mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-29 01:16:26 -05:00
minor tweaks
This commit is contained in:
parent
a8af0c3d0d
commit
791087fefa
@ -0,0 +1,61 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
/* Copyright (c) 2017, The Linux Foundation. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are
|
||||
* met:
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* * Redistributions in binary form must reproduce the above
|
||||
* copyright notice, this list of conditions and the following
|
||||
* disclaimer in the documentation and/or other materials provided
|
||||
* with the distribution.
|
||||
* * Neither the name of The Linux Foundation nor the names of its
|
||||
* contributors may be used to endorse or promote products derived
|
||||
* from this software without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
|
||||
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
|
||||
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
||||
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
||||
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
|
||||
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
||||
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
||||
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
|
||||
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
-->
|
||||
<!--
|
||||
This XML file declares which signature|privileged permissions should be
|
||||
granted to privileged applications on Qualcomm devices.
|
||||
It allows additional grants on top of privapp-permissions-platform.xml
|
||||
-->
|
||||
<permissions>
|
||||
<privapp-permissions package="com.quicinc.cne.CNEService">
|
||||
<permission name="android.permission.INTERACT_ACROSS_USERS"/>
|
||||
<permission name="android.permission.PACKET_KEEPALIVE_OFFLOAD"/>
|
||||
</privapp-permissions>
|
||||
|
||||
<privapp-permissions package="com.qti.dpmserviceapp">
|
||||
<permission name="android.permission.INTERACT_ACROSS_USERS"/>
|
||||
</privapp-permissions>
|
||||
|
||||
<privapp-permissions package="com.qualcomm.location">
|
||||
<permission name="android.permission.CONTROL_LOCATION_UPDATES"/>
|
||||
</privapp-permissions>
|
||||
|
||||
<privapp-permissions package="com.qualcomm.location.XT">
|
||||
<permission name="android.permission.WRITE_SECURE_SETTINGS"/>
|
||||
</privapp-permissions>
|
||||
|
||||
<privapp-permissions package="com.qualcomm.qcrilmsgtunnel">
|
||||
<permission name="android.permission.INTERACT_ACROSS_USERS"/>
|
||||
</privapp-permissions>
|
||||
|
||||
<privapp-permissions package="com.qualcomm.atfwd">
|
||||
<permission name="android.permission.INTERACT_ACROSS_USERS"/>
|
||||
</privapp-permissions>
|
||||
</permissions>
|
@ -549,7 +549,7 @@ hardenDefconfig() {
|
||||
done
|
||||
#Disable supported options
|
||||
#Disabled: CONFIG_MSM_SMP2P_TEST (breaks compile on many kernels)
|
||||
declare -a optionsNo=("CONFIG_ACPI_APEI_EINJ" "CONFIG_ACPI_CUSTOM_METHOD" "CONFIG_ACPI_TABLE_UPGRADE" "CONFIG_BINFMT_AOUT" "CONFIG_BINFMT_MISC" "CONFIG_BPF_SYSCALL" "CONFIG_CHECKPOINT_RESTORE" "CONFIG_COMPAT_BRK" "CONFIG_COMPAT_VDSO" "CONFIG_CP_ACCESS64" "CONFIG_DEBUG_FS" "CONFIG_DEBUG_KMEMLEAK" "CONFIG_DEVKMEM" "CONFIG_DEVMEM" "CONFIG_DEVPORT" "CONFIG_EARJACK_DEBUGGER" "CONFIG_FTRACE" "CONFIG_GCC_PLUGIN_RANDSTRUCT_PERFORMANCE" "CONFIG_GENERIC_TRACER" "CONFIG_HARDENED_USERCOPY_FALLBACK" "CONFIG_HIBERNATION" "CONFIG_HWPOISON_INJECT" "CONFIG_IA32_EMULATION" "CONFIG_IKCONFIG" "CONFIG_INET_DIAG" "CONFIG_IOMMU_NON_SECURE" "CONFIG_IP_DCCP" "CONFIG_IP_SCTP" "CONFIG_KALLSYMS" "CONFIG_KEXEC" "CONFIG_KEXEC_FILE" "CONFIG_KPROBES" "CONFIG_KSM" "CONFIG_LDISC_AUTOLOAD" "CONFIG_LEGACY_PTYS" "CONFIG_LIVEPATCH" "CONFIG_MAGIC_SYSRQ" "CONFIG_MEM_SOFT_DIRTY" "CONFIG_MMIOTRACE" "CONFIG_MMIOTRACE_TEST" "CONFIG_MODIFY_LDT_SYSCALL" "CONFIG_MSM_BUSPM_DEV" "CONFIG_NEEDS_SYSCALL_FOR_CMPXCHG" "CONFIG_NOTIFIER_ERROR_INJECTION" "CONFIG_OABI_COMPAT" "CONFIG_PAGE_OWNER" "CONFIG_PROC_KCORE" "CONFIG_PROC_PAGE_MONITOR" "CONFIG_PROC_VMCORE" "CONFIG_PROFILING" "CONFIG_RDS" "CONFIG_RDS_TCP" "CONFIG_SECURITY_SELINUX_DISABLE" "CONFIG_SLAB_MERGE_DEFAULT" "CONFIG_TIMER_STATS" "CONFIG_TSC" "CONFIG_TSPP2" "CONFIG_UKSM" "CONFIG_UPROBES" "CONFIG_USELIB" "CONFIG_USERFAULTFD" "CONFIG_WLAN_FEATURE_MEMDUMP" "CONFIG_X86_PTDUMP" "CONFIG_X86_VSYSCALL_EMULATION" "CONFIG_ZSMALLOC_STAT");
|
||||
declare -a optionsNo=("CONFIG_ACPI_APEI_EINJ" "CONFIG_ACPI_CUSTOM_METHOD" "CONFIG_ACPI_TABLE_UPGRADE" "CONFIG_BINFMT_AOUT" "CONFIG_BINFMT_MISC" "CONFIG_CHECKPOINT_RESTORE" "CONFIG_COMPAT_BRK" "CONFIG_COMPAT_VDSO" "CONFIG_CP_ACCESS64" "CONFIG_DEBUG_KMEMLEAK" "CONFIG_DEVKMEM" "CONFIG_DEVMEM" "CONFIG_DEVPORT" "CONFIG_EARJACK_DEBUGGER" "CONFIG_GCC_PLUGIN_RANDSTRUCT_PERFORMANCE" "CONFIG_HARDENED_USERCOPY_FALLBACK" "CONFIG_HIBERNATION" "CONFIG_HWPOISON_INJECT" "CONFIG_IA32_EMULATION" "CONFIG_IKCONFIG" "CONFIG_INET_DIAG" "CONFIG_IOMMU_NON_SECURE" "CONFIG_IP_DCCP" "CONFIG_IP_SCTP" "CONFIG_KALLSYMS" "CONFIG_KEXEC" "CONFIG_KEXEC_FILE" "CONFIG_KPROBES" "CONFIG_KSM" "CONFIG_LDISC_AUTOLOAD" "CONFIG_LEGACY_PTYS" "CONFIG_LIVEPATCH" "CONFIG_MAGIC_SYSRQ" "CONFIG_MEM_SOFT_DIRTY" "CONFIG_MMIOTRACE" "CONFIG_MMIOTRACE_TEST" "CONFIG_MODIFY_LDT_SYSCALL" "CONFIG_MSM_BUSPM_DEV" "CONFIG_NEEDS_SYSCALL_FOR_CMPXCHG" "CONFIG_NOTIFIER_ERROR_INJECTION" "CONFIG_OABI_COMPAT" "CONFIG_PAGE_OWNER" "CONFIG_PROC_KCORE" "CONFIG_PROC_PAGE_MONITOR" "CONFIG_PROC_VMCORE" "CONFIG_RDS" "CONFIG_RDS_TCP" "CONFIG_SECURITY_SELINUX_DISABLE" "CONFIG_SLAB_MERGE_DEFAULT" "CONFIG_TIMER_STATS" "CONFIG_TSC" "CONFIG_TSPP2" "CONFIG_UKSM" "CONFIG_UPROBES" "CONFIG_USELIB" "CONFIG_USERFAULTFD" "CONFIG_WLAN_FEATURE_MEMDUMP" "CONFIG_X86_PTDUMP" "CONFIG_X86_VSYSCALL_EMULATION" "CONFIG_ZSMALLOC_STAT");
|
||||
if [[ "$1" != *"kernel/htc/msm8994"* ]] && [[ "$1" != *"kernel/samsung/smdk4412"* ]] && [[ "$1" != *"kernel/htc/flounder"* ]] && [[ "$1" != *"kernel/amazon/hdx-common"* ]]; then
|
||||
optionsNo+=("CONFIG_DIAG_CHAR" "CONFIG_DIAG_OVER_USB" "CONFIG_USB_QCOM_DIAG_BRIDGE" "CONFIG_DIAGFWD_BRIDGE_CODE" "CONFIG_DIAG_SDIO_PIPE" "CONFIG_DIAG_HSIC_PIPE");
|
||||
fi;
|
||||
|
@ -116,8 +116,6 @@ patchWorkspace() {
|
||||
#repopick 212799; #alt: 212827 flac extractor CVE-2017-0592
|
||||
#repopick 214125; #spellchecker: enable more wordlists
|
||||
repopick -it n_asb_09-2018-qcom;
|
||||
repopick -it n-tzdata-2019c;
|
||||
repopick -it n-asb-2019-10;
|
||||
|
||||
export DOS_GRAPHENE_MALLOC=false; #patches apply, compile fails
|
||||
|
||||
|
@ -84,6 +84,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18203/^4.14.3/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18255/^4.11/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18306/3.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18360/^4.11.3/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18595/^4.14.11/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6345/^4.9.13/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7533/3.10/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7533/3.10/0003.patch
|
||||
@ -165,6 +166,8 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15212/^5.1.8/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15213/^5.2.3/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15216/^5.0.14/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15807/^5.1.13/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15926/^5.2.3/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-17052/^5.3.2/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2001/^3.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2054/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2101/ANY/0002.patch
|
||||
@ -175,5 +178,5 @@ git apply $DOS_PATCHES_LINUX_CVES/LVT-2017-0003/3.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6693/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
|
||||
editKernelLocalversion "-dos.p175"
|
||||
editKernelLocalversion "-dos.p178"
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
@ -230,13 +230,18 @@ echo "allow system_server sensors_data_file:dir r_file_perms;" >> sepolicy/syste
|
||||
sed -i 's/1333788672/880803840/' BoardConfig.mk; #don't touch partitions! DOS -user fits with 40M free
|
||||
awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' BoardConfig.mk;
|
||||
|
||||
enterAndClear "device/moto/shamu";
|
||||
#enterAndClear "device/moto/shamu";
|
||||
#git revert 05fb49518049440f90423341ff25d4f75f10bc0c; #restore releasetools #TODO
|
||||
|
||||
#enterAndClear "device/motorola/clark";
|
||||
#git revert fc6cf83; #disable nfc for now
|
||||
#awk -i '!/nfc/' device.mk;
|
||||
#awk -i inplace '!/nfc/' device.mk;
|
||||
#awk -i inplace '!/Nfc/' device.mk;
|
||||
#awk -i inplace '!/Tag/' device.mk;
|
||||
#patch -p1 < "$DOS_PATCHES/android_device_motorola_clark/0001-audit2allow.patch"; #audit2allow sepolicy
|
||||
#mkdir permissions;
|
||||
#cp "$DOS_PATCHES/android_device_motorola_clark/privapp-permissions-qti.xml" permissions/; #Fix privapp permissions, Credit: @Fabiett83
|
||||
#echo "PRODUCT_COPY_FILES += device/motorola/clark/permissions/privapp-permissions-qti.xml:system/etc/permissions/privapp-permissions-qti.xml" >> device.mk;
|
||||
#sed -i 's/androidboot.selinux=permissive//' BoardConfig.mk; #enforce sepolicy
|
||||
#rm configs/Android.mk; #fix compile
|
||||
#rm setup-makefiles.sh; #broken, deblobber will still function
|
||||
|
Loading…
Reference in New Issue
Block a user