mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-06-28 23:52:19 +00:00
Many changes
- 14.1: Fixup previous commits - 15.1: Add mata - Deblobber: Remove more blobs (audiofx, cne, hdr, ims-rtp)
This commit is contained in:
Tad
parent
29ace39eb9
commit
303fe971ed
|
|
@ -96,6 +96,10 @@
|
|||
<project path="kernel/google/msm" name="LineageOS/android_kernel_google_msm" remote="github" />
|
||||
<project path="packages/apps/FlipFlap" name="LineageOS/android_packages_apps_FlipFlap" remote="github" />
|
||||
|
||||
<!-- Essential PH-1 (mata) -->
|
||||
<project path="device/essential/mata" name="LineageOS/android_device_essential_mata" remote="github" />
|
||||
<project path="kernel/essential/msm8998" name="LineageOS/android_kernel_essential_msm8998" remote="github" />
|
||||
|
||||
<!-- Google Pixel (marlin/sailfish) -->
|
||||
<project path="device/google/marlin" name="LineageOS/android_device_google_marlin" remote="github" />
|
||||
<project path="device/google/sailfish" name="LineageOS/android_device_google_sailfish" remote="github" />
|
||||
|
|
@ -188,6 +192,7 @@
|
|||
|
||||
<!-- Proprietary Blobs -->
|
||||
<project path="vendor/asus" name="TheMuppets/proprietary_vendor_asus" remote="github" />
|
||||
<project path="vendor/essential" name="TheMuppets/proprietary_vendor_essential" remote="github" />
|
||||
<project path="vendor/fairphone" name="TheMuppets/proprietary_vendor_fairphone" remote="github" />
|
||||
<project path="vendor/google" name="TheMuppets/proprietary_vendor_google" remote="github" />
|
||||
<project path="vendor/htc" name="TheMuppets/proprietary_vendor_htc" remote="github" />
|
||||
|
|
|
|||
|
|
@ -0,0 +1,35 @@
|
|||
From af2b9266040c9b7abd4f24fd587ac935350f1843 Mon Sep 17 00:00:00 2001
|
||||
From: Tad <tad@spotco.us>
|
||||
Date: Wed, 27 Jun 2018 20:48:25 -0400
|
||||
Subject: [PATCH] Fix -user builds for many LGE devices
|
||||
|
||||
Change-Id: I3649cf211a356c57e129fbda1f5184a4bebc85af
|
||||
---
|
||||
domain.te | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/domain.te b/domain.te
|
||||
index 59de1f1..d165127 100644
|
||||
--- a/domain.te
|
||||
+++ b/domain.te
|
||||
@@ -361,6 +361,9 @@ neverallow { domain -recovery -update_engine } system_block_device:blk_file writ
|
||||
# No domains other than install_recovery or recovery can write to recovery.
|
||||
neverallow { domain -install_recovery -recovery } recovery_block_device:blk_file write;
|
||||
|
||||
+# Select devices have policies prevented by the following neverallow
|
||||
+attribute misc_block_device_exception;
|
||||
+
|
||||
# No domains other than a select few can access the misc_block_device. This
|
||||
# block device is reserved for OTA use.
|
||||
# Do not assert this rule on userdebug/eng builds, due to some devices using
|
||||
@@ -374,6 +377,7 @@ neverallow {
|
||||
-vold
|
||||
-recovery
|
||||
-ueventd
|
||||
+ -misc_block_device_exception
|
||||
} misc_block_device:blk_file { append link relabelfrom rename write open read ioctl lock };
|
||||
|
||||
# Only servicemanager should be able to register with binder as the context manager
|
||||
--
|
||||
2.18.0
|
||||
|
||||
|
|
@ -54,7 +54,7 @@ echo "Deblobbing..."
|
|||
sepolicy=$sepolicy" atfwd.te";
|
||||
|
||||
#AudioFX (Audio Effects) [Qualcomm]
|
||||
if [ "$DEBLOBBER_REMOVE_AUDIOFX" = true ]; then blobs=$blobs"|libqcbassboost.so|libqcreverb.so|libqcvirt.so"; fi;
|
||||
if [ "$DEBLOBBER_REMOVE_AUDIOFX" = true ]; then blobs=$blobs"|libasphere.so|libqcbassboost.so|libqcreverb.so|libqcvirt.so|libshoebox.so"; fi;
|
||||
|
||||
#Camera
|
||||
#Attempted, don't waste your time...
|
||||
|
|
@ -69,7 +69,7 @@ echo "Deblobbing..."
|
|||
|
||||
#CNE (Automatic Cell/Wi-Fi Switching) [Qualcomm]
|
||||
#blobs=$blobs"|libcneapiclient.so|libNimsWrap.so"; #XXX: Breaks radio
|
||||
blobs=$blobs"|andsfCne.xml|ATT_profile.*.xml|cnd|cneapiclient.jar|cneapiclient.xml|CNEService.apk|com.quicinc.cne.jar|com.quicinc.cne.xml|ConnectivityExt.jar|ConnectivityExt.xml|libcneconn.so|libcneqmiutils.so|libcne.so|libvendorconn.so|libwqe.so|profile1.xml|profile2.xml|profile3.xml|profile4.xml|profile5.xml|ROW_profile.*.xml|SwimConfig.xml|VZW_profile.*.xml";
|
||||
blobs=$blobs"|andsfCne.xml|ATT_profile.*.xml|cnd|cneapiclient.jar|cneapiclient.xml|CNEService.apk|com.quicinc.cne.*.jar|com.quicinc.cne.*.so|com.quicinc.cne.xml|ConnectivityExt.jar|ConnectivityExt.xml|libcneconn.so|libcneqmiutils.so|libcne.so|libvendorconn.so|libwms.so|libwqe.so|profile1.xml|profile2.xml|profile3.xml|profile4.xml|profile5.xml|ROW_profile.*.xml|SwimConfig.xml|VZW_profile.*.xml";
|
||||
makes=$makes"libcnefeatureconfig";
|
||||
sepolicy=$sepolicy" cnd.te qcneservice.te";
|
||||
|
||||
|
|
@ -114,6 +114,9 @@ echo "Deblobbing..."
|
|||
blobs=$blobs"|libmm-hdcpmgr.so";
|
||||
blobs=$blobs"|hdcp1.*|tzhdcp.*";
|
||||
|
||||
#HDR
|
||||
blobs=$blobs"|libhdr.*.so";
|
||||
|
||||
#[HTC]
|
||||
blobs=$blobs"|gptauuid.xml";
|
||||
blobs=$blobs"|htc_drmprov.*|gpsample.mbn";
|
||||
|
|
@ -125,7 +128,7 @@ echo "Deblobbing..."
|
|||
#IMS (VoLTE/Wi-Fi Calling) [Qualcomm]
|
||||
if [ "$DEBLOBBER_REMOVE_IMS" = true ]; then blobs=$blobs"|ims.apk|ims.xml|libimsmedia_jni.so"; fi; #IMS (Core) (To support carriers that have phased out 2G)
|
||||
blobs=$blobs"|imscmlibrary.jar|imscmservice|imscm.xml|imsdatadaemon|imsqmidaemon|imssettings.apk|lib-imsdpl.so|lib-imscamera.so|libimscamera_jni.so|lib-imsqimf.so|lib-imsSDP.so|lib-imss.so|lib-imsvt.so|lib-imsxml.so"; #IMS
|
||||
blobs=$blobs"|ims_rtp_daemon|lib-rtpcommon.so|lib-rtpcore.so|lib-rtpdaemoninterface.so|lib-rtpsl.so"; #RTP
|
||||
blobs=$blobs"|ims_rtp_daemon|lib-rtpcommon.so|lib-rtpcore.so|lib-rtpdaemoninterface.so|lib-rtpsl.so|vendor.qti.imsrtpservice.*.so"; #RTP
|
||||
blobs=$blobs"|lib-dplmedia.so|librcc.so|libvcel.so|libvoice-svc.so|qti_permissions.xml"; #Misc.
|
||||
if [ "$DEBLOBBER_REMOVE_IMS" = true ]; then blobs=$blobs"|volte_modem[/]"; fi;
|
||||
if [ "$DEBLOBBER_REMOVE_IMS" = true ]; then sepolicy=$sepolicy" ims.te imscm.te imswmsproxy.te"; fi;
|
||||
|
|
@ -177,12 +180,13 @@ echo "Deblobbing..."
|
|||
|
||||
#RCS (Proprietary messaging protocol)
|
||||
blobs=$blobs"|rcsimssettings.jar|rcsimssettings.xml|rcsservice.jar|rcsservice.xml|lib-imsrcscmclient.so|lib-ims-rcscmjni.so|lib-imsrcscmservice.so|lib-imsrcscm.so|lib-imsrcs.so|lib-rcsimssjni.so|lib-rcsjni.so"; #RCS
|
||||
makes=$makes"|rcs_service.*";
|
||||
|
||||
#SecProtect [Qualcomm]
|
||||
blobs=$blobs"|SecProtect.apk";
|
||||
|
||||
#SecureUI Frontends
|
||||
blobs=$blobs"|libHealthAuthClient.so|libHealthAuthJNI.so|libSampleAuthJNI.so|libSampleAuthJNIv1.so|libSampleExtAuthJNI.so|libSecureExtAuthJNI.so|libSecureSampleAuthClient.so";
|
||||
blobs=$blobs"|libHealthAuthClient.so|libHealthAuthJNI.so|libSampleAuthJNI.so|libSampleAuthJNIv1.so|libSampleExtAuthJNI.so|libSecureExtAuthJNI.so|libSecureSampleAuthClient.so|libsdedrm.so";
|
||||
|
||||
#SoundFX [Sony]
|
||||
blobs=$blobs"|libsonypostprocbundle.so|libsonysweffect.so";
|
||||
|
|
@ -208,7 +212,8 @@ echo "Deblobbing..."
|
|||
blobs=$blobs"|appdirectedsmspermission.apk|com.qualcomm.location.vzw_library.jar|com.qualcomm.location.vzw_library.xml|com.verizon.apn.xml|com.verizon.embms.xml|com.verizon.hardware.telephony.ehrpd.jar|com.verizon.hardware.telephony.ehrpd.xml|com.verizon.hardware.telephony.lte.jar|com.verizon.hardware.telephony.lte.xml|com.verizon.ims.jar|com.verizon.ims.xml|com.verizon.provider.xml|com.vzw.vzwapnlib.xml|qti-vzw-ims-internal.jar|qti-vzw-ims-internal.xml|VerizonSSOEngine.apk|VerizonUnifiedSettings.jar|VZWAPNLib.apk|vzwapnpermission.apk|VZWAPNService.apk|VZWAVS.apk|VzwLcSilent.apk|vzw_msdc_api.apk|VzwOmaTrigger.apk|vzw_sso_permissions.xml";
|
||||
|
||||
#Voice Recognition
|
||||
blobs=$blobs"|aonvr1.bin|aonvr2.bin|audiomonitor|es305_fw.bin|HotwordEnrollment.apk|HotwordEnrollment.*.apk|libadpcmdec.so|liblistenhardware.so|liblistenjni.so|liblisten.so|liblistensoundmodel.so|libqvop-service.so|librecoglib.so|libsmwrapper.so|libsupermodel.so|libtrainingcheck.so|qvop-daemon|sound_trigger.primary.msm8916.so|sound_trigger.primary.msm8996.so";
|
||||
blobs=$blobs"|aonvr1.bin|aonvr2.bin|audiomonitor|es305_fw.bin|HotwordEnrollment.apk|HotwordEnrollment.*.apk|libadpcmdec.so|liblistenhardware.so|liblistenjni.so|liblisten.so|liblistensoundmodel.so|libqvop-service.so|librecoglib.so|libsmwrapper.so|libsupermodel.so|libtrainingcheck.so|qvop-daemon|sound_trigger.primary.*.so|libgcs.*.so|vendor.qti.voiceprint.*";
|
||||
makes=$makes"|android.hardware.soundtrigger.*";
|
||||
|
||||
#Vulkan [Qualcomm]
|
||||
#blobs=$blobs"|libllvm-qgl.so|vulkan.msm.*.so";
|
||||
|
|
@ -217,7 +222,7 @@ echo "Deblobbing..."
|
|||
blobs=$blobs"|libmmparser_lite.so|libmmrtpdecoder.so|libmmrtpencoder.so|libmmwfdinterface.so|libmmwfdsinkinterface.so|libmmwfdsrcinterface.so|libwfdavenhancements.so|libwfdcommonutils.so|libwfdhdcpcp.so|libwfdmmsink.so|libwfdmmsrc.so|libwfdmmutils.so|libwfdnative.so|libwfdrtsp.so|libwfdservice.so|libwfdsm.so|libwfduibcinterface.so|libwfduibcsinkinterface.so|libwfduibcsink.so|libwfduibcsrcinterface.so|libwfduibcsrc.so|WfdCommon.jar|wfdconfigsink.xml|wfdconfig.xml|wfdservice|WfdService.apk";
|
||||
|
||||
#Widevine (DRM) [Google]
|
||||
blobs=$blobs"|com.google.widevine.software.drm.jar|com.google.widevine.software.drm.xml|libdrmclearkeyplugin.so|libdrmwvmplugin.so|libmarlincdmplugin.so|libwvdrmengine.so|libwvdrm_L1.so|libwvdrm_L3.so|libwvm.so|libWVphoneAPI.so|libWVStreamControlAPI_L1.so|libWVStreamControlAPI_L3.so";
|
||||
blobs=$blobs"|com.google.widevine.software.drm.jar|com.google.widevine.software.drm.xml|libdrmclearkeyplugin.so|libdrmwvmplugin.so|libmarlincdmplugin.so|libwvdrmengine.so|libwvdrm_L1.so|libwvdrm_L3.so|libwvhidl.so|libwvm.so|libWVphoneAPI.so|libWVStreamControlAPI_L1.so|libWVStreamControlAPI_L3.so";
|
||||
blobs=$blobs"|tzwidevine.*|tzwvcpybuf.*|widevine.*";
|
||||
makes=$makes"|libshim_wvm";
|
||||
|
||||
|
|
@ -260,6 +265,7 @@ deblobDevice() {
|
|||
fi;
|
||||
sed -i 's/BOARD_USES_QCNE := true/BOARD_USES_QCNE := false/' BoardConfig.mk; #Disable CNE
|
||||
sed -i 's/BOARD_USES_WIPOWER := true/BOARD_USES_WIPOWER := false/' BoardConfig.mk; #Disable WiPower
|
||||
sed -i 's/TARGET_HAS_HDR_DISPLAY := true/TARGET_HAS_HDR_DISPLAY := false/' BoardConfig.mk; #Disable HDR
|
||||
fi;
|
||||
if [ -f device.mk ]; then
|
||||
awk -i inplace '!/'"$makes"'/' device.mk; #Remove references from device makefile
|
||||
|
|
|
|||
|
|
@ -56,7 +56,7 @@ buildAll() {
|
|||
brunch lineage_FP2-user;
|
||||
#brunch lineage_grouper-user; #builds, but requires out-of-tree blobs
|
||||
brunch lineage_h815-user; #deprecated (UPSTREAM) drivers/input/touchscreen/DS5/RefCode_CustomerImplementation.c:147:1: warning: the frame size of 2064 bytes is larger than 2048 bytes
|
||||
brunch lineage_herolte-user;
|
||||
brunch lineage_herolte-user; #deprecated
|
||||
brunch lineage_himaul-user; #deprecated
|
||||
brunch lineage_i9100-userdebug;
|
||||
brunch lineage_i9305-user; #deprecated?
|
||||
|
|
|
|||
|
|
@ -183,6 +183,9 @@ enterAndClear "system/keymaster";
|
|||
patch -p1 < "$patches/android_system_keymaster/0001-Backport_Fixes.patch"; #Fixes from 8.1, appears to fix https://jira.lineageos.org/browse/BUGBASH-590
|
||||
patch -p1 < "$patches/android_system_keymaster/0002-Backport_Fixes.patch";
|
||||
|
||||
enterAndClear "system/sepolicy";
|
||||
patch -p1 < "$patches/android_system_sepolicy/0001-LGE_Fixes.patch"; #Fix -user builds for LGE devices
|
||||
|
||||
enterAndClear "system/vold";
|
||||
patch -p1 < "$patches/android_system_vold/0001-AES256.patch"; #Add a variable for enabling AES-256 bit encryption
|
||||
|
||||
|
|
@ -234,6 +237,17 @@ patch -p1 < "$patches/android_device_asus_grouper/0001-Update_Blobs.patch";
|
|||
rm proprietary-blobs.txt;
|
||||
cp "$patches/android_device_asus_grouper/lineage-proprietary-files.txt" lineage-proprietary-files.txt;
|
||||
|
||||
enterAndClear "device/lge/g2-common";
|
||||
sed -i '3itypeattribute hwaddrs misc_block_device_exception;' sepolicy/hwaddrs.te;
|
||||
|
||||
enterAndClear "device/lge/g3-common";
|
||||
sed -i '3itypeattribute hwaddrs misc_block_device_exception;' sepolicy/hwaddrs.te;
|
||||
sed -i '1itypeattribute wcnss_service misc_block_device_exception;' sepolicy/wcnss_service.te;
|
||||
echo "allow wcnss_service block_device:dir search;" >> sepolicy/wcnss_service.te; #fix incorrect Wi-Fi MAC address
|
||||
|
||||
enterAndClear "device/lge/mako";
|
||||
echo "allow kickstart usbfs:dir search;" >> sepolicy/kickstart.te; #Fix forceencrypt on first boot
|
||||
|
||||
enterAndClear "device/motorola/clark";
|
||||
sed -i 's/0xA04D/0xA04D|0xA052/' board-info.txt; #Allow installing on Nougat bootloader, assume the user is running the correct modem
|
||||
rm board-info.txt; #Never restrict installation
|
||||
|
|
|
|||
|
|
@ -0,0 +1,27 @@
|
|||
#!/bin/bash
|
||||
cd $base"kernel/essential/msm8998"
|
||||
git apply $cvePatchesLinux/0010-Accelerated_AES/3.10+/0016.patch
|
||||
git apply $cvePatchesLinux/0010-Accelerated_AES/3.10+/0020.patch
|
||||
git apply $cvePatchesLinux/CVE-2014-9900/ANY/0001.patch
|
||||
git apply $cvePatchesLinux/CVE-2016-1583/ANY/0002.patch
|
||||
git apply $cvePatchesLinux/CVE-2016-6693/ANY/0001.patch
|
||||
git apply $cvePatchesLinux/CVE-2016-6696/ANY/0001.patch
|
||||
git apply $cvePatchesLinux/CVE-2016-8394/ANY/0001.patch
|
||||
git apply $cvePatchesLinux/CVE-2017-0610/ANY/0001.patch
|
||||
git apply $cvePatchesLinux/CVE-2017-0710/ANY/0001.patch
|
||||
git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
|
||||
git apply $cvePatchesLinux/CVE-2017-13218/4.4/0018.patch
|
||||
git apply $cvePatchesLinux/CVE-2017-13218/4.4/0026.patch
|
||||
git apply $cvePatchesLinux/CVE-2017-13245/ANY/0001.patch
|
||||
git apply $cvePatchesLinux/CVE-2017-14875/ANY/0001.patch
|
||||
git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0006.patch
|
||||
git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0009.patch
|
||||
git apply $cvePatchesLinux/CVE-2018-3564/ANY/0001.patch
|
||||
git apply $cvePatchesLinux/CVE-2018-3597/ANY/0001.patch
|
||||
git apply $cvePatchesLinux/CVE-2018-5831/ANY/0001.patch
|
||||
git apply $cvePatchesLinux/CVE-2016-6693/ANY/0001.patch
|
||||
git apply $cvePatchesLinux/CVE-2016-6696/ANY/0001.patch
|
||||
git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
|
||||
git apply $cvePatchesLinux/CVE-2017-14875/ANY/0001.patch
|
||||
editKernelLocalversion "-dos.p23"
|
||||
cd $base
|
||||
|
|
@ -18,7 +18,7 @@
|
|||
#Last verified: 2018-04-27
|
||||
|
||||
patchAllKernels() {
|
||||
startPatcher "kernel_google_marlin kernel_google_msm kernel_htc_flounder kernel_htc_msm8974 kernel_huawei_angler kernel_lge_bullhead kernel_lge_g3 kernel_lge_hammerhead kernel_lge_mako kernel_lge_msm8974 kernel_lge_msm8996 kernel_moto_shamu kernel_motorola_msm8996 kernel_nextbit_msm8992 kernel_oppo_msm8974 kernel_samsung_msm8974";
|
||||
startPatcher "kernel_essential_msm8998 kernel_google_marlin kernel_google_msm kernel_htc_flounder kernel_htc_msm8974 kernel_huawei_angler kernel_lge_bullhead kernel_lge_g3 kernel_lge_hammerhead kernel_lge_mako kernel_lge_msm8974 kernel_lge_msm8996 kernel_moto_shamu kernel_motorola_msm8996 kernel_nextbit_msm8992 kernel_oppo_msm8974 kernel_samsung_msm8974";
|
||||
}
|
||||
export -f patchAllKernels;
|
||||
|
||||
|
|
@ -66,6 +66,7 @@ buildAll() {
|
|||
brunch lineage_klte-user;
|
||||
brunch lineage_m8-user;
|
||||
brunch lineage_marlin-user;
|
||||
brunch lineage_mata-user;
|
||||
brunch lineage_sailfish-user;
|
||||
brunch lineage_shamu-user;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user