diff --git a/Manifests/Manifest_LAOS-15.1.xml b/Manifests/Manifest_LAOS-15.1.xml
index d9a76efd..9292cbc3 100644
--- a/Manifests/Manifest_LAOS-15.1.xml
+++ b/Manifests/Manifest_LAOS-15.1.xml
@@ -96,6 +96,10 @@
+
+
+
+
@@ -188,6 +192,7 @@
+
diff --git a/Patches/LineageOS-14.1/android_system_sepolicy/0001-LGE_Fixes.patch b/Patches/LineageOS-14.1/android_system_sepolicy/0001-LGE_Fixes.patch
new file mode 100644
index 00000000..d670a70a
--- /dev/null
+++ b/Patches/LineageOS-14.1/android_system_sepolicy/0001-LGE_Fixes.patch
@@ -0,0 +1,35 @@
+From af2b9266040c9b7abd4f24fd587ac935350f1843 Mon Sep 17 00:00:00 2001
+From: Tad
+Date: Wed, 27 Jun 2018 20:48:25 -0400
+Subject: [PATCH] Fix -user builds for many LGE devices
+
+Change-Id: I3649cf211a356c57e129fbda1f5184a4bebc85af
+---
+ domain.te | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/domain.te b/domain.te
+index 59de1f1..d165127 100644
+--- a/domain.te
++++ b/domain.te
+@@ -361,6 +361,9 @@ neverallow { domain -recovery -update_engine } system_block_device:blk_file writ
+ # No domains other than install_recovery or recovery can write to recovery.
+ neverallow { domain -install_recovery -recovery } recovery_block_device:blk_file write;
+
++# Select devices have policies prevented by the following neverallow
++attribute misc_block_device_exception;
++
+ # No domains other than a select few can access the misc_block_device. This
+ # block device is reserved for OTA use.
+ # Do not assert this rule on userdebug/eng builds, due to some devices using
+@@ -374,6 +377,7 @@ neverallow {
+ -vold
+ -recovery
+ -ueventd
++ -misc_block_device_exception
+ } misc_block_device:blk_file { append link relabelfrom rename write open read ioctl lock };
+
+ # Only servicemanager should be able to register with binder as the context manager
+--
+2.18.0
+
diff --git a/Scripts/Common/Deblob.sh b/Scripts/Common/Deblob.sh
index 5a257dd9..2ac06e45 100755
--- a/Scripts/Common/Deblob.sh
+++ b/Scripts/Common/Deblob.sh
@@ -54,7 +54,7 @@ echo "Deblobbing..."
sepolicy=$sepolicy" atfwd.te";
#AudioFX (Audio Effects) [Qualcomm]
- if [ "$DEBLOBBER_REMOVE_AUDIOFX" = true ]; then blobs=$blobs"|libqcbassboost.so|libqcreverb.so|libqcvirt.so"; fi;
+ if [ "$DEBLOBBER_REMOVE_AUDIOFX" = true ]; then blobs=$blobs"|libasphere.so|libqcbassboost.so|libqcreverb.so|libqcvirt.so|libshoebox.so"; fi;
#Camera
#Attempted, don't waste your time...
@@ -69,7 +69,7 @@ echo "Deblobbing..."
#CNE (Automatic Cell/Wi-Fi Switching) [Qualcomm]
#blobs=$blobs"|libcneapiclient.so|libNimsWrap.so"; #XXX: Breaks radio
- blobs=$blobs"|andsfCne.xml|ATT_profile.*.xml|cnd|cneapiclient.jar|cneapiclient.xml|CNEService.apk|com.quicinc.cne.jar|com.quicinc.cne.xml|ConnectivityExt.jar|ConnectivityExt.xml|libcneconn.so|libcneqmiutils.so|libcne.so|libvendorconn.so|libwqe.so|profile1.xml|profile2.xml|profile3.xml|profile4.xml|profile5.xml|ROW_profile.*.xml|SwimConfig.xml|VZW_profile.*.xml";
+ blobs=$blobs"|andsfCne.xml|ATT_profile.*.xml|cnd|cneapiclient.jar|cneapiclient.xml|CNEService.apk|com.quicinc.cne.*.jar|com.quicinc.cne.*.so|com.quicinc.cne.xml|ConnectivityExt.jar|ConnectivityExt.xml|libcneconn.so|libcneqmiutils.so|libcne.so|libvendorconn.so|libwms.so|libwqe.so|profile1.xml|profile2.xml|profile3.xml|profile4.xml|profile5.xml|ROW_profile.*.xml|SwimConfig.xml|VZW_profile.*.xml";
makes=$makes"libcnefeatureconfig";
sepolicy=$sepolicy" cnd.te qcneservice.te";
@@ -114,6 +114,9 @@ echo "Deblobbing..."
blobs=$blobs"|libmm-hdcpmgr.so";
blobs=$blobs"|hdcp1.*|tzhdcp.*";
+ #HDR
+ blobs=$blobs"|libhdr.*.so";
+
#[HTC]
blobs=$blobs"|gptauuid.xml";
blobs=$blobs"|htc_drmprov.*|gpsample.mbn";
@@ -125,7 +128,7 @@ echo "Deblobbing..."
#IMS (VoLTE/Wi-Fi Calling) [Qualcomm]
if [ "$DEBLOBBER_REMOVE_IMS" = true ]; then blobs=$blobs"|ims.apk|ims.xml|libimsmedia_jni.so"; fi; #IMS (Core) (To support carriers that have phased out 2G)
blobs=$blobs"|imscmlibrary.jar|imscmservice|imscm.xml|imsdatadaemon|imsqmidaemon|imssettings.apk|lib-imsdpl.so|lib-imscamera.so|libimscamera_jni.so|lib-imsqimf.so|lib-imsSDP.so|lib-imss.so|lib-imsvt.so|lib-imsxml.so"; #IMS
- blobs=$blobs"|ims_rtp_daemon|lib-rtpcommon.so|lib-rtpcore.so|lib-rtpdaemoninterface.so|lib-rtpsl.so"; #RTP
+ blobs=$blobs"|ims_rtp_daemon|lib-rtpcommon.so|lib-rtpcore.so|lib-rtpdaemoninterface.so|lib-rtpsl.so|vendor.qti.imsrtpservice.*.so"; #RTP
blobs=$blobs"|lib-dplmedia.so|librcc.so|libvcel.so|libvoice-svc.so|qti_permissions.xml"; #Misc.
if [ "$DEBLOBBER_REMOVE_IMS" = true ]; then blobs=$blobs"|volte_modem[/]"; fi;
if [ "$DEBLOBBER_REMOVE_IMS" = true ]; then sepolicy=$sepolicy" ims.te imscm.te imswmsproxy.te"; fi;
@@ -177,12 +180,13 @@ echo "Deblobbing..."
#RCS (Proprietary messaging protocol)
blobs=$blobs"|rcsimssettings.jar|rcsimssettings.xml|rcsservice.jar|rcsservice.xml|lib-imsrcscmclient.so|lib-ims-rcscmjni.so|lib-imsrcscmservice.so|lib-imsrcscm.so|lib-imsrcs.so|lib-rcsimssjni.so|lib-rcsjni.so"; #RCS
+ makes=$makes"|rcs_service.*";
#SecProtect [Qualcomm]
blobs=$blobs"|SecProtect.apk";
#SecureUI Frontends
- blobs=$blobs"|libHealthAuthClient.so|libHealthAuthJNI.so|libSampleAuthJNI.so|libSampleAuthJNIv1.so|libSampleExtAuthJNI.so|libSecureExtAuthJNI.so|libSecureSampleAuthClient.so";
+ blobs=$blobs"|libHealthAuthClient.so|libHealthAuthJNI.so|libSampleAuthJNI.so|libSampleAuthJNIv1.so|libSampleExtAuthJNI.so|libSecureExtAuthJNI.so|libSecureSampleAuthClient.so|libsdedrm.so";
#SoundFX [Sony]
blobs=$blobs"|libsonypostprocbundle.so|libsonysweffect.so";
@@ -208,7 +212,8 @@ echo "Deblobbing..."
blobs=$blobs"|appdirectedsmspermission.apk|com.qualcomm.location.vzw_library.jar|com.qualcomm.location.vzw_library.xml|com.verizon.apn.xml|com.verizon.embms.xml|com.verizon.hardware.telephony.ehrpd.jar|com.verizon.hardware.telephony.ehrpd.xml|com.verizon.hardware.telephony.lte.jar|com.verizon.hardware.telephony.lte.xml|com.verizon.ims.jar|com.verizon.ims.xml|com.verizon.provider.xml|com.vzw.vzwapnlib.xml|qti-vzw-ims-internal.jar|qti-vzw-ims-internal.xml|VerizonSSOEngine.apk|VerizonUnifiedSettings.jar|VZWAPNLib.apk|vzwapnpermission.apk|VZWAPNService.apk|VZWAVS.apk|VzwLcSilent.apk|vzw_msdc_api.apk|VzwOmaTrigger.apk|vzw_sso_permissions.xml";
#Voice Recognition
- blobs=$blobs"|aonvr1.bin|aonvr2.bin|audiomonitor|es305_fw.bin|HotwordEnrollment.apk|HotwordEnrollment.*.apk|libadpcmdec.so|liblistenhardware.so|liblistenjni.so|liblisten.so|liblistensoundmodel.so|libqvop-service.so|librecoglib.so|libsmwrapper.so|libsupermodel.so|libtrainingcheck.so|qvop-daemon|sound_trigger.primary.msm8916.so|sound_trigger.primary.msm8996.so";
+ blobs=$blobs"|aonvr1.bin|aonvr2.bin|audiomonitor|es305_fw.bin|HotwordEnrollment.apk|HotwordEnrollment.*.apk|libadpcmdec.so|liblistenhardware.so|liblistenjni.so|liblisten.so|liblistensoundmodel.so|libqvop-service.so|librecoglib.so|libsmwrapper.so|libsupermodel.so|libtrainingcheck.so|qvop-daemon|sound_trigger.primary.*.so|libgcs.*.so|vendor.qti.voiceprint.*";
+ makes=$makes"|android.hardware.soundtrigger.*";
#Vulkan [Qualcomm]
#blobs=$blobs"|libllvm-qgl.so|vulkan.msm.*.so";
@@ -217,7 +222,7 @@ echo "Deblobbing..."
blobs=$blobs"|libmmparser_lite.so|libmmrtpdecoder.so|libmmrtpencoder.so|libmmwfdinterface.so|libmmwfdsinkinterface.so|libmmwfdsrcinterface.so|libwfdavenhancements.so|libwfdcommonutils.so|libwfdhdcpcp.so|libwfdmmsink.so|libwfdmmsrc.so|libwfdmmutils.so|libwfdnative.so|libwfdrtsp.so|libwfdservice.so|libwfdsm.so|libwfduibcinterface.so|libwfduibcsinkinterface.so|libwfduibcsink.so|libwfduibcsrcinterface.so|libwfduibcsrc.so|WfdCommon.jar|wfdconfigsink.xml|wfdconfig.xml|wfdservice|WfdService.apk";
#Widevine (DRM) [Google]
- blobs=$blobs"|com.google.widevine.software.drm.jar|com.google.widevine.software.drm.xml|libdrmclearkeyplugin.so|libdrmwvmplugin.so|libmarlincdmplugin.so|libwvdrmengine.so|libwvdrm_L1.so|libwvdrm_L3.so|libwvm.so|libWVphoneAPI.so|libWVStreamControlAPI_L1.so|libWVStreamControlAPI_L3.so";
+ blobs=$blobs"|com.google.widevine.software.drm.jar|com.google.widevine.software.drm.xml|libdrmclearkeyplugin.so|libdrmwvmplugin.so|libmarlincdmplugin.so|libwvdrmengine.so|libwvdrm_L1.so|libwvdrm_L3.so|libwvhidl.so|libwvm.so|libWVphoneAPI.so|libWVStreamControlAPI_L1.so|libWVStreamControlAPI_L3.so";
blobs=$blobs"|tzwidevine.*|tzwvcpybuf.*|widevine.*";
makes=$makes"|libshim_wvm";
@@ -260,6 +265,7 @@ deblobDevice() {
fi;
sed -i 's/BOARD_USES_QCNE := true/BOARD_USES_QCNE := false/' BoardConfig.mk; #Disable CNE
sed -i 's/BOARD_USES_WIPOWER := true/BOARD_USES_WIPOWER := false/' BoardConfig.mk; #Disable WiPower
+ sed -i 's/TARGET_HAS_HDR_DISPLAY := true/TARGET_HAS_HDR_DISPLAY := false/' BoardConfig.mk; #Disable HDR
fi;
if [ -f device.mk ]; then
awk -i inplace '!/'"$makes"'/' device.mk; #Remove references from device makefile
diff --git a/Scripts/LineageOS-14.1/Functions.sh b/Scripts/LineageOS-14.1/Functions.sh
index cdbd5698..0cfbcee4 100644
--- a/Scripts/LineageOS-14.1/Functions.sh
+++ b/Scripts/LineageOS-14.1/Functions.sh
@@ -56,7 +56,7 @@ buildAll() {
brunch lineage_FP2-user;
#brunch lineage_grouper-user; #builds, but requires out-of-tree blobs
brunch lineage_h815-user; #deprecated (UPSTREAM) drivers/input/touchscreen/DS5/RefCode_CustomerImplementation.c:147:1: warning: the frame size of 2064 bytes is larger than 2048 bytes
- brunch lineage_herolte-user;
+ brunch lineage_herolte-user; #deprecated
brunch lineage_himaul-user; #deprecated
brunch lineage_i9100-userdebug;
brunch lineage_i9305-user; #deprecated?
diff --git a/Scripts/LineageOS-14.1/Patch.sh b/Scripts/LineageOS-14.1/Patch.sh
index 733c6cbb..a18ffb0f 100755
--- a/Scripts/LineageOS-14.1/Patch.sh
+++ b/Scripts/LineageOS-14.1/Patch.sh
@@ -183,6 +183,9 @@ enterAndClear "system/keymaster";
patch -p1 < "$patches/android_system_keymaster/0001-Backport_Fixes.patch"; #Fixes from 8.1, appears to fix https://jira.lineageos.org/browse/BUGBASH-590
patch -p1 < "$patches/android_system_keymaster/0002-Backport_Fixes.patch";
+enterAndClear "system/sepolicy";
+patch -p1 < "$patches/android_system_sepolicy/0001-LGE_Fixes.patch"; #Fix -user builds for LGE devices
+
enterAndClear "system/vold";
patch -p1 < "$patches/android_system_vold/0001-AES256.patch"; #Add a variable for enabling AES-256 bit encryption
@@ -234,6 +237,17 @@ patch -p1 < "$patches/android_device_asus_grouper/0001-Update_Blobs.patch";
rm proprietary-blobs.txt;
cp "$patches/android_device_asus_grouper/lineage-proprietary-files.txt" lineage-proprietary-files.txt;
+enterAndClear "device/lge/g2-common";
+sed -i '3itypeattribute hwaddrs misc_block_device_exception;' sepolicy/hwaddrs.te;
+
+enterAndClear "device/lge/g3-common";
+sed -i '3itypeattribute hwaddrs misc_block_device_exception;' sepolicy/hwaddrs.te;
+sed -i '1itypeattribute wcnss_service misc_block_device_exception;' sepolicy/wcnss_service.te;
+echo "allow wcnss_service block_device:dir search;" >> sepolicy/wcnss_service.te; #fix incorrect Wi-Fi MAC address
+
+enterAndClear "device/lge/mako";
+echo "allow kickstart usbfs:dir search;" >> sepolicy/kickstart.te; #Fix forceencrypt on first boot
+
enterAndClear "device/motorola/clark";
sed -i 's/0xA04D/0xA04D|0xA052/' board-info.txt; #Allow installing on Nougat bootloader, assume the user is running the correct modem
rm board-info.txt; #Never restrict installation
diff --git a/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_essential_msm8998.sh b/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_essential_msm8998.sh
new file mode 100644
index 00000000..1332b6e7
--- /dev/null
+++ b/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_essential_msm8998.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+cd $base"kernel/essential/msm8998"
+git apply $cvePatchesLinux/0010-Accelerated_AES/3.10+/0016.patch
+git apply $cvePatchesLinux/0010-Accelerated_AES/3.10+/0020.patch
+git apply $cvePatchesLinux/CVE-2014-9900/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2016-1583/ANY/0002.patch
+git apply $cvePatchesLinux/CVE-2016-6693/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2016-6696/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2016-8394/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2017-0610/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2017-0710/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2017-13218/4.4/0018.patch
+git apply $cvePatchesLinux/CVE-2017-13218/4.4/0026.patch
+git apply $cvePatchesLinux/CVE-2017-13245/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2017-14875/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0006.patch
+git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0009.patch
+git apply $cvePatchesLinux/CVE-2018-3564/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2018-3597/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2018-5831/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2016-6693/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2016-6696/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2017-14875/ANY/0001.patch
+editKernelLocalversion "-dos.p23"
+cd $base
diff --git a/Scripts/LineageOS-15.1/Functions.sh b/Scripts/LineageOS-15.1/Functions.sh
index 27d41b80..d5fb8b63 100644
--- a/Scripts/LineageOS-15.1/Functions.sh
+++ b/Scripts/LineageOS-15.1/Functions.sh
@@ -18,7 +18,7 @@
#Last verified: 2018-04-27
patchAllKernels() {
- startPatcher "kernel_google_marlin kernel_google_msm kernel_htc_flounder kernel_htc_msm8974 kernel_huawei_angler kernel_lge_bullhead kernel_lge_g3 kernel_lge_hammerhead kernel_lge_mako kernel_lge_msm8974 kernel_lge_msm8996 kernel_moto_shamu kernel_motorola_msm8996 kernel_nextbit_msm8992 kernel_oppo_msm8974 kernel_samsung_msm8974";
+ startPatcher "kernel_essential_msm8998 kernel_google_marlin kernel_google_msm kernel_htc_flounder kernel_htc_msm8974 kernel_huawei_angler kernel_lge_bullhead kernel_lge_g3 kernel_lge_hammerhead kernel_lge_mako kernel_lge_msm8974 kernel_lge_msm8996 kernel_moto_shamu kernel_motorola_msm8996 kernel_nextbit_msm8992 kernel_oppo_msm8974 kernel_samsung_msm8974";
}
export -f patchAllKernels;
@@ -66,6 +66,7 @@ buildAll() {
brunch lineage_klte-user;
brunch lineage_m8-user;
brunch lineage_marlin-user;
+ brunch lineage_mata-user;
brunch lineage_sailfish-user;
brunch lineage_shamu-user;
}