diff --git a/Manifests/Manifest_LAOS-17.1.xml b/Manifests/Manifest_LAOS-17.1.xml
new file mode 100644
index 00000000..51c2cade
--- /dev/null
+++ b/Manifests/Manifest_LAOS-17.1.xml
@@ -0,0 +1,149 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/Patches/LineageOS-16.0/android_build/0001-rm_backuptool.patch b/Patches/LineageOS-16.0/android_build/0001-rm_backuptool.patch
deleted file mode 100644
index 9a5c0657..00000000
--- a/Patches/LineageOS-16.0/android_build/0001-rm_backuptool.patch
+++ /dev/null
@@ -1,173 +0,0 @@
-From db5ded424e8deb8a2a75d86e35b9079992491e85 Mon Sep 17 00:00:00 2001
-From: Tad
-Date: Sat, 22 Feb 2020 20:20:24 -0500
-Subject: [PATCH] Nuke backuptool
-
-Change-Id: I58d3adf67e20d9c4e49df8cd70769d9304da00c1
----
- core/Makefile | 14 ---------
- tools/releasetools/edify_generator.py | 9 ------
- tools/releasetools/ota_from_target_files.py | 35 +--------------------
- 3 files changed, 1 insertion(+), 57 deletions(-)
-
-diff --git a/core/Makefile b/core/Makefile
-index 404bb5413..48778bfc1 100644
---- a/core/Makefile
-+++ b/core/Makefile
-@@ -2837,9 +2837,6 @@ ifneq (,$(INSTALLED_RECOVERYIMAGE_TARGET)$(filter true,$(BOARD_USES_RECOVERY_AS_
- $(hide) mkdir -p $(zip_root)/$(PRIVATE_RECOVERY_OUT)
- $(hide) $(call package_files-copy-root, \
- $(TARGET_RECOVERY_ROOT_OUT),$(zip_root)/$(PRIVATE_RECOVERY_OUT)/RAMDISK)
-- @# OTA install helpers
-- $(hide) $(call package_files-copy-root, \
-- $(PRODUCT_OUT)/install,$(zip_root)/INSTALL)
- ifdef INSTALLED_KERNEL_TARGET
- $(hide) cp $(INSTALLED_KERNEL_TARGET) $(zip_root)/$(PRIVATE_RECOVERY_OUT)/kernel
- endif
-@@ -3195,16 +3192,6 @@ else
- OTA_SCRIPT_OVERRIDE_DEVICE := $(TARGET_OTA_ASSERT_DEVICE)
- endif
-
--ifeq ($(WITH_GMS),true)
-- $(INTERNAL_OTA_PACKAGE_TARGET): backuptool := false
--else
--ifneq ($(LINEAGE_BUILD),)
-- $(INTERNAL_OTA_PACKAGE_TARGET): backuptool := true
--else
-- $(INTERNAL_OTA_PACKAGE_TARGET): backuptool := false
--endif
--endif
--
- $(INTERNAL_OTA_PACKAGE_TARGET): $(BUILT_TARGET_FILES_PACKAGE) \
- build/make/tools/releasetools/ota_from_target_files
- @echo "Package OTA: $@"
-@@ -3214,7 +3201,6 @@ $(INTERNAL_OTA_PACKAGE_TARGET): $(BUILT_TARGET_FILES_PACKAGE) \
- --extracted_input_target_files $(patsubst %.zip,%,$(BUILT_TARGET_FILES_PACKAGE)) \
- -p $(HOST_OUT) \
- -k $(KEY_CERT_PAIR) \
-- --backup=$(backuptool) \
- $(if $(OEM_OTA_CONFIG), -o $(OEM_OTA_CONFIG)) \
- $(BUILT_TARGET_FILES_PACKAGE) $@
-
-diff --git a/tools/releasetools/edify_generator.py b/tools/releasetools/edify_generator.py
-index 59f9d8831..040a57b57 100644
---- a/tools/releasetools/edify_generator.py
-+++ b/tools/releasetools/edify_generator.py
-@@ -164,9 +164,6 @@ class EdifyGenerator(object):
- ");")
- self.script.append(self.WordWrap(cmd))
-
-- def RunBackup(self, command):
-- self.script.append(('run_program("/tmp/install/bin/backuptool.sh", "%s");' % command))
--
- def ShowProgress(self, frac, dur):
- """Update the progress bar, advancing it over 'frac' over the next
- 'dur' seconds. 'dur' may be zero to advance it via SetProgress
-@@ -238,12 +235,6 @@ class EdifyGenerator(object):
- p.mount_point, mount_flags))
- self.mounts.add(p.mount_point)
-
-- def Unmount(self, mount_point):
-- """Unmount the partition with the given mount_point."""
-- if mount_point in self.mounts:
-- self.mounts.remove(mount_point)
-- self.script.append('unmount("%s");' % (mount_point,))
--
- def UnpackPackageDir(self, src, dst):
- """Unpack a given directory from the OTA package into the given
- destination directory."""
-diff --git a/tools/releasetools/ota_from_target_files.py b/tools/releasetools/ota_from_target_files.py
-index 089e776fe..5bc022d0b 100755
---- a/tools/releasetools/ota_from_target_files.py
-+++ b/tools/releasetools/ota_from_target_files.py
-@@ -159,10 +159,6 @@ Usage: ota_from_target_files [flags] input_target_files output_ota_package
-
- --override_device
- Override device-specific asserts. Can be a comma-separated list.
--
-- --backup
-- Enable or disable the execution of backuptool.sh.
-- Disabled by default.
- """
-
- from __future__ import print_function
-@@ -215,12 +211,11 @@ OPTIONS.extracted_input = None
- OPTIONS.key_passwords = []
- OPTIONS.skip_postinstall = False
- OPTIONS.override_device = 'auto'
--OPTIONS.backuptool = False
-
-
- METADATA_NAME = 'META-INF/com/android/metadata'
- POSTINSTALL_CONFIG = 'META/postinstall_config.txt'
--UNZIP_PATTERN = ['IMAGES/*', 'META/*', 'INSTALL/*']
-+UNZIP_PATTERN = ['IMAGES/*', 'META/*']
-
-
- class BuildInfo(object):
-@@ -721,15 +716,6 @@ def AddCompatibilityArchiveIfTrebleEnabled(target_zip, output_zip, target_info,
- AddCompatibilityArchive(system_updated, vendor_updated)
-
-
--def CopyInstallTools(output_zip):
-- install_path = os.path.join(OPTIONS.input_tmp, "INSTALL")
-- for root, subdirs, files in os.walk(install_path):
-- for f in files:
-- install_source = os.path.join(root, f)
-- install_target = os.path.join("install", os.path.relpath(root, install_path), f)
-- output_zip.write(install_source, install_target)
--
--
- def WriteFullOTAPackage(input_zip, output_file):
- target_info = BuildInfo(OPTIONS.info_dict, OPTIONS.oem_dicts)
-
-@@ -823,16 +809,6 @@ else if get_stage("%(bcb_dev)s") == "3/3" then
- script.AppendExtra("ifelse(is_mounted(\"/system\"), unmount(\"/system\"));")
- device_specific.FullOTA_InstallBegin()
-
-- CopyInstallTools(output_zip)
-- script.UnpackPackageDir("install", "/tmp/install")
-- script.SetPermissionsRecursive("/tmp/install", 0, 0, 0755, 0644, None, None)
-- script.SetPermissionsRecursive("/tmp/install/bin", 0, 0, 0755, 0755, None, None)
--
-- if OPTIONS.backuptool:
-- script.Mount("/system")
-- script.RunBackup("backup")
-- script.Unmount("/system")
--
- system_progress = 0.75
-
- if OPTIONS.wipe_user_data:
-@@ -874,12 +850,6 @@ else if get_stage("%(bcb_dev)s") == "3/3" then
-
- device_specific.FullOTA_PostValidate()
-
-- if OPTIONS.backuptool:
-- script.ShowProgress(0.02, 10)
-- script.Mount("/system")
-- script.RunBackup("restore")
-- script.Unmount("/system")
--
- script.ShowProgress(0.05, 5)
- script.WriteRawImage("/boot", "boot.img")
-
-@@ -1872,8 +1842,6 @@ def main(argv):
- OPTIONS.skip_postinstall = True
- elif o in ("--override_device"):
- OPTIONS.override_device = a
-- elif o in ("--backup"):
-- OPTIONS.backuptool = bool(a.lower() == 'true')
- else:
- return False
- return True
-@@ -1905,7 +1873,6 @@ def main(argv):
- "extracted_input_target_files=",
- "skip_postinstall",
- "override_device=",
-- "backup=",
- ], extra_option_handler=option_handler)
-
- if len(args) != 2:
---
-2.24.1
-
diff --git a/Patches/LineageOS-17.1/android_bionic/0001-HM-Use_HM.patch b/Patches/LineageOS-17.1/android_bionic/0001-HM-Use_HM.patch
new file mode 100644
index 00000000..f245f5c6
--- /dev/null
+++ b/Patches/LineageOS-17.1/android_bionic/0001-HM-Use_HM.patch
@@ -0,0 +1,181 @@
+From 010949662f6579419dd310606bf1418dbd53a971 Mon Sep 17 00:00:00 2001
+From: Daniel Micay
+Date: Wed, 5 Dec 2018 01:51:56 -0500
+Subject: [PATCH] add hardened_malloc library
+
+---
+ libc/Android.bp | 38 ++++++++++++++++++++-----
+ libc/bionic/h_malloc_wrapper.cpp | 49 ++++++++++++++++++++++++++++++++
+ libc/bionic/malloc_common.h | 8 ++++++
+ 3 files changed, 88 insertions(+), 7 deletions(-)
+ create mode 100644 libc/bionic/h_malloc_wrapper.cpp
+
+diff --git a/libc/Android.bp b/libc/Android.bp
+index 47fccde7e..7c3f57fba 100644
+--- a/libc/Android.bp
++++ b/libc/Android.bp
+@@ -52,6 +52,8 @@ libc_common_flags = [
+ // Clang's exit-time destructor registration hides __dso_handle, but
+ // __dso_handle needs to have default visibility on ARM32. See b/73485611.
+ "-Wexit-time-destructors",
++
++ "-DH_MALLOC_PREFIX",
+ ]
+
+ // Define some common cflags
+@@ -65,9 +67,17 @@ cc_defaults {
+ cppflags: [],
+ include_dirs: [
+ "bionic/libc/async_safe/include",
+- "external/jemalloc_new/include",
+ ],
+
++ multilib: {
++ lib32: {
++ include_dirs: ["external/jemalloc_new/include"],
++ },
++ lib64: {
++ include_dirs: ["external/hardened_malloc/"],
++ },
++ },
++
+ stl: "none",
+ system_shared_libs: [],
+ sanitize: {
+@@ -92,7 +102,6 @@ cc_defaults {
+ // TLS slot.
+
+ cc_library_static {
+-
+ srcs: [
+ "bionic/__libc_init_main_thread.cpp",
+ "bionic/__stack_chk_fail.cpp",
+@@ -1309,6 +1318,10 @@ cc_library_static {
+ multilib: {
+ lib32: {
+ srcs: libc_common_src_files_32,
++ whole_static_libs: ["libjemalloc5"],
++ },
++ lib64: {
++ whole_static_libs: ["libhardened_malloc"],
+ },
+ },
+ arch: {
+@@ -1342,7 +1355,6 @@ cc_library_static {
+ "libc_syscalls",
+ "libc_tzcode",
+ "libm",
+- "libjemalloc5",
+ "libstdc++",
+ ],
+ }
+@@ -1480,7 +1492,14 @@ cc_library_static {
+ // ========================================================
+ cc_library_static {
+ defaults: ["libc_defaults"],
+- srcs: ["bionic/jemalloc_wrapper.cpp"],
++ multilib: {
++ lib32: {
++ srcs: ["bionic/jemalloc_wrapper.cpp"],
++ },
++ lib64: {
++ srcs: ["bionic/h_malloc_wrapper.cpp"],
++ },
++ },
+ cflags: ["-fvisibility=hidden"],
+
+ name: "libc_malloc",
+@@ -1578,9 +1597,14 @@ cc_library {
+ static_libs: [
+ "libdl_android",
+ ],
+- whole_static_libs: [
+- "libjemalloc5",
+- ],
++ multilib: {
++ lib32: {
++ whole_static_libs: ["libjemalloc5"],
++ },
++ lib64: {
++ whole_static_libs: ["libhardened_malloc"],
++ },
++ },
+
+ nocrt: true,
+
+diff --git a/libc/bionic/h_malloc_wrapper.cpp b/libc/bionic/h_malloc_wrapper.cpp
+new file mode 100644
+index 000000000..5733293a9
+--- /dev/null
++++ b/libc/bionic/h_malloc_wrapper.cpp
+@@ -0,0 +1,49 @@
++#include
++#include
++#include
++#include
++
++#include
++
++#include "h_malloc.h"
++
++__BEGIN_DECLS
++int h_malloc_info(int options, FILE* fp);
++__END_DECLS
++
++int h_malloc_info(int options, FILE* fp) {
++ if (options != 0) {
++ errno = EINVAL;
++ return -1;
++ }
++
++ MallocXmlElem root(fp, "malloc", "version=\"jemalloc-1\"");
++
++ // Dump all of the large allocations in the arenas.
++ for (size_t i = 0; i < h_mallinfo_narenas(); i++) {
++ struct mallinfo mi = h_mallinfo_arena_info(i);
++ if (mi.hblkhd != 0) {
++ MallocXmlElem arena_elem(fp, "heap", "nr=\"%d\"", i);
++ {
++ MallocXmlElem(fp, "allocated-large").Contents("%zu", mi.ordblks);
++ MallocXmlElem(fp, "allocated-huge").Contents("%zu", mi.uordblks);
++ MallocXmlElem(fp, "allocated-bins").Contents("%zu", mi.fsmblks);
++
++ size_t total = 0;
++ for (size_t j = 0; j < h_mallinfo_nbins(); j++) {
++ struct mallinfo mi = h_mallinfo_bin_info(i, j);
++ if (mi.ordblks != 0) {
++ MallocXmlElem bin_elem(fp, "bin", "nr=\"%d\"", j);
++ MallocXmlElem(fp, "allocated").Contents("%zu", mi.ordblks);
++ MallocXmlElem(fp, "nmalloc").Contents("%zu", mi.uordblks);
++ MallocXmlElem(fp, "ndalloc").Contents("%zu", mi.fordblks);
++ total += mi.ordblks;
++ }
++ }
++ MallocXmlElem(fp, "bins-total").Contents("%zu", total);
++ }
++ }
++ }
++
++ return 0;
++}
+diff --git a/libc/bionic/malloc_common.h b/libc/bionic/malloc_common.h
+index 2176e634d..e2c1910d2 100644
+--- a/libc/bionic/malloc_common.h
++++ b/libc/bionic/malloc_common.h
+@@ -62,8 +62,16 @@ __END_DECLS
+
+ #else
+
++#ifdef __LP64__
++#include "h_malloc.h"
++#define Malloc(function) h_ ## function
++__BEGIN_DECLS
++int h_malloc_info(int options, FILE* fp);
++__END_DECLS
++#else
+ #include "jemalloc.h"
+ #define Malloc(function) je_ ## function
++#endif
+
+ #endif
+
diff --git a/Patches/LineageOS-17.1/android_device_qcom_sepolicy-legacy/0001-Camera_Fix.patch b/Patches/LineageOS-17.1/android_device_qcom_sepolicy-legacy/0001-Camera_Fix.patch
new file mode 100644
index 00000000..52de3921
--- /dev/null
+++ b/Patches/LineageOS-17.1/android_device_qcom_sepolicy-legacy/0001-Camera_Fix.patch
@@ -0,0 +1,34 @@
+From 41c2cb884b69e04e2e7a6404b580aafc4b2ceba7 Mon Sep 17 00:00:00 2001
+From: Tad
+Date: Mon, 12 Feb 2018 02:41:09 -0500
+Subject: [PATCH] TEMPORARY fix camera not working on user builds
+
+Change-Id: I61e8c78bfd70be7c157c049dac201de21749d4a2
+---
+ common/mediaserver.te | 10 ++++------
+ 1 file changed, 4 insertions(+), 6 deletions(-)
+
+diff --git a/common/mediaserver.te b/common/mediaserver.te
+index 1108551..6b92565 100755
+--- a/common/mediaserver.te
++++ b/common/mediaserver.te
+@@ -13,12 +13,10 @@ binder_call(mediaserver, rild)
+ #qmux_socket(mediaserver)
+ allow mediaserver camera_data_file:sock_file w_file_perms;
+
+-userdebug_or_eng(`
+- allow mediaserver camera_data_file:dir rw_dir_perms;
+- allow mediaserver camera_data_file:file create_file_perms;
+- # Access to audio
+- allow mediaserver qti_debugfs:file rw_file_perms;
+-')
++allow mediaserver camera_data_file:dir rw_dir_perms;
++allow mediaserver camera_data_file:file create_file_perms;
++# Access to audio
++allow mediaserver qti_debugfs:file rw_file_perms;
+
+ r_dir_file(mediaserver, sysfs_esoc)
+ #allow mediaserver system_app_data_file:file rw_file_perms;
+--
+2.16.1
+
diff --git a/Patches/LineageOS-17.1/android_frameworks_base/0003-SUPL_No_IMSI.patch b/Patches/LineageOS-17.1/android_frameworks_base/0003-SUPL_No_IMSI.patch
new file mode 100644
index 00000000..555b2197
--- /dev/null
+++ b/Patches/LineageOS-17.1/android_frameworks_base/0003-SUPL_No_IMSI.patch
@@ -0,0 +1,40 @@
+From 13951789b89251be432612b288020fdcb9e079fa Mon Sep 17 00:00:00 2001
+From: MSe1969
+Date: Mon, 29 Oct 2018 12:14:17 +0100
+Subject: [PATCH] SUPL: Don't send IMSI / Phone number to SUPL server
+
+Change-Id: I5ccc4d61e52ac11ef33f44618d0e610089885b87
+---
+ .../android/server/location/GnssLocationProvider.java | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/services/core/java/com/android/server/location/GnssLocationProvider.java b/services/core/java/com/android/server/location/GnssLocationProvider.java
+index 342e9b8c300..537e02d8e39 100644
+--- a/services/core/java/com/android/server/location/GnssLocationProvider.java
++++ b/services/core/java/com/android/server/location/GnssLocationProvider.java
+@@ -1934,7 +1934,12 @@ public class GnssLocationProvider extends AbstractLocationProvider implements
+ mContext.getSystemService(Context.TELEPHONY_SERVICE);
+ int type = AGPS_SETID_TYPE_NONE;
+ String setId = null;
+-
++
++ /*
++ * We don't want to tell Google our IMSI or phone number to spy on us!
++ * As devices w/o SIM card also have working GPS, providing this data does
++ * not seem to add a lot of value, at least not for the device holder
++ *
+ int ddSubId = SubscriptionManager.getDefaultDataSubscriptionId();
+ if ((flags & AGPS_RIL_REQUEST_SETID_IMSI) == AGPS_RIL_REQUEST_SETID_IMSI) {
+ if (SubscriptionManager.isValidSubscriptionId(ddSubId)) {
+@@ -1958,7 +1963,7 @@ public class GnssLocationProvider extends AbstractLocationProvider implements
+ // This means the framework has the SIM card.
+ type = AGPS_SETID_TYPE_MSISDN;
+ }
+- }
++ } */
+
+ native_agps_set_id(type, (setId == null) ? "" : setId);
+ }
+--
+2.26.0
+
diff --git a/Patches/LineageOS-17.1/android_frameworks_base/0004-Fingerprint_Lockout.patch b/Patches/LineageOS-17.1/android_frameworks_base/0004-Fingerprint_Lockout.patch
new file mode 100644
index 00000000..6d53de08
--- /dev/null
+++ b/Patches/LineageOS-17.1/android_frameworks_base/0004-Fingerprint_Lockout.patch
@@ -0,0 +1,22 @@
+From 9c21f1c52b9d5f589a4bca4893e8a04fc1c42cd2 Mon Sep 17 00:00:00 2001
+From: Daniel Micay
+Date: Tue, 12 Sep 2017 01:52:11 -0400
+Subject: [PATCH] use permanent fingerprint lockout immediately
+
+---
+ .../server/biometrics/fingerprint/FingerprintService.java | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/services/core/java/com/android/server/biometrics/fingerprint/FingerprintService.java b/services/core/java/com/android/server/biometrics/fingerprint/FingerprintService.java
+index 320e1022873..fb580ffe43c 100644
+--- a/services/core/java/com/android/server/biometrics/fingerprint/FingerprintService.java
++++ b/services/core/java/com/android/server/biometrics/fingerprint/FingerprintService.java
+@@ -98,7 +98,7 @@
+ private static final String ACTION_LOCKOUT_RESET =
+ "com.android.server.biometrics.fingerprint.ACTION_LOCKOUT_RESET";
+ private static final int MAX_FAILED_ATTEMPTS_LOCKOUT_TIMED = 5;
+- private static final int MAX_FAILED_ATTEMPTS_LOCKOUT_PERMANENT = 20;
++ private static final int MAX_FAILED_ATTEMPTS_LOCKOUT_PERMANENT = 3;
+ private static final long FAIL_LOCKOUT_TIMEOUT_MS = 30 * 1000;
+ private static final String KEY_LOCKOUT_RESET_USER = "lockout_reset_user";
+
diff --git a/Patches/LineageOS-17.1/android_frameworks_base/0006-Disable_Analytics.patch b/Patches/LineageOS-17.1/android_frameworks_base/0006-Disable_Analytics.patch
new file mode 100644
index 00000000..433aca32
--- /dev/null
+++ b/Patches/LineageOS-17.1/android_frameworks_base/0006-Disable_Analytics.patch
@@ -0,0 +1,37 @@
+From 5b59a2cf8028488847a5cd6ac7d4a14414972438 Mon Sep 17 00:00:00 2001
+From: Tad
+Date: Mon, 21 May 2018 04:23:40 -0400
+Subject: [PATCH] Disable/reduce functionality of various ad/analytics
+ libraries
+
+Change-Id: I84303ee26d0232e471f44ae6eff6e41a2210e42e
+---
+ core/java/android/content/pm/PackageParser.java | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
+index 8c66fb227cf..31368bf74b1 100644
+--- a/core/java/android/content/pm/PackageParser.java
++++ b/core/java/android/content/pm/PackageParser.java
+@@ -5524,6 +5524,18 @@ public class PackageParser {
+
+ if (data == null) {
+ data = new Bundle();
++ data.putBoolean("batch_opted_out_by_default", true);
++ data.putBoolean("com.ad4screen.no_geoloc", true);
++ data.putBoolean("com.facebook.sdk.AutoLogAppEventsEnabled", false);
++ data.putBoolean("com.mixpanel.android.MPConfig.UseIpAddressForGeolocation", false);
++ data.putBoolean("com.webengage.sdk.android.location_tracking", false);
++ data.putBoolean("firebase_analytics_collection_deactivated", true);
++ data.putBoolean("firebase_analytics_collection_enabled", false);
++ data.putBoolean("firebase_crash_collection_enabled", false);
++ data.putBoolean("firebase_performance_collection_deactivated", true);
++ data.putBoolean("google_analytics_adid_collection_enabled", false);
++ data.putString("com.ad4screen.tracking_mode", "Restricted");
++ data.putString("com.sprooki.LOCATION_SERVICES", "disable");
+ }
+
+ String name = sa.getNonConfigurationString(
+--
+2.17.0
+
diff --git a/Patches/LineageOS-17.1/android_frameworks_base/0007-Always_Restict_Serial.patch b/Patches/LineageOS-17.1/android_frameworks_base/0007-Always_Restict_Serial.patch
new file mode 100644
index 00000000..65ecb039
--- /dev/null
+++ b/Patches/LineageOS-17.1/android_frameworks_base/0007-Always_Restict_Serial.patch
@@ -0,0 +1,29 @@
+From d6224b1fca2bb1a32e1bf6df2de6227eddb13595 Mon Sep 17 00:00:00 2001
+From: Daniel Micay
+Date: Wed, 6 Sep 2017 21:40:48 -0400
+Subject: [PATCH] always set deprecated Build.SERIAL to UNKNOWN
+
+Only support fetching the serial number via the new Build.getSerial()
+requiring the READ_PHONE_STATE permission.
+---
+ .../java/com/android/server/am/ActivityManagerService.java | 7 +------
+ 1 file changed, 1 insertion(+), 6 deletions(-)
+
+diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
+index e8505fcb37a..7b14f5fdb1e 100644
+--- a/services/core/java/com/android/server/am/ActivityManagerService.java
++++ b/services/core/java/com/android/server/am/ActivityManagerService.java
+@@ -4971,12 +4971,7 @@ private final boolean attachApplicationLocked(IApplicationThread thread,
+ }
+ }
+
+- // We deprecated Build.SERIAL and it is not accessible to
+- // Instant Apps and target APIs higher than O MR1. Since access to the serial
+- // is now behind a permission we push down the value.
+- final String buildSerial = (!appInfo.isInstantApp()
+- && appInfo.targetSdkVersion < Build.VERSION_CODES.P)
+- ? sTheRealBuildSerial : Build.UNKNOWN;
++ final String buildSerial = Build.UNKNOWN;
+
+ // Check if this is a secondary process that should be incorporated into some
+ // currently active instrumentation. (Note we do this AFTER all of the profiling
diff --git a/Patches/LineageOS-17.1/android_frameworks_base/0008-Browser_No_Location.patch b/Patches/LineageOS-17.1/android_frameworks_base/0008-Browser_No_Location.patch
new file mode 100644
index 00000000..2bb0bb89
--- /dev/null
+++ b/Patches/LineageOS-17.1/android_frameworks_base/0008-Browser_No_Location.patch
@@ -0,0 +1,51 @@
+From cfcc7b12949e06e03a974a9dec90daf6cab50ffc Mon Sep 17 00:00:00 2001
+From: Daniel Micay
+Date: Sun, 17 Mar 2019 19:54:30 -0400
+Subject: [PATCH] stop auto-granting location to system browsers
+
+---
+ .../DefaultPermissionGrantPolicy.java | 24 +++++++++----------
+ 1 file changed, 12 insertions(+), 12 deletions(-)
+
+diff --git a/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java b/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java
+index ecf66861a40..b4576b0b682 100644
+--- a/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java
++++ b/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java
+@@ -596,16 +596,16 @@ private void grantDefaultSystemHandlerPermissions(int userId) {
+ userId, CONTACTS_PERMISSIONS, CALENDAR_PERMISSIONS);
+
+ // Browser
+- String browserPackage = getKnownPackage(PackageManagerInternal.PACKAGE_BROWSER, userId);
+- if (browserPackage == null) {
+- browserPackage = getDefaultSystemHandlerActivityPackageForCategory(
+- Intent.CATEGORY_APP_BROWSER, userId);
+- if (!isSystemPackage(browserPackage)) {
+- browserPackage = null;
+- }
+- }
+- grantPermissionsToPackage(browserPackage, userId, false /* ignoreSystemPackage */,
+- true /*whitelistRestrictedPermissions*/, ALWAYS_LOCATION_PERMISSIONS);
++ //String browserPackage = getKnownPackage(PackageManagerInternal.PACKAGE_BROWSER, userId);
++ //if (browserPackage == null) {
++ //browserPackage = getDefaultSystemHandlerActivityPackageForCategory(
++ //Intent.CATEGORY_APP_BROWSER, userId);
++ //if (!isSystemPackage(browserPackage)) {
++ //browserPackage = null;
++ //}
++ //}
++ //grantPermissionsToPackage(browserPackage, userId, false [> ignoreSystemPackage <],
++ //true [>whitelistRestrictedPermissions<], ALWAYS_LOCATION_PERMISSIONS);
+
+ // Voice interaction
+ if (voiceInteractPackageNames != null) {
+@@ -884,8 +884,8 @@ public void revokeDefaultPermissionsFromLuiApps(String[] packageNames, int userI
+ }
+
+ public void grantDefaultPermissionsToDefaultBrowser(String packageName, int userId) {
+- Log.i(TAG, "Granting permissions to default browser for user:" + userId);
+- grantPermissionsToSystemPackage(packageName, userId, ALWAYS_LOCATION_PERMISSIONS);
++ //Log.i(TAG, "Granting permissions to default browser for user:" + userId);
++ //grantPermissionsToSystemPackage(packageName, userId, ALWAYS_LOCATION_PERMISSIONS);
+ }
+
+ private String getDefaultSystemHandlerActivityPackage(String intentAction, int userId) {
diff --git a/Patches/LineageOS-17.1/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch b/Patches/LineageOS-17.1/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch
new file mode 100644
index 00000000..5d6e125a
--- /dev/null
+++ b/Patches/LineageOS-17.1/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch
@@ -0,0 +1,23 @@
+From a507f07f4b04c421400ef8382212aa38cfe37b0d Mon Sep 17 00:00:00 2001
+From: Daniel Micay
+Date: Tue, 18 Dec 2018 08:48:14 -0500
+Subject: [PATCH] allow SystemUI to directly manage Bluetooth/WiFi
+
+---
+ packages/SystemUI/AndroidManifest.xml | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/packages/SystemUI/AndroidManifest.xml b/packages/SystemUI/AndroidManifest.xml
+index 5599b5a2837..08a8d9f504b 100644
+--- a/packages/SystemUI/AndroidManifest.xml
++++ b/packages/SystemUI/AndroidManifest.xml
+@@ -70,6 +70,9 @@
+
+
+
++
++
++
+
+
+
diff --git a/Patches/LineageOS-17.1/android_frameworks_base/0010-Exec_Based_Spawning.patch b/Patches/LineageOS-17.1/android_frameworks_base/0010-Exec_Based_Spawning.patch
new file mode 100644
index 00000000..38be3b76
--- /dev/null
+++ b/Patches/LineageOS-17.1/android_frameworks_base/0010-Exec_Based_Spawning.patch
@@ -0,0 +1,592 @@
+From 60e744e11be94212d0bc796d8904da4c61af60e1 Mon Sep 17 00:00:00 2001
+From: Daniel Micay
+Date: Sat, 14 Mar 2015 18:10:20 -0400
+Subject: [PATCH 01/12] add exec-based spawning support
+
+---
+ .../com/android/internal/os/ExecInit.java | 115 ++++++++++++++++++
+ .../com/android/internal/os/WrapperInit.java | 2 +-
+ .../android/internal/os/ZygoteConnection.java | 8 ++
+ 3 files changed, 124 insertions(+), 1 deletion(-)
+ create mode 100644 core/java/com/android/internal/os/ExecInit.java
+
+diff --git a/core/java/com/android/internal/os/ExecInit.java b/core/java/com/android/internal/os/ExecInit.java
+new file mode 100644
+index 00000000000..10edd64e0f9
+--- /dev/null
++++ b/core/java/com/android/internal/os/ExecInit.java
+@@ -0,0 +1,115 @@
++package com.android.internal.os;
++
++import android.os.Trace;
++import android.system.ErrnoException;
++import android.system.Os;
++import android.util.Slog;
++import android.util.TimingsTraceLog;
++import dalvik.system.VMRuntime;
++
++/**
++ * Startup class for the process.
++ * @hide
++ */
++public class ExecInit {
++ /**
++ * Class not instantiable.
++ */
++ private ExecInit() {
++ }
++
++ /**
++ * The main function called when starting a runtime application.
++ *
++ * The first argument is the target SDK version for the app.
++ *
++ * The remaining arguments are passed to the runtime.
++ *
++ * @param args The command-line arguments.
++ */
++ public static void main(String[] args) {
++ // Parse our mandatory argument.
++ int targetSdkVersion = Integer.parseInt(args[0], 10);
++
++ // Mimic system Zygote preloading.
++ ZygoteInit.preload(new TimingsTraceLog("ExecInitTiming",
++ Trace.TRACE_TAG_DALVIK));
++
++ // Launch the application.
++ String[] runtimeArgs = new String[args.length - 1];
++ System.arraycopy(args, 1, runtimeArgs, 0, runtimeArgs.length);
++ Runnable r = execInit(targetSdkVersion, runtimeArgs);
++
++ r.run();
++ }
++
++ /**
++ * Executes a runtime application with exec-based spawning.
++ * This method never returns.
++ *
++ * @param niceName The nice name for the application, or null if none.
++ * @param targetSdkVersion The target SDK version for the app.
++ * @param args Arguments for {@link RuntimeInit#main}.
++ */
++ public static void execApplication(String niceName, int targetSdkVersion,
++ String instructionSet, String[] args) {
++ int niceArgs = niceName == null ? 0 : 1;
++ int baseArgs = 5 + niceArgs;
++ String[] argv = new String[baseArgs + args.length];
++ if (VMRuntime.is64BitInstructionSet(instructionSet)) {
++ argv[0] = "/system/bin/app_process64";
++ } else {
++ argv[0] = "/system/bin/app_process32";
++ }
++ argv[1] = "/system/bin";
++ argv[2] = "--application";
++ if (niceName != null) {
++ argv[3] = "--nice-name=" + niceName;
++ }
++ argv[3 + niceArgs] = "com.android.internal.os.ExecInit";
++ argv[4 + niceArgs] = Integer.toString(targetSdkVersion);
++ System.arraycopy(args, 0, argv, baseArgs, args.length);
++
++ WrapperInit.preserveCapabilities();
++ try {
++ Os.execv(argv[0], argv);
++ } catch (ErrnoException e) {
++ throw new RuntimeException(e);
++ }
++ }
++
++ /**
++ * The main function called when an application is started with exec-based spawning.
++ *
++ * When the app starts, the runtime starts {@link RuntimeInit#main}
++ * which calls {@link main} which then calls this method.
++ * So we don't need to call commonInit() here.
++ *
++ * @param targetSdkVersion target SDK version
++ * @param argv arg strings
++ */
++ private static Runnable execInit(int targetSdkVersion, String[] argv) {
++ if (RuntimeInit.DEBUG) {
++ Slog.d(RuntimeInit.TAG, "RuntimeInit: Starting application from exec");
++ }
++
++ // Check whether the first argument is a "-cp" in argv, and assume the next argument is the
++ // classpath. If found, create a PathClassLoader and use it for applicationInit.
++ ClassLoader classLoader = null;
++ if (argv != null && argv.length > 2 && argv[0].equals("-cp")) {
++ classLoader = ZygoteInit.createPathClassLoader(argv[1], targetSdkVersion);
++
++ // Install this classloader as the context classloader, too.
++ Thread.currentThread().setContextClassLoader(classLoader);
++
++ // Remove the classpath from the arguments.
++ String removedArgs[] = new String[argv.length - 2];
++ System.arraycopy(argv, 2, removedArgs, 0, argv.length - 2);
++ argv = removedArgs;
++ }
++
++ // Perform the same initialization that would happen after the Zygote forks.
++ Zygote.nativePreApplicationInit();
++ return RuntimeInit.applicationInit(targetSdkVersion, argv, classLoader);
++ }
++}
+diff --git a/core/java/com/android/internal/os/WrapperInit.java b/core/java/com/android/internal/os/WrapperInit.java
+index f0e779694c9..9f41a4136db 100644
+--- a/core/java/com/android/internal/os/WrapperInit.java
++++ b/core/java/com/android/internal/os/WrapperInit.java
+@@ -183,7 +183,7 @@ public class WrapperInit {
+ * This is acceptable here as failure will leave the wrapped app with strictly less
+ * capabilities, which may make it crash, but not exceed its allowances.
+ */
+- private static void preserveCapabilities() {
++ public static void preserveCapabilities() {
+ StructCapUserHeader header = new StructCapUserHeader(
+ OsConstants._LINUX_CAPABILITY_VERSION_3, 0);
+ StructCapUserData[] data;
+diff --git a/core/java/com/android/internal/os/ZygoteConnection.java b/core/java/com/android/internal/os/ZygoteConnection.java
+index e556dd4d824..1054d2fb9b1 100644
+--- a/core/java/com/android/internal/os/ZygoteConnection.java
++++ b/core/java/com/android/internal/os/ZygoteConnection.java
+@@ -33,6 +33,7 @@ import android.net.Credentials;
+ import android.net.LocalSocket;
+ import android.os.Parcel;
+ import android.os.Process;
++import android.os.SystemProperties;
+ import android.os.Trace;
+ import android.system.ErrnoException;
+ import android.system.Os;
+@@ -596,6 +597,13 @@ class ZygoteConnection {
+ throw new IllegalStateException("WrapperInit.execApplication unexpectedly returned");
+ } else {
+ if (!isZygote) {
++ if (SystemProperties.getBoolean("sys.spawn.exec", true)) {
++ ExecInit.execApplication(parsedArgs.mNiceName, parsedArgs.mTargetSdkVersion,
++ VMRuntime.getCurrentInstructionSet(), parsedArgs.mRemainingArgs);
++
++ // Should not get here.
++ throw new IllegalStateException("ExecInit.execApplication unexpectedly returned");
++ }
+ return ZygoteInit.zygoteInit(parsedArgs.mTargetSdkVersion,
+ parsedArgs.mRemainingArgs, null /* classLoader */);
+ } else {
+--
+2.26.0
+
+
+From 148d6154d771cec6ff736d0f72abf192a5a35975 Mon Sep 17 00:00:00 2001
+From: Daniel Micay
+Date: Tue, 14 May 2019 15:11:59 -0400
+Subject: [PATCH 02/12] avoid AssetManager errors with exec spawning
+
+This causes harmless errors and wastes time spawning a process that's
+not going to succeed.
+---
+ core/jni/android_util_AssetManager.cpp | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/core/jni/android_util_AssetManager.cpp b/core/jni/android_util_AssetManager.cpp
+index 2b471fec9c8..7a29db32808 100644
+--- a/core/jni/android_util_AssetManager.cpp
++++ b/core/jni/android_util_AssetManager.cpp
+@@ -125,6 +125,10 @@ constexpr inline static ApkAssetsCookie JavaCookieToApkAssetsCookie(jint cookie)
+
+ // This is called by zygote (running as user root) as part of preloadResources.
+ static void NativeVerifySystemIdmaps(JNIEnv* /*env*/, jclass /*clazz*/) {
++ // avoid triggering an error with exec-based spawning
++ if (getuid() != 0) {
++ return;
++ }
+ switch (pid_t pid = fork()) {
+ case -1:
+ PLOG(ERROR) << "failed to fork for idmap";
+--
+2.26.0
+
+
+From 2076c38e549f2b4032448159c1478e67a72a96b5 Mon Sep 17 00:00:00 2001
+From: Daniel Micay
+Date: Tue, 21 May 2019 23:54:20 -0400
+Subject: [PATCH 03/12] disable exec spawning when using debugging options
+
+The debugging options are not yet supported probably, so disable exec
+spawning when doing debugging.
+---
+ core/java/com/android/internal/os/ZygoteConnection.java | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/core/java/com/android/internal/os/ZygoteConnection.java b/core/java/com/android/internal/os/ZygoteConnection.java
+index 1054d2fb9b1..b420385b1de 100644
+--- a/core/java/com/android/internal/os/ZygoteConnection.java
++++ b/core/java/com/android/internal/os/ZygoteConnection.java
+@@ -597,7 +597,8 @@ class ZygoteConnection {
+ throw new IllegalStateException("WrapperInit.execApplication unexpectedly returned");
+ } else {
+ if (!isZygote) {
+- if (SystemProperties.getBoolean("sys.spawn.exec", true)) {
++ if (SystemProperties.getBoolean("sys.spawn.exec", true) &&
++ (parsedArgs.mRuntimeFlags & ApplicationInfo.FLAG_DEBUGGABLE) == 0) {
+ ExecInit.execApplication(parsedArgs.mNiceName, parsedArgs.mTargetSdkVersion,
+ VMRuntime.getCurrentInstructionSet(), parsedArgs.mRemainingArgs);
+
+--
+2.26.0
+
+
+From 909317e350ea4c8874b01e73502dc0c7c78635ab Mon Sep 17 00:00:00 2001
+From: Daniel Micay
+Date: Tue, 14 May 2019 14:24:21 -0400
+Subject: [PATCH 04/12] add parameter for avoiding full preload with exec
+
+---
+ core/java/com/android/internal/os/ExecInit.java | 2 +-
+ core/java/com/android/internal/os/ZygoteInit.java | 6 +++++-
+ 2 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/core/java/com/android/internal/os/ExecInit.java b/core/java/com/android/internal/os/ExecInit.java
+index 10edd64e0f9..3ba4664ae8c 100644
+--- a/core/java/com/android/internal/os/ExecInit.java
++++ b/core/java/com/android/internal/os/ExecInit.java
+@@ -33,7 +33,7 @@ public class ExecInit {
+
+ // Mimic system Zygote preloading.
+ ZygoteInit.preload(new TimingsTraceLog("ExecInitTiming",
+- Trace.TRACE_TAG_DALVIK));
++ Trace.TRACE_TAG_DALVIK), false);
+
+ // Launch the application.
+ String[] runtimeArgs = new String[args.length - 1];
+diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/android/internal/os/ZygoteInit.java
+index 7ec8309e47d..e59cb784dc7 100644
+--- a/core/java/com/android/internal/os/ZygoteInit.java
++++ b/core/java/com/android/internal/os/ZygoteInit.java
+@@ -132,7 +132,7 @@ public class ZygoteInit {
+ */
+ private static ClassLoader sCachedSystemServerClassLoader = null;
+
+- static void preload(TimingsTraceLog bootTimingsTraceLog) {
++ static void preload(TimingsTraceLog bootTimingsTraceLog, boolean fullPreload) {
+ Log.d(TAG, "begin preload");
+ bootTimingsTraceLog.traceBegin("BeginPreload");
+ beginPreload();
+@@ -164,6 +164,10 @@ public class ZygoteInit {
+ sPreloadComplete = true;
+ }
+
++ static void preload(TimingsTraceLog bootTimingsTraceLog) {
++ preload(bootTimingsTraceLog, true);
++ }
++
+ public static void lazyPreload() {
+ Preconditions.checkState(!sPreloadComplete);
+ Log.i(TAG, "Lazily preloading resources.");
+--
+2.26.0
+
+
+From 4ffeae4cfb2f0acbb8080ab25ca6559c7329b80c Mon Sep 17 00:00:00 2001
+From: Daniel Micay
+Date: Wed, 11 Sep 2019 06:43:55 -0400
+Subject: [PATCH 05/12] pass through fullPreload to libcore
+
+---
+ core/java/com/android/internal/os/ZygoteInit.java | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/android/internal/os/ZygoteInit.java
+index e59cb784dc7..22e3f549dad 100644
+--- a/core/java/com/android/internal/os/ZygoteInit.java
++++ b/core/java/com/android/internal/os/ZygoteInit.java
+@@ -135,7 +135,7 @@ public class ZygoteInit {
+ static void preload(TimingsTraceLog bootTimingsTraceLog, boolean fullPreload) {
+ Log.d(TAG, "begin preload");
+ bootTimingsTraceLog.traceBegin("BeginPreload");
+- beginPreload();
++ beginPreload(fullPreload);
+ bootTimingsTraceLog.traceEnd(); // BeginPreload
+ bootTimingsTraceLog.traceBegin("PreloadClasses");
+ preloadClasses();
+@@ -157,7 +157,7 @@ public class ZygoteInit {
+ // Ask the WebViewFactory to do any initialization that must run in the zygote process,
+ // for memory sharing purposes.
+ WebViewFactory.prepareWebViewInZygote();
+- endPreload();
++ endPreload(fullPreload);
+ warmUpJcaProviders();
+ Log.d(TAG, "end preload");
+
+@@ -175,14 +175,14 @@ public class ZygoteInit {
+ preload(new TimingsTraceLog("ZygoteInitTiming_lazy", Trace.TRACE_TAG_DALVIK));
+ }
+
+- private static void beginPreload() {
++ private static void beginPreload(boolean fullPreload) {
+ Log.i(TAG, "Calling ZygoteHooks.beginPreload()");
+
+- ZygoteHooks.onBeginPreload();
++ ZygoteHooks.onBeginPreload(fullPreload);
+ }
+
+- private static void endPreload() {
+- ZygoteHooks.onEndPreload();
++ private static void endPreload(boolean fullPreload) {
++ ZygoteHooks.onEndPreload(fullPreload);
+
+ Log.i(TAG, "Called ZygoteHooks.endPreload()");
+ }
+--
+2.26.0
+
+
+From e2166aee853fad1b84fa17936d795535eaef374b Mon Sep 17 00:00:00 2001
+From: Daniel Micay
+Date: Tue, 14 May 2019 14:28:27 -0400
+Subject: [PATCH 06/12] disable OpenGL preloading for exec spawning
+
+---
+ core/java/com/android/internal/os/ZygoteInit.java | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/android/internal/os/ZygoteInit.java
+index 22e3f549dad..37be8d97987 100644
+--- a/core/java/com/android/internal/os/ZygoteInit.java
++++ b/core/java/com/android/internal/os/ZygoteInit.java
+@@ -149,9 +149,11 @@ public class ZygoteInit {
+ Trace.traceBegin(Trace.TRACE_TAG_DALVIK, "PreloadAppProcessHALs");
+ nativePreloadAppProcessHALs();
+ Trace.traceEnd(Trace.TRACE_TAG_DALVIK);
+- Trace.traceBegin(Trace.TRACE_TAG_DALVIK, "PreloadGraphicsDriver");
+- maybePreloadGraphicsDriver();
+- Trace.traceEnd(Trace.TRACE_TAG_DALVIK);
++ if (fullPreload) {
++ Trace.traceBegin(Trace.TRACE_TAG_DALVIK, "PreloadGraphicsDriver");
++ maybePreloadGraphicsDriver();
++ Trace.traceEnd(Trace.TRACE_TAG_DALVIK);
++ }
+ preloadSharedLibraries();
+ preloadTextResources();
+ // Ask the WebViewFactory to do any initialization that must run in the zygote process,
+--
+2.26.0
+
+
+From dff76e1e08bf67ebc5e4da8a2dcdf57a55e0d09b Mon Sep 17 00:00:00 2001
+From: Daniel Micay
+Date: Tue, 14 May 2019 14:28:52 -0400
+Subject: [PATCH 07/12] disable resource preloading for exec spawning
+
+---
+ core/java/com/android/internal/os/ZygoteInit.java | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/android/internal/os/ZygoteInit.java
+index 37be8d97987..34c9f8530a7 100644
+--- a/core/java/com/android/internal/os/ZygoteInit.java
++++ b/core/java/com/android/internal/os/ZygoteInit.java
+@@ -143,9 +143,11 @@ public class ZygoteInit {
+ bootTimingsTraceLog.traceBegin("CacheNonBootClasspathClassLoaders");
+ cacheNonBootClasspathClassLoaders();
+ bootTimingsTraceLog.traceEnd(); // CacheNonBootClasspathClassLoaders
+- bootTimingsTraceLog.traceBegin("PreloadResources");
+- preloadResources();
+- bootTimingsTraceLog.traceEnd(); // PreloadResources
++ if (fullPreload) {
++ bootTimingsTraceLog.traceBegin("PreloadResources");
++ preloadResources();
++ bootTimingsTraceLog.traceEnd(); // PreloadResources
++ }
+ Trace.traceBegin(Trace.TRACE_TAG_DALVIK, "PreloadAppProcessHALs");
+ nativePreloadAppProcessHALs();
+ Trace.traceEnd(Trace.TRACE_TAG_DALVIK);
+--
+2.26.0
+
+
+From 872568d6c67a63c411e33699b969b5b1563e58ce Mon Sep 17 00:00:00 2001
+From: Daniel Micay
+Date: Tue, 14 May 2019 14:30:59 -0400
+Subject: [PATCH 08/12] disable class preloading for exec spawning
+
+---
+ core/java/com/android/internal/os/ZygoteInit.java | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/android/internal/os/ZygoteInit.java
+index 34c9f8530a7..0404ef53ca0 100644
+--- a/core/java/com/android/internal/os/ZygoteInit.java
++++ b/core/java/com/android/internal/os/ZygoteInit.java
+@@ -137,9 +137,11 @@ public class ZygoteInit {
+ bootTimingsTraceLog.traceBegin("BeginPreload");
+ beginPreload(fullPreload);
+ bootTimingsTraceLog.traceEnd(); // BeginPreload
+- bootTimingsTraceLog.traceBegin("PreloadClasses");
+- preloadClasses();
+- bootTimingsTraceLog.traceEnd(); // PreloadClasses
++ if (fullPreload) {
++ bootTimingsTraceLog.traceBegin("PreloadClasses");
++ preloadClasses();
++ bootTimingsTraceLog.traceEnd(); // PreloadClasses
++ }
+ bootTimingsTraceLog.traceBegin("CacheNonBootClasspathClassLoaders");
+ cacheNonBootClasspathClassLoaders();
+ bootTimingsTraceLog.traceEnd(); // CacheNonBootClasspathClassLoaders
+--
+2.26.0
+
+
+From 230080cd158ef27c8fa3647dfa6f4c2cff4c70dd Mon Sep 17 00:00:00 2001
+From: Daniel Micay
+Date: Tue, 14 May 2019 14:31:29 -0400
+Subject: [PATCH 09/12] disable WebView reservation for exec spawning
+
+---
+ core/java/com/android/internal/os/ZygoteInit.java | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/android/internal/os/ZygoteInit.java
+index 0404ef53ca0..94e58405ce6 100644
+--- a/core/java/com/android/internal/os/ZygoteInit.java
++++ b/core/java/com/android/internal/os/ZygoteInit.java
+@@ -160,9 +160,11 @@ public class ZygoteInit {
+ }
+ preloadSharedLibraries();
+ preloadTextResources();
+- // Ask the WebViewFactory to do any initialization that must run in the zygote process,
+- // for memory sharing purposes.
+- WebViewFactory.prepareWebViewInZygote();
++ if (fullPreload) {
++ // Ask the WebViewFactory to do any initialization that must run in the zygote process,
++ // for memory sharing purposes.
++ WebViewFactory.prepareWebViewInZygote();
++ }
+ endPreload(fullPreload);
+ warmUpJcaProviders();
+ Log.d(TAG, "end preload");
+--
+2.26.0
+
+
+From f822fe138d5841cde0b154fa6f3a3d3200b58c07 Mon Sep 17 00:00:00 2001
+From: Daniel Micay
+Date: Tue, 14 May 2019 14:34:32 -0400
+Subject: [PATCH 10/12] disable JCA provider warm up for exec spawning
+
+---
+ .../com/android/internal/os/ZygoteInit.java | 22 ++++++++++---------
+ 1 file changed, 12 insertions(+), 10 deletions(-)
+
+diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/android/internal/os/ZygoteInit.java
+index 94e58405ce6..dbd24ef27d2 100644
+--- a/core/java/com/android/internal/os/ZygoteInit.java
++++ b/core/java/com/android/internal/os/ZygoteInit.java
+@@ -166,7 +166,7 @@ public class ZygoteInit {
+ WebViewFactory.prepareWebViewInZygote();
+ }
+ endPreload(fullPreload);
+- warmUpJcaProviders();
++ warmUpJcaProviders(fullPreload);
+ Log.d(TAG, "end preload");
+
+ sPreloadComplete = true;
+@@ -230,7 +230,7 @@ public class ZygoteInit {
+ * By doing it here we avoid that each app does it when requesting a service from the provider
+ * for the first time.
+ */
+- private static void warmUpJcaProviders() {
++ private static void warmUpJcaProviders(boolean fullPreload) {
+ long startTime = SystemClock.uptimeMillis();
+ Trace.traceBegin(
+ Trace.TRACE_TAG_DALVIK, "Starting installation of AndroidKeyStoreProvider");
+@@ -242,15 +242,17 @@ public class ZygoteInit {
+ + (SystemClock.uptimeMillis() - startTime) + "ms.");
+ Trace.traceEnd(Trace.TRACE_TAG_DALVIK);
+
+- startTime = SystemClock.uptimeMillis();
+- Trace.traceBegin(
+- Trace.TRACE_TAG_DALVIK, "Starting warm up of JCA providers");
+- for (Provider p : Security.getProviders()) {
+- p.warmUpServiceProvision();
++ if (fullPreload) {
++ startTime = SystemClock.uptimeMillis();
++ Trace.traceBegin(
++ Trace.TRACE_TAG_DALVIK, "Starting warm up of JCA providers");
++ for (Provider p : Security.getProviders()) {
++ p.warmUpServiceProvision();
++ }
++ Log.i(TAG, "Warmed up JCA providers in "
++ + (SystemClock.uptimeMillis() - startTime) + "ms.");
++ Trace.traceEnd(Trace.TRACE_TAG_DALVIK);
+ }
+- Log.i(TAG, "Warmed up JCA providers in "
+- + (SystemClock.uptimeMillis() - startTime) + "ms.");
+- Trace.traceEnd(Trace.TRACE_TAG_DALVIK);
+ }
+
+ /**
+--
+2.26.0
+
+
+From 430a93910f4a555e4e6f06b4f1634acb45e9d501 Mon Sep 17 00:00:00 2001
+From: Daniel Micay
+Date: Wed, 11 Sep 2019 06:57:24 -0400
+Subject: [PATCH 11/12] disable preloading classloaders for exec spawning
+
+---
+ core/java/com/android/internal/os/ZygoteInit.java | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/android/internal/os/ZygoteInit.java
+index dbd24ef27d2..bf6234b565e 100644
+--- a/core/java/com/android/internal/os/ZygoteInit.java
++++ b/core/java/com/android/internal/os/ZygoteInit.java
+@@ -142,9 +142,11 @@ public class ZygoteInit {
+ preloadClasses();
+ bootTimingsTraceLog.traceEnd(); // PreloadClasses
+ }
+- bootTimingsTraceLog.traceBegin("CacheNonBootClasspathClassLoaders");
+- cacheNonBootClasspathClassLoaders();
+- bootTimingsTraceLog.traceEnd(); // CacheNonBootClasspathClassLoaders
++ if (fullPreload) {
++ bootTimingsTraceLog.traceBegin("CacheNonBootClasspathClassLoaders");
++ cacheNonBootClasspathClassLoaders();
++ bootTimingsTraceLog.traceEnd(); // CacheNonBootClasspathClassLoaders
++ }
+ if (fullPreload) {
+ bootTimingsTraceLog.traceBegin("PreloadResources");
+ preloadResources();
+--
+2.26.0
+
+
+From fc75b053f8bcd15a019915f06d9ddea6c46abcec Mon Sep 17 00:00:00 2001
+From: Daniel Micay
+Date: Wed, 11 Sep 2019 06:58:51 -0400
+Subject: [PATCH 12/12] disable preloading HALs for exec spawning
+
+---
+ core/java/com/android/internal/os/ZygoteInit.java | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/android/internal/os/ZygoteInit.java
+index bf6234b565e..b00fd9969a5 100644
+--- a/core/java/com/android/internal/os/ZygoteInit.java
++++ b/core/java/com/android/internal/os/ZygoteInit.java
+@@ -152,9 +152,11 @@ public class ZygoteInit {
+ preloadResources();
+ bootTimingsTraceLog.traceEnd(); // PreloadResources
+ }
+- Trace.traceBegin(Trace.TRACE_TAG_DALVIK, "PreloadAppProcessHALs");
+- nativePreloadAppProcessHALs();
+- Trace.traceEnd(Trace.TRACE_TAG_DALVIK);
++ if (fullPreload) {
++ Trace.traceBegin(Trace.TRACE_TAG_DALVIK, "PreloadAppProcessHALs");
++ nativePreloadAppProcessHALs();
++ Trace.traceEnd(Trace.TRACE_TAG_DALVIK);
++ }
+ if (fullPreload) {
+ Trace.traceBegin(Trace.TRACE_TAG_DALVIK, "PreloadGraphicsDriver");
+ maybePreloadGraphicsDriver();
+--
+2.26.0
+
diff --git a/Patches/LineageOS-17.1/android_frameworks_opt_net_ims/0001-Fix_Calling.patch b/Patches/LineageOS-17.1/android_frameworks_opt_net_ims/0001-Fix_Calling.patch
new file mode 100644
index 00000000..3d1483c6
--- /dev/null
+++ b/Patches/LineageOS-17.1/android_frameworks_opt_net_ims/0001-Fix_Calling.patch
@@ -0,0 +1,54 @@
+From 9b44570bfb806930b33227e9a89467e2aeca490f Mon Sep 17 00:00:00 2001
+From: Tad
+Date: Tue, 14 Apr 2020 16:59:46 -0400
+Subject: [PATCH] Fix calling after VoLTE is removed from devices that had it
+ previously enabled
+
+Change-Id: I34cc1b7786446927751950386ebe729b43fa53f1
+---
+ src/java/com/android/ims/ImsManager.java | 22 +---------------------
+ 1 file changed, 1 insertion(+), 21 deletions(-)
+
+diff --git a/src/java/com/android/ims/ImsManager.java b/src/java/com/android/ims/ImsManager.java
+index 7c24c7d..058624d 100644
+--- a/src/java/com/android/ims/ImsManager.java
++++ b/src/java/com/android/ims/ImsManager.java
+@@ -466,12 +466,6 @@ public class ImsManager {
+ * {@link #isEnhanced4gLteModeSettingEnabledByUser()} instead.
+ */
+ public static boolean isEnhanced4gLteModeSettingEnabledByUser(Context context) {
+- ImsManager mgr = ImsManager.getInstance(context,
+- SubscriptionManager.getDefaultVoicePhoneId());
+- if (mgr != null) {
+- return mgr.isEnhanced4gLteModeSettingEnabledByUser();
+- }
+- loge("isEnhanced4gLteModeSettingEnabledByUser: ImsManager null, returning default value.");
+ return false;
+ }
+
+@@ -486,21 +480,7 @@ public class ImsManager {
+ * return the default value.
+ */
+ public boolean isEnhanced4gLteModeSettingEnabledByUser() {
+- int setting = SubscriptionManager.getIntegerSubscriptionProperty(
+- getSubId(), SubscriptionManager.ENHANCED_4G_MODE_ENABLED,
+- SUB_PROPERTY_NOT_INITIALIZED, mContext);
+- boolean onByDefault = getBooleanCarrierConfig(
+- CarrierConfigManager.KEY_ENHANCED_4G_LTE_ON_BY_DEFAULT_BOOL);
+-
+- // If Enhanced 4G LTE Mode is uneditable, hidden or not initialized, we use the default
+- // value
+- if (!getBooleanCarrierConfig(CarrierConfigManager.KEY_EDITABLE_ENHANCED_4G_LTE_BOOL)
+- || getBooleanCarrierConfig(CarrierConfigManager.KEY_HIDE_ENHANCED_4G_LTE_BOOL)
+- || setting == SUB_PROPERTY_NOT_INITIALIZED) {
+- return onByDefault;
+- } else {
+- return (setting == ProvisioningManager.PROVISIONING_VALUE_ENABLED);
+- }
++ return false;
+ }
+
+ /**
+--
+2.26.0
+
diff --git a/Patches/LineageOS-17.1/android_libcore/0001-Exec_Preload.patch b/Patches/LineageOS-17.1/android_libcore/0001-Exec_Preload.patch
new file mode 100644
index 00000000..c9f4574b
--- /dev/null
+++ b/Patches/LineageOS-17.1/android_libcore/0001-Exec_Preload.patch
@@ -0,0 +1,47 @@
+From d087128e25112c35cc9ca2694b503710fc43222d Mon Sep 17 00:00:00 2001
+From: Daniel Micay
+Date: Wed, 11 Sep 2019 06:46:38 -0400
+Subject: [PATCH] add parameter for avoiding full preload with exec
+
+---
+ dalvik/src/main/java/dalvik/system/ZygoteHooks.java | 4 ++--
+ mmodules/core_platform_api/api/platform/current-api.txt | 4 ++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/dalvik/src/main/java/dalvik/system/ZygoteHooks.java b/dalvik/src/main/java/dalvik/system/ZygoteHooks.java
+index 13769e137..af3b9cfe8 100644
+--- a/dalvik/src/main/java/dalvik/system/ZygoteHooks.java
++++ b/dalvik/src/main/java/dalvik/system/ZygoteHooks.java
+@@ -47,7 +47,7 @@ private ZygoteHooks() {
+ * Called when the zygote begins preloading classes and data.
+ */
+ @libcore.api.CorePlatformApi
+- public static void onBeginPreload() {
++ public static void onBeginPreload(boolean fullPreload) {
+ // Pin ICU data in memory from this point that would normally be held by soft references.
+ // Without this, any references created immediately below or during class preloading
+ // would be collected when the Zygote GC runs in gcAndFinalize().
+@@ -64,7 +64,7 @@ public static void onBeginPreload() {
+ * Called when the zygote has completed preloading classes and data.
+ */
+ @libcore.api.CorePlatformApi
+- public static void onEndPreload() {
++ public static void onEndPreload(boolean fullPreload) {
+ // All cache references created by ICU from this point will be soft.
+ CacheValue.setStrength(CacheValue.Strength.SOFT);
+ }
+diff --git a/mmodules/core_platform_api/api/platform/current-api.txt b/mmodules/core_platform_api/api/platform/current-api.txt
+index b2b81df41..cca689158 100644
+--- a/mmodules/core_platform_api/api/platform/current-api.txt
++++ b/mmodules/core_platform_api/api/platform/current-api.txt
+@@ -854,8 +854,8 @@ package dalvik.system {
+
+ public final class ZygoteHooks {
+ method public static void gcAndFinalize();
+- method public static void onBeginPreload();
+- method public static void onEndPreload();
++ method public static void onBeginPreload(boolean);
++ method public static void onEndPreload(boolean);
+ method public static void postForkChild(int, boolean, boolean, String);
+ method public static void postForkCommon();
+ method public static void postForkSystemServer();
diff --git a/Patches/LineageOS-17.1/android_libcore/0002-Exec_Based_Spawning.patch b/Patches/LineageOS-17.1/android_libcore/0002-Exec_Based_Spawning.patch
new file mode 100644
index 00000000..cac459e7
--- /dev/null
+++ b/Patches/LineageOS-17.1/android_libcore/0002-Exec_Based_Spawning.patch
@@ -0,0 +1,53 @@
+From ad05afeefb51c74813daf3a99eca2b23fc553c7c Mon Sep 17 00:00:00 2001
+From: Daniel Micay
+Date: Wed, 11 Sep 2019 06:47:11 -0400
+Subject: [PATCH] disable ICU cache pinning for exec spawning
+
+---
+ .../main/java/dalvik/system/ZygoteHooks.java | 26 +++++++++++--------
+ 1 file changed, 15 insertions(+), 11 deletions(-)
+
+diff --git a/dalvik/src/main/java/dalvik/system/ZygoteHooks.java b/dalvik/src/main/java/dalvik/system/ZygoteHooks.java
+index af3b9cfe8..35e880558 100644
+--- a/dalvik/src/main/java/dalvik/system/ZygoteHooks.java
++++ b/dalvik/src/main/java/dalvik/system/ZygoteHooks.java
+@@ -48,15 +48,17 @@ private ZygoteHooks() {
+ */
+ @libcore.api.CorePlatformApi
+ public static void onBeginPreload(boolean fullPreload) {
+- // Pin ICU data in memory from this point that would normally be held by soft references.
+- // Without this, any references created immediately below or during class preloading
+- // would be collected when the Zygote GC runs in gcAndFinalize().
+- CacheValue.setStrength(CacheValue.Strength.STRONG);
+-
+- // Explicitly exercise code to cache data apps are likely to need.
+- ULocale[] localesToPin = { ULocale.ROOT, ULocale.US, ULocale.getDefault() };
+- for (ULocale uLocale : localesToPin) {
+- new DecimalFormatSymbols(uLocale);
++ if (fullPreload) {
++ // Pin ICU data in memory from this point that would normally be held by soft references.
++ // Without this, any references created immediately below or during class preloading
++ // would be collected when the Zygote GC runs in gcAndFinalize().
++ CacheValue.setStrength(CacheValue.Strength.STRONG);
++
++ // Explicitly exercise code to cache data apps are likely to need.
++ ULocale[] localesToPin = { ULocale.ROOT, ULocale.US, ULocale.getDefault() };
++ for (ULocale uLocale : localesToPin) {
++ new DecimalFormatSymbols(uLocale);
++ }
+ }
+ }
+
+@@ -65,8 +67,10 @@ public static void onBeginPreload(boolean fullPreload) {
+ */
+ @libcore.api.CorePlatformApi
+ public static void onEndPreload(boolean fullPreload) {
+- // All cache references created by ICU from this point will be soft.
+- CacheValue.setStrength(CacheValue.Strength.SOFT);
++ if (fullPreload) {
++ // All cache references created by ICU from this point will be soft.
++ CacheValue.setStrength(CacheValue.Strength.SOFT);
++ }
+ }
+
+ /**
diff --git a/Patches/LineageOS-17.1/android_packages_apps_LineageParts/0001-Remove_Analytics.patch b/Patches/LineageOS-17.1/android_packages_apps_LineageParts/0001-Remove_Analytics.patch
new file mode 100644
index 00000000..68fa6e6d
--- /dev/null
+++ b/Patches/LineageOS-17.1/android_packages_apps_LineageParts/0001-Remove_Analytics.patch
@@ -0,0 +1,143 @@
+From 3f84183f612d5654645575c9969f58bfe2fccb8c Mon Sep 17 00:00:00 2001
+From: Tad
+Date: Tue, 14 Apr 2020 17:03:26 -0400
+Subject: [PATCH] Remove analytics
+
+Change-Id: I7f17bfdf094e0c1a9c15b28c72936de67eec235e
+---
+ AndroidManifest.xml | 25 -------------------------
+ proguard.flags | 1 -
+ res/values/config.xml | 3 ---
+ res/values/strings.xml | 22 ----------------------
+ res/xml/parts_catalog.xml | 5 -----
+ res/xml/trust_preferences.xml | 3 ---
+ 6 files changed, 59 deletions(-)
+
+diff --git a/AndroidManifest.xml b/AndroidManifest.xml
+index 0d36683..8c5fe86 100644
+--- a/AndroidManifest.xml
++++ b/AndroidManifest.xml
+@@ -231,31 +231,6 @@
+ android:resource="@string/summary_empty" />
+
+
+-
+-
+-
+-
+-
+-
+-
+-
+-
+-
+-
+-
+-
+-
+-
+
+
+
+-
+- https://stats.lineageos.org/api/v1/stats
+-
+
+ true
+
+diff --git a/res/values/strings.xml b/res/values/strings.xml
+index 418b478..d109e14 100644
+--- a/res/values/strings.xml
++++ b/res/values/strings.xml
+@@ -511,28 +511,6 @@
+ Total commits: %2$s
+ Last update: %3$s]]>
+
+-
+-
+- LineageOS statistics
+- Help make LineageOS better by opting into anonymous statistics reporting
+- About
+- Opting into LineageOS Statistics will allow non-personal data to be submitted to the
+- developers of LineageOS to track unique installations across devices. The information submitted includes an unique identifier,
+- which does not compromise your privacy or personal data. The data is submitted during each boot.\n\nFor an example of the data that is submitted, tap on Preview Data.
+- Enable reporting
+- Preview data
+- View stats
+- Learn more
+-
+-
+- Unique ID
+- Device
+- Version
+- Country
+- Carrier
+- Stats collection
+- Allow installation metrics and device statistics to be collected
+-
+
+ Auto-rotate screen
+ Rotation settings
+diff --git a/res/xml/parts_catalog.xml b/res/xml/parts_catalog.xml
+index a4346c7..ec04e60 100644
+--- a/res/xml/parts_catalog.xml
++++ b/res/xml/parts_catalog.xml
+@@ -70,11 +70,6 @@
+ android:fragment="org.lineageos.lineageparts.statusbar.StatusBarSettings"
+ lineage:xmlRes="@xml/status_bar_settings" />
+
+-
+-
+
+
+-
+-
+
+Date: Wed, 28 Feb 2018 08:12:03 -0500
+Subject: [PATCH] Remove analytics
+
+Change-Id: I189e9362c828569512e819cf655b03bfa3436830
+---
+ res/layout/setup_lineage_settings.xml | 36 -------------------
+ .../lineageos/setupwizard/FinishActivity.java | 12 -------
+ .../setupwizard/LineageSettingsActivity.java | 31 ----------------
+ .../lineageos/setupwizard/SetupWizardApp.java | 1 -
+ 4 files changed, 80 deletions(-)
+
+diff --git a/res/layout/setup_lineage_settings.xml b/res/layout/setup_lineage_settings.xml
+index b75af3c..15c2755 100644
+--- a/res/layout/setup_lineage_settings.xml
++++ b/res/layout/setup_lineage_settings.xml
+@@ -51,42 +51,6 @@
+ android:text="@string/services_explanation"
+ android:clickable="true"/>
+
+-
+-
+-
+-
+-
+-
+-
+-
+-
+-
+
+ {
+- boolean checked = !mMetrics.isChecked();
+- mMetrics.setChecked(checked);
+- mSetupWizardApp.getSettingsBundle().putBoolean(KEY_SEND_METRICS, checked);
+- };
+-
+ private View.OnClickListener mNavKeysClickListener = view -> {
+ boolean checked = !mNavKeys.isChecked();
+ mNavKeys.setChecked(checked);
+@@ -101,19 +93,6 @@ public class LineageSettingsActivity extends BaseSetupWizardActivity {
+ privacyPolicy.setMovementMethod(LinkMovementMethod.getInstance());
+ privacyPolicy.setText(ss);
+
+- View metricsRow = findViewById(R.id.metrics);
+- metricsRow.setOnClickListener(mMetricsClickListener);
+- String metricsHelpImproveLineage =
+- getString(R.string.services_help_improve_cm, getString(R.string.os_name));
+- String metricsSummary = getString(R.string.services_metrics_label,
+- metricsHelpImproveLineage, getString(R.string.os_name));
+- final SpannableStringBuilder metricsSpan = new SpannableStringBuilder(metricsSummary);
+- metricsSpan.setSpan(new android.text.style.StyleSpan(android.graphics.Typeface.BOLD),
+- 0, metricsHelpImproveLineage.length(), Spannable.SPAN_EXCLUSIVE_EXCLUSIVE);
+- TextView metrics = (TextView) findViewById(R.id.enable_metrics_summary);
+- metrics.setText(metricsSpan);
+- mMetrics = (CheckBox) findViewById(R.id.enable_metrics_checkbox);
+-
+ View navKeysRow = findViewById(R.id.nav_keys);
+ navKeysRow.setOnClickListener(mNavKeysClickListener);
+ mNavKeys = (CheckBox) findViewById(R.id.nav_keys_checkbox);
+@@ -130,7 +109,6 @@ public class LineageSettingsActivity extends BaseSetupWizardActivity {
+ public void onResume() {
+ super.onResume();
+ updateDisableNavkeysOption();
+- updateMetricsOption();
+ }
+
+ @Override
+@@ -164,15 +142,6 @@ public class LineageSettingsActivity extends BaseSetupWizardActivity {
+ return R.drawable.ic_features;
+ }
+
+- private void updateMetricsOption() {
+- final Bundle myPageBundle = mSetupWizardApp.getSettingsBundle();
+- boolean metricsChecked =
+- !myPageBundle.containsKey(KEY_SEND_METRICS) || myPageBundle
+- .getBoolean(KEY_SEND_METRICS);
+- mMetrics.setChecked(metricsChecked);
+- myPageBundle.putBoolean(KEY_SEND_METRICS, metricsChecked);
+- }
+-
+ private void updateDisableNavkeysOption() {
+ if (mSupportsKeyDisabler) {
+ final Bundle myPageBundle = mSetupWizardApp.getSettingsBundle();
+diff --git a/src/org/lineageos/setupwizard/SetupWizardApp.java b/src/org/lineageos/setupwizard/SetupWizardApp.java
+index 538c298..4e5b0ed 100644
+--- a/src/org/lineageos/setupwizard/SetupWizardApp.java
++++ b/src/org/lineageos/setupwizard/SetupWizardApp.java
+@@ -60,7 +60,6 @@ public class SetupWizardApp extends Application {
+ public static final String EXTRA_PREFS_SET_BACK_TEXT = "extra_prefs_set_back_text";
+
+ public static final String KEY_DETECT_CAPTIVE_PORTAL = "captive_portal_detection_enabled";
+- public static final String KEY_SEND_METRICS = "send_metrics";
+ public static final String DISABLE_NAV_KEYS = "disable_nav_keys";
+ public static final String KEY_BUTTON_BACKLIGHT = "pre_navbar_button_backlight";
+
+--
+2.26.0
+
diff --git a/Patches/LineageOS-17.1/android_packages_apps_Updater/0001-Server.patch b/Patches/LineageOS-17.1/android_packages_apps_Updater/0001-Server.patch
new file mode 100644
index 00000000..94d4def5
--- /dev/null
+++ b/Patches/LineageOS-17.1/android_packages_apps_Updater/0001-Server.patch
@@ -0,0 +1,36 @@
+From 3ef68d192b4c53db09111ee16246199757c4066b Mon Sep 17 00:00:00 2001
+From: Tad
+Date: Thu, 20 Sep 2018 16:43:46 -0400
+Subject: [PATCH] Switch to our update server
+
+Change-Id: I26dc2942736cf0cfe4e7b92ddfdd04b9d74dbae5
+---
+ src/org/lineageos/updater/misc/Utils.java | 11 ++---------
+ 1 file changed, 2 insertions(+), 9 deletions(-)
+
+diff --git a/src/org/lineageos/updater/misc/Utils.java b/src/org/lineageos/updater/misc/Utils.java
+index caf80c9..048d865 100644
+--- a/src/org/lineageos/updater/misc/Utils.java
++++ b/src/org/lineageos/updater/misc/Utils.java
+@@ -154,16 +154,9 @@ public class Utils {
+ String incrementalVersion = SystemProperties.get(Constants.PROP_BUILD_VERSION_INCREMENTAL);
+ String device = SystemProperties.get(Constants.PROP_NEXT_DEVICE,
+ SystemProperties.get(Constants.PROP_DEVICE));
+- String type = SystemProperties.get(Constants.PROP_RELEASE_TYPE).toLowerCase(Locale.ROOT);
++ String server = "0OTA_SERVER_CLEARNET0";
+
+- String serverUrl = SystemProperties.get(Constants.PROP_UPDATER_URI);
+- if (serverUrl.trim().isEmpty()) {
+- serverUrl = context.getString(R.string.updater_server_url);
+- }
+-
+- return serverUrl.replace("{device}", device)
+- .replace("{type}", type)
+- .replace("{incr}", incrementalVersion);
++ return server + "?base=LineageOS&device=" + device + "&inc=" + incrementalVersion;
+ }
+
+ public static String getUpgradeBlockedURL(Context context) {
+--
+2.26.0
+
diff --git a/Patches/LineageOS-17.1/android_packages_apps_Updater/0002-Tor_Support.patch b/Patches/LineageOS-17.1/android_packages_apps_Updater/0002-Tor_Support.patch
new file mode 100644
index 00000000..1e9443cb
--- /dev/null
+++ b/Patches/LineageOS-17.1/android_packages_apps_Updater/0002-Tor_Support.patch
@@ -0,0 +1,384 @@
+From 14bd0c11762e842c876c7c22c2f82ee1002e7186 Mon Sep 17 00:00:00 2001
+From: Tad
+Date: Thu, 20 Sep 2018 21:44:53 -0400
+Subject: [PATCH] Add support for routing over Tor
+
+Change-Id: Ibfe080c3d801af34fb64fda1b6b8f4f39a2b1ccf
+---
+ res/layout/preferences_dialog.xml | 8 +++
+ res/values/strings.xml | 2 +
+ .../lineageos/updater/UpdatesActivity.java | 12 ++++
+ .../updater/UpdatesCheckReceiver.java | 4 ++
+ .../updater/controller/UpdaterController.java | 8 +++
+ .../updater/download/DownloadClient.java | 8 ++-
+ .../download/HttpURLConnectionClient.java | 27 ++++++--
+ src/org/lineageos/updater/misc/Constants.java | 1 +
+ src/org/lineageos/updater/misc/Utils.java | 65 +++++++++++++++++++
+ 9 files changed, 130 insertions(+), 5 deletions(-)
+
+diff --git a/res/layout/preferences_dialog.xml b/res/layout/preferences_dialog.xml
+index e30c117..f5f3170 100644
+--- a/res/layout/preferences_dialog.xml
++++ b/res/layout/preferences_dialog.xml
+@@ -29,6 +29,14 @@
+ android:entries="@array/menu_auto_updates_check_interval_entries" />
+
+
++
++
+ Once a week
+ Once a month
+ Never
++ Perform requests over Tor
+ Delete updates when installed
+ Delete
+ Copy URL
+@@ -85,6 +86,7 @@
+ The download failed. Please check your internet connection and try again later.
+ The update verification failed.
+ Download completed.
++ Orbot is not installed, disabling Tor routing!
+
+ This update can\'t be installed on top of the current build.
+
+diff --git a/src/org/lineageos/updater/UpdatesActivity.java b/src/org/lineageos/updater/UpdatesActivity.java
+index ad001c8..4bebc17 100644
+--- a/src/org/lineageos/updater/UpdatesActivity.java
++++ b/src/org/lineageos/updater/UpdatesActivity.java
+@@ -343,10 +343,14 @@ public class UpdatesActivity extends UpdatesListActivity {
+
+ final DownloadClient downloadClient;
+ try {
++ if(Utils.isOnionRoutingEnabled(getApplicationContext())) {
++ Utils.requestStartOrbot(getApplicationContext());
++ }
+ downloadClient = new DownloadClient.Builder()
+ .setUrl(url)
+ .setDestination(jsonFileTmp)
+ .setDownloadCallback(callback)
++ .setUseOnionRouting(Utils.isOnionRoutingEnabled(getApplicationContext()))
+ .build();
+ } catch (IOException exception) {
+ Log.e(TAG, "Could not build download client");
+@@ -411,6 +415,7 @@ public class UpdatesActivity extends UpdatesListActivity {
+ View view = LayoutInflater.from(this).inflate(R.layout.preferences_dialog, null);
+ Spinner autoCheckInterval =
+ view.findViewById(R.id.preferences_auto_updates_check_interval);
++ Switch onionRouting = view.findViewById(R.id.preferences_onion_routing);
+ Switch autoDelete = view.findViewById(R.id.preferences_auto_delete_updates);
+ Switch dataWarning = view.findViewById(R.id.preferences_mobile_data_warning);
+ Switch abPerfMode = view.findViewById(R.id.preferences_ab_perf_mode);
+@@ -421,6 +426,7 @@ public class UpdatesActivity extends UpdatesListActivity {
+
+ SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
+ autoCheckInterval.setSelection(Utils.getUpdateCheckSetting(this));
++ onionRouting.setChecked(prefs.getBoolean(Constants.PREF_ONION_ROUTING, false));
+ autoDelete.setChecked(prefs.getBoolean(Constants.PREF_AUTO_DELETE_UPDATES, false));
+ dataWarning.setChecked(prefs.getBoolean(Constants.PREF_MOBILE_DATA_WARNING, true));
+ abPerfMode.setChecked(prefs.getBoolean(Constants.PREF_AB_PERF_MODE, false));
+@@ -432,6 +438,8 @@ public class UpdatesActivity extends UpdatesListActivity {
+ prefs.edit()
+ .putInt(Constants.PREF_AUTO_UPDATES_CHECK_INTERVAL,
+ autoCheckInterval.getSelectedItemPosition())
++ .putBoolean(Constants.PREF_ONION_ROUTING,
++ onionRouting.isChecked() && Utils.isOrbotInstalled(getApplicationContext()))
+ .putBoolean(Constants.PREF_AUTO_DELETE_UPDATES,
+ autoDelete.isChecked())
+ .putBoolean(Constants.PREF_MOBILE_DATA_WARNING,
+@@ -447,6 +455,10 @@ public class UpdatesActivity extends UpdatesListActivity {
+ UpdatesCheckReceiver.cancelUpdatesCheck(this);
+ }
+
++ if(onionRouting.isChecked() && !Utils.isOrbotInstalled(getApplicationContext())) {
++ showSnackbar(R.string.snack_orbot_not_available, Snackbar.LENGTH_LONG);
++ }
++
+ if (Utils.isABDevice()) {
+ boolean enableABPerfMode = abPerfMode.isChecked();
+ mUpdaterService.getUpdaterController().setPerformanceMode(enableABPerfMode);
+diff --git a/src/org/lineageos/updater/UpdatesCheckReceiver.java b/src/org/lineageos/updater/UpdatesCheckReceiver.java
+index 288cd1a..5769a21 100644
+--- a/src/org/lineageos/updater/UpdatesCheckReceiver.java
++++ b/src/org/lineageos/updater/UpdatesCheckReceiver.java
+@@ -110,10 +110,14 @@ public class UpdatesCheckReceiver extends BroadcastReceiver {
+ };
+
+ try {
++ if(Utils.isOnionRoutingEnabled(context)) {
++ Utils.requestStartOrbot(context);
++ }
+ DownloadClient downloadClient = new DownloadClient.Builder()
+ .setUrl(url)
+ .setDestination(jsonNew)
+ .setDownloadCallback(callback)
++ .setUseOnionRouting(Utils.isOnionRoutingEnabled(context))
+ .build();
+ downloadClient.start();
+ } catch (IOException e) {
+diff --git a/src/org/lineageos/updater/controller/UpdaterController.java b/src/org/lineageos/updater/controller/UpdaterController.java
+index 62f8ca7..07f9a61 100644
+--- a/src/org/lineageos/updater/controller/UpdaterController.java
++++ b/src/org/lineageos/updater/controller/UpdaterController.java
+@@ -358,12 +358,16 @@ public class UpdaterController {
+ update.setFile(destination);
+ DownloadClient downloadClient;
+ try {
++ if(Utils.isOnionRoutingEnabled(mContext)) {
++ Utils.requestStartOrbot(mContext);
++ }
+ downloadClient = new DownloadClient.Builder()
+ .setUrl(update.getDownloadUrl())
+ .setDestination(update.getFile())
+ .setDownloadCallback(getDownloadCallback(downloadId))
+ .setProgressListener(getProgressListener(downloadId))
+ .setUseDuplicateLinks(true)
++ .setUseOnionRouting(Utils.isOnionRoutingEnabled(mContext))
+ .build();
+ } catch (IOException exception) {
+ Log.e(TAG, "Could not build download client");
+@@ -398,6 +402,9 @@ public class UpdaterController {
+ verifyUpdateAsync(downloadId);
+ notifyUpdateChange(downloadId);
+ } else {
++ if(Utils.isOnionRoutingEnabled(mContext)) {
++ Utils.requestStartOrbot(mContext);
++ }
+ DownloadClient downloadClient;
+ try {
+ downloadClient = new DownloadClient.Builder()
+@@ -406,6 +413,7 @@ public class UpdaterController {
+ .setDownloadCallback(getDownloadCallback(downloadId))
+ .setProgressListener(getProgressListener(downloadId))
+ .setUseDuplicateLinks(true)
++ .setUseOnionRouting(Utils.isOnionRoutingEnabled(mContext))
+ .build();
+ } catch (IOException exception) {
+ Log.e(TAG, "Could not build download client");
+diff --git a/src/org/lineageos/updater/download/DownloadClient.java b/src/org/lineageos/updater/download/DownloadClient.java
+index 6a2a490..374e017 100644
+--- a/src/org/lineageos/updater/download/DownloadClient.java
++++ b/src/org/lineageos/updater/download/DownloadClient.java
+@@ -64,6 +64,7 @@ public interface DownloadClient {
+ private DownloadClient.DownloadCallback mCallback;
+ private DownloadClient.ProgressListener mProgressListener;
+ private boolean mUseDuplicateLinks;
++ private boolean mOnionRouting;
+
+ public DownloadClient build() throws IOException {
+ if (mUrl == null) {
+@@ -74,7 +75,7 @@ public interface DownloadClient {
+ throw new IllegalStateException("No download callback defined");
+ }
+ return new HttpURLConnectionClient(mUrl, mDestination, mProgressListener, mCallback,
+- mUseDuplicateLinks);
++ mUseDuplicateLinks, mOnionRouting);
+ }
+
+ public Builder setUrl(String url) {
+@@ -101,5 +102,10 @@ public interface DownloadClient {
+ mUseDuplicateLinks = useDuplicateLinks;
+ return this;
+ }
++
++ public Builder setUseOnionRouting(boolean onionRouting) {
++ mOnionRouting = onionRouting;
++ return this;
++ }
+ }
+ }
+diff --git a/src/org/lineageos/updater/download/HttpURLConnectionClient.java b/src/org/lineageos/updater/download/HttpURLConnectionClient.java
+index 2b7c80e..caeaf66 100644
+--- a/src/org/lineageos/updater/download/HttpURLConnectionClient.java
++++ b/src/org/lineageos/updater/download/HttpURLConnectionClient.java
+@@ -18,12 +18,16 @@ package org.lineageos.updater.download;
+ import android.os.SystemClock;
+ import android.util.Log;
+
++import org.lineageos.updater.misc.Utils;
++
+ import java.io.File;
+ import java.io.FileOutputStream;
+ import java.io.IOException;
+ import java.io.InputStream;
+ import java.io.OutputStream;
+ import java.net.HttpURLConnection;
++import java.net.InetSocketAddress;
++import java.net.Proxy;
+ import java.net.URL;
+ import java.util.Comparator;
+ import java.util.List;
+@@ -42,6 +46,7 @@ public class HttpURLConnectionClient implements DownloadClient {
+ private final DownloadClient.ProgressListener mProgressListener;
+ private final DownloadClient.DownloadCallback mCallback;
+ private final boolean mUseDuplicateLinks;
++ private final boolean mUseOnionRouting;
+
+ private DownloadThread mDownloadThread;
+
+@@ -60,8 +65,14 @@ public class HttpURLConnectionClient implements DownloadClient {
+ HttpURLConnectionClient(String url, File destination,
+ DownloadClient.ProgressListener progressListener,
+ DownloadClient.DownloadCallback callback,
+- boolean useDuplicateLinks) throws IOException {
+- mClient = (HttpURLConnection) new URL(url).openConnection();
++ boolean useDuplicateLinks, boolean useOnionRouting) throws IOException {
++ mUseOnionRouting = useOnionRouting;
++ if(mUseOnionRouting) {
++ Proxy orbot = new Proxy(Proxy.Type.SOCKS, new InetSocketAddress("127.0.0.1", 9050));
++ mClient = (HttpURLConnection) new URL(url).openConnection(orbot);
++ } else {
++ mClient = (HttpURLConnection) new URL(url).openConnection();
++ }
+ mDestination = destination;
+ mProgressListener = progressListener;
+ mCallback = callback;
+@@ -169,7 +180,12 @@ public class HttpURLConnectionClient implements DownloadClient {
+ private void changeClientUrl(URL newUrl) throws IOException {
+ String range = mClient.getRequestProperty("Range");
+ mClient.disconnect();
+- mClient = (HttpURLConnection) newUrl.openConnection();
++ if(mUseOnionRouting) {
++ Proxy orbot = new Proxy(Proxy.Type.SOCKS, new InetSocketAddress("127.0.0.1", 9050));
++ mClient = (HttpURLConnection) newUrl.openConnection(orbot);
++ } else {
++ mClient = (HttpURLConnection) newUrl.openConnection();
++ }
+ if (range != null) {
+ mClient.setRequestProperty("Range", range);
+ }
+@@ -224,7 +240,7 @@ public class HttpURLConnectionClient implements DownloadClient {
+ }
+ Log.d(TAG, "Downloading from " + newUrl);
+ changeClientUrl(url);
+- mClient.setConnectTimeout(5000);
++ mClient.setConnectTimeout(mUseOnionRouting ? 45000 : 5000);
+ mClient.connect();
+ if (!isSuccessCode(mClient.getResponseCode())) {
+ throw new IOException("Server replied with " + mClient.getResponseCode());
+@@ -246,6 +262,9 @@ public class HttpURLConnectionClient implements DownloadClient {
+ @Override
+ public void run() {
+ try {
++ if(mUseOnionRouting) {
++ Utils.waitUntilOrbotIsAvailable();
++ }
+ mClient.setInstanceFollowRedirects(!mUseDuplicateLinks);
+ mClient.connect();
+ int responseCode = mClient.getResponseCode();
+diff --git a/src/org/lineageos/updater/misc/Constants.java b/src/org/lineageos/updater/misc/Constants.java
+index 81e7c1a..46d8666 100644
+--- a/src/org/lineageos/updater/misc/Constants.java
++++ b/src/org/lineageos/updater/misc/Constants.java
+@@ -30,6 +30,7 @@ public final class Constants {
+
+ public static final String PREF_LAST_UPDATE_CHECK = "last_update_check";
+ public static final String PREF_AUTO_UPDATES_CHECK_INTERVAL = "auto_updates_check_interval";
++ public static final String PREF_ONION_ROUTING = "onion_routing";
+ public static final String PREF_AUTO_DELETE_UPDATES = "auto_delete_updates";
+ public static final String PREF_AB_PERF_MODE = "ab_perf_mode";
+ public static final String PREF_MOBILE_DATA_WARNING = "pref_mobile_data_warning";
+diff --git a/src/org/lineageos/updater/misc/Utils.java b/src/org/lineageos/updater/misc/Utils.java
+index 048d865..d1b5a74 100644
+--- a/src/org/lineageos/updater/misc/Utils.java
++++ b/src/org/lineageos/updater/misc/Utils.java
+@@ -45,6 +45,7 @@ import java.io.BufferedReader;
+ import java.io.File;
+ import java.io.FileReader;
+ import java.io.IOException;
++import java.net.Socket;
+ import java.util.ArrayList;
+ import java.util.Enumeration;
+ import java.util.HashSet;
+@@ -150,11 +151,75 @@ public class Utils {
+ return updates;
+ }
+
++ //Credit: https://stackoverflow.com/a/6758962
++ public static boolean isPackageInstalled(Context context, String packageID) {
++ PackageManager pm = context.getPackageManager();
++ try {
++ pm.getPackageInfo(packageID, PackageManager.GET_META_DATA);
++ } catch(PackageManager.NameNotFoundException e) {
++ return false;
++ }
++ return true;
++ }
++
++ public static boolean isOrbotInstalled(Context context) {
++ return isPackageInstalled(context, "org.torproject.android");
++ }
++
++ public static boolean isOnionRoutingEnabled(Context context) {
++ SharedPreferences preferences = PreferenceManager.getDefaultSharedPreferences(context);
++ return preferences.getBoolean(Constants.PREF_ONION_ROUTING, false);
++ }
++
++ //Credit: OrbotHelper/NetCipher
++ public static void requestStartOrbot(Context context) {
++ Intent intent = new Intent("org.torproject.android.intent.action.START");
++ intent.setPackage("org.torproject.android");
++ intent.putExtra("org.torproject.android.intent.extra.PACKAGE_NAME", context.getPackageName());
++ context.sendBroadcast(intent);
++ }
++
++ //Credit: https://www.geekality.net/2013/04/30/java-simple-check-to-see-if-a-server-is-listening-on-a-port/
++ public static boolean isPortListening(String host, int port) {
++ Socket s = null;
++ try {
++ s = new Socket(host, port);
++ return true;
++ } catch(Exception e) {
++ return false;
++ } finally {
++ if (s != null) {
++ try {
++ s.close();
++ } catch(Exception e1) {
++ }
++ }
++ }
++ }
++
++ public static boolean waitUntilOrbotIsAvailable() {
++ int tries = 0;
++ boolean listening;
++ while(!(listening = isPortListening("127.0.0.1", 9050)) && tries <= 60) {
++ tries++;
++ try {
++ Thread.sleep(1000);
++ } catch(Exception e) {
++
++ }
++ }
++ return listening;
++ }
++
+ public static String getServerURL(Context context) {
+ String incrementalVersion = SystemProperties.get(Constants.PROP_BUILD_VERSION_INCREMENTAL);
+ String device = SystemProperties.get(Constants.PROP_NEXT_DEVICE,
+ SystemProperties.get(Constants.PROP_DEVICE));
+ String server = "0OTA_SERVER_CLEARNET0";
++ String serverOnion = "0OTA_SERVER_ONION0";
++ if(serverOnion.toLowerCase().startsWith("http") && isOnionRoutingEnabled(context)) {
++ server = serverOnion;
++ }
+
+ return server + "?base=LineageOS&device=" + device + "&inc=" + incrementalVersion;
+ }
+--
+2.26.0
+
diff --git a/Patches/LineageOS-17.1/android_system_core/0001-Harden.patch b/Patches/LineageOS-17.1/android_system_core/0001-Harden.patch
new file mode 100644
index 00000000..f699db50
--- /dev/null
+++ b/Patches/LineageOS-17.1/android_system_core/0001-Harden.patch
@@ -0,0 +1,57 @@
+From 29240bc6aa37804757682d100fcf7484c8fb1122 Mon Sep 17 00:00:00 2001
+From: Daniel Micay
+Date: Mon, 12 Feb 2018 03:29:58 -0500
+Subject: [PATCH] Harden
+
+Change-Id: Idd2da6d9989ec554ce5b0841781d323fdcd9eb87
+---
+ init/first_stage_init.cpp | 6 +++---
+ rootdir/init.rc | 9 +++++++++
+ 2 files changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/init/first_stage_init.cpp b/init/first_stage_init.cpp
+index 2b899408a..84c2735c2 100644
+--- a/init/first_stage_init.cpp
++++ b/init/first_stage_init.cpp
+@@ -120,15 +120,15 @@ int FirstStageMain(int argc, char** argv) {
+ CHECKCALL(mount("tmpfs", "/dev", "tmpfs", MS_NOSUID, "mode=0755"));
+ CHECKCALL(mkdir("/dev/pts", 0755));
+ CHECKCALL(mkdir("/dev/socket", 0755));
+- CHECKCALL(mount("devpts", "/dev/pts", "devpts", 0, NULL));
++ CHECKCALL(mount("devpts", "/dev/pts", "devpts", MS_NOSUID|MS_NOEXEC, NULL));
+ #define MAKE_STR(x) __STRING(x)
+- CHECKCALL(mount("proc", "/proc", "proc", 0, "hidepid=2,gid=" MAKE_STR(AID_READPROC)));
++ CHECKCALL(mount("proc", "/proc", "proc", MS_NOSUID|MS_NODEV|MS_NOEXEC, "hidepid=2,gid=" MAKE_STR(AID_READPROC)));
+ #undef MAKE_STR
+ // Don't expose the raw commandline to unprivileged processes.
+ CHECKCALL(chmod("/proc/cmdline", 0440));
+ gid_t groups[] = {AID_READPROC};
+ CHECKCALL(setgroups(arraysize(groups), groups));
+- CHECKCALL(mount("sysfs", "/sys", "sysfs", 0, NULL));
++ CHECKCALL(mount("sysfs", "/sys", "sysfs", MS_NOSUID|MS_NODEV|MS_NOEXEC, NULL));
+ CHECKCALL(mount("selinuxfs", "/sys/fs/selinux", "selinuxfs", 0, NULL));
+
+ CHECKCALL(mknod("/dev/kmsg", S_IFCHR | 0600, makedev(1, 11)));
+diff --git a/rootdir/init.rc b/rootdir/init.rc
+index 58a83e091..a28db476b 100644
+--- a/rootdir/init.rc
++++ b/rootdir/init.rc
+@@ -140,6 +140,15 @@ on init
+ write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
+ write /proc/sys/kernel/sched_child_runs_first 0
+
++ write /proc/sys/kernel/dmesg_restrict 1
++ write /proc/sys/kernel/kptr_restrict 2
++ write /proc/sys/fs/protected_hardlinks 1
++ write /proc/sys/fs/protected_symlinks 1
++ write /proc/sys/fs/protected_fifos 1
++ write /proc/sys/fs/protected_regular 1
++ write /proc/sys/net/ipv4/tcp_sack 0
++ write /proc/sys/net/ipv6/conf/all/use_tempaddr 2
++ write /proc/sys/net/ipv6/conf/default/use_tempaddr 2
+ write /proc/sys/kernel/randomize_va_space 2
+ write /proc/sys/vm/mmap_min_addr 32768
+ write /proc/sys/net/ipv4/ping_group_range "0 2147483647"
+--
+2.26.0
+
diff --git a/Patches/LineageOS-17.1/android_system_core/0002-HM-Increase_vm_mmc.patch b/Patches/LineageOS-17.1/android_system_core/0002-HM-Increase_vm_mmc.patch
new file mode 100644
index 00000000..fa402f9e
--- /dev/null
+++ b/Patches/LineageOS-17.1/android_system_core/0002-HM-Increase_vm_mmc.patch
@@ -0,0 +1,22 @@
+From 95dc082ad7556e88bc10fc48cb19364fce1ae9ae Mon Sep 17 00:00:00 2001
+From: Daniel Micay
+Date: Thu, 13 Dec 2018 09:26:25 -0500
+Subject: [PATCH] increase max_map_count for hardened malloc
+
+---
+ rootdir/init.rc | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/rootdir/init.rc b/rootdir/init.rc
+index 0fa9febdd3c..c38761021b6 100644
+--- a/rootdir/init.rc
++++ b/rootdir/init.rc
+@@ -671,6 +671,8 @@ on boot
+ chown root system /sys/block/zram0/writeback
+ chmod 0664 /sys/block/zram0/writeback
+
++ write /proc/sys/vm/max_map_count 524240
++
+ # Tweak background writeout
+ write /proc/sys/vm/dirty_expire_centisecs 200
+ write /proc/sys/vm/dirty_background_ratio 5
diff --git a/Patches/LineageOS-17.1/android_system_extras/0001-ext4_pad_filenames.patch b/Patches/LineageOS-17.1/android_system_extras/0001-ext4_pad_filenames.patch
new file mode 100644
index 00000000..7fcfddd2
--- /dev/null
+++ b/Patches/LineageOS-17.1/android_system_extras/0001-ext4_pad_filenames.patch
@@ -0,0 +1,69 @@
+From 57f23bfb5c1d256a69684d07e2787a9b71621698 Mon Sep 17 00:00:00 2001
+From: Daniel Micay
+Date: Thu, 15 Dec 2016 17:22:41 -0500
+Subject: [PATCH] fscrypt: pad filenames to 32 bytes, not 16 or 4
+
+This is done in a way that's backwards compatible with old installations
+by leaving them with the previous padding settings until factory reset.
+---
+ libfscrypt/fscrypt.cpp | 26 ++++++++++++++++++++++++--
+ 1 file changed, 24 insertions(+), 2 deletions(-)
+
+diff --git a/libfscrypt/fscrypt.cpp b/libfscrypt/fscrypt.cpp
+index adeb66aa..7b707b9f 100644
+--- a/libfscrypt/fscrypt.cpp
++++ b/libfscrypt/fscrypt.cpp
+@@ -118,7 +118,7 @@ static bool is_dir_empty(const char *dirname, bool *is_empty)
+ return true;
+ }
+
+-static uint8_t fscrypt_get_policy_flags(int filenames_encryption_mode) {
++static uint8_t fscrypt_get_policy_flags_old(int filenames_encryption_mode) {
+ if (filenames_encryption_mode == FS_ENCRYPTION_MODE_AES_256_CTS) {
+ // Use legacy padding with our original filenames encryption mode.
+ return FS_POLICY_FLAGS_PAD_4;
+@@ -135,6 +135,18 @@ static uint8_t fscrypt_get_policy_flags(int filenames_encryption_mode) {
+ return FS_POLICY_FLAGS_PAD_16;
+ }
+
++static uint8_t fscrypt_get_policy_flags(int filenames_encryption_mode) {
++ if (filenames_encryption_mode == FS_ENCRYPTION_MODE_ADIANTUM) {
++ return FS_POLICY_FLAGS_PAD_32 | FS_POLICY_FLAG_DIRECT_KEY;
++ }
++ return FS_POLICY_FLAGS_PAD_32;
++}
++
++static bool fscrypt_policy_check(const char *directory, const char *policy,
++ size_t policy_length,
++ int contents_encryption_mode,
++ int filenames_encryption_mode);
++
+ static bool fscrypt_policy_set(const char *directory, const char *policy,
+ size_t policy_length,
+ int contents_encryption_mode,
+@@ -153,6 +165,14 @@ static bool fscrypt_policy_set(const char *directory, const char *policy,
+ }
+
+ fscrypt_policy fp;
++ memset(&fp, 0, sizeof(fscrypt_policy));
++
++ if (ioctl(fd, FS_IOC_GET_ENCRYPTION_POLICY, &fp) == 0) {
++ close(fd);
++ return fscrypt_policy_check(directory, policy, policy_length,
++ contents_encryption_mode, filenames_encryption_mode);
++ }
++
+ fp.version = 0;
+ fp.contents_encryption_mode = contents_encryption_mode;
+ fp.filenames_encryption_mode = filenames_encryption_mode;
+@@ -200,7 +220,9 @@ static bool fscrypt_policy_get(const char *directory, char *policy,
+ || (fp.contents_encryption_mode != contents_encryption_mode)
+ || (fp.filenames_encryption_mode != filenames_encryption_mode)
+ || (fp.flags !=
+- fscrypt_get_policy_flags(filenames_encryption_mode))) {
++ fscrypt_get_policy_flags(filenames_encryption_mode) &&
++ fp.flags !=
++ fscrypt_get_policy_flags_old(filenames_encryption_mode))) {
+ LOG(ERROR) << "Failed to find matching encryption policy for " << directory;
+ return false;
+ }
diff --git a/Patches/LineageOS-17.1/android_system_sepolicy/0001-LGE_Fixes.patch b/Patches/LineageOS-17.1/android_system_sepolicy/0001-LGE_Fixes.patch
new file mode 100644
index 00000000..09d44df2
--- /dev/null
+++ b/Patches/LineageOS-17.1/android_system_sepolicy/0001-LGE_Fixes.patch
@@ -0,0 +1,35 @@
+From acf37ef4f2f187641d1f0a8bd5a313ee46135ef9 Mon Sep 17 00:00:00 2001
+From: Tad
+Date: Tue, 14 Apr 2020 17:16:42 -0400
+Subject: [PATCH] Fix -user builds for many LGE devices
+
+Change-Id: I7d7e366f51d376ccba01fda9a2d5276c20cf77f4
+---
+ public/domain.te | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/public/domain.te b/public/domain.te
+index 6f3a19cd..87ca0e6c 100644
+--- a/public/domain.te
++++ b/public/domain.te
+@@ -597,6 +597,9 @@ neverallow {
+ -update_engine
+ } system_block_device:blk_file { write append };
+
++# Select devices have policies prevented by the following neverallow
++attribute misc_block_device_exception;
++
+ # No domains other than a select few can access the misc_block_device. This
+ # block device is reserved for OTA use.
+ # Do not assert this rule on userdebug/eng builds, due to some devices using
+@@ -614,6 +617,7 @@ neverallow {
+ -vold
+ -recovery
+ -ueventd
++ -misc_block_device_exception
+ } misc_block_device:blk_file { append link relabelfrom rename write open read ioctl lock };
+
+ # Only (hw|vnd|)servicemanager should be able to register with binder as the context manager
+--
+2.26.0
+
diff --git a/Scripts/Common/Deblob.sh b/Scripts/Common/Deblob.sh
index b0d0c230..fdad9044 100644
--- a/Scripts/Common/Deblob.sh
+++ b/Scripts/Common/Deblob.sh
@@ -689,6 +689,9 @@ find device -maxdepth 2 -mindepth 2 -type d -exec bash -c 'deblobDevice "$0"' {}
#find device -maxdepth 3 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'deblobSepolicy "{}"'; #Deblob all device sepolicy directories XXX: Breaks builds when other sepolicy files reference deleted ones
#find kernel -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'deblobKernel "{}"'; #Deblob all kernel directories
find vendor -name "*endor*.mk" -type f -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'deblobVendor "{}"'; #Deblob all makefiles
+find vendor -name "Android.bp" -type f -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'sed -i -E "s/apk.*("$blobs").*/apk: \"proprietary\/priv-app\/qcrilmsgtunnel\/qcrilmsgtunnel.apk\", enabled: false,/g" "{}"';
+find vendor -name "Android.bp" -type f -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'sed -i -E "s/jars.*("$blobs").*/jars: \[\"proprietary\/system\/framework\/qcrilhook.jar\"\], enabled: false,/g" "{}"';
+find vendor -name "Android.bp" -type f -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'sed -i -E "s/srcs.*("$blobs").*/srcs: \[\"proprietary\/vendor\/lib\/libtime_genoff.so\"\], enabled: false,/g" "{}"';
deblobVendors; #Deblob entire vendor directory
rm -rf frameworks/av/drm/mediadrm/plugins/clearkey; #Remove ClearKey
rm -rf vendor/samsung/nodevice;
diff --git a/Scripts/LineageOS-14.1/Rebrand.sh b/Scripts/LineageOS-14.1/Rebrand.sh
index cecc8d13..62b12b9d 100644
--- a/Scripts/LineageOS-14.1/Rebrand.sh
+++ b/Scripts/LineageOS-14.1/Rebrand.sh
@@ -21,7 +21,7 @@
echo "Rebranding...";
enter "bootable/recovery";
-sed -i 's|Android Recovery|'"$DOS_BRANDING_NAME"' Recovery|' ./*_ui.cpp;
+sed -i 's|Android Recovery|'"$DOS_BRANDING_NAME"' Recovery|' ./*ui.cpp;
enter "build";
sed -i 's|echo "ro.build.user=$USER"|echo "ro.build.user=emy"|' tools/buildinfo.sh; #Override build user
diff --git a/Scripts/LineageOS-15.1/Rebrand.sh b/Scripts/LineageOS-15.1/Rebrand.sh
index 3beb0eff..83d6abb4 100644
--- a/Scripts/LineageOS-15.1/Rebrand.sh
+++ b/Scripts/LineageOS-15.1/Rebrand.sh
@@ -27,7 +27,7 @@ rm res*/images/logo_image.png; #Remove logo images
mogrify -format png -fill "#FF5722" -opaque "#167C80" -fuzz 10% res-*/images/*sel.png; #Recolor icons
sed -i 's|grid_h \* 2 / 3|grid_h * 0.25|' screen_ui.cpp; #Center icons
sed -i 's|0x16, 0x7c, 0x80|0x03, 0xa9, 0xf4|' screen_ui.cpp; #Recolor text
-sed -i 's|Android Recovery|'"$DOS_BRANDING_NAME"' Recovery|' ./*_ui.cpp;
+sed -i 's|Android Recovery|'"$DOS_BRANDING_NAME"' Recovery|' ./*ui.cpp;
sed -i 's|LineageOS|'"$DOS_BRANDING_NAME"'|' ui.cpp;
enter "build/make";
diff --git a/Scripts/LineageOS-16.0/Patch.sh b/Scripts/LineageOS-16.0/Patch.sh
index e85ac5b7..eff5ad6f 100644
--- a/Scripts/LineageOS-16.0/Patch.sh
+++ b/Scripts/LineageOS-16.0/Patch.sh
@@ -30,9 +30,6 @@
#buildDevice [device]
#buildAll
-#Generate firmware deblobber
-#mka firmware_deblobber
-
#
#START OF PREPRATION
#
@@ -75,17 +72,11 @@ git revert --no-edit 271f6ffa045064abcac066e97f2cb53ccb3e5126 61f7ee9386be426fd4
patch -p1 < "$DOS_PATCHES_COMMON/android_build/0001-OTA_Keys.patch"; #add correct keys to recovery for OTA verification
awk -i inplace '!/PRODUCT_EXTRA_RECOVERY_KEYS/' core/product.mk;
sed -i '74i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk;
-#git revert --no-edit 47a0539fcce53cdcab3ee00afd6810acab26950b 3836ed2b2a7c2da6c9eae66700c7c6fabc0c5b9c ab0b2ca6a0d0d24131bcb779f1eb882bf97afd3c; #remove backuptool
-#patch -p1 < "$DOS_PATCHES/android_build/0001-rm_backuptool.patch";
enterAndClear "device/qcom/sepolicy-legacy";
patch -p1 < "$DOS_PATCHES/android_device_qcom_sepolicy-legacy/0001-Camera_Fix.patch"; #Fix camera on -user builds XXX: REMOVE THIS TRASH
echo "SELINUX_IGNORE_NEVERALLOWS := true" >> sepolicy.mk; #necessary for -user builds of legacy devices
-enterAndClear "external/ppp";
-git fetch "https://github.com/LineageOS/android_external_ppp" refs/changes/60/270360/1 && git cherry-pick FETCH_HEAD; #CVE-2020-8597_lineage-16.0
-git fetch "https://github.com/LineageOS/android_external_ppp" refs/changes/61/270361/1 && git cherry-pick FETCH_HEAD;
-
enterAndClear "external/svox";
git revert --no-edit 1419d63b4889a26d22443fd8df1f9073bf229d3d; #Add back Makefiles
sed -i '12iLOCAL_SDK_VERSION := current' pico/Android.mk; #Fix build under Pie
@@ -187,7 +178,6 @@ if [ "$DOS_HOSTS_BLOCKING" = true ]; then awk -i inplace '!/50-lineage.sh/' conf
awk -i inplace '!/PRODUCT_EXTRA_RECOVERY_KEYS/' config/common.mk; #Remove extra keys
awk -i inplace '!/security\/lineage/' config/common.mk; #Remove extra keys
awk -i inplace '!/WeatherProvider/' config/common.mk;
-#awk -i inplace '!/backuptool/' config/common.mk; #remove backuptool
awk -i inplace '!/def_backup_transport/' overlay/common/frameworks/base/packages/SettingsProvider/res/values/defaults.xml;
if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then awk -i inplace '!/AudioFX/' config/common.mk; fi;
if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then sed -i '/Google provider/!b;n;s/com.google.android.gms/org.microg.nlp/' overlay/common/frameworks/base/core/res/res/values/config.xml; fi;
diff --git a/Scripts/LineageOS-16.0/Rebrand.sh b/Scripts/LineageOS-16.0/Rebrand.sh
index a5cba0a7..cffc837d 100644
--- a/Scripts/LineageOS-16.0/Rebrand.sh
+++ b/Scripts/LineageOS-16.0/Rebrand.sh
@@ -27,7 +27,7 @@ rm res*/images/logo_image.png; #Remove logo images
mogrify -format png -fill "#FF5722" -opaque "#167C80" -fuzz 10% res-*/images/*sel.png; #Recolor icons
sed -i 's|grid_h \* 2 / 3|grid_h * 0.25|' screen_ui.cpp; #Center icons
sed -i 's|0x16, 0x7c, 0x80|0x03, 0xa9, 0xf4|' screen_ui.cpp; #Recolor text
-sed -i 's|Android Recovery|'"$DOS_BRANDING_NAME"' Recovery|' ./*_ui.cpp;
+sed -i 's|Android Recovery|'"$DOS_BRANDING_NAME"' Recovery|' ./*ui.cpp;
sed -i 's|LineageOS|'"$DOS_BRANDING_NAME"'|' ui.cpp;
enter "build/make";
diff --git a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_essential_msm8998.sh b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_essential_msm8998.sh
new file mode 100644
index 00000000..6574978c
--- /dev/null
+++ b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_essential_msm8998.sh
@@ -0,0 +1,97 @@
+#!/bin/bash
+cd "$DOS_BUILD_BASE""kernel/essential/msm8998"
+git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0016.patch
+git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0020.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0004.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0005.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0006.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0007.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0008.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0009.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0010.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0011.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0012.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0013.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0014.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0017.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0018.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7837/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-1583/^4.6.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6187/^4.6.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6693/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8394/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0610/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000252/^4.13.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13218/4.4/0018.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13218/4.4/0026.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13693/^4.12.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13694/^4.12.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14875/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0009.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18174/^4.7/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18204/^4.14.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18306/4.4/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9711/4.4/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11273/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11818/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11919/4.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11984/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11986/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11987/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11988/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11988/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-12010/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-13094/^4.17.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-13912/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-13913/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-13914/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-13917/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-13920/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5896/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5897/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5897/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5905/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5906/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5908/4.4/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5909/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5910/4.4/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7273/^4.15.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-8043/^4.15.8/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9415/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10494/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10503/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10503/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10515/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10524/ANY/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10555/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10567/ANY/0004.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10584/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10614/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10622/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12378/^5.1.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12456/^5.1.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14040/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14041/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-16994/^5.0/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19054/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19073/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19074/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2054/ANY/0011.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2054/ANY/0012.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2264/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2333/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2341/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/^4.20.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6693/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14875/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10622/ANY/0001.patch
+editKernelLocalversion "-dos.p93"
+cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_fairphone_msm8974.sh b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_fairphone_msm8974.sh
new file mode 100644
index 00000000..a6a1217a
--- /dev/null
+++ b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_fairphone_msm8974.sh
@@ -0,0 +1,107 @@
+#!/bin/bash
+cd "$DOS_BUILD_BASE""kernel/fairphone/msm8974"
+git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc/ANY/0009.patch
+git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc2/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc2/ANY/0004.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6544/^3.6/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3076/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3222/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3225/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3227/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3228/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3229/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3231/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-4470/^3.12/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-3688/^3.17.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-7975/^3.17/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-2042/^3.19/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-6937/^4.2.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7566/^4.4.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8746/^4.2.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8812/^4.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-10318/^4.7.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2085/^4.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2543/^4.4.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4485/^4.5.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4580/^4.5.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4913/^4.5.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5244/^4.6.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5828/^4.6.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6480/^4.7/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-7117/^4.5.2/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0786/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000363/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11473/^4.12.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-12153/3.2-^3.16/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-12762/^4.12/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13080/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13695/^4.12.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14489/^4.13.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15868/3.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16526/^4.13.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16532/^4.13.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16537/^4.13.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16650/^4.13.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0005.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17450/^4.14.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17805/^4.14.8/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18079/^4.12.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18203/^4.14.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18360/^4.11.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6348/^4.9.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7645/^4.10.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8824/^4.14.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9984/^4.11.7/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10021/^4.16/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10087/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10124/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10675/^4.12.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-1068/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-1068/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10879/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10879/3.4/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10880/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10940/^4.16.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11832/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-14634/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-15594/^4.18.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-16658/^4.18.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-18710/^4.19/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5332/^4.14.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5333/^4.14.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5750/^4.14.15/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5858/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7492/^4.14.7/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7757/^4.15.7/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-8781/^4.15/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9416/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9516/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10142/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10622/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14040/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15216/^5.0.14/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15807/^5.1.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15926/^5.2.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-17052/^5.3.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-18806/^5.3.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19066/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19073/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19074/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19524/^5.3.12/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19527/^5.2.10/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20054/^5.0.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20054/^5.0.6/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20096/^5.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2054/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-8649/^5.5.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-9383/^5.5.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/kernel.msm.git-9f34c6ebc016cd061ae5ec901221d15fa3d67e49.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10622/ANY/0001.patch
+editKernelLocalversion "-dos.p103"
+cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_google_marlin.sh b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_google_marlin.sh
new file mode 100644
index 00000000..49fe85f8
--- /dev/null
+++ b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_google_marlin.sh
@@ -0,0 +1,176 @@
+#!/bin/bash
+cd "$DOS_BUILD_BASE""kernel/google/marlin"
+git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc2/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc2/ANY/0004.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0019.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0020.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0021.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0022.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0023.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0024.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0025.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0026.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0027.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0028.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0029.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0030.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0031.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0032.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0033.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0034.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0035.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0036.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0037.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0040.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0041.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0042.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0043.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0044.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0045.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0046.patch
+#git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0048.patch
+#git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0049.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0050.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0011.patch
+git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0012.patch
+git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0013.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9900/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-1339/^4.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-2041/^3.19/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-2042/^3.19/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-5257/^4.2.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7515/^4.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7566/^4.4.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7837/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7884/^4.3.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7885/^4.3.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8104/^4.2.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8844/^4.3.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8845/^4.4.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8953/^4.2.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2069/^4.4.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2549/^4.4.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2782/^4.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3672/^4.5.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3857/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3906/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5244/^4.6.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5345/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5854/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5856/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5857/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5858/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5867/3.18/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5870/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6130/^4.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6187/^4.6.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6672/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6693/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6694/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6695/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8483/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8646/^4.3.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9191/3.11-^4.8.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-GadgetFS/ANY/0007.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-GadgetFS/ANY/0008.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-GadgetFS/ANY/0009.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-GadgetFS/ANY/0010.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0537/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0610/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0622/3.18/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0627/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0866/3.18/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000252/^4.13.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000371/^4.11.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11034/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11036/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11039/ANY/0001.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13162/3.18/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13220/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13693/^4.12.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13694/^4.12.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14883/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15827/3.18/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16650/^4.13.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0005.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0009.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18150/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18161/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18165/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-5669/^4.9.12/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-5972/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6348/^4.9.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7371/3.18/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7372/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9707/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-13094/^4.17.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-15594/^4.18.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-18690/^4.17/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-20836/^4.20/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7273/^4.15.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-8043/^4.15.8/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9415/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10142/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10555/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10567/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10614/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10622/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10638/^4.1/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-11486/^5.0.8/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-11833/^5.1.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-11884/^5.0.15/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12378/^5.1.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12456/^5.1.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12614/^5.1.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-13631/^5.2.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14040/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14041/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14049/ANY/0004.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14055/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15098/^5.2.8/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15212/^5.1.8/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15213/^5.2.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15214/^5.0.10/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15216/^5.0.14/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15666/^5.0.19/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15807/^5.1.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15926/^5.2.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-16994/^5.0/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-17052/^5.3.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-17133/^5.3.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-18806/^5.3.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19052/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19054/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19066/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19073/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19074/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19524/^5.3.12/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19527/^5.2.10/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19965/^5.4.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19966/^5.1.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20054/^5.0.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20054/^5.0.6/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20096/^5.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2290/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-3459/^5.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-3460/^5.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/^4.20.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0040/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-8649/^5.5.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-9383/^5.5.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/Untracked-01/ANY/0002-ozwpan-Use-unsigned-ints-to-prevent-heap-overflow.patch
+git apply $DOS_PATCHES_LINUX_CVES/Untracked-01/ANY/0005-tcp-fix-zero-cwnd-in-tcp_cwnd_reduction.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5853/3.18/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6693/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0610/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14883/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10622/ANY/0001.patch
+editKernelLocalversion "-dos.p172"
+cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_google_msm.sh b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_google_msm.sh
new file mode 100644
index 00000000..3af93ed9
--- /dev/null
+++ b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_google_msm.sh
@@ -0,0 +1,152 @@
+#!/bin/bash
+cd "$DOS_BUILD_BASE""kernel/google/msm"
+git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc/ANY/0009.patch
+git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc2/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc2/ANY/0004.patch
+git apply $DOS_PATCHES_LINUX_CVES/0005-Copperhead-Deny_USB/3.4/3.4-Backport.patch
+git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6544/^3.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6544/^3.6/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6544/^3.6/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6545/^3.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6545/^3.6/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6545/^3.6/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3076/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3222/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3224/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3225/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3227/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3228/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3229/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3231/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-4470/^3.12/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-4738/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-3688/^3.17.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-7975/^3.17/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9781/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-2042/^3.19/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-6937/^4.2.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7566/^4.4.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8746/^4.2.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8812/^4.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-10318/^4.7.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2085/^4.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2543/^4.4.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3857/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3894/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4485/^4.5.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4580/^4.5.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4913/^4.5.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5244/^4.6.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5828/^4.6.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6480/^4.7/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-7117/^4.5.2/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8404/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0611/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0648/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0710/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0751/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0786/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000111/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000363/ANY/0001.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11015/prima/0001.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11015/prima/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11176/^4.11.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11473/^4.12.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-12153/3.2-^3.16/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-12762/^4.12/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13080/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13246/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13305/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13695/^4.12.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14106/^4.12/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14489/^4.13.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15265/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16525/^4.13.8/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16526/^4.13.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16532/^4.13.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16533/^4.13.8/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16535/^4.13.10/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16537/^4.13.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16650/^4.13.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0005.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17450/^4.14.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17558/^4.14.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17805/^4.14.8/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17806/^4.14.8/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18079/^4.12.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18203/^4.14.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18360/^4.11.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7645/^4.10.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8246/3.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8254/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8254/3.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8824/^4.14.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9984/^4.11.7/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10021/^4.16/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10087/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10124/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10675/^4.12.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-1068/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-1068/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10879/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10879/3.4/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10880/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10882/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10883/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10902/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10940/^4.16.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11832/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11939/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-13053/^4.17.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-14634/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-15594/^4.18.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-16658/^4.18.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-18710/^4.19/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-20511/^4.18.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5332/^4.14.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5333/^4.14.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5750/^4.14.15/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7492/^4.14.7/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7757/^4.15.7/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-8781/^4.15/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9389/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9416/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9439/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9516/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10142/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10607/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14041/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15216/^5.0.14/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15807/^5.1.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15926/^5.2.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-17052/^5.3.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-18806/^5.3.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19066/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19073/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19074/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19524/^5.3.12/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19527/^5.2.10/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2001/^3.10/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20054/^5.0.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20054/^5.0.6/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20096/^5.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2054/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2101/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-3459/^5.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/^4.20.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-8649/^5.5.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-9383/^5.5.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/797912_0001-usb-gadget-Fix-synchronization-issue-between-f_audio.patch
+git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/870057_0001-wcnss-add-null-check-in-pm_ops-unregister.patch
+git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/kernel.msm.git-5d89eb01c93d8a62998e3bdccae28a7732e3bd51.patch
+git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/kernel.msm.git-7be3e08d7a523207486701b2d34607137558066f.patch
+git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/kernel.msm.git-9f34c6ebc016cd061ae5ec901221d15fa3d67e49.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6544/^3.6/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+editKernelLocalversion "-dos.p148"
+cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_htc_msm8974.sh b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_htc_msm8974.sh
new file mode 100644
index 00000000..f8b66b51
--- /dev/null
+++ b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_htc_msm8974.sh
@@ -0,0 +1,142 @@
+#!/bin/bash
+cd "$DOS_BUILD_BASE""kernel/htc/msm8974"
+git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc/ANY/0009.patch
+git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc2/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc2/ANY/0004.patch
+git apply $DOS_PATCHES_LINUX_CVES/0005-Copperhead-Deny_USB/3.4/3.4-Backport.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6544/^3.6/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3076/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3222/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3225/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3227/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3228/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3229/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3231/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-4470/^3.12/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-3688/^3.17.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-7975/^3.17/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9781/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-2042/^3.19/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-6937/^4.2.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7566/^4.4.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8746/^4.2.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8812/^4.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-10318/^4.7.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2085/^4.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2443/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2543/^4.4.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4485/^4.5.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4580/^4.5.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4913/^4.5.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5244/^4.6.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5828/^4.6.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6480/^4.7/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-7117/^4.5.2/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8404/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0610/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0786/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0861/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000111/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000363/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11039/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11090/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11176/^4.11.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11473/^4.12.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-12153/3.2-^3.16/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-12762/^4.12/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13215/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13246/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13305/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13695/^4.12.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14106/^4.12/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14489/^4.13.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15265/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15868/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15868/3.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15868/3.4/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16525/^4.13.8/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16526/^4.13.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16532/^4.13.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16533/^4.13.8/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16535/^4.13.10/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16537/^4.13.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16650/^4.13.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0005.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17450/^4.14.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17558/^4.14.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17805/^4.14.8/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17806/^4.14.8/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18079/^4.12.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18203/^4.14.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18360/^4.11.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7645/^4.10.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8266/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8824/^4.14.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9984/^4.11.7/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10021/^4.16/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10087/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10124/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10675/^4.12.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-1068/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-1068/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10879/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10879/3.4/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10880/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10882/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10883/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10902/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10940/^4.16.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11832/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11939/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-13053/^4.17.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-14634/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-15594/^4.18.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-16658/^4.18.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-18710/^4.19/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-20511/^4.18.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5332/^4.14.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5333/^4.14.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5750/^4.14.15/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5858/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7492/^4.14.7/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7757/^4.15.7/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-8781/^4.15/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9389/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9416/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9439/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9516/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10142/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10491/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10607/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10622/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14040/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15216/^5.0.14/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15807/^5.1.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15926/^5.2.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-17052/^5.3.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-18806/^5.3.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19066/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19073/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19074/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19524/^5.3.12/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19527/^5.2.10/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2001/^3.10/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20054/^5.0.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20054/^5.0.6/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20096/^5.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2054/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2101/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-3459/^5.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/^4.20.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-8649/^5.5.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-9383/^5.5.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/kernel.msm.git-9f34c6ebc016cd061ae5ec901221d15fa3d67e49.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10622/ANY/0001.patch
+editKernelLocalversion "-dos.p138"
+cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_lge_g3.sh b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_lge_g3.sh
new file mode 100644
index 00000000..25ea6c38
--- /dev/null
+++ b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_lge_g3.sh
@@ -0,0 +1,120 @@
+#!/bin/bash
+cd "$DOS_BUILD_BASE""kernel/lge/g3"
+git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc/ANY/0009.patch
+git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc2/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc2/ANY/0004.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6544/^3.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6544/^3.6/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6544/^3.6/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6545/^3.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6545/^3.6/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3076/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3222/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3224/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3225/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3227/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3228/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3229/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3231/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-4470/^3.12/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-3688/^3.17.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-7975/^3.17/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9781/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-2042/^3.19/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-6640/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-6937/^4.2.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7566/^4.4.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8746/^4.2.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8812/^4.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-10318/^4.7.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2085/^4.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2543/^4.4.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3857/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3892/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4485/^4.5.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4580/^4.5.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4913/^4.5.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5244/^4.6.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5828/^4.6.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6480/^4.7/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8404/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8406/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9576/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0610/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0611/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0786/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000363/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11090/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11473/^4.12.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-12762/^4.12/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13695/^4.12.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14489/^4.13.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16526/^4.13.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16532/^4.13.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16537/^4.13.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16650/^4.13.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0005.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17450/^4.14.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17805/^4.14.8/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18079/^4.12.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18203/^4.14.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18360/^4.11.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7645/^4.10.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8246/3.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8824/^4.14.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9984/^4.11.7/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10021/^4.16/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10087/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10124/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10675/^4.12.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-1068/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10883/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10940/^4.16.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11832/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11939/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-13053/^4.17.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-15594/^4.18.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-16658/^4.18.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-18710/^4.19/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-20511/^4.18.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5332/^4.14.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5333/^4.14.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5750/^4.14.15/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7492/^4.14.7/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7757/^4.15.7/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-8781/^4.15/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10142/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10491/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10607/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10622/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14040/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15216/^5.0.14/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15807/^5.1.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15926/^5.2.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-17052/^5.3.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-18806/^5.3.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19066/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19073/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19074/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19524/^5.3.12/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19527/^5.2.10/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20054/^5.0.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20054/^5.0.6/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20096/^5.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2054/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2101/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-3459/^5.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/^4.20.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-8649/^5.5.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-9383/^5.5.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/kernel.msm.git-9f34c6ebc016cd061ae5ec901221d15fa3d67e49.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6544/^3.6/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10622/ANY/0001.patch
+editKernelLocalversion "-dos.p116"
+cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_lge_mako.sh b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_lge_mako.sh
new file mode 100644
index 00000000..253760c0
--- /dev/null
+++ b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_lge_mako.sh
@@ -0,0 +1,141 @@
+#!/bin/bash
+cd "$DOS_BUILD_BASE""kernel/lge/mako"
+git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc/ANY/0009.patch
+git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc2/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc2/ANY/0004.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6544/^3.6/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6704/^3.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3076/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3222/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3225/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3227/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3228/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3229/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3231/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-4470/^3.12/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-4738/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-3688/^3.17.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-7975/^3.17/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-2042/^3.19/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-6937/^4.2.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7566/^4.4.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8746/^4.2.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8812/^4.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-10318/^4.7.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2085/^4.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2185/^4.5.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2186/^4.5.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2384/^4.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2543/^4.4.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2549/^4.4.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3138/^4.5.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3857/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4485/^4.5.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4580/^4.5.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4913/^4.5.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5244/^4.6.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5828/^4.6.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5829/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6480/^4.7/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6828/^4.7.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8399/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8406/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8650/^4.8.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9576/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9604/^4.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9793/^4.8.14/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9794/^4.7/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0751/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0786/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0861/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000363/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11176/^4.11.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11473/^4.12.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-12762/^4.12/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13695/^4.12.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14106/^4.12/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14489/^4.13.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16526/^4.13.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16532/^4.13.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16537/^4.13.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16650/^4.13.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0005.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17450/^4.14.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17558/^4.14.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17805/^4.14.8/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18079/^4.12.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18203/^4.14.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18360/^4.11.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-2671/^4.10.8/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6345/^4.9.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6348/^4.9.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6951/^3.14.79/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7645/^4.10.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8246/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8246/3.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8247/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8254/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8254/3.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8824/^4.14.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9242/^4.11.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9984/^4.11.7/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10021/^4.16/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10087/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10124/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10675/^4.12.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-1068/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10879/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10879/3.4/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10880/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10882/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10883/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10940/^4.16.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11832/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11939/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-13053/^4.17.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-15594/^4.18.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-16658/^4.18.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-18710/^4.19/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-20511/^4.18.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5332/^4.14.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5333/^4.14.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5750/^4.14.15/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7492/^4.14.7/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7757/^4.15.7/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-8781/^4.15/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9389/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9439/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9516/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10142/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10607/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14040/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15216/^5.0.14/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15807/^5.1.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15926/^5.2.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-17052/^5.3.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-18806/^5.3.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19066/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19073/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19074/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19524/^5.3.12/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19527/^5.2.10/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2001/^3.10/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20054/^5.0.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20054/^5.0.6/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20096/^5.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2054/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2101/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-3459/^5.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/^4.20.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-8649/^5.5.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-9383/^5.5.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/797912_0001-usb-gadget-Fix-synchronization-issue-between-f_audio.patch
+git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/870057_0001-wcnss-add-null-check-in-pm_ops-unregister.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+editKernelLocalversion "-dos.p137"
+cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_lge_msm8974.sh b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_lge_msm8974.sh
new file mode 100644
index 00000000..2fe6af0e
--- /dev/null
+++ b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_lge_msm8974.sh
@@ -0,0 +1,121 @@
+#!/bin/bash
+cd "$DOS_BUILD_BASE""kernel/lge/msm8974"
+git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc/ANY/0009.patch
+git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc2/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc2/ANY/0004.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6544/^3.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6544/^3.6/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6544/^3.6/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6545/^3.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6545/^3.6/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6545/^3.6/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3076/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3222/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3224/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3225/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3227/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3228/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3229/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3231/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-4470/^3.12/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-3688/^3.17.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-7975/^3.17/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-2042/^3.19/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-6937/^4.2.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7566/^4.4.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8746/^4.2.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8812/^4.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8939/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-0806/prima/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-0806/prima/0006.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-0806/prima/0007.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-0806/prima/0010.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-10318/^4.7.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2085/^4.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2543/^4.4.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4485/^4.5.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4580/^4.5.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4913/^4.5.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5244/^4.6.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5828/^4.6.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6480/^4.7/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6751/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0648/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0861/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000111/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000363/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11176/^4.11.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11473/^4.12.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-12762/^4.12/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13695/^4.12.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14106/^4.12/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14489/^4.13.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16526/^4.13.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16532/^4.13.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16537/^4.13.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16650/^4.13.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0005.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17450/^4.14.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17805/^4.14.8/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18079/^4.12.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18203/^4.14.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18360/^4.11.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7487/^4.11.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7645/^4.10.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8824/^4.14.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9984/^4.11.7/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10021/^4.16/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10087/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10124/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10675/^4.12.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-1068/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10883/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10940/^4.16.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11832/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11939/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-13053/^4.17.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-15594/^4.18.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-16658/^4.18.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-18710/^4.19/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-20511/^4.18.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5332/^4.14.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5333/^4.14.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5750/^4.14.15/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7492/^4.14.7/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7757/^4.15.7/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-8781/^4.15/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9439/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10142/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10491/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10607/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10622/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14040/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15216/^5.0.14/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15807/^5.1.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15926/^5.2.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-17052/^5.3.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-18806/^5.3.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19066/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19073/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19074/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19524/^5.3.12/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19527/^5.2.10/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20054/^5.0.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20054/^5.0.6/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20096/^5.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2054/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2101/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-3459/^5.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/^4.20.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-8649/^5.5.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-9383/^5.5.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/kernel.msm.git-9f34c6ebc016cd061ae5ec901221d15fa3d67e49.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6544/^3.6/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10622/ANY/0001.patch
+editKernelLocalversion "-dos.p117"
+cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_moto_shamu.sh b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_moto_shamu.sh
new file mode 100644
index 00000000..ad6b8f7f
--- /dev/null
+++ b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_moto_shamu.sh
@@ -0,0 +1,141 @@
+#!/bin/bash
+cd "$DOS_BUILD_BASE""kernel/moto/shamu"
+git apply $DOS_PATCHES_LINUX_CVES/0002-Misc_Fixes/ANY/0004.patch
+git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc2/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc2/ANY/0004.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0004-No_dir-relax.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0005.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0007.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0008.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0009.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0010.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0011.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0012.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0013.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0014.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0015.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0016.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0017.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0018.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-2898/^3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-4129/^3.10.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-4129/^3.10.3/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-4470/^3.12/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9730/^3.18.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-1339/^4.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-1420/3.2-^3.19.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-4170/3.10-^3.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-4177/^4.0.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-5307/^4.2.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-6937/^4.2.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7515/^4.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8215/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8746/^4.2.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8955/^4.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8967/^4.0/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-0758/^4.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2475/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3865/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3865/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3894/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5244/^4.6.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5828/^4.6.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5870/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6672/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6695/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8404/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8464/3.10/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9576/3.10/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0404/^3.18/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0524/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0537/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0627/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0648/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0824/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000252/^4.13.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11176/^4.11.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11473/^4.12.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11600/3.10/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-12762/^4.12/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13245/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13694/^4.12.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13695/^4.12.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14489/^4.13.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16526/^4.13.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16532/^4.13.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16537/^4.13.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16538/^4.13.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16538/^4.13.11/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16645/^4.13.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16650/^4.13.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17450/^4.14.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17558/^4.14.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17805/^4.14.8/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18079/^4.12.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18203/^4.14.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18255/^4.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18257/^4.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18360/^4.11.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-5972/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6345/^4.9.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7487/^4.11.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9242/^4.11.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9984/^4.11.7/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10021/^4.16/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10087/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10124/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10675/^4.12.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10940/^4.16.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11832/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-14734/^4.17.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-15594/^4.18.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-16658/^4.18.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-18710/^4.19/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-20511/^4.18.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-20836/^4.20/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5332/^4.14.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5333/^4.14.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5750/^4.14.15/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7273/^4.15.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7492/^4.14.7/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7757/^4.15.7/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-8781/^4.15/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10142/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10622/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-11486/^5.0.8/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12456/^5.1.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-13631/^5.2.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14040/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15098/^5.2.8/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15212/^5.1.8/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15213/^5.2.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15216/^5.0.14/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15807/^5.1.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15926/^5.2.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-17052/^5.3.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-18806/^5.3.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19066/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19073/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19074/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19527/^5.2.10/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19965/^5.4.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19966/^5.1.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20054/^5.0.6/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20096/^5.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2054/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-8649/^5.5.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-9383/^5.5.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/LVT-2017-0003/3.10/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/1035495_0001-cnss-Add-NULL-check-for-PM-related-APIs.patch
+git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/797912_0001-usb-gadget-Fix-synchronization-issue-between-f_audio.patch
+git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/870057_0001-wcnss-add-null-check-in-pm_ops-unregister.patch
+git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/kernel.msm.git-9f34c6ebc016cd061ae5ec901221d15fa3d67e49.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2475/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10622/ANY/0001.patch
+editKernelLocalversion "-dos.p137"
+cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_motorola_msm8974.sh b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_motorola_msm8974.sh
new file mode 100644
index 00000000..78eadc37
--- /dev/null
+++ b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_motorola_msm8974.sh
@@ -0,0 +1,162 @@
+#!/bin/bash
+cd "$DOS_BUILD_BASE""kernel/motorola/msm8974"
+git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc/ANY/0008.patch
+git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc/ANY/0009.patch
+git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc2/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc2/ANY/0004.patch
+git apply $DOS_PATCHES_LINUX_CVES/0005-Copperhead-Deny_USB/3.4/3.4-Backport.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6544/^3.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6544/^3.6/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6544/^3.6/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6545/^3.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6545/^3.6/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6545/^3.6/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3076/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3222/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3225/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3227/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3228/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3229/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3231/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-4470/^3.12/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-3688/^3.17.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-7975/^3.17/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-2042/^3.19/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-6937/^4.2.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7566/^4.4.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8746/^4.2.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8812/^4.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2085/^4.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2443/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2543/^4.4.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3865/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4485/^4.5.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4580/^4.5.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4913/^4.5.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5244/^4.6.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5828/^4.6.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6480/^4.7/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6672/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-7117/^4.5.2/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8406/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0524/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0611/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0648/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0710/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0751/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0786/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0861/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000111/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000363/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11000/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11090/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11176/^4.11.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11473/^4.12.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-12153/3.2-^3.16/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-12762/^4.12/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13215/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13246/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13305/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13695/^4.12.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14106/^4.12/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14489/^4.13.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15265/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15868/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15868/3.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15868/3.4/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16525/^4.13.8/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16526/^4.13.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16532/^4.13.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16533/^4.13.8/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16535/^4.13.10/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16537/^4.13.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16650/^4.13.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0005.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17450/^4.14.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17558/^4.14.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17805/^4.14.8/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17806/^4.14.8/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18079/^4.12.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18203/^4.14.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18360/^4.11.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6348/^4.9.13/0001.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7373/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7487/^4.11.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7645/^4.10.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8246/3.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8247/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8254/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8254/3.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8266/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8824/^4.14.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9684/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9984/^4.11.7/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10021/^4.16/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10087/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10124/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10675/^4.12.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-1068/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-1068/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10879/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10879/3.4/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10880/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10882/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10883/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10902/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10940/^4.16.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11832/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11939/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-13053/^4.17.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-14634/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-15594/^4.18.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-16658/^4.18.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-18710/^4.19/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-20511/^4.18.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5332/^4.14.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5333/^4.14.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5750/^4.14.15/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5858/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7492/^4.14.7/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7757/^4.15.7/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-8781/^4.15/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9389/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9416/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9439/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9516/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10142/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10491/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10607/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10622/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14040/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15216/^5.0.14/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15807/^5.1.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15926/^5.2.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-17052/^5.3.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-18806/^5.3.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19066/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19073/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19074/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19524/^5.3.12/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19527/^5.2.10/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2001/^3.10/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20054/^5.0.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20054/^5.0.6/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20096/^5.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2054/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2101/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-3459/^5.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/^4.20.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-8649/^5.5.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-9383/^5.5.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/797912_0001-usb-gadget-Fix-synchronization-issue-between-f_audio.patch
+git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/kernel.msm.git-9f34c6ebc016cd061ae5ec901221d15fa3d67e49.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6544/^3.6/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10622/ANY/0001.patch
+editKernelLocalversion "-dos.p158"
+cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_motorola_msm8996.sh b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_motorola_msm8996.sh
new file mode 100644
index 00000000..bc338bee
--- /dev/null
+++ b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_motorola_msm8996.sh
@@ -0,0 +1,194 @@
+#!/bin/bash
+cd "$DOS_BUILD_BASE""kernel/motorola/msm8996"
+git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/3.18/3.18.0121-0122.patch --exclude=Makefile
+git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc2/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc2/ANY/0004.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0019.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0020.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0022.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0023.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0025.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0026.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0027.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0028.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0029.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0030.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0031.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0032.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0033.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0034.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0035.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0036.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0037.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0040.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0041.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0042.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0043.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0045.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0046.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0050.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9900/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-1339/^4.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-2041/^3.19/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-2042/^3.19/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-5257/^4.2.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7515/^4.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7566/^4.4.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7837/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7884/^4.3.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7885/^4.3.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8104/^4.2.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8844/^4.3.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8845/^4.4.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8953/^4.2.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2069/^4.4.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2188/^4.5.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2188/^4.5.1/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2549/^4.4.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2782/^4.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3136/^4.5.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3137/^4.5.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3138/^4.5.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3140/^4.5.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3672/^4.5.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3857/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5244/^4.6.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6130/^4.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6187/^4.6.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6693/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8394/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8646/^4.3.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-GadgetFS/ANY/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-GadgetFS/ANY/0007.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-GadgetFS/ANY/0008.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-GadgetFS/ANY/0009.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-GadgetFS/ANY/0010.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0610/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000252/^4.13.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000371/^4.11.5/0001.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13162/3.18/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13218/3.18/0009.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13220/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13246/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13693/^4.12.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13694/^4.12.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14883/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15102/^4.8.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15853/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16532/^4.13.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16650/^4.13.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16914/^4.14.8/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0005.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0009.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17558/^4.14.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17762/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18360/^4.11.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-5669/^4.9.12/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-5972/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6001/^4.9.7/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6348/^4.9.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8251/3.18/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8924/^4.10.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8925/^4.10.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10883/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-13053/^4.17.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-13094/^4.17.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-13914/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-15594/^4.18.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-16658/^4.18.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-18021/^4.18.12/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-18690/^4.17/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-18710/^4.19/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-19985/^4.19.8/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-20511/^4.18.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-20836/^4.20/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5825/3.18/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5864/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5865/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5897/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7273/^4.15.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-8043/^4.15.8/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-8087/^4.15.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9415/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10142/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10486/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10491/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10503/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10524/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10524/ANY/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10529/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10555/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10567/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10622/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10638/^4.1/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-11486/^5.0.8/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-11833/^5.1.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-11884/^5.0.15/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12378/^5.1.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12456/^5.1.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12614/^5.1.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12818/^4.20.15/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12819/^5.0/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-13631/^5.2.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14040/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14041/ANY/0001.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14070/ANY/0004.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15098/^5.2.8/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15212/^5.1.8/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15213/^5.2.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15214/^5.0.10/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15216/^5.0.14/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15666/^5.0.19/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15807/^5.1.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15916/^5.0.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15926/^5.2.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15927/^4.20.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-16994/^5.0/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-17052/^5.3.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-17133/^5.3.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-18806/^5.3.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19052/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19054/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19066/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19073/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19074/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19524/^5.3.12/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19527/^5.2.10/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19965/^5.4.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19966/^5.1.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-1999/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20054/^5.0.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20054/^5.0.6/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20096/^5.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2054/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2054/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2054/ANY/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2054/ANY/0004.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2054/ANY/0005.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2054/ANY/0006.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2054/ANY/0007.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2054/ANY/0008.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2054/ANY/0009.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2054/ANY/0010.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2054/ANY/0011.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2054/ANY/0012.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2054/ANY/0013.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2101/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2333/ANY/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-3459/^5.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-3460/^5.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/^4.20.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-8649/^5.5.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-9383/^5.5.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6693/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0610/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14883/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10622/ANY/0001.patch
+editKernelLocalversion "-dos.p190"
+cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_razer_msm8998.sh b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_razer_msm8998.sh
new file mode 100644
index 00000000..632fb53f
--- /dev/null
+++ b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_razer_msm8998.sh
@@ -0,0 +1,55 @@
+#!/bin/bash
+cd "$DOS_BUILD_BASE""kernel/razer/msm8998"
+git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.4/4.4.0209-0210.patch --exclude=Makefile
+git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0016.patch
+git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0020.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0005.patch
+#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0010.patch
+#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0011.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0012.patch
+#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0013.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0014.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0017.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0018.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7837/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-1583/^4.6.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6187/^4.6.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6693/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8394/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0610/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000252/^4.13.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13218/4.4/0018.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13693/^4.12.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13694/^4.12.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14875/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0009.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18174/^4.7/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18204/^4.14.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9211/^4.11.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-13094/^4.17.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5897/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7273/^4.15.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-8043/^4.15.8/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9415/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10622/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12378/^5.1.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12456/^5.1.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12614/^5.1.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14763/^4.16.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-16994/^5.0/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19054/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19073/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19074/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19965/^5.4.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20096/^5.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/^4.20.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-8649/^5.5.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-9383/^5.5.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6693/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14875/ANY/0001.patch
+editKernelLocalversion "-dos.p51"
+cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_samsung_jf.sh b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_samsung_jf.sh
new file mode 100644
index 00000000..efea6f36
--- /dev/null
+++ b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_samsung_jf.sh
@@ -0,0 +1,157 @@
+#!/bin/bash
+cd "$DOS_BUILD_BASE""kernel/samsung/jf"
+git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc/ANY/0008.patch
+git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc/ANY/0009.patch
+git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc2/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc2/ANY/0004.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6544/^3.6/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3076/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3222/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3225/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3227/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3228/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3229/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3231/^3.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-4470/^3.12/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-4737/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-3688/^3.17.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-7975/^3.17/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-2042/^3.19/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-6937/^4.2.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7566/^4.4.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8746/^4.2.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8812/^4.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-10233/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-10318/^4.7.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2085/^4.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2185/^4.5.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2186/^4.5.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2475/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3854/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3857/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3865/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3894/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4485/^4.5.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4580/^4.5.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4913/^4.5.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5244/^4.6.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5828/^4.6.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6480/^4.7/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6672/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8404/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8646/^4.3.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0430/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0524/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0573/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0706/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0751/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0786/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0791/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000111/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000251/3.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000363/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-10663/^4.12.4/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11015/prima/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11015/prima/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11089/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11090/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11176/^4.11.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11473/^4.12.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-12762/^4.12/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13080/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13215/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13246/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13292/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13305/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13695/^4.12.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14106/^4.12/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14489/^4.13.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15265/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15868/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15868/3.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15868/3.4/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16525/^4.13.8/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16526/^4.13.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16532/^4.13.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16533/^4.13.8/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16535/^4.13.10/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16537/^4.13.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16650/^4.13.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0005.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17450/^4.14.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17558/^4.14.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17805/^4.14.8/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17806/^4.14.8/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18079/^4.12.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18203/^4.14.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18257/^4.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18360/^4.11.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7487/^4.11.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7645/^4.10.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8254/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8254/3.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8824/^4.14.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9984/^4.11.7/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10021/^4.16/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10087/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10124/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10675/^4.12.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-1068/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-1068/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10879/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10879/3.4/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10880/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10882/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10883/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10902/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10940/^4.16.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11832/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11939/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-15594/^4.18.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-16658/^4.18.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-18710/^4.19/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-20511/^4.18.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5332/^4.14.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5333/^4.14.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5750/^4.14.15/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7492/^4.14.7/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7757/^4.15.7/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-8781/^4.15/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9389/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9416/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9439/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9516/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10142/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14040/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15216/^5.0.14/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15807/^5.1.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15926/^5.2.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-17052/^5.3.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-18806/^5.3.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19066/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19073/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19074/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19524/^5.3.12/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19527/^5.2.10/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2001/^3.10/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20054/^5.0.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20054/^5.0.6/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20096/^5.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2054/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2101/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-3459/^5.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/^4.20.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-8649/^5.5.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-9383/^5.5.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/797912_0001-usb-gadget-Fix-synchronization-issue-between-f_audio.patch
+git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/870057_0001-wcnss-add-null-check-in-pm_ops-unregister.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2475/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+editKernelLocalversion "-dos.p153"
+cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_yandex_sdm660.sh b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_yandex_sdm660.sh
new file mode 100644
index 00000000..2f0e7ea5
--- /dev/null
+++ b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_yandex_sdm660.sh
@@ -0,0 +1,55 @@
+#!/bin/bash
+cd "$DOS_BUILD_BASE""kernel/yandex/sdm660"
+git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.4/4.4.0209-0210.patch --exclude=Makefile
+git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0016.patch
+git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0020.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0005.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0010.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0011.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0012.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0013.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0014.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0017.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0018.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7837/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-1583/^4.6.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6187/^4.6.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6693/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8394/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0610/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000252/^4.13.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13218/4.4/0018.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13693/^4.12.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13694/^4.12.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14875/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0009.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18174/^4.7/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18204/^4.14.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9211/^4.11.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-13094/^4.17.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5897/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7273/^4.15.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-8043/^4.15.8/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9415/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10622/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12378/^5.1.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12456/^5.1.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12614/^5.1.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14763/^4.16.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-16994/^5.0/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19054/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19073/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19074/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19965/^5.4.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20096/^5.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/^4.20.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-8649/^5.5.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-9383/^5.5.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6693/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14875/ANY/0001.patch
+editKernelLocalversion "-dos.p51"
+cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_zuk_msm8996.sh b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_zuk_msm8996.sh
new file mode 100644
index 00000000..b4a13ab9
--- /dev/null
+++ b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_zuk_msm8996.sh
@@ -0,0 +1,57 @@
+#!/bin/bash
+cd "$DOS_BUILD_BASE""kernel/zuk/msm8996"
+git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.4/4.4.0209-0210.patch --exclude=Makefile
+git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0016.patch
+git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0020.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0005.patch
+#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0010.patch
+#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0011.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0012.patch
+#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0013.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0014.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0017.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0018.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7837/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-1583/^4.6.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6187/^4.6.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6693/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8394/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0610/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000252/^4.13.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13218/4.4/0018.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13693/^4.12.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13694/^4.12.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14875/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14883/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0009.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18174/^4.7/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18204/^4.14.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9211/^4.11.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-13094/^4.17.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5897/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7273/^4.15.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-8043/^4.15.8/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9415/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10622/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12378/^5.1.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12456/^5.1.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12614/^5.1.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14763/^4.16.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-16994/^5.0/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19054/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19073/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19074/^5.3.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19965/^5.4.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20096/^5.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/^4.20.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-8649/^5.5.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-9383/^5.5.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6693/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14875/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14883/ANY/0001.patch
+editKernelLocalversion "-dos.p53"
+cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-17.1/Defaults.sh b/Scripts/LineageOS-17.1/Defaults.sh
new file mode 100644
index 00000000..014ed1cb
--- /dev/null
+++ b/Scripts/LineageOS-17.1/Defaults.sh
@@ -0,0 +1,45 @@
+#!/bin/bash
+#DivestOS: A privacy oriented Android distribution
+#Copyright (c) 2017-2020 Divested Computing Group
+#
+#This program is free software: you can redistribute it and/or modify
+#it under the terms of the GNU General Public License as published by
+#the Free Software Foundation, either version 3 of the License, or
+#(at your option) any later version.
+#
+#This program is distributed in the hope that it will be useful,
+#but WITHOUT ANY WARRANTY; without even the implied warranty of
+#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#GNU General Public License for more details.
+#
+#You should have received a copy of the GNU General Public License
+#along with this program. If not, see .
+
+#Changes various default settings
+#Last verified: 2020-04-14
+
+#Useful commands
+#nano $(find . -name "config.xml" | grep "values/" | grep -v "device" | grep -v "tests")
+#nano $(find . -name "defaults.xml" | grep "values/" | grep -v "device")
+
+echo "Changing default settings...";
+
+enter "packages/apps/Dialer";
+sed -i 's/ENABLE_FORWARD_LOOKUP, 1)/ENABLE_FORWARD_LOOKUP, 0)/' java/com/android/dialer/lookup/LookupSettings*.java; #Disable FLP
+sed -i 's/ENABLE_PEOPLE_LOOKUP, 1)/ENABLE_PEOPLE_LOOKUP, 0)/' java/com/android/dialer/lookup/LookupSettings*.java; #Disable PLP
+sed -i 's/ENABLE_REVERSE_LOOKUP, 1)/ENABLE_REVERSE_LOOKUP, 0)/' java/com/android/dialer/lookup/LookupSettings*.java; #Disable RLP
+
+enter "packages/apps/Nfc";
+sed -i 's/boolean NFC_ON_DEFAULT = true;/boolean NFC_ON_DEFAULT = false;/' src/com/android/nfc/NfcService.java; #Disable NFC
+sed -i 's/boolean NDEF_PUSH_ON_DEFAULT = true;/boolean NDEF_PUSH_ON_DEFAULT = false;/' src/com/android/nfc/NfcService.java; #Disable NDEF Push
+
+enter "packages/apps/Settings";
+sed -i 's/INSTANT_APPS_ENABLED, 1/INSTANT_APPS_ENABLED, 0/' src/com/android/settings/applications/managedomainurls/InstantAppWebActionPreferenceController.java; #Disable "Instant Apps"
+sed -i 's/DEFAULT_VALUE = 1;/DEFAULT_VALUE = 0.5f;/' src/com/android/settings/development/*ScalePreferenceController.java; #Always reset animation scales to 0.5
+
+enter "vendor/lineage";
+sed -i 's/ro.config.notification_sound=Argon.ogg/ro.config.notification_sound=Pong.ogg/' config/common.mk;
+sed -i 's/ro.config.alarm_alert=Hassium.ogg/ro.config.alarm_alert=Alarm_Buzzer.ogg/' config/common.mk;
+
+cd "$DOS_BUILD_BASE";
+echo "Default settings changed!";
diff --git a/Scripts/LineageOS-17.1/Functions.sh b/Scripts/LineageOS-17.1/Functions.sh
new file mode 100644
index 00000000..96aebe02
--- /dev/null
+++ b/Scripts/LineageOS-17.1/Functions.sh
@@ -0,0 +1,142 @@
+#!/bin/bash
+#DivestOS: A privacy oriented Android distribution
+#Copyright (c) 2017-2020 Divested Computing Group
+#
+#This program is free software: you can redistribute it and/or modify
+#it under the terms of the GNU General Public License as published by
+#the Free Software Foundation, either version 3 of the License, or
+#(at your option) any later version.
+#
+#This program is distributed in the hope that it will be useful,
+#but WITHOUT ANY WARRANTY; without even the implied warranty of
+#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#GNU General Public License for more details.
+#
+#You should have received a copy of the GNU General Public License
+#along with this program. If not, see .
+
+#Last verified: 2020-04-14
+
+patchAllKernels() {
+ startPatcher "kernel_essential_msm8998 kernel_fairphone_msm8974 kernel_google_marlin kernel_google_msm kernel_htc_msm8974 kernel_lge_g3 kernel_lge_mako kernel_lge_msm8974 kernel_moto_shamu kernel_motorola_msm8974 kernel_motorola_msm8996 kernel_razer_msm8998 kernel_samsung_jf kernel_yandex_sdm660 kernel_zuk_msm8996";
+}
+export -f patchAllKernels;
+
+resetWorkspace() {
+ repo forall -c 'git add -A && git reset --hard' && rm -rf out && repo sync -j20 --force-sync;
+}
+export -f resetWorkspace;
+
+scanWorkspaceForMalware() {
+ local scanQueue="$DOS_BUILD_BASE/android $DOS_BUILD_BASE/art $DOS_BUILD_BASE/bionic $DOS_BUILD_BASE/bootable $DOS_BUILD_BASE/build $DOS_BUILD_BASE/compatibility $DOS_BUILD_BASE/dalvik $DOS_BUILD_BASE/device $DOS_BUILD_BASE/hardware $DOS_BUILD_BASE/libcore $DOS_BUILD_BASE/libnativehelper $DOS_BUILD_BASE/packages $DOS_BUILD_BASE/pdk $DOS_BUILD_BASE/platform_testing $DOS_BUILD_BASE/sdk $DOS_BUILD_BASE/system";
+ scanQueue=$scanQueue" $DOS_BUILD_BASE/lineage-sdk $DOS_BUILD_BASE/vendor/lineage";
+ scanForMalware true "$scanQueue";
+}
+export -f scanWorkspaceForMalware;
+
+buildDevice() {
+ export OTA_KEY_OVERRIDE_DIR="$DOS_SIGNING_KEYS/$1";
+ brunch "lineage_$1-user" && processRelease $1 true $2;
+}
+export -f buildDevice;
+
+buildDeviceUserDebug() {
+ export OTA_KEY_OVERRIDE_DIR="$DOS_SIGNING_KEYS/$1";
+ brunch "lineage_$1-userdebug" && processRelease $1 true $2;
+}
+export -f buildDeviceUserDebug;
+
+buildDeviceDebug() {
+ unset OTA_KEY_OVERRIDE_DIR;
+ brunch "lineage_$1-eng";
+}
+export -f buildDeviceDebug;
+
+buildAll() {
+ if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanWorkspaceForMalware; fi;
+ if [ "$DOS_OPTIMIZE_IMAGES" = true ]; then optimizeImagesRecursive "$DOS_BUILD_BASE"; fi;
+ #SDS4P
+ buildDevice mako;
+ #SD600
+ buildDevice jfltexx;
+ #SD800
+ buildDevice d802;
+ #SD801
+ buildDevice d852;
+ buildDevice d855;
+ buildDevice FP2;
+ buildDevice m8;
+ buildDevice victara;
+ #SD805
+ buildDevice shamu verity;
+ #SD820
+ buildDevice griffin;
+ buildDevice z2_plus verity; #broken
+ #SD821
+ buildDevice marlin verity;
+ buildDevice sailfish verity;
+ #SD835
+ buildDevice cheryl;
+ buildDevice mata verity;
+ #SD660
+ buildDevice Amber verity;
+}
+export -f buildAll;
+
+patchWorkspace() {
+ if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi;
+
+ source build/envsetup.sh;
+ repopick 271078; #update webview
+
+ source "$DOS_SCRIPTS/Patch.sh";
+ source "$DOS_SCRIPTS/Defaults.sh";
+ source "$DOS_SCRIPTS/Rebrand.sh";
+ if [ "$DOS_OVERCLOCKS_ENABLED" = true ]; then source "$DOS_SCRIPTS_COMMON/Overclock.sh"; fi;
+ source "$DOS_SCRIPTS_COMMON/Optimize.sh";
+ source "$DOS_SCRIPTS_COMMON/Deblob.sh";
+ source "$DOS_SCRIPTS_COMMON/Patch_CVE.sh";
+ source build/envsetup.sh;
+
+ #Deblobbing fixes
+ ##setup-makefiles doesn't execute properly for some devices, running it twice seems to fix whatever is wrong
+ cd device/google/marlin/marlin && ./setup-makefiles.sh && cd "$DOS_BUILD_BASE";
+ cd device/google/marlin/sailfish && ./setup-makefiles.sh && cd "$DOS_BUILD_BASE";
+}
+export -f patchWorkspace;
+
+enableDexPreOpt() {
+ cd "$DOS_BUILD_BASE$1";
+ #Some devices won't compile, or have too small of a /system partition, or Wi-Fi breaks
+ if [ "$1" != "device/amazon/thor" ] && [ "$1" != "device/samsung/i9100" ] && [ "$1" != "device/samsung/maguro" ] && [ "$1" != "device/samsung/toro" ] && [ "$1" != "device/samsung/toroplus" ] && [ "$1" != "device/samsung/tuna" ] && [ "$1" != "device/lge/h850" ] && [ "$1" != "device/lge/mako" ] && [ "$1" != "device/asus/grouper" ]; then
+ if [ -f BoardConfig.mk ]; then
+ echo "WITH_DEXPREOPT := true" >> BoardConfig.mk;
+ echo "WITH_DEXPREOPT_PIC := true" >> BoardConfig.mk;
+ echo "WITH_DEXPREOPT_BOOT_IMG_AND_SYSTEM_SERVER_ONLY := true" >> BoardConfig.mk;
+ echo "Enabled dexpreopt for $1";
+ fi;
+ fi;
+ cd "$DOS_BUILD_BASE";
+}
+export -f enableDexPreOpt;
+
+enableDexPreOptFull() {
+ cd "$DOS_BUILD_BASE$1";
+ if [ -f BoardConfig.mk ]; then
+ sed -i "s/WITH_DEXPREOPT_BOOT_IMG_AND_SYSTEM_SERVER_ONLY := true/WITH_DEXPREOPT_BOOT_IMG_AND_SYSTEM_SERVER_ONLY := false/" BoardConfig.mk;
+ echo "Enabled full dexpreopt for $1";
+ fi;
+ cd "$DOS_BUILD_BASE";
+}
+export -f enableDexPreOptFull;
+
+enableLowRam() {
+ cd "$DOS_BUILD_BASE$1";
+ #if [ -f lineage.mk ]; then echo '$(call inherit-product, $(SRC_TARGET_DIR)/product/go_defaults.mk)' >> lineage.mk; fi;
+ if [ -f lineage.mk ]; then echo '$(call inherit-product, vendor/divested/build/target/product/lowram.mk)' >> lineage.mk; fi;
+ if [ -f BoardConfig.mk ]; then echo 'MALLOC_SVELTE := true' >> BoardConfig.mk; fi;
+ if [ -f BoardConfigCommon.mk ]; then echo 'MALLOC_SVELTE := true' >> BoardConfigCommon.mk; fi;
+ echo "Enabled lowram for $1";
+ cd "$DOS_BUILD_BASE";
+}
+export -f enableLowRam;
diff --git a/Scripts/LineageOS-17.1/Patch.sh b/Scripts/LineageOS-17.1/Patch.sh
new file mode 100644
index 00000000..3ef69034
--- /dev/null
+++ b/Scripts/LineageOS-17.1/Patch.sh
@@ -0,0 +1,257 @@
+#!/bin/bash
+#DivestOS: A privacy oriented Android distribution
+#Copyright (c) 2015-2020 Divested Computing Group
+#
+#This program is free software: you can redistribute it and/or modify
+#it under the terms of the GNU General Public License as published by
+#the Free Software Foundation, either version 3 of the License, or
+#(at your option) any later version.
+#
+#This program is distributed in the hope that it will be useful,
+#but WITHOUT ANY WARRANTY; without even the implied warranty of
+#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#GNU General Public License for more details.
+#
+#You should have received a copy of the GNU General Public License
+#along with this program. If not, see .
+
+#Last verified: 2020-04-14
+
+#Initialize aliases
+#source ../../Scripts/init.sh
+
+#Delete Everything and Sync
+#resetWorkspace
+
+#Apply all of our changes
+#patchWorkspace
+
+#Build!
+#buildDevice [device]
+#buildAll
+
+#
+#START OF PREPRATION
+#
+#Download some (non-executable) out-of-tree files for use later on
+cd "$DOS_TMP_DIR";
+if [ "$DOS_HOSTS_BLOCKING" = true ]; then $DOS_TOR_WRAPPER wget "$DOS_HOSTS_BLOCKING_LIST" -N; fi;
+cd "$DOS_BUILD_BASE";
+
+#Accept all SDK licences, not normally needed but Gradle managed apps fail without it
+mkdir -p "$ANDROID_HOME/licenses";
+echo -e "\n8933bad161af4178b1185d1a37fbf41ea5269c55\nd56f5187479451eabf01fb78af6dfcb131a6481e" > "$ANDROID_HOME/licenses/android-sdk-license";
+echo -e "\n84831b9409646a918e30573bab4c9c91346d8abd" > "$ANDROID_HOME/licenses/android-sdk-preview-license";
+#
+#END OF PREPRATION
+#
+
+#
+#START OF ROM CHANGES
+#
+
+#top dir
+cp -r "$DOS_PREBUILT_APPS""Backup" "$DOS_BUILD_BASE""packages/apps/";
+cp -r "$DOS_PREBUILT_APPS""Fennec_DOS-Shim" "$DOS_BUILD_BASE""packages/apps/"; #Add a shim to install Fennec DOS without actually including the large APK
+gpgVerifyDirectory "$DOS_PREBUILT_APPS""android_vendor_FDroid_PrebuiltApps/packages";
+cp -r "$DOS_PREBUILT_APPS""android_vendor_FDroid_PrebuiltApps/." "$DOS_BUILD_BASE""vendor/fdroid_prebuilt/"; #Add the prebuilt apps
+cp -r "$DOS_PATCHES_COMMON""android_vendor_divested/." "$DOS_BUILD_BASE""vendor/divested/"; #Add our vendor files
+
+enterAndClear "bionic";
+if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_bionic/0001-HM-Use_HM.patch"; fi; #(GrapheneOS)
+
+enterAndClear "bootable/recovery";
+#git revert --no-edit 4d361ff13b5bd61d5a6a5e95063b24b8a37a24ab; #Always enforcing #XXX 17REBASE
+#git revert --no-edit 37d729bf; #Fix USB on most devices #XXX 17REBASE
+#git revert --no-edit fe2901b144c515c5a90b547198aed37c209b5a82; #Resurrect dm-verity #XXX 17REBASE
+
+enterAndClear "build/make";
+#git revert --no-edit 271f6ffa045064abcac066e97f2cb53ccb3e5126 61f7ee9386be426fd4eadc2c8759362edb5bef8; #Add back PicoTTS and language files
+patch -p1 < "$DOS_PATCHES_COMMON/android_build/0001-OTA_Keys.patch"; #add correct keys to recovery for OTA verification
+awk -i inplace '!/PRODUCT_EXTRA_RECOVERY_KEYS/' core/product.mk;
+sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk;
+
+enterAndClear "device/qcom/sepolicy-legacy";
+patch -p1 < "$DOS_PATCHES/android_device_qcom_sepolicy-legacy/0001-Camera_Fix.patch"; #Fix camera on -user builds XXX: REMOVE THIS TRASH
+echo "SELINUX_IGNORE_NEVERALLOWS := true" >> sepolicy.mk; #necessary for -user builds of legacy devices
+
+enterAndClear "external/svox";
+git revert --no-edit 1419d63b4889a26d22443fd8df1f9073bf229d3d; #Add back Makefiles
+sed -i '12iLOCAL_SDK_VERSION := current' pico/Android.mk; #Fix build under Pie
+sed -i 's/about to delete/unable to delete/' pico/src/com/svox/pico/LangPackUninstaller.java;
+awk -i inplace '!/deletePackage/' pico/src/com/svox/pico/LangPackUninstaller.java;
+
+enterAndClear "frameworks/base";
+hardenLocationFWB "$DOS_BUILD_BASE"; #XXX 17REBASE
+sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox
+sed -i 's/DEFAULT_MAX_FILES_LOWRAM = 300;/DEFAULT_MAX_FILES_LOWRAM = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox
+sed -i 's/(notif.needNotify)/(true)/' location/java/com/android/internal/location/GpsNetInitiatedHandler.java; #Notify user when location is requested via SUPL
+sed -i 's/entry == null/entry == null || true/' core/java/android/os/RecoverySystem.java; #Skip update compatibiltity check XXX: TEMPORARY FIX
+sed -i 's/!Build.isBuildConsistent()/false/' services/core/java/com/android/server/wm/ActivityTaskManagerService.java; #Disable fingerprint mismatch warning XXX: TEMPORARY FIX
+#if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_base/0002-Signature_Spoofing.patch"; fi; #Allow packages to spoof their signature (microG) #XXX 17REBASE
+#if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_base/0003-Harden_Sig_Spoofing.patch"; fi; #Restrict signature spoofing to system apps signed with the platform key #XXX 17REBASE
+changeDefaultDNS;
+patch -p1 < "$DOS_PATCHES/android_frameworks_base/0006-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries
+patch -p1 < "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #always restrict access to Build.SERIAL (GrapheneOS)
+patch -p1 < "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #don't grant location permission to system browsers (GrapheneOS)
+patch -p1 < "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch"; #allow SystemUI to directly manage Bluetooth/WiFi (GrapheneOS)
+if [ "$DOS_GRAPHENE_EXEC" = true ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_base/0010-Exec_Based_Spawning.patch"; fi; #add exec-based spawning support (GrapheneOS)
+patch -p1 < "$DOS_PATCHES/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #don't send IMSI to SUPL (MSe)
+patch -p1 < "$DOS_PATCHES/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #enable fingerprint failed lockout after 5 attempts (GrapheneOS)
+rm -rf packages/PrintRecommendationService; #App that just creates popups to install proprietary print apps
+
+if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then
+enterAndClear "frameworks/opt/net/ims";
+patch -p1 < "$DOS_PATCHES/android_frameworks_opt_net_ims/0001-Fix_Calling.patch"; #Fix calling when IMS is removed
+fi
+
+if enter "kernel/wireguard"; then
+if [ "$DOS_WIREGUARD_INCLUDED" = false ]; then rm Android.mk; fi;
+#Remove system information from HTTP requests
+awk -i inplace '!/USER_AGENT=/' fetch.sh;
+sed -i '3iUSER_AGENT="WireGuard-AndroidROMBuild/0.2"' fetch.sh;
+fi;
+
+enterAndClear "libcore";
+if [ "$DOS_GRAPHENE_EXEC" = true ]; then patch -p1 < "$DOS_PATCHES/android_libcore/0001-Exec_Preload.patch"; fi; #add exec-based spawning support (GrapheneOS)
+if [ "$DOS_GRAPHENE_EXEC" = true ]; then patch -p1 < "$DOS_PATCHES/android_libcore/0002-Exec_Based_Spawning.patch"; fi; #add exec-based spawning support (GrapheneOS)
+
+enterAndClear "lineage-sdk";
+awk -i inplace '!/LineageWeatherManagerService/' lineage/res/res/values/config.xml; #Disable Weather
+if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then awk -i inplace '!/LineageAudioService/' lineage/res/res/values/config.xml; fi;
+
+enterAndClear "packages/apps/Contacts";
+patch -p1 < "$DOS_PATCHES_COMMON/android_packages_apps_Contacts/0001-No_Google_Links.patch"; #Remove Privacy Policy and Terms of Service links (GrapheneOS)
+
+enterAndClear "packages/apps/LineageParts";
+rm -rf src/org/lineageos/lineageparts/lineagestats/ res/xml/anonymous_stats.xml res/xml/preview_data.xml; #Nuke part of the analytics
+patch -p1 < "$DOS_PATCHES/android_packages_apps_LineageParts/0001-Remove_Analytics.patch"; #Remove analytics
+
+enterAndClear "packages/apps/Settings";
+git revert --no-edit 486980cfecce2ca64267f41462f9371486308e9d; #don't hide oem unlock
+sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase max password length (GrapheneOS)
+sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service
+if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/backup/PrivacySettingsUtils.java; fi; #microG doesn't support Backup, hide the options
+
+enterAndClear "packages/apps/SetupWizard";
+patch -p1 < "$DOS_PATCHES/android_packages_apps_SetupWizard/0001-Remove_Analytics.patch"; #Remove analytics
+
+enterAndClear "packages/apps/Trebuchet";
+cp $DOS_BUILD_BASE/vendor/divested/overlay/common/packages/apps/Trebuchet/res/xml/default_workspace_*.xml res/xml/; #XXX: TEMPORARY FIX
+
+enterAndClear "packages/apps/Updater";
+patch -p1 < "$DOS_PATCHES/android_packages_apps_Updater/0001-Server.patch"; #Switch to our server
+patch -p1 < "$DOS_PATCHES/android_packages_apps_Updater/0002-Tor_Support.patch"; #Add Tor support
+sed -i 's/PROP_BUILD_VERSION_INCREMENTAL);/PROP_BUILD_VERSION_INCREMENTAL).replaceAll("\\\\.", "");/' src/org/lineageos/updater/misc/Utils.java; #Remove periods from incremental version
+#TODO: Remove changelog
+
+enterAndClear "packages/inputmethods/LatinIME";
+patch -p1 < "$DOS_PATCHES_COMMON/android_packages_inputmethods_LatinIME/0001-Voice.patch"; #Remove voice input key
+
+enterAndClear "packages/services/Telephony";
+#patch -p1 < "$DOS_PATCHES/android_packages_services_Telephony/0001-PREREQ_Handle_All_Modes.patch"; #XXX 17REBASE
+#patch -p1 < "$DOS_PATCHES/android_packages_services_Telephony/0002-More_Preferred_Network_Modes.patch"; #XXX 17REBASE
+
+enterAndClear "system/extras"
+patch -p1 < "$DOS_PATCHES/android_system_extras/0001-ext4_pad_filenames.patch"; #FBE: pad filenames more (GrapheneOS)
+
+enterAndClear "system/core";
+if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file
+git revert --no-edit bd4142eab8b3cead0c25a2e660b4b048d1315d3c; #Always update recovery
+patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden.patch"; #Harden mounts with nodev/noexec/nosuid + misc sysfs changes (GrapheneOS)
+if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_system_core/0002-HM-Increase_vm_mmc.patch"; fi; #(GrapheneOS)
+
+enterAndClear "system/sepolicy";
+#patch -p1 < "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch"; #Fix -user builds for LGE devices #XXX 17REBASE
+awk -i inplace '!/true cannot be used in user builds/' Android.mk; #Allow ignoring neverallows under -user
+
+enterAndClear "vendor/lineage";
+rm build/target/product/security/lineage.x509.pem;
+rm -rf overlay/common/lineage-sdk/packages/LineageSettingsProvider/res/values/defaults.xml; #Remove analytics
+rm -rf verity_tool; #Resurrect dm-verity
+rm -rf overlay/common/frameworks/base/core/res/res/drawable-*/default_wallpaper.png;
+if [ "$DOS_HOSTS_BLOCKING" = true ]; then awk -i inplace '!/50-lineage.sh/' config/common.mk; fi; #Make sure our hosts is always used
+awk -i inplace '!/PRODUCT_EXTRA_RECOVERY_KEYS/' config/common.mk; #Remove extra keys
+awk -i inplace '!/security\/lineage/' config/common.mk; #Remove extra keys
+awk -i inplace '!/WeatherProvider/' config/common.mk;
+awk -i inplace '!/def_backup_transport/' overlay/common/frameworks/base/packages/SettingsProvider/res/values/defaults.xml;
+if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then awk -i inplace '!/AudioFX/' config/common.mk; fi;
+if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then sed -i '/Google provider/!b;n;s/com.google.android.gms/org.microg.nlp/' overlay/common/frameworks/base/core/res/res/values/config.xml; fi;
+sed -i 's/LINEAGE_BUILDTYPE := UNOFFICIAL/LINEAGE_BUILDTYPE := dos/' config/common.mk; #Change buildtype
+if [ "$DOS_NON_COMMERCIAL_USE_PATCHES" = true ]; then sed -i 's/LINEAGE_BUILDTYPE := dos/LINEAGE_BUILDTYPE := dosNC/' config/common.mk; fi;
+echo 'include vendor/divested/divestos.mk' >> config/common.mk; #Include our customizations
+
+enter "vendor/divested";
+#echo "PRODUCT_PACKAGES += Backup" >> packages.mk;
+if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then echo "PRODUCT_PACKAGES += GmsCore GsfProxy FakeStore" >> packages.mk; fi;
+if [ "$DOS_HOSTS_BLOCKING" = false ]; then echo "PRODUCT_PACKAGES += $DOS_HOSTS_BLOCKING_APP" >> packages.mk; fi;
+echo "PRODUCT_PACKAGES += vendor.lineage.trust@1.0-service" >> packages.mk; #All of our kernels have deny USB patch added
+#
+#END OF ROM CHANGES
+#
+
+#
+#START OF DEVICE CHANGES
+#
+
+enterAndClear "device/google/marlin";
+git revert --no-edit 777dafa35f185b1f501e3c80b8ab495191583444; #remove some carrier blobs
+
+enterAndClear "device/lge/g2-common";
+sed -i '3itypeattribute hwaddrs misc_block_device_exception;' sepolicy/hwaddrs.te;
+
+enterAndClear "device/lge/g3-common";
+sed -i '3itypeattribute hwaddrs misc_block_device_exception;' sepolicy/hwaddrs.te;
+sed -i '1itypeattribute wcnss_service misc_block_device_exception;' sepolicy/wcnss_service.te;
+
+enterAndClear "device/lge/mako";
+#git revert ; #restore releasetools #TODO
+#smallerSystem;
+#sed -i 's/1333788672/880803840/' BoardConfig.mk; #don't touch partitions! DOS -user fits with 40M free
+awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' BoardConfig.mk;
+
+#enterAndClear "device/moto/shamu";
+#git revert --no-edit 05fb49518049440f90423341ff25d4f75f10bc0c; #restore releasetools #TODO
+
+enterAndClear "kernel/google/marlin";
+git revert --no-edit dd4a454f080f60cc7c4f5cc281a48cba80947baf; #Resurrect dm-verity
+
+enter "vendor/google";
+echo "" > atv/atv-common.mk;
+
+#Make changes to all devices
+cd "$DOS_BUILD_BASE";
+if [ "$DOS_LOWRAM_ENABLED" = true ]; then find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'enableLowRam "{}"'; fi;
+find "hardware/qcom/gps" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
+find "device" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';
+find "device" -type d -name "overlay" -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationFWB "{}"';
+find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'enableDexPreOpt "{}"';
+find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'hardenUserdata "{}"';
+find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'hardenBootArgs "{}"';
+if [ "$DOS_STRONG_ENCRYPTION_ENABLED" = true ]; then find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'enableStrongEncryption "{}"'; fi;
+find "kernel" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenDefconfig "{}"';
+cd "$DOS_BUILD_BASE";
+deblobAudio;
+
+#Verity
+cat "$DOS_SIGNING_KEYS/Amber/verity.x509.pem" >> "kernel/yandex/sdm660/certs/verity.x509.pem";
+cat "$DOS_SIGNING_KEYS/cheryl/verity.x509.pem" >> "kernel/razer/msm8998/certs/verity.x509.pem";
+cat "$DOS_SIGNING_KEYS/mata/verity.x509.pem" >> "kernel/essential/msm8998/certs/verity.x509.pem";
+cat "$DOS_SIGNING_KEYS/z2_plus/verity.x509.pem" >> "kernel/zuk/msm8996/certs/verity.x509.pem";
+cp "$DOS_SIGNING_KEYS/Amber/verifiedboot_relkeys.der.x509" "kernel/yandex/sdm660/verifiedboot_Amber_dos_relkeys.der.x509";
+cp "$DOS_SIGNING_KEYS/cheryl/verifiedboot_relkeys.der.x509" "kernel/razer/msm8998/verifiedboot_cheryl_dos_relkeys.der.x509";
+cp "$DOS_SIGNING_KEYS/griffin/verifiedboot_relkeys.der.x509" "kernel/motorola/msm8996/verifiedboot_griffin_dos_relkeys.der.x509";
+cp "$DOS_SIGNING_KEYS/marlin/verifiedboot_relkeys.der.x509" "kernel/google/marlin/verifiedboot_marlin_dos_relkeys.der.x509";
+cp "$DOS_SIGNING_KEYS/sailfish/verifiedboot_relkeys.der.x509" "kernel/google/marlin/verifiedboot_sailfish_dos_relkeys.der.x509";
+cp "$DOS_SIGNING_KEYS/z2_plus/verifiedboot_relkeys.der.x509" "kernel/zuk/msm8996/verifiedboot_z2_plus_dos_relkeys.der.x509";
+
+#Fix broken options enabled by hardenDefconfig()
+sed -i "s/CONFIG_DEBUG_RODATA=y/# CONFIG_DEBUG_RODATA is not set/" kernel/google/msm/arch/arm/configs/lineageos_*_defconfig; #Breaks on compile
+sed -i "s/CONFIG_DEBUG_RODATA=y/# CONFIG_DEBUG_RODATA is not set/" kernel/lge/mako/arch/arm/configs/lineageos_*_defconfig; #Breaks on compile
+sed -i "s/CONFIG_DEBUG_RODATA=y/# CONFIG_DEBUG_RODATA is not set/" kernel/motorola/msm8974/arch/arm/configs/lineageos_*_defconfig; #Breaks on compile
+sed -i "s/CONFIG_STRICT_MEMORY_RWX=y/# CONFIG_STRICT_MEMORY_RWX is not set/" kernel/motorola/msm8996/arch/arm64/configs/*_defconfig; #Breaks on compile
+
+sed -i 's/YYLTYPE yylloc;/extern YYLTYPE yylloc;/' kernel/*/*/scripts/dtc/dtc-lexer.l*; #Fix builds with GCC 10
+#
+#END OF DEVICE CHANGES
+#
diff --git a/Scripts/LineageOS-17.1/Rebrand.sh b/Scripts/LineageOS-17.1/Rebrand.sh
new file mode 100644
index 00000000..5646ccd5
--- /dev/null
+++ b/Scripts/LineageOS-17.1/Rebrand.sh
@@ -0,0 +1,68 @@
+#!/bin/bash
+#DivestOS: A privacy oriented Android distribution
+#Copyright (c) 2017-2020 Divested Computing Group
+#
+#This program is free software: you can redistribute it and/or modify
+#it under the terms of the GNU General Public License as published by
+#the Free Software Foundation, either version 3 of the License, or
+#(at your option) any later version.
+#
+#This program is distributed in the hope that it will be useful,
+#but WITHOUT ANY WARRANTY; without even the implied warranty of
+#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#GNU General Public License for more details.
+#
+#You should have received a copy of the GNU General Public License
+#along with this program. If not, see .
+
+#Updates select user facing strings
+#Last verified: 2020-04-14
+
+echo "Rebranding...";
+
+enter "bootable/recovery";
+git revert --no-edit 7e46bc14b15fdeabfd16871137f403f89486b83c;
+#patch -p1 < "$DOS_PATCHES_COMMON/android_bootable_recovery/0001-Remove_Logo.patch"; #Remove logo rendering code #XXX 17REBASE
+#rm res*/images/logo_image.png; #Remove logo images
+mogrify -format png -fill "#FF5722" -opaque "#167C80" -fuzz 10% res-*/images/*sel.png; #Recolor icons
+sed -i 's|0x16, 0x7c, 0x80|0x03, 0xa9, 0xf4|' recovery_ui/*ui.cpp; #Recolor text
+sed -i 's|Android Recovery|'"$DOS_BRANDING_NAME"' Recovery|' recovery_ui/*ui.cpp;
+sed -i 's|LineageOS|'"$DOS_BRANDING_NAME"'|' recovery_ui/*ui.cpp;
+
+enter "build/make";
+sed -i 's|echo "ro.build.user=$BUILD_USERNAME"|echo "ro.build.user=emy"|' tools/buildinfo.sh; #Override build user
+sed -i 's|echo "ro.build.host=$BUILD_HOSTNAME"|echo "ro.build.host=dosbm"|' tools/buildinfo.sh; #Override build host
+
+enter "frameworks/base";
+generateBootAnimationMask "$DOS_BRANDING_NAME" "$DOS_BRANDING_BOOTANIMATION_FONT" core/res/assets/images/android-logo-mask.png;
+generateBootAnimationShine "$DOS_BRANDING_BOOTANIMATION_COLOR" "$DOS_BRANDING_BOOTANIMATION_STYLE" core/res/assets/images/android-logo-shine.png;
+
+enter "lineage-sdk";
+sed -i '/.*lineage_version/s/LineageOS/'"$DOS_BRANDING_NAME"'/' lineage/res/res/values*/strings.xml;
+sed -i '/.*lineage_updates/s/LineageOS/'"$DOS_BRANDING_NAME"'/' lineage/res/res/values*/strings.xml;
+sed -i '/.*lineageos_system_label/s/LineageOS/'"$DOS_BRANDING_NAME"'/' lineage/res/res/values*/strings.xml;
+
+enter "packages/apps/LineageParts";
+sed -i '/.*trust_feature_security_patches_explain/s/LineageOS/'"$DOS_BRANDING_NAME"'/' res/values*/strings.xml;
+
+enter "packages/apps/Settings";
+sed -i '/.*lineagelicense_title/s/LineageOS/'"$DOS_BRANDING_NAME"'/' res/values*/cm_strings.xml;
+
+enter "packages/apps/SetupWizard";
+sed -i 's|http://lineageos.org/legal|'"$DOS_BRANDING_LINK_PRIVACY"'|' src/org/lineageos/setupwizard/LineageSettingsActivity.java;
+sed -i '/.*setup_services/s/LineageOS/'"$DOS_BRANDING_NAME"'/' res/values*/strings.xml;
+sed -i '/.*services_explanation/s/LineageOS/'"$DOS_BRANDING_NAME"'/' res/values*/strings.xml;
+
+enter "packages/apps/Updater";
+sed -i 's|0OTA_SERVER_CLEARNET0|'"$DOS_BRANDING_SERVER_OTA"'|' src/org/lineageos/updater/misc/Utils.java;
+sed -i 's|0OTA_SERVER_ONION0|'"$DOS_BRANDING_SERVER_OTA_ONION"'|' src/org/lineageos/updater/misc/Utils.java;
+sed -i 's|>LineageOS|>'"$DOS_BRANDING_NAME"'|' res/values*/strings.xml;
+
+enter "vendor/lineage";
+sed -i 's|https://lineageos.org/legal|'"$DOS_BRANDING_LINK_ABOUT"'|' build/core/main_version.mk
+sed -i '/.*ZIPPATH=/s/lineage/'"$DOS_BRANDING_ZIP_PREFIX"'/' build/envsetup.sh;
+sed -i '/LINEAGE_TARGET_PACKAGE/s/lineage/'"$DOS_BRANDING_ZIP_PREFIX"'/' build/tasks/bacon.mk;
+rm -rf bootanimation;
+
+cd "$DOS_BUILD_BASE";
+echo "Rebranding complete!";