mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-10-01 01:35:54 -04:00
Churn
Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
Tad
parent
160aee5049
commit
9707326c4f
@ -10,10 +10,10 @@ in both callers of this method (both of which are "End session" buttons), making
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
||||
index 4998c2b695e7..c6f1c14efdcb 100644
|
||||
index 2b609d990737..5c86c830b106 100644
|
||||
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
||||
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
||||
@@ -11168,6 +11168,12 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
|
||||
@@ -11192,6 +11192,12 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
|
||||
Preconditions.checkCallAuthorization(canManageUsers(caller)
|
||||
|| hasCallingOrSelfPermission(permission.INTERACT_ACROSS_USERS));
|
||||
|
||||
|
||||
@ -23,10 +23,10 @@ index 0c69067ab131..ef3213b68bfe 100644
|
||||
// one notification after enabling + one more after reboots
|
||||
static final int DEF_MAXIMUM_NETWORK_LOGGING_NOTIFICATIONS_SHOWN = 2;
|
||||
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
||||
index 10ab3fb67f47..4998c2b695e7 100644
|
||||
index 7947078e261f..2b609d990737 100644
|
||||
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
||||
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
||||
@@ -16096,11 +16096,11 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
|
||||
@@ -16132,11 +16132,11 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
|
||||
@Override
|
||||
public boolean isLogoutEnabled() {
|
||||
if (!mHasFeature) {
|
||||
|
||||
@ -10,7 +10,7 @@ requiring the READ_PHONE_STATE permission.
|
||||
1 file changed, 1 insertion(+), 6 deletions(-)
|
||||
|
||||
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
|
||||
index f0dac2607a4e..aa64cbffda24 100644
|
||||
index ba0aaa1b7d8c..b9ca7055d1b9 100644
|
||||
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
|
||||
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
|
||||
@@ -4850,12 +4850,7 @@ public class ActivityManagerService extends IActivityManager.Stub
|
||||
|
||||
@ -9,7 +9,7 @@ Ported from 12: b294a2ce1d0d185dbc438ac3c06c90386d5f5949
|
||||
1 file changed, 30 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java
|
||||
index 9ed5aa7158ab..79980a274dec 100644
|
||||
index 8dadd3190ac3..b1de8d8a5830 100644
|
||||
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java
|
||||
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java
|
||||
@@ -1409,7 +1409,8 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt
|
||||
@ -91,7 +91,7 @@ index 9ed5aa7158ab..79980a274dec 100644
|
||||
uidState.updatePermissionFlags(permission,
|
||||
PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED
|
||||
| PackageManager.FLAG_PERMISSION_REVOKED_COMPAT,
|
||||
@@ -2828,7 +2839,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt
|
||||
@@ -2854,7 +2865,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt
|
||||
boolean restrictionApplied = (origState.getPermissionFlags(
|
||||
bp.getName()) & FLAG_PERMISSION_APPLY_RESTRICTION) != 0;
|
||||
|
||||
@ -100,7 +100,7 @@ index 9ed5aa7158ab..79980a274dec 100644
|
||||
// If hard restricted we don't allow holding it
|
||||
if (permissionPolicyInitialized && hardRestricted) {
|
||||
if (!restrictionExempt) {
|
||||
@@ -2881,6 +2892,16 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt
|
||||
@@ -2907,6 +2918,16 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -117,7 +117,7 @@ index 9ed5aa7158ab..79980a274dec 100644
|
||||
} else {
|
||||
if (origPermState == null) {
|
||||
// New permission
|
||||
@@ -2915,7 +2936,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt
|
||||
@@ -2941,7 +2962,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt
|
||||
if (restrictionApplied) {
|
||||
flags &= ~FLAG_PERMISSION_APPLY_RESTRICTION;
|
||||
// Dropping restriction on a legacy app implies a review
|
||||
@ -126,7 +126,7 @@ index 9ed5aa7158ab..79980a274dec 100644
|
||||
flags |= FLAG_PERMISSION_REVIEW_REQUIRED;
|
||||
}
|
||||
wasChanged = true;
|
||||
@@ -3646,7 +3667,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt
|
||||
@@ -3658,7 +3679,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt
|
||||
if (shouldGrantPermission) {
|
||||
final int flags = getPermissionFlagsInternal(pkg.getPackageName(), permission,
|
||||
myUid, userId);
|
||||
|
||||
@ -9,7 +9,7 @@ Subject: [PATCH] srt permissions: don't auto-grant denied ones when
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java
|
||||
index fedd0c3ceced..5406f0b7b201 100644
|
||||
index 29658387fed4..5d2bb41c4b4d 100644
|
||||
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java
|
||||
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java
|
||||
@@ -1810,7 +1810,9 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt
|
||||
|
||||
@ -67,7 +67,7 @@ index 2091c0502b6f..4c45fdc4de44 100644
|
||||
<string name="capability_title_canRetrieveWindowContent">Retrieve window content</string>
|
||||
<!-- Description for the capability of an accessibility service to retrieve window content. -->
|
||||
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java
|
||||
index 79980a274dec..4918f3bf3e11 100644
|
||||
index b1de8d8a5830..6ea489ce05b6 100644
|
||||
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java
|
||||
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java
|
||||
@@ -2524,7 +2524,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt
|
||||
|
||||
@ -86,7 +86,7 @@ index 4c45fdc4de44..e0ca922bf686 100644
|
||||
<string name="permlab_readCalendar">Read calendar events and details</string>
|
||||
<!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java
|
||||
index 4918f3bf3e11..fedd0c3ceced 100644
|
||||
index 6ea489ce05b6..29658387fed4 100644
|
||||
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java
|
||||
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java
|
||||
@@ -2524,7 +2524,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt
|
||||
|
||||
@ -44,7 +44,7 @@ index 6dcee6d8bd31..0b99786fb5df 100644
|
||||
<permission name="android.permission.RECEIVE_MEDIA_RESOURCE_USAGE"/>
|
||||
<permission name="android.permission.SET_WALLPAPER_DIM_AMOUNT"/>
|
||||
diff --git a/packages/SystemUI/AndroidManifest.xml b/packages/SystemUI/AndroidManifest.xml
|
||||
index 00ca44383089..b7fb28930a58 100644
|
||||
index dae2e45687bc..286155953bed 100644
|
||||
--- a/packages/SystemUI/AndroidManifest.xml
|
||||
+++ b/packages/SystemUI/AndroidManifest.xml
|
||||
@@ -337,6 +337,9 @@
|
||||
@ -58,7 +58,7 @@ index 00ca44383089..b7fb28930a58 100644
|
||||
<protected-broadcast android:name="com.android.settingslib.action.UNREGISTER_SLICE_RECEIVER" />
|
||||
<protected-broadcast android:name="com.android.settings.flashlight.action.FLASHLIGHT_CHANGED" />
|
||||
diff --git a/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java b/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java
|
||||
index dbbd2a2846f5..e1e961317334 100644
|
||||
index a7d75eeded4d..d93855631b24 100644
|
||||
--- a/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java
|
||||
+++ b/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java
|
||||
@@ -206,6 +206,8 @@ public class KeyguardViewMediator implements CoreStartable, Dumpable,
|
||||
@ -82,7 +82,7 @@ index dbbd2a2846f5..e1e961317334 100644
|
||||
private final DismissCallbackRegistry mDismissCallbackRegistry;
|
||||
|
||||
// the properties of the keyguard
|
||||
@@ -1284,6 +1291,7 @@ public class KeyguardViewMediator implements CoreStartable, Dumpable,
|
||||
@@ -1286,6 +1293,7 @@ public class KeyguardViewMediator implements CoreStartable, Dumpable,
|
||||
final IntentFilter delayedActionFilter = new IntentFilter();
|
||||
delayedActionFilter.addAction(DELAYED_KEYGUARD_ACTION);
|
||||
delayedActionFilter.addAction(DELAYED_LOCK_PROFILE_ACTION);
|
||||
@ -90,7 +90,7 @@ index dbbd2a2846f5..e1e961317334 100644
|
||||
delayedActionFilter.setPriority(IntentFilter.SYSTEM_HIGH_PRIORITY);
|
||||
mContext.registerReceiver(mDelayedLockBroadcastReceiver, delayedActionFilter,
|
||||
SYSTEMUI_PERMISSION, null /* scheduler */,
|
||||
@@ -1619,6 +1627,18 @@ public class KeyguardViewMediator implements CoreStartable, Dumpable,
|
||||
@@ -1621,6 +1629,18 @@ public class KeyguardViewMediator implements CoreStartable, Dumpable,
|
||||
}
|
||||
}
|
||||
|
||||
@ -109,7 +109,7 @@ index dbbd2a2846f5..e1e961317334 100644
|
||||
private void doKeyguardForChildProfilesLocked() {
|
||||
UserManager um = UserManager.get(mContext);
|
||||
for (int profileId : um.getEnabledProfileIds(UserHandle.myUserId())) {
|
||||
@@ -1636,6 +1656,10 @@ public class KeyguardViewMediator implements CoreStartable, Dumpable,
|
||||
@@ -1638,6 +1658,10 @@ public class KeyguardViewMediator implements CoreStartable, Dumpable,
|
||||
mDelayedProfileShowingSequence++;
|
||||
}
|
||||
|
||||
@ -120,7 +120,7 @@ index dbbd2a2846f5..e1e961317334 100644
|
||||
/**
|
||||
* It will let us know when the device is waking up.
|
||||
*/
|
||||
@@ -1987,6 +2011,10 @@ public class KeyguardViewMediator implements CoreStartable, Dumpable,
|
||||
@@ -1990,6 +2014,10 @@ public class KeyguardViewMediator implements CoreStartable, Dumpable,
|
||||
|
||||
if (DEBUG) Log.d(TAG, "doKeyguard: showing the lock screen");
|
||||
showLocked(options);
|
||||
@ -131,7 +131,7 @@ index dbbd2a2846f5..e1e961317334 100644
|
||||
}
|
||||
|
||||
private void lockProfile(int userId) {
|
||||
@@ -2171,6 +2199,12 @@ public class KeyguardViewMediator implements CoreStartable, Dumpable,
|
||||
@@ -2174,6 +2202,12 @@ public class KeyguardViewMediator implements CoreStartable, Dumpable,
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -144,7 +144,7 @@ index dbbd2a2846f5..e1e961317334 100644
|
||||
}
|
||||
}
|
||||
};
|
||||
@@ -2771,6 +2805,7 @@ public class KeyguardViewMediator implements CoreStartable, Dumpable,
|
||||
@@ -2777,6 +2811,7 @@ public class KeyguardViewMediator implements CoreStartable, Dumpable,
|
||||
mHideAnimationRun = false;
|
||||
adjustStatusBarLocked();
|
||||
sendUserPresentBroadcast();
|
||||
|
||||
@ -109,10 +109,10 @@ index 749c67abf389..39f08b6a0f15 100644
|
||||
// classpath. If found, create a PathClassLoader and use it for applicationInit.
|
||||
ClassLoader classLoader = null;
|
||||
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
|
||||
index aa64cbffda24..71458e8568c7 100644
|
||||
index b9ca7055d1b9..9a2f0619431b 100644
|
||||
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
|
||||
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
|
||||
@@ -18597,4 +18597,10 @@ public class ActivityManagerService extends IActivityManager.Stub
|
||||
@@ -18607,4 +18607,10 @@ public class ActivityManagerService extends IActivityManager.Stub
|
||||
Trace.traceBegin(traceTag, methodName + subInfo);
|
||||
}
|
||||
}
|
||||
|
||||
@ -136,7 +136,7 @@ index 7d8e2f818ce9..6ffcf51936fc 100644
|
||||
|
||||
<!-- Whether to show weather on the lockscreen by default. -->
|
||||
diff --git a/packages/SystemUI/AndroidManifest.xml b/packages/SystemUI/AndroidManifest.xml
|
||||
index b7fb28930a58..025e7708ede9 100644
|
||||
index 286155953bed..d47f9162328f 100644
|
||||
--- a/packages/SystemUI/AndroidManifest.xml
|
||||
+++ b/packages/SystemUI/AndroidManifest.xml
|
||||
@@ -1007,6 +1007,18 @@
|
||||
|
||||
@ -124,7 +124,6 @@ patchWorkspaceReal() {
|
||||
repopick -fit msm8974-gps-r;
|
||||
repopick -fit hh-vsync;
|
||||
repopick -fi 311299;
|
||||
repopick -it R_asb_2023-08;
|
||||
|
||||
sh "$DOS_SCRIPTS/Patch.sh";
|
||||
sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";
|
||||
|
||||
@ -96,7 +96,6 @@ sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aap
|
||||
awk -i inplace '!/updatable_apex.mk/' target/product/mainline_system.mk; #Disable APEX
|
||||
sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
|
||||
#sed -i 's/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := true/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := false/' core/product_config.mk; #broken by hardenDefconfig
|
||||
sed -i 's/2023-07-05/2023-08-05/' core/version_defaults.mk; #Bump Security String #R_asb_2023-08 #XXX
|
||||
fi;
|
||||
|
||||
if enterAndClear "build/soong"; then
|
||||
@ -312,10 +311,6 @@ applyPatch "$DOS_PATCHES/android_packages_apps_PermissionController/0002-Special
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_PermissionController/0002-Special_Permissions-3.patch"; #UI fix for special runtime permission (GrapheneOS)
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/apps/QuickAccessWallet"; then
|
||||
git fetch https://github.com/LineageOS/android_packages_apps_QuickAccessWallet refs/changes/39/364039/1 && git cherry-pick FETCH_HEAD; #R_asb_2023-08
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/apps/Settings"; then
|
||||
#applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969)
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle-gos.patch"; #Add option to disable captive portal checks (GrapheneOS)
|
||||
|
||||
@ -86,10 +86,9 @@ patchWorkspaceReal() {
|
||||
verifyAllPlatformTags;
|
||||
gpgVerifyGitHead "$DOS_BUILD_BASE/external/chromium-webview";
|
||||
|
||||
source build/envsetup.sh;
|
||||
#source build/envsetup.sh;
|
||||
#repopick -ift twelve-bt-sbc-hd-dualchannel;
|
||||
#repopick -it twelve-colors;
|
||||
repopick -it S_asb_2023-08;
|
||||
|
||||
sh "$DOS_SCRIPTS/Patch.sh";
|
||||
sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";
|
||||
|
||||
@ -98,7 +98,6 @@ sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aap
|
||||
awk -i inplace '!/updatable_apex.mk/' target/product/generic_system.mk; #Disable APEX
|
||||
sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
|
||||
#sed -i 's/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := true/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := false/' core/product_config.mk; #broken by hardenDefconfig
|
||||
sed -i 's/2023-07-05/2023-08-05/' core/version_defaults.mk; #Bump Security String #S_asb_2023-08 #XXX
|
||||
fi;
|
||||
|
||||
if enterAndClear "build/soong"; then
|
||||
@ -106,10 +105,6 @@ applyPatch "$DOS_PATCHES/android_build_soong/0001-Enable_fwrapv.patch"; #Use -fw
|
||||
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then applyPatch "$DOS_PATCHES/android_build_soong/0002-hm_apex.patch"; fi; #(GrapheneOS)
|
||||
fi;
|
||||
|
||||
if enterAndClear "external/aac"; then
|
||||
git fetch https://github.com/LineageOS/android_external_aac refs/changes/80/363980/1 && git cherry-pick FETCH_HEAD; #S_asb_2023-08
|
||||
fi;
|
||||
|
||||
if enterAndClear "external/chromium-webview"; then
|
||||
if [ "$(type -t DOS_WEBVIEW_CHERRYPICK)" = "alias" ] ; then DOS_WEBVIEW_CHERRYPICK; fi; #Update the WebView to latest if available
|
||||
if [ "$DOS_WEBVIEW_LFS" = true ]; then git lfs pull; fi; #Ensure the objects are available
|
||||
@ -293,10 +288,6 @@ applyPatch "$DOS_PATCHES/android_packages_apps_LineageParts/0001-Remove_Analytic
|
||||
cp -f "$DOS_PATCHES_COMMON/contributors.db" assets/contributors.db; #Update contributors cloud
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/apps/ManagedProvisioning"; then
|
||||
git fetch https://github.com/LineageOS/android_packages_apps_ManagedProvisioning refs/changes/19/364019/1 && git cherry-pick FETCH_HEAD; #S_asb_2023-08
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/apps/Nfc"; then
|
||||
if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_packages_apps_Nfc/0001-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS)
|
||||
fi;
|
||||
|
||||
@ -223,7 +223,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35824/4.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0016.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0029.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-slab/4.4/0004.patch
|
||||
editKernelLocalversion "-dos.p224"
|
||||
editKernelLocalversion "-dos.p223"
|
||||
else echo "kernel_essential_msm8998 is unavailable, not patching.";
|
||||
fi;
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
||||
@ -113,7 +113,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-fortify/4.9/000
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0016.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0029.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-slab/4.9/0005.patch
|
||||
editKernelLocalversion "-dos.p114"
|
||||
editKernelLocalversion "-dos.p113"
|
||||
else echo "kernel_fairphone_sdm632 is unavailable, not patching.";
|
||||
fi;
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
||||
@ -83,7 +83,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-4133/^6.3/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-4134/^6.3/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23000/^5.16/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35001/^6.4/0001.patch
|
||||
editKernelLocalversion "-dos.p84"
|
||||
editKernelLocalversion "-dos.p83"
|
||||
else echo "kernel_fairphone_sm7225 is unavailable, not patching.";
|
||||
fi;
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
||||
@ -170,7 +170,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-30772/4.4/0008.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32269/4.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-34256/4.4/0008.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35824/4.4/0001.patch
|
||||
editKernelLocalversion "-dos.p171"
|
||||
editKernelLocalversion "-dos.p170"
|
||||
else echo "kernel_fxtec_msm8998 is unavailable, not patching.";
|
||||
fi;
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
||||
@ -83,7 +83,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-4133/^6.3/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-4134/^6.3/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23000/^5.16/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35001/^6.4/0001.patch
|
||||
editKernelLocalversion "-dos.p84"
|
||||
editKernelLocalversion "-dos.p83"
|
||||
else echo "kernel_fxtec_sm6115 is unavailable, not patching.";
|
||||
fi;
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
||||
@ -122,7 +122,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32269/4.14/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-34256/4.14/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35001/^6.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35824/4.14/0003.patch
|
||||
editKernelLocalversion "-dos.p123"
|
||||
editKernelLocalversion "-dos.p122"
|
||||
else echo "kernel_google_msm-4.14 is unavailable, not patching.";
|
||||
fi;
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
||||
@ -119,7 +119,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-fortify/4.9/000
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0016.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0029.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-slab/4.9/0005.patch
|
||||
editKernelLocalversion "-dos.p120"
|
||||
editKernelLocalversion "-dos.p119"
|
||||
else echo "kernel_google_msm-4.9 is unavailable, not patching.";
|
||||
fi;
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
||||
@ -142,7 +142,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35788/4.19/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35823/4.19/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35824/4.19/0004.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35828/4.19/0002.patch
|
||||
editKernelLocalversion "-dos.p143"
|
||||
editKernelLocalversion "-dos.p142"
|
||||
else echo "kernel_google_redbull is unavailable, not patching.";
|
||||
fi;
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
||||
@ -187,7 +187,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35824/4.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0016.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0029.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-slab/4.4/0004.patch
|
||||
editKernelLocalversion "-dos.p188"
|
||||
editKernelLocalversion "-dos.p187"
|
||||
else echo "kernel_google_wahoo is unavailable, not patching.";
|
||||
fi;
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
||||
@ -170,7 +170,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-30772/4.4/0008.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32269/4.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-34256/4.4/0008.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35824/4.4/0001.patch
|
||||
editKernelLocalversion "-dos.p171"
|
||||
editKernelLocalversion "-dos.p170"
|
||||
else echo "kernel_oneplus_msm8998 is unavailable, not patching.";
|
||||
fi;
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
||||
@ -113,7 +113,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-fortify/4.9/000
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0016.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0029.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-slab/4.9/0005.patch
|
||||
editKernelLocalversion "-dos.p114"
|
||||
editKernelLocalversion "-dos.p113"
|
||||
else echo "kernel_oneplus_sdm845 is unavailable, not patching.";
|
||||
fi;
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
||||
@ -116,7 +116,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35788/4.19/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35823/4.19/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35824/4.19/0004.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35828/4.19/0002.patch
|
||||
editKernelLocalversion "-dos.p117"
|
||||
editKernelLocalversion "-dos.p116"
|
||||
else echo "kernel_oneplus_sm7250 is unavailable, not patching.";
|
||||
fi;
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
||||
@ -474,7 +474,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35824/4.14/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/4.14/0005.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-24586/4.14/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-27830/4.14/0002.patch
|
||||
editKernelLocalversion "-dos.p475"
|
||||
editKernelLocalversion "-dos.p474"
|
||||
else echo "kernel_oneplus_sm8150 is unavailable, not patching.";
|
||||
fi;
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
||||
@ -81,7 +81,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-4133/^6.3/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-4134/^6.3/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23000/^5.16/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35001/^6.4/0001.patch
|
||||
editKernelLocalversion "-dos.p82"
|
||||
editKernelLocalversion "-dos.p81"
|
||||
else echo "kernel_oneplus_sm8250 is unavailable, not patching.";
|
||||
fi;
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
||||
@ -50,7 +50,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35823/5.4/0005.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35824/5.4/0007.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35826/^6.3/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35828/5.4/0005.patch
|
||||
editKernelLocalversion "-dos.p51"
|
||||
editKernelLocalversion "-dos.p50"
|
||||
else echo "kernel_oneplus_sm8350 is unavailable, not patching.";
|
||||
fi;
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
||||
@ -170,7 +170,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-30772/4.4/0008.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32269/4.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-34256/4.4/0008.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35824/4.4/0001.patch
|
||||
editKernelLocalversion "-dos.p171"
|
||||
editKernelLocalversion "-dos.p170"
|
||||
else echo "kernel_razer_msm8998 is unavailable, not patching.";
|
||||
fi;
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
||||
@ -113,7 +113,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-fortify/4.9/000
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0016.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0029.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-slab/4.9/0005.patch
|
||||
editKernelLocalversion "-dos.p114"
|
||||
editKernelLocalversion "-dos.p113"
|
||||
else echo "kernel_razer_sdm845 is unavailable, not patching.";
|
||||
fi;
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
||||
@ -596,7 +596,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0016.pat
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0029.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14283/4.9/0008.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.9/0007.patch
|
||||
editKernelLocalversion "-dos.p597"
|
||||
editKernelLocalversion "-dos.p596"
|
||||
else echo "kernel_samsung_exynos9810 is unavailable, not patching.";
|
||||
fi;
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
||||
@ -435,7 +435,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0029.pat
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-slab/4.9/0005.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-24586/4.9/0009.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.9/0007.patch
|
||||
editKernelLocalversion "-dos.p436"
|
||||
editKernelLocalversion "-dos.p435"
|
||||
else echo "kernel_sony_sdm845 is unavailable, not patching.";
|
||||
fi;
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
||||
@ -112,7 +112,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-fortify/4.9/000
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0016.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0029.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-slab/4.9/0005.patch
|
||||
editKernelLocalversion "-dos.p113"
|
||||
editKernelLocalversion "-dos.p112"
|
||||
else echo "kernel_xiaomi_msm8937 is unavailable, not patching.";
|
||||
fi;
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
||||
@ -115,7 +115,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-fortify/4.9/000
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0016.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0029.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-slab/4.9/0005.patch
|
||||
editKernelLocalversion "-dos.p116"
|
||||
editKernelLocalversion "-dos.p115"
|
||||
else echo "kernel_xiaomi_sdm845 is unavailable, not patching.";
|
||||
fi;
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
||||
@ -95,7 +95,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35788/4.19/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35823/4.19/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35824/4.19/0004.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35828/4.19/0002.patch
|
||||
editKernelLocalversion "-dos.p96"
|
||||
editKernelLocalversion "-dos.p95"
|
||||
else echo "kernel_xiaomi_sm8250 is unavailable, not patching.";
|
||||
fi;
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
||||
@ -444,6 +444,10 @@ if enterAndClear "device/essential/mata"; then
|
||||
echo "allow permissioncontroller_app tethering_service:service_manager find;" > sepolicy/private/permissioncontroller_app.te;
|
||||
fi;
|
||||
|
||||
if enterAndClear "device/fxtec/pro1"; then
|
||||
echo "type qti_debugfs, fs_type, debugfs_type;" >> sepolicy/vendor/file.te; #fixup
|
||||
fi;
|
||||
|
||||
if enterAndClear "device/google/gs101"; then
|
||||
git revert --no-edit 371473c97a3769f9b0629b33ae7014e78e1e31bb; #potential breakage
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_CNE" = true ]; then sed -i '/google iwlan/,+8d' device.mk; fi; #fix stray
|
||||
@ -475,6 +479,7 @@ if enterAndClear "device/oneplus/msm8998-common"; then
|
||||
#awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' BoardConfigCommon.mk; #disable releasetools to fix delta ota generation
|
||||
sed -i '/PRODUCT_SYSTEM_VERITY_PARTITION/iPRODUCT_VENDOR_VERITY_PARTITION := /dev/block/bootdevice/by-name/vendor' common.mk; #Support verity on /vendor too
|
||||
awk -i inplace '!/vendor_sensors_dbg_prop/' sepolicy/vendor/hal_camera_default.te; #fixup
|
||||
echo "type qti_debugfs, fs_type, debugfs_type;" >> sepolicy/vendor/file.te; #fixup
|
||||
fi;
|
||||
|
||||
if enterAndClear "device/xiaomi/mithorium-common"; then
|
||||
|
||||
Loading…
Reference in New Issue
Block a user