Various patches from GrapheneOS

2024-10-01 01:35:54 -04:00 · 2021-06-26 15:17:41 -04:00 · 2021-06-26 15:17:41 -04:00 · 881c24d8b2
commit 881c24d8b2
parent d6dca6e66d
17 changed files with 429 additions and 13 deletions
--- a/Patches/Common/android_packages_apps_Contacts/0002-No_Google_Backup.patch
+++ b/Patches/Common/android_packages_apps_Contacts/0002-No_Google_Backup.patch
@ -0,0 +1,64 @@
+From dbee70a413350fe9790aff884894cd8d711b0bb2 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Tue, 22 Aug 2017 02:51:36 -0400
+Subject: [PATCH] remove 'to Google' from Contacts backup notice
+
+---
+ res/values-en-rAU/strings.xml | 2 +-
+ res/values-en-rGB/strings.xml | 2 +-
+ res/values-en-rIN/strings.xml | 2 +-
+ res/values/strings.xml        | 2 +-
+ 4 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/res/values-en-rAU/strings.xml b/res/values-en-rAU/strings.xml
+index ead8268c5..b57a122ae 100644
+--- a/res/values-en-rAU/strings.xml
+++ b/res/values-en-rAU/strings.xml
+@@ -186,7 +186,7 @@
+     <string name="title_edit_group" msgid="4246193439931854759">"Remove contacts"</string>
+     <string name="local_profile_title" msgid="1613784248702623410">"My local profile"</string>
+     <string name="external_profile_title" msgid="2706282819025406927">"My <xliff:g id="EXTERNAL_SOURCE">%1$s</xliff:g> profile"</string>
+-    <string name="contact_editor_prompt_zero_accounts" msgid="4468363031413457746">"Take a moment to add an account that will back up your contacts to Google."</string>
+    <string name="contact_editor_prompt_zero_accounts" msgid="4468363031413457746">"Take a moment to add an account that will back up your contacts."</string>
+     <string name="contact_editor_prompt_one_account" msgid="765343809177951169">"New contacts will be saved to <xliff:g id="ACCOUNT_NAME">%1$s</xliff:g>."</string>
+     <string name="contact_editor_prompt_multiple_accounts" msgid="1543322760761168351">"Choose a default account for new contacts:"</string>
+     <string name="contact_editor_title_new_contact" msgid="7534775011591770343">"Create new contact"</string>
+diff --git a/res/values-en-rGB/strings.xml b/res/values-en-rGB/strings.xml
+index ead8268c5..b57a122ae 100644
+--- a/res/values-en-rGB/strings.xml
+++ b/res/values-en-rGB/strings.xml
+@@ -186,7 +186,7 @@
+     <string name="title_edit_group" msgid="4246193439931854759">"Remove contacts"</string>
+     <string name="local_profile_title" msgid="1613784248702623410">"My local profile"</string>
+     <string name="external_profile_title" msgid="2706282819025406927">"My <xliff:g id="EXTERNAL_SOURCE">%1$s</xliff:g> profile"</string>
+-    <string name="contact_editor_prompt_zero_accounts" msgid="4468363031413457746">"Take a moment to add an account that will back up your contacts to Google."</string>
+    <string name="contact_editor_prompt_zero_accounts" msgid="4468363031413457746">"Take a moment to add an account that will back up your contacts."</string>
+     <string name="contact_editor_prompt_one_account" msgid="765343809177951169">"New contacts will be saved to <xliff:g id="ACCOUNT_NAME">%1$s</xliff:g>."</string>
+     <string name="contact_editor_prompt_multiple_accounts" msgid="1543322760761168351">"Choose a default account for new contacts:"</string>
+     <string name="contact_editor_title_new_contact" msgid="7534775011591770343">"Create new contact"</string>
+diff --git a/res/values-en-rIN/strings.xml b/res/values-en-rIN/strings.xml
+index ead8268c5..b57a122ae 100644
+--- a/res/values-en-rIN/strings.xml
+++ b/res/values-en-rIN/strings.xml
+@@ -186,7 +186,7 @@
+     <string name="title_edit_group" msgid="4246193439931854759">"Remove contacts"</string>
+     <string name="local_profile_title" msgid="1613784248702623410">"My local profile"</string>
+     <string name="external_profile_title" msgid="2706282819025406927">"My <xliff:g id="EXTERNAL_SOURCE">%1$s</xliff:g> profile"</string>
+-    <string name="contact_editor_prompt_zero_accounts" msgid="4468363031413457746">"Take a moment to add an account that will back up your contacts to Google."</string>
+    <string name="contact_editor_prompt_zero_accounts" msgid="4468363031413457746">"Take a moment to add an account that will back up your contacts."</string>
+     <string name="contact_editor_prompt_one_account" msgid="765343809177951169">"New contacts will be saved to <xliff:g id="ACCOUNT_NAME">%1$s</xliff:g>."</string>
+     <string name="contact_editor_prompt_multiple_accounts" msgid="1543322760761168351">"Choose a default account for new contacts:"</string>
+     <string name="contact_editor_title_new_contact" msgid="7534775011591770343">"Create new contact"</string>
+diff --git a/res/values/strings.xml b/res/values/strings.xml
+index 56c4aaa03..22f657ead 100644
+--- a/res/values/strings.xml
+++ b/res/values/strings.xml
+@@ -532,7 +532,7 @@
+     <string name="external_profile_title">My <xliff:g id="external_source">%1$s</xliff:g> profile</string>
+ 
+     <!-- Message in the contact editor prompt that notifies the user that the newly created contact will not be saved to any account, and prompts addition of an account [CHAR LIMIT=NONE] -->
+-    <string name="contact_editor_prompt_zero_accounts">Take a minute to add an account that will back up your contacts to Google.</string>
+    <string name="contact_editor_prompt_zero_accounts">Take a minute to add an account that will back up your contacts.</string>
+ 
+     <!-- Message in the contact editor prompt that asks the user if it's okay to save the newly created contact to the account shown. [CHAR LIMIT=NONE] -->
+     <string name="contact_editor_prompt_one_account">New contacts will be saved to <xliff:g id="account_name">%1$s</xliff:g>.</string>
--- a/Patches/Common/android_packages_inputmethods_LatinIME/0002-Disable_Personalization.patch
+++ b/Patches/Common/android_packages_inputmethods_LatinIME/0002-Disable_Personalization.patch
@ -0,0 +1,35 @@
+From 8cfece6ef083e379eaa7b8d7b3f0db5cf9d1b110 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Thu, 14 Sep 2017 00:03:16 -0400
+Subject: [PATCH] disable personalized dicts by default
+
+---
+ java/res/xml/prefs_screen_correction.xml                        | 1 -
+ .../com/android/inputmethod/latin/settings/SettingsValues.java  | 2 +-
+ 2 files changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/java/res/xml/prefs_screen_correction.xml b/java/res/xml/prefs_screen_correction.xml
+index a943dc1a3..6f6b3666c 100644
+--- a/java/res/xml/prefs_screen_correction.xml
+++ b/java/res/xml/prefs_screen_correction.xml
+@@ -57,7 +57,6 @@
+         android:key="pref_key_use_personalized_dicts"
+         android:title="@string/use_personalized_dicts"
+         android:summary="@string/use_personalized_dicts_summary"
+-        android:defaultValue="true"
+         android:persistent="true" />
+     <CheckBoxPreference
+         android:key="pref_key_use_contacts_dict"
+diff --git a/java/src/com/android/inputmethod/latin/settings/SettingsValues.java b/java/src/com/android/inputmethod/latin/settings/SettingsValues.java
+index 57018244f..a2153df03 100644
+--- a/java/src/com/android/inputmethod/latin/settings/SettingsValues.java
+++ b/java/src/com/android/inputmethod/latin/settings/SettingsValues.java
+@@ -146,7 +146,7 @@ public SettingsValues(final Context context, final SharedPreferences prefs, fina
+         mShowsLanguageSwitchKey = Settings.ENABLE_SHOW_LANGUAGE_SWITCH_KEY_SETTINGS
+                 ? Settings.readShowsLanguageSwitchKey(prefs) : true /* forcibly */;
+         mUseContactsDict = prefs.getBoolean(Settings.PREF_KEY_USE_CONTACTS_DICT, true);
+-        mUsePersonalizedDicts = prefs.getBoolean(Settings.PREF_KEY_USE_PERSONALIZED_DICTS, true);
+        mUsePersonalizedDicts = prefs.getBoolean(Settings.PREF_KEY_USE_PERSONALIZED_DICTS, false);
+         mUseDoubleSpacePeriod = prefs.getBoolean(Settings.PREF_KEY_USE_DOUBLE_SPACE_PERIOD, true)
+                 && inputAttributes.mIsGeneralTextInput;
+         mBlockPotentiallyOffensive = Settings.readBlockPotentiallyOffensive(prefs, res);
--- a/Patches/LineageOS-15.1/android_build/0002-Enable_fwrapv.patch
+++ b/Patches/LineageOS-15.1/android_build/0002-Enable_fwrapv.patch
@ -0,0 +1,26 @@
+From f699532069f985837f61c43cd7697869890672ea Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Tue, 13 Sep 2016 22:05:56 -0400
+Subject: [PATCH] use -fwrapv when signed overflow checking is off
+
+---
+ core/config_sanitizers.mk | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/core/config_sanitizers.mk b/core/config_sanitizers.mk
+index 70cb456a5..705bcb1ef 100644
+--- a/core/config_sanitizers.mk
+++ b/core/config_sanitizers.mk
+@@ -308,3 +308,9 @@ ifneq ($(my_sanitize_diag),)
+     my_shared_libraries += $($(LOCAL_2ND_ARCH_VAR_PREFIX)UBSAN_RUNTIME_LIBRARY)
+   endif
+ endif
+
+ifeq ($(filter signed-integer-overflow integer undefined,$(my_sanitize)),)
+  ifeq ($(filter -ftrapv,$(my_cflags)),)
+    my_cflags += -fwrapv
+  endif
+endif
+-- 
+2.31.1
+
--- a/Patches/LineageOS-15.1/android_build_soong/0001-Enable_fwrapv.patch
+++ b/Patches/LineageOS-15.1/android_build_soong/0001-Enable_fwrapv.patch
@ -0,0 +1,56 @@
+From 2b6950b03eb3d8cc82fa2b0a91db480dacf58a78 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Wed, 23 Aug 2017 20:28:03 -0400
+Subject: [PATCH] use -fwrapv when signed overflow checking is off
+
+---
+ cc/cc.go       |  2 ++
+ cc/sanitize.go | 12 ++++++++++++
+ 2 files changed, 14 insertions(+)
+
+diff --git a/cc/cc.go b/cc/cc.go
+index 983ffc0..45a50cf 100644
+--- a/cc/cc.go
+++ b/cc/cc.go
+@@ -533,6 +533,8 @@ func (c *Module) GenerateAndroidBuildActions(actx android.ModuleContext) {
+ 	}
+ 	if c.sanitize != nil {
+ 		flags = c.sanitize.flags(ctx, flags)
+	} else {
+		flags.CFlags = append(flags.CFlags, "-fwrapv")
+ 	}
+ 	if c.coverage != nil {
+ 		flags = c.coverage.flags(ctx, flags)
+diff --git a/cc/sanitize.go b/cc/sanitize.go
+index 9c3b8e5..1dbd9fe 100644
+--- a/cc/sanitize.go
+++ b/cc/sanitize.go
+@@ -271,6 +271,7 @@ func (sanitize *sanitize) deps(ctx BaseModuleContext, deps Deps) Deps {
+ 
+ func (sanitize *sanitize) flags(ctx ModuleContext, flags Flags) Flags {
+ 	if !sanitize.Properties.SanitizerEnabled {
+		flags.CFlags = append(flags.CFlags, "-fwrapv")
+ 		return flags
+ 	}
+ 
+@@ -315,6 +316,17 @@ func (sanitize *sanitize) flags(ctx ModuleContext, flags Flags) Flags {
+ 		sanitizers = append(sanitizers, sanitize.Properties.Sanitize.Misc_undefined...)
+ 	}
+ 
+	wrapv := true
+	for _, element := range sanitizers {
+		if (element == "signed-integer-overflow" || element == "integer" || element == "undefined") {
+			wrapv = false
+			break
+		}
+	}
+	if wrapv {
+		flags.CFlags = append(flags.CFlags, "-fwrapv")
+	}
+
+ 	if Bool(sanitize.Properties.Sanitize.Diag.Undefined) {
+ 		diagSanitizers = append(diagSanitizers, "undefined")
+ 	}
+-- 
+2.31.1
+
--- a/Patches/LineageOS-16.0/android_build/0002-Enable_fwrapv.patch
+++ b/Patches/LineageOS-16.0/android_build/0002-Enable_fwrapv.patch
@ -0,0 +1,23 @@
+From 5f919d5c9d9e7605b82841ffdcf5d1a16a1613fa Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Tue, 13 Sep 2016 22:05:56 -0400
+Subject: [PATCH] use -fwrapv when signed overflow checking is off
+
+---
+ core/config_sanitizers.mk | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/core/config_sanitizers.mk b/core/config_sanitizers.mk
+index d570ccda8e..b200572d32 100644
+--- a/core/config_sanitizers.mk
+++ b/core/config_sanitizers.mk
+@@ -367,3 +367,9 @@ ifneq ($(my_sanitize_diag),)
+     endif
+   endif
+ endif
+
+ifeq ($(filter signed-integer-overflow integer undefined,$(my_sanitize)),)
+  ifeq ($(filter -ftrapv,$(my_cflags)),)
+    my_cflags += -fwrapv
+  endif
+endif
--- a/Patches/LineageOS-16.0/android_build_soong/0001-Enable_fwrapv.patch
+++ b/Patches/LineageOS-16.0/android_build_soong/0001-Enable_fwrapv.patch
@ -0,0 +1,53 @@
+From adec149524637ba191e0db27d9b729b4cd53cd9e Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Wed, 23 Aug 2017 20:28:03 -0400
+Subject: [PATCH] use -fwrapv when signed overflow checking is off
+
+---
+ cc/cc.go       |  2 ++
+ cc/sanitize.go | 12 ++++++++++++
+ 2 files changed, 14 insertions(+)
+
+diff --git a/cc/cc.go b/cc/cc.go
+index 51ac18404..2829dab32 100644
+--- a/cc/cc.go
+++ b/cc/cc.go
+@@ -687,6 +687,8 @@ func (c *Module) GenerateAndroidBuildActions(actx android.ModuleContext) {
+ 	}
+ 	if c.sanitize != nil {
+ 		flags = c.sanitize.flags(ctx, flags)
+	} else {
+		flags.CFlags = append(flags.CFlags, "-fwrapv")
+ 	}
+ 	if c.coverage != nil {
+ 		flags = c.coverage.flags(ctx, flags)
+diff --git a/cc/sanitize.go b/cc/sanitize.go
+index de970352e..17c11f8b1 100644
+--- a/cc/sanitize.go
+++ b/cc/sanitize.go
+@@ -314,6 +314,7 @@ func (sanitize *sanitize) flags(ctx ModuleContext, flags Flags) Flags {
+ 		flags.LdFlags = append(flags.LdFlags, "-Wl,--exclude-libs,"+minimalRuntimeLib)
+ 	}
+ 	if !sanitize.Properties.SanitizerEnabled {
+		flags.CFlags = append(flags.CFlags, "-fwrapv")
+ 		return flags
+ 	}
+ 
+@@ -355,6 +356,17 @@ func (sanitize *sanitize) flags(ctx ModuleContext, flags Flags) Flags {
+ 		sanitizers = append(sanitizers, sanitize.Properties.Sanitize.Misc_undefined...)
+ 	}
+ 
+	wrapv := true
+	for _, element := range sanitizers {
+		if (element == "signed-integer-overflow" || element == "integer" || element == "undefined") {
+			wrapv = false
+			break
+		}
+	}
+	if wrapv {
+		flags.CFlags = append(flags.CFlags, "-fwrapv")
+	}
+
+ 	if Bool(sanitize.Properties.Sanitize.Diag.Undefined) {
+ 		diagSanitizers = append(diagSanitizers, "undefined")
+ 	}
--- a/Patches/LineageOS-17.1/android_build/0003-Enable_fwrapv.patch
+++ b/Patches/LineageOS-17.1/android_build/0003-Enable_fwrapv.patch
@ -0,0 +1,23 @@
+From 63c497725740bfb6c673456d38f14d8c6030c991 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Tue, 13 Sep 2016 22:05:56 -0400
+Subject: [PATCH] use -fwrapv when signed overflow checking is off
+
+---
+ core/config_sanitizers.mk | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/core/config_sanitizers.mk b/core/config_sanitizers.mk
+index d3adee5ae2..83988bb603 100644
+--- a/core/config_sanitizers.mk
+++ b/core/config_sanitizers.mk
+@@ -435,3 +435,9 @@ ifneq ($(findstring fsanitize,$(my_cflags)),)
+     endif
+   endif
+ endif
+
+ifeq ($(filter signed-integer-overflow integer undefined,$(my_sanitize)),)
+  ifeq ($(filter -ftrapv,$(my_cflags)),)
+    my_cflags += -fwrapv
+  endif
+endif
--- a/Patches/LineageOS-17.1/android_build_soong/0001-Enable_fwrapv.patch
+++ b/Patches/LineageOS-17.1/android_build_soong/0001-Enable_fwrapv.patch
@ -0,0 +1,49 @@
+From 6760a427250f7a8249fe45bfd5af35f54ed739b1 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Wed, 23 Aug 2017 20:28:03 -0400
+Subject: [PATCH] use -fwrapv when signed overflow checking is off
+
+---
+ cc/cc.go       |  2 ++
+ cc/sanitize.go | 12 ++++++++++++
+ 2 files changed, 14 insertions(+)
+
+diff --git a/cc/cc.go b/cc/cc.go
+index 49dce18f9..8bd39b2f4 100644
+--- a/cc/cc.go
+++ b/cc/cc.go
+@@ -962,6 +962,8 @@ func (c *Module) GenerateAndroidBuildActions(actx android.ModuleContext) {
+ 	}
+ 	if c.sanitize != nil {
+ 		flags = c.sanitize.flags(ctx, flags)
+	} else {
+		flags.CFlags = append(flags.CFlags, "-fwrapv")
+ 	}
+ 	if c.coverage != nil {
+ 		flags, deps = c.coverage.flags(ctx, flags, deps)
+diff --git a/cc/sanitize.go b/cc/sanitize.go
+index c1b055afe..147ee2d88 100644
+--- a/cc/sanitize.go
+++ b/cc/sanitize.go
+@@ -433,9 +433,21 @@ func (sanitize *sanitize) flags(ctx ModuleContext, flags Flags) Flags {
+ 		flags.LdFlags = append(flags.LdFlags, "-Wl,--exclude-libs,"+minimalRuntimeLib)
+ 	}
+ 	if !sanitize.Properties.SanitizerEnabled && !sanitize.Properties.UbsanRuntimeDep {
+		flags.CFlags = append(flags.CFlags, "-fwrapv")
+ 		return flags
+ 	}
+ 
+        wrapv := true
+        for _, element := range sanitize.Properties.Sanitizers {
+                if (element == "signed-integer-overflow" || element == "integer" || element == "undefined") {
+                        wrapv = false
+                        break
+                }
+        }
+        if wrapv {
+                flags.CFlags = append(flags.CFlags, "-fwrapv")
+        }
+
+ 	if Bool(sanitize.Properties.Sanitize.Address) {
+ 		if ctx.Arch().ArchType == android.Arm {
+ 			// Frame pointer based unwinder in ASan requires ARM frame setup.
--- a/Patches/LineageOS-18.1/android_build/0001-Enable_fwrapv.patch
+++ b/Patches/LineageOS-18.1/android_build/0001-Enable_fwrapv.patch
@ -0,0 +1,23 @@
+From 291dbe72601348043d14d95e0ea0f09152b0b2cd Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Tue, 13 Sep 2016 22:05:56 -0400
+Subject: [PATCH] use -fwrapv when signed overflow checking is off
+
+---
+ core/config_sanitizers.mk | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/core/config_sanitizers.mk b/core/config_sanitizers.mk
+index efb21e7c6a..41d7fe5dbf 100644
+--- a/core/config_sanitizers.mk
+++ b/core/config_sanitizers.mk
+@@ -447,3 +447,9 @@ ifneq ($(findstring fsanitize,$(my_cflags)),)
+     endif
+   endif
+ endif
+
+ifeq ($(filter signed-integer-overflow integer undefined,$(my_sanitize)),)
+  ifeq ($(filter -ftrapv,$(my_cflags)),)
+    my_cflags += -fwrapv
+  endif
+endif
--- a/Patches/LineageOS-18.1/android_build_soong/0001-Enable_fwrapv.patch
+++ b/Patches/LineageOS-18.1/android_build_soong/0001-Enable_fwrapv.patch
@ -0,0 +1,49 @@
+From 7c87660739544e1ab3bef757dae869894c01cb2e Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Wed, 23 Aug 2017 20:28:03 -0400
+Subject: [PATCH] use -fwrapv when signed overflow checking is off
+
+---
+ cc/cc.go       |  2 ++
+ cc/sanitize.go | 12 ++++++++++++
+ 2 files changed, 14 insertions(+)
+
+diff --git a/cc/cc.go b/cc/cc.go
+index 0f874f13c..16b0258f3 100644
+--- a/cc/cc.go
+++ b/cc/cc.go
+@@ -1478,6 +1478,8 @@ func (c *Module) GenerateAndroidBuildActions(actx android.ModuleContext) {
+ 	}
+ 	if c.sanitize != nil {
+ 		flags = c.sanitize.flags(ctx, flags)
+	} else {
+		flags.Local.CFlags = append(flags.Local.CFlags, "-fwrapv")
+ 	}
+ 	if c.coverage != nil {
+ 		flags, deps = c.coverage.flags(ctx, flags, deps)
+diff --git a/cc/sanitize.go b/cc/sanitize.go
+index 463a02ac2..7c92b41dc 100644
+--- a/cc/sanitize.go
+++ b/cc/sanitize.go
+@@ -458,9 +458,21 @@ func (sanitize *sanitize) flags(ctx ModuleContext, flags Flags) Flags {
+ 	}
+ 
+ 	if !sanitize.Properties.SanitizerEnabled && !sanitize.Properties.UbsanRuntimeDep {
+		flags.Local.CFlags = append(flags.Local.CFlags, "-fwrapv")
+ 		return flags
+ 	}
+ 
+        wrapv := true
+        for _, element := range sanitize.Properties.Sanitizers {
+                if (element == "signed-integer-overflow" || element == "integer" || element == "undefined") {
+                        wrapv = false
+                        break
+                }
+        }
+        if wrapv {
+                flags.Local.CFlags = append(flags.Local.CFlags, "-fwrapv")
+        }
+
+ 	if Bool(sanitize.Properties.Sanitize.Address) {
+ 		if ctx.Arch().ArchType == android.Arm {
+ 			// Frame pointer based unwinder in ASan requires ARM frame setup.
--- a/Scripts/LineageOS-14.1/Patch.sh
+++ b/Scripts/LineageOS-14.1/Patch.sh
@ -183,6 +183,7 @@ sed -i 's/WallpaperUtils.EXTRA_WALLPAPER_OFFSET, 0);/WallpaperUtils.EXTRA_WALLPA

 enterAndClear "packages/inputmethods/LatinIME";
 patch -p1 < "$DOS_PATCHES_COMMON/android_packages_inputmethods_LatinIME/0001-Voice.patch"; #Remove voice input key
+patch -p1 < "$DOS_PATCHES_COMMON/android_packages_inputmethods_LatinIME/0002-Disable_Personalization.patch"; #Disable personalization dictionary by default (GrapheneOS)

 enterAndClear "packages/services/Telephony";
 patch -p1 < "$DOS_PATCHES/android_packages_services_Telephony/0001-PREREQ_Handle_All_Modes.patch";
--- a/Scripts/LineageOS-15.1/Patch.sh
+++ b/Scripts/LineageOS-15.1/Patch.sh
@ -59,9 +59,13 @@ sed -i 's/(!has_serial_number || serial_number_matched)/!has_serial_number/' rec

 enterAndClear "build/make";
 patch -p1 < "$DOS_PATCHES/android_build/0001-OTA_Keys.patch"; #add correct keys to recovery for OTA verification
+patch -p1 < "$DOS_PATCHES/android_build/0002-Enable_fwrapv.patch"; #Use -fwrapv at a minimum (GrapheneOS)
 sed -i '57i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk;
 sed -i 's/messaging/Silence/' target/product/aosp_base_telephony.mk target/product/treble_common.mk; #Switch to Silence

+enterAndClear "build/soong";
+patch -p1 < "$DOS_PATCHES/android_build_soong/0001-Enable_fwrapv.patch"; #Use -fwrapv at a minimum (GrapheneOS)
+
 enterAndClear "device/lineage/sepolicy";
 git revert --no-edit 9c28a0dfb91bb468515e123b1aaf3fcfc007b82f; #neverallow violation - breaks backuptool
 git revert --no-edit f1ad32105599a0b71702f840b2deeb6849f1ae80; #neverallow violation - breaks addons
@ -175,6 +179,7 @@ sed -i 's/WallpaperUtils.EXTRA_WALLPAPER_OFFSET, 0);/WallpaperUtils.EXTRA_WALLPA

 enterAndClear "packages/inputmethods/LatinIME";
 patch -p1 < "$DOS_PATCHES_COMMON/android_packages_inputmethods_LatinIME/0001-Voice.patch"; #Remove voice input key
+patch -p1 < "$DOS_PATCHES_COMMON/android_packages_inputmethods_LatinIME/0002-Disable_Personalization.patch"; #Disable personalization dictionary by default (GrapheneOS)

 enterAndClear "packages/providers/MediaProvider";
 patch -p1 < "$DOS_PATCHES/android_packages_providers_MediaProvider/0001-External_Permission.patch"; #Fix permission denial
--- a/Scripts/LineageOS-16.0/Patch.sh
+++ b/Scripts/LineageOS-16.0/Patch.sh
@ -65,8 +65,13 @@ patch -p1 < "$DOS_PATCHES/android_bootable_recovery/0001-No_SerialNum_Restrictio
 enterAndClear "build/make";
 git revert --no-edit 271f6ffa045064abcac066e97f2cb53ccb3e5126 61f7ee9386be426fd4eadc2c8759362edb5bef8; #Add back PicoTTS and language files
 patch -p1 < "$DOS_PATCHES/android_build/0001-OTA_Keys.patch"; #add correct keys to recovery for OTA verification
+patch -p1 < "$DOS_PATCHES/android_build/0002-Enable_fwrapv.patch"; #Use -fwrapv at a minimum (GrapheneOS)
 sed -i '74i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk;
 sed -i 's/messaging/Silence/' target/product/aosp_base_telephony.mk target/product/treble_common.mk; #Switch to Silence
+sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 17/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Bump minimum SDK version (GrapheneOS)
+
+enterAndClear "build/soong";
+patch -p1 < "$DOS_PATCHES/android_build_soong/0001-Enable_fwrapv.patch"; #Use -fwrapv at a minimum (GrapheneOS)

 enterAndClear "device/qcom/sepolicy-legacy";
 patch -p1 < "$DOS_PATCHES/android_device_qcom_sepolicy-legacy/0001-Camera_Fix.patch"; #Fix camera on -user builds XXX: REMOVE THIS TRASH
@ -183,6 +188,7 @@ sed -i 's/PROP_BUILD_VERSION_INCREMENTAL);/PROP_BUILD_VERSION_INCREMENTAL).repla

 enterAndClear "packages/inputmethods/LatinIME";
 patch -p1 < "$DOS_PATCHES_COMMON/android_packages_inputmethods_LatinIME/0001-Voice.patch"; #Remove voice input key
+patch -p1 < "$DOS_PATCHES_COMMON/android_packages_inputmethods_LatinIME/0002-Disable_Personalization.patch"; #Disable personalization dictionary by default (GrapheneOS)

 enterAndClear "packages/services/Telephony";
 git revert --no-edit 99564aaf0417c9ddf7d6aeb10d326e5b24fa8f55;
--- a/Scripts/LineageOS-17.1/Patch.sh
+++ b/Scripts/LineageOS-17.1/Patch.sh
@ -61,9 +61,14 @@ if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_bio
 enterAndClear "build/make";
 patch -p1 < "$DOS_PATCHES/android_build/0001-Restore_TTS.patch"; #Add back PicoTTS and language files
 patch -p1 < "$DOS_PATCHES/android_build/0002-OTA_Keys.patch"; #add correct keys to recovery for OTA verification
+patch -p1 < "$DOS_PATCHES/android_build/0003-Enable_fwrapv.patch"; #Use -fwrapv at a minimum (GrapheneOS)
 sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk;
 sed -i 's/messaging/Silence/' target/product/aosp_base_telephony.mk target/product/gsi_common.mk; #Switch to Silence
 awk -i inplace '!/updatable_apex.mk/' target/product/mainline_system.mk; #Disable APEX
+sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Bump minimum SDK version (GrapheneOS)
+
+enterAndClear "build/soong";
+patch -p1 < "$DOS_PATCHES/android_build_soong/0001-Enable_fwrapv.patch"; #Use -fwrapv at a minimum (GrapheneOS)

 enterAndClear "device/qcom/sepolicy-legacy";
 patch -p1 < "$DOS_PATCHES/android_device_qcom_sepolicy-legacy/0001-Camera_Fix.patch"; #Fix camera on -user builds XXX: REMOVE THIS TRASH
@ -149,6 +154,7 @@ if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then awk -i inplace '!/LineageAud

 enterAndClear "packages/apps/Contacts";
 patch -p1 < "$DOS_PATCHES_COMMON/android_packages_apps_Contacts/0001-No_Google_Links.patch"; #Remove Privacy Policy and Terms of Service links (GrapheneOS)
+patch -p1 < "$DOS_PATCHES_COMMON/android_packages_apps_Contacts/0001-No_Google_Backup.patch"; #Backups are not sent to Google (GrapheneOS)

 #enterAndClear "packages/apps/Dialer";
 #patch -p1 < "$DOS_PATCHES/android_packages_apps_Dialer/0001-Not_Private_Banner.patch"; #Add a privacy warning banner to calls (CalyxOS)
@ -177,6 +183,7 @@ sed -i 's/PROP_BUILD_VERSION_INCREMENTAL);/PROP_BUILD_VERSION_INCREMENTAL).repla

 enterAndClear "packages/inputmethods/LatinIME";
 patch -p1 < "$DOS_PATCHES_COMMON/android_packages_inputmethods_LatinIME/0001-Voice.patch"; #Remove voice input key
+patch -p1 < "$DOS_PATCHES_COMMON/android_packages_inputmethods_LatinIME/0002-Disable_Personalization.patch"; #Disable personalization dictionary by default (GrapheneOS)

 #enterAndClear "packages/services/Telephony";
 #patch -p1 < "$DOS_PATCHES/android_packages_services_Telephony/0001-PREREQ_Handle_All_Modes.patch"; #XXX 17REBASE
--- a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_fxtec_msm8998.sh
+++ b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_fxtec_msm8998.sh
@ -1,6 +1,5 @@
 #!/bin/bash
 cd "$DOS_BUILD_BASE""kernel/fxtec/msm8998"
-git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.4/4.4.0272-0273.patch --exclude=Makefile
 git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0016.patch
 git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0020.patch
 git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0002.patch
@ -50,5 +49,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11608/4.4/0006.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11608/^5.6.1/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14386/3.10-^4.4/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-16119/^5.10/0002.patch
-editKernelLocalversion "-dos.p50"
+editKernelLocalversion "-dos.p49"
 cd "$DOS_BUILD_BASE"
--- a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_google_wahoo.sh
+++ b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_google_wahoo.sh
@ -154,16 +154,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-35519/4.4/0005.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-36158/4.4/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-36312/4.4/0005.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3178/4.4/0004.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3347/4.4/0046.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3347/4.4/0047.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3347/4.4/0048.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3347/4.4/0049.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3347/4.4/0050.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3347/4.4/0051.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3347/4.4/0052.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3347/4.4/0053.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3347/4.4/0054.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3347/4.4/0055.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3428/4.4/0013.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3428/4.4/0014.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3483/4.4/0004.patch
@ -197,5 +187,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-31916/4.4/0006.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-32399/4.4/0007.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-24586/4.4/0007.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3587/4.4/0004.patch
-editKernelLocalversion "-dos.p197"
+editKernelLocalversion "-dos.p187"
 cd "$DOS_BUILD_BASE"
--- a/Scripts/LineageOS-18.1/Patch.sh
+++ b/Scripts/LineageOS-18.1/Patch.sh
@ -55,10 +55,15 @@ enterAndClear "bootable/recovery";
 patch -p1 < "$DOS_PATCHES/android_bootable_recovery/0001-No_SerialNum_Restrictions.patch"; #Abort on serial number specific packages (GrapheneOS)

 enterAndClear "build/make";
+patch -p1 < "$DOS_PATCHES/android_build/0001-Enable_fwrapv.patch"; #Use -fwrapv at a minimum (GrapheneOS)
 patch -p1 < "$DOS_PATCHES/android_build/0002-OTA_Keys.patch"; #add correct keys to recovery for OTA verification
 sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk;
 sed -i 's/messaging/Silence/' target/product/aosp_base_telephony.mk target/product/aosp_product.mk; #Switch to Silence
 awk -i inplace '!/updatable_apex.mk/' target/product/mainline_system.mk; #Disable APEX
+sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Bump minimum SDK version (GrapheneOS)
+
+enterAndClear "build/soong";
+patch -p1 < "$DOS_PATCHES/android_build_soong/0001-Enable_fwrapv.patch"; #Use -fwrapv at a minimum (GrapheneOS)

 enterAndClear "device/qcom/sepolicy-legacy";
 patch -p1 < "$DOS_PATCHES/android_device_qcom_sepolicy-legacy/0001-Camera_Fix.patch"; #Fix camera on -user builds XXX: REMOVE THIS TRASH
@ -129,6 +134,7 @@ if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then awk -i inplace '!/LineageAud

 enterAndClear "packages/apps/Contacts";
 patch -p1 < "$DOS_PATCHES_COMMON/android_packages_apps_Contacts/0001-No_Google_Links.patch"; #Remove Privacy Policy and Terms of Service links (GrapheneOS)
+patch -p1 < "$DOS_PATCHES_COMMON/android_packages_apps_Contacts/0001-No_Google_Backup.patch"; #Backups are not sent to Google (GrapheneOS)

 #enterAndClear "packages/apps/Dialer";
 #patch -p1 < "$DOS_PATCHES/android_packages_apps_Dialer/0001-Not_Private_Banner.patch"; #Add a privacy warning banner to calls (CalyxOS)
@ -158,6 +164,7 @@ sed -i 's/PROP_BUILD_VERSION_INCREMENTAL);/PROP_BUILD_VERSION_INCREMENTAL).repla

 enterAndClear "packages/inputmethods/LatinIME";
 patch -p1 < "$DOS_PATCHES_COMMON/android_packages_inputmethods_LatinIME/0001-Voice.patch"; #Remove voice input key
+patch -p1 < "$DOS_PATCHES_COMMON/android_packages_inputmethods_LatinIME/0002-Disable_Personalization.patch"; #Disable personalization dictionary by default (GrapheneOS)

 enterAndClear "packages/providers/TelephonyProvider";
 patch -p1 < "$DOS_PATCHES/android_packages_providers_TelephonyProvider/304614.patch"; #mcc/mnc fix