diff --git a/Patches/LineageOS-15.1/android_device_lge_mako/0001-Enable_LTE.patch b/Patches/LineageOS-15.1/android_device_lge_mako/0001-Enable_LTE.patch deleted file mode 100644 index 3c719abc..00000000 --- a/Patches/LineageOS-15.1/android_device_lge_mako/0001-Enable_LTE.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 8d82bed53344a877de91309eef42c6b5f9ca6db1 Mon Sep 17 00:00:00 2001 -From: Tad -Date: Wed, 30 May 2018 02:17:39 -0400 -Subject: [PATCH] Enable LTE - -Change-Id: Iabc9e512ee27cc52466d0baed88c6bc18bc90ad6 ---- - overlay/frameworks/base/core/res/res/values/config.xml | 2 +- - overlay/packages/services/Telephony/res/values/config.xml | 3 +++ - system.prop | 2 +- - 3 files changed, 5 insertions(+), 2 deletions(-) - -diff --git a/overlay/frameworks/base/core/res/res/values/config.xml b/overlay/frameworks/base/core/res/res/values/config.xml -index 1d2e845..e2e1b35 100644 ---- a/overlay/frameworks/base/core/res/res/values/config.xml -+++ b/overlay/frameworks/base/core/res/res/values/config.xml -@@ -212,7 +212,7 @@ - Empty is viewed as "all". Only used on devices which - don't support RIL_REQUEST_GET_RADIO_CAPABILITY - format is UMTS|LTE|... --> -- GSM|WCDMA -+ GSM|WCDMA|LTE - - - true -diff --git a/overlay/packages/services/Telephony/res/values/config.xml b/overlay/packages/services/Telephony/res/values/config.xml -index af352a4..22c65ea 100644 ---- a/overlay/packages/services/Telephony/res/values/config.xml -+++ b/overlay/packages/services/Telephony/res/values/config.xml -@@ -21,4 +21,7 @@ - are routed through the android.media.AudioManager class (true) or through - the com.android.internal.telephony.Phone interface (false). --> - true -+ -+ -+ true - -diff --git a/system.prop b/system.prop -index 0723d79..94ce8fa 100644 ---- a/system.prop -+++ b/system.prop -@@ -26,7 +26,7 @@ debug.hwui.use_buffer_age=false - - # RIL - rild.libpath=/vendor/lib/libril-qc-qmi-1.so --telephony.lteOnCdmaDevice=0 -+telephony.lteOnCdmaDevice=1 - persist.radio.apm_sim_not_pwdn=1 - ro.telephony.call_ring.multiple=0 - --- -2.17.0 - diff --git a/Patches/LineageOS-16.0/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch b/Patches/LineageOS-16.0/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch new file mode 100644 index 00000000..5d6e125a --- /dev/null +++ b/Patches/LineageOS-16.0/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch @@ -0,0 +1,23 @@ +From a507f07f4b04c421400ef8382212aa38cfe37b0d Mon Sep 17 00:00:00 2001 +From: Daniel Micay +Date: Tue, 18 Dec 2018 08:48:14 -0500 +Subject: [PATCH] allow SystemUI to directly manage Bluetooth/WiFi + +--- + packages/SystemUI/AndroidManifest.xml | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/packages/SystemUI/AndroidManifest.xml b/packages/SystemUI/AndroidManifest.xml +index 5599b5a2837..08a8d9f504b 100644 +--- a/packages/SystemUI/AndroidManifest.xml ++++ b/packages/SystemUI/AndroidManifest.xml +@@ -70,6 +70,9 @@ + + + ++ ++ ++ + + + diff --git a/Patches/LineageOS-16.0/android_frameworks_base/0010-Exec_Based_Spawning.patch b/Patches/LineageOS-16.0/android_frameworks_base/0010-Exec_Based_Spawning.patch new file mode 100644 index 00000000..4291e128 --- /dev/null +++ b/Patches/LineageOS-16.0/android_frameworks_base/0010-Exec_Based_Spawning.patch @@ -0,0 +1,508 @@ +From 4ac855656e2df723abb5da9768b3bce77a135490 Mon Sep 17 00:00:00 2001 +From: Daniel Micay +Date: Sat, 14 Mar 2015 18:10:20 -0400 +Subject: [PATCH 01/10] add exec-based spawning support + +--- + .../com/android/internal/os/ExecInit.java | 115 ++++++++++++++++++ + .../com/android/internal/os/WrapperInit.java | 2 +- + .../android/internal/os/ZygoteConnection.java | 7 ++ + 3 files changed, 123 insertions(+), 1 deletion(-) + create mode 100644 core/java/com/android/internal/os/ExecInit.java + +diff --git a/core/java/com/android/internal/os/ExecInit.java b/core/java/com/android/internal/os/ExecInit.java +new file mode 100644 +index 00000000000..10edd64e0f9 +--- /dev/null ++++ b/core/java/com/android/internal/os/ExecInit.java +@@ -0,0 +1,115 @@ ++package com.android.internal.os; ++ ++import android.os.Trace; ++import android.system.ErrnoException; ++import android.system.Os; ++import android.util.Slog; ++import android.util.TimingsTraceLog; ++import dalvik.system.VMRuntime; ++ ++/** ++ * Startup class for the process. ++ * @hide ++ */ ++public class ExecInit { ++ /** ++ * Class not instantiable. ++ */ ++ private ExecInit() { ++ } ++ ++ /** ++ * The main function called when starting a runtime application. ++ * ++ * The first argument is the target SDK version for the app. ++ * ++ * The remaining arguments are passed to the runtime. ++ * ++ * @param args The command-line arguments. ++ */ ++ public static void main(String[] args) { ++ // Parse our mandatory argument. ++ int targetSdkVersion = Integer.parseInt(args[0], 10); ++ ++ // Mimic system Zygote preloading. ++ ZygoteInit.preload(new TimingsTraceLog("ExecInitTiming", ++ Trace.TRACE_TAG_DALVIK)); ++ ++ // Launch the application. ++ String[] runtimeArgs = new String[args.length - 1]; ++ System.arraycopy(args, 1, runtimeArgs, 0, runtimeArgs.length); ++ Runnable r = execInit(targetSdkVersion, runtimeArgs); ++ ++ r.run(); ++ } ++ ++ /** ++ * Executes a runtime application with exec-based spawning. ++ * This method never returns. ++ * ++ * @param niceName The nice name for the application, or null if none. ++ * @param targetSdkVersion The target SDK version for the app. ++ * @param args Arguments for {@link RuntimeInit#main}. ++ */ ++ public static void execApplication(String niceName, int targetSdkVersion, ++ String instructionSet, String[] args) { ++ int niceArgs = niceName == null ? 0 : 1; ++ int baseArgs = 5 + niceArgs; ++ String[] argv = new String[baseArgs + args.length]; ++ if (VMRuntime.is64BitInstructionSet(instructionSet)) { ++ argv[0] = "/system/bin/app_process64"; ++ } else { ++ argv[0] = "/system/bin/app_process32"; ++ } ++ argv[1] = "/system/bin"; ++ argv[2] = "--application"; ++ if (niceName != null) { ++ argv[3] = "--nice-name=" + niceName; ++ } ++ argv[3 + niceArgs] = "com.android.internal.os.ExecInit"; ++ argv[4 + niceArgs] = Integer.toString(targetSdkVersion); ++ System.arraycopy(args, 0, argv, baseArgs, args.length); ++ ++ WrapperInit.preserveCapabilities(); ++ try { ++ Os.execv(argv[0], argv); ++ } catch (ErrnoException e) { ++ throw new RuntimeException(e); ++ } ++ } ++ ++ /** ++ * The main function called when an application is started with exec-based spawning. ++ * ++ * When the app starts, the runtime starts {@link RuntimeInit#main} ++ * which calls {@link main} which then calls this method. ++ * So we don't need to call commonInit() here. ++ * ++ * @param targetSdkVersion target SDK version ++ * @param argv arg strings ++ */ ++ private static Runnable execInit(int targetSdkVersion, String[] argv) { ++ if (RuntimeInit.DEBUG) { ++ Slog.d(RuntimeInit.TAG, "RuntimeInit: Starting application from exec"); ++ } ++ ++ // Check whether the first argument is a "-cp" in argv, and assume the next argument is the ++ // classpath. If found, create a PathClassLoader and use it for applicationInit. ++ ClassLoader classLoader = null; ++ if (argv != null && argv.length > 2 && argv[0].equals("-cp")) { ++ classLoader = ZygoteInit.createPathClassLoader(argv[1], targetSdkVersion); ++ ++ // Install this classloader as the context classloader, too. ++ Thread.currentThread().setContextClassLoader(classLoader); ++ ++ // Remove the classpath from the arguments. ++ String removedArgs[] = new String[argv.length - 2]; ++ System.arraycopy(argv, 2, removedArgs, 0, argv.length - 2); ++ argv = removedArgs; ++ } ++ ++ // Perform the same initialization that would happen after the Zygote forks. ++ Zygote.nativePreApplicationInit(); ++ return RuntimeInit.applicationInit(targetSdkVersion, argv, classLoader); ++ } ++} +diff --git a/core/java/com/android/internal/os/WrapperInit.java b/core/java/com/android/internal/os/WrapperInit.java +index f0e779694c9..9f41a4136db 100644 +--- a/core/java/com/android/internal/os/WrapperInit.java ++++ b/core/java/com/android/internal/os/WrapperInit.java +@@ -183,7 +183,7 @@ public class WrapperInit { + * This is acceptable here as failure will leave the wrapped app with strictly less + * capabilities, which may make it crash, but not exceed its allowances. + */ +- private static void preserveCapabilities() { ++ public static void preserveCapabilities() { + StructCapUserHeader header = new StructCapUserHeader( + OsConstants._LINUX_CAPABILITY_VERSION_3, 0); + StructCapUserData[] data; +diff --git a/core/java/com/android/internal/os/ZygoteConnection.java b/core/java/com/android/internal/os/ZygoteConnection.java +index f537e3e2897..7d51be259c2 100644 +--- a/core/java/com/android/internal/os/ZygoteConnection.java ++++ b/core/java/com/android/internal/os/ZygoteConnection.java +@@ -880,6 +880,13 @@ class ZygoteConnection { + throw new IllegalStateException("WrapperInit.execApplication unexpectedly returned"); + } else { + if (!isZygote) { ++ if (SystemProperties.getBoolean("sys.spawn.exec", true)) { ++ ExecInit.execApplication(parsedArgs.niceName, parsedArgs.targetSdkVersion, ++ VMRuntime.getCurrentInstructionSet(), parsedArgs.remainingArgs); ++ ++ // Should not get here. ++ throw new IllegalStateException("ExecInit.execApplication unexpectedly returned"); ++ } + return ZygoteInit.zygoteInit(parsedArgs.targetSdkVersion, parsedArgs.remainingArgs, + null /* classLoader */); + } else { +-- +2.21.0 + + +From 654f1cc80bd8d51a04f01c56e97bface4bce7811 Mon Sep 17 00:00:00 2001 +From: Daniel Micay +Date: Tue, 14 May 2019 14:24:21 -0400 +Subject: [PATCH 02/10] add parameter for avoiding full preload with exec + +--- + core/java/com/android/internal/os/ExecInit.java | 2 +- + core/java/com/android/internal/os/ZygoteInit.java | 6 +++++- + 2 files changed, 6 insertions(+), 2 deletions(-) + +diff --git a/core/java/com/android/internal/os/ExecInit.java b/core/java/com/android/internal/os/ExecInit.java +index 10edd64e0f9..3ba4664ae8c 100644 +--- a/core/java/com/android/internal/os/ExecInit.java ++++ b/core/java/com/android/internal/os/ExecInit.java +@@ -33,7 +33,7 @@ public class ExecInit { + + // Mimic system Zygote preloading. + ZygoteInit.preload(new TimingsTraceLog("ExecInitTiming", +- Trace.TRACE_TAG_DALVIK)); ++ Trace.TRACE_TAG_DALVIK), false); + + // Launch the application. + String[] runtimeArgs = new String[args.length - 1]; +diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/android/internal/os/ZygoteInit.java +index da195601f72..6acaccbbc3e 100644 +--- a/core/java/com/android/internal/os/ZygoteInit.java ++++ b/core/java/com/android/internal/os/ZygoteInit.java +@@ -120,7 +120,7 @@ public class ZygoteInit { + + private static boolean sPreloadComplete; + +- static void preload(TimingsTraceLog bootTimingsTraceLog) { ++ static void preload(TimingsTraceLog bootTimingsTraceLog, boolean fullPreload) { + Log.d(TAG, "begin preload"); + bootTimingsTraceLog.traceBegin("BeginIcuCachePinning"); + beginIcuCachePinning(); +@@ -149,6 +149,10 @@ public class ZygoteInit { + sPreloadComplete = true; + } + ++ static void preload(TimingsTraceLog bootTimingsTraceLog) { ++ preload(bootTimingsTraceLog, true); ++ } ++ + public static void lazyPreload() { + Preconditions.checkState(!sPreloadComplete); + Log.i(TAG, "Lazily preloading resources."); +-- +2.21.0 + + +From fa13759a9f3c7a4860a6e2aa559cd454e31ac621 Mon Sep 17 00:00:00 2001 +From: Daniel Micay +Date: Tue, 14 May 2019 14:28:27 -0400 +Subject: [PATCH 03/10] disable OpenGL preloading for exec spawning + +--- + core/java/com/android/internal/os/ZygoteInit.java | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/android/internal/os/ZygoteInit.java +index 6acaccbbc3e..09ec9f23545 100644 +--- a/core/java/com/android/internal/os/ZygoteInit.java ++++ b/core/java/com/android/internal/os/ZygoteInit.java +@@ -134,9 +134,11 @@ public class ZygoteInit { + Trace.traceBegin(Trace.TRACE_TAG_DALVIK, "PreloadAppProcessHALs"); + nativePreloadAppProcessHALs(); + Trace.traceEnd(Trace.TRACE_TAG_DALVIK); +- Trace.traceBegin(Trace.TRACE_TAG_DALVIK, "PreloadOpenGL"); +- preloadOpenGL(); +- Trace.traceEnd(Trace.TRACE_TAG_DALVIK); ++ if (fullPreload) { ++ Trace.traceBegin(Trace.TRACE_TAG_DALVIK, "PreloadOpenGL"); ++ preloadOpenGL(); ++ Trace.traceEnd(Trace.TRACE_TAG_DALVIK); ++ } + preloadSharedLibraries(); + preloadTextResources(); + // Ask the WebViewFactory to do any initialization that must run in the zygote process, +-- +2.21.0 + + +From 960ccd579d883ef6426e2d84cff2982cb5e0d83b Mon Sep 17 00:00:00 2001 +From: Daniel Micay +Date: Tue, 14 May 2019 14:28:52 -0400 +Subject: [PATCH 04/10] disable resource preloading for exec spawning + +--- + core/java/com/android/internal/os/ZygoteInit.java | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/android/internal/os/ZygoteInit.java +index 09ec9f23545..17bdfaa79d0 100644 +--- a/core/java/com/android/internal/os/ZygoteInit.java ++++ b/core/java/com/android/internal/os/ZygoteInit.java +@@ -128,9 +128,11 @@ public class ZygoteInit { + bootTimingsTraceLog.traceBegin("PreloadClasses"); + preloadClasses(); + bootTimingsTraceLog.traceEnd(); // PreloadClasses +- bootTimingsTraceLog.traceBegin("PreloadResources"); +- preloadResources(); +- bootTimingsTraceLog.traceEnd(); // PreloadResources ++ if (fullPreload) { ++ bootTimingsTraceLog.traceBegin("PreloadResources"); ++ preloadResources(); ++ bootTimingsTraceLog.traceEnd(); // PreloadResources ++ } + Trace.traceBegin(Trace.TRACE_TAG_DALVIK, "PreloadAppProcessHALs"); + nativePreloadAppProcessHALs(); + Trace.traceEnd(Trace.TRACE_TAG_DALVIK); +-- +2.21.0 + + +From 88e59153886fd6e1c60bdf5b0fe7ab9280cd8cae Mon Sep 17 00:00:00 2001 +From: Daniel Micay +Date: Tue, 14 May 2019 14:29:36 -0400 +Subject: [PATCH 05/10] disable ICU cache pinning for exec spawning + +--- + core/java/com/android/internal/os/ZygoteInit.java | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/android/internal/os/ZygoteInit.java +index 17bdfaa79d0..1dfe23e3293 100644 +--- a/core/java/com/android/internal/os/ZygoteInit.java ++++ b/core/java/com/android/internal/os/ZygoteInit.java +@@ -122,9 +122,11 @@ public class ZygoteInit { + + static void preload(TimingsTraceLog bootTimingsTraceLog, boolean fullPreload) { + Log.d(TAG, "begin preload"); +- bootTimingsTraceLog.traceBegin("BeginIcuCachePinning"); +- beginIcuCachePinning(); +- bootTimingsTraceLog.traceEnd(); // BeginIcuCachePinning ++ if (fullPreload) { ++ bootTimingsTraceLog.traceBegin("BeginIcuCachePinning"); ++ beginIcuCachePinning(); ++ bootTimingsTraceLog.traceEnd(); // BeginIcuCachePinning ++ } + bootTimingsTraceLog.traceBegin("PreloadClasses"); + preloadClasses(); + bootTimingsTraceLog.traceEnd(); // PreloadClasses +@@ -146,7 +148,9 @@ public class ZygoteInit { + // Ask the WebViewFactory to do any initialization that must run in the zygote process, + // for memory sharing purposes. + WebViewFactory.prepareWebViewInZygote(); +- endIcuCachePinning(); ++ if (fullPreload) { ++ endIcuCachePinning(); ++ } + warmUpJcaProviders(); + Log.d(TAG, "end preload"); + +-- +2.21.0 + + +From 96fa644f641d0a90a2642219c9dcd49812ff9411 Mon Sep 17 00:00:00 2001 +From: Daniel Micay +Date: Tue, 14 May 2019 14:30:59 -0400 +Subject: [PATCH 06/10] disable class preloading for exec spawning + +--- + core/java/com/android/internal/os/ZygoteInit.java | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/android/internal/os/ZygoteInit.java +index 1dfe23e3293..fae438512d8 100644 +--- a/core/java/com/android/internal/os/ZygoteInit.java ++++ b/core/java/com/android/internal/os/ZygoteInit.java +@@ -127,9 +127,11 @@ public class ZygoteInit { + beginIcuCachePinning(); + bootTimingsTraceLog.traceEnd(); // BeginIcuCachePinning + } +- bootTimingsTraceLog.traceBegin("PreloadClasses"); +- preloadClasses(); +- bootTimingsTraceLog.traceEnd(); // PreloadClasses ++ if (fullPreload) { ++ bootTimingsTraceLog.traceBegin("PreloadClasses"); ++ preloadClasses(); ++ bootTimingsTraceLog.traceEnd(); // PreloadClasses ++ } + if (fullPreload) { + bootTimingsTraceLog.traceBegin("PreloadResources"); + preloadResources(); +-- +2.21.0 + + +From 28dc5c52766abda740c25cc2650b68fa8328d8a8 Mon Sep 17 00:00:00 2001 +From: Daniel Micay +Date: Tue, 14 May 2019 14:31:29 -0400 +Subject: [PATCH 07/10] disable WebView reservation for exec spawning + +--- + core/java/com/android/internal/os/ZygoteInit.java | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/android/internal/os/ZygoteInit.java +index fae438512d8..75d10f6d92a 100644 +--- a/core/java/com/android/internal/os/ZygoteInit.java ++++ b/core/java/com/android/internal/os/ZygoteInit.java +@@ -147,9 +147,11 @@ public class ZygoteInit { + } + preloadSharedLibraries(); + preloadTextResources(); +- // Ask the WebViewFactory to do any initialization that must run in the zygote process, +- // for memory sharing purposes. +- WebViewFactory.prepareWebViewInZygote(); ++ if (fullPreload) { ++ // Ask the WebViewFactory to do any initialization that must run in the zygote process, ++ // for memory sharing purposes. ++ WebViewFactory.prepareWebViewInZygote(); ++ } + if (fullPreload) { + endIcuCachePinning(); + } +-- +2.21.0 + + +From 8998af03229d57b69f4dd9b2a3656ea310445568 Mon Sep 17 00:00:00 2001 +From: Daniel Micay +Date: Tue, 14 May 2019 14:34:32 -0400 +Subject: [PATCH 08/10] disable JCA provider warm up for exec spawning + +--- + .../com/android/internal/os/ZygoteInit.java | 22 ++++++++++--------- + 1 file changed, 12 insertions(+), 10 deletions(-) + +diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/android/internal/os/ZygoteInit.java +index 75d10f6d92a..214dbd45109 100644 +--- a/core/java/com/android/internal/os/ZygoteInit.java ++++ b/core/java/com/android/internal/os/ZygoteInit.java +@@ -155,7 +155,7 @@ public class ZygoteInit { + if (fullPreload) { + endIcuCachePinning(); + } +- warmUpJcaProviders(); ++ warmUpJcaProviders(fullPreload); + Log.d(TAG, "end preload"); + + sPreloadComplete = true; +@@ -223,7 +223,7 @@ public class ZygoteInit { + * By doing it here we avoid that each app does it when requesting a service from the + * provider for the first time. + */ +- private static void warmUpJcaProviders() { ++ private static void warmUpJcaProviders(boolean fullPreload) { + long startTime = SystemClock.uptimeMillis(); + Trace.traceBegin( + Trace.TRACE_TAG_DALVIK, "Starting installation of AndroidKeyStoreProvider"); +@@ -235,15 +235,17 @@ public class ZygoteInit { + + (SystemClock.uptimeMillis() - startTime) + "ms."); + Trace.traceEnd(Trace.TRACE_TAG_DALVIK); + +- startTime = SystemClock.uptimeMillis(); +- Trace.traceBegin( +- Trace.TRACE_TAG_DALVIK, "Starting warm up of JCA providers"); +- for (Provider p : Security.getProviders()) { +- p.warmUpServiceProvision(); ++ if (fullPreload) { ++ startTime = SystemClock.uptimeMillis(); ++ Trace.traceBegin( ++ Trace.TRACE_TAG_DALVIK, "Starting warm up of JCA providers"); ++ for (Provider p : Security.getProviders()) { ++ p.warmUpServiceProvision(); ++ } ++ Log.i(TAG, "Warmed up JCA providers in " ++ + (SystemClock.uptimeMillis() - startTime) + "ms."); ++ Trace.traceEnd(Trace.TRACE_TAG_DALVIK); + } +- Log.i(TAG, "Warmed up JCA providers in " +- + (SystemClock.uptimeMillis() - startTime) + "ms."); +- Trace.traceEnd(Trace.TRACE_TAG_DALVIK); + } + + /** +-- +2.21.0 + + +From a60d5e0c25c9c40eb3cab1ad89ad9f1b37c3918a Mon Sep 17 00:00:00 2001 +From: Daniel Micay +Date: Tue, 14 May 2019 15:11:59 -0400 +Subject: [PATCH 09/10] avoid AssetManager errors with exec spawning + +This causes harmless errors and wastes time spawning a process that's +not going to succeed. +--- + core/jni/android_util_AssetManager.cpp | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/core/jni/android_util_AssetManager.cpp b/core/jni/android_util_AssetManager.cpp +index fa9f44557d3..08060163017 100644 +--- a/core/jni/android_util_AssetManager.cpp ++++ b/core/jni/android_util_AssetManager.cpp +@@ -111,6 +111,10 @@ constexpr inline static ApkAssetsCookie JavaCookieToApkAssetsCookie(jint cookie) + + // This is called by zygote (running as user root) as part of preloadResources. + static void NativeVerifySystemIdmaps(JNIEnv* /*env*/, jclass /*clazz*/) { ++ // avoid triggering an error with exec-based spawning ++ if (getuid() != 0) { ++ return; ++ } + switch (pid_t pid = fork()) { + case -1: + PLOG(ERROR) << "failed to fork for idmap"; +-- +2.21.0 + + +From b086a665c2b3b25535205d29c5dbe9bb2ba6e47a Mon Sep 17 00:00:00 2001 +From: Daniel Micay +Date: Tue, 21 May 2019 23:54:20 -0400 +Subject: [PATCH 10/10] disable exec spawning when using debugging options + +The debugging options are not yet supported probably, so disable exec +spawning when doing debugging. +--- + core/java/com/android/internal/os/ZygoteConnection.java | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/core/java/com/android/internal/os/ZygoteConnection.java b/core/java/com/android/internal/os/ZygoteConnection.java +index 7d51be259c2..48a68d96e84 100644 +--- a/core/java/com/android/internal/os/ZygoteConnection.java ++++ b/core/java/com/android/internal/os/ZygoteConnection.java +@@ -880,7 +880,7 @@ class ZygoteConnection { + throw new IllegalStateException("WrapperInit.execApplication unexpectedly returned"); + } else { + if (!isZygote) { +- if (SystemProperties.getBoolean("sys.spawn.exec", true)) { ++ if (SystemProperties.getBoolean("sys.spawn.exec", true) && parsedArgs.runtimeFlags == 0) { + ExecInit.execApplication(parsedArgs.niceName, parsedArgs.targetSdkVersion, + VMRuntime.getCurrentInstructionSet(), parsedArgs.remainingArgs); + +-- +2.21.0 + diff --git a/Scripts/Common/Functions.sh b/Scripts/Common/Functions.sh index fce79df7..a4852d75 100644 --- a/Scripts/Common/Functions.sh +++ b/Scripts/Common/Functions.sh @@ -130,7 +130,7 @@ generateBootAnimationShine() { export -f generateBootAnimationShine; audit2allowCurrent() { - adb logcat -b all -d | audit2allow -p "$ANDROID_PRODUCT_OUT"/root/sepolicy; + adb logcat -b all -d | audit2allow -p "$OUT"/root/sepolicy; } export -f audit2allowCurrent; @@ -141,6 +141,7 @@ audit2allowADB() { export -f audit2allowADB; processRelease() { + #Credit: GrapheneOS #https://github.com/GrapheneOS/script/blob/pie/release.sh DEVICE="$1"; BLOCK="$2"; diff --git a/Scripts/LineageOS-14.1/Patch.sh b/Scripts/LineageOS-14.1/Patch.sh index fe1f452f..41a2d6e0 100644 --- a/Scripts/LineageOS-14.1/Patch.sh +++ b/Scripts/LineageOS-14.1/Patch.sh @@ -60,7 +60,7 @@ cp -r "$DOS_PREBUILT_APPS""android_vendor_FDroid_PrebuiltApps/." "$DOS_BUILD_BAS cp -r "$DOS_PATCHES_COMMON""android_vendor_divested/." "$DOS_BUILD_BASE""vendor/divested/"; #Add our vendor files enterAndClear "bionic"; -if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_bionic/0001-HM-Use_HM.patch"; fi; +if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_bionic/0001-HM-Use_HM.patch"; fi; #(GrapheneOS) enterAndClear "bootable/recovery"; patch -p1 < "$DOS_PATCHES/android_bootable_recovery/0001-Squash_Menus.patch"; #What's a back button? @@ -76,7 +76,7 @@ enterAndClear "external/sqlite"; patch -p1 < "$DOS_PATCHES/android_external_sqlite/0001-Secure_Delete.patch"; #Enable secure_delete by default (CopperheadOS-13.0) enterAndClear "frameworks/av"; -if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch"; fi; +if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch"; fi; #(GrapheneOS) enterAndClear "frameworks/base"; hardenLocationFWB "$DOS_BUILD_BASE"; @@ -89,8 +89,8 @@ if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then patch -p1 < "$DOS_PATCHES/android_f changeDefaultDNS; #patch -p1 < "$DOS_PATCHES/android_frameworks_base/0007-Connectivity.patch"; #Change connectivity check URLs to ours patch -p1 < "$DOS_PATCHES/android_frameworks_base/0008-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries -patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0001-Browser_No_Location.patch"; #don't grant location permission to system browsers -patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #don't send IMSI to SUPL +patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0001-Browser_No_Location.patch"; #don't grant location permission to system browsers (GrapheneOS) +patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #don't send IMSI to SUPL (MSe) rm -rf packages/PrintRecommendationService; #App that just creates popups to install proprietary print apps if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then @@ -99,7 +99,7 @@ patch -p1 < "$DOS_PATCHES/android_frameworks_opt_net_ims/0001-Fix_Calling.patch" fi; enterAndClear "frameworks/opt/net/wifi"; -#Fix an issue when permision review is enabled that prevents using the Wi-Fi quick tile +#Fix an issue when permision review is enabled that prevents using the Wi-Fi quick tile (AndroidHardening) #See https://github.com/CopperheadOS/platform_frameworks_opt_net_wifi/commit/c2a2f077a902226093b25c563e0117e923c7495b sed -i 's/boolean mPermissionReviewRequired/boolean mPermissionReviewRequired = false/' service/java/com/android/server/wifi/WifiServiceImpl.java; awk -i inplace '!/mPermissionReviewRequired = Build.PERMISSIONS_REVIEW_REQUIRED/' service/java/com/android/server/wifi/WifiServiceImpl.java; @@ -126,8 +126,8 @@ patch -p1 < "$DOS_PATCHES/android_packages_apps_PackageInstaller/64d8b44.diff"; enterAndClear "packages/apps/Settings"; git revert 2ebe6058c546194a301c1fd22963d6be4adbf961; #don't hide oem unlock -patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks, credit @MSe1969 -sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/ChooseLockPassword.java; #Increase max password length +patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe) +sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/ChooseLockPassword.java; #Increase max password length (GrapheneOS) sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/PrivacySettings.java; fi; #microG doesn't support Backup, hide the options @@ -158,8 +158,8 @@ patch -p1 < "$DOS_PATCHES/android_packages_services_Telephony/0002-More_Preferre enterAndClear "system/core"; if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file git revert 0217dddeb5c16903c13ff6c75213619b79ea622b d7aa1231b6a0631f506c0c23816f2cd81645b15f; #Always update recovery XXX: This doesn't seem to work -patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden.patch"; #Harden mounts with nodev/noexec/nosuid + misc sysfs changes (CopperheadOS-13.0) -if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_system_core/0001-HM-Increase_vm_mmc.patch"; fi; +patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden.patch"; #Harden mounts with nodev/noexec/nosuid + misc sysfs changes (GrapheneOS) +if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_system_core/0001-HM-Increase_vm_mmc.patch"; fi; #(GrapheneOS) enterAndClear "system/sepolicy"; patch -p1 < "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch"; #Fix -user builds for LGE devices diff --git a/Scripts/LineageOS-15.1/Patch.sh b/Scripts/LineageOS-15.1/Patch.sh index 8f6dd05f..e7d75514 100644 --- a/Scripts/LineageOS-15.1/Patch.sh +++ b/Scripts/LineageOS-15.1/Patch.sh @@ -60,7 +60,7 @@ cp -r "$DOS_PREBUILT_APPS""android_vendor_FDroid_PrebuiltApps/." "$DOS_BUILD_BAS cp -r "$DOS_PATCHES_COMMON""android_vendor_divested/." "$DOS_BUILD_BASE""vendor/divested/"; #Add our vendor files enterAndClear "bionic"; -if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_bionic/0001-HM-Use_HM.patch"; fi; +if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_bionic/0001-HM-Use_HM.patch"; fi; #(GrapheneOS) enterAndClear "bootable/recovery"; #git revert ac258a4f4c4b4b91640cc477ad1ac125f206db02; #Resurrect dm-verity @@ -80,7 +80,7 @@ enterAndClear "external/svox"; git revert 1419d63b4889a26d22443fd8df1f9073bf229d3d; #Add back Makefiles enterAndClear "frameworks/av"; -if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch"; fi; +if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch"; fi; #(GrapheneOS) enterAndClear "frameworks/base"; hardenLocationFWB "$DOS_BUILD_BASE"; @@ -88,15 +88,14 @@ sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/ sed -i 's/DEFAULT_MAX_FILES_LOWRAM = 300;/DEFAULT_MAX_FILES_LOWRAM = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox sed -i 's/(notif.needNotify)/(true)/' location/java/com/android/internal/location/GpsNetInitiatedHandler.java; #Notify user when location is requested via SUPL sed -i 's/entry == null/entry == null || true/' core/java/android/os/RecoverySystem.java; #Skip update compatibiltity check XXX: TEMPORARY FIX -#sed -i 's/!Build.isBuildConsistent()/false/' services/core/java/com/android/server/am/ActivityManagerService.java; #Disable fingerprint mismatch warning XXX: TEMPORARY FIX if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_base/0002-Signature_Spoofing.patch"; fi; #Allow packages to spoof their signature (microG) if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_base/0003-Harden_Sig_Spoofing.patch"; fi; #Restrict signature spoofing to system apps signed with the platform key changeDefaultDNS; #patch -p1 < "$DOS_PATCHES/android_frameworks_base/0005-Connectivity.patch"; #Change connectivity check URLs to ours patch -p1 < "$DOS_PATCHES/android_frameworks_base/0006-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries -patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0001-Browser_No_Location.patch"; #don't grant location permission to system browsers -patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #don't send IMSI to SUPL -patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #enable fingerprint failed lockout after 5 attempts +patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0001-Browser_No_Location.patch"; #don't grant location permission to system browsers (GrapheneOS) +patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #don't send IMSI to SUPL (MSe) +patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #enable fingerprint failed lockout after 5 attempts (GrapheneOS) rm -rf packages/PrintRecommendationService; #App that just creates popups to install proprietary print apps if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then @@ -105,7 +104,7 @@ patch -p1 < "$DOS_PATCHES/android_frameworks_opt_net_ims/0001-Fix_Calling.patch" fi enterAndClear "frameworks/opt/net/wifi"; -#Fix an issue when permision review is enabled that prevents using the Wi-Fi quick tile +#Fix an issue when permision review is enabled that prevents using the Wi-Fi quick tile (AndroidHardening) #See https://github.com/CopperheadOS/platform_frameworks_opt_net_wifi/commit/c2a2f077a902226093b25c563e0117e923c7495b sed -i 's/boolean mPermissionReviewRequired/boolean mPermissionReviewRequired = false/' service/java/com/android/server/wifi/WifiServiceImpl.java; awk -i inplace '!/mPermissionReviewRequired = Build.PERMISSIONS_REVIEW_REQUIRED/' service/java/com/android/server/wifi/WifiServiceImpl.java; @@ -124,7 +123,7 @@ awk -i inplace '!/WeatherManagerServiceBroker/' lineage/res/res/values/config.xm if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then awk -i inplace '!/LineageAudioService/' lineage/res/res/values/config.xml; fi; enterAndClear "packages/apps/Contacts"; -patch -p1 < "$DOS_PATCHES_COMMON/android_packages_apps_Contacts/0001-No_Google_Links.patch"; #Remove Privacy Policy and Terms of Service links +patch -p1 < "$DOS_PATCHES_COMMON/android_packages_apps_Contacts/0001-No_Google_Links.patch"; #Remove Privacy Policy and Terms of Service links (GrapheneOS) enterAndClear "packages/apps/LineageParts"; rm -rf src/org/lineageos/lineageparts/lineagestats/ res/xml/anonymous_stats.xml res/xml/preview_data.xml; #Nuke part of the analytics @@ -132,9 +131,9 @@ patch -p1 < "$DOS_PATCHES/android_packages_apps_LineageParts/0001-Remove_Analyti enterAndClear "packages/apps/Settings"; git revert a96df110e84123fe1273bff54feca3b4ca484dcd; #don't hide oem unlock -patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks, credit @MSe1969 +patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe) patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0004-PDB_Fixes.patch"; #Fix crashes when the PersistentDataBlockManager service isn't available -sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase max password length +sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase max password length (GrapheneOS) sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/PrivacySettings.java; fi; #microG doesn't support Backup, hide the options @@ -162,8 +161,8 @@ patch -p1 < "$DOS_PATCHES/android_packages_services_Telephony/0002-More_Preferre enterAndClear "system/core"; if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file git revert a6a4ce8e9a6d63014047a447c6bb3ac1fa90b3f4; #Always update recovery -patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden.patch"; #Harden mounts with nodev/noexec/nosuid + misc sysfs changes (CopperheadOS-13.0) -if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_system_core/0001-HM-Increase_vm_mmc.patch"; fi; +patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden.patch"; #Harden mounts with nodev/noexec/nosuid + misc sysfs changes (GrapheneOS) +if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_system_core/0001-HM-Increase_vm_mmc.patch"; fi; #(GrapheneOS) enterAndClear "system/sepolicy"; patch -p1 < "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch"; #Fix -user builds for LGE devices @@ -207,7 +206,6 @@ sed -i '3itypeattribute hwaddrs misc_block_device_exception;' sepolicy/hwaddrs.t enterAndClear "device/lge/mako"; echo "allow kickstart usbfs:dir search;" >> sepolicy/kickstart.te; #Fix forceencrypt on first boot -#patch -p1 < "$DOS_PATCHES/android_device_lge_mako/0001-Enable_LTE.patch"; #LTE offers enhanced crypto, however the leaked modem is 3 years insecure and eats battery enterAndClear "device/oppo/msm8974-common"; sed -i "s/TZ.BF.2.0-2.0.0134/TZ.BF.2.0-2.0.0134|TZ.BF.2.0-2.0.0137/" board-info.txt; #Suport new TZ firmware https://review.lineageos.org/#/c/178999/ diff --git a/Scripts/LineageOS-16.0/Patch.sh b/Scripts/LineageOS-16.0/Patch.sh index 5e0559ba..9dfbcdef 100644 --- a/Scripts/LineageOS-16.0/Patch.sh +++ b/Scripts/LineageOS-16.0/Patch.sh @@ -60,7 +60,7 @@ cp -r "$DOS_PREBUILT_APPS""android_vendor_FDroid_PrebuiltApps/." "$DOS_BUILD_BAS cp -r "$DOS_PATCHES_COMMON""android_vendor_divested/." "$DOS_BUILD_BASE""vendor/divested/"; #Add our vendor files enterAndClear "bionic"; -if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_bionic/0001-HM-Use_HM.patch"; fi; +if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_bionic/0001-HM-Use_HM.patch"; fi; #(GrapheneOS) enterAndClear "bootable/recovery"; #git revert fe2901b144c515c5a90b547198aed37c209b5a82; #Resurrect dm-verity @@ -80,7 +80,7 @@ sed -i 's/about to delete/unable to delete/' pico/src/com/svox/pico/LangPackUnin awk -i inplace '!/deletePackage/' pico/src/com/svox/pico/LangPackUninstaller.java; enterAndClear "frameworks/av"; -if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch"; fi; +if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch"; fi; #(GrapheneOS) enterAndClear "frameworks/base"; hardenLocationFWB "$DOS_BUILD_BASE"; @@ -94,10 +94,12 @@ if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then patch -p1 < "$DOS_PATCHES/android_f changeDefaultDNS; #patch -p1 < "$DOS_PATCHES/android_frameworks_base/0005-Connectivity.patch"; #Change connectivity check URLs to ours patch -p1 < "$DOS_PATCHES/android_frameworks_base/0006-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries -patch -p1 < "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #always restrict access to Build.SERIAL -patch -p1 < "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #don't grant location permission to system browsers -patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #don't send IMSI to SUPL -patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #enable fingerprint failed lockout after 5 attempts +patch -p1 < "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #always restrict access to Build.SERIAL (GrapheneOS) +patch -p1 < "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #don't grant location permission to system browsers (GrapheneOS) +patch -p1 < "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch"; #allow SystemUI to directly manage Bluetooth/WiFi (GrapheneOS) +patch -p1 < "$DOS_PATCHES/android_frameworks_base/0010-Exec_Based_Spawning.patch"; #add exec-based spawning support (GrapheneOS) +patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #don't send IMSI to SUPL (MSe) +patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #enable fingerprint failed lockout after 5 attempts (GrapheneOS) rm -rf packages/PrintRecommendationService; #App that just creates popups to install proprietary print apps if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then @@ -105,14 +107,6 @@ enterAndClear "frameworks/opt/net/ims"; patch -p1 < "$DOS_PATCHES/android_frameworks_opt_net_ims/0001-Fix_Calling.patch"; #Fix calling when IMS is removed fi -enterAndClear "frameworks/opt/net/wifi"; -#Fix an issue when permision review is enabled that prevents using the Wi-Fi quick tile -#See https://github.com/CopperheadOS/platform_frameworks_opt_net_wifi/commit/c2a2f077a902226093b25c563e0117e923c7495b -sed -i 's/boolean mPermissionReviewRequired/boolean mPermissionReviewRequired = false/' service/java/com/android/server/wifi/WifiServiceImpl.java; -awk -i inplace '!/mPermissionReviewRequired = Build.PERMISSIONS_REVIEW_REQUIRED/' service/java/com/android/server/wifi/WifiServiceImpl.java; -awk -i inplace '!/\|\| context.getResources\(\).getBoolean\(/' service/java/com/android/server/wifi/WifiServiceImpl.java; -awk -i inplace '!/com.android.internal.R.bool.config_permissionReviewRequired/' service/java/com/android/server/wifi/WifiServiceImpl.java; - if enter "kernel/wireguard"; then if [ "$DOS_WIREGUARD_INCLUDED" = false ]; then rm Android.mk; fi; #Remove system information from HTTP requests @@ -125,15 +119,14 @@ awk -i inplace '!/LineageWeatherManagerService/' lineage/res/res/values/config.x if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then awk -i inplace '!/LineageAudioService/' lineage/res/res/values/config.xml; fi; enterAndClear "packages/apps/Contacts"; -patch -p1 < "$DOS_PATCHES_COMMON/android_packages_apps_Contacts/0001-No_Google_Links.patch"; #Remove Privacy Policy and Terms of Service links +patch -p1 < "$DOS_PATCHES_COMMON/android_packages_apps_Contacts/0001-No_Google_Links.patch"; #Remove Privacy Policy and Terms of Service links (GrapheneOS) enterAndClear "packages/apps/LineageParts"; rm -rf src/org/lineageos/lineageparts/lineagestats/ res/xml/anonymous_stats.xml res/xml/preview_data.xml; #Nuke part of the analytics patch -p1 < "$DOS_PATCHES/android_packages_apps_LineageParts/0001-Remove_Analytics.patch"; #Remove analytics enterAndClear "packages/apps/Settings"; -#patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks, credit @MSe1969 -sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase max password length +sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase max password length (GrapheneOS) sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/PrivacySettings.java; fi; #microG doesn't support Backup, hide the options @@ -146,12 +139,6 @@ patch -p1 < "$DOS_PATCHES/android_packages_apps_Updater/0002-Tor_Support.patch"; sed -i 's/PROP_BUILD_VERSION_INCREMENTAL);/PROP_BUILD_VERSION_INCREMENTAL).replaceAll("\\\\.", "");/' src/org/lineageos/updater/misc/Utils.java; #Remove periods from incremental version #TODO: Remove changelog -#enterAndClear "packages/apps/WallpaperPicker"; -#TODO: Add back wallpapers -#sed -i 's/req.touchEnabled = touchEnabled;/req.touchEnabled = true;/' src/com/android/wallpaperpicker/WallpaperCropActivity.java; #Allow scrolling -#sed -i 's/mCropView.setTouchEnabled(req.touchEnabled);/mCropView.setTouchEnabled(true);/' src/com/android/wallpaperpicker/WallpaperCropActivity.java; -#sed -i 's/WallpaperUtils.EXTRA_WALLPAPER_OFFSET, 0);/WallpaperUtils.EXTRA_WALLPAPER_OFFSET, 0.5f);/' src/com/android/wallpaperpicker/WallpaperPickerActivity.java; #Center aligned by default - enterAndClear "packages/inputmethods/LatinIME"; patch -p1 < "$DOS_PATCHES_COMMON/android_packages_inputmethods_LatinIME/0001-Voice.patch"; #Remove voice input key @@ -161,13 +148,13 @@ patch -p1 < "$DOS_PATCHES/android_packages_services_Telephony/0001-PREREQ_Handle patch -p1 < "$DOS_PATCHES/android_packages_services_Telephony/0002-More_Preferred_Network_Modes.patch"; enterAndClear "system/extras" -patch -p1 < "$DOS_PATCHES/android_system_extras/0001-ext4_pad_filenames.patch"; #FBE: pad filenames more +patch -p1 < "$DOS_PATCHES/android_system_extras/0001-ext4_pad_filenames.patch"; #FBE: pad filenames more (GrapheneOS) enterAndClear "system/core"; if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file #git revert b3609d82999d23634c5e6db706a3ecbc5348309a; #Always update recovery XXX: recovery doesn't boot -patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden.patch"; #Harden mounts with nodev/noexec/nosuid + misc sysfs changes (CopperheadOS-13.0) -if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_system_core/0001-HM-Increase_vm_mmc.patch"; fi; +patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden.patch"; #Harden mounts with nodev/noexec/nosuid + misc sysfs changes (GrapheneOS) +if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_system_core/0001-HM-Increase_vm_mmc.patch"; fi; #(GrapheneOS) enterAndClear "system/sepolicy"; patch -p1 < "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch"; #Fix -user builds for LGE devices