Default disable exec spawning

Change the property too, so it takes effect next update. Since 16.0 lacks a toggle, this effectively disables the feature for it. Even devices with 4GB of RAM have usability severely impacted. Plus some other tweaks/churn Signed-off-by: Tad <tad@spotco.us>
2025-08-07 13:52:24 -04:00 · 2022-04-12 16:44:53 -04:00 · 2022-04-12 16:44:53 -04:00 · 42c9d22de9
commit 42c9d22de9
parent 81d9923cda
26 changed files with 84 additions and 94 deletions
--- a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_fairphone_sdm632.sh
+++ b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_fairphone_sdm632.sh
@ -6,6 +6,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.9/4.9.0286-0287.patch
 git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.9/4.9.0300-0301.patch --exclude=Makefile
 git apply $DOS_PATCHES_LINUX_CVES/0002-Misc_Fixes/4.9/0010.patch
 git apply $DOS_PATCHES_LINUX_CVES/0005-Graphene-Deny_USB/4.9/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.9/0024.patch
 git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.9/0025.patch
 git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.9/0026.patch
 git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.9/0027.patch
@ -69,34 +70,17 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19061/4.9/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19073/4.9/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19074/4.9/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19318/4.9/0004.patch
-#git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19319/4.9/0021.patch
-#git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19319/4.9/0022.patch
-#git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19319/4.9/0023.patch
-#git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19319/4.9/0024.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19448/4.9/0004.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19462/4.9/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19813/4.9/0005.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19816/4.9/0007.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19947/4.9/0007.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20810/4.9/0006.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20908/^5.2/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0067/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0423/^5.9/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0427/4.9/0003.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0429/4.9/0005.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0429/4.9/0006.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0433/4.9/0005.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0433/4.9/0006.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0433/4.9/0007.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0465/4.9/0011.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0465/4.9/0012.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/4.9/0012.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0543/4.9/0026.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0543/4.9/0027.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0543/4.9/0028.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0543/4.9/0029.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0543/4.9/0030.patch
-#git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-1749/4.9/0011.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-3674/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-3702/4.9/0031.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-3702/4.9/0032.patch
@ -111,31 +95,13 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-4788/4.9/0019.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-4788/4.9/0020.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-4788/4.9/0021.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-4788/4.9/0022.patch
-#git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-8992/4.9/0006.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-10711/4.9/0006.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-10732/4.9/0008.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-10757/4.9/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-10766/4.9/0005.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11239/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11240/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11261/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11267/ANY/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11272/prima/0002.patch --directory=drivers/staging/prima
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11282/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11290/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11494/4.9/0007.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11565/4.9/0007.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12352/ANY/0009.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12655/4.9/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12656/4.9/0010.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12656/4.9/0011.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12769/4.9/0006.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12770/4.9/0007.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12771/4.9/0006.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12826/4.9/0007.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-13143/4.9/0007.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-13974/4.9/0006.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14305/4.9/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14314/4.9/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14331/4.9/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14351/4.9/0005.patch
@ -143,7 +109,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14356/4.9/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14386/4.9/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14390/4.9/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-15393/4.9/0006.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-15436/4.9/0006.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-15437/4.9/0005.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-16119/4.9/0007.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-16119/^5.10/0002.patch
@ -165,7 +130,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25670/4.9/0005.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25671/4.9/0005.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25672/4.9/0005.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25673/4.9/0006.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25705/4.9/0006.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-26088/4.9/0006.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-26139/4.9/0005.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-26139/prima/0009.patch --directory=drivers/staging/prima
@ -186,13 +150,12 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29568/4.9/0033.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29568/4.9/0034.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29568/4.9/0035.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29569/4.9/0004.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29661/4.9/0006.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/4.9/0005.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-35508/4.9/0006.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-35519/4.9/0006.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-36158/4.9/0005.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-36312/4.9/0006.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-36516/4.9/0005.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-0512/4.9/0006.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-0605/4.9/0006.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-0929/ANY/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-0935/^4.16/0001.patch
@ -205,10 +168,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-0936/ANY/0012.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-0937/4.9/0006.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-0941/4.9/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-0961/ANY/0003.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-1048/4.1-^5.9/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-1939/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-1962/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-1963/ANY/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3178/4.9/0005.patch
 #git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3347/4.9/0036.patch
 #git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3347/4.9/0037.patch
@ -222,6 +181,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3178/4.9/0005.patch
 #git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3347/4.9/0045.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3428/4.9/0015.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3428/4.9/0016.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3428/4.9/0017.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3483/4.9/0005.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3564/4.9/0005.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3573/4.9/0005.patch
@ -281,8 +241,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-29154/4.9/0007.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-29647/4.9/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-29650/4.9/0005.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-30002/4.9/0006.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-30262/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-30324/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-31916/4.9/0007.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-32399/4.9/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-33033/4.9/0004.patch
@ -291,7 +249,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-33098/^5.12/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-33909/4.9/0006.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-34693/4.9/0007.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-34981/4.9/0004.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-35105/ANY/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37576/4.9/0007.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37576/4.9/0008.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-38160/4.9/0005.patch
@ -320,6 +277,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-44879/^5.16/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-45095/4.9/0005.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-45469/4.9-^5.16/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-45485/4.9/0005.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-45486/4.9/0005.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-45868/4.9/0005.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0006.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0011.patch
@ -352,9 +310,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-27223/4.9/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-27950/^5.16/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-28356/4.9/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-28390/^5.17/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/4.9/0011.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-24586/4.9/0009.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/4.9/0005.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.9/0007.patch
-editKernelLocalversion "-dos.p356"
+editKernelLocalversion "-dos.p312"
 cd "$DOS_BUILD_BASE"
--- a/Scripts/LineageOS-18.1/Patch.sh
+++ b/Scripts/LineageOS-18.1/Patch.sh
@ -157,7 +157,7 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-9.patc
 applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-10.patch";
 applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-11.patch";
 applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-12.patch";
-sed -i 's/sys.spawn.exec/persist.security.exec_spawn/' core/java/com/android/internal/os/ZygoteConnection.java;
+sed -i 's/sys.spawn.exec/persist.security.exec_spawn_new/' core/java/com/android/internal/os/ZygoteConnection.java;
 fi;
 if [ "$DOS_GRAPHENE_RANDOM_MAC" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0019-Random_MAC.patch"; fi; #Add option of always randomizing MAC addresses (GrapheneOS)
 applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0006-Do-not-throw-in-setAppOnInterfaceLocked.patch"; #Fix random reboots on broken kernels when an app has data restricted XXX: ugly
@ -542,7 +542,6 @@ fi;

 #Make changes to all devices
 cd "$DOS_BUILD_BASE";
-if [ "$DOS_LOWRAM_ENABLED" = true ]; then find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'enableLowRam "{}"'; fi;
 find "hardware/qcom/gps" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
 find "device" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
 find "vendor" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';