_Contacts/0001-No_Google_Links.patch"; #Remove Privacy Policy and Terms of Service links
+
 enterAndClear "packages/apps/LineageParts";
 rm -rf src/org/lineageos/lineageparts/lineagestats/ res/xml/anonymous_stats.xml res/xml/preview_data.xml; #Nuke part of the analytics
 patch -p1 < "$DOS_PATCHES/android_packages_apps_LineageParts/0001-Remove_Analytics.patch"; #Remove analytics
@@ -149,10 +160,14 @@ enterAndClear "packages/services/Telephony";
 patch -p1 < "$DOS_PATCHES/android_packages_services_Telephony/0001-PREREQ_Handle_All_Modes.patch";
 patch -p1 < "$DOS_PATCHES/android_packages_services_Telephony/0002-More_Preferred_Network_Modes.patch";
 
+enterAndClear "system/extras"
+patch -p1 < "$DOS_PATCHES/android_system_extras/0001-ext4_pad_filenames.patch"; #FBE: pad filenames more
+
 enterAndClear "system/core";
 if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file
 #git revert b3609d82999d23634c5e6db706a3ecbc5348309a; #Always update recovery XXX: Wait until recovery-p topic is merged
 patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden_Mounts.patch"; #Harden mounts with nodev/noexec/nosuid (CopperheadOS-13.0)
+if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_system_core/0001-HM-Increase_vm_mmc.patch"; fi;
 
 enterAndClear "system/sepolicy";
 git revert 4c9031e4e2f45db3531d0bc602b2d9c9407a2d16; #neverallow

Scripts/init.sh

@@ -34,6 +34,7 @@ export DOS_DEBLOBBER_REMOVE_IPA=false; #Set true to remove all IPA blobs
 export DOS_DEBLOBBER_REMOVE_IR=false; #Set true to remove all IR blobs
 export DOS_DEBLOBBER_REPLACE_TIME=false; #Set true to replace Qualcomm Time Services with the open source Sony TimeKeep reimplementation #TODO: Needs work
 
+export DOS_GRAPHENE_MALLOC=true; #Enables use of GrapheneOS' hardened memory allocator on 64-bit platforms
 export DOS_GPS_GLONASS_FORCED=true; #Enables GLONASS on all devices
 export DOS_HOSTS_BLOCKING=true; #Switch to false to prevent inclusion of our HOSTS file
 export DOS_HOSTS_BLOCKING_APP="DNS66"; #App installed when built-in blocking is disabled. Options: Blokada, DNS66