From 3a6815c4ebfa3cf0ed93cfa78de4164d6e0aafc4 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Mon, 29 May 2017 22:38:33 -0400
Subject: [PATCH] Fixes

---
 .../android_system_netd/0001-iptables.patch    | 18 ++++++++----------
 Scripts/Generic_Deblob.sh                      |  1 +
 Scripts/LAOS-14.1_Patches.sh                   |  4 ++--
 3 files changed, 11 insertions(+), 12 deletions(-)

diff --git a/Patches/LineageOS-14.1/android_system_netd/0001-iptables.patch b/Patches/LineageOS-14.1/android_system_netd/0001-iptables.patch
index 6e71e5ba..3c84f271 100644
--- a/Patches/LineageOS-14.1/android_system_netd/0001-iptables.patch
+++ b/Patches/LineageOS-14.1/android_system_netd/0001-iptables.patch
@@ -1,33 +1,31 @@
-From 468c7af6d84d1b2c7bafd10c0a109d7ba8512c0b Mon Sep 17 00:00:00 2001
+From 9663281c60b56be2d2cf00cd7ed11625a6ac1998 Mon Sep 17 00:00:00 2001
 From: Tad <tad@spotco.us>
-Date: Mon, 29 May 2017 20:01:31 -0400
+Date: Mon, 29 May 2017 21:36:29 -0400
 Subject: [PATCH] Network hardening via iptables
 
-Change-Id: I4b7c330a50aa55ad9259e0ced8aee71d4acaf508
+Change-Id: Ic128a37ccbc1885b4f92cee5bd6eb4408fa78105
 
 Credit: https://javapipe.com/iptables-ddos-protection
 ---
- server/CommandListener.cpp | 51 ++++++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 51 insertions(+)
+ server/CommandListener.cpp | 49 ++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 49 insertions(+)
 
 diff --git a/server/CommandListener.cpp b/server/CommandListener.cpp
-index b16da18..0a318fc 100755
+index b16da18..06db5b9 100755
 --- a/server/CommandListener.cpp
 +++ b/server/CommandListener.cpp
-@@ -145,6 +145,12 @@ static const char* RAW_PREROUTING[] = {
+@@ -145,6 +145,10 @@ static const char* RAW_PREROUTING[] = {
          NULL,
  };
  
 +static const char* MANGLE_PREROUTING[] = {
-+        BandwidthController::LOCAL_MANGLE_PREROUTING,
-+        IdletimerController::LOCAL_MANGLE_PREROUTING,
 +        NULL,
 +};
 +
  static const char* MANGLE_POSTROUTING[] = {
          BandwidthController::LOCAL_MANGLE_POSTROUTING,
          IdletimerController::LOCAL_MANGLE_POSTROUTING,
-@@ -225,11 +231,56 @@ CommandListener::CommandListener() :
+@@ -225,11 +229,56 @@ CommandListener::CommandListener() :
      createChildChains(V4V6, "filter", "FORWARD", FILTER_FORWARD);
      createChildChains(V4V6, "filter", "OUTPUT", FILTER_OUTPUT);
      createChildChains(V4V6, "raw", "PREROUTING", RAW_PREROUTING);
diff --git a/Scripts/Generic_Deblob.sh b/Scripts/Generic_Deblob.sh
index 06b10052..b6193b44 100755
--- a/Scripts/Generic_Deblob.sh
+++ b/Scripts/Generic_Deblob.sh
@@ -182,6 +182,7 @@ deblobDevice() {
 		#awk -i inplace '!/'$makes'/' "${PWD##*/}".mk; #Remove all shim references from device makefile FIXME: Deletes the entire makefile for some reason
 	#fi;
 	if [ -f system.prop ]; then
+		sed -i 's/drm.service.enabled=true/drm.service.enabled=false/' system.prop;
 		if ! grep -q "drm.service.enabled=false" system.prop; then echo "drm.service.enabled=false" >> system.prop; fi; #Disable DRM server
 		sed -i 's/persist.bt.enableAptXHD=true/persist.bt.enableAptXHD=false/' system.prop; #Disable aptX
 		sed -i 's/persist.cne.feature=./persist.cne.feature=0/' system.prop; #Disable CNE
diff --git a/Scripts/LAOS-14.1_Patches.sh b/Scripts/LAOS-14.1_Patches.sh
index e22acbb6..ced8ad53 100755
--- a/Scripts/LAOS-14.1_Patches.sh
+++ b/Scripts/LAOS-14.1_Patches.sh
@@ -128,8 +128,8 @@ enter "system/core"
 cat /tmp/ar/hosts >> rootdir/etc/hosts #Merge in our HOSTS file
 patch -p1 < $patches"android_system_core/0001-Hardening.patch" #Misc hardening
 
-enter "system/netd"
-patch -p1 < $patches"android_system_netd/0001-iptables.patch"; #Network hardening via iptables XXX: Untested
+#enter "system/netd"
+#patch -p1 < $patches"android_system_netd/0001-iptables.patch"; #Network hardening via iptables XXX: Doesn't seem to do anything?
 
 enter "vendor/cm"
 patch -p1 < $patches"android_vendor_cm/0001-SCE.patch" #Include our extras such as MicroG and F-Droid