Minor tweaks

- init.sh: sort options - overlay: leave radioScanningTimeout default - hardenDefconfig: disable more components with CVEs - cherry picks - 16.0: trebuchet: tmp fix for default workspace overlay
2024-06-26 14:42:13 +00:00 · 2019-04-03 19:04:37 -04:00 · 2019-04-03 19:04:37 -04:00 · 60cf364f19
commit 60cf364f19
parent 1c49b80da0
7 changed files with 27 additions and 16 deletions
--- a/Misc/Features/CaptivePortalCheck.txt
+++ b/Misc/Features/CaptivePortalCheck.txt
@ -31,3 +31,11 @@ List of known connectivity check endpoints
 		+ Fedora - OK - http://fedoraproject.org/static/hotspot.txt
 		+ Gnome - "NetworkManager is online" - http://nmcheck.gnome.org/check_network_status.txt
 		+ Mozilla - success - http://detectportal.firefox.com/success.txt
+
+
+
+export DOS_CONNECTIVITY_CHECK_HTTP="http://connectivitycheck.gstatic.com/generate_204"; #Options: Any endpoint that returns HTTP 204 repsonse
+export DOS_CONNECTIVITY_CHECK_HTTPS="https://www.google.com/generate_204";
+export DOS_CONNECTIVITY_CHECK_FALLBACK="http://www.google.com/gen_204";
+export DOS_CONNECTIVITY_CHECK_FALLBACK_ALT="http://play.googleapis.com/generate_204";
+export DOS_CONNECTIVITY_CHECK_USERAGENT="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36";
--- a/Patches/Common/android_vendor_divested/overlay/common/frameworks/base/core/res/res/values/config.xml
+++ b/Patches/Common/android_vendor_divested/overlay/common/frameworks/base/core/res/res/values/config.xml
@ -194,10 +194,6 @@
    <!-- Enable lockscreen translucent decor by default -->
    <bool name="config_enableLockScreenTranslucentDecor">true</bool>

-    <!-- The duration (in milliseconds) that the radio will scan for a signal
-         when there's no network connection. If the scan doesn't timeout, use zero -->
-    <integer name="config_radioScanningTimeout">300000</integer>
-
    <!-- Set this to true to enable the platform's auto-power-save modes like doze and
         app standby.  These are not enabled by default because they require a standard
         cloud-to-device messaging service for apps to interact correctly with the modes
--- a/Scripts/Common/Functions.sh
+++ b/Scripts/Common/Functions.sh
@ -397,7 +397,8 @@ hardenDefconfig() {
 		fi;
 	done
 	#Disable supported options
-	declare -a optionsNo=("CONFIG_ACPI_CUSTOM_METHOD" "CONFIG_BINFMT_MISC" "CONFIG_COMPAT_BRK" "CONFIG_COMPAT_VDSO" "CONFIG_CP_ACCESS64" "CONFIG_DEVKMEM" "CONFIG_DEVMEM" "CONFIG_DEVPORT" "CONFIG_HIBERNATION" "CONFIG_INET_DIAG" "CONFIG_KEXEC" "CONFIG_LEGACY_PTYS" "CONFIG_MSM_BUSPM_DEV" "CONFIG_OABI_COMPAT" "CONFIG_PROC_KCORE" "CONFIG_PROC_VMCORE" "CONFIG_SECURITY_SELINUX_DISABLE" "CONFIG_SLAB_MERGE_DEFAULT" "CONFIG_WLAN_FEATURE_MEMDUMP" "CONFIG_EARJACK_DEBUGGER" "CONFIG_IOMMU_NON_SECURE" "CONFIG_MSM_SMP2P_TEST");
+	#Disabled: CONFIG_MSM_SMP2P_TEST (breaks compile on many kernels)
+	declare -a optionsNo=("CONFIG_ACPI_CUSTOM_METHOD" "CONFIG_BINFMT_MISC" "CONFIG_COMPAT_BRK" "CONFIG_COMPAT_VDSO" "CONFIG_CP_ACCESS64" "CONFIG_DEVKMEM" "CONFIG_DEVMEM" "CONFIG_DEVPORT" "CONFIG_HIBERNATION" "CONFIG_INET_DIAG" "CONFIG_KEXEC" "CONFIG_LEGACY_PTYS" "CONFIG_MSM_BUSPM_DEV" "CONFIG_OABI_COMPAT" "CONFIG_PROC_KCORE" "CONFIG_PROC_VMCORE" "CONFIG_SECURITY_SELINUX_DISABLE" "CONFIG_SLAB_MERGE_DEFAULT" "CONFIG_WLAN_FEATURE_MEMDUMP" "CONFIG_EARJACK_DEBUGGER" "CONFIG_IOMMU_NON_SECURE" "CONFIG_TSPP2" "CONFIG_TSC" "CONFIG_TIMER_STATS");
 	if [[ "$1" != *"kernel/htc/msm8994"* ]] && [[ "$1" != *"kernel/samsung/smdk4412"* ]] && [[ "$1" != *"kernel/htc/flounder"* ]] && [[ "$1" != *"kernel/amazon/hdx-common"* ]]; then
 		optionsNo+=("CONFIG_DIAG_CHAR" "CONFIG_DIAG_OVER_USB" "CONFIG_USB_QCOM_DIAG_BRIDGE" "CONFIG_DIAGFWD_BRIDGE_CODE" "CONFIG_DIAG_SDIO_PIPE" "CONFIG_DIAG_HSIC_PIPE");
 	fi;
--- a/Scripts/LineageOS-14.1/Functions.sh
+++ b/Scripts/LineageOS-14.1/Functions.sh
@ -100,7 +100,7 @@ patchWorkspace() {
 	if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/cm"; fi;
 	source build/envsetup.sh;
 	repopick -it n_asb_09-2018-qcom;
-	#repopick -it bt-sbc-hd-dualchannel-nougat;
+	repopick -it bt-sbc-hd-dualchannel-nougat;
 	repopick 201113; #wifi country code fix
 	repopick 244387 244388; #loopback fixes

--- a/Scripts/LineageOS-15.1/Functions.sh
+++ b/Scripts/LineageOS-15.1/Functions.sh
@ -84,8 +84,9 @@ export -f buildAll;
 patchWorkspace() {
 	if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi;

-	#source build/envsetup.sh;
+	source build/envsetup.sh;
 	#repopick 219020; #ab-neverallow-user
+	repopick -it O_asb_2019-04;

 	source "$DOS_SCRIPTS/Patch.sh";
 	source "$DOS_SCRIPTS/Defaults.sh";
--- a/Scripts/LineageOS-16.0/Patch.sh
+++ b/Scripts/LineageOS-16.0/Patch.sh
@ -127,6 +127,9 @@ if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com
 enterAndClear "packages/apps/SetupWizard";
 patch -p1 < "$DOS_PATCHES/android_packages_apps_SetupWizard/0001-Remove_Analytics.patch"; #Remove analytics

+enterAndClear "packages/apps/Trebuchet";
+cp "$DOS_BUILD_BASE/vendor/divested/overlay/common/packages/apps/Trebuchet/res/xml/*.xml" res/xml/; #XXX: force override since overlay is broken (?)
+
 enterAndClear "packages/apps/Updater";
 patch -p1 < "$DOS_PATCHES_COMMON/android_packages_apps_Updater/0001-Server.patch"; #Switch to our server
 patch -p1 < "$DOS_PATCHES/android_packages_apps_Updater/0002-Tor_Support.patch"; #Add Tor support
--- a/Scripts/init.sh
+++ b/Scripts/init.sh
@ -33,21 +33,23 @@ export DOS_DEBLOBBER_REMOVE_IMS=false; #Set true to remove all IMS blobs XXX: Wi
 export DOS_DEBLOBBER_REMOVE_IPA=false; #Set true to remove all IPA blobs
 export DOS_DEBLOBBER_REMOVE_IR=false; #Set true to remove all IR blobs
 export DOS_DEBLOBBER_REPLACE_TIME=false; #Set true to replace Qualcomm Time Services with the open source Sony TimeKeep reimplementation #TODO: Needs work
-export DOS_DEFAULT_DNS_PRESET="OpenNIC"; #Sets default DNS. Options: CensurfriDNS, Cloudflare, OpenNIC, DNSWATCH, Google, Neustar(-NOBL), OpenDNS, Quad9(-NOBL), Verisign, Yandex(-NOBL)
-export DOS_GPS_SUPL_HOST="supl.google.com"; #Options: supl.{google,vodafone,sonyericsson}.com
-export DOS_GPS_NTP_SERVER="1.android.pool.ntp.org"; #Options: Any NTP pool
+
 export DOS_GPS_GLONASS_FORCED=true; #Enables GLONASS on all devices
-export DOS_MALWARE_SCAN_ENABLED=true; #Set true to perform a fast scan on patchWorkspace() and a through scan on buildAll()
-export DOS_MALWARE_SCAN_SETTING="quick"; #buildAll() scan speed. Options: quick, extra, slow, full
-export DOS_MICROG_INCLUDED="NLP"; #Determines inclusion of microG. Options: NLP, FULL
-export DOS_WIREGUARD_INCLUDED=false; #Switch to true to enable WireGuard kernel module inclusion
 export DOS_HOSTS_BLOCKING=true; #Switch to false to prevent inclusion of our HOSTS file
 export DOS_HOSTS_BLOCKING_APP="DNS66"; #App installed when built-in blocking is disabled. Options: Blokada, DNS66
 export DOS_HOSTS_BLOCKING_LIST="https://divestos.xyz/hosts"; #Must be in the format "127.0.0.1 bad.domain.tld"
-export DOS_OVERCLOCKS_ENABLED=false; #Switch to false to disable overclocks #XXX: Most devices have their processors directly under their RAM, heatsinking is mostly into the ground plane, potentially inflicting damage to RAM and the processor itself
 export DOS_LOWRAM_ENABLED=false; #Switch to true to enable low_ram on all devices
-export DOS_STRONG_ENCRYPTION_ENABLED=false; #Switch to true to enable AES-256bit encryption on 14.1+15.1 XXX: THIS WILL **DESTROY** EXISTING INSTALLS!
+export DOS_MALWARE_SCAN_ENABLED=true; #Set true to perform a fast scan on patchWorkspace() and a through scan on buildAll()
+export DOS_MALWARE_SCAN_SETTING="quick"; #buildAll() scan speed. Options: quick, extra, slow, full
+export DOS_MICROG_INCLUDED="NLP"; #Determines inclusion of microG. Options: NLP, FULL
 export DOS_NON_COMMERCIAL_USE_PATCHES=false; #Switch to false to prevent inclusion of non-commercial use patches XXX: Unused, see 1dc9247
+export DOS_OVERCLOCKS_ENABLED=false; #Switch to false to disable overclocks #XXX: Most devices have their processors directly under their RAM, heatsinking is mostly into the ground plane, potentially inflicting damage to RAM and the processor itself
+export DOS_STRONG_ENCRYPTION_ENABLED=false; #Switch to true to enable AES-256bit encryption on 14.1+15.1 XXX: THIS WILL **DESTROY** EXISTING INSTALLS!
+export DOS_WIREGUARD_INCLUDED=false; #Switch to true to enable WireGuard kernel module inclusion
+
+export DOS_DEFAULT_DNS_PRESET="OpenNIC"; #Sets default DNS. Options: CensurfriDNS, Cloudflare, OpenNIC, DNSWATCH, Google, Neustar(-NOBL), OpenDNS, Quad9(-NOBL), Verisign, Yandex(-NOBL)
+export DOS_GPS_NTP_SERVER="1.android.pool.ntp.org"; #Options: Any NTP pool
+export DOS_GPS_SUPL_HOST="supl.google.com"; #Options: supl.{google,vodafone,sonyericsson}.com

 export DOS_BRANDING_NAME="DivestOS";
 export DOS_BRANDING_ZIP_PREFIX="divested";