mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-09-27 19:56:32 +00:00
Many changes
- Remove broken/permissive devices - Notify user when location is requested via SUPL - 15.1: skia cherrypicks for Feb ASB - 15.1: recovery: change selected text color
This commit is contained in:
Tad
parent
9178760d1a
commit
a7a4e869fd
@ -211,14 +211,6 @@
|
||||
<project path="device/oneplus/bacon" name="LineageOS/android_device_oneplus_bacon" remote="github" />
|
||||
<project path="kernel/oneplus/msm8974" name="LineageOS/android_kernel_oneplus_msm8974" remote="github" />
|
||||
|
||||
<!-- Planet Gemini PDA (geminipda) -->
|
||||
<project path="device/planet/geminipda" name="lineage-geminipda/android_device_planet_geminipda" remote="github" />
|
||||
<project path="kernel/planet/mt6797" name="lineage-geminipda/android_kernel_planet_mt6797" remote="github" />
|
||||
|
||||
<!-- Raspberry Pi 3 (rpi3) -->
|
||||
<project path="device/brcm/rpi3" name="lineage-rpi/android_device_brcm_rpi3" remote="github" />
|
||||
<project path="kernel/brcm/rpi3" name="lineage-rpi/android_kernel_brcm_rpi3" remote="github" />
|
||||
|
||||
<!-- Samsung Common -->
|
||||
<project path="device/samsung/qcom-common" name="LineageOS/android_device_samsung_qcom-common" remote="github" />
|
||||
<project path="device/samsung/smdk4412-common" name="LineageOS/android_device_samsung_smdk4412-common" remote="github" />
|
||||
|
||||
@ -188,18 +188,10 @@
|
||||
<project path="device/oppo/msm8974-common" name="LineageOS/android_device_oppo_msm8974-common" remote="github" />
|
||||
<project path="kernel/oppo/msm8974" name="LineageOS/android_kernel_oppo_msm8974" remote="github" />
|
||||
|
||||
<!-- Raspberry Pi 3 (rpi3) -->
|
||||
<project path="device/brcm/rpi3" name="lineage-rpi/android_device_brcm_rpi3" remote="github" />
|
||||
<project path="kernel/brcm/rpi3" name="lineage-rpi/android_kernel_brcm_rpi3" remote="github" />
|
||||
|
||||
<!-- Samsung Common -->
|
||||
<project path="device/samsung/qcom-common" name="LineageOS/android_device_samsung_qcom-common" remote="github" />
|
||||
<project path="hardware/samsung" name="LineageOS/android_hardware_samsung" remote="github" />
|
||||
|
||||
<!-- Samsung Galaxy S4 (jfltexx) -->
|
||||
<project path="device/samsung/jf-common" name="LineageOS/android_device_samsung_jf-common" remote="github" />
|
||||
<project path="kernel/samsung/jf" name="LineageOS/android_kernel_samsung_jf" remote="github" />
|
||||
|
||||
<!-- Samsung Galaxy S5 (klte) -->
|
||||
<project path="device/samsung/klte" name="LineageOS/android_device_samsung_klte" remote="github" />
|
||||
<project path="device/samsung/klte-common" name="LineageOS/android_device_samsung_klte-common" remote="github" />
|
||||
|
||||
@ -1,29 +0,0 @@
|
||||
#!/bin/bash
|
||||
cd "$DOS_BUILD_BASE""kernel/brcm/rpi3"
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.4/4.4.0148-0149.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.4/4.4.0149-0150.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.4/4.4.0150-0151.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.4/4.4.0151-0152.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.4/4.4.0152-0153.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0016.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0020.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9892/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9900/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8839/ANY/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8944/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-1583/ANY/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6683/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0537/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0627/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0749/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13218/4.4/0018.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13293/4.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0009.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-3575/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5848/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9415/ANY/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
|
||||
editKernelLocalversion "-dos.p25"
|
||||
cd "$DOS_BUILD_BASE"
|
||||
@ -1,111 +0,0 @@
|
||||
#!/bin/bash
|
||||
cd "$DOS_BUILD_BASE""kernel/planet/mt6797"
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0003-syskaller-Misc/ANY/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0003-syskaller-Misc/ANY/0009.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0003-syskaller-Misc/ANY/0010.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0003-syskaller-Misc/ANY/0011.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0021.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0022.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0023.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0025.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0026.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0027.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0028.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0031.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0032.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0033.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0034.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0035.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0036.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0041.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0043.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0045.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0046.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0050.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0011.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0012.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0013.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9892/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9940/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-2041/^3.19/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7515/^4.4/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8962/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-9004/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-9016/3.18/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-10088/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2549/^4.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3775/3.18/0004.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3857/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6828/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-7042/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-7117/^4.5/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8399/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8405/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9191/3.11-^4.8/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9604/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-GadgetFS/ANY/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-GadgetFS/ANY/0006.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-GadgetFS/ANY/0007.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-GadgetFS/ANY/0008.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-GadgetFS/ANY/0009.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-GadgetFS/ANY/0010.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0510/3.18/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0523/3.18/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0710/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0794/3.18/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0866/3.18/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000251/ANY/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000365/3.18/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000380/^4.11/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000410/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11089/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11090/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11473/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13307/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15858/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15868/3.18/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16526/^4.13/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16532/^4.13/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16537/^4.13/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16538/^4.13/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16538/^4.13/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16645/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16646/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16650/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0005.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0009.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17558/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-2671/^4.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-5669/^4.9/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-5972/ANY/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-5986/^4.9/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6345/^4.9/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6346/3.18/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6348/^4.9/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6353/^4.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7472/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7618/^4.10/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9242/^4.11/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9698/3.18/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10876/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10876/ANY/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10881/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10883/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-1092/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9363/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9415/ANY/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9416/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9439/ANY/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9516/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9518/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/Untracked-01/ANY/0002-ozwpan-Use-unsigned-ints-to-prevent-heap-overflow.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/Untracked-01/ANY/0003-tunnels-Don-t-apply-GRO-to-multiple-layers-of-encaps.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/Untracked-01/ANY/0004-net-add-recursion-limit-to-GRO.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/Untracked-01/ANY/0005-tcp-fix-zero-cwnd-in-tcp_cwnd_reduction.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/Untracked-01/ANY/0008-nfsd-check-for-oversized-NFSv2-v3-arguments.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
|
||||
editKernelLocalversion "-dos.p107"
|
||||
cd "$DOS_BUILD_BASE"
|
||||
@ -18,7 +18,7 @@
|
||||
#Last verified: 2018-04-27
|
||||
|
||||
patchAllKernels() {
|
||||
startPatcher "kernel_amazon_hdx-common kernel_asus_fugu kernel_asus_grouper kernel_asus_msm8916 kernel_brcm_rpi3 kernel_fairphone_msm8974 kernel_google_dragon kernel_google_marlin kernel_google_msm kernel_huawei_angler kernel_htc_msm8974 kernel_htc_msm8994 kernel_lge_bullhead kernel_lge_g3 kernel_lge_hammerhead kernel_lge_mako kernel_lge_msm8974 kernel_lge_msm8992 kernel_lge_msm8996 kernel_motorola_msm8916 kernel_motorola_msm8974 kernel_motorola_msm8992 kernel_motorola_msm8996 kernel_nextbit_msm8992 kernel_oneplus_msm8974 kernel_planet_mt6797 kernel_samsung_jf kernel_samsung_manta kernel_samsung_msm8974 kernel_samsung_smdk4412 kernel_samsung_tuna kernel_samsung_universal8890";
|
||||
startPatcher "kernel_amazon_hdx-common kernel_asus_fugu kernel_asus_grouper kernel_asus_msm8916 kernel_fairphone_msm8974 kernel_google_dragon kernel_google_marlin kernel_google_msm kernel_huawei_angler kernel_htc_msm8974 kernel_htc_msm8994 kernel_lge_bullhead kernel_lge_g3 kernel_lge_hammerhead kernel_lge_mako kernel_lge_msm8974 kernel_lge_msm8992 kernel_lge_msm8996 kernel_motorola_msm8916 kernel_motorola_msm8974 kernel_motorola_msm8992 kernel_motorola_msm8996 kernel_nextbit_msm8992 kernel_oneplus_msm8974 kernel_samsung_jf kernel_samsung_manta kernel_samsung_msm8974 kernel_samsung_smdk4412 kernel_samsung_tuna kernel_samsung_universal8890";
|
||||
}
|
||||
export -f patchAllKernels;
|
||||
|
||||
@ -49,12 +49,10 @@ export -f buildDeviceDebug;
|
||||
buildAll() {
|
||||
if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanWorkspaceForMalware; fi;
|
||||
#Select devices are userdebug due to SELinux policy issues
|
||||
#TODO: Add athene, pme, t0lte, hlte, sumire, dogo, espresso
|
||||
brunch lineage_clark-user;
|
||||
brunch lineage_maguro-user; #deprecated
|
||||
brunch lineage_thor-userdebug; #deprecated
|
||||
brunch lineage_grouper-user; #deprecated and needs manual patching (one-repo vendor blob patch)
|
||||
#brunch lineage_geminipda-userdebug; #permissive and needs synced proprietary-files.txt
|
||||
brunch lineage_h815-user; #deprecated
|
||||
brunch lineage_herolte-user; #deprecated
|
||||
brunch lineage_himaul-user; #deprecated
|
||||
@ -86,7 +84,6 @@ buildAll() {
|
||||
#brunch lineage_m8-user;
|
||||
#brunch lineage_mako-user;
|
||||
#brunch lineage_marlin-user;
|
||||
#brunch lineage_rpi3-user;
|
||||
#brunch lineage_sailfish-user;
|
||||
#brunch lineage_shamu-user;
|
||||
#brunch lineage_us996-user;
|
||||
|
||||
@ -80,6 +80,7 @@ enterAndClear "frameworks/base";
|
||||
hardenLocationFWB "$DOS_BUILD_BASE";
|
||||
git revert 0326bb5e41219cf502727c3aa44ebf2daa19a5b3; #re-enable doze on devices without gms
|
||||
sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox
|
||||
sed -i 's/(notif.needNotify)/(true)/' location/java/com/android/internal/location/GpsNetInitiatedHandler.java; #Notify user when location is requested via SUPL
|
||||
patch -p1 < "$DOS_PATCHES/android_frameworks_base/0001-Reduced_Resolution.patch"; #Allow reducing resolution to save power TODO: Add 800x480
|
||||
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_base/0003-Signature_Spoofing.patch"; fi; #Allow packages to spoof their signature (microG)
|
||||
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_base/0005-Harden_Sig_Spoofing.patch"; fi; #Restrict signature spoofing to system apps signed with the platform key
|
||||
|
||||
@ -1,19 +0,0 @@
|
||||
#!/bin/bash
|
||||
cd "$DOS_BUILD_BASE""kernel/brcm/rpi3"
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0003-syskaller-Misc/ANY/0008.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9892/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9900/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8944/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-1583/ANY/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3140/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4578/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0537/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0627/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-3575/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5848/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9415/ANY/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
|
||||
editKernelLocalversion "-dos.p15"
|
||||
cd "$DOS_BUILD_BASE"
|
||||
@ -1,115 +0,0 @@
|
||||
#!/bin/bash
|
||||
cd "$DOS_BUILD_BASE""kernel/motorola/msm8992"
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0004-No_dir-relax.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0005.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0006.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0007.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0008.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0009.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0010.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0011.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0013.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0014.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0015.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0016.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0017.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0018.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0011.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0012.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9904/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6672/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6693/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8394/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0648/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0861/3.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0862/3.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000410/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11473/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11600/3.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13163/3.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13168/3.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13216/3.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13218/3.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13218/3.10/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13218/3.10/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13218/3.10/0004.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13245/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13246/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13305/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15837/ANY/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16526/^4.13/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16531/^4.13/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16532/^4.13/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16533/^4.13/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16534/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16535/^4.13/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16537/^4.13/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16538/^4.13/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16538/^4.13/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16643/3.5+/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16645/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16650/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16939/3.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17558/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17762/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17806/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18153/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18306/3.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6345/^4.9/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7533/3.10/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7533/3.10/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8243/3.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8281/3.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8281/3.10/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9711/3.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9723/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-1068/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10877/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10879/3.10/0004.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10880/3.10/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10881/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10882/3.10/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10883/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-1092/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11265/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11273/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11286/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11832/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11919/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11987/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-12011/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-13913/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-14634/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-3563/3.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-3584/ANY/0001.patch
|
||||
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-3585/3.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-3597/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5390/3.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5390/3.10/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5825/3.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5858/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5864/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5897/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5897/ANY/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5904/3.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5908/3.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9383/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9389/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9416/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9439/ANY/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9514/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9515/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9516/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9518/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/LVT-2017-0003/3.10/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6693/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
|
||||
editKernelLocalversion "-dos.p111"
|
||||
cd "$DOS_BUILD_BASE"
|
||||
@ -18,7 +18,7 @@
|
||||
#Last verified: 2018-04-27
|
||||
|
||||
patchAllKernels() {
|
||||
startPatcher "kernel_asus_fugu kernel_brcm_rpi3 kernel_essential_msm8998 kernel_fairphone_msm8974 kernel_google_dragon kernel_google_marlin kernel_google_msm kernel_htc_flounder kernel_htc_msm8974 kernel_huawei_angler kernel_lge_bullhead kernel_lge_g3 kernel_lge_hammerhead kernel_lge_mako kernel_lge_msm8974 kernel_lge_msm8996 kernel_moto_shamu kernel_motorola_msm8974 kernel_motorola_msm8992 kernel_motorola_msm8996 kernel_nextbit_msm8992 kernel_oppo_msm8974 kernel_samsung_jf kernel_samsung_msm8974 kernel_samsung_universal9810";
|
||||
startPatcher "kernel_asus_fugu kernel_essential_msm8998 kernel_fairphone_msm8974 kernel_google_dragon kernel_google_marlin kernel_google_msm kernel_htc_flounder kernel_htc_msm8974 kernel_huawei_angler kernel_lge_bullhead kernel_lge_g3 kernel_lge_hammerhead kernel_lge_mako kernel_lge_msm8974 kernel_lge_msm8996 kernel_moto_shamu kernel_motorola_msm8974 kernel_motorola_msm8996 kernel_nextbit_msm8992 kernel_oppo_msm8974 kernel_samsung_msm8974 kernel_samsung_universal9810";
|
||||
}
|
||||
export -f patchAllKernels;
|
||||
|
||||
@ -48,13 +48,11 @@ export -f buildDeviceDebug;
|
||||
|
||||
buildAll() {
|
||||
if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanWorkspaceForMalware; fi;
|
||||
#TODO: hiae
|
||||
brunch lineage_mako-user;
|
||||
brunch lineage_d852-user;
|
||||
brunch lineage_bacon-user;
|
||||
brunch lineage_angler-user;
|
||||
brunch lineage_bullhead-user;
|
||||
#brunch lineage_clark-userdebug; #permissive and needs manual patching (fwb xml: fused: dangling tag)
|
||||
brunch lineage_d802-user;
|
||||
brunch lineage_d855-user;
|
||||
brunch lineage_dragon-user;
|
||||
@ -66,12 +64,10 @@ buildAll() {
|
||||
brunch lineage_griffin-user;
|
||||
brunch lineage_h850-user;
|
||||
brunch lineage_hammerhead-user;
|
||||
#brunch lineage_jfltexx-user; #still in bringup
|
||||
brunch lineage_klte-user; #broken
|
||||
brunch lineage_m8-user;
|
||||
brunch lineage_marlin-user;
|
||||
brunch lineage_mata-user;
|
||||
#brunch lineage_rpi3-user; #needs testing and special handling
|
||||
brunch lineage_sailfish-user;
|
||||
brunch lineage_shamu-user; #broken - needs synced proprietary-files.txt
|
||||
brunch lineage_starlte-user; #broken - device/samsung/universal9810-common/audio: MODULE.TARGET.SHARED_LIBRARIES.libshim_audio_32 already defined by device/samsung/star-common/audio
|
||||
|
||||
@ -67,7 +67,7 @@ patch -p1 < "$DOS_PATCHES/android_build/0001-Automated_Build_Signing.patch"; #Au
|
||||
awk -i inplace '!/PRODUCT_EXTRA_RECOVERY_KEYS/' core/product.mk;
|
||||
sed -i '57i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk;
|
||||
|
||||
enterAndClear "device/lineage/sepolicy";
|
||||
enterAndClear "device/lineage/sepolicy"; #XXX: TEMPORARY for O_asb_2019-02
|
||||
git revert 9c28a0dfb91bb468515e123b1aaf3fcfc007b82f; #neverallow violation - breaks backuptool
|
||||
git revert f1ad32105599a0b71702f840b2deeb6849f1ae80; #neverallow violation - breaks addons
|
||||
git revert c9b0d95630b82cd0ad1a0fc633c6d59c2cb8aad7 37422f7df389f3ae5a34ee3d6dd9354217f9c536; #neverallow violation - breaks update_engine
|
||||
@ -75,6 +75,11 @@ git revert c9b0d95630b82cd0ad1a0fc633c6d59c2cb8aad7 37422f7df389f3ae5a34ee3d6dd9
|
||||
enterAndClear "device/qcom/sepolicy";
|
||||
patch -p1 < "$DOS_PATCHES/android_device_qcom_sepolicy/0001-Camera_Fix.patch"; #Fix camera on -user builds XXX: REMOVE THIS TRASH
|
||||
|
||||
enter "external/skia";
|
||||
git fetch https://github.com/LineageOS/android_external_skia refs/changes/18/240818/1 && git cherry-pick FETCH_HEAD
|
||||
git fetch https://github.com/LineageOS/android_external_skia refs/changes/17/240817/1 && git cherry-pick FETCH_HEAD
|
||||
git fetch https://github.com/LineageOS/android_external_skia refs/changes/16/240816/1 && git cherry-pick FETCH_HEAD
|
||||
|
||||
enterAndClear "external/svox";
|
||||
git revert 1419d63b4889a26d22443fd8df1f9073bf229d3d; #Add back Makefiles
|
||||
|
||||
@ -82,6 +87,7 @@ enterAndClear "frameworks/base";
|
||||
hardenLocationFWB "$DOS_BUILD_BASE";
|
||||
#git revert https://review.lineageos.org/#/c/202875/ #re-enable doze on devices without gms
|
||||
sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox
|
||||
sed -i 's/(notif.needNotify)/(true)/' location/java/com/android/internal/location/GpsNetInitiatedHandler.java; #Notify user when location is requested via SUPL
|
||||
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_base/0002-Signature_Spoofing.patch"; fi; #Allow packages to spoof their signature (microG)
|
||||
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_base/0003-Harden_Sig_Spoofing.patch"; fi; #Restrict signature spoofing to system apps signed with the platform key
|
||||
changeDefaultDNS;
|
||||
@ -190,9 +196,6 @@ enterAndClear "device/lge/mako";
|
||||
echo "allow kickstart usbfs:dir search;" >> sepolicy/kickstart.te; #Fix forceencrypt on first boot
|
||||
#patch -p1 < "$DOS_PATCHES/android_device_lge_mako/0001-Enable_LTE.patch"; #LTE offers enhanced crypto, however the leaked modem is 3 years insecure and eats battery
|
||||
|
||||
enterAndClear "device/motorola/clark";
|
||||
rm setup-makefiles.sh;
|
||||
|
||||
enterAndClear "device/oppo/msm8974-common";
|
||||
sed -i "s/TZ.BF.2.0-2.0.0134/TZ.BF.2.0-2.0.0134|TZ.BF.2.0-2.0.0137/" board-info.txt; #Suport new TZ firmware https://review.lineageos.org/#/c/178999/
|
||||
|
||||
|
||||
@ -26,7 +26,7 @@ patch -p1 < "$DOS_PATCHES/android_bootable_recovery/0001-Remove_Logo.patch"; #Re
|
||||
rm res*/images/logo_image.png; #Remove logo images
|
||||
mogrify -format png -fill "#FF5722" -opaque "#167C80" -fuzz 10% res-*/images/*sel.png; #Recolor icons
|
||||
sed -i 's|grid_h \* 2 / 3|grid_h * 0.25|' screen_ui.cpp; #Center icons
|
||||
sed -i 's|0x16, 0x7c, 0x80|100, 34, 13|' screen_ui.cpp; #Recolor text
|
||||
sed -i 's|0x16, 0x7c, 0x80|0x03, 0xa9, 0xf4|' screen_ui.cpp; #Recolor text
|
||||
sed -i 's|Android Recovery|'"$DOS_BRANDING_NAME"' Recovery|' ./*_ui.cpp;
|
||||
sed -i 's|LineageOS|'"$DOS_BRANDING_NAME"'|' ui.cpp;
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user