Many changes

- Add support to scan for malware in certain directories
- 15.1: Add new device, griffin
- Note deprecation status of various devices
- Add a few blobs to the deblobber
This commit is contained in:
Tad 2018-05-10 23:45:29 -04:00
parent 966c9c8509
commit 5695712cf4
9 changed files with 146 additions and 10 deletions

View File

@ -88,6 +88,7 @@
<!-- Common -->
<project path="packages/resources/devicesettings" name="LineageOS/android_packages_resources_devicesettings" remote="github" />
<project path="device/qcom/common" name="LineageOS/android_device_qcom_common" remote="github" />
<project path="external/bson" name="LineageOS/android_external_bson" remote="github" />
<project path="external/sony/boringssl-compat" name="LineageOS/android_external_sony_boringssl-compat" remote="github" />
<project path="hardware/sony/thermanager" name="LineageOS/android_hardware_sony_thermanager" remote="github" />
<project path="hardware/sony/timekeep" name="LineageOS/android_hardware_sony_timekeep" remote="github" />
@ -142,6 +143,10 @@
<project path="device/motorola/clark" name="hashbang173/android_device_motorola_clark" remote="github" />
<project path="kernel/motorola/msm8992" name="hashbang173/android_kernel_motorola_msm8992" remote="github" />
<!-- Moto Z (griffin) -->
<project path="device/motorola/griffin" name="LineageOS/android_device_motorola_griffin" remote="github" />
<project path="kernel/motorola/msm8996" name="LineageOS/android_kernel_motorola_msm8996" remote="github" />
<!-- Nextbit Robin (ether) -->
<project path="device/nextbit/ether" name="LineageOS/android_device_nextbit_ether" remote="github" />
<project path="kernel/nextbit/msm8992" name="LineageOS/android_kernel_nextbit_msm8992" remote="github" />

@ -1 +1 @@
Subproject commit 3df110564933e4485c77420247c4f7a218a60c47
Subproject commit 15d066443badcf400bc2b46e12958d89305c8bc3

View File

@ -45,7 +45,7 @@ echo "Deblobbing..."
blobs=$blobs"alipay.b00|alipay.b01|alipay.b02|alipay.b03|alipay.b04|alipay.b05|alipay.b06|alipay.mdt";
#aptX (Bluetooth Audio Compression Codec) [Qualcomm]
blobs=$blobs"|libaptX-1.0.0-rel-Android21-ARMv7A.so|libaptXHD-1.0.0-rel-Android21-ARMv7A.so|libaptXScheduler.so";
blobs=$blobs"|libaptX_encoder.so|libaptXHD_encoder.so|libaptX-1.0.0-rel-Android21-ARMv7A.so|libaptXHD-1.0.0-rel-Android21-ARMv7A.so|libaptXScheduler.so";
#ATFWD [Qualcomm]
blobs=$blobs"|ATFWD-daemon|atfwd.apk";
@ -191,7 +191,7 @@ echo "Deblobbing..."
blobs=$blobs"|com.qualcomm.location.vzw_library.jar|com.qualcomm.location.vzw_library.xml|com.verizon.apn.xml|com.verizon.embms.xml|com.verizon.hardware.telephony.ehrpd.jar|com.verizon.hardware.telephony.ehrpd.xml|com.verizon.hardware.telephony.lte.jar|com.verizon.hardware.telephony.lte.xml|com.verizon.ims.jar|com.verizon.ims.xml|com.verizon.provider.xml|com.vzw.vzwapnlib.xml|qti-vzw-ims-internal.jar|qti-vzw-ims-internal.xml|VerizonUnifiedSettings.jar|VZWAPNLib.apk|VZWAPNService.apk|VZWAVS.apk|VzwLcSilent.apk|vzw_msdc_api.apk|VzwOmaTrigger.apk|vzw_sso_permissions.xml";
#Voice Recognition
blobs=$blobs"|aonvr1.bin|aonvr2.bin|audiomonitor|es305_fw.bin|HotwordEnrollment.apk|HotwordEnrollmentRT5677.apk|libadpcmdec.so|liblistenhardware.so|liblistenjni.so|liblisten.so|liblistensoundmodel.so|libqvop-service.so|librecoglib.so|libsmwrapper.so|libsupermodel.so|libtrainingcheck.so|qvop-daemon|sound_trigger.primary.msm8916.so|sound_trigger.primary.msm8996.so";
blobs=$blobs"|aonvr1.bin|aonvr2.bin|audiomonitor|es305_fw.bin|HotwordEnrollment.apk|HotwordEnrollment*.apk|libadpcmdec.so|liblistenhardware.so|liblistenjni.so|liblisten.so|liblistensoundmodel.so|libqvop-service.so|librecoglib.so|libsmwrapper.so|libsupermodel.so|libtrainingcheck.so|qvop-daemon|sound_trigger.primary.msm8916.so|sound_trigger.primary.msm8996.so";
#Vulkan [Qualcomm]
#blobs=$blobs"|libllvm-qgl.so|vulkan.msm*.so";

View File

@ -47,6 +47,28 @@ gitReset() {
}
export -f gitReset;
scanForMalware() {
if [ -x /usr/bin/clamscan ] && [ -f /var/lib/clamav/main.cvd ]; then
echo -e "\e[0;32mStarting a malware scan, this might take a while...\e[0m";
scanQueue="$base/build $base/device $base/vendor";
#scanQueue=$scanQueue" $base/prebuilts $base/sdk $base/toolchain $base/tools";
du -hsc $scanQueue;
/usr/bin/clamscan --recursive --detect-pua --infected --exclude-dir=".git" $scanQueue;
clamscanExit=$?;
if [ "$clamscanExit" -eq "1" ]; then
echo -e "\e[0;31m----------------------------------------------------------------\e[0m";
echo -e "\e[0;31mWARNING: MALWARE WAS FOUND! PLEASE INVESTIGATE!\e[0m";
echo -e "\e[0;31m----------------------------------------------------------------\e[0m";
fi;
if [ "$clamscanExit" -eq "0" ]; then
echo -e "\e[0;32mNo malware found\e[0m";
fi;
else
echo -e "\e[0;33mWARNING: clamscan is unavailable, a malware scan will not be performed!\e[0m";
fi;
}
export -f scanForMalware;
disableDexPreOpt() {
cd $base$1;
if [ -f BoardConfig.mk ]; then

View File

@ -45,6 +45,8 @@ export GRADLE_OPTS="-Xmx2048m";
export NON_COMMERCIAL_USE_PATCHES=false; #Switch to false to prevent inclusion of non-commercial use patches
export MALWARE_SCAN_ON_PATCH=false; #Switch to true to perform a malware scan of certain directories before patching
source $scriptsCommon"/Functions.sh";
source $scripts"/Functions.sh";

View File

@ -41,18 +41,18 @@ export -f buildDeviceDebug;
buildAll() {
#Select devices are userdebug due to SELinux policy issues
#TODO: Add victara, griffin, athene, us997, us996, pme, t0lte, hlte
brunch lineage_thor-userdebug;
#TODO: Add victara, athene, us997, us996, pme, t0lte, hlte
brunch lineage_thor-userdebug; #deprecated
brunch lineage_clark-user;
brunch lineage_ether-user;
brunch lineage_FP2-user;
# brunch lineage_h815-user; - (UPSTREAM) drivers/input/touchscreen/DS5/RefCode_CustomerImplementation.c:147:1: warning: the frame size of 2064 bytes is larger than 2048 bytes
# brunch lineage_h815-user; #deprecated (UPSTREAM) drivers/input/touchscreen/DS5/RefCode_CustomerImplementation.c:147:1: warning: the frame size of 2064 bytes is larger than 2048 bytes
brunch lineage_h850-userdebug;
brunch lineage_hammerhead-user;
brunch lineage_herolte-user;
brunch lineage_himaul-user;
brunch lineage_himaul-user; #deprecated
brunch lineage_i9100-userdebug;
brunch lineage_i9305-user;
brunch lineage_i9305-user; #deprecated?
brunch lineage_jfltexx-user;
brunch lineage_klte-user;
brunch lineage_n5110-user;
@ -62,6 +62,8 @@ buildAll() {
export -f buildAll;
patchWorkspace() {
if [ "$MALWARE_SCAN_ON_PATCH" = true ]; then scanForMalware; fi;
#source build/envsetup.sh;
source $scripts/Patch.sh;

View File

@ -45,6 +45,8 @@ export GRADLE_OPTS="-Xmx2048m";
export NON_COMMERCIAL_USE_PATCHES=false; #Switch to false to prevent inclusion of non-commercial use patches
export MALWARE_SCAN_ON_PATCH=false; #Switch to true to perform a malware scan of certain directories before patching
source $scriptsCommon"/Functions.sh";
source $scripts"/Functions.sh";

View File

@ -0,0 +1,101 @@
#!/bin/bash
cd $base"kernel/motorola/msm8996"
git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0019.patch
git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0020.patch
git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0021.patch
git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0022.patch
git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0023.patch
git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0025.patch
git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0026.patch
git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0027.patch
git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0028.patch
git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0029.patch
git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0030.patch
git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0031.patch
git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0032.patch
git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0033.patch
git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0034.patch
git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0035.patch
git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0036.patch
git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0037.patch
git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0040.patch
git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0041.patch
git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0042.patch
git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0043.patch
git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0045.patch
git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0046.patch
git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0050.patch
git apply $cvePatchesLinux/0010-Accelerated_AES/3.10+/0011.patch
git apply $cvePatchesLinux/0010-Accelerated_AES/3.10+/0012.patch
git apply $cvePatchesLinux/0010-Accelerated_AES/3.10+/0013.patch
git apply $cvePatchesLinux/CVE-2014-9900/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2015-2041/^3.19/0002.patch
git apply $cvePatchesLinux/CVE-2015-7515/^4.4/0002.patch
git apply $cvePatchesLinux/CVE-2016-2188/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2016-2188/ANY/0002.patch
git apply $cvePatchesLinux/CVE-2016-2549/^4.4/0001.patch
git apply $cvePatchesLinux/CVE-2016-3136/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2016-3137/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2016-3138/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2016-3140/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2016-3672/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2016-3857/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2016-6693/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2016-6696/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2016-8394/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2016-GadgetFS/ANY/0003.patch
git apply $cvePatchesLinux/CVE-2016-GadgetFS/ANY/0007.patch
git apply $cvePatchesLinux/CVE-2016-GadgetFS/ANY/0008.patch
git apply $cvePatchesLinux/CVE-2016-GadgetFS/ANY/0009.patch
git apply $cvePatchesLinux/CVE-2016-GadgetFS/ANY/0010.patch
git apply $cvePatchesLinux/CVE-2017-0610/ANY/0002.patch
git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-1000410/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-13215/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-13218/3.18/0009.patch
git apply $cvePatchesLinux/CVE-2017-14883/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-15115/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-15649/ANY/0002.patch
git apply $cvePatchesLinux/CVE-2017-15842/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-15843/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-16525/^4.13/0002.patch
git apply $cvePatchesLinux/CVE-2017-16526/^4.13/0001.patch
git apply $cvePatchesLinux/CVE-2017-16530/^4.13/0001.patch
git apply $cvePatchesLinux/CVE-2017-16531/^4.13/0001.patch
git apply $cvePatchesLinux/CVE-2017-16532/^4.13/0001.patch
git apply $cvePatchesLinux/CVE-2017-16533/^4.13/0001.patch
git apply $cvePatchesLinux/CVE-2017-16535/^4.13/0001.patch
git apply $cvePatchesLinux/CVE-2017-16537/^4.13/0001.patch
git apply $cvePatchesLinux/CVE-2017-16538/^4.13/0001.patch
git apply $cvePatchesLinux/CVE-2017-16538/^4.13/0002.patch
git apply $cvePatchesLinux/CVE-2017-16643/3.5+/0001.patch
git apply $cvePatchesLinux/CVE-2017-16645/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-16646/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-16650/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0003.patch
git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0005.patch
git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0006.patch
git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0009.patch
git apply $cvePatchesLinux/CVE-2017-17449/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-17558/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-17762/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-18066/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-5669/^4.9/0001.patch
git apply $cvePatchesLinux/CVE-2017-5972/ANY/0002.patch
git apply $cvePatchesLinux/CVE-2017-6001/^4.9/0002.patch
git apply $cvePatchesLinux/CVE-2017-6348/^4.9/0001.patch
git apply $cvePatchesLinux/CVE-2017-8251/3.18/0002.patch
git apply $cvePatchesLinux/CVE-2018-3560/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2018-3563/3.18/0002.patch
git apply $cvePatchesLinux/CVE-2018-3599/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2018-5825/3.18/0002.patch
git apply $cvePatchesLinux/CVE-2018-5848/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2018-5849/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2016-6693/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2016-6696/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-0610/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
git apply $cvePatchesLinux/CVE-2017-14883/ANY/0001.patch
editKernelLocalversion "-dos.p97"
cd $base

View File

@ -18,7 +18,7 @@
#Last verified: 2018-04-27
patchAllKernels() {
startPatcher "kernel_fairphone_msm8974 kernel_google_marlin kernel_google_msm kernel_htc_flounder kernel_htc_msm8974 kernel_huawei_angler kernel_lge_bullhead kernel_lge_g3 kernel_lge_hammerhead kernel_lge_mako kernel_lge_msm8974 kernel_lge_msm8996 kernel_moto_shamu kernel_motorola_msm8992 kernel_nextbit_msm8992 kernel_oppo_msm8974 kernel_samsung_msm8974";
startPatcher "kernel_fairphone_msm8974 kernel_google_marlin kernel_google_msm kernel_htc_flounder kernel_htc_msm8974 kernel_huawei_angler kernel_lge_bullhead kernel_lge_g3 kernel_lge_hammerhead kernel_lge_mako kernel_lge_msm8974 kernel_lge_msm8996 kernel_moto_shamu kernel_motorola_msm8992 kernel_motorola_msm8996 kernel_nextbit_msm8992 kernel_oppo_msm8974 kernel_samsung_msm8974";
}
export -f patchAllKernels;
@ -41,7 +41,6 @@ export -f buildDeviceDebug;
buildAll() {
#Select devices are userdebug due to SELinux policy issues
#TODO: Add victara, griffin, athene, us997, us996, pme, t0lte, hlte
brunch lineage_d852-user;
brunch lineage_bacon-user;
brunch lineage_mako-user;
@ -52,6 +51,7 @@ buildAll() {
brunch lineage_d855-user;
brunch lineage_flo-user;
brunch lineage_flounder-user;
brunch lineage_griffin-user;
#brunch lineage_h850-userdebug;
#brunch lineage_hammerhead-user;
brunch lineage_marlin-user;
@ -62,6 +62,8 @@ buildAll() {
export -f buildAll;
patchWorkspace() {
if [ "$MALWARE_SCAN_ON_PATCH" = true ]; then scanForMalware; fi;
source build/envsetup.sh;
repopick -f 206123; #bionic: Sort and cache hosts file data for fast lookup
repopick -f 209030; #ContactsProvider: Prevent device contact being deleted.