From 7fb56809ace9abca8e98b7dbe2cb9666f5eb8c99 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Fri, 18 Aug 2023 16:08:10 -0400
Subject: [PATCH] Small fixups

Signed-off-by: Tad <tad@spotco.us>
---
 Manifests/Manifest_LAOS-20.0.xml   | 39 +++++++++++++++---------------
 Scripts/Common/Enable_Verity.sh    |  1 +
 Scripts/Common/Fix_CVE_Patchers.sh |  2 +-
 Scripts/LineageOS-18.1/Patch.sh    |  4 ---
 Scripts/LineageOS-20.0/Patch.sh    |  1 +
 5 files changed, 22 insertions(+), 25 deletions(-)

diff --git a/Manifests/Manifest_LAOS-20.0.xml b/Manifests/Manifest_LAOS-20.0.xml
index 78c7264b..797f46cd 100644
--- a/Manifests/Manifest_LAOS-20.0.xml
+++ b/Manifests/Manifest_LAOS-20.0.xml
@@ -265,23 +265,29 @@
 	<project path="kernel/xiaomi/sm8250" name="LineageOS/android_kernel_xiaomi_sm8250" remote="github" revision="lineage-20" />
 
 	<!-- Xiaomi Mi 10T / Mi 10T Pro / Redmi K30S Ultra (apollon) -->
-	<project path="device/xiaomi/apollon" name="LineageOS/android_device_xiaomi_apollon" remote="github" />
+	<project path="device/xiaomi/apollon" name="LineageOS/android_device_xiaomi_apollon" remote="github" revision="lineage-20" />
 
 	<!-- Xiaomi POCO F3 / Redmi K40 / Mi 11X (alioth) -->
 	<project path="device/xiaomi/alioth" name="LineageOS/android_device_xiaomi_alioth" remote="github" revision="lineage-20" />
 
         <!-- Proprietary Blobs -->
+	<project path="vendor/essential/mata" name="[COLOUR IN THE LINES]/proprietary_vendor_essential_mata" remote="github" revision="lineage-20" />
 	<project path="vendor/fairphone/FP3" name="[COLOUR IN THE LINES]/proprietary_vendor_fairphone_FP3" remote="github" revision="lineage-20" />
 	<project path="vendor/fairphone/FP4" name="[COLOUR IN THE LINES]/proprietary_vendor_fairphone_FP4" remote="github" revision="lineage-20" />
 	<project path="vendor/fxtec/pro1" name="[COLOUR IN THE LINES]/proprietary_vendor_fxtec_pro1" remote="github" revision="lineage-20" />
 	<project path="vendor/fxtec/pro1x" name="[COLOUR IN THE LINES]/proprietary_vendor_fxtec_pro1x" remote="github" revision="lineage-20" />
 	<project path="vendor/google/barbet" name="[COLOUR IN THE LINES]/proprietary_vendor_google_barbet" remote="github" revision="lineage-20" />
+	<project path="vendor/google/bluejay" name="[COLOUR IN THE LINES]/proprietary_vendor_google_bluejay" remote="gitlab" revision="lineage-20" />
 	<project path="vendor/google/blueline" name="[COLOUR IN THE LINES]/proprietary_vendor_google_blueline" remote="github" revision="lineage-20" />
 	<project path="vendor/google/bonito" name="[COLOUR IN THE LINES]/proprietary_vendor_google_bonito" remote="github" revision="lineage-20" />
 	<project path="vendor/google/bramble" name="[COLOUR IN THE LINES]/proprietary_vendor_google_bramble" remote="github" revision="lineage-20" />
+	<project path="vendor/google/cheetah" name="[COLOUR IN THE LINES]/proprietary_vendor_google_cheetah" remote="gitlab" revision="lineage-20" />
 	<project path="vendor/google/coral" name="[COLOUR IN THE LINES]/proprietary_vendor_google_coral" remote="github" revision="lineage-20" />
 	<project path="vendor/google/crosshatch" name="[COLOUR IN THE LINES]/proprietary_vendor_google_crosshatch" remote="github" revision="lineage-20" />
 	<project path="vendor/google/flame" name="[COLOUR IN THE LINES]/proprietary_vendor_google_flame" remote="github" revision="lineage-20" />
+	<project path="vendor/google/oriole" name="[COLOUR IN THE LINES]/proprietary_vendor_google_oriole" remote="gitlab" revision="lineage-20" />
+	<project path="vendor/google/panther" name="[COLOUR IN THE LINES]/proprietary_vendor_google_panther" remote="gitlab" revision="lineage-20" />
+	<project path="vendor/google/raven" name="[COLOUR IN THE LINES]/proprietary_vendor_google_raven" remote="gitlab" revision="lineage-20" />
 	<project path="vendor/google/redfin" name="[COLOUR IN THE LINES]/proprietary_vendor_google_redfin" remote="github" revision="lineage-20" />
 	<project path="vendor/google/sargo" name="[COLOUR IN THE LINES]/proprietary_vendor_google_sargo" remote="github" revision="lineage-20" />
 	<project path="vendor/google/sunfish" name="[COLOUR IN THE LINES]/proprietary_vendor_google_sunfish" remote="github" revision="lineage-20" />
@@ -309,31 +315,24 @@
 	<project path="vendor/oneplus/sm8350-common" name="[COLOUR IN THE LINES]/proprietary_vendor_oneplus_sm8350-common" remote="github" revision="lineage-20" />
 	<project path="vendor/razer/aura" name="[COLOUR IN THE LINES]/proprietary_vendor_razer_aura" remote="github" revision="lineage-20" />
 	<project path="vendor/razer/cheryl" name="[COLOUR IN THE LINES]/proprietary_vendor_razer_cheryl" remote="github" revision="lineage-20" />
-	<project path="vendor/samsung/exynos9810-common" name="[COLOUR IN THE LINES]/proprietary_vendor_samsung_exynos9810-common" remote="github" revision="lineage-20" />
 	<project path="vendor/samsung/crownlte" name="[COLOUR IN THE LINES]/proprietary_vendor_samsung_crownlte" remote="github" revision="lineage-20" />
-	<project path="vendor/samsung/starlte" name="[COLOUR IN THE LINES]/proprietary_vendor_samsung_starlte" remote="github" revision="lineage-20" />
+	<project path="vendor/samsung/exynos9810-common" name="[COLOUR IN THE LINES]/proprietary_vendor_samsung_exynos9810-common" remote="github" revision="lineage-20" />
 	<project path="vendor/samsung/star2lte" name="[COLOUR IN THE LINES]/proprietary_vendor_samsung_star2lte" remote="github" revision="lineage-20" />
+	<project path="vendor/samsung/starlte" name="[COLOUR IN THE LINES]/proprietary_vendor_samsung_starlte" remote="github" revision="lineage-20" />
+	<project path="vendor/sony/akari" name="[COLOUR IN THE LINES]/proprietary_vendor_sony_akari" remote="github" revision="lineage-20" />
+	<project path="vendor/sony/akatsuki" name="[COLOUR IN THE LINES]/proprietary_vendor_sony_akatsuki" remote="github" revision="lineage-20" />
+	<project path="vendor/sony/aurora" name="[COLOUR IN THE LINES]/proprietary_vendor_sony_aurora" remote="github" revision="lineage-20" />
+	<project path="vendor/sony/tama-common" name="[COLOUR IN THE LINES]/proprietary_vendor_sony_tama-common" remote="github" revision="lineage-20" />
+	<project path="vendor/sony/xz2c" name="[COLOUR IN THE LINES]/proprietary_vendor_sony_xz2c" remote="github" revision="lineage-20" />
+	<project path="vendor/xiaomi/alioth" name="[COLOUR IN THE LINES]/proprietary_vendor_xiaomi_alioth" remote="github" revision="lineage-20" />
 	<project path="vendor/xiaomi/beryllium" name="[COLOUR IN THE LINES]/proprietary_vendor_xiaomi_beryllium" remote="github" revision="lineage-20" />
 	<project path="vendor/xiaomi/dipper" name="[COLOUR IN THE LINES]/proprietary_vendor_xiaomi_dipper" remote="github" revision="lineage-20" />
 	<project path="vendor/xiaomi/equuleus" name="[COLOUR IN THE LINES]/proprietary_vendor_xiaomi_equuleus" remote="github" revision="lineage-20" />
-	<project path="vendor/xiaomi/polaris" name="[COLOUR IN THE LINES]/proprietary_vendor_xiaomi_polaris" remote="github" revision="lineage-20" />
-	<project path="vendor/xiaomi/ursa" name="[COLOUR IN THE LINES]/proprietary_vendor_xiaomi_ursa" remote="github" revision="lineage-20" />
-	<project path="vendor/xiaomi/sdm845-common" name="[COLOUR IN THE LINES]/proprietary_vendor_xiaomi_sdm845-common" remote="github" revision="lineage-20" />
+	<project path="vendor/xiaomi/lmi" name="[COLOUR IN THE LINES]/proprietary_vendor_xiaomi_lmi" remote="github" revision="lineage-20" />
 	<project path="vendor/xiaomi/Mi8937" name="[COLOUR IN THE LINES]/proprietary_vendor_xiaomi_Mi8937" remote="github" revision="lineage-20" />
 	<project path="vendor/xiaomi/mithorium-common" name="[COLOUR IN THE LINES]/proprietary_vendor_xiaomi_mithorium-common" remote="github" revision="lineage-20" />
+	<project path="vendor/xiaomi/polaris" name="[COLOUR IN THE LINES]/proprietary_vendor_xiaomi_polaris" remote="github" revision="lineage-20" />
+	<project path="vendor/xiaomi/sdm845-common" name="[COLOUR IN THE LINES]/proprietary_vendor_xiaomi_sdm845-common" remote="github" revision="lineage-20" />
 	<project path="vendor/xiaomi/sm8250-common" name="[COLOUR IN THE LINES]/proprietary_vendor_xiaomi_sm8250-common" remote="github" revision="lineage-20" />
-	<project path="vendor/xiaomi/lmi" name="[COLOUR IN THE LINES]/proprietary_vendor_xiaomi_lmi" remote="github" revision="lineage-20" />
-	<project path="vendor/xiaomi/alioth" name="[COLOUR IN THE LINES]/proprietary_vendor_xiaomi_alioth" remote="github" revision="lineage-20" />
-	<project path="vendor/google/bluejay" name="[COLOUR IN THE LINES]/proprietary_vendor_google_bluejay" remote="gitlab" revision="lineage-20" />
-	<project path="vendor/google/cheetah" name="[COLOUR IN THE LINES]/proprietary_vendor_google_cheetah" remote="gitlab" revision="lineage-20" />
-	<project path="vendor/google/oriole" name="[COLOUR IN THE LINES]/proprietary_vendor_google_oriole" remote="gitlab" revision="lineage-20" />
-	<project path="vendor/google/panther" name="[COLOUR IN THE LINES]/proprietary_vendor_google_panther" remote="gitlab" revision="lineage-20" />
-	<project path="vendor/google/raven" name="[COLOUR IN THE LINES]/proprietary_vendor_google_raven" remote="gitlab" revision="lineage-20" />
-	<project path="vendor/sony/tama-common" name="[COLOUR IN THE LINES]/proprietary_vendor_sony_tama-common" remote="github" revision="lineage-20" />
-	<project path="vendor/sony/akari" name="[COLOUR IN THE LINES]/proprietary_vendor_sony_akari" remote="github" revision="lineage-20" />
-	<project path="vendor/sony/aurora" name="[COLOUR IN THE LINES]/proprietary_vendor_sony_aurora" remote="github" revision="lineage-20" />
-	<project path="vendor/sony/xz2c" name="[COLOUR IN THE LINES]/proprietary_vendor_sony_xz2c" remote="github" revision="lineage-20" />
-	<project path="vendor/sony/akatsuki" name="[COLOUR IN THE LINES]/proprietary_vendor_sony_akatsuki" remote="github" revision="lineage-20" />
-	<project path="vendor/essential/mata" name="[COLOUR IN THE LINES]/proprietary_vendor_essential_mata" remote="github" revision="lineage-20" />
-
+	<project path="vendor/xiaomi/ursa" name="[COLOUR IN THE LINES]/proprietary_vendor_xiaomi_ursa" remote="github" revision="lineage-20" />
 </manifest>
diff --git a/Scripts/Common/Enable_Verity.sh b/Scripts/Common/Enable_Verity.sh
index 4e76fbfd..02f87264 100644
--- a/Scripts/Common/Enable_Verity.sh
+++ b/Scripts/Common/Enable_Verity.sh
@@ -176,6 +176,7 @@ enableAVB "device/xiaomi/whyred";
 
 #Kernel Changes
 [[ -d kernel/essential/msm8998 ]] && sed -i 's/slotselect/slotselect,verify/' kernel/essential/msm8998/arch/arm64/boot/dts/essential/msm8998-mata-lineage.dtsi &>/dev/null; #/vendor
+[[ -d kernel/google/marlin ]] && sed -i 's/wait,slotselect/wait,slotselect,verify/' kernel/google/marlin/arch/arm64/boot/dts/htc/msm8996-htc-common.dtsi &>/dev/null; #/vendor
 #[[ -d kernel/htc/flounder ]] && sed -i 's/wait/wait,verify/g' kernel/htc/flounder/arch/arm64/boot/dts/tegra132.dtsi &>/dev/null; #/system #XXX: no boot
 [[ -d  kernel/moto/shamu ]] && sed -i 's/wait/wait,verify/g' kernel/moto/shamu/arch/arm/boot/dts/qcom/apq8084.dtsi &>/dev/null; #/system
 [[ -d kernel/oneplus/msm8996 ]] && sed -i 's/wait/wait,verify/g' kernel/oneplus/msm8996/arch/arm/boot/dts/qcom/15801/msm8996-mtp.dtsi &>/dev/null; #/system
diff --git a/Scripts/Common/Fix_CVE_Patchers.sh b/Scripts/Common/Fix_CVE_Patchers.sh
index 7c00b36b..c06aa927 100644
--- a/Scripts/Common/Fix_CVE_Patchers.sh
+++ b/Scripts/Common/Fix_CVE_Patchers.sh
@@ -54,7 +54,7 @@ commentPatches android_kernel_google_dragon.sh "0006-AndroidHardening-Kernel_Har
 commentPatches android_kernel_google_crosshatch.sh "CVE-2020-0067";
 commentPatches android_kernel_google_gs101_private_gs-google.sh "CVE-2021-29648/^5.11/0001.patch";
 commentPatches android_kernel_google_gs201_private_gs-google.sh "CVE-2021-29648/^5.11/0001.patch";
-commentPatches android_kernel_google_marlin.sh "0001-LinuxIncrementals/3.18/3.18.0098-0099.patch" "0006-AndroidHardening-Kernel_Hardening/3.18/0048.patch" "0006-AndroidHardening-Kernel_Hardening/3.18/0049.patch" "CVE-2017-13162/3.18/0001.patch" "CVE-2017-14883" "CVE-2017-15951" "CVE-2018-17972" "CVE-2019-16746" "CVE-2020-0427" "CVE-2020-14381" "CVE-2020-16166" "CVE-2021-39715/ANY/0001.patch" "CVE-2022-42896/4.9";
+commentPatches android_kernel_google_marlin.sh "0001-LinuxIncrementals/3.18/3.18.0098-0099.patch" "0006-AndroidHardening-Kernel_Hardening/3.18/0048.patch" "0006-AndroidHardening-Kernel_Hardening/3.18/0049.patch" "0008-Graphene-Kernel_Hardening-canaries/4.4/0002.patch" "CVE-2017-13162/3.18/0001.patch" "CVE-2017-14883" "CVE-2017-15951" "CVE-2018-17972" "CVE-2019-16746" "CVE-2020-0427" "CVE-2020-14381" "CVE-2020-16166" "CVE-2021-39715/ANY/0001.patch" "CVE-2022-42896/4.9";
 commentPatches android_kernel_google_msm.sh "CVE-2017-11015/prima" "CVE-2021-Misc2/ANY/0031.patch";
 commentPatches android_kernel_google_msm-4.9.sh "CVE-2019-19319" "CVE-2020-0067" "CVE-2020-1749" "CVE-2020-8992" "CVE-2021-30324" "CVE-2021-45469";
 commentPatches android_kernel_google_redbull.sh "CVE-2018-5873" "CVE-2021-3444" "CVE-2021-3600";
diff --git a/Scripts/LineageOS-18.1/Patch.sh b/Scripts/LineageOS-18.1/Patch.sh
index 78a3ea8a..320b150c 100644
--- a/Scripts/LineageOS-18.1/Patch.sh
+++ b/Scripts/LineageOS-18.1/Patch.sh
@@ -565,10 +565,6 @@ if enterAndClear "device/zuk/msm8996-common"; then
 awk -i inplace '!/WfdCommon/' msm8996.mk; #fix breakage
 fi;
 
-if enterAndClear "kernel/google/marlin"; then
-git revert --no-edit a17f0cc9d8f16df52d3cf3ff64b37bf477f589e5; #enable verity on /vendor
-fi;
-
 #Make changes to all devices
 cd "$DOS_BUILD_BASE";
 find "hardware/qcom/gps" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
diff --git a/Scripts/LineageOS-20.0/Patch.sh b/Scripts/LineageOS-20.0/Patch.sh
index 361f8611..9d7cb801 100644
--- a/Scripts/LineageOS-20.0/Patch.sh
+++ b/Scripts/LineageOS-20.0/Patch.sh
@@ -396,6 +396,7 @@ if enterAndClear "system/sepolicy"; then
 applyPatch "$DOS_PATCHES/android_system_sepolicy/0002-protected_files.patch"; #Label protected_{fifos,regular} as proc_security (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_system_sepolicy/0003-ptrace_scope-1.patch"; #Allow init to control kernel.yama.ptrace_scope (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_system_sepolicy/0003-ptrace_scope-2.patch"; #Allow system to use persist.native_debug (GrapheneOS)
+#awk -i inplace '!/true cannot be used in user builds/' Android.mk; #Allow ignoring neverallows under -user
 awk -i inplace '!/domain=gmscore_app/' private/seapp_contexts prebuilts/api/*/private/seapp_contexts; #Disable unused gmscore_app domain (GrapheneOS)
 fi;