mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2025-01-12 16:09:36 -05:00
19.1: more work, it compiles and boots!
- Add the manifest - Add Pixel 2 series - Add some missing patches - More DNS files - Drop Silence in 19.1 Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
parent
1705545d22
commit
3a0659b9d8
69
Manifests/Manifest_LAOS-19.1.xml
Normal file
69
Manifests/Manifest_LAOS-19.1.xml
Normal file
@ -0,0 +1,69 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<manifest>
|
||||
|
||||
<remote name="gitlab" fetch="https://gitlab.com/" />
|
||||
|
||||
<!-- START OF UNNECESSARY REPO REMOVAL -->
|
||||
<remove-project name="LineageOS/android_external_ant-wireless_ant_native" />
|
||||
<remove-project name="LineageOS/android_external_ant-wireless_ant_service" />
|
||||
<remove-project name="LineageOS/android_external_bash" />
|
||||
<remove-project name="LineageOS/android_external_htop" />
|
||||
<remove-project name="LineageOS/android_external_libncurses" />
|
||||
<remove-project name="LineageOS/android_external_nano" />
|
||||
<remove-project name="LineageOS/android_external_openssh" />
|
||||
<remove-project name="LineageOS/android_external_vim" />
|
||||
<remove-project name="LineageOS/android_packages_apps_Eleven" />
|
||||
<remove-project name="LineageOS/android_packages_apps_Jelly" />
|
||||
<remove-project name="LineageOS/android_packages_apps_Stk" />
|
||||
<remove-project name="LineageOS/android_prebuilts_gcc_darwin-x86_aarch64_aarch64-linux-android-4.9" />
|
||||
<remove-project name="LineageOS/android_prebuilts_gcc_darwin-x86_arm_arm-linux-androideabi-4.9" />
|
||||
<remove-project name="LineageOS/android_prebuilts_gcc_darwin-x86_x86_x86_64-linux-android-4.9" />
|
||||
<remove-project name="LineageOS/ansible" />
|
||||
<remove-project name="LineageOS/charter" />
|
||||
<remove-project name="LineageOS/cm_crowdin" />
|
||||
<remove-project name="LineageOS/contributors-cloud-generator" />
|
||||
<remove-project name="LineageOS/cve_tracker" />
|
||||
<remove-project name="LineageOS/hudson" />
|
||||
<remove-project name="LineageOS/lineage_wiki" />
|
||||
<remove-project name="LineageOS/mirror" />
|
||||
<remove-project name="LineageOS/scripts" />
|
||||
<remove-project name="LineageOS/slackbot" />
|
||||
<remove-project name="LineageOS/www" />
|
||||
<remove-project name="platform/packages/apps/SampleLocationAttribution" />
|
||||
<remove-project name="platform/prebuilts/clang/host/darwin-x86" />
|
||||
<remove-project name="platform/prebuilts/gcc/darwin-x86/host/i686-apple-darwin-4.2.1" />
|
||||
<remove-project name="platform/prebuilts/gdb/darwin-x86" />
|
||||
<remove-project name="platform/prebuilts/go/darwin-x86" />
|
||||
<remove-project name="platform/prebuilts/python/darwin-x86/2.7.5" />
|
||||
<!-- END OF UNNECESSARY REPO REMOVAL -->
|
||||
|
||||
<!-- START OF BRANCH SWITCHING -->
|
||||
<!--<remove-project name="platform/external/swiftshader" />
|
||||
<project path="external/swiftshader" name="google/swiftshader" remote="github" revision="master" />-->
|
||||
|
||||
<!-- Switch to the Mulch WebView -->
|
||||
<remove-project name="LineageOS/android_external_chromium-webview" />
|
||||
<project path="external/chromium-webview" name="divested-mobile/mulch" groups="pdk" clone-depth="1" remote="gitlab" revision="master" />
|
||||
<!-- END OF BRANCH SWITCHING -->
|
||||
|
||||
<!-- START OF ADDITIONAL REPOS -->
|
||||
<!-- GrapheneOS -->
|
||||
<project path="external/hardened_malloc" name="GrapheneOS/hardened_malloc" remote="github" revision="12.1" />
|
||||
<!-- END OF ADDITIONAL REPOS -->
|
||||
|
||||
<!-- START OF DEVICE REPOS -->
|
||||
<!-- Common -->
|
||||
<project path="system/qcom" name="LineageOS/android_system_qcom" remote="github" />
|
||||
<project path="external/bson" name="LineageOS/android_external_bson" remote="github" />
|
||||
<project path="hardware/sony/macaddrsetup" name="LineageOS/android_hardware_sony_macaddrsetup" remote="github" />
|
||||
<project path="hardware/sony/simdetect" name="LineageOS/android_hardware_sony_simdetect" remote="github" />
|
||||
<project path="hardware/sony/SonyOpenTelephony" name="LineageOS/android_hardware_sony_SonyOpenTelephony" remote="github" />
|
||||
|
||||
<!-- Google Pixel 2 (taimen/walleye) -->
|
||||
<project path="device/google/taimen" name="LineageOS/android_device_google_taimen" remote="github" />
|
||||
<project path="device/google/muskie" name="LineageOS/android_device_google_muskie" remote="github" />
|
||||
<project path="device/google/walleye" name="LineageOS/android_device_google_walleye" remote="github" />
|
||||
<project path="device/google/wahoo" name="LineageOS/android_device_google_wahoo" remote="github" />
|
||||
<project path="kernel/google/wahoo" name="LineageOS/android_kernel_google_wahoo" remote="github" />
|
||||
|
||||
</manifest>
|
@ -3,6 +3,10 @@ QQ3A.200805.001.2020.09.11.14
|
||||
PQ3B.190801.002.2019.08.25.15
|
||||
|
||||
https time
|
||||
12 https://github.com/GrapheneOS/platform_frameworks_base/commit/1d4e3f495b7b544f6314f04243e9d47b3f8e7102
|
||||
12 https://github.com/GrapheneOS/platform_frameworks_base/commit/2c04a077ec9f3ac6857885199f49f4845b70ec2e
|
||||
12 https://github.com/GrapheneOS/platform_frameworks_base/commit/4a90523abcacd1b2cb69e82b5622d33185aab044
|
||||
12 https://github.com/GrapheneOS/platform_frameworks_base/commit/88fa99ee2312fac5a0dbf50ac6f407be5700f785
|
||||
11 https://github.com/GrapheneOS/platform_frameworks_base/commit/940beb096b9dc078ec1a051ee8c73667885fa5a9
|
||||
11 https://github.com/GrapheneOS/platform_frameworks_base/commit/b92c2eb03ea574cd4a9def02bb81e99812068595
|
||||
11 https://github.com/GrapheneOS/platform_frameworks_base/commit/546c1099f2775391c86f996104d74f307a954a74
|
||||
@ -22,6 +26,10 @@ show passwords
|
||||
11 https://github.com/GrapheneOS/platform_frameworks_base/commit/83586f8b4e0e5075f9823d05158c893b23585eb1
|
||||
10 https://github.com/GrapheneOS/platform_frameworks_base/commit/63f3727cd9cb32c1195cfd83ff9b0d54d7d8dd7d
|
||||
|
||||
power animation
|
||||
12 https://github.com/GrapheneOS/platform_frameworks_base/commit/ee97a8e97ac6feedb9acdec1945cc943b7477b2f
|
||||
12 https://github.com/GrapheneOS/platform_frameworks_base/commit/bd956da828fe5ffce6daf5b30fce7b942cfa6794
|
||||
|
||||
preferred network mode
|
||||
11 https://github.com/GrapheneOS/platform_packages_apps_Settings/commit/286910c6cbc8c77153e7e230a4d02bea745ea571
|
||||
|
||||
@ -53,11 +61,74 @@ nojit
|
||||
9 https://github.com/GrapheneOS/platform_build/commit/5b9927197e63593b9220d1a9280021252ef205e9
|
||||
9 https://github.com/GrapheneOS/platform_build/commit/e36c7aefaa78a1ed5b94c7f51d29277008eea232
|
||||
|
||||
[implemented] user logout
|
||||
12 https://github.com/GrapheneOS/platform_frameworks_base/commit/93838b55c9b6460249a22be42f04026d8780fefc
|
||||
|
||||
[implemented] recovery serial number
|
||||
12 https://github.com/GrapheneOS/platform_bootable_recovery/commit/bf7fe6fb6bf8211b0c5e1259fe5f6eee644fbf3a
|
||||
|
||||
[implemented] google contacts
|
||||
12 https://github.com/GrapheneOS/platform_packages_apps_Contacts/commit/0911fca3386016a506308e0b1e1ecc527153194b
|
||||
12 https://github.com/GrapheneOS/platform_packages_apps_Contacts/commit/2e86c9a6e73bbaa26354ac04340c14643774e662
|
||||
|
||||
[implemented] keyboard personalization
|
||||
12 https://github.com/GrapheneOS/platform_packages_inputmethods_LatinIME/commit/37abf03503ec25d62f3e38d24b5ef4ba31e94ae3
|
||||
|
||||
[implemented] location indicators
|
||||
12 https://github.com/GrapheneOS/platform_packages_modules_Permission/commit/9825dbc644360850b2cb87c8dcafc39101aec865
|
||||
12 https://github.com/GrapheneOS/platform_frameworks_base/commit/b5e18d97d2c35f7288f04050b13813fafaf65d5e
|
||||
12 https://github.com/GrapheneOS/platform_frameworks_base/commit/a5d43c015790e63d94ec252ce9cd2579903a39f2
|
||||
|
||||
[implemented] browser location
|
||||
12 https://github.com/GrapheneOS/platform_packages_modules_Permission/commit/648874c9785f8be251e5168314262f4af1f70766
|
||||
12 https://github.com/GrapheneOS/platform_frameworks_base/commit/248343df0fddd2703399c46eee7ef04d43350686
|
||||
|
||||
[implemented] fbe padding
|
||||
12 https://github.com/GrapheneOS/platform_system_extras/commit/144930183585cec74882a5c0ffa321354ad9eb7e
|
||||
|
||||
[implemented] special permissions
|
||||
12 https://github.com/GrapheneOS/platform_frameworks_base/commit/5bbbffa0d89d19a87a8de83b185cd8d58db31915
|
||||
12 https://github.com/GrapheneOS/platform_packages_modules_Permission/commit/ddac53e6650955e465b585715cff792f5b68c807
|
||||
12 https://github.com/GrapheneOS/platform_packages_modules_Permission/commit/f1898802c8fd7474f723f9a44a316142d940dfed
|
||||
12 https://github.com/GrapheneOS/platform_packages_modules_Permission/commit/58c9f58bbde6789f944daf41d86acdc7b3e205f2
|
||||
12 https://github.com/GrapheneOS/platform_packages_modules_Permission/commit/2d14a42f7bc285e141377018285dc4e3fd8f8f86
|
||||
|
||||
[implemented] sensors permission
|
||||
12 https://github.com/GrapheneOS/platform_packages_modules_Permission/commit/452c474dfae9a312f6e01db5b28de308dbb14cc2
|
||||
12 https://github.com/GrapheneOS/platform_packages_modules_Permission/commit/daed8c4e3ff8bf94a2a9aa319d32ec2ff5653c8f
|
||||
12 https://github.com/GrapheneOS/platform_frameworks_native/commit/dcef490d7cab7bb9f96f8bfe19a8779ac140b26d
|
||||
12 https://github.com/GrapheneOS/platform_frameworks_base/commit/a949bd530bdbedf2078119a90a93d7c15bca6975
|
||||
|
||||
[implemented] network permission
|
||||
12 https://github.com/GrapheneOS/platform_frameworks_base/commit/947744f753638c82775186a3876f2b2ffd7c0244
|
||||
12 https://github.com/GrapheneOS/platform_frameworks_base/commit/7f33d084d32a5f95f53d1919f92f5b14cd310d15
|
||||
12 https://github.com/GrapheneOS/platform_frameworks_base/commit/0a0fdab36ba9c582e9abafc6f42f4e761d1112b5
|
||||
12xhttps://github.com/GrapheneOS/platform_frameworks_base/commit/db5ed44bdd59df344347782e071d4dbd87597d2e
|
||||
12 https://github.com/GrapheneOS/platform_frameworks_base/commit/2f262ed47122e57283ee85c2cca138728559ef35
|
||||
12 https://github.com/GrapheneOS/platform_frameworks_base/commit/7205d5e18ca65893550363e1ad1753c45fb75f50
|
||||
12 https://github.com/GrapheneOS/platform_system_netd/commit/2ced788ce0003767de7df37852a604bac674045f
|
||||
12 https://github.com/GrapheneOS/platform_packages_providers_DownloadProvider/commit/fc7244e100c67f93defc4e6db7b30a1487b7957b
|
||||
12 https://github.com/GrapheneOS/platform_packages_modules_Permission/commit/77c14f62402e9f8023240e72893ee66d4b63d873
|
||||
12 https://github.com/GrapheneOS/platform_packages_modules_Permission/commit/7fe7eb594d03f701fcb8ff492486e773daee7b73
|
||||
12 https://github.com/GrapheneOS/platform_packages_modules_Connectivity/commit/9c4a5ac0cb34b751dbd8cda9f75f21f39b566681
|
||||
12 https://github.com/GrapheneOS/platform_packages_modules_Connectivity/commit/dbf6ae4cd96450a21be0a4dd85fb5addeba67462
|
||||
12 https://github.com/GrapheneOS/platform_packages_modules_Connectivity/commit/34cded990ebd8da8c47cab88f0b1ef523a05d122
|
||||
12 https://github.com/GrapheneOS/platform_libcore/commit/7110daa77503720bbd2f233df53be90b742ce85a
|
||||
|
||||
[implemented] protected fifo/regular
|
||||
12 https://github.com/GrapheneOS/platform_system_core/commit/ddf48612c160b13552588af4d64bc7bb55571618
|
||||
12 https://github.com/GrapheneOS/platform_system_core/commit/fc8f654d4f905ee88c3cdd3494c6a65b2de6d5a1
|
||||
12 https://github.com/GrapheneOS/platform_system_sepolicy/commit/452bfdca38a4ffc3d3a2df9439694fcb8d0f9def
|
||||
|
||||
[implemented] sensitive notifications
|
||||
11 https://github.com/GrapheneOS/platform_frameworks_base/commit/6e027c935088ae32c82b69ed4e072b1d2a8c08a9
|
||||
10 https://github.com/GrapheneOS/platform_frameworks_base/commit/12a3d6dc2b94af26e1be34ec81c2581ef17f1582
|
||||
|
||||
[implemented] always random mac
|
||||
12 https://github.com/GrapheneOS/platform_packages_apps_Settings/commit/2e67bc8b420752bec795235ab6d5c27d0956b017
|
||||
12 https://github.com/GrapheneOS/platform_packages_modules_Wifi/commit/9a9e6eb3232720776230eebd70ab9816d5127c53
|
||||
12 https://github.com/GrapheneOS/platform_packages_modules_NetworkStack/commit/dbc7cd419cdddcae2fc0c10d3cef6b8cdb31e2c4
|
||||
12 https://github.com/GrapheneOS/platform_frameworks_opt_net_wifi/commit/776beebd3d221740ac1b77d8535f745415d171a0
|
||||
11 https://github.com/GrapheneOS/platform_packages_apps_Settings/commit/9bc33b2f1a94c5b801f2c7078b996478cd4d11ac
|
||||
11 https://github.com/GrapheneOS/platform_packages_apps_Settings/commit/bef63219dd362fb130bcaf5da123aeda0259525e
|
||||
11 https://github.com/GrapheneOS/platform_frameworks_base/commit/af41ef65b2eccd298787141fefdd6f63d2b425ee
|
||||
@ -69,6 +140,22 @@ nojit
|
||||
10 https://github.com/GrapheneOS/platform_frameworks_opt_net_wifi/commit/87ede685fec2f92b978891c2eed5776f5f2ca204
|
||||
|
||||
[implemented] bionic hardening
|
||||
12 https://github.com/GrapheneOS/platform_bionic/commit/72dc351222621913b4350ae85fb836e0d6ce45a1 #explicit zero
|
||||
12 https://github.com/GrapheneOS/platform_bionic/commit/1912d38d17233cb5b6b4d0bd5cfc04d5da91fe18 #brk
|
||||
12 https://github.com/GrapheneOS/platform_bionic/commit/c6c9ea18bada95a07504440460e832a4e78c949c #random
|
||||
12 https://github.com/GrapheneOS/platform_bionic/commit/e1a6bc30b4bc7fa926d8a46cab25c690dc4aa9e7 #undefined
|
||||
12 https://github.com/GrapheneOS/platform_bionic/commit/30dbac8f2a08337cbddfc0e457b303e4804a6066 #merge
|
||||
12 https://github.com/GrapheneOS/platform_bionic/commit/4013cc337c8eb9644a9300792629dd2319273ced #vla formatting
|
||||
12 https://github.com/GrapheneOS/platform_bionic/commit/b0c09e61c1c1eb7b356f90201559af95cf2f31d7 #pthread
|
||||
12 https://github.com/GrapheneOS/platform_bionic/commit/cf53a97d763abbfdb7a815604604aa60d36617f2 #read only
|
||||
12 https://github.com/GrapheneOS/platform_bionic/commit/5caf27af9b90ede9a3f6ce059da886e0256e0c08 #zero
|
||||
12 https://github.com/GrapheneOS/platform_bionic/commit/9358db48a7eb46bcc5f5df09b22b0d48617d5604 #fork mmap
|
||||
12 https://github.com/GrapheneOS/platform_bionic/commit/b4aac37c639089dd43af597e013e7234c717ab1e #memprot pthread
|
||||
12 https://github.com/GrapheneOS/platform_bionic/commit/eac5de68f90a127cf86805a62162fd09042ac59a #xor
|
||||
12 https://github.com/GrapheneOS/platform_bionic/commit/74b34dcb984856c6bc0a9f92325857ac2088fddd #junk
|
||||
12 https://github.com/GrapheneOS/platform_bionic/commit/483f5ee420d4d0d2bbb94a005671d0d3fa697855 #guard
|
||||
12 https://github.com/GrapheneOS/platform_bionic/commit/96bf26c75842d93dc9ff954ab84e644a50f18ec5 #pthread guard
|
||||
12 https://github.com/GrapheneOS/platform_bionic/commit/4afc356e9f3953a9e1a75389d5b6279b385daaa7 #stack rand
|
||||
11 https://github.com/GrapheneOS/platform_system_core/commit/b3a0c2c5db28852b6d485542c8a4f1649a256892
|
||||
11 https://github.com/GrapheneOS/platform_bionic/commit/5412c371955014eee8b2246b386ae7f539bac09e #explicit zero
|
||||
11 https://github.com/GrapheneOS/platform_bionic/commit/31456ac632903235e14500af8b5d7dff2d25d724 #brk
|
||||
@ -122,24 +209,36 @@ nojit
|
||||
9 https://github.com/GrapheneOS/platform_bionic/commit/85e5bca0a525a1cb8142aa092286ae3424983dd5 #move
|
||||
|
||||
[implemented] automatically reboot device after timeout if set
|
||||
12 https://github.com/GrapheneOS/platform_frameworks_base/commit/663efe46ab069c5121c729ebe9bb46503e36a813
|
||||
12 https://github.com/GrapheneOS/platform_packages_apps_Settings/commit/a33e2ac46038f8fcf096f4fd129a2f7cee23174b
|
||||
11 https://github.com/GrapheneOS/platform_frameworks_base/commit/3afe69fda4e6d89c90bb5d35e43ed2cc272e20dc
|
||||
11 https://github.com/GrapheneOS/platform_packages_apps_Settings/commit/607919bb5de5aa42558f73840a1f1c06fc5c04fd
|
||||
|
||||
[implemented] Bluetooth auto turn off (CalyxOS)
|
||||
[implemented] Bluetooth auto turn off (partial CalyxOS?
|
||||
12 https://github.com/GrapheneOS/platform_frameworks_base/commit/6577307ef97cfeb4ba951d0c9e2696a21bd1237a
|
||||
12 https://github.com/GrapheneOS/platform_packages_apps_Settings/commit/cfc5b87c62cc67b5a242a3030eba7fff934871b5
|
||||
11 https://github.com/GrapheneOS/platform_frameworks_base/commit/e9d17cd4807dbfa837b16296b3a2e4434c060002
|
||||
11 https://github.com/GrapheneOS/platform_packages_apps_Settings/commit/43ca9fac87286bab5db3be5ee079e0047a469a66
|
||||
|
||||
[implemented] Wi-Fi auto turn off (CalyxOS)
|
||||
[implemented] Wi-Fi auto turn off (partial CalyxOS?)
|
||||
12 https://github.com/GrapheneOS/platform_frameworks_base/commit/b008fb6e05af55577bad6046af4a91af4fccaeca
|
||||
12 https://github.com/GrapheneOS/platform_packages_apps_Settings/commit/0f8a16323cfe431da8146e5ae58972c42b4d32d6
|
||||
11 https://github.com/GrapheneOS/platform_frameworks_base/commit/423f3e151beae0c608881d4bf16b8dff22b5efc6
|
||||
11 https://github.com/GrapheneOS/platform_packages_apps_Settings/commit/ff9e9e0abf72b4df05d21bb462a305c8c09a8ba0
|
||||
|
||||
[implemented] ptrace scope
|
||||
12 https://github.com/GrapheneOS/platform_packages_apps_Settings/commit/5856ae7235b4b7880eee747b36c555ed3dc18c15
|
||||
12 https://github.com/GrapheneOS/platform_system_core/commit/e3f9fc0f142294720e0cc69b6b80a336747def72
|
||||
12 https://github.com/GrapheneOS/platform_system_sepolicy/commit/1969d65929ce84a75f502cd4980ad8f10b10db0c
|
||||
12 https://github.com/GrapheneOS/platform_system_sepolicy/commit/5009524a0aa2930c51dba42390a73bb0da376851
|
||||
11 https://github.com/GrapheneOS/platform_system_core/commit/ad017fba58cf8918a2dfe05f90affd2e1abe6b6a
|
||||
11 https://github.com/GrapheneOS/platform_system_sepolicy/commit/3b896055810f2e38cde0095083811c35bc0a49c6
|
||||
11 https://github.com/GrapheneOS/platform_system_sepolicy/commit/8b0419ac044d5173b9c787cc66180a586c3a601b
|
||||
11 https://github.com/GrapheneOS/platform_packages_apps_Settings/commit/52ea603339c54d589009c8ee218509f3835ad011
|
||||
|
||||
[implemented] fwrapv
|
||||
12 https://github.com/GrapheneOS/platform_build/commit/3f48705d28662a3e95d13f4e7fec6f49f59b34f3
|
||||
12 https://github.com/GrapheneOS/platform_build_soong/commit/428b9ac0dd158026a47b1d512cb6b13bf9995032
|
||||
11 https://github.com/GrapheneOS/platform_build_soong/commit/7c87660739544e1ab3bef757dae869894c01cb2e
|
||||
11 https://github.com/GrapheneOS/platform_build/commit/508c9f9cbd04cdb52806e4ac2e6dd48fd27254d6
|
||||
10 https://github.com/GrapheneOS/platform_build_soong/commit/6760a427250f7a8249fe45bfd5af35f54ed739b1
|
||||
@ -154,14 +253,23 @@ nojit
|
||||
11 https://github.com/GrapheneOS/platform_frameworks_native/commit/1f05db99ab42ee184c1c318f66bf6ee4b869ae5b
|
||||
|
||||
[implemented] alloc_size
|
||||
12 https://github.com/GrapheneOS/platform_system_bt/commit/3ee1dde662b9b42c1a344fc9c6613b12e96b80cf
|
||||
11 https://github.com/GrapheneOS/platform_system_bt/commit/f242089d3fe68666cba509f005f0ff7d6c26a015
|
||||
10 https://github.com/GrapheneOS/platform_system_bt/commit/abcf485dcff6c7b06b0f241b4729fc8e2cf1d74f
|
||||
9x https://github.com/GrapheneOS/platform_system_bt/commit/c5db5a9f9e8c0b7fc0b96390f5a58089f8fbbe32
|
||||
|
||||
[implemented] secondary user disable install
|
||||
12 https://github.com/GrapheneOS/platform_packages_apps_Settings/commit/2120c698b9146047a9a76a61cc9946a8be30c210
|
||||
11 https://github.com/GrapheneOS/platform_packages_apps_Settings/commit/62f81c237b7f4a33fbb13752def9cbf3f5c9e0d4
|
||||
|
||||
[implemented] constify
|
||||
12 https://github.com/GrapheneOS/platform_frameworks_base/commit/b3a5c3db7fa158619656871ba3c5e3a73ee73725
|
||||
12 https://github.com/GrapheneOS/platform_art/commit/290124f03583d79e9d444af3a047137d65d27870
|
||||
12 https://github.com/GrapheneOS/platform_packages_apps_Nfc/commit/862e68ca4e085bbb008196f2483f37ef4d0ed331
|
||||
12 https://github.com/GrapheneOS/platform_packages_apps_Bluetooth/commit/eecdcd777151732b6265dac81b900ebfe86bed96
|
||||
12 https://github.com/GrapheneOS/platform_libcore/commit/20c0c9bf60900ea3a1377f9e95427c849e3c441e
|
||||
12 https://github.com/GrapheneOS/platform_frameworks_ex/commit/b69c15ee1b05ee1d9e6fdbb2c5572e033fa8e3e6
|
||||
12 https://github.com/GrapheneOS/platform_external_conscrypt/commit/2dfc7fcb1fb2a661d48e7bb94bee9e5036090611
|
||||
11 https://github.com/GrapheneOS/platform_frameworks_base/commit/63b9f96a121648ce0815b4ff21a670af9d643203
|
||||
11 https://github.com/GrapheneOS/platform_packages_apps_Bluetooth/commit/d8a62b5156007c507e6de4ced1e0db8c271504ee
|
||||
11 https://github.com/GrapheneOS/platform_libcore/commit/e3a4d64f29c9a0cad11fe06af6ff378c9ea9dbea
|
||||
@ -189,6 +297,21 @@ nojit
|
||||
12 https://github.com/GrapheneOS/platform_frameworks_base/commit/f4b8f281032c4d69b22c6d1b47adec3123c526fc
|
||||
|
||||
[implemented] exec spawning
|
||||
12 https://github.com/GrapheneOS/platform_frameworks_base/commit/0e356d803d9a4fe0cbc8fb41ed7622bea41d7deb
|
||||
12 https://github.com/GrapheneOS/platform_frameworks_base/commit/89dded236b1fee41914510840055b7cc4d6369cb
|
||||
12 https://github.com/GrapheneOS/platform_frameworks_base/commit/e3ffa598b29637f3d67bed71fac3b0c01f6bb881
|
||||
12 https://github.com/GrapheneOS/platform_frameworks_base/commit/47b79274d5ea0bf09a633b43bb72fef167261691
|
||||
12xhttps://github.com/GrapheneOS/platform_frameworks_base/commit/d11e5c8ad0f83e48b9dde21e12227e3dad17956d
|
||||
12 https://github.com/GrapheneOS/platform_frameworks_base/commit/fdc630db4ee0a4e8c6477d0f29d552af7f8089cd
|
||||
12 https://github.com/GrapheneOS/platform_frameworks_base/commit/08a12ec1affc5142f693552d8c3ea2d8422d098c
|
||||
12 https://github.com/GrapheneOS/platform_frameworks_base/commit/d5f04fad42492214df8f0239d9e7e6db186710e3
|
||||
12 https://github.com/GrapheneOS/platform_frameworks_base/commit/0c4a246842953ceb531f78f33de33b902ef2a3df
|
||||
12 https://github.com/GrapheneOS/platform_frameworks_base/commit/46b912e1646989a525b9f948711813beb445e9b6
|
||||
12 https://github.com/GrapheneOS/platform_frameworks_base/commit/067d641615de51032ee8e34d2939bcd4894c2e6d
|
||||
12 https://github.com/GrapheneOS/platform_frameworks_base/commit/8bc4887e3f0be372867537ae1e6b9bed86957412
|
||||
12 https://github.com/GrapheneOS/platform_build/commit/8e01dd93f29aba79e15a211084582afd9681e8ab
|
||||
12 https://github.com/GrapheneOS/platform_libcore/commit/c5ee98157523315b3829d0158082433f8b9f96a3
|
||||
12 https://github.com/GrapheneOS/platform_libcore/commit/7f186c7a6745e1ce9e407e10782086fa35ef746e
|
||||
11 https://github.com/GrapheneOS/platform_frameworks_base/commit/14c3c1d4cd2df5dde69274e76a91b42fa383e577
|
||||
11 https://github.com/GrapheneOS/platform_frameworks_base/commit/ac1943345ec96411ecbac3ce9b15cb371cc03551
|
||||
11 https://github.com/GrapheneOS/platform_frameworks_base/commit/1abb8050413dae6ac6c1a082a38fb555c88534b9
|
||||
@ -230,6 +353,9 @@ nojit
|
||||
9 https://github.com/GrapheneOS/platform_frameworks_base/commit/8806ec3ef166fe1fd1eeb690ace6dd5a7682195c
|
||||
|
||||
[implemented] hardened_malloc
|
||||
12 https://github.com/GrapheneOS/platform_bionic/commit/e63d04c19cf13923165b30ad3b7cd499ad8f05e6
|
||||
12 https://github.com/GrapheneOS/platform_build_soong/commit/cc973e807d440a2cfe7bed420fbf7ae25985ddc1
|
||||
12 https://github.com/GrapheneOS/platform_system_core/commit/0b3bd63d593f3182ab6295695dc092f8a9b0eb20
|
||||
11 https://github.com/GrapheneOS/platform_system_core/commit/8c0f3c0e04d279daf9f0e9a338c698ed95a026b6
|
||||
11 https://github.com/GrapheneOS/platform_build_soong/commit/4e6320c247b78f456a83a0393360e7be1105eb5a
|
||||
11 https://github.com/GrapheneOS/platform_bionic/commit/108754debbfbaf19843aecc76679f302780c5686
|
||||
|
@ -5,6 +5,7 @@ Subject: [PATCH] use Scudo on 32-bit and hardened_malloc on 64-bit
|
||||
|
||||
Co-authored-by: anupritaisno1 <www.anuprita804@gmail.com>
|
||||
Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
|
||||
[tad@spotco.us]: kept Lineage's scudo 32-bit workaround
|
||||
---
|
||||
libc/Android.bp | 39 +++++++++++-------------
|
||||
libc/bionic/h_malloc_wrapper.cpp | 51 ++++++++++++++++++++++++++++++++
|
||||
|
@ -26,7 +26,6 @@ index 4b4ba3ccb8..dac79d1ff7 100644
|
||||
DEXPREOPT_DISABLED_MODULES :=
|
||||
# If a module has multiple setups, the first takes precedence.
|
||||
diff --git a/target/product/security/Android.mk b/target/product/security/Android.mk
|
||||
index cedad5b490..7eea027506 100644
|
||||
--- a/target/product/security/Android.mk
|
||||
+++ b/target/product/security/Android.mk
|
||||
@@ -63,8 +63,15 @@ LOCAL_MODULE_CLASS := ETC
|
||||
@ -52,8 +51,8 @@ index cedad5b490..7eea027506 100644
|
||||
extra_recovery_keys := $(patsubst %,%.x509.pem,$(PRODUCT_EXTRA_RECOVERY_KEYS))
|
||||
|
||||
-$(LOCAL_BUILT_MODULE): PRIVATE_CERT := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem
|
||||
++OTA_PUBLIC_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem
|
||||
++
|
||||
+OTA_PUBLIC_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem
|
||||
+
|
||||
+ifneq ($(OTA_KEY_OVERRIDE_DIR),)
|
||||
+ OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem
|
||||
+endif
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 8e01dd93f29aba79e15a211084582afd9681e8ab Mon Sep 17 00:00:00 2001
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Thu, 17 Sep 2020 10:53:00 -0400
|
||||
Subject: [PATCH] disable enforce RRO for mainline devices
|
||||
@ -14,10 +14,10 @@ Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/target/product/generic_system.mk b/target/product/generic_system.mk
|
||||
index d930957dfb..f0a9400b86 100644
|
||||
index f13c9db4d1..06126f5117 100644
|
||||
--- a/target/product/generic_system.mk
|
||||
+++ b/target/product/generic_system.mk
|
||||
@@ -113,7 +113,7 @@ PRODUCT_COPY_FILES += \
|
||||
@@ -116,7 +116,7 @@ PRODUCT_COPY_FILES += \
|
||||
# Enable dynamic partition size
|
||||
PRODUCT_USE_DYNAMIC_PARTITION_SIZE := true
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From cc973e807d440a2cfe7bed420fbf7ae25985ddc1 Mon Sep 17 00:00:00 2001
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: anupritaisno1 <www.anuprita804@gmail.com>
|
||||
Date: Sun, 13 Sep 2020 09:35:41 +0000
|
||||
Subject: [PATCH] make hardened malloc available to apexes
|
||||
|
@ -0,0 +1,25 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Tad <tad@spotco.us>
|
||||
Date: Tue, 15 Mar 2022 22:18:26 -0400
|
||||
Subject: [PATCH] Expand workaround to all camera executables
|
||||
|
||||
Signed-off-by: Tad <tad@spotco.us>
|
||||
Change-Id: I23513ec0379bbb10829f989690334e9704fd20e2
|
||||
---
|
||||
h_malloc.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/h_malloc.c b/h_malloc.c
|
||||
index 5fceaef..70a3e82 100644
|
||||
--- a/h_malloc.c
|
||||
+++ b/h_malloc.c
|
||||
@@ -1082,7 +1082,8 @@ COLD static void handle_bugs(void) {
|
||||
|
||||
// Pixel 3, Pixel 3 XL, Pixel 3a and Pixel 3a XL camera provider
|
||||
const char camera_provider[] = "/vendor/bin/hw/android.hardware.camera.provider@2.4-service_64";
|
||||
- if (strcmp(camera_provider, path) == 0) {
|
||||
+ // Any camera executable on system partition
|
||||
+ if (strcmp(camera_provider, path) == 0 || (strstr(path, "camera") != NULL && (strncmp("/system", path, 7) == 0 || strncmp("/vendor", path, 7) == 0))) {
|
||||
ro.zero_on_free = false;
|
||||
ro.purge_slabs = false;
|
||||
ro.region_quarantine_protect = false;
|
@ -0,0 +1,43 @@
|
||||
From 2f262ed47122e57283ee85c2cca138728559ef35 Mon Sep 17 00:00:00 2001
|
||||
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
|
||||
Date: Mon, 10 Jan 2022 15:50:33 +0200
|
||||
Subject: [PATCH] make DownloadManager.enqueue() a no-op when INTERNET
|
||||
permission is revoked
|
||||
|
||||
---
|
||||
core/java/android/app/DownloadManager.java | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/core/java/android/app/DownloadManager.java b/core/java/android/app/DownloadManager.java
|
||||
index 355092378279..cb4a16641953 100644
|
||||
--- a/core/java/android/app/DownloadManager.java
|
||||
+++ b/core/java/android/app/DownloadManager.java
|
||||
@@ -16,6 +16,7 @@
|
||||
|
||||
package android.app;
|
||||
|
||||
+import android.Manifest;
|
||||
import android.annotation.NonNull;
|
||||
import android.annotation.Nullable;
|
||||
import android.annotation.RequiresPermission;
|
||||
@@ -31,6 +32,7 @@
|
||||
import android.content.ContentUris;
|
||||
import android.content.ContentValues;
|
||||
import android.content.Context;
|
||||
+import android.content.pm.PackageManager;
|
||||
import android.database.Cursor;
|
||||
import android.database.CursorWrapper;
|
||||
import android.database.DatabaseUtils;
|
||||
@@ -1115,6 +1117,12 @@ public void onMediaStoreDownloadsDeleted(@NonNull LongSparseArray<String> idToMi
|
||||
* calls related to this download.
|
||||
*/
|
||||
public long enqueue(Request request) {
|
||||
+ // don't crash apps that expect INTERNET permission to be always granted
|
||||
+ Context ctx = ActivityThread.currentApplication();
|
||||
+ if (ctx != null && ctx.checkSelfPermission(Manifest.permission.INTERNET) != PackageManager.PERMISSION_GRANTED) {
|
||||
+ // invalid id (DownloadProvider uses SQLite and returns a row id)
|
||||
+ return -1;
|
||||
+ }
|
||||
ContentValues values = request.toContentValues(mPackageName);
|
||||
Uri downloadUri = mResolver.insert(Downloads.Impl.CONTENT_URI, values);
|
||||
long id = Long.parseLong(downloadUri.getLastPathSegment());
|
@ -0,0 +1,35 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
|
||||
Date: Sat, 5 Feb 2022 11:08:55 +0200
|
||||
Subject: [PATCH] make DownloadManager.query() a no-op when INTERNET permission
|
||||
is revoked
|
||||
|
||||
---
|
||||
core/java/android/app/DownloadManager.java | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/core/java/android/app/DownloadManager.java b/core/java/android/app/DownloadManager.java
|
||||
index c209660f4197..2b141e17a80b 100644
|
||||
--- a/core/java/android/app/DownloadManager.java
|
||||
+++ b/core/java/android/app/DownloadManager.java
|
||||
@@ -34,6 +34,7 @@ import android.content.Context;
|
||||
import android.database.Cursor;
|
||||
import android.database.CursorWrapper;
|
||||
import android.database.DatabaseUtils;
|
||||
+import android.database.MatrixCursor;
|
||||
import android.net.ConnectivityManager;
|
||||
import android.net.NetworkPolicyManager;
|
||||
import android.net.Uri;
|
||||
@@ -1170,6 +1171,12 @@ public class DownloadManager {
|
||||
|
||||
/** @hide */
|
||||
public Cursor query(Query query, String[] projection) {
|
||||
+ // don't crash apps that expect INTERNET permission to be always granted
|
||||
+ Context ctx = ActivityThread.currentApplication();
|
||||
+ if (ctx != null && ctx.checkSelfPermission(Manifest.permission.INTERNET) != PackageManager.PERMISSION_GRANTED) {
|
||||
+ // underlying provider is protected by the INTERNET permission
|
||||
+ return new MatrixCursor(projection);
|
||||
+ }
|
||||
Cursor underlyingCursor = query.runQuery(mResolver, projection, mBaseUri);
|
||||
if (underlyingCursor == null) {
|
||||
return null;
|
@ -0,0 +1,24 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: flawedworld <flawedworld@flawed.world>
|
||||
Date: Fri, 25 Feb 2022 01:02:26 +0000
|
||||
Subject: [PATCH] Exclude Bluetooth app from Location indicators
|
||||
|
||||
---
|
||||
core/res/res/values/config.xml | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml
|
||||
index 7305ccc93e93..5114704eac33 100644
|
||||
--- a/core/res/res/values/config.xml
|
||||
+++ b/core/res/res/values/config.xml
|
||||
@@ -1753,7 +1753,9 @@
|
||||
set before. -->
|
||||
<bool name="config_defaultAdasGnssLocationEnabled" translatable="false">false</bool>
|
||||
|
||||
- <string-array name="config_locationExtraPackageNames" translatable="false"></string-array>
|
||||
+ <string-array name="config_locationExtraPackageNames" translatable="false">
|
||||
+ <item>com.android.bluetooth</item>
|
||||
+ </string-array>
|
||||
|
||||
<!-- The package name of the default network recommendation app.
|
||||
A network recommendation provider must:
|
@ -17,21 +17,21 @@ Change-Id: Ibbffdb5f3930df74ca8b4ba93d451f7fad086989
|
||||
res/values-de/cm_strings.xml | 3 +
|
||||
res/values/cm_strings.xml | 5 ++
|
||||
res/xml/network_and_internet.xml | 7 ++
|
||||
.../android/settings/ResetNetworkConfirm.java | 3 +
|
||||
.../android/settings/ResetNetworkConfirm.java | 4 +
|
||||
...CaptivePortalModePreferenceController.java | 82 +++++++++++++++++++
|
||||
.../network/CaptivePortalWarningDialog.java | 74 +++++++++++++++++
|
||||
.../CaptivePortalWarningDialogHost.java | 32 ++++++++
|
||||
.../network/NetworkDashboardFragment.java | 17 +++-
|
||||
8 files changed, 222 insertions(+), 1 deletion(-)
|
||||
8 files changed, 223 insertions(+), 1 deletion(-)
|
||||
create mode 100644 src/com/android/settings/network/CaptivePortalModePreferenceController.java
|
||||
create mode 100644 src/com/android/settings/network/CaptivePortalWarningDialog.java
|
||||
create mode 100644 src/com/android/settings/network/CaptivePortalWarningDialogHost.java
|
||||
|
||||
diff --git a/res/values-de/cm_strings.xml b/res/values-de/cm_strings.xml
|
||||
index 1669bf4fbf..0c3ebffd3e 100644
|
||||
index daf7a19a8f..326564d973 100644
|
||||
--- a/res/values-de/cm_strings.xml
|
||||
+++ b/res/values-de/cm_strings.xml
|
||||
@@ -23,6 +23,9 @@
|
||||
@@ -36,6 +36,9 @@
|
||||
<string name="volume_link_notification_title">Klingelton- und Benachrichtigungslautstärke verknüpfen</string>
|
||||
<string name="unlock_scramble_pin_layout_title">Zufällige Anordnung</string>
|
||||
<string name="unlock_scramble_pin_layout_summary">Bei jedem Entsperrversuch die Ziffernanordnung zufällig neu wählen</string>
|
||||
@ -74,10 +74,18 @@ index d842aad021..7f82235a2b 100644
|
||||
+
|
||||
</PreferenceScreen>
|
||||
diff --git a/src/com/android/settings/ResetNetworkConfirm.java b/src/com/android/settings/ResetNetworkConfirm.java
|
||||
index f79bdb2e36..aab19b4c73 100644
|
||||
index f79bdb2e36..58372582e1 100644
|
||||
--- a/src/com/android/settings/ResetNetworkConfirm.java
|
||||
+++ b/src/com/android/settings/ResetNetworkConfirm.java
|
||||
@@ -142,6 +142,9 @@ public class ResetNetworkConfirm extends InstrumentedFragment {
|
||||
@@ -37,6 +37,7 @@ import android.os.Looper;
|
||||
import android.os.RecoverySystem;
|
||||
import android.os.UserHandle;
|
||||
import android.os.UserManager;
|
||||
+import android.provider.Settings;
|
||||
import android.telephony.SubscriptionManager;
|
||||
import android.telephony.SubscriptionManager.OnSubscriptionsChangedListener;
|
||||
import android.telephony.TelephonyManager;
|
||||
@@ -142,6 +143,9 @@ public class ResetNetworkConfirm extends InstrumentedFragment {
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -0,0 +1,121 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Danny Lin <danny@kdrag0n.dev>
|
||||
Date: Tue, 5 Oct 2021 17:05:49 -0700
|
||||
Subject: [PATCH] Add callback for enforcing INTERNET permission changes
|
||||
|
||||
Change-Id: Ic79b9c6a6cb35c69de16732ce5be0a3e6e81d066
|
||||
---
|
||||
framework/api/system-current.txt | 1 +
|
||||
.../src/android/net/ConnectivityManager.java | 16 ++++++++++++++++
|
||||
.../src/android/net/IConnectivityManager.aidl | 2 ++
|
||||
.../com/android/server/ConnectivityService.java | 6 ++++++
|
||||
.../server/connectivity/PermissionMonitor.java | 5 +++++
|
||||
5 files changed, 30 insertions(+)
|
||||
|
||||
diff --git a/framework/api/system-current.txt b/framework/api/system-current.txt
|
||||
index d1d51da15..09a678d9b 100644
|
||||
--- a/framework/api/system-current.txt
|
||||
+++ b/framework/api/system-current.txt
|
||||
@@ -51,6 +51,7 @@ package android.net {
|
||||
method @Deprecated @RequiresPermission(android.Manifest.permission.NETWORK_SETTINGS) public String getCaptivePortalServerUrl();
|
||||
method @Deprecated @RequiresPermission(android.Manifest.permission.TETHER_PRIVILEGED) public void getLatestTetheringEntitlementResult(int, boolean, @NonNull java.util.concurrent.Executor, @NonNull android.net.ConnectivityManager.OnTetheringEntitlementResultListener);
|
||||
method @Deprecated @RequiresPermission(anyOf={android.Manifest.permission.TETHER_PRIVILEGED, android.Manifest.permission.WRITE_SETTINGS}) public boolean isTetheringSupported();
|
||||
+ method public void onPackagePermissionChanged(int);
|
||||
method @RequiresPermission(anyOf={android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK, android.Manifest.permission.NETWORK_FACTORY}) public int registerNetworkProvider(@NonNull android.net.NetworkProvider);
|
||||
method public void registerQosCallback(@NonNull android.net.QosSocketInfo, @NonNull java.util.concurrent.Executor, @NonNull android.net.QosCallback);
|
||||
method @Deprecated @RequiresPermission(android.Manifest.permission.TETHER_PRIVILEGED) public void registerTetheringEventCallback(@NonNull java.util.concurrent.Executor, @NonNull android.net.ConnectivityManager.OnTetheringEventCallback);
|
||||
diff --git a/framework/src/android/net/ConnectivityManager.java b/framework/src/android/net/ConnectivityManager.java
|
||||
index 2eb5fb72a..fd37a9746 100644
|
||||
--- a/framework/src/android/net/ConnectivityManager.java
|
||||
+++ b/framework/src/android/net/ConnectivityManager.java
|
||||
@@ -16,6 +16,7 @@
|
||||
package android.net;
|
||||
|
||||
import static android.annotation.SystemApi.Client.MODULE_LIBRARIES;
|
||||
+import static android.annotation.SystemApi.Client.SYSTEM_SERVER;
|
||||
import static android.net.NetworkRequest.Type.BACKGROUND_REQUEST;
|
||||
import static android.net.NetworkRequest.Type.LISTEN;
|
||||
import static android.net.NetworkRequest.Type.LISTEN_FOR_BEST;
|
||||
@@ -34,6 +35,7 @@ import android.annotation.SdkConstant.SdkConstantType;
|
||||
import android.annotation.SuppressLint;
|
||||
import android.annotation.SystemApi;
|
||||
import android.annotation.SystemService;
|
||||
+import android.annotation.UserIdInt;
|
||||
import android.app.PendingIntent;
|
||||
import android.app.admin.DevicePolicyManager;
|
||||
import android.compat.annotation.UnsupportedAppUsage;
|
||||
@@ -5499,4 +5501,18 @@ public class ConnectivityManager {
|
||||
public static Range<Integer> getIpSecNetIdRange() {
|
||||
return new Range(TUN_INTF_NETID_START, TUN_INTF_NETID_START + TUN_INTF_NETID_RANGE - 1);
|
||||
}
|
||||
+
|
||||
+ /**
|
||||
+ * Notify ConnectivityService of a runtime permission change for the given package and user ID.
|
||||
+ *
|
||||
+ * @hide
|
||||
+ */
|
||||
+ @SystemApi
|
||||
+ public void onPackagePermissionChanged(int uid) {
|
||||
+ try {
|
||||
+ mService.onPackagePermissionChanged(uid);
|
||||
+ } catch (RemoteException e) {
|
||||
+ throw e.rethrowFromSystemServer();
|
||||
+ }
|
||||
+ }
|
||||
}
|
||||
diff --git a/framework/src/android/net/IConnectivityManager.aidl b/framework/src/android/net/IConnectivityManager.aidl
|
||||
index 50ec78120..2d09c0422 100644
|
||||
--- a/framework/src/android/net/IConnectivityManager.aidl
|
||||
+++ b/framework/src/android/net/IConnectivityManager.aidl
|
||||
@@ -228,4 +228,6 @@ interface IConnectivityManager
|
||||
void unofferNetwork(in INetworkOfferCallback callback);
|
||||
|
||||
void setTestAllowBadWifiUntil(long timeMs);
|
||||
+
|
||||
+ void onPackagePermissionChanged(int uid);
|
||||
}
|
||||
diff --git a/service/src/com/android/server/ConnectivityService.java b/service/src/com/android/server/ConnectivityService.java
|
||||
index 418e9e33b..d4da9a42a 100644
|
||||
--- a/service/src/com/android/server/ConnectivityService.java
|
||||
+++ b/service/src/com/android/server/ConnectivityService.java
|
||||
@@ -93,6 +93,7 @@ import static java.util.Map.Entry;
|
||||
import android.Manifest;
|
||||
import android.annotation.NonNull;
|
||||
import android.annotation.Nullable;
|
||||
+import android.annotation.UserIdInt;
|
||||
import android.app.AppOpsManager;
|
||||
import android.app.BroadcastOptions;
|
||||
import android.app.PendingIntent;
|
||||
@@ -10346,4 +10347,9 @@ public class ConnectivityService extends IConnectivityManager.Stub
|
||||
return createNetworkRequest(NetworkRequest.Type.REQUEST, netcap);
|
||||
}
|
||||
}
|
||||
+
|
||||
+ @Override
|
||||
+ public void onPackagePermissionChanged(int uid) {
|
||||
+ mPermissionMonitor.onInternetPermissionChanged(uid);
|
||||
+ }
|
||||
}
|
||||
diff --git a/service/src/com/android/server/connectivity/PermissionMonitor.java b/service/src/com/android/server/connectivity/PermissionMonitor.java
|
||||
index a49c0a6e8..a43ee18b3 100755
|
||||
--- a/service/src/com/android/server/connectivity/PermissionMonitor.java
|
||||
+++ b/service/src/com/android/server/connectivity/PermissionMonitor.java
|
||||
@@ -32,6 +32,7 @@ import static android.os.Process.SYSTEM_UID;
|
||||
import static com.android.net.module.util.CollectionUtils.toIntArray;
|
||||
|
||||
import android.annotation.NonNull;
|
||||
+import android.annotation.UserIdInt;
|
||||
import android.content.BroadcastReceiver;
|
||||
import android.content.Context;
|
||||
import android.content.Intent;
|
||||
@@ -278,6 +279,10 @@ public class PermissionMonitor {
|
||||
sendPackagePermissionsToNetd(netdPermsUids);
|
||||
}
|
||||
|
||||
+ public void onInternetPermissionChanged(int uid) {
|
||||
+ sendPackagePermissionsForUid(UserHandle.getAppId(uid), getPermissionForUid(uid));
|
||||
+ }
|
||||
+
|
||||
@VisibleForTesting
|
||||
synchronized void updateUidsAllowedOnRestrictedNetworks(final Set<Integer> uids) {
|
||||
mUidsAllowedOnRestrictedNetworks.clear();
|
@ -0,0 +1,320 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Pratyush <codelab@pratyush.dev>
|
||||
Date: Wed, 13 Oct 2021 22:20:53 +0530
|
||||
Subject: [PATCH] use uid instead of app id
|
||||
|
||||
---
|
||||
.../connectivity/PermissionMonitor.java | 142 +++++++++---------
|
||||
1 file changed, 68 insertions(+), 74 deletions(-)
|
||||
|
||||
diff --git a/service/src/com/android/server/connectivity/PermissionMonitor.java b/service/src/com/android/server/connectivity/PermissionMonitor.java
|
||||
index a43ee18b3..8625f3c80 100755
|
||||
--- a/service/src/com/android/server/connectivity/PermissionMonitor.java
|
||||
+++ b/service/src/com/android/server/connectivity/PermissionMonitor.java
|
||||
@@ -225,42 +225,44 @@ public class PermissionMonitor {
|
||||
// mUidsAllowedOnRestrictedNetworks.
|
||||
updateUidsAllowedOnRestrictedNetworks(mDeps.getUidsAllowedOnRestrictedNetworks(mContext));
|
||||
|
||||
- List<PackageInfo> apps = mPackageManager.getInstalledPackages(GET_PERMISSIONS
|
||||
- | MATCH_ANY_USER);
|
||||
- if (apps == null) {
|
||||
- loge("No apps");
|
||||
- return;
|
||||
- }
|
||||
-
|
||||
SparseIntArray netdPermsUids = new SparseIntArray();
|
||||
|
||||
- for (PackageInfo app : apps) {
|
||||
- int uid = app.applicationInfo != null ? app.applicationInfo.uid : INVALID_UID;
|
||||
- if (uid < 0) {
|
||||
+ mUsers.addAll(mUserManager.getUserHandles(true /* excludeDying */));
|
||||
+
|
||||
+ for(UserHandle user : mUsers){
|
||||
+ PackageManager pmUser = mContext.createContextAsUser(user,0).getPackageManager();
|
||||
+ List<PackageInfo> apps = pmUser.getInstalledPackages(GET_PERMISSIONS);
|
||||
+ if (apps == null) {
|
||||
+ loge("No apps");
|
||||
continue;
|
||||
}
|
||||
- mAllApps.add(UserHandle.getAppId(uid));
|
||||
|
||||
- boolean isNetwork = hasNetworkPermission(app);
|
||||
- boolean hasRestrictedPermission = hasRestrictedNetworkPermission(app);
|
||||
+ for (PackageInfo app : apps) {
|
||||
+ int uid = app.applicationInfo != null ? app.applicationInfo.uid : INVALID_UID;
|
||||
+ if (uid < 0) {
|
||||
+ continue;
|
||||
+ }
|
||||
+ mAllApps.add(uid);
|
||||
|
||||
- if (isNetwork || hasRestrictedPermission) {
|
||||
- Boolean permission = mApps.get(UserHandle.getAppId(uid));
|
||||
- // If multiple packages share a UID (cf: android:sharedUserId) and ask for different
|
||||
- // permissions, don't downgrade (i.e., if it's already SYSTEM, leave it as is).
|
||||
- if (permission == null || permission == NETWORK) {
|
||||
- mApps.put(UserHandle.getAppId(uid), hasRestrictedPermission);
|
||||
+ boolean isNetwork = hasNetworkPermission(app);
|
||||
+ boolean hasRestrictedPermission = hasRestrictedNetworkPermission(app);
|
||||
+
|
||||
+ if (isNetwork || hasRestrictedPermission) {
|
||||
+ Boolean permission = mApps.get(uid);
|
||||
+ // If multiple packages share a UID (cf: android:sharedUserId) and ask for different
|
||||
+ // permissions, don't downgrade (i.e., if it's already SYSTEM, leave it as is).
|
||||
+ if (permission == null || permission == NETWORK) {
|
||||
+ mApps.put(uid, hasRestrictedPermission);
|
||||
+ }
|
||||
}
|
||||
- }
|
||||
|
||||
- //TODO: unify the management of the permissions into one codepath.
|
||||
- int otherNetdPerms = getNetdPermissionMask(app.requestedPermissions,
|
||||
- app.requestedPermissionsFlags);
|
||||
- netdPermsUids.put(uid, netdPermsUids.get(uid) | otherNetdPerms);
|
||||
+ //TODO: unify the management of the permissions into one codepath.
|
||||
+ int otherNetdPerms = getNetdPermissionMask(app.requestedPermissions,
|
||||
+ app.requestedPermissionsFlags);
|
||||
+ netdPermsUids.put(uid, netdPermsUids.get(uid) | otherNetdPerms);
|
||||
+ }
|
||||
}
|
||||
|
||||
- mUsers.addAll(mUserManager.getUserHandles(true /* excludeDying */));
|
||||
-
|
||||
final SparseArray<String> netdPermToSystemPerm = new SparseArray<>();
|
||||
netdPermToSystemPerm.put(INetd.PERMISSION_INTERNET, INTERNET);
|
||||
netdPermToSystemPerm.put(INetd.PERMISSION_UPDATE_DEVICE_STATS, UPDATE_DEVICE_STATS);
|
||||
@@ -280,7 +282,7 @@ public class PermissionMonitor {
|
||||
}
|
||||
|
||||
public void onInternetPermissionChanged(int uid) {
|
||||
- sendPackagePermissionsForUid(UserHandle.getAppId(uid), getPermissionForUid(uid));
|
||||
+ sendPackagePermissionsForUid(uid, getPermissionForUid(uid));
|
||||
}
|
||||
|
||||
@VisibleForTesting
|
||||
@@ -291,9 +293,7 @@ public class PermissionMonitor {
|
||||
// is only installed on some users because the uid cannot match some other app – this uid is
|
||||
// in effect not installed and can't be run.
|
||||
// TODO (b/192431153): Change appIds back to uids.
|
||||
- for (int uid : uids) {
|
||||
- mUidsAllowedOnRestrictedNetworks.add(UserHandle.getAppId(uid));
|
||||
- }
|
||||
+ mUidsAllowedOnRestrictedNetworks.addAll(uids);
|
||||
}
|
||||
|
||||
@VisibleForTesting
|
||||
@@ -315,7 +315,7 @@ public class PermissionMonitor {
|
||||
if (appInfo == null) return false;
|
||||
// Check whether package's uid is in allowed on restricted networks uid list. If so, this
|
||||
// uid can have netd system permission.
|
||||
- return mUidsAllowedOnRestrictedNetworks.contains(UserHandle.getAppId(appInfo.uid));
|
||||
+ return mUidsAllowedOnRestrictedNetworks.contains(appInfo.uid);
|
||||
}
|
||||
|
||||
@VisibleForTesting
|
||||
@@ -351,14 +351,14 @@ public class PermissionMonitor {
|
||||
// networks. mApps contains the result of checks for both hasNetworkPermission and
|
||||
// hasRestrictedNetworkPermission. If uid is in the mApps list that means uid has one of
|
||||
// permissions at least.
|
||||
- return mApps.containsKey(UserHandle.getAppId(uid));
|
||||
+ return mApps.containsKey(uid);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns whether the given uid has permission to use restricted networks.
|
||||
*/
|
||||
public synchronized boolean hasRestrictedNetworksPermission(int uid) {
|
||||
- return Boolean.TRUE.equals(mApps.get(UserHandle.getAppId(uid)));
|
||||
+ return Boolean.TRUE.equals(mApps.get(uid));
|
||||
}
|
||||
|
||||
private void update(Set<UserHandle> users, Map<Integer, Boolean> apps, boolean add) {
|
||||
@@ -424,21 +424,17 @@ public class PermissionMonitor {
|
||||
* permission.
|
||||
*/
|
||||
@VisibleForTesting
|
||||
- protected Boolean highestPermissionForUid(Boolean currentPermission, String name) {
|
||||
+ protected Boolean highestPermissionForUid(Boolean currentPermission, String name, int uid) {
|
||||
if (currentPermission == SYSTEM) {
|
||||
return currentPermission;
|
||||
}
|
||||
- try {
|
||||
- final PackageInfo app = mPackageManager.getPackageInfo(name,
|
||||
- GET_PERMISSIONS | MATCH_ANY_USER);
|
||||
+ final PackageInfo app = getPackageInfo(name, UserHandle.getUserHandleForUid(uid));
|
||||
+ if(app != null){
|
||||
final boolean isNetwork = hasNetworkPermission(app);
|
||||
final boolean hasRestrictedPermission = hasRestrictedNetworkPermission(app);
|
||||
if (isNetwork || hasRestrictedPermission) {
|
||||
currentPermission = hasRestrictedPermission;
|
||||
}
|
||||
- } catch (NameNotFoundException e) {
|
||||
- // App not found.
|
||||
- loge("NameNotFoundException " + name);
|
||||
}
|
||||
return currentPermission;
|
||||
}
|
||||
@@ -450,7 +446,7 @@ public class PermissionMonitor {
|
||||
final String[] packages = mPackageManager.getPackagesForUid(uid);
|
||||
if (packages != null && packages.length > 0) {
|
||||
for (String name : packages) {
|
||||
- final PackageInfo app = getPackageInfo(name);
|
||||
+ PackageInfo app = getPackageInfo(name, UserHandle.getUserHandleForUid(uid));
|
||||
if (app != null && app.requestedPermissions != null) {
|
||||
permission |= getNetdPermissionMask(app.requestedPermissions,
|
||||
app.requestedPermissionsFlags);
|
||||
@@ -474,17 +470,16 @@ public class PermissionMonitor {
|
||||
public synchronized void onPackageAdded(@NonNull final String packageName, final int uid) {
|
||||
// TODO: Netd is using appId for checking traffic permission. Correct the methods that are
|
||||
// using appId instead of uid actually
|
||||
- sendPackagePermissionsForUid(UserHandle.getAppId(uid), getPermissionForUid(uid));
|
||||
+ sendPackagePermissionsForUid(uid, getPermissionForUid(uid));
|
||||
|
||||
// If multiple packages share a UID (cf: android:sharedUserId) and ask for different
|
||||
// permissions, don't downgrade (i.e., if it's already SYSTEM, leave it as is).
|
||||
- final int appId = UserHandle.getAppId(uid);
|
||||
- final Boolean permission = highestPermissionForUid(mApps.get(appId), packageName);
|
||||
- if (permission != mApps.get(appId)) {
|
||||
- mApps.put(appId, permission);
|
||||
+ final Boolean permission = highestPermissionForUid(mApps.get(uid), packageName, uid);
|
||||
+ if (permission != mApps.get(uid)) {
|
||||
+ mApps.put(uid, permission);
|
||||
|
||||
Map<Integer, Boolean> apps = new HashMap<>();
|
||||
- apps.put(appId, permission);
|
||||
+ apps.put(uid, permission);
|
||||
update(mUsers, apps, true);
|
||||
}
|
||||
|
||||
@@ -499,7 +494,7 @@ public class PermissionMonitor {
|
||||
updateVpnUids(vpn.getKey(), changedUids, true);
|
||||
}
|
||||
}
|
||||
- mAllApps.add(appId);
|
||||
+ mAllApps.add(uid);
|
||||
}
|
||||
|
||||
private Boolean highestUidNetworkPermission(int uid) {
|
||||
@@ -509,7 +504,7 @@ public class PermissionMonitor {
|
||||
for (String name : packages) {
|
||||
// If multiple packages have the same UID, give the UID all permissions that
|
||||
// any package in that UID has.
|
||||
- permission = highestPermissionForUid(permission, name);
|
||||
+ permission = highestPermissionForUid(permission, name, uid);
|
||||
if (permission == SYSTEM) {
|
||||
break;
|
||||
}
|
||||
@@ -529,7 +524,7 @@ public class PermissionMonitor {
|
||||
public synchronized void onPackageRemoved(@NonNull final String packageName, final int uid) {
|
||||
// TODO: Netd is using appId for checking traffic permission. Correct the methods that are
|
||||
// using appId instead of uid actually
|
||||
- sendPackagePermissionsForUid(UserHandle.getAppId(uid), getPermissionForUid(uid));
|
||||
+ sendPackagePermissionsForUid(uid, getPermissionForUid(uid));
|
||||
|
||||
// If the newly-removed package falls within some VPN's uid range, update Netd with it.
|
||||
// This needs to happen before the mApps update below, since removeBypassingUids() depends
|
||||
@@ -544,11 +539,11 @@ public class PermissionMonitor {
|
||||
}
|
||||
// If the package has been removed from all users on the device, clear it form mAllApps.
|
||||
if (mPackageManager.getNameForUid(uid) == null) {
|
||||
- mAllApps.remove(UserHandle.getAppId(uid));
|
||||
+ mAllApps.remove(uid);
|
||||
}
|
||||
|
||||
Map<Integer, Boolean> apps = new HashMap<>();
|
||||
- final Boolean permission = highestUidNetworkPermission(uid);
|
||||
+ final Boolean permission = highestPermissionForUid(null, packageName,uid);
|
||||
if (permission == SYSTEM) {
|
||||
// An app with this UID still has the SYSTEM permission.
|
||||
// Therefore, this UID must already have the SYSTEM permission.
|
||||
@@ -556,23 +551,22 @@ public class PermissionMonitor {
|
||||
return;
|
||||
}
|
||||
|
||||
- final int appId = UserHandle.getAppId(uid);
|
||||
- if (permission == mApps.get(appId)) {
|
||||
+ if (permission == mApps.get(uid)) {
|
||||
// The permissions of this UID have not changed. Nothing to do.
|
||||
return;
|
||||
} else if (permission != null) {
|
||||
- mApps.put(appId, permission);
|
||||
- apps.put(appId, permission);
|
||||
+ mApps.put(uid, permission);
|
||||
+ apps.put(uid, permission);
|
||||
update(mUsers, apps, true);
|
||||
} else {
|
||||
- mApps.remove(appId);
|
||||
- apps.put(appId, NETWORK); // doesn't matter which permission we pick here
|
||||
+ mApps.remove(uid);
|
||||
+ apps.put(uid, NETWORK); // doesn't matter which permission we pick here
|
||||
update(mUsers, apps, false);
|
||||
}
|
||||
}
|
||||
|
||||
private static int getNetdPermissionMask(String[] requestedPermissions,
|
||||
- int[] requestedPermissionsFlags) {
|
||||
+ int[] requestedPermissionsFlags) {
|
||||
int permissions = 0;
|
||||
if (requestedPermissions == null || requestedPermissionsFlags == null) return permissions;
|
||||
for (int i = 0; i < requestedPermissions.length; i++) {
|
||||
@@ -588,11 +582,10 @@ public class PermissionMonitor {
|
||||
return permissions;
|
||||
}
|
||||
|
||||
- private PackageInfo getPackageInfo(String packageName) {
|
||||
+ private PackageInfo getPackageInfo(String packageName, UserHandle user) {
|
||||
try {
|
||||
- PackageInfo app = mPackageManager.getPackageInfo(packageName, GET_PERMISSIONS
|
||||
- | MATCH_ANY_USER);
|
||||
- return app;
|
||||
+ return mContext.createContextAsUser(user, 0).getPackageManager()
|
||||
+ .getPackageInfo(packageName, GET_PERMISSIONS);
|
||||
} catch (NameNotFoundException e) {
|
||||
return null;
|
||||
}
|
||||
@@ -681,7 +674,7 @@ public class PermissionMonitor {
|
||||
*/
|
||||
private void removeBypassingUids(Set<Integer> uids, int vpnAppUid) {
|
||||
uids.remove(vpnAppUid);
|
||||
- uids.removeIf(uid -> mApps.getOrDefault(UserHandle.getAppId(uid), NETWORK) == SYSTEM);
|
||||
+ uids.removeIf(uid -> mApps.getOrDefault(uid, NETWORK) == SYSTEM);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -823,13 +816,12 @@ public class PermissionMonitor {
|
||||
for (Integer uid : uidsToUpdate) {
|
||||
final Boolean permission = highestUidNetworkPermission(uid);
|
||||
|
||||
- final int appId = UserHandle.getAppId(uid);
|
||||
if (null == permission) {
|
||||
- removedUids.put(appId, NETWORK); // Doesn't matter which permission is set here.
|
||||
- mApps.remove(appId);
|
||||
+ removedUids.put(uid, NETWORK); // Doesn't matter which permission is set here.
|
||||
+ mApps.remove(uid);
|
||||
} else {
|
||||
- updatedUids.put(appId, permission);
|
||||
- mApps.put(appId, permission);
|
||||
+ updatedUids.put(uid, permission);
|
||||
+ mApps.put(uid, permission);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -844,12 +836,14 @@ public class PermissionMonitor {
|
||||
return;
|
||||
}
|
||||
|
||||
- for (String app : pkgList) {
|
||||
- final PackageInfo info = getPackageInfo(app);
|
||||
- if (info == null || info.applicationInfo == null) continue;
|
||||
+ for (UserHandle user : mUsers){
|
||||
+ for (String app : pkgList) {
|
||||
+ final PackageInfo info = getPackageInfo(app, user);
|
||||
+ if (info == null || info.applicationInfo == null) continue;
|
||||
|
||||
- final int appId = info.applicationInfo.uid;
|
||||
- onPackageAdded(app, appId); // Use onPackageAdded to add package one by one.
|
||||
+ final int appId = info.applicationInfo.uid;
|
||||
+ onPackageAdded(app, appId); // Use onPackageAdded to add package one by one.
|
||||
+ }
|
||||
}
|
||||
}
|
||||
|
@ -0,0 +1,42 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
|
||||
Date: Tue, 14 Dec 2021 18:17:11 +0200
|
||||
Subject: [PATCH] skip reportNetworkConnectivity() when permission is revoked
|
||||
|
||||
---
|
||||
framework/src/android/net/ConnectivityManager.java | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/framework/src/android/net/ConnectivityManager.java b/framework/src/android/net/ConnectivityManager.java
|
||||
index fd37a9746..8857b7996 100644
|
||||
--- a/framework/src/android/net/ConnectivityManager.java
|
||||
+++ b/framework/src/android/net/ConnectivityManager.java
|
||||
@@ -25,6 +25,7 @@ import static android.net.NetworkRequest.Type.TRACK_DEFAULT;
|
||||
import static android.net.NetworkRequest.Type.TRACK_SYSTEM_DEFAULT;
|
||||
import static android.net.QosCallback.QosCallbackRegistrationException;
|
||||
|
||||
+import android.Manifest;
|
||||
import android.annotation.CallbackExecutor;
|
||||
import android.annotation.IntDef;
|
||||
import android.annotation.NonNull;
|
||||
@@ -42,6 +43,7 @@ import android.compat.annotation.UnsupportedAppUsage;
|
||||
import android.content.ComponentName;
|
||||
import android.content.Context;
|
||||
import android.content.Intent;
|
||||
+import android.content.pm.PackageManager;
|
||||
import android.net.ConnectivityDiagnosticsManager.DataStallReport.DetectionMethod;
|
||||
import android.net.IpSecManager.UdpEncapsulationSocket;
|
||||
import android.net.SocketKeepalive.Callback;
|
||||
@@ -3139,6 +3141,12 @@ public class ConnectivityManager {
|
||||
*/
|
||||
public void reportNetworkConnectivity(@Nullable Network network, boolean hasConnectivity) {
|
||||
printStackTrace();
|
||||
+ if (mContext.checkSelfPermission(Manifest.permission.INTERNET) != PackageManager.PERMISSION_GRANTED) {
|
||||
+ // ConnectivityService enforces this by throwing an unexpected SecurityException,
|
||||
+ // which puts GMS into a crash loop. Also useful for other apps that don't expect that
|
||||
+ // INTERNET permission might get revoked.
|
||||
+ return;
|
||||
+ }
|
||||
try {
|
||||
mService.reportNetworkConnectivity(network, hasConnectivity);
|
||||
} catch (RemoteException e) {
|
@ -0,0 +1,228 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Tad <tad@spotco.us>
|
||||
Date: Thu, 21 Oct 2021 20:54:37 -0400
|
||||
Subject: [PATCH] Add more 'Private DNS' options
|
||||
|
||||
This adds thirteen DNS providers as available presets.
|
||||
|
||||
Credit: CalyxOS
|
||||
- Chirayu Desai <chirayudesai1@gmail.com>
|
||||
https://review.calyxos.org/c/CalyxOS/platform_frameworks_base/+/446
|
||||
- Oliver Scott <olivercscott@gmail.com>
|
||||
https://review.calyxos.org/c/CalyxOS/platform_frameworks_base/+/2327
|
||||
- Pavel Shirshov <pshirshov@eml.cc>
|
||||
https://review.calyxos.org/c/CalyxOS/platform_frameworks_base/+/5356
|
||||
|
||||
Signed-off-by: Tad <tad@spotco.us>
|
||||
Change-Id: Id75a774ce1ed109a83c6a5bf512536c643165d71
|
||||
---
|
||||
.../java/android/net/ConnectivityManager.java | 104 ++++++++++++++++++
|
||||
.../server/connectivity/DnsManager.java | 66 +++++++++++
|
||||
2 files changed, 170 insertions(+)
|
||||
|
||||
diff --git a/core/java/android/net/ConnectivityManager.java b/core/java/android/net/ConnectivityManager.java
|
||||
index ed03f5198d6f..7df32c10b16b 100644
|
||||
--- a/core/java/android/net/ConnectivityManager.java
|
||||
+++ b/core/java/android/net/ConnectivityManager.java
|
||||
@@ -796,6 +796,58 @@ public class ConnectivityManager {
|
||||
* @hide
|
||||
*/
|
||||
public static final String PRIVATE_DNS_MODE_OFF = "off";
|
||||
+ /**
|
||||
+ * @hide
|
||||
+ */
|
||||
+ public static final String PRIVATE_DNS_MODE_ADGUARD = "adguard";
|
||||
+ /**
|
||||
+ * @hide
|
||||
+ */
|
||||
+ public static final String PRIVATE_DNS_MODE_APPLIEDPRIVACY = "appliedprivacy";
|
||||
+ /**
|
||||
+ * @hide
|
||||
+ */
|
||||
+ public static final String PRIVATE_DNS_MODE_CLEANBROWSING = "cleanbrowsing";
|
||||
+ /**
|
||||
+ * @hide
|
||||
+ */
|
||||
+ public static final String PRIVATE_DNS_MODE_CIRA = "cira";
|
||||
+ /**
|
||||
+ * @hide
|
||||
+ */
|
||||
+ public static final String PRIVATE_DNS_MODE_CZNIC = "cznic";
|
||||
+ /**
|
||||
+ * @hide
|
||||
+ */
|
||||
+ public static final String PRIVATE_DNS_MODE_CLOUDFLARE = "cloudflare";
|
||||
+ /**
|
||||
+ * @hide
|
||||
+ */
|
||||
+ public static final String PRIVATE_DNS_MODE_GOOGLE = "google";
|
||||
+ /**
|
||||
+ * @hide
|
||||
+ */
|
||||
+ public static final String PRIVATE_DNS_MODE_MULLVAD = "mullvad";
|
||||
+ /**
|
||||
+ * @hide
|
||||
+ */
|
||||
+ public static final String PRIVATE_DNS_MODE_QUADNINE = "quadnine";
|
||||
+ /**
|
||||
+ * @hide
|
||||
+ */
|
||||
+ public static final String PRIVATE_DNS_MODE_RESTENA = "restena";
|
||||
+ /**
|
||||
+ * @hide
|
||||
+ */
|
||||
+ public static final String PRIVATE_DNS_MODE_SWITCH = "switch";
|
||||
+ /**
|
||||
+ * @hide
|
||||
+ */
|
||||
+ public static final String PRIVATE_DNS_MODE_TWNIC = "twnic";
|
||||
+ /**
|
||||
+ * @hide
|
||||
+ */
|
||||
+ public static final String PRIVATE_DNS_MODE_UNCENSOREDDNS = "uncensoreddns";
|
||||
/**
|
||||
* @hide
|
||||
*/
|
||||
@@ -804,6 +856,58 @@ public class ConnectivityManager {
|
||||
* @hide
|
||||
*/
|
||||
public static final String PRIVATE_DNS_MODE_PROVIDER_HOSTNAME = "hostname";
|
||||
+ /**
|
||||
+ * @hide
|
||||
+ */
|
||||
+ public static final String PRIVATE_DNS_SPECIFIER_APPLIEDPRIVACY = "dot1.applied-privacy.net";
|
||||
+ /**
|
||||
+ * @hide
|
||||
+ */
|
||||
+ public static final String PRIVATE_DNS_SPECIFIER_ADGUARD = "dns.adguard.com";
|
||||
+ /**
|
||||
+ * @hide
|
||||
+ */
|
||||
+ public static final String PRIVATE_DNS_SPECIFIER_CIRA = "protected.canadianshield.cira.ca";
|
||||
+ /**
|
||||
+ * @hide
|
||||
+ */
|
||||
+ public static final String PRIVATE_DNS_SPECIFIER_CZNIC = "odvr.nic.cz";
|
||||
+ /**
|
||||
+ * @hide
|
||||
+ */
|
||||
+ public static final String PRIVATE_DNS_SPECIFIER_CLEANBROWSING = "security-filter-dns.cleanbrowsing.org";
|
||||
+ /**
|
||||
+ * @hide
|
||||
+ */
|
||||
+ public static final String PRIVATE_DNS_SPECIFIER_CLOUDFLARE = "security.cloudflare-dns.com";
|
||||
+ /**
|
||||
+ * @hide
|
||||
+ */
|
||||
+ public static final String PRIVATE_DNS_SPECIFIER_GOOGLE = "dns.google";
|
||||
+ /**
|
||||
+ * @hide
|
||||
+ */
|
||||
+ public static final String PRIVATE_DNS_SPECIFIER_MULLVAD = "adblock.doh.mullvad.net";
|
||||
+ /**
|
||||
+ * @hide
|
||||
+ */
|
||||
+ public static final String PRIVATE_DNS_SPECIFIER_QUADNINE = "dns.quad9.net";
|
||||
+ /**
|
||||
+ * @hide
|
||||
+ */
|
||||
+ public static final String PRIVATE_DNS_SPECIFIER_RESTENA = "kaitain.restena.lu";
|
||||
+ /**
|
||||
+ * @hide
|
||||
+ */
|
||||
+ public static final String PRIVATE_DNS_SPECIFIER_SWITCH = "dns.switch.ch";
|
||||
+ /**
|
||||
+ * @hide
|
||||
+ */
|
||||
+ public static final String PRIVATE_DNS_SPECIFIER_TWNIC = "101.101.101.101";
|
||||
+ /**
|
||||
+ * @hide
|
||||
+ */
|
||||
+ public static final String PRIVATE_DNS_SPECIFIER_UNCENSOREDDNS = "unicast.censurfridns.dk";
|
||||
/**
|
||||
* The default Private DNS mode.
|
||||
*
|
||||
diff --git a/services/core/java/com/android/server/connectivity/DnsManager.java b/services/core/java/com/android/server/connectivity/DnsManager.java
|
||||
index cf6a7f6e8d70..5d3de9edc930 100644
|
||||
--- a/services/core/java/com/android/server/connectivity/DnsManager.java
|
||||
+++ b/services/core/java/com/android/server/connectivity/DnsManager.java
|
||||
@@ -18,6 +18,32 @@ package com.android.server.connectivity;
|
||||
|
||||
import static android.net.ConnectivityManager.PRIVATE_DNS_DEFAULT_MODE_FALLBACK;
|
||||
import static android.net.ConnectivityManager.PRIVATE_DNS_MODE_OFF;
|
||||
+import static android.net.ConnectivityManager.PRIVATE_DNS_MODE_ADGUARD;
|
||||
+import static android.net.ConnectivityManager.PRIVATE_DNS_MODE_APPLIEDPRIVACY;
|
||||
+import static android.net.ConnectivityManager.PRIVATE_DNS_MODE_CIRA;
|
||||
+import static android.net.ConnectivityManager.PRIVATE_DNS_MODE_CLEANBROWSING;
|
||||
+import static android.net.ConnectivityManager.PRIVATE_DNS_MODE_CLOUDFLARE;
|
||||
+import static android.net.ConnectivityManager.PRIVATE_DNS_MODE_CZNIC;
|
||||
+import static android.net.ConnectivityManager.PRIVATE_DNS_MODE_GOOGLE;
|
||||
+import static android.net.ConnectivityManager.PRIVATE_DNS_MODE_MULLVAD;
|
||||
+import static android.net.ConnectivityManager.PRIVATE_DNS_MODE_QUADNINE;
|
||||
+import static android.net.ConnectivityManager.PRIVATE_DNS_MODE_RESTENA;
|
||||
+import static android.net.ConnectivityManager.PRIVATE_DNS_MODE_SWITCH;
|
||||
+import static android.net.ConnectivityManager.PRIVATE_DNS_MODE_TWNIC;
|
||||
+import static android.net.ConnectivityManager.PRIVATE_DNS_MODE_UNCENSOREDDNS;
|
||||
+import static android.net.ConnectivityManager.PRIVATE_DNS_SPECIFIER_ADGUARD;
|
||||
+import static android.net.ConnectivityManager.PRIVATE_DNS_SPECIFIER_APPLIEDPRIVACY;
|
||||
+import static android.net.ConnectivityManager.PRIVATE_DNS_SPECIFIER_CIRA;
|
||||
+import static android.net.ConnectivityManager.PRIVATE_DNS_SPECIFIER_CLEANBROWSING;
|
||||
+import static android.net.ConnectivityManager.PRIVATE_DNS_SPECIFIER_CLOUDFLARE;
|
||||
+import static android.net.ConnectivityManager.PRIVATE_DNS_SPECIFIER_CZNIC;
|
||||
+import static android.net.ConnectivityManager.PRIVATE_DNS_SPECIFIER_GOOGLE;
|
||||
+import static android.net.ConnectivityManager.PRIVATE_DNS_SPECIFIER_MULLVAD;
|
||||
+import static android.net.ConnectivityManager.PRIVATE_DNS_SPECIFIER_QUADNINE;
|
||||
+import static android.net.ConnectivityManager.PRIVATE_DNS_SPECIFIER_RESTENA;
|
||||
+import static android.net.ConnectivityManager.PRIVATE_DNS_SPECIFIER_SWITCH;
|
||||
+import static android.net.ConnectivityManager.PRIVATE_DNS_SPECIFIER_TWNIC;
|
||||
+import static android.net.ConnectivityManager.PRIVATE_DNS_SPECIFIER_UNCENSOREDDNS;
|
||||
import static android.net.ConnectivityManager.PRIVATE_DNS_MODE_PROVIDER_HOSTNAME;
|
||||
import static android.provider.Settings.Global.DNS_RESOLVER_MAX_SAMPLES;
|
||||
import static android.provider.Settings.Global.DNS_RESOLVER_MIN_SAMPLES;
|
||||
@@ -136,6 +162,46 @@ public class DnsManager {
|
||||
return new PrivateDnsConfig(specifier, null);
|
||||
}
|
||||
|
||||
+ if (PRIVATE_DNS_MODE_ADGUARD.equals(mode)) {
|
||||
+ return new PrivateDnsConfig(PRIVATE_DNS_SPECIFIER_ADGUARD, null);
|
||||
+ }
|
||||
+ if (PRIVATE_DNS_MODE_APPLIEDPRIVACY.equals(mode)) {
|
||||
+ return new PrivateDnsConfig(PRIVATE_DNS_SPECIFIER_APPLIEDPRIVACY, null);
|
||||
+ }
|
||||
+ if (PRIVATE_DNS_MODE_CIRA.equals(mode)) {
|
||||
+ return new PrivateDnsConfig(PRIVATE_DNS_SPECIFIER_CIRA, null);
|
||||
+ }
|
||||
+ if (PRIVATE_DNS_MODE_CLEANBROWSING.equals(mode)) {
|
||||
+ return new PrivateDnsConfig(PRIVATE_DNS_SPECIFIER_CLEANBROWSING, null);
|
||||
+ }
|
||||
+ if (PRIVATE_DNS_MODE_CLOUDFLARE.equals(mode)) {
|
||||
+ return new PrivateDnsConfig(PRIVATE_DNS_SPECIFIER_CLOUDFLARE, null);
|
||||
+ }
|
||||
+ if (PRIVATE_DNS_MODE_CZNIC.equals(mode)) {
|
||||
+ return new PrivateDnsConfig(PRIVATE_DNS_SPECIFIER_CZNIC, null);
|
||||
+ }
|
||||
+ if (PRIVATE_DNS_MODE_GOOGLE.equals(mode)) {
|
||||
+ return new PrivateDnsConfig(PRIVATE_DNS_SPECIFIER_GOOGLE, null);
|
||||
+ }
|
||||
+ if (PRIVATE_DNS_MODE_MULLVAD.equals(mode)) {
|
||||
+ return new PrivateDnsConfig(PRIVATE_DNS_SPECIFIER_MULLVAD, null);
|
||||
+ }
|
||||
+ if (PRIVATE_DNS_MODE_QUADNINE.equals(mode)) {
|
||||
+ return new PrivateDnsConfig(PRIVATE_DNS_SPECIFIER_QUADNINE, null);
|
||||
+ }
|
||||
+ if (PRIVATE_DNS_MODE_RESTENA.equals(mode)) {
|
||||
+ return new PrivateDnsConfig(PRIVATE_DNS_SPECIFIER_RESTENA, null);
|
||||
+ }
|
||||
+ if (PRIVATE_DNS_MODE_SWITCH.equals(mode)) {
|
||||
+ return new PrivateDnsConfig(PRIVATE_DNS_SPECIFIER_SWITCH, null);
|
||||
+ }
|
||||
+ if (PRIVATE_DNS_MODE_TWNIC.equals(mode)) {
|
||||
+ return new PrivateDnsConfig(PRIVATE_DNS_SPECIFIER_TWNIC, null);
|
||||
+ }
|
||||
+ if (PRIVATE_DNS_MODE_UNCENSOREDDNS.equals(mode)) {
|
||||
+ return new PrivateDnsConfig(PRIVATE_DNS_SPECIFIER_UNCENSOREDDNS, null);
|
||||
+ }
|
||||
+
|
||||
return new PrivateDnsConfig(useTls);
|
||||
}
|
||||
|
@ -1 +1 @@
|
||||
Subproject commit d61df5a1f0c5b9a602e45cc9c62ba42e433853da
|
||||
Subproject commit defba989e7004809c1d67c2ba47952b66f9dd3cb
|
@ -801,6 +801,7 @@ deblobVendorBp() {
|
||||
#TODO make this work for more then these two blobs
|
||||
#Credit: https://stackoverflow.com/a/26053127
|
||||
sed -i ':a;N;s/\n/&/3;Ta;/manifest_android.hardware.drm@1.3-service.widevine.xml/!{P;D};:b;N;s/\n/&/8;Tb;d' "$bpfile";
|
||||
sed -i ':a;N;s/\n/&/3;Ta;/manifest_android.hardware.drm@1.4-service.widevine.xml/!{P;D};:b;N;s/\n/&/8;Tb;d' "$bpfile";
|
||||
sed -i ':a;N;s/\n/&/3;Ta;/vendor.qti.hardware.radio.atcmdfwd@1.0.xml/!{P;D};:b;N;s/\n/&/8;Tb;d' "$bpfile";
|
||||
}
|
||||
export -f deblobVendorBp;
|
||||
|
@ -199,7 +199,7 @@ processRelease() {
|
||||
local OUT_DIR="$DOS_BUILD_BASE/out/target/product/$DEVICE/";
|
||||
|
||||
local RELEASETOOLS_PREFIX="build/tools/releasetools/";
|
||||
if [[ "$DOS_VERSION" == "LineageOS-18.1" ]]; then
|
||||
if [[ "$DOS_VERSION" == "LineageOS-18.1" ]] || [[ "$DOS_VERSION" == "LineageOS-19.1" ]]; then
|
||||
local RELEASETOOLS_PREFIX="";
|
||||
fi;
|
||||
|
||||
@ -724,7 +724,7 @@ changeDefaultDNS() {
|
||||
echo "You must first set a preset via the DOS_DEFAULT_DNS_PRESET variable in init.sh!";
|
||||
fi;
|
||||
|
||||
local files="$DOS_BUILD_BASE/bionic/libc/dns/net/getaddrinfo.c $DOS_BUILD_BASE/packages/apps/Dialer/java/com/android/voicemail/impl/sync/VvmNetworkRequestCallback.java $DOS_BUILD_BASE/packages/modules/Connectivity/framework/src/android/net/util/DnsUtils.java $DOS_BUILD_BASE/packages/modules/DnsResolver/getaddrinfo.cpp core/java/android/net/util/DnsUtils.java core/res/res/values/config.xml packages/SettingsLib/res/values/strings.xml packages/Tethering/src/com/android/networkstack/tethering/TetheringConfiguration.java services/core/java/com/android/server/connectivity/NetworkDiagnostics.java services/core/java/com/android/server/connectivity/Tethering.java services/core/java/com/android/server/connectivity/tethering/TetheringConfiguration.java services/java/com/android/server/connectivity/Tethering.java tests/BandwidthTests/src/com/android/tests/bandwidthenforcement/BandwidthEnforcementTestService.java core/java/com/android/internal/net/VpnProfile.java";
|
||||
local files="$DOS_BUILD_BASE/bionic/libc/dns/net/getaddrinfo.c $DOS_BUILD_BASE/packages/apps/Dialer/java/com/android/voicemail/impl/sync/VvmNetworkRequestCallback.java $DOS_BUILD_BASE/packages/modules/Connectivity/framework/src/android/net/util/DnsUtils.java $DOS_BUILD_BASE/packages/modules/Connectivity/service/src/com/android/server/connectivity/NetworkDiagnostics.java $DOS_BUILD_BASE/packages/modules/Connectivity/Tethering/src/com/android/networkstack/tethering/TetheringConfiguration.java $DOS_BUILD_BASE/packages/modules/DnsResolver/DnsResolver/doh.rs $DOS_BUILD_BASE/packages/modules/DnsResolver/DnsResolver/getaddrinfo.cpp $DOS_BUILD_BASE/packages/modules/DnsResolver/getaddrinfo.cpp core/java/android/net/util/DnsUtils.java core/java/com/android/internal/net/VpnProfile.java core/res/res/values/config.xml packages/SettingsLib/res/values/strings.xml packages/Tethering/src/com/android/networkstack/tethering/TetheringConfiguration.java services/core/java/com/android/server/connectivity/NetworkDiagnostics.java services/core/java/com/android/server/connectivity/Tethering.java services/core/java/com/android/server/connectivity/tethering/TetheringConfiguration.java services/java/com/android/server/connectivity/Tethering.java tests/BandwidthTests/src/com/android/tests/bandwidthenforcement/BandwidthEnforcementTestService.java";
|
||||
sed -i "s/8\.8\.8\.8/$dnsPrimary/" $files &>/dev/null || true;
|
||||
sed -i "s/2001:4860:4860::8888/$dnsPrimaryV6/" $files &>/dev/null || true;
|
||||
sed -i "s/8\.8\.4\.4/$dnsSecondary/" $files &>/dev/null || true;
|
||||
|
@ -34,5 +34,8 @@ sed -i 's/static bool slab_nomerge __ro_after_init = !IS_ENABLED(CONFIG_SLAB_MER
|
||||
#Commented as set by defconfig
|
||||
#sed -i 's/= IS_ENABLED(CONFIG_PAGE_POISONING_ENABLE_DEFAULT);/= true;/' kernel/*/*/mm/page_poison.c &>/dev/null || true; #4.4+ #XXX: shouldn't be enabled past 5.3
|
||||
|
||||
#Build speedup
|
||||
sed -i 's/flags.Tidy = true/flags.Tidy = false/' build/soong/cc/tidy.go &>/dev/null || true; #Disable clang-tidy (GrapheneOS/kdrag0n)
|
||||
|
||||
cd "$DOS_BUILD_BASE";
|
||||
echo -e "\e[0;32m[SCRIPT COMPLETE] Post tweaks complete\e[0m";
|
||||
|
@ -91,8 +91,9 @@ patchWorkspace() {
|
||||
touch DOS_PATCHED_FLAG;
|
||||
if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi;
|
||||
|
||||
#source build/envsetup.sh;
|
||||
source build/envsetup.sh;
|
||||
#repopick -it ten-firewall;
|
||||
repopick -it Q_asb_2022-04;
|
||||
|
||||
sh "$DOS_SCRIPTS/Patch.sh";
|
||||
sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";
|
||||
|
@ -142,13 +142,14 @@ patchWorkspace() {
|
||||
touch DOS_PATCHED_FLAG;
|
||||
if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi;
|
||||
|
||||
#source build/envsetup.sh;
|
||||
source build/envsetup.sh;
|
||||
#repopick -it eleven-firewall;
|
||||
#repopick -i 314130; #adbconnection: don't spin if adbd isn't running
|
||||
#repopick -i 314453; #TaskViewTouchController: Null check current animation on drag
|
||||
#repopick -i 320663; #Trebuchet: Don't hide home screen rotation setting
|
||||
#repopick -i 321297; #fs_mgr: Don't enable clean_scratch_files on non-dynamic devices
|
||||
#repopick -i 325011; #lineage: Opt-in to shipping full recovery image by default
|
||||
repopick -it R_asb_2022-04;
|
||||
|
||||
sh "$DOS_SCRIPTS/Patch.sh";
|
||||
sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";
|
||||
|
@ -584,8 +584,8 @@ sed -i "s/CONFIG_STRICT_MEMORY_RWX=y/# CONFIG_STRICT_MEMORY_RWX is not set/" ker
|
||||
|
||||
sed -i 's/^YYLTYPE yylloc;/extern YYLTYPE yylloc;/' kernel/*/*/scripts/dtc/dtc-lexer.l*; #Fix builds with GCC 10
|
||||
rm -v kernel/*/*/drivers/staging/greybus/tools/Android.mk || true;
|
||||
awk -i inplace '!/config_wifi_batched_scan_supported/' device/*/*/overlay/frameworks/opt/net/wifi/service/res/values/config.xml; #deprecated
|
||||
awk -i inplace '!/config_wifi_batched_scan_supported/' device/*/*/overlay/frameworks/base/core/res/res/values/config.xml; #deprecated
|
||||
awk -i inplace '!/config_wifi_batched_scan_supported/' device/*/*/overlay/frameworks/opt/net/wifi/service/res/values/config.xml || true; #deprecated
|
||||
awk -i inplace '!/config_wifi_batched_scan_supported/' device/*/*/overlay/frameworks/base/core/res/res/values/config.xml || true; #deprecated
|
||||
#
|
||||
#END OF DEVICE CHANGES
|
||||
#
|
||||
|
@ -0,0 +1,90 @@
|
||||
#!/bin/bash
|
||||
cd "$DOS_BUILD_BASE""kernel/google/wahoo"
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0004.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0005.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0006.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0007.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0008.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0009.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0010.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0011.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0012.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0013.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0014.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0015.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0016.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0017.patch
|
||||
#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0019.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0020.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0021.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0022.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0023.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7837/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-1583/^4.6/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6187/^4.7/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8394/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-10153/4.9/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0009.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0610/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0627/ANY/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9059/4.9/0004.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9211/4.9/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9699/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11065/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13693/^4.12.9/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13694/^4.12.9/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14886/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17052/4.9/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18061/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18174/^4.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18204/4.4/0004.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000252/^4.13/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-3575/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5902/4.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5906/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9415/ANY/0005.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-16597/4.4/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/^5.0/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12378/^5.1.5/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12456/^5.1.5/0002.patch
|
||||
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14047/ANY/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15291/4.4/0006.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-16994/4.9/0004.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19051/4.4/0012.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19068/4.4/0004.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14386/3.10-^4.4/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-16119/^5.10/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-0935/4.9/0006.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-1963/ANY/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-4149/4.9/0006.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-20292/4.9/0004.patch
|
||||
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-30324/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-41864/4.9/0006.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-42739/4.9/0004.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-44879/^5.16/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-0435/4.4/0008.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-0487/4.4/0008.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-0492/4.9/0007.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-1016/4.9/0004.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-1199/4.9/0006.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-1199/4.9/0007.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-23037/4.9/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-23039/4.9/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-23040/4.9/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-23042/4.9/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-24958/4.4/0015.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-24958/4.4/0016.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-25258/4.4/0008.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-25375/4.4/0008.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-26966/4.4/0008.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-27223/4.4/0008.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-27950/^5.16/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-28356/4.9/0004.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-GPZ2253/4.9/0007.patch
|
||||
editKernelLocalversion "-dos.p86"
|
||||
cd "$DOS_BUILD_BASE"
|
@ -19,7 +19,7 @@ umask 0022;
|
||||
#Last verified: 2022-04-04
|
||||
|
||||
patchAllKernels() {
|
||||
startPatcher ""; #XXX 19REBASE
|
||||
startPatcher "kernel_google_wahoo";
|
||||
}
|
||||
export -f patchAllKernels;
|
||||
|
||||
@ -55,7 +55,9 @@ buildAll() {
|
||||
cd "$DOS_BUILD_BASE";
|
||||
if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanWorkspaceForMalware; fi;
|
||||
if [ "$DOS_OPTIMIZE_IMAGES" = true ]; then optimizeImagesRecursive "$DOS_BUILD_BASE"; fi;
|
||||
#XXX 19REBASE
|
||||
#SD835
|
||||
buildDevice taimen avb;
|
||||
#buildDevice walleye avb;
|
||||
}
|
||||
export -f buildAll;
|
||||
|
||||
@ -65,7 +67,9 @@ patchWorkspace() {
|
||||
touch DOS_PATCHED_FLAG;
|
||||
if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi;
|
||||
|
||||
#source build/envsetup.sh;
|
||||
source build/envsetup.sh;
|
||||
repopick -i 328251; #Scape apostrophes
|
||||
#repopick -it S_asb_2022-04;
|
||||
|
||||
sh "$DOS_SCRIPTS/Patch.sh";
|
||||
sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";
|
||||
|
@ -91,7 +91,6 @@ applyPatch "$DOS_PATCHES/android_build/0001-Enable_fwrapv.patch"; #Use -fwrapv a
|
||||
applyPatch "$DOS_PATCHES/android_build/0002-OTA_Keys.patch"; #Add correct keys to recovery for OTA verification
|
||||
if [ "$DOS_GRAPHENE_EXEC" = true ]; then applyPatch "$DOS_PATCHES/android_build/0003-Exec_Based_Spawning.patch"; fi; #Add exec-based spawning support (GrapheneOS) #XXX: most devices override this
|
||||
sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
|
||||
if [ "$DOS_SILENCE_INCLUDED" = true ]; then sed -i 's/messaging/Silence/' target/product/aosp_base_telephony.mk target/product/aosp_product.mk; fi; #Replace the Messaging app with Silence
|
||||
awk -i inplace '!/updatable_apex.mk/' target/product/generic_system.mk; #Disable APEX
|
||||
sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
|
||||
fi;
|
||||
@ -111,9 +110,9 @@ if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_ex
|
||||
fi;
|
||||
|
||||
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then
|
||||
#if enterAndClear "external/hardened_malloc"; then
|
||||
#applyPatch "$DOS_PATCHES/android_external_hardened_malloc/0001-Broken_Cameras.patch"; #Expand workaround to all camera executables #XXX 19REBASE
|
||||
#fi;
|
||||
if enterAndClear "external/hardened_malloc"; then
|
||||
applyPatch "$DOS_PATCHES/android_external_hardened_malloc/0001-Broken_Cameras.patch"; #Expand workaround to all camera executables
|
||||
fi;
|
||||
fi;
|
||||
|
||||
if enterAndClear "frameworks/base"; then
|
||||
@ -124,11 +123,12 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Rev
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after three failed attempts (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0005-User_Logout.patch"; #Allow user logout (GrapheneOS)
|
||||
#applyPatch "$DOS_PATCHES/android_frameworks_base/0012-Private_DNS.patch"; #More 'Private DNS' options (CalyxOS) #XXX 19REBASE: moved
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Special_Permissions.patch"; #Support new special runtime permissions (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-1.patch"; #Make INTERNET into a special runtime permission (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-2.patch"; #Add a NETWORK permission group for INTERNET (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-3.patch"; #net: Notify ConnectivityService of runtime permission changes (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-4.patch"; #Make DownloadManager.enqueue() a no-op when INTERNET permission is revoked (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-5.patch"; #Make DownloadManager.query() a no-op when INTERNET permission is revoked (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Sensors_Permission.patch"; #Add special runtime permission for other sensors (GrapheneOS)
|
||||
if [ "$DOS_TIMEOUTS" = true ]; then
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0014-Automatic_Reboot.patch"; #Timeout for reboot (GrapheneOS)
|
||||
@ -151,7 +151,8 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-11.pat
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-12.patch";
|
||||
sed -i 's/sys.spawn.exec/persist.security.exec_spawn/' core/java/com/android/internal/os/ZygoteConnection.java;
|
||||
fi;
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0020-Location_Indicators.patch"; #SystemUI: Use new privacy indicators for location (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0020-Location_Indicators-1.patch"; #SystemUI: Use new privacy indicators for location (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0020-Location_Indicators-2.patch"; #Exclude Bluetooth app from Location indicators (GrapheneOS)
|
||||
hardenLocationConf services/core/java/com/android/server/location/gnss/gps_debug.conf; #Harden the default GPS config
|
||||
changeDefaultDNS; #Change the default DNS servers
|
||||
sed -i 's/DEFAULT_USE_COMPACTION = false;/DEFAULT_USE_COMPACTION = true;/' services/core/java/com/android/server/am/CachedAppOptimizer.java; #Enable app compaction by default (GrapheneOS)
|
||||
@ -171,7 +172,7 @@ if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_fr
|
||||
fi;
|
||||
|
||||
if enterAndClear "frameworks/native"; then
|
||||
then applyPatch "$DOS_PATCHES/android_frameworks_native/0001-Sensors_Permission.patch"; #Require OTHER_SENSORS permission for sensors (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_native/0001-Sensors_Permission.patch"; #Require OTHER_SENSORS permission for sensors (GrapheneOS)
|
||||
fi;
|
||||
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then
|
||||
@ -272,6 +273,13 @@ applyPatch "$DOS_PATCHES_COMMON/android_packages_inputmethods_LatinIME/0001-Voic
|
||||
applyPatch "$DOS_PATCHES_COMMON/android_packages_inputmethods_LatinIME/0002-Disable_Personalization.patch"; #Disable personalization dictionary by default (GrapheneOS)
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/modules/Connectivity"; then
|
||||
applyPatch "$DOS_PATCHES/android_packages_modules_Connectivity/0001-Network_Permission-1.patch"; #Add callback for enforcing INTERNET permission changes (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_modules_Connectivity/0001-Network_Permission-2.patch"; #Use uid instead of app id (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_modules_Connectivity/0001-Network_Permission-3.patch"; #Skip reportNetworkConnectivity() when permission is revoked (GrapheneOS)
|
||||
#applyPatch "$DOS_PATCHES/android_packages_modules_Connectivity/0002-Private_DNS.patch"; #More 'Private DNS' options (CalyxOS) #XXX 19REBASE
|
||||
fi;
|
||||
|
||||
if [ "$DOS_GRAPHENE_RANDOM_MAC" = true ]; then
|
||||
if enterAndClear "packages/modules/NetworkStack"; then
|
||||
applyPatch "$DOS_PATCHES/android_packages_modules_NetworkStack/0001-Random_MAC.patch"; #Avoid reusing DHCP state for full MAC randomization (GrapheneOS)
|
||||
@ -348,7 +356,6 @@ sed -i 's/LINEAGE_BUILDTYPE := UNOFFICIAL/LINEAGE_BUILDTYPE := dos/' config/*.mk
|
||||
if [ "$DOS_NON_COMMERCIAL_USE_PATCHES" = true ]; then sed -i 's/LINEAGE_BUILDTYPE := dos/LINEAGE_BUILDTYPE := dosNC/' config/*.mk; fi;
|
||||
echo 'include vendor/divested/divestos.mk' >> config/common.mk; #Include our customizations
|
||||
cp -f "$DOS_PATCHES_COMMON/apns-conf.xml" prebuilt/common/etc/apns-conf.xml; #Update APN list
|
||||
if [ "$DOS_SILENCE_INCLUDED" = true ]; then sed -i 's/messaging/Silence/' config/telephony.mk; fi; #Replace the Messaging app with Silence
|
||||
awk -i inplace '!/Eleven/' config/common_mobile.mk; #Remove Music Player
|
||||
fi;
|
||||
|
||||
@ -367,7 +374,9 @@ fi;
|
||||
#
|
||||
#START OF DEVICE CHANGES
|
||||
#
|
||||
#none yet
|
||||
if enterAndClear "kernel/google/wahoo"; then
|
||||
sed -i 's/asm(SET_PSTATE_UAO(1));/asm(SET_PSTATE_UAO(1)); return 0;/' arch/arm64/mm/fault.c; #fix build with CONFIG_ARM64_UAO
|
||||
fi;
|
||||
|
||||
#Make changes to all devices
|
||||
cd "$DOS_BUILD_BASE";
|
||||
@ -397,8 +406,8 @@ enableAutoVarInit || true;
|
||||
|
||||
sed -i 's/^YYLTYPE yylloc;/extern YYLTYPE yylloc;/' kernel/*/*/scripts/dtc/dtc-lexer.l*; #Fix builds with GCC 10
|
||||
rm -v kernel/*/*/drivers/staging/greybus/tools/Android.mk || true;
|
||||
awk -i inplace '!/config_wifi_batched_scan_supported/' device/*/*/overlay/frameworks/opt/net/wifi/service/res/values/config.xml; #deprecated
|
||||
awk -i inplace '!/config_wifi_batched_scan_supported/' device/*/*/overlay/frameworks/base/core/res/res/values/config.xml; #deprecated
|
||||
#awk -i inplace '!/config_wifi_batched_scan_supported/' device/*/*/overlay/frameworks/opt/net/wifi/service/res/values/config.xml || true; #deprecated
|
||||
#awk -i inplace '!/config_wifi_batched_scan_supported/' device/*/*/overlay/frameworks/base/core/res/res/values/config.xml || true; #deprecated
|
||||
#
|
||||
#END OF DEVICE CHANGES
|
||||
#
|
||||
|
@ -57,14 +57,14 @@ export DOS_DEBLOBBER_REPLACE_TIME=false; #Set true to replace Qualcomm Time Serv
|
||||
|
||||
#Features
|
||||
export DOS_GPS_GLONASS_FORCED=false; #Enables GLONASS on all devices
|
||||
export DOS_GRAPHENE_BIONIC=true; #Enables the bionic hardening patchset on 16.0+17.1+18.1
|
||||
export DOS_GRAPHENE_CONSTIFY=true; #Enables 'Constify JNINativeMethod tables' patchset on 16.0+17.1+18.1
|
||||
export DOS_GRAPHENE_MALLOC=true; #Enables use of GrapheneOS' hardened memory allocator on 64-bit platforms on 16.0+17.1+18.1
|
||||
export DOS_GRAPHENE_EXEC=true; #Enables use of GrapheneOS' exec spawning feature on 16.0+17.1+18.1
|
||||
export DOS_GRAPHENE_PTRACE_SCOPE=true; #Enables the GrapheneOS ptrace_scope toggle patchset on 17.1+18.1
|
||||
export DOS_GRAPHENE_NETWORK_PERM=true; #Enables use of GrapheneOS' NETWORK permission on 17.1+18.1
|
||||
export DOS_GRAPHENE_RANDOM_MAC=true; #Enables the GrapheneOS always randomize Wi-Fi MAC patchset on 17.1+18.1
|
||||
export DOS_TIMEOUTS=true; #Enables the GrapheneOS/CalyxOS patchset for automatic timeouts of reboot/Wi-Fi/Bluetooth on 17.1+18.1
|
||||
export DOS_GRAPHENE_BIONIC=true; #Enables the bionic hardening patchset on 16.0+17.1+18.1+19.1
|
||||
export DOS_GRAPHENE_CONSTIFY=true; #Enables 'Constify JNINativeMethod tables' patchset on 16.0+17.1+18.1+19.1
|
||||
export DOS_GRAPHENE_MALLOC=true; #Enables use of GrapheneOS' hardened memory allocator on 64-bit platforms on 16.0+17.1+18.1+19.1
|
||||
export DOS_GRAPHENE_EXEC=true; #Enables use of GrapheneOS' exec spawning feature on 16.0+17.1+18.1+19.1
|
||||
export DOS_GRAPHENE_PTRACE_SCOPE=true; #Enables the GrapheneOS ptrace_scope toggle patchset on 17.1+18.1+19.1
|
||||
export DOS_GRAPHENE_NETWORK_PERM=true; #Enables use of GrapheneOS' NETWORK permission on 17.1+18.1, 19.1 has no toggle
|
||||
export DOS_GRAPHENE_RANDOM_MAC=true; #Enables the GrapheneOS always randomize Wi-Fi MAC patchset on 17.1+18.1+19.1
|
||||
export DOS_TIMEOUTS=true; #Enables the GrapheneOS/CalyxOS patchset for automatic timeouts of reboot/Wi-Fi/Bluetooth on 17.1+18.1+19.1
|
||||
export DOS_HOSTS_BLOCKING=true; #Set false to prevent inclusion of a HOSTS file
|
||||
export DOS_HOSTS_BLOCKING_APP="DNS66"; #App installed when built-in blocking is disabled. Options: DNS66
|
||||
export DOS_HOSTS_BLOCKING_LIST="https://divested.dev/hosts-wildcards"; #Must be in the format "127.0.0.1 bad.domain.tld"
|
||||
@ -73,8 +73,8 @@ export DOS_MICROG_INCLUDED="NLP"; #Determines inclusion of microG. Options: NONE
|
||||
export DOS_NON_COMMERCIAL_USE_PATCHES=false; #Set true to allow inclusion of non-commercial use patches XXX: Unused, see 1dc9247
|
||||
export DOS_OPTIMIZE_IMAGES=false; #Set true to apply lossless optimizations to image resources
|
||||
export DOS_SILENCE_INCLUDED=true; #Set false to disable inclusion of Silence SMS app
|
||||
export DOS_SENSORS_PERM=false; #Set true to provide a per-app sensors permission #XXX: can break things like camera
|
||||
export DOS_SENSORS_PERM_NEW=true;
|
||||
export DOS_SENSORS_PERM=false; #Set true to provide a per-app sensors permission for 14.1/15.1/16.0 #XXX: can break things like camera
|
||||
export DOS_SENSORS_PERM_NEW=true; #For 17.1+18.1
|
||||
export DOS_STRONG_ENCRYPTION_ENABLED=false; #Set true to enable AES 256-bit FDE encryption on 14.1+15.1 XXX: THIS WILL **DESTROY** EXISTING INSTALLS!
|
||||
export DOS_WEBVIEW_LFS=true; #Whether to `git lfs pull` in the WebView repository
|
||||
#alias DOS_WEBVIEW_CHERRYPICK='git pull "https://github.com/LineageOS/android_external_chromium-webview" refs/changes/00/316600/2';
|
||||
|
Loading…
Reference in New Issue
Block a user