Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2025-05-02 06:26:20 -04:00
Code Issues Projects Releases Packages Wiki Activity

Misc hardening from GrapheneOS

Browse source 
11 62f81c237b

11 1f05db99ab

11 f242089d3f
10 abcf485dcf
9x c5db5a9f9e

Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
Tad 2022-03-15 14:38:08 -04:00
parent 844227a4f4
commit ad579b6681
6 changed files with 206 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Scripts/LineageOS-16.0/Patch.sh
View file

@ -260,6 +260,10 @@ applyPatch "$DOS_PATCHES/android_packages_services_Telephony/0001-PREREQ_Handle_
applyPatch "$DOS_PATCHES/android_packages_services_Telephony/0002-More_Preferred_Network_Modes.patch";
fi;
#if enterAndClear "system/bt"; then
#applyPatch "$DOS_PATCHES_COMMON/android_system_core/0001-alloc_size.patch"; #Add alloc_size attributes to the allocator (GrapheneOS)
#fi;
if enterAndClear "system/core"; then
if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file
git revert --no-edit b3609d82999d23634c5e6db706a3ecbc5348309a; #Always update recovery

4
Scripts/LineageOS-17.1/Patch.sh
View file

@ -261,6 +261,10 @@ fi;
#applyPatch "$DOS_PATCHES/android_packages_services_Telephony/0002-More_Preferred_Network_Modes.patch"; #XXX 17REBASE
#fi;
if enterAndClear "system/bt"; then
applyPatch "$DOS_PATCHES_COMMON/android_system_core/0001-alloc_size.patch"; #Add alloc_size attributes to the allocator (GrapheneOS)
fi;
if enterAndClear "system/core"; then
if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file
git revert --no-edit 3032c7aa5ce90c0ae9c08fe271052c6e0304a1e7 01266f589e6deaef30b782531ae14435cdd2f18e; #insanity

3
Scripts/LineageOS-18.1/Patch.sh
View file

@ -126,6 +126,7 @@ fi;
if enterAndClear "frameworks/native"; then
if [ "$DOS_SENSORS_PERM_NEW" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_native/0001-Sensors.patch"; fi; #Permission for sensors access (MSe1969)
applyPatch "$DOS_PATCHES/android_frameworks_native/0002-fix-uaf.patch"; #Fix use-after-free in adbd_auth (GrapheneOS)
fi;
if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then
@ -226,6 +227,7 @@ applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0005-Automatic_Reboot.pa
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0006-Bluetooth_Timeout.patch"; #Timeout for Bluetooth (CalyxOS)
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0007-WiFi_Timeout.patch"; #Timeout for Wi-Fi (CalyxOS)
if [ "$DOS_GRAPHENE_PTRACE_SCOPE" = true ]; then applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0008-ptrace_scope.patch"; fi; #Add native debugging setting (GrapheneOS)
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0009-Install_Restrictions.patch"; #UserManager app installation restrictions (GrapheneOS)
sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/backup/PrivacySettingsUtils.java; fi; #microG doesn't support Backup, hide the options
fi;
@ -266,6 +268,7 @@ fi;
if enterAndClear "system/bt"; then
git am "$DOS_PATCHES/android_system_bt/a2dp-master-fixes.patch"; #topic
applyPatch "$DOS_PATCHES_COMMON/android_system_core/0001-alloc_size.patch"; #Add alloc_size attributes to the allocator (GrapheneOS)
fi;
if enterAndClear "system/core"; then