From 29ef757ac618d78038534dfad05c23d65fd82de6 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Mon, 13 Feb 2023 10:05:10 -0500
Subject: [PATCH] Bump FP3 to 20.0

Signed-off-by: Tad <tad@spotco.us>
---
 Manifests/Manifest_LAOS-20.0.xml              |   4 +
 .../android_kernel_fairphone_sdm632.sh        | 106 ++++++++++++++++++
 Scripts/LineageOS-20.0/Functions.sh           |   4 +-
 Scripts/LineageOS-20.0/Patch.sh               |   5 +
 4 files changed, 118 insertions(+), 1 deletion(-)
 create mode 100644 Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_fairphone_sdm632.sh

diff --git a/Manifests/Manifest_LAOS-20.0.xml b/Manifests/Manifest_LAOS-20.0.xml
index 514b5058..044fc63a 100644
--- a/Manifests/Manifest_LAOS-20.0.xml
+++ b/Manifests/Manifest_LAOS-20.0.xml
@@ -65,6 +65,10 @@
 	<project path="device/fxtec/pro1" name="LineageOS/android_device_fxtec_pro1" remote="github" revision="lineage-20" />
 	<project path="kernel/fxtec/msm8998" name="LineageOS/android_kernel_fxtec_msm8998" remote="github" revision="lineage-20" />
 
+	<!-- Fairphone 3 (FP3) -->
+	<project path="device/fairphone/FP3" name="LineageOS/android_device_fairphone_FP3" remote="github" revision="lineage-20" />
+	<project path="kernel/fairphone/sdm632" name="LineageOS/android_kernel_fairphone_sdm632" remote="github" revision="lineage-20" />
+
 	<!-- Fairphone 4 (FP4) -->
 	<project path="device/fairphone/FP4" name="LineageOS/android_device_fairphone_FP4" remote="github" revision="lineage-20" />
 	<project path="kernel/fairphone/sm7225" name="LineageOS/android_kernel_fairphone_sm7225" remote="github" revision="lineage-20" />
diff --git a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_fairphone_sdm632.sh b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_fairphone_sdm632.sh
new file mode 100644
index 00000000..90388100
--- /dev/null
+++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_fairphone_sdm632.sh
@@ -0,0 +1,106 @@
+#!/bin/bash
+cd "$DOS_BUILD_BASE""kernel/fairphone/sdm632"
+git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.9/4.9.0332-0333.patch --exclude=Makefile
+git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.9/4.9.0333-0334.patch --exclude=Makefile
+git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.9/4.9.0334-0335.patch --exclude=Makefile
+git apply $DOS_PATCHES_LINUX_CVES/0005-Graphene-Deny_USB/4.9/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-allocsize/4.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-allocsize/4.9/0015.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-allocsize/4.9/0020.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-bugon/4.9/0004.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-bugon/4.9/0009.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-misc/4.9/0009.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-misc/4.9/0017.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-misc/4.9/0020.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-random/4.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-random/4.9/0006.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-random/4.9/0011.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-random/4.9/0016.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0011.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0027.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0031.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-sanitize/4.9/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-sanitize/4.9/0004.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-slab/4.9/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-slab/4.9/0009.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-slab/4.9/0013.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-slab/4.9/0017.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-slub/4.9/0004.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-slub/4.9/0006.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-slub/4.9/0008.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7837/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3695/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0008.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0009.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7477/4.9/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13693/^4.12.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13694/^4.12.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000252/^4.13/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5897/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9415/ANY/0005.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11412/4.14/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-20855/^4.18/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-25020/4.14/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12378/^5.1.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12455/^5.1.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12456/^5.1.5/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15291/4.9/0007.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-16921/^4.16/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-16994/4.9/0004.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19051/4.9/0013.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19068/4.9/0005.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20908/^5.2/0001.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0067/4.14/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-3674/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-16119/^5.10/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-24394/4.14/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3656/4.14/0004.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-33098/4.14/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-39792/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-44879/^5.16/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-45469/4.9-^5.16/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0006.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0011.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0012.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-1204/4.14/0006.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-1204/4.14/0007.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-1204/4.14/0008.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-1204/4.14/0009.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-1204/4.14/0010.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-1679/4.14/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-2153/^5.17/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-2153/^5.17/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-2978/4.9/0004.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-3061/^5.18/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-3424/4.9/0004.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-3542/3.8-^6.0/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-3565/4.9/0004.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-3594/4.9/0004.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-3621/4.9/0004.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-3643/4.9/0006.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-3646/4.9/0004.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-3649/4.9/0004.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-4382/^6.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20148/^5.15/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20369/4.14/0006.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20371/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-27950/^5.16/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-28388/4.14/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-36280/4.9/0004.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-40768/4.9/0007.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-41849/4.9/0004.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-41850/4.9/0004.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-43750/4.9/0004.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-45934/4.9/0004.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-0045/4.14/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-0394/4.14/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-0615/4.9/0005.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23559/4.14/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-fortify/4.9/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0016.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0029.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-slab/4.9/0005.patch
+editKernelLocalversion "-dos.p102"
+cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-20.0/Functions.sh b/Scripts/LineageOS-20.0/Functions.sh
index 6ff783eb..75e1de17 100644
--- a/Scripts/LineageOS-20.0/Functions.sh
+++ b/Scripts/LineageOS-20.0/Functions.sh
@@ -19,7 +19,7 @@ umask 0022;
 #Last verified: 2022-10-15
 
 patchAllKernels() {
-	startPatcher "kernel_essential_msm8998 kernel_fairphone_sm7225 kernel_fxtec_msm8998 kernel_google_gs101_private_gs-google kernel_google_gs201_private_gs-google kernel_google_msm-4.9 kernel_google_msm-4.14 kernel_google_redbull kernel_google_wahoo kernel_oneplus_msm8998 kernel_oneplus_sdm845 kernel_oneplus_sm8150 kernel_oneplus_sm8250 kernel_oneplus_sm8350 kernel_razer_sdm845 kernel_sony_sdm845 kernel_xiaomi_sdm845";
+	startPatcher "kernel_essential_msm8998 kernel_fairphone_sdm632 kernel_fairphone_sm7225 kernel_fxtec_msm8998 kernel_google_gs101_private_gs-google kernel_google_gs201_private_gs-google kernel_google_msm-4.9 kernel_google_msm-4.14 kernel_google_redbull kernel_google_wahoo kernel_oneplus_msm8998 kernel_oneplus_sdm845 kernel_oneplus_sm8150 kernel_oneplus_sm8250 kernel_oneplus_sm8350 kernel_razer_sdm845 kernel_sony_sdm845 kernel_xiaomi_sdm845";
 }
 export -f patchAllKernels;
 
@@ -78,6 +78,8 @@ buildAll() {
 	buildDevice flame avb;
 	#SD730
 	buildDevice sunfish avb;
+	#SD632
+	buildDevice FP3 avb;
 	#SD865
 	buildDevice instantnoodle avb;
 	buildDevice instantnoodlep avb;
diff --git a/Scripts/LineageOS-20.0/Patch.sh b/Scripts/LineageOS-20.0/Patch.sh
index f6c3c24f..80b0375c 100644
--- a/Scripts/LineageOS-20.0/Patch.sh
+++ b/Scripts/LineageOS-20.0/Patch.sh
@@ -461,6 +461,10 @@ if enterAndClear "hardware/oplus"; then
 echo "allow update_engine_common vendor_custom_ab_block_device:blk_file rw_file_perms;" >> sepolicy/qti/vendor/update_engine_common.te; #fix firmware flash
 fi;
 
+if enterAndClear "kernel/fairphone/sdm632"; then
+sed -i 's|/../../prebuilts/tools-lineage|/../../../prebuilts/tools-lineage|' lib/Makefile; #fixup typo
+fi;
+
 if enterAndClear "kernel/oneplus/sm8250"; then
 git revert --no-edit 6eede8c64f268991abe669a6123e929e295fac29;
 fi;
@@ -488,6 +492,7 @@ cd "$DOS_BUILD_BASE";
 #rm -rfv device/*/*/overlay/CarrierConfigResCommon device/*/*/rro_overlays/CarrierConfigOverlay device/*/*/overlay/packages/apps/CarrierConfig/res/xml/vendor.xml;
 
 #Fix broken options enabled by hardenDefconfig()
+sed -i "s/CONFIG_PREEMPT_TRACER=n/CONFIG_PREEMPT_TRACER=y/" kernel/fairphone/sdm632/arch/arm64/configs/lineageos_*_defconfig; #Breaks on compile
 sed -i "s/CONFIG_DEBUG_NOTIFIERS=y/# CONFIG_DEBUG_NOTIFIERS is not set/" kernel/google/msm-4.9/arch/arm64/configs/*_defconfig; #Likely breaks boot
 sed -i "s/CONFIG_FORTIFY_SOURCE=y/# CONFIG_FORTIFY_SOURCE is not set/" kernel/google/msm-4.14/arch/arm64/configs/*_defconfig; #breaks compile
 sed -i "s/CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY=y/# CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY is not set/" kernel/google/msm-4.14/arch/arm64/configs/*_defconfig; #impartial backport