Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2025-05-02 06:26:20 -04:00
Code Issues Projects Releases Packages Wiki Activity

Update CVE patchers

Browse source
This commit is contained in:
Tad 2020-10-15 21:44:48 -04:00
parent 688f4dd953
commit 6d15a2bb82
100 changed files with 175 additions and 113 deletions
Download patch file Download diff file Expand all files Collapse all files

7
Scripts/Common/Functions.sh
View file

@ -469,7 +469,7 @@ hardenUserdata() {
#TODO: Ensure: noatime,nosuid,nodev
sed -i '/\/data/{/discard/!s|nosuid|discard,nosuid|}' fstab.* root/fstab.* rootdir/fstab.* rootdir/*/fstab.* &>/dev/null || true;
if [ "$1" != "device/samsung/tuna" ]; then #tuna needs first boot to init
sed -i 's|encryptable=|forceencrypt=|' fstab.* root/fstab.* rootdir/fstab.* rootdir/*/fstab.* &>/dev/null || true;
sed -i 's|encryptable=/|forceencrypt=/|' fstab.* root/fstab.* rootdir/fstab.* rootdir/*/fstab.* &>/dev/null || true;
fi;
echo "Hardened /data for $1";
cd "$DOS_BUILD_BASE";
@ -478,9 +478,8 @@ export -f hardenUserdata;
hardenBootArgs() {
cd "$DOS_BUILD_BASE$1";
if [[ "$1" != *"device/samsung/klte"* ]] && [[ "$1" != *"device/samsung/msm8974-common"* ]]; then
sed -i 's/BOARD_KERNEL_CMDLINE := /BOARD_KERNEL_CMDLINE := slab_nomerge slub_debug=FZP page_poison=1 kpti=on pti=on page_alloc.shuffle=1 init_on_alloc=1 init_on_free=1 lockdown=confidentiality /' BoardConfig*.mk */BoardConfig*.mk &>/dev/null || true;
fi;
#Unavailable: kpti=on pti=on page_alloc.shuffle=1 init_on_alloc=1 init_on_free=1 lockdown=confidentiality
sed -i 's/BOARD_KERNEL_CMDLINE := /BOARD_KERNEL_CMDLINE := slab_nomerge slub_debug=FZP page_poison=1 /' BoardConfig*.mk */BoardConfig*.mk &>/dev/null || true;
echo "Hardened kernel command line arguments for $1";
cd "$DOS_BUILD_BASE";
}