Many changes

- 15.1: Update some CVE patchers
- 15.1: Address some mako denials
- 14.1: Add cherrypicks for various security patches
- Common: Prepare for F-Droid additional repos
- Common: Disable overclock for mako
- Misc tweaks

Scripts/Common/Functions.sh

@@ -127,7 +127,7 @@ generateBootAnimationShine() {
 export -f generateBootAnimationShine;
 
 audit2allowCurrent() {
-	adb shell dmesg | audit2allow -p "$ANDROID_PRODUCT_OUT"/root/sepolicy;
+	adb logcat -b all -d | audit2allow -p "$ANDROID_PRODUCT_OUT"/root/sepolicy;
 }
 export -f audit2allowCurrent;
 

Scripts/Common/Overclock.sh

@@ -61,8 +61,8 @@ echo "CONFIG_CPU_OVERCLOCK=y" >> arch/arm/configs/lineageos_mako_defconfig; #1.5
 #echo "CONFIG_CPU_OVERCLOCK_ULTRA=y" >> arch/arm/configs/lineageos_mako_defconfig; #1.51GHz -> 1.94GHz XXX: Throttles
 if enter "device/lge/mako"; then
 	sed -i 's/scaling_min_freq 384000/scaling_min_freq 81000/' rootdir/etc/init.mako.power.rc;
-	sed -i 's/scaling_max_freq 1512000/scaling_max_freq 1728000/' rootdir/etc/init.mako.power.rc;
-	sed -i 's/NORMAL_FREQ "1512000"/NORMAL_FREQ "1728000"/' power/power_mako.c;
+	#sed -i 's/scaling_max_freq 1512000/scaling_max_freq 1728000/' rootdir/etc/init.mako.power.rc;
+	#sed -i 's/NORMAL_FREQ "1512000"/NORMAL_FREQ "1728000"/' power/power_mako.c;
 	#sed -i 's/scaling_max_freq 1512000/scaling_max_freq 1944000/' rootdir/etc/init.mako.power.rc;
 	#sed -i 's/NORMAL_FREQ "1512000"/NORMAL_FREQ "1944000"/' power/power_mako.c;
 fi;

Scripts/LineageOS-14.1/Functions.sh

@@ -98,7 +98,8 @@ patchWorkspace() {
 	if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/cm"; fi;
 	source build/envsetup.sh;
 	repopick -t n_asb_09-2018-qcom;
-	#repopick -t n_asb_10-2018;
+	repopick -it n_asb_10-2018;
+	repopick 231380;
 
 	source "$DOS_SCRIPTS/Patch.sh";
 	source "$DOS_SCRIPTS/Defaults.sh";

Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_essential_msm8998.sh

@@ -1,6 +1,5 @@
 #!/bin/bash
 cd "$DOS_BUILD_BASE""kernel/essential/msm8998"
-git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.4/4.4.0152-0153.patch
 git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0016.patch
 git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0020.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9900/ANY/0001.patch
@@ -38,5 +37,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14875/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11274/ANY/0001.patch
-editKernelLocalversion "-dos.p38"
+editKernelLocalversion "-dos.p37"
 cd "$DOS_BUILD_BASE"

Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_moto_shamu.sh

@@ -55,16 +55,8 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-5972/ANY/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6345/^4.9/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7487/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9242/^4.11/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10877/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10879/3.10/0004.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10880/3.10/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10881/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10882/3.10/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10883/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-1092/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11286/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11832/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-3584/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/LVT-2017-0003/3.10/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/1035495_0001-cnss-Add-NULL-check-for-PM-related-APIs.patch
 git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/797912_0001-usb-gadget-Fix-synchronization-issue-between-f_audio.patch
@@ -72,5 +64,5 @@ git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/870057_0001-wcnss-add-null-ch
 git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/kernel.msm.git-9f34c6ebc016cd061ae5ec901221d15fa3d67e49.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2475/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
-editKernelLocalversion "-dos.p72"
+editKernelLocalversion "-dos.p64"
 cd "$DOS_BUILD_BASE"

Scripts/LineageOS-15.1/Patch.sh

@@ -199,6 +199,10 @@ sed -i '3itypeattribute hwaddrs misc_block_device_exception;' sepolicy/hwaddrs.t
 
 enterAndClear "device/lge/mako";
 echo "allow kickstart usbfs:dir search;" >> sepolicy/kickstart.te; #Fix forceencrypt on first boot
+echo "allow install_recovery unlabeled:dir search;" >> sepolicy/install_recovery.te; #Update recovery on boot
+echo "allow vold persist_file:dir read;" >> sepolicy/vold.te; #Fix Updater
+echo "allow priv_app unlabeled:dir search;" >> priv_app.te;
+echo "allow platform_app system_app_data_file:dir getattr;" >> sepolicy/platform_app.te;
 patch -p1 < "$DOS_PATCHES/android_device_lge_mako/0001-Enable_LTE.patch";
 
 enterAndClear "device/motorola/clark";

Scripts/init.sh

@@ -36,13 +36,13 @@ export DOS_GPS_NTP_SERVER="time.android.com"; #Options: Any NTP pool
 export DOS_GPS_GLONASS_FORCED=true; #Enables GLONASS on all devices
 export DOS_MALWARE_SCAN_ENABLED=true; #Set true to perform a fast scan on patchWorkspace() and a through scan on buildAll()
 export DOS_MALWARE_SCAN_SETTING="quick"; #buildAll() scan speed. Options: quick, extra, slow, full
-export DOS_MICROG_INCLUDED="NLP"; #Determines inclusion of microG. Options: NLP, FULL
+export DOS_MICROG_INCLUDED="NLP"; #Determines inclusion of microG. Options: NLP, FULL TODO: Re-add FULL
 export DOS_HOSTS_BLOCKING=true; #Switch to false to prevent inclusion of our HOSTS file
 export DOS_HOSTS_BLOCKING_LIST="https://divestos.xyz/hosts"; #Must be in the format "127.0.0.1 bad.domain.tld"
 export DOS_OVERCLOCKS_ENABLED=true; #Switch to false to disable overclocks #XXX: Most devices have their processors directly under their RAM, heatsinking is mostly into the ground plane, potentially inflicting damage to RAM and the processor itself
 export DOS_LOWRAM_ENABLED=false; #Switch to true to enable low_ram on all devices
 export DOS_STRONG_ENCRYPTION_ENABLED=false; #Switch to true to enable AES-256bit encryption XXX: THIS WILL **DESTROY** EXISTING INSTALLS!
-export DOS_NON_COMMERCIAL_USE_PATCHES=false; #Switch to false to prevent inclusion of non-commercial use patches
+export DOS_NON_COMMERCIAL_USE_PATCHES=false; #Switch to false to prevent inclusion of non-commercial use patches XXX: Unused, see 1dc9247
 
 export DOS_BRANDING_NAME="DivestOS";
 export DOS_BRANDING_ZIP_PREFIX="divested";