From 9707326c4f7ce9aadb8549cf81a6d533e7093773 Mon Sep 17 00:00:00 2001 From: Tad Date: Sat, 12 Aug 2023 16:22:42 -0400 Subject: [PATCH] Churn Signed-off-by: Tad --- .../0005-User_Logout-a1.patch | 4 ++-- .../0005-User_Logout.patch | 4 ++-- .../0007-Always_Restict_Serial.patch | 2 +- .../0013-Special_Permissions-1.patch | 10 +++++----- .../0013-Special_Permissions-10.patch | 2 +- .../0013-Special_Permissions-2.patch | 2 +- .../0013-Special_Permissions-3.patch | 2 +- .../0014-Automatic_Reboot.patch | 16 ++++++++-------- .../0018-Exec_Based_Spawning-14.patch | 4 ++-- .../0026-Crash_Details.patch | 2 +- Scripts/LineageOS-18.1/Functions.sh | 1 - Scripts/LineageOS-18.1/Patch.sh | 5 ----- Scripts/LineageOS-19.1/Functions.sh | 3 +-- Scripts/LineageOS-19.1/Patch.sh | 9 --------- .../android_kernel_essential_msm8998.sh | 2 +- .../android_kernel_fairphone_sdm632.sh | 2 +- .../android_kernel_fairphone_sm7225.sh | 2 +- .../CVE_Patchers/android_kernel_fxtec_msm8998.sh | 2 +- .../CVE_Patchers/android_kernel_fxtec_sm6115.sh | 2 +- .../android_kernel_google_msm-4.14.sh | 2 +- .../android_kernel_google_msm-4.9.sh | 2 +- .../android_kernel_google_redbull.sh | 2 +- .../CVE_Patchers/android_kernel_google_wahoo.sh | 2 +- .../android_kernel_oneplus_msm8998.sh | 2 +- .../android_kernel_oneplus_sdm845.sh | 2 +- .../android_kernel_oneplus_sm7250.sh | 2 +- .../android_kernel_oneplus_sm8150.sh | 2 +- .../android_kernel_oneplus_sm8250.sh | 2 +- .../android_kernel_oneplus_sm8350.sh | 2 +- .../CVE_Patchers/android_kernel_razer_msm8998.sh | 2 +- .../CVE_Patchers/android_kernel_razer_sdm845.sh | 2 +- .../android_kernel_samsung_exynos9810.sh | 2 +- .../CVE_Patchers/android_kernel_sony_sdm845.sh | 2 +- .../android_kernel_xiaomi_msm8937.sh | 2 +- .../CVE_Patchers/android_kernel_xiaomi_sdm845.sh | 2 +- .../CVE_Patchers/android_kernel_xiaomi_sm8250.sh | 2 +- Scripts/LineageOS-20.0/Patch.sh | 5 +++++ 37 files changed, 52 insertions(+), 63 deletions(-) diff --git a/Patches/LineageOS-20.0/android_frameworks_base/0005-User_Logout-a1.patch b/Patches/LineageOS-20.0/android_frameworks_base/0005-User_Logout-a1.patch index d1030d7e..248e8068 100644 --- a/Patches/LineageOS-20.0/android_frameworks_base/0005-User_Logout-a1.patch +++ b/Patches/LineageOS-20.0/android_frameworks_base/0005-User_Logout-a1.patch @@ -10,10 +10,10 @@ in both callers of this method (both of which are "End session" buttons), making 1 file changed, 6 insertions(+) diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java -index 4998c2b695e7..c6f1c14efdcb 100644 +index 2b609d990737..5c86c830b106 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java -@@ -11168,6 +11168,12 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { +@@ -11192,6 +11192,12 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { Preconditions.checkCallAuthorization(canManageUsers(caller) || hasCallingOrSelfPermission(permission.INTERACT_ACROSS_USERS)); diff --git a/Patches/LineageOS-20.0/android_frameworks_base/0005-User_Logout.patch b/Patches/LineageOS-20.0/android_frameworks_base/0005-User_Logout.patch index 64594c93..99a99eb4 100644 --- a/Patches/LineageOS-20.0/android_frameworks_base/0005-User_Logout.patch +++ b/Patches/LineageOS-20.0/android_frameworks_base/0005-User_Logout.patch @@ -23,10 +23,10 @@ index 0c69067ab131..ef3213b68bfe 100644 // one notification after enabling + one more after reboots static final int DEF_MAXIMUM_NETWORK_LOGGING_NOTIFICATIONS_SHOWN = 2; diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java -index 10ab3fb67f47..4998c2b695e7 100644 +index 7947078e261f..2b609d990737 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java -@@ -16096,11 +16096,11 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { +@@ -16132,11 +16132,11 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { @Override public boolean isLogoutEnabled() { if (!mHasFeature) { diff --git a/Patches/LineageOS-20.0/android_frameworks_base/0007-Always_Restict_Serial.patch b/Patches/LineageOS-20.0/android_frameworks_base/0007-Always_Restict_Serial.patch index e67d9360..05a42333 100644 --- a/Patches/LineageOS-20.0/android_frameworks_base/0007-Always_Restict_Serial.patch +++ b/Patches/LineageOS-20.0/android_frameworks_base/0007-Always_Restict_Serial.patch @@ -10,7 +10,7 @@ requiring the READ_PHONE_STATE permission. 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java -index f0dac2607a4e..aa64cbffda24 100644 +index ba0aaa1b7d8c..b9ca7055d1b9 100644 --- a/services/core/java/com/android/server/am/ActivityManagerService.java +++ b/services/core/java/com/android/server/am/ActivityManagerService.java @@ -4850,12 +4850,7 @@ public class ActivityManagerService extends IActivityManager.Stub diff --git a/Patches/LineageOS-20.0/android_frameworks_base/0013-Special_Permissions-1.patch b/Patches/LineageOS-20.0/android_frameworks_base/0013-Special_Permissions-1.patch index d719f6a1..bf06f9cc 100644 --- a/Patches/LineageOS-20.0/android_frameworks_base/0013-Special_Permissions-1.patch +++ b/Patches/LineageOS-20.0/android_frameworks_base/0013-Special_Permissions-1.patch @@ -9,7 +9,7 @@ Ported from 12: b294a2ce1d0d185dbc438ac3c06c90386d5f5949 1 file changed, 30 insertions(+), 9 deletions(-) diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java -index 9ed5aa7158ab..79980a274dec 100644 +index 8dadd3190ac3..b1de8d8a5830 100644 --- a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java +++ b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java @@ -1409,7 +1409,8 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt @@ -91,7 +91,7 @@ index 9ed5aa7158ab..79980a274dec 100644 uidState.updatePermissionFlags(permission, PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED | PackageManager.FLAG_PERMISSION_REVOKED_COMPAT, -@@ -2828,7 +2839,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt +@@ -2854,7 +2865,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt boolean restrictionApplied = (origState.getPermissionFlags( bp.getName()) & FLAG_PERMISSION_APPLY_RESTRICTION) != 0; @@ -100,7 +100,7 @@ index 9ed5aa7158ab..79980a274dec 100644 // If hard restricted we don't allow holding it if (permissionPolicyInitialized && hardRestricted) { if (!restrictionExempt) { -@@ -2881,6 +2892,16 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt +@@ -2907,6 +2918,16 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt } } } @@ -117,7 +117,7 @@ index 9ed5aa7158ab..79980a274dec 100644 } else { if (origPermState == null) { // New permission -@@ -2915,7 +2936,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt +@@ -2941,7 +2962,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt if (restrictionApplied) { flags &= ~FLAG_PERMISSION_APPLY_RESTRICTION; // Dropping restriction on a legacy app implies a review @@ -126,7 +126,7 @@ index 9ed5aa7158ab..79980a274dec 100644 flags |= FLAG_PERMISSION_REVIEW_REQUIRED; } wasChanged = true; -@@ -3646,7 +3667,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt +@@ -3658,7 +3679,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt if (shouldGrantPermission) { final int flags = getPermissionFlagsInternal(pkg.getPackageName(), permission, myUid, userId); diff --git a/Patches/LineageOS-20.0/android_frameworks_base/0013-Special_Permissions-10.patch b/Patches/LineageOS-20.0/android_frameworks_base/0013-Special_Permissions-10.patch index 8e8a3ba9..672693b2 100644 --- a/Patches/LineageOS-20.0/android_frameworks_base/0013-Special_Permissions-10.patch +++ b/Patches/LineageOS-20.0/android_frameworks_base/0013-Special_Permissions-10.patch @@ -9,7 +9,7 @@ Subject: [PATCH] srt permissions: don't auto-grant denied ones when 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java -index fedd0c3ceced..5406f0b7b201 100644 +index 29658387fed4..5d2bb41c4b4d 100644 --- a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java +++ b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java @@ -1810,7 +1810,9 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt diff --git a/Patches/LineageOS-20.0/android_frameworks_base/0013-Special_Permissions-2.patch b/Patches/LineageOS-20.0/android_frameworks_base/0013-Special_Permissions-2.patch index 9e6aeefd..c446cff0 100644 --- a/Patches/LineageOS-20.0/android_frameworks_base/0013-Special_Permissions-2.patch +++ b/Patches/LineageOS-20.0/android_frameworks_base/0013-Special_Permissions-2.patch @@ -67,7 +67,7 @@ index 2091c0502b6f..4c45fdc4de44 100644 Retrieve window content diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java -index 79980a274dec..4918f3bf3e11 100644 +index b1de8d8a5830..6ea489ce05b6 100644 --- a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java +++ b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java @@ -2524,7 +2524,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt diff --git a/Patches/LineageOS-20.0/android_frameworks_base/0013-Special_Permissions-3.patch b/Patches/LineageOS-20.0/android_frameworks_base/0013-Special_Permissions-3.patch index 4d017de5..bc5f2aee 100644 --- a/Patches/LineageOS-20.0/android_frameworks_base/0013-Special_Permissions-3.patch +++ b/Patches/LineageOS-20.0/android_frameworks_base/0013-Special_Permissions-3.patch @@ -86,7 +86,7 @@ index 4c45fdc4de44..e0ca922bf686 100644 Read calendar events and details diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java -index 4918f3bf3e11..fedd0c3ceced 100644 +index 6ea489ce05b6..29658387fed4 100644 --- a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java +++ b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java @@ -2524,7 +2524,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt diff --git a/Patches/LineageOS-20.0/android_frameworks_base/0014-Automatic_Reboot.patch b/Patches/LineageOS-20.0/android_frameworks_base/0014-Automatic_Reboot.patch index 12c7cb7c..1ea0b4b2 100644 --- a/Patches/LineageOS-20.0/android_frameworks_base/0014-Automatic_Reboot.patch +++ b/Patches/LineageOS-20.0/android_frameworks_base/0014-Automatic_Reboot.patch @@ -44,7 +44,7 @@ index 6dcee6d8bd31..0b99786fb5df 100644 diff --git a/packages/SystemUI/AndroidManifest.xml b/packages/SystemUI/AndroidManifest.xml -index 00ca44383089..b7fb28930a58 100644 +index dae2e45687bc..286155953bed 100644 --- a/packages/SystemUI/AndroidManifest.xml +++ b/packages/SystemUI/AndroidManifest.xml @@ -337,6 +337,9 @@ @@ -58,7 +58,7 @@ index 00ca44383089..b7fb28930a58 100644 diff --git a/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java b/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java -index dbbd2a2846f5..e1e961317334 100644 +index a7d75eeded4d..d93855631b24 100644 --- a/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java +++ b/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java @@ -206,6 +206,8 @@ public class KeyguardViewMediator implements CoreStartable, Dumpable, @@ -82,7 +82,7 @@ index dbbd2a2846f5..e1e961317334 100644 private final DismissCallbackRegistry mDismissCallbackRegistry; // the properties of the keyguard -@@ -1284,6 +1291,7 @@ public class KeyguardViewMediator implements CoreStartable, Dumpable, +@@ -1286,6 +1293,7 @@ public class KeyguardViewMediator implements CoreStartable, Dumpable, final IntentFilter delayedActionFilter = new IntentFilter(); delayedActionFilter.addAction(DELAYED_KEYGUARD_ACTION); delayedActionFilter.addAction(DELAYED_LOCK_PROFILE_ACTION); @@ -90,7 +90,7 @@ index dbbd2a2846f5..e1e961317334 100644 delayedActionFilter.setPriority(IntentFilter.SYSTEM_HIGH_PRIORITY); mContext.registerReceiver(mDelayedLockBroadcastReceiver, delayedActionFilter, SYSTEMUI_PERMISSION, null /* scheduler */, -@@ -1619,6 +1627,18 @@ public class KeyguardViewMediator implements CoreStartable, Dumpable, +@@ -1621,6 +1629,18 @@ public class KeyguardViewMediator implements CoreStartable, Dumpable, } } @@ -109,7 +109,7 @@ index dbbd2a2846f5..e1e961317334 100644 private void doKeyguardForChildProfilesLocked() { UserManager um = UserManager.get(mContext); for (int profileId : um.getEnabledProfileIds(UserHandle.myUserId())) { -@@ -1636,6 +1656,10 @@ public class KeyguardViewMediator implements CoreStartable, Dumpable, +@@ -1638,6 +1658,10 @@ public class KeyguardViewMediator implements CoreStartable, Dumpable, mDelayedProfileShowingSequence++; } @@ -120,7 +120,7 @@ index dbbd2a2846f5..e1e961317334 100644 /** * It will let us know when the device is waking up. */ -@@ -1987,6 +2011,10 @@ public class KeyguardViewMediator implements CoreStartable, Dumpable, +@@ -1990,6 +2014,10 @@ public class KeyguardViewMediator implements CoreStartable, Dumpable, if (DEBUG) Log.d(TAG, "doKeyguard: showing the lock screen"); showLocked(options); @@ -131,7 +131,7 @@ index dbbd2a2846f5..e1e961317334 100644 } private void lockProfile(int userId) { -@@ -2171,6 +2199,12 @@ public class KeyguardViewMediator implements CoreStartable, Dumpable, +@@ -2174,6 +2202,12 @@ public class KeyguardViewMediator implements CoreStartable, Dumpable, } } } @@ -144,7 +144,7 @@ index dbbd2a2846f5..e1e961317334 100644 } } }; -@@ -2771,6 +2805,7 @@ public class KeyguardViewMediator implements CoreStartable, Dumpable, +@@ -2777,6 +2811,7 @@ public class KeyguardViewMediator implements CoreStartable, Dumpable, mHideAnimationRun = false; adjustStatusBarLocked(); sendUserPresentBroadcast(); diff --git a/Patches/LineageOS-20.0/android_frameworks_base/0018-Exec_Based_Spawning-14.patch b/Patches/LineageOS-20.0/android_frameworks_base/0018-Exec_Based_Spawning-14.patch index e3ae382e..8def94b7 100644 --- a/Patches/LineageOS-20.0/android_frameworks_base/0018-Exec_Based_Spawning-14.patch +++ b/Patches/LineageOS-20.0/android_frameworks_base/0018-Exec_Based_Spawning-14.patch @@ -109,10 +109,10 @@ index 749c67abf389..39f08b6a0f15 100644 // classpath. If found, create a PathClassLoader and use it for applicationInit. ClassLoader classLoader = null; diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java -index aa64cbffda24..71458e8568c7 100644 +index b9ca7055d1b9..9a2f0619431b 100644 --- a/services/core/java/com/android/server/am/ActivityManagerService.java +++ b/services/core/java/com/android/server/am/ActivityManagerService.java -@@ -18597,4 +18597,10 @@ public class ActivityManagerService extends IActivityManager.Stub +@@ -18607,4 +18607,10 @@ public class ActivityManagerService extends IActivityManager.Stub Trace.traceBegin(traceTag, methodName + subInfo); } } diff --git a/Patches/LineageOS-20.0/android_frameworks_base/0026-Crash_Details.patch b/Patches/LineageOS-20.0/android_frameworks_base/0026-Crash_Details.patch index 6ca17d4d..c99d5e0a 100644 --- a/Patches/LineageOS-20.0/android_frameworks_base/0026-Crash_Details.patch +++ b/Patches/LineageOS-20.0/android_frameworks_base/0026-Crash_Details.patch @@ -136,7 +136,7 @@ index 7d8e2f818ce9..6ffcf51936fc 100644 diff --git a/packages/SystemUI/AndroidManifest.xml b/packages/SystemUI/AndroidManifest.xml -index b7fb28930a58..025e7708ede9 100644 +index 286155953bed..d47f9162328f 100644 --- a/packages/SystemUI/AndroidManifest.xml +++ b/packages/SystemUI/AndroidManifest.xml @@ -1007,6 +1007,18 @@ diff --git a/Scripts/LineageOS-18.1/Functions.sh b/Scripts/LineageOS-18.1/Functions.sh index 7576757a..c4730a1e 100644 --- a/Scripts/LineageOS-18.1/Functions.sh +++ b/Scripts/LineageOS-18.1/Functions.sh @@ -124,7 +124,6 @@ patchWorkspaceReal() { repopick -fit msm8974-gps-r; repopick -fit hh-vsync; repopick -fi 311299; - repopick -it R_asb_2023-08; sh "$DOS_SCRIPTS/Patch.sh"; sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh"; diff --git a/Scripts/LineageOS-18.1/Patch.sh b/Scripts/LineageOS-18.1/Patch.sh index e1976653..9bcadf46 100644 --- a/Scripts/LineageOS-18.1/Patch.sh +++ b/Scripts/LineageOS-18.1/Patch.sh @@ -96,7 +96,6 @@ sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aap awk -i inplace '!/updatable_apex.mk/' target/product/mainline_system.mk; #Disable APEX sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS) #sed -i 's/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := true/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := false/' core/product_config.mk; #broken by hardenDefconfig -sed -i 's/2023-07-05/2023-08-05/' core/version_defaults.mk; #Bump Security String #R_asb_2023-08 #XXX fi; if enterAndClear "build/soong"; then @@ -312,10 +311,6 @@ applyPatch "$DOS_PATCHES/android_packages_apps_PermissionController/0002-Special applyPatch "$DOS_PATCHES/android_packages_apps_PermissionController/0002-Special_Permissions-3.patch"; #UI fix for special runtime permission (GrapheneOS) fi; -if enterAndClear "packages/apps/QuickAccessWallet"; then -git fetch https://github.com/LineageOS/android_packages_apps_QuickAccessWallet refs/changes/39/364039/1 && git cherry-pick FETCH_HEAD; #R_asb_2023-08 -fi; - if enterAndClear "packages/apps/Settings"; then #applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969) applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle-gos.patch"; #Add option to disable captive portal checks (GrapheneOS) diff --git a/Scripts/LineageOS-19.1/Functions.sh b/Scripts/LineageOS-19.1/Functions.sh index d9ac96d8..b8707f80 100644 --- a/Scripts/LineageOS-19.1/Functions.sh +++ b/Scripts/LineageOS-19.1/Functions.sh @@ -86,10 +86,9 @@ patchWorkspaceReal() { verifyAllPlatformTags; gpgVerifyGitHead "$DOS_BUILD_BASE/external/chromium-webview"; - source build/envsetup.sh; + #source build/envsetup.sh; #repopick -ift twelve-bt-sbc-hd-dualchannel; #repopick -it twelve-colors; - repopick -it S_asb_2023-08; sh "$DOS_SCRIPTS/Patch.sh"; sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh"; diff --git a/Scripts/LineageOS-19.1/Patch.sh b/Scripts/LineageOS-19.1/Patch.sh index 78905407..361f8ad6 100644 --- a/Scripts/LineageOS-19.1/Patch.sh +++ b/Scripts/LineageOS-19.1/Patch.sh @@ -98,7 +98,6 @@ sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aap awk -i inplace '!/updatable_apex.mk/' target/product/generic_system.mk; #Disable APEX sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS) #sed -i 's/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := true/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := false/' core/product_config.mk; #broken by hardenDefconfig -sed -i 's/2023-07-05/2023-08-05/' core/version_defaults.mk; #Bump Security String #S_asb_2023-08 #XXX fi; if enterAndClear "build/soong"; then @@ -106,10 +105,6 @@ applyPatch "$DOS_PATCHES/android_build_soong/0001-Enable_fwrapv.patch"; #Use -fw if [ "$DOS_GRAPHENE_MALLOC" = true ]; then applyPatch "$DOS_PATCHES/android_build_soong/0002-hm_apex.patch"; fi; #(GrapheneOS) fi; -if enterAndClear "external/aac"; then -git fetch https://github.com/LineageOS/android_external_aac refs/changes/80/363980/1 && git cherry-pick FETCH_HEAD; #S_asb_2023-08 -fi; - if enterAndClear "external/chromium-webview"; then if [ "$(type -t DOS_WEBVIEW_CHERRYPICK)" = "alias" ] ; then DOS_WEBVIEW_CHERRYPICK; fi; #Update the WebView to latest if available if [ "$DOS_WEBVIEW_LFS" = true ]; then git lfs pull; fi; #Ensure the objects are available @@ -293,10 +288,6 @@ applyPatch "$DOS_PATCHES/android_packages_apps_LineageParts/0001-Remove_Analytic cp -f "$DOS_PATCHES_COMMON/contributors.db" assets/contributors.db; #Update contributors cloud fi; -if enterAndClear "packages/apps/ManagedProvisioning"; then -git fetch https://github.com/LineageOS/android_packages_apps_ManagedProvisioning refs/changes/19/364019/1 && git cherry-pick FETCH_HEAD; #S_asb_2023-08 -fi; - if enterAndClear "packages/apps/Nfc"; then if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_packages_apps_Nfc/0001-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS) fi; diff --git a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_essential_msm8998.sh b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_essential_msm8998.sh index 62cb76fd..a0503d24 100644 --- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_essential_msm8998.sh +++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_essential_msm8998.sh @@ -223,7 +223,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35824/4.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0016.patch git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0029.patch git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-slab/4.4/0004.patch -editKernelLocalversion "-dos.p224" +editKernelLocalversion "-dos.p223" else echo "kernel_essential_msm8998 is unavailable, not patching."; fi; cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_fairphone_sdm632.sh b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_fairphone_sdm632.sh index 03688ae6..e5402aca 100644 --- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_fairphone_sdm632.sh +++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_fairphone_sdm632.sh @@ -113,7 +113,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-fortify/4.9/000 git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0016.patch git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0029.patch git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-slab/4.9/0005.patch -editKernelLocalversion "-dos.p114" +editKernelLocalversion "-dos.p113" else echo "kernel_fairphone_sdm632 is unavailable, not patching."; fi; cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_fairphone_sm7225.sh b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_fairphone_sm7225.sh index 3ce261b0..2ff01d19 100644 --- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_fairphone_sm7225.sh +++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_fairphone_sm7225.sh @@ -83,7 +83,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-4133/^6.3/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-4134/^6.3/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23000/^5.16/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35001/^6.4/0001.patch -editKernelLocalversion "-dos.p84" +editKernelLocalversion "-dos.p83" else echo "kernel_fairphone_sm7225 is unavailable, not patching."; fi; cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_fxtec_msm8998.sh b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_fxtec_msm8998.sh index ff66b638..c3097894 100644 --- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_fxtec_msm8998.sh +++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_fxtec_msm8998.sh @@ -170,7 +170,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-30772/4.4/0008.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32269/4.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-34256/4.4/0008.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35824/4.4/0001.patch -editKernelLocalversion "-dos.p171" +editKernelLocalversion "-dos.p170" else echo "kernel_fxtec_msm8998 is unavailable, not patching."; fi; cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_fxtec_sm6115.sh b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_fxtec_sm6115.sh index 32707955..48a57caa 100644 --- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_fxtec_sm6115.sh +++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_fxtec_sm6115.sh @@ -83,7 +83,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-4133/^6.3/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-4134/^6.3/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23000/^5.16/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35001/^6.4/0001.patch -editKernelLocalversion "-dos.p84" +editKernelLocalversion "-dos.p83" else echo "kernel_fxtec_sm6115 is unavailable, not patching."; fi; cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_msm-4.14.sh b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_msm-4.14.sh index c85956e6..cad6a87b 100644 --- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_msm-4.14.sh +++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_msm-4.14.sh @@ -122,7 +122,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32269/4.14/0003.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-34256/4.14/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35001/^6.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35824/4.14/0003.patch -editKernelLocalversion "-dos.p123" +editKernelLocalversion "-dos.p122" else echo "kernel_google_msm-4.14 is unavailable, not patching."; fi; cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_msm-4.9.sh b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_msm-4.9.sh index 22ee8a42..546bbcfd 100644 --- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_msm-4.9.sh +++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_msm-4.9.sh @@ -119,7 +119,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-fortify/4.9/000 git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0016.patch git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0029.patch git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-slab/4.9/0005.patch -editKernelLocalversion "-dos.p120" +editKernelLocalversion "-dos.p119" else echo "kernel_google_msm-4.9 is unavailable, not patching."; fi; cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_redbull.sh b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_redbull.sh index 989f73d3..d3e57eac 100644 --- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_redbull.sh +++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_redbull.sh @@ -142,7 +142,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35788/4.19/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35823/4.19/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35824/4.19/0004.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35828/4.19/0002.patch -editKernelLocalversion "-dos.p143" +editKernelLocalversion "-dos.p142" else echo "kernel_google_redbull is unavailable, not patching."; fi; cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_wahoo.sh b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_wahoo.sh index e95cc0df..ba8f14ab 100644 --- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_wahoo.sh +++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_wahoo.sh @@ -187,7 +187,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35824/4.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0016.patch git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0029.patch git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-slab/4.4/0004.patch -editKernelLocalversion "-dos.p188" +editKernelLocalversion "-dos.p187" else echo "kernel_google_wahoo is unavailable, not patching."; fi; cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_msm8998.sh b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_msm8998.sh index bd7f24c6..fb856053 100644 --- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_msm8998.sh +++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_msm8998.sh @@ -170,7 +170,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-30772/4.4/0008.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32269/4.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-34256/4.4/0008.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35824/4.4/0001.patch -editKernelLocalversion "-dos.p171" +editKernelLocalversion "-dos.p170" else echo "kernel_oneplus_msm8998 is unavailable, not patching."; fi; cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_sdm845.sh b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_sdm845.sh index 7fdd825f..a9bf8e4b 100644 --- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_sdm845.sh +++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_sdm845.sh @@ -113,7 +113,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-fortify/4.9/000 git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0016.patch git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0029.patch git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-slab/4.9/0005.patch -editKernelLocalversion "-dos.p114" +editKernelLocalversion "-dos.p113" else echo "kernel_oneplus_sdm845 is unavailable, not patching."; fi; cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_sm7250.sh b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_sm7250.sh index a2190200..928f9aa9 100644 --- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_sm7250.sh +++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_sm7250.sh @@ -116,7 +116,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35788/4.19/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35823/4.19/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35824/4.19/0004.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35828/4.19/0002.patch -editKernelLocalversion "-dos.p117" +editKernelLocalversion "-dos.p116" else echo "kernel_oneplus_sm7250 is unavailable, not patching."; fi; cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_sm8150.sh b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_sm8150.sh index 15532ae5..9aaacb2d 100644 --- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_sm8150.sh +++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_sm8150.sh @@ -474,7 +474,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35824/4.14/0003.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/4.14/0005.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-24586/4.14/0003.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-27830/4.14/0002.patch -editKernelLocalversion "-dos.p475" +editKernelLocalversion "-dos.p474" else echo "kernel_oneplus_sm8150 is unavailable, not patching."; fi; cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_sm8250.sh b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_sm8250.sh index b1544f3e..19db9167 100644 --- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_sm8250.sh +++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_sm8250.sh @@ -81,7 +81,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-4133/^6.3/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-4134/^6.3/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23000/^5.16/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35001/^6.4/0001.patch -editKernelLocalversion "-dos.p82" +editKernelLocalversion "-dos.p81" else echo "kernel_oneplus_sm8250 is unavailable, not patching."; fi; cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_sm8350.sh b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_sm8350.sh index f9b992ea..8b811583 100644 --- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_sm8350.sh +++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_sm8350.sh @@ -50,7 +50,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35823/5.4/0005.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35824/5.4/0007.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35826/^6.3/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35828/5.4/0005.patch -editKernelLocalversion "-dos.p51" +editKernelLocalversion "-dos.p50" else echo "kernel_oneplus_sm8350 is unavailable, not patching."; fi; cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_razer_msm8998.sh b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_razer_msm8998.sh index e0d6f91a..46bff475 100644 --- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_razer_msm8998.sh +++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_razer_msm8998.sh @@ -170,7 +170,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-30772/4.4/0008.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32269/4.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-34256/4.4/0008.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35824/4.4/0001.patch -editKernelLocalversion "-dos.p171" +editKernelLocalversion "-dos.p170" else echo "kernel_razer_msm8998 is unavailable, not patching."; fi; cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_razer_sdm845.sh b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_razer_sdm845.sh index 016e0772..00c4a32a 100644 --- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_razer_sdm845.sh +++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_razer_sdm845.sh @@ -113,7 +113,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-fortify/4.9/000 git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0016.patch git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0029.patch git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-slab/4.9/0005.patch -editKernelLocalversion "-dos.p114" +editKernelLocalversion "-dos.p113" else echo "kernel_razer_sdm845 is unavailable, not patching."; fi; cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_samsung_exynos9810.sh b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_samsung_exynos9810.sh index 5c278fc3..7bfca2fb 100644 --- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_samsung_exynos9810.sh +++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_samsung_exynos9810.sh @@ -596,7 +596,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0016.pat git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0029.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14283/4.9/0008.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.9/0007.patch -editKernelLocalversion "-dos.p597" +editKernelLocalversion "-dos.p596" else echo "kernel_samsung_exynos9810 is unavailable, not patching."; fi; cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_sony_sdm845.sh b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_sony_sdm845.sh index 86cc38af..ca4ba26b 100644 --- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_sony_sdm845.sh +++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_sony_sdm845.sh @@ -435,7 +435,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0029.pat git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-slab/4.9/0005.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-24586/4.9/0009.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.9/0007.patch -editKernelLocalversion "-dos.p436" +editKernelLocalversion "-dos.p435" else echo "kernel_sony_sdm845 is unavailable, not patching."; fi; cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_xiaomi_msm8937.sh b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_xiaomi_msm8937.sh index 89006e2f..2759ae99 100644 --- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_xiaomi_msm8937.sh +++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_xiaomi_msm8937.sh @@ -112,7 +112,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-fortify/4.9/000 git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0016.patch git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0029.patch git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-slab/4.9/0005.patch -editKernelLocalversion "-dos.p113" +editKernelLocalversion "-dos.p112" else echo "kernel_xiaomi_msm8937 is unavailable, not patching."; fi; cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_xiaomi_sdm845.sh b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_xiaomi_sdm845.sh index 279b4a27..232d6725 100644 --- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_xiaomi_sdm845.sh +++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_xiaomi_sdm845.sh @@ -115,7 +115,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-fortify/4.9/000 git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0016.patch git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0029.patch git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-slab/4.9/0005.patch -editKernelLocalversion "-dos.p116" +editKernelLocalversion "-dos.p115" else echo "kernel_xiaomi_sdm845 is unavailable, not patching."; fi; cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_xiaomi_sm8250.sh b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_xiaomi_sm8250.sh index 0a88a7c6..00032104 100644 --- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_xiaomi_sm8250.sh +++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_xiaomi_sm8250.sh @@ -95,7 +95,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35788/4.19/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35823/4.19/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35824/4.19/0004.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-35828/4.19/0002.patch -editKernelLocalversion "-dos.p96" +editKernelLocalversion "-dos.p95" else echo "kernel_xiaomi_sm8250 is unavailable, not patching."; fi; cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-20.0/Patch.sh b/Scripts/LineageOS-20.0/Patch.sh index 8595fb96..045cd67e 100644 --- a/Scripts/LineageOS-20.0/Patch.sh +++ b/Scripts/LineageOS-20.0/Patch.sh @@ -444,6 +444,10 @@ if enterAndClear "device/essential/mata"; then echo "allow permissioncontroller_app tethering_service:service_manager find;" > sepolicy/private/permissioncontroller_app.te; fi; +if enterAndClear "device/fxtec/pro1"; then +echo "type qti_debugfs, fs_type, debugfs_type;" >> sepolicy/vendor/file.te; #fixup +fi; + if enterAndClear "device/google/gs101"; then git revert --no-edit 371473c97a3769f9b0629b33ae7014e78e1e31bb; #potential breakage if [ "$DOS_DEBLOBBER_REMOVE_CNE" = true ]; then sed -i '/google iwlan/,+8d' device.mk; fi; #fix stray @@ -475,6 +479,7 @@ if enterAndClear "device/oneplus/msm8998-common"; then #awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' BoardConfigCommon.mk; #disable releasetools to fix delta ota generation sed -i '/PRODUCT_SYSTEM_VERITY_PARTITION/iPRODUCT_VENDOR_VERITY_PARTITION := /dev/block/bootdevice/by-name/vendor' common.mk; #Support verity on /vendor too awk -i inplace '!/vendor_sensors_dbg_prop/' sepolicy/vendor/hal_camera_default.te; #fixup +echo "type qti_debugfs, fs_type, debugfs_type;" >> sepolicy/vendor/file.te; #fixup fi; if enterAndClear "device/xiaomi/mithorium-common"; then