diff --git a/Manifests/Manifest_LAOS-16.0.xml b/Manifests/Manifest_LAOS-16.0.xml
index 4e0a3600..516db50d 100644
--- a/Manifests/Manifest_LAOS-16.0.xml
+++ b/Manifests/Manifest_LAOS-16.0.xml
@@ -76,7 +76,6 @@
-
diff --git a/Patches/LineageOS-14.1/android_system_bt/0001-Improve_Quality.patch b/Patches/LineageOS-14.1/android_system_bt/0001-Improve_Quality.patch
deleted file mode 100644
index c7da29ef..00000000
--- a/Patches/LineageOS-14.1/android_system_bt/0001-Improve_Quality.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From 93e456e4a21bdb0a03050001b02f9e2dba653306 Mon Sep 17 00:00:00 2001
-From: Tad
-Date: Thu, 23 Aug 2018 22:23:28 -0400
-Subject: [PATCH] Improve Bluetooth audio quality, credit @ValdikSS
-
-Change-Id: Ia6282d5e76ea7df0d8e0c56559f71c333d6b04eb
-See: https://forum.xda-developers.com/android/software-hacking/improve-bluetooth-audio-quality-t3832615
----
- btif/co/bta_av_co.c | 8 ++++----
- btif/src/btif_media_task.c | 2 +-
- 2 files changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/btif/co/bta_av_co.c b/btif/co/bta_av_co.c
-index 39a8ebfa..1d86469d 100644
---- a/btif/co/bta_av_co.c
-+++ b/btif/co/bta_av_co.c
-@@ -130,7 +130,7 @@ const tA2D_SBC_CIE bta_av_co_sbc_sink_caps =
- const tA2D_SBC_CIE btif_av_sbc_default_config =
- {
- BTIF_AV_SBC_DEFAULT_SAMP_FREQ, /* samp_freq */
-- A2D_SBC_IE_CH_MD_JOINT, /* ch_mode */
-+ A2D_SBC_IE_CH_MD_DUAL, /* ch_mode */
- A2D_SBC_IE_BLOCKS_16, /* block_len */
- A2D_SBC_IE_SUBBAND_8, /* num_subbands */
- A2D_SBC_IE_ALLOC_MD_L, /* alloc_mthd */
-@@ -566,12 +566,12 @@ void bta_av_build_src_cfg (UINT8 *p_pref_cfg, UINT8 *p_src_cap)
- else if (src_cap.samp_freq & A2D_SBC_IE_SAMP_FREQ_44)
- pref_cap.samp_freq = A2D_SBC_IE_SAMP_FREQ_44;
-
-- if (src_cap.ch_mode & A2D_SBC_IE_CH_MD_JOINT)
-+ if (src_cap.ch_mode & A2D_SBC_IE_CH_MD_DUAL)
-+ pref_cap.ch_mode = A2D_SBC_IE_CH_MD_DUAL;
-+ else if (src_cap.ch_mode & A2D_SBC_IE_CH_MD_JOINT)
- pref_cap.ch_mode = A2D_SBC_IE_CH_MD_JOINT;
- else if (src_cap.ch_mode & A2D_SBC_IE_CH_MD_STEREO)
- pref_cap.ch_mode = A2D_SBC_IE_CH_MD_STEREO;
-- else if (src_cap.ch_mode & A2D_SBC_IE_CH_MD_DUAL)
-- pref_cap.ch_mode = A2D_SBC_IE_CH_MD_DUAL;
- else if (src_cap.ch_mode & A2D_SBC_IE_CH_MD_MONO)
- pref_cap.ch_mode = A2D_SBC_IE_CH_MD_MONO;
-
-diff --git a/btif/src/btif_media_task.c b/btif/src/btif_media_task.c
-index 977d2668..a8ad735c 100644
---- a/btif/src/btif_media_task.c
-+++ b/btif/src/btif_media_task.c
-@@ -214,7 +214,7 @@ enum {
- #define BTIF_A2DP_NON_EDR_MAX_RATE 237
- #endif
- #else
--#define BTIF_A2DP_DEFAULT_BITRATE 328
-+#define BTIF_A2DP_DEFAULT_BITRATE 512
-
- #ifndef BTIF_A2DP_NON_EDR_MAX_RATE
- #define BTIF_A2DP_NON_EDR_MAX_RATE 229
---
-2.18.0
-
diff --git a/Patches/LineageOS-15.1/android_system_bt/0001-Improve_Quality.patch b/Patches/LineageOS-15.1/android_system_bt/0001-Improve_Quality.patch
deleted file mode 100644
index b184d627..00000000
--- a/Patches/LineageOS-15.1/android_system_bt/0001-Improve_Quality.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-From 133e43eb4f5339e584dc2dcc3f02a34711c93571 Mon Sep 17 00:00:00 2001
-From: Tad
-Date: Thu, 23 Aug 2018 22:16:42 -0400
-Subject: [PATCH] Improve Bluetooth audio quality, credit @ValdikSS
-
-Change-Id: I98f5b84982aaf446e5adfb622993ee11f4592f64
-See: https://forum.xda-developers.com/android/software-hacking/improve-bluetooth-audio-quality-t3832615
----
- stack/a2dp/a2dp_sbc.cc | 14 +++++++-------
- stack/a2dp/a2dp_sbc_encoder.cc | 2 +-
- 2 files changed, 8 insertions(+), 8 deletions(-)
-
-diff --git a/stack/a2dp/a2dp_sbc.cc b/stack/a2dp/a2dp_sbc.cc
-index cfdaad4c..1416d4c3 100644
---- a/stack/a2dp/a2dp_sbc.cc
-+++ b/stack/a2dp/a2dp_sbc.cc
-@@ -55,7 +55,7 @@ typedef struct {
- /* SBC SRC codec capabilities */
- static const tA2DP_SBC_CIE a2dp_sbc_caps = {
- A2DP_SBC_IE_SAMP_FREQ_44, /* samp_freq */
-- (A2DP_SBC_IE_CH_MD_MONO | A2DP_SBC_IE_CH_MD_JOINT), /* ch_mode */
-+ (A2DP_SBC_IE_CH_MD_MONO | A2DP_SBC_IE_CH_MD_JOINT | A2DP_SBC_IE_CH_MD_DUAL), /* ch_mode */
- (A2DP_SBC_IE_BLOCKS_16 | A2DP_SBC_IE_BLOCKS_12 | A2DP_SBC_IE_BLOCKS_8 |
- A2DP_SBC_IE_BLOCKS_4), /* block_len */
- A2DP_SBC_IE_SUBBAND_8, /* num_subbands */
-@@ -82,7 +82,7 @@ static const tA2DP_SBC_CIE a2dp_sbc_sink_caps = {
- /* Default SBC codec configuration */
- const tA2DP_SBC_CIE a2dp_sbc_default_config = {
- A2DP_SBC_IE_SAMP_FREQ_44, /* samp_freq */
-- A2DP_SBC_IE_CH_MD_JOINT, /* ch_mode */
-+ A2DP_SBC_IE_CH_MD_DUAL, /* ch_mode */
- A2DP_SBC_IE_BLOCKS_16, /* block_len */
- A2DP_SBC_IE_SUBBAND_8, /* num_subbands */
- A2DP_SBC_IE_ALLOC_MD_L, /* alloc_method */
-@@ -1154,6 +1154,11 @@ static bool select_audio_bits_per_sample(
- //
- static bool select_best_channel_mode(uint8_t ch_mode, tA2DP_SBC_CIE* p_result,
- btav_a2dp_codec_config_t* p_codec_config) {
-+ if (ch_mode & A2DP_SBC_IE_CH_MD_DUAL) {
-+ p_result->ch_mode = A2DP_SBC_IE_CH_MD_DUAL;
-+ p_codec_config->channel_mode = BTAV_A2DP_CODEC_CHANNEL_MODE_STEREO;
-+ return true;
-+ }
- if (ch_mode & A2DP_SBC_IE_CH_MD_JOINT) {
- p_result->ch_mode = A2DP_SBC_IE_CH_MD_JOINT;
- p_codec_config->channel_mode = BTAV_A2DP_CODEC_CHANNEL_MODE_STEREO;
-@@ -1164,11 +1169,6 @@ static bool select_best_channel_mode(uint8_t ch_mode, tA2DP_SBC_CIE* p_result,
- p_codec_config->channel_mode = BTAV_A2DP_CODEC_CHANNEL_MODE_STEREO;
- return true;
- }
-- if (ch_mode & A2DP_SBC_IE_CH_MD_DUAL) {
-- p_result->ch_mode = A2DP_SBC_IE_CH_MD_DUAL;
-- p_codec_config->channel_mode = BTAV_A2DP_CODEC_CHANNEL_MODE_STEREO;
-- return true;
-- }
- if (ch_mode & A2DP_SBC_IE_CH_MD_MONO) {
- p_result->ch_mode = A2DP_SBC_IE_CH_MD_MONO;
- p_codec_config->channel_mode = BTAV_A2DP_CODEC_CHANNEL_MODE_MONO;
-diff --git a/stack/a2dp/a2dp_sbc_encoder.cc b/stack/a2dp/a2dp_sbc_encoder.cc
-index e4c20499..8b3731d1 100644
---- a/stack/a2dp/a2dp_sbc_encoder.cc
-+++ b/stack/a2dp/a2dp_sbc_encoder.cc
-@@ -39,7 +39,7 @@
- #define A2DP_SBC_ENCODER_INTERVAL_MS 20
-
- /* High quality quality setting @ 44.1 khz */
--#define A2DP_SBC_DEFAULT_BITRATE 328
-+#define A2DP_SBC_DEFAULT_BITRATE 512
-
- #define A2DP_SBC_NON_EDR_MAX_RATE 229
-
---
-2.18.0
-
diff --git a/Patches/LineageOS-15.1/android_system_core/0003-Deny_USB-Aggressive.patch b/Patches/LineageOS-15.1/android_system_core/0003-Deny_USB-Aggressive.patch
deleted file mode 100644
index 5a2904bf..00000000
--- a/Patches/LineageOS-15.1/android_system_core/0003-Deny_USB-Aggressive.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 3c31c1f1188e1c550f02d838daa8e7c2e55e6f56 Mon Sep 17 00:00:00 2001
-From: Tad
-Date: Mon, 23 Apr 2018 02:39:35 -0400
-Subject: [PATCH] deny all new usb devices until after boot
-
-Change-Id: I7a3dad49610eb4010dc13a3acaffb6fd91cdc89c
----
- rootdir/init.rc | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/rootdir/init.rc b/rootdir/init.rc
-index c1bd58eba..38f3bab9f 100644
---- a/rootdir/init.rc
-+++ b/rootdir/init.rc
-@@ -18,6 +18,9 @@ on early-init
- # Disable sysrq from keyboard
- write /proc/sys/kernel/sysrq 0
-
-+ # Deny all new USB devices until after boot
-+ write /proc/sys/kernel/deny_new_usb 1
-+
- # Set the security context of /adb_keys if present.
- restorecon /adb_keys
-
---
-2.17.0
-
diff --git a/Patches/LineageOS-16.0/android_build/0001-Automated_Build_Signing.patch b/Patches/LineageOS-16.0/android_build/0001-Automated_Build_Signing.patch
new file mode 100644
index 00000000..f14f679a
--- /dev/null
+++ b/Patches/LineageOS-16.0/android_build/0001-Automated_Build_Signing.patch
@@ -0,0 +1,103 @@
+From b5ad740f0a0930081b8056eaf6e83873fa0b41ef Mon Sep 17 00:00:00 2001
+From: Daniel Micay
+Date: Tue, 3 Apr 2018 14:12:55 -0400
+Subject: [PATCH] Add optional automated signing
+
+Change-Id: I9ebd044c4c2f76688f7921b991055c57ec574986
+---
+ core/Makefile | 42 +++++++++++++++++++++++++++++++++++++++---
+ 1 file changed, 39 insertions(+), 3 deletions(-)
+
+diff --git a/core/Makefile b/core/Makefile
+index 9498b47d4..a99677116 100644
+--- a/core/Makefile
++++ b/core/Makefile
+@@ -612,6 +612,10 @@ $(call dist-for-goals,droidcore,$(PGO_PROFILE_MISSING))
+ # exist with the suffixes ".x509.pem" and ".pk8".
+ DEFAULT_KEY_CERT_PAIR := $(DEFAULT_SYSTEM_DEV_CERTIFICATE)
+
++ifneq ($(SIGNING_KEY_DIR),)
++ KEY_CERT_DIR := $(SIGNING_KEY_DIR)
++ DEFAULT_KEY_CERT_PAIR := $(SIGNING_KEY_DIR)/releasekey
++endif
+
+ # Rules that need to be present for the all targets, even
+ # if they don't do anything.
+@@ -1412,6 +1416,16 @@ endif
+ # substitute other keys for this one.
+ OTA_PUBLIC_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem
+
++ifneq ($(SIGNING_KEY_DIR),)
++ OTA_PUBLIC_KEYS := $(SIGNING_KEY_DIR)/releasekey.x509.pem
++ PRODUCT_EXTRA_RECOVERY_KEYS += $(SIGNING_KEY_DIR)/extra
++else
++ ifneq ($(OTA_PACKAGE_SIGNING_KEY),)
++ OTA_PUBLIC_KEYS := $(OTA_PACKAGE_SIGNING_KEY).x509.pem
++ PRODUCT_EXTRA_RECOVERY_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE)
++ endif
++endif
++
+ # Generate a file containing the keys that will be read by the
+ # recovery binary.
+ RECOVERY_INSTALL_OTA_KEYS := \
+@@ -2682,6 +2696,13 @@ $(BUILT_TARGET_FILES_PACKAGE): intermediates := $(intermediates)
+ $(BUILT_TARGET_FILES_PACKAGE): \
+ zip_root := $(intermediates)/$(name)
+
++SIGNED_TARGET_FILES_PACKAGE := $(intermediates)/signed-$(name).zip
++MAYBE_SIGNED_TARGET_FILES_PACKAGE := $(BUILT_TARGET_FILES_PACKAGE)
++
++ifneq ($(SIGNING_KEY_DIR),)
++ MAYBE_SIGNED_TARGET_FILES_PACKAGE := $(SIGNED_TARGET_FILES_PACKAGE)
++endif
++
+ # $(1): Directory to copy
+ # $(2): Location to copy it to
+ # The "ls -A" is to prevent "acp s/* d" from failing if s is empty.
+@@ -3148,6 +3169,12 @@ else
+ OTA_SCRIPT_OVERRIDE_DEVICE := $(TARGET_OTA_ASSERT_DEVICE)
+ endif
+
++ifeq ($(TARGET_RELEASETOOL_SIGN_TARGET_SCRIPT),)
++ SIGN_TARGET_SCRIPT := ./build/tools/releasetools/sign_target_files_apks
++else
++ SIGN_TARGET_SCRIPT := $(TARGET_RELEASETOOL_SIGN_TARGET_SCRIPT)
++endif
++
+ ifeq ($(WITH_GMS),true)
+ $(INTERNAL_OTA_PACKAGE_TARGET): backuptool := false
+ else
+@@ -3158,18 +3185,27 @@ else
+ endif
+ endif
+
+-$(INTERNAL_OTA_PACKAGE_TARGET): $(BUILT_TARGET_FILES_PACKAGE) \
++$(SIGNED_TARGET_FILES_PACKAGE): $(BUILT_TARGET_FILES_PACKAGE) \
++ build/tools/releasetools/sign_target_files_apks
++ @echo "$(SIGN_TARGET_SCRIPT)" > $(PRODUCT_OUT)/sign_script_path
++ @echo -e ${CL_YLW}"Sign target files:"${CL_RST}" $@"
++ $(hide) $(SIGN_TARGET_SCRIPT) \
++ -d $(KEY_CERT_DIR) \
++ -o \
++ $(BUILT_TARGET_FILES_PACKAGE) \
++ $(SIGNED_TARGET_FILES_PACKAGE)
++
++$(INTERNAL_OTA_PACKAGE_TARGET): $(MAYBE_SIGNED_TARGET_FILES_PACKAGE) \
+ build/make/tools/releasetools/ota_from_target_files
+ @echo "Package OTA: $@"
+ $(hide) PATH=$(foreach p,$(INTERNAL_USERIMAGES_BINARY_PATHS),$(p):)$$PATH MKBOOTIMG=$(MKBOOTIMG) \
+ build/make/tools/releasetools/ota_from_target_files -v \
+ --block \
+- --extracted_input_target_files $(patsubst %.zip,%,$(BUILT_TARGET_FILES_PACKAGE)) \
+ -p $(HOST_OUT) \
+ -k $(KEY_CERT_PAIR) \
+ --backup=$(backuptool) \
+ $(if $(OEM_OTA_CONFIG), -o $(OEM_OTA_CONFIG)) \
+- $(BUILT_TARGET_FILES_PACKAGE) $@
++ $(MAYBE_SIGNED_TARGET_FILES_PACKAGE) $@
+
+ .PHONY: otapackage
+ otapackage: $(INTERNAL_OTA_PACKAGE_TARGET)
+--
+2.20.1
+
diff --git a/Patches/LineageOS-16.0/android_device_qcom_sepolicy-legacy/0001-Camera_Fix.patch b/Patches/LineageOS-16.0/android_device_qcom_sepolicy-legacy/0001-Camera_Fix.patch
new file mode 100644
index 00000000..52de3921
--- /dev/null
+++ b/Patches/LineageOS-16.0/android_device_qcom_sepolicy-legacy/0001-Camera_Fix.patch
@@ -0,0 +1,34 @@
+From 41c2cb884b69e04e2e7a6404b580aafc4b2ceba7 Mon Sep 17 00:00:00 2001
+From: Tad
+Date: Mon, 12 Feb 2018 02:41:09 -0500
+Subject: [PATCH] TEMPORARY fix camera not working on user builds
+
+Change-Id: I61e8c78bfd70be7c157c049dac201de21749d4a2
+---
+ common/mediaserver.te | 10 ++++------
+ 1 file changed, 4 insertions(+), 6 deletions(-)
+
+diff --git a/common/mediaserver.te b/common/mediaserver.te
+index 1108551..6b92565 100755
+--- a/common/mediaserver.te
++++ b/common/mediaserver.te
+@@ -13,12 +13,10 @@ binder_call(mediaserver, rild)
+ #qmux_socket(mediaserver)
+ allow mediaserver camera_data_file:sock_file w_file_perms;
+
+-userdebug_or_eng(`
+- allow mediaserver camera_data_file:dir rw_dir_perms;
+- allow mediaserver camera_data_file:file create_file_perms;
+- # Access to audio
+- allow mediaserver qti_debugfs:file rw_file_perms;
+-')
++allow mediaserver camera_data_file:dir rw_dir_perms;
++allow mediaserver camera_data_file:file create_file_perms;
++# Access to audio
++allow mediaserver qti_debugfs:file rw_file_perms;
+
+ r_dir_file(mediaserver, sysfs_esoc)
+ #allow mediaserver system_app_data_file:file rw_file_perms;
+--
+2.16.1
+
diff --git a/Patches/LineageOS-16.0/android_frameworks_base/0005-Connectivity.patch b/Patches/LineageOS-16.0/android_frameworks_base/0005-Connectivity.patch
new file mode 100644
index 00000000..a2317aa5
--- /dev/null
+++ b/Patches/LineageOS-16.0/android_frameworks_base/0005-Connectivity.patch
@@ -0,0 +1,34 @@
+From 883366830fc3af50d2232fc0b6d885f92c5d53ce Mon Sep 17 00:00:00 2001
+From: Tad
+Date: Tue, 8 May 2018 20:53:07 -0400
+Subject: [PATCH] Change connectivity check URLs to ours
+
+Change-Id: I2dac7210f9c7e953d5ee88e2871bd26c234dfce6
+---
+ .../com/android/server/connectivity/NetworkMonitor.java | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/services/core/java/com/android/server/connectivity/NetworkMonitor.java b/services/core/java/com/android/server/connectivity/NetworkMonitor.java
+index d3a93542c74..32918aa3cdc 100644
+--- a/services/core/java/com/android/server/connectivity/NetworkMonitor.java
++++ b/services/core/java/com/android/server/connectivity/NetworkMonitor.java
+@@ -91,12 +91,12 @@ public class NetworkMonitor extends StateMachine {
+ // Default configuration values for captive portal detection probes.
+ // TODO: append a random length parameter to the default HTTPS url.
+ // TODO: randomize browser version ids in the default User-Agent String.
+- private static final String DEFAULT_HTTPS_URL = "https://www.google.com/generate_204";
++ private static final String DEFAULT_HTTPS_URL = "https://divestos.xyz/gen204.php";
+ private static final String DEFAULT_HTTP_URL =
+- "http://connectivitycheck.gstatic.com/generate_204";
+- private static final String DEFAULT_FALLBACK_URL = "http://www.google.com/gen_204";
++ "http://divestos.xyz/gen204.php";
++ private static final String DEFAULT_FALLBACK_URL = "https://www.google.com/generate_204";
+ private static final String DEFAULT_OTHER_FALLBACK_URLS =
+- "http://play.googleapis.com/generate_204";
++ "http://connectivitycheck.gstatic.com/generate_204";
+ private static final String DEFAULT_USER_AGENT = "Mozilla/5.0 (X11; Linux x86_64) "
+ + "AppleWebKit/537.36 (KHTML, like Gecko) "
+ + "Chrome/60.0.3112.32 Safari/537.36";
+--
+2.17.0
+
diff --git a/Patches/LineageOS-16.0/android_frameworks_base/0006-Disable_Analytics.patch b/Patches/LineageOS-16.0/android_frameworks_base/0006-Disable_Analytics.patch
new file mode 100644
index 00000000..433aca32
--- /dev/null
+++ b/Patches/LineageOS-16.0/android_frameworks_base/0006-Disable_Analytics.patch
@@ -0,0 +1,37 @@
+From 5b59a2cf8028488847a5cd6ac7d4a14414972438 Mon Sep 17 00:00:00 2001
+From: Tad
+Date: Mon, 21 May 2018 04:23:40 -0400
+Subject: [PATCH] Disable/reduce functionality of various ad/analytics
+ libraries
+
+Change-Id: I84303ee26d0232e471f44ae6eff6e41a2210e42e
+---
+ core/java/android/content/pm/PackageParser.java | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
+index 8c66fb227cf..31368bf74b1 100644
+--- a/core/java/android/content/pm/PackageParser.java
++++ b/core/java/android/content/pm/PackageParser.java
+@@ -5524,6 +5524,18 @@ public class PackageParser {
+
+ if (data == null) {
+ data = new Bundle();
++ data.putBoolean("batch_opted_out_by_default", true);
++ data.putBoolean("com.ad4screen.no_geoloc", true);
++ data.putBoolean("com.facebook.sdk.AutoLogAppEventsEnabled", false);
++ data.putBoolean("com.mixpanel.android.MPConfig.UseIpAddressForGeolocation", false);
++ data.putBoolean("com.webengage.sdk.android.location_tracking", false);
++ data.putBoolean("firebase_analytics_collection_deactivated", true);
++ data.putBoolean("firebase_analytics_collection_enabled", false);
++ data.putBoolean("firebase_crash_collection_enabled", false);
++ data.putBoolean("firebase_performance_collection_deactivated", true);
++ data.putBoolean("google_analytics_adid_collection_enabled", false);
++ data.putString("com.ad4screen.tracking_mode", "Restricted");
++ data.putString("com.sprooki.LOCATION_SERVICES", "disable");
+ }
+
+ String name = sa.getNonConfigurationString(
+--
+2.17.0
+
diff --git a/Patches/LineageOS-16.0/android_frameworks_opt_net_ims/0001-Fix_Calling.patch b/Patches/LineageOS-16.0/android_frameworks_opt_net_ims/0001-Fix_Calling.patch
new file mode 100644
index 00000000..a76a5fa1
--- /dev/null
+++ b/Patches/LineageOS-16.0/android_frameworks_opt_net_ims/0001-Fix_Calling.patch
@@ -0,0 +1,52 @@
+From 694d9c522cb92a80ca975ad3a5e95a802592890f Mon Sep 17 00:00:00 2001
+From: Tad
+Date: Mon, 12 Feb 2018 02:59:01 -0500
+Subject: [PATCH] Fix calling after VoLTE is removed from devices that had it
+ previously enabled
+
+Change-Id: I2417cac6313de8d5110106be23ec2048b4562561
+---
+ src/java/com/android/ims/ImsManager.java | 20 +-------------------
+ 1 file changed, 1 insertion(+), 19 deletions(-)
+
+diff --git a/src/java/com/android/ims/ImsManager.java b/src/java/com/android/ims/ImsManager.java
+index 3dc12f4..afec29e 100644
+--- a/src/java/com/android/ims/ImsManager.java
++++ b/src/java/com/android/ims/ImsManager.java
+@@ -423,12 +423,6 @@ public class ImsManager {
+ * {@link #isEnhanced4gLteModeSettingEnabledByUser()} instead.
+ */
+ public static boolean isEnhanced4gLteModeSettingEnabledByUser(Context context) {
+- ImsManager mgr = ImsManager.getInstance(context,
+- SubscriptionManager.getDefaultVoicePhoneId());
+- if (mgr != null) {
+- return mgr.isEnhanced4gLteModeSettingEnabledByUser();
+- }
+- loge("isEnhanced4gLteModeSettingEnabledByUser: ImsManager null, returning default value.");
+ return false;
+ }
+
+@@ -442,19 +436,7 @@ public class ImsManager {
+ * return the default value.
+ */
+ public boolean isEnhanced4gLteModeSettingEnabledByUser() {
+- int setting = SubscriptionManager.getIntegerSubscriptionProperty(
+- getSubId(), SubscriptionManager.ENHANCED_4G_MODE_ENABLED,
+- SUB_PROPERTY_NOT_INITIALIZED, mContext);
+- boolean onByDefault = getBooleanCarrierConfig(
+- CarrierConfigManager.KEY_ENHANCED_4G_LTE_ON_BY_DEFAULT_BOOL);
+-
+- // If Enhanced 4G LTE Mode is uneditable or not initialized, we use the default value
+- if (!getBooleanCarrierConfig(CarrierConfigManager.KEY_EDITABLE_ENHANCED_4G_LTE_BOOL)
+- || setting == SUB_PROPERTY_NOT_INITIALIZED) {
+- return onByDefault;
+- } else {
+- return (setting == ImsConfig.FeatureValueConstants.ON);
+- }
++ return false;
+ }
+
+ /**
+--
+2.20.1
+
diff --git a/Patches/LineageOS-16.0/android_packages_apps_LineageParts/0001-Remove_Analytics.patch b/Patches/LineageOS-16.0/android_packages_apps_LineageParts/0001-Remove_Analytics.patch
new file mode 100644
index 00000000..e3d53461
--- /dev/null
+++ b/Patches/LineageOS-16.0/android_packages_apps_LineageParts/0001-Remove_Analytics.patch
@@ -0,0 +1,143 @@
+From 8ba726b35be8f00da453c514c57c33a75a8f2984 Mon Sep 17 00:00:00 2001
+From: Tad
+Date: Thu, 19 Apr 2018 20:46:02 -0400
+Subject: [PATCH] Remove analytics
+
+Change-Id: Idcc15bfeda4805b305423534663429942abd1bcf
+---
+ AndroidManifest.xml | 25 -------------------------
+ proguard.flags | 1 -
+ res/values/config.xml | 3 ---
+ res/values/strings.xml | 22 ----------------------
+ res/xml/parts_catalog.xml | 5 -----
+ res/xml/trust_preferences.xml | 3 ---
+ 6 files changed, 59 deletions(-)
+
+diff --git a/AndroidManifest.xml b/AndroidManifest.xml
+index dba419a..af4765f 100644
+--- a/AndroidManifest.xml
++++ b/AndroidManifest.xml
+@@ -226,31 +226,6 @@
+ android:resource="@string/expanded_desktop_settings_summary" />
+
+
+-
+-
+-
+-
+-
+-
+-
+-
+-
+-
+-
+-
+-
+-
+-
+
+
+
+-
+- https://stats.lineageos.org/api/v1/stats
+-
+
+ true
+
+diff --git a/res/values/strings.xml b/res/values/strings.xml
+index 684cbee..b60e87e 100644
+--- a/res/values/strings.xml
++++ b/res/values/strings.xml
+@@ -536,28 +536,6 @@
+ Total commits: %2$s
+ Last update: %3$s]]>
+
+-
+-
+- LineageOS statistics
+- Help make LineageOS better by opting into anonymous statistics reporting
+- About
+- Opting into LineageOS Statistics will allow non-personal data to be submitted to the
+- developers of LineageOS to track unique installations across devices. The information submitted includes an unique identifier,
+- which does not compromise your privacy or personal data. The data is submitted during each boot.\n\nFor an example of the data that is submitted, tap on Preview Data.
+- Enable reporting
+- Preview data
+- View stats
+- Learn more
+-
+-
+- Unique ID
+- Device
+- Version
+- Country
+- Carrier
+- Stats collection
+- Allow installation metrics and device statistics to be collected
+-
+
+ Auto-rotate screen
+ Rotation settings
+diff --git a/res/xml/parts_catalog.xml b/res/xml/parts_catalog.xml
+index 2ad4fdb..5a227cc 100644
+--- a/res/xml/parts_catalog.xml
++++ b/res/xml/parts_catalog.xml
+@@ -69,11 +69,6 @@
+ android:fragment="org.lineageos.lineageparts.statusbar.StatusBarSettings"
+ lineage:xmlRes="@xml/status_bar_settings" />
+
+-
+-
+
+
+-
+-
+
+Date: Wed, 28 Feb 2018 08:12:03 -0500
+Subject: [PATCH] Remove analytics
+
+Change-Id: I189e9362c828569512e819cf655b03bfa3436830
+---
+ res/layout/setup_lineage_settings.xml | 36 -------------------
+ .../lineageos/setupwizard/FinishActivity.java | 12 -------
+ .../setupwizard/LineageSettingsActivity.java | 31 ----------------
+ .../lineageos/setupwizard/SetupWizardApp.java | 1 -
+ 4 files changed, 80 deletions(-)
+
+diff --git a/res/layout/setup_lineage_settings.xml b/res/layout/setup_lineage_settings.xml
+index 42b4c2d..5792c06 100644
+--- a/res/layout/setup_lineage_settings.xml
++++ b/res/layout/setup_lineage_settings.xml
+@@ -51,42 +51,6 @@
+ android:text="@string/services_explanation"
+ android:clickable="true"/>
+
+-
+-
+-
+-
+-
+-
+-
+-
+-
+-
+
+ {
+- boolean checked = !mMetrics.isChecked();
+- mMetrics.setChecked(checked);
+- mSetupWizardApp.getSettingsBundle().putBoolean(KEY_SEND_METRICS, checked);
+- };
+-
+ private View.OnClickListener mNavKeysClickListener = view -> {
+ boolean checked = !mNavKeys.isChecked();
+ mNavKeys.setChecked(checked);
+@@ -109,19 +101,6 @@ public class LineageSettingsActivity extends BaseSetupWizardActivity {
+ privacyPolicy.setMovementMethod(LinkMovementMethod.getInstance());
+ privacyPolicy.setText(ss);
+
+- View metricsRow = findViewById(R.id.metrics);
+- metricsRow.setOnClickListener(mMetricsClickListener);
+- String metricsHelpImproveLineage =
+- getString(R.string.services_help_improve_cm, getString(R.string.os_name));
+- String metricsSummary = getString(R.string.services_metrics_label,
+- metricsHelpImproveLineage, getString(R.string.os_name));
+- final SpannableStringBuilder metricsSpan = new SpannableStringBuilder(metricsSummary);
+- metricsSpan.setSpan(new android.text.style.StyleSpan(android.graphics.Typeface.BOLD),
+- 0, metricsHelpImproveLineage.length(), Spannable.SPAN_EXCLUSIVE_EXCLUSIVE);
+- TextView metrics = (TextView) findViewById(R.id.enable_metrics_summary);
+- metrics.setText(metricsSpan);
+- mMetrics = (CheckBox) findViewById(R.id.enable_metrics_checkbox);
+-
+ View navKeysRow = findViewById(R.id.nav_keys);
+ navKeysRow.setOnClickListener(mNavKeysClickListener);
+ mNavKeys = (CheckBox) findViewById(R.id.nav_keys_checkbox);
+@@ -144,7 +123,6 @@ public class LineageSettingsActivity extends BaseSetupWizardActivity {
+ public void onResume() {
+ super.onResume();
+ updateDisableNavkeysOption();
+- updateMetricsOption();
+ updatePrivacyGuardOption();
+ }
+
+@@ -179,15 +157,6 @@ public class LineageSettingsActivity extends BaseSetupWizardActivity {
+ return R.drawable.ic_features;
+ }
+
+- private void updateMetricsOption() {
+- final Bundle myPageBundle = mSetupWizardApp.getSettingsBundle();
+- boolean metricsChecked =
+- !myPageBundle.containsKey(KEY_SEND_METRICS) || myPageBundle
+- .getBoolean(KEY_SEND_METRICS);
+- mMetrics.setChecked(metricsChecked);
+- myPageBundle.putBoolean(KEY_SEND_METRICS, metricsChecked);
+- }
+-
+ private void updateDisableNavkeysOption() {
+ if (mSupportsKeyDisabler) {
+ final Bundle myPageBundle = mSetupWizardApp.getSettingsBundle();
+diff --git a/src/org/lineageos/setupwizard/SetupWizardApp.java b/src/org/lineageos/setupwizard/SetupWizardApp.java
+index 1a9318d..e362841 100644
+--- a/src/org/lineageos/setupwizard/SetupWizardApp.java
++++ b/src/org/lineageos/setupwizard/SetupWizardApp.java
+@@ -60,7 +60,6 @@ public class SetupWizardApp extends Application {
+ public static final String EXTRA_PREFS_SET_BACK_TEXT = "extra_prefs_set_back_text";
+
+ public static final String KEY_DETECT_CAPTIVE_PORTAL = "captive_portal_detection_enabled";
+- public static final String KEY_SEND_METRICS = "send_metrics";
+ public static final String DISABLE_NAV_KEYS = "disable_nav_keys";
+ public static final String KEY_BUTTON_BACKLIGHT = "pre_navbar_button_backlight";
+ public static final String KEY_PRIVACY_GUARD = "privacy_guard_default";
+--
+2.20.1
+
diff --git a/Patches/LineageOS-16.0/android_packages_apps_Updater/0002-Tor_Support.patch b/Patches/LineageOS-16.0/android_packages_apps_Updater/0002-Tor_Support.patch
new file mode 100644
index 00000000..28f98f1b
--- /dev/null
+++ b/Patches/LineageOS-16.0/android_packages_apps_Updater/0002-Tor_Support.patch
@@ -0,0 +1,385 @@
+From 315dba9fbc687da50f6217ff3db20bb14c11a1a4 Mon Sep 17 00:00:00 2001
+From: Tad
+Date: Thu, 20 Sep 2018 21:44:53 -0400
+Subject: [PATCH] Add support for routing over Tor
+
+Change-Id: Ibfe080c3d801af34fb64fda1b6b8f4f39a2b1ccf
+---
+ res/layout/preferences_dialog.xml | 8 +++
+ res/values/strings.xml | 2 +
+ .../lineageos/updater/UpdatesActivity.java | 12 ++++
+ .../updater/UpdatesCheckReceiver.java | 4 ++
+ .../updater/controller/UpdaterController.java | 8 +++
+ .../updater/download/DownloadClient.java | 8 ++-
+ .../download/HttpURLConnectionClient.java | 27 ++++++--
+ src/org/lineageos/updater/misc/Constants.java | 1 +
+ src/org/lineageos/updater/misc/Utils.java | 65 +++++++++++++++++++
+ 9 files changed, 130 insertions(+), 5 deletions(-)
+
+diff --git a/res/layout/preferences_dialog.xml b/res/layout/preferences_dialog.xml
+index e30c117..f5f3170 100644
+--- a/res/layout/preferences_dialog.xml
++++ b/res/layout/preferences_dialog.xml
+@@ -29,6 +29,14 @@
+ android:entries="@array/menu_auto_updates_check_interval_entries" />
+
+
++
++
+ Once a week
+ Once a month
+ Never
++ Perform requests over Tor
+ Delete updates when installed
+ Delete
+ Copy URL
+@@ -83,6 +84,7 @@
+ The download failed. Please check your internet connection and try again later.
+ The update verification failed.
+ Download completed.
++ Orbot is not installed, disabling Tor routing!
+
+ This update can\'t be installed on top of the current build.
+
+diff --git a/src/org/lineageos/updater/UpdatesActivity.java b/src/org/lineageos/updater/UpdatesActivity.java
+index efea969..6e61129 100644
+--- a/src/org/lineageos/updater/UpdatesActivity.java
++++ b/src/org/lineageos/updater/UpdatesActivity.java
+@@ -341,10 +341,14 @@ public class UpdatesActivity extends UpdatesListActivity {
+
+ final DownloadClient downloadClient;
+ try {
++ if(Utils.isOnionRoutingEnabled(getApplicationContext())) {
++ Utils.requestStartOrbot(getApplicationContext());
++ }
+ downloadClient = new DownloadClient.Builder()
+ .setUrl(url)
+ .setDestination(jsonFileTmp)
+ .setDownloadCallback(callback)
++ .setUseOnionRouting(Utils.isOnionRoutingEnabled(getApplicationContext()))
+ .build();
+ } catch (IOException exception) {
+ Log.e(TAG, "Could not build download client");
+@@ -409,6 +413,7 @@ public class UpdatesActivity extends UpdatesListActivity {
+ View view = LayoutInflater.from(this).inflate(R.layout.preferences_dialog, null);
+ Spinner autoCheckInterval =
+ view.findViewById(R.id.preferences_auto_updates_check_interval);
++ Switch onionRouting = view.findViewById(R.id.preferences_onion_routing);
+ Switch autoDelete = view.findViewById(R.id.preferences_auto_delete_updates);
+ Switch dataWarning = view.findViewById(R.id.preferences_mobile_data_warning);
+ Switch abPerfMode = view.findViewById(R.id.preferences_ab_perf_mode);
+@@ -419,6 +424,7 @@ public class UpdatesActivity extends UpdatesListActivity {
+
+ SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
+ autoCheckInterval.setSelection(Utils.getUpdateCheckSetting(this));
++ onionRouting.setChecked(prefs.getBoolean(Constants.PREF_ONION_ROUTING, false));
+ autoDelete.setChecked(prefs.getBoolean(Constants.PREF_AUTO_DELETE_UPDATES, false));
+ dataWarning.setChecked(prefs.getBoolean(Constants.PREF_MOBILE_DATA_WARNING, true));
+ abPerfMode.setChecked(prefs.getBoolean(Constants.PREF_AB_PERF_MODE, false));
+@@ -430,6 +436,8 @@ public class UpdatesActivity extends UpdatesListActivity {
+ prefs.edit()
+ .putInt(Constants.PREF_AUTO_UPDATES_CHECK_INTERVAL,
+ autoCheckInterval.getSelectedItemPosition())
++ .putBoolean(Constants.PREF_ONION_ROUTING,
++ onionRouting.isChecked() && Utils.isOrbotInstalled(getApplicationContext()))
+ .putBoolean(Constants.PREF_AUTO_DELETE_UPDATES,
+ autoDelete.isChecked())
+ .putBoolean(Constants.PREF_MOBILE_DATA_WARNING,
+@@ -445,6 +453,10 @@ public class UpdatesActivity extends UpdatesListActivity {
+ UpdatesCheckReceiver.cancelUpdatesCheck(this);
+ }
+
++ if(onionRouting.isChecked() && !Utils.isOrbotInstalled(getApplicationContext())) {
++ showSnackbar(R.string.snack_orbot_not_available, Snackbar.LENGTH_LONG);
++ }
++
+ boolean enableABPerfMode = abPerfMode.isChecked();
+ mUpdaterService.getUpdaterController().setPerformanceMode(enableABPerfMode);
+ })
+diff --git a/src/org/lineageos/updater/UpdatesCheckReceiver.java b/src/org/lineageos/updater/UpdatesCheckReceiver.java
+index d0769cf..b6d32f9 100644
+--- a/src/org/lineageos/updater/UpdatesCheckReceiver.java
++++ b/src/org/lineageos/updater/UpdatesCheckReceiver.java
+@@ -112,10 +112,14 @@ public class UpdatesCheckReceiver extends BroadcastReceiver {
+ };
+
+ try {
++ if(Utils.isOnionRoutingEnabled(context)) {
++ Utils.requestStartOrbot(context);
++ }
+ DownloadClient downloadClient = new DownloadClient.Builder()
+ .setUrl(url)
+ .setDestination(jsonNew)
+ .setDownloadCallback(callback)
++ .setUseOnionRouting(Utils.isOnionRoutingEnabled(context))
+ .build();
+ downloadClient.start();
+ } catch (IOException e) {
+diff --git a/src/org/lineageos/updater/controller/UpdaterController.java b/src/org/lineageos/updater/controller/UpdaterController.java
+index 8fd5760..f89c7fd 100644
+--- a/src/org/lineageos/updater/controller/UpdaterController.java
++++ b/src/org/lineageos/updater/controller/UpdaterController.java
+@@ -357,12 +357,16 @@ public class UpdaterController {
+ update.setFile(destination);
+ DownloadClient downloadClient;
+ try {
++ if(Utils.isOnionRoutingEnabled(mContext)) {
++ Utils.requestStartOrbot(mContext);
++ }
+ downloadClient = new DownloadClient.Builder()
+ .setUrl(update.getDownloadUrl())
+ .setDestination(update.getFile())
+ .setDownloadCallback(getDownloadCallback(downloadId))
+ .setProgressListener(getProgressListener(downloadId))
+ .setUseDuplicateLinks(true)
++ .setUseOnionRouting(Utils.isOnionRoutingEnabled(mContext))
+ .build();
+ } catch (IOException exception) {
+ Log.e(TAG, "Could not build download client");
+@@ -397,6 +401,9 @@ public class UpdaterController {
+ verifyUpdateAsync(downloadId);
+ notifyUpdateChange(downloadId);
+ } else {
++ if(Utils.isOnionRoutingEnabled(mContext)) {
++ Utils.requestStartOrbot(mContext);
++ }
+ DownloadClient downloadClient;
+ try {
+ downloadClient = new DownloadClient.Builder()
+@@ -405,6 +412,7 @@ public class UpdaterController {
+ .setDownloadCallback(getDownloadCallback(downloadId))
+ .setProgressListener(getProgressListener(downloadId))
+ .setUseDuplicateLinks(true)
++ .setUseOnionRouting(Utils.isOnionRoutingEnabled(mContext))
+ .build();
+ } catch (IOException exception) {
+ Log.e(TAG, "Could not build download client");
+diff --git a/src/org/lineageos/updater/download/DownloadClient.java b/src/org/lineageos/updater/download/DownloadClient.java
+index 6a2a490..374e017 100644
+--- a/src/org/lineageos/updater/download/DownloadClient.java
++++ b/src/org/lineageos/updater/download/DownloadClient.java
+@@ -64,6 +64,7 @@ public interface DownloadClient {
+ private DownloadClient.DownloadCallback mCallback;
+ private DownloadClient.ProgressListener mProgressListener;
+ private boolean mUseDuplicateLinks;
++ private boolean mOnionRouting;
+
+ public DownloadClient build() throws IOException {
+ if (mUrl == null) {
+@@ -74,7 +75,7 @@ public interface DownloadClient {
+ throw new IllegalStateException("No download callback defined");
+ }
+ return new HttpURLConnectionClient(mUrl, mDestination, mProgressListener, mCallback,
+- mUseDuplicateLinks);
++ mUseDuplicateLinks, mOnionRouting);
+ }
+
+ public Builder setUrl(String url) {
+@@ -101,5 +102,10 @@ public interface DownloadClient {
+ mUseDuplicateLinks = useDuplicateLinks;
+ return this;
+ }
++
++ public Builder setUseOnionRouting(boolean onionRouting) {
++ mOnionRouting = onionRouting;
++ return this;
++ }
+ }
+ }
+diff --git a/src/org/lineageos/updater/download/HttpURLConnectionClient.java b/src/org/lineageos/updater/download/HttpURLConnectionClient.java
+index 2b7c80e..caeaf66 100644
+--- a/src/org/lineageos/updater/download/HttpURLConnectionClient.java
++++ b/src/org/lineageos/updater/download/HttpURLConnectionClient.java
+@@ -18,12 +18,16 @@ package org.lineageos.updater.download;
+ import android.os.SystemClock;
+ import android.util.Log;
+
++import org.lineageos.updater.misc.Utils;
++
+ import java.io.File;
+ import java.io.FileOutputStream;
+ import java.io.IOException;
+ import java.io.InputStream;
+ import java.io.OutputStream;
+ import java.net.HttpURLConnection;
++import java.net.InetSocketAddress;
++import java.net.Proxy;
+ import java.net.URL;
+ import java.util.Comparator;
+ import java.util.List;
+@@ -42,6 +46,7 @@ public class HttpURLConnectionClient implements DownloadClient {
+ private final DownloadClient.ProgressListener mProgressListener;
+ private final DownloadClient.DownloadCallback mCallback;
+ private final boolean mUseDuplicateLinks;
++ private final boolean mUseOnionRouting;
+
+ private DownloadThread mDownloadThread;
+
+@@ -60,8 +65,14 @@ public class HttpURLConnectionClient implements DownloadClient {
+ HttpURLConnectionClient(String url, File destination,
+ DownloadClient.ProgressListener progressListener,
+ DownloadClient.DownloadCallback callback,
+- boolean useDuplicateLinks) throws IOException {
+- mClient = (HttpURLConnection) new URL(url).openConnection();
++ boolean useDuplicateLinks, boolean useOnionRouting) throws IOException {
++ mUseOnionRouting = useOnionRouting;
++ if(mUseOnionRouting) {
++ Proxy orbot = new Proxy(Proxy.Type.SOCKS, new InetSocketAddress("127.0.0.1", 9050));
++ mClient = (HttpURLConnection) new URL(url).openConnection(orbot);
++ } else {
++ mClient = (HttpURLConnection) new URL(url).openConnection();
++ }
+ mDestination = destination;
+ mProgressListener = progressListener;
+ mCallback = callback;
+@@ -169,7 +180,12 @@ public class HttpURLConnectionClient implements DownloadClient {
+ private void changeClientUrl(URL newUrl) throws IOException {
+ String range = mClient.getRequestProperty("Range");
+ mClient.disconnect();
+- mClient = (HttpURLConnection) newUrl.openConnection();
++ if(mUseOnionRouting) {
++ Proxy orbot = new Proxy(Proxy.Type.SOCKS, new InetSocketAddress("127.0.0.1", 9050));
++ mClient = (HttpURLConnection) newUrl.openConnection(orbot);
++ } else {
++ mClient = (HttpURLConnection) newUrl.openConnection();
++ }
+ if (range != null) {
+ mClient.setRequestProperty("Range", range);
+ }
+@@ -224,7 +240,7 @@ public class HttpURLConnectionClient implements DownloadClient {
+ }
+ Log.d(TAG, "Downloading from " + newUrl);
+ changeClientUrl(url);
+- mClient.setConnectTimeout(5000);
++ mClient.setConnectTimeout(mUseOnionRouting ? 45000 : 5000);
+ mClient.connect();
+ if (!isSuccessCode(mClient.getResponseCode())) {
+ throw new IOException("Server replied with " + mClient.getResponseCode());
+@@ -246,6 +262,9 @@ public class HttpURLConnectionClient implements DownloadClient {
+ @Override
+ public void run() {
+ try {
++ if(mUseOnionRouting) {
++ Utils.waitUntilOrbotIsAvailable();
++ }
+ mClient.setInstanceFollowRedirects(!mUseDuplicateLinks);
+ mClient.connect();
+ int responseCode = mClient.getResponseCode();
+diff --git a/src/org/lineageos/updater/misc/Constants.java b/src/org/lineageos/updater/misc/Constants.java
+index 81e7c1a..46d8666 100644
+--- a/src/org/lineageos/updater/misc/Constants.java
++++ b/src/org/lineageos/updater/misc/Constants.java
+@@ -30,6 +30,7 @@ public final class Constants {
+
+ public static final String PREF_LAST_UPDATE_CHECK = "last_update_check";
+ public static final String PREF_AUTO_UPDATES_CHECK_INTERVAL = "auto_updates_check_interval";
++ public static final String PREF_ONION_ROUTING = "onion_routing";
+ public static final String PREF_AUTO_DELETE_UPDATES = "auto_delete_updates";
+ public static final String PREF_AB_PERF_MODE = "ab_perf_mode";
+ public static final String PREF_MOBILE_DATA_WARNING = "pref_mobile_data_warning";
+diff --git a/src/org/lineageos/updater/misc/Utils.java b/src/org/lineageos/updater/misc/Utils.java
+index 65d6ec7..06838ef 100644
+--- a/src/org/lineageos/updater/misc/Utils.java
++++ b/src/org/lineageos/updater/misc/Utils.java
+@@ -45,6 +45,7 @@ import java.io.BufferedReader;
+ import java.io.File;
+ import java.io.FileReader;
+ import java.io.IOException;
++import java.net.Socket;
+ import java.util.ArrayList;
+ import java.util.Enumeration;
+ import java.util.HashSet;
+@@ -146,12 +147,76 @@ public class Utils {
+ return updates;
+ }
+
++ //Credit: https://stackoverflow.com/a/6758962
++ public static boolean isPackageInstalled(Context context, String packageID) {
++ PackageManager pm = context.getPackageManager();
++ try {
++ pm.getPackageInfo(packageID, PackageManager.GET_META_DATA);
++ } catch(PackageManager.NameNotFoundException e) {
++ return false;
++ }
++ return true;
++ }
++
++ public static boolean isOrbotInstalled(Context context) {
++ return isPackageInstalled(context, "org.torproject.android");
++ }
++
++ public static boolean isOnionRoutingEnabled(Context context) {
++ SharedPreferences preferences = PreferenceManager.getDefaultSharedPreferences(context);
++ return preferences.getBoolean(Constants.PREF_ONION_ROUTING, false);
++ }
++
++ //Credit: OrbotHelper/NetCipher
++ public static void requestStartOrbot(Context context) {
++ Intent intent = new Intent("org.torproject.android.intent.action.START");
++ intent.setPackage("org.torproject.android");
++ intent.putExtra("org.torproject.android.intent.extra.PACKAGE_NAME", context.getPackageName());
++ context.sendBroadcast(intent);
++ }
++
++ //Credit: https://www.geekality.net/2013/04/30/java-simple-check-to-see-if-a-server-is-listening-on-a-port/
++ public static boolean isPortListening(String host, int port) {
++ Socket s = null;
++ try {
++ s = new Socket(host, port);
++ return true;
++ } catch(Exception e) {
++ return false;
++ } finally {
++ if (s != null) {
++ try {
++ s.close();
++ } catch(Exception e1) {
++ }
++ }
++ }
++ }
++
++ public static boolean waitUntilOrbotIsAvailable() {
++ int tries = 0;
++ boolean listening;
++ while(!(listening = isPortListening("127.0.0.1", 9050)) && tries <= 60) {
++ tries++;
++ try {
++ Thread.sleep(1000);
++ } catch(Exception e) {
++
++ }
++ }
++ return listening;
++ }
++
+ public static String getServerURL(Context context) {
+ String incrementalVersion = SystemProperties.get(Constants.PROP_BUILD_VERSION_INCREMENTAL);
+ String device = SystemProperties.get(Constants.PROP_NEXT_DEVICE,
+ SystemProperties.get(Constants.PROP_DEVICE));
+
+ String server = "0OTA_SERVER_CLEARNET0";
++ String serverOnion = "0OTA_SERVER_ONION0";
++ if(serverOnion.toLowerCase().startsWith("http") && isOnionRoutingEnabled(context)) {
++ server = serverOnion;
++ }
+
+ return server + "?base=LineageOS&device=" + device + "&inc=" + incrementalVersion;
+ }
+--
+2.20.1
+
diff --git a/Patches/LineageOS-16.0/android_packages_services_Telephony/0001-PREREQ_Handle_All_Modes.patch b/Patches/LineageOS-16.0/android_packages_services_Telephony/0001-PREREQ_Handle_All_Modes.patch
new file mode 100644
index 00000000..1008e302
--- /dev/null
+++ b/Patches/LineageOS-16.0/android_packages_services_Telephony/0001-PREREQ_Handle_All_Modes.patch
@@ -0,0 +1,141 @@
+From 0b47472891efb2b151e8a02783193846dc48be3e Mon Sep 17 00:00:00 2001
+From: Tad
+Date: Fri, 28 Dec 2018 21:18:47 -0500
+Subject: [PATCH] Change UpdateEnabledNetworksValueAndSummary to handle all
+ modes
+
+Change-Id: I92fe694627a90b619be21466da0b49cff39826c8
+---
+ .../android/phone/MobileNetworkSettings.java | 50 ++++---------------
+ 1 file changed, 11 insertions(+), 39 deletions(-)
+
+diff --git a/src/com/android/phone/MobileNetworkSettings.java b/src/com/android/phone/MobileNetworkSettings.java
+index 0ea4702b4..4bf0f9e9a 100644
+--- a/src/com/android/phone/MobileNetworkSettings.java
++++ b/src/com/android/phone/MobileNetworkSettings.java
+@@ -1423,35 +1423,31 @@ public class MobileNetworkSettings extends Activity {
+ }
+
+ private void UpdateEnabledNetworksValueAndSummary(int NetworkMode) {
++ boolean invalidMode = false;
+ switch (NetworkMode) {
+ case Phone.NT_MODE_TDSCDMA_WCDMA:
+ case Phone.NT_MODE_TDSCDMA_GSM_WCDMA:
+ case Phone.NT_MODE_TDSCDMA_GSM:
+- mButtonEnabledNetworks.setValue(
+- Integer.toString(Phone.NT_MODE_TDSCDMA_GSM_WCDMA));
++ case Phone.NT_MODE_TDSCDMA_CDMA_EVDO_GSM_WCDMA:
++ case Phone.NT_MODE_CDMA:
++ case Phone.NT_MODE_EVDO_NO_CDMA:
++ case Phone.NT_MODE_GLOBAL:
++ case Phone.NT_MODE_TDSCDMA_ONLY:
+ mButtonEnabledNetworks.setSummary(R.string.network_3G);
+ break;
+ case Phone.NT_MODE_WCDMA_ONLY:
+ case Phone.NT_MODE_GSM_UMTS:
+ case Phone.NT_MODE_WCDMA_PREF:
+ if (!mIsGlobalCdma) {
+- mButtonEnabledNetworks.setValue(
+- Integer.toString(Phone.NT_MODE_WCDMA_PREF));
+ mButtonEnabledNetworks.setSummary(R.string.network_3G);
+ } else {
+- mButtonEnabledNetworks.setValue(
+- Integer.toString(Phone.NT_MODE_LTE_CDMA_EVDO_GSM_WCDMA));
+ mButtonEnabledNetworks.setSummary(R.string.network_global);
+ }
+ break;
+ case Phone.NT_MODE_GSM_ONLY:
+ if (!mIsGlobalCdma) {
+- mButtonEnabledNetworks.setValue(
+- Integer.toString(Phone.NT_MODE_GSM_ONLY));
+ mButtonEnabledNetworks.setSummary(R.string.network_2G);
+ } else {
+- mButtonEnabledNetworks.setValue(
+- Integer.toString(Phone.NT_MODE_LTE_CDMA_EVDO_GSM_WCDMA));
+ mButtonEnabledNetworks.setSummary(R.string.network_global);
+ }
+ break;
+@@ -1466,13 +1462,9 @@ public class MobileNetworkSettings extends Activity {
+ case Phone.NT_MODE_LTE_ONLY:
+ case Phone.NT_MODE_LTE_WCDMA:
+ if (!mIsGlobalCdma) {
+- mButtonEnabledNetworks.setValue(
+- Integer.toString(Phone.NT_MODE_LTE_GSM_WCDMA));
+ mButtonEnabledNetworks.setSummary((mShow4GForLTE == true)
+ ? R.string.network_4G : R.string.network_lte);
+ } else {
+- mButtonEnabledNetworks.setValue(
+- Integer.toString(Phone.NT_MODE_LTE_CDMA_EVDO_GSM_WCDMA));
+ mButtonEnabledNetworks.setSummary(R.string.network_global);
+ }
+ break;
+@@ -1483,33 +1475,12 @@ public class MobileNetworkSettings extends Activity {
+ controlCdmaOptions(true);
+ controlGsmOptions(false);
+ } else {
+- mButtonEnabledNetworks.setValue(
+- Integer.toString(Phone.NT_MODE_LTE_CDMA_AND_EVDO));
+ mButtonEnabledNetworks.setSummary(R.string.network_lte);
+ }
+ break;
+- case Phone.NT_MODE_TDSCDMA_CDMA_EVDO_GSM_WCDMA:
+- mButtonEnabledNetworks.setValue(
+- Integer.toString(Phone.NT_MODE_TDSCDMA_CDMA_EVDO_GSM_WCDMA));
+- mButtonEnabledNetworks.setSummary(R.string.network_3G);
+- break;
+- case Phone.NT_MODE_CDMA:
+- case Phone.NT_MODE_EVDO_NO_CDMA:
+- case Phone.NT_MODE_GLOBAL:
+- mButtonEnabledNetworks.setValue(
+- Integer.toString(Phone.NT_MODE_CDMA));
+- mButtonEnabledNetworks.setSummary(R.string.network_3G);
+- break;
+ case Phone.NT_MODE_CDMA_NO_EVDO:
+- mButtonEnabledNetworks.setValue(
+- Integer.toString(Phone.NT_MODE_CDMA_NO_EVDO));
+ mButtonEnabledNetworks.setSummary(R.string.network_1x);
+ break;
+- case Phone.NT_MODE_TDSCDMA_ONLY:
+- mButtonEnabledNetworks.setValue(
+- Integer.toString(Phone.NT_MODE_TDSCDMA_ONLY));
+- mButtonEnabledNetworks.setSummary(R.string.network_3G);
+- break;
+ case Phone.NT_MODE_LTE_TDSCDMA_GSM:
+ case Phone.NT_MODE_LTE_TDSCDMA_GSM_WCDMA:
+ case Phone.NT_MODE_LTE_TDSCDMA:
+@@ -1517,16 +1488,12 @@ public class MobileNetworkSettings extends Activity {
+ case Phone.NT_MODE_LTE_TDSCDMA_CDMA_EVDO_GSM_WCDMA:
+ case Phone.NT_MODE_LTE_CDMA_EVDO_GSM_WCDMA:
+ if (isSupportTdscdma()) {
+- mButtonEnabledNetworks.setValue(
+- Integer.toString(Phone.NT_MODE_LTE_TDSCDMA_CDMA_EVDO_GSM_WCDMA));
+ mButtonEnabledNetworks.setSummary(R.string.network_lte);
+ } else {
+ if (isWorldMode()) {
+ controlCdmaOptions(true);
+ controlGsmOptions(false);
+ }
+- mButtonEnabledNetworks.setValue(
+- Integer.toString(Phone.NT_MODE_LTE_CDMA_EVDO_GSM_WCDMA));
+ if (mPhone.getPhoneType() == PhoneConstants.PHONE_TYPE_CDMA ||
+ mIsGlobalCdma ||
+ isWorldMode()) {
+@@ -1538,10 +1505,15 @@ public class MobileNetworkSettings extends Activity {
+ }
+ break;
+ default:
++ invalidMode = true;
+ String errMsg = "Invalid Network Mode (" + NetworkMode + "). Ignore.";
+ loge(errMsg);
+ mButtonEnabledNetworks.setSummary(errMsg);
+ }
++ if (!invalidMode) {
++ mButtonEnabledNetworks.setValue(
++ Integer.toString(NetworkMode));
++ }
+ }
+
+ @Override
+--
+2.20.1
+
diff --git a/Patches/LineageOS-16.0/android_packages_services_Telephony/0002-More_Preferred_Network_Modes.patch b/Patches/LineageOS-16.0/android_packages_services_Telephony/0002-More_Preferred_Network_Modes.patch
new file mode 100644
index 00000000..631800ee
--- /dev/null
+++ b/Patches/LineageOS-16.0/android_packages_services_Telephony/0002-More_Preferred_Network_Modes.patch
@@ -0,0 +1,262 @@
+From 3433e3f518dc572fa65056276cec79eadd4fb2d2 Mon Sep 17 00:00:00 2001
+From: Tad
+Date: Fri, 28 Dec 2018 21:22:20 -0500
+Subject: [PATCH] More preferred network modes
+
+Change-Id: I6ff09db51fcd64829c24509740ed9a52c3d104cb
+---
+ res/values/strings.xml | 47 +++++++++++++++++++
+ .../android/phone/MobileNetworkSettings.java | 31 ++++++++++--
+ 2 files changed, 74 insertions(+), 4 deletions(-)
+
+diff --git a/res/values/strings.xml b/res/values/strings.xml
+index c3939697d..b220a2331 100644
+--- a/res/values/strings.xml
++++ b/res/values/strings.xml
+@@ -476,6 +476,8 @@
+ Preferred network mode: CDMA/EvDo/GSM/WCDMA
+
+ Preferred network mode: LTE
++
++ Preferred network mode: LTE only
+
+ Preferred network mode: GSM/WCDMA/LTE
+
+@@ -484,6 +486,8 @@
+ Preferred network mode: Global
+
+ Preferred network mode: LTE / WCDMA
++
++ Preferred network mode: LTE / WCDMA only
+
+ Preferred network mode: LTE / GSM / UMTS
+
+@@ -502,6 +506,8 @@
+ Preferred network mode: TDSCDMA/GSM/WCDMA
+
+ Preferred network mode: LTE/TDSCDMA/WCDMA
++
++ Preferred network mode: LTE/TDSCDMA/WCDMA only
+
+ Preferred network mode: LTE/TDSCDMA/GSM/WCDMA
+
+@@ -723,96 +729,137 @@
+ Multi-category enabled
+ Multi-category disabled
+
++ LTE/3G only
++ LTE only
+ LTE (recommended)
++ 4G/3G only
++ 4G only
+ 4G (recommended)
++ 3G only
+ 3G
+ 2G
+ 1x
+ Global
+
+
++ - @string/network_3G_lte_only
++ - @string/network_lte_only
+ - @string/network_lte
++ - @string/network_3G_only
+ - @string/network_3G
+
+
++ - @string/network_3G_4G_only
++ - @string/network_4G_only
+ - @string/network_4G
++ - @string/network_3G_only
+ - @string/network_3G
+
+
++ - "12"
++ - "11"
+ - "9"
++ - "2"
+ - "0"
+
+
+
++ - @string/network_3G_only
+ - @string/network_3G
+ - @string/network_2G
+
+
++ - "2"
+ - "0"
+ - "1"
+
+
+
++ - @string/network_3G_only
+ - @string/network_3G
+
+
++ - "2"
+ - "0"
+
+
+
++ - @string/network_3G_lte_only
++ - @string/network_lte_only
+ - @string/network_lte
++ - @string/network_3G_only
+ - @string/network_3G
+ - @string/network_2G
+
+
++ - @string/network_3G_4G_only
++ - @string/network_4G_only
+ - @string/network_4G
++ - @string/network_3G_only
+ - @string/network_3G
+ - @string/network_2G
+
+
++ - "12"
++ - "11"
+ - "9"
++ - "2"
+ - "0"
+ - "1"
+
+
+
++ - @string/network_lte_only
+ - @string/network_lte
++ - @string/network_3G_only
+ - @string/network_3G
+ - @string/network_1x
+ - @string/network_global
+
+
++ - "11"
+ - "8"
++ - "6"
+ - "4"
+ - "5"
+ - "10"
+
+
+
++ - @string/network_3G_only
+ - @string/network_3G
+ - @string/network_1x
+
+
++ - "6"
+ - "4"
+ - "5"
+
+
+
++ - @string/network_lte_only
+ - @string/network_lte
+ - @string/network_global
+
+
++ - "11"
+ - "8"
+ - "10"
+
+
+
++ - @string/network_3G_lte_only
++ - @string/network_lte_only
+ - @string/network_lte
++ - @string/network_3G_only
+ - @string/network_3G
+ - @string/network_2G
+
+
++ - "19"
++ - "11"
+ - "22"
++ - "14"
+ - "18"
+ - "1"
+
+diff --git a/src/com/android/phone/MobileNetworkSettings.java b/src/com/android/phone/MobileNetworkSettings.java
+index 36b65e77c..968ec96bc 100644
+--- a/src/com/android/phone/MobileNetworkSettings.java
++++ b/src/com/android/phone/MobileNetworkSettings.java
+@@ -1318,8 +1318,11 @@ public class MobileNetworkSettings extends Activity {
+ int modemNetworkMode;
+ // if new mode is invalid ignore it
+ switch (buttonNetworkMode) {
++ case Phone.NT_MODE_WCDMA_ONLY:
+ case Phone.NT_MODE_WCDMA_PREF:
+ case Phone.NT_MODE_GSM_ONLY:
++ case Phone.NT_MODE_LTE_ONLY:
++ case Phone.NT_MODE_LTE_WCDMA:
+ case Phone.NT_MODE_LTE_GSM_WCDMA:
+ case Phone.NT_MODE_LTE_CDMA_EVDO_GSM_WCDMA:
+ case Phone.NT_MODE_CDMA:
+@@ -1548,7 +1551,7 @@ public class MobileNetworkSettings extends Activity {
+ break;
+ case Phone.NT_MODE_LTE_ONLY:
+ mButtonPreferredNetworkMode.setSummary(
+- R.string.preferred_network_mode_lte_summary);
++ R.string.preferred_network_mode_lte_only_summary);
+ break;
+ case Phone.NT_MODE_LTE_TDSCDMA_GSM:
+ mButtonPreferredNetworkMode.setSummary(
+@@ -1595,11 +1598,11 @@ public class MobileNetworkSettings extends Activity {
+ break;
+ case Phone.NT_MODE_LTE_TDSCDMA_WCDMA:
+ mButtonPreferredNetworkMode.setSummary(
+- R.string.preferred_network_mode_lte_tdscdma_wcdma_summary);
++ R.string.preferred_network_mode_lte_tdscdma_wcdma_only_summary);
+ break;
+ case Phone.NT_MODE_LTE_WCDMA:
+ mButtonPreferredNetworkMode.setSummary(
+- R.string.preferred_network_mode_lte_wcdma_summary);
++ R.string.preferred_network_mode_lte_wcdma_only_summary);
+ break;
+ default:
+ mButtonPreferredNetworkMode.setSummary(
+@@ -1621,6 +1624,12 @@ public class MobileNetworkSettings extends Activity {
+ mButtonEnabledNetworks.setSummary(R.string.network_3G);
+ break;
+ case Phone.NT_MODE_WCDMA_ONLY:
++ if (!mIsGlobalCdma) {
++ mButtonEnabledNetworks.setSummary(R.string.network_3G_only);
++ } else {
++ mButtonEnabledNetworks.setSummary(R.string.network_global);
++ }
++ break;
+ case Phone.NT_MODE_GSM_UMTS:
+ case Phone.NT_MODE_WCDMA_PREF:
+ if (!mIsGlobalCdma) {
+@@ -1644,11 +1653,25 @@ public class MobileNetworkSettings extends Activity {
+ controlGsmOptions(true);
+ break;
+ }
++ if (!mIsGlobalCdma) {
++ mButtonEnabledNetworks.setSummary((mShow4GForLTE == true)
++ ? R.string.network_4G : R.string.network_lte);
++ } else {
++ mButtonEnabledNetworks.setSummary(R.string.network_global);
++ }
++ break;
+ case Phone.NT_MODE_LTE_ONLY:
++ if (!mIsGlobalCdma) {
++ mButtonEnabledNetworks.setSummary((mShow4GForLTE == true)
++ ? R.string.network_4G_only : R.string.network_lte_only);
++ } else {
++ mButtonEnabledNetworks.setSummary(R.string.network_global);
++ }
++ break;
+ case Phone.NT_MODE_LTE_WCDMA:
+ if (!mIsGlobalCdma) {
+ mButtonEnabledNetworks.setSummary((mShow4GForLTE == true)
+- ? R.string.network_4G : R.string.network_lte);
++ ? R.string.network_3G_4G_only : R.string.network_3G_lte_only);
+ } else {
+ mButtonEnabledNetworks.setSummary(R.string.network_global);
+ }
+--
+2.20.1
+
diff --git a/Patches/LineageOS-16.0/android_system_core/0001-Harden_Mounts.patch b/Patches/LineageOS-16.0/android_system_core/0001-Harden_Mounts.patch
new file mode 100644
index 00000000..a8c36353
--- /dev/null
+++ b/Patches/LineageOS-16.0/android_system_core/0001-Harden_Mounts.patch
@@ -0,0 +1,48 @@
+From 25424eca15c98eeabb8c150cc0f25895a638e56e Mon Sep 17 00:00:00 2001
+From: Daniel Micay
+Date: Mon, 12 Feb 2018 03:29:58 -0500
+Subject: [PATCH] Harden mounts
+
+Change-Id: Idd2da6d9989ec554ce5b0841781d323fdcd9eb87
+---
+ init/init.cpp | 6 +++---
+ rootdir/init.rc | 1 +
+ 2 files changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/init/init.cpp b/init/init.cpp
+index 74e81e4b5..782d87968 100644
+--- a/init/init.cpp
++++ b/init/init.cpp
+@@ -576,14 +576,14 @@ int main(int argc, char** argv) {
+ mount("tmpfs", "/dev", "tmpfs", MS_NOSUID, "mode=0755");
+ mkdir("/dev/pts", 0755);
+ mkdir("/dev/socket", 0755);
+- mount("devpts", "/dev/pts", "devpts", 0, NULL);
++ mount("devpts", "/dev/pts", "devpts", MS_NOSUID|MS_NOEXEC, NULL);
+ #define MAKE_STR(x) __STRING(x)
+- mount("proc", "/proc", "proc", 0, "hidepid=2,gid=" MAKE_STR(AID_READPROC));
++ mount("proc", "/proc", "proc", MS_NOSUID|MS_NODEV|MS_NOEXEC, "hidepid=2,gid=" MAKE_STR(AID_READPROC));
+ // Don't expose the raw commandline to unprivileged processes.
+ chmod("/proc/cmdline", 0440);
+ gid_t groups[] = { AID_READPROC };
+ setgroups(arraysize(groups), groups);
+- mount("sysfs", "/sys", "sysfs", 0, NULL);
++ mount("sysfs", "/sys", "sysfs", MS_NOSUID|MS_NODEV|MS_NOEXE, NULL);
+ mount("selinuxfs", "/sys/fs/selinux", "selinuxfs", 0, NULL);
+
+ mknod("/dev/kmsg", S_IFCHR | 0600, makedev(1, 11));
+diff --git a/rootdir/init.rc b/rootdir/init.rc
+index 970b3f8d0..14e69da79 100644
+--- a/rootdir/init.rc
++++ b/rootdir/init.rc
+@@ -120,6 +120,7 @@ on init
+ write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
+ write /proc/sys/kernel/sched_child_runs_first 0
+
++ write /proc/sys/kernel/dmesg_restrict 1
+ write /proc/sys/kernel/randomize_va_space 2
+ write /proc/sys/vm/mmap_min_addr 32768
+ write /proc/sys/net/ipv4/ping_group_range "0 2147483647"
+--
+2.20.1
+
diff --git a/Patches/LineageOS-16.0/android_system_sepolicy/0001-LGE_Fixes.patch b/Patches/LineageOS-16.0/android_system_sepolicy/0001-LGE_Fixes.patch
new file mode 100644
index 00000000..470dec5e
--- /dev/null
+++ b/Patches/LineageOS-16.0/android_system_sepolicy/0001-LGE_Fixes.patch
@@ -0,0 +1,35 @@
+From 3d7d3ace3a1cb5a4e31b3fe335128de56049d419 Mon Sep 17 00:00:00 2001
+From: Tad
+Date: Thu, 12 Apr 2018 08:05:32 -0400
+Subject: [PATCH] Fix -user builds for many LGE devices
+
+Change-Id: I46c4191b1171055cbdb5b23e8714d24676fc48bb
+---
+ public/domain.te | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/public/domain.te b/public/domain.te
+index 883048fb..d0a9def1 100644
+--- a/public/domain.te
++++ b/public/domain.te
+@@ -597,6 +597,9 @@ neverallow { domain -recovery -update_engine } system_block_device:blk_file { wr
+ # No domains other than install_recovery or recovery can write to recovery.
+ neverallow { domain -install_recovery -recovery } recovery_block_device:blk_file { write append };
+
+++# Select devices have policies prevented by the following neverallow
+++attribute misc_block_device_exception;
++
+ # No domains other than a select few can access the misc_block_device. This
+ # block device is reserved for OTA use.
+ # Do not assert this rule on userdebug/eng builds, due to some devices using
+@@ -612,6 +615,7 @@ neverallow {
+ -vold
+ -recovery
+ -ueventd
++ -misc_block_device_exception
+ } misc_block_device:blk_file { append link relabelfrom rename write open read ioctl lock };
+
+ # Only (hw|vnd|)servicemanager should be able to register with binder as the context manager
+--
+2.20.1
+
diff --git a/Scripts/LineageOS-14.1/Patch.sh b/Scripts/LineageOS-14.1/Patch.sh
index 3cebd4a0..0ceb33ad 100644
--- a/Scripts/LineageOS-14.1/Patch.sh
+++ b/Scripts/LineageOS-14.1/Patch.sh
@@ -151,9 +151,6 @@ enterAndClear "packages/services/Telephony";
patch -p1 < "$DOS_PATCHES/android_packages_services_Telephony/0001-PREREQ_Handle_All_Modes.patch";
patch -p1 < "$DOS_PATCHES/android_packages_services_Telephony/0002-More_Preferred_Network_Modes.patch";
-enterAndClear "system/bt";
-patch -p1 < "$DOS_PATCHES/android_system_bt/0001-Improve_Quality.patch"; #Improve Bluetooth audio quality, credit @ValdikSS
-
enterAndClear "system/core";
if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file
git revert 0217dddeb5c16903c13ff6c75213619b79ea622b d7aa1231b6a0631f506c0c23816f2cd81645b15f; #Always update recovery XXX: This doesn't seem to work
diff --git a/Scripts/LineageOS-15.1/Defaults.sh b/Scripts/LineageOS-15.1/Defaults.sh
index f7d906d4..a4370681 100644
--- a/Scripts/LineageOS-15.1/Defaults.sh
+++ b/Scripts/LineageOS-15.1/Defaults.sh
@@ -24,17 +24,6 @@
echo "Changing default settings...";
-enter "lineage-sdk";
-#sed -i 's/VOLBTN_MUSIC_CONTROLS, 1/VOLBTN_MUSIC_CONTROLS, 0/' sdk/src/java/org/lineageos/internal/buttons/LineageButtons.java; #FIXME
-
-enter "frameworks/base";
-#sed -i 's/PRIVACY_GUARD_NOTIFICATION, 1/PRIVACY_GUARD_NOTIFICATION, 0/' services/core/java/com/android/server/am/ActivityRecord.java;
-#sed -i 's/VOLUME_KEYS_CONTROL_RING_STREAM, 1/VOLUME_KEYS_CONTROL_RING_STREAM, 0/' services/core/java/com/android/server/audio/AudioService.java; #FIXME
-#sed -i 's/TORCH_LONG_PRESS_POWER_GESTURE, 0/TORCH_LONG_PRESS_POWER_GESTURE, 1/' services/core/java/com/android/server/policy/PhoneWindowManager.java; #FIXME
-#sed -i 's/TORCH_LONG_PRESS_POWER_TIMEOUT, 0/TORCH_LONG_PRESS_POWER_TIMEOUT, 120/' services/core/java/com/android/server/policy/PhoneWindowManager.java; #FIXME
-#sed -i 's/CAMERA_DOUBLE_TAP_POWER_GESTURE_DISABLED, 0/CAMERA_DOUBLE_TAP_POWER_GESTURE_DISABLED, 1/' services/core/java/com/android/server/GestureLauncherService.java; #FIXME
-#sed -i 's/NAVIGATION_BAR_MENU_ARROW_KEYS, 0/NAVIGATION_BAR_MENU_ARROW_KEYS, 1/' packages/SystemUI/src/com/android/systemui/statusbar/phone/NavigationBarView.java; #FIXME
-
enter "packages/apps/Dialer";
sed -i 's/ENABLE_FORWARD_LOOKUP, 1)/ENABLE_FORWARD_LOOKUP, 0)/' java/com/android/dialer/lookup/LookupSettings*.java; #Disable FLP
sed -i 's/ENABLE_PEOPLE_LOOKUP, 1)/ENABLE_PEOPLE_LOOKUP, 0)/' java/com/android/dialer/lookup/LookupSettings*.java; #Disable PLP
@@ -51,9 +40,6 @@ sed -i 's/Float.parseFloat(newValue.toString()) : 1;/Float.parseFloat(newValue.t
enter "packages/apps/Trebuchet";
sed -i 's/"pref_predictive_apps", true/"pref_predictive_apps", false/' src/com/android/launcher3/Launcher.java;
-enter "packages/inputmethods/LatinIME";
-#sed -i 's/PREF_KEY_USE_PERSONALIZED_DICTS, true/PREF_KEY_USE_PERSONALIZED_DICTS, false/' java/src/com/android/inputmethod/latin/settings/SettingsValues.java; #FIXME
-
enter "vendor/lineage";
sed -i 's/ro.config.notification_sound=Argon.ogg/ro.config.notification_sound=Pong.ogg/' config/common.mk;
sed -i 's/ro.config.alarm_alert=Hassium.ogg/ro.config.alarm_alert=Alarm_Buzzer.ogg/' config/common.mk;
diff --git a/Scripts/LineageOS-15.1/Patch.sh b/Scripts/LineageOS-15.1/Patch.sh
index 8c2ef252..aa6dcdd4 100644
--- a/Scripts/LineageOS-15.1/Patch.sh
+++ b/Scripts/LineageOS-15.1/Patch.sh
@@ -80,8 +80,8 @@ git revert 1419d63b4889a26d22443fd8df1f9073bf229d3d; #Add back Makefiles
enterAndClear "frameworks/base";
hardenLocationFWB "$DOS_BUILD_BASE";
-#git revert https://review.lineageos.org/#/c/202875/ #re-enable doze on devices without gms
sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox
+sed -i 's/DEFAULT_MAX_FILES_LOWRAM = 300;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox
sed -i 's/(notif.needNotify)/(true)/' location/java/com/android/internal/location/GpsNetInitiatedHandler.java; #Notify user when location is requested via SUPL
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_base/0002-Signature_Spoofing.patch"; fi; #Allow packages to spoof their signature (microG)
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_base/0003-Harden_Sig_Spoofing.patch"; fi; #Restrict signature spoofing to system apps signed with the platform key
@@ -115,7 +115,7 @@ awk -i inplace '!/WeatherManagerServiceBroker/' lineage/res/res/values/config.xm
if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then awk -i inplace '!/LineageAudioService/' lineage/res/res/values/config.xml; fi;
enterAndClear "packages/apps/LineageParts";
-rm -rf src/org/lineageos/lineageparts/lineagestats/ res/xml/anonymous_stats.xml res/xml/preview_data.xml #Nuke part of the analytics
+rm -rf src/org/lineageos/lineageparts/lineagestats/ res/xml/anonymous_stats.xml res/xml/preview_data.xml; #Nuke part of the analytics
patch -p1 < "$DOS_PATCHES/android_packages_apps_LineageParts/0001-Remove_Analytics.patch"; #Remove analytics
enterAndClear "packages/apps/Settings";
@@ -130,7 +130,6 @@ enterAndClear "packages/apps/SetupWizard";
patch -p1 < "$DOS_PATCHES/android_packages_apps_SetupWizard/0001-Remove_Analytics.patch"; #Remove analytics
enterAndClear "packages/apps/Updater";
-#sed -i 's/Constants.AUTO_UPDATES_CHECK_INTERVAL_WEEKLY);/Constants.AUTO_UPDATES_CHECK_INTERVAL_DAILY);/' src/org/lineageos/updater/misc/Utils.java; #Revert to daily update checks
patch -p1 < "$DOS_PATCHES_COMMON/android_packages_apps_Updater/0001-Server.patch"; #Switch to our server
patch -p1 < "$DOS_PATCHES/android_packages_apps_Updater/0002-Tor_Support.patch"; #Add Tor support
#TODO: Remove changelog
@@ -148,9 +147,6 @@ enterAndClear "packages/services/Telephony";
patch -p1 < "$DOS_PATCHES/android_packages_services_Telephony/0001-PREREQ_Handle_All_Modes.patch";
patch -p1 < "$DOS_PATCHES/android_packages_services_Telephony/0002-More_Preferred_Network_Modes.patch";
-enterAndClear "system/bt";
-patch -p1 < "$DOS_PATCHES/android_system_bt/0001-Improve_Quality.patch"; #Improve Bluetooth audio quality, credit @ValdikSS
-
enterAndClear "system/core";
if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file
git revert a6a4ce8e9a6d63014047a447c6bb3ac1fa90b3f4; #Always update recovery
@@ -163,10 +159,11 @@ enterAndClear "system/vold";
patch -p1 < "$DOS_PATCHES/android_system_vold/0001-AES256.patch"; #Add a variable for enabling AES-256 bit encryption
enterAndClear "vendor/lineage";
-rm -rf overlay/common/vendor/lineage-sdk/packages; #Remove analytics
+rm -rf overlay/common/lineage-sdk/packages/LineageSettingsProvider/res/values/defaults.xml; #Remove analytics
if [ "$DOS_HOSTS_BLOCKING" = true ]; then awk -i inplace '!/50-lineage.sh/' config/common.mk; fi; #Make sure our hosts is always used
awk -i inplace '!/PRODUCT_EXTRA_RECOVERY_KEYS/' config/common.mk; #Remove extra keys
awk -i inplace '!/security\/lineage/' config/common.mk; #Remove extra keys
+awk -i inplace '!/WeatherProvider/' config/common.mk;
if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then awk -i inplace '!/AudioFX/' config/common.mk; fi;
if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then sed -i '/Google provider/!b;n;s/com.google.android.gms/org.microg.nlp/' overlay/common/frameworks/base/core/res/res/values/config.xml; fi;
sed -i 's/LINEAGE_BUILDTYPE := UNOFFICIAL/LINEAGE_BUILDTYPE := dos/' config/common.mk; #Change buildtype
diff --git a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_moto_shamu.sh b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_moto_shamu.sh
new file mode 100644
index 00000000..f378ad4f
--- /dev/null
+++ b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_moto_shamu.sh
@@ -0,0 +1,69 @@
+#!/bin/bash
+cd "$DOS_BUILD_BASE""kernel/moto/shamu"
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0004-No_dir-relax.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0007.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0008.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0009.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0010.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0011.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0012.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0013.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0014.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0015.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0016.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0017.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0018.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-1420/3.2-^3.19/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7515/^4.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8215/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8955/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8967/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-0758/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2475/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3865/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3865/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3894/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5870/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6672/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6695/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8404/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8464/3.10/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9576/3.10/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0404/^3.18/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0524/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0537/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0627/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0648/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0824/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000410/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11473/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11600/3.10/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13245/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16526/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16532/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16537/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16538/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16538/^4.13/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16645/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16650/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17558/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-5972/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6345/^4.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7487/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9242/^4.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11286/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11832/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/LVT-2017-0003/3.10/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/1035495_0001-cnss-Add-NULL-check-for-PM-related-APIs.patch
+git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/797912_0001-usb-gadget-Fix-synchronization-issue-between-f_audio.patch
+git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/870057_0001-wcnss-add-null-check-in-pm_ops-unregister.patch
+git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/kernel.msm.git-9f34c6ebc016cd061ae5ec901221d15fa3d67e49.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2475/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+editKernelLocalversion "-dos.p65"
+cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_motorola_msm8996.sh b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_motorola_msm8996.sh
new file mode 100644
index 00000000..7e138812
--- /dev/null
+++ b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_motorola_msm8996.sh
@@ -0,0 +1,81 @@
+#!/bin/bash
+cd "$DOS_BUILD_BASE""kernel/motorola/msm8996"
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0019.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0020.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0022.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0023.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0025.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0026.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0027.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0028.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0029.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0030.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0031.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0032.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0033.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0034.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0035.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0036.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0037.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0040.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0041.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0042.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0043.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0045.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0046.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0050.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9900/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-2041/^3.19/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7515/^4.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2188/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2188/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2549/^4.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3136/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3137/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3138/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3140/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3672/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3857/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6693/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8394/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-GadgetFS/ANY/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-GadgetFS/ANY/0007.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-GadgetFS/ANY/0008.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-GadgetFS/ANY/0009.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-GadgetFS/ANY/0010.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0610/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13162/3.18/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13218/3.18/0009.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13246/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14883/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15853/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16532/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16650/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0005.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0009.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17558/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17762/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-5669/^4.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-5972/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6001/^4.9/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6348/^4.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8251/3.18/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10883/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-13914/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5825/3.18/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5864/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5865/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5897/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9415/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9515/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6693/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0610/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14883/ANY/0001.patch
+editKernelLocalversion "-dos.p77"
+cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_oppo_msm8974.sh b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_oppo_msm8974.sh
new file mode 100644
index 00000000..2ff33fa8
--- /dev/null
+++ b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_oppo_msm8974.sh
@@ -0,0 +1,55 @@
+#!/bin/bash
+cd "$DOS_BUILD_BASE""kernel/oppo/msm8974"
+git apply $DOS_PATCHES_LINUX_CVES/0003-syskaller-Misc/ANY/0009.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9781/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9880/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-0774/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-0801/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2443/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6672/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-7117/^4.5/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8404/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0510/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0524/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0610/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0611/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0648/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0751/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0786/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000380/^4.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11000/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11019/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11039/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11090/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11473/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-12153/3.2-^3.16/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13080/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15265/^4.14/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16526/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16532/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16537/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16650/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0005.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18161/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7487/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8246/3.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8247/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9242/^4.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9684/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9706/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10879/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10879/3.4/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10880/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10882/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10883/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/Untracked-01/ANY/0008-nfsd-check-for-oversized-NFSv2-v3-arguments.patch
+git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/kernel.msm.git-9f34c6ebc016cd061ae5ec901221d15fa3d67e49.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+editKernelLocalversion "-dos.p51"
+cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_samsung_msm8974.sh b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_samsung_msm8974.sh
new file mode 100644
index 00000000..dc0da5a2
--- /dev/null
+++ b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_samsung_msm8974.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+cd "$DOS_BUILD_BASE""kernel/samsung/msm8974"
+git apply $DOS_PATCHES_LINUX_CVES/0003-syskaller-Misc/ANY/0009.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2475/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4578/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0611/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11473/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16526/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16532/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16537/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16650/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0005.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8246/3.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8254/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8254/3.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10879/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10880/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/Untracked-01/ANY/0008-nfsd-check-for-oversized-NFSv2-v3-arguments.patch
+git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/kernel.msm.git-9f34c6ebc016cd061ae5ec901221d15fa3d67e49.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2475/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+editKernelLocalversion "-dos.p25"
+cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-16.0/Defaults.sh b/Scripts/LineageOS-16.0/Defaults.sh
new file mode 100644
index 00000000..973cdcc5
--- /dev/null
+++ b/Scripts/LineageOS-16.0/Defaults.sh
@@ -0,0 +1,45 @@
+#!/bin/bash
+#DivestOS: A privacy oriented Android distribution
+#Copyright (c) 2017-2018 Divested Computing, Inc.
+#
+#This program is free software: you can redistribute it and/or modify
+#it under the terms of the GNU General Public License as published by
+#the Free Software Foundation, either version 3 of the License, or
+#(at your option) any later version.
+#
+#This program is distributed in the hope that it will be useful,
+#but WITHOUT ANY WARRANTY; without even the implied warranty of
+#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#GNU General Public License for more details.
+#
+#You should have received a copy of the GNU General Public License
+#along with this program. If not, see .
+
+#Changes various default settings
+#Last verified: 2019-03-04
+
+#Useful commands
+#nano $(find . -name "config.xml" | grep "values/" | grep -v "device" | grep -v "tests")
+#nano $(find . -name "defaults.xml" | grep "values/" | grep -v "device")
+
+echo "Changing default settings...";
+
+enter "packages/apps/Dialer";
+sed -i 's/ENABLE_FORWARD_LOOKUP, 1)/ENABLE_FORWARD_LOOKUP, 0)/' java/com/android/dialer/lookup/LookupSettings*.java; #Disable FLP
+sed -i 's/ENABLE_PEOPLE_LOOKUP, 1)/ENABLE_PEOPLE_LOOKUP, 0)/' java/com/android/dialer/lookup/LookupSettings*.java; #Disable PLP
+sed -i 's/ENABLE_REVERSE_LOOKUP, 1)/ENABLE_REVERSE_LOOKUP, 0)/' java/com/android/dialer/lookup/LookupSettings*.java; #Disable RLP
+
+enter "packages/apps/Nfc";
+sed -i 's/boolean NFC_ON_DEFAULT = true;/boolean NFC_ON_DEFAULT = false;/' src/com/android/nfc/NfcService.java; #Disable NFC
+sed -i 's/boolean NDEF_PUSH_ON_DEFAULT = true;/boolean NDEF_PUSH_ON_DEFAULT = false;/' src/com/android/nfc/NfcService.java; #Disable NDEF Push
+
+enter "packages/apps/Settings";
+sed -i 's/INSTANT_APPS_ENABLED, 1/INSTANT_APPS_ENABLED, 0/' src/com/android/settings/applications/ManageDomainUrls.java; #Disable "Instant Apps"
+sed -i 's/DEFAULT_VALUE = 1;/DEFAULT_VALUE = 0.5f;/' src/com/android/settings/development/*ScalePreferenceController.java; #Always reset animation scales to 0.5
+
+enter "vendor/lineage";
+sed -i 's/ro.config.notification_sound=Argon.ogg/ro.config.notification_sound=Pong.ogg/' config/common.mk;
+sed -i 's/ro.config.alarm_alert=Hassium.ogg/ro.config.alarm_alert=Alarm_Buzzer.ogg/' config/common.mk;
+
+cd "$DOS_BUILD_BASE";
+echo "Default settings changed!";
diff --git a/Scripts/LineageOS-16.0/Functions.sh b/Scripts/LineageOS-16.0/Functions.sh
new file mode 100644
index 00000000..a17cf5f3
--- /dev/null
+++ b/Scripts/LineageOS-16.0/Functions.sh
@@ -0,0 +1,107 @@
+#!/bin/bash
+#DivestOS: A privacy oriented Android distribution
+#Copyright (c) 2017-2018 Divested Computing, Inc.
+#
+#This program is free software: you can redistribute it and/or modify
+#it under the terms of the GNU General Public License as published by
+#the Free Software Foundation, either version 3 of the License, or
+#(at your option) any later version.
+#
+#This program is distributed in the hope that it will be useful,
+#but WITHOUT ANY WARRANTY; without even the implied warranty of
+#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#GNU General Public License for more details.
+#
+#You should have received a copy of the GNU General Public License
+#along with this program. If not, see .
+
+#Last verified: 2018-04-27
+
+patchAllKernels() {
+ startPatcher "kernel_moto_shamu kernel_motorola_msm8996 kernel_oppo_msm8974 kernel_samsung_msm8974";
+}
+export -f patchAllKernels;
+
+resetWorkspace() {
+ repo forall -c 'git add -A && git reset --hard' && rm -rf out && repo sync -j20 --force-sync;
+}
+export -f resetWorkspace;
+
+scanWorkspaceForMalware() {
+ scanQueue="$DOS_BUILD_BASE/android $DOS_BUILD_BASE/art $DOS_BUILD_BASE/bionic $DOS_BUILD_BASE/bootable $DOS_BUILD_BASE/build $DOS_BUILD_BASE/compatibility $DOS_BUILD_BASE/dalvik $DOS_BUILD_BASE/device $DOS_BUILD_BASE/hardware $DOS_BUILD_BASE/libcore $DOS_BUILD_BASE/libnativehelper $DOS_BUILD_BASE/packages $DOS_BUILD_BASE/pdk $DOS_BUILD_BASE/platform_testing $DOS_BUILD_BASE/sdk $DOS_BUILD_BASE/system";
+ scanQueue=$scanQueue" $DOS_BUILD_BASE/lineage-sdk $DOS_BUILD_BASE/vendor/lineage";
+ scanForMalware true $scanQueue;
+}
+export -f scanWorkspaceForMalware;
+
+buildDevice() {
+ brunch "lineage_$1-user";
+}
+export -f buildDevice;
+
+buildDeviceDebug() {
+ unset SIGNING_KEY_DIR;
+ unset OTA_PACKAGE_SIGNING_KEY;
+ brunch "lineage_$1-eng";
+}
+export -f buildDeviceDebug;
+
+buildAll() {
+ if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanWorkspaceForMalware; fi;
+ brunch lineage_bacon-user;
+ brunch lineage_klte-user;
+ brunch lineage_shamu-user;
+}
+export -f buildAll;
+
+patchWorkspace() {
+ if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi;
+
+ #source build/envsetup.sh;
+
+ source "$DOS_SCRIPTS/Patch.sh";
+ source "$DOS_SCRIPTS/Defaults.sh";
+ source "$DOS_SCRIPTS/Rebrand.sh";
+ if [ "$DOS_OVERCLOCKS_ENABLED" = true ]; then source "$DOS_SCRIPTS_COMMON/Overclock.sh"; fi;
+ source "$DOS_SCRIPTS_COMMON/Optimize.sh";
+ source "$DOS_SCRIPTS_COMMON/Deblob.sh";
+ source "$DOS_SCRIPTS_COMMON/Patch_CVE.sh";
+ source build/envsetup.sh;
+}
+export -f patchWorkspace;
+
+enableDexPreOpt() {
+ cd "$DOS_BUILD_BASE$1";
+ #Some devices won't compile, or have too small of a /system partition, or Wi-Fi breaks
+ if [ "$1" != "device/amazon/thor" ] && [ "$1" != "device/samsung/i9100" ] && [ "$1" != "device/samsung/maguro" ] && [ "$1" != "device/samsung/toro" ] && [ "$1" != "device/samsung/toroplus" ] && [ "$1" != "device/samsung/tuna" ] && [ "$1" != "device/lge/h850" ] && [ "$1" != "device/lge/mako" ] && [ "$1" != "device/asus/grouper" ]; then
+ if [ -f BoardConfig.mk ]; then
+ echo "WITH_DEXPREOPT := true" >> BoardConfig.mk;
+ echo "WITH_DEXPREOPT_PIC := true" >> BoardConfig.mk;
+ echo "WITH_DEXPREOPT_BOOT_IMG_AND_SYSTEM_SERVER_ONLY := true" >> BoardConfig.mk;
+ echo "Enabled dexpreopt for $1";
+ fi;
+ fi;
+ cd "$DOS_BUILD_BASE";
+}
+export -f enableDexPreOpt;
+
+enableDexPreOptFull() {
+ cd "$DOS_BUILD_BASE$1";
+ if [ -f BoardConfig.mk ]; then
+ sed -i "s/WITH_DEXPREOPT_BOOT_IMG_AND_SYSTEM_SERVER_ONLY := true/WITH_DEXPREOPT_BOOT_IMG_AND_SYSTEM_SERVER_ONLY := false/" BoardConfig.mk;
+ echo "Enabled full dexpreopt for $1";
+ fi;
+ cd "$DOS_BUILD_BASE";
+}
+export -f enableDexPreOptFull;
+
+enableLowRam() {
+ cd "$DOS_BUILD_BASE$1";
+ #if [ -f lineage.mk ]; then echo '$(call inherit-product, $(SRC_TARGET_DIR)/product/go_defaults.mk)' >> lineage.mk; fi;
+ if [ -f lineage.mk ]; then echo '$(call inherit-product, vendor/divested/build/target/product/lowram.mk)' >> lineage.mk; fi;
+ if [ -f BoardConfig.mk ]; then echo 'MALLOC_SVELTE := true' >> BoardConfig.mk; fi;
+ if [ -f BoardConfigCommon.mk ]; then echo 'MALLOC_SVELTE := true' >> BoardConfigCommon.mk; fi;
+ echo "Enabled lowram for $1";
+ cd "$DOS_BUILD_BASE";
+}
+export -f enableLowRam;
diff --git a/Scripts/LineageOS-16.0/Patch.sh b/Scripts/LineageOS-16.0/Patch.sh
new file mode 100644
index 00000000..2ad0b7ac
--- /dev/null
+++ b/Scripts/LineageOS-16.0/Patch.sh
@@ -0,0 +1,195 @@
+#!/bin/bash
+#DivestOS: A privacy oriented Android distribution
+#Copyright (c) 2015-2018 Divested Computing, Inc.
+#
+#This program is free software: you can redistribute it and/or modify
+#it under the terms of the GNU General Public License as published by
+#the Free Software Foundation, either version 3 of the License, or
+#(at your option) any later version.
+#
+#This program is distributed in the hope that it will be useful,
+#but WITHOUT ANY WARRANTY; without even the implied warranty of
+#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#GNU General Public License for more details.
+#
+#You should have received a copy of the GNU General Public License
+#along with this program. If not, see .
+
+#Last verified: 2019-03-04
+
+#Initialize aliases
+#source ../../Scripts/init.sh
+
+#Delete Everything and Sync
+#resetWorkspace
+
+#Apply all of our changes
+#patchWorkspace
+
+#Build!
+#buildDevice [device]
+#buildAll
+
+#Generate an incremental
+#./build/tools/releasetools/ota_from_target_files --block -t 8 -i old.zip new.zip update.zip
+
+#Generate firmware deblobber
+#mka firmware_deblobber
+
+#
+#START OF PREPRATION
+#
+#Download some (non-executable) out-of-tree files for use later on
+cd "$DOS_TMP_DIR";
+if [ "$DOS_HOSTS_BLOCKING" = true ]; then $DOS_TOR_WRAPPER wget "$DOS_HOSTS_BLOCKING_LIST" -N; fi;
+cd "$DOS_BUILD_BASE";
+
+#Accept all SDK licences, not normally needed but Gradle managed apps fail without it
+mkdir -p "$ANDROID_HOME/licenses";
+echo -e "\n8933bad161af4178b1185d1a37fbf41ea5269c55\nd56f5187479451eabf01fb78af6dfcb131a6481e" > "$ANDROID_HOME/licenses/android-sdk-license";
+echo -e "\n84831b9409646a918e30573bab4c9c91346d8abd" > "$ANDROID_HOME/licenses/android-sdk-preview-license";
+#
+#END OF PREPRATION
+#
+
+#
+#START OF ROM CHANGES
+#
+
+#top dir
+cp -r "$DOS_PREBUILT_APPS""Fennec_DOS-Shim" "$DOS_BUILD_BASE""packages/apps/"; #Add a shim to install Fennec DOS without actually including the large APK
+gpgVerifyDirectory "$DOS_PREBUILT_APPS""android_vendor_FDroid_PrebuiltApps/packages";
+cp -r "$DOS_PREBUILT_APPS""android_vendor_FDroid_PrebuiltApps/." "$DOS_BUILD_BASE""vendor/fdroid_prebuilt/"; #Add the prebuilt apps
+cp -r "$DOS_PATCHES_COMMON""android_vendor_divested/." "$DOS_BUILD_BASE""vendor/divested/"; #Add our vendor files
+
+enterAndClear "build/make";
+patch -p1 < "$DOS_PATCHES/android_build/0001-Automated_Build_Signing.patch"; #Automated build signing (CopperheadOS-13.0)
+awk -i inplace '!/PRODUCT_EXTRA_RECOVERY_KEYS/' core/product.mk;
+sed -i '74i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk;
+
+enterAndClear "device/qcom/sepolicy-legacy";
+patch -p1 < "$DOS_PATCHES/android_device_qcom_sepolicy-legacy/0001-Camera_Fix.patch"; #Fix camera on -user builds XXX: REMOVE THIS TRASH
+
+enterAndClear "external/svox";
+git revert 1419d63b4889a26d22443fd8df1f9073bf229d3d; #Add back Makefiles
+
+enterAndClear "frameworks/base";
+hardenLocationFWB "$DOS_BUILD_BASE";
+sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox
+sed -i 's/DEFAULT_MAX_FILES_LOWRAM = 300;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox
+sed -i 's/(notif.needNotify)/(true)/' location/java/com/android/internal/location/GpsNetInitiatedHandler.java; #Notify user when location is requested via SUPL
+#if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_base/0002-Signature_Spoofing.patch"; fi; #Allow packages to spoof their signature (microG) #TODO: REBASE-16.0
+#if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_base/0003-Harden_Sig_Spoofing.patch"; fi; #Restrict signature spoofing to system apps signed with the platform key #TODO: REBASE-16.0
+changeDefaultDNS;
+#patch -p1 < "$DOS_PATCHES/android_frameworks_base/0005-Connectivity.patch"; #Change connectivity check URLs to ours
+patch -p1 < "$DOS_PATCHES/android_frameworks_base/0006-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries
+rm -rf packages/PrintRecommendationService; #App that just creates popups to install proprietary print apps
+
+if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then
+enterAndClear "frameworks/opt/net/ims";
+patch -p1 < "$DOS_PATCHES/android_frameworks_opt_net_ims/0001-Fix_Calling.patch"; #Fix calling when IMS is removed
+fi
+
+enterAndClear "frameworks/opt/net/wifi";
+#Fix an issue when permision review is enabled that prevents using the Wi-Fi quick tile
+#See https://github.com/CopperheadOS/platform_frameworks_opt_net_wifi/commit/c2a2f077a902226093b25c563e0117e923c7495b
+sed -i 's/boolean mPermissionReviewRequired/boolean mPermissionReviewRequired = false/' service/java/com/android/server/wifi/WifiServiceImpl.java;
+awk -i inplace '!/mPermissionReviewRequired = Build.PERMISSIONS_REVIEW_REQUIRED/' service/java/com/android/server/wifi/WifiServiceImpl.java;
+awk -i inplace '!/\|\| context.getResources\(\).getBoolean\(/' service/java/com/android/server/wifi/WifiServiceImpl.java;
+awk -i inplace '!/com.android.internal.R.bool.config_permissionReviewRequired/' service/java/com/android/server/wifi/WifiServiceImpl.java;
+
+if enter "kernel/wireguard"; then
+if [ "$DOS_WIREGUARD_INCLUDED" = false ]; then rm Android.mk; fi;
+#Remove system information from HTTP requests
+awk -i inplace '!/USER_AGENT=/' fetch.sh;
+sed -i '3iUSER_AGENT="WireGuard-AndroidROMBuild/0.2"' fetch.sh;
+fi;
+
+enterAndClear "lineage-sdk";
+awk -i inplace '!/LineageWeatherManagerService/' lineage/res/res/values/config.xml; #Disable Weather
+if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then awk -i inplace '!/LineageAudioService/' lineage/res/res/values/config.xml; fi;
+
+enterAndClear "packages/apps/LineageParts";
+rm -rf src/org/lineageos/lineageparts/lineagestats/ res/xml/anonymous_stats.xml res/xml/preview_data.xml; #Nuke part of the analytics
+patch -p1 < "$DOS_PATCHES/android_packages_apps_LineageParts/0001-Remove_Analytics.patch"; #Remove analytics
+
+enterAndClear "packages/apps/Settings";
+#patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks, credit @MSe1969
+sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase max password length
+sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service
+if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/PrivacySettings.java; fi; #microG doesn't support Backup, hide the options
+
+enterAndClear "packages/apps/SetupWizard";
+patch -p1 < "$DOS_PATCHES/android_packages_apps_SetupWizard/0001-Remove_Analytics.patch"; #Remove analytics
+
+enterAndClear "packages/apps/Updater";
+patch -p1 < "$DOS_PATCHES_COMMON/android_packages_apps_Updater/0001-Server.patch"; #Switch to our server
+patch -p1 < "$DOS_PATCHES/android_packages_apps_Updater/0002-Tor_Support.patch"; #Add Tor support
+#TODO: Remove changelog
+
+enterAndClear "packages/apps/WallpaperPicker";
+#TODO: Add back wallpapers
+sed -i 's/req.touchEnabled = touchEnabled;/req.touchEnabled = true;/' src/com/android/wallpaperpicker/WallpaperCropActivity.java; #Allow scrolling
+sed -i 's/mCropView.setTouchEnabled(req.touchEnabled);/mCropView.setTouchEnabled(true);/' src/com/android/wallpaperpicker/WallpaperCropActivity.java;
+sed -i 's/WallpaperUtils.EXTRA_WALLPAPER_OFFSET, 0);/WallpaperUtils.EXTRA_WALLPAPER_OFFSET, 0.5f);/' src/com/android/wallpaperpicker/WallpaperPickerActivity.java; #Center aligned by default
+
+enterAndClear "packages/inputmethods/LatinIME";
+patch -p1 < "$DOS_PATCHES_COMMON/android_packages_inputmethods_LatinIME/0001-Voice.patch"; #Remove voice input key
+
+enterAndClear "packages/services/Telephony";
+patch -p1 < "$DOS_PATCHES/android_packages_services_Telephony/0001-PREREQ_Handle_All_Modes.patch";
+patch -p1 < "$DOS_PATCHES/android_packages_services_Telephony/0002-More_Preferred_Network_Modes.patch";
+
+enterAndClear "system/core";
+if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file
+git revert b3609d82999d23634c5e6db706a3ecbc5348309a; #Always update recovery
+patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden_Mounts.patch"; #Harden mounts with nodev/noexec/nosuid (CopperheadOS-13.0)
+
+enterAndClear "system/sepolicy";
+patch -p1 < "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch"; #Fix -user builds for LGE devices
+
+enterAndClear "vendor/lineage";
+rm -rf overlay/common/lineage-sdk/packages/LineageSettingsProvider/res/values/defaults.xml; #Remove analytics
+if [ "$DOS_HOSTS_BLOCKING" = true ]; then awk -i inplace '!/50-lineage.sh/' config/common.mk; fi; #Make sure our hosts is always used
+awk -i inplace '!/PRODUCT_EXTRA_RECOVERY_KEYS/' config/common.mk; #Remove extra keys
+awk -i inplace '!/security\/lineage/' config/common.mk; #Remove extra keys
+awk -i inplace '!/WeatherProvider/' config/common.mk;
+if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then awk -i inplace '!/AudioFX/' config/common.mk; fi;
+if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then sed -i '/Google provider/!b;n;s/com.google.android.gms/org.microg.nlp/' overlay/common/frameworks/base/core/res/res/values/config.xml; fi;
+sed -i 's/LINEAGE_BUILDTYPE := UNOFFICIAL/LINEAGE_BUILDTYPE := dos/' config/common.mk; #Change buildtype
+if [ "$DOS_NON_COMMERCIAL_USE_PATCHES" = true ]; then sed -i 's/LINEAGE_BUILDTYPE := dos/LINEAGE_BUILDTYPE := dosNC/' config/common.mk; fi;
+echo 'include vendor/divested/divestos.mk' >> config/common.mk; #Include our customizations
+
+enter "vendor/divested";
+if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then echo "PRODUCT_PACKAGES += GmsCore GsfProxy FakeStore" >> packages.mk; fi;
+if [ "$DOS_HOSTS_BLOCKING" = false ]; then echo "PRODUCT_PACKAGES += $DOS_HOSTS_BLOCKING_APP" >> packages.mk; fi;
+#
+#END OF ROM CHANGES
+#
+
+#
+#START OF DEVICE CHANGES
+#
+enterAndClear "device/oppo/msm8974-common";
+sed -i "s/TZ.BF.2.0-2.0.0134/TZ.BF.2.0-2.0.0134|TZ.BF.2.0-2.0.0137/" board-info.txt; #Suport new TZ firmware https://review.lineageos.org/#/c/178999/
+
+enter "vendor/google";
+echo "" > atv/atv-common.mk;
+
+#Make changes to all devices
+cd "$DOS_BUILD_BASE";
+if [ "$DOS_LOWRAM_ENABLED" = true ]; then find "device" -maxdepth 2 -mindepth 2 -type d -exec bash -c 'enableLowRam "$0"' {} \;; fi;
+find "hardware/qcom/gps" -name "gps\.conf" -type f -exec bash -c 'hardenLocationConf "$0"' {} \;;
+find "device" -name "gps\.conf" -type f -exec bash -c 'hardenLocationConf "$0"' {} \;;
+find "device" -type d -name "overlay" -exec bash -c 'hardenLocationFWB "$0"' {} \;;
+find "device" -maxdepth 2 -mindepth 2 -type d -exec bash -c 'enableDexPreOpt "$0"' {} \;;
+find "device" -maxdepth 2 -mindepth 2 -type d -exec bash -c 'hardenUserdata "$0"' {} \;;
+if [ "$DOS_STRONG_ENCRYPTION_ENABLED" = true ]; then find "device" -maxdepth 2 -mindepth 2 -type d -exec bash -c 'enableStrongEncryption "$0"' {} \;; fi;
+find "kernel" -maxdepth 2 -mindepth 2 -type d -exec bash -c 'hardenDefconfig "$0"' {} \;;
+cd "$DOS_BUILD_BASE";
+
+#Fix broken options enabled by hardenDefconfig()
+sed -i "s/CONFIG_STRICT_MEMORY_RWX=y/# CONFIG_STRICT_MEMORY_RWX is not set/" kernel/motorola/msm8996/arch/arm64/configs/*_defconfig; #Breaks on compile
+#
+#END OF DEVICE CHANGES
+#
diff --git a/Scripts/LineageOS-16.0/Rebrand.sh b/Scripts/LineageOS-16.0/Rebrand.sh
new file mode 100644
index 00000000..fd6d7e45
--- /dev/null
+++ b/Scripts/LineageOS-16.0/Rebrand.sh
@@ -0,0 +1,62 @@
+#!/bin/bash
+#DivestOS: A privacy oriented Android distribution
+#Copyright (c) 2017-2018 Divested Computing, Inc.
+#
+#This program is free software: you can redistribute it and/or modify
+#it under the terms of the GNU General Public License as published by
+#the Free Software Foundation, either version 3 of the License, or
+#(at your option) any later version.
+#
+#This program is distributed in the hope that it will be useful,
+#but WITHOUT ANY WARRANTY; without even the implied warranty of
+#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#GNU General Public License for more details.
+#
+#You should have received a copy of the GNU General Public License
+#along with this program. If not, see .
+
+#Updates select user facing strings
+#Last verified: 2019-03-04
+
+echo "Rebranding...";
+
+enter "bootable/recovery";
+sed -i 's|Android Recovery|'"$DOS_BRANDING_NAME"' Recovery|' ./*_ui.cpp;
+
+enter "build/make";
+sed -i 's|echo "ro.build.user=$USER"|echo "ro.build.user=emy"|' tools/buildinfo.sh; #Override build user
+sed -i 's|echo "ro.build.host=`hostname`"|echo "ro.build.host=dosbm"|' tools/buildinfo.sh; #Override build host
+
+enter "frameworks/base";
+generateBootAnimationMask "$DOS_BRANDING_NAME" "$DOS_BRANDING_BOOTANIMATION_FONT" core/res/assets/images/android-logo-mask.png;
+generateBootAnimationShine "$DOS_BRANDING_BOOTANIMATION_COLOR" "$DOS_BRANDING_BOOTANIMATION_STYLE" core/res/assets/images/android-logo-shine.png;
+
+enter "lineage-sdk";
+sed -i '/.*lineage_version/s/LineageOS/'"$DOS_BRANDING_NAME"'/' lineage/res/res/values*/strings.xml;
+sed -i '/.*lineage_updates/s/LineageOS/'"$DOS_BRANDING_NAME"'/' lineage/res/res/values*/strings.xml;
+sed -i '/.*lineageos_system_label/s/LineageOS/'"$DOS_BRANDING_NAME"'/' lineage/res/res/values*/strings.xml;
+
+enter "packages/apps/LineageParts";
+sed -i '/.*trust_feature_security_patches_explain/s/LineageOS/'"$DOS_BRANDING_NAME"'/' res/values*/strings.xml;
+
+enter "packages/apps/Settings";
+sed -i '/.*lineagelicense_title/s/LineageOS/'"$DOS_BRANDING_NAME"'/' res/values*/cm_strings.xml;
+
+enter "packages/apps/SetupWizard";
+sed -i 's|http://lineageos.org/legal|'"$DOS_BRANDING_LINK_PRIVACY"'|' src/org/lineageos/setupwizard/LineageSettingsActivity.java;
+sed -i '/.*setup_services/s/LineageOS/'"$DOS_BRANDING_NAME"'/' res/values*/strings.xml;
+sed -i '/.*services_explanation/s/LineageOS/'"$DOS_BRANDING_NAME"'/' res/values*/strings.xml;
+
+enter "packages/apps/Updater";
+sed -i 's|0OTA_SERVER_CLEARNET0|'"$DOS_BRANDING_SERVER_OTA"'|' src/org/lineageos/updater/misc/Utils.java;
+sed -i 's|0OTA_SERVER_ONION0|'"$DOS_BRANDING_SERVER_OTA_ONION"'|' src/org/lineageos/updater/misc/Utils.java;
+sed -i 's|>LineageOS|>'"$DOS_BRANDING_NAME"'|' res/values*/strings.xml;
+
+enter "vendor/lineage";
+sed -i 's|https://lineageos.org/legal|'"$DOS_BRANDING_LINK_ABOUT"'|' build/core/main_version.mk
+sed -i '/.*ZIPPATH=/s/lineage/'"$DOS_BRANDING_ZIP_PREFIX"'/' build/envsetup.sh;
+sed -i '/LINEAGE_TARGET_PACKAGE/s/lineage/'"$DOS_BRANDING_ZIP_PREFIX"'/' build/tasks/bacon.mk;
+rm -rf bootanimation;
+
+cd "$DOS_BUILD_BASE";
+echo "Rebranding complete!";
diff --git a/Scripts/init.sh b/Scripts/init.sh
index 63aa5cb4..5334d6fc 100644
--- a/Scripts/init.sh
+++ b/Scripts/init.sh
@@ -44,7 +44,7 @@ export DOS_HOSTS_BLOCKING_APP="DNS66"; #App installed when built-in blocking is
export DOS_HOSTS_BLOCKING_LIST="https://divestos.xyz/hosts"; #Must be in the format "127.0.0.1 bad.domain.tld"
export DOS_OVERCLOCKS_ENABLED=false; #Switch to false to disable overclocks #XXX: Most devices have their processors directly under their RAM, heatsinking is mostly into the ground plane, potentially inflicting damage to RAM and the processor itself
export DOS_LOWRAM_ENABLED=false; #Switch to true to enable low_ram on all devices
-export DOS_STRONG_ENCRYPTION_ENABLED=false; #Switch to true to enable AES-256bit encryption XXX: THIS WILL **DESTROY** EXISTING INSTALLS!
+export DOS_STRONG_ENCRYPTION_ENABLED=false; #Switch to true to enable AES-256bit encryption on 14.1+15.1 XXX: THIS WILL **DESTROY** EXISTING INSTALLS!
export DOS_NON_COMMERCIAL_USE_PATCHES=false; #Switch to false to prevent inclusion of non-commercial use patches XXX: Unused, see 1dc9247
export DOS_BRANDING_NAME="DivestOS";