Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2025-05-02 06:26:20 -04:00
Code Issues Projects Releases Packages Wiki Activity

16.0 July ASB work

Browse source 
Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
Tad 2023-07-07 15:46:07 -04:00
parent 4db68c3de1
commit 293f97d678
No known key found for this signature in database
GPG key ID: B286E9F57A07424B
12 changed files with 1715 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

21
Scripts/LineageOS-16.0/Patch.sh
View file

@ -97,7 +97,7 @@ applyPatch "$DOS_PATCHES/android_build/0002-Enable_fwrapv.patch"; #Use -fwrapv a
sed -i '74i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 17/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
awk -i inplace '!/Email/' target/product/core.mk; #Remove Email
sed -i 's/2022-01-05/2023-06-05/' core/version_defaults.mk; #Bump Security String #P_asb_2023-06 #XXX
sed -i 's/2022-01-05/2023-07-05/' core/version_defaults.mk; #Bump Security String #P_asb_2023-07 #XXX
fi;
if enterAndClear "build/soong"; then
@ -132,6 +132,10 @@ git fetch https://github.com/LineageOS/android_external_expat refs/changes/56/33
git fetch https://github.com/LineageOS/android_external_expat refs/changes/28/349328/1 && git cherry-pick FETCH_HEAD; #P_asb_2023-02
fi;
if enterAndClear "external/freetype"; then
applyPatch "$DOS_PATCHES/android_external_freetype/360951.patch"; #R_asb_2023-07 Cherry-pick two upstream changes
fi;
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then
if enterAndClear "external/hardened_malloc"; then
applyPatch "$DOS_PATCHES_COMMON/android_external_hardened_malloc/0001-Broken_Audio.patch"; #DeviceDescriptor sorting wrongly relies on malloc addresses (GrapheneOS)
@ -151,6 +155,12 @@ if [ "$DOS_GRAPHENE_MALLOC" = true ]; then applyPatch "$DOS_PATCHES/android_fram
fi;
if enterAndClear "frameworks/base"; then
applyPatch "$DOS_PATCHES/android_frameworks_base/360953-backport.patch"; #R_asb_2023-07 Sanitize VPN label to prevent HTML injection
applyPatch "$DOS_PATCHES/android_frameworks_base/360954.patch"; #R_asb_2023-07 Limit the number of supported v1 and v2 signers
applyPatch "$DOS_PATCHES/android_frameworks_base/360955-backport.patch"; #R_asb_2023-07 Import translations.
applyPatch "$DOS_PATCHES/android_frameworks_base/360959-backport.patch"; #R_asb_2023-07 Dismiss keyguard when simpin auth'd and security method is none.
applyPatch "$DOS_PATCHES/android_frameworks_base/360962-backport.patch"; #R_asb_2023-07 Truncate ShortcutInfo Id
applyPatch "$DOS_PATCHES/android_frameworks_base/360963-backport.patch"; #R_asb_2023-07 Visit URIs in landscape/portrait custom remote views.
applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS)
applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
applyPatch "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch"; #Allow SystemUI to directly manage Bluetooth/WiFi (GrapheneOS)
@ -335,6 +345,7 @@ applyPatch "$DOS_PATCHES/android_packages_services_Telephony/0002-More_Preferred
fi;
if enterAndClear "system/bt"; then
applyPatch "$DOS_PATCHES/android_system_bt/360969.patch"; #R_asb_2023-07 Fix gatt_end_operation buffer overflow
#applyPatch "$DOS_PATCHES_COMMON/android_system_bt/0001-alloc_size.patch"; #Add alloc_size attributes to the allocator (GrapheneOS)
fi;
@ -356,6 +367,14 @@ if enterAndClear "system/extras"; then
applyPatch "$DOS_PATCHES/android_system_extras/0001-ext4_pad_filenames.patch"; #FBE: pad filenames more (GrapheneOS)
fi;
if enterAndClear "system/nfc"; then
applyPatch "$DOS_PATCHES/android_system_nfc/360972.patch"; #R_asb_2023-07 OOBW in rw_i93_send_to_upper()
fi;
if enterAndClear "vendor/nxp/opensource/commonsys/external/libnfc-nci"; then
applyPatch "$DOS_PATCHES/android_vendor_nxp_opensource_commonsys_external_libnfc-nci/360974-backport.patch"; #R_asb_2023-07 OOBW in rw_i93_send_to_upper()
fi;
if enterAndClear "system/sepolicy"; then
applyPatch "$DOS_PATCHES/android_system_sepolicy/0002-protected_files.patch"; #label protected_{fifos,regular} as proc_security (GrapheneOS)
#applyPatch "$DOS_PATCHES/android_system_sepolicy/0003-ptrace_scope-1.patch"; #Allow init to control kernel.yama.ptrace_scope (GrapheneOS)

2
Scripts/LineageOS-17.1/Patch.sh
View file

@ -97,7 +97,7 @@ sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aap
awk -i inplace '!/updatable_apex.mk/' target/product/mainline_system.mk; #Disable APEX
sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
#sed -i 's/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := true/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := false/' core/product_config.mk; #broken by hardenDefconfig
sed -i 's/2023-06-05/2023-07-05/' core/version_defaults.mk; #Bump Security String #R_asb_2023-07 #XXX
sed -i 's/2023-06-05/2023-07-05/' core/version_defaults.mk; #Bump Security String #Q_asb_2023-07 #XXX
fi;
if enterAndClear "build/soong"; then