15.1: switch to latest hardened_malloc revision and enable it

verified working on bullhead via:
- top
- /proc/self/maps with -DLABEL_MEMORY
- Sanitizer Test App and logcat

Signed-off-by: Tavi <tavi@divested.dev>

Logs/resetWorkspace-LineageOS-15.1.txt

@@ -68,7 +68,7 @@ external/caliper 4a0d9aba0856d0aa965d5653bfa4c138f0e8a8ba
 external/cblas d063db8bdddfcde61e4bad3bfe65941fd73e8094
 external/chromium-libpac 0ac78251d11006d764ba1aad8cc0867827fafe5c
 external/chromium-trace 8b2c0074e71a8086dee98ca8730acfdc5eddf7a1
-external/chromium-webview 24b9f0130e044adf811867666dd967e5081398bc
+external/chromium-webview 7a167062342c2f6dc6b6a152dd1021735287d0b9
 external/clang 751a76679b0fb5798ea6cab75906df07edcab315
 external/cmockery 9199c7bfafefea32d1884182fa655b6e4578c1c4
 external/compiler-rt 0c46c9e892a3f68420635032ef2f6152dabd197c

Manifests/Manifest_LAOS-15.1.xml

@@ -79,8 +79,8 @@
 <!-- END OF BRANCH SWITCHING -->
 
 <!-- START OF ADDITIONAL REPOS -->
-	<!-- GrapheneOS
-	<project path="external/hardened_malloc" name="GrapheneOS/hardened_malloc" remote="github" revision="464bfd4d829927f19fd5d2729a101ee241319d1e" /> -->
+	<!-- GrapheneOS -->
+	<project path="external/hardened_malloc" name="GrapheneOS/hardened_malloc" remote="github" revision="749640c274d54e084505a24fa758bcb5f96a25ef" />
 <!-- END OF ADDITIONAL REPOS -->
 
 <!-- START OF DEVICE REPOS -->

Patches/LineageOS-15.1/android_bionic/0002-Add_M_PURGE.patch

@@ -0,0 +1,53 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Tim Murray <timmurray@google.com>
+Date: Mon, 15 Oct 2018 16:26:56 -0700
+Subject: [PATCH 1/2] malloc: add M_PURGE mallopt flag
+
+Add a new mallopt flag that purges any pending decaying pages.
+
+Test: boots and works
+bug 117795621
+
+Merged-in: Ib250ae2b705b6a368c1efb801d6a7be54e075acb
+Change-Id: Ib250ae2b705b6a368c1efb801d6a7be54e075acb
+(cherry picked from commit 8a07791fbff0dd014ce5da8d88969d09cd3dcf0b)
+---
+ libc/bionic/jemalloc_wrapper.cpp | 12 ++++++++++++
+ libc/include/malloc.h            |  1 +
+ 2 files changed, 13 insertions(+)
+
+diff --git a/libc/bionic/jemalloc_wrapper.cpp b/libc/bionic/jemalloc_wrapper.cpp
+index 266b9660c..b4678d008 100644
+--- a/libc/bionic/jemalloc_wrapper.cpp
++++ b/libc/bionic/jemalloc_wrapper.cpp
+@@ -79,6 +79,18 @@ int je_mallopt(int param, int value) {
+       }
+     }
+     return 1;
++  } else if (param == M_PURGE) {
++    unsigned narenas;
++    size_t sz = sizeof(unsigned);
++    if (je_mallctl("arenas.narenas", &narenas, &sz, nullptr, 0) != 0) {
++      return 0;
++    }
++    char buffer[100];
++    snprintf(buffer, sizeof(buffer), "arena.%u.purge", narenas);
++    if (je_mallctl(buffer, nullptr, nullptr, nullptr, 0) != 0) {
++      return 0;
++    }
++    return 1;
+   }
+   return 0;
+ }
+diff --git a/libc/include/malloc.h b/libc/include/malloc.h
+index db5da04c5..9a30b35b7 100644
+--- a/libc/include/malloc.h
++++ b/libc/include/malloc.h
+@@ -79,6 +79,7 @@ int malloc_info(int, FILE*) __INTRODUCED_IN(23);
+ 
+ /* mallopt options */
+ #define M_DECAY_TIME -100
++#define M_PURGE -101
+ 
+ int mallopt(int, int) __INTRODUCED_IN(26);
+ 

Patches/LineageOS-15.1/android_bionic/0003-Add_random.h.patch

@@ -0,0 +1,548 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Elliott Hughes <enh@google.com>
+Date: Wed, 27 Sep 2017 16:33:35 -0700
+Subject: [PATCH] Add <sys/random.h>.
+
+iOS 10 has <sys/random.h> with getentropy, glibc >= 2.25 has
+<sys/random.h> with getentropy and getrandom. (glibc also pollutes
+<unistd.h>, but that seems like a bad idea.)
+
+Also, all supported devices now have kernels with the getrandom system
+call.
+
+We've had these available internally for a while, but it seems like the
+time is ripe to expose them.
+
+Bug: http://b/67014255
+Test: ran tests
+Change-Id: I76dde1e3a2d0bc82777eea437ac193f96964f138
+---
+ libc/SECCOMP_WHITELIST.TXT                    |   1 -
+ libc/SYSCALLS.TXT                             |   3 +
+ libc/arch-arm/syscalls/getrandom.S            |  16 +++
+ libc/arch-arm64/syscalls/getrandom.S          |  14 ++
+ libc/arch-mips/syscalls/getrandom.S           |  19 +++
+ libc/arch-mips64/syscalls/getrandom.S         |  25 ++++
+ libc/arch-x86/syscalls/getrandom.S            |  39 ++++++
+ libc/arch-x86_64/syscalls/getrandom.S         |  15 +++
+ libc/include/sys/random.h                     |  47 +++++++
+ libc/libc.arm.map                             |   2 +
+ libc/libc.arm64.map                           |   2 +
+ libc/libc.map.txt                             |   2 +
+ libc/libc.mips.map                            |   2 +
+ libc/libc.mips64.map                          |   2 +
+ libc/libc.x86.map                             |   2 +
+ libc/libc.x86_64.map                          |   2 +
+ .../android/include/openbsd-compat.h          |  10 +-
+ tests/Android.bp                              |   1 +
+ tests/sys_random_test.cpp                     | 120 ++++++++++++++++++
+ 19 files changed, 319 insertions(+), 5 deletions(-)
+ create mode 100644 libc/arch-arm/syscalls/getrandom.S
+ create mode 100644 libc/arch-arm64/syscalls/getrandom.S
+ create mode 100644 libc/arch-mips/syscalls/getrandom.S
+ create mode 100644 libc/arch-mips64/syscalls/getrandom.S
+ create mode 100644 libc/arch-x86/syscalls/getrandom.S
+ create mode 100644 libc/arch-x86_64/syscalls/getrandom.S
+ create mode 100644 libc/include/sys/random.h
+ create mode 100644 tests/sys_random_test.cpp
+
+diff --git a/libc/SECCOMP_WHITELIST.TXT b/libc/SECCOMP_WHITELIST.TXT
+index 0b9dad3ff..f36b29032 100644
+--- a/libc/SECCOMP_WHITELIST.TXT
++++ b/libc/SECCOMP_WHITELIST.TXT
+@@ -35,7 +35,6 @@ int	clone:clone(int (*fn)(void *), void *child_stack, int flags, void *arg, ..)
+ int	rt_sigreturn:rt_sigreturn(unsigned long __unused)	all
+ int	rt_tgsigqueueinfo:int rt_tgsigqueueinfo(pid_t tgid, pid_t tid, int sig, siginfo_t *uinfo)	all
+ int	restart_syscall:int restart_syscall()	all
+-int	getrandom:int getrandom(void *buf, size_t buflen, unsigned int flags) all
+ int	fstatat64|fstatat:newfstatat(int, const char*, struct stat*, int)	mips64
+ int	fstat64|fstat:fstat(int, struct stat*)	mips64
+ int	_flush_cache:cacheflush(char* addr, const int nbytes, const int op)	mips64
+diff --git a/libc/SYSCALLS.TXT b/libc/SYSCALLS.TXT
+index d674630ac..2070de7b5 100644
+--- a/libc/SYSCALLS.TXT
++++ b/libc/SYSCALLS.TXT
+@@ -352,3 +352,6 @@ int     __set_thread_area:set_thread_area(void*) x86
+ # vdso stuff.
+ int __clock_gettime:clock_gettime(clockid_t, timespec*) all
+ int __gettimeofday:gettimeofday(timeval*, timezone*) all
++
++# <sys/random.h>
++ssize_t getrandom(void*, size_t, unsigned) all
+diff --git a/libc/arch-arm/syscalls/getrandom.S b/libc/arch-arm/syscalls/getrandom.S
+new file mode 100644
+index 000000000..3f28af6f0
+--- /dev/null
++++ b/libc/arch-arm/syscalls/getrandom.S
+@@ -0,0 +1,16 @@
++/* Generated by gensyscalls.py. Do not edit. */
++
++#include <private/bionic_asm.h>
++
++ENTRY(getrandom)
++    mov     ip, r7
++    .cfi_register r7, ip
++    ldr     r7, =__NR_getrandom
++    swi     #0
++    mov     r7, ip
++    .cfi_restore r7
++    cmn     r0, #(MAX_ERRNO + 1)
++    bxls    lr
++    neg     r0, r0
++    b       __set_errno_internal
++END(getrandom)
+diff --git a/libc/arch-arm64/syscalls/getrandom.S b/libc/arch-arm64/syscalls/getrandom.S
+new file mode 100644
+index 000000000..c8fe41ffd
+--- /dev/null
++++ b/libc/arch-arm64/syscalls/getrandom.S
+@@ -0,0 +1,14 @@
++/* Generated by gensyscalls.py. Do not edit. */
++
++#include <private/bionic_asm.h>
++
++ENTRY(getrandom)
++    mov     x8, __NR_getrandom
++    svc     #0
++
++    cmn     x0, #(MAX_ERRNO + 1)
++    cneg    x0, x0, hi
++    b.hi    __set_errno_internal
++
++    ret
++END(getrandom)
+diff --git a/libc/arch-mips/syscalls/getrandom.S b/libc/arch-mips/syscalls/getrandom.S
+new file mode 100644
+index 000000000..7a2f3b978
+--- /dev/null
++++ b/libc/arch-mips/syscalls/getrandom.S
+@@ -0,0 +1,19 @@
++/* Generated by gensyscalls.py. Do not edit. */
++
++#include <private/bionic_asm.h>
++
++ENTRY(getrandom)
++    .set noreorder
++    .cpload t9
++    li v0, __NR_getrandom
++    syscall
++    bnez a3, 1f
++    move a0, v0
++    j ra
++    nop
++1:
++    la t9,__set_errno_internal
++    j t9
++    nop
++    .set reorder
++END(getrandom)
+diff --git a/libc/arch-mips64/syscalls/getrandom.S b/libc/arch-mips64/syscalls/getrandom.S
+new file mode 100644
+index 000000000..3c5b4673f
+--- /dev/null
++++ b/libc/arch-mips64/syscalls/getrandom.S
+@@ -0,0 +1,25 @@
++/* Generated by gensyscalls.py. Do not edit. */
++
++#include <private/bionic_asm.h>
++
++ENTRY(getrandom)
++    .set push
++    .set noreorder
++    li v0, __NR_getrandom
++    syscall
++    bnez a3, 1f
++    move a0, v0
++    j ra
++    nop
++1:
++    move t0, ra
++    bal     2f
++    nop
++2:
++    .cpsetup ra, t1, 2b
++    LA t9,__set_errno_internal
++    .cpreturn
++    j t9
++    move ra, t0
++    .set pop
++END(getrandom)
+diff --git a/libc/arch-x86/syscalls/getrandom.S b/libc/arch-x86/syscalls/getrandom.S
+new file mode 100644
+index 000000000..2e8ebc955
+--- /dev/null
++++ b/libc/arch-x86/syscalls/getrandom.S
+@@ -0,0 +1,39 @@
++/* Generated by gensyscalls.py. Do not edit. */
++
++#include <private/bionic_asm.h>
++
++ENTRY(getrandom)
++    pushl   %ebx
++    .cfi_def_cfa_offset 8
++    .cfi_rel_offset ebx, 0
++    pushl   %ecx
++    .cfi_adjust_cfa_offset 4
++    .cfi_rel_offset ecx, 0
++    pushl   %edx
++    .cfi_adjust_cfa_offset 4
++    .cfi_rel_offset edx, 0
++
++    call    __kernel_syscall
++    pushl   %eax
++    .cfi_adjust_cfa_offset 4
++    .cfi_rel_offset eax, 0
++
++    mov     20(%esp), %ebx
++    mov     24(%esp), %ecx
++    mov     28(%esp), %edx
++    movl    $__NR_getrandom, %eax
++    call    *(%esp)
++    addl    $4, %esp
++
++    cmpl    $-MAX_ERRNO, %eax
++    jb      1f
++    negl    %eax
++    pushl   %eax
++    call    __set_errno_internal
++    addl    $4, %esp
++1:
++    popl    %edx
++    popl    %ecx
++    popl    %ebx
++    ret
++END(getrandom)
+diff --git a/libc/arch-x86_64/syscalls/getrandom.S b/libc/arch-x86_64/syscalls/getrandom.S
+new file mode 100644
+index 000000000..c5e44a966
+--- /dev/null
++++ b/libc/arch-x86_64/syscalls/getrandom.S
+@@ -0,0 +1,15 @@
++/* Generated by gensyscalls.py. Do not edit. */
++
++#include <private/bionic_asm.h>
++
++ENTRY(getrandom)
++    movl    $__NR_getrandom, %eax
++    syscall
++    cmpq    $-MAX_ERRNO, %rax
++    jb      1f
++    negl    %eax
++    movl    %eax, %edi
++    call    __set_errno_internal
++1:
++    ret
++END(getrandom)
+diff --git a/libc/include/sys/random.h b/libc/include/sys/random.h
+new file mode 100644
+index 000000000..34756520e
+--- /dev/null
++++ b/libc/include/sys/random.h
+@@ -0,0 +1,47 @@
++/*
++ * Copyright (C) 2017 The Android Open Source Project
++ * All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *  * Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer.
++ *  * Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
++ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
++ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
++ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
++ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
++ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
++ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
++ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
++ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
++ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
++ * SUCH DAMAGE.
++ */
++
++#ifndef _SYS_RANDOM_H_
++#define _SYS_RANDOM_H_
++
++#include <sys/cdefs.h>
++#include <sys/types.h>
++
++#include <linux/random.h>
++
++__BEGIN_DECLS
++
++/* See also arc4random_buf in <stdlib.h>, which is available in all API levels. */
++
++int getentropy(void* __buffer, size_t __buffer_size) __wur __INTRODUCED_IN_FUTURE;
++
++ssize_t getrandom(void* __buffer, size_t __buffer_size, unsigned int __flags) __wur __INTRODUCED_IN_FUTURE;
++
++__END_DECLS
++
++#endif
+diff --git a/libc/libc.arm.map b/libc/libc.arm.map
+index a4212dda7..aa66b4d61 100644
+--- a/libc/libc.arm.map
++++ b/libc/libc.arm.map
+@@ -1532,6 +1532,8 @@ LIBC_PRIVATE {
+     vfdprintf; # arm x86 mips
+     wait3; # arm x86 mips
+     wcswcs; # arm x86 mips
++    getentropy; # future
++    getrandom; # future
+ } LIBC_O;
+ 
+ LIBC_DEPRECATED {
+diff --git a/libc/libc.arm64.map b/libc/libc.arm64.map
+index bf0341ad2..6a34fb533 100644
+--- a/libc/libc.arm64.map
++++ b/libc/libc.arm64.map
+@@ -1249,6 +1249,8 @@ LIBC_PRIVATE {
+     free_malloc_leak_info;
+     get_malloc_leak_info;
+     gMallocLeakZygoteChild;
++    getentropy; # future
++    getrandom; # future
+ } LIBC_O;
+ 
+ LIBC_DEPRECATED {
+diff --git a/libc/libc.map.txt b/libc/libc.map.txt
+index c271a57e4..d740fe764 100644
+--- a/libc/libc.map.txt
++++ b/libc/libc.map.txt
+@@ -1558,6 +1558,8 @@ LIBC_PRIVATE {
+     vfdprintf; # arm x86 mips
+     wait3; # arm x86 mips
+     wcswcs; # arm x86 mips
++    getentropy; # future
++    getrandom; # future
+ } LIBC_O;
+ 
+ LIBC_DEPRECATED {
+diff --git a/libc/libc.mips.map b/libc/libc.mips.map
+index 214c7f506..385606c64 100644
+--- a/libc/libc.mips.map
++++ b/libc/libc.mips.map
+@@ -1373,6 +1373,8 @@ LIBC_PRIVATE {
+     vfdprintf; # arm x86 mips
+     wait3; # arm x86 mips
+     wcswcs; # arm x86 mips
++    getentropy; # future
++    getrandom; # future
+ } LIBC_O;
+ 
+ LIBC_DEPRECATED {
+diff --git a/libc/libc.mips64.map b/libc/libc.mips64.map
+index bf0341ad2..6a34fb533 100644
+--- a/libc/libc.mips64.map
++++ b/libc/libc.mips64.map
+@@ -1249,6 +1249,8 @@ LIBC_PRIVATE {
+     free_malloc_leak_info;
+     get_malloc_leak_info;
+     gMallocLeakZygoteChild;
++    getentropy; # future
++    getrandom; # future
+ } LIBC_O;
+ 
+ LIBC_DEPRECATED {
+diff --git a/libc/libc.x86.map b/libc/libc.x86.map
+index 145b64ebf..2b29d3e51 100644
+--- a/libc/libc.x86.map
++++ b/libc/libc.x86.map
+@@ -1372,6 +1372,8 @@ LIBC_PRIVATE {
+     vfdprintf; # arm x86 mips
+     wait3; # arm x86 mips
+     wcswcs; # arm x86 mips
++    getentropy; # future
++    getrandom; # future
+ } LIBC_O;
+ 
+ LIBC_DEPRECATED {
+diff --git a/libc/libc.x86_64.map b/libc/libc.x86_64.map
+index bf0341ad2..6a34fb533 100644
+--- a/libc/libc.x86_64.map
++++ b/libc/libc.x86_64.map
+@@ -1249,6 +1249,8 @@ LIBC_PRIVATE {
+     free_malloc_leak_info;
+     get_malloc_leak_info;
+     gMallocLeakZygoteChild;
++    getentropy; # future
++    getrandom; # future
+ } LIBC_O;
+ 
+ LIBC_DEPRECATED {
+diff --git a/libc/upstream-openbsd/android/include/openbsd-compat.h b/libc/upstream-openbsd/android/include/openbsd-compat.h
+index 1e433beef..dbc2db44c 100644
+--- a/libc/upstream-openbsd/android/include/openbsd-compat.h
++++ b/libc/upstream-openbsd/android/include/openbsd-compat.h
+@@ -18,10 +18,15 @@
+ #define _BIONIC_OPENBSD_COMPAT_H_included
+ 
+ #define _BSD_SOURCE
+-
+ #include <sys/cdefs.h>
++
+ #include <stddef.h> // For size_t.
+ 
++// TODO: libandroid_support uses this file, so we need to wait for
++// <sys/random.h> to be in the NDK headers before we can lose this declaration.
++//#include <sys/random.h> // For getentropy.
++int getentropy(void*, size_t);
++
+ #define __BEGIN_HIDDEN_DECLS _Pragma("GCC visibility push(hidden)")
+ #define __END_HIDDEN_DECLS _Pragma("GCC visibility pop")
+ 
+@@ -74,9 +79,6 @@ extern const char* __progname;
+ __LIBC_HIDDEN__ extern const char* __bionic_get_shell_path();
+ #define _PATH_BSHELL __bionic_get_shell_path()
+ 
+-/* We have OpenBSD's getentropy_linux.c, but we don't mention getentropy in any header. */
+-__LIBC_HIDDEN__ extern int getentropy(void*, size_t);
+-
+ /* OpenBSD has this as API, but we just use it internally. */
+ __LIBC_HIDDEN__ void* reallocarray(void*, size_t, size_t);
+ 
+diff --git a/tests/Android.bp b/tests/Android.bp
+index 29204b558..b120ac3cc 100644
+--- a/tests/Android.bp
++++ b/tests/Android.bp
+@@ -121,6 +121,7 @@ cc_test_library {
+         "sys_procfs_test.cpp",
+         "sys_ptrace_test.cpp",
+         "sys_quota_test.cpp",
++        "sys_random_test.cpp",
+         "sys_resource_test.cpp",
+         "sys_select_test.cpp",
+         "sys_sem_test.cpp",
+diff --git a/tests/sys_random_test.cpp b/tests/sys_random_test.cpp
+new file mode 100644
+index 000000000..a25490c67
+--- /dev/null
++++ b/tests/sys_random_test.cpp
+@@ -0,0 +1,120 @@
++/*
++ * Copyright (C) 2017 The Android Open Source Project
++ *
++ * Licensed under the Apache License, Version 2.0 (the "License");
++ * you may not use this file except in compliance with the License.
++ * You may obtain a copy of the License at
++ *
++ *      http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ */
++
++// <sys/random.h> was only added as of glibc version 2.25.
++// Don't try to compile this code on older glibc versions.
++
++#include <sys/cdefs.h>
++#if defined(__BIONIC__)
++  #define HAVE_SYS_RANDOM 1
++#elif defined(__GLIBC_PREREQ)
++  #if __GLIBC_PREREQ(2, 25)
++    #define HAVE_SYS_RANDOM 1
++  #endif
++#endif
++
++
++#if defined(HAVE_SYS_RANDOM)
++#include <sys/random.h>
++#endif
++
++#include <errno.h>
++#include <gtest/gtest.h>
++
++TEST(sys_random, getentropy) {
++#if defined(HAVE_SYS_RANDOM)
++  char buf1[64];
++  char buf2[64];
++
++  ASSERT_EQ(0, getentropy(buf1, sizeof(buf1)));
++  ASSERT_EQ(0, getentropy(buf2, sizeof(buf2)));
++  ASSERT_TRUE(memcmp(buf1, buf2, sizeof(buf1)) != 0);
++#else
++  GTEST_LOG_(INFO) << "This test requires a C library with <sys/random.h>.\n";
++#endif
++}
++
++TEST(sys_random, getentropy_EFAULT) {
++#if defined(HAVE_SYS_RANDOM)
++  errno = 0;
++  ASSERT_EQ(-1, getentropy(nullptr, 1));
++  ASSERT_EQ(EFAULT, errno);
++#else
++  GTEST_LOG_(INFO) << "This test requires a C library with <sys/random.h>.\n";
++#endif
++}
++
++TEST(sys_random, getentropy_EIO) {
++#if defined(HAVE_SYS_RANDOM)
++  char buf[BUFSIZ];
++  static_assert(BUFSIZ > 256, "BUFSIZ <= 256!");
++
++  errno = 0;
++  ASSERT_EQ(-1, getentropy(buf, sizeof(buf)));
++  ASSERT_EQ(EIO, errno);
++#else
++  GTEST_LOG_(INFO) << "This test requires a C library with <sys/random.h>.\n";
++#endif
++}
++
++TEST(sys_random, getrandom) {
++#if defined(HAVE_SYS_RANDOM)
++  if (getrandom(nullptr, 0, 0) == -1 && errno == ENOSYS) {
++    GTEST_LOG_(INFO) << "This test requires a >= 3.17 kernel with getrandom(2).\n";
++    return;
++  }
++
++  char buf1[64];
++  char buf2[64];
++
++  ASSERT_EQ(64, getrandom(buf1, sizeof(buf1), 0));
++  ASSERT_EQ(64, getrandom(buf2, sizeof(buf2), 0));
++  ASSERT_TRUE(memcmp(buf1, buf2, sizeof(buf1)) != 0);
++#else
++  GTEST_LOG_(INFO) << "This test requires a C library with <sys/random.h>.\n";
++#endif
++}
++
++TEST(sys_random, getrandom_EFAULT) {
++#if defined(HAVE_SYS_RANDOM)
++  if (getrandom(nullptr, 0, 0) == -1 && errno == ENOSYS) {
++    GTEST_LOG_(INFO) << "This test requires a >= 3.17 kernel with getrandom(2).\n";
++    return;
++  }
++
++  errno = 0;
++  ASSERT_EQ(-1, getrandom(nullptr, 256, 0));
++  ASSERT_EQ(EFAULT, errno);
++#else
++  GTEST_LOG_(INFO) << "This test requires a C library with <sys/random.h>.\n";
++#endif
++}
++
++TEST(sys_random, getrandom_EINVAL) {
++#if defined(HAVE_SYS_RANDOM)
++  if (getrandom(nullptr, 0, 0) == -1 && errno == ENOSYS) {
++    GTEST_LOG_(INFO) << "This test requires a >= 3.17 kernel with getrandom(2).\n";
++    return;
++  }
++
++  errno = 0;
++  char buf[64];
++  ASSERT_EQ(-1, getrandom(buf, sizeof(buf), ~0));
++  ASSERT_EQ(EINVAL, errno);
++#else
++  GTEST_LOG_(INFO) << "This test requires a C library with <sys/random.h>.\n";
++#endif
++}

Scripts/LineageOS-15.1/Patch.sh

@@ -57,7 +57,11 @@ cp -r "$DOS_PATCHES_COMMON/android_vendor_divested/." "$DOS_BUILD_BASE/vendor/di
 
 if enterAndClear "bionic"; then
 applyPatch "$DOS_PATCHES_COMMON/android_bionic/0001-Wildcard_Hosts.patch"; #Support wildcards in cached hosts file (backport from 16.0+) (tdm)
-#if [ "$DOS_GRAPHENE_MALLOC_BROKEN" = true ]; then applyPatch "$DOS_PATCHES/android_bionic/0001-HM-Use_HM.patch"; fi; #(GrapheneOS)
+if [ "$DOS_GRAPHENE_MALLOC" = true ]; then
+applyPatch "$DOS_PATCHES/android_bionic/0001-HM-Use_HM.patch"; #(GrapheneOS)
+applyPatch "$DOS_PATCHES/android_bionic/0002-Add_M_PURGE.patch"; #malloc: add M_PURGE mallopt flag
+applyPatch "$DOS_PATCHES/android_bionic/0003-Add_random.h.patch"; #Add <sys/random.h>.
+fi;
 fi;
 
 if enterAndClear "bootable/recovery"; then
@@ -117,14 +121,28 @@ if enterAndClear "external/freetype"; then
 applyPatch "$DOS_PATCHES/android_external_freetype/360951.patch"; #R_asb_2023-07 Cherry-pick two upstream changes
 fi;
 
-#if [ "$DOS_GRAPHENE_MALLOC_BROKEN" = true ]; then
-#if enterAndClear "external/hardened_malloc"; then
-#git revert --no-edit 3d18fb80742fd80a75481b580d102deb18c74af9; #compile fix
-#applyPatch "$DOS_PATCHES_COMMON/android_external_hardened_malloc-legacy/0001-Broken_Audio.patch"; #DeviceDescriptor sorting wrongly relies on malloc addresses (GrapheneOS)
-#applyPatch "$DOS_PATCHES_COMMON/android_external_hardened_malloc-legacy/0002-Broken_Cameras.patch"; #Expand workaround to all camera executables (DivestOS)
-#sed -i 's/struct mallinfo info = {0};/struct mallinfo info = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0};/' h_malloc.c; #compile fix
-#fi;
-#fi;
+if [ "$DOS_GRAPHENE_MALLOC" = true ]; then
+if enterAndClear "external/hardened_malloc"; then
+applyPatch "$DOS_PATCHES_COMMON/android_external_hardened_malloc-modern/0001-Broken_Cameras-1.patch"; #Workarounds for Pixel 3 SoC era camera driver bugs (GrapheneOS)
+applyPatch "$DOS_PATCHES_COMMON/android_external_hardened_malloc-modern/0001-Broken_Cameras-2.patch"; #Expand workaround to all camera executables (DivestOS)
+applyPatch "$DOS_PATCHES_COMMON/android_external_hardened_malloc-modern/0002-Broken_Displays.patch"; #Add workaround for OnePlus 8 & 9 display driver crash (DivestOS)
+applyPatch "$DOS_PATCHES_COMMON/android_external_hardened_malloc-modern/0003-Broken_Audio.patch"; #Workaround for audio service sorting bug (GrapheneOS)
+sed -i 's/34359738368/2147483648/' Android.bp; #revert 48-bit address space requirement
+sed -i -e '76,78d;' Android.bp; #fix compile under A13
+sed -i -e '22,24d;' androidtest/Android.bp; #fix compile under A12
+awk -i inplace '!/vendor_ramdisk_available/' Android.bp; #fix compile under A11
+rm -rfv androidtest;
+sed -i -e '76,78d;' Android.bp; #fix compile under A10
+awk -i inplace '!/ramdisk_available/' Android.bp;
+git revert --no-edit 8974af86d12f7e29b54b5090133ab3d7eea0e519;
+mv include/h_malloc.h  .
+awk -i inplace '!/recovery_available/' Android.bp; #fix compile under A8
+awk -i inplace '!/system_shared_libs/' Android.bp;
+sed -i 's/c17/c11/' Android.bp;
+git revert --no-edit a28da3c65aed0528036da9ebd33e0c05b2c5884a
+sed -i 's/struct mallinfo info = {0};/struct mallinfo info = {};/' h_malloc.c;
+fi;
+fi;
 
 if enterAndClear "external/libvpx"; then
 applyPatch "$DOS_PATCHES_COMMON/android_external_libvpx/CVE-2023-5217.patch"; #VP8: disallow thread count changes
@@ -147,7 +165,7 @@ applyPatch "$DOS_PATCHES/android_external_zlib/351909.patch"; #P_asb_2023-03 Fix
 fi;
 
 if enterAndClear "frameworks/av"; then
-#if [ "$DOS_GRAPHENE_MALLOC_BROKEN" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch"; fi; #(GrapheneOS)
+if [ "$DOS_GRAPHENE_MALLOC" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch"; fi; #(GrapheneOS)
 applyPatch "$DOS_PATCHES/android_frameworks_av/358729.patch"; #n-asb-2023-06 Fix NuMediaExtractor::readSampleData buffer Handling
 applyPatch "$DOS_PATCHES/android_frameworks_av/365962.patch"; #R_asb_2023-09 Fix Segv on unknown address error flagged by fuzzer test.
 applyPatch "$DOS_PATCHES/android_frameworks_av/373949.patch"; #R_asb_2023-11 Fix for heap buffer overflow issue flagged by fuzzer test.
@@ -530,7 +548,7 @@ applyPatch "$DOS_PATCHES/android_system_core/332765.patch"; #P_asb_2022-06 Backp
 if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file
 git revert --no-edit a6a4ce8e9a6d63014047a447c6bb3ac1fa90b3f4; #Always update recovery
 applyPatch "$DOS_PATCHES/android_system_core/0001-Harden.patch"; #Harden mounts with nodev/noexec/nosuid + misc sysctl changes (GrapheneOS)
-#if [ "$DOS_GRAPHENE_MALLOC_BROKEN" = true ]; then applyPatch "$DOS_PATCHES/android_system_core/0002-HM-Increase_vm_mmc.patch"; fi; #(GrapheneOS)
+if [ "$DOS_GRAPHENE_MALLOC" = true ]; then applyPatch "$DOS_PATCHES/android_system_core/0002-HM-Increase_vm_mmc.patch"; fi; #(GrapheneOS)
 fi;
 
 if enterAndClear "system/netd"; then