mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-23 22:49:28 -05:00
Default disable exec spawning
Change the property too, so it takes effect next update. Since 16.0 lacks a toggle, this effectively disables the feature for it. Even devices with 4GB of RAM have usability severely impacted. Plus some other tweaks/churn Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
parent
81d9923cda
commit
42c9d22de9
@ -0,0 +1,21 @@
|
|||||||
|
#
|
||||||
|
# Copyright (C) 2017 The Android Open Source Project
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
#
|
||||||
|
|
||||||
|
# Changes various properties to reduce memory usage
|
||||||
|
|
||||||
|
# Do not spin up a separate process, use an in-process APK.
|
||||||
|
PRODUCT_PACKAGES += CellBroadcastAppPlatform
|
||||||
|
PRODUCT_PACKAGES += CellBroadcastServiceModulePlatform
|
@ -0,0 +1,21 @@
|
|||||||
|
#
|
||||||
|
# Copyright (C) 2017 The Android Open Source Project
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
#
|
||||||
|
|
||||||
|
# Changes various properties to reduce memory usage
|
||||||
|
|
||||||
|
# Do not spin up a separate process, use an in-process APK.
|
||||||
|
PRODUCT_PACKAGES += InProcessNetworkStack
|
||||||
|
PRODUCT_PACKAGES += com.android.tethering.inprocess
|
@ -18,7 +18,9 @@
|
|||||||
|
|
||||||
# Set lowram options
|
# Set lowram options
|
||||||
PRODUCT_PROPERTY_OVERRIDES += \
|
PRODUCT_PROPERTY_OVERRIDES += \
|
||||||
|
sys.spawn.exec=false \
|
||||||
persist.security.exec_spawn=false \
|
persist.security.exec_spawn=false \
|
||||||
|
persist.security.exec_spawn_new=false \
|
||||||
ro.config.low_ram=true \
|
ro.config.low_ram=true \
|
||||||
ro.lmk.critical_upgrade=true \
|
ro.lmk.critical_upgrade=true \
|
||||||
ro.lmk.upgrade_pressure=40 \
|
ro.lmk.upgrade_pressure=40 \
|
||||||
@ -34,7 +36,9 @@ PRODUCT_PROPERTY_OVERRIDES += \
|
|||||||
pm.dexopt.downgrade_after_inactive_days=10
|
pm.dexopt.downgrade_after_inactive_days=10
|
||||||
|
|
||||||
# Speed profile services and wifi-service to reduce RAM and storage.
|
# Speed profile services and wifi-service to reduce RAM and storage.
|
||||||
|
ifeq ($(findstring mako,$(TARGET_PRODUCT)),)
|
||||||
PRODUCT_SYSTEM_SERVER_COMPILER_FILTER := speed-profile
|
PRODUCT_SYSTEM_SERVER_COMPILER_FILTER := speed-profile
|
||||||
|
endif
|
||||||
|
|
||||||
# Always preopt extracted APKs to prevent extracting out of the APK for gms
|
# Always preopt extracted APKs to prevent extracting out of the APK for gms
|
||||||
# modules.
|
# modules.
|
||||||
@ -59,12 +63,6 @@ PRODUCT_PROPERTY_OVERRIDES += \
|
|||||||
# Do not generate libartd.
|
# Do not generate libartd.
|
||||||
PRODUCT_ART_TARGET_INCLUDE_DEBUG_BUILD := false
|
PRODUCT_ART_TARGET_INCLUDE_DEBUG_BUILD := false
|
||||||
|
|
||||||
# Do not spin up a separate process for the network stack on go devices, use an in-process APK.
|
|
||||||
#PRODUCT_PACKAGES += InProcessNetworkStack
|
|
||||||
#PRODUCT_PACKAGES += CellBroadcastAppPlatform
|
|
||||||
#PRODUCT_PACKAGES += CellBroadcastServiceModulePlatform
|
|
||||||
#PRODUCT_PACKAGES += com.android.tethering.inprocess
|
|
||||||
|
|
||||||
# Strip the local variable table and the local variable type table to reduce
|
# Strip the local variable table and the local variable type table to reduce
|
||||||
# the size of the system image. This has no bearing on stack traces, but will
|
# the size of the system image. This has no bearing on stack traces, but will
|
||||||
# leave less information available via JDWP.
|
# leave less information available via JDWP.
|
||||||
|
@ -152,7 +152,7 @@ index f537e3e2897b..7d51be259c20 100644
|
|||||||
throw new IllegalStateException("WrapperInit.execApplication unexpectedly returned");
|
throw new IllegalStateException("WrapperInit.execApplication unexpectedly returned");
|
||||||
} else {
|
} else {
|
||||||
if (!isZygote) {
|
if (!isZygote) {
|
||||||
+ if (SystemProperties.getBoolean("sys.spawn.exec", true)) {
|
+ if (SystemProperties.getBoolean("sys.spawn.exec", false)) {
|
||||||
+ ExecInit.execApplication(parsedArgs.niceName, parsedArgs.targetSdkVersion,
|
+ ExecInit.execApplication(parsedArgs.niceName, parsedArgs.targetSdkVersion,
|
||||||
+ VMRuntime.getCurrentInstructionSet(), parsedArgs.remainingArgs);
|
+ VMRuntime.getCurrentInstructionSet(), parsedArgs.remainingArgs);
|
||||||
+
|
+
|
||||||
|
@ -17,8 +17,8 @@ index 7d51be259c20..48a68d96e84c 100644
|
|||||||
throw new IllegalStateException("WrapperInit.execApplication unexpectedly returned");
|
throw new IllegalStateException("WrapperInit.execApplication unexpectedly returned");
|
||||||
} else {
|
} else {
|
||||||
if (!isZygote) {
|
if (!isZygote) {
|
||||||
- if (SystemProperties.getBoolean("sys.spawn.exec", true)) {
|
- if (SystemProperties.getBoolean("sys.spawn.exec", false)) {
|
||||||
+ if (SystemProperties.getBoolean("sys.spawn.exec", true) && parsedArgs.runtimeFlags == 0) {
|
+ if (SystemProperties.getBoolean("sys.spawn.exec", false) && parsedArgs.runtimeFlags == 0) {
|
||||||
ExecInit.execApplication(parsedArgs.niceName, parsedArgs.targetSdkVersion,
|
ExecInit.execApplication(parsedArgs.niceName, parsedArgs.targetSdkVersion,
|
||||||
VMRuntime.getCurrentInstructionSet(), parsedArgs.remainingArgs);
|
VMRuntime.getCurrentInstructionSet(), parsedArgs.remainingArgs);
|
||||||
|
|
||||||
|
@ -160,7 +160,7 @@ index 52d0adba0a05..96348aa30b87 100644
|
|||||||
throw new IllegalStateException("WrapperInit.execApplication unexpectedly returned");
|
throw new IllegalStateException("WrapperInit.execApplication unexpectedly returned");
|
||||||
} else {
|
} else {
|
||||||
if (!isZygote) {
|
if (!isZygote) {
|
||||||
+ if (SystemProperties.getBoolean("sys.spawn.exec", true)) {
|
+ if (SystemProperties.getBoolean("sys.spawn.exec", false)) {
|
||||||
+ ExecInit.execApplication(parsedArgs.mNiceName, parsedArgs.mTargetSdkVersion,
|
+ ExecInit.execApplication(parsedArgs.mNiceName, parsedArgs.mTargetSdkVersion,
|
||||||
+ VMRuntime.getCurrentInstructionSet(), parsedArgs.mRemainingArgs);
|
+ VMRuntime.getCurrentInstructionSet(), parsedArgs.mRemainingArgs);
|
||||||
+
|
+
|
||||||
|
@ -17,8 +17,8 @@ index 96348aa30b87..a3051979e341 100644
|
|||||||
throw new IllegalStateException("WrapperInit.execApplication unexpectedly returned");
|
throw new IllegalStateException("WrapperInit.execApplication unexpectedly returned");
|
||||||
} else {
|
} else {
|
||||||
if (!isZygote) {
|
if (!isZygote) {
|
||||||
- if (SystemProperties.getBoolean("sys.spawn.exec", true)) {
|
- if (SystemProperties.getBoolean("sys.spawn.exec", false)) {
|
||||||
+ if (SystemProperties.getBoolean("sys.spawn.exec", true) &&
|
+ if (SystemProperties.getBoolean("sys.spawn.exec", false) &&
|
||||||
+ (parsedArgs.mRuntimeFlags & ApplicationInfo.FLAG_DEBUGGABLE) == 0) {
|
+ (parsedArgs.mRuntimeFlags & ApplicationInfo.FLAG_DEBUGGABLE) == 0) {
|
||||||
ExecInit.execApplication(parsedArgs.mNiceName, parsedArgs.mTargetSdkVersion,
|
ExecInit.execApplication(parsedArgs.mNiceName, parsedArgs.mTargetSdkVersion,
|
||||||
VMRuntime.getCurrentInstructionSet(), parsedArgs.mRemainingArgs);
|
VMRuntime.getCurrentInstructionSet(), parsedArgs.mRemainingArgs);
|
||||||
|
@ -88,7 +88,7 @@ index 0000000000..78f021210a
|
|||||||
+public class ExecSpawnPreferenceController extends AbstractPreferenceController
|
+public class ExecSpawnPreferenceController extends AbstractPreferenceController
|
||||||
+ implements PreferenceControllerMixin, OnResume, Preference.OnPreferenceChangeListener {
|
+ implements PreferenceControllerMixin, OnResume, Preference.OnPreferenceChangeListener {
|
||||||
+
|
+
|
||||||
+ private static final String SYS_KEY_EXEC_SPAWN = "persist.security.exec_spawn";
|
+ private static final String SYS_KEY_EXEC_SPAWN = "persist.security.exec_spawn_new";
|
||||||
+ private static final String PREF_KEY_EXEC_SPAWN = "exec_spawn";
|
+ private static final String PREF_KEY_EXEC_SPAWN = "exec_spawn";
|
||||||
+ private static final String PREF_KEY_SECURITY_CATEGORY = "security_category";
|
+ private static final String PREF_KEY_SECURITY_CATEGORY = "security_category";
|
||||||
+
|
+
|
||||||
@ -128,7 +128,7 @@ index 0000000000..78f021210a
|
|||||||
+
|
+
|
||||||
+ if (mIsAdmin) {
|
+ if (mIsAdmin) {
|
||||||
+ mExecSpawn = (SwitchPreference) mSecurityCategory.findPreference(PREF_KEY_EXEC_SPAWN);
|
+ mExecSpawn = (SwitchPreference) mSecurityCategory.findPreference(PREF_KEY_EXEC_SPAWN);
|
||||||
+ mExecSpawn.setChecked(SystemProperties.getBoolean(SYS_KEY_EXEC_SPAWN, true));
|
+ mExecSpawn.setChecked(SystemProperties.getBoolean(SYS_KEY_EXEC_SPAWN, false));
|
||||||
+ } else {
|
+ } else {
|
||||||
+ mSecurityCategory.removePreference(mSecurityCategory.findPreference(PREF_KEY_EXEC_SPAWN));
|
+ mSecurityCategory.removePreference(mSecurityCategory.findPreference(PREF_KEY_EXEC_SPAWN));
|
||||||
+ }
|
+ }
|
||||||
|
@ -145,7 +145,7 @@ index 790d7f7ab694..4f7fd039ccd7 100644
|
|||||||
OsConstants._LINUX_CAPABILITY_VERSION_3, 0);
|
OsConstants._LINUX_CAPABILITY_VERSION_3, 0);
|
||||||
StructCapUserData[] data;
|
StructCapUserData[] data;
|
||||||
diff --git a/core/java/com/android/internal/os/ZygoteConnection.java b/core/java/com/android/internal/os/ZygoteConnection.java
|
diff --git a/core/java/com/android/internal/os/ZygoteConnection.java b/core/java/com/android/internal/os/ZygoteConnection.java
|
||||||
index e6a3029c5b2b..a702e84813fa 100644
|
index e6a3029c5b2b..5e4518cffb9f 100644
|
||||||
--- a/core/java/com/android/internal/os/ZygoteConnection.java
|
--- a/core/java/com/android/internal/os/ZygoteConnection.java
|
||||||
+++ b/core/java/com/android/internal/os/ZygoteConnection.java
|
+++ b/core/java/com/android/internal/os/ZygoteConnection.java
|
||||||
@@ -29,6 +29,7 @@ import android.net.Credentials;
|
@@ -29,6 +29,7 @@ import android.net.Credentials;
|
||||||
@ -160,7 +160,7 @@ index e6a3029c5b2b..a702e84813fa 100644
|
|||||||
throw new IllegalStateException("WrapperInit.execApplication unexpectedly returned");
|
throw new IllegalStateException("WrapperInit.execApplication unexpectedly returned");
|
||||||
} else {
|
} else {
|
||||||
if (!isZygote) {
|
if (!isZygote) {
|
||||||
+ if (SystemProperties.getBoolean("sys.spawn.exec", true)) {
|
+ if (SystemProperties.getBoolean("sys.spawn.exec", false)) {
|
||||||
+ ExecInit.execApplication(parsedArgs.mNiceName, parsedArgs.mTargetSdkVersion,
|
+ ExecInit.execApplication(parsedArgs.mNiceName, parsedArgs.mTargetSdkVersion,
|
||||||
+ VMRuntime.getCurrentInstructionSet(), parsedArgs.mRemainingArgs);
|
+ VMRuntime.getCurrentInstructionSet(), parsedArgs.mRemainingArgs);
|
||||||
+
|
+
|
||||||
|
@ -78,11 +78,11 @@ index a7d9827855a2..aa874ad98a78 100644
|
|||||||
+ public static native void nativeHandleRuntimeFlags(int runtimeFlags);
|
+ public static native void nativeHandleRuntimeFlags(int runtimeFlags);
|
||||||
}
|
}
|
||||||
diff --git a/core/java/com/android/internal/os/ZygoteConnection.java b/core/java/com/android/internal/os/ZygoteConnection.java
|
diff --git a/core/java/com/android/internal/os/ZygoteConnection.java b/core/java/com/android/internal/os/ZygoteConnection.java
|
||||||
index 9b4664178530..4ae69677f1dd 100644
|
index f31616fc88fb..f5044f9ecbb0 100644
|
||||||
--- a/core/java/com/android/internal/os/ZygoteConnection.java
|
--- a/core/java/com/android/internal/os/ZygoteConnection.java
|
||||||
+++ b/core/java/com/android/internal/os/ZygoteConnection.java
|
+++ b/core/java/com/android/internal/os/ZygoteConnection.java
|
||||||
@@ -505,7 +505,7 @@ class ZygoteConnection {
|
@@ -505,7 +505,7 @@ class ZygoteConnection {
|
||||||
if (SystemProperties.getBoolean("sys.spawn.exec", true) &&
|
if (SystemProperties.getBoolean("sys.spawn.exec", false) &&
|
||||||
(parsedArgs.mRuntimeFlags & ApplicationInfo.FLAG_DEBUGGABLE) == 0) {
|
(parsedArgs.mRuntimeFlags & ApplicationInfo.FLAG_DEBUGGABLE) == 0) {
|
||||||
ExecInit.execApplication(parsedArgs.mNiceName, parsedArgs.mTargetSdkVersion,
|
ExecInit.execApplication(parsedArgs.mNiceName, parsedArgs.mTargetSdkVersion,
|
||||||
- VMRuntime.getCurrentInstructionSet(), parsedArgs.mRemainingArgs);
|
- VMRuntime.getCurrentInstructionSet(), parsedArgs.mRemainingArgs);
|
||||||
|
@ -10,15 +10,15 @@ spawning when doing debugging.
|
|||||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
diff --git a/core/java/com/android/internal/os/ZygoteConnection.java b/core/java/com/android/internal/os/ZygoteConnection.java
|
diff --git a/core/java/com/android/internal/os/ZygoteConnection.java b/core/java/com/android/internal/os/ZygoteConnection.java
|
||||||
index a702e84813fa..9b4664178530 100644
|
index 5e4518cffb9f..f31616fc88fb 100644
|
||||||
--- a/core/java/com/android/internal/os/ZygoteConnection.java
|
--- a/core/java/com/android/internal/os/ZygoteConnection.java
|
||||||
+++ b/core/java/com/android/internal/os/ZygoteConnection.java
|
+++ b/core/java/com/android/internal/os/ZygoteConnection.java
|
||||||
@@ -502,7 +502,8 @@ class ZygoteConnection {
|
@@ -502,7 +502,8 @@ class ZygoteConnection {
|
||||||
throw new IllegalStateException("WrapperInit.execApplication unexpectedly returned");
|
throw new IllegalStateException("WrapperInit.execApplication unexpectedly returned");
|
||||||
} else {
|
} else {
|
||||||
if (!isZygote) {
|
if (!isZygote) {
|
||||||
- if (SystemProperties.getBoolean("sys.spawn.exec", true)) {
|
- if (SystemProperties.getBoolean("sys.spawn.exec", false)) {
|
||||||
+ if (SystemProperties.getBoolean("sys.spawn.exec", true) &&
|
+ if (SystemProperties.getBoolean("sys.spawn.exec", false) &&
|
||||||
+ (parsedArgs.mRuntimeFlags & ApplicationInfo.FLAG_DEBUGGABLE) == 0) {
|
+ (parsedArgs.mRuntimeFlags & ApplicationInfo.FLAG_DEBUGGABLE) == 0) {
|
||||||
ExecInit.execApplication(parsedArgs.mNiceName, parsedArgs.mTargetSdkVersion,
|
ExecInit.execApplication(parsedArgs.mNiceName, parsedArgs.mTargetSdkVersion,
|
||||||
VMRuntime.getCurrentInstructionSet(), parsedArgs.mRemainingArgs);
|
VMRuntime.getCurrentInstructionSet(), parsedArgs.mRemainingArgs);
|
||||||
|
@ -43,7 +43,7 @@ index 06b3511ceb..75cc0b261d 100644
|
|||||||
android:title="@string/native_debug_title"
|
android:title="@string/native_debug_title"
|
||||||
diff --git a/src/com/android/settings/security/ExecSpawnPreferenceController.java b/src/com/android/settings/security/ExecSpawnPreferenceController.java
|
diff --git a/src/com/android/settings/security/ExecSpawnPreferenceController.java b/src/com/android/settings/security/ExecSpawnPreferenceController.java
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 0000000000..78f021210a
|
index 0000000000..98cc3c29e1
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/src/com/android/settings/security/ExecSpawnPreferenceController.java
|
+++ b/src/com/android/settings/security/ExecSpawnPreferenceController.java
|
||||||
@@ -0,0 +1,106 @@
|
@@ -0,0 +1,106 @@
|
||||||
@ -88,7 +88,7 @@ index 0000000000..78f021210a
|
|||||||
+public class ExecSpawnPreferenceController extends AbstractPreferenceController
|
+public class ExecSpawnPreferenceController extends AbstractPreferenceController
|
||||||
+ implements PreferenceControllerMixin, OnResume, Preference.OnPreferenceChangeListener {
|
+ implements PreferenceControllerMixin, OnResume, Preference.OnPreferenceChangeListener {
|
||||||
+
|
+
|
||||||
+ private static final String SYS_KEY_EXEC_SPAWN = "persist.security.exec_spawn";
|
+ private static final String SYS_KEY_EXEC_SPAWN = "persist.security.exec_spawn_new";
|
||||||
+ private static final String PREF_KEY_EXEC_SPAWN = "exec_spawn";
|
+ private static final String PREF_KEY_EXEC_SPAWN = "exec_spawn";
|
||||||
+ private static final String PREF_KEY_SECURITY_CATEGORY = "security_category";
|
+ private static final String PREF_KEY_SECURITY_CATEGORY = "security_category";
|
||||||
+
|
+
|
||||||
@ -128,7 +128,7 @@ index 0000000000..78f021210a
|
|||||||
+
|
+
|
||||||
+ if (mIsAdmin) {
|
+ if (mIsAdmin) {
|
||||||
+ mExecSpawn = (SwitchPreference) mSecurityCategory.findPreference(PREF_KEY_EXEC_SPAWN);
|
+ mExecSpawn = (SwitchPreference) mSecurityCategory.findPreference(PREF_KEY_EXEC_SPAWN);
|
||||||
+ mExecSpawn.setChecked(SystemProperties.getBoolean(SYS_KEY_EXEC_SPAWN, true));
|
+ mExecSpawn.setChecked(SystemProperties.getBoolean(SYS_KEY_EXEC_SPAWN, false));
|
||||||
+ } else {
|
+ } else {
|
||||||
+ mSecurityCategory.removePreference(mSecurityCategory.findPreference(PREF_KEY_EXEC_SPAWN));
|
+ mSecurityCategory.removePreference(mSecurityCategory.findPreference(PREF_KEY_EXEC_SPAWN));
|
||||||
+ }
|
+ }
|
||||||
|
@ -161,7 +161,7 @@ index 993e4e7b4b3d..756547706f60 100644
|
|||||||
}
|
}
|
||||||
|
|
||||||
- if (parsedArgs.mInvokeWith != null || parsedArgs.mStartChildZygote
|
- if (parsedArgs.mInvokeWith != null || parsedArgs.mStartChildZygote
|
||||||
+ if (parsedArgs.mInvokeWith != null || SystemProperties.getBoolean("sys.spawn.exec", true) || parsedArgs.mStartChildZygote
|
+ if (parsedArgs.mInvokeWith != null || SystemProperties.getBoolean("sys.spawn.exec", false) || parsedArgs.mStartChildZygote
|
||||||
|| !multipleOK || peer.getUid() != Process.SYSTEM_UID) {
|
|| !multipleOK || peer.getUid() != Process.SYSTEM_UID) {
|
||||||
// Continue using old code for now. TODO: Handle these cases in the other path.
|
// Continue using old code for now. TODO: Handle these cases in the other path.
|
||||||
pid = Zygote.forkAndSpecialize(parsedArgs.mUid, parsedArgs.mGid,
|
pid = Zygote.forkAndSpecialize(parsedArgs.mUid, parsedArgs.mGid,
|
||||||
@ -169,7 +169,7 @@ index 993e4e7b4b3d..756547706f60 100644
|
|||||||
throw new IllegalStateException("WrapperInit.execApplication unexpectedly returned");
|
throw new IllegalStateException("WrapperInit.execApplication unexpectedly returned");
|
||||||
} else {
|
} else {
|
||||||
if (!isZygote) {
|
if (!isZygote) {
|
||||||
+ if (SystemProperties.getBoolean("sys.spawn.exec", true)) {
|
+ if (SystemProperties.getBoolean("sys.spawn.exec", false)) {
|
||||||
+ ExecInit.execApplication(parsedArgs.mNiceName, parsedArgs.mTargetSdkVersion,
|
+ ExecInit.execApplication(parsedArgs.mNiceName, parsedArgs.mTargetSdkVersion,
|
||||||
+ VMRuntime.getCurrentInstructionSet(), parsedArgs.mRemainingArgs);
|
+ VMRuntime.getCurrentInstructionSet(), parsedArgs.mRemainingArgs);
|
||||||
+
|
+
|
||||||
|
@ -82,7 +82,7 @@ index 27518dd4cdce..a8d9400c7992 100644
|
|||||||
--- a/core/java/com/android/internal/os/ZygoteConnection.java
|
--- a/core/java/com/android/internal/os/ZygoteConnection.java
|
||||||
+++ b/core/java/com/android/internal/os/ZygoteConnection.java
|
+++ b/core/java/com/android/internal/os/ZygoteConnection.java
|
||||||
@@ -539,7 +539,7 @@ class ZygoteConnection {
|
@@ -539,7 +539,7 @@ class ZygoteConnection {
|
||||||
if (SystemProperties.getBoolean("sys.spawn.exec", true) &&
|
if (SystemProperties.getBoolean("sys.spawn.exec", false) &&
|
||||||
(parsedArgs.mRuntimeFlags & ApplicationInfo.FLAG_DEBUGGABLE) == 0) {
|
(parsedArgs.mRuntimeFlags & ApplicationInfo.FLAG_DEBUGGABLE) == 0) {
|
||||||
ExecInit.execApplication(parsedArgs.mNiceName, parsedArgs.mTargetSdkVersion,
|
ExecInit.execApplication(parsedArgs.mNiceName, parsedArgs.mTargetSdkVersion,
|
||||||
- VMRuntime.getCurrentInstructionSet(), parsedArgs.mRemainingArgs);
|
- VMRuntime.getCurrentInstructionSet(), parsedArgs.mRemainingArgs);
|
||||||
|
@ -17,8 +17,8 @@ index 756547706f60..27518dd4cdce 100644
|
|||||||
throw new IllegalStateException("WrapperInit.execApplication unexpectedly returned");
|
throw new IllegalStateException("WrapperInit.execApplication unexpectedly returned");
|
||||||
} else {
|
} else {
|
||||||
if (!isZygote) {
|
if (!isZygote) {
|
||||||
- if (SystemProperties.getBoolean("sys.spawn.exec", true)) {
|
- if (SystemProperties.getBoolean("sys.spawn.exec", false)) {
|
||||||
+ if (SystemProperties.getBoolean("sys.spawn.exec", true) &&
|
+ if (SystemProperties.getBoolean("sys.spawn.exec", false) &&
|
||||||
+ (parsedArgs.mRuntimeFlags & ApplicationInfo.FLAG_DEBUGGABLE) == 0) {
|
+ (parsedArgs.mRuntimeFlags & ApplicationInfo.FLAG_DEBUGGABLE) == 0) {
|
||||||
ExecInit.execApplication(parsedArgs.mNiceName, parsedArgs.mTargetSdkVersion,
|
ExecInit.execApplication(parsedArgs.mNiceName, parsedArgs.mTargetSdkVersion,
|
||||||
VMRuntime.getCurrentInstructionSet(), parsedArgs.mRemainingArgs);
|
VMRuntime.getCurrentInstructionSet(), parsedArgs.mRemainingArgs);
|
||||||
|
@ -89,7 +89,7 @@ index 0000000000..78f021210a
|
|||||||
+public class ExecSpawnPreferenceController extends AbstractPreferenceController
|
+public class ExecSpawnPreferenceController extends AbstractPreferenceController
|
||||||
+ implements PreferenceControllerMixin, OnResume, Preference.OnPreferenceChangeListener {
|
+ implements PreferenceControllerMixin, OnResume, Preference.OnPreferenceChangeListener {
|
||||||
+
|
+
|
||||||
+ private static final String SYS_KEY_EXEC_SPAWN = "persist.security.exec_spawn";
|
+ private static final String SYS_KEY_EXEC_SPAWN = "persist.security.exec_spawn_new";
|
||||||
+ private static final String PREF_KEY_EXEC_SPAWN = "exec_spawn";
|
+ private static final String PREF_KEY_EXEC_SPAWN = "exec_spawn";
|
||||||
+ private static final String PREF_KEY_SECURITY_CATEGORY = "security_category";
|
+ private static final String PREF_KEY_SECURITY_CATEGORY = "security_category";
|
||||||
+
|
+
|
||||||
@ -129,7 +129,7 @@ index 0000000000..78f021210a
|
|||||||
+
|
+
|
||||||
+ if (mIsAdmin) {
|
+ if (mIsAdmin) {
|
||||||
+ mExecSpawn = (SwitchPreference) mSecurityCategory.findPreference(PREF_KEY_EXEC_SPAWN);
|
+ mExecSpawn = (SwitchPreference) mSecurityCategory.findPreference(PREF_KEY_EXEC_SPAWN);
|
||||||
+ mExecSpawn.setChecked(SystemProperties.getBoolean(SYS_KEY_EXEC_SPAWN, true));
|
+ mExecSpawn.setChecked(SystemProperties.getBoolean(SYS_KEY_EXEC_SPAWN, false));
|
||||||
+ } else {
|
+ } else {
|
||||||
+ mSecurityCategory.removePreference(mSecurityCategory.findPreference(PREF_KEY_EXEC_SPAWN));
|
+ mSecurityCategory.removePreference(mSecurityCategory.findPreference(PREF_KEY_EXEC_SPAWN));
|
||||||
+ }
|
+ }
|
||||||
|
@ -582,9 +582,6 @@ disableEnforceRRO() {
|
|||||||
awk -i inplace '!/PRODUCT_ENFORCE_RRO_TARGETS .= framework-res/' *.mk &>/dev/null || true;
|
awk -i inplace '!/PRODUCT_ENFORCE_RRO_TARGETS .= framework-res/' *.mk &>/dev/null || true;
|
||||||
awk -i inplace '!/PRODUCT_ENFORCE_RRO_TARGETS .= \*/' *.mk &>/dev/null || true;
|
awk -i inplace '!/PRODUCT_ENFORCE_RRO_TARGETS .= \*/' *.mk &>/dev/null || true;
|
||||||
sed -i '/PRODUCT_ENFORCE_RRO_TARGETS .= \\/,+1 d' *.mk &>/dev/null || true;
|
sed -i '/PRODUCT_ENFORCE_RRO_TARGETS .= \\/,+1 d' *.mk &>/dev/null || true;
|
||||||
#TODO: Find a new home for these two
|
|
||||||
awk -i inplace '!/persist.device_config.runtime_native.usap_pool_enabled=true/' *.prop &>/dev/null || true;
|
|
||||||
awk -i inplace '!/config_pinnerCameraApp/' overlay/frameworks/base/core/res/res/values/config.xml &>/dev/null || true;
|
|
||||||
echo "Disabled enforced RRO for $1";
|
echo "Disabled enforced RRO for $1";
|
||||||
cd "$DOS_BUILD_BASE";
|
cd "$DOS_BUILD_BASE";
|
||||||
}
|
}
|
||||||
|
@ -37,5 +37,9 @@ sed -i 's/static bool slab_nomerge __ro_after_init = !IS_ENABLED(CONFIG_SLAB_MER
|
|||||||
#Build speedup
|
#Build speedup
|
||||||
sed -i 's/flags.Tidy = true/flags.Tidy = false/' build/soong/cc/tidy.go &>/dev/null || true; #Disable clang-tidy (kdrag0n)
|
sed -i 's/flags.Tidy = true/flags.Tidy = false/' build/soong/cc/tidy.go &>/dev/null || true; #Disable clang-tidy (kdrag0n)
|
||||||
|
|
||||||
|
#Reduce memory usage
|
||||||
|
awk -i inplace '!/persist.device_config.runtime_native.usap_pool_enabled=true/' device/*/*/*.prop &>/dev/null || true;
|
||||||
|
awk -i inplace '!/config_pinnerCameraApp/' device/*/*/overlay/frameworks/base/core/res/res/values/config.xml &>/dev/null || true;
|
||||||
|
|
||||||
cd "$DOS_BUILD_BASE";
|
cd "$DOS_BUILD_BASE";
|
||||||
echo -e "\e[0;32m[SCRIPT COMPLETE] Post tweaks complete\e[0m";
|
echo -e "\e[0;32m[SCRIPT COMPLETE] Post tweaks complete\e[0m";
|
||||||
|
@ -391,7 +391,6 @@ fi;
|
|||||||
|
|
||||||
#Make changes to all devices
|
#Make changes to all devices
|
||||||
cd "$DOS_BUILD_BASE";
|
cd "$DOS_BUILD_BASE";
|
||||||
if [ "$DOS_LOWRAM_ENABLED" = true ]; then find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'enableLowRam "{}"'; fi;
|
|
||||||
find "hardware/qcom/gps" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
|
find "hardware/qcom/gps" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
|
||||||
find "device" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
|
find "device" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
|
||||||
find "vendor" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
|
find "vendor" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
|
||||||
|
@ -312,7 +312,6 @@ fi;
|
|||||||
|
|
||||||
#Make changes to all devices
|
#Make changes to all devices
|
||||||
cd "$DOS_BUILD_BASE";
|
cd "$DOS_BUILD_BASE";
|
||||||
if [ "$DOS_LOWRAM_ENABLED" = true ]; then find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'enableLowRam "{}"'; fi;
|
|
||||||
find "hardware/qcom/gps" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
|
find "hardware/qcom/gps" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
|
||||||
find "device" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
|
find "device" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
|
||||||
find "vendor" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
|
find "vendor" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
|
||||||
|
@ -152,7 +152,7 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/0010-Exec_Based_Spawning-7.patc
|
|||||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0010-Exec_Based_Spawning-8.patch";
|
applyPatch "$DOS_PATCHES/android_frameworks_base/0010-Exec_Based_Spawning-8.patch";
|
||||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0010-Exec_Based_Spawning-9.patch";
|
applyPatch "$DOS_PATCHES/android_frameworks_base/0010-Exec_Based_Spawning-9.patch";
|
||||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0010-Exec_Based_Spawning-10.patch";
|
applyPatch "$DOS_PATCHES/android_frameworks_base/0010-Exec_Based_Spawning-10.patch";
|
||||||
sed -i 's/sys.spawn.exec/persist.security.exec_spawn/' core/java/com/android/internal/os/ZygoteConnection.java;
|
sed -i 's/sys.spawn.exec/persist.security.exec_spawn_new/' core/java/com/android/internal/os/ZygoteConnection.java;
|
||||||
fi;
|
fi;
|
||||||
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969)
|
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969)
|
||||||
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after three failed attempts (GrapheneOS)
|
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after three failed attempts (GrapheneOS)
|
||||||
@ -376,7 +376,6 @@ fi;
|
|||||||
|
|
||||||
#Make changes to all devices
|
#Make changes to all devices
|
||||||
cd "$DOS_BUILD_BASE";
|
cd "$DOS_BUILD_BASE";
|
||||||
if [ "$DOS_LOWRAM_ENABLED" = true ]; then find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'enableLowRam "{}"'; fi;
|
|
||||||
find "hardware/qcom/gps" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
|
find "hardware/qcom/gps" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
|
||||||
find "device" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
|
find "device" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
|
||||||
find "vendor" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
|
find "vendor" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
|
||||||
|
@ -147,7 +147,7 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/0010-Exec_Based_Spawning-9.patc
|
|||||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0010-Exec_Based_Spawning-10.patch";
|
applyPatch "$DOS_PATCHES/android_frameworks_base/0010-Exec_Based_Spawning-10.patch";
|
||||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0010-Exec_Based_Spawning-11.patch";
|
applyPatch "$DOS_PATCHES/android_frameworks_base/0010-Exec_Based_Spawning-11.patch";
|
||||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0010-Exec_Based_Spawning-12.patch";
|
applyPatch "$DOS_PATCHES/android_frameworks_base/0010-Exec_Based_Spawning-12.patch";
|
||||||
sed -i 's/sys.spawn.exec/persist.security.exec_spawn/' core/java/com/android/internal/os/ZygoteConnection.java;
|
sed -i 's/sys.spawn.exec/persist.security.exec_spawn_new/' core/java/com/android/internal/os/ZygoteConnection.java;
|
||||||
fi;
|
fi;
|
||||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969)
|
applyPatch "$DOS_PATCHES/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969)
|
||||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after three failed attempts (GrapheneOS)
|
applyPatch "$DOS_PATCHES/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after three failed attempts (GrapheneOS)
|
||||||
@ -460,7 +460,6 @@ fi;
|
|||||||
|
|
||||||
#Make changes to all devices
|
#Make changes to all devices
|
||||||
cd "$DOS_BUILD_BASE";
|
cd "$DOS_BUILD_BASE";
|
||||||
if [ "$DOS_LOWRAM_ENABLED" = true ]; then find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'enableLowRam "{}"'; fi;
|
|
||||||
find "hardware/qcom/gps" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
|
find "hardware/qcom/gps" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
|
||||||
find "device" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
|
find "device" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
|
||||||
find "vendor" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
|
find "vendor" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
|
||||||
|
@ -6,6 +6,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.9/4.9.0286-0287.patch
|
|||||||
git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.9/4.9.0300-0301.patch --exclude=Makefile
|
git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.9/4.9.0300-0301.patch --exclude=Makefile
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0002-Misc_Fixes/4.9/0010.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0002-Misc_Fixes/4.9/0010.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0005-Graphene-Deny_USB/4.9/0002.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0005-Graphene-Deny_USB/4.9/0002.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.9/0024.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.9/0025.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.9/0025.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.9/0026.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.9/0026.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.9/0027.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.9/0027.patch
|
||||||
@ -69,34 +70,17 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19061/4.9/0004.patch
|
|||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19073/4.9/0004.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19073/4.9/0004.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19074/4.9/0004.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19074/4.9/0004.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19318/4.9/0004.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19318/4.9/0004.patch
|
||||||
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19319/4.9/0021.patch
|
|
||||||
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19319/4.9/0022.patch
|
|
||||||
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19319/4.9/0023.patch
|
|
||||||
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19319/4.9/0024.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19448/4.9/0004.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19448/4.9/0004.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19462/4.9/0004.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19813/4.9/0005.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19813/4.9/0005.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19816/4.9/0007.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19816/4.9/0007.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19947/4.9/0007.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19947/4.9/0007.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20810/4.9/0006.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20810/4.9/0006.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20908/^5.2/0001.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20908/^5.2/0001.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0067/ANY/0001.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0067/ANY/0001.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0423/^5.9/0001.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0427/4.9/0003.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0427/4.9/0003.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0429/4.9/0005.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0429/4.9/0006.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0433/4.9/0005.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0433/4.9/0006.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0433/4.9/0007.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0433/4.9/0007.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0465/4.9/0011.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0465/4.9/0011.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0465/4.9/0012.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0465/4.9/0012.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/4.9/0012.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0543/4.9/0026.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0543/4.9/0027.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0543/4.9/0028.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0543/4.9/0029.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0543/4.9/0030.patch
|
|
||||||
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-1749/4.9/0011.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-3674/ANY/0001.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-3674/ANY/0001.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-3702/4.9/0031.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-3702/4.9/0031.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-3702/4.9/0032.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-3702/4.9/0032.patch
|
||||||
@ -111,31 +95,13 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-4788/4.9/0019.patch
|
|||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-4788/4.9/0020.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-4788/4.9/0020.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-4788/4.9/0021.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-4788/4.9/0021.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-4788/4.9/0022.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-4788/4.9/0022.patch
|
||||||
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-8992/4.9/0006.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-10711/4.9/0006.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-10732/4.9/0008.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-10757/4.9/0004.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-10766/4.9/0005.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-10766/4.9/0005.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11239/ANY/0001.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11240/ANY/0001.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11261/ANY/0001.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11267/ANY/0002.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11272/prima/0002.patch --directory=drivers/staging/prima
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11272/prima/0002.patch --directory=drivers/staging/prima
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11282/ANY/0001.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11290/ANY/0001.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11494/4.9/0007.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11565/4.9/0007.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12352/ANY/0009.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12352/ANY/0009.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12655/4.9/0004.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12655/4.9/0004.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12656/4.9/0010.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12656/4.9/0010.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12656/4.9/0011.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12656/4.9/0011.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12769/4.9/0006.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12770/4.9/0007.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12771/4.9/0006.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12771/4.9/0006.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12826/4.9/0007.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-13143/4.9/0007.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-13974/4.9/0006.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14305/4.9/0002.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14314/4.9/0004.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14314/4.9/0004.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14331/4.9/0004.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14331/4.9/0004.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14351/4.9/0005.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14351/4.9/0005.patch
|
||||||
@ -143,7 +109,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14356/4.9/0004.patch
|
|||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14386/4.9/0003.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14386/4.9/0003.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14390/4.9/0004.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14390/4.9/0004.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-15393/4.9/0006.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-15393/4.9/0006.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-15436/4.9/0006.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-15437/4.9/0005.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-15437/4.9/0005.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-16119/4.9/0007.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-16119/4.9/0007.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-16119/^5.10/0002.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-16119/^5.10/0002.patch
|
||||||
@ -165,7 +130,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25670/4.9/0005.patch
|
|||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25671/4.9/0005.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25671/4.9/0005.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25672/4.9/0005.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25672/4.9/0005.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25673/4.9/0006.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25673/4.9/0006.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25705/4.9/0006.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-26088/4.9/0006.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-26088/4.9/0006.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-26139/4.9/0005.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-26139/4.9/0005.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-26139/prima/0009.patch --directory=drivers/staging/prima
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-26139/prima/0009.patch --directory=drivers/staging/prima
|
||||||
@ -186,13 +150,12 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29568/4.9/0033.patch
|
|||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29568/4.9/0034.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29568/4.9/0034.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29568/4.9/0035.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29568/4.9/0035.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29569/4.9/0004.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29569/4.9/0004.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29661/4.9/0006.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/4.9/0005.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-35508/4.9/0006.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-35508/4.9/0006.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-35519/4.9/0006.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-35519/4.9/0006.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-36158/4.9/0005.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-36158/4.9/0005.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-36312/4.9/0006.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-36312/4.9/0006.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-36516/4.9/0005.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-36516/4.9/0005.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-0512/4.9/0006.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-0605/4.9/0006.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-0605/4.9/0006.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-0929/ANY/0003.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-0929/ANY/0003.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-0935/^4.16/0001.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-0935/^4.16/0001.patch
|
||||||
@ -205,10 +168,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-0936/ANY/0012.patch
|
|||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-0937/4.9/0006.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-0937/4.9/0006.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-0941/4.9/0004.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-0941/4.9/0004.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-0961/ANY/0003.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-0961/ANY/0003.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-1048/4.1-^5.9/0001.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-1939/ANY/0001.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-1962/ANY/0001.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-1963/ANY/0002.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3178/4.9/0005.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3178/4.9/0005.patch
|
||||||
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3347/4.9/0036.patch
|
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3347/4.9/0036.patch
|
||||||
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3347/4.9/0037.patch
|
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3347/4.9/0037.patch
|
||||||
@ -222,6 +181,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3178/4.9/0005.patch
|
|||||||
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3347/4.9/0045.patch
|
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3347/4.9/0045.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3428/4.9/0015.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3428/4.9/0015.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3428/4.9/0016.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3428/4.9/0016.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3428/4.9/0017.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3483/4.9/0005.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3483/4.9/0005.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3564/4.9/0005.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3564/4.9/0005.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3573/4.9/0005.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3573/4.9/0005.patch
|
||||||
@ -281,8 +241,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-29154/4.9/0007.patch
|
|||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-29647/4.9/0004.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-29647/4.9/0004.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-29650/4.9/0005.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-29650/4.9/0005.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-30002/4.9/0006.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-30002/4.9/0006.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-30262/ANY/0001.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-30324/ANY/0001.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-31916/4.9/0007.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-31916/4.9/0007.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-32399/4.9/0004.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-32399/4.9/0004.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-33033/4.9/0004.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-33033/4.9/0004.patch
|
||||||
@ -291,7 +249,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-33098/^5.12/0001.patch
|
|||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-33909/4.9/0006.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-33909/4.9/0006.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-34693/4.9/0007.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-34693/4.9/0007.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-34981/4.9/0004.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-34981/4.9/0004.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-35105/ANY/0002.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37576/4.9/0007.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37576/4.9/0007.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37576/4.9/0008.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37576/4.9/0008.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-38160/4.9/0005.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-38160/4.9/0005.patch
|
||||||
@ -320,6 +277,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-44879/^5.16/0001.patch
|
|||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-45095/4.9/0005.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-45095/4.9/0005.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-45469/4.9-^5.16/0001.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-45469/4.9-^5.16/0001.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-45485/4.9/0005.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-45485/4.9/0005.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-45486/4.9/0005.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-45868/4.9/0005.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-45868/4.9/0005.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0006.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0006.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0011.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0011.patch
|
||||||
@ -352,9 +310,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-27223/4.9/0004.patch
|
|||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-27950/^5.16/0001.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-27950/^5.16/0001.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-28356/4.9/0004.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-28356/4.9/0004.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-28390/^5.17/0001.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-28390/^5.17/0001.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/4.9/0011.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-24586/4.9/0009.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-24586/4.9/0009.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/4.9/0005.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.9/0007.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.9/0007.patch
|
||||||
editKernelLocalversion "-dos.p356"
|
editKernelLocalversion "-dos.p312"
|
||||||
cd "$DOS_BUILD_BASE"
|
cd "$DOS_BUILD_BASE"
|
||||||
|
@ -157,7 +157,7 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-9.patc
|
|||||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-10.patch";
|
applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-10.patch";
|
||||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-11.patch";
|
applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-11.patch";
|
||||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-12.patch";
|
applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-12.patch";
|
||||||
sed -i 's/sys.spawn.exec/persist.security.exec_spawn/' core/java/com/android/internal/os/ZygoteConnection.java;
|
sed -i 's/sys.spawn.exec/persist.security.exec_spawn_new/' core/java/com/android/internal/os/ZygoteConnection.java;
|
||||||
fi;
|
fi;
|
||||||
if [ "$DOS_GRAPHENE_RANDOM_MAC" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0019-Random_MAC.patch"; fi; #Add option of always randomizing MAC addresses (GrapheneOS)
|
if [ "$DOS_GRAPHENE_RANDOM_MAC" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0019-Random_MAC.patch"; fi; #Add option of always randomizing MAC addresses (GrapheneOS)
|
||||||
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0006-Do-not-throw-in-setAppOnInterfaceLocked.patch"; #Fix random reboots on broken kernels when an app has data restricted XXX: ugly
|
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0006-Do-not-throw-in-setAppOnInterfaceLocked.patch"; #Fix random reboots on broken kernels when an app has data restricted XXX: ugly
|
||||||
@ -542,7 +542,6 @@ fi;
|
|||||||
|
|
||||||
#Make changes to all devices
|
#Make changes to all devices
|
||||||
cd "$DOS_BUILD_BASE";
|
cd "$DOS_BUILD_BASE";
|
||||||
if [ "$DOS_LOWRAM_ENABLED" = true ]; then find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'enableLowRam "{}"'; fi;
|
|
||||||
find "hardware/qcom/gps" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
|
find "hardware/qcom/gps" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
|
||||||
find "device" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
|
find "device" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
|
||||||
find "vendor" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
|
find "vendor" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
|
||||||
|
@ -148,7 +148,7 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-9.patc
|
|||||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-10.patch";
|
applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-10.patch";
|
||||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-11.patch";
|
applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-11.patch";
|
||||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-12.patch";
|
applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-12.patch";
|
||||||
sed -i 's/sys.spawn.exec/persist.security.exec_spawn/' core/java/com/android/internal/os/ZygoteConnection.java;
|
sed -i 's/sys.spawn.exec/persist.security.exec_spawn_new/' core/java/com/android/internal/os/ZygoteConnection.java;
|
||||||
fi;
|
fi;
|
||||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0020-Location_Indicators-1.patch"; #SystemUI: Use new privacy indicators for location (GrapheneOS)
|
applyPatch "$DOS_PATCHES/android_frameworks_base/0020-Location_Indicators-1.patch"; #SystemUI: Use new privacy indicators for location (GrapheneOS)
|
||||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0020-Location_Indicators-2.patch"; #Exclude Bluetooth app from Location indicators (GrapheneOS)
|
applyPatch "$DOS_PATCHES/android_frameworks_base/0020-Location_Indicators-2.patch"; #Exclude Bluetooth app from Location indicators (GrapheneOS)
|
||||||
@ -401,7 +401,6 @@ fi;
|
|||||||
|
|
||||||
#Make changes to all devices
|
#Make changes to all devices
|
||||||
cd "$DOS_BUILD_BASE";
|
cd "$DOS_BUILD_BASE";
|
||||||
if [ "$DOS_LOWRAM_ENABLED" = true ]; then find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'enableLowRam "{}"'; fi;
|
|
||||||
find "hardware/qcom/gps" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
|
find "hardware/qcom/gps" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
|
||||||
find "device" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
|
find "device" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
|
||||||
find "vendor" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
|
find "vendor" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
|
||||||
|
@ -66,7 +66,6 @@ export DOS_GRAPHENE_RANDOM_MAC=true; #Enables the GrapheneOS always randomize Wi
|
|||||||
export DOS_TIMEOUTS=true; #Enables the GrapheneOS/CalyxOS patchset for automatic timeouts of reboot/Wi-Fi/Bluetooth on 17.1+18.1+19.1
|
export DOS_TIMEOUTS=true; #Enables the GrapheneOS/CalyxOS patchset for automatic timeouts of reboot/Wi-Fi/Bluetooth on 17.1+18.1+19.1
|
||||||
export DOS_HOSTS_BLOCKING=true; #Set false to prevent inclusion of a HOSTS file
|
export DOS_HOSTS_BLOCKING=true; #Set false to prevent inclusion of a HOSTS file
|
||||||
export DOS_HOSTS_BLOCKING_LIST="https://divested.dev/hosts-wildcards"; #Must be in the format "127.0.0.1 bad.domain.tld"
|
export DOS_HOSTS_BLOCKING_LIST="https://divested.dev/hosts-wildcards"; #Must be in the format "127.0.0.1 bad.domain.tld"
|
||||||
export DOS_LOWRAM_ENABLED=false; #Set true to enable low_ram on all devices
|
|
||||||
export DOS_MICROG_INCLUDED="NONE"; #Determines inclusion of microG. Options: NONE, NLP, FULL (removed)
|
export DOS_MICROG_INCLUDED="NONE"; #Determines inclusion of microG. Options: NONE, NLP, FULL (removed)
|
||||||
export DOS_SILENCE_INCLUDED=true; #Set false to disable inclusion of Silence SMS app
|
export DOS_SILENCE_INCLUDED=true; #Set false to disable inclusion of Silence SMS app
|
||||||
export DOS_SENSORS_PERM=false; #Set true to provide a per-app sensors permission for 14.1/15.1 #XXX: can break things like camera
|
export DOS_SENSORS_PERM=false; #Set true to provide a per-app sensors permission for 14.1/15.1 #XXX: can break things like camera
|
||||||
|
Loading…
Reference in New Issue
Block a user