Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2025-05-02 14:36:17 -04:00
Code Issues Projects Releases Packages Wiki Activity

minor tweaks

Browse source
This commit is contained in:
Tad 2019-10-20 19:28:56 -04:00
parent a8af0c3d0d
commit 791087fefa
5 changed files with 73 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Scripts/Common/Functions.sh
View file

@ -549,7 +549,7 @@ hardenDefconfig() {
done
#Disable supported options
#Disabled: CONFIG_MSM_SMP2P_TEST (breaks compile on many kernels)
declare -a optionsNo=("CONFIG_ACPI_APEI_EINJ" "CONFIG_ACPI_CUSTOM_METHOD" "CONFIG_ACPI_TABLE_UPGRADE" "CONFIG_BINFMT_AOUT" "CONFIG_BINFMT_MISC" "CONFIG_BPF_SYSCALL" "CONFIG_CHECKPOINT_RESTORE" "CONFIG_COMPAT_BRK" "CONFIG_COMPAT_VDSO" "CONFIG_CP_ACCESS64" "CONFIG_DEBUG_FS" "CONFIG_DEBUG_KMEMLEAK" "CONFIG_DEVKMEM" "CONFIG_DEVMEM" "CONFIG_DEVPORT" "CONFIG_EARJACK_DEBUGGER" "CONFIG_FTRACE" "CONFIG_GCC_PLUGIN_RANDSTRUCT_PERFORMANCE" "CONFIG_GENERIC_TRACER" "CONFIG_HARDENED_USERCOPY_FALLBACK" "CONFIG_HIBERNATION" "CONFIG_HWPOISON_INJECT" "CONFIG_IA32_EMULATION" "CONFIG_IKCONFIG" "CONFIG_INET_DIAG" "CONFIG_IOMMU_NON_SECURE" "CONFIG_IP_DCCP" "CONFIG_IP_SCTP" "CONFIG_KALLSYMS" "CONFIG_KEXEC" "CONFIG_KEXEC_FILE" "CONFIG_KPROBES" "CONFIG_KSM" "CONFIG_LDISC_AUTOLOAD" "CONFIG_LEGACY_PTYS" "CONFIG_LIVEPATCH" "CONFIG_MAGIC_SYSRQ" "CONFIG_MEM_SOFT_DIRTY" "CONFIG_MMIOTRACE" "CONFIG_MMIOTRACE_TEST" "CONFIG_MODIFY_LDT_SYSCALL" "CONFIG_MSM_BUSPM_DEV" "CONFIG_NEEDS_SYSCALL_FOR_CMPXCHG" "CONFIG_NOTIFIER_ERROR_INJECTION" "CONFIG_OABI_COMPAT" "CONFIG_PAGE_OWNER" "CONFIG_PROC_KCORE" "CONFIG_PROC_PAGE_MONITOR" "CONFIG_PROC_VMCORE" "CONFIG_PROFILING" "CONFIG_RDS" "CONFIG_RDS_TCP" "CONFIG_SECURITY_SELINUX_DISABLE" "CONFIG_SLAB_MERGE_DEFAULT" "CONFIG_TIMER_STATS" "CONFIG_TSC" "CONFIG_TSPP2" "CONFIG_UKSM" "CONFIG_UPROBES" "CONFIG_USELIB" "CONFIG_USERFAULTFD" "CONFIG_WLAN_FEATURE_MEMDUMP" "CONFIG_X86_PTDUMP" "CONFIG_X86_VSYSCALL_EMULATION" "CONFIG_ZSMALLOC_STAT");
declare -a optionsNo=("CONFIG_ACPI_APEI_EINJ" "CONFIG_ACPI_CUSTOM_METHOD" "CONFIG_ACPI_TABLE_UPGRADE" "CONFIG_BINFMT_AOUT" "CONFIG_BINFMT_MISC" "CONFIG_CHECKPOINT_RESTORE" "CONFIG_COMPAT_BRK" "CONFIG_COMPAT_VDSO" "CONFIG_CP_ACCESS64" "CONFIG_DEBUG_KMEMLEAK" "CONFIG_DEVKMEM" "CONFIG_DEVMEM" "CONFIG_DEVPORT" "CONFIG_EARJACK_DEBUGGER" "CONFIG_GCC_PLUGIN_RANDSTRUCT_PERFORMANCE" "CONFIG_HARDENED_USERCOPY_FALLBACK" "CONFIG_HIBERNATION" "CONFIG_HWPOISON_INJECT" "CONFIG_IA32_EMULATION" "CONFIG_IKCONFIG" "CONFIG_INET_DIAG" "CONFIG_IOMMU_NON_SECURE" "CONFIG_IP_DCCP" "CONFIG_IP_SCTP" "CONFIG_KALLSYMS" "CONFIG_KEXEC" "CONFIG_KEXEC_FILE" "CONFIG_KPROBES" "CONFIG_KSM" "CONFIG_LDISC_AUTOLOAD" "CONFIG_LEGACY_PTYS" "CONFIG_LIVEPATCH" "CONFIG_MAGIC_SYSRQ" "CONFIG_MEM_SOFT_DIRTY" "CONFIG_MMIOTRACE" "CONFIG_MMIOTRACE_TEST" "CONFIG_MODIFY_LDT_SYSCALL" "CONFIG_MSM_BUSPM_DEV" "CONFIG_NEEDS_SYSCALL_FOR_CMPXCHG" "CONFIG_NOTIFIER_ERROR_INJECTION" "CONFIG_OABI_COMPAT" "CONFIG_PAGE_OWNER" "CONFIG_PROC_KCORE" "CONFIG_PROC_PAGE_MONITOR" "CONFIG_PROC_VMCORE" "CONFIG_RDS" "CONFIG_RDS_TCP" "CONFIG_SECURITY_SELINUX_DISABLE" "CONFIG_SLAB_MERGE_DEFAULT" "CONFIG_TIMER_STATS" "CONFIG_TSC" "CONFIG_TSPP2" "CONFIG_UKSM" "CONFIG_UPROBES" "CONFIG_USELIB" "CONFIG_USERFAULTFD" "CONFIG_WLAN_FEATURE_MEMDUMP" "CONFIG_X86_PTDUMP" "CONFIG_X86_VSYSCALL_EMULATION" "CONFIG_ZSMALLOC_STAT");
if [[ "$1" != *"kernel/htc/msm8994"* ]] && [[ "$1" != *"kernel/samsung/smdk4412"* ]] && [[ "$1" != *"kernel/htc/flounder"* ]] && [[ "$1" != *"kernel/amazon/hdx-common"* ]]; then
optionsNo+=("CONFIG_DIAG_CHAR" "CONFIG_DIAG_OVER_USB" "CONFIG_USB_QCOM_DIAG_BRIDGE" "CONFIG_DIAGFWD_BRIDGE_CODE" "CONFIG_DIAG_SDIO_PIPE" "CONFIG_DIAG_HSIC_PIPE");
fi;

2
Scripts/LineageOS-14.1/Functions.sh
View file

@ -116,8 +116,6 @@ patchWorkspace() {
#repopick 212799; #alt: 212827 flac extractor CVE-2017-0592
#repopick 214125; #spellchecker: enable more wordlists
repopick -it n_asb_09-2018-qcom;
repopick -it n-tzdata-2019c;
repopick -it n-asb-2019-10;
export DOS_GRAPHENE_MALLOC=false; #patches apply, compile fails

5
Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_motorola_msm8992.sh
View file

@ -84,6 +84,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18203/^4.14.3/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18255/^4.11/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18306/3.10/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18360/^4.11.3/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18595/^4.14.11/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6345/^4.9.13/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7533/3.10/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7533/3.10/0003.patch
@ -165,6 +166,8 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15212/^5.1.8/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15213/^5.2.3/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15216/^5.0.14/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15807/^5.1.13/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15926/^5.2.3/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-17052/^5.3.2/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2001/^3.10/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2054/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2101/ANY/0002.patch
@ -175,5 +178,5 @@ git apply $DOS_PATCHES_LINUX_CVES/LVT-2017-0003/3.10/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6693/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
editKernelLocalversion "-dos.p175"
editKernelLocalversion "-dos.p178"
cd "$DOS_BUILD_BASE"

9
Scripts/LineageOS-16.0/Patch.sh
View file

@ -230,13 +230,18 @@ echo "allow system_server sensors_data_file:dir r_file_perms;" >> sepolicy/syste
sed -i 's/1333788672/880803840/' BoardConfig.mk; #don't touch partitions! DOS -user fits with 40M free
awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' BoardConfig.mk;
enterAndClear "device/moto/shamu";
#enterAndClear "device/moto/shamu";
#git revert 05fb49518049440f90423341ff25d4f75f10bc0c; #restore releasetools #TODO
#enterAndClear "device/motorola/clark";
#git revert fc6cf83; #disable nfc for now
#awk -i '!/nfc/' device.mk;
#awk -i inplace '!/nfc/' device.mk;
#awk -i inplace '!/Nfc/' device.mk;
#awk -i inplace '!/Tag/' device.mk;
#patch -p1 < "$DOS_PATCHES/android_device_motorola_clark/0001-audit2allow.patch"; #audit2allow sepolicy
#mkdir permissions;
#cp "$DOS_PATCHES/android_device_motorola_clark/privapp-permissions-qti.xml" permissions/; #Fix privapp permissions, Credit: @Fabiett83
#echo "PRODUCT_COPY_FILES += device/motorola/clark/permissions/privapp-permissions-qti.xml:system/etc/permissions/privapp-permissions-qti.xml" >> device.mk;
#sed -i 's/androidboot.selinux=permissive//' BoardConfig.mk; #enforce sepolicy
#rm configs/Android.mk; #fix compile
#rm setup-makefiles.sh; #broken, deblobber will still function