mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-06-26 14:42:13 +00:00
16.0: Add GrapheneOS' exec-based spawning feature + misc tweaks
- patch credit updates - 16.0: allow SystemUI to directly manage Bluetooth/WiFi - from GrapheneOS - cleanup
This commit is contained in:
Tad
parent
e10a865b05
commit
330df0983c
|
|
@ -1,53 +0,0 @@
|
|||
From 8d82bed53344a877de91309eef42c6b5f9ca6db1 Mon Sep 17 00:00:00 2001
|
||||
From: Tad <tad@spotco.us>
|
||||
Date: Wed, 30 May 2018 02:17:39 -0400
|
||||
Subject: [PATCH] Enable LTE
|
||||
|
||||
Change-Id: Iabc9e512ee27cc52466d0baed88c6bc18bc90ad6
|
||||
---
|
||||
overlay/frameworks/base/core/res/res/values/config.xml | 2 +-
|
||||
overlay/packages/services/Telephony/res/values/config.xml | 3 +++
|
||||
system.prop | 2 +-
|
||||
3 files changed, 5 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/overlay/frameworks/base/core/res/res/values/config.xml b/overlay/frameworks/base/core/res/res/values/config.xml
|
||||
index 1d2e845..e2e1b35 100644
|
||||
--- a/overlay/frameworks/base/core/res/res/values/config.xml
|
||||
+++ b/overlay/frameworks/base/core/res/res/values/config.xml
|
||||
@@ -212,7 +212,7 @@
|
||||
Empty is viewed as "all". Only used on devices which
|
||||
don't support RIL_REQUEST_GET_RADIO_CAPABILITY
|
||||
format is UMTS|LTE|... -->
|
||||
- <string translatable="false" name="config_radio_access_family">GSM|WCDMA</string>
|
||||
+ <string translatable="false" name="config_radio_access_family">GSM|WCDMA|LTE</string>
|
||||
|
||||
<!-- Set to true to add links to Cell Broadcast app from Settings and MMS app. -->
|
||||
<bool name="config_cellBroadcastAppLinks">true</bool>
|
||||
diff --git a/overlay/packages/services/Telephony/res/values/config.xml b/overlay/packages/services/Telephony/res/values/config.xml
|
||||
index af352a4..22c65ea 100644
|
||||
--- a/overlay/packages/services/Telephony/res/values/config.xml
|
||||
+++ b/overlay/packages/services/Telephony/res/values/config.xml
|
||||
@@ -21,4 +21,7 @@
|
||||
are routed through the android.media.AudioManager class (true) or through
|
||||
the com.android.internal.telephony.Phone interface (false). -->
|
||||
<bool name="send_mic_mute_to_AudioManager">true</bool>
|
||||
+
|
||||
+ <!-- Show enabled lte option for lte device -->
|
||||
+ <bool name="config_enabled_lte" translatable="false">true</bool>
|
||||
</resources>
|
||||
diff --git a/system.prop b/system.prop
|
||||
index 0723d79..94ce8fa 100644
|
||||
--- a/system.prop
|
||||
+++ b/system.prop
|
||||
@@ -26,7 +26,7 @@ debug.hwui.use_buffer_age=false
|
||||
|
||||
# RIL
|
||||
rild.libpath=/vendor/lib/libril-qc-qmi-1.so
|
||||
-telephony.lteOnCdmaDevice=0
|
||||
+telephony.lteOnCdmaDevice=1
|
||||
persist.radio.apm_sim_not_pwdn=1
|
||||
ro.telephony.call_ring.multiple=0
|
||||
|
||||
--
|
||||
2.17.0
|
||||
|
||||
|
|
@ -0,0 +1,23 @@
|
|||
From a507f07f4b04c421400ef8382212aa38cfe37b0d Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Tue, 18 Dec 2018 08:48:14 -0500
|
||||
Subject: [PATCH] allow SystemUI to directly manage Bluetooth/WiFi
|
||||
|
||||
---
|
||||
packages/SystemUI/AndroidManifest.xml | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/packages/SystemUI/AndroidManifest.xml b/packages/SystemUI/AndroidManifest.xml
|
||||
index 5599b5a2837..08a8d9f504b 100644
|
||||
--- a/packages/SystemUI/AndroidManifest.xml
|
||||
+++ b/packages/SystemUI/AndroidManifest.xml
|
||||
@@ -70,6 +70,9 @@
|
||||
<uses-permission android:name="android.permission.REQUEST_NETWORK_SCORES" />
|
||||
<uses-permission android:name="android.permission.CONTROL_VPN" />
|
||||
<uses-permission android:name="android.permission.PEERS_MAC_ADDRESS"/>
|
||||
+ <uses-permission android:name="android.permission.MANAGE_BLUETOOTH_WHEN_PERMISSION_REVIEW_REQUIRED" />
|
||||
+ <uses-permission android:name="android.permission.MANAGE_WIFI_WHEN_PERMISSION_REVIEW_REQUIRED" />
|
||||
+
|
||||
<!-- Physical hardware -->
|
||||
<uses-permission android:name="android.permission.MANAGE_USB" />
|
||||
<uses-permission android:name="android.permission.CONTROL_DISPLAY_BRIGHTNESS" />
|
||||
|
|
@ -0,0 +1,508 @@
|
|||
From 4ac855656e2df723abb5da9768b3bce77a135490 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Sat, 14 Mar 2015 18:10:20 -0400
|
||||
Subject: [PATCH 01/10] add exec-based spawning support
|
||||
|
||||
---
|
||||
.../com/android/internal/os/ExecInit.java | 115 ++++++++++++++++++
|
||||
.../com/android/internal/os/WrapperInit.java | 2 +-
|
||||
.../android/internal/os/ZygoteConnection.java | 7 ++
|
||||
3 files changed, 123 insertions(+), 1 deletion(-)
|
||||
create mode 100644 core/java/com/android/internal/os/ExecInit.java
|
||||
|
||||
diff --git a/core/java/com/android/internal/os/ExecInit.java b/core/java/com/android/internal/os/ExecInit.java
|
||||
new file mode 100644
|
||||
index 00000000000..10edd64e0f9
|
||||
--- /dev/null
|
||||
+++ b/core/java/com/android/internal/os/ExecInit.java
|
||||
@@ -0,0 +1,115 @@
|
||||
+package com.android.internal.os;
|
||||
+
|
||||
+import android.os.Trace;
|
||||
+import android.system.ErrnoException;
|
||||
+import android.system.Os;
|
||||
+import android.util.Slog;
|
||||
+import android.util.TimingsTraceLog;
|
||||
+import dalvik.system.VMRuntime;
|
||||
+
|
||||
+/**
|
||||
+ * Startup class for the process.
|
||||
+ * @hide
|
||||
+ */
|
||||
+public class ExecInit {
|
||||
+ /**
|
||||
+ * Class not instantiable.
|
||||
+ */
|
||||
+ private ExecInit() {
|
||||
+ }
|
||||
+
|
||||
+ /**
|
||||
+ * The main function called when starting a runtime application.
|
||||
+ *
|
||||
+ * The first argument is the target SDK version for the app.
|
||||
+ *
|
||||
+ * The remaining arguments are passed to the runtime.
|
||||
+ *
|
||||
+ * @param args The command-line arguments.
|
||||
+ */
|
||||
+ public static void main(String[] args) {
|
||||
+ // Parse our mandatory argument.
|
||||
+ int targetSdkVersion = Integer.parseInt(args[0], 10);
|
||||
+
|
||||
+ // Mimic system Zygote preloading.
|
||||
+ ZygoteInit.preload(new TimingsTraceLog("ExecInitTiming",
|
||||
+ Trace.TRACE_TAG_DALVIK));
|
||||
+
|
||||
+ // Launch the application.
|
||||
+ String[] runtimeArgs = new String[args.length - 1];
|
||||
+ System.arraycopy(args, 1, runtimeArgs, 0, runtimeArgs.length);
|
||||
+ Runnable r = execInit(targetSdkVersion, runtimeArgs);
|
||||
+
|
||||
+ r.run();
|
||||
+ }
|
||||
+
|
||||
+ /**
|
||||
+ * Executes a runtime application with exec-based spawning.
|
||||
+ * This method never returns.
|
||||
+ *
|
||||
+ * @param niceName The nice name for the application, or null if none.
|
||||
+ * @param targetSdkVersion The target SDK version for the app.
|
||||
+ * @param args Arguments for {@link RuntimeInit#main}.
|
||||
+ */
|
||||
+ public static void execApplication(String niceName, int targetSdkVersion,
|
||||
+ String instructionSet, String[] args) {
|
||||
+ int niceArgs = niceName == null ? 0 : 1;
|
||||
+ int baseArgs = 5 + niceArgs;
|
||||
+ String[] argv = new String[baseArgs + args.length];
|
||||
+ if (VMRuntime.is64BitInstructionSet(instructionSet)) {
|
||||
+ argv[0] = "/system/bin/app_process64";
|
||||
+ } else {
|
||||
+ argv[0] = "/system/bin/app_process32";
|
||||
+ }
|
||||
+ argv[1] = "/system/bin";
|
||||
+ argv[2] = "--application";
|
||||
+ if (niceName != null) {
|
||||
+ argv[3] = "--nice-name=" + niceName;
|
||||
+ }
|
||||
+ argv[3 + niceArgs] = "com.android.internal.os.ExecInit";
|
||||
+ argv[4 + niceArgs] = Integer.toString(targetSdkVersion);
|
||||
+ System.arraycopy(args, 0, argv, baseArgs, args.length);
|
||||
+
|
||||
+ WrapperInit.preserveCapabilities();
|
||||
+ try {
|
||||
+ Os.execv(argv[0], argv);
|
||||
+ } catch (ErrnoException e) {
|
||||
+ throw new RuntimeException(e);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ /**
|
||||
+ * The main function called when an application is started with exec-based spawning.
|
||||
+ *
|
||||
+ * When the app starts, the runtime starts {@link RuntimeInit#main}
|
||||
+ * which calls {@link main} which then calls this method.
|
||||
+ * So we don't need to call commonInit() here.
|
||||
+ *
|
||||
+ * @param targetSdkVersion target SDK version
|
||||
+ * @param argv arg strings
|
||||
+ */
|
||||
+ private static Runnable execInit(int targetSdkVersion, String[] argv) {
|
||||
+ if (RuntimeInit.DEBUG) {
|
||||
+ Slog.d(RuntimeInit.TAG, "RuntimeInit: Starting application from exec");
|
||||
+ }
|
||||
+
|
||||
+ // Check whether the first argument is a "-cp" in argv, and assume the next argument is the
|
||||
+ // classpath. If found, create a PathClassLoader and use it for applicationInit.
|
||||
+ ClassLoader classLoader = null;
|
||||
+ if (argv != null && argv.length > 2 && argv[0].equals("-cp")) {
|
||||
+ classLoader = ZygoteInit.createPathClassLoader(argv[1], targetSdkVersion);
|
||||
+
|
||||
+ // Install this classloader as the context classloader, too.
|
||||
+ Thread.currentThread().setContextClassLoader(classLoader);
|
||||
+
|
||||
+ // Remove the classpath from the arguments.
|
||||
+ String removedArgs[] = new String[argv.length - 2];
|
||||
+ System.arraycopy(argv, 2, removedArgs, 0, argv.length - 2);
|
||||
+ argv = removedArgs;
|
||||
+ }
|
||||
+
|
||||
+ // Perform the same initialization that would happen after the Zygote forks.
|
||||
+ Zygote.nativePreApplicationInit();
|
||||
+ return RuntimeInit.applicationInit(targetSdkVersion, argv, classLoader);
|
||||
+ }
|
||||
+}
|
||||
diff --git a/core/java/com/android/internal/os/WrapperInit.java b/core/java/com/android/internal/os/WrapperInit.java
|
||||
index f0e779694c9..9f41a4136db 100644
|
||||
--- a/core/java/com/android/internal/os/WrapperInit.java
|
||||
+++ b/core/java/com/android/internal/os/WrapperInit.java
|
||||
@@ -183,7 +183,7 @@ public class WrapperInit {
|
||||
* This is acceptable here as failure will leave the wrapped app with strictly less
|
||||
* capabilities, which may make it crash, but not exceed its allowances.
|
||||
*/
|
||||
- private static void preserveCapabilities() {
|
||||
+ public static void preserveCapabilities() {
|
||||
StructCapUserHeader header = new StructCapUserHeader(
|
||||
OsConstants._LINUX_CAPABILITY_VERSION_3, 0);
|
||||
StructCapUserData[] data;
|
||||
diff --git a/core/java/com/android/internal/os/ZygoteConnection.java b/core/java/com/android/internal/os/ZygoteConnection.java
|
||||
index f537e3e2897..7d51be259c2 100644
|
||||
--- a/core/java/com/android/internal/os/ZygoteConnection.java
|
||||
+++ b/core/java/com/android/internal/os/ZygoteConnection.java
|
||||
@@ -880,6 +880,13 @@ class ZygoteConnection {
|
||||
throw new IllegalStateException("WrapperInit.execApplication unexpectedly returned");
|
||||
} else {
|
||||
if (!isZygote) {
|
||||
+ if (SystemProperties.getBoolean("sys.spawn.exec", true)) {
|
||||
+ ExecInit.execApplication(parsedArgs.niceName, parsedArgs.targetSdkVersion,
|
||||
+ VMRuntime.getCurrentInstructionSet(), parsedArgs.remainingArgs);
|
||||
+
|
||||
+ // Should not get here.
|
||||
+ throw new IllegalStateException("ExecInit.execApplication unexpectedly returned");
|
||||
+ }
|
||||
return ZygoteInit.zygoteInit(parsedArgs.targetSdkVersion, parsedArgs.remainingArgs,
|
||||
null /* classLoader */);
|
||||
} else {
|
||||
--
|
||||
2.21.0
|
||||
|
||||
|
||||
From 654f1cc80bd8d51a04f01c56e97bface4bce7811 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Tue, 14 May 2019 14:24:21 -0400
|
||||
Subject: [PATCH 02/10] add parameter for avoiding full preload with exec
|
||||
|
||||
---
|
||||
core/java/com/android/internal/os/ExecInit.java | 2 +-
|
||||
core/java/com/android/internal/os/ZygoteInit.java | 6 +++++-
|
||||
2 files changed, 6 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/core/java/com/android/internal/os/ExecInit.java b/core/java/com/android/internal/os/ExecInit.java
|
||||
index 10edd64e0f9..3ba4664ae8c 100644
|
||||
--- a/core/java/com/android/internal/os/ExecInit.java
|
||||
+++ b/core/java/com/android/internal/os/ExecInit.java
|
||||
@@ -33,7 +33,7 @@ public class ExecInit {
|
||||
|
||||
// Mimic system Zygote preloading.
|
||||
ZygoteInit.preload(new TimingsTraceLog("ExecInitTiming",
|
||||
- Trace.TRACE_TAG_DALVIK));
|
||||
+ Trace.TRACE_TAG_DALVIK), false);
|
||||
|
||||
// Launch the application.
|
||||
String[] runtimeArgs = new String[args.length - 1];
|
||||
diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/android/internal/os/ZygoteInit.java
|
||||
index da195601f72..6acaccbbc3e 100644
|
||||
--- a/core/java/com/android/internal/os/ZygoteInit.java
|
||||
+++ b/core/java/com/android/internal/os/ZygoteInit.java
|
||||
@@ -120,7 +120,7 @@ public class ZygoteInit {
|
||||
|
||||
private static boolean sPreloadComplete;
|
||||
|
||||
- static void preload(TimingsTraceLog bootTimingsTraceLog) {
|
||||
+ static void preload(TimingsTraceLog bootTimingsTraceLog, boolean fullPreload) {
|
||||
Log.d(TAG, "begin preload");
|
||||
bootTimingsTraceLog.traceBegin("BeginIcuCachePinning");
|
||||
beginIcuCachePinning();
|
||||
@@ -149,6 +149,10 @@ public class ZygoteInit {
|
||||
sPreloadComplete = true;
|
||||
}
|
||||
|
||||
+ static void preload(TimingsTraceLog bootTimingsTraceLog) {
|
||||
+ preload(bootTimingsTraceLog, true);
|
||||
+ }
|
||||
+
|
||||
public static void lazyPreload() {
|
||||
Preconditions.checkState(!sPreloadComplete);
|
||||
Log.i(TAG, "Lazily preloading resources.");
|
||||
--
|
||||
2.21.0
|
||||
|
||||
|
||||
From fa13759a9f3c7a4860a6e2aa559cd454e31ac621 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Tue, 14 May 2019 14:28:27 -0400
|
||||
Subject: [PATCH 03/10] disable OpenGL preloading for exec spawning
|
||||
|
||||
---
|
||||
core/java/com/android/internal/os/ZygoteInit.java | 8 +++++---
|
||||
1 file changed, 5 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/android/internal/os/ZygoteInit.java
|
||||
index 6acaccbbc3e..09ec9f23545 100644
|
||||
--- a/core/java/com/android/internal/os/ZygoteInit.java
|
||||
+++ b/core/java/com/android/internal/os/ZygoteInit.java
|
||||
@@ -134,9 +134,11 @@ public class ZygoteInit {
|
||||
Trace.traceBegin(Trace.TRACE_TAG_DALVIK, "PreloadAppProcessHALs");
|
||||
nativePreloadAppProcessHALs();
|
||||
Trace.traceEnd(Trace.TRACE_TAG_DALVIK);
|
||||
- Trace.traceBegin(Trace.TRACE_TAG_DALVIK, "PreloadOpenGL");
|
||||
- preloadOpenGL();
|
||||
- Trace.traceEnd(Trace.TRACE_TAG_DALVIK);
|
||||
+ if (fullPreload) {
|
||||
+ Trace.traceBegin(Trace.TRACE_TAG_DALVIK, "PreloadOpenGL");
|
||||
+ preloadOpenGL();
|
||||
+ Trace.traceEnd(Trace.TRACE_TAG_DALVIK);
|
||||
+ }
|
||||
preloadSharedLibraries();
|
||||
preloadTextResources();
|
||||
// Ask the WebViewFactory to do any initialization that must run in the zygote process,
|
||||
--
|
||||
2.21.0
|
||||
|
||||
|
||||
From 960ccd579d883ef6426e2d84cff2982cb5e0d83b Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Tue, 14 May 2019 14:28:52 -0400
|
||||
Subject: [PATCH 04/10] disable resource preloading for exec spawning
|
||||
|
||||
---
|
||||
core/java/com/android/internal/os/ZygoteInit.java | 8 +++++---
|
||||
1 file changed, 5 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/android/internal/os/ZygoteInit.java
|
||||
index 09ec9f23545..17bdfaa79d0 100644
|
||||
--- a/core/java/com/android/internal/os/ZygoteInit.java
|
||||
+++ b/core/java/com/android/internal/os/ZygoteInit.java
|
||||
@@ -128,9 +128,11 @@ public class ZygoteInit {
|
||||
bootTimingsTraceLog.traceBegin("PreloadClasses");
|
||||
preloadClasses();
|
||||
bootTimingsTraceLog.traceEnd(); // PreloadClasses
|
||||
- bootTimingsTraceLog.traceBegin("PreloadResources");
|
||||
- preloadResources();
|
||||
- bootTimingsTraceLog.traceEnd(); // PreloadResources
|
||||
+ if (fullPreload) {
|
||||
+ bootTimingsTraceLog.traceBegin("PreloadResources");
|
||||
+ preloadResources();
|
||||
+ bootTimingsTraceLog.traceEnd(); // PreloadResources
|
||||
+ }
|
||||
Trace.traceBegin(Trace.TRACE_TAG_DALVIK, "PreloadAppProcessHALs");
|
||||
nativePreloadAppProcessHALs();
|
||||
Trace.traceEnd(Trace.TRACE_TAG_DALVIK);
|
||||
--
|
||||
2.21.0
|
||||
|
||||
|
||||
From 88e59153886fd6e1c60bdf5b0fe7ab9280cd8cae Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Tue, 14 May 2019 14:29:36 -0400
|
||||
Subject: [PATCH 05/10] disable ICU cache pinning for exec spawning
|
||||
|
||||
---
|
||||
core/java/com/android/internal/os/ZygoteInit.java | 12 ++++++++----
|
||||
1 file changed, 8 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/android/internal/os/ZygoteInit.java
|
||||
index 17bdfaa79d0..1dfe23e3293 100644
|
||||
--- a/core/java/com/android/internal/os/ZygoteInit.java
|
||||
+++ b/core/java/com/android/internal/os/ZygoteInit.java
|
||||
@@ -122,9 +122,11 @@ public class ZygoteInit {
|
||||
|
||||
static void preload(TimingsTraceLog bootTimingsTraceLog, boolean fullPreload) {
|
||||
Log.d(TAG, "begin preload");
|
||||
- bootTimingsTraceLog.traceBegin("BeginIcuCachePinning");
|
||||
- beginIcuCachePinning();
|
||||
- bootTimingsTraceLog.traceEnd(); // BeginIcuCachePinning
|
||||
+ if (fullPreload) {
|
||||
+ bootTimingsTraceLog.traceBegin("BeginIcuCachePinning");
|
||||
+ beginIcuCachePinning();
|
||||
+ bootTimingsTraceLog.traceEnd(); // BeginIcuCachePinning
|
||||
+ }
|
||||
bootTimingsTraceLog.traceBegin("PreloadClasses");
|
||||
preloadClasses();
|
||||
bootTimingsTraceLog.traceEnd(); // PreloadClasses
|
||||
@@ -146,7 +148,9 @@ public class ZygoteInit {
|
||||
// Ask the WebViewFactory to do any initialization that must run in the zygote process,
|
||||
// for memory sharing purposes.
|
||||
WebViewFactory.prepareWebViewInZygote();
|
||||
- endIcuCachePinning();
|
||||
+ if (fullPreload) {
|
||||
+ endIcuCachePinning();
|
||||
+ }
|
||||
warmUpJcaProviders();
|
||||
Log.d(TAG, "end preload");
|
||||
|
||||
--
|
||||
2.21.0
|
||||
|
||||
|
||||
From 96fa644f641d0a90a2642219c9dcd49812ff9411 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Tue, 14 May 2019 14:30:59 -0400
|
||||
Subject: [PATCH 06/10] disable class preloading for exec spawning
|
||||
|
||||
---
|
||||
core/java/com/android/internal/os/ZygoteInit.java | 8 +++++---
|
||||
1 file changed, 5 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/android/internal/os/ZygoteInit.java
|
||||
index 1dfe23e3293..fae438512d8 100644
|
||||
--- a/core/java/com/android/internal/os/ZygoteInit.java
|
||||
+++ b/core/java/com/android/internal/os/ZygoteInit.java
|
||||
@@ -127,9 +127,11 @@ public class ZygoteInit {
|
||||
beginIcuCachePinning();
|
||||
bootTimingsTraceLog.traceEnd(); // BeginIcuCachePinning
|
||||
}
|
||||
- bootTimingsTraceLog.traceBegin("PreloadClasses");
|
||||
- preloadClasses();
|
||||
- bootTimingsTraceLog.traceEnd(); // PreloadClasses
|
||||
+ if (fullPreload) {
|
||||
+ bootTimingsTraceLog.traceBegin("PreloadClasses");
|
||||
+ preloadClasses();
|
||||
+ bootTimingsTraceLog.traceEnd(); // PreloadClasses
|
||||
+ }
|
||||
if (fullPreload) {
|
||||
bootTimingsTraceLog.traceBegin("PreloadResources");
|
||||
preloadResources();
|
||||
--
|
||||
2.21.0
|
||||
|
||||
|
||||
From 28dc5c52766abda740c25cc2650b68fa8328d8a8 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Tue, 14 May 2019 14:31:29 -0400
|
||||
Subject: [PATCH 07/10] disable WebView reservation for exec spawning
|
||||
|
||||
---
|
||||
core/java/com/android/internal/os/ZygoteInit.java | 8 +++++---
|
||||
1 file changed, 5 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/android/internal/os/ZygoteInit.java
|
||||
index fae438512d8..75d10f6d92a 100644
|
||||
--- a/core/java/com/android/internal/os/ZygoteInit.java
|
||||
+++ b/core/java/com/android/internal/os/ZygoteInit.java
|
||||
@@ -147,9 +147,11 @@ public class ZygoteInit {
|
||||
}
|
||||
preloadSharedLibraries();
|
||||
preloadTextResources();
|
||||
- // Ask the WebViewFactory to do any initialization that must run in the zygote process,
|
||||
- // for memory sharing purposes.
|
||||
- WebViewFactory.prepareWebViewInZygote();
|
||||
+ if (fullPreload) {
|
||||
+ // Ask the WebViewFactory to do any initialization that must run in the zygote process,
|
||||
+ // for memory sharing purposes.
|
||||
+ WebViewFactory.prepareWebViewInZygote();
|
||||
+ }
|
||||
if (fullPreload) {
|
||||
endIcuCachePinning();
|
||||
}
|
||||
--
|
||||
2.21.0
|
||||
|
||||
|
||||
From 8998af03229d57b69f4dd9b2a3656ea310445568 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Tue, 14 May 2019 14:34:32 -0400
|
||||
Subject: [PATCH 08/10] disable JCA provider warm up for exec spawning
|
||||
|
||||
---
|
||||
.../com/android/internal/os/ZygoteInit.java | 22 ++++++++++---------
|
||||
1 file changed, 12 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/android/internal/os/ZygoteInit.java
|
||||
index 75d10f6d92a..214dbd45109 100644
|
||||
--- a/core/java/com/android/internal/os/ZygoteInit.java
|
||||
+++ b/core/java/com/android/internal/os/ZygoteInit.java
|
||||
@@ -155,7 +155,7 @@ public class ZygoteInit {
|
||||
if (fullPreload) {
|
||||
endIcuCachePinning();
|
||||
}
|
||||
- warmUpJcaProviders();
|
||||
+ warmUpJcaProviders(fullPreload);
|
||||
Log.d(TAG, "end preload");
|
||||
|
||||
sPreloadComplete = true;
|
||||
@@ -223,7 +223,7 @@ public class ZygoteInit {
|
||||
* By doing it here we avoid that each app does it when requesting a service from the
|
||||
* provider for the first time.
|
||||
*/
|
||||
- private static void warmUpJcaProviders() {
|
||||
+ private static void warmUpJcaProviders(boolean fullPreload) {
|
||||
long startTime = SystemClock.uptimeMillis();
|
||||
Trace.traceBegin(
|
||||
Trace.TRACE_TAG_DALVIK, "Starting installation of AndroidKeyStoreProvider");
|
||||
@@ -235,15 +235,17 @@ public class ZygoteInit {
|
||||
+ (SystemClock.uptimeMillis() - startTime) + "ms.");
|
||||
Trace.traceEnd(Trace.TRACE_TAG_DALVIK);
|
||||
|
||||
- startTime = SystemClock.uptimeMillis();
|
||||
- Trace.traceBegin(
|
||||
- Trace.TRACE_TAG_DALVIK, "Starting warm up of JCA providers");
|
||||
- for (Provider p : Security.getProviders()) {
|
||||
- p.warmUpServiceProvision();
|
||||
+ if (fullPreload) {
|
||||
+ startTime = SystemClock.uptimeMillis();
|
||||
+ Trace.traceBegin(
|
||||
+ Trace.TRACE_TAG_DALVIK, "Starting warm up of JCA providers");
|
||||
+ for (Provider p : Security.getProviders()) {
|
||||
+ p.warmUpServiceProvision();
|
||||
+ }
|
||||
+ Log.i(TAG, "Warmed up JCA providers in "
|
||||
+ + (SystemClock.uptimeMillis() - startTime) + "ms.");
|
||||
+ Trace.traceEnd(Trace.TRACE_TAG_DALVIK);
|
||||
}
|
||||
- Log.i(TAG, "Warmed up JCA providers in "
|
||||
- + (SystemClock.uptimeMillis() - startTime) + "ms.");
|
||||
- Trace.traceEnd(Trace.TRACE_TAG_DALVIK);
|
||||
}
|
||||
|
||||
/**
|
||||
--
|
||||
2.21.0
|
||||
|
||||
|
||||
From a60d5e0c25c9c40eb3cab1ad89ad9f1b37c3918a Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Tue, 14 May 2019 15:11:59 -0400
|
||||
Subject: [PATCH 09/10] avoid AssetManager errors with exec spawning
|
||||
|
||||
This causes harmless errors and wastes time spawning a process that's
|
||||
not going to succeed.
|
||||
---
|
||||
core/jni/android_util_AssetManager.cpp | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/core/jni/android_util_AssetManager.cpp b/core/jni/android_util_AssetManager.cpp
|
||||
index fa9f44557d3..08060163017 100644
|
||||
--- a/core/jni/android_util_AssetManager.cpp
|
||||
+++ b/core/jni/android_util_AssetManager.cpp
|
||||
@@ -111,6 +111,10 @@ constexpr inline static ApkAssetsCookie JavaCookieToApkAssetsCookie(jint cookie)
|
||||
|
||||
// This is called by zygote (running as user root) as part of preloadResources.
|
||||
static void NativeVerifySystemIdmaps(JNIEnv* /*env*/, jclass /*clazz*/) {
|
||||
+ // avoid triggering an error with exec-based spawning
|
||||
+ if (getuid() != 0) {
|
||||
+ return;
|
||||
+ }
|
||||
switch (pid_t pid = fork()) {
|
||||
case -1:
|
||||
PLOG(ERROR) << "failed to fork for idmap";
|
||||
--
|
||||
2.21.0
|
||||
|
||||
|
||||
From b086a665c2b3b25535205d29c5dbe9bb2ba6e47a Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Tue, 21 May 2019 23:54:20 -0400
|
||||
Subject: [PATCH 10/10] disable exec spawning when using debugging options
|
||||
|
||||
The debugging options are not yet supported probably, so disable exec
|
||||
spawning when doing debugging.
|
||||
---
|
||||
core/java/com/android/internal/os/ZygoteConnection.java | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/core/java/com/android/internal/os/ZygoteConnection.java b/core/java/com/android/internal/os/ZygoteConnection.java
|
||||
index 7d51be259c2..48a68d96e84 100644
|
||||
--- a/core/java/com/android/internal/os/ZygoteConnection.java
|
||||
+++ b/core/java/com/android/internal/os/ZygoteConnection.java
|
||||
@@ -880,7 +880,7 @@ class ZygoteConnection {
|
||||
throw new IllegalStateException("WrapperInit.execApplication unexpectedly returned");
|
||||
} else {
|
||||
if (!isZygote) {
|
||||
- if (SystemProperties.getBoolean("sys.spawn.exec", true)) {
|
||||
+ if (SystemProperties.getBoolean("sys.spawn.exec", true) && parsedArgs.runtimeFlags == 0) {
|
||||
ExecInit.execApplication(parsedArgs.niceName, parsedArgs.targetSdkVersion,
|
||||
VMRuntime.getCurrentInstructionSet(), parsedArgs.remainingArgs);
|
||||
|
||||
--
|
||||
2.21.0
|
||||
|
||||
|
|
@ -130,7 +130,7 @@ generateBootAnimationShine() {
|
|||
export -f generateBootAnimationShine;
|
||||
|
||||
audit2allowCurrent() {
|
||||
adb logcat -b all -d | audit2allow -p "$ANDROID_PRODUCT_OUT"/root/sepolicy;
|
||||
adb logcat -b all -d | audit2allow -p "$OUT"/root/sepolicy;
|
||||
}
|
||||
export -f audit2allowCurrent;
|
||||
|
||||
|
|
@ -141,6 +141,7 @@ audit2allowADB() {
|
|||
export -f audit2allowADB;
|
||||
|
||||
processRelease() {
|
||||
#Credit: GrapheneOS
|
||||
#https://github.com/GrapheneOS/script/blob/pie/release.sh
|
||||
DEVICE="$1";
|
||||
BLOCK="$2";
|
||||
|
|
|
|||
|
|
@ -60,7 +60,7 @@ cp -r "$DOS_PREBUILT_APPS""android_vendor_FDroid_PrebuiltApps/." "$DOS_BUILD_BAS
|
|||
cp -r "$DOS_PATCHES_COMMON""android_vendor_divested/." "$DOS_BUILD_BASE""vendor/divested/"; #Add our vendor files
|
||||
|
||||
enterAndClear "bionic";
|
||||
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_bionic/0001-HM-Use_HM.patch"; fi;
|
||||
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_bionic/0001-HM-Use_HM.patch"; fi; #(GrapheneOS)
|
||||
|
||||
enterAndClear "bootable/recovery";
|
||||
patch -p1 < "$DOS_PATCHES/android_bootable_recovery/0001-Squash_Menus.patch"; #What's a back button?
|
||||
|
|
@ -76,7 +76,7 @@ enterAndClear "external/sqlite";
|
|||
patch -p1 < "$DOS_PATCHES/android_external_sqlite/0001-Secure_Delete.patch"; #Enable secure_delete by default (CopperheadOS-13.0)
|
||||
|
||||
enterAndClear "frameworks/av";
|
||||
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch"; fi;
|
||||
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch"; fi; #(GrapheneOS)
|
||||
|
||||
enterAndClear "frameworks/base";
|
||||
hardenLocationFWB "$DOS_BUILD_BASE";
|
||||
|
|
@ -89,8 +89,8 @@ if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then patch -p1 < "$DOS_PATCHES/android_f
|
|||
changeDefaultDNS;
|
||||
#patch -p1 < "$DOS_PATCHES/android_frameworks_base/0007-Connectivity.patch"; #Change connectivity check URLs to ours
|
||||
patch -p1 < "$DOS_PATCHES/android_frameworks_base/0008-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries
|
||||
patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0001-Browser_No_Location.patch"; #don't grant location permission to system browsers
|
||||
patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #don't send IMSI to SUPL
|
||||
patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0001-Browser_No_Location.patch"; #don't grant location permission to system browsers (GrapheneOS)
|
||||
patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #don't send IMSI to SUPL (MSe)
|
||||
rm -rf packages/PrintRecommendationService; #App that just creates popups to install proprietary print apps
|
||||
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then
|
||||
|
|
@ -99,7 +99,7 @@ patch -p1 < "$DOS_PATCHES/android_frameworks_opt_net_ims/0001-Fix_Calling.patch"
|
|||
fi;
|
||||
|
||||
enterAndClear "frameworks/opt/net/wifi";
|
||||
#Fix an issue when permision review is enabled that prevents using the Wi-Fi quick tile
|
||||
#Fix an issue when permision review is enabled that prevents using the Wi-Fi quick tile (AndroidHardening)
|
||||
#See https://github.com/CopperheadOS/platform_frameworks_opt_net_wifi/commit/c2a2f077a902226093b25c563e0117e923c7495b
|
||||
sed -i 's/boolean mPermissionReviewRequired/boolean mPermissionReviewRequired = false/' service/java/com/android/server/wifi/WifiServiceImpl.java;
|
||||
awk -i inplace '!/mPermissionReviewRequired = Build.PERMISSIONS_REVIEW_REQUIRED/' service/java/com/android/server/wifi/WifiServiceImpl.java;
|
||||
|
|
@ -126,8 +126,8 @@ patch -p1 < "$DOS_PATCHES/android_packages_apps_PackageInstaller/64d8b44.diff";
|
|||
|
||||
enterAndClear "packages/apps/Settings";
|
||||
git revert 2ebe6058c546194a301c1fd22963d6be4adbf961; #don't hide oem unlock
|
||||
patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks, credit @MSe1969
|
||||
sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/ChooseLockPassword.java; #Increase max password length
|
||||
patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe)
|
||||
sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/ChooseLockPassword.java; #Increase max password length (GrapheneOS)
|
||||
sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service
|
||||
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/PrivacySettings.java; fi; #microG doesn't support Backup, hide the options
|
||||
|
||||
|
|
@ -158,8 +158,8 @@ patch -p1 < "$DOS_PATCHES/android_packages_services_Telephony/0002-More_Preferre
|
|||
enterAndClear "system/core";
|
||||
if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file
|
||||
git revert 0217dddeb5c16903c13ff6c75213619b79ea622b d7aa1231b6a0631f506c0c23816f2cd81645b15f; #Always update recovery XXX: This doesn't seem to work
|
||||
patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden.patch"; #Harden mounts with nodev/noexec/nosuid + misc sysfs changes (CopperheadOS-13.0)
|
||||
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_system_core/0001-HM-Increase_vm_mmc.patch"; fi;
|
||||
patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden.patch"; #Harden mounts with nodev/noexec/nosuid + misc sysfs changes (GrapheneOS)
|
||||
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_system_core/0001-HM-Increase_vm_mmc.patch"; fi; #(GrapheneOS)
|
||||
|
||||
enterAndClear "system/sepolicy";
|
||||
patch -p1 < "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch"; #Fix -user builds for LGE devices
|
||||
|
|
|
|||
|
|
@ -60,7 +60,7 @@ cp -r "$DOS_PREBUILT_APPS""android_vendor_FDroid_PrebuiltApps/." "$DOS_BUILD_BAS
|
|||
cp -r "$DOS_PATCHES_COMMON""android_vendor_divested/." "$DOS_BUILD_BASE""vendor/divested/"; #Add our vendor files
|
||||
|
||||
enterAndClear "bionic";
|
||||
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_bionic/0001-HM-Use_HM.patch"; fi;
|
||||
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_bionic/0001-HM-Use_HM.patch"; fi; #(GrapheneOS)
|
||||
|
||||
enterAndClear "bootable/recovery";
|
||||
#git revert ac258a4f4c4b4b91640cc477ad1ac125f206db02; #Resurrect dm-verity
|
||||
|
|
@ -80,7 +80,7 @@ enterAndClear "external/svox";
|
|||
git revert 1419d63b4889a26d22443fd8df1f9073bf229d3d; #Add back Makefiles
|
||||
|
||||
enterAndClear "frameworks/av";
|
||||
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch"; fi;
|
||||
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch"; fi; #(GrapheneOS)
|
||||
|
||||
enterAndClear "frameworks/base";
|
||||
hardenLocationFWB "$DOS_BUILD_BASE";
|
||||
|
|
@ -88,15 +88,14 @@ sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/
|
|||
sed -i 's/DEFAULT_MAX_FILES_LOWRAM = 300;/DEFAULT_MAX_FILES_LOWRAM = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox
|
||||
sed -i 's/(notif.needNotify)/(true)/' location/java/com/android/internal/location/GpsNetInitiatedHandler.java; #Notify user when location is requested via SUPL
|
||||
sed -i 's/entry == null/entry == null || true/' core/java/android/os/RecoverySystem.java; #Skip update compatibiltity check XXX: TEMPORARY FIX
|
||||
#sed -i 's/!Build.isBuildConsistent()/false/' services/core/java/com/android/server/am/ActivityManagerService.java; #Disable fingerprint mismatch warning XXX: TEMPORARY FIX
|
||||
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_base/0002-Signature_Spoofing.patch"; fi; #Allow packages to spoof their signature (microG)
|
||||
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_base/0003-Harden_Sig_Spoofing.patch"; fi; #Restrict signature spoofing to system apps signed with the platform key
|
||||
changeDefaultDNS;
|
||||
#patch -p1 < "$DOS_PATCHES/android_frameworks_base/0005-Connectivity.patch"; #Change connectivity check URLs to ours
|
||||
patch -p1 < "$DOS_PATCHES/android_frameworks_base/0006-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries
|
||||
patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0001-Browser_No_Location.patch"; #don't grant location permission to system browsers
|
||||
patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #don't send IMSI to SUPL
|
||||
patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #enable fingerprint failed lockout after 5 attempts
|
||||
patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0001-Browser_No_Location.patch"; #don't grant location permission to system browsers (GrapheneOS)
|
||||
patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #don't send IMSI to SUPL (MSe)
|
||||
patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #enable fingerprint failed lockout after 5 attempts (GrapheneOS)
|
||||
rm -rf packages/PrintRecommendationService; #App that just creates popups to install proprietary print apps
|
||||
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then
|
||||
|
|
@ -105,7 +104,7 @@ patch -p1 < "$DOS_PATCHES/android_frameworks_opt_net_ims/0001-Fix_Calling.patch"
|
|||
fi
|
||||
|
||||
enterAndClear "frameworks/opt/net/wifi";
|
||||
#Fix an issue when permision review is enabled that prevents using the Wi-Fi quick tile
|
||||
#Fix an issue when permision review is enabled that prevents using the Wi-Fi quick tile (AndroidHardening)
|
||||
#See https://github.com/CopperheadOS/platform_frameworks_opt_net_wifi/commit/c2a2f077a902226093b25c563e0117e923c7495b
|
||||
sed -i 's/boolean mPermissionReviewRequired/boolean mPermissionReviewRequired = false/' service/java/com/android/server/wifi/WifiServiceImpl.java;
|
||||
awk -i inplace '!/mPermissionReviewRequired = Build.PERMISSIONS_REVIEW_REQUIRED/' service/java/com/android/server/wifi/WifiServiceImpl.java;
|
||||
|
|
@ -124,7 +123,7 @@ awk -i inplace '!/WeatherManagerServiceBroker/' lineage/res/res/values/config.xm
|
|||
if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then awk -i inplace '!/LineageAudioService/' lineage/res/res/values/config.xml; fi;
|
||||
|
||||
enterAndClear "packages/apps/Contacts";
|
||||
patch -p1 < "$DOS_PATCHES_COMMON/android_packages_apps_Contacts/0001-No_Google_Links.patch"; #Remove Privacy Policy and Terms of Service links
|
||||
patch -p1 < "$DOS_PATCHES_COMMON/android_packages_apps_Contacts/0001-No_Google_Links.patch"; #Remove Privacy Policy and Terms of Service links (GrapheneOS)
|
||||
|
||||
enterAndClear "packages/apps/LineageParts";
|
||||
rm -rf src/org/lineageos/lineageparts/lineagestats/ res/xml/anonymous_stats.xml res/xml/preview_data.xml; #Nuke part of the analytics
|
||||
|
|
@ -132,9 +131,9 @@ patch -p1 < "$DOS_PATCHES/android_packages_apps_LineageParts/0001-Remove_Analyti
|
|||
|
||||
enterAndClear "packages/apps/Settings";
|
||||
git revert a96df110e84123fe1273bff54feca3b4ca484dcd; #don't hide oem unlock
|
||||
patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks, credit @MSe1969
|
||||
patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe)
|
||||
patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0004-PDB_Fixes.patch"; #Fix crashes when the PersistentDataBlockManager service isn't available
|
||||
sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase max password length
|
||||
sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase max password length (GrapheneOS)
|
||||
sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service
|
||||
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/PrivacySettings.java; fi; #microG doesn't support Backup, hide the options
|
||||
|
||||
|
|
@ -162,8 +161,8 @@ patch -p1 < "$DOS_PATCHES/android_packages_services_Telephony/0002-More_Preferre
|
|||
enterAndClear "system/core";
|
||||
if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file
|
||||
git revert a6a4ce8e9a6d63014047a447c6bb3ac1fa90b3f4; #Always update recovery
|
||||
patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden.patch"; #Harden mounts with nodev/noexec/nosuid + misc sysfs changes (CopperheadOS-13.0)
|
||||
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_system_core/0001-HM-Increase_vm_mmc.patch"; fi;
|
||||
patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden.patch"; #Harden mounts with nodev/noexec/nosuid + misc sysfs changes (GrapheneOS)
|
||||
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_system_core/0001-HM-Increase_vm_mmc.patch"; fi; #(GrapheneOS)
|
||||
|
||||
enterAndClear "system/sepolicy";
|
||||
patch -p1 < "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch"; #Fix -user builds for LGE devices
|
||||
|
|
@ -207,7 +206,6 @@ sed -i '3itypeattribute hwaddrs misc_block_device_exception;' sepolicy/hwaddrs.t
|
|||
|
||||
enterAndClear "device/lge/mako";
|
||||
echo "allow kickstart usbfs:dir search;" >> sepolicy/kickstart.te; #Fix forceencrypt on first boot
|
||||
#patch -p1 < "$DOS_PATCHES/android_device_lge_mako/0001-Enable_LTE.patch"; #LTE offers enhanced crypto, however the leaked modem is 3 years insecure and eats battery
|
||||
|
||||
enterAndClear "device/oppo/msm8974-common";
|
||||
sed -i "s/TZ.BF.2.0-2.0.0134/TZ.BF.2.0-2.0.0134|TZ.BF.2.0-2.0.0137/" board-info.txt; #Suport new TZ firmware https://review.lineageos.org/#/c/178999/
|
||||
|
|
|
|||
|
|
@ -60,7 +60,7 @@ cp -r "$DOS_PREBUILT_APPS""android_vendor_FDroid_PrebuiltApps/." "$DOS_BUILD_BAS
|
|||
cp -r "$DOS_PATCHES_COMMON""android_vendor_divested/." "$DOS_BUILD_BASE""vendor/divested/"; #Add our vendor files
|
||||
|
||||
enterAndClear "bionic";
|
||||
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_bionic/0001-HM-Use_HM.patch"; fi;
|
||||
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_bionic/0001-HM-Use_HM.patch"; fi; #(GrapheneOS)
|
||||
|
||||
enterAndClear "bootable/recovery";
|
||||
#git revert fe2901b144c515c5a90b547198aed37c209b5a82; #Resurrect dm-verity
|
||||
|
|
@ -80,7 +80,7 @@ sed -i 's/about to delete/unable to delete/' pico/src/com/svox/pico/LangPackUnin
|
|||
awk -i inplace '!/deletePackage/' pico/src/com/svox/pico/LangPackUninstaller.java;
|
||||
|
||||
enterAndClear "frameworks/av";
|
||||
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch"; fi;
|
||||
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch"; fi; #(GrapheneOS)
|
||||
|
||||
enterAndClear "frameworks/base";
|
||||
hardenLocationFWB "$DOS_BUILD_BASE";
|
||||
|
|
@ -94,10 +94,12 @@ if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then patch -p1 < "$DOS_PATCHES/android_f
|
|||
changeDefaultDNS;
|
||||
#patch -p1 < "$DOS_PATCHES/android_frameworks_base/0005-Connectivity.patch"; #Change connectivity check URLs to ours
|
||||
patch -p1 < "$DOS_PATCHES/android_frameworks_base/0006-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries
|
||||
patch -p1 < "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #always restrict access to Build.SERIAL
|
||||
patch -p1 < "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #don't grant location permission to system browsers
|
||||
patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #don't send IMSI to SUPL
|
||||
patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #enable fingerprint failed lockout after 5 attempts
|
||||
patch -p1 < "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #always restrict access to Build.SERIAL (GrapheneOS)
|
||||
patch -p1 < "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #don't grant location permission to system browsers (GrapheneOS)
|
||||
patch -p1 < "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch"; #allow SystemUI to directly manage Bluetooth/WiFi (GrapheneOS)
|
||||
patch -p1 < "$DOS_PATCHES/android_frameworks_base/0010-Exec_Based_Spawning.patch"; #add exec-based spawning support (GrapheneOS)
|
||||
patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #don't send IMSI to SUPL (MSe)
|
||||
patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #enable fingerprint failed lockout after 5 attempts (GrapheneOS)
|
||||
rm -rf packages/PrintRecommendationService; #App that just creates popups to install proprietary print apps
|
||||
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then
|
||||
|
|
@ -105,14 +107,6 @@ enterAndClear "frameworks/opt/net/ims";
|
|||
patch -p1 < "$DOS_PATCHES/android_frameworks_opt_net_ims/0001-Fix_Calling.patch"; #Fix calling when IMS is removed
|
||||
fi
|
||||
|
||||
enterAndClear "frameworks/opt/net/wifi";
|
||||
#Fix an issue when permision review is enabled that prevents using the Wi-Fi quick tile
|
||||
#See https://github.com/CopperheadOS/platform_frameworks_opt_net_wifi/commit/c2a2f077a902226093b25c563e0117e923c7495b
|
||||
sed -i 's/boolean mPermissionReviewRequired/boolean mPermissionReviewRequired = false/' service/java/com/android/server/wifi/WifiServiceImpl.java;
|
||||
awk -i inplace '!/mPermissionReviewRequired = Build.PERMISSIONS_REVIEW_REQUIRED/' service/java/com/android/server/wifi/WifiServiceImpl.java;
|
||||
awk -i inplace '!/\|\| context.getResources\(\).getBoolean\(/' service/java/com/android/server/wifi/WifiServiceImpl.java;
|
||||
awk -i inplace '!/com.android.internal.R.bool.config_permissionReviewRequired/' service/java/com/android/server/wifi/WifiServiceImpl.java;
|
||||
|
||||
if enter "kernel/wireguard"; then
|
||||
if [ "$DOS_WIREGUARD_INCLUDED" = false ]; then rm Android.mk; fi;
|
||||
#Remove system information from HTTP requests
|
||||
|
|
@ -125,15 +119,14 @@ awk -i inplace '!/LineageWeatherManagerService/' lineage/res/res/values/config.x
|
|||
if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then awk -i inplace '!/LineageAudioService/' lineage/res/res/values/config.xml; fi;
|
||||
|
||||
enterAndClear "packages/apps/Contacts";
|
||||
patch -p1 < "$DOS_PATCHES_COMMON/android_packages_apps_Contacts/0001-No_Google_Links.patch"; #Remove Privacy Policy and Terms of Service links
|
||||
patch -p1 < "$DOS_PATCHES_COMMON/android_packages_apps_Contacts/0001-No_Google_Links.patch"; #Remove Privacy Policy and Terms of Service links (GrapheneOS)
|
||||
|
||||
enterAndClear "packages/apps/LineageParts";
|
||||
rm -rf src/org/lineageos/lineageparts/lineagestats/ res/xml/anonymous_stats.xml res/xml/preview_data.xml; #Nuke part of the analytics
|
||||
patch -p1 < "$DOS_PATCHES/android_packages_apps_LineageParts/0001-Remove_Analytics.patch"; #Remove analytics
|
||||
|
||||
enterAndClear "packages/apps/Settings";
|
||||
#patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks, credit @MSe1969
|
||||
sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase max password length
|
||||
sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase max password length (GrapheneOS)
|
||||
sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service
|
||||
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/PrivacySettings.java; fi; #microG doesn't support Backup, hide the options
|
||||
|
||||
|
|
@ -146,12 +139,6 @@ patch -p1 < "$DOS_PATCHES/android_packages_apps_Updater/0002-Tor_Support.patch";
|
|||
sed -i 's/PROP_BUILD_VERSION_INCREMENTAL);/PROP_BUILD_VERSION_INCREMENTAL).replaceAll("\\\\.", "");/' src/org/lineageos/updater/misc/Utils.java; #Remove periods from incremental version
|
||||
#TODO: Remove changelog
|
||||
|
||||
#enterAndClear "packages/apps/WallpaperPicker";
|
||||
#TODO: Add back wallpapers
|
||||
#sed -i 's/req.touchEnabled = touchEnabled;/req.touchEnabled = true;/' src/com/android/wallpaperpicker/WallpaperCropActivity.java; #Allow scrolling
|
||||
#sed -i 's/mCropView.setTouchEnabled(req.touchEnabled);/mCropView.setTouchEnabled(true);/' src/com/android/wallpaperpicker/WallpaperCropActivity.java;
|
||||
#sed -i 's/WallpaperUtils.EXTRA_WALLPAPER_OFFSET, 0);/WallpaperUtils.EXTRA_WALLPAPER_OFFSET, 0.5f);/' src/com/android/wallpaperpicker/WallpaperPickerActivity.java; #Center aligned by default
|
||||
|
||||
enterAndClear "packages/inputmethods/LatinIME";
|
||||
patch -p1 < "$DOS_PATCHES_COMMON/android_packages_inputmethods_LatinIME/0001-Voice.patch"; #Remove voice input key
|
||||
|
||||
|
|
@ -161,13 +148,13 @@ patch -p1 < "$DOS_PATCHES/android_packages_services_Telephony/0001-PREREQ_Handle
|
|||
patch -p1 < "$DOS_PATCHES/android_packages_services_Telephony/0002-More_Preferred_Network_Modes.patch";
|
||||
|
||||
enterAndClear "system/extras"
|
||||
patch -p1 < "$DOS_PATCHES/android_system_extras/0001-ext4_pad_filenames.patch"; #FBE: pad filenames more
|
||||
patch -p1 < "$DOS_PATCHES/android_system_extras/0001-ext4_pad_filenames.patch"; #FBE: pad filenames more (GrapheneOS)
|
||||
|
||||
enterAndClear "system/core";
|
||||
if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file
|
||||
#git revert b3609d82999d23634c5e6db706a3ecbc5348309a; #Always update recovery XXX: recovery doesn't boot
|
||||
patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden.patch"; #Harden mounts with nodev/noexec/nosuid + misc sysfs changes (CopperheadOS-13.0)
|
||||
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_system_core/0001-HM-Increase_vm_mmc.patch"; fi;
|
||||
patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden.patch"; #Harden mounts with nodev/noexec/nosuid + misc sysfs changes (GrapheneOS)
|
||||
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_system_core/0001-HM-Increase_vm_mmc.patch"; fi; #(GrapheneOS)
|
||||
|
||||
enterAndClear "system/sepolicy";
|
||||
patch -p1 < "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch"; #Fix -user builds for LGE devices
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user