Many changes

- 14.1: Fixup previous commits
- 15.1: Add mata
- Deblobber: Remove more blobs (audiofx, cne, hdr, ims-rtp)
This commit is contained in:
Tad 2018-06-28 20:11:20 -04:00
parent 29ace39eb9
commit 303fe971ed
7 changed files with 96 additions and 8 deletions

View File

@ -96,6 +96,10 @@
<project path="kernel/google/msm" name="LineageOS/android_kernel_google_msm" remote="github" />
<project path="packages/apps/FlipFlap" name="LineageOS/android_packages_apps_FlipFlap" remote="github" />
<!-- Essential PH-1 (mata) -->
<project path="device/essential/mata" name="LineageOS/android_device_essential_mata" remote="github" />
<project path="kernel/essential/msm8998" name="LineageOS/android_kernel_essential_msm8998" remote="github" />
<!-- Google Pixel (marlin/sailfish) -->
<project path="device/google/marlin" name="LineageOS/android_device_google_marlin" remote="github" />
<project path="device/google/sailfish" name="LineageOS/android_device_google_sailfish" remote="github" />
@ -188,6 +192,7 @@
<!-- Proprietary Blobs -->
<project path="vendor/asus" name="TheMuppets/proprietary_vendor_asus" remote="github" />
<project path="vendor/essential" name="TheMuppets/proprietary_vendor_essential" remote="github" />
<project path="vendor/fairphone" name="TheMuppets/proprietary_vendor_fairphone" remote="github" />
<project path="vendor/google" name="TheMuppets/proprietary_vendor_google" remote="github" />
<project path="vendor/htc" name="TheMuppets/proprietary_vendor_htc" remote="github" />

View File

@ -0,0 +1,35 @@
From af2b9266040c9b7abd4f24fd587ac935350f1843 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Wed, 27 Jun 2018 20:48:25 -0400
Subject: [PATCH] Fix -user builds for many LGE devices
Change-Id: I3649cf211a356c57e129fbda1f5184a4bebc85af
---
domain.te | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/domain.te b/domain.te
index 59de1f1..d165127 100644
--- a/domain.te
+++ b/domain.te
@@ -361,6 +361,9 @@ neverallow { domain -recovery -update_engine } system_block_device:blk_file writ
# No domains other than install_recovery or recovery can write to recovery.
neverallow { domain -install_recovery -recovery } recovery_block_device:blk_file write;
+# Select devices have policies prevented by the following neverallow
+attribute misc_block_device_exception;
+
# No domains other than a select few can access the misc_block_device. This
# block device is reserved for OTA use.
# Do not assert this rule on userdebug/eng builds, due to some devices using
@@ -374,6 +377,7 @@ neverallow {
-vold
-recovery
-ueventd
+ -misc_block_device_exception
} misc_block_device:blk_file { append link relabelfrom rename write open read ioctl lock };
# Only servicemanager should be able to register with binder as the context manager
--
2.18.0

View File

@ -54,7 +54,7 @@ echo "Deblobbing..."
sepolicy=$sepolicy" atfwd.te";
#AudioFX (Audio Effects) [Qualcomm]
if [ "$DEBLOBBER_REMOVE_AUDIOFX" = true ]; then blobs=$blobs"|libqcbassboost.so|libqcreverb.so|libqcvirt.so"; fi;
if [ "$DEBLOBBER_REMOVE_AUDIOFX" = true ]; then blobs=$blobs"|libasphere.so|libqcbassboost.so|libqcreverb.so|libqcvirt.so|libshoebox.so"; fi;
#Camera
#Attempted, don't waste your time...
@ -69,7 +69,7 @@ echo "Deblobbing..."
#CNE (Automatic Cell/Wi-Fi Switching) [Qualcomm]
#blobs=$blobs"|libcneapiclient.so|libNimsWrap.so"; #XXX: Breaks radio
blobs=$blobs"|andsfCne.xml|ATT_profile.*.xml|cnd|cneapiclient.jar|cneapiclient.xml|CNEService.apk|com.quicinc.cne.jar|com.quicinc.cne.xml|ConnectivityExt.jar|ConnectivityExt.xml|libcneconn.so|libcneqmiutils.so|libcne.so|libvendorconn.so|libwqe.so|profile1.xml|profile2.xml|profile3.xml|profile4.xml|profile5.xml|ROW_profile.*.xml|SwimConfig.xml|VZW_profile.*.xml";
blobs=$blobs"|andsfCne.xml|ATT_profile.*.xml|cnd|cneapiclient.jar|cneapiclient.xml|CNEService.apk|com.quicinc.cne.*.jar|com.quicinc.cne.*.so|com.quicinc.cne.xml|ConnectivityExt.jar|ConnectivityExt.xml|libcneconn.so|libcneqmiutils.so|libcne.so|libvendorconn.so|libwms.so|libwqe.so|profile1.xml|profile2.xml|profile3.xml|profile4.xml|profile5.xml|ROW_profile.*.xml|SwimConfig.xml|VZW_profile.*.xml";
makes=$makes"libcnefeatureconfig";
sepolicy=$sepolicy" cnd.te qcneservice.te";
@ -114,6 +114,9 @@ echo "Deblobbing..."
blobs=$blobs"|libmm-hdcpmgr.so";
blobs=$blobs"|hdcp1.*|tzhdcp.*";
#HDR
blobs=$blobs"|libhdr.*.so";
#[HTC]
blobs=$blobs"|gptauuid.xml";
blobs=$blobs"|htc_drmprov.*|gpsample.mbn";
@ -125,7 +128,7 @@ echo "Deblobbing..."
#IMS (VoLTE/Wi-Fi Calling) [Qualcomm]
if [ "$DEBLOBBER_REMOVE_IMS" = true ]; then blobs=$blobs"|ims.apk|ims.xml|libimsmedia_jni.so"; fi; #IMS (Core) (To support carriers that have phased out 2G)
blobs=$blobs"|imscmlibrary.jar|imscmservice|imscm.xml|imsdatadaemon|imsqmidaemon|imssettings.apk|lib-imsdpl.so|lib-imscamera.so|libimscamera_jni.so|lib-imsqimf.so|lib-imsSDP.so|lib-imss.so|lib-imsvt.so|lib-imsxml.so"; #IMS
blobs=$blobs"|ims_rtp_daemon|lib-rtpcommon.so|lib-rtpcore.so|lib-rtpdaemoninterface.so|lib-rtpsl.so"; #RTP
blobs=$blobs"|ims_rtp_daemon|lib-rtpcommon.so|lib-rtpcore.so|lib-rtpdaemoninterface.so|lib-rtpsl.so|vendor.qti.imsrtpservice.*.so"; #RTP
blobs=$blobs"|lib-dplmedia.so|librcc.so|libvcel.so|libvoice-svc.so|qti_permissions.xml"; #Misc.
if [ "$DEBLOBBER_REMOVE_IMS" = true ]; then blobs=$blobs"|volte_modem[/]"; fi;
if [ "$DEBLOBBER_REMOVE_IMS" = true ]; then sepolicy=$sepolicy" ims.te imscm.te imswmsproxy.te"; fi;
@ -177,12 +180,13 @@ echo "Deblobbing..."
#RCS (Proprietary messaging protocol)
blobs=$blobs"|rcsimssettings.jar|rcsimssettings.xml|rcsservice.jar|rcsservice.xml|lib-imsrcscmclient.so|lib-ims-rcscmjni.so|lib-imsrcscmservice.so|lib-imsrcscm.so|lib-imsrcs.so|lib-rcsimssjni.so|lib-rcsjni.so"; #RCS
makes=$makes"|rcs_service.*";
#SecProtect [Qualcomm]
blobs=$blobs"|SecProtect.apk";
#SecureUI Frontends
blobs=$blobs"|libHealthAuthClient.so|libHealthAuthJNI.so|libSampleAuthJNI.so|libSampleAuthJNIv1.so|libSampleExtAuthJNI.so|libSecureExtAuthJNI.so|libSecureSampleAuthClient.so";
blobs=$blobs"|libHealthAuthClient.so|libHealthAuthJNI.so|libSampleAuthJNI.so|libSampleAuthJNIv1.so|libSampleExtAuthJNI.so|libSecureExtAuthJNI.so|libSecureSampleAuthClient.so|libsdedrm.so";
#SoundFX [Sony]
blobs=$blobs"|libsonypostprocbundle.so|libsonysweffect.so";
@ -208,7 +212,8 @@ echo "Deblobbing..."
blobs=$blobs"|appdirectedsmspermission.apk|com.qualcomm.location.vzw_library.jar|com.qualcomm.location.vzw_library.xml|com.verizon.apn.xml|com.verizon.embms.xml|com.verizon.hardware.telephony.ehrpd.jar|com.verizon.hardware.telephony.ehrpd.xml|com.verizon.hardware.telephony.lte.jar|com.verizon.hardware.telephony.lte.xml|com.verizon.ims.jar|com.verizon.ims.xml|com.verizon.provider.xml|com.vzw.vzwapnlib.xml|qti-vzw-ims-internal.jar|qti-vzw-ims-internal.xml|VerizonSSOEngine.apk|VerizonUnifiedSettings.jar|VZWAPNLib.apk|vzwapnpermission.apk|VZWAPNService.apk|VZWAVS.apk|VzwLcSilent.apk|vzw_msdc_api.apk|VzwOmaTrigger.apk|vzw_sso_permissions.xml";
#Voice Recognition
blobs=$blobs"|aonvr1.bin|aonvr2.bin|audiomonitor|es305_fw.bin|HotwordEnrollment.apk|HotwordEnrollment.*.apk|libadpcmdec.so|liblistenhardware.so|liblistenjni.so|liblisten.so|liblistensoundmodel.so|libqvop-service.so|librecoglib.so|libsmwrapper.so|libsupermodel.so|libtrainingcheck.so|qvop-daemon|sound_trigger.primary.msm8916.so|sound_trigger.primary.msm8996.so";
blobs=$blobs"|aonvr1.bin|aonvr2.bin|audiomonitor|es305_fw.bin|HotwordEnrollment.apk|HotwordEnrollment.*.apk|libadpcmdec.so|liblistenhardware.so|liblistenjni.so|liblisten.so|liblistensoundmodel.so|libqvop-service.so|librecoglib.so|libsmwrapper.so|libsupermodel.so|libtrainingcheck.so|qvop-daemon|sound_trigger.primary.*.so|libgcs.*.so|vendor.qti.voiceprint.*";
makes=$makes"|android.hardware.soundtrigger.*";
#Vulkan [Qualcomm]
#blobs=$blobs"|libllvm-qgl.so|vulkan.msm.*.so";
@ -217,7 +222,7 @@ echo "Deblobbing..."
blobs=$blobs"|libmmparser_lite.so|libmmrtpdecoder.so|libmmrtpencoder.so|libmmwfdinterface.so|libmmwfdsinkinterface.so|libmmwfdsrcinterface.so|libwfdavenhancements.so|libwfdcommonutils.so|libwfdhdcpcp.so|libwfdmmsink.so|libwfdmmsrc.so|libwfdmmutils.so|libwfdnative.so|libwfdrtsp.so|libwfdservice.so|libwfdsm.so|libwfduibcinterface.so|libwfduibcsinkinterface.so|libwfduibcsink.so|libwfduibcsrcinterface.so|libwfduibcsrc.so|WfdCommon.jar|wfdconfigsink.xml|wfdconfig.xml|wfdservice|WfdService.apk";
#Widevine (DRM) [Google]
blobs=$blobs"|com.google.widevine.software.drm.jar|com.google.widevine.software.drm.xml|libdrmclearkeyplugin.so|libdrmwvmplugin.so|libmarlincdmplugin.so|libwvdrmengine.so|libwvdrm_L1.so|libwvdrm_L3.so|libwvm.so|libWVphoneAPI.so|libWVStreamControlAPI_L1.so|libWVStreamControlAPI_L3.so";
blobs=$blobs"|com.google.widevine.software.drm.jar|com.google.widevine.software.drm.xml|libdrmclearkeyplugin.so|libdrmwvmplugin.so|libmarlincdmplugin.so|libwvdrmengine.so|libwvdrm_L1.so|libwvdrm_L3.so|libwvhidl.so|libwvm.so|libWVphoneAPI.so|libWVStreamControlAPI_L1.so|libWVStreamControlAPI_L3.so";
blobs=$blobs"|tzwidevine.*|tzwvcpybuf.*|widevine.*";
makes=$makes"|libshim_wvm";
@ -260,6 +265,7 @@ deblobDevice() {
fi;
sed -i 's/BOARD_USES_QCNE := true/BOARD_USES_QCNE := false/' BoardConfig.mk; #Disable CNE
sed -i 's/BOARD_USES_WIPOWER := true/BOARD_USES_WIPOWER := false/' BoardConfig.mk; #Disable WiPower
sed -i 's/TARGET_HAS_HDR_DISPLAY := true/TARGET_HAS_HDR_DISPLAY := false/' BoardConfig.mk; #Disable HDR
fi;
if [ -f device.mk ]; then
awk -i inplace '!/'"$makes"'/' device.mk; #Remove references from device makefile

View File

@ -56,7 +56,7 @@ buildAll() {
brunch lineage_FP2-user;
#brunch lineage_grouper-user; #builds, but requires out-of-tree blobs
brunch lineage_h815-user; #deprecated (UPSTREAM) drivers/input/touchscreen/DS5/RefCode_CustomerImplementation.c:147:1: warning: the frame size of 2064 bytes is larger than 2048 bytes
brunch lineage_herolte-user;
brunch lineage_herolte-user; #deprecated
brunch lineage_himaul-user; #deprecated
brunch lineage_i9100-userdebug;
brunch lineage_i9305-user; #deprecated?

View File

@ -183,6 +183,9 @@ enterAndClear "system/keymaster";
patch -p1 < "$patches/android_system_keymaster/0001-Backport_Fixes.patch"; #Fixes from 8.1, appears to fix https://jira.lineageos.org/browse/BUGBASH-590
patch -p1 < "$patches/android_system_keymaster/0002-Backport_Fixes.patch";
enterAndClear "system/sepolicy";
patch -p1 < "$patches/android_system_sepolicy/0001-LGE_Fixes.patch"; #Fix -user builds for LGE devices
enterAndClear "system/vold";
patch -p1 < "$patches/android_system_vold/0001-AES256.patch"; #Add a variable for enabling AES-256 bit encryption
@ -234,6 +237,17 @@ patch -p1 < "$patches/android_device_asus_grouper/0001-Update_Blobs.patch";
rm proprietary-blobs.txt;
cp "$patches/android_device_asus_grouper/lineage-proprietary-files.txt" lineage-proprietary-files.txt;
enterAndClear "device/lge/g2-common";
sed -i '3itypeattribute hwaddrs misc_block_device_exception;' sepolicy/hwaddrs.te;
enterAndClear "device/lge/g3-common";
sed -i '3itypeattribute hwaddrs misc_block_device_exception;' sepolicy/hwaddrs.te;
sed -i '1itypeattribute wcnss_service misc_block_device_exception;' sepolicy/wcnss_service.te;
echo "allow wcnss_service block_device:dir search;" >> sepolicy/wcnss_service.te; #fix incorrect Wi-Fi MAC address
enterAndClear "device/lge/mako";
echo "allow kickstart usbfs:dir search;" >> sepolicy/kickstart.te; #Fix forceencrypt on first boot
enterAndClear "device/motorola/clark";
sed -i 's/0xA04D/0xA04D|0xA052/' board-info.txt; #Allow installing on Nougat bootloader, assume the user is running the correct modem
rm board-info.txt; #Never restrict installation

View File

@ -0,0 +1,27 @@
#!/bin/bash
cd $base"kernel/essential/msm8998"
git apply $cvePatchesLinux/0010-Accelerated_AES/3.10+/0016.patch
git apply $cvePatchesLinux/0010-Accelerated_AES/3.10+/0020.patch
git apply $cvePatchesLinux/CVE-2014-9900/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2016-1583/ANY/0002.patch
git apply $cvePatchesLinux/CVE-2016-6693/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2016-6696/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2016-8394/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-0610/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-0710/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-13218/4.4/0018.patch
git apply $cvePatchesLinux/CVE-2017-13218/4.4/0026.patch
git apply $cvePatchesLinux/CVE-2017-13245/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-14875/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0006.patch
git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0009.patch
git apply $cvePatchesLinux/CVE-2018-3564/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2018-3597/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2018-5831/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2016-6693/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2016-6696/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-14875/ANY/0001.patch
editKernelLocalversion "-dos.p23"
cd $base

View File

@ -18,7 +18,7 @@
#Last verified: 2018-04-27
patchAllKernels() {
startPatcher "kernel_google_marlin kernel_google_msm kernel_htc_flounder kernel_htc_msm8974 kernel_huawei_angler kernel_lge_bullhead kernel_lge_g3 kernel_lge_hammerhead kernel_lge_mako kernel_lge_msm8974 kernel_lge_msm8996 kernel_moto_shamu kernel_motorola_msm8996 kernel_nextbit_msm8992 kernel_oppo_msm8974 kernel_samsung_msm8974";
startPatcher "kernel_essential_msm8998 kernel_google_marlin kernel_google_msm kernel_htc_flounder kernel_htc_msm8974 kernel_huawei_angler kernel_lge_bullhead kernel_lge_g3 kernel_lge_hammerhead kernel_lge_mako kernel_lge_msm8974 kernel_lge_msm8996 kernel_moto_shamu kernel_motorola_msm8996 kernel_nextbit_msm8992 kernel_oppo_msm8974 kernel_samsung_msm8974";
}
export -f patchAllKernels;
@ -66,6 +66,7 @@ buildAll() {
brunch lineage_klte-user;
brunch lineage_m8-user;
brunch lineage_marlin-user;
brunch lineage_mata-user;
brunch lineage_sailfish-user;
brunch lineage_shamu-user;
}