mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2025-05-02 14:36:17 -04:00
clark: experimental 16.0
This commit is contained in:
Tad
parent
a0e8f9653c
commit
79ec8a4999
20 changed files with 411 additions and 21 deletions
|
|
@ -167,9 +167,9 @@ processRelease() {
|
|||
echo -e "\e[0;32m\t+ Verified Boot 1.0\e[0m";
|
||||
elif [[ "$VERITY" == "avb" ]]; then
|
||||
local VERITY_SWITCHES=(--avb_vbmeta_key "$KEY_DIR/avb.pem" \
|
||||
--avb_vbmeta_algorithm SHA256_RSA2048 \
|
||||
--avb_vbmeta_algorithm SHA512_RSA4096 \
|
||||
--avb_system_key "$KEY_DIR/avb.pem" \
|
||||
--avb_system_algorithm SHA256_RSA2048);
|
||||
--avb_system_algorithm SHA512_RSA4096);
|
||||
local AVB_PKMD="$KEY_DIR/avb_pkmd.bin";
|
||||
echo -e "\e[0;32m\t+ Verified Boot 2.0\e[0m";
|
||||
fi;
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ mkdir $1; cd $1;
|
|||
desc="/O=Divested Computing Group/CN=DivestOS for $1/emailAddress=support@divestos.org";
|
||||
|
||||
sed -i '/blank for none/,+1 d' "$DOS_BUILD_BASE"/development/tools/make_key;
|
||||
#sed -i 's/2048/4096/' "$DOS_BUILD_BASE"/development/tools/make_key;
|
||||
sed -i 's/2048/4096/' "$DOS_BUILD_BASE"/development/tools/make_key;
|
||||
"$DOS_BUILD_BASE"/development/tools/make_key extra "$desc" "$type";
|
||||
"$DOS_BUILD_BASE"/development/tools/make_key future-1 "$desc" "$type";
|
||||
"$DOS_BUILD_BASE"/development/tools/make_key future-2 "$desc" "$type";
|
||||
|
|
@ -27,7 +27,7 @@ sed -i 's/4096/2048/' "$DOS_BUILD_BASE"/development/tools/make_key;
|
|||
"$DOS_BUILD_BASE"/out/host/linux-x86/bin/generate_verity_key -convert verity.x509.pem verity_key;
|
||||
openssl x509 -outform der -in verity.x509.pem -out verifiedboot_relkeys.der.x509;
|
||||
|
||||
openssl genrsa -out avb.pem 2048; #or 4096
|
||||
openssl genrsa -out avb.pem 4096;
|
||||
"$DOS_BUILD_BASE"/external/avb/avbtool extract_public_key --key avb.pem --output avb_pkmd.bin;
|
||||
|
||||
cd "$DOS_BUILD_BASE";
|
||||
|
|
|
|||
|
|
@ -99,7 +99,7 @@ enterAndClear "packages/apps/Trebuchet";
|
|||
sed -i 's/mCropView.setTouchEnabled(touchEnabled);/mCropView.setTouchEnabled(true);/' WallpaperPicker/src/com/android/launcher3/WallpaperCropActivity.java;
|
||||
|
||||
enterAndClear "system/core";
|
||||
sed -i 's/!= 2048/>= 2048/' libmincrypt/tools/DumpPublicKey.java; #Allow 4096-bit keys
|
||||
sed -i 's/!= 2048/< 2048/' libmincrypt/tools/DumpPublicKey.java; #Allow 4096-bit keys
|
||||
if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file
|
||||
patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden_Mounts.patch"; #Harden mounts with nodev/noexec/nosuid (CopperheadOS-13.0)
|
||||
|
||||
|
|
|
|||
|
|
@ -126,7 +126,6 @@ patchWorkspace() {
|
|||
repopick 248599; #restrict SET_TIME_ZONE permission
|
||||
repopick 248600 248649; #/proc hardening
|
||||
repopick -it nougat-mr2-security-release-residue;
|
||||
repopick 255328; #update webview
|
||||
|
||||
export DOS_GRAPHENE_MALLOC=false; #patches apply, compile fails
|
||||
|
||||
|
|
|
|||
|
|
@ -157,7 +157,7 @@ patch -p1 < "$DOS_PATCHES/android_packages_services_Telephony/0001-PREREQ_Handle
|
|||
patch -p1 < "$DOS_PATCHES/android_packages_services_Telephony/0002-More_Preferred_Network_Modes.patch";
|
||||
|
||||
enterAndClear "system/core";
|
||||
sed -i 's/!= 2048/>= 2048/' libmincrypt/tools/DumpPublicKey.java; #Allow 4096-bit keys
|
||||
sed -i 's/!= 2048/< 2048/' libmincrypt/tools/DumpPublicKey.java; #Allow 4096-bit keys
|
||||
if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file
|
||||
git revert 0217dddeb5c16903c13ff6c75213619b79ea622b d7aa1231b6a0631f506c0c23816f2cd81645b15f; #Always update recovery XXX: This doesn't seem to work
|
||||
patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden.patch"; #Harden mounts with nodev/noexec/nosuid + misc sysfs changes (GrapheneOS)
|
||||
|
|
|
|||
|
|
@ -100,8 +100,7 @@ export -f buildAll;
|
|||
patchWorkspace() {
|
||||
if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi;
|
||||
|
||||
source build/envsetup.sh;
|
||||
repopick 255328; #update webview
|
||||
#source build/envsetup.sh;
|
||||
|
||||
export DOS_GRAPHENE_MALLOC=false; #patches apply, compile fails
|
||||
|
||||
|
|
|
|||
|
|
@ -65,7 +65,7 @@ if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_bio
|
|||
|
||||
enterAndClear "bootable/recovery";
|
||||
git revert ac258a4f4c4b4b91640cc477ad1ac125f206db02; #Resurrect dm-verity
|
||||
sed -i 's/!= 2048/>= 2048/' tools/dumpkey/DumpPublicKey.java; #Allow 4096-bit keys
|
||||
sed -i 's/!= 2048/< 2048/' tools/dumpkey/DumpPublicKey.java; #Allow 4096-bit keys
|
||||
|
||||
enterAndClear "build/make";
|
||||
patch -p1 < "$DOS_PATCHES_COMMON/android_build/0001-OTA_Keys.patch"; #add correct keys to recovery for OTA verification
|
||||
|
|
|
|||
|
|
@ -142,7 +142,10 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15212/^5.1.8/0001.patch
|
|||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15213/^5.2.3/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15214/^5.0.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15216/^5.0.14/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15666/^5.0.19/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15807/^5.1.13/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15916/^5.0.1/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15926/^5.2.3/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2181/3.18/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2263/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2290/ANY/0001.patch
|
||||
|
|
@ -160,5 +163,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch
|
|||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0610/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14883/ANY/0001.patch
|
||||
editKernelLocalversion "-dos.p162"
|
||||
editKernelLocalversion "-dos.p163"
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
|
|
|||
|
|
@ -91,6 +91,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10142/ANY/0001.patch
|
|||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10491/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15216/^5.0.14/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15807/^5.1.13/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15926/^5.2.3/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2054/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2101/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-3459/^5.1/0001.patch
|
||||
|
|
|
|||
|
|
@ -113,6 +113,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9516/ANY/0001.patch
|
|||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10142/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15216/^5.0.14/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15807/^5.1.13/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15926/^5.2.3/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2001/^3.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2054/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2101/ANY/0001.patch
|
||||
|
|
@ -121,5 +122,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/^4.20.11/0001.patch
|
|||
git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/797912_0001-usb-gadget-Fix-synchronization-issue-between-f_audio.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/870057_0001-wcnss-add-null-check-in-pm_ops-unregister.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
|
||||
editKernelLocalversion "-dos.p121"
|
||||
editKernelLocalversion "-dos.p122"
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
|
|
|||
|
|
@ -0,0 +1,179 @@
|
|||
#!/bin/bash
|
||||
cd "$DOS_BUILD_BASE""kernel/motorola/msm8992"
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc2/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc2/ANY/0004.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0004-No_dir-relax.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0005.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0006.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0007.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0008.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0009.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0010.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0011.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0013.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0014.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0015.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0016.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0017.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0018.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0011.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0012.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-2898/^3.11/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-4129/^3.10.3/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-4129/^3.10.3/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-4470/^3.12/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9730/^3.18.2/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9904/^3.17/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-1339/^4.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-5307/^4.2.6/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-6937/^4.2.3/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8746/^4.2.2/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5244/^4.6.3/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5828/^4.6.3/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6672/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6693/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8394/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0648/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0861/3.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0862/3.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000252/^4.13.3/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000410/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11176/^4.11.9/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11473/^4.12.2/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11600/3.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13163/3.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13168/3.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13218/3.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13218/3.10/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13218/3.10/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13218/3.10/0004.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13245/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13246/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13305/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13694/^4.12.9/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13695/^4.12.9/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14489/^4.13.2/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15837/ANY/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16526/^4.13.6/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16531/^4.13.6/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16532/^4.13.11/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16533/^4.13.8/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16534/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16535/^4.13.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16537/^4.13.11/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16538/^4.13.11/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16538/^4.13.11/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16643/3.5-^4.13.11/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16645/^4.13.11/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16650/^4.13.11/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16939/3.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17450/^4.14.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17558/^4.14.5/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17762/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17805/^4.14.8/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17806/^4.14.8/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18079/^4.12.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18153/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18203/^4.14.3/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18255/^4.11/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18306/3.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18360/^4.11.3/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6345/^4.9.13/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7533/3.10/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7533/3.10/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8243/3.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8281/3.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8281/3.10/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8824/^4.14.3/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9711/3.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9723/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9984/^4.11.7/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-1000199/^3.18/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10021/^4.16/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10087/^4.13/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10124/^4.13/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10675/^4.12.9/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-1068/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-1068/ANY/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10877/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10879/3.10/0004.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10880/3.10/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10881/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10882/3.10/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10883/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-1092/^4.15.15/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10940/^4.16.6/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11265/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11273/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11286/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11832/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11919/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11939/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11987/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-12011/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-13053/^4.17.3/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-13913/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-14634/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-14734/^4.17.11/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-15594/^4.18.1/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-16658/^4.18.6/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-18021/^4.18.12/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-18710/^4.19/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-20511/^4.18.11/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-20836/^4.20/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-3563/3.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-3584/ANY/0001.patch
|
||||
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-3585/3.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-3597/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5332/^4.14.13/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5333/^4.14.13/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5390/3.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5390/3.10/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5750/^4.14.15/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5825/3.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5858/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5864/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5897/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5897/ANY/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5904/3.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5908/3.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7273/^4.15.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7492/^4.14.7/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7757/^4.15.7/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-8781/^4.15/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9383/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9389/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9416/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9439/ANY/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9516/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9518/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10142/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10491/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10519/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-11486/^5.0.8/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-11884/^5.0.15/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12456/^5.1.5/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-13631/^5.2.1/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15098/^5.2.8/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15212/^5.1.8/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15213/^5.2.3/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15216/^5.0.14/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15807/^5.1.13/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2001/^3.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2054/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2101/ANY/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2331/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-3459/^5.1/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/^4.20.11/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/LVT-2017-0003/3.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6693/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
|
||||
editKernelLocalversion "-dos.p175"
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
|
@ -113,6 +113,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10142/ANY/0001.patch
|
|||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10491/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15216/^5.0.14/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15807/^5.1.13/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15926/^5.2.3/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2001/^3.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2054/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2101/ANY/0001.patch
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@
|
|||
#Last verified: 2018-04-27
|
||||
|
||||
patchAllKernels() {
|
||||
startPatcher "kernel_asus_fugu kernel_cyanogen_msm8916 kernel_cyanogen_msm8974 kernel_essential_msm8998 kernel_fairphone_msm8974 kernel_google_bonito kernel_google_crosshatch kernel_google_marlin kernel_google_msm kernel_google_wahoo kernel_htc_msm8974 kernel_lge_g3 kernel_lge_hammerhead kernel_lge_mako kernel_lge_msm8974 kernel_moto_shamu kernel_motorola_msm8974 kernel_motorola_msm8996 kernel_nextbit_msm8992 kernel_oppo_msm8974 kernel_razer_msm8998 kernel_samsung_jf kernel_samsung_msm8974 kernel_samsung_smdk4412 kernel_zuk_msm8996";
|
||||
startPatcher "kernel_asus_fugu kernel_cyanogen_msm8916 kernel_cyanogen_msm8974 kernel_essential_msm8998 kernel_fairphone_msm8974 kernel_google_bonito kernel_google_crosshatch kernel_google_marlin kernel_google_msm kernel_google_wahoo kernel_htc_msm8974 kernel_lge_g3 kernel_lge_hammerhead kernel_lge_mako kernel_lge_msm8974 kernel_moto_shamu kernel_motorola_msm8974 kernel_motorola_msm8992 kernel_motorola_msm8996 kernel_nextbit_msm8992 kernel_oppo_msm8974 kernel_razer_msm8998 kernel_samsung_jf kernel_samsung_msm8974 kernel_samsung_smdk4412 kernel_zuk_msm8996";
|
||||
}
|
||||
export -f patchAllKernels;
|
||||
|
||||
|
|
@ -77,6 +77,7 @@ buildAll() {
|
|||
#SD805
|
||||
buildDevice shamu verity;
|
||||
#SD808
|
||||
#buildDeviceUserDebug clark; #permissive + needs manual patching - fwb xml: fused: dangling tag
|
||||
buildDevice ether;
|
||||
#SD615
|
||||
buildDevice kipper; #broken
|
||||
|
|
@ -109,7 +110,6 @@ patchWorkspace() {
|
|||
|
||||
source build/envsetup.sh;
|
||||
repopick -f 254249; #g3 nfc
|
||||
repopick 255328; #update webview
|
||||
|
||||
source "$DOS_SCRIPTS/Patch.sh";
|
||||
source "$DOS_SCRIPTS/Defaults.sh";
|
||||
|
|
|
|||
|
|
@ -66,7 +66,7 @@ if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_bio
|
|||
enterAndClear "bootable/recovery";
|
||||
git revert 4d361ff13b5bd61d5a6a5e95063b24b8a37a24ab 37d729bf; #fix sideload
|
||||
git revert fe2901b144c515c5a90b547198aed37c209b5a82; #Resurrect dm-verity
|
||||
sed -i 's/!= 2048/>= 2048/' tools/dumpkey/DumpPublicKey.java; #Allow 4096-bit keys
|
||||
sed -i 's/!= 2048/< 2048/' tools/dumpkey/DumpPublicKey.java; #Allow 4096-bit keys
|
||||
|
||||
enterAndClear "build/make";
|
||||
git revert 271f6ffa045064abcac066e97f2cb53ccb3e5126 61f7ee9386be426fd4eadc2c8759362edb5bef8; #Add back PicoTTS and language files
|
||||
|
|
@ -105,7 +105,7 @@ patch -p1 < "$DOS_PATCHES/android_frameworks_base/0006-Disable_Analytics.patch";
|
|||
patch -p1 < "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #always restrict access to Build.SERIAL (GrapheneOS)
|
||||
patch -p1 < "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #don't grant location permission to system browsers (GrapheneOS)
|
||||
patch -p1 < "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch"; #allow SystemUI to directly manage Bluetooth/WiFi (GrapheneOS)
|
||||
patch -p1 < "$DOS_PATCHES/android_frameworks_base/0010-Exec_Based_Spawning.patch"; #add exec-based spawning support (GrapheneOS)
|
||||
if [ "$DOS_GRAPHENE_EXEC" = true ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_base/0010-Exec_Based_Spawning.patch"; fi; #add exec-based spawning support (GrapheneOS)
|
||||
patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #don't send IMSI to SUPL (MSe)
|
||||
patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #enable fingerprint failed lockout after 5 attempts (GrapheneOS)
|
||||
rm -rf packages/PrintRecommendationService; #App that just creates popups to install proprietary print apps
|
||||
|
|
@ -228,6 +228,15 @@ awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' BoardConfig.mk;
|
|||
enterAndClear "device/moto/shamu";
|
||||
#git revert 05fb49518049440f90423341ff25d4f75f10bc0c; #restore releasetools #TODO
|
||||
|
||||
#enterAndClear "device/motorola/clark";
|
||||
#git revert fc6cf83; #disable nfc for now
|
||||
#awk -i '!/nfc/' device.mk;
|
||||
#patch -p1 < "$DOS_PATCHES/android_device_motorola_clark/0001-audit2allow.patch"; #audit2allow sepolicy
|
||||
#sed -i 's/androidboot.selinux=permissive//' BoardConfig.mk; #enforce sepolicy
|
||||
#rm configs/Android.mk; #fix compile
|
||||
#rm setup-makefiles.sh; #broken, deblobber will still function
|
||||
#XXX: remove atfwd and cne from vendor makefiles
|
||||
|
||||
enterAndClear "device/oppo/msm8974-common";
|
||||
sed -i "s/TZ.BF.2.0-2.0.0134/TZ.BF.2.0-2.0.0134|TZ.BF.2.0-2.0.0137/" board-info.txt; #Suport new TZ firmware https://review.lineageos.org/#/c/178999/
|
||||
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@
|
|||
|
||||
#START OF USER CONFIGURABLE OPTIONS
|
||||
export DOS_WORKSPACE_ROOT="/mnt/Drive-3/"; #XXX: THIS MUST BE CORRECT TO BUILD!
|
||||
export DOS_SIGNING_KEYS=$DOS_WORKSPACE_ROOT"Signing_Keys/2048";
|
||||
export DOS_SIGNING_KEYS=$DOS_WORKSPACE_ROOT"Signing_Keys/4096";
|
||||
#export DOS_BINARY_PATCHER="";
|
||||
#export DOS_TOR_WRAPPER="torsocks"; #Uncomment to perform select build operations over Tor
|
||||
|
||||
|
|
@ -36,13 +36,14 @@ export DOS_DEBLOBBER_REPLACE_TIME=false; #Set true to replace Qualcomm Time Serv
|
|||
export DOS_BUILDALL_SUPERSEDED=false; #Set true to build superseded devices when running buildAll()
|
||||
export DOS_GPS_GLONASS_FORCED=true; #Enables GLONASS on all devices
|
||||
export DOS_GRAPHENE_MALLOC=true; #Enables use of GrapheneOS' hardened memory allocator on 64-bit platforms
|
||||
export DOS_GRAPHENE_EXEC=true; #Enables use of GrapheneOS' exec spawning feature
|
||||
export DOS_HOSTS_BLOCKING=true; #Switch to false to prevent inclusion of our HOSTS file
|
||||
export DOS_HOSTS_BLOCKING_APP="DNS66"; #App installed when built-in blocking is disabled. Options: Blokada, DNS66
|
||||
export DOS_HOSTS_BLOCKING_LIST="https://divestos.org/hosts"; #Must be in the format "127.0.0.1 bad.domain.tld"
|
||||
export DOS_LOWRAM_ENABLED=false; #Switch to true to enable low_ram on all devices
|
||||
export DOS_MALWARE_SCAN_ENABLED=true; #Set true to perform a fast scan on patchWorkspace() and a through scan on buildAll()
|
||||
export DOS_MALWARE_SCAN_SETTING="quick"; #buildAll() scan speed. Options: quick, extra, slow, full
|
||||
export DOS_MICROG_INCLUDED="NLP"; #Determines inclusion of microG. Options: NLP, FULL
|
||||
export DOS_MICROG_INCLUDED="NLP"; #Determines inclusion of microG. Options: NONE, NLP, FULL
|
||||
export DOS_NON_COMMERCIAL_USE_PATCHES=false; #Switch to false to prevent inclusion of non-commercial use patches XXX: Unused, see 1dc9247
|
||||
export DOS_OPTIMIZE_IMAGES=false; #Set true to apply lossless optimizations to image resources
|
||||
export DOS_OVERCLOCKS_ENABLED=false; #Switch to false to disable overclocks #XXX: Most devices have their processors directly under their RAM, heatsinking is mostly into the ground plane, potentially inflicting damage to RAM and the processor itself
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue