mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2025-05-02 14:36:17 -04:00
Cleanup
- Removes unused files/patches - Removes many guards, these likely don't work anyway due to patchsets having dependencies - No functional change Signed-off-by: Tavi <tavi@divested.dev>
This commit is contained in:
Tavi
parent
af25d96aee
commit
afe1135384
449 changed files with 193 additions and 22661 deletions
|
|
@ -34,7 +34,6 @@ echo "Deblobbing...";
|
|||
overlay="invalid_placeholder_aekiekan";
|
||||
ipcSec="";
|
||||
kernels=""; #Delimited using " "
|
||||
sepolicy="";
|
||||
|
||||
#ACDB (Audio Calibration DataBase) [Qualcomm] XXX: Breaks audio output
|
||||
#blobs=$blobs".*.acdb|florida.*.bin"; #databases
|
||||
|
|
@ -43,7 +42,6 @@ echo "Deblobbing...";
|
|||
#ADSP/Hexagon (Hardware Digital Signal Processor) [Qualcomm]
|
||||
#blobs=$blobs"[/]adsp[/]|.*adspd.*|.*adsprpc.*";
|
||||
#blobs=$blobs"|libfastcvadsp_stub.so|libfastcvopt.so|libadsp.*.so|libscve.*.so";
|
||||
#sepolicy=$sepolicy" adspd.te adsprpcd.te";
|
||||
|
||||
#IFAA (???) [Qualcomm/OnePlus?]
|
||||
blobs=$blobs"ifaadaemon|ifaadaemonProxy";
|
||||
|
|
@ -86,7 +84,6 @@ echo "Deblobbing...";
|
|||
blobs=$blobs"|vendor.qti.atcmdfwd.*|vendor.qti.hardware.radio.atcmdfwd.*";
|
||||
blobs=$blobs"|atfwd.apk";
|
||||
#makes=$makes"|atfwd";
|
||||
sepolicy=$sepolicy" atfwd.te";
|
||||
manifests=$manifests"|AtCmdFwd";
|
||||
fi;
|
||||
|
||||
|
|
@ -120,7 +117,6 @@ echo "Deblobbing...";
|
|||
#blobs=$blobs"|vendor.qti.data.factory.*|vendor.qti.hardware.data.dynamicdds.*|vendor.qti.hardware.data.latency.*|vendor.qti.hardware.data.qmi.*|vendor.qti.latency.*|vendor.qti.hardware.data.iwlan.*";
|
||||
overlay=$overlay"|config_wlan_data_service_package|config_wlan_network_service_package|config_qualified_networks_service_package";
|
||||
#makes=$makes"|libcnefeatureconfig"; XXX: breaks radio
|
||||
sepolicy=$sepolicy" cnd.te qcneservice.te";
|
||||
manifests=$manifests"|com.quicinc.cne|iwlan";
|
||||
blobs=$blobs"|QualifiedNetworksService.apk"; #Google
|
||||
blobs=$blobs"|qualifiednetworksservice.xml";
|
||||
|
|
@ -174,7 +170,6 @@ echo "Deblobbing...";
|
|||
blobs=$blobs"|dpmserviceapp.apk";
|
||||
blobs=$blobs"|libdpmctmgr.so|libdpmfdmgr.so|libdpmframework.so|libdpmnsrm.so|libdpmtcm.so|libdpmqmihal.so";
|
||||
blobs=$blobs"|com.qualcomm.qti.dpm.*";
|
||||
sepolicy=$sepolicy" dpmd.te";
|
||||
ipcSec=$ipcSec"|47:4294967295:1001:3004|48:4294967295:1000:3004";
|
||||
manifests=$manifests"|dpmQmiService";
|
||||
makes=$makes"|dpmserviceapp";
|
||||
|
|
@ -199,8 +194,6 @@ echo "Deblobbing...";
|
|||
manifests=$manifests"|android.hardware.drm";
|
||||
#makes=$makes"|libdrmframework.*"; #necessary to compile
|
||||
#makes=$makes"|mediadrmserver|com.android.mediadrm.signer.*|drmserver"; #Works but causes long boot times
|
||||
#sepolicy=$sepolicy" drmserver.te mediadrmserver.te";
|
||||
sepolicy=$sepolicy" hal_drm_default.te hal_drm.te hal_drm_widevine.te";
|
||||
|
||||
#eMBMS [Qualcomm]
|
||||
blobs=$blobs"|embms.apk";
|
||||
|
|
@ -212,7 +205,7 @@ echo "Deblobbing...";
|
|||
#External Accessories
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_ACCESSORIES" = true ]; then
|
||||
#tangorpro
|
||||
if [[ "$DOS_VERSION" == "LineageOS-20.0" ]]; then
|
||||
if [[ "$DOS_VERSION" == "LineageOS-20.0" ]] || [[ "$DOS_VERSION" == "LineageOS-21.0" ]]; then
|
||||
blobs=$blobs"|AndroidMediaShell.apk|CastAuthPrebuilt.apk|UsoniaPrebuilt.apk|HomegraphPrebuilt.apk|SmartDisplayPrebuilt.apk|DockManagerPrebuilt.apk|DockSetup.apk";
|
||||
blobs=$blobs"|default-permissions_SmartDisplayPrebuilt.xml|com.google.android.apps.mediashell.xml|com.google.android.apps.nest.castauth.xml|pixel_docking_experience_2022.xml|appcompat[/]compat_framework_overrides.xml|com.google.assistant.hubui.xml|sysconfig[/]communal.xml|com.google.android.apps.nest.dockmanager.app.xml|google-nest-hiddenapi-package-whitelist.xml";
|
||||
fi;
|
||||
|
|
@ -248,22 +241,19 @@ echo "Deblobbing...";
|
|||
#blobs=$blobs"|flp.conf";
|
||||
|
||||
#Graphics
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_GRAPHICS" = true ]; then
|
||||
blobs=$blobs"|eglsubAndroid.so|eglSubDriverAndroid.so|libbccQTI.so|libC2D2.so|libc2d30_bltlib.so|libc2d30.so|libc2d30.*.so|libCB.so|libEGL.*.so|libGLES.*.so|libgsl.so|libq3dtools_esx.so|libq3dtools.*.so|libQTapGLES.so|libscale.so|libsc.*.so";
|
||||
blobs=$blobs"|libglcore.so|libnvblit.so|libnvddk_vic.so|libnvglsi.so|libnvgr.so|libnvptx.so|libnvrmapi.*.so|libnvrm_graphics.so|libnvrm.so|libnvwsi.so"; #NVIDIA
|
||||
blobs=$blobs"|gralloc.*.so|hwcomposer.*.so|memtrack.*.so";
|
||||
blobs=$blobs"|libadreno_utils.so"; #Adreno
|
||||
blobs=$blobs"|libllvm.*.so"; #LLVM
|
||||
blobs=$blobs"|libOpenCL.*.so|libclcore_nvidia.bc"; #OpenCL
|
||||
blobs=$blobs"|vulkan.*.so"; #Vulkan
|
||||
makes=$makes"|android.hardware.vulkan.*|libvulkan";
|
||||
fi;
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_RENDERSCRIPT" = true ] || [ "$DOS_DEBLOBBER_REMOVE_GRAPHICS" = true ]; then
|
||||
blobs=$blobs"|android.hardware.renderscript.*";
|
||||
blobs=$blobs"|librs.*.so|libRSDriver.*.so|libnvRSCompiler.so|libnvRSDriver.so"; #Adreno
|
||||
blobs=$blobs"|libPVRRS.*.so|libufwriter.so"; #Intel
|
||||
makes=$makes"|android.hardware.renderscript.*";
|
||||
fi;
|
||||
#blobs=$blobs"|eglsubAndroid.so|eglSubDriverAndroid.so|libbccQTI.so|libC2D2.so|libc2d30_bltlib.so|libc2d30.so|libc2d30.*.so|libCB.so|libEGL.*.so|libGLES.*.so|libgsl.so|libq3dtools_esx.so|libq3dtools.*.so|libQTapGLES.so|libscale.so|libsc.*.so";
|
||||
#blobs=$blobs"|libglcore.so|libnvblit.so|libnvddk_vic.so|libnvglsi.so|libnvgr.so|libnvptx.so|libnvrmapi.*.so|libnvrm_graphics.so|libnvrm.so|libnvwsi.so"; #NVIDIA
|
||||
#blobs=$blobs"|gralloc.*.so|hwcomposer.*.so|memtrack.*.so";
|
||||
#blobs=$blobs"|libadreno_utils.so"; #Adreno
|
||||
#blobs=$blobs"|libllvm.*.so"; #LLVM
|
||||
#blobs=$blobs"|libOpenCL.*.so|libclcore_nvidia.bc"; #OpenCL
|
||||
#blobs=$blobs"|vulkan.*.so"; #Vulkan
|
||||
#makes=$makes"|android.hardware.vulkan.*|libvulkan";
|
||||
#Renderscript
|
||||
#blobs=$blobs"|android.hardware.renderscript.*";
|
||||
#blobs=$blobs"|librs.*.so|libRSDriver.*.so|libnvRSCompiler.so|libnvRSDriver.so"; #Adreno
|
||||
#blobs=$blobs"|libPVRRS.*.so|libufwriter.so"; #Intel
|
||||
#makes=$makes"|android.hardware.renderscript.*";
|
||||
|
||||
#Felicia [Google?]
|
||||
blobs=$blobs"|MobileFeliCaClient.apk|MobileFeliCaMenuMainApp.apk|MobileFeliCaSettingApp.apk|MobileFeliCaWebPlugin.apk|MobileFeliCaWebPluginBoot.apk";
|
||||
|
|
@ -386,7 +376,6 @@ echo "Deblobbing...";
|
|||
blobs=$blobs"|lib-dplmedia.so|librcc.so|libvcel.so|libvoice-svc.so";
|
||||
blobs=$blobs"|volte_modem[/]";
|
||||
makes=$makes"|ims-ext-common";
|
||||
sepolicy=$sepolicy" ims.te imscm.te imswmsproxy.te";
|
||||
ipcSec=$ipcSec"|32:4294967295:1001";
|
||||
manifests=$manifests"|qti.ims|radio.ims";
|
||||
fi;
|
||||
|
|
@ -593,13 +582,10 @@ echo "Deblobbing...";
|
|||
#Time Service [Qualcomm]
|
||||
#https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/time-services/ [headers]
|
||||
#Requires that android_hardware_sony_timekeep be included in repo manifest
|
||||
if [ "$DOS_DEBLOBBER_REPLACE_TIME" = true ]; then
|
||||
#blobs=$blobs"|libtime_genoff.so"; #XXX: Breaks radio
|
||||
blobs=$blobs"|libTimeService.so";
|
||||
blobs=$blobs"|TimeService.apk";
|
||||
blobs=$blobs"|time_daemon";
|
||||
sepolicy=$sepolicy" qtimeservice.te";
|
||||
fi;
|
||||
#blobs=$blobs"|libtime_genoff.so"; #XXX: Breaks radio
|
||||
#blobs=$blobs"|libTimeService.so";
|
||||
#blobs=$blobs"|TimeService.apk";
|
||||
#blobs=$blobs"|time_daemon";
|
||||
|
||||
#[T-Mobile]
|
||||
blobs=$blobs"|TmobileGrsuPrebuilt.apk";
|
||||
|
|
@ -673,7 +659,6 @@ echo "Deblobbing...";
|
|||
export overlay;
|
||||
export ipcSec;
|
||||
export kernels;
|
||||
export sepolicy;
|
||||
export manifests;
|
||||
#
|
||||
#END OF BLOBS ARRAY
|
||||
|
|
@ -685,8 +670,6 @@ echo "Deblobbing...";
|
|||
deblobDevice() {
|
||||
local devicePath="$1";
|
||||
cd "$DOS_BUILD_BASE/$devicePath";
|
||||
if [ "$DOS_DEBLOBBER_REPLACE_TIME" = false ]; then local replaceTime="false"; fi; #Disable Time replacement
|
||||
if ! grep -qi "qcom" BoardConfig*.mk; then local replaceTime="false"; fi; #Disable Time Replacement
|
||||
if [ -f Android.mk ]; then
|
||||
#Some devices store these in a dedicated firmware partition, others in /system/vendor/firmware, either way the following are just symlinks
|
||||
#sed -i '/ALL_DEFAULT_INSTALLED_MODULES/s/$(CMN_SYMLINKS)//' Android.mk; #Remove CMN firmware
|
||||
|
|
@ -699,17 +682,6 @@ deblobDevice() {
|
|||
sed -i '/ALL_DEFAULT_INSTALLED_MODULES/s/$(WIDEVINE_SYMLINKS)//' Android.mk; #Remove Google Widevine firmware
|
||||
sed -i '/ALL_DEFAULT_INSTALLED_MODULES/s/$(WV_SYMLINKS)//' Android.mk; #Remove Google Widevine firmware
|
||||
fi;
|
||||
if [ -f BoardConfig.mk ]; then
|
||||
if [ -z "$replaceTime" ]; then
|
||||
sed -i 's/BOARD_USES_QC_TIME_SERVICES := true/BOARD_USES_QC_TIME_SERVICES := false/' BoardConfig*.mk &>/dev/null || true; #Switch to Sony TimeKeep
|
||||
if ! grep -q "BOARD_USES_QC_TIME_SERVICES := false" BoardConfig.mk; then echo "BOARD_USES_QC_TIME_SERVICES := false" >> BoardConfig.mk; fi; #Switch to Sony TimeKeep
|
||||
fi;
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_GRAPHICS" = true ]; then
|
||||
#sed -i 's/USE_OPENGL_RENDERER := true/USE_OPENGL_RENDERER := false/' BoardConfig.mk;
|
||||
#if ! grep -q "USE_OPENGL_RENDERER := false" BoardConfig.mk; then echo "USE_OPENGL_RENDERER := false" >> BoardConfig.mk; fi;
|
||||
if ! grep -q "USE_OPENGL_RENDERER := true" BoardConfig.mk; then echo "USE_OPENGL_RENDERER := true" >> BoardConfig.mk; fi;
|
||||
fi;
|
||||
fi;
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_CNE" = true ]; then sed -i 's/BOARD_USES_QCNE := true/BOARD_USES_QCNE := false/' BoardConfig*.mk &>/dev/null || true; fi; #Disable CNE
|
||||
sed -i 's/BOARD_USES_WIPOWER := true/BOARD_USES_WIPOWER := false/' BoardConfig*.mk &>/dev/null || true; #Disable WiPower
|
||||
sed -i 's/TARGET_HAS_HDR_DISPLAY := true/TARGET_HAS_HDR_DISPLAY := false/' BoardConfig*.mk &>/dev/null || true; #Disable HDR
|
||||
|
|
@ -719,27 +691,7 @@ deblobDevice() {
|
|||
if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then sed -i 's/AUDIO_FEATURE_ENABLED_DS2_DOLBY_DAP := true/AUDIO_FEATURE_ENABLED_DS2_DOLBY_DAP := false/' BoardConfig*.mk &>/dev/null || true; fi; #Disable Dolby
|
||||
sed -i 's/BOARD_ANT_WIRELESS_DEVICE := true/BOARD_ANT_WIRELESS_DEVICE := false/' BoardConfig*.mk &>/dev/null || true; #Disable ANT
|
||||
awk -i inplace '!/BOARD_ANT_WIRELESS_DEVICE/' BoardConfig*.mk &>/dev/null || true;
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_RENDERSCRIPT" = true ] || [ "$DOS_DEBLOBBER_REMOVE_GRAPHICS" = true ]; then
|
||||
awk -i inplace '!/RS_DRIVER/' BoardConfig*.mk &>/dev/null || true;
|
||||
fi;
|
||||
if [ -f device.mk ]; then
|
||||
if [ -z "$replaceTime" ]; then
|
||||
echo "PRODUCT_PACKAGES += timekeep TimeKeep" >> device.mk; #Switch to Sony TimeKeep
|
||||
fi;
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_GRAPHICS" = true ]; then
|
||||
echo "PRODUCT_PACKAGES += libyuv libEGL_swiftshader libGLESv1_CM_swiftshader libGLESv2_swiftshader" >> device.mk; #Build SwiftShader
|
||||
fi;
|
||||
fi;
|
||||
local baseDirTmp=${PWD##*/};
|
||||
local suffixTmp="-common";
|
||||
if [ -f "${PWD##*/}".mk ] && [ "${PWD##*/}".mk != "sepolicy" ]; then
|
||||
if [ -z "$replaceTime" ]; then
|
||||
echo "PRODUCT_PACKAGES += timekeep TimeKeep" >> "${PWD##*/}".mk; #Switch to Sony TimeKeep
|
||||
fi;
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_GRAPHICS" = true ]; then
|
||||
echo "PRODUCT_PACKAGES += libyuv libEGL_swiftshader libGLESv1_CM_swiftshader libGLESv2_swiftshader" >> "${PWD##*/}".mk; #Build SwiftShader
|
||||
fi;
|
||||
fi;
|
||||
#awk -i inplace '!/RS_DRIVER/' BoardConfig*.mk &>/dev/null || true; #Renderscript
|
||||
|
||||
sed -i '/loc.nlp_name/d' *.prop *.mk &>/dev/null || true; #Disable QC Location Provider
|
||||
sed -i 's/drm.service.enabled=true/drm.service.enabled=false/' *.prop *.mk &>/dev/null || true;
|
||||
|
|
@ -757,12 +709,6 @@ deblobDevice() {
|
|||
sed -i '/vendor.camera.extensions/d' *.prop *.mk &>/dev/null || true; #Disable camera extensions
|
||||
if [ -f system.prop ]; then
|
||||
if ! grep -q "drm.service.enabled=false" system.prop; then echo "drm.service.enabled=false" >> system.prop; fi; #Disable DRM server
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_GRAPHICS" = true ]; then
|
||||
echo "sys.ui.hw=disable" >> system.prop;
|
||||
#echo "graphics.gles20.disable_on_bootanim=1" >> system.prop;
|
||||
echo "debug.sf.nobootanimation=1" >> system.prop;
|
||||
sed -i 's/opengles.version=.*/opengles.version=131072/' system.prop;
|
||||
fi;
|
||||
fi
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then
|
||||
sed -i 's/ims.volte=true/ims.volte=false/' *.prop *.mk &>/dev/null || true;
|
||||
|
|
@ -819,27 +765,6 @@ deblobDevice() {
|
|||
sed -i 's|<bool name="config_uiBlurEnabled">true</bool>|<bool name="config_uiBlurEnabled">false</bool>|' overlay*/frameworks/base/core/res/res/values/config.xml &>/dev/null || true; #Disable UIBlur
|
||||
awk -i inplace '!/platform_carrier_config_package/' overlay*/packages/services/Telephony/res/values/config.xml &>/dev/null || true;
|
||||
awk -i inplace '!/config_show_adaptive_connectivity/' overlay*/packages/apps/Settings/res/values/config.xml &>/dev/null || true;
|
||||
if [ -d sepolicy ]; then
|
||||
if [ -z "$replaceTime" ]; then
|
||||
numfiles=(*); numfiles=${#numfiles[@]};
|
||||
if [ "$numfiles" -gt "5" ]; then #only if device doesn't use a common sepolicy dir
|
||||
#Switch to Sony TimeKeep
|
||||
#Credit: @aviraxp
|
||||
#Reference: https://github.com/LineageOS/android_device_oneplus_oneplus2/commit/3b152a3c1198d795de4175e6b9927493caf01bf0
|
||||
echo "/sys/devices/soc\.0/qpnp-rtc-8/rtc/rtc0(/.*)? u:object_r:sysfs_rtc:s0" >> sepolicy/file_contexts;
|
||||
echo "/(system/vendor|vendor)/bin/timekeep u:object_r:timekeep_exec:s0" >> sepolicy/file_contexts;
|
||||
echo "type vendor_timekeep_prop, property_type;" >> sepolicy/property.te;
|
||||
echo "persist.vendor.timeadjust u:object_r:vendor_timekeep_prop:s0" >> sepolicy/property_contexts;
|
||||
echo "user=system seinfo=platform name=com.sony.timekeep domain=timekeep_app type=app_data_file" >> sepolicy/seapp_contexts;
|
||||
cp "$DOS_PATCHES_COMMON/android_timekeep_sepolicy/timekeep.te" sepolicy/;
|
||||
cp "$DOS_PATCHES_COMMON/android_timekeep_sepolicy/timekeep_app.te" sepolicy/;
|
||||
fi;
|
||||
fi;
|
||||
fi;
|
||||
if [ -z "$replaceTime" ]; then #Switch to Sony TimeKeep
|
||||
#sed -i 's|service time_daemon /system/bin/time_daemon|service time_daemon /system/bin/timekeep restore\n oneshot|' init.*.rc rootdir/init.*.rc rootdir/etc/init.*.rc &> /dev/null || true;
|
||||
awk -i inplace '!|mkdir /data/time/ 0700 system system|' init.*.rc rootdir/init.*.rc rootdir/etc/init.*.rc &> /dev/null || true;
|
||||
fi;
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_CNE" = true ]; then rm -f board/qcom-cne.mk product/qcom-cne.mk; fi; #Remove CNE
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then
|
||||
rm -f rootdir/etc/init.qti.ims.sh rootdir/init.qti.ims.sh init.qti.ims.sh; #Remove IMS startup script
|
||||
|
|
@ -867,17 +792,6 @@ deblobKernel() {
|
|||
}
|
||||
export -f deblobKernel;
|
||||
|
||||
deblobSepolicy() {
|
||||
local sepolicyPath="$1";
|
||||
cd "$DOS_BUILD_BASE/$sepolicyPath";
|
||||
if [ -d sepolicy ]; then
|
||||
cd sepolicy;
|
||||
rm -f $sepolicy;
|
||||
fi;
|
||||
cd "$DOS_BUILD_BASE";
|
||||
}
|
||||
export -f deblobSepolicy;
|
||||
|
||||
deblobVendors() {
|
||||
cd "$DOS_BUILD_BASE";
|
||||
find vendor -regextype posix-extended -regex '.*('$blobs')' -type f -delete; #Delete all blobs
|
||||
|
|
@ -922,7 +836,6 @@ cd "$DOS_BUILD_BASE";
|
|||
find build -name "*.mk" -type f -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'awk -i inplace "!/$makes/" "{}"'; #Deblob all makefiles
|
||||
find device -maxdepth 2 -mindepth 2 -type d -exec bash -c 'deblobDevice "$0"' {} \;; #Deblob all device directories
|
||||
find device -name "*.mk" -type f -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'awk -i inplace "!/$makes/" "{}"'; #Deblob all makefiles
|
||||
#find device -maxdepth 3 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'deblobSepolicy "{}"'; #Deblob all device sepolicy directories XXX: Breaks builds when other sepolicy files reference deleted ones
|
||||
#find kernel -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'deblobKernel "{}"'; #Deblob all kernel directories
|
||||
find vendor -name "*endor*.mk" -type f -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'deblobVendorMk "{}"'; #Deblob all makefiles
|
||||
find vendor -name "Android.bp" -type f -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'deblobVendorBp "{}"'; #Deblob all makefiles
|
||||
|
|
|
|||
|
|
@ -39,10 +39,6 @@ enableAVB() {
|
|||
if [[ "$1" == *"xiaomi"* ]]; then #XXX: broken
|
||||
sed -i 's/AVB_MAKE_VBMETA_IMAGE_ARGS += --flags 3/AVB_MAKE_VBMETA_IMAGE_ARGS += --flags 2/' *.mk &>/dev/null || true;
|
||||
echo "Setting PERMISSIVE AVB for $1";
|
||||
elif [[ "$DOS_VERSION" == "LineageOS-18.1" ]] && [[ "$1" == *"oneplus/sdm845-common"* ]]; then #XXX: uses stock /vendor
|
||||
sed -i 's/AVB_MAKE_VBMETA_IMAGE_ARGS += --flag 2/AVB_MAKE_VBMETA_IMAGE_ARGS += --flags 2/' *.mk &>/dev/null || true;
|
||||
sed -i 's/AVB_MAKE_VBMETA_IMAGE_ARGS += --flags 3/AVB_MAKE_VBMETA_IMAGE_ARGS += --flags 2/' *.mk &>/dev/null || true;
|
||||
echo "Setting PERMISSIVE AVB for $1";
|
||||
else
|
||||
awk -i inplace '!/AVB_MAKE_VBMETA_IMAGE_ARGS \+= --flag/' *.mk &>/dev/null || true;
|
||||
echo "Setting ENFORCING AVB for $1";
|
||||
|
|
|
|||
|
|
@ -208,7 +208,7 @@ processRelease() {
|
|||
local OUT_DIR="$DOS_BUILD_BASE/out/target/product/$DEVICE/";
|
||||
|
||||
local RELEASETOOLS_PREFIX="build/tools/releasetools/";
|
||||
if [[ "$DOS_VERSION" == "LineageOS-18.1" ]] || [[ "$DOS_VERSION" == "LineageOS-19.1" ]] || [[ "$DOS_VERSION" == "LineageOS-20.0" ]]; then
|
||||
if [[ "$DOS_VERSION" == "LineageOS-18.1" ]] || [[ "$DOS_VERSION" == "LineageOS-19.1" ]] || [[ "$DOS_VERSION" == "LineageOS-20.0" ]] || [[ "$DOS_VERSION" == "LineageOS-21.0" ]]; then
|
||||
local RELEASETOOLS_PREFIX="";
|
||||
fi;
|
||||
|
||||
|
|
@ -240,10 +240,10 @@ processRelease() {
|
|||
--extra_apks ServiceUwbResources.apk="$KEY_DIR/releasekey" \
|
||||
--extra_apks ServiceWifiResources.apk="$KEY_DIR/releasekey" \
|
||||
--extra_apks WifiDialog.apk="$KEY_DIR/releasekey");
|
||||
if [[ "$DOS_VERSION" == "LineageOS-20.0" ]]; then
|
||||
if [[ "$DOS_VERSION" == "LineageOS-20.0" ]] || [[ "$DOS_VERSION" == "LineageOS-21.0" ]]; then
|
||||
local APK_SWITCHES_EXTRA=(--extra_apks Bluetooth.apk="$KEY_DIR/bluetooth");
|
||||
fi;
|
||||
if [[ "$DOS_VERSION" == "LineageOS-17.1" ]] || [[ "$DOS_VERSION" == "LineageOS-18.1" ]] || [[ "$DOS_VERSION" == "LineageOS-19.1" ]] || [[ "$DOS_VERSION" == "LineageOS-20.0" ]]; then
|
||||
if [[ "$DOS_VERSION" == "LineageOS-17.1" ]] || [[ "$DOS_VERSION" == "LineageOS-18.1" ]] || [[ "$DOS_VERSION" == "LineageOS-19.1" ]] || [[ "$DOS_VERSION" == "LineageOS-20.0" ]] || [[ "$DOS_VERSION" == "LineageOS-21.0" ]]; then
|
||||
local APEX_SWITCHES=(--extra_apks com.android.adbd.apex="$KEY_DIR/releasekey" \
|
||||
--extra_apex_payload_key com.android.adbd.apex="$KEY_DIR/avb.pem" \
|
||||
--extra_apks com.android.adservices.apex="$KEY_DIR/releasekey" \
|
||||
|
|
@ -561,7 +561,7 @@ hardenLocationSerials() {
|
|||
#Prevent Qualcomm location stack from sending chipset serial number
|
||||
|
||||
#Devices using blob xtra-daemon (which Deblob.sh removes)
|
||||
if [[ "$DOS_VERSION" != "LineageOS-20.0" ]]; then #20.0 has sysfs_soc_sensitive label
|
||||
if [[ "$DOS_VERSION" != "LineageOS-20.0" ]] && [[ "$DOS_VERSION" != "LineageOS-21.0" ]]; then #20.0+ has sysfs_soc_sensitive label
|
||||
find device -name "hal_gnss*.te" -type f -exec sh -c "awk -i inplace '!/sysfs_soc/' {}" \;
|
||||
find device -name "location.te" -type f -exec sh -c "awk -i inplace '!/sysfs_soc/' {}" \;
|
||||
fi;
|
||||
|
|
@ -583,11 +583,6 @@ hardenLocationConf() {
|
|||
#Debugging: adb logcat -b all | grep -i -e locsvc -e izat -e gps -e gnss -e location -e xtra
|
||||
#sed -i 's|DEBUG_LEVEL = .|DEBUG_LEVEL = 4|' "$gpsConfig" &> /dev/null || true; #Debug
|
||||
#sed -i 's|DEBUG_LEVEL = .|DEBUG_LEVEL = 2|' "$gpsConfig" &> /dev/null || true; #Warning
|
||||
#Enable GLONASS
|
||||
if [ "$DOS_GPS_GLONASS_FORCED" = true ]; then
|
||||
sed -i 's/#A_GLONASS_POS_PROTOCOL_SELECT =/A_GLONASS_POS_PROTOCOL_SELECT =/' "$gpsConfig" &>/dev/null || true;
|
||||
sed -i 's/A_GLONASS_POS_PROTOCOL_SELECT = 0.*/A_GLONASS_POS_PROTOCOL_SELECT = 15/' "$gpsConfig" &>/dev/null || true;
|
||||
fi;
|
||||
#Change capabilities
|
||||
sed -i 's|CAPABILITIES=.*|CAPABILITIES=0x13|' "$gpsConfig" &> /dev/null || true; #Disable MSA (privacy) and geofencing/ULP (both broken by deblobber)
|
||||
sed -i 's|CAPABILITIES = .*|CAPABILITIES = 0x13|' "$gpsConfig" &> /dev/null || true;
|
||||
|
|
@ -633,10 +628,6 @@ export -f hardenLocationConf;
|
|||
|
||||
hardenLocationFWB() {
|
||||
local dir=$1;
|
||||
#Enable GLONASS
|
||||
if [ "$DOS_GPS_GLONASS_FORCED" = true ]; then
|
||||
sed -i 's|A_GLONASS_POS_PROTOCOL_SELECT=0.*</item>|A_GLONASS_POS_PROTOCOL_SELECT=15</item>|' "$dir"/frameworks/base/core/res/res/values*/*.xml &>/dev/null || true;
|
||||
fi;
|
||||
#Change capabilities
|
||||
sed -i "s|SUPL_MODE=3|SUPL_MODE=1|" "$dir"/frameworks/base/core/res/res/values*/*.xml &> /dev/null || true; #Disable MSA (privacy)
|
||||
sed -i "s|LPP_PROFILE=.*</item>|LPP_PROFILE=0</item>|" "$dir"/frameworks/base/core/res/res/values*/*.xml &> /dev/null || true; #Disable LPP (privacy)
|
||||
|
|
@ -669,7 +660,7 @@ hardenUserdata() {
|
|||
|
||||
#TODO: Ensure: noatime,nosuid,nodev
|
||||
sed -i '/\/data/{/discard/!s|nosuid|discard,nosuid|}' *fstab* */*fstab* */*/*fstab* &>/dev/null || true;
|
||||
if [ "$1" != "device/samsung/tuna" ] && [ "$1" != "device/amazon/hdx-common" ] && [ "$1" != "device/motorola/athene" ] && [[ "$DOS_VERSION" != "LineageOS-20.0" ]]; then #tuna needs first boot to init, hdx-c has broken encryption
|
||||
if [ "$1" != "device/samsung/tuna" ] && [ "$1" != "device/amazon/hdx-common" ] && [ "$1" != "device/motorola/athene" ] && [[ "$DOS_VERSION" != "LineageOS-20.0" ]] && [[ "$DOS_VERSION" != "LineageOS-21.0" ]]; then #tuna needs first boot to init, hdx-c has broken encryption
|
||||
sed -i 's|encryptable=/|forceencrypt=/|' *fstab* */*fstab* */*/*fstab* &>/dev/null || true;
|
||||
fi;
|
||||
echo "Hardened /data for $1";
|
||||
|
|
@ -771,16 +762,6 @@ disableAPEX() {
|
|||
}
|
||||
export -f disableAPEX;
|
||||
|
||||
enableStrongEncryption() {
|
||||
cd "$DOS_BUILD_BASE/$1";
|
||||
if [ -f BoardConfig.mk ]; then
|
||||
echo "TARGET_WANTS_STRONG_ENCRYPTION := true" >> BoardConfig.mk;
|
||||
echo "Enabled AES-256 encryption for $1";
|
||||
fi;
|
||||
cd "$DOS_BUILD_BASE";
|
||||
}
|
||||
export -f enableStrongEncryption;
|
||||
|
||||
addAdbKey() {
|
||||
if [ -f ~/.android/adbkey.pub ]; then
|
||||
cp ~/.android/adbkey.pub "$DOS_BUILD_BASE/vendor/divested/";
|
||||
|
|
@ -795,102 +776,24 @@ changeDefaultDNS() {
|
|||
local dnsSecondary="";
|
||||
local dnsSecondaryV6="";
|
||||
if [ ! -z "$DOS_DEFAULT_DNS_PRESET" ]; then
|
||||
if [[ "$DOS_DEFAULT_DNS_PRESET" == "AdGuard" ]]; then #https://adguard.com/en/adguard-dns/overview.html
|
||||
dnsHex="0xb0678282L";
|
||||
dnsPrimary="176.103.130.130";
|
||||
dnsPrimaryV6="2a00:5a60::ad1:0ff";
|
||||
dnsSecondary="176.103.130.131";
|
||||
dnsSecondaryV6="2a00:5a60::ad2:0ff";
|
||||
elif [[ "$DOS_DEFAULT_DNS_PRESET" == "AdGuard-NOBL" ]]; then #https://adguard.com/en/adguard-dns/overview.html
|
||||
dnsHex="0xb0678288L";
|
||||
dnsPrimary="176.103.130.136";
|
||||
dnsPrimaryV6="2a00:5a60::01:ff";
|
||||
dnsSecondary="176.103.130.137";
|
||||
dnsSecondaryV6="2a00:5a60::02:ff";
|
||||
elif [[ "$DOS_DEFAULT_DNS_PRESET" == "CensurfriDNS" ]]; then #https://uncensoreddns.org
|
||||
dnsHex="0x5bef6464L";
|
||||
dnsPrimary="91.239.100.100";
|
||||
dnsPrimaryV6="2001:67c:28a4::";
|
||||
dnsSecondary="89.233.43.71";
|
||||
dnsSecondaryV6="2a01:3a0:53:53::";
|
||||
elif [[ "$DOS_DEFAULT_DNS_PRESET" == "Cloudflare" ]]; then #https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/privacy-policy
|
||||
dnsHex="0x01000001L";
|
||||
dnsPrimary="1.0.0.1";
|
||||
dnsPrimaryV6="2606:4700:4700::1001";
|
||||
dnsSecondary="1.1.1.1";
|
||||
dnsSecondaryV6="2606:4700:4700::1111";
|
||||
elif [[ "$DOS_DEFAULT_DNS_PRESET" == "Cloudflare-BL" ]]; then #https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/privacy-policy
|
||||
if [[ "$DOS_DEFAULT_DNS_PRESET" == "Cloudflare" ]]; then #https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/privacy-policy
|
||||
dnsHex="0x01000002L";
|
||||
dnsPrimary="1.0.0.2";
|
||||
dnsPrimaryV6="2606:4700:4700::1002";
|
||||
dnsSecondary="1.1.1.2";
|
||||
dnsSecondaryV6="2606:4700:4700::1112";
|
||||
elif [[ "$DOS_DEFAULT_DNS_PRESET" == "DNSWATCH" ]]; then #https://dns.watch
|
||||
dnsHex="0x54c84550L";
|
||||
dnsPrimary="84.200.69.80";
|
||||
dnsPrimaryV6="2001:1608:10:25::1c04:b12f";
|
||||
dnsSecondary="84.200.70.40";
|
||||
dnsSecondaryV6="2001:1608:10:25::9249:d69b";
|
||||
elif [[ "$DOS_DEFAULT_DNS_PRESET" == "Google" ]]; then #https://developers.google.com/speed/public-dns/privacy
|
||||
dnsHex="0x08080808L";
|
||||
dnsPrimary="8.8.8.8";
|
||||
dnsPrimaryV6="2001:4860:4860::8888";
|
||||
dnsSecondary="8.8.4.4";
|
||||
dnsSecondaryV6="2001:4860:4860::8844";
|
||||
elif [[ "$DOS_DEFAULT_DNS_PRESET" == "Neustar" ]]; then #https://www.security.neustar/digital-performance/dns-services/recursive-dns
|
||||
dnsHex="0x9c9a4602L";
|
||||
dnsPrimary="156.154.70.2";
|
||||
dnsPrimaryV6="2610:a1:1018::2";
|
||||
dnsSecondary="156.154.71.2";
|
||||
dnsSecondaryV6="2610:a1:1019::2";
|
||||
elif [[ "$DOS_DEFAULT_DNS_PRESET" == "Neustar-NOBL" ]]; then #https://www.security.neustar/digital-performance/dns-services/recursive-dns
|
||||
dnsHex="0x9c9a4605L";
|
||||
dnsPrimary="156.154.70.5";
|
||||
dnsPrimaryV6="2610:a1:1018::5";
|
||||
dnsSecondary="156.154.71.5";
|
||||
dnsSecondaryV6="2610:a1:1019::5";
|
||||
elif [[ "$DOS_DEFAULT_DNS_PRESET" == "OpenDNS" ]]; then #https://www.cisco.com/c/en/us/about/legal/privacy-full.html
|
||||
dnsHex="0xd043dedeL";
|
||||
dnsPrimary="208.67.222.222";
|
||||
dnsPrimaryV6="2620:0:ccc::2";
|
||||
dnsSecondary="208.67.220.220";
|
||||
dnsSecondaryV6="2620:0:ccd::2";
|
||||
elif [[ "$DOS_DEFAULT_DNS_PRESET" == "Quad9" ]]; then #https://www.quad9.net/privacy
|
||||
dnsHex="0x09090909L";
|
||||
dnsPrimary="9.9.9.9";
|
||||
dnsPrimaryV6="2620:fe::fe";
|
||||
dnsSecondary="149.112.112.112";
|
||||
dnsSecondaryV6="2620:fe::9";
|
||||
elif [[ "$DOS_DEFAULT_DNS_PRESET" == "Quad9-EDNS" ]]; then #https://www.quad9.net/privacy
|
||||
dnsHex="0x0909090bL";
|
||||
dnsPrimary="9.9.9.11";
|
||||
dnsPrimaryV6="2620:fe::11";
|
||||
dnsSecondary="149.112.112.11";
|
||||
dnsSecondaryV6="2620:fe::fe:11";
|
||||
elif [[ "$DOS_DEFAULT_DNS_PRESET" == "Quad9-NOBL" ]]; then #https://www.quad9.net/privacy
|
||||
dnsHex="0x0909090aL";
|
||||
dnsPrimary="9.9.9.10";
|
||||
dnsPrimaryV6="2620:fe::10";
|
||||
dnsSecondary="149.112.112.10";
|
||||
dnsSecondaryV6="2620:fe::fe:10";
|
||||
elif [[ "$DOS_DEFAULT_DNS_PRESET" == "Verisign" ]]; then #https://www.verisign.com/en_US/security-services/public-dns/terms-of-service/index.xhtml
|
||||
dnsHex="0x40064006L";
|
||||
dnsPrimary="64.6.64.6";
|
||||
dnsPrimaryV6="2620:74:1b::1:1";
|
||||
dnsSecondary="64.6.65.6";
|
||||
dnsSecondaryV6="2620:74:1c::2:2";
|
||||
elif [[ "$DOS_DEFAULT_DNS_PRESET" == "Yandex" ]]; then #https://dns.yandex.com/advanced
|
||||
dnsHex="0x4d580858L";
|
||||
dnsPrimary="77.88.8.88";
|
||||
dnsPrimaryV6="2a02:6b8::feed:bad";
|
||||
dnsSecondary="77.88.8.2";
|
||||
dnsSecondaryV6="2a02:6b8:0:1::feed:bad";
|
||||
elif [[ "$DOS_DEFAULT_DNS_PRESET" == "Yandex-NOBL" ]]; then #https://dns.yandex.com/advanced
|
||||
dnsHex="0x4d580808L";
|
||||
dnsPrimary="77.88.8.8";
|
||||
dnsPrimaryV6="2a02:6b8::feed:0ff";
|
||||
dnsSecondary="77.88.8.1";
|
||||
dnsSecondaryV6="2a02:6b8:0:1::feed:0ff";
|
||||
fi;
|
||||
else
|
||||
echo "You must first set a preset via the DOS_DEFAULT_DNS_PRESET variable in init.sh!";
|
||||
|
|
@ -910,7 +813,6 @@ export -f changeDefaultDNS;
|
|||
editKernelLocalversion() {
|
||||
local defconfigPath=$(getDefconfig)
|
||||
local replacement=$1;
|
||||
if [ "$DOS_SNET" = true ]; then local replacement="-oink"; fi;
|
||||
sed -i 's/CONFIG_LOCALVERSION=".*"/CONFIG_LOCALVERSION="'"$replacement"'"/' $defconfigPath &>/dev/null || true;
|
||||
sed -zi '/CONFIG_LOCALVERSION="'"$replacement"'"/!s/$/\nCONFIG_LOCALVERSION="'"$replacement"'"/' $defconfigPath &>/dev/null;
|
||||
}
|
||||
|
|
@ -1154,7 +1056,7 @@ hardenDefconfig() {
|
|||
optionsNo+=("HARDENED_USERCOPY_FALLBACK");
|
||||
optionsNo+=("SECURITY_SELINUX_DISABLE" "SECURITY_WRITABLE_HOOKS");
|
||||
if [ "$DOS_USE_KSM" = false ]; then optionsNo+=("SLAB_MERGE_DEFAULT"); fi;
|
||||
if [[ "$DOS_VERSION" != "LineageOS-20.0" ]]; then optionsNo+=("USERFAULTFD"); fi;
|
||||
if [[ "$DOS_VERSION" != "LineageOS-20.0" ]] && [[ "$DOS_VERSION" != "LineageOS-21.0" ]]; then optionsNo+=("USERFAULTFD"); fi;
|
||||
#optionsNo+=("CFI_PERMISSIVE");
|
||||
#misc
|
||||
optionsNo+=("FB_MSM_MDSS_XLOG_DEBUG" "MSM_BUSPM_DEV" "MSMB_CAMERA_DEBUG" "MSM_CAMERA_DEBUG" "MSM_SMD_DEBUG");
|
||||
|
|
@ -1170,15 +1072,13 @@ hardenDefconfig() {
|
|||
#optionsNo+=("PROC_PAGE_MONITOR"); #breaks memory stats
|
||||
#optionsNo+=("SCHED_DEBUG"); #breaks compile
|
||||
|
||||
if [ "$DOS_DEFCONFIG_DISABLER" = true ]; then
|
||||
for option in "${optionsNo[@]}"
|
||||
do
|
||||
#If the option is enabled, disable it
|
||||
sed -i 's/CONFIG_'"$option"'=y/CONFIG_'"$option"'=n/' $defconfigPath &>/dev/null || true;
|
||||
#If the option isn't present, add it disabled
|
||||
sed -zi '/CONFIG_'"$option"'=n/!s/$/\nCONFIG_'"$option"'=n/' $defconfigPath &>/dev/null || true;
|
||||
done
|
||||
fi;
|
||||
for option in "${optionsNo[@]}"
|
||||
do
|
||||
#If the option is enabled, disable it
|
||||
sed -i 's/CONFIG_'"$option"'=y/CONFIG_'"$option"'=n/' $defconfigPath &>/dev/null || true;
|
||||
#If the option isn't present, add it disabled
|
||||
sed -zi '/CONFIG_'"$option"'=n/!s/$/\nCONFIG_'"$option"'=n/' $defconfigPath &>/dev/null || true;
|
||||
done
|
||||
|
||||
#Extras
|
||||
sed -i 's/CONFIG_ARCH_MMAP_RND_BITS=8/CONFIG_ARCH_MMAP_RND_BITS=16/' $defconfigPath &>/dev/null || true;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue