diff --git a/Manifests/Manifest_LAOS-17.1.xml b/Manifests/Manifest_LAOS-17.1.xml
index 130f85ce..f45f33fb 100644
--- a/Manifests/Manifest_LAOS-17.1.xml
+++ b/Manifests/Manifest_LAOS-17.1.xml
@@ -215,7 +215,9 @@
-
+
+
+
diff --git a/Patches/Common/android_vendor_divested/overlay/common/frameworks/base/core/res/res/values/config.xml b/Patches/Common/android_vendor_divested/overlay/common/frameworks/base/core/res/res/values/config.xml
index dea7202f..3a12168f 100644
--- a/Patches/Common/android_vendor_divested/overlay/common/frameworks/base/core/res/res/values/config.xml
+++ b/Patches/Common/android_vendor_divested/overlay/common/frameworks/base/core/res/res/values/config.xml
@@ -39,7 +39,7 @@
- SUPL_HOST=supl.google.com
- SUPL_PORT=7275
- - NTP_SERVER=north-america.pool.ntp.org
+ - NTP_SERVER=1.android.pool.ntp.org
- SUPL_VER=0x20000
- SUPL_MODE=1
diff --git a/Scripts/Common/Deblob.sh b/Scripts/Common/Deblob.sh
index 8cf2cbc3..71e01066 100644
--- a/Scripts/Common/Deblob.sh
+++ b/Scripts/Common/Deblob.sh
@@ -62,7 +62,7 @@ echo "Deblobbing...";
#AT Command Handling/Forwarding (See: https://atcommands.org)
blobs=$blobs"|bin[/]atd|ATFWD-daemon|drexe|log_serial_arm|at_distributor|connfwexe";
- blobs=$blobs"|vendor.qti.atcmdfwd.*";
+ blobs=$blobs"|vendor.qti.atcmdfwd.*|vendor.qti.hardware.radio.atcmdfwd.*";
blobs=$blobs"|atfwd.apk|OBDM_Permissions.apk";
sepolicy=$sepolicy" atfwd.te";
diff --git a/Scripts/Common/Functions.sh b/Scripts/Common/Functions.sh
index 99b7527d..88bd1ff8 100644
--- a/Scripts/Common/Functions.sh
+++ b/Scripts/Common/Functions.sh
@@ -43,7 +43,7 @@ enter() {
export -f enter;
enterAndClear() {
- if enter "$1"; then gitReset; fi;
+ if enter "$1"; then gitReset; else return 1; fi;
}
export -f enterAndClear;
@@ -295,11 +295,14 @@ pushToServer() {
}
export -f pushToServer;
-removeBuildFingerprint() {
- #Removes the vendor fingerprint, allowing one to be generated instead
- awk -i inplace '!/BUILD_FINGERPRINT/' lineage*.mk;
+removeBuildFingerprints() {
+ #Removes the stock/vendor fingerprint, allowing one to be generated instead
+ #XXX: Breaks existing installs!
+ find device -maxdepth 3 -name "lineage*.mk" -type f -exec sh -c "awk -i inplace '!/BUILD_FINGERPRINT/' {}" \;
+ find device -maxdepth 3 -name "lineage*.mk" -type f -exec sh -c "awk -i inplace '!/PRIVATE_BUILD_DESC/' {}" \;
+ echo "Removed stock build fingerprints";
}
-export -f removeBuildFingerprint;
+export -f removeBuildFingerprints;
disableDexPreOpt() {
cd "$DOS_BUILD_BASE$1";
@@ -360,12 +363,6 @@ deblobAudio() {
}
export -f deblobAudio;
-imsAllowDiag() {
- find device -name "ims.te" -type f -exec sh -c "echo 'diag_use(ims)' >> {}" \;
- find device -name "hal_imsrtp.te" -type f -exec sh -c "echo 'diag_use(hal_imsrtp)' >> {}" \;
-}
-export -f imsAllowDiag;
-
volteOverride() {
cd "$DOS_BUILD_BASE$1";
if grep -sq "config_device_volte_available" "overlay/frameworks/base/core/res/res/values/config.xml"; then
@@ -394,7 +391,7 @@ hardenLocationConf() {
else
local deviceDir=$(dirname "$gpsConfig");
fi;
- #Debugging: adb logcat | grep -i -e locsvc -e izat -e gps -e gnss -e location -e xtra
+ #Debugging: adb logcat -b all | grep -i -e locsvc -e izat -e gps -e gnss -e location -e xtra
#sed -i 's|DEBUG_LEVEL = .|DEBUG_LEVEL = 4|' "$gpsConfig" &> /dev/null || true;
#Enable GLONASS
if [ "$DOS_GPS_GLONASS_FORCED" = true ]; then
diff --git a/Scripts/LineageOS-14.1/Functions.sh b/Scripts/LineageOS-14.1/Functions.sh
index b2dc6338..b214498c 100644
--- a/Scripts/LineageOS-14.1/Functions.sh
+++ b/Scripts/LineageOS-14.1/Functions.sh
@@ -147,6 +147,7 @@ enableDexPreOpt() {
echo "WITH_DEXPREOPT := true" >> BoardConfig.mk;
echo "WITH_DEXPREOPT_PIC := true" >> BoardConfig.mk;
echo "WITH_DEXPREOPT_BOOT_IMG_ONLY := true" >> BoardConfig.mk;
+ echo "WITH_DEXPREOPT_DEBUG_INFO := false" >> BoardConfig.mk;
echo "Enabled dexpreopt for $1";
fi;
fi;
diff --git a/Scripts/LineageOS-15.1/Functions.sh b/Scripts/LineageOS-15.1/Functions.sh
index d37de55b..66ec025a 100644
--- a/Scripts/LineageOS-15.1/Functions.sh
+++ b/Scripts/LineageOS-15.1/Functions.sh
@@ -130,28 +130,19 @@ export -f patchWorkspace;
enableDexPreOpt() {
cd "$DOS_BUILD_BASE$1";
#Some devices won't compile, or have too small of a /system partition, or Wi-Fi breaks
- if [ "$1" != "device/amazon/thor" ] && [ "$1" != "device/samsung/i9100" ] && [ "$1" != "device/samsung/maguro" ] && [ "$1" != "device/samsung/toro" ] && [ "$1" != "device/samsung/toroplus" ] && [ "$1" != "device/samsung/tuna" ] && [ "$1" != "device/lge/h850" ] && [ "$1" != "device/lge/mako" ] && [ "$1" != "device/asus/grouper" ]; then
+ if [ "$1" != "device/lge/h850" ] && [ "$1" != "device/lge/mako" ]; then
if [ -f BoardConfig.mk ]; then
echo "WITH_DEXPREOPT := true" >> BoardConfig.mk;
echo "WITH_DEXPREOPT_PIC := true" >> BoardConfig.mk;
- echo "WITH_DEXPREOPT_BOOT_IMG_AND_SYSTEM_SERVER_ONLY := true" >> BoardConfig.mk;
- echo "Enabled dexpreopt for $1";
+ echo "WITH_DEXPREOPT_BOOT_IMG_AND_SYSTEM_SERVER_ONLY := false" >> BoardConfig.mk;
+ echo "WITH_DEXPREOPT_DEBUG_INFO := false" >> BoardConfig.mk;
+ echo "Enabled full dexpreopt for $1";
fi;
fi;
cd "$DOS_BUILD_BASE";
}
export -f enableDexPreOpt;
-enableDexPreOptFull() {
- cd "$DOS_BUILD_BASE$1";
- if [ -f BoardConfig.mk ]; then
- sed -i "s/WITH_DEXPREOPT_BOOT_IMG_AND_SYSTEM_SERVER_ONLY := true/WITH_DEXPREOPT_BOOT_IMG_AND_SYSTEM_SERVER_ONLY := false/" BoardConfig.mk;
- echo "Enabled full dexpreopt for $1";
- fi;
- cd "$DOS_BUILD_BASE";
-}
-export -f enableDexPreOptFull;
-
enableLowRam() {
cd "$DOS_BUILD_BASE$1";
#if [ -f lineage.mk ]; then echo '$(call inherit-product, $(SRC_TARGET_DIR)/product/go_defaults.mk)' >> lineage.mk; fi;
diff --git a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_fxtec_msm8998.sh b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_fxtec_msm8998.sh
index 973d9071..09a1911a 100644
--- a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_fxtec_msm8998.sh
+++ b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_fxtec_msm8998.sh
@@ -8,13 +8,13 @@ git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0016.patch
git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0020.patch
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0006.patch
-git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0011.patch
-git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0012.patch
+#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0011.patch
+#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0012.patch
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0013.patch
-git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0014.patch
+#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0014.patch
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0015.patch
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0018.patch
-git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0019.patch
+#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0019.patch
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9900/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7837/ANY/0001.patch
diff --git a/Scripts/LineageOS-16.0/Functions.sh b/Scripts/LineageOS-16.0/Functions.sh
index 87df3d63..5a5f097d 100644
--- a/Scripts/LineageOS-16.0/Functions.sh
+++ b/Scripts/LineageOS-16.0/Functions.sh
@@ -153,29 +153,16 @@ patchWorkspace() {
export -f patchWorkspace;
enableDexPreOpt() {
- cd "$DOS_BUILD_BASE$1";
- #Some devices won't compile, or have too small of a /system partition, or Wi-Fi breaks
- if [ "$1" != "device/amazon/thor" ] && [ "$1" != "device/samsung/i9100" ] && [ "$1" != "device/samsung/maguro" ] && [ "$1" != "device/samsung/toro" ] && [ "$1" != "device/samsung/toroplus" ] && [ "$1" != "device/samsung/tuna" ] && [ "$1" != "device/lge/h850" ] && [ "$1" != "device/lge/mako" ] && [ "$1" != "device/asus/grouper" ]; then
- if [ -f BoardConfig.mk ]; then
- echo "WITH_DEXPREOPT := true" >> BoardConfig.mk;
- echo "WITH_DEXPREOPT_PIC := true" >> BoardConfig.mk;
- echo "WITH_DEXPREOPT_BOOT_IMG_AND_SYSTEM_SERVER_ONLY := true" >> BoardConfig.mk;
- echo "Enabled dexpreopt for $1";
- fi;
- fi;
- cd "$DOS_BUILD_BASE";
-}
-export -f enableDexPreOpt;
-
-enableDexPreOptFull() {
cd "$DOS_BUILD_BASE$1";
if [ -f BoardConfig.mk ]; then
- sed -i "s/WITH_DEXPREOPT_BOOT_IMG_AND_SYSTEM_SERVER_ONLY := true/WITH_DEXPREOPT_BOOT_IMG_AND_SYSTEM_SERVER_ONLY := false/" BoardConfig.mk;
+ echo "WITH_DEXPREOPT := true" >> BoardConfig.mk;
+ echo "WITH_DEXPREOPT_BOOT_IMG_AND_SYSTEM_SERVER_ONLY := false" >> BoardConfig.mk;
+ echo "WITH_DEXPREOPT_DEBUG_INFO := false" >> BoardConfig.mk;
echo "Enabled full dexpreopt for $1";
fi;
cd "$DOS_BUILD_BASE";
}
-export -f enableDexPreOptFull;
+export -f enableDexPreOpt;
enableLowRam() {
cd "$DOS_BUILD_BASE$1";
diff --git a/Scripts/LineageOS-16.0/Patch.sh b/Scripts/LineageOS-16.0/Patch.sh
index 7633cd19..1f4ed489 100644
--- a/Scripts/LineageOS-16.0/Patch.sh
+++ b/Scripts/LineageOS-16.0/Patch.sh
@@ -209,6 +209,9 @@ echo "/dev/block/platform/msm_sdcc\.1/by-name/misc u:object_r:misc_block_device:
enterAndClear "device/asus/zenfone3";
rm -rf libhidl; #breaks other devices
+enterAndClear "device/fxtec/pro1";
+enableVerity; #Resurrect dm-verity
+
enterAndClear "device/google/bonito";
enableVerity; #Resurrect dm-verity
@@ -254,6 +257,9 @@ enterAndClear "device/oneplus/msm8998-common";
patch -p1 < "$DOS_PATCHES_COMMON/android_device_audio/0001-No_Vorbis_Offload.patch"; #Fix Ogg Vorbis playback
awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' BoardConfigCommon.mk; #disable releasetools to fix delta ota generation
+enterAndClear "device/oneplus/sm8150-common";
+enableVerity; #Resurrect dm-verity
+
enterAndClear "device/oppo/common";
awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' BoardConfigCommon.mk; #disable releasetools to fix delta ota generation
diff --git a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_oneplus_sdm845.sh b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_oneplus_sdm845.sh
index 04b6811d..9af248f7 100644
--- a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_oneplus_sdm845.sh
+++ b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_oneplus_sdm845.sh
@@ -1,5 +1,6 @@
#!/bin/bash
cd "$DOS_BUILD_BASE""kernel/oneplus/sdm845"
+git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.9/4.9.0239-0240.patch --exclude=Makefile
git apply $DOS_PATCHES_LINUX_CVES/0005-Graphene-Deny_USB/4.9/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0016.patch
git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0020.patch
@@ -72,8 +73,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-3674/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-10766/4.9/0005.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11608/4.9/0007.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11608/^5.6.1/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12351/4.9/0005.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12352/3.6-^5.10/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12352/ANY/0011.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12656/4.9/0010.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12656/4.9/0011.patch
@@ -88,7 +87,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-15393/4.9/0006.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-16119/^5.10/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-16166/4.9/0004.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-24394/^5.7.8/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-24490/4.9/0003.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25211/4.9/0003.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25212/4.9/0004.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25220/4.9/0001.patch
@@ -97,5 +95,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25285/4.9/0004.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25641/4.9/0004.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25643/4.9/0006.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-26088/4.9/0006.patch
-editKernelLocalversion "-dos.p97"
+editKernelLocalversion "-dos.p95"
cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_razer_msm8998.sh b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_razer_msm8998.sh
index f5699d2a..58324e95 100644
--- a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_razer_msm8998.sh
+++ b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_razer_msm8998.sh
@@ -1,6 +1,5 @@
#!/bin/bash
cd "$DOS_BUILD_BASE""kernel/razer/msm8998"
-git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.4/4.4.0236-0237.patch --exclude=Makefile
git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0016.patch
git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0020.patch
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0002.patch
@@ -42,16 +41,11 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14763/^4.16.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15291/4.4/0006.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-16994/^5.0/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19051/4.4/0012.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0423/4.4/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0427/4.4/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11608/4.4/0006.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11608/^5.6.1/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12352/3.6-^5.10/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12352/ANY/0011.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14386/3.10-^4.4/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-16119/^5.10/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-24490/4.4/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25211/4.4/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25643/4.4/0005.patch
-editKernelLocalversion "-dos.p53"
+editKernelLocalversion "-dos.p47"
cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_samsung_universal9810.sh b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_samsung_universal9810.sh
index a6642267..a8774b0b 100644
--- a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_samsung_universal9810.sh
+++ b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_samsung_universal9810.sh
@@ -2,6 +2,7 @@
cd "$DOS_BUILD_BASE""kernel/samsung/universal9810"
git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.9/4.9.0218-0219.patch --exclude=Makefile
git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.9/4.9.0225-0226.patch --exclude=Makefile
+git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.9/4.9.0239-0240.patch --exclude=Makefile
git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0016.patch
git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0020.patch
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.9/0025.patch
@@ -74,8 +75,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-10757/4.9/0004.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-10766/4.9/0005.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11608/4.9/0007.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11608/^5.6.1/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12351/4.9/0005.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12352/3.6-^5.10/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12352/ANY/0011.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12464/4.9/0006.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12656/4.9/0010.patch
@@ -93,7 +92,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14390/4.9/0004.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-15393/4.9/0006.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-16119/^5.10/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-24394/^5.7.8/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-24490/4.9/0003.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25211/4.9/0003.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25212/4.9/0004.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25284/4.9/0004.patch
@@ -101,5 +99,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25285/4.9/0004.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25641/4.9/0004.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25643/4.9/0006.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-26088/4.9/0006.patch
-editKernelLocalversion "-dos.p101"
+editKernelLocalversion "-dos.p99"
cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_xiaomi_sdm845.sh b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_xiaomi_sdm845.sh
index 8c1ff937..0ba9e860 100644
--- a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_xiaomi_sdm845.sh
+++ b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_xiaomi_sdm845.sh
@@ -52,10 +52,10 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15291/4.9/0007.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-16921/^4.17/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-16994/4.9/0004.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19051/4.9/0013.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19068/4.9/0005.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19318/^5.3.11/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20908/^5.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0067/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0423/^5.9/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-3674/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11608/4.9/0007.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11608/^5.6.1/0001.patch
diff --git a/Scripts/LineageOS-17.1/Functions.sh b/Scripts/LineageOS-17.1/Functions.sh
index 403249e0..b960ce4c 100644
--- a/Scripts/LineageOS-17.1/Functions.sh
+++ b/Scripts/LineageOS-17.1/Functions.sh
@@ -90,8 +90,8 @@ buildAll() {
buildDevice sailfish verity;
#SD835
buildDevice cheryl;
- buildDevice cheeseburger verity; #needs manual patching - vendor common makefile + needs 260722 applied in oneplus/msm8998-common
- buildDevice dumpling verity;
+ #buildDevice cheeseburger verity; #needs manual patching - vendor common makefile
+ #buildDevice dumpling verity;
buildDevice mata verity;
buildDevice taimen avb;
buildDevice walleye avb;
@@ -125,6 +125,7 @@ patchWorkspace() {
source build/envsetup.sh;
repopick -i 287339; #releasetools: python3 fix
#repopick -it CVE-2019-2306;
+ #repopick -i 289186;
source "$DOS_SCRIPTS/Patch.sh";
source "$DOS_SCRIPTS_COMMON/Copy_Keys.sh";
@@ -144,29 +145,16 @@ patchWorkspace() {
export -f patchWorkspace;
enableDexPreOpt() {
- cd "$DOS_BUILD_BASE$1";
- #Some devices won't compile, or have too small of a /system partition, or Wi-Fi breaks
- if [ "$1" != "device/amazon/thor" ] && [ "$1" != "device/samsung/i9100" ] && [ "$1" != "device/samsung/maguro" ] && [ "$1" != "device/samsung/toro" ] && [ "$1" != "device/samsung/toroplus" ] && [ "$1" != "device/samsung/tuna" ] && [ "$1" != "device/lge/h850" ] && [ "$1" != "device/lge/mako" ] && [ "$1" != "device/asus/grouper" ]; then
- if [ -f BoardConfig.mk ]; then
- echo "WITH_DEXPREOPT := true" >> BoardConfig.mk;
- echo "WITH_DEXPREOPT_PIC := true" >> BoardConfig.mk;
- echo "WITH_DEXPREOPT_BOOT_IMG_AND_SYSTEM_SERVER_ONLY := true" >> BoardConfig.mk;
- echo "Enabled dexpreopt for $1";
- fi;
- fi;
- cd "$DOS_BUILD_BASE";
-}
-export -f enableDexPreOpt;
-
-enableDexPreOptFull() {
cd "$DOS_BUILD_BASE$1";
if [ -f BoardConfig.mk ]; then
- sed -i "s/WITH_DEXPREOPT_BOOT_IMG_AND_SYSTEM_SERVER_ONLY := true/WITH_DEXPREOPT_BOOT_IMG_AND_SYSTEM_SERVER_ONLY := false/" BoardConfig.mk;
+ echo "WITH_DEXPREOPT := true" >> BoardConfig.mk;
+ echo "WITH_DEXPREOPT_BOOT_IMG_AND_SYSTEM_SERVER_ONLY := false" >> BoardConfig.mk;
+ echo "WITH_DEXPREOPT_DEBUG_INFO := false" >> BoardConfig.mk;
echo "Enabled full dexpreopt for $1";
fi;
cd "$DOS_BUILD_BASE";
}
-export -f enableDexPreOptFull;
+export -f enableDexPreOpt;
enableLowRam() {
cd "$DOS_BUILD_BASE$1";
diff --git a/Scripts/LineageOS-17.1/Patch.sh b/Scripts/LineageOS-17.1/Patch.sh
index 5be5c43e..204572f2 100644
--- a/Scripts/LineageOS-17.1/Patch.sh
+++ b/Scripts/LineageOS-17.1/Patch.sh
@@ -84,6 +84,7 @@ enterAndClear "frameworks/av";
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_av/0001-HM_A2DP_Fix.patch"; fi; #(GrapheneOS)
enterAndClear "frameworks/base";
+git revert --no-edit 2fb8dda77a5942ebef1ecc70df7b5e506cbb5681;
hardenLocationFWB "$DOS_BUILD_BASE"; #XXX 17REBASE
hardenLocationConf services/core/java/com/android/server/location/gps_debug.conf;
sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox
@@ -102,6 +103,7 @@ patch -p1 < "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Re
if [ "$DOS_GRAPHENE_EXEC" = true ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_base/0010-Exec_Based_Spawning.patch"; fi; #add exec-based spawning support (GrapheneOS)
patch -p1 < "$DOS_PATCHES/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #don't send IMSI to SUPL (MSe)
patch -p1 < "$DOS_PATCHES/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #enable fingerprint failed lockout after 5 attempts (GrapheneOS)
+#sed -i '295i\ packageList.add("net.sourceforge.opencamera");' core/java/android/hardware/Camera.java; #add Open Camera to aux camera whitelist
if [ "$DOS_MICROG_INCLUDED" != "FULL" ]; then rm -rf packages/CompanionDeviceManager; fi; #Used to support Android Wear (which hard depends on GMS)
rm -rf packages/OsuLogin; #Automatic Wi-Fi connection non-sense
rm -rf packages/PrintRecommendationService; #Creates popups to install proprietary print apps
@@ -214,10 +216,16 @@ rm -rf bdAddrLoader; #duplicate with mako
#enterAndClear "device/cyanogen/msm8916-common";
#awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' BoardConfigCommon.mk; #broken releasetools
+enterAndClear "device/fxtec/pro1";
+enableVerity; #Resurrect dm-verity
+
enterAndClear "device/google/bonito";
enableVerity; #Resurrect dm-verity
awk -i inplace '!/INODE_COUNT/' BoardConfig-lineage.mk; #mke2fs -1 incompatibility (?)
+enterAndClear "device/google/coral";
+enableVerity; #Resurrect dm-verity
+
enterAndClear "device/google/crosshatch";
enableVerity; #Resurrect dm-verity
@@ -263,6 +271,9 @@ enterAndClear "device/oneplus/msm8998-common";
patch -p1 < "$DOS_PATCHES_COMMON/android_device_audio/0001-No_Vorbis_Offload.patch"; #Fix Ogg Vorbis playback
awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' BoardConfigCommon.mk; #disable releasetools to fix delta ota generation
+enterAndClear "device/oneplus/sm8150-common";
+enableVerity; #Resurrect dm-verity
+
enterAndClear "device/oppo/common";
awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' BoardConfigCommon.mk; #disable releasetools to fix delta ota generation