mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2025-05-02 06:26:20 -04:00
19.1: more work, it compiles and boots!
- Add the manifest - Add Pixel 2 series - Add some missing patches - More DNS files - Drop Silence in 19.1 Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
Tad
parent
1705545d22
commit
3a0659b9d8
27 changed files with 1196 additions and 46 deletions
|
|
@ -801,6 +801,7 @@ deblobVendorBp() {
|
|||
#TODO make this work for more then these two blobs
|
||||
#Credit: https://stackoverflow.com/a/26053127
|
||||
sed -i ':a;N;s/\n/&/3;Ta;/manifest_android.hardware.drm@1.3-service.widevine.xml/!{P;D};:b;N;s/\n/&/8;Tb;d' "$bpfile";
|
||||
sed -i ':a;N;s/\n/&/3;Ta;/manifest_android.hardware.drm@1.4-service.widevine.xml/!{P;D};:b;N;s/\n/&/8;Tb;d' "$bpfile";
|
||||
sed -i ':a;N;s/\n/&/3;Ta;/vendor.qti.hardware.radio.atcmdfwd@1.0.xml/!{P;D};:b;N;s/\n/&/8;Tb;d' "$bpfile";
|
||||
}
|
||||
export -f deblobVendorBp;
|
||||
|
|
|
|||
|
|
@ -199,7 +199,7 @@ processRelease() {
|
|||
local OUT_DIR="$DOS_BUILD_BASE/out/target/product/$DEVICE/";
|
||||
|
||||
local RELEASETOOLS_PREFIX="build/tools/releasetools/";
|
||||
if [[ "$DOS_VERSION" == "LineageOS-18.1" ]]; then
|
||||
if [[ "$DOS_VERSION" == "LineageOS-18.1" ]] || [[ "$DOS_VERSION" == "LineageOS-19.1" ]]; then
|
||||
local RELEASETOOLS_PREFIX="";
|
||||
fi;
|
||||
|
||||
|
|
@ -724,7 +724,7 @@ changeDefaultDNS() {
|
|||
echo "You must first set a preset via the DOS_DEFAULT_DNS_PRESET variable in init.sh!";
|
||||
fi;
|
||||
|
||||
local files="$DOS_BUILD_BASE/bionic/libc/dns/net/getaddrinfo.c $DOS_BUILD_BASE/packages/apps/Dialer/java/com/android/voicemail/impl/sync/VvmNetworkRequestCallback.java $DOS_BUILD_BASE/packages/modules/Connectivity/framework/src/android/net/util/DnsUtils.java $DOS_BUILD_BASE/packages/modules/DnsResolver/getaddrinfo.cpp core/java/android/net/util/DnsUtils.java core/res/res/values/config.xml packages/SettingsLib/res/values/strings.xml packages/Tethering/src/com/android/networkstack/tethering/TetheringConfiguration.java services/core/java/com/android/server/connectivity/NetworkDiagnostics.java services/core/java/com/android/server/connectivity/Tethering.java services/core/java/com/android/server/connectivity/tethering/TetheringConfiguration.java services/java/com/android/server/connectivity/Tethering.java tests/BandwidthTests/src/com/android/tests/bandwidthenforcement/BandwidthEnforcementTestService.java core/java/com/android/internal/net/VpnProfile.java";
|
||||
local files="$DOS_BUILD_BASE/bionic/libc/dns/net/getaddrinfo.c $DOS_BUILD_BASE/packages/apps/Dialer/java/com/android/voicemail/impl/sync/VvmNetworkRequestCallback.java $DOS_BUILD_BASE/packages/modules/Connectivity/framework/src/android/net/util/DnsUtils.java $DOS_BUILD_BASE/packages/modules/Connectivity/service/src/com/android/server/connectivity/NetworkDiagnostics.java $DOS_BUILD_BASE/packages/modules/Connectivity/Tethering/src/com/android/networkstack/tethering/TetheringConfiguration.java $DOS_BUILD_BASE/packages/modules/DnsResolver/DnsResolver/doh.rs $DOS_BUILD_BASE/packages/modules/DnsResolver/DnsResolver/getaddrinfo.cpp $DOS_BUILD_BASE/packages/modules/DnsResolver/getaddrinfo.cpp core/java/android/net/util/DnsUtils.java core/java/com/android/internal/net/VpnProfile.java core/res/res/values/config.xml packages/SettingsLib/res/values/strings.xml packages/Tethering/src/com/android/networkstack/tethering/TetheringConfiguration.java services/core/java/com/android/server/connectivity/NetworkDiagnostics.java services/core/java/com/android/server/connectivity/Tethering.java services/core/java/com/android/server/connectivity/tethering/TetheringConfiguration.java services/java/com/android/server/connectivity/Tethering.java tests/BandwidthTests/src/com/android/tests/bandwidthenforcement/BandwidthEnforcementTestService.java";
|
||||
sed -i "s/8\.8\.8\.8/$dnsPrimary/" $files &>/dev/null || true;
|
||||
sed -i "s/2001:4860:4860::8888/$dnsPrimaryV6/" $files &>/dev/null || true;
|
||||
sed -i "s/8\.8\.4\.4/$dnsSecondary/" $files &>/dev/null || true;
|
||||
|
|
|
|||
|
|
@ -34,5 +34,8 @@ sed -i 's/static bool slab_nomerge __ro_after_init = !IS_ENABLED(CONFIG_SLAB_MER
|
|||
#Commented as set by defconfig
|
||||
#sed -i 's/= IS_ENABLED(CONFIG_PAGE_POISONING_ENABLE_DEFAULT);/= true;/' kernel/*/*/mm/page_poison.c &>/dev/null || true; #4.4+ #XXX: shouldn't be enabled past 5.3
|
||||
|
||||
#Build speedup
|
||||
sed -i 's/flags.Tidy = true/flags.Tidy = false/' build/soong/cc/tidy.go &>/dev/null || true; #Disable clang-tidy (GrapheneOS/kdrag0n)
|
||||
|
||||
cd "$DOS_BUILD_BASE";
|
||||
echo -e "\e[0;32m[SCRIPT COMPLETE] Post tweaks complete\e[0m";
|
||||
|
|
|
|||
|
|
@ -91,8 +91,9 @@ patchWorkspace() {
|
|||
touch DOS_PATCHED_FLAG;
|
||||
if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi;
|
||||
|
||||
#source build/envsetup.sh;
|
||||
source build/envsetup.sh;
|
||||
#repopick -it ten-firewall;
|
||||
repopick -it Q_asb_2022-04;
|
||||
|
||||
sh "$DOS_SCRIPTS/Patch.sh";
|
||||
sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";
|
||||
|
|
|
|||
|
|
@ -142,13 +142,14 @@ patchWorkspace() {
|
|||
touch DOS_PATCHED_FLAG;
|
||||
if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi;
|
||||
|
||||
#source build/envsetup.sh;
|
||||
source build/envsetup.sh;
|
||||
#repopick -it eleven-firewall;
|
||||
#repopick -i 314130; #adbconnection: don't spin if adbd isn't running
|
||||
#repopick -i 314453; #TaskViewTouchController: Null check current animation on drag
|
||||
#repopick -i 320663; #Trebuchet: Don't hide home screen rotation setting
|
||||
#repopick -i 321297; #fs_mgr: Don't enable clean_scratch_files on non-dynamic devices
|
||||
#repopick -i 325011; #lineage: Opt-in to shipping full recovery image by default
|
||||
repopick -it R_asb_2022-04;
|
||||
|
||||
sh "$DOS_SCRIPTS/Patch.sh";
|
||||
sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";
|
||||
|
|
|
|||
|
|
@ -584,8 +584,8 @@ sed -i "s/CONFIG_STRICT_MEMORY_RWX=y/# CONFIG_STRICT_MEMORY_RWX is not set/" ker
|
|||
|
||||
sed -i 's/^YYLTYPE yylloc;/extern YYLTYPE yylloc;/' kernel/*/*/scripts/dtc/dtc-lexer.l*; #Fix builds with GCC 10
|
||||
rm -v kernel/*/*/drivers/staging/greybus/tools/Android.mk || true;
|
||||
awk -i inplace '!/config_wifi_batched_scan_supported/' device/*/*/overlay/frameworks/opt/net/wifi/service/res/values/config.xml; #deprecated
|
||||
awk -i inplace '!/config_wifi_batched_scan_supported/' device/*/*/overlay/frameworks/base/core/res/res/values/config.xml; #deprecated
|
||||
awk -i inplace '!/config_wifi_batched_scan_supported/' device/*/*/overlay/frameworks/opt/net/wifi/service/res/values/config.xml || true; #deprecated
|
||||
awk -i inplace '!/config_wifi_batched_scan_supported/' device/*/*/overlay/frameworks/base/core/res/res/values/config.xml || true; #deprecated
|
||||
#
|
||||
#END OF DEVICE CHANGES
|
||||
#
|
||||
|
|
|
|||
|
|
@ -0,0 +1,90 @@
|
|||
#!/bin/bash
|
||||
cd "$DOS_BUILD_BASE""kernel/google/wahoo"
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0004.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0005.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0006.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0007.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0008.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0009.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0010.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0011.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0012.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0013.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0014.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0015.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0016.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0017.patch
|
||||
#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0019.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0020.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0021.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0022.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0023.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7837/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-1583/^4.6/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6187/^4.7/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8394/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-10153/4.9/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0009.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0610/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0627/ANY/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9059/4.9/0004.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9211/4.9/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9699/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11065/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13693/^4.12.9/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13694/^4.12.9/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14886/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17052/4.9/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18061/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18174/^4.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18204/4.4/0004.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000252/^4.13/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-3575/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5902/4.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5906/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9415/ANY/0005.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-16597/4.4/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/^5.0/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12378/^5.1.5/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12456/^5.1.5/0002.patch
|
||||
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14047/ANY/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15291/4.4/0006.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-16994/4.9/0004.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19051/4.4/0012.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19068/4.4/0004.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14386/3.10-^4.4/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-16119/^5.10/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-0935/4.9/0006.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-1963/ANY/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-4149/4.9/0006.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-20292/4.9/0004.patch
|
||||
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-30324/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-41864/4.9/0006.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-42739/4.9/0004.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-44879/^5.16/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-0435/4.4/0008.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-0487/4.4/0008.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-0492/4.9/0007.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-1016/4.9/0004.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-1199/4.9/0006.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-1199/4.9/0007.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-23037/4.9/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-23039/4.9/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-23040/4.9/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-23042/4.9/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-24958/4.4/0015.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-24958/4.4/0016.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-25258/4.4/0008.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-25375/4.4/0008.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-26966/4.4/0008.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-27223/4.4/0008.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-27950/^5.16/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-28356/4.9/0004.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-GPZ2253/4.9/0007.patch
|
||||
editKernelLocalversion "-dos.p86"
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
|
@ -19,7 +19,7 @@ umask 0022;
|
|||
#Last verified: 2022-04-04
|
||||
|
||||
patchAllKernels() {
|
||||
startPatcher ""; #XXX 19REBASE
|
||||
startPatcher "kernel_google_wahoo";
|
||||
}
|
||||
export -f patchAllKernels;
|
||||
|
||||
|
|
@ -55,7 +55,9 @@ buildAll() {
|
|||
cd "$DOS_BUILD_BASE";
|
||||
if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanWorkspaceForMalware; fi;
|
||||
if [ "$DOS_OPTIMIZE_IMAGES" = true ]; then optimizeImagesRecursive "$DOS_BUILD_BASE"; fi;
|
||||
#XXX 19REBASE
|
||||
#SD835
|
||||
buildDevice taimen avb;
|
||||
#buildDevice walleye avb;
|
||||
}
|
||||
export -f buildAll;
|
||||
|
||||
|
|
@ -65,7 +67,9 @@ patchWorkspace() {
|
|||
touch DOS_PATCHED_FLAG;
|
||||
if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi;
|
||||
|
||||
#source build/envsetup.sh;
|
||||
source build/envsetup.sh;
|
||||
repopick -i 328251; #Scape apostrophes
|
||||
#repopick -it S_asb_2022-04;
|
||||
|
||||
sh "$DOS_SCRIPTS/Patch.sh";
|
||||
sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";
|
||||
|
|
|
|||
|
|
@ -91,7 +91,6 @@ applyPatch "$DOS_PATCHES/android_build/0001-Enable_fwrapv.patch"; #Use -fwrapv a
|
|||
applyPatch "$DOS_PATCHES/android_build/0002-OTA_Keys.patch"; #Add correct keys to recovery for OTA verification
|
||||
if [ "$DOS_GRAPHENE_EXEC" = true ]; then applyPatch "$DOS_PATCHES/android_build/0003-Exec_Based_Spawning.patch"; fi; #Add exec-based spawning support (GrapheneOS) #XXX: most devices override this
|
||||
sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
|
||||
if [ "$DOS_SILENCE_INCLUDED" = true ]; then sed -i 's/messaging/Silence/' target/product/aosp_base_telephony.mk target/product/aosp_product.mk; fi; #Replace the Messaging app with Silence
|
||||
awk -i inplace '!/updatable_apex.mk/' target/product/generic_system.mk; #Disable APEX
|
||||
sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
|
||||
fi;
|
||||
|
|
@ -111,9 +110,9 @@ if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_ex
|
|||
fi;
|
||||
|
||||
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then
|
||||
#if enterAndClear "external/hardened_malloc"; then
|
||||
#applyPatch "$DOS_PATCHES/android_external_hardened_malloc/0001-Broken_Cameras.patch"; #Expand workaround to all camera executables #XXX 19REBASE
|
||||
#fi;
|
||||
if enterAndClear "external/hardened_malloc"; then
|
||||
applyPatch "$DOS_PATCHES/android_external_hardened_malloc/0001-Broken_Cameras.patch"; #Expand workaround to all camera executables
|
||||
fi;
|
||||
fi;
|
||||
|
||||
if enterAndClear "frameworks/base"; then
|
||||
|
|
@ -124,11 +123,12 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Rev
|
|||
applyPatch "$DOS_PATCHES/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after three failed attempts (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0005-User_Logout.patch"; #Allow user logout (GrapheneOS)
|
||||
#applyPatch "$DOS_PATCHES/android_frameworks_base/0012-Private_DNS.patch"; #More 'Private DNS' options (CalyxOS) #XXX 19REBASE: moved
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Special_Permissions.patch"; #Support new special runtime permissions (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-1.patch"; #Make INTERNET into a special runtime permission (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-2.patch"; #Add a NETWORK permission group for INTERNET (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-3.patch"; #net: Notify ConnectivityService of runtime permission changes (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-4.patch"; #Make DownloadManager.enqueue() a no-op when INTERNET permission is revoked (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-5.patch"; #Make DownloadManager.query() a no-op when INTERNET permission is revoked (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Sensors_Permission.patch"; #Add special runtime permission for other sensors (GrapheneOS)
|
||||
if [ "$DOS_TIMEOUTS" = true ]; then
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0014-Automatic_Reboot.patch"; #Timeout for reboot (GrapheneOS)
|
||||
|
|
@ -151,7 +151,8 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-11.pat
|
|||
applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-12.patch";
|
||||
sed -i 's/sys.spawn.exec/persist.security.exec_spawn/' core/java/com/android/internal/os/ZygoteConnection.java;
|
||||
fi;
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0020-Location_Indicators.patch"; #SystemUI: Use new privacy indicators for location (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0020-Location_Indicators-1.patch"; #SystemUI: Use new privacy indicators for location (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0020-Location_Indicators-2.patch"; #Exclude Bluetooth app from Location indicators (GrapheneOS)
|
||||
hardenLocationConf services/core/java/com/android/server/location/gnss/gps_debug.conf; #Harden the default GPS config
|
||||
changeDefaultDNS; #Change the default DNS servers
|
||||
sed -i 's/DEFAULT_USE_COMPACTION = false;/DEFAULT_USE_COMPACTION = true;/' services/core/java/com/android/server/am/CachedAppOptimizer.java; #Enable app compaction by default (GrapheneOS)
|
||||
|
|
@ -171,7 +172,7 @@ if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_fr
|
|||
fi;
|
||||
|
||||
if enterAndClear "frameworks/native"; then
|
||||
then applyPatch "$DOS_PATCHES/android_frameworks_native/0001-Sensors_Permission.patch"; #Require OTHER_SENSORS permission for sensors (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_native/0001-Sensors_Permission.patch"; #Require OTHER_SENSORS permission for sensors (GrapheneOS)
|
||||
fi;
|
||||
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then
|
||||
|
|
@ -272,6 +273,13 @@ applyPatch "$DOS_PATCHES_COMMON/android_packages_inputmethods_LatinIME/0001-Voic
|
|||
applyPatch "$DOS_PATCHES_COMMON/android_packages_inputmethods_LatinIME/0002-Disable_Personalization.patch"; #Disable personalization dictionary by default (GrapheneOS)
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/modules/Connectivity"; then
|
||||
applyPatch "$DOS_PATCHES/android_packages_modules_Connectivity/0001-Network_Permission-1.patch"; #Add callback for enforcing INTERNET permission changes (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_modules_Connectivity/0001-Network_Permission-2.patch"; #Use uid instead of app id (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_modules_Connectivity/0001-Network_Permission-3.patch"; #Skip reportNetworkConnectivity() when permission is revoked (GrapheneOS)
|
||||
#applyPatch "$DOS_PATCHES/android_packages_modules_Connectivity/0002-Private_DNS.patch"; #More 'Private DNS' options (CalyxOS) #XXX 19REBASE
|
||||
fi;
|
||||
|
||||
if [ "$DOS_GRAPHENE_RANDOM_MAC" = true ]; then
|
||||
if enterAndClear "packages/modules/NetworkStack"; then
|
||||
applyPatch "$DOS_PATCHES/android_packages_modules_NetworkStack/0001-Random_MAC.patch"; #Avoid reusing DHCP state for full MAC randomization (GrapheneOS)
|
||||
|
|
@ -348,7 +356,6 @@ sed -i 's/LINEAGE_BUILDTYPE := UNOFFICIAL/LINEAGE_BUILDTYPE := dos/' config/*.mk
|
|||
if [ "$DOS_NON_COMMERCIAL_USE_PATCHES" = true ]; then sed -i 's/LINEAGE_BUILDTYPE := dos/LINEAGE_BUILDTYPE := dosNC/' config/*.mk; fi;
|
||||
echo 'include vendor/divested/divestos.mk' >> config/common.mk; #Include our customizations
|
||||
cp -f "$DOS_PATCHES_COMMON/apns-conf.xml" prebuilt/common/etc/apns-conf.xml; #Update APN list
|
||||
if [ "$DOS_SILENCE_INCLUDED" = true ]; then sed -i 's/messaging/Silence/' config/telephony.mk; fi; #Replace the Messaging app with Silence
|
||||
awk -i inplace '!/Eleven/' config/common_mobile.mk; #Remove Music Player
|
||||
fi;
|
||||
|
||||
|
|
@ -367,7 +374,9 @@ fi;
|
|||
#
|
||||
#START OF DEVICE CHANGES
|
||||
#
|
||||
#none yet
|
||||
if enterAndClear "kernel/google/wahoo"; then
|
||||
sed -i 's/asm(SET_PSTATE_UAO(1));/asm(SET_PSTATE_UAO(1)); return 0;/' arch/arm64/mm/fault.c; #fix build with CONFIG_ARM64_UAO
|
||||
fi;
|
||||
|
||||
#Make changes to all devices
|
||||
cd "$DOS_BUILD_BASE";
|
||||
|
|
@ -397,8 +406,8 @@ enableAutoVarInit || true;
|
|||
|
||||
sed -i 's/^YYLTYPE yylloc;/extern YYLTYPE yylloc;/' kernel/*/*/scripts/dtc/dtc-lexer.l*; #Fix builds with GCC 10
|
||||
rm -v kernel/*/*/drivers/staging/greybus/tools/Android.mk || true;
|
||||
awk -i inplace '!/config_wifi_batched_scan_supported/' device/*/*/overlay/frameworks/opt/net/wifi/service/res/values/config.xml; #deprecated
|
||||
awk -i inplace '!/config_wifi_batched_scan_supported/' device/*/*/overlay/frameworks/base/core/res/res/values/config.xml; #deprecated
|
||||
#awk -i inplace '!/config_wifi_batched_scan_supported/' device/*/*/overlay/frameworks/opt/net/wifi/service/res/values/config.xml || true; #deprecated
|
||||
#awk -i inplace '!/config_wifi_batched_scan_supported/' device/*/*/overlay/frameworks/base/core/res/res/values/config.xml || true; #deprecated
|
||||
#
|
||||
#END OF DEVICE CHANGES
|
||||
#
|
||||
|
|
|
|||
|
|
@ -57,14 +57,14 @@ export DOS_DEBLOBBER_REPLACE_TIME=false; #Set true to replace Qualcomm Time Serv
|
|||
|
||||
#Features
|
||||
export DOS_GPS_GLONASS_FORCED=false; #Enables GLONASS on all devices
|
||||
export DOS_GRAPHENE_BIONIC=true; #Enables the bionic hardening patchset on 16.0+17.1+18.1
|
||||
export DOS_GRAPHENE_CONSTIFY=true; #Enables 'Constify JNINativeMethod tables' patchset on 16.0+17.1+18.1
|
||||
export DOS_GRAPHENE_MALLOC=true; #Enables use of GrapheneOS' hardened memory allocator on 64-bit platforms on 16.0+17.1+18.1
|
||||
export DOS_GRAPHENE_EXEC=true; #Enables use of GrapheneOS' exec spawning feature on 16.0+17.1+18.1
|
||||
export DOS_GRAPHENE_PTRACE_SCOPE=true; #Enables the GrapheneOS ptrace_scope toggle patchset on 17.1+18.1
|
||||
export DOS_GRAPHENE_NETWORK_PERM=true; #Enables use of GrapheneOS' NETWORK permission on 17.1+18.1
|
||||
export DOS_GRAPHENE_RANDOM_MAC=true; #Enables the GrapheneOS always randomize Wi-Fi MAC patchset on 17.1+18.1
|
||||
export DOS_TIMEOUTS=true; #Enables the GrapheneOS/CalyxOS patchset for automatic timeouts of reboot/Wi-Fi/Bluetooth on 17.1+18.1
|
||||
export DOS_GRAPHENE_BIONIC=true; #Enables the bionic hardening patchset on 16.0+17.1+18.1+19.1
|
||||
export DOS_GRAPHENE_CONSTIFY=true; #Enables 'Constify JNINativeMethod tables' patchset on 16.0+17.1+18.1+19.1
|
||||
export DOS_GRAPHENE_MALLOC=true; #Enables use of GrapheneOS' hardened memory allocator on 64-bit platforms on 16.0+17.1+18.1+19.1
|
||||
export DOS_GRAPHENE_EXEC=true; #Enables use of GrapheneOS' exec spawning feature on 16.0+17.1+18.1+19.1
|
||||
export DOS_GRAPHENE_PTRACE_SCOPE=true; #Enables the GrapheneOS ptrace_scope toggle patchset on 17.1+18.1+19.1
|
||||
export DOS_GRAPHENE_NETWORK_PERM=true; #Enables use of GrapheneOS' NETWORK permission on 17.1+18.1, 19.1 has no toggle
|
||||
export DOS_GRAPHENE_RANDOM_MAC=true; #Enables the GrapheneOS always randomize Wi-Fi MAC patchset on 17.1+18.1+19.1
|
||||
export DOS_TIMEOUTS=true; #Enables the GrapheneOS/CalyxOS patchset for automatic timeouts of reboot/Wi-Fi/Bluetooth on 17.1+18.1+19.1
|
||||
export DOS_HOSTS_BLOCKING=true; #Set false to prevent inclusion of a HOSTS file
|
||||
export DOS_HOSTS_BLOCKING_APP="DNS66"; #App installed when built-in blocking is disabled. Options: DNS66
|
||||
export DOS_HOSTS_BLOCKING_LIST="https://divested.dev/hosts-wildcards"; #Must be in the format "127.0.0.1 bad.domain.tld"
|
||||
|
|
@ -73,8 +73,8 @@ export DOS_MICROG_INCLUDED="NLP"; #Determines inclusion of microG. Options: NONE
|
|||
export DOS_NON_COMMERCIAL_USE_PATCHES=false; #Set true to allow inclusion of non-commercial use patches XXX: Unused, see 1dc9247
|
||||
export DOS_OPTIMIZE_IMAGES=false; #Set true to apply lossless optimizations to image resources
|
||||
export DOS_SILENCE_INCLUDED=true; #Set false to disable inclusion of Silence SMS app
|
||||
export DOS_SENSORS_PERM=false; #Set true to provide a per-app sensors permission #XXX: can break things like camera
|
||||
export DOS_SENSORS_PERM_NEW=true;
|
||||
export DOS_SENSORS_PERM=false; #Set true to provide a per-app sensors permission for 14.1/15.1/16.0 #XXX: can break things like camera
|
||||
export DOS_SENSORS_PERM_NEW=true; #For 17.1+18.1
|
||||
export DOS_STRONG_ENCRYPTION_ENABLED=false; #Set true to enable AES 256-bit FDE encryption on 14.1+15.1 XXX: THIS WILL **DESTROY** EXISTING INSTALLS!
|
||||
export DOS_WEBVIEW_LFS=true; #Whether to `git lfs pull` in the WebView repository
|
||||
#alias DOS_WEBVIEW_CHERRYPICK='git pull "https://github.com/LineageOS/android_external_chromium-webview" refs/changes/00/316600/2';
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue