From abb616d2f3053069987134c3c65527f67bc43b70 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Thu, 8 Dec 2022 20:33:25 -0500
Subject: [PATCH] Updates

Signed-off-by: Tad <tad@spotco.us>
---
 .../0014-Special_Permissions.patch                     |  4 ++--
 Scripts/Common/Fix_CVE_Patchers.sh                     |  4 ++--
 Scripts/LineageOS-17.1/Functions.sh                    |  2 +-
 .../CVE_Patchers/android_kernel_htc_msm8974.sh         |  2 +-
 .../CVE_Patchers/android_kernel_motorola_msm8974.sh    |  2 +-
 Scripts/LineageOS-19.1/Functions.sh                    | 10 +++++-----
 Scripts/LineageOS-20.0/Functions.sh                    |  2 --
 Scripts/LineageOS-20.0/Patch.sh                        |  1 -
 8 files changed, 12 insertions(+), 15 deletions(-)

diff --git a/Patches/LineageOS-17.1/android_frameworks_base/0014-Special_Permissions.patch b/Patches/LineageOS-17.1/android_frameworks_base/0014-Special_Permissions.patch
index e9253b49..2c2946d5 100644
--- a/Patches/LineageOS-17.1/android_frameworks_base/0014-Special_Permissions.patch
+++ b/Patches/LineageOS-17.1/android_frameworks_base/0014-Special_Permissions.patch
@@ -11,10 +11,10 @@ need to be granted by default for all apps to maintain compatibility.
  2 files changed, 20 insertions(+), 6 deletions(-)
 
 diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
-index 6cfb1989262f..dc9ad9e96699 100644
+index cdab93c57179..a38da93e4aea 100644
 --- a/services/core/java/com/android/server/pm/PackageManagerService.java
 +++ b/services/core/java/com/android/server/pm/PackageManagerService.java
-@@ -20172,7 +20172,8 @@ public class PackageManagerService extends IPackageManager.Stub
+@@ -20187,7 +20187,8 @@ public class PackageManagerService extends IPackageManager.Stub
              }
  
              // If this permission was granted by default, make sure it is.
diff --git a/Scripts/Common/Fix_CVE_Patchers.sh b/Scripts/Common/Fix_CVE_Patchers.sh
index e3692e37..3e9d7f07 100644
--- a/Scripts/Common/Fix_CVE_Patchers.sh
+++ b/Scripts/Common/Fix_CVE_Patchers.sh
@@ -61,14 +61,14 @@ commentPatches android_kernel_google_yellowstone.sh "0001-LinuxIncrementals/3.10
 commentPatches android_kernel_huawei_angler.sh "CVE-2014-8559";
 commentPatches android_kernel_htc_flounder.sh "CVE-2018-9514";
 commentPatches android_kernel_htc_msm8960.sh "CVE-2018-10876" "CVE-2021-0695" "CVE-2021-Misc2/3.4/0055.patch" "CVE-2021-Misc2/3.4/0056.patch";
-commentPatches android_kernel_htc_msm8974.sh "CVE-2016-8393";
+commentPatches android_kernel_htc_msm8974.sh "CVE-2016-8393" "CVE-2022-22058";
 commentPatches android_kernel_htc_msm8994.sh "CVE-2016-8394/ANY/0001.patch" "CVE-2017-13166" "CVE-2018-3585" "CVE-2018-9514";
 commentPatches android_kernel_lge_bullhead.sh "CVE-2014-8559";
 commentPatches android_kernel_lge_msm8992.sh "CVE-2018-5897" "CVE-2018-11266";
 commentPatches android_kernel_lge_msm8996.sh "CVE-2016-6198" "CVE-2017-13162/3.18/0001.patch" "CVE-2017-15951" "CVE-2018-17972" "CVE-2019-2214" "CVE-2019-14070/ANY/0006.patch" "CVE-2019-16746" "CVE-2020-0427" "CVE-2020-14381" "CVE-2020-16166";
 commentPatches android_kernel_moto_shamu.sh "CVE-2014-8559";
 commentPatches android_kernel_motorola_msm8916.sh "0001-LinuxIncrementals/3.10/3.10.0050-0051.patch" "CVE-2014-8559" "CVE-2017-15817" "CVE-2018-9514";
-commentPatches android_kernel_motorola_msm8974.sh "CVE-2016-5696" "CVE-2017-7373" "CVE-2017-17770/3.4/0002.patch" "CVE-2019-11599";
+commentPatches android_kernel_motorola_msm8974.sh "CVE-2016-5696" "CVE-2017-7373" "CVE-2017-17770/3.4/0002.patch" "CVE-2019-11599" "CVE-2022-22058";
 commentPatches android_kernel_motorola_msm8992.sh "CVE-2017-5551/3.10/0002.patch" "CVE-2017-14880/3.10/0001.patch" "CVE-2018-3585/3.10/0001.patch" "CVE-2019-2297/qcacld-2.0/0001.patch";
 commentPatches android_kernel_motorola_msm8996.sh "0001-LinuxIncrementals/3.18/3.18.0098-0099.patch" "CVE-2017-8266" "CVE-2017-13162/3.18/0001.patch" "CVE-2017-15951" "CVE-2018-17972" "CVE-2019-2214" "CVE-2019-14070/ANY/0006.patch" "CVE-2019-16746" "CVE-2020-0427" "CVE-2020-14381" "CVE-2020-16166" "CVE-2021-39715/ANY/0001.patch";
 commentPatches android_kernel_nextbit_msm8992.sh "CVE-2018-3585/3.10/0001.patch" "CVE-2018-9514";
diff --git a/Scripts/LineageOS-17.1/Functions.sh b/Scripts/LineageOS-17.1/Functions.sh
index 427b3f02..98bcf668 100644
--- a/Scripts/LineageOS-17.1/Functions.sh
+++ b/Scripts/LineageOS-17.1/Functions.sh
@@ -81,7 +81,7 @@ patchWorkspace() {
 	gpgVerifyGitTag "$DOS_BUILD_BASE/external/hardened_malloc";
 	gpgVerifyGitHead "$DOS_BUILD_BASE/external/chromium-webview";
 
-	#source build/envsetup.sh;
+	source build/envsetup.sh;
 	#repopick -it ten-firewall;
 	repopick -it Q_tzdb2022f;
 	repopick -it Q_asb_2022-12;
diff --git a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_htc_msm8974.sh b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_htc_msm8974.sh
index ae5274c0..658e365b 100644
--- a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_htc_msm8974.sh
+++ b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_htc_msm8974.sh
@@ -486,7 +486,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-2318/4.4/0008.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-3028/4.4/0008.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-3635/4.4/0008.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20141/3.4/0008.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-22058/3.4/0003.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-22058/3.4/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-22064/3.4/0007.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-24958/3.4/0017.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-25258/3.4/0009.patch
diff --git a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_motorola_msm8974.sh b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_motorola_msm8974.sh
index 395095cf..25576598 100644
--- a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_motorola_msm8974.sh
+++ b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_motorola_msm8974.sh
@@ -462,7 +462,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-3028/4.4/0008.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-3635/4.4/0008.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20141/3.4/0008.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20421/4.4/0008.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-22058/3.4/0003.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-22058/3.4/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-22064/3.4/0007.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-24958/3.4/0017.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-24958/3.4/0018.patch
diff --git a/Scripts/LineageOS-19.1/Functions.sh b/Scripts/LineageOS-19.1/Functions.sh
index 74116bc7..af3800f0 100644
--- a/Scripts/LineageOS-19.1/Functions.sh
+++ b/Scripts/LineageOS-19.1/Functions.sh
@@ -62,9 +62,9 @@ buildAll() {
 	#SD845
 	buildDevice aura avb; #superseded
 	buildDevice beryllium avb; #superseded
-	buildDevice pro1 avb; #superseded
-	buildDevice crosshatch avb; #superseded
-	buildDevice blueline avb; #superseded
+	#buildDevice pro1 avb; #superseded
+	#buildDevice crosshatch avb; #superseded
+	#buildDevice blueline avb; #superseded
 	buildDevice enchilada avb; #superseded
 	buildDevice fajita avb; #superseded
 	buildDevice akari avb;
@@ -98,8 +98,8 @@ buildAll() {
 	#buildDevice bramble avb; #superseded
 	#buildDevice redfin avb; #superseded
 	#SD670
-	buildDevice bonito avb; #superseded
-	buildDevice sargo avb; #superseded
+	#buildDevice bonito avb; #superseded
+	#buildDevice sargo avb; #superseded
 }
 export -f buildAll;
 
diff --git a/Scripts/LineageOS-20.0/Functions.sh b/Scripts/LineageOS-20.0/Functions.sh
index 815afca4..e95c2341 100644
--- a/Scripts/LineageOS-20.0/Functions.sh
+++ b/Scripts/LineageOS-20.0/Functions.sh
@@ -103,9 +103,7 @@ patchWorkspace() {
 	gpgVerifyGitHead "$DOS_BUILD_BASE/external/chromium-webview";
 
 	source build/envsetup.sh;
-	repopick -i 344891; #fixup! Rewrite trust USB restriction handling
 	repopick -it T_tzdb2022f;
-	#repopick -it T_asb_2022-12;
 
 	sh "$DOS_SCRIPTS/Patch.sh";
 	sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";
diff --git a/Scripts/LineageOS-20.0/Patch.sh b/Scripts/LineageOS-20.0/Patch.sh
index b3910ae7..620fa16c 100644
--- a/Scripts/LineageOS-20.0/Patch.sh
+++ b/Scripts/LineageOS-20.0/Patch.sh
@@ -128,7 +128,6 @@ sed -i '11iLOCAL_OVERRIDES_PACKAGES := Aperture Camera Camera2 LegacyCamera Snap
 fi;
 
 if enterAndClear "frameworks/base"; then
-git revert --no-edit 70cc90b9298ac0b18fe79a4f8f9251c01b8f96d3; #causes soft reboots due to race
 applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
 #applyPatch "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch"; #Allow SystemUI to directly manage Bluetooth/WiFi (GrapheneOS)