From a3fbed9da5e6c46b5d8923e8ff5a5cc23f6c4a3f Mon Sep 17 00:00:00 2001 From: Tad Date: Fri, 5 Mar 2021 12:54:34 -0500 Subject: [PATCH] Update cherrypicks and small tweaks --- .../android_vendor_divested/packages.mk | 2 +- .../android_system_netd/244387.patch | 134 ------------------ .../android_system_netd/244388.patch | 52 ------- .../android_system_netd/245690.patch | 68 --------- .../android_system_netd/245691.patch | 32 ----- .../android_system_netd/264479.patch | 129 ----------------- .../android_system_netd/264480.patch | 28 ---- .../android_system_netd/264481.patch | 30 ---- .../android_system_netd/264482.patch | 40 ------ .../android_system_netd/264483.patch | 41 ------ .../android_system_netd/264484.patch | 54 ------- .../android_system_netd/264572.patch | 24 ---- .../android_system_netd/264573.patch | 46 ------ PrebuiltApps | 2 +- Scripts/LineageOS-14.1/Functions.sh | 2 - Scripts/LineageOS-14.1/Patch.sh | 5 +- Scripts/LineageOS-15.1/Functions.sh | 3 +- Scripts/LineageOS-15.1/Patch.sh | 5 +- Scripts/LineageOS-16.0/Functions.sh | 3 +- Scripts/LineageOS-16.0/Patch.sh | 8 +- Scripts/LineageOS-17.1/Functions.sh | 3 +- Scripts/LineageOS-17.1/Patch.sh | 18 +-- 22 files changed, 12 insertions(+), 717 deletions(-) delete mode 100644 Patches/LineageOS-14.1/android_system_netd/244387.patch delete mode 100644 Patches/LineageOS-14.1/android_system_netd/244388.patch delete mode 100644 Patches/LineageOS-14.1/android_system_netd/245690.patch delete mode 100644 Patches/LineageOS-14.1/android_system_netd/245691.patch delete mode 100644 Patches/LineageOS-14.1/android_system_netd/264479.patch delete mode 100644 Patches/LineageOS-14.1/android_system_netd/264480.patch delete mode 100644 Patches/LineageOS-14.1/android_system_netd/264481.patch delete mode 100644 Patches/LineageOS-14.1/android_system_netd/264482.patch delete mode 100644 Patches/LineageOS-14.1/android_system_netd/264483.patch delete mode 100644 Patches/LineageOS-14.1/android_system_netd/264484.patch delete mode 100644 Patches/LineageOS-14.1/android_system_netd/264572.patch delete mode 100644 Patches/LineageOS-14.1/android_system_netd/264573.patch diff --git a/Patches/Common/android_vendor_divested/packages.mk b/Patches/Common/android_vendor_divested/packages.mk index 5cfb4fb7..ebfae8fa 100644 --- a/Patches/Common/android_vendor_divested/packages.mk +++ b/Patches/Common/android_vendor_divested/packages.mk @@ -21,7 +21,7 @@ PRODUCT_PACKAGES += \ VanillaMusic # Notes -# - Available (via PrebuiltApps submodule): K9Mail, OpenKeychain, Orbot, Shelter, TalkBack, TorBrowser +# - Available (via PrebuiltApps submodule): K9Mail, OpenKeychain, Orbot, Shelter, TalkBack # - Camera Choices: None (Camera2/Snap), OpenCamera # - Gallery Choices: None (AOSP/Lineage), SimpleGallery # - OpenKeychain inclusion is undecided yet diff --git a/Patches/LineageOS-14.1/android_system_netd/244387.patch b/Patches/LineageOS-14.1/android_system_netd/244387.patch deleted file mode 100644 index a928c29e..00000000 --- a/Patches/LineageOS-14.1/android_system_netd/244387.patch +++ /dev/null @@ -1,134 +0,0 @@ -From 0cd7a28a999b9be67251989f8d434dde172157bd Mon Sep 17 00:00:00 2001 -From: Lorenzo Colitti -Date: Thu, 30 Mar 2017 02:50:09 +0900 -Subject: [PATCH] Really always allow networking on loopback. - -https://android-review.googlesource.com/#/c/294359/ attempted to -allow networking on loopback, but actually does not do anything -because no packet has both -i lo and -o lo: loopback packets have --i lo in INPUT and -o lo in OUTPUT. - -Test: bullhead builds, boots -Test: netd_{unit,integration}_test pass -Test: loopback traffic is matched by new "-i lo" and "-o lo" rules -Test: originated and received traffic is not matched by new rules -Bug: 34444781 -Change-Id: I090cbeafce5bbdcf36a7aecaafbf832feddc06e1 ---- - server/FirewallController.cpp | 3 ++- - server/FirewallControllerTest.cpp | 15 ++++++++++----- - tests/binder_test.cpp | 16 ++++++++-------- - 3 files changed, 20 insertions(+), 14 deletions(-) - -diff --git a/server/FirewallController.cpp b/server/FirewallController.cpp -index 826cf758..ffc99e16 100644 ---- a/server/FirewallController.cpp -+++ b/server/FirewallController.cpp -@@ -301,7 +301,8 @@ std::string FirewallController::makeUidRules(IptablesTarget target, const char * - StringAppendF(&commands, "*filter\n:%s -\n", name); - - // Always allow networking on loopback. -- StringAppendF(&commands, "-A %s -i lo -o lo -j RETURN\n", name); -+ StringAppendF(&commands, "-A %s -i lo -j RETURN\n", name); -+ StringAppendF(&commands, "-A %s -o lo -j RETURN\n", name); - - // Allow TCP RSTs so we can cleanly close TCP connections of apps that no longer have network - // access. Both incoming and outgoing RSTs are allowed. -diff --git a/server/FirewallControllerTest.cpp b/server/FirewallControllerTest.cpp -index 7d96c61c..ba449db0 100644 ---- a/server/FirewallControllerTest.cpp -+++ b/server/FirewallControllerTest.cpp -@@ -56,7 +56,8 @@ TEST_F(FirewallControllerTest, TestCreateWhitelistChain) { - std::vector expectedRestore4 = { - "*filter", - ":fw_whitelist -", -- "-A fw_whitelist -i lo -o lo -j RETURN", -+ "-A fw_whitelist -i lo -j RETURN", -+ "-A fw_whitelist -o lo -j RETURN", - "-A fw_whitelist -p tcp --tcp-flags RST RST -j RETURN", - "-A fw_whitelist -m owner --uid-owner 0-9999 -j RETURN", - "-A fw_whitelist -j DROP", -@@ -65,7 +66,8 @@ TEST_F(FirewallControllerTest, TestCreateWhitelistChain) { - std::vector expectedRestore6 = { - "*filter", - ":fw_whitelist -", -- "-A fw_whitelist -i lo -o lo -j RETURN", -+ "-A fw_whitelist -i lo -j RETURN", -+ "-A fw_whitelist -o lo -j RETURN", - "-A fw_whitelist -p tcp --tcp-flags RST RST -j RETURN", - "-A fw_whitelist -p icmpv6 --icmpv6-type packet-too-big -j RETURN", - "-A fw_whitelist -p icmpv6 --icmpv6-type router-solicitation -j RETURN", -@@ -95,7 +97,8 @@ TEST_F(FirewallControllerTest, TestCreateBlacklistChain) { - std::vector expectedRestore = { - "*filter", - ":fw_blacklist -", -- "-A fw_blacklist -i lo -o lo -j RETURN", -+ "-A fw_blacklist -i lo -j RETURN", -+ "-A fw_blacklist -o lo -j RETURN", - "-A fw_blacklist -p tcp --tcp-flags RST RST -j RETURN", - "COMMIT\n\x04" - }; -@@ -141,7 +144,8 @@ TEST_F(FirewallControllerTest, TestReplaceWhitelistUidRule) { - std::string expected = - "*filter\n" - ":FW_whitechain -\n" -- "-A FW_whitechain -i lo -o lo -j RETURN\n" -+ "-A FW_whitechain -i lo -j RETURN\n" -+ "-A FW_whitechain -o lo -j RETURN\n" - "-A FW_whitechain -p tcp --tcp-flags RST RST -j RETURN\n" - "-A FW_whitechain -p icmpv6 --icmpv6-type packet-too-big -j RETURN\n" - "-A FW_whitechain -p icmpv6 --icmpv6-type router-solicitation -j RETURN\n" -@@ -168,7 +172,8 @@ TEST_F(FirewallControllerTest, TestReplaceBlacklistUidRule) { - std::string expected = - "*filter\n" - ":FW_blackchain -\n" -- "-A FW_blackchain -i lo -o lo -j RETURN\n" -+ "-A FW_blackchain -i lo -j RETURN\n" -+ "-A FW_blackchain -o lo -j RETURN\n" - "-A FW_blackchain -p tcp --tcp-flags RST RST -j RETURN\n" - "-A FW_blackchain -m owner --uid-owner 10023 -j DROP\n" - "-A FW_blackchain -m owner --uid-owner 10059 -j DROP\n" -diff --git a/tests/binder_test.cpp b/tests/binder_test.cpp -index 5395f1d2..dcaf2302 100644 ---- a/tests/binder_test.cpp -+++ b/tests/binder_test.cpp -@@ -176,31 +176,31 @@ TEST_F(BinderTest, TestFirewallReplaceUidChain) { - mNetd->firewallReplaceUidChain(String16(chainName.c_str()), true, uids, &ret); - } - EXPECT_EQ(true, ret); -- EXPECT_EQ((int) uids.size() + 6, iptablesRuleLineLength(IPTABLES_PATH, chainName.c_str())); -- EXPECT_EQ((int) uids.size() + 12, iptablesRuleLineLength(IP6TABLES_PATH, chainName.c_str())); -+ EXPECT_EQ((int) uids.size() + 7, iptablesRuleLineLength(IPTABLES_PATH, chainName.c_str())); -+ EXPECT_EQ((int) uids.size() + 13, iptablesRuleLineLength(IP6TABLES_PATH, chainName.c_str())); - { - TimedOperation op("Clearing whitelist chain"); - mNetd->firewallReplaceUidChain(String16(chainName.c_str()), false, noUids, &ret); - } - EXPECT_EQ(true, ret); -- EXPECT_EQ(4, iptablesRuleLineLength(IPTABLES_PATH, chainName.c_str())); -- EXPECT_EQ(4, iptablesRuleLineLength(IP6TABLES_PATH, chainName.c_str())); -+ EXPECT_EQ(5, iptablesRuleLineLength(IPTABLES_PATH, chainName.c_str())); -+ EXPECT_EQ(5, iptablesRuleLineLength(IP6TABLES_PATH, chainName.c_str())); - - { - TimedOperation op(StringPrintf("Programming %d-UID blacklist chain", kNumUids)); - mNetd->firewallReplaceUidChain(String16(chainName.c_str()), false, uids, &ret); - } - EXPECT_EQ(true, ret); -- EXPECT_EQ((int) uids.size() + 4, iptablesRuleLineLength(IPTABLES_PATH, chainName.c_str())); -- EXPECT_EQ((int) uids.size() + 4, iptablesRuleLineLength(IP6TABLES_PATH, chainName.c_str())); -+ EXPECT_EQ((int) uids.size() + 5, iptablesRuleLineLength(IPTABLES_PATH, chainName.c_str())); -+ EXPECT_EQ((int) uids.size() + 5, iptablesRuleLineLength(IP6TABLES_PATH, chainName.c_str())); - - { - TimedOperation op("Clearing blacklist chain"); - mNetd->firewallReplaceUidChain(String16(chainName.c_str()), false, noUids, &ret); - } - EXPECT_EQ(true, ret); -- EXPECT_EQ(4, iptablesRuleLineLength(IPTABLES_PATH, chainName.c_str())); -- EXPECT_EQ(4, iptablesRuleLineLength(IP6TABLES_PATH, chainName.c_str())); -+ EXPECT_EQ(5, iptablesRuleLineLength(IPTABLES_PATH, chainName.c_str())); -+ EXPECT_EQ(5, iptablesRuleLineLength(IP6TABLES_PATH, chainName.c_str())); - - // Check that the call fails if iptables returns an error. - std::string veryLongStringName = "netd_binder_test_UnacceptablyLongIptablesChainName"; diff --git a/Patches/LineageOS-14.1/android_system_netd/244388.patch b/Patches/LineageOS-14.1/android_system_netd/244388.patch deleted file mode 100644 index 0d70dfd4..00000000 --- a/Patches/LineageOS-14.1/android_system_netd/244388.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 297e6f85ac174825505970e62b4a1f39f84ef3ac Mon Sep 17 00:00:00 2001 -From: Joel Scherpelz -Date: Wed, 14 Jun 2017 10:27:47 +0900 -Subject: [PATCH] BACKPORT: Avoid netlink socket address conflict - -NetlinkManager previously bound all netlink sockets with nl_pid = -getpid(). Unfortunately only the first such socket is allowed to claim -nl_pid = getpid(). The kernel is happy to assign this value -automatically if nl_pid = 0. For more information on nl_pid see "man 7 -netlink". - -When NFLogListener was added, it created a socket with a kernel assigned -nl_pid, unfortunately the kernel assigns getpid() to the first such -socket and listener was initialized earlier in the startup process than -NetlinkManager. - -This change alters NetlinkManager to request a kernel assigned nl_pid and -defensively moves the initialization of NFLogListener later in the -startup sequence to favor proper operation of existing code in -NetlinkManager. Error logging is also slightly improved. - -Test: as follows - - built - - flashed - - booted - - "runtest -x .../netd_unit_test.cpp" passes - - "cts-tradefed run commandAndExit cts-dev -m CtsOsTestCases -t - android.os.cts.StrictModeTest" passes -Bug: 62353125 - -[syphyr: Removed NFLogListener changes] -Signed-off-by: L.W. Reek - -Change-Id: I9c1c76e5769de75ff624bf43634ac4061c447a72 ---- - server/NetlinkManager.cpp | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/server/NetlinkManager.cpp b/server/NetlinkManager.cpp -index 769a80ae..5e6eaba8 100644 ---- a/server/NetlinkManager.cpp -+++ b/server/NetlinkManager.cpp -@@ -73,7 +73,8 @@ NetlinkHandler *NetlinkManager::setupSocket(int *sock, int netlinkFamily, - - memset(&nladdr, 0, sizeof(nladdr)); - nladdr.nl_family = AF_NETLINK; -- nladdr.nl_pid = getpid(); -+ // Kernel will assign a unique nl_pid if set to zero. -+ nladdr.nl_pid = 0; - nladdr.nl_groups = groups; - - if ((*sock = socket(PF_NETLINK, SOCK_DGRAM | SOCK_CLOEXEC, netlinkFamily)) < 0) { diff --git a/Patches/LineageOS-14.1/android_system_netd/245690.patch b/Patches/LineageOS-14.1/android_system_netd/245690.patch deleted file mode 100644 index eac507c7..00000000 --- a/Patches/LineageOS-14.1/android_system_netd/245690.patch +++ /dev/null @@ -1,68 +0,0 @@ -From af314f68701a4d6c06ac1b9a09feddcff5e7eb73 Mon Sep 17 00:00:00 2001 -From: Sehee Park -Date: Wed, 26 Dec 2018 07:28:23 +0900 -Subject: [PATCH] Fix fortify_fatal issue during DNSServiceProcessResult() - -fd was checked at beginnig of DNSServiceProcessResult() -but fd was changed to -1. So, fortify_fatal was occured -when FD_SET() was called. -Abort message: 'FORTIFY: FD_SET: file descriptor -1 < 0' - -Test: Build -Bug: 120910016 -Bug: 121327565 -Change-Id: Ib4c8dcc08223578fb53647637b44a20a4c221050 -Merged-In: Ib4c8dcc08223578fb53647637b44a20a4c221050 -Signed-off-by: Sehee Park -(cherry picked from commit 3eeb0e6b86ac8a7f00968d0a086381e7dcd8cc2b) ---- - server/MDnsSdListener.cpp | 10 +++++++++- - server/MDnsSdListener.h | 1 + - 2 files changed, 10 insertions(+), 1 deletion(-) - -diff --git a/server/MDnsSdListener.cpp b/server/MDnsSdListener.cpp -index 883fe815..e3fd66a0 100644 ---- a/server/MDnsSdListener.cpp -+++ b/server/MDnsSdListener.cpp -@@ -146,7 +146,7 @@ void MDnsSdListener::Handler::stop(SocketClient *cli, int argc, char **argv, con - return; - } - if (VDBG) ALOGD("Stopping %s with ref %p", str, ref); -- DNSServiceRefDeallocate(*ref); -+ mMonitor->deallocateServiceRef(ref); - mMonitor->freeServiceRef(requestId); - char *msg; - asprintf(&msg, "%s stopped", str); -@@ -617,7 +617,9 @@ void MDnsSdListener::Monitor::run() { - ALOGD("Monitor found [%d].revents = %d - calling ProcessResults", - i, mPollFds[i].revents); - } -+ pthread_mutex_lock(&mHeadMutex); - DNSServiceProcessResult(*(mPollRefs[i])); -+ pthread_mutex_unlock(&mHeadMutex); - mPollFds[i].revents = 0; - } - } -@@ -769,3 +771,9 @@ void MDnsSdListener::Monitor::freeServiceRef(int id) { - } - pthread_mutex_unlock(&mHeadMutex); - } -+ -+void MDnsSdListener::Monitor::deallocateServiceRef(DNSServiceRef* ref) { -+ pthread_mutex_lock(&mHeadMutex); -+ DNSServiceRefDeallocate(*ref); -+ pthread_mutex_unlock(&mHeadMutex); -+} -\ No newline at end of file -diff --git a/server/MDnsSdListener.h b/server/MDnsSdListener.h -index e9c6066a..a107d3b8 100644 ---- a/server/MDnsSdListener.h -+++ b/server/MDnsSdListener.h -@@ -76,6 +76,7 @@ class MDnsSdListener : public FrameworkListener { - static void *threadStart(void *handler); - int startService(); - int stopService(); -+ void deallocateServiceRef(DNSServiceRef* ref); - private: - void run(); - int rescan(); // returns the number of elements in the poll diff --git a/Patches/LineageOS-14.1/android_system_netd/245691.patch b/Patches/LineageOS-14.1/android_system_netd/245691.patch deleted file mode 100644 index 33df2e41..00000000 --- a/Patches/LineageOS-14.1/android_system_netd/245691.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 5f01e7f21f155a6b13a5ce659bac1fc03735a5e9 Mon Sep 17 00:00:00 2001 -From: Ken Chen -Date: Sat, 26 Jan 2019 19:17:00 +0800 -Subject: [PATCH] Clear Element.mRef immediately after deallocating it - -DNSServiceRefDeallocate() and pointer dereferencing in request handler -thread are protected by two separate lock/unlock pairs on mHeadMutex. -If rescan() runs between these, it could dereference mRef, causing -a heap-use-after-free bug. - -Solution: set mRef to null immediately after freeing it. - -Bug: 121327565 -Test: build -Change-Id: I56ace2ad8a2da528afa375aefb1b9420547658a7 -(cherry picked from commit 9762bc1964a37ec56091ee2b6070e19c5206f615) ---- - server/MDnsSdListener.cpp | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/server/MDnsSdListener.cpp b/server/MDnsSdListener.cpp -index e3fd66a0..563e0207 100644 ---- a/server/MDnsSdListener.cpp -+++ b/server/MDnsSdListener.cpp -@@ -775,5 +775,6 @@ void MDnsSdListener::Monitor::freeServiceRef(int id) { - void MDnsSdListener::Monitor::deallocateServiceRef(DNSServiceRef* ref) { - pthread_mutex_lock(&mHeadMutex); - DNSServiceRefDeallocate(*ref); -+ *ref = nullptr; - pthread_mutex_unlock(&mHeadMutex); - } -\ No newline at end of file diff --git a/Patches/LineageOS-14.1/android_system_netd/264479.patch b/Patches/LineageOS-14.1/android_system_netd/264479.patch deleted file mode 100644 index 7f59f756..00000000 --- a/Patches/LineageOS-14.1/android_system_netd/264479.patch +++ /dev/null @@ -1,129 +0,0 @@ -From 73e902f57aae15f4d79ed57f46326fb5a0136c94 Mon Sep 17 00:00:00 2001 -From: Erik Kline -Date: Thu, 24 Nov 2016 08:30:34 +0900 -Subject: [PATCH] Cache flushing no longer occurs updating DNS for a single - netid - -Test: runtest netd_integration_test.cpp -Bug: 32517984 -Change-Id: I6a82824ab423a07797291e7b4701350c88809117 ---- - tests/netd_test.cpp | 102 ++++++++++++++++++++++---------------------- - 1 file changed, 51 insertions(+), 51 deletions(-) - -diff --git a/tests/netd_test.cpp b/tests/netd_test.cpp -index a958cd90..97a96b9a 100644 ---- a/tests/netd_test.cpp -+++ b/tests/netd_test.cpp -@@ -386,60 +386,60 @@ TEST_F(ResolverTest, GetAddrInfo) { - dns2.addMapping(host_name, ns_type::ns_t_aaaa, "::1.2.3.4"); - ASSERT_TRUE(dns2.startServer()); - -- for (size_t i = 0 ; i < 1000 ; ++i) { -- std::vector servers = { listen_addr }; -- ASSERT_TRUE(SetResolversForNetwork(mDefaultSearchDomains, servers, mDefaultParams)); -- dns.clearQueries(); -- dns2.clearQueries(); -- -- EXPECT_EQ(0, getaddrinfo("howdy", nullptr, nullptr, &result)); -- size_t found = GetNumQueries(dns, host_name); -- EXPECT_LE(1U, found); -- // Could be A or AAAA -- std::string result_str = ToString(result); -- EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4") -- << ", result_str='" << result_str << "'"; -- // TODO: Use ScopedAddrinfo or similar once it is available in a common header file. -- if (result) { -- freeaddrinfo(result); -- result = nullptr; -- } - -- // Verify that the name is cached. -- size_t old_found = found; -- EXPECT_EQ(0, getaddrinfo("howdy", nullptr, nullptr, &result)); -- found = GetNumQueries(dns, host_name); -- EXPECT_LE(1U, found); -- EXPECT_EQ(old_found, found); -- result_str = ToString(result); -- EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4") -- << result_str; -- if (result) { -- freeaddrinfo(result); -- result = nullptr; -- } -+ std::vector servers = { listen_addr }; -+ ASSERT_TRUE(SetResolversForNetwork(mDefaultSearchDomains, servers, mDefaultParams)); -+ dns.clearQueries(); -+ dns2.clearQueries(); -+ -+ EXPECT_EQ(0, getaddrinfo("howdy", nullptr, nullptr, &result)); -+ size_t found = GetNumQueries(dns, host_name); -+ EXPECT_LE(1U, found); -+ // Could be A or AAAA -+ std::string result_str = ToString(result); -+ EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4") -+ << ", result_str='" << result_str << "'"; -+ // TODO: Use ScopedAddrinfo or similar once it is available in a common header file. -+ if (result) { -+ freeaddrinfo(result); -+ result = nullptr; -+ } - -- // Change the DNS resolver, ensure that queries are no longer cached. -- servers = { listen_addr2 }; -- ASSERT_TRUE(SetResolversForNetwork(mDefaultSearchDomains, servers, mDefaultParams)); -- dns.clearQueries(); -- dns2.clearQueries(); -- -- EXPECT_EQ(0, getaddrinfo("howdy", nullptr, nullptr, &result)); -- found = GetNumQueries(dns, host_name); -- size_t found2 = GetNumQueries(dns2, host_name); -- EXPECT_EQ(0U, found); -- EXPECT_LE(1U, found2); -- -- // Could be A or AAAA -- result_str = ToString(result); -- EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4") -- << ", result_str='" << result_str << "'"; -- if (result) { -- freeaddrinfo(result); -- result = nullptr; -- } -+ // Verify that the name is cached. -+ size_t old_found = found; -+ EXPECT_EQ(0, getaddrinfo("howdy", nullptr, nullptr, &result)); -+ found = GetNumQueries(dns, host_name); -+ EXPECT_LE(1U, found); -+ EXPECT_EQ(old_found, found); -+ result_str = ToString(result); -+ EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4") -+ << result_str; -+ if (result) { -+ freeaddrinfo(result); -+ result = nullptr; - } -+ -+ // Change the DNS resolver, ensure that queries are still cached. -+ servers = { listen_addr2 }; -+ ASSERT_TRUE(SetResolversForNetwork(mDefaultSearchDomains, servers, mDefaultParams)); -+ dns.clearQueries(); -+ dns2.clearQueries(); -+ -+ EXPECT_EQ(0, getaddrinfo("howdy", nullptr, nullptr, &result)); -+ found = GetNumQueries(dns, host_name); -+ size_t found2 = GetNumQueries(dns2, host_name); -+ EXPECT_EQ(0U, found); -+ EXPECT_LE(0U, found2); -+ -+ // Could be A or AAAA -+ result_str = ToString(result); -+ EXPECT_TRUE(result_str == "1.2.3.4" || result_str == "::1.2.3.4") -+ << ", result_str='" << result_str << "'"; -+ if (result) { -+ freeaddrinfo(result); -+ result = nullptr; -+ } -+ - dns.stopServer(); - dns2.stopServer(); - } diff --git a/Patches/LineageOS-14.1/android_system_netd/264480.patch b/Patches/LineageOS-14.1/android_system_netd/264480.patch deleted file mode 100644 index ab88d38a..00000000 --- a/Patches/LineageOS-14.1/android_system_netd/264480.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 7aee5e85160c025a6d3f0460f4482aadb985c0f3 Mon Sep 17 00:00:00 2001 -From: Nick Kralevich -Date: Sat, 19 Nov 2016 09:09:16 -0800 -Subject: [PATCH] TetherController.cpp: add O_CLOEXEC - -Don't leak open file descriptors across execs to netd's children. This -can occur in the unlikely but theoretically possible event that one -thread is in writeToFile() and another thread happens to call exec(). - -Test: device boots with no obvious problems. -Change-Id: Iabd8eee46bf94d70894ca46e58484ccb8241513a ---- - server/TetherController.cpp | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/server/TetherController.cpp b/server/TetherController.cpp -index 3cc46368..65c88ede 100644 ---- a/server/TetherController.cpp -+++ b/server/TetherController.cpp -@@ -46,7 +46,7 @@ const char IPV6_FORWARDING_PROC_FILE[] = "/proc/sys/net/ipv6/conf/all/forwarding - const char SEPARATOR[] = "|"; - - bool writeToFile(const char* filename, const char* value) { -- int fd = open(filename, O_WRONLY); -+ int fd = open(filename, O_WRONLY | O_CLOEXEC); - if (fd < 0) { - ALOGE("Failed to open %s: %s", filename, strerror(errno)); - return false; diff --git a/Patches/LineageOS-14.1/android_system_netd/264481.patch b/Patches/LineageOS-14.1/android_system_netd/264481.patch deleted file mode 100644 index f175ec66..00000000 --- a/Patches/LineageOS-14.1/android_system_netd/264481.patch +++ /dev/null @@ -1,30 +0,0 @@ -From bea94d341f8c3da6611e959b4732accbb079cab1 Mon Sep 17 00:00:00 2001 -From: Manoj Gupta -Date: Tue, 22 Nov 2016 21:15:59 -0800 -Subject: [PATCH] Fix clang static analyzer warnings. - -system/netd/server/NetlinkHandler.cpp:218:12: warning: Dereference of -null pointer (loaded from variable 'gateway') - -Test: Warning no longer appears -Change-Id: Idaa08940c990f7d572e855e77982ffd57a032dd4 ---- - server/NetlinkHandler.cpp | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/server/NetlinkHandler.cpp b/server/NetlinkHandler.cpp -index 19de240a..e9a11bab 100644 ---- a/server/NetlinkHandler.cpp -+++ b/server/NetlinkHandler.cpp -@@ -215,9 +215,9 @@ void NetlinkHandler::notifyRouteChange(NetlinkEvent::Action action, const char * - "Route %s %s%s%s%s%s", - (action == NetlinkEvent::Action::kRouteUpdated) ? kUpdated : kRemoved, - route, -- *gateway ? " via " : "", -+ (gateway && *gateway) ? " via " : "", - gateway, -- *iface ? " dev " : "", -+ (iface && *iface) ? " dev " : "", - iface); - } - diff --git a/Patches/LineageOS-14.1/android_system_netd/264482.patch b/Patches/LineageOS-14.1/android_system_netd/264482.patch deleted file mode 100644 index a49147a7..00000000 --- a/Patches/LineageOS-14.1/android_system_netd/264482.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 147d0470f98c5f5f938892bbc5bb640e115fdb98 Mon Sep 17 00:00:00 2001 -From: Nick Kralevich -Date: Tue, 20 Dec 2016 08:40:35 -0800 -Subject: [PATCH] SockDiag.cpp: Add O_CLOEXEC to tcpdiag sockets - -Add O_CLOEXEC to NETLINK_INET_DIAG sockets. This ensures that the file -descriptors associated with these sockets do not leak across an exec() -boundary. Please see "man 2 open" for a description of why this is -desirable. - -Addresses the following SELinux denial: - - avc: denied { read write } for comm="clatd" path="socket:[902062]" - dev="sockfs" ino=902062 scontext=u:r:clatd:s0 tcontext=u:r:netd:s0 - tclass=netlink_tcpdiag_socket permissive=0 - -which occurs when netd executes clatd and inadvertantly leaks the file -descriptors to that process. - -Test: Android compiles and boots, and no obvious errors -Change-Id: Ic5662fa8df6884e7002a0ec89839fe90abe05574 ---- - server/SockDiag.cpp | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/server/SockDiag.cpp b/server/SockDiag.cpp -index 11711afa..630e379d 100644 ---- a/server/SockDiag.cpp -+++ b/server/SockDiag.cpp -@@ -73,8 +73,8 @@ bool SockDiag::open() { - return false; - } - -- mSock = socket(PF_NETLINK, SOCK_DGRAM, NETLINK_INET_DIAG); -- mWriteSock = socket(PF_NETLINK, SOCK_DGRAM, NETLINK_INET_DIAG); -+ mSock = socket(PF_NETLINK, SOCK_DGRAM | SOCK_CLOEXEC, NETLINK_INET_DIAG); -+ mWriteSock = socket(PF_NETLINK, SOCK_DGRAM | SOCK_CLOEXEC, NETLINK_INET_DIAG); - if (!hasSocks()) { - closeSocks(); - return false; diff --git a/Patches/LineageOS-14.1/android_system_netd/264483.patch b/Patches/LineageOS-14.1/android_system_netd/264483.patch deleted file mode 100644 index ce94c9cb..00000000 --- a/Patches/LineageOS-14.1/android_system_netd/264483.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 3c272f5a65fa8ebabb22bd344ff65c14be47183c Mon Sep 17 00:00:00 2001 -From: Nick Kralevich -Date: Tue, 20 Dec 2016 06:51:32 -0800 -Subject: [PATCH] FwMarkServer.cpp: Add O_CLOEXEC to received FDs - -Add O_CLOEXEC to file descriptors received via the fwmark service. This -prevents netd's file descriptors from leaking across an exec() boundary, -and may address the following non-reproducible SELinux denials: - -avc: denied { use } for comm="clatd" path="socket:[860297]" dev="sockfs" -ino=860297 scontext=u:r:clatd:s0 tcontext=u:r:untrusted_app:s0:c512,c768 -tclass=fd permissive=0 - -avc: denied { read write } for comm="clatd" path="socket:[1414454]" -dev="sockfs" ino=1414454 scontext=u:r:clatd:s0 -tcontext=u:r:system_server:s0 tclass=tcp_socket permissive=0 - -avc: denied { use } for comm="clatd" path="socket:[681600]" dev="sockfs" -ino=681600 scontext=u:r:clatd:s0 tcontext=u:r:priv_app:s0:c512,c768 -tclass=fd permissive=0 - -Test: Device boots and no obvious problems -Test: /data/nativetest/netd_integration_test/netd_integration_test passed -Change-Id: I866b1ee0693516b46269c7106e7fc1f85b017639 ---- - server/FwmarkServer.cpp | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/server/FwmarkServer.cpp b/server/FwmarkServer.cpp -index 80df03f4..38a116d6 100644 ---- a/server/FwmarkServer.cpp -+++ b/server/FwmarkServer.cpp -@@ -74,7 +74,7 @@ int FwmarkServer::processClient(SocketClient* client, int* socketFd) { - message.msg_control = cmsgu.cmsg; - message.msg_controllen = sizeof(cmsgu.cmsg); - -- int messageLength = TEMP_FAILURE_RETRY(recvmsg(client->getSocket(), &message, 0)); -+ int messageLength = TEMP_FAILURE_RETRY(recvmsg(client->getSocket(), &message, MSG_CMSG_CLOEXEC)); - if (messageLength <= 0) { - return -errno; - } diff --git a/Patches/LineageOS-14.1/android_system_netd/264484.patch b/Patches/LineageOS-14.1/android_system_netd/264484.patch deleted file mode 100644 index e95d6573..00000000 --- a/Patches/LineageOS-14.1/android_system_netd/264484.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 2b418c7cdced80f2ecd0e31b357970d51d9e4b25 Mon Sep 17 00:00:00 2001 -From: Lorenzo Colitti -Date: Sat, 21 Jan 2017 15:00:36 +0900 -Subject: [PATCH] Log the time it takes netd to start up. - -Currently on, bullhead-eng, I see: - -01-21 14:59:26.174 21421 21421 I Netd : Netd started in 2432ms - -Test: restarted netd and observed log message. -Bug: 32323979 -Bug: 33279878 -Change-Id: I7195d06d7ed1a09858185555f60b07e5bfe306ed ---- - server/main.cpp | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/server/main.cpp b/server/main.cpp -index ae3a71a3..aab15d66 100644 ---- a/server/main.cpp -+++ b/server/main.cpp -@@ -18,6 +18,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -40,6 +41,7 @@ - #include "NetdConstants.h" - #include "NetdNativeService.h" - #include "NetlinkManager.h" -+#include "Stopwatch.h" - #include "DnsProxyListener.h" - #include "MDnsSdListener.h" - #include "FwmarkServer.h" -@@ -63,6 +65,7 @@ android::RWLock android::net::gBigNetdLock; - - int main() { - using android::net::gCtls; -+ Stopwatch s; - - ALOGI("Netd 1.0 starting"); - remove_pid_file(); -@@ -122,6 +125,8 @@ int main() { - - write_pid_file(); - -+ ALOGI("Netd started in %dms", static_cast(s.timeTaken())); -+ - IPCThreadState::self()->joinThreadPool(); - - ALOGI("Netd exiting"); diff --git a/Patches/LineageOS-14.1/android_system_netd/264572.patch b/Patches/LineageOS-14.1/android_system_netd/264572.patch deleted file mode 100644 index b53b2732..00000000 --- a/Patches/LineageOS-14.1/android_system_netd/264572.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 0dfec203ee3b024ab9ff3d7d5c40c2cdf2db81e2 Mon Sep 17 00:00:00 2001 -From: Chih-Hung Hsieh -Date: Fri, 6 May 2016 10:36:13 -0700 -Subject: [PATCH] Fix google-explicit-constructor warnings. - -Bug: 28341362 -Change-Id: Idadc9ad22fdd9d014c8fe0522c89b6ec9d05ae98 ---- - tests/binder_test.cpp | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tests/binder_test.cpp b/tests/binder_test.cpp -index dcaf2302..1018e00e 100644 ---- a/tests/binder_test.cpp -+++ b/tests/binder_test.cpp -@@ -105,7 +105,7 @@ char BinderTest::sDstStr[INET6_ADDRSTRLEN]; - - class TimedOperation : public Stopwatch { - public: -- TimedOperation(std::string name): mName(name) {} -+ explicit TimedOperation(const std::string &name): mName(name) {} - virtual ~TimedOperation() { - fprintf(stderr, " %s: %6.1f ms\n", mName.c_str(), timeTaken()); - } diff --git a/Patches/LineageOS-14.1/android_system_netd/264573.patch b/Patches/LineageOS-14.1/android_system_netd/264573.patch deleted file mode 100644 index 36e9c890..00000000 --- a/Patches/LineageOS-14.1/android_system_netd/264573.patch +++ /dev/null @@ -1,46 +0,0 @@ -From b5c3fe8fac846e9e586f2c0454c1036099adaf27 Mon Sep 17 00:00:00 2001 -From: Thurston Hou Yeen Dang -Date: Wed, 1 Jun 2016 11:02:29 -0700 -Subject: [PATCH] Unsigned integer overflow sanitization for netd/server - -Enable unsigned-integer-overflow sanitization for netd/server -(libnetdaidl, netd, ndc). - -This does not cause any aborts on CtsNetTestCases (includes -android.net.cts.VpnServiceTest), CtsNetTestCasesLegacyApi22, and -CtsNetTestCasesLegacyPermission22. -(Some tests are finicky and need to be re-run individually to pass; there is similar behavior on the unsanitized build.) - -Change-Id: I021bae3cf20df7669822977d3221a44f207614a8 ---- - server/Android.mk | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/server/Android.mk b/server/Android.mk -index 04b626f0..0c848e54 100644 ---- a/server/Android.mk -+++ b/server/Android.mk -@@ -21,6 +21,7 @@ include $(CLEAR_VARS) - - LOCAL_CFLAGS := -Wall -Werror - LOCAL_CLANG := true -+LOCAL_SANITIZE := unsigned-integer-overflow - LOCAL_MODULE := libnetdaidl - LOCAL_SHARED_LIBRARIES := \ - libbinder \ -@@ -47,6 +48,7 @@ LOCAL_C_INCLUDES := \ - - LOCAL_CLANG := true - LOCAL_CPPFLAGS := -std=c++11 -Wall -Werror -+LOCAL_SANITIZE := unsigned-integer-overflow - LOCAL_MODULE := netd - - LOCAL_INIT_RC := netd.rc -@@ -134,6 +136,7 @@ include $(BUILD_EXECUTABLE) - include $(CLEAR_VARS) - - LOCAL_CFLAGS := -Wall -Werror -+LOCAL_SANITIZE := unsigned-integer-overflow - LOCAL_CLANG := true - LOCAL_MODULE := ndc - LOCAL_SHARED_LIBRARIES := libcutils diff --git a/PrebuiltApps b/PrebuiltApps index 6a941364..fb703e0d 160000 --- a/PrebuiltApps +++ b/PrebuiltApps @@ -1 +1 @@ -Subproject commit 6a941364ec6493da24247389bbf0745fb090b7d3 +Subproject commit fb703e0dadecfe2681f5ebf3c43ca74a0bfa34e4 diff --git a/Scripts/LineageOS-14.1/Functions.sh b/Scripts/LineageOS-14.1/Functions.sh index f93dd27b..b8471161 100644 --- a/Scripts/LineageOS-14.1/Functions.sh +++ b/Scripts/LineageOS-14.1/Functions.sh @@ -124,8 +124,6 @@ patchWorkspace() { source build/envsetup.sh; repopick -it n_asb_09-2018-qcom; #TODO: move in tree #repopick -it bt-sbc-hd-dualchannel-nougat; - repopick -it tzdb2021a_N; - repopick -it n-asb-2021-03; export DOS_GRAPHENE_MALLOC=false; #patches apply, compile fails diff --git a/Scripts/LineageOS-14.1/Patch.sh b/Scripts/LineageOS-14.1/Patch.sh index b05e447a..e8dbc270 100644 --- a/Scripts/LineageOS-14.1/Patch.sh +++ b/Scripts/LineageOS-14.1/Patch.sh @@ -77,7 +77,7 @@ patch -p1 < "$DOS_PATCHES/android_device_qcom_sepolicy/248649.patch"; #msm_irqba patch -p1 < "$DOS_PATCHES/android_device_qcom_sepolicy/0001-Camera_Fix.patch"; #Fix camera on user builds XXX: REMOVE THIS TRASH enterAndClear "external/chromium-webview"; -git pull "https://github.com/LineageOS/android_external_chromium-webview" refs/changes/30/304330/1; #update webview +git pull "https://github.com/LineageOS/android_external_chromium-webview" refs/changes/88/305088/1; #update webview enterAndClear "external/sqlite"; patch -p1 < "$DOS_PATCHES/android_external_sqlite/0001-Secure_Delete.patch"; #Enable secure_delete by default (AndroidHardening-13.0) @@ -206,9 +206,6 @@ git revert --no-edit 0217dddeb5c16903c13ff6c75213619b79ea622b d7aa1231b6a0631f50 patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden.patch"; #Harden mounts with nodev/noexec/nosuid + misc sysfs changes (GrapheneOS) if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_system_core/0001-HM-Increase_vm_mmc.patch"; fi; #(GrapheneOS) -enterAndClear "system/netd"; -git am $DOS_PATCHES/android_system_netd/*.patch; #n-netd - enterAndClear "system/sepolicy"; patch -p1 < "$DOS_PATCHES/android_system_sepolicy/248600.patch"; #restrict access to timing information in /proc patch -p1 < "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch"; #Fix -user builds for LGE devices diff --git a/Scripts/LineageOS-15.1/Functions.sh b/Scripts/LineageOS-15.1/Functions.sh index 6d5d1e19..a041c905 100644 --- a/Scripts/LineageOS-15.1/Functions.sh +++ b/Scripts/LineageOS-15.1/Functions.sh @@ -115,8 +115,7 @@ export -f buildAll; patchWorkspace() { if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi; - source build/envsetup.sh; - repopick -it O_asb_2021-03; + #source build/envsetup.sh; export DOS_GRAPHENE_MALLOC=false; #patches apply, compile fails diff --git a/Scripts/LineageOS-15.1/Patch.sh b/Scripts/LineageOS-15.1/Patch.sh index 588f2f7f..b30e01fc 100644 --- a/Scripts/LineageOS-15.1/Patch.sh +++ b/Scripts/LineageOS-15.1/Patch.sh @@ -79,10 +79,7 @@ enterAndClear "device/qcom/sepolicy"; patch -p1 < "$DOS_PATCHES/android_device_qcom_sepolicy/0001-Camera_Fix.patch"; #Fix camera on -user builds XXX: REMOVE THIS TRASH enterAndClear "external/chromium-webview"; -git pull "https://github.com/LineageOS/android_external_chromium-webview" refs/changes/30/304330/1; #update webview - -enterAndClear "external/dnsmasq"; -git pull "https://github.com/LineageOS/android_external_dnsmasq" refs/changes/10/305010/1; #O_asb_2021-03 +git pull "https://github.com/LineageOS/android_external_chromium-webview" refs/changes/88/305088/1; #update webview enterAndClear "external/svox"; git revert --no-edit 1419d63b4889a26d22443fd8df1f9073bf229d3d; #Add back Makefiles diff --git a/Scripts/LineageOS-16.0/Functions.sh b/Scripts/LineageOS-16.0/Functions.sh index ff408706..ee434405 100644 --- a/Scripts/LineageOS-16.0/Functions.sh +++ b/Scripts/LineageOS-16.0/Functions.sh @@ -132,9 +132,8 @@ export -f buildAll; patchWorkspace() { if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi; - source build/envsetup.sh; + #source build/envsetup.sh; #repopick -it pie-firewall; - repopick -it P_asb_2021-03; source "$DOS_SCRIPTS/Patch.sh"; source "$DOS_SCRIPTS_COMMON/Copy_Keys.sh"; diff --git a/Scripts/LineageOS-16.0/Patch.sh b/Scripts/LineageOS-16.0/Patch.sh index 86e623a1..25abc391 100644 --- a/Scripts/LineageOS-16.0/Patch.sh +++ b/Scripts/LineageOS-16.0/Patch.sh @@ -78,10 +78,7 @@ patch -p1 < "$DOS_PATCHES/android_device_qcom_sepolicy-legacy/0001-Camera_Fix.pa echo "SELINUX_IGNORE_NEVERALLOWS := true" >> sepolicy.mk; #necessary for -user builds of legacy devices enterAndClear "external/chromium-webview"; -git pull "https://github.com/LineageOS/android_external_chromium-webview" refs/changes/30/304330/1; #update webview - -enterAndClear "external/dnsmasq"; -git pull "https://github.com/LineageOS/android_external_dnsmasq" refs/changes/00/305000/1; #P_asb_2021-03 +git pull "https://github.com/LineageOS/android_external_chromium-webview" refs/changes/88/305088/1; #update webview enterAndClear "external/svox"; git revert --no-edit 1419d63b4889a26d22443fd8df1f9073bf229d3d; #Add back Makefiles @@ -189,9 +186,6 @@ git revert --no-edit 99564aaf0417c9ddf7d6aeb10d326e5b24fa8f55; patch -p1 < "$DOS_PATCHES/android_packages_services_Telephony/0001-PREREQ_Handle_All_Modes.patch"; patch -p1 < "$DOS_PATCHES/android_packages_services_Telephony/0002-More_Preferred_Network_Modes.patch"; -enterAndClear "system/connectivity/wificond"; -git pull "https://github.com/LineageOS/android_system_connectivity_wificond" refs/changes/08/305008/1; #P_asb_2021-03 - enterAndClear "system/core"; if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file git revert --no-edit b3609d82999d23634c5e6db706a3ecbc5348309a; #Always update recovery diff --git a/Scripts/LineageOS-17.1/Functions.sh b/Scripts/LineageOS-17.1/Functions.sh index c2c17d56..1ad9e4e9 100644 --- a/Scripts/LineageOS-17.1/Functions.sh +++ b/Scripts/LineageOS-17.1/Functions.sh @@ -130,9 +130,8 @@ export -f buildAll; patchWorkspace() { if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi; - source build/envsetup.sh; + #source build/envsetup.sh; #repopick -it ten-firewall; - repopick -it Q_asb_2021-03; source "$DOS_SCRIPTS/Patch.sh"; source "$DOS_SCRIPTS_COMMON/Copy_Keys.sh"; diff --git a/Scripts/LineageOS-17.1/Patch.sh b/Scripts/LineageOS-17.1/Patch.sh index ca9efae2..de07497a 100644 --- a/Scripts/LineageOS-17.1/Patch.sh +++ b/Scripts/LineageOS-17.1/Patch.sh @@ -76,10 +76,7 @@ patch -p1 < "$DOS_PATCHES/android_device_qcom_sepolicy-legacy/0001-Camera_Fix.pa echo "SELINUX_IGNORE_NEVERALLOWS := true" >> sepolicy.mk; #necessary for -user builds of legacy devices enterAndClear "external/chromium-webview"; -git pull "https://github.com/LineageOS/android_external_chromium-webview" refs/changes/30/304330/1; #update webview - -enterAndClear "external/dnsmasq"; -git pull "https://github.com/LineageOS/android_external_dnsmasq" refs/changes/66/304966/1; #Q_asb_2021-03 +git pull "https://github.com/LineageOS/android_external_chromium-webview" refs/changes/88/305088/1; #update webview enterAndClear "external/svox"; git revert --no-edit 1419d63b4889a26d22443fd8df1f9073bf229d3d; #Add back Makefiles @@ -87,10 +84,6 @@ sed -i '12iLOCAL_SDK_VERSION := current' pico/Android.mk; #Fix build under Pie sed -i 's/about to delete/unable to delete/' pico/src/com/svox/pico/LangPackUninstaller.java; awk -i inplace '!/deletePackage/' pico/src/com/svox/pico/LangPackUninstaller.java; -enterAndClear "external/v8"; -git pull "https://github.com/LineageOS/android_external_v8" refs/changes/70/304970/1; #Q_asb_2021-03 -git pull "https://github.com/LineageOS/android_external_v8" refs/changes/71/304971/1; - enterAndClear "frameworks/av"; if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_av/0001-HM_A2DP_Fix.patch"; fi; #(GrapheneOS) @@ -193,9 +186,6 @@ patch -p1 < "$DOS_PATCHES_COMMON/android_packages_inputmethods_LatinIME/0001-Voi #patch -p1 < "$DOS_PATCHES/android_packages_services_Telephony/0001-PREREQ_Handle_All_Modes.patch"; #XXX 17REBASE #patch -p1 < "$DOS_PATCHES/android_packages_services_Telephony/0002-More_Preferred_Network_Modes.patch"; #XXX 17REBASE -enterAndClear "system/connectivity/wificond"; -git pull "https://github.com/LineageOS/android_system_connectivity_wificond" refs/changes/75/304975/1; #Q_asb_2021-03 - enterAndClear "system/core"; if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file git revert --no-edit 3032c7aa5ce90c0ae9c08fe271052c6e0304a1e7 01266f589e6deaef30b782531ae14435cdd2f18e; #insanity @@ -214,9 +204,6 @@ patch -p1 < "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch" --direct patch -p1 < "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch" --directory="prebuilts/api/26.0"; awk -i inplace '!/true cannot be used in user builds/' Android.mk; #Allow ignoring neverallows under -user -enterAndClear "system/tools/hidl"; -git pull "https://github.com/LineageOS/android_system_tools_hidl" refs/changes/76/304976/1; #Q_asb_2021-03 - enterAndClear "system/update_engine"; git revert --no-edit c68499e3ff10f2a31f913e14f66aafb4ed94d42d; #Do not skip payload signature verification @@ -334,6 +321,9 @@ echo "allow hal_gnss_default ssr_device:chr_file { open read };" >> sepolicy/com enterAndClear "device/zuk/msm8996-common"; awk -i inplace '!/WfdCommon/' msm8996.mk; #fix breakage +enterAndClear "kernel/essential/msm8998"; +awk -i inplace '!/SECTOR_SIZE 512/' drivers/md/dm-req-crypt.c; #fixup 4.4.0258-0259.patch + enterAndClear "kernel/google/marlin"; git revert --no-edit dd4a454f080f60cc7c4f5cc281a48cba80947baf; #Resurrect dm-verity