mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-26 07:59:30 -05:00
Enable IPv6 privacy extensions
This commit is contained in:
parent
4fe74583a9
commit
6458d6785f
@ -1,13 +1,13 @@
|
|||||||
From a3b0b2b4fb24a6a33e4241d93c2b51272f4e8df9 Mon Sep 17 00:00:00 2001
|
From 8587a37763a55d6c08974cf0fa96f7eb2a985b25 Mon Sep 17 00:00:00 2001
|
||||||
From: Daniel Micay <danielmicay@gmail.com>
|
From: Daniel Micay <danielmicay@gmail.com>
|
||||||
Date: Wed, 28 Jun 2017 07:54:49 -0400
|
Date: Wed, 28 Jun 2017 07:54:49 -0400
|
||||||
Subject: [PATCH] Harden mounts
|
Subject: [PATCH] Harden
|
||||||
|
|
||||||
Change-Id: I46e3fc4ac896a509ab8ca90ae4ce09b820da434b
|
Change-Id: I46e3fc4ac896a509ab8ca90ae4ce09b820da434b
|
||||||
---
|
---
|
||||||
init/init.cpp | 6 +++---
|
init/init.cpp | 6 +++---
|
||||||
rootdir/init.rc | 2 ++
|
rootdir/init.rc | 4 ++++
|
||||||
2 files changed, 5 insertions(+), 3 deletions(-)
|
2 files changed, 7 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
diff --git a/init/init.cpp b/init/init.cpp
|
diff --git a/init/init.cpp b/init/init.cpp
|
||||||
index 7a370596e..35bf44a7b 100755
|
index 7a370596e..35bf44a7b 100755
|
||||||
@ -28,14 +28,16 @@ index 7a370596e..35bf44a7b 100755
|
|||||||
|
|
||||||
// We must have some place other than / to create the device nodes for
|
// We must have some place other than / to create the device nodes for
|
||||||
diff --git a/rootdir/init.rc b/rootdir/init.rc
|
diff --git a/rootdir/init.rc b/rootdir/init.rc
|
||||||
index 498203c83..1cbe70846 100644
|
index 40a36402e..4b323a74c 100644
|
||||||
--- a/rootdir/init.rc
|
--- a/rootdir/init.rc
|
||||||
+++ b/rootdir/init.rc
|
+++ b/rootdir/init.rc
|
||||||
@@ -126,6 +126,8 @@ on init
|
@@ -126,6 +126,10 @@ on init
|
||||||
write /proc/sys/kernel/sched_child_runs_first 0
|
write /proc/sys/kernel/sched_child_runs_first 0
|
||||||
|
|
||||||
write /proc/sys/kernel/randomize_va_space 2
|
write /proc/sys/kernel/randomize_va_space 2
|
||||||
+ write /proc/sys/net/ipv4/tcp_sack 0
|
+ write /proc/sys/net/ipv4/tcp_sack 0
|
||||||
|
+ write /proc/sys/net/ipv6/conf/all/use_tempaddr 2
|
||||||
|
+ write /proc/sys/net/ipv6/conf/default/use_tempaddr 2
|
||||||
+ write /proc/sys/kernel/dmesg_restrict 1
|
+ write /proc/sys/kernel/dmesg_restrict 1
|
||||||
write /proc/sys/kernel/kptr_restrict 2
|
write /proc/sys/kernel/kptr_restrict 2
|
||||||
write /proc/sys/vm/mmap_min_addr 32768
|
write /proc/sys/vm/mmap_min_addr 32768
|
@ -1,13 +1,13 @@
|
|||||||
From 7fddad68c52756dc9f586618eabcfb9ba414f495 Mon Sep 17 00:00:00 2001
|
From 552418bd638628aa0c1a92730d666252c9147bda Mon Sep 17 00:00:00 2001
|
||||||
From: Daniel Micay <danielmicay@gmail.com>
|
From: Daniel Micay <danielmicay@gmail.com>
|
||||||
Date: Mon, 12 Feb 2018 03:29:58 -0500
|
Date: Mon, 12 Feb 2018 03:29:58 -0500
|
||||||
Subject: [PATCH] Harden mounts
|
Subject: [PATCH] Harden
|
||||||
|
|
||||||
Change-Id: Idd2da6d9989ec554ce5b0841781d323fdcd9eb87
|
Change-Id: Idd2da6d9989ec554ce5b0841781d323fdcd9eb87
|
||||||
---
|
---
|
||||||
init/init.cpp | 6 +++---
|
init/init.cpp | 6 +++---
|
||||||
rootdir/init.rc | 2 ++
|
rootdir/init.rc | 4 ++++
|
||||||
2 files changed, 5 insertions(+), 3 deletions(-)
|
2 files changed, 7 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
diff --git a/init/init.cpp b/init/init.cpp
|
diff --git a/init/init.cpp b/init/init.cpp
|
||||||
index 35fc442d0..b65686f93 100644
|
index 35fc442d0..b65686f93 100644
|
||||||
@ -32,15 +32,17 @@ index 35fc442d0..b65686f93 100644
|
|||||||
mknod("/dev/kmsg", S_IFCHR | 0600, makedev(1, 11));
|
mknod("/dev/kmsg", S_IFCHR | 0600, makedev(1, 11));
|
||||||
mknod("/dev/random", S_IFCHR | 0666, makedev(1, 8));
|
mknod("/dev/random", S_IFCHR | 0666, makedev(1, 8));
|
||||||
diff --git a/rootdir/init.rc b/rootdir/init.rc
|
diff --git a/rootdir/init.rc b/rootdir/init.rc
|
||||||
index d6e068a91..c6b5fa97c 100644
|
index f9cb4a3ef..2b0dece40 100644
|
||||||
--- a/rootdir/init.rc
|
--- a/rootdir/init.rc
|
||||||
+++ b/rootdir/init.rc
|
+++ b/rootdir/init.rc
|
||||||
@@ -124,6 +124,8 @@ on init
|
@@ -124,6 +124,10 @@ on init
|
||||||
write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
|
write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
|
||||||
write /proc/sys/kernel/sched_child_runs_first 0
|
write /proc/sys/kernel/sched_child_runs_first 0
|
||||||
|
|
||||||
+ write /proc/sys/kernel/dmesg_restrict 1
|
+ write /proc/sys/kernel/dmesg_restrict 1
|
||||||
+ write /proc/sys/net/ipv4/tcp_sack 0
|
+ write /proc/sys/net/ipv4/tcp_sack 0
|
||||||
|
+ write /proc/sys/net/ipv6/conf/all/use_tempaddr 2
|
||||||
|
+ write /proc/sys/net/ipv6/conf/default/use_tempaddr 2
|
||||||
write /proc/sys/kernel/randomize_va_space 2
|
write /proc/sys/kernel/randomize_va_space 2
|
||||||
write /proc/sys/vm/mmap_min_addr 32768
|
write /proc/sys/vm/mmap_min_addr 32768
|
||||||
write /proc/sys/net/ipv4/ping_group_range "0 2147483647"
|
write /proc/sys/net/ipv4/ping_group_range "0 2147483647"
|
@ -1,13 +1,13 @@
|
|||||||
From 4f7a3dcaa89a09a8b1ad9377ead3639449226e24 Mon Sep 17 00:00:00 2001
|
From 231f969f0478c572afef5f9eeaaf81922f8e027e Mon Sep 17 00:00:00 2001
|
||||||
From: Daniel Micay <danielmicay@gmail.com>
|
From: Daniel Micay <danielmicay@gmail.com>
|
||||||
Date: Mon, 12 Feb 2018 03:29:58 -0500
|
Date: Mon, 12 Feb 2018 03:29:58 -0500
|
||||||
Subject: [PATCH] Harden mounts
|
Subject: [PATCH] Harden
|
||||||
|
|
||||||
Change-Id: Idd2da6d9989ec554ce5b0841781d323fdcd9eb87
|
Change-Id: Idd2da6d9989ec554ce5b0841781d323fdcd9eb87
|
||||||
---
|
---
|
||||||
init/init.cpp | 6 +++---
|
init/init.cpp | 6 +++---
|
||||||
rootdir/init.rc | 2 ++
|
rootdir/init.rc | 4 ++++
|
||||||
2 files changed, 5 insertions(+), 3 deletions(-)
|
2 files changed, 7 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
diff --git a/init/init.cpp b/init/init.cpp
|
diff --git a/init/init.cpp b/init/init.cpp
|
||||||
index eb9dd755b..504a6d13e 100644
|
index eb9dd755b..504a6d13e 100644
|
||||||
@ -32,15 +32,17 @@ index eb9dd755b..504a6d13e 100644
|
|||||||
|
|
||||||
mknod("/dev/kmsg", S_IFCHR | 0600, makedev(1, 11));
|
mknod("/dev/kmsg", S_IFCHR | 0600, makedev(1, 11));
|
||||||
diff --git a/rootdir/init.rc b/rootdir/init.rc
|
diff --git a/rootdir/init.rc b/rootdir/init.rc
|
||||||
index d86bc02cf..4b01de345 100644
|
index 4a8a60a96..6e4accdba 100644
|
||||||
--- a/rootdir/init.rc
|
--- a/rootdir/init.rc
|
||||||
+++ b/rootdir/init.rc
|
+++ b/rootdir/init.rc
|
||||||
@@ -121,6 +121,8 @@ on init
|
@@ -121,6 +121,10 @@ on init
|
||||||
write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
|
write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
|
||||||
write /proc/sys/kernel/sched_child_runs_first 0
|
write /proc/sys/kernel/sched_child_runs_first 0
|
||||||
|
|
||||||
+ write /proc/sys/kernel/dmesg_restrict 1
|
+ write /proc/sys/kernel/dmesg_restrict 1
|
||||||
+ write /proc/sys/net/ipv4/tcp_sack 0
|
+ write /proc/sys/net/ipv4/tcp_sack 0
|
||||||
|
+ write /proc/sys/net/ipv6/conf/all/use_tempaddr 2
|
||||||
|
+ write /proc/sys/net/ipv6/conf/default/use_tempaddr 2
|
||||||
write /proc/sys/kernel/randomize_va_space 2
|
write /proc/sys/kernel/randomize_va_space 2
|
||||||
write /proc/sys/vm/mmap_min_addr 32768
|
write /proc/sys/vm/mmap_min_addr 32768
|
||||||
write /proc/sys/net/ipv4/ping_group_range "0 2147483647"
|
write /proc/sys/net/ipv4/ping_group_range "0 2147483647"
|
@ -162,7 +162,7 @@ patch -p1 < "$DOS_PATCHES/android_packages_services_Telephony/0002-More_Preferre
|
|||||||
enterAndClear "system/core";
|
enterAndClear "system/core";
|
||||||
if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file
|
if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file
|
||||||
git revert 0217dddeb5c16903c13ff6c75213619b79ea622b d7aa1231b6a0631f506c0c23816f2cd81645b15f; #Always update recovery XXX: This doesn't seem to work
|
git revert 0217dddeb5c16903c13ff6c75213619b79ea622b d7aa1231b6a0631f506c0c23816f2cd81645b15f; #Always update recovery XXX: This doesn't seem to work
|
||||||
patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden_Mounts.patch"; #Harden mounts with nodev/noexec/nosuid (CopperheadOS-13.0)
|
patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden.patch"; #Harden mounts with nodev/noexec/nosuid + misc sysfs changes (CopperheadOS-13.0)
|
||||||
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_system_core/0001-HM-Increase_vm_mmc.patch"; fi;
|
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_system_core/0001-HM-Increase_vm_mmc.patch"; fi;
|
||||||
|
|
||||||
enterAndClear "system/sepolicy";
|
enterAndClear "system/sepolicy";
|
||||||
|
@ -164,7 +164,7 @@ patch -p1 < "$DOS_PATCHES/android_packages_services_Telephony/0002-More_Preferre
|
|||||||
enterAndClear "system/core";
|
enterAndClear "system/core";
|
||||||
if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file
|
if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file
|
||||||
git revert a6a4ce8e9a6d63014047a447c6bb3ac1fa90b3f4; #Always update recovery
|
git revert a6a4ce8e9a6d63014047a447c6bb3ac1fa90b3f4; #Always update recovery
|
||||||
patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden_Mounts.patch"; #Harden mounts with nodev/noexec/nosuid (CopperheadOS-13.0)
|
patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden.patch"; #Harden mounts with nodev/noexec/nosuid + misc sysfs changes (CopperheadOS-13.0)
|
||||||
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_system_core/0001-HM-Increase_vm_mmc.patch"; fi;
|
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_system_core/0001-HM-Increase_vm_mmc.patch"; fi;
|
||||||
|
|
||||||
enterAndClear "system/sepolicy";
|
enterAndClear "system/sepolicy";
|
||||||
|
@ -168,7 +168,7 @@ patch -p1 < "$DOS_PATCHES/android_system_extras/0001-ext4_pad_filenames.patch";
|
|||||||
enterAndClear "system/core";
|
enterAndClear "system/core";
|
||||||
if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file
|
if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file
|
||||||
#git revert b3609d82999d23634c5e6db706a3ecbc5348309a; #Always update recovery XXX: recovery doesn't boot
|
#git revert b3609d82999d23634c5e6db706a3ecbc5348309a; #Always update recovery XXX: recovery doesn't boot
|
||||||
patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden_Mounts.patch"; #Harden mounts with nodev/noexec/nosuid (CopperheadOS-13.0)
|
patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden.patch"; #Harden mounts with nodev/noexec/nosuid + misc sysfs changes (CopperheadOS-13.0)
|
||||||
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_system_core/0001-HM-Increase_vm_mmc.patch"; fi;
|
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_system_core/0001-HM-Increase_vm_mmc.patch"; fi;
|
||||||
|
|
||||||
enterAndClear "system/sepolicy";
|
enterAndClear "system/sepolicy";
|
||||||
|
Loading…
Reference in New Issue
Block a user