diff --git a/Scripts/Common/Fix_CVE_Patchers.sh b/Scripts/Common/Fix_CVE_Patchers.sh index 0575ba2a..0cc2ffe1 100644 --- a/Scripts/Common/Fix_CVE_Patchers.sh +++ b/Scripts/Common/Fix_CVE_Patchers.sh @@ -66,6 +66,7 @@ commentPatches android_kernel_oneplus_msm8998.sh "0008-Graphene-Kernel_Hardening commentPatches android_kernel_oneplus_sm7250.sh "CVE-2018-5873" "CVE-2020-1749"; commentPatches android_kernel_oneplus_sm8150.sh "CVE-2019-16746" "CVE-2019-19319" "CVE-2020-0067" "CVE-2020-8992"; commentPatches android_kernel_razer_msm8998.sh "0008-Graphene-Kernel_Hardening/4.4/0011.patch" "0008-Graphene-Kernel_Hardening/4.4/0012.patch" "0008-Graphene-Kernel_Hardening/4.4/0014.patch" "0008-Graphene-Kernel_Hardening/4.4/0019.patch" "CVE-2019-14070/ANY/0005.patch" "CVE-2020-16166"; +commentPatches android_kernel_samsung_jf.sh "CVE-2019-11599"; commentPatches android_kernel_samsung_smdk4412.sh "CVE-2012-2127" "CVE-2016-8463/ANY/0001.patch"; commentPatches android_kernel_samsung_tuna.sh "CVE-2012-2127"; commentPatches android_kernel_samsung_universal8890.sh "CVE-2016-7917" "CVE-2018-1092" "CVE-2018-17972" "CVE-2019-16746" "CVE-2020-0427" "CVE-2020-14381" "CVE-2020-16166"; diff --git a/Scripts/Common/Functions.sh b/Scripts/Common/Functions.sh index 006760ee..1f7d9831 100644 --- a/Scripts/Common/Functions.sh +++ b/Scripts/Common/Functions.sh @@ -345,7 +345,7 @@ export -f optimizeImagesRecursive; smallerSystem() { echo "BOARD_SYSTEMIMAGE_JOURNAL_SIZE := 0" >> BoardConfig.mk; - echo "PRODUCT_MINIMIZE_JAVA_DEBUG_INFO := true" >> BoardConfig.mk; + echo "PRODUCT_MINIMIZE_JAVA_DEBUG_INFO := true" >> device.mk; echo "EXCLUDE_SERIF_FONTS := true" >> BoardConfig.mk; echo "SMALLER_FONT_FOOTPRINT := true" >> BoardConfig.mk; #echo "MINIMAL_FONT_FOOTPRINT := true" >> BoardConfig.mk; diff --git a/Scripts/LineageOS-11.0/Patch.sh b/Scripts/LineageOS-11.0/Patch.sh index 7daf12e7..6996ee9e 100644 --- a/Scripts/LineageOS-11.0/Patch.sh +++ b/Scripts/LineageOS-11.0/Patch.sh @@ -40,11 +40,6 @@ cd "$DOS_TMP_DIR"; if [ "$DOS_HOSTS_BLOCKING" = true ]; then $DOS_TOR_WRAPPER wget "$DOS_HOSTS_BLOCKING_LIST" -N; fi; cd "$DOS_BUILD_BASE"; - -#Accept all SDK licences, not normally needed but Gradle managed apps fail without it -mkdir -p "$ANDROID_HOME/licenses"; -echo -e "\n8933bad161af4178b1185d1a37fbf41ea5269c55\nd56f5187479451eabf01fb78af6dfcb131a6481e" > "$ANDROID_HOME/licenses/android-sdk-license"; -echo -e "\n84831b9409646a918e30573bab4c9c91346d8abd" > "$ANDROID_HOME/licenses/android-sdk-preview-license"; # #END OF PREPRATION # diff --git a/Scripts/LineageOS-14.1/Patch.sh b/Scripts/LineageOS-14.1/Patch.sh index d17ba1ff..632dbc51 100644 --- a/Scripts/LineageOS-14.1/Patch.sh +++ b/Scripts/LineageOS-14.1/Patch.sh @@ -40,11 +40,6 @@ cd "$DOS_TMP_DIR"; if [ "$DOS_HOSTS_BLOCKING" = true ]; then $DOS_TOR_WRAPPER wget "$DOS_HOSTS_BLOCKING_LIST" -N; fi; cd "$DOS_BUILD_BASE"; - -#Accept all SDK licences, not normally needed but Gradle managed apps fail without it -mkdir -p "$ANDROID_HOME/licenses"; -echo -e "\n8933bad161af4178b1185d1a37fbf41ea5269c55\nd56f5187479451eabf01fb78af6dfcb131a6481e" > "$ANDROID_HOME/licenses/android-sdk-license"; -echo -e "\n84831b9409646a918e30573bab4c9c91346d8abd" > "$ANDROID_HOME/licenses/android-sdk-preview-license"; # #END OF PREPRATION # diff --git a/Scripts/LineageOS-15.1/Patch.sh b/Scripts/LineageOS-15.1/Patch.sh index c18ad846..276b7f4e 100644 --- a/Scripts/LineageOS-15.1/Patch.sh +++ b/Scripts/LineageOS-15.1/Patch.sh @@ -37,11 +37,6 @@ cd "$DOS_TMP_DIR"; if [ "$DOS_HOSTS_BLOCKING" = true ]; then $DOS_TOR_WRAPPER wget "$DOS_HOSTS_BLOCKING_LIST" -N; fi; cd "$DOS_BUILD_BASE"; - -#Accept all SDK licences, not normally needed but Gradle managed apps fail without it -mkdir -p "$ANDROID_HOME/licenses"; -echo -e "\n8933bad161af4178b1185d1a37fbf41ea5269c55\nd56f5187479451eabf01fb78af6dfcb131a6481e" > "$ANDROID_HOME/licenses/android-sdk-license"; -echo -e "\n84831b9409646a918e30573bab4c9c91346d8abd" > "$ANDROID_HOME/licenses/android-sdk-preview-license"; # #END OF PREPRATION # diff --git a/Scripts/LineageOS-16.0/Patch.sh b/Scripts/LineageOS-16.0/Patch.sh index 0982baf2..d523bed4 100644 --- a/Scripts/LineageOS-16.0/Patch.sh +++ b/Scripts/LineageOS-16.0/Patch.sh @@ -37,11 +37,6 @@ cd "$DOS_TMP_DIR"; if [ "$DOS_HOSTS_BLOCKING" = true ]; then $DOS_TOR_WRAPPER wget "$DOS_HOSTS_BLOCKING_LIST" -N; fi; cd "$DOS_BUILD_BASE"; - -#Accept all SDK licences, not normally needed but Gradle managed apps fail without it -mkdir -p "$ANDROID_HOME/licenses"; -echo -e "\n8933bad161af4178b1185d1a37fbf41ea5269c55\nd56f5187479451eabf01fb78af6dfcb131a6481e" > "$ANDROID_HOME/licenses/android-sdk-license"; -echo -e "\n84831b9409646a918e30573bab4c9c91346d8abd" > "$ANDROID_HOME/licenses/android-sdk-preview-license"; # #END OF PREPRATION # diff --git a/Scripts/LineageOS-17.1/Patch.sh b/Scripts/LineageOS-17.1/Patch.sh index effe5208..894390dd 100644 --- a/Scripts/LineageOS-17.1/Patch.sh +++ b/Scripts/LineageOS-17.1/Patch.sh @@ -37,11 +37,6 @@ cd "$DOS_TMP_DIR"; if [ "$DOS_HOSTS_BLOCKING" = true ]; then $DOS_TOR_WRAPPER wget "$DOS_HOSTS_BLOCKING_LIST" -N; fi; cd "$DOS_BUILD_BASE"; - -#Accept all SDK licences, not normally needed but Gradle managed apps fail without it -mkdir -p "$ANDROID_HOME/licenses"; -echo -e "\n8933bad161af4178b1185d1a37fbf41ea5269c55\nd56f5187479451eabf01fb78af6dfcb131a6481e" > "$ANDROID_HOME/licenses/android-sdk-license"; -echo -e "\n84831b9409646a918e30573bab4c9c91346d8abd" > "$ANDROID_HOME/licenses/android-sdk-preview-license"; # #END OF PREPRATION # diff --git a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_oneplus_msm8998.sh b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_oneplus_msm8998.sh index 1c4922f6..86ed7bb4 100644 --- a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_oneplus_msm8998.sh +++ b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_oneplus_msm8998.sh @@ -1,7 +1,7 @@ #!/bin/bash cd "$DOS_BUILD_BASE""kernel/oneplus/msm8998" -git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.4/4.4.0260-0261.patch --exclude=Makefile -git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.4/4.4.0263-0264.patch --exclude=Makefile +git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.4/4.4.0264-0265.patch --exclude=Makefile +git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.4/4.4.0265-0266.patch --exclude=Makefile git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0016.patch git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0020.patch git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0002.patch @@ -30,7 +30,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13218/4.4/0019.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13693/^4.12.9/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13694/^4.12.9/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14875/ANY/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16644/4.4/0004.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18174/^4.7/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18204/4.4/0004.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000252/^4.13.3/0002.patch @@ -44,32 +43,14 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12378/^5.1.5/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12456/^5.1.5/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14763/^4.16.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15291/4.4/0006.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-16232/4.4/0006.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-16994/^5.0/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19051/4.4/0012.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19060/4.4/0005.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19061/4.4/0005.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19068/4.4/0004.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-3625/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11160/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11608/4.4/0006.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11608/^5.6.1/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12352/ANY/0011.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14386/3.10-^4.4/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-16119/^5.10/0002.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3428/4.4/0012.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3428/4.4/0013.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3428/4.4/0014.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3483/4.4/0004.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-20261/4.4/0002.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-27363/4.4/0004.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-27365/4.4/0007.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-27365/4.4/0008.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-28038/4.4/0007.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-28038/4.4/0008.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-28660/4.4/0004.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-28964/4.4/0004.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-28972/4.4/0004.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-30002/4.4/0005.patch -editKernelLocalversion "-dos.p71" +editKernelLocalversion "-dos.p52" cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_samsung_jf.sh b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_samsung_jf.sh index 21ffc779..09e5cefb 100644 --- a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_samsung_jf.sh +++ b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_samsung_jf.sh @@ -183,7 +183,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10142/^5.0.17/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10638/3.4/0003.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-11477/3.4/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-11478/3.4/0002.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-11599/^4.9/0009.patch +#git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-11599/^4.9/0009.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-11833/3.4/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-11884/3.4/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14040/3.4/0001.patch diff --git a/Scripts/LineageOS-18.1/Functions.sh b/Scripts/LineageOS-18.1/Functions.sh index 7ba67e39..511f3f20 100644 --- a/Scripts/LineageOS-18.1/Functions.sh +++ b/Scripts/LineageOS-18.1/Functions.sh @@ -88,7 +88,7 @@ buildAll() { buildDevice coral avb; buildDevice flame avb; #SD670 - buildDevice bonito avb; + buildDevice bonito avb; #error: ln: cannot create symbolic link from '/data/vendor/rfs/mpss' to 'out/target/product/bonito/vendor/rfs/msm/mpss//readwrite': buildDevice sargo avb; } export -f buildAll; @@ -119,7 +119,7 @@ enableDexPreOpt() { echo "WITH_DEXPREOPT := true" >> BoardConfig.mk; echo "WITH_DEXPREOPT_DEBUG_INFO := false" >> BoardConfig.mk; #m8: /system partition too small - if [ "$1" != "device/htc/m8" ]; then + if [ "$1" != "device/htc/m8" ] && [ "$1" != "device/samsung/jfltexx" ]; then echo "WITH_DEXPREOPT_BOOT_IMG_AND_SYSTEM_SERVER_ONLY := false" >> BoardConfig.mk; echo "Enabled full dexpreopt for $1"; else diff --git a/Scripts/LineageOS-18.1/Patch.sh b/Scripts/LineageOS-18.1/Patch.sh index 49909ea1..6abfd8eb 100644 --- a/Scripts/LineageOS-18.1/Patch.sh +++ b/Scripts/LineageOS-18.1/Patch.sh @@ -37,11 +37,6 @@ cd "$DOS_TMP_DIR"; if [ "$DOS_HOSTS_BLOCKING" = true ]; then $DOS_TOR_WRAPPER wget "$DOS_HOSTS_BLOCKING_LIST" -N; fi; cd "$DOS_BUILD_BASE"; - -#Accept all SDK licences, not normally needed but Gradle managed apps fail without it -mkdir -p "$ANDROID_HOME/licenses"; -echo -e "\n8933bad161af4178b1185d1a37fbf41ea5269c55\nd56f5187479451eabf01fb78af6dfcb131a6481e" > "$ANDROID_HOME/licenses/android-sdk-license"; -echo -e "\n84831b9409646a918e30573bab4c9c91346d8abd" > "$ANDROID_HOME/licenses/android-sdk-preview-license"; # #END OF PREPRATION # @@ -248,6 +243,7 @@ awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' BoardConfig.mk; #broken relea enterAndClear "device/lge/msm8996-common"; sed -i '3itypeattribute hwaddrs misc_block_device_exception;' sepolicy/hwaddrs.te; awk -i inplace '!/WfdCommon/' msm8996.mk; #fix breakage +echo "type sensors_data_file, file_type, data_file_type, core_data_file_type;" >> sepolicy/file.te; #only included in -userdebug #enterAndClear "device/moto/shamu"; #git revert --no-edit 05fb49518049440f90423341ff25d4f75f10bc0c; #restore releasetools #TODO @@ -266,6 +262,9 @@ enterAndClear "device/oppo/msm8974-common"; sed -i 's/libinit_msm8974/libinit_msm8974-oppo/' BoardConfigCommon.mk init/Android.bp; #Fix name conflict sed -i "s/TZ.BF.2.0-2.0.0134/TZ.BF.2.0-2.0.0134|TZ.BF.2.0-2.0.0137/" board-info.txt; #Suport new TZ firmware https://review.lineageos.org/#/c/178999/ +enterAndClear "device/samsung/jfltexx"; +smallerSystem; + enterAndClear "device/samsung/msm8974-common"; echo "TARGET_RECOVERY_DENSITY := hdpi" >> BoardConfigCommon.mk; echo "allow hal_gnss_default ssr_device:chr_file { open read };" >> sepolicy/common/hal_gnss_default.te; @@ -296,7 +295,8 @@ sed -i "s/CONFIG_STRICT_MEMORY_RWX=y/# CONFIG_STRICT_MEMORY_RWX is not set/" ker sed -i "s/CONFIG_DEBUG_RODATA=y/# CONFIG_DEBUG_RODATA is not set/" kernel/motorola/msm8974/arch/arm/configs/lineageos_*_defconfig; #Breaks on compile sed -i "s/CONFIG_STRICT_MEMORY_RWX=y/# CONFIG_STRICT_MEMORY_RWX is not set/" kernel/oneplus/msm8996/arch/arm64/configs/lineageos_*_defconfig; #Breaks on compile -sed -i 's/YYLTYPE yylloc;/extern YYLTYPE yylloc;/' kernel/*/*/scripts/dtc/dtc-lexer.l*; #Fix builds with GCC 10 +sed -i 's/YYLTYPE yylloc;/extern YYLTYPE yylloc;/' kernel/*/*/scripts/dtc/dtc-lexer*; #Fix builds with GCC 10 +#sed -i 's/YYLTYPE yylloc;/extern YYLTYPE yylloc;/' kernel/*/*/scripts/dtc/dtc-parser*; rm -v kernel/*/*/drivers/staging/greybus/tools/Android.mk; # #END OF DEVICE CHANGES diff --git a/TODO b/TODO index 658b58d2..061f30da 100644 --- a/TODO +++ b/TODO @@ -1,4 +1,4 @@ -Last updated: 2021-01-20 +Last updated: 2021-04-12 High Priority Website @@ -9,24 +9,20 @@ Medium Priority - Add GrapheneOS as a better base for supported devices - Add support for more devices Design - - Facelift of Extirpater - - Facelift of Hypatia + - Extirpater UI work + - Hypatia UI work - Various other branding (logo, snazzy bootanimation, setupwizard, etc.) Project - Database verification in Hypatia - More cryptocurrency addresses Servers - Dedicated build server - Website - - Update cryptocurrency addresses Low Priority Website - Switch to a wiki (?) WiFiDatabaseMerger - - Batch/scripted generation - - Documentation - - Expose more options + - Improved documentation Longterm Build @@ -40,11 +36,11 @@ Longterm - Proper backports of CVE patches - Proper backports of security features Project - - Create an Mobile Device Manager solution + - Create an Mobile Device Manager solution (?) - Create our own device (free hardware, isolated modem, kernel 5.10+, etc.) - General auditing of everything - Collaborate with various projects - - Purchase one of each supported device + - Obtain one of each supported device Website - Create a 'Video Tutorials' page @@ -54,7 +50,7 @@ Contributions to other projects (via labor or funding) Amexia - More icons Conversations - - More colors like Signal + - More colors DNS66 - Polish edges Orbot