Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2024-10-01 01:35:54 -04:00
Code Issues Packages Projects Releases Wiki Activity

Verity enablement overhaul

Browse Source 
No change to AVB devices except for enabling on more
Verity devices have the potential to regress by not booting
No change to non-verity/avb devices
Tested working on: mata, cheeseburger, fajita

Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
Tad 2021-11-01 21:35:41 -04:00
parent 898c040ead
commit 809e03833e
15 changed files with 142 additions and 154 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Patches/LineageOS-18.1/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch
View File

@ -1,4 +1,4 @@
From 7a5981a55b49a3485ba7b42c5f0f0c8401d8304b Mon Sep 17 00:00:00 2001 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: MSe1969 <mse1969@posteo.de> From: MSe1969 <mse1969@posteo.de>
Date: Mon, 10 Sep 2018 12:05:40 +0200 Date: Mon, 10 Sep 2018 12:05:40 +0200
Subject: [PATCH] Network & Internet Settings: Add option to switch off Captive Subject: [PATCH] Network & Internet Settings: Add option to switch off Captive

3
Patches/LineageOS-18.1/android_packages_apps_Settings/0002-Sensors.patch
View File

@ -255,6 +255,3 @@ index 0000000000..2c29f3abfd
+ } + }
+ } + }
+} +}
--
2.32.0

3
Patches/LineageOS-18.1/android_packages_apps_Settings/0003-Remove_SensorsOff_Tile.patch
View File

@ -94,6 +94,3 @@ index 916c6c9291..fd92d17a60 100644
/** /**
* Tile to control the "Wireless debugging" developer setting * Tile to control the "Wireless debugging" developer setting
*/ */
--
2.32.0

3
Patches/LineageOS-18.1/android_packages_apps_Settings/0004-Private_DNS.patch
View File

@ -316,6 +316,3 @@ index 84cae88f85..4d62f64947 100644
case PRIVATE_DNS_MODE_OPPORTUNISTIC: case PRIVATE_DNS_MODE_OPPORTUNISTIC:
return dnsesResolved ? res.getString(R.string.private_dns_mode_on) return dnsesResolved ? res.getString(R.string.private_dns_mode_on)
: res.getString(R.string.private_dns_mode_opportunistic); : res.getString(R.string.private_dns_mode_opportunistic);
--
2.32.0

134
Scripts/Common/Enable_Verity.sh Normal file
View File

@ -0,0 +1,134 @@
#!/bin/bash
#DivestOS: A privacy focused mobile distribution
#Copyright (c) 2021 Divested Computing Group
#
#This program is free software: you can redistribute it and/or modify
#it under the terms of the GNU General Public License as published by
#the Free Software Foundation, either version 3 of the License, or
#(at your option) any later version.
#
#This program is distributed in the hope that it will be useful,
#but WITHOUT ANY WARRANTY; without even the implied warranty of
#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
#GNU General Public License for more details.
#
#You should have received a copy of the GNU General Public License
#along with this program. If not, see <https://www.gnu.org/licenses/>.
umask 0022;
set -euo pipefail;
source "$DOS_SCRIPTS_COMMON/Shell.sh";
cd "$DOS_BUILD_BASE";
echo "Enabling verity...";
enableVerity() {
if [ -d "$DOS_BUILD_BASE/$1" ]; then
cd "$DOS_BUILD_BASE/$1";
#TODO: skip if recoveryonly is set?
sed -i '/\/system/{/verify/!s|wait|wait,verify|}' fstab.* root/fstab.* rootdir/fstab.* rootdir/*/fstab.* &>/dev/null || true;
cd "$DOS_BUILD_BASE";
echo "Enabled verity for $1";
fi;
}
export -f enableVerity;
enableAVB() {
if [ -d "$DOS_BUILD_BASE/$1" ]; then
cd "$DOS_BUILD_BASE/$1";
sed -i 's/--set_hashtree_disabled_flag//' *.mk &>/dev/null || true;
sed -i 's/AVB_MAKE_VBMETA_IMAGE_ARGS += --flags 3/AVB_MAKE_VBMETA_IMAGE_ARGS += --flags 2/' *.mk &>/dev/null || true;
echo "Enabled AVB for $1";
cd "$DOS_BUILD_BASE";
fi;
}
export -f enableAVB;
#Device Changes
enableVerity "device/essential/mata";
enableVerity "device/google/dragon";
enableVerity "device/google/marlin";
enableVerity "device/google/sailfish";
enableVerity "device/htc/flounder";
enableVerity "device/huawei/angler";
enableVerity "device/lge/bullhead";
enableVerity "device/moto/shamu";
enableVerity "device/oneplus/cheeseburger";
enableVerity "device/oneplus/dumpling";
enableVerity "device/oneplus/msm8998-common";
enableVerity "device/oneplus/oneplus3";
enableVerity "device/razer/cheryl";
enableVerity "device/yandex/Amber";
enableVerity "device/zuk/msm8996-common";
enableVerity "device/zuk/z2_plus";
enableAVB "device/fairphone/FP3";
enableAVB "device/fxtec/pro1";
enableAVB "device/google/blueline";
enableAVB "device/google/bonito";
enableAVB "device/google/bramble";
enableAVB "device/google/coral";
enableAVB "device/google/crosshatch";
enableAVB "device/google/flame";
enableAVB "device/google/muskie";
enableAVB "device/google/redbull";
enableAVB "device/google/redfin";
enableAVB "device/google/sargo";
enableAVB "device/google/sunfish";
enableAVB "device/google/taimen";
enableAVB "device/google/wahoo";
enableAVB "device/google/walleye";
enableAVB "device/oneplus/avicii";
enableAVB "device/oneplus/enchilada";
enableAVB "device/oneplus/fajita";
enableAVB "device/oneplus/guacamole";
enableAVB "device/oneplus/guacamoleb";
enableAVB "device/oneplus/hotdog";
enableAVB "device/oneplus/hotdogb";
enableAVB "device/oneplus/sdm845-common";
enableAVB "device/oneplus/sm8150-common";
enableAVB "device/razer/aura";
enableAVB "device/xiaomi/alioth";
enableAVB "device/xiaomi/beryllium";
enableAVB "device/xiaomi/davinci";
enableAVB "device/xiaomi/lmi";
enableAVB "device/xiaomi/raphael";
enableAVB "device/xiaomi/sdm845-common";
enableAVB "device/xiaomi/sm6150-common";
enableAVB "device/xiaomi/sm8150-common";
enableAVB "device/xiaomi/sm8250-common";
enableAVB "device/xiaomi/vayu";
#Kernel Changes
sed -i 's/slotselect/slotselect,verify/' kernel/essential/msm8998/arch/arm64/boot/dts/essential/msm8998-mata-lineage.dtsi &>/dev/null || true; #/vendor
sed -i 's/wait/wait,verify/g' kernel/htc/flounder/arch/arm64/boot/dts/tegra132.dtsi &>/dev/null || true; #/system
sed -i 's/wait/wait,verify/g' kernel/moto/shamu/arch/arm/boot/dts/qcom/apq8084.dtsi &>/dev/null || true; #/system
sed -i 's/wait/wait,verify/g' kernel/oneplus/msm8996/arch/arm/boot/dts/qcom/15801/msm8996-mtp.dtsi &>/dev/null || true; #/system
sed -i 's/wait/wait,verify/g' kernel/oneplus/msm8998/arch/arm/boot/dts/qcom/cheeseburger.dtsi &>/dev/null || true; #/system and /vendor
sed -i 's/wait/wait,verify/g' kernel/oneplus/msm8998/arch/arm/boot/dts/qcom/dumpling.dtsi &>/dev/null || true; #/system and /vendor
sed -i 's/wait/wait,verify/g' kernel/zuk/msm8996/arch/arm/boot/dts/qcom/zuk/common.dtsi &>/dev/null || true; #/system and /vendor
#not used
#sed -i 's/wait/wait,verify/g' kernel/cyanogen/msm8916/arch/arm/boot/dts/qcom/msm8916.dtsi &>/dev/null || true; #/system
#sed -i 's/wait/wait,verify/g' kernel/cyanogen/msm8974/arch/arm/boot/dts/msm8974.dtsi &>/dev/null || true; #/system
#sed -i 's/wait/wait,verify/g' kernel/fairphone/msm8974/arch/arm/boot/dts/msm8974.dtsi &>/dev/null || true; #/system
#sed -i 's/wait/wait,verify/g' kernel/google/yellowstone/arm/boot/dts/tegra124-yellowstone.dts &>/dev/null || true; #/system
#sed -i 's/wait/wait,verify/g' kernel/htc/msm8974/arch/arm/boot/dts/msm8974.dtsi &>/dev/null || true; #/system
#sed -i 's/wait/wait,verify/g' kernel/htc/msm8994/arch/arm/boot/dts/qcom/msm8994.dtsi &>/dev/null || true; #/system
#sed -i 's/wait/wait,verify/g' kernel/lge/g3/arch/arm/boot/dts/msm8974.dtsi &>/dev/null || true; #/system
#sed -i 's/wait/wait,verify/g' kernel/lge/hammerhead/arm/boot/dts/msm8974-hammerhead/msm8974-hammerhead.dtsi &>/dev/null || true; #/system
#sed -i 's/wait/wait,verify/g' kernel/lge/msm8974/arch/arm/boot/dts/msm8974.dtsi &>/dev/null || true; #/system
#sed -i 's/wait/wait,verify/g' kernel/lge/msm8996/arch/arm/boot/dts/qcom/msm8996.dtsi &>/dev/null || true; #/system and /vendor
#sed -i 's/wait/wait,verify/g' kernel/motorola/msm8974/arch/arm/boot/dts/msm8974.dtsi &>/dev/null || true; #/system
#sed -i 's/wait/wait,verify/g' kernel/nextbit/ether/arch/arm/boot/dts/qcom/msm8992.dtsi &>/dev/null || true; #/system
#sed -i 's/wait/wait,verify/g' kernel/oneplus/msm8974/arch/arm/boot/dts/msm8974.dtsi &>/dev/null || true; #/system
#sed -i 's/wait/wait,verify/g' kernel/oneplus/msm8994/arch/arm/boot/dts/qcom/msm8994.dtsi &>/dev/null || true; #/system
#sed -i 's/wait/wait,verify/g' kernel/oppo/msm8974/arch/arm/boot/dts/msm8974.dtsi &>/dev/null || true; #/system
#sed -i 's/wait/wait,verify/g' kernel/samsung/msm8974/arch/arm/boot/dts/msm8974.dtsi &>/dev/null || true; #/system
#sed -i 's/wait/wait,verify/g' kernel/xiaomi/msm8937/arm64/boot/dts/xiaomi/common/msm8937.dtsi &>/dev/null || true; #/system and /vendor
#sed -i 's/wait/wait,verify/g' kernel/zte/msm8996/arch/arm/boot/dts/qcom/msm8996.dtsi &>/dev/null || true; #/system and /vendor
#sed -i 's/wait/wait,verify/g' kernel/zte/msm8996/arch/arm/boot/dts/qcom/zte-msm8996-v3-pmi8996-ailsa_ii.dtsi &>/dev/null || true; #/system and /vendor
sed -i 's/^\treturn VERITY_STATE_DISABLE;//' kernel/*/*/drivers/md/dm-android-verity.c &>/dev/null || true;
#sed -i 's/#if 0/#if 1/' kernel/*/*/drivers/power/reset/msm-poweroff.c &>/dev/null || true; #TODO: needs refinement
cd "$DOS_BUILD_BASE";
echo -e "\e[0;32m[SCRIPT COMPLETE] Verity enablement complete\e[0m";

7
Scripts/Common/Functions.sh
View File

@ -378,13 +378,6 @@ addVerity() {
} }
export -f addVerity; export -f addVerity;
enableVerity() {
sed -i 's/--set_hashtree_disabled_flag//' *.mk;
sed -i 's/AVB_MAKE_VBMETA_IMAGE_ARGS += --flags 3/AVB_MAKE_VBMETA_IMAGE_ARGS += --flags 2/' *.mk;
sed -i '/\/system/{/verify/!s|wait|wait,verify|}' fstab.* root/fstab.* rootdir/fstab.* rootdir/*/fstab.* &>/dev/null || true;
}
export -f enableVerity;
optimizeImagesRecursive() { optimizeImagesRecursive() {
find "$1" -type f -name "*.jp*g" -print0 | xargs -0 -n1 -P 16 jpegoptim; find "$1" -type f -name "*.jp*g" -print0 | xargs -0 -n1 -P 16 jpegoptim;
find "$1" -type f -name "*.png" -print0 | xargs -0 -n1 -P 16 optipng; find "$1" -type f -name "*.png" -print0 | xargs -0 -n1 -P 16 optipng;

4
Scripts/Common/Post.sh
View File

@ -20,10 +20,6 @@ source "$DOS_SCRIPTS_COMMON/Shell.sh";
echo "Post tweaks..."; echo "Post tweaks...";
#Resurrect dm-verity
sed -i 's/^\treturn VERITY_STATE_DISABLE;//' kernel/*/*/drivers/md/dm-android-verity.c &>/dev/null || true;
#sed -i 's/#if 0/#if 1/' kernel/*/*/drivers/power/reset/msm-poweroff.c &>/dev/null || true;
#Workaround broken MSM_DLOAD_MODE=y+PANIC_ON_OOPS=y for devices that oops on shutdown #Workaround broken MSM_DLOAD_MODE=y+PANIC_ON_OOPS=y for devices that oops on shutdown
#MSM_DLOAD_MODE can't be disabled as it breaks compile #MSM_DLOAD_MODE can't be disabled as it breaks compile
sed -i 's/set_dload_mode(in_panic)/set_dload_mode(0)/' kernel/*/*/arch/arm/mach-msm/restart.c &>/dev/null || true; sed -i 's/set_dload_mode(in_panic)/set_dload_mode(0)/' kernel/*/*/arch/arm/mach-msm/restart.c &>/dev/null || true;

1
Scripts/LineageOS-14.1/Functions.sh
View File

@ -107,6 +107,7 @@ patchWorkspace() {
repopick -it tzdb2021c_N; repopick -it tzdb2021c_N;
sh "$DOS_SCRIPTS/Patch.sh"; sh "$DOS_SCRIPTS/Patch.sh";
sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";
sh "$DOS_SCRIPTS_COMMON/Copy_Keys.sh"; sh "$DOS_SCRIPTS_COMMON/Copy_Keys.sh";
sh "$DOS_SCRIPTS/Defaults.sh"; sh "$DOS_SCRIPTS/Defaults.sh";
sh "$DOS_SCRIPTS/Rebrand.sh"; sh "$DOS_SCRIPTS/Rebrand.sh";

1
Scripts/LineageOS-15.1/Functions.sh
View File

@ -91,6 +91,7 @@ patchWorkspace() {
#source build/envsetup.sh; #source build/envsetup.sh;
sh "$DOS_SCRIPTS/Patch.sh"; sh "$DOS_SCRIPTS/Patch.sh";
sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";
sh "$DOS_SCRIPTS_COMMON/Copy_Keys.sh"; sh "$DOS_SCRIPTS_COMMON/Copy_Keys.sh";
sh "$DOS_SCRIPTS/Defaults.sh"; sh "$DOS_SCRIPTS/Defaults.sh";
sh "$DOS_SCRIPTS/Rebrand.sh"; sh "$DOS_SCRIPTS/Rebrand.sh";

15
Scripts/LineageOS-15.1/Patch.sh
View File

@ -285,21 +285,7 @@ if enterAndClear "device/asus/msm8916-common"; then
rm -rf Android.bp sensors; #exact duplicate in asus/flo #XXX be careful with this rm -rf Android.bp sensors; #exact duplicate in asus/flo #XXX be careful with this
fi; fi;
if enterAndClear "device/google/dragon"; then
enableVerity; #Resurrect dm-verity
fi;
if enterAndClear "device/huawei/angler"; then
enableVerity; #Resurrect dm-verity
fi;
if enterAndClear "device/htc/flounder"; then
enableVerity; #Resurrect dm-verity
fi;
if enterAndClear "device/lge/bullhead"; then
enableVerity; #Resurrect dm-verity
fi;
if enterAndClear "device/lge/msm8996-common"; then if enterAndClear "device/lge/msm8996-common"; then
sed -i '3itypeattribute hwaddrs misc_block_device_exception;' sepolicy/hwaddrs.te; sed -i '3itypeattribute hwaddrs misc_block_device_exception;' sepolicy/hwaddrs.te;
@ -307,7 +293,6 @@ fi;
if enterAndClear "device/moto/shamu"; then if enterAndClear "device/moto/shamu"; then
#git revert --no-edit 05fb49518049440f90423341ff25d4f75f10bc0c; #restore releasetools #TODO #git revert --no-edit 05fb49518049440f90423341ff25d4f75f10bc0c; #restore releasetools #TODO
enableVerity; #Resurrect dm-verity
fi; fi;
if enterAndClear "device/oneplus/oneplus2"; then if enterAndClear "device/oneplus/oneplus2"; then

1
Scripts/LineageOS-16.0/Functions.sh
View File

@ -84,6 +84,7 @@ patchWorkspace() {
#repopick -it pie-firewall; #repopick -it pie-firewall;
sh "$DOS_SCRIPTS/Patch.sh"; sh "$DOS_SCRIPTS/Patch.sh";
sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";
sh "$DOS_SCRIPTS_COMMON/Copy_Keys.sh"; sh "$DOS_SCRIPTS_COMMON/Copy_Keys.sh";
sh "$DOS_SCRIPTS/Defaults.sh"; sh "$DOS_SCRIPTS/Defaults.sh";
sh "$DOS_SCRIPTS/Rebrand.sh"; sh "$DOS_SCRIPTS/Rebrand.sh";

1
Scripts/LineageOS-17.1/Functions.sh
View File

@ -100,6 +100,7 @@ patchWorkspace() {
#repopick -it Q_tzdb2021a1; #repopick -it Q_tzdb2021a1;
sh "$DOS_SCRIPTS/Patch.sh"; sh "$DOS_SCRIPTS/Patch.sh";
sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";
sh "$DOS_SCRIPTS_COMMON/Copy_Keys.sh"; sh "$DOS_SCRIPTS_COMMON/Copy_Keys.sh";
sh "$DOS_SCRIPTS/Defaults.sh"; sh "$DOS_SCRIPTS/Defaults.sh";
sh "$DOS_SCRIPTS/Rebrand.sh"; sh "$DOS_SCRIPTS/Rebrand.sh";

25
Scripts/LineageOS-17.1/Patch.sh
View File

@ -294,22 +294,16 @@ fi;
# #
#START OF DEVICE CHANGES #START OF DEVICE CHANGES
# #
if enterAndClear "device/yandex/Amber"; then
enableVerity; #Resurrect dm-verity
fi;
if enterAndClear "device/cyanogen/msm8916-common"; then if enterAndClear "device/cyanogen/msm8916-common"; then
awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' BoardConfigCommon.mk; #broken releasetools awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' BoardConfigCommon.mk; #broken releasetools
fi; fi;
if enterAndClear "device/google/bonito"; then if enterAndClear "device/google/bonito"; then
enableVerity; #Resurrect dm-verity
awk -i inplace '!/INODE_COUNT/' BoardConfig-lineage.mk; #mke2fs -1 incompatibility (?) awk -i inplace '!/INODE_COUNT/' BoardConfig-lineage.mk; #mke2fs -1 incompatibility (?)
fi; fi;
if enterAndClear "device/google/marlin"; then if enterAndClear "device/google/marlin"; then
git revert --no-edit 777dafa35f185b1f501e3c80b8ab495191583444; #remove some carrier blobs git revert --no-edit 777dafa35f185b1f501e3c80b8ab495191583444; #remove some carrier blobs
enableVerity; #Resurrect dm-verity
sed -i 's/BTLogSave \\/BTLogSave/' common/base.mk; #deblobber fixup sed -i 's/BTLogSave \\/BTLogSave/' common/base.mk; #deblobber fixup
fi; fi;
@ -334,14 +328,6 @@ echo " allow recovery firmware_file:file create_file_perms;" >> sepolicy/recove
echo "')" >> sepolicy/recovery.te; echo "')" >> sepolicy/recovery.te;
fi; fi;
if enterAndClear "device/oneplus/avicii"; then
enableVerity; #Resurrect dm-verity
fi;
if enterAndClear "device/oneplus/guacamoleb"; then
enableVerity; #Resurrect dm-verity
fi;
if enterAndClear "device/oneplus/oneplus2"; then if enterAndClear "device/oneplus/oneplus2"; then
sed -i 's|etc/permissions/qti_libpermissions.xml|vendor/etc/permissions/qti_libpermissions.xml|' proprietary-files.txt; sed -i 's|etc/permissions/qti_libpermissions.xml|vendor/etc/permissions/qti_libpermissions.xml|' proprietary-files.txt;
echo "allow mm-qcamerad camera_data_file:file create_file_perms;" >> sepolicy/mm-qcamerad.te; #Likely some of these could be removed echo "allow mm-qcamerad camera_data_file:file create_file_perms;" >> sepolicy/mm-qcamerad.te; #Likely some of these could be removed
@ -353,25 +339,16 @@ echo "allow mm-qcamerad camera_prop:file read;" >> sepolicy/mm-qcamerad.te;
echo "set_prop(mm-qcamerad, camera_prop)" >> sepolicy/mm-qcamerad.te; echo "set_prop(mm-qcamerad, camera_prop)" >> sepolicy/mm-qcamerad.te;
fi; fi;
if enterAndClear "device/oneplus/sm8150-common"; then
enableVerity; #Resurrect dm-verity
fi;
if enterAndClear "device/oppo/common"; then if enterAndClear "device/oppo/common"; then
awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' BoardConfigCommon.mk; #disable releasetools to fix delta ota generation awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' BoardConfigCommon.mk; #disable releasetools to fix delta ota generation
fi; fi;
if enterAndClear "device/zuk/msm8996-common"; then if enterAndClear "device/zuk/msm8996-common"; then
enableVerity; #Resurrect dm-verity
awk -i inplace '!/WfdCommon/' msm8996.mk; #fix breakage awk -i inplace '!/WfdCommon/' msm8996.mk; #fix breakage
fi; fi;
if enterAndClear "kernel/google/marlin"; then if enterAndClear "kernel/google/marlin"; then
git revert --no-edit dd4a454f080f60cc7c4f5cc281a48cba80947baf; #Resurrect dm-verity git revert --no-edit dd4a454f080f60cc7c4f5cc281a48cba80947baf; #enable verity on /vendor
fi;
if enterAndClear "device/xiaomi/sm6150-common"; then
enableVerity; #Resurrect dm-verity
fi; fi;
#Make changes to all devices #Make changes to all devices

1
Scripts/LineageOS-18.1/Functions.sh
View File

@ -135,6 +135,7 @@ patchWorkspace() {
#repopick -it R_tzdb2021a1; #repopick -it R_tzdb2021a1;
sh "$DOS_SCRIPTS/Patch.sh"; sh "$DOS_SCRIPTS/Patch.sh";
sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";
sh "$DOS_SCRIPTS_COMMON/Copy_Keys.sh"; sh "$DOS_SCRIPTS_COMMON/Copy_Keys.sh";
sh "$DOS_SCRIPTS/Defaults.sh"; sh "$DOS_SCRIPTS/Defaults.sh";
sh "$DOS_SCRIPTS/Rebrand.sh"; sh "$DOS_SCRIPTS/Rebrand.sh";

95
Scripts/LineageOS-18.1/Patch.sh
View File

@ -300,59 +300,16 @@ fi;
if enterAndClear "device/essential/mata"; then if enterAndClear "device/essential/mata"; then
git revert --no-edit 1f1d061c4d7ddedcac503608e8fa333aff30a693 3928b30a97fe7f6b6020bbd9d83a56a32de4ba16 e91f0fece65d32ca407be532e2c4456056b1a968; #Unbreak the earpiece speaker, breaking the loud speaker volume control on calls git revert --no-edit 1f1d061c4d7ddedcac503608e8fa333aff30a693 3928b30a97fe7f6b6020bbd9d83a56a32de4ba16 e91f0fece65d32ca407be532e2c4456056b1a968; #Unbreak the earpiece speaker, breaking the loud speaker volume control on calls
enableVerity; #Resurrect dm-verity
fi;
if enterAndClear "device/fairphone/FP3"; then
enableVerity; #Resurrect dm-verity
fi;
if enterAndClear "device/fxtec/pro1"; then
enableVerity; #Resurrect dm-verity
fi; fi;
if enterAndClear "device/google/bonito"; then if enterAndClear "device/google/bonito"; then
enableVerity; #Resurrect dm-verity
awk -i inplace '!/INODE_COUNT/' BoardConfigLineage.mk; #mke2fs -1 incompatibility (?) awk -i inplace '!/INODE_COUNT/' BoardConfigLineage.mk; #mke2fs -1 incompatibility (?)
fi; fi;
if enterAndClear "device/google/bramble"; then
enableVerity; #Resurrect dm-verity
fi;
if enterAndClear "device/google/coral"; then
enableVerity; #Resurrect dm-verity
fi;
if enterAndClear "device/google/crosshatch"; then
enableVerity; #Resurrect dm-verity
fi;
if enterAndClear "device/google/muskie"; then
enableVerity; #Resurrect dm-verity
fi;
if enterAndClear "device/google/redbull"; then if enterAndClear "device/google/redbull"; then
enableVerity; #Resurrect dm-verity
awk -i inplace '!/sctp/' BoardConfig-common.mk modules.load; #fix compile after hardenDefconfig awk -i inplace '!/sctp/' BoardConfig-common.mk modules.load; #fix compile after hardenDefconfig
fi; fi;
if enterAndClear "device/google/redfin"; then
enableVerity; #Resurrect dm-verity
fi;
if enterAndClear "device/google/sunfish"; then
enableVerity; #Resurrect dm-verity
fi;
if enterAndClear "device/google/taimen"; then
enableVerity; #Resurrect dm-verity
fi;
if enterAndClear "device/google/wahoo"; then
enableVerity; #Resurrect dm-verity
fi;
if enterAndClear "device/htc/m8-common"; then if enterAndClear "device/htc/m8-common"; then
awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' BoardConfigCommon.mk; #broken releasetools awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' BoardConfigCommon.mk; #broken releasetools
fi; fi;
@ -395,36 +352,11 @@ fi;
if enterAndClear "device/moto/shamu"; then if enterAndClear "device/moto/shamu"; then
git revert --no-edit 0ba2cb240e8483fa85fcc831328f70f65eeb7180 2be3c88c331387f03978b75ebc118e09738216d0 ff98fee8fc40d00e1c8b296fd4bb20077bc056d6; #breakage git revert --no-edit 0ba2cb240e8483fa85fcc831328f70f65eeb7180 2be3c88c331387f03978b75ebc118e09738216d0 ff98fee8fc40d00e1c8b296fd4bb20077bc056d6; #breakage
#git revert --no-edit 05fb49518049440f90423341ff25d4f75f10bc0c; #restore releasetools #TODO #git revert --no-edit 05fb49518049440f90423341ff25d4f75f10bc0c; #restore releasetools #TODO
enableVerity; #Resurrect dm-verity
fi;
if enterAndClear "device/oneplus/guacamole"; then
enableVerity; #Resurrect dm-verity
fi;
if enterAndClear "device/oneplus/hotdog"; then
enableVerity; #Resurrect dm-verity
fi;
if enterAndClear "device/oneplus/hotdogb"; then
enableVerity; #Resurrect dm-verity
fi; fi;
if enterAndClear "device/oneplus/msm8998-common"; then if enterAndClear "device/oneplus/msm8998-common"; then
enableVerity; #Resurrect dm-verity
awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' BoardConfigCommon.mk; #disable releasetools to fix delta ota generation awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' BoardConfigCommon.mk; #disable releasetools to fix delta ota generation
fi; sed -i '/PRODUCT_SYSTEM_VERITY_PARTITION/iPRODUCT_VENDOR_VERITY_PARTITION := /dev/block/bootdevice/by-name/vendor' common.mk; #Support verity on /vendor too
if enterAndClear "device/oneplus/oneplus3"; then
enableVerity; #Resurrect dm-verity
fi;
if enterAndClear "device/oneplus/sdm845-common"; then
enableVerity; #Resurrect dm-verity
fi;
if enterAndClear "device/oneplus/sm8150-common"; then
enableVerity; #Resurrect dm-verity
fi; fi;
if enterAndClear "device/oppo/common"; then if enterAndClear "device/oppo/common"; then
@ -436,14 +368,6 @@ sed -i 's/libinit_msm8974/libinit_msm8974-oppo/' BoardConfigCommon.mk init/Andro
sed -i "s/TZ.BF.2.0-2.0.0134/TZ.BF.2.0-2.0.0134|TZ.BF.2.0-2.0.0137/" board-info.txt; #Suport new TZ firmware https://review.lineageos.org/#/c/178999/ sed -i "s/TZ.BF.2.0-2.0.0134/TZ.BF.2.0-2.0.0134|TZ.BF.2.0-2.0.0137/" board-info.txt; #Suport new TZ firmware https://review.lineageos.org/#/c/178999/
fi; fi;
if enterAndClear "device/razer/aura"; then
enableVerity; #Resurrect dm-verity
fi;
if enterAndClear "device/razer/cheryl"; then
enableVerity; #Resurrect dm-verity
fi;
if enterAndClear "device/samsung/jfltexx"; then if enterAndClear "device/samsung/jfltexx"; then
smallerSystem; smallerSystem;
fi; fi;
@ -453,24 +377,7 @@ echo "TARGET_RECOVERY_DENSITY := hdpi" >> BoardConfigCommon.mk;
echo "allow hal_gnss_default ssr_device:chr_file { open read };" >> sepolicy/common/hal_gnss_default.te; echo "allow hal_gnss_default ssr_device:chr_file { open read };" >> sepolicy/common/hal_gnss_default.te;
fi; fi;
if enterAndClear "device/xiaomi/beryllium"; then
enableVerity; #Resurrect dm-verity
fi;
if enterAndClear "device/xiaomi/sdm845-common"; then
enableVerity; #Resurrect dm-verity
fi;
if enterAndClear "device/xiaomi/sm8150-common"; then
enableVerity; #Resurrect dm-verity
fi;
if enterAndClear "device/xiaomi/sm8250-common"; then
enableVerity; #Resurrect dm-verity
fi;
if enterAndClear "device/zuk/msm8996-common"; then if enterAndClear "device/zuk/msm8996-common"; then
enableVerity; #Resurrect dm-verity
awk -i inplace '!/WfdCommon/' msm8996.mk; #fix breakage awk -i inplace '!/WfdCommon/' msm8996.mk; #fix breakage
fi; fi;