Enable IPv6 privacy extensions

This commit is contained in:
Tad 2019-07-05 16:47:59 -04:00
parent 4fe74583a9
commit 6458d6785f
6 changed files with 27 additions and 21 deletions

View File

@ -1,13 +1,13 @@
From a3b0b2b4fb24a6a33e4241d93c2b51272f4e8df9 Mon Sep 17 00:00:00 2001 From 8587a37763a55d6c08974cf0fa96f7eb2a985b25 Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com> From: Daniel Micay <danielmicay@gmail.com>
Date: Wed, 28 Jun 2017 07:54:49 -0400 Date: Wed, 28 Jun 2017 07:54:49 -0400
Subject: [PATCH] Harden mounts Subject: [PATCH] Harden
Change-Id: I46e3fc4ac896a509ab8ca90ae4ce09b820da434b Change-Id: I46e3fc4ac896a509ab8ca90ae4ce09b820da434b
--- ---
init/init.cpp | 6 +++--- init/init.cpp | 6 +++---
rootdir/init.rc | 2 ++ rootdir/init.rc | 4 ++++
2 files changed, 5 insertions(+), 3 deletions(-) 2 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/init/init.cpp b/init/init.cpp diff --git a/init/init.cpp b/init/init.cpp
index 7a370596e..35bf44a7b 100755 index 7a370596e..35bf44a7b 100755
@ -28,14 +28,16 @@ index 7a370596e..35bf44a7b 100755
// We must have some place other than / to create the device nodes for // We must have some place other than / to create the device nodes for
diff --git a/rootdir/init.rc b/rootdir/init.rc diff --git a/rootdir/init.rc b/rootdir/init.rc
index 498203c83..1cbe70846 100644 index 40a36402e..4b323a74c 100644
--- a/rootdir/init.rc --- a/rootdir/init.rc
+++ b/rootdir/init.rc +++ b/rootdir/init.rc
@@ -126,6 +126,8 @@ on init @@ -126,6 +126,10 @@ on init
write /proc/sys/kernel/sched_child_runs_first 0 write /proc/sys/kernel/sched_child_runs_first 0
write /proc/sys/kernel/randomize_va_space 2 write /proc/sys/kernel/randomize_va_space 2
+ write /proc/sys/net/ipv4/tcp_sack 0 + write /proc/sys/net/ipv4/tcp_sack 0
+ write /proc/sys/net/ipv6/conf/all/use_tempaddr 2
+ write /proc/sys/net/ipv6/conf/default/use_tempaddr 2
+ write /proc/sys/kernel/dmesg_restrict 1 + write /proc/sys/kernel/dmesg_restrict 1
write /proc/sys/kernel/kptr_restrict 2 write /proc/sys/kernel/kptr_restrict 2
write /proc/sys/vm/mmap_min_addr 32768 write /proc/sys/vm/mmap_min_addr 32768

View File

@ -1,13 +1,13 @@
From 7fddad68c52756dc9f586618eabcfb9ba414f495 Mon Sep 17 00:00:00 2001 From 552418bd638628aa0c1a92730d666252c9147bda Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com> From: Daniel Micay <danielmicay@gmail.com>
Date: Mon, 12 Feb 2018 03:29:58 -0500 Date: Mon, 12 Feb 2018 03:29:58 -0500
Subject: [PATCH] Harden mounts Subject: [PATCH] Harden
Change-Id: Idd2da6d9989ec554ce5b0841781d323fdcd9eb87 Change-Id: Idd2da6d9989ec554ce5b0841781d323fdcd9eb87
--- ---
init/init.cpp | 6 +++--- init/init.cpp | 6 +++---
rootdir/init.rc | 2 ++ rootdir/init.rc | 4 ++++
2 files changed, 5 insertions(+), 3 deletions(-) 2 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/init/init.cpp b/init/init.cpp diff --git a/init/init.cpp b/init/init.cpp
index 35fc442d0..b65686f93 100644 index 35fc442d0..b65686f93 100644
@ -32,15 +32,17 @@ index 35fc442d0..b65686f93 100644
mknod("/dev/kmsg", S_IFCHR | 0600, makedev(1, 11)); mknod("/dev/kmsg", S_IFCHR | 0600, makedev(1, 11));
mknod("/dev/random", S_IFCHR | 0666, makedev(1, 8)); mknod("/dev/random", S_IFCHR | 0666, makedev(1, 8));
diff --git a/rootdir/init.rc b/rootdir/init.rc diff --git a/rootdir/init.rc b/rootdir/init.rc
index d6e068a91..c6b5fa97c 100644 index f9cb4a3ef..2b0dece40 100644
--- a/rootdir/init.rc --- a/rootdir/init.rc
+++ b/rootdir/init.rc +++ b/rootdir/init.rc
@@ -124,6 +124,8 @@ on init @@ -124,6 +124,10 @@ on init
write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000 write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
write /proc/sys/kernel/sched_child_runs_first 0 write /proc/sys/kernel/sched_child_runs_first 0
+ write /proc/sys/kernel/dmesg_restrict 1 + write /proc/sys/kernel/dmesg_restrict 1
+ write /proc/sys/net/ipv4/tcp_sack 0 + write /proc/sys/net/ipv4/tcp_sack 0
+ write /proc/sys/net/ipv6/conf/all/use_tempaddr 2
+ write /proc/sys/net/ipv6/conf/default/use_tempaddr 2
write /proc/sys/kernel/randomize_va_space 2 write /proc/sys/kernel/randomize_va_space 2
write /proc/sys/vm/mmap_min_addr 32768 write /proc/sys/vm/mmap_min_addr 32768
write /proc/sys/net/ipv4/ping_group_range "0 2147483647" write /proc/sys/net/ipv4/ping_group_range "0 2147483647"

View File

@ -1,13 +1,13 @@
From 4f7a3dcaa89a09a8b1ad9377ead3639449226e24 Mon Sep 17 00:00:00 2001 From 231f969f0478c572afef5f9eeaaf81922f8e027e Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com> From: Daniel Micay <danielmicay@gmail.com>
Date: Mon, 12 Feb 2018 03:29:58 -0500 Date: Mon, 12 Feb 2018 03:29:58 -0500
Subject: [PATCH] Harden mounts Subject: [PATCH] Harden
Change-Id: Idd2da6d9989ec554ce5b0841781d323fdcd9eb87 Change-Id: Idd2da6d9989ec554ce5b0841781d323fdcd9eb87
--- ---
init/init.cpp | 6 +++--- init/init.cpp | 6 +++---
rootdir/init.rc | 2 ++ rootdir/init.rc | 4 ++++
2 files changed, 5 insertions(+), 3 deletions(-) 2 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/init/init.cpp b/init/init.cpp diff --git a/init/init.cpp b/init/init.cpp
index eb9dd755b..504a6d13e 100644 index eb9dd755b..504a6d13e 100644
@ -32,15 +32,17 @@ index eb9dd755b..504a6d13e 100644
mknod("/dev/kmsg", S_IFCHR | 0600, makedev(1, 11)); mknod("/dev/kmsg", S_IFCHR | 0600, makedev(1, 11));
diff --git a/rootdir/init.rc b/rootdir/init.rc diff --git a/rootdir/init.rc b/rootdir/init.rc
index d86bc02cf..4b01de345 100644 index 4a8a60a96..6e4accdba 100644
--- a/rootdir/init.rc --- a/rootdir/init.rc
+++ b/rootdir/init.rc +++ b/rootdir/init.rc
@@ -121,6 +121,8 @@ on init @@ -121,6 +121,10 @@ on init
write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000 write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
write /proc/sys/kernel/sched_child_runs_first 0 write /proc/sys/kernel/sched_child_runs_first 0
+ write /proc/sys/kernel/dmesg_restrict 1 + write /proc/sys/kernel/dmesg_restrict 1
+ write /proc/sys/net/ipv4/tcp_sack 0 + write /proc/sys/net/ipv4/tcp_sack 0
+ write /proc/sys/net/ipv6/conf/all/use_tempaddr 2
+ write /proc/sys/net/ipv6/conf/default/use_tempaddr 2
write /proc/sys/kernel/randomize_va_space 2 write /proc/sys/kernel/randomize_va_space 2
write /proc/sys/vm/mmap_min_addr 32768 write /proc/sys/vm/mmap_min_addr 32768
write /proc/sys/net/ipv4/ping_group_range "0 2147483647" write /proc/sys/net/ipv4/ping_group_range "0 2147483647"

View File

@ -162,7 +162,7 @@ patch -p1 < "$DOS_PATCHES/android_packages_services_Telephony/0002-More_Preferre
enterAndClear "system/core"; enterAndClear "system/core";
if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file
git revert 0217dddeb5c16903c13ff6c75213619b79ea622b d7aa1231b6a0631f506c0c23816f2cd81645b15f; #Always update recovery XXX: This doesn't seem to work git revert 0217dddeb5c16903c13ff6c75213619b79ea622b d7aa1231b6a0631f506c0c23816f2cd81645b15f; #Always update recovery XXX: This doesn't seem to work
patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden_Mounts.patch"; #Harden mounts with nodev/noexec/nosuid (CopperheadOS-13.0) patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden.patch"; #Harden mounts with nodev/noexec/nosuid + misc sysfs changes (CopperheadOS-13.0)
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_system_core/0001-HM-Increase_vm_mmc.patch"; fi; if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_system_core/0001-HM-Increase_vm_mmc.patch"; fi;
enterAndClear "system/sepolicy"; enterAndClear "system/sepolicy";

View File

@ -164,7 +164,7 @@ patch -p1 < "$DOS_PATCHES/android_packages_services_Telephony/0002-More_Preferre
enterAndClear "system/core"; enterAndClear "system/core";
if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file
git revert a6a4ce8e9a6d63014047a447c6bb3ac1fa90b3f4; #Always update recovery git revert a6a4ce8e9a6d63014047a447c6bb3ac1fa90b3f4; #Always update recovery
patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden_Mounts.patch"; #Harden mounts with nodev/noexec/nosuid (CopperheadOS-13.0) patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden.patch"; #Harden mounts with nodev/noexec/nosuid + misc sysfs changes (CopperheadOS-13.0)
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_system_core/0001-HM-Increase_vm_mmc.patch"; fi; if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_system_core/0001-HM-Increase_vm_mmc.patch"; fi;
enterAndClear "system/sepolicy"; enterAndClear "system/sepolicy";

View File

@ -168,7 +168,7 @@ patch -p1 < "$DOS_PATCHES/android_system_extras/0001-ext4_pad_filenames.patch";
enterAndClear "system/core"; enterAndClear "system/core";
if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file
#git revert b3609d82999d23634c5e6db706a3ecbc5348309a; #Always update recovery XXX: recovery doesn't boot #git revert b3609d82999d23634c5e6db706a3ecbc5348309a; #Always update recovery XXX: recovery doesn't boot
patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden_Mounts.patch"; #Harden mounts with nodev/noexec/nosuid (CopperheadOS-13.0) patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden.patch"; #Harden mounts with nodev/noexec/nosuid + misc sysfs changes (CopperheadOS-13.0)
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_system_core/0001-HM-Increase_vm_mmc.patch"; fi; if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_system_core/0001-HM-Increase_vm_mmc.patch"; fi;
enterAndClear "system/sepolicy"; enterAndClear "system/sepolicy";