From ad178961e4334ff65a31fd20d0f90fd5643694c7 Mon Sep 17 00:00:00 2001 From: Tad Date: Sun, 4 Apr 2021 17:06:47 -0400 Subject: [PATCH] Improvements and fixes - 18.1: disable m8, thermanager is not yet ready - 17.1: drop cheeseburger/dumpling, it is absolutely broken - deblobber: remove euicc + others - deblobber: hack to remove vintf fragments --- Manifests/Manifest_LAOS-17.1.xml | 8 -- Manifests/Manifest_LAOS-18.1.xml | 2 +- Scripts/Common/Deblob.sh | 31 +++++-- Scripts/Common/Functions.sh | 8 ++ .../android_kernel_oneplus_msm8998.sh | 84 ------------------- Scripts/LineageOS-17.1/Functions.sh | 4 +- Scripts/LineageOS-17.1/Patch.sh | 3 - Scripts/LineageOS-18.1/Functions.sh | 6 +- Scripts/LineageOS-18.1/Patch.sh | 1 + Scripts/LineageOS-18.1/TODO | 3 - 10 files changed, 38 insertions(+), 112 deletions(-) delete mode 100644 Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_oneplus_msm8998.sh delete mode 100644 Scripts/LineageOS-18.1/TODO diff --git a/Manifests/Manifest_LAOS-17.1.xml b/Manifests/Manifest_LAOS-17.1.xml index 3cb16cfd..596ec94e 100644 --- a/Manifests/Manifest_LAOS-17.1.xml +++ b/Manifests/Manifest_LAOS-17.1.xml @@ -196,14 +196,6 @@ - - - - - - - - diff --git a/Manifests/Manifest_LAOS-18.1.xml b/Manifests/Manifest_LAOS-18.1.xml index 23a89da1..128153de 100644 --- a/Manifests/Manifest_LAOS-18.1.xml +++ b/Manifests/Manifest_LAOS-18.1.xml @@ -78,7 +78,7 @@ - + diff --git a/Scripts/Common/Deblob.sh b/Scripts/Common/Deblob.sh index ce7a1f1a..e43e8160 100644 --- a/Scripts/Common/Deblob.sh +++ b/Scripts/Common/Deblob.sh @@ -231,6 +231,12 @@ echo "Deblobbing..."; blobs=$blobs"|TetheringEntitlement.apk|CarrierLocation.apk|CarrierWifi.apk|CarrierSettings.apk"; blobs=$blobs"|HardwareInfo.apk"; blobs=$blobs"|SCONE.apk"; #??? + blobs=$blobs"|DevicePersonalizationPrebuilt.*.apk"; #Live Captions? + + #EUICC (Virtual SIM) [Google] + blobs=$blobs"|EuiccGoogle.apk|EuiccSupportPixel.apk"; #EUICC is useless without GMS + blobs=$blobs"|esim0.img|esim-v1.img|esim-full-v0.img"; + makes=$makes"|android.hardware.telephony.euicc.*"; #Google Camera blobs=$blobs"|com.google.android.camera.*"; @@ -760,12 +766,26 @@ deblobVendors() { } export -f deblobVendors; -deblobVendor() { +deblobVendorMk() { local makefile="$1"; cd "$DOS_BUILD_BASE"; awk -i inplace '!/'$blobs'/' "$makefile"; #Remove all blob references from makefile } -export -f deblobVendor; +export -f deblobVendorMk; + +deblobVendorBp() { + local bpfile="$1"; + cd "$DOS_BUILD_BASE"; + #TODO: remove these lines instead + sed -i -E "s/apk.*("$blobs").*/apk: \"proprietary\/priv-app\/qcrilmsgtunnel\/qcrilmsgtunnel.apk\", enabled: false,/g" "$bpfile"; + sed -i -E "s/jars.*("$blobs").*/jars: \[\"proprietary\/system\/framework\/qcrilhook.jar\"\], enabled: false,/g" "$bpfile"; + sed -i -E "s/srcs.*("$blobs").*/srcs: \[\"proprietary\/vendor\/lib\/libtime_genoff.so\"\], enabled: false,/g" "$bpfile"; + #TODO make this work for more then these two blobs + #Credit: https://stackoverflow.com/a/26053127 + sed -i ':a;N;s/\n/&/3;Ta;/manifest_android.hardware.drm@1.3-service.widevine.xml/!{P;D};:b;N;s/\n/&/8;Tb;d' "$bpfile"; + sed -i ':a;N;s/\n/&/3;Ta;/vendor.qti.hardware.radio.atcmdfwd@1.0.xml/!{P;D};:b;N;s/\n/&/8;Tb;d' "$bpfile"; +} +export -f deblobVendorBp; # #END OF FUNCTIONS # @@ -778,11 +798,8 @@ find build -name "*.mk" -type f -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'awk find device -maxdepth 2 -mindepth 2 -type d -exec bash -c 'deblobDevice "$0"' {} \;; #Deblob all device directories #find device -maxdepth 3 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'deblobSepolicy "{}"'; #Deblob all device sepolicy directories XXX: Breaks builds when other sepolicy files reference deleted ones #find kernel -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'deblobKernel "{}"'; #Deblob all kernel directories -find vendor -name "*endor*.mk" -type f -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'deblobVendor "{}"'; #Deblob all makefiles -#TODO: XXX: Better Android.bp cleaning -find vendor -name "Android.bp" -type f -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'sed -i -E "s/apk.*("$blobs").*/apk: \"proprietary\/priv-app\/qcrilmsgtunnel\/qcrilmsgtunnel.apk\", enabled: false,/g" "{}"'; -find vendor -name "Android.bp" -type f -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'sed -i -E "s/jars.*("$blobs").*/jars: \[\"proprietary\/system\/framework\/qcrilhook.jar\"\], enabled: false,/g" "{}"'; -find vendor -name "Android.bp" -type f -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'sed -i -E "s/srcs.*("$blobs").*/srcs: \[\"proprietary\/vendor\/lib\/libtime_genoff.so\"\], enabled: false,/g" "{}"'; +find vendor -name "*endor*.mk" -type f -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'deblobVendorMk "{}"'; #Deblob all makefiles +find vendor -name "Android.bp" -type f -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'deblobVendorBp "{}"'; #Deblob all makefiles deblobVendors; #Deblob entire vendor directory rm -rf frameworks/av/drm/mediadrm/plugins/clearkey; #Remove ClearKey rm -rf vendor/samsung/nodevice; diff --git a/Scripts/Common/Functions.sh b/Scripts/Common/Functions.sh index 617fbcda..e775e9fa 100644 --- a/Scripts/Common/Functions.sh +++ b/Scripts/Common/Functions.sh @@ -535,6 +535,14 @@ enableStrongEncryption() { } export -f enableStrongEncryption; +addAdbKey() { + if [ -f ~/.android/adbkey.pub ]; then + cp ~/.android/adbkey.pub "$DOS_BUILD_BASE/vendor/divested/"; + echo "PRODUCT_ADB_KEYS := vendor/divested/adbkey.pub" >> "$DOS_BUILD_BASE/vendor/divested/divestos.mk"; + fi; +} +export -f addAdbKey; + changeDefaultDNS() { local dnsPrimary=""; local dnsPrimaryV6=""; diff --git a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_oneplus_msm8998.sh b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_oneplus_msm8998.sh deleted file mode 100644 index f4944449..00000000 --- a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_oneplus_msm8998.sh +++ /dev/null @@ -1,84 +0,0 @@ -#!/bin/bash -cd "$DOS_BUILD_BASE""kernel/oneplus/msm8998" -git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.4/4.4.0251-0252.patch --exclude=Makefile -git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.4/4.4.0252-0253.patch --exclude=Makefile -git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.4/4.4.0256-0257.patch --exclude=Makefile -git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.4/4.4.0260-0261.patch --exclude=Makefile -git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0016.patch -git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0020.patch -git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0002.patch -git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0006.patch -#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0011.patch -#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0012.patch -git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0013.patch -#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0014.patch -git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0015.patch -#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0019.patch -git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/ANY/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7837/ANY/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-1583/^4.6.3/0003.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6187/^4.6.5/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6693/ANY/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8394/ANY/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0009.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0610/ANY/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0627/4.4/0009.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0627/ANY/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9059/^4.11.1/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9211/^4.11.2/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13218/4.4/0019.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13693/^4.12.9/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13694/^4.12.9/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14875/ANY/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16644/4.4/0004.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18174/^4.7/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18204/4.4/0004.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000252/^4.13.3/0002.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5897/ANY/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9415/ANY/0005.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-16597/4.4/0002.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/^4.20.11/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10494/ANY/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10622/ANY/0002.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12378/^5.1.5/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12456/^5.1.5/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14763/^4.16.4/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15291/4.4/0006.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-16232/4.4/0006.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-16994/^5.0/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19051/4.4/0012.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19060/4.4/0005.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19061/4.4/0005.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19068/4.4/0004.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-3625/ANY/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11160/ANY/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11608/4.4/0006.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11608/^5.6.1/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12352/ANY/0011.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14386/3.10-^4.4/0002.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-16119/^5.10/0002.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-27825/4.4/0004.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29569/4.4/0007.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-0399/4.4/0002.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-20261/4.4/0002.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-26930/4.4/0004.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-26931/4.4/0010.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-26931/4.4/0011.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-26931/4.4/0012.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-26932/4.4/0016.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-26932/4.4/0017.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-26932/4.4/0018.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-26932/4.4/0019.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-26932/4.4/0020.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-27363/4.4/0004.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-27365/4.4/0007.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-27365/4.4/0008.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-28038/4.4/0007.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-28038/4.4/0008.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-28660/4.4/0004.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-28964/4.4/0004.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-28972/4.4/0004.patch -editKernelLocalversion "-dos.p80" -cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-17.1/Functions.sh b/Scripts/LineageOS-17.1/Functions.sh index 0c783923..55bc0b34 100644 --- a/Scripts/LineageOS-17.1/Functions.sh +++ b/Scripts/LineageOS-17.1/Functions.sh @@ -18,7 +18,7 @@ #Last verified: 2020-04-14 patchAllKernels() { - startPatcher "kernel_asus_fugu kernel_cyanogen_msm8916 kernel_fairphone_msm8974 kernel_fairphone_sdm632 kernel_fxtec_msm8998 kernel_google_coral kernel_google_marlin kernel_google_msm-4.9 kernel_google_wahoo kernel_google_yellowstone kernel_htc_msm8974 kernel_lge_g3 kernel_lge_mako kernel_lge_msm8974 kernel_lge_msm8996 kernel_moto_shamu kernel_motorola_msm8916 kernel_motorola_msm8974 kernel_motorola_msm8992 kernel_motorola_msm8996 kernel_nextbit_msm8992 kernel_oneplus_msm8994 kernel_oneplus_msm8996 kernel_oneplus_msm8998 kernel_oneplus_sdm845 kernel_oneplus_sm7250 kernel_oneplus_sm8150 kernel_razer_msm8998 kernel_samsung_jf kernel_xiaomi_sdm845 kernel_yandex_sdm660 kernel_zuk_msm8996"; + startPatcher "kernel_asus_fugu kernel_cyanogen_msm8916 kernel_fairphone_msm8974 kernel_fairphone_sdm632 kernel_fxtec_msm8998 kernel_google_coral kernel_google_marlin kernel_google_msm-4.9 kernel_google_wahoo kernel_google_yellowstone kernel_htc_msm8974 kernel_lge_g3 kernel_lge_mako kernel_lge_msm8974 kernel_lge_msm8996 kernel_moto_shamu kernel_motorola_msm8916 kernel_motorola_msm8974 kernel_motorola_msm8992 kernel_motorola_msm8996 kernel_nextbit_msm8992 kernel_oneplus_msm8994 kernel_oneplus_msm8996 kernel_oneplus_sdm845 kernel_oneplus_sm7250 kernel_oneplus_sm8150 kernel_razer_msm8998 kernel_samsung_jf kernel_xiaomi_sdm845 kernel_yandex_sdm660 kernel_zuk_msm8996"; } export -f patchAllKernels; @@ -96,8 +96,6 @@ buildAll() { buildDevice FP3 avb; #SD835 buildDevice cheryl verity; - buildDevice cheeseburger verity; #needs manual patching - vendor common makefile + not booting - buildDevice dumpling verity; buildDevice taimen avb; buildDevice walleye avb; #SD845 diff --git a/Scripts/LineageOS-17.1/Patch.sh b/Scripts/LineageOS-17.1/Patch.sh index ecd2190f..7a14631e 100644 --- a/Scripts/LineageOS-17.1/Patch.sh +++ b/Scripts/LineageOS-17.1/Patch.sh @@ -297,9 +297,6 @@ enableVerity; #Resurrect dm-verity enterAndClear "device/oneplus/oneplus2"; sed -i 's|etc/permissions/qti_libpermissions.xml|vendor/etc/permissions/qti_libpermissions.xml|' proprietary-files.txt; -enterAndClear "device/oneplus/msm8998-common"; -awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' BoardConfigCommon.mk; #disable releasetools to fix delta ota generation - enterAndClear "device/oneplus/sm8150-common"; enableVerity; #Resurrect dm-verity diff --git a/Scripts/LineageOS-18.1/Functions.sh b/Scripts/LineageOS-18.1/Functions.sh index 0248ec48..bf6aea9d 100644 --- a/Scripts/LineageOS-18.1/Functions.sh +++ b/Scripts/LineageOS-18.1/Functions.sh @@ -69,7 +69,7 @@ buildAll() { #SD801 buildDevice bacon; buildDevice klte; #unb18 - buildDevice m8; #unb18 + #buildDevice m8; #unb18 buildDevice victara; #error: +out/target/product/victara/recovery.img too large (10522624 >= 10485760) #SD805 buildDevice shamu verity; @@ -83,8 +83,8 @@ buildAll() { buildDevice oneplus3 verity; #SD835 buildDevice cheryl verity; - buildDevice cheeseburger verity; #needs manual patching - vendor common makefile - buildDevice dumpling verity; + #buildDevice cheeseburger verity; #needs manual patching - vendor common makefile + #buildDevice dumpling verity; buildDevice mata verity; buildDevice taimen avb; buildDevice walleye avb; diff --git a/Scripts/LineageOS-18.1/Patch.sh b/Scripts/LineageOS-18.1/Patch.sh index 516dbdc7..4189f5ef 100644 --- a/Scripts/LineageOS-18.1/Patch.sh +++ b/Scripts/LineageOS-18.1/Patch.sh @@ -264,6 +264,7 @@ awk -i inplace '!/WfdCommon/' msm8996.mk; #fix breakage enterAndClear "device/oneplus/msm8998-common"; awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' BoardConfigCommon.mk; #disable releasetools to fix delta ota generation +awk -i inplace '!/hal_camera_default, sensors_dbg_prop/' sepolicy/vendor/hal_camera_default.te; #Remove a neverallow enterAndClear "device/oppo/common"; awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' BoardConfigCommon.mk; #disable releasetools to fix delta ota generation diff --git a/Scripts/LineageOS-18.1/TODO b/Scripts/LineageOS-18.1/TODO deleted file mode 100644 index 040a01ba..00000000 --- a/Scripts/LineageOS-18.1/TODO +++ /dev/null @@ -1,3 +0,0 @@ -- Fix PicoTTS inclusion -- Fix vintf in Android.bp deblobbing -- Fix signing on newer devices