mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2025-05-06 16:34:59 -04:00
20.0: September ASB picks
wgetb96ee4a2d1.patch -O telephony-01.patch wgetc16e6e78c1.patch -O media-01.patch wgetd5771450d7.patch -O media-02.patch wgeta1370bd00c.patch -O nn-01.patch wgetce2776f4ca.patch -O bt-01.patch wget585f583ef5.patch -O bt-02.patch wgetc9905e7968.patch -O bt-03.patch wgetc93ec045f5.patch -O bt-04.patch wget89fb17d172.patch -O bt-05.patch wget14aed2455e.patch -O bt-06.patch wgetcd438ebc52.patch -O bt-07.patch wget27e7cdc4e5.patch -O nfc-01.patch wgetdfeb4270b8.patch -O launcher-01.patch wgetb1993f6cec.patch -O native-01.patch wgetdf4a9362cd.patch -O fwb-01.patch wgetb55563bb9d.patch -O fwb-02.patch wgeta80971a281.patch -O fwb-03.patch wget7e173b4383.patch -O fwb-04.patch wget44191b1c6b.patch -O fwb-05.patch wget8dc8dfe572.patch -O fwb-06.patch wget00a4224100.patch -O av-01.patch wget21623d1f43.patch -O settings-01.patch wgetfa5ec443d9.patch -O settings-02.patch wgetba4da9c7b3.patch -O settings-03.patch Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
Tad
parent
3e8effa345
commit
964877bbf6
29 changed files with 2636 additions and 20 deletions
|
|
@ -247,6 +247,7 @@ applyPatch "$DOS_PATCHES/android_frameworks_native/325993.patch"; #n-asb-2022-03
|
|||
applyPatch "$DOS_PATCHES/android_frameworks_native/355868.patch"; #n-asb-2023-05 Check for malformed Sensor Flattenable
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_native/355869.patch"; #n-asb-2023-05 Fix sanitizer in ISensorService list functions.
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_native/355870.patch"; #n-asb-2023-05 Remove some new memory leaks from SensorManager
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_native/365756.patch"; #n-asb-2023-09 Allow sensors list to be empty
|
||||
if [ "$DOS_SENSORS_PERM" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_native/0001-Sensors.patch"; fi; #Permission for sensors access (MSe1969)
|
||||
fi;
|
||||
|
||||
|
|
@ -370,6 +371,7 @@ applyPatch "$DOS_PATCHES/android_packages_apps_Nfc/328308.patch"; #n-asb-2022-04
|
|||
applyPatch "$DOS_PATCHES/android_packages_apps_Nfc/332455.patch"; #n-asb-2022-06 OOB read in phNciNfc_RecvMfResp()
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Nfc/346953.patch"; #n-asb-2023-01 OOBW in Mfc_Transceive()
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Nfc/348653.patch"; #n-asb-2023-02 DO NOT MERGE OOBW in phNciNfc_MfCreateXchgDataHdr
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Nfc/365757.patch"; #n-asb-2023-09 Ensure that SecureNFC setting cannot be bypassed
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/apps/PackageInstaller"; then
|
||||
|
|
|
|||
|
|
@ -97,6 +97,7 @@ applyPatch "$DOS_PATCHES/android_build/0004-Selective_APEX.patch"; #Only enable
|
|||
sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
|
||||
sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_util.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
|
||||
#sed -i 's/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := true/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := false/' core/product_config.mk; #broken by hardenDefconfig
|
||||
sed -i 's/2023-08-05/2023-09-01/' core/version_defaults.mk; #Bump Security String #XXX
|
||||
fi;
|
||||
|
||||
if enterAndClear "build/soong"; then
|
||||
|
|
@ -122,7 +123,12 @@ sed -i 's/34359738368/2147483648/' Android.bp; #revert 48-bit address space requ
|
|||
fi;
|
||||
fi;
|
||||
|
||||
if enterAndClear "frameworks/av"; then
|
||||
git am $DOS_PATCHES/ASB2023-09/av-*.patch;
|
||||
fi;
|
||||
|
||||
if enterAndClear "frameworks/base"; then
|
||||
git am $DOS_PATCHES/ASB2023-09/fwb-*.patch;
|
||||
git revert --no-edit d36faad3267522c6d3ff91ba9dcca8f6274bccd1; #Reverts "JobScheduler: Respect allow-in-power-save perm" in favor of below patch
|
||||
git revert --no-edit 90d6826548189ca850d91692e71fcc1be426f453; #Reverts "Remove sensitive info from SUPL requests" in favor of below patch
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS)
|
||||
|
|
@ -213,6 +219,7 @@ applyPatch "$DOS_PATCHES/android_frameworks_libs_systemui/0001-Icon_Cache.patch"
|
|||
fi;
|
||||
|
||||
if enterAndClear "frameworks/native"; then
|
||||
git am $DOS_PATCHES/ASB2023-09/native-*.patch;
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_native/0001-Sensors_Permission.patch"; #Require OTHER_SENSORS permission for sensors (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_native/0001-Sensors_Permission-a1.patch"; #Protect step sensors with OTHER_SENSORS permission for targetSdk<29 apps (GrapheneOS)
|
||||
fi;
|
||||
|
|
@ -278,7 +285,7 @@ applyPatch "$DOS_PATCHES_COMMON/android_packages_apps_Contacts/0004-No_GMaps.pat
|
|||
fi;
|
||||
|
||||
if enterAndClear "packages/apps/Dialer"; then
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Dialer/0001-Not_Private_Banner.patch"; #Add a privacy warning banner to calls (CalyxOS)
|
||||
#applyPatch "$DOS_PATCHES/android_packages_apps_Dialer/0001-Not_Private_Banner.patch"; #Add a privacy warning banner to calls (CalyxOS) TODO: REBASE
|
||||
sed -i 's/>true/>false/' java/com/android/incallui/res/values/lineage_config.xml; #XXX: temporary workaround for black screen on incoming calls https://gitlab.com/LineageOS/issues/android/-/issues/4632
|
||||
fi;
|
||||
|
||||
|
|
@ -293,6 +300,7 @@ cp -f "$DOS_PATCHES_COMMON/contributors.db" assets/contributors.db; #Update cont
|
|||
fi;
|
||||
|
||||
if enterAndClear "packages/apps/Nfc"; then
|
||||
git am $DOS_PATCHES/ASB2023-09/nfc-*.patch;
|
||||
if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_packages_apps_Nfc/0001-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS)
|
||||
fi;
|
||||
|
||||
|
|
@ -301,6 +309,7 @@ applyPatch "$DOS_PATCHES/android_packages_apps_OpenEUICC/0001-hacky-fix.patch";
|
|||
fi;
|
||||
|
||||
if enterAndClear "packages/apps/Settings"; then
|
||||
git am $DOS_PATCHES/ASB2023-09/settings-*.patch;
|
||||
git revert --no-edit 41b4ed345a91da1dd46c00ee11a151c2b5ff4f43;
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0004-Private_DNS.patch"; #More 'Private DNS' options (heavily based off of a CalyxOS patch)
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0005-Automatic_Reboot.patch"; #Timeout for reboot (GrapheneOS)
|
||||
|
|
@ -329,6 +338,7 @@ git revert --no-edit fcf658d2005dc557a95d5a7fb89cb90d06b31d33; #grant permission
|
|||
fi;
|
||||
|
||||
if enterAndClear "packages/apps/Trebuchet"; then
|
||||
git am $DOS_PATCHES/ASB2023-09/launcher-*.patch;
|
||||
cp $DOS_BUILD_BASE/vendor/divested/overlay/common/packages/apps/Trebuchet/res/xml/default_workspace_*.xml res/xml/; #XXX: Likely no longer needed
|
||||
fi;
|
||||
|
||||
|
|
@ -344,6 +354,10 @@ applyPatch "$DOS_PATCHES_COMMON/android_packages_inputmethods_LatinIME/0001-Voic
|
|||
applyPatch "$DOS_PATCHES_COMMON/android_packages_inputmethods_LatinIME/0002-Disable_Personalization.patch"; #Disable personalization dictionary by default (GrapheneOS)
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/modules/Bluetooth"; then
|
||||
git am $DOS_PATCHES/ASB2023-09/bt-*.patch;
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/modules/Connectivity"; then
|
||||
applyPatch "$DOS_PATCHES/android_packages_modules_Connectivity/0001-Network_Permission-1.patch"; #Skip reportNetworkConnectivity() when permission is revoked (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_modules_Connectivity/0001-Network_Permission-2.patch"; #Enforce INTERNET permission per-uid instead of per-appId (GrapheneOS)
|
||||
|
|
@ -362,6 +376,10 @@ if enterAndClear "packages/modules/NetworkStack"; then
|
|||
applyPatch "$DOS_PATCHES/android_packages_modules_NetworkStack/0001-Random_MAC.patch"; #Avoid reusing DHCP state for full MAC randomization (GrapheneOS)
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/modules/NeuralNetworks"; then
|
||||
git am $DOS_PATCHES/ASB2023-09/nn-*.patch;
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/modules/Permission"; then
|
||||
applyPatch "$DOS_PATCHES/android_packages_modules_Permission/0004-Special_Permissions-1.patch"; #Add special handling for INTERNET/OTHER_SENSORS (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_modules_Permission/0004-Special_Permissions-2.patch"; #Fix usage UI summary for Network/Sensors (GrapheneOS)
|
||||
|
|
@ -378,10 +396,18 @@ if enterAndClear "packages/providers/DownloadProvider"; then
|
|||
applyPatch "$DOS_PATCHES/android_packages_providers_DownloadProvider/0001-Network_Permission.patch"; #Expose the NETWORK permission (GrapheneOS)
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/providers/MediaProvider"; then
|
||||
git am $DOS_PATCHES/ASB2023-09/media-*.patch;
|
||||
fi;
|
||||
|
||||
#if enterAndClear "packages/providers/TelephonyProvider"; then
|
||||
#cp $DOS_PATCHES_COMMON/android_packages_providers_TelephonyProvider/carrier_list.* assets/latest_carrier_id/;
|
||||
#fi;
|
||||
|
||||
if enterAndClear "packages/services/Telephony"; then
|
||||
git am $DOS_PATCHES/ASB2023-09/telephony-*.patch;
|
||||
fi;
|
||||
|
||||
if enterAndClear "system/ca-certificates"; then
|
||||
rm -rf files; #Remove old certs
|
||||
cp -r "$DOS_PATCHES_COMMON/android_system_ca-certificates/files" .; #Copy the new ones into place
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue