diff --git a/Patches/Common/android_vendor_divested/packages.mk b/Patches/Common/android_vendor_divested/packages.mk index 1407f5a3..57613370 100644 --- a/Patches/Common/android_vendor_divested/packages.mk +++ b/Patches/Common/android_vendor_divested/packages.mk @@ -8,8 +8,6 @@ PRODUCT_PACKAGES += \ EtarPrebuilt \ FennecDOS \ SimpleGallery -# FairEmail \ -# VanillaMusic ifeq ($(findstring flox,$(TARGET_PRODUCT)),) PRODUCT_PACKAGES += \ diff --git a/Patches/LineageOS-14.1/android_frameworks_base/0003-Signature_Spoofing.patch b/Patches/LineageOS-14.1/android_frameworks_base/0003-Signature_Spoofing.patch deleted file mode 100644 index 2dc7bbd5..00000000 --- a/Patches/LineageOS-14.1/android_frameworks_base/0003-Signature_Spoofing.patch +++ /dev/null @@ -1,97 +0,0 @@ -From 44cda6f5e47c33e91980ae35c8bc6d88e4d3763c Mon Sep 17 00:00:00 2001 -From: be-neth -Date: Thu, 24 Nov 2016 13:01:30 -0500 -Subject: [PATCH] Allow packages to spoof their signature - -Change-Id: I9acf48c7607804890d0d0fa7fe30bb36779cb40d ---- - core/res/AndroidManifest.xml | 7 +++++++ - core/res/res/values/config.xml | 2 ++ - core/res/res/values/strings.xml | 5 +++++ - .../android/server/pm/PackageManagerService.java | 23 ++++++++++++++++++++-- - 4 files changed, 35 insertions(+), 2 deletions(-) - -diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml -index b624305..43eec1f 100644 ---- a/core/res/AndroidManifest.xml -+++ b/core/res/AndroidManifest.xml -@@ -1926,6 +1926,13 @@ - android:description="@string/permdesc_getPackageSize" - android:protectionLevel="normal" /> - -+ -+ -+ - -diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml -index 4a95f6e..702e02a 100644 ---- a/core/res/res/values/config.xml -+++ b/core/res/res/values/config.xml -@@ -1383,6 +1383,8 @@ - - - com.android.location.fused -+ -+ com.google.android.gms - - - -diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml -index 345d377..26814f1 100644 ---- a/core/res/res/values/strings.xml -+++ b/core/res/res/values/strings.xml -@@ -660,6 +660,11 @@ - - - -+ -+ Spoof package signature -+ -+ Allows the app to pretend to be a different app. Malicious applications might be able to use this to access private application data. Grant this permission with caution only! -+ - - disable or modify status bar - -diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java -index d450288..9194e69 100644 ---- a/services/core/java/com/android/server/pm/PackageManagerService.java -+++ b/services/core/java/com/android/server/pm/PackageManagerService.java -@@ -3141,8 +3141,27 @@ public class PackageManagerService extends IPackageManager.Stub { - ? Collections.emptySet() : permissionsState.getPermissions(userId); - final PackageUserState state = ps.readUserState(userId); - -- return PackageParser.generatePackageInfo(p, gids, flags, -- ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId); -+ return mayFakeSignature(p, PackageParser.generatePackageInfo(p, gids, flags, -+ ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId), -+ permissions); -+ } -+ -+ private PackageInfo mayFakeSignature(PackageParser.Package p, PackageInfo pi, -+ Set permissions) { -+ try { -+ if (permissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE") -+ && p.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1 -+ && p.mAppMetaData != null) { -+ String sig = p.mAppMetaData.getString("fake-signature"); -+ if (sig != null) { -+ pi.signatures = new Signature[] {new Signature(sig)}; -+ } -+ } -+ } catch (Throwable t) { -+ // We should never die because of any failures, this is system code! -+ Log.w("PackageManagerService.FAKE_PACKAGE_SIGNATURE", t); -+ } -+ return pi; - } - - @Override --- -2.9.3 - diff --git a/Patches/LineageOS-14.1/android_frameworks_base/0005-Harden_Sig_Spoofing.patch b/Patches/LineageOS-14.1/android_frameworks_base/0005-Harden_Sig_Spoofing.patch deleted file mode 100644 index 8d573695..00000000 --- a/Patches/LineageOS-14.1/android_frameworks_base/0005-Harden_Sig_Spoofing.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 6c9c966622adbfe0ad92ed90d90f93a782c99f02 Mon Sep 17 00:00:00 2001 -From: Tad -Date: Sun, 18 Dec 2016 19:10:20 -0500 -Subject: [PATCH] Harden signature spoofing - -Change-Id: I31e2a20923fff883c87fa6425408971657d3d7b3 ---- - core/res/AndroidManifest.xml | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml -index 486999b..182acbf 100644 ---- a/core/res/AndroidManifest.xml -+++ b/core/res/AndroidManifest.xml -@@ -1937,7 +1937,7 @@ - - - --- -2.9.3 - diff --git a/Patches/LineageOS-14.1/android_frameworks_base/0007-Connectivity.patch b/Patches/LineageOS-14.1/android_frameworks_base/0007-Connectivity.patch deleted file mode 100644 index 1e507629..00000000 --- a/Patches/LineageOS-14.1/android_frameworks_base/0007-Connectivity.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 0030bc6ef203eb6ffc1300599db1fd48d4a77f78 Mon Sep 17 00:00:00 2001 -From: Tad -Date: Tue, 8 May 2018 20:54:49 -0400 -Subject: [PATCH] Change connectivity check URLs to ours - -Change-Id: Idd9bfb4a09db763c97d0ea3aabf428176e28d48f ---- - .../java/com/android/server/connectivity/NetworkMonitor.java | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/services/core/java/com/android/server/connectivity/NetworkMonitor.java b/services/core/java/com/android/server/connectivity/NetworkMonitor.java -index 97669d242f0..2a39f90b19b 100644 ---- a/services/core/java/com/android/server/connectivity/NetworkMonitor.java -+++ b/services/core/java/com/android/server/connectivity/NetworkMonitor.java -@@ -86,9 +86,9 @@ public class NetworkMonitor extends StateMachine { - // Default configuration values for captive portal detection probes. - // TODO: append a random length parameter to the default HTTPS url. - // TODO: randomize browser version ids in the default User-Agent String. -- private static final String DEFAULT_HTTPS_URL = "https://www.google.com/generate_204"; -+ private static final String DEFAULT_HTTPS_URL = "https://divestos.org/gen204.php"; - private static final String DEFAULT_HTTP_URL = -- "http://connectivitycheck.gstatic.com/generate_204"; -+ "http://divestos.org/gen204.php"; - private static final String DEFAULT_FALLBACK_URL = "http://www.google.com/gen_204"; - private static final String DEFAULT_USER_AGENT = "Mozilla/5.0 (X11; Linux x86_64) " - + "AppleWebKit/537.36 (KHTML, like Gecko) " --- -2.17.0 - diff --git a/Patches/LineageOS-14.1/android_frameworks_base/0008-Disable_Analytics.patch b/Patches/LineageOS-14.1/android_frameworks_base/0008-Disable_Analytics.patch deleted file mode 100644 index da51b02f..00000000 --- a/Patches/LineageOS-14.1/android_frameworks_base/0008-Disable_Analytics.patch +++ /dev/null @@ -1,78 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Tad -Date: Mon, 21 May 2018 04:23:40 -0400 -Subject: [PATCH] Disable/reduce functionality of various ad/analytics - libraries - -Change-Id: I84303ee26d0232e471f44ae6eff6e41a2210e42e ---- - .../android/content/pm/PackageParser.java | 56 +++++++++++++++++++ - 1 file changed, 56 insertions(+) - -diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java -index f2e3333b67da..35073ed38d3a 100644 ---- a/core/java/android/content/pm/PackageParser.java -+++ b/core/java/android/content/pm/PackageParser.java -@@ -4465,6 +4465,62 @@ public class PackageParser { - - if (data == null) { - data = new Bundle(); -+ data.putString("acc_advertiser_id", "false"); -+ data.putString("acc_no_geoloc", "true"); -+ data.putString("acc_tracking_mode", "Restricted"); -+ data.putString("android.webkit.WebView.MetricsOptOut", "true"); -+ data.putString("AXACollectIp", "false"); -+ data.putString("batch_opted_out_by_default", "true"); -+ data.putString("CLEVERTAP_BACKGROUND_SYNC", "0"); -+ data.putString("CLEVERTAP_USE_GOOGLE_AD_ID", "0"); -+ data.putString("com.ad4screen.advertiser_id", "false"); -+ data.putString("com.ad4screen.no_geoloc", "true"); -+ data.putString("com.ad4screen.tracking_mode", "Restricted"); -+ data.putString("com.bugsnag.android.AUTO_CAPTURE_SESSIONS", "false"); -+ data.putString("com.bugsnag.android.AUTO_DETECT_ERRORS", "false"); -+ data.putString("com.bugsnag.android.AUTO_TRACK_SESSIONS", "false"); -+ data.putString("com.bugsnag.android.DETECT_ANR", "false"); -+ data.putString("com.bugsnag.android.DETECT_NDK_CRASHES", "false"); -+ data.putString("com.bugsnag.android.ENABLE_EXCEPTION_HANDLER", "false"); -+ data.putString("com.bugsnag.android.PERSIST_USER_BETWEEN_SESSIONS", "false"); -+ data.putString("com.bugsnag.android.PERSIST_USER", "false"); -+ data.putString("com.bugsnag.android.SEND_THREADS", "NEVER"); -+ data.putString("com.facebook.sdk.AdvertiserIDCollectionEnabled", "false"); -+ data.putString("com.facebook.sdk.AutoInitEnabled", "false"); -+ data.putString("com.facebook.sdk.AutoLogAppEventsEnabled", "false"); -+ data.putString("com.followanalytics.message.inapp.enable", "false"); -+ data.putString("com.followanalytics.message.push.enable", "false"); -+ data.putString("com.google.android.gms.ads.AD_MANAGER_APP", "false"); -+ data.putString("com.google.android.gms.ads.DELAY_APP_MEASUREMENT_INIT", "true"); -+ data.putString("com.mapbox.EnableEvents", "false"); -+ data.putString("com.microsoft.engagementinsights.autoCapture", "false"); -+ data.putString("com.mixpanel.android.MPConfig.AutoCheckForSurveys", "false"); -+ data.putString("com.mixpanel.android.MPConfig.AutoShowMixpanelUpdates", "false"); -+ data.putString("com.mixpanel.android.MPConfig.DisableAppOpenEvent", "true"); -+ data.putString("com.mixpanel.android.MPConfig.DisableDecideChecker", "true"); -+ data.putString("com.mixpanel.android.MPConfig.DisableExceptionHandler", "true"); -+ data.putString("com.mixpanel.android.MPConfig.DisableFallback", "true"); -+ data.putString("com.mixpanel.android.MPConfig.DisableViewCrawler", "true"); -+ data.putString("com.mixpanel.android.MPConfig.TestMode", "true"); -+ data.putString("com.mixpanel.android.MPConfig.UseIpAddressForGeolocation", "false"); -+ data.putString("com.sprooki.LOCATION_SERVICES", "disable"); -+ data.putString("com.webengage.sdk.android.location_tracking", "false"); -+ data.putString("firebase_analytics_collection_deactivated", "true"); -+ data.putString("firebase_analytics_collection_enabled", "false"); -+ data.putString("firebase_crash_collection_enabled", "false"); -+ data.putString("firebase_crashlytics_collection_enabled", "false"); -+ data.putString("firebase_performance_collection_deactivated", "true"); -+ data.putString("google_analytics_adid_collection_enabled", "false"); -+ data.putString("google_analytics_automatic_screen_reporting_enabled", "false"); -+ data.putString("google_analytics_default_allow_ad_personalization_signals", "false"); -+ data.putString("google_analytics_ssaid_collection_enabled", "false"); -+ data.putString("SMT_USE_AD_ID", "0"); -+ data.putString("tapjoy.disable_advertising_id_check", "true"); -+ data.putString("tapjoy.disable_android_id_as_analytics_id", "true"); -+ data.putString("tapjoy.disable_automatic_session_tracking", "true"); -+ data.putString("tapjoy.disable_persistent_ids", "true"); -+ data.putString("tapjoy.disable_video_offers", "true"); -+ data.putString("tnkad_tracking", "false"); - } - - String name = sa.getNonConfigurationString( diff --git a/Patches/LineageOS-15.1/android_frameworks_base/0002-Signature_Spoofing.patch b/Patches/LineageOS-15.1/android_frameworks_base/0002-Signature_Spoofing.patch deleted file mode 100644 index cc1d3385..00000000 --- a/Patches/LineageOS-15.1/android_frameworks_base/0002-Signature_Spoofing.patch +++ /dev/null @@ -1,102 +0,0 @@ -commit 4e9d677b35b9656c22c922c9abca4107ab95c9b4 -Author: Bernhard Rosenkränzer -Date: Tue Aug 29 00:34:27 2017 +0200 - - Add permission to allow an APK to fake a signature. - - This is needed by GmsCore (https://microg.org/) to pretend - the existence of the official Play Services to applications calling - Google APIs. - - Forward-ported from https://github.com/microg/android_packages_apps_GmsCore/blob/master/patches/android_frameworks_base-N.patch - - Change-Id: I603fd09200432f7e1bf997072188cdfa6da1594f - Signed-off-by: Bernhard Rosenkränzer - -diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml -index 794d4f8b78b..b3189077256 100644 ---- a/core/res/AndroidManifest.xml -+++ b/core/res/AndroidManifest.xml -@@ -2075,6 +2075,13 @@ - android:description="@string/permdesc_getPackageSize" - android:protectionLevel="normal" /> - -+ -+ -+ - -diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml -index 3613acf44aa..d1636c862c5 100644 ---- a/core/res/res/values/config.xml -+++ b/core/res/res/values/config.xml -@@ -1385,6 +1385,8 @@ - - - com.android.location.fused -+ -+ com.google.android.gms - - - -diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml -index 3eebe7eb68d..7405386cd49 100644 ---- a/core/res/res/values/strings.xml -+++ b/core/res/res/values/strings.xml -@@ -764,6 +764,10 @@ - - - -+ -+ Spoof package signature -+ -+ Allows the app to pretend to be a different app. Malicious applications might be able to use this to access private application data. Legitimate uses include an emulator pretending to be what it emulates. Grant this permission with caution only! - - disable or modify status bar - -diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java -index f36b762c5e9..048a057d39c 100644 ---- a/services/core/java/com/android/server/pm/PackageManagerService.java -+++ b/services/core/java/com/android/server/pm/PackageManagerService.java -@@ -3571,8 +3571,9 @@ public class PackageManagerService extends IPackageManager.Stub - flags |= MATCH_ANY_USER; - } - -- PackageInfo packageInfo = PackageParser.generatePackageInfo(p, gids, flags, -- ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId); -+ PackageInfo packageInfo = mayFakeSignature(p, PackageParser.generatePackageInfo(p, gids, flags, -+ ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId), -+ permissions); - - if (packageInfo == null) { - return null; -@@ -3584,6 +3585,24 @@ public class PackageManagerService extends IPackageManager.Stub - return packageInfo; - } - -+ private PackageInfo mayFakeSignature(PackageParser.Package p, PackageInfo pi, -+ Set permissions) { -+ try { -+ if (permissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE") -+ && p.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1 -+ && p.mAppMetaData != null) { -+ String sig = p.mAppMetaData.getString("fake-signature"); -+ if (sig != null) { -+ pi.signatures = new Signature[] {new Signature(sig)}; -+ } -+ } -+ } catch (Throwable t) { -+ // We should never die because of any failures, this is system code! -+ Log.w("PackageManagerService.FAKE_PACKAGE_SIGNATURE", t); -+ } -+ return pi; -+ } -+ - @Override - public void checkPackageStartable(String packageName, int userId) { - final int callingUid = Binder.getCallingUid(); diff --git a/Patches/LineageOS-15.1/android_frameworks_base/0003-Harden_Sig_Spoofing.patch b/Patches/LineageOS-15.1/android_frameworks_base/0003-Harden_Sig_Spoofing.patch deleted file mode 100644 index 0f25170a..00000000 --- a/Patches/LineageOS-15.1/android_frameworks_base/0003-Harden_Sig_Spoofing.patch +++ /dev/null @@ -1,26 +0,0 @@ -From c018c699ddaf7f9b76cf9f11cc4dc4308054cc0b Mon Sep 17 00:00:00 2001 -From: Tad -Date: Mon, 12 Feb 2018 02:55:55 -0500 -Subject: [PATCH] Harden signature spoofing - -Change-Id: I31e2a20923fff883c87fa6425408971657d3d7b3 ---- - core/res/AndroidManifest.xml | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml -index 653caaca2a6..7f547dd07ac 100644 ---- a/core/res/AndroidManifest.xml -+++ b/core/res/AndroidManifest.xml -@@ -2152,7 +2152,7 @@ - - - --- -2.16.1 - diff --git a/Patches/LineageOS-15.1/android_frameworks_base/0005-Connectivity.patch b/Patches/LineageOS-15.1/android_frameworks_base/0005-Connectivity.patch deleted file mode 100644 index 00bb1ea9..00000000 --- a/Patches/LineageOS-15.1/android_frameworks_base/0005-Connectivity.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 883366830fc3af50d2232fc0b6d885f92c5d53ce Mon Sep 17 00:00:00 2001 -From: Tad -Date: Tue, 8 May 2018 20:53:07 -0400 -Subject: [PATCH] Change connectivity check URLs to ours - -Change-Id: Idd9bfb4a09db763c97d0ea3aabf428176e28d48f ---- - .../com/android/server/connectivity/NetworkMonitor.java | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/services/core/java/com/android/server/connectivity/NetworkMonitor.java b/services/core/java/com/android/server/connectivity/NetworkMonitor.java -index d3a93542c74..32918aa3cdc 100644 ---- a/services/core/java/com/android/server/connectivity/NetworkMonitor.java -+++ b/services/core/java/com/android/server/connectivity/NetworkMonitor.java -@@ -91,12 +91,12 @@ public class NetworkMonitor extends StateMachine { - // Default configuration values for captive portal detection probes. - // TODO: append a random length parameter to the default HTTPS url. - // TODO: randomize browser version ids in the default User-Agent String. -- private static final String DEFAULT_HTTPS_URL = "https://www.google.com/generate_204"; -+ private static final String DEFAULT_HTTPS_URL = "https://divestos.org/gen204.php"; - private static final String DEFAULT_HTTP_URL = -- "http://connectivitycheck.gstatic.com/generate_204"; -- private static final String DEFAULT_FALLBACK_URL = "http://www.google.com/gen_204"; -+ "http://divestos.org/gen204.php"; -+ private static final String DEFAULT_FALLBACK_URL = "https://www.google.com/generate_204"; - private static final String DEFAULT_OTHER_FALLBACK_URLS = -- "http://play.googleapis.com/generate_204"; -+ "http://connectivitycheck.gstatic.com/generate_204"; - private static final String DEFAULT_USER_AGENT = "Mozilla/5.0 (X11; Linux x86_64) " - + "AppleWebKit/537.36 (KHTML, like Gecko) " - + "Chrome/60.0.3112.32 Safari/537.36"; --- -2.17.0 - diff --git a/Patches/LineageOS-15.1/android_frameworks_base/0006-Disable_Analytics.patch b/Patches/LineageOS-15.1/android_frameworks_base/0006-Disable_Analytics.patch deleted file mode 100644 index 74b251a5..00000000 --- a/Patches/LineageOS-15.1/android_frameworks_base/0006-Disable_Analytics.patch +++ /dev/null @@ -1,78 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Tad -Date: Mon, 21 May 2018 04:23:40 -0400 -Subject: [PATCH] Disable/reduce functionality of various ad/analytics - libraries - -Change-Id: I84303ee26d0232e471f44ae6eff6e41a2210e42e ---- - .../android/content/pm/PackageParser.java | 56 +++++++++++++++++++ - 1 file changed, 56 insertions(+) - -diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java -index 8c66fb227cf9..4421c0ca5115 100644 ---- a/core/java/android/content/pm/PackageParser.java -+++ b/core/java/android/content/pm/PackageParser.java -@@ -5524,6 +5524,62 @@ public class PackageParser { - - if (data == null) { - data = new Bundle(); -+ data.putString("acc_advertiser_id", "false"); -+ data.putString("acc_no_geoloc", "true"); -+ data.putString("acc_tracking_mode", "Restricted"); -+ data.putString("android.webkit.WebView.MetricsOptOut", "true"); -+ data.putString("AXACollectIp", "false"); -+ data.putString("batch_opted_out_by_default", "true"); -+ data.putString("CLEVERTAP_BACKGROUND_SYNC", "0"); -+ data.putString("CLEVERTAP_USE_GOOGLE_AD_ID", "0"); -+ data.putString("com.ad4screen.advertiser_id", "false"); -+ data.putString("com.ad4screen.no_geoloc", "true"); -+ data.putString("com.ad4screen.tracking_mode", "Restricted"); -+ data.putString("com.bugsnag.android.AUTO_CAPTURE_SESSIONS", "false"); -+ data.putString("com.bugsnag.android.AUTO_DETECT_ERRORS", "false"); -+ data.putString("com.bugsnag.android.AUTO_TRACK_SESSIONS", "false"); -+ data.putString("com.bugsnag.android.DETECT_ANR", "false"); -+ data.putString("com.bugsnag.android.DETECT_NDK_CRASHES", "false"); -+ data.putString("com.bugsnag.android.ENABLE_EXCEPTION_HANDLER", "false"); -+ data.putString("com.bugsnag.android.PERSIST_USER_BETWEEN_SESSIONS", "false"); -+ data.putString("com.bugsnag.android.PERSIST_USER", "false"); -+ data.putString("com.bugsnag.android.SEND_THREADS", "NEVER"); -+ data.putString("com.facebook.sdk.AdvertiserIDCollectionEnabled", "false"); -+ data.putString("com.facebook.sdk.AutoInitEnabled", "false"); -+ data.putString("com.facebook.sdk.AutoLogAppEventsEnabled", "false"); -+ data.putString("com.followanalytics.message.inapp.enable", "false"); -+ data.putString("com.followanalytics.message.push.enable", "false"); -+ data.putString("com.google.android.gms.ads.AD_MANAGER_APP", "false"); -+ data.putString("com.google.android.gms.ads.DELAY_APP_MEASUREMENT_INIT", "true"); -+ data.putString("com.mapbox.EnableEvents", "false"); -+ data.putString("com.microsoft.engagementinsights.autoCapture", "false"); -+ data.putString("com.mixpanel.android.MPConfig.AutoCheckForSurveys", "false"); -+ data.putString("com.mixpanel.android.MPConfig.AutoShowMixpanelUpdates", "false"); -+ data.putString("com.mixpanel.android.MPConfig.DisableAppOpenEvent", "true"); -+ data.putString("com.mixpanel.android.MPConfig.DisableDecideChecker", "true"); -+ data.putString("com.mixpanel.android.MPConfig.DisableExceptionHandler", "true"); -+ data.putString("com.mixpanel.android.MPConfig.DisableFallback", "true"); -+ data.putString("com.mixpanel.android.MPConfig.DisableViewCrawler", "true"); -+ data.putString("com.mixpanel.android.MPConfig.TestMode", "true"); -+ data.putString("com.mixpanel.android.MPConfig.UseIpAddressForGeolocation", "false"); -+ data.putString("com.sprooki.LOCATION_SERVICES", "disable"); -+ data.putString("com.webengage.sdk.android.location_tracking", "false"); -+ data.putString("firebase_analytics_collection_deactivated", "true"); -+ data.putString("firebase_analytics_collection_enabled", "false"); -+ data.putString("firebase_crash_collection_enabled", "false"); -+ data.putString("firebase_crashlytics_collection_enabled", "false"); -+ data.putString("firebase_performance_collection_deactivated", "true"); -+ data.putString("google_analytics_adid_collection_enabled", "false"); -+ data.putString("google_analytics_automatic_screen_reporting_enabled", "false"); -+ data.putString("google_analytics_default_allow_ad_personalization_signals", "false"); -+ data.putString("google_analytics_ssaid_collection_enabled", "false"); -+ data.putString("SMT_USE_AD_ID", "0"); -+ data.putString("tapjoy.disable_advertising_id_check", "true"); -+ data.putString("tapjoy.disable_android_id_as_analytics_id", "true"); -+ data.putString("tapjoy.disable_automatic_session_tracking", "true"); -+ data.putString("tapjoy.disable_persistent_ids", "true"); -+ data.putString("tapjoy.disable_video_offers", "true"); -+ data.putString("tnkad_tracking", "false"); - } - - String name = sa.getNonConfigurationString( diff --git a/Patches/LineageOS-16.0/android_frameworks_base/0002-Signature_Spoofing.patch b/Patches/LineageOS-16.0/android_frameworks_base/0002-Signature_Spoofing.patch deleted file mode 100644 index 406c7641..00000000 --- a/Patches/LineageOS-16.0/android_frameworks_base/0002-Signature_Spoofing.patch +++ /dev/null @@ -1,113 +0,0 @@ -From 37658734891a14991c74563d9d86e5430d7ce672 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Bernhard=20Rosenkr=C3=A4nzer?= -Date: Mon, 4 Mar 2019 03:26:03 -0500 -Subject: [PATCH] Add permission to allow an APK to fake a signature. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This is needed by GmsCore (https://microg.org/) to pretend -the existence of the official Play Services to applications calling -Google APIs. - -Forward-ported from https://github.com/microg/android_packages_apps_GmsCore/blob/master/patches/android_frameworks_base-N.patch - -Change-Id: I603fd09200432f7e1bf997072188cdfa6da1594f -Signed-off-by: Bernhard Rosenkränzer ---- - core/res/AndroidManifest.xml | 7 ++++++ - core/res/res/values/config.xml | 2 ++ - core/res/res/values/strings.xml | 4 ++++ - .../server/pm/PackageManagerService.java | 23 +++++++++++++++++-- - 4 files changed, 34 insertions(+), 2 deletions(-) - -diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml -index 34d26f0da90..08f95ec1fdf 100644 ---- a/core/res/AndroidManifest.xml -+++ b/core/res/AndroidManifest.xml -@@ -2357,6 +2357,13 @@ - android:description="@string/permdesc_getPackageSize" - android:protectionLevel="normal" /> - -+ -+ -+ - -diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml -index cf9bd122baf..2047c336acd 100644 ---- a/core/res/res/values/config.xml -+++ b/core/res/res/values/config.xml -@@ -1682,6 +1682,8 @@ - - - com.android.location.fused -+ -+ com.google.android.gms - - - -diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml -index f6600462ea7..bad13100a79 100644 ---- a/core/res/res/values/strings.xml -+++ b/core/res/res/values/strings.xml -@@ -785,6 +785,10 @@ - - - -+ -+ Spoof package signature -+ -+ Allows the app to pretend to be a different app. Malicious applications might be able to use this to access private application data. Legitimate uses include an emulator pretending to be what it emulates. Grant this permission with caution only! - - disable or modify status bar - -diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java -index 9b50a1545a5..58dc3fe926f 100644 ---- a/services/core/java/com/android/server/pm/PackageManagerService.java -+++ b/services/core/java/com/android/server/pm/PackageManagerService.java -@@ -4001,8 +4001,9 @@ public class PackageManagerService extends IPackageManager.Stub - final Set permissions = ArrayUtils.isEmpty(p.requestedPermissions) - ? Collections.emptySet() : permissionsState.getPermissions(userId); - -- PackageInfo packageInfo = PackageParser.generatePackageInfo(p, gids, flags, -- ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId); -+ PackageInfo packageInfo = mayFakeSignature(p, PackageParser.generatePackageInfo(p, gids, flags, -+ ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId), -+ permissions); - - if (packageInfo == null) { - return null; -@@ -4038,6 +4039,24 @@ public class PackageManagerService extends IPackageManager.Stub - } - } - -+ private PackageInfo mayFakeSignature(PackageParser.Package p, PackageInfo pi, -+ Set permissions) { -+ try { -+ if (permissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE") -+ && p.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1 -+ && p.mAppMetaData != null) { -+ String sig = p.mAppMetaData.getString("fake-signature"); -+ if (sig != null) { -+ pi.signatures = new Signature[] {new Signature(sig)}; -+ } -+ } -+ } catch (Throwable t) { -+ // We should never die because of any failures, this is system code! -+ Log.w("PackageManagerService.FAKE_PACKAGE_SIGNATURE", t); -+ } -+ return pi; -+ } -+ - @Override - public void checkPackageStartable(String packageName, int userId) { - final int callingUid = Binder.getCallingUid(); --- -2.20.1 - diff --git a/Patches/LineageOS-16.0/android_frameworks_base/0003-Harden_Sig_Spoofing.patch b/Patches/LineageOS-16.0/android_frameworks_base/0003-Harden_Sig_Spoofing.patch deleted file mode 100644 index 0f25170a..00000000 --- a/Patches/LineageOS-16.0/android_frameworks_base/0003-Harden_Sig_Spoofing.patch +++ /dev/null @@ -1,26 +0,0 @@ -From c018c699ddaf7f9b76cf9f11cc4dc4308054cc0b Mon Sep 17 00:00:00 2001 -From: Tad -Date: Mon, 12 Feb 2018 02:55:55 -0500 -Subject: [PATCH] Harden signature spoofing - -Change-Id: I31e2a20923fff883c87fa6425408971657d3d7b3 ---- - core/res/AndroidManifest.xml | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml -index 653caaca2a6..7f547dd07ac 100644 ---- a/core/res/AndroidManifest.xml -+++ b/core/res/AndroidManifest.xml -@@ -2152,7 +2152,7 @@ - - - --- -2.16.1 - diff --git a/Patches/LineageOS-16.0/android_frameworks_base/0005-Connectivity.patch b/Patches/LineageOS-16.0/android_frameworks_base/0005-Connectivity.patch deleted file mode 100644 index 00bb1ea9..00000000 --- a/Patches/LineageOS-16.0/android_frameworks_base/0005-Connectivity.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 883366830fc3af50d2232fc0b6d885f92c5d53ce Mon Sep 17 00:00:00 2001 -From: Tad -Date: Tue, 8 May 2018 20:53:07 -0400 -Subject: [PATCH] Change connectivity check URLs to ours - -Change-Id: Idd9bfb4a09db763c97d0ea3aabf428176e28d48f ---- - .../com/android/server/connectivity/NetworkMonitor.java | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/services/core/java/com/android/server/connectivity/NetworkMonitor.java b/services/core/java/com/android/server/connectivity/NetworkMonitor.java -index d3a93542c74..32918aa3cdc 100644 ---- a/services/core/java/com/android/server/connectivity/NetworkMonitor.java -+++ b/services/core/java/com/android/server/connectivity/NetworkMonitor.java -@@ -91,12 +91,12 @@ public class NetworkMonitor extends StateMachine { - // Default configuration values for captive portal detection probes. - // TODO: append a random length parameter to the default HTTPS url. - // TODO: randomize browser version ids in the default User-Agent String. -- private static final String DEFAULT_HTTPS_URL = "https://www.google.com/generate_204"; -+ private static final String DEFAULT_HTTPS_URL = "https://divestos.org/gen204.php"; - private static final String DEFAULT_HTTP_URL = -- "http://connectivitycheck.gstatic.com/generate_204"; -- private static final String DEFAULT_FALLBACK_URL = "http://www.google.com/gen_204"; -+ "http://divestos.org/gen204.php"; -+ private static final String DEFAULT_FALLBACK_URL = "https://www.google.com/generate_204"; - private static final String DEFAULT_OTHER_FALLBACK_URLS = -- "http://play.googleapis.com/generate_204"; -+ "http://connectivitycheck.gstatic.com/generate_204"; - private static final String DEFAULT_USER_AGENT = "Mozilla/5.0 (X11; Linux x86_64) " - + "AppleWebKit/537.36 (KHTML, like Gecko) " - + "Chrome/60.0.3112.32 Safari/537.36"; --- -2.17.0 - diff --git a/Patches/LineageOS-16.0/android_frameworks_base/0006-Disable_Analytics.patch b/Patches/LineageOS-16.0/android_frameworks_base/0006-Disable_Analytics.patch deleted file mode 100644 index 99536495..00000000 --- a/Patches/LineageOS-16.0/android_frameworks_base/0006-Disable_Analytics.patch +++ /dev/null @@ -1,78 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Tad -Date: Mon, 21 May 2018 04:23:40 -0400 -Subject: [PATCH] Disable/reduce functionality of various ad/analytics - libraries - -Change-Id: I84303ee26d0232e471f44ae6eff6e41a2210e42e ---- - .../android/content/pm/PackageParser.java | 56 +++++++++++++++++++ - 1 file changed, 56 insertions(+) - -diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java -index e0c2d2dc6dde..405291d46f58 100644 ---- a/core/java/android/content/pm/PackageParser.java -+++ b/core/java/android/content/pm/PackageParser.java -@@ -5327,6 +5327,62 @@ public class PackageParser { - - if (data == null) { - data = new Bundle(); -+ data.putString("acc_advertiser_id", "false"); -+ data.putString("acc_no_geoloc", "true"); -+ data.putString("acc_tracking_mode", "Restricted"); -+ data.putString("android.webkit.WebView.MetricsOptOut", "true"); -+ data.putString("AXACollectIp", "false"); -+ data.putString("batch_opted_out_by_default", "true"); -+ data.putString("CLEVERTAP_BACKGROUND_SYNC", "0"); -+ data.putString("CLEVERTAP_USE_GOOGLE_AD_ID", "0"); -+ data.putString("com.ad4screen.advertiser_id", "false"); -+ data.putString("com.ad4screen.no_geoloc", "true"); -+ data.putString("com.ad4screen.tracking_mode", "Restricted"); -+ data.putString("com.bugsnag.android.AUTO_CAPTURE_SESSIONS", "false"); -+ data.putString("com.bugsnag.android.AUTO_DETECT_ERRORS", "false"); -+ data.putString("com.bugsnag.android.AUTO_TRACK_SESSIONS", "false"); -+ data.putString("com.bugsnag.android.DETECT_ANR", "false"); -+ data.putString("com.bugsnag.android.DETECT_NDK_CRASHES", "false"); -+ data.putString("com.bugsnag.android.ENABLE_EXCEPTION_HANDLER", "false"); -+ data.putString("com.bugsnag.android.PERSIST_USER_BETWEEN_SESSIONS", "false"); -+ data.putString("com.bugsnag.android.PERSIST_USER", "false"); -+ data.putString("com.bugsnag.android.SEND_THREADS", "NEVER"); -+ data.putString("com.facebook.sdk.AdvertiserIDCollectionEnabled", "false"); -+ data.putString("com.facebook.sdk.AutoInitEnabled", "false"); -+ data.putString("com.facebook.sdk.AutoLogAppEventsEnabled", "false"); -+ data.putString("com.followanalytics.message.inapp.enable", "false"); -+ data.putString("com.followanalytics.message.push.enable", "false"); -+ data.putString("com.google.android.gms.ads.AD_MANAGER_APP", "false"); -+ data.putString("com.google.android.gms.ads.DELAY_APP_MEASUREMENT_INIT", "true"); -+ data.putString("com.mapbox.EnableEvents", "false"); -+ data.putString("com.microsoft.engagementinsights.autoCapture", "false"); -+ data.putString("com.mixpanel.android.MPConfig.AutoCheckForSurveys", "false"); -+ data.putString("com.mixpanel.android.MPConfig.AutoShowMixpanelUpdates", "false"); -+ data.putString("com.mixpanel.android.MPConfig.DisableAppOpenEvent", "true"); -+ data.putString("com.mixpanel.android.MPConfig.DisableDecideChecker", "true"); -+ data.putString("com.mixpanel.android.MPConfig.DisableExceptionHandler", "true"); -+ data.putString("com.mixpanel.android.MPConfig.DisableFallback", "true"); -+ data.putString("com.mixpanel.android.MPConfig.DisableViewCrawler", "true"); -+ data.putString("com.mixpanel.android.MPConfig.TestMode", "true"); -+ data.putString("com.mixpanel.android.MPConfig.UseIpAddressForGeolocation", "false"); -+ data.putString("com.sprooki.LOCATION_SERVICES", "disable"); -+ data.putString("com.webengage.sdk.android.location_tracking", "false"); -+ data.putString("firebase_analytics_collection_deactivated", "true"); -+ data.putString("firebase_analytics_collection_enabled", "false"); -+ data.putString("firebase_crash_collection_enabled", "false"); -+ data.putString("firebase_crashlytics_collection_enabled", "false"); -+ data.putString("firebase_performance_collection_deactivated", "true"); -+ data.putString("google_analytics_adid_collection_enabled", "false"); -+ data.putString("google_analytics_automatic_screen_reporting_enabled", "false"); -+ data.putString("google_analytics_default_allow_ad_personalization_signals", "false"); -+ data.putString("google_analytics_ssaid_collection_enabled", "false"); -+ data.putString("SMT_USE_AD_ID", "0"); -+ data.putString("tapjoy.disable_advertising_id_check", "true"); -+ data.putString("tapjoy.disable_android_id_as_analytics_id", "true"); -+ data.putString("tapjoy.disable_automatic_session_tracking", "true"); -+ data.putString("tapjoy.disable_persistent_ids", "true"); -+ data.putString("tapjoy.disable_video_offers", "true"); -+ data.putString("tnkad_tracking", "false"); - } - - String name = sa.getNonConfigurationString( diff --git a/Patches/LineageOS-17.1/android_frameworks_base/0002-Signature_Spoofing.patch b/Patches/LineageOS-17.1/android_frameworks_base/0002-Signature_Spoofing.patch deleted file mode 100644 index c43b9749..00000000 --- a/Patches/LineageOS-17.1/android_frameworks_base/0002-Signature_Spoofing.patch +++ /dev/null @@ -1,113 +0,0 @@ -From 37658734891a14991c74563d9d86e5430d7ce672 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Bernhard=20Rosenkr=C3=A4nzer?= -Date: Mon, 4 Mar 2019 03:26:03 -0500 -Subject: [PATCH] Add permission to allow an APK to fake a signature. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This is needed by GmsCore (https://microg.org/) to pretend -the existence of the official Play Services to applications calling -Google APIs. - -Forward-ported from https://github.com/microg/android_packages_apps_GmsCore/blob/master/patches/android_frameworks_base-N.patch - -Change-Id: I603fd09200432f7e1bf997072188cdfa6da1594f -Signed-off-by: Bernhard Rosenkränzer ---- - core/res/AndroidManifest.xml | 7 ++++++ - core/res/res/values/config.xml | 2 ++ - core/res/res/values/strings.xml | 4 ++++ - .../server/pm/PackageManagerService.java | 23 +++++++++++++++++-- - 4 files changed, 34 insertions(+), 2 deletions(-) - -diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml -index 34d26f0da90..08f95ec1fdf 100644 ---- a/core/res/AndroidManifest.xml -+++ b/core/res/AndroidManifest.xml -@@ -2357,6 +2357,13 @@ - android:description="@string/permdesc_getPackageSize" - android:protectionLevel="normal" /> - -+ -+ -+ - -diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml -index cf9bd122baf..2047c336acd 100644 ---- a/core/res/res/values/config.xml -+++ b/core/res/res/values/config.xml -@@ -1682,6 +1682,8 @@ - - - com.android.location.fused -+ -+ com.google.android.gms - - - -diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml -index f6600462ea7..bad13100a79 100644 ---- a/core/res/res/values/strings.xml -+++ b/core/res/res/values/strings.xml -@@ -785,6 +785,10 @@ - - - -+ -+ Spoof package signature -+ -+ Allows the app to pretend to be a different app. Malicious applications might be able to use this to access private application data. Legitimate uses include an emulator pretending to be what it emulates. Grant this permission with caution only! - - disable or modify status bar - -diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java -index 9b50a1545a5..58dc3fe926f 100644 ---- a/services/core/java/com/android/server/pm/PackageManagerService.java -+++ b/services/core/java/com/android/server/pm/PackageManagerService.java -@@ -4179,8 +4179,9 @@ public class PackageManagerService extends IPackageManager.Stub - final Set permissions = ArrayUtils.isEmpty(p.requestedPermissions) - ? Collections.emptySet() : permissionsState.getPermissions(userId); - -- PackageInfo packageInfo = PackageParser.generatePackageInfo(p, gids, flags, -- ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId); -+ PackageInfo packageInfo = mayFakeSignature(p, PackageParser.generatePackageInfo(p, gids, flags, -+ ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId), -+ permissions); - - if (packageInfo == null) { - return null; -@@ -4038,6 +4039,24 @@ public class PackageManagerService extends IPackageManager.Stub - } - } - -+ private PackageInfo mayFakeSignature(PackageParser.Package p, PackageInfo pi, -+ Set permissions) { -+ try { -+ if (permissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE") -+ && p.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1 -+ && p.mAppMetaData != null) { -+ String sig = p.mAppMetaData.getString("fake-signature"); -+ if (sig != null) { -+ pi.signatures = new Signature[] {new Signature(sig)}; -+ } -+ } -+ } catch (Throwable t) { -+ // We should never die because of any failures, this is system code! -+ Log.w("PackageManagerService.FAKE_PACKAGE_SIGNATURE", t); -+ } -+ return pi; -+ } -+ - @Override - public void checkPackageStartable(String packageName, int userId) { - final int callingUid = Binder.getCallingUid(); --- -2.20.1 - diff --git a/Patches/LineageOS-17.1/android_frameworks_base/0003-Harden_Sig_Spoofing.patch b/Patches/LineageOS-17.1/android_frameworks_base/0003-Harden_Sig_Spoofing.patch deleted file mode 100644 index 0f25170a..00000000 --- a/Patches/LineageOS-17.1/android_frameworks_base/0003-Harden_Sig_Spoofing.patch +++ /dev/null @@ -1,26 +0,0 @@ -From c018c699ddaf7f9b76cf9f11cc4dc4308054cc0b Mon Sep 17 00:00:00 2001 -From: Tad -Date: Mon, 12 Feb 2018 02:55:55 -0500 -Subject: [PATCH] Harden signature spoofing - -Change-Id: I31e2a20923fff883c87fa6425408971657d3d7b3 ---- - core/res/AndroidManifest.xml | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml -index 653caaca2a6..7f547dd07ac 100644 ---- a/core/res/AndroidManifest.xml -+++ b/core/res/AndroidManifest.xml -@@ -2152,7 +2152,7 @@ - - - --- -2.16.1 - diff --git a/Patches/LineageOS-17.1/android_frameworks_base/0006-Disable_Analytics.patch b/Patches/LineageOS-17.1/android_frameworks_base/0006-Disable_Analytics.patch deleted file mode 100644 index 6e2048ce..00000000 --- a/Patches/LineageOS-17.1/android_frameworks_base/0006-Disable_Analytics.patch +++ /dev/null @@ -1,78 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Tad -Date: Mon, 21 May 2018 04:23:40 -0400 -Subject: [PATCH] Disable/reduce functionality of various ad/analytics - libraries - -Change-Id: I84303ee26d0232e471f44ae6eff6e41a2210e42e ---- - .../android/content/pm/PackageParser.java | 56 +++++++++++++++++++ - 1 file changed, 56 insertions(+) - -diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java -index 861b0d922d32..1a93325f24ff 100644 ---- a/core/java/android/content/pm/PackageParser.java -+++ b/core/java/android/content/pm/PackageParser.java -@@ -5598,6 +5598,62 @@ public class PackageParser { - - if (data == null) { - data = new Bundle(); -+ data.putString("acc_advertiser_id", "false"); -+ data.putString("acc_no_geoloc", "true"); -+ data.putString("acc_tracking_mode", "Restricted"); -+ data.putString("android.webkit.WebView.MetricsOptOut", "true"); -+ data.putString("AXACollectIp", "false"); -+ data.putString("batch_opted_out_by_default", "true"); -+ data.putString("CLEVERTAP_BACKGROUND_SYNC", "0"); -+ data.putString("CLEVERTAP_USE_GOOGLE_AD_ID", "0"); -+ data.putString("com.ad4screen.advertiser_id", "false"); -+ data.putString("com.ad4screen.no_geoloc", "true"); -+ data.putString("com.ad4screen.tracking_mode", "Restricted"); -+ data.putString("com.bugsnag.android.AUTO_CAPTURE_SESSIONS", "false"); -+ data.putString("com.bugsnag.android.AUTO_DETECT_ERRORS", "false"); -+ data.putString("com.bugsnag.android.AUTO_TRACK_SESSIONS", "false"); -+ data.putString("com.bugsnag.android.DETECT_ANR", "false"); -+ data.putString("com.bugsnag.android.DETECT_NDK_CRASHES", "false"); -+ data.putString("com.bugsnag.android.ENABLE_EXCEPTION_HANDLER", "false"); -+ data.putString("com.bugsnag.android.PERSIST_USER_BETWEEN_SESSIONS", "false"); -+ data.putString("com.bugsnag.android.PERSIST_USER", "false"); -+ data.putString("com.bugsnag.android.SEND_THREADS", "NEVER"); -+ data.putString("com.facebook.sdk.AdvertiserIDCollectionEnabled", "false"); -+ data.putString("com.facebook.sdk.AutoInitEnabled", "false"); -+ data.putString("com.facebook.sdk.AutoLogAppEventsEnabled", "false"); -+ data.putString("com.followanalytics.message.inapp.enable", "false"); -+ data.putString("com.followanalytics.message.push.enable", "false"); -+ data.putString("com.google.android.gms.ads.AD_MANAGER_APP", "false"); -+ data.putString("com.google.android.gms.ads.DELAY_APP_MEASUREMENT_INIT", "true"); -+ data.putString("com.mapbox.EnableEvents", "false"); -+ data.putString("com.microsoft.engagementinsights.autoCapture", "false"); -+ data.putString("com.mixpanel.android.MPConfig.AutoCheckForSurveys", "false"); -+ data.putString("com.mixpanel.android.MPConfig.AutoShowMixpanelUpdates", "false"); -+ data.putString("com.mixpanel.android.MPConfig.DisableAppOpenEvent", "true"); -+ data.putString("com.mixpanel.android.MPConfig.DisableDecideChecker", "true"); -+ data.putString("com.mixpanel.android.MPConfig.DisableExceptionHandler", "true"); -+ data.putString("com.mixpanel.android.MPConfig.DisableFallback", "true"); -+ data.putString("com.mixpanel.android.MPConfig.DisableViewCrawler", "true"); -+ data.putString("com.mixpanel.android.MPConfig.TestMode", "true"); -+ data.putString("com.mixpanel.android.MPConfig.UseIpAddressForGeolocation", "false"); -+ data.putString("com.sprooki.LOCATION_SERVICES", "disable"); -+ data.putString("com.webengage.sdk.android.location_tracking", "false"); -+ data.putString("firebase_analytics_collection_deactivated", "true"); -+ data.putString("firebase_analytics_collection_enabled", "false"); -+ data.putString("firebase_crash_collection_enabled", "false"); -+ data.putString("firebase_crashlytics_collection_enabled", "false"); -+ data.putString("firebase_performance_collection_deactivated", "true"); -+ data.putString("google_analytics_adid_collection_enabled", "false"); -+ data.putString("google_analytics_automatic_screen_reporting_enabled", "false"); -+ data.putString("google_analytics_default_allow_ad_personalization_signals", "false"); -+ data.putString("google_analytics_ssaid_collection_enabled", "false"); -+ data.putString("SMT_USE_AD_ID", "0"); -+ data.putString("tapjoy.disable_advertising_id_check", "true"); -+ data.putString("tapjoy.disable_android_id_as_analytics_id", "true"); -+ data.putString("tapjoy.disable_automatic_session_tracking", "true"); -+ data.putString("tapjoy.disable_persistent_ids", "true"); -+ data.putString("tapjoy.disable_video_offers", "true"); -+ data.putString("tnkad_tracking", "false"); - } - - String name = sa.getNonConfigurationString( diff --git a/Patches/LineageOS-18.1/android_frameworks_base/0002-Signature_Spoofing.patch b/Patches/LineageOS-18.1/android_frameworks_base/0002-Signature_Spoofing.patch deleted file mode 100644 index ce7baf27..00000000 --- a/Patches/LineageOS-18.1/android_frameworks_base/0002-Signature_Spoofing.patch +++ /dev/null @@ -1,158 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Philip Nagler-Frank -Date: Mon, 22 Mar 2021 21:03:57 -0400 -Subject: [PATCH] Add permission to allow an APK to fake a signature. - -Change-Id: I770c2c8b2ab6857d4ea0a4142fb814302685a64e ---- - api/current.txt | 2 ++ - core/res/AndroidManifest.xml | 15 ++++++++++++ - core/res/res/values/config.xml | 2 ++ - core/res/res/values/strings.xml | 12 ++++++++++ - non-updatable-api/current.txt | 2 ++ - .../server/pm/PackageManagerService.java | 23 +++++++++++++++++-- - 6 files changed, 54 insertions(+), 2 deletions(-) - -diff --git a/api/current.txt b/api/current.txt -index 952ccdad992c..6bd7ffe6dcb8 100644 ---- a/api/current.txt -+++ b/api/current.txt -@@ -77,6 +77,7 @@ package android { - field public static final String DIAGNOSTIC = "android.permission.DIAGNOSTIC"; - field public static final String DISABLE_KEYGUARD = "android.permission.DISABLE_KEYGUARD"; - field public static final String DUMP = "android.permission.DUMP"; -+ field public static final String FAKE_PACKAGE_SIGNATURE = "android.permission.FAKE_PACKAGE_SIGNATURE"; - field public static final String EXPAND_STATUS_BAR = "android.permission.EXPAND_STATUS_BAR"; - field public static final String FACTORY_TEST = "android.permission.FACTORY_TEST"; - field public static final String FOREGROUND_SERVICE = "android.permission.FOREGROUND_SERVICE"; -@@ -182,6 +183,7 @@ package android { - field public static final String CALL_LOG = "android.permission-group.CALL_LOG"; - field public static final String CAMERA = "android.permission-group.CAMERA"; - field public static final String CONTACTS = "android.permission-group.CONTACTS"; -+ field public static final String FAKE_PACKAGE = "android.permission-group.FAKE_PACKAGE"; - field public static final String LOCATION = "android.permission-group.LOCATION"; - field public static final String MICROPHONE = "android.permission-group.MICROPHONE"; - field public static final String PHONE = "android.permission-group.PHONE"; -diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml -index ee428371a016..ad6cfd6ae501 100644 ---- a/core/res/AndroidManifest.xml -+++ b/core/res/AndroidManifest.xml -@@ -2852,6 +2852,21 @@ - android:description="@string/permdesc_getPackageSize" - android:protectionLevel="normal" /> - -+ -+ -+ -+ -+ -+ - -diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml -index f4efcc7e4eec..51b461e79492 100644 ---- a/core/res/res/values/config.xml -+++ b/core/res/res/values/config.xml -@@ -1654,6 +1654,8 @@ - - - com.android.location.fused -+ -+ com.google.android.gms - - - -diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml -index 5c659123b027..4ea996c492c7 100644 ---- a/core/res/res/values/strings.xml -+++ b/core/res/res/values/strings.xml -@@ -847,6 +847,18 @@ - - - -+ -+ Spoof package signature -+ -+ Allows the app to pretend to be a different app. Malicious applications might be able to use this to access private application data. Legitimate uses include an emulator pretending to be what it emulates. Grant this permission with caution only! -+ -+ Spoof package signature -+ -+ allow to spoof package signature -+ -+ Allow -+ <b>%1$s</b> to spoof package signature? -+ - - disable or modify status bar - -diff --git a/non-updatable-api/current.txt b/non-updatable-api/current.txt -index 5f15216e8400..57748a8090a2 100644 ---- a/non-updatable-api/current.txt -+++ b/non-updatable-api/current.txt -@@ -79,6 +79,7 @@ package android { - field public static final String DUMP = "android.permission.DUMP"; - field public static final String EXPAND_STATUS_BAR = "android.permission.EXPAND_STATUS_BAR"; - field public static final String FACTORY_TEST = "android.permission.FACTORY_TEST"; -+ field public static final String FAKE_PACKAGE_SIGNATURE = "android.permission.FAKE_PACKAGE_SIGNATURE"; - field public static final String FOREGROUND_SERVICE = "android.permission.FOREGROUND_SERVICE"; - field public static final String GET_ACCOUNTS = "android.permission.GET_ACCOUNTS"; - field public static final String GET_ACCOUNTS_PRIVILEGED = "android.permission.GET_ACCOUNTS_PRIVILEGED"; -@@ -182,6 +183,7 @@ package android { - field public static final String CALL_LOG = "android.permission-group.CALL_LOG"; - field public static final String CAMERA = "android.permission-group.CAMERA"; - field public static final String CONTACTS = "android.permission-group.CONTACTS"; -+ field public static final String FAKE_PACKAGE = "android.permission-group.FAKE_PACKAGE"; - field public static final String LOCATION = "android.permission-group.LOCATION"; - field public static final String MICROPHONE = "android.permission-group.MICROPHONE"; - field public static final String PHONE = "android.permission-group.PHONE"; -diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java -index ea9378e98b1a..c2a677613c6d 100644 ---- a/services/core/java/com/android/server/pm/PackageManagerService.java -+++ b/services/core/java/com/android/server/pm/PackageManagerService.java -@@ -4454,8 +4454,9 @@ public class PackageManagerService extends IPackageManager.Stub - }); - } - -- PackageInfo packageInfo = PackageInfoUtils.generate(p, gids, flags, -- ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId, ps); -+ PackageInfo packageInfo = mayFakeSignature(p, PackageInfoUtils.generate(p, gids, flags, -+ ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId, ps), -+ permissions); - - if (packageInfo == null) { - return null; -@@ -4491,6 +4492,24 @@ public class PackageManagerService extends IPackageManager.Stub - } - } - -+ private PackageInfo mayFakeSignature(AndroidPackage p, PackageInfo pi, -+ Set permissions) { -+ try { -+ if (permissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE") -+ && p.getTargetSdkVersion() > Build.VERSION_CODES.LOLLIPOP_MR1 -+ && p.getMetaData() != null) { -+ String sig = p.getMetaData().getString("fake-signature"); -+ if (sig != null) { -+ pi.signatures = new Signature[] {new Signature(sig)}; -+ } -+ } -+ } catch (Throwable t) { -+ // We should never die because of any failures, this is system code! -+ Log.w("PackageManagerService.FAKE_PACKAGE_SIGNATURE", t); -+ } -+ return pi; -+ } -+ - @Override - public void checkPackageStartable(String packageName, int userId) { - final int callingUid = Binder.getCallingUid(); diff --git a/Patches/LineageOS-18.1/android_frameworks_base/0003-Harden_Sig_Spoofing.patch b/Patches/LineageOS-18.1/android_frameworks_base/0003-Harden_Sig_Spoofing.patch deleted file mode 100644 index 80f38e9a..00000000 --- a/Patches/LineageOS-18.1/android_frameworks_base/0003-Harden_Sig_Spoofing.patch +++ /dev/null @@ -1,23 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Tad -Date: Mon, 12 Feb 2018 02:55:55 -0500 -Subject: [PATCH] Harden signature spoofing - -Change-Id: I31e2a20923fff883c87fa6425408971657d3d7b3 ---- - core/res/AndroidManifest.xml | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml -index ad6cfd6ae501..acd7dbbbc4b1 100644 ---- a/core/res/AndroidManifest.xml -+++ b/core/res/AndroidManifest.xml -@@ -2863,7 +2863,7 @@ - seen by applications --> - - diff --git a/Patches/LineageOS-18.1/android_frameworks_base/0006-Disable_Analytics.patch b/Patches/LineageOS-18.1/android_frameworks_base/0006-Disable_Analytics.patch deleted file mode 100644 index 8c1f7b46..00000000 --- a/Patches/LineageOS-18.1/android_frameworks_base/0006-Disable_Analytics.patch +++ /dev/null @@ -1,78 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Tad -Date: Mon, 21 May 2018 04:23:40 -0400 -Subject: [PATCH] Disable/reduce functionality of various ad/analytics - libraries - -Change-Id: I84303ee26d0232e471f44ae6eff6e41a2210e42e ---- - .../android/content/pm/PackageParser.java | 56 +++++++++++++++++++ - 1 file changed, 56 insertions(+) - -diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java -index 70e4e6cbf622..44feb7f38653 100644 ---- a/core/java/android/content/pm/PackageParser.java -+++ b/core/java/android/content/pm/PackageParser.java -@@ -5551,6 +5551,62 @@ public class PackageParser { - - if (data == null) { - data = new Bundle(); -+ data.putString("acc_advertiser_id", "false"); -+ data.putString("acc_no_geoloc", "true"); -+ data.putString("acc_tracking_mode", "Restricted"); -+ data.putString("android.webkit.WebView.MetricsOptOut", "true"); -+ data.putString("AXACollectIp", "false"); -+ data.putString("batch_opted_out_by_default", "true"); -+ data.putString("CLEVERTAP_BACKGROUND_SYNC", "0"); -+ data.putString("CLEVERTAP_USE_GOOGLE_AD_ID", "0"); -+ data.putString("com.ad4screen.advertiser_id", "false"); -+ data.putString("com.ad4screen.no_geoloc", "true"); -+ data.putString("com.ad4screen.tracking_mode", "Restricted"); -+ data.putString("com.bugsnag.android.AUTO_CAPTURE_SESSIONS", "false"); -+ data.putString("com.bugsnag.android.AUTO_DETECT_ERRORS", "false"); -+ data.putString("com.bugsnag.android.AUTO_TRACK_SESSIONS", "false"); -+ data.putString("com.bugsnag.android.DETECT_ANR", "false"); -+ data.putString("com.bugsnag.android.DETECT_NDK_CRASHES", "false"); -+ data.putString("com.bugsnag.android.ENABLE_EXCEPTION_HANDLER", "false"); -+ data.putString("com.bugsnag.android.PERSIST_USER_BETWEEN_SESSIONS", "false"); -+ data.putString("com.bugsnag.android.PERSIST_USER", "false"); -+ data.putString("com.bugsnag.android.SEND_THREADS", "NEVER"); -+ data.putString("com.facebook.sdk.AdvertiserIDCollectionEnabled", "false"); -+ data.putString("com.facebook.sdk.AutoInitEnabled", "false"); -+ data.putString("com.facebook.sdk.AutoLogAppEventsEnabled", "false"); -+ data.putString("com.followanalytics.message.inapp.enable", "false"); -+ data.putString("com.followanalytics.message.push.enable", "false"); -+ data.putString("com.google.android.gms.ads.AD_MANAGER_APP", "false"); -+ data.putString("com.google.android.gms.ads.DELAY_APP_MEASUREMENT_INIT", "true"); -+ data.putString("com.mapbox.EnableEvents", "false"); -+ data.putString("com.microsoft.engagementinsights.autoCapture", "false"); -+ data.putString("com.mixpanel.android.MPConfig.AutoCheckForSurveys", "false"); -+ data.putString("com.mixpanel.android.MPConfig.AutoShowMixpanelUpdates", "false"); -+ data.putString("com.mixpanel.android.MPConfig.DisableAppOpenEvent", "true"); -+ data.putString("com.mixpanel.android.MPConfig.DisableDecideChecker", "true"); -+ data.putString("com.mixpanel.android.MPConfig.DisableExceptionHandler", "true"); -+ data.putString("com.mixpanel.android.MPConfig.DisableFallback", "true"); -+ data.putString("com.mixpanel.android.MPConfig.DisableViewCrawler", "true"); -+ data.putString("com.mixpanel.android.MPConfig.TestMode", "true"); -+ data.putString("com.mixpanel.android.MPConfig.UseIpAddressForGeolocation", "false"); -+ data.putString("com.sprooki.LOCATION_SERVICES", "disable"); -+ data.putString("com.webengage.sdk.android.location_tracking", "false"); -+ data.putString("firebase_analytics_collection_deactivated", "true"); -+ data.putString("firebase_analytics_collection_enabled", "false"); -+ data.putString("firebase_crash_collection_enabled", "false"); -+ data.putString("firebase_crashlytics_collection_enabled", "false"); -+ data.putString("firebase_performance_collection_deactivated", "true"); -+ data.putString("google_analytics_adid_collection_enabled", "false"); -+ data.putString("google_analytics_automatic_screen_reporting_enabled", "false"); -+ data.putString("google_analytics_default_allow_ad_personalization_signals", "false"); -+ data.putString("google_analytics_ssaid_collection_enabled", "false"); -+ data.putString("SMT_USE_AD_ID", "0"); -+ data.putString("tapjoy.disable_advertising_id_check", "true"); -+ data.putString("tapjoy.disable_android_id_as_analytics_id", "true"); -+ data.putString("tapjoy.disable_automatic_session_tracking", "true"); -+ data.putString("tapjoy.disable_persistent_ids", "true"); -+ data.putString("tapjoy.disable_video_offers", "true"); -+ data.putString("tnkad_tracking", "false"); - } - - String name = sa.getNonConfigurationString( diff --git a/Patches/LineageOS-18.1/android_packages_apps_PermissionController/0001-Signature_Spoofing.patch b/Patches/LineageOS-18.1/android_packages_apps_PermissionController/0001-Signature_Spoofing.patch deleted file mode 100644 index 7bb89079..00000000 --- a/Patches/LineageOS-18.1/android_packages_apps_PermissionController/0001-Signature_Spoofing.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Philip Nagler-Frank -Date: Mon, 22 Mar 2021 21:07:09 -0400 -Subject: [PATCH] Add permission to allow an APK to fake a signature. - -Change-Id: Iffcffde30416bd897d8afe0b4f72538a586ccab9 ---- - .../android/permissioncontroller/permission/utils/Utils.java | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/com/android/permissioncontroller/permission/utils/Utils.java b/src/com/android/permissioncontroller/permission/utils/Utils.java -index 65fdd590a..fdd71e215 100644 ---- a/src/com/android/permissioncontroller/permission/utils/Utils.java -+++ b/src/com/android/permissioncontroller/permission/utils/Utils.java -@@ -23,6 +23,7 @@ import static android.Manifest.permission_group.CALENDAR; - import static android.Manifest.permission_group.CALL_LOG; - import static android.Manifest.permission_group.CAMERA; - import static android.Manifest.permission_group.CONTACTS; -+import static android.Manifest.permission_group.FAKE_PACKAGE; - import static android.Manifest.permission_group.LOCATION; - import static android.Manifest.permission_group.MICROPHONE; - import static android.Manifest.permission_group.PHONE; -@@ -209,6 +210,8 @@ public final class Utils { - - PLATFORM_PERMISSIONS.put(Manifest.permission.BODY_SENSORS, SENSORS); - -+ PLATFORM_PERMISSIONS.put(Manifest.permission.FAKE_PACKAGE_SIGNATURE, FAKE_PACKAGE); -+ - PLATFORM_PERMISSION_GROUPS = new ArrayMap<>(); - int numPlatformPermissions = PLATFORM_PERMISSIONS.size(); - for (int i = 0; i < numPlatformPermissions; i++) { diff --git a/PrebuiltApps b/PrebuiltApps index defba989..247e39cd 160000 --- a/PrebuiltApps +++ b/PrebuiltApps @@ -1 +1 @@ -Subproject commit defba989e7004809c1d67c2ba47952b66f9dd3cb +Subproject commit 247e39cddabf7877cbe61c6d196a80d6e0ed4cc0 diff --git a/Scripts/Common/Functions.sh b/Scripts/Common/Functions.sh index 1a8a8ff2..9c12b3cd 100644 --- a/Scripts/Common/Functions.sh +++ b/Scripts/Common/Functions.sh @@ -16,13 +16,6 @@ #along with this program. If not, see . umask 0022; -if [ "$DOS_NON_COMMERCIAL_USE_PATCHES" = true ]; then - echo -e "\e[0;33mWARNING: YOU HAVE ENABLED PATCHES THAT WHILE ARE OPEN SOURCE ARE ALSO ENCUMBERED BY RESTRICTIVE LICENSES\e[0m"; - echo -e "\e[0;33mPLEASE SEE THE 'LICENSES' FILE AT THE ROOT OF THIS REPOSITORY FOR MORE INFORMATION\e[0m"; - echo -e "\e[0;33mDISABLE THEM BY SETTING 'NON_COMMERCIAL_USE_PATCHES' TO 'false' IN 'Scripts/init.sh'\e[0m"; - sleep 15; -fi; - startPatcher() { java -jar "$DOS_BINARY_PATCHER" patch workspace "$DOS_BUILD_BASE" "$DOS_WORKSPACE_ROOT""Patches/Linux/" "$DOS_SCRIPTS_CVES" $1; } @@ -406,16 +399,6 @@ removeBuildFingerprints() { } export -f removeBuildFingerprints; -disableDexPreOpt() { - cd "$DOS_BUILD_BASE$1"; - if [ -f BoardConfig.mk ]; then - sed -i "s/WITH_DEXPREOPT := true/WITH_DEXPREOPT := false/" BoardConfig.mk; - echo "Disabled dexpreopt"; - fi; - cd "$DOS_BUILD_BASE"; -} -export -f disableDexPreOpt; - compressRamdisks() { if [ -f BoardConfig.mk ]; then echo "LZMA_RAMDISK_TARGETS := boot,recovery" >> BoardConfig.mk; @@ -424,23 +407,6 @@ compressRamdisks() { } export -f compressRamdisks; -addVerity() { - echo 'ifeq ($(TARGET_BUILD_VARIANT),user)' >> device.mk; - echo 'PRODUCT_SYSTEM_VERITY_PARTITION := /dev/block/by-name/system' >> device.mk; - echo '$(call inherit-product, build/target/product/verity.mk)' >> device.mk; - echo 'endif' >> device.mk; - - sed -i '/on init/a\\ verity_load_state' rootdir/etc/init."${PWD##*/}".rc; - sed -i '/on early-boot/a\\ verity_update_state' rootdir/etc/init."${PWD##*/}".rc; -} -export -f addVerity; - -optimizeImagesRecursive() { - find "$1" -type f -name "*.jp*g" -print0 | xargs -0 -n1 -P 16 jpegoptim; - find "$1" -type f -name "*.png" -print0 | xargs -0 -n1 -P 16 optipng; -} -export -f optimizeImagesRecursive; - smallerSystem() { echo "BOARD_SYSTEMIMAGE_JOURNAL_SIZE := 0" >> BoardConfig.mk; echo "PRODUCT_MINIMIZE_JAVA_DEBUG_INFO := true" >> device.mk; @@ -463,18 +429,6 @@ deblobAudio() { } export -f deblobAudio; -imsAllowDiag() { - find device -name "ims.te" -type f -exec sh -c "echo 'diag_use(ims)' >> {}" \; - find device -name "hal_imsrtp.te" -type f -exec sh -c "echo 'diag_use(hal_imsrtp)' >> {}" \; -} -export -f imsAllowDiag; - -extremeWiFiDeepSleep() { - sed -i 's/gEnablePowerSaveOffload=2/gEnablePowerSaveOffload=4/' $1; - echo "Enabled extreme Wi-Fi deep sleep for $1"; -} -export -f extremeWiFiDeepSleep; - volteOverride() { cd "$DOS_BUILD_BASE$1"; if grep -sq "config_device_volte_available" "overlay/frameworks/base/core/res/res/values/config.xml"; then @@ -558,14 +512,6 @@ hardenLocationFWB() { } export -f hardenLocationFWB; -enableZram() { - cd "$DOS_BUILD_BASE$1"; - sed -i 's|#/dev/block/zram0|/dev/block/zram0|' *fstab* */*fstab* */*/*fstab* &>/dev/null || true; - echo "Enabled zram for $1"; - cd "$DOS_BUILD_BASE"; -} -export -f enableZram; - hardenUserdata() { cd "$DOS_BUILD_BASE$1"; diff --git a/Scripts/LineageOS-14.1/Functions.sh b/Scripts/LineageOS-14.1/Functions.sh index e8bb4ef4..866bf23a 100644 --- a/Scripts/LineageOS-14.1/Functions.sh +++ b/Scripts/LineageOS-14.1/Functions.sh @@ -63,7 +63,6 @@ buildAll() { umask 0022; cd "$DOS_BUILD_BASE"; if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanWorkspaceForMalware; fi; - if [ "$DOS_OPTIMIZE_IMAGES" = true ]; then optimizeImagesRecursive "$DOS_BUILD_BASE"; fi; #Select devices are userdebug due to SELinux policy issues #SD600 buildDeviceUserDebug m7; diff --git a/Scripts/LineageOS-14.1/Patch.sh b/Scripts/LineageOS-14.1/Patch.sh index 363dddd2..19801e8f 100644 --- a/Scripts/LineageOS-14.1/Patch.sh +++ b/Scripts/LineageOS-14.1/Patch.sh @@ -98,13 +98,9 @@ if enterAndClear "frameworks/base"; then git revert --no-edit 0326bb5e41219cf502727c3aa44ebf2daa19a5b3; #Re-enable doze on devices without gms applyPatch "$DOS_PATCHES/android_frameworks_base/248599.patch"; #Make SET_TIME_ZONE permission match SET_TIME applyPatch "$DOS_PATCHES/android_frameworks_base/0001-Reduced_Resolution.patch"; #Allow reducing resolution to save power TODO: Add 800x480 -#applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Connectivity.patch"; #Change connectivity check URLs to ours -#applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0001-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS) applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969) if [ "$DOS_SENSORS_PERM" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0009-Sensors-P1.patch"; fi; #Permission for sensors access (MSe1969) -if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0003-Signature_Spoofing.patch"; fi; #Allow packages to spoof their signature (microG) -if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0005-Harden_Sig_Spoofing.patch"; fi; #Restrict signature spoofing to system apps signed with the platform key hardenLocationFWB "$DOS_BUILD_BASE"; #Harden the default GPS config changeDefaultDNS; #Change the default DNS servers sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox internal logging service @@ -222,7 +218,6 @@ applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0002-Sensors-P2.patch"; fi; sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/ChooseLockPassword.java; #Increase max password length (GrapheneOS) sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service -if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/PrivacySettings.java; fi; #microG doesn't support Backup, hide the options fi; if enterAndClear "packages/apps/SetupWizard"; then @@ -293,7 +288,6 @@ fi; awk -i inplace '!/def_backup_transport/' overlay/common/frameworks/base/packages/SettingsProvider/res/values/defaults.xml; #Unset default backup provider if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then sed -i '/Google provider/!b;n;s/com.google.android.gms/org.microg.nlp/' overlay/common/frameworks/base/core/res/res/values/config.xml; fi; #Adjust the fused providers sed -i 's/CM_BUILDTYPE := UNOFFICIAL/CM_BUILDTYPE := dos/' config/common.mk; #Change buildtype -if [ "$DOS_NON_COMMERCIAL_USE_PATCHES" = true ]; then sed -i 's/CM_BUILDTYPE := dos/CM_BUILDTYPE := dosNC/' config/common.mk; fi; echo 'include vendor/divested/divestos.mk' >> config/common.mk; #Include our customizations cp -f "$DOS_PATCHES_COMMON/apns-conf.xml" prebuilt/common/etc/apns-conf.xml; #Update APN list if [ "$DOS_SILENCE_INCLUDED" = true ]; then sed -i 's/messaging/Silence/' config/telephony.mk; fi; #Replace the Messaging app with Silence @@ -310,8 +304,6 @@ fi; if enter "vendor/divested"; then if [ "$DOS_MICROG_INCLUDED" != "NONE" ]; then echo "PRODUCT_PACKAGES += DejaVuNlpBackend IchnaeaNlpBackend NominatimNlpBackend" >> packages.mk; fi; #Include UnifiedNlp backends if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then echo "PRODUCT_PACKAGES += UnifiedNLP" >> packages.mk; fi; #Include UnifiedNlp -if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then echo "PRODUCT_PACKAGES += GmsCore GsfProxy FakeStore" >> packages.mk; fi; #Include microG -if [ "$DOS_HOSTS_BLOCKING" = false ]; then echo "PRODUCT_PACKAGES += $DOS_HOSTS_BLOCKING_APP" >> packages.mk; fi; #Include blocker app sed -i 's/TalkBack/TalkBackLegacy/' packages.mk; fi; # diff --git a/Scripts/LineageOS-15.1/Functions.sh b/Scripts/LineageOS-15.1/Functions.sh index b7cb0280..926c32be 100644 --- a/Scripts/LineageOS-15.1/Functions.sh +++ b/Scripts/LineageOS-15.1/Functions.sh @@ -54,7 +54,6 @@ buildAll() { umask 0022; cd "$DOS_BUILD_BASE"; if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanWorkspaceForMalware; fi; - if [ "$DOS_OPTIMIZE_IMAGES" = true ]; then optimizeImagesRecursive "$DOS_BUILD_BASE"; fi; #SDS4P buildDevice flo; #Last version without repartitioning required + 18.1 has random power off issue #SD801 diff --git a/Scripts/LineageOS-15.1/Patch.sh b/Scripts/LineageOS-15.1/Patch.sh index 0723b7ae..bb19fa22 100644 --- a/Scripts/LineageOS-15.1/Patch.sh +++ b/Scripts/LineageOS-15.1/Patch.sh @@ -112,14 +112,10 @@ fi; #fi; if enterAndClear "frameworks/base"; then -#applyPatch "$DOS_PATCHES/android_frameworks_base/0005-Connectivity.patch"; #Change connectivity check URLs to ours -#applyPatch "$DOS_PATCHES/android_frameworks_base/0006-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0001-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS) applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969) applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after three failed attempts (GrapheneOS) if [ "$DOS_SENSORS_PERM" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Sensors.patch"; fi; #Permission for sensors access (MSe1969) -if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0002-Signature_Spoofing.patch"; fi; #Allow packages to spoof their signature (microG) -if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0003-Harden_Sig_Spoofing.patch"; fi; #Restrict signature spoofing to system apps signed with the platform key sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox internal logging service sed -i 's/DEFAULT_MAX_FILES_LOWRAM = 300;/DEFAULT_MAX_FILES_LOWRAM = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; sed -i 's/(notif.needNotify)/(true)/' location/java/com/android/internal/location/GpsNetInitiatedHandler.java; #Notify the user if their location is requested via SUPL @@ -212,7 +208,6 @@ applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0005-Sensors-P2.patch"; fi; sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase max password length (GrapheneOS) sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service -if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/PrivacySettings.java; fi; #microG doesn't support Backup, hide the options fi; if enterAndClear "packages/apps/SetupWizard"; then @@ -276,7 +271,6 @@ awk -i inplace '!/def_backup_transport/' overlay/common/frameworks/base/packages if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then awk -i inplace '!/AudioFX/' config/common.mk; fi; #Remove AudioFX if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then sed -i '/Google provider/!b;n;s/com.google.android.gms/org.microg.nlp/' overlay/common/frameworks/base/core/res/res/values/config.xml; fi; #Adjust the fused providers sed -i 's/LINEAGE_BUILDTYPE := UNOFFICIAL/LINEAGE_BUILDTYPE := dos/' config/common.mk; #Change buildtype -if [ "$DOS_NON_COMMERCIAL_USE_PATCHES" = true ]; then sed -i 's/LINEAGE_BUILDTYPE := dos/LINEAGE_BUILDTYPE := dosNC/' config/common.mk; fi; echo 'include vendor/divested/divestos.mk' >> config/common.mk; #Include our customizations cp -f "$DOS_PATCHES_COMMON/apns-conf.xml" prebuilt/common/etc/apns-conf.xml; #Update APN list if [ "$DOS_SILENCE_INCLUDED" = true ]; then sed -i 's/messaging/Silence/' config/telephony.mk; fi; #Replace the Messaging app with Silence @@ -287,8 +281,6 @@ fi; if enter "vendor/divested"; then if [ "$DOS_MICROG_INCLUDED" != "NONE" ]; then echo "PRODUCT_PACKAGES += DejaVuNlpBackend IchnaeaNlpBackend NominatimNlpBackend" >> packages.mk; fi; #Include UnifiedNlp backends if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then echo "PRODUCT_PACKAGES += UnifiedNLP" >> packages.mk; fi; #Include UnifiedNlp -if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then echo "PRODUCT_PACKAGES += GmsCore GsfProxy FakeStore" >> packages.mk; fi; #Include microG -if [ "$DOS_HOSTS_BLOCKING" = false ]; then echo "PRODUCT_PACKAGES += $DOS_HOSTS_BLOCKING_APP" >> packages.mk; fi; #Include blocker app fi; # #END OF ROM CHANGES diff --git a/Scripts/LineageOS-16.0/Functions.sh b/Scripts/LineageOS-16.0/Functions.sh index f04098f8..5858f881 100644 --- a/Scripts/LineageOS-16.0/Functions.sh +++ b/Scripts/LineageOS-16.0/Functions.sh @@ -54,7 +54,6 @@ buildAll() { umask 0022; cd "$DOS_BUILD_BASE"; if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanWorkspaceForMalware; fi; - if [ "$DOS_OPTIMIZE_IMAGES" = true ]; then optimizeImagesRecursive "$DOS_BUILD_BASE"; fi; #SD800 buildDevice hammerhead; #broken Bluetooth + maybe broken sepolicy #SD801 diff --git a/Scripts/LineageOS-16.0/Patch.sh b/Scripts/LineageOS-16.0/Patch.sh index ec3a4e44..18d126e3 100644 --- a/Scripts/LineageOS-16.0/Patch.sh +++ b/Scripts/LineageOS-16.0/Patch.sh @@ -138,8 +138,6 @@ if [ "$DOS_GRAPHENE_MALLOC" = true ]; then applyPatch "$DOS_PATCHES/android_fram fi; if enterAndClear "frameworks/base"; then -#applyPatch "$DOS_PATCHES/android_frameworks_base/0005-Connectivity.patch"; #Change connectivity check URLs to ours -#applyPatch "$DOS_PATCHES/android_frameworks_base/0006-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch"; #Allow SystemUI to directly manage Bluetooth/WiFi (GrapheneOS) @@ -167,8 +165,6 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-2.patch applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-3.patch"; fi; if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0014-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS) -if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0002-Signature_Spoofing.patch"; fi; #Allow packages to spoof their signature (microG) -if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0003-Harden_Sig_Spoofing.patch"; fi; #Restrict signature spoofing to system apps signed with the platform key sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox internal logging service sed -i 's/DEFAULT_MAX_FILES_LOWRAM = 300;/DEFAULT_MAX_FILES_LOWRAM = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; sed -i 's/(notif.needNotify)/(true)/' location/java/com/android/internal/location/GpsNetInitiatedHandler.java; #Notify the user if their location is requested via SUPL @@ -285,7 +281,6 @@ fi; #applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0004-Private_DNS.patch"; #More 'Private DNS' options (CalyxOS) #TODO: Needs work sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase max password length (GrapheneOS) sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service -if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/PrivacySettings.java; fi; #microG doesn't support Backup, hide the options fi; if enterAndClear "packages/apps/SetupWizard"; then @@ -357,7 +352,6 @@ awk -i inplace '!/def_backup_transport/' overlay/common/frameworks/base/packages if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then awk -i inplace '!/AudioFX/' config/*.mk; fi; #Remove AudioFX if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then sed -i '/Google provider/!b;n;s/com.google.android.gms/org.microg.nlp/' overlay/common/frameworks/base/core/res/res/values/config.xml; fi; #Adjust the fused providers sed -i 's/LINEAGE_BUILDTYPE := UNOFFICIAL/LINEAGE_BUILDTYPE := dos/' config/*.mk; #Change buildtype -if [ "$DOS_NON_COMMERCIAL_USE_PATCHES" = true ]; then sed -i 's/LINEAGE_BUILDTYPE := dos/LINEAGE_BUILDTYPE := dosNC/' config/*.mk; fi; echo 'include vendor/divested/divestos.mk' >> config/common.mk; #Include our customizations cp -f "$DOS_PATCHES_COMMON/apns-conf.xml" prebuilt/common/etc/apns-conf.xml; #Update APN list if [ "$DOS_SILENCE_INCLUDED" = true ]; then sed -i 's/messaging/Silence/' config/telephony.mk; fi; #Replace the Messaging app with Silence @@ -368,8 +362,6 @@ fi; if enter "vendor/divested"; then if [ "$DOS_MICROG_INCLUDED" != "NONE" ]; then echo "PRODUCT_PACKAGES += DejaVuNlpBackend IchnaeaNlpBackend NominatimNlpBackend" >> packages.mk; fi; #Include UnifiedNlp backends if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then echo "PRODUCT_PACKAGES += UnifiedNLP" >> packages.mk; fi; #Include UnifiedNlp -if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then echo "PRODUCT_PACKAGES += GmsCore GsfProxy FakeStore" >> packages.mk; fi; #Include microG -if [ "$DOS_HOSTS_BLOCKING" = false ]; then echo "PRODUCT_PACKAGES += $DOS_HOSTS_BLOCKING_APP" >> packages.mk; fi; #Include blocker app echo "PRODUCT_PACKAGES += vendor.lineage.trust@1.0-service" >> packages.mk; #Add deny usb service, all of our kernels have the necessary patch fi; # diff --git a/Scripts/LineageOS-17.1/Functions.sh b/Scripts/LineageOS-17.1/Functions.sh index 094b6fb0..c3565ff7 100644 --- a/Scripts/LineageOS-17.1/Functions.sh +++ b/Scripts/LineageOS-17.1/Functions.sh @@ -54,7 +54,6 @@ buildAll() { umask 0022; cd "$DOS_BUILD_BASE"; if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanWorkspaceForMalware; fi; - if [ "$DOS_OPTIMIZE_IMAGES" = true ]; then optimizeImagesRecursive "$DOS_BUILD_BASE"; fi; #SD410 buildDevice crackling; buildDevice harpia; diff --git a/Scripts/LineageOS-17.1/Patch.sh b/Scripts/LineageOS-17.1/Patch.sh index 48636eba..c76b42f9 100644 --- a/Scripts/LineageOS-17.1/Patch.sh +++ b/Scripts/LineageOS-17.1/Patch.sh @@ -131,7 +131,6 @@ awk -i inplace '!/deletePackage/' pico/src/com/svox/pico/LangPackUninstaller.jav fi; if enterAndClear "frameworks/base"; then -#applyPatch "$DOS_PATCHES/android_frameworks_base/0006-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch"; #Allow SystemUI to directly manage Bluetooth/WiFi (GrapheneOS) @@ -173,8 +172,6 @@ fi; if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0018-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS) if [ "$DOS_GRAPHENE_RANDOM_MAC" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0019-Random_MAC.patch"; fi; #Add option of always randomizing MAC addresses (GrapheneOS) applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0006-Do-not-throw-in-setAppOnInterfaceLocked.patch"; #Fix random reboots on broken kernels when an app has data restricted XXX: ugly -if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0002-Signature_Spoofing.patch"; fi; #Allow packages to spoof their signature (microG) -if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0003-Harden_Sig_Spoofing.patch"; fi; #Restrict signature spoofing to system apps signed with the platform key sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox internal logging service sed -i 's/DEFAULT_MAX_FILES_LOWRAM = 300;/DEFAULT_MAX_FILES_LOWRAM = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; sed -i 's/(notif.needNotify)/(true)/' location/java/com/android/internal/location/GpsNetInitiatedHandler.java; #Notify the user if their location is requested via SUPL @@ -307,7 +304,6 @@ applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0010-Random_MAC-2.patch" fi; sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase max password length (GrapheneOS) sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service -if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/backup/PrivacySettingsUtils.java; fi; #microG doesn't support Backup, hide the options fi; if enterAndClear "packages/apps/SetupWizard"; then @@ -401,7 +397,6 @@ awk -i inplace '!/def_backup_transport/' overlay/common/frameworks/base/packages if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then awk -i inplace '!/AudioFX/' config/*.mk; fi; #Remove AudioFX if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then sed -i '/Google provider/!b;n;s/com.google.android.gms/org.microg.nlp/' overlay/common/frameworks/base/core/res/res/values/config.xml; fi; #Adjust the fused providers sed -i 's/LINEAGE_BUILDTYPE := UNOFFICIAL/LINEAGE_BUILDTYPE := dos/' config/*.mk; #Change buildtype -if [ "$DOS_NON_COMMERCIAL_USE_PATCHES" = true ]; then sed -i 's/LINEAGE_BUILDTYPE := dos/LINEAGE_BUILDTYPE := dosNC/' config/*.mk; fi; echo 'include vendor/divested/divestos.mk' >> config/common.mk; #Include our customizations cp -f "$DOS_PATCHES_COMMON/apns-conf.xml" prebuilt/common/etc/apns-conf.xml; #Update APN list if [ "$DOS_SILENCE_INCLUDED" = true ]; then sed -i 's/messaging/Silence/' config/telephony.mk; fi; #Replace the Messaging app with Silence @@ -413,8 +408,6 @@ fi; if enter "vendor/divested"; then if [ "$DOS_MICROG_INCLUDED" != "NONE" ]; then echo "PRODUCT_PACKAGES += DejaVuNlpBackend IchnaeaNlpBackend NominatimNlpBackend" >> packages.mk; fi; #Include UnifiedNlp backends if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then echo "PRODUCT_PACKAGES += UnifiedNLP" >> packages.mk; fi; #Include UnifiedNlp -if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then echo "PRODUCT_PACKAGES += GmsCore GsfProxy FakeStore" >> packages.mk; fi; #Include microG -if [ "$DOS_HOSTS_BLOCKING" = false ]; then echo "PRODUCT_PACKAGES += $DOS_HOSTS_BLOCKING_APP" >> packages.mk; fi; #Include blocker app echo "PRODUCT_PACKAGES += vendor.lineage.trust@1.0-service" >> packages.mk; #Add deny usb service, all of our kernels have the necessary patch fi; # diff --git a/Scripts/LineageOS-18.1/Functions.sh b/Scripts/LineageOS-18.1/Functions.sh index 7e0a4110..a2faa8a2 100644 --- a/Scripts/LineageOS-18.1/Functions.sh +++ b/Scripts/LineageOS-18.1/Functions.sh @@ -54,7 +54,6 @@ buildAll() { umask 0022; cd "$DOS_BUILD_BASE"; if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanWorkspaceForMalware; fi; - if [ "$DOS_OPTIMIZE_IMAGES" = true ]; then optimizeImagesRecursive "$DOS_BUILD_BASE"; fi; #SDS4P buildDevice flox && rm device/asus/flox/sensors/Android.bp; buildDevice mako; diff --git a/Scripts/LineageOS-18.1/Patch.sh b/Scripts/LineageOS-18.1/Patch.sh index 05b82fd2..a51fdaac 100644 --- a/Scripts/LineageOS-18.1/Patch.sh +++ b/Scripts/LineageOS-18.1/Patch.sh @@ -122,7 +122,6 @@ fi; fi; if enterAndClear "frameworks/base"; then -#applyPatch "$DOS_PATCHES/android_frameworks_base/0006-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch"; #Allow SystemUI to directly manage Bluetooth/WiFi (GrapheneOS) @@ -164,8 +163,6 @@ sed -i 's/sys.spawn.exec/persist.security.exec_spawn/' core/java/com/android/int fi; if [ "$DOS_GRAPHENE_RANDOM_MAC" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0019-Random_MAC.patch"; fi; #Add option of always randomizing MAC addresses (GrapheneOS) applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0006-Do-not-throw-in-setAppOnInterfaceLocked.patch"; #Fix random reboots on broken kernels when an app has data restricted XXX: ugly -if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0002-Signature_Spoofing.patch"; fi; #Allow packages to spoof their signature (microG) -if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0003-Harden_Sig_Spoofing.patch"; fi; #Restrict signature spoofing to system apps signed with the platform key hardenLocationConf services/core/java/com/android/server/location/gps_debug.conf; #Harden the default GPS config changeDefaultDNS; #Change the default DNS servers sed -i 's/DEFAULT_USE_COMPACTION = false;/DEFAULT_USE_COMPACTION = true;/' services/core/java/com/android/server/am/CachedAppOptimizer.java; #Enable app compaction by default (GrapheneOS) @@ -288,7 +285,6 @@ if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_pa fi; if enterAndClear "packages/apps/PermissionController"; then -if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_packages_apps_PermissionController/0001-Signature_Spoofing.patch"; fi; #Allow packages to spoof their signature (microG) if [ "$DOS_GRAPHENE_NETWORK_PERM" = true ]; then applyPatch "$DOS_PATCHES/android_packages_apps_PermissionController/0002-Network_Permission-1.patch"; #Expose the NETWORK permission (GrapheneOS) applyPatch "$DOS_PATCHES/android_packages_apps_PermissionController/0002-Network_Permission-2.patch"; @@ -316,7 +312,6 @@ applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0011-Random_MAC-2.patch" fi; applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0009-Install_Restrictions.patch"; #UserManager app installation restrictions (GrapheneOS) sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service -if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/backup/PrivacySettingsUtils.java; fi; #microG doesn't support Backup, hide the options fi; if enterAndClear "packages/apps/SetupWizard"; then @@ -412,7 +407,6 @@ awk -i inplace '!/def_backup_transport/' overlay/common/frameworks/base/packages if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then sed -i '25d' config/common_mobile.mk && awk -i inplace '!/AudioFX/' config/*.mk; fi; #Remove AudioFX if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then sed -i '/Google provider/!b;n;s/com.google.android.gms/org.microg.nlp/' overlay/common/frameworks/base/core/res/res/values/config.xml; fi; #Adjust the fused providers sed -i 's/LINEAGE_BUILDTYPE := UNOFFICIAL/LINEAGE_BUILDTYPE := dos/' config/*.mk; #Change buildtype -if [ "$DOS_NON_COMMERCIAL_USE_PATCHES" = true ]; then sed -i 's/LINEAGE_BUILDTYPE := dos/LINEAGE_BUILDTYPE := dosNC/' config/*.mk; fi; echo 'include vendor/divested/divestos.mk' >> config/common.mk; #Include our customizations cp -f "$DOS_PATCHES_COMMON/apns-conf.xml" prebuilt/common/etc/apns-conf.xml; #Update APN list if [ "$DOS_SILENCE_INCLUDED" = true ]; then sed -i 's/messaging/Silence/' config/telephony.mk; fi; #Replace the Messaging app with Silence @@ -425,8 +419,6 @@ if enter "vendor/divested"; then awk -i inplace '!/_lookup/' overlay/common/lineage-sdk/packages/LineageSettingsProvider/res/values/defaults.xml; #Remove all lookup provider overrides if [ "$DOS_MICROG_INCLUDED" != "NONE" ]; then echo "PRODUCT_PACKAGES += DejaVuNlpBackend IchnaeaNlpBackend NominatimNlpBackend" >> packages.mk; fi; #Include UnifiedNlp backends if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then echo "PRODUCT_PACKAGES += UnifiedNLP" >> packages.mk; fi; #Include UnifiedNlp -if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then echo "PRODUCT_PACKAGES += GmsCore GsfProxy FakeStore" >> packages.mk; fi; #Include microG -if [ "$DOS_HOSTS_BLOCKING" = false ]; then echo "PRODUCT_PACKAGES += $DOS_HOSTS_BLOCKING_APP" >> packages.mk; fi; #Include blocker app echo "PRODUCT_PACKAGES += vendor.lineage.trust@1.0-service" >> packages.mk; #Add deny usb service, all of our kernels have the necessary patch echo "PRODUCT_PACKAGES += eSpeakNG" >> packages.mk; #PicoTTS needs work to compile on 18.1, use eSpeak-NG instead fi; @@ -558,7 +550,6 @@ find "hardware/qcom/gps" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 find "device" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"'; find "vendor" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"'; find "device" -type d -name "overlay" -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationFWB "{}"'; -#find "device" -name "WCNSS_qcom_cfg.\ini" -type f -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'extremeWiFiDeepSleep "{}"'; if [ "$DOS_DEBLOBBER_REMOVE_IMS" = "false" ]; then find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'volteOverride "{}"'; fi; find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'enableDexPreOpt "{}"'; find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'hardenUserdata "{}"'; diff --git a/Scripts/LineageOS-19.1/Functions.sh b/Scripts/LineageOS-19.1/Functions.sh index 0f2add21..e65bf13d 100644 --- a/Scripts/LineageOS-19.1/Functions.sh +++ b/Scripts/LineageOS-19.1/Functions.sh @@ -54,7 +54,6 @@ buildAll() { umask 0022; cd "$DOS_BUILD_BASE"; if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanWorkspaceForMalware; fi; - if [ "$DOS_OPTIMIZE_IMAGES" = true ]; then optimizeImagesRecursive "$DOS_BUILD_BASE"; fi; #SD630 buildDevice pioneer; buildDevice voyager; @@ -66,7 +65,7 @@ buildAll() { buildDevice pro1 avb; buildDevice crosshatch avb; buildDevice blueline avb; - buildDevice enchilada avb; #TODO: update kernel to 4.9.282 like 18.1 + buildDevice enchilada avb; buildDevice fajita avb; #SD730 buildDevice sunfish avb; diff --git a/Scripts/LineageOS-19.1/Patch.sh b/Scripts/LineageOS-19.1/Patch.sh index 106618f4..498d8d8e 100644 --- a/Scripts/LineageOS-19.1/Patch.sh +++ b/Scripts/LineageOS-19.1/Patch.sh @@ -116,7 +116,6 @@ fi; fi; if enterAndClear "frameworks/base"; then -#applyPatch "$DOS_PATCHES/android_frameworks_base/0006-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries #XXX 19REBASE applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch"; #Allow SystemUI to directly manage Bluetooth/WiFi (GrapheneOS) #XXX 19REBASE: maybe not needed @@ -363,7 +362,6 @@ awk -i inplace '!/def_backup_transport/' overlay/common/frameworks/base/packages if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then sed -i '20d' config/common_mobile.mk && awk -i inplace '!/AudioFX/' config/*.mk; fi; #Remove AudioFX if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then sed -i '/Google provider/!b;n;s/com.google.android.gms/org.microg.nlp/' overlay/common/frameworks/base/core/res/res/values/config.xml; fi; #Adjust the fused providers sed -i 's/LINEAGE_BUILDTYPE := UNOFFICIAL/LINEAGE_BUILDTYPE := dos/' config/*.mk; #Change buildtype -if [ "$DOS_NON_COMMERCIAL_USE_PATCHES" = true ]; then sed -i 's/LINEAGE_BUILDTYPE := dos/LINEAGE_BUILDTYPE := dosNC/' config/*.mk; fi; echo 'include vendor/divested/divestos.mk' >> config/common.mk; #Include our customizations cp -f "$DOS_PATCHES_COMMON/apns-conf.xml" prebuilt/common/etc/apns-conf.xml; #Update APN list awk -i inplace '!/Eleven/' config/common_mobile.mk; #Remove Music Player @@ -373,7 +371,6 @@ if enter "vendor/divested"; then awk -i inplace '!/_lookup/' overlay/common/lineage-sdk/packages/LineageSettingsProvider/res/values/defaults.xml; #Remove all lookup provider overrides if [ "$DOS_MICROG_INCLUDED" != "NONE" ]; then echo "PRODUCT_PACKAGES += DejaVuNlpBackend IchnaeaNlpBackend NominatimNlpBackend" >> packages.mk; fi; #Include UnifiedNlp backends if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then echo "PRODUCT_PACKAGES += UnifiedNLP" >> packages.mk; fi; #Include UnifiedNlp -if [ "$DOS_HOSTS_BLOCKING" = false ]; then echo "PRODUCT_PACKAGES += $DOS_HOSTS_BLOCKING_APP" >> packages.mk; fi; #Include blocker app #echo "PRODUCT_PACKAGES += vendor.lineage.trust@1.0-service" >> packages.mk; #Add deny usb service, all of our kernels have the necessary patch #XXX 19REBASE: is this necessary? echo "PRODUCT_PACKAGES += eSpeakNG" >> packages.mk; #PicoTTS needs work to compile on 18.1, use eSpeak-NG instead awk -i inplace '!/F-DroidPrivilegedExtensionOfficial/' packages.mk; #Appears to be broken @@ -409,7 +406,6 @@ find "hardware/qcom/gps" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 find "device" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"'; find "vendor" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"'; find "device" -type d -name "overlay" -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationFWB "{}"'; -#find "device" -name "WCNSS_qcom_cfg.\ini" -type f -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'extremeWiFiDeepSleep "{}"'; if [ "$DOS_DEBLOBBER_REMOVE_IMS" = "false" ]; then find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'volteOverride "{}"'; fi; find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'enableDexPreOpt "{}"'; find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'hardenUserdata "{}"'; diff --git a/Scripts/init.sh b/Scripts/init.sh index 8c1663bc..dcec5980 100644 --- a/Scripts/init.sh +++ b/Scripts/init.sh @@ -66,12 +66,9 @@ export DOS_GRAPHENE_NETWORK_PERM=true; #Enables use of GrapheneOS' NETWORK permi export DOS_GRAPHENE_RANDOM_MAC=true; #Enables the GrapheneOS always randomize Wi-Fi MAC patchset on 17.1+18.1+19.1 export DOS_TIMEOUTS=true; #Enables the GrapheneOS/CalyxOS patchset for automatic timeouts of reboot/Wi-Fi/Bluetooth on 17.1+18.1+19.1 export DOS_HOSTS_BLOCKING=true; #Set false to prevent inclusion of a HOSTS file -export DOS_HOSTS_BLOCKING_APP="DNS66"; #App installed when built-in blocking is disabled. Options: DNS66 export DOS_HOSTS_BLOCKING_LIST="https://divested.dev/hosts-wildcards"; #Must be in the format "127.0.0.1 bad.domain.tld" export DOS_LOWRAM_ENABLED=false; #Set true to enable low_ram on all devices -export DOS_MICROG_INCLUDED="NLP"; #Determines inclusion of microG. Options: NONE, NLP, FULL -export DOS_NON_COMMERCIAL_USE_PATCHES=false; #Set true to allow inclusion of non-commercial use patches XXX: Unused, see 1dc9247 -export DOS_OPTIMIZE_IMAGES=false; #Set true to apply lossless optimizations to image resources +export DOS_MICROG_INCLUDED="NLP"; #Determines inclusion of microG. Options: NONE, NLP, FULL (removed) export DOS_SILENCE_INCLUDED=true; #Set false to disable inclusion of Silence SMS app export DOS_SENSORS_PERM=false; #Set true to provide a per-app sensors permission for 14.1/15.1/16.0 #XXX: can break things like camera export DOS_SENSORS_PERM_NEW=true; #For 17.1+18.1