mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-10-01 01:35:54 -04:00
Disable the bionic hardening patchset to fix boot issues
10+4 devices tested working with bionic hardening patches enabled but hammerhead and shamu do not boot... 2 of the patches were already found to have issues and disabled 3 other patches were ruled out: - Stop implicitly marking mappings as mergeable - Make __stack_chk_guard read-only at runtime - On 64-bit, zero the leading stack canary byte Leaves 11+1 patches remaining that need to be tested But I don't have either of the two known impacted devices. Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
parent
3207cde72e
commit
a56e3a3016
@ -1 +1 @@
|
|||||||
Subproject commit e62615b4a06b1fc7b16a49e50a292553176d9ee8
|
Subproject commit 9a960526a5d73ec6b619d4fca0d4073829916a82
|
@ -25,7 +25,6 @@ git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/00
|
|||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0036.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0036.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0041.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0041.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0043.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0043.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0045.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0046.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0046.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0050.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0050.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0018.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0018.patch
|
||||||
@ -699,5 +698,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14283/3.18/0004.patch
|
|||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/3.18/0003.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/3.18/0003.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.4/0006.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.4/0006.patch
|
||||||
editKernelLocalversion "-dos.p699"
|
editKernelLocalversion "-dos.p698"
|
||||||
cd "$DOS_BUILD_BASE"
|
cd "$DOS_BUILD_BASE"
|
||||||
|
@ -21,7 +21,6 @@ git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/00
|
|||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0036.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0036.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0037.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0037.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0041.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0041.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0045.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0050.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0050.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0018.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0018.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.9/0041.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.9/0041.patch
|
||||||
@ -662,5 +661,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14283/3.18/0004.patch
|
|||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/3.18/0003.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/3.18/0003.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.4/0006.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.4/0006.patch
|
||||||
editKernelLocalversion "-dos.p662"
|
editKernelLocalversion "-dos.p661"
|
||||||
cd "$DOS_BUILD_BASE"
|
cd "$DOS_BUILD_BASE"
|
||||||
|
@ -23,7 +23,6 @@ git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/00
|
|||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0041.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0041.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0042.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0042.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0043.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0043.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0045.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0046.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0046.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0050.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0050.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0002.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0002.patch
|
||||||
@ -551,5 +550,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14283/3.18/0004.patch
|
|||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/3.18/0003.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/3.18/0003.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.4/0006.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.4/0006.patch
|
||||||
editKernelLocalversion "-dos.p551"
|
editKernelLocalversion "-dos.p550"
|
||||||
cd "$DOS_BUILD_BASE"
|
cd "$DOS_BUILD_BASE"
|
||||||
|
@ -24,7 +24,6 @@ git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/00
|
|||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0041.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0041.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0042.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0042.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0043.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0043.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0045.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0046.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0046.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0050.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0050.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0002.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0002.patch
|
||||||
@ -641,5 +640,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/3.18/0003.patch
|
|||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-26145/qcacld-2.0/0008.patch --directory=drivers/staging/qcacld-2.0
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-26145/qcacld-2.0/0008.patch --directory=drivers/staging/qcacld-2.0
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.4/0006.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.4/0006.patch
|
||||||
editKernelLocalversion "-dos.p641"
|
editKernelLocalversion "-dos.p640"
|
||||||
cd "$DOS_BUILD_BASE"
|
cd "$DOS_BUILD_BASE"
|
||||||
|
@ -21,7 +21,6 @@ git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/00
|
|||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0041.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0041.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0042.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0042.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0043.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0043.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0045.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0046.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0046.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0050.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0050.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0002.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0002.patch
|
||||||
@ -410,5 +409,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/3.18/0003.patch
|
|||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-26145/qcacld-2.0/0008.patch --directory=drivers/staging/qcacld-2.0
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-26145/qcacld-2.0/0008.patch --directory=drivers/staging/qcacld-2.0
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.4/0006.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.4/0006.patch
|
||||||
editKernelLocalversion "-dos.p410"
|
editKernelLocalversion "-dos.p409"
|
||||||
cd "$DOS_BUILD_BASE"
|
cd "$DOS_BUILD_BASE"
|
||||||
|
@ -21,7 +21,6 @@ git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/00
|
|||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0041.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0041.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0042.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0042.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0043.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0043.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0045.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0046.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0046.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0050.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0050.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0002.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0002.patch
|
||||||
@ -410,5 +409,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/3.18/0003.patch
|
|||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-26145/qcacld-2.0/0008.patch --directory=drivers/staging/qcacld-2.0
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-26145/qcacld-2.0/0008.patch --directory=drivers/staging/qcacld-2.0
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.4/0006.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.4/0006.patch
|
||||||
editKernelLocalversion "-dos.p410"
|
editKernelLocalversion "-dos.p409"
|
||||||
cd "$DOS_BUILD_BASE"
|
cd "$DOS_BUILD_BASE"
|
||||||
|
@ -63,8 +63,8 @@ if enterAndClear "bionic"; then
|
|||||||
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then applyPatch "$DOS_PATCHES/android_bionic/0001-HM-Use_HM.patch"; fi; #(GrapheneOS)
|
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then applyPatch "$DOS_PATCHES/android_bionic/0001-HM-Use_HM.patch"; fi; #(GrapheneOS)
|
||||||
if [ "$DOS_GRAPHENE_BIONIC" = true ]; then
|
if [ "$DOS_GRAPHENE_BIONIC" = true ]; then
|
||||||
applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-1.patch"; #Add a real explicit_bzero implementation (GrapheneOS)
|
applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-1.patch"; #Add a real explicit_bzero implementation (GrapheneOS)
|
||||||
applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-2.patch"; #Replace brk and sbrk with stubs (GrapheneOS)
|
#applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-2.patch"; #Replace brk and sbrk with stubs (GrapheneOS) #XXX: some vendor blobs use sbrk
|
||||||
#applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-3.patch"; #Use blocking getrandom and avoid urandom fallback (GrapheneOS) #XXX: boot issues
|
#applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-3.patch"; #Use blocking getrandom and avoid urandom fallback (GrapheneOS) #XXX: some kernels do not have (working) getrandom
|
||||||
applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-4.patch"; #Fix undefined out-of-bounds accesses in sched.h (GrapheneOS)
|
applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-4.patch"; #Fix undefined out-of-bounds accesses in sched.h (GrapheneOS)
|
||||||
applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-5.patch"; #Stop implicitly marking mappings as mergeable (GrapheneOS)
|
applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-5.patch"; #Stop implicitly marking mappings as mergeable (GrapheneOS)
|
||||||
applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-6.patch"; #Replace VLA formatting buffer with dprintf (GrapheneOS)
|
applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-6.patch"; #Replace VLA formatting buffer with dprintf (GrapheneOS)
|
||||||
|
@ -22,7 +22,6 @@ git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/00
|
|||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0041.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0041.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0042.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0042.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0043.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0043.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0045.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0046.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0046.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0050.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0050.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0002.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0002.patch
|
||||||
@ -559,5 +558,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14283/3.18/0004.patch
|
|||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/3.18/0003.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/3.18/0003.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.4/0006.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.4/0006.patch
|
||||||
editKernelLocalversion "-dos.p559"
|
editKernelLocalversion "-dos.p558"
|
||||||
cd "$DOS_BUILD_BASE"
|
cd "$DOS_BUILD_BASE"
|
||||||
|
@ -68,8 +68,8 @@ if [ "$DOS_GRAPHENE_MALLOC" = true ]; then applyPatch "$DOS_PATCHES/android_bion
|
|||||||
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then applyPatch "$DOS_PATCHES/android_bionic/0002-Symbol_Ordering.patch"; fi; #(GrapheneOS)
|
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then applyPatch "$DOS_PATCHES/android_bionic/0002-Symbol_Ordering.patch"; fi; #(GrapheneOS)
|
||||||
if [ "$DOS_GRAPHENE_BIONIC" = true ]; then
|
if [ "$DOS_GRAPHENE_BIONIC" = true ]; then
|
||||||
applyPatch "$DOS_PATCHES/android_bionic/0003-Graphene_Bionic_Hardening-1.patch"; #Add a real explicit_bzero implementation (GrapheneOS)
|
applyPatch "$DOS_PATCHES/android_bionic/0003-Graphene_Bionic_Hardening-1.patch"; #Add a real explicit_bzero implementation (GrapheneOS)
|
||||||
applyPatch "$DOS_PATCHES/android_bionic/0003-Graphene_Bionic_Hardening-2.patch"; #Replace brk and sbrk with stubs (GrapheneOS)
|
#applyPatch "$DOS_PATCHES/android_bionic/0003-Graphene_Bionic_Hardening-2.patch"; #Replace brk and sbrk with stubs (GrapheneOS) #XXX: some vendor blobs use sbrk
|
||||||
#applyPatch "$DOS_PATCHES/android_bionic/0003-Graphene_Bionic_Hardening-3.patch"; #Use blocking getrandom and avoid urandom fallback (GrapheneOS) #XXX: boot issues
|
#applyPatch "$DOS_PATCHES/android_bionic/0003-Graphene_Bionic_Hardening-3.patch"; #Use blocking getrandom and avoid urandom fallback (GrapheneOS) #XXX: some kernels do not have (working) getrandom
|
||||||
applyPatch "$DOS_PATCHES/android_bionic/0003-Graphene_Bionic_Hardening-4.patch"; #Fix undefined out-of-bounds accesses in sched.h (GrapheneOS)
|
applyPatch "$DOS_PATCHES/android_bionic/0003-Graphene_Bionic_Hardening-4.patch"; #Fix undefined out-of-bounds accesses in sched.h (GrapheneOS)
|
||||||
applyPatch "$DOS_PATCHES/android_bionic/0003-Graphene_Bionic_Hardening-5.patch"; #Stop implicitly marking mappings as mergeable (GrapheneOS)
|
applyPatch "$DOS_PATCHES/android_bionic/0003-Graphene_Bionic_Hardening-5.patch"; #Stop implicitly marking mappings as mergeable (GrapheneOS)
|
||||||
applyPatch "$DOS_PATCHES/android_bionic/0003-Graphene_Bionic_Hardening-6.patch"; #Replace VLA formatting buffer with dprintf (GrapheneOS)
|
applyPatch "$DOS_PATCHES/android_bionic/0003-Graphene_Bionic_Hardening-6.patch"; #Replace VLA formatting buffer with dprintf (GrapheneOS)
|
||||||
|
@ -24,7 +24,6 @@ git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/00
|
|||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0042.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0042.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0043.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0043.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0044.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0044.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0045.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0046.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0046.patch
|
||||||
#git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0048.patch
|
#git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0048.patch
|
||||||
#git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0049.patch
|
#git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0049.patch
|
||||||
@ -456,5 +455,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14283/3.18/0004.patch
|
|||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/3.18/0003.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/3.18/0003.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.4/0006.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.4/0006.patch
|
||||||
editKernelLocalversion "-dos.p456"
|
editKernelLocalversion "-dos.p455"
|
||||||
cd "$DOS_BUILD_BASE"
|
cd "$DOS_BUILD_BASE"
|
||||||
|
@ -23,7 +23,6 @@ git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/00
|
|||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0041.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0041.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0042.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0042.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0043.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0043.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0045.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0046.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0046.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0050.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0050.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0002.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0002.patch
|
||||||
@ -538,5 +537,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14283/3.18/0004.patch
|
|||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/3.18/0003.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/3.18/0003.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.4/0006.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.4/0006.patch
|
||||||
editKernelLocalversion "-dos.p538"
|
editKernelLocalversion "-dos.p537"
|
||||||
cd "$DOS_BUILD_BASE"
|
cd "$DOS_BUILD_BASE"
|
||||||
|
@ -21,7 +21,6 @@ git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/00
|
|||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0041.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0041.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0042.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0042.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0043.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0043.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0045.patch
|
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0046.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0046.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0050.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0050.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0002.patch
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0002.patch
|
||||||
@ -455,5 +454,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/3.18/0003.patch
|
|||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-26145/qcacld-2.0/0008.patch --directory=drivers/staging/qcacld-2.0
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-26145/qcacld-2.0/0008.patch --directory=drivers/staging/qcacld-2.0
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch
|
||||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.4/0006.patch
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.4/0006.patch
|
||||||
editKernelLocalversion "-dos.p455"
|
editKernelLocalversion "-dos.p454"
|
||||||
cd "$DOS_BUILD_BASE"
|
cd "$DOS_BUILD_BASE"
|
||||||
|
@ -63,8 +63,8 @@ if enterAndClear "bionic"; then
|
|||||||
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then applyPatch "$DOS_PATCHES/android_bionic/0001-HM-Use_HM.patch"; fi; #(GrapheneOS)
|
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then applyPatch "$DOS_PATCHES/android_bionic/0001-HM-Use_HM.patch"; fi; #(GrapheneOS)
|
||||||
if [ "$DOS_GRAPHENE_BIONIC" = true ]; then
|
if [ "$DOS_GRAPHENE_BIONIC" = true ]; then
|
||||||
applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-1.patch"; #Add a real explicit_bzero implementation (GrapheneOS)
|
applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-1.patch"; #Add a real explicit_bzero implementation (GrapheneOS)
|
||||||
applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-2.patch"; #Replace brk and sbrk with stubs (GrapheneOS)
|
#applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-2.patch"; #Replace brk and sbrk with stubs (GrapheneOS) #XXX: some vendor blobs use sbrk
|
||||||
#applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-3.patch"; #Use blocking getrandom and avoid urandom fallback (GrapheneOS) #XXX: boot issues
|
#applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-3.patch"; #Use blocking getrandom and avoid urandom fallback (GrapheneOS) #XXX: some kernels do not have (working) getrandom
|
||||||
applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-4.patch"; #Fix undefined out-of-bounds accesses in sched.h (GrapheneOS)
|
applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-4.patch"; #Fix undefined out-of-bounds accesses in sched.h (GrapheneOS)
|
||||||
applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-5.patch"; #Stop implicitly marking mappings as mergeable (GrapheneOS)
|
applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-5.patch"; #Stop implicitly marking mappings as mergeable (GrapheneOS)
|
||||||
applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-6.patch"; #Replace VLA formatting with dprintf-like function (GrapheneOS)
|
applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-6.patch"; #Replace VLA formatting with dprintf-like function (GrapheneOS)
|
||||||
@ -450,7 +450,6 @@ fi;
|
|||||||
|
|
||||||
if enterAndClear "device/htc/msm8974-common"; then
|
if enterAndClear "device/htc/msm8974-common"; then
|
||||||
applyPatch "$DOS_PATCHES/android_device_htc_msm8974-common/295147.patch"; #Enable ZRAM
|
applyPatch "$DOS_PATCHES/android_device_htc_msm8974-common/295147.patch"; #Enable ZRAM
|
||||||
echo "MALLOC_SVELTE_FOR_LIBC32 := true" >> BoardConfigCommon.mk; #Fix video recording
|
|
||||||
fi;
|
fi;
|
||||||
|
|
||||||
if enterAndClear "device/lge/g2-common"; then
|
if enterAndClear "device/lge/g2-common"; then
|
||||||
|
@ -57,7 +57,7 @@ export DOS_DEBLOBBER_REPLACE_TIME=false; #Set true to replace Qualcomm Time Serv
|
|||||||
|
|
||||||
#Features
|
#Features
|
||||||
export DOS_GPS_GLONASS_FORCED=false; #Enables GLONASS on all devices
|
export DOS_GPS_GLONASS_FORCED=false; #Enables GLONASS on all devices
|
||||||
export DOS_GRAPHENE_BIONIC=true; #Enables the bionic hardening patchset on 16.0+17.1+18.1
|
export DOS_GRAPHENE_BIONIC=false; #Enables the bionic hardening patchset on 16.0+17.1+18.1
|
||||||
export DOS_GRAPHENE_CONSTIFY=true; #Enables 'Constify JNINativeMethod tables' patchset on 16.0+17.1+18.1
|
export DOS_GRAPHENE_CONSTIFY=true; #Enables 'Constify JNINativeMethod tables' patchset on 16.0+17.1+18.1
|
||||||
export DOS_GRAPHENE_MALLOC=true; #Enables use of GrapheneOS' hardened memory allocator on 64-bit platforms on 16.0+17.1+18.1
|
export DOS_GRAPHENE_MALLOC=true; #Enables use of GrapheneOS' hardened memory allocator on 64-bit platforms on 16.0+17.1+18.1
|
||||||
export DOS_GRAPHENE_EXEC=false; #Enables use of GrapheneOS' exec spawning feature on 16.0+17.1+18.1 XXX: breaks things like VoLTE
|
export DOS_GRAPHENE_EXEC=false; #Enables use of GrapheneOS' exec spawning feature on 16.0+17.1+18.1 XXX: breaks things like VoLTE
|
||||||
|
Loading…
Reference in New Issue
Block a user