16.0: Initial bringup

- 14.1/15.1: Remove @ValdikSS' bluetooth patches
- 15.1: Cleanup

Scripts/LineageOS-14.1/Patch.sh

@@ -151,9 +151,6 @@ enterAndClear "packages/services/Telephony";
 patch -p1 < "$DOS_PATCHES/android_packages_services_Telephony/0001-PREREQ_Handle_All_Modes.patch";
 patch -p1 < "$DOS_PATCHES/android_packages_services_Telephony/0002-More_Preferred_Network_Modes.patch";
 
-enterAndClear "system/bt";
-patch -p1 < "$DOS_PATCHES/android_system_bt/0001-Improve_Quality.patch"; #Improve Bluetooth audio quality, credit @ValdikSS
-
 enterAndClear "system/core";
 if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file
 git revert 0217dddeb5c16903c13ff6c75213619b79ea622b d7aa1231b6a0631f506c0c23816f2cd81645b15f; #Always update recovery XXX: This doesn't seem to work

Scripts/LineageOS-15.1/Defaults.sh

@@ -24,17 +24,6 @@
 
 echo "Changing default settings...";
 
-enter "lineage-sdk";
-#sed -i 's/VOLBTN_MUSIC_CONTROLS, 1/VOLBTN_MUSIC_CONTROLS, 0/' sdk/src/java/org/lineageos/internal/buttons/LineageButtons.java; #FIXME
-
-enter "frameworks/base";
-#sed -i 's/PRIVACY_GUARD_NOTIFICATION, 1/PRIVACY_GUARD_NOTIFICATION, 0/' services/core/java/com/android/server/am/ActivityRecord.java;
-#sed -i 's/VOLUME_KEYS_CONTROL_RING_STREAM, 1/VOLUME_KEYS_CONTROL_RING_STREAM, 0/' services/core/java/com/android/server/audio/AudioService.java; #FIXME
-#sed -i 's/TORCH_LONG_PRESS_POWER_GESTURE, 0/TORCH_LONG_PRESS_POWER_GESTURE, 1/' services/core/java/com/android/server/policy/PhoneWindowManager.java; #FIXME
-#sed -i 's/TORCH_LONG_PRESS_POWER_TIMEOUT, 0/TORCH_LONG_PRESS_POWER_TIMEOUT, 120/' services/core/java/com/android/server/policy/PhoneWindowManager.java; #FIXME
-#sed -i 's/CAMERA_DOUBLE_TAP_POWER_GESTURE_DISABLED, 0/CAMERA_DOUBLE_TAP_POWER_GESTURE_DISABLED, 1/' services/core/java/com/android/server/GestureLauncherService.java; #FIXME
-#sed -i 's/NAVIGATION_BAR_MENU_ARROW_KEYS, 0/NAVIGATION_BAR_MENU_ARROW_KEYS, 1/' packages/SystemUI/src/com/android/systemui/statusbar/phone/NavigationBarView.java; #FIXME
-
 enter "packages/apps/Dialer";
 sed -i 's/ENABLE_FORWARD_LOOKUP, 1)/ENABLE_FORWARD_LOOKUP, 0)/' java/com/android/dialer/lookup/LookupSettings*.java; #Disable FLP
 sed -i 's/ENABLE_PEOPLE_LOOKUP, 1)/ENABLE_PEOPLE_LOOKUP, 0)/' java/com/android/dialer/lookup/LookupSettings*.java; #Disable PLP
@@ -51,9 +40,6 @@ sed -i 's/Float.parseFloat(newValue.toString()) : 1;/Float.parseFloat(newValue.t
 enter "packages/apps/Trebuchet";
 sed -i 's/"pref_predictive_apps", true/"pref_predictive_apps", false/' src/com/android/launcher3/Launcher.java;
 
-enter "packages/inputmethods/LatinIME";
-#sed -i 's/PREF_KEY_USE_PERSONALIZED_DICTS, true/PREF_KEY_USE_PERSONALIZED_DICTS, false/' java/src/com/android/inputmethod/latin/settings/SettingsValues.java; #FIXME
-
 enter "vendor/lineage";
 sed -i 's/ro.config.notification_sound=Argon.ogg/ro.config.notification_sound=Pong.ogg/' config/common.mk;
 sed -i 's/ro.config.alarm_alert=Hassium.ogg/ro.config.alarm_alert=Alarm_Buzzer.ogg/' config/common.mk;

Scripts/LineageOS-15.1/Patch.sh

@@ -80,8 +80,8 @@ git revert 1419d63b4889a26d22443fd8df1f9073bf229d3d; #Add back Makefiles
 
 enterAndClear "frameworks/base";
 hardenLocationFWB "$DOS_BUILD_BASE";
-#git revert https://review.lineageos.org/#/c/202875/ #re-enable doze on devices without gms
 sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox
+sed -i 's/DEFAULT_MAX_FILES_LOWRAM = 300;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox
 sed -i 's/(notif.needNotify)/(true)/' location/java/com/android/internal/location/GpsNetInitiatedHandler.java; #Notify user when location is requested via SUPL
 if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_base/0002-Signature_Spoofing.patch"; fi; #Allow packages to spoof their signature (microG)
 if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_base/0003-Harden_Sig_Spoofing.patch"; fi; #Restrict signature spoofing to system apps signed with the platform key
@@ -115,7 +115,7 @@ awk -i inplace '!/WeatherManagerServiceBroker/' lineage/res/res/values/config.xm
 if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then awk -i inplace '!/LineageAudioService/' lineage/res/res/values/config.xml; fi;
 
 enterAndClear "packages/apps/LineageParts";
-rm -rf src/org/lineageos/lineageparts/lineagestats/ res/xml/anonymous_stats.xml res/xml/preview_data.xml #Nuke part of the analytics
+rm -rf src/org/lineageos/lineageparts/lineagestats/ res/xml/anonymous_stats.xml res/xml/preview_data.xml; #Nuke part of the analytics
 patch -p1 < "$DOS_PATCHES/android_packages_apps_LineageParts/0001-Remove_Analytics.patch"; #Remove analytics
 
 enterAndClear "packages/apps/Settings";
@@ -130,7 +130,6 @@ enterAndClear "packages/apps/SetupWizard";
 patch -p1 < "$DOS_PATCHES/android_packages_apps_SetupWizard/0001-Remove_Analytics.patch"; #Remove analytics
 
 enterAndClear "packages/apps/Updater";
-#sed -i 's/Constants.AUTO_UPDATES_CHECK_INTERVAL_WEEKLY);/Constants.AUTO_UPDATES_CHECK_INTERVAL_DAILY);/' src/org/lineageos/updater/misc/Utils.java; #Revert to daily update checks
 patch -p1 < "$DOS_PATCHES_COMMON/android_packages_apps_Updater/0001-Server.patch"; #Switch to our server
 patch -p1 < "$DOS_PATCHES/android_packages_apps_Updater/0002-Tor_Support.patch"; #Add Tor support
 #TODO: Remove changelog
@@ -148,9 +147,6 @@ enterAndClear "packages/services/Telephony";
 patch -p1 < "$DOS_PATCHES/android_packages_services_Telephony/0001-PREREQ_Handle_All_Modes.patch";
 patch -p1 < "$DOS_PATCHES/android_packages_services_Telephony/0002-More_Preferred_Network_Modes.patch";
 
-enterAndClear "system/bt";
-patch -p1 < "$DOS_PATCHES/android_system_bt/0001-Improve_Quality.patch"; #Improve Bluetooth audio quality, credit @ValdikSS
-
 enterAndClear "system/core";
 if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file
 git revert a6a4ce8e9a6d63014047a447c6bb3ac1fa90b3f4; #Always update recovery
@@ -163,10 +159,11 @@ enterAndClear "system/vold";
 patch -p1 < "$DOS_PATCHES/android_system_vold/0001-AES256.patch"; #Add a variable for enabling AES-256 bit encryption
 
 enterAndClear "vendor/lineage";
-rm -rf overlay/common/vendor/lineage-sdk/packages; #Remove analytics
+rm -rf overlay/common/lineage-sdk/packages/LineageSettingsProvider/res/values/defaults.xml; #Remove analytics
 if [ "$DOS_HOSTS_BLOCKING" = true ]; then awk -i inplace '!/50-lineage.sh/' config/common.mk; fi; #Make sure our hosts is always used
 awk -i inplace '!/PRODUCT_EXTRA_RECOVERY_KEYS/' config/common.mk; #Remove extra keys
 awk -i inplace '!/security\/lineage/' config/common.mk; #Remove extra keys
+awk -i inplace '!/WeatherProvider/' config/common.mk;
 if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then awk -i inplace '!/AudioFX/' config/common.mk; fi;
 if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then sed -i '/Google provider/!b;n;s/com.google.android.gms/org.microg.nlp/' overlay/common/frameworks/base/core/res/res/values/config.xml; fi;
 sed -i 's/LINEAGE_BUILDTYPE := UNOFFICIAL/LINEAGE_BUILDTYPE := dos/' config/common.mk; #Change buildtype

Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_moto_shamu.sh

@@ -0,0 +1,69 @@
+#!/bin/bash
+cd "$DOS_BUILD_BASE""kernel/moto/shamu"
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0004-No_dir-relax.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0007.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0008.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0009.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0010.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0011.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0012.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0013.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0014.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0015.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0016.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0017.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0018.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-1420/3.2-^3.19/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7515/^4.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8215/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8955/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8967/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-0758/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2475/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3865/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3865/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3894/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5870/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6672/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6695/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8404/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8464/3.10/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9576/3.10/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0404/^3.18/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0524/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0537/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0627/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0648/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0824/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000410/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11473/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11600/3.10/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13245/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16526/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16532/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16537/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16538/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16538/^4.13/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16645/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16650/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17558/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-5972/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6345/^4.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7487/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9242/^4.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11286/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11832/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/LVT-2017-0003/3.10/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/1035495_0001-cnss-Add-NULL-check-for-PM-related-APIs.patch
+git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/797912_0001-usb-gadget-Fix-synchronization-issue-between-f_audio.patch
+git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/870057_0001-wcnss-add-null-check-in-pm_ops-unregister.patch
+git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/kernel.msm.git-9f34c6ebc016cd061ae5ec901221d15fa3d67e49.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2475/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+editKernelLocalversion "-dos.p65"
+cd "$DOS_BUILD_BASE"

Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_motorola_msm8996.sh

@@ -0,0 +1,81 @@
+#!/bin/bash
+cd "$DOS_BUILD_BASE""kernel/motorola/msm8996"
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0019.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0020.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0022.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0023.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0025.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0026.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0027.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0028.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0029.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0030.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0031.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0032.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0033.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0034.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0035.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0036.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0037.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0040.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0041.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0042.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0043.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0045.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0046.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0050.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9900/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-2041/^3.19/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7515/^4.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2188/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2188/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2549/^4.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3136/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3137/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3138/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3140/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3672/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3857/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6693/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8394/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-GadgetFS/ANY/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-GadgetFS/ANY/0007.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-GadgetFS/ANY/0008.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-GadgetFS/ANY/0009.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-GadgetFS/ANY/0010.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0610/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13162/3.18/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13218/3.18/0009.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13246/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14883/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15853/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16532/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16650/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0005.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0009.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17558/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17762/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-5669/^4.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-5972/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6001/^4.9/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6348/^4.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8251/3.18/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10883/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-13914/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5825/3.18/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5864/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5865/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5897/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9415/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9515/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6693/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0610/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14883/ANY/0001.patch
+editKernelLocalversion "-dos.p77"
+cd "$DOS_BUILD_BASE"

Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_oppo_msm8974.sh

@@ -0,0 +1,55 @@
+#!/bin/bash
+cd "$DOS_BUILD_BASE""kernel/oppo/msm8974"
+git apply $DOS_PATCHES_LINUX_CVES/0003-syskaller-Misc/ANY/0009.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9781/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9880/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-0774/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-0801/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2443/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6672/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-7117/^4.5/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8404/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0510/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0524/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0610/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0611/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0648/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0751/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0786/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000380/^4.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11000/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11019/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11039/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11090/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11473/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-12153/3.2-^3.16/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13080/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15265/^4.14/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16526/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16532/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16537/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16650/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0005.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18161/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7487/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8246/3.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8247/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9242/^4.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9684/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9706/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10879/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10879/3.4/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10880/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10882/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10883/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/Untracked-01/ANY/0008-nfsd-check-for-oversized-NFSv2-v3-arguments.patch
+git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/kernel.msm.git-9f34c6ebc016cd061ae5ec901221d15fa3d67e49.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+editKernelLocalversion "-dos.p51"
+cd "$DOS_BUILD_BASE"

Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_samsung_msm8974.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+cd "$DOS_BUILD_BASE""kernel/samsung/msm8974"
+git apply $DOS_PATCHES_LINUX_CVES/0003-syskaller-Misc/ANY/0009.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2475/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4578/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0611/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11473/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16526/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16532/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16537/^4.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16650/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0005.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8246/3.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8254/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8254/3.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10879/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10880/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/Untracked-01/ANY/0008-nfsd-check-for-oversized-NFSv2-v3-arguments.patch
+git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/kernel.msm.git-9f34c6ebc016cd061ae5ec901221d15fa3d67e49.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2475/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+editKernelLocalversion "-dos.p25"
+cd "$DOS_BUILD_BASE"

Scripts/LineageOS-16.0/Defaults.sh

@@ -0,0 +1,45 @@
+#!/bin/bash
+#DivestOS: A privacy oriented Android distribution
+#Copyright (c) 2017-2018 Divested Computing, Inc.
+#
+#This program is free software: you can redistribute it and/or modify
+#it under the terms of the GNU General Public License as published by
+#the Free Software Foundation, either version 3 of the License, or
+#(at your option) any later version.
+#
+#This program is distributed in the hope that it will be useful,
+#but WITHOUT ANY WARRANTY; without even the implied warranty of
+#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#GNU General Public License for more details.
+#
+#You should have received a copy of the GNU General Public License
+#along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+#Changes various default settings
+#Last verified: 2019-03-04
+
+#Useful commands
+#nano $(find . -name "config.xml" | grep "values/" | grep -v "device" | grep -v "tests")
+#nano $(find . -name "defaults.xml" | grep "values/" | grep -v "device")
+
+echo "Changing default settings...";
+
+enter "packages/apps/Dialer";
+sed -i 's/ENABLE_FORWARD_LOOKUP, 1)/ENABLE_FORWARD_LOOKUP, 0)/' java/com/android/dialer/lookup/LookupSettings*.java; #Disable FLP
+sed -i 's/ENABLE_PEOPLE_LOOKUP, 1)/ENABLE_PEOPLE_LOOKUP, 0)/' java/com/android/dialer/lookup/LookupSettings*.java; #Disable PLP
+sed -i 's/ENABLE_REVERSE_LOOKUP, 1)/ENABLE_REVERSE_LOOKUP, 0)/' java/com/android/dialer/lookup/LookupSettings*.java; #Disable RLP
+
+enter "packages/apps/Nfc";
+sed -i 's/boolean NFC_ON_DEFAULT = true;/boolean NFC_ON_DEFAULT = false;/' src/com/android/nfc/NfcService.java; #Disable NFC
+sed -i 's/boolean NDEF_PUSH_ON_DEFAULT = true;/boolean NDEF_PUSH_ON_DEFAULT = false;/' src/com/android/nfc/NfcService.java; #Disable NDEF Push
+
+enter "packages/apps/Settings";
+sed -i 's/INSTANT_APPS_ENABLED, 1/INSTANT_APPS_ENABLED, 0/' src/com/android/settings/applications/ManageDomainUrls.java; #Disable "Instant Apps"
+sed -i 's/DEFAULT_VALUE = 1;/DEFAULT_VALUE = 0.5f;/' src/com/android/settings/development/*ScalePreferenceController.java; #Always reset animation scales to 0.5
+
+enter "vendor/lineage";
+sed -i 's/ro.config.notification_sound=Argon.ogg/ro.config.notification_sound=Pong.ogg/' config/common.mk;
+sed -i 's/ro.config.alarm_alert=Hassium.ogg/ro.config.alarm_alert=Alarm_Buzzer.ogg/' config/common.mk;
+
+cd "$DOS_BUILD_BASE";
+echo "Default settings changed!";

Scripts/LineageOS-16.0/Functions.sh

@@ -0,0 +1,107 @@
+#!/bin/bash
+#DivestOS: A privacy oriented Android distribution
+#Copyright (c) 2017-2018 Divested Computing, Inc.
+#
+#This program is free software: you can redistribute it and/or modify
+#it under the terms of the GNU General Public License as published by
+#the Free Software Foundation, either version 3 of the License, or
+#(at your option) any later version.
+#
+#This program is distributed in the hope that it will be useful,
+#but WITHOUT ANY WARRANTY; without even the implied warranty of
+#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#GNU General Public License for more details.
+#
+#You should have received a copy of the GNU General Public License
+#along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+#Last verified: 2018-04-27
+
+patchAllKernels() {
+	startPatcher "kernel_moto_shamu kernel_motorola_msm8996 kernel_oppo_msm8974 kernel_samsung_msm8974";
+}
+export -f patchAllKernels;
+
+resetWorkspace() {
+	repo forall -c 'git add -A && git reset --hard' && rm -rf out && repo sync -j20 --force-sync;
+}
+export -f resetWorkspace;
+
+scanWorkspaceForMalware() {
+	scanQueue="$DOS_BUILD_BASE/android $DOS_BUILD_BASE/art $DOS_BUILD_BASE/bionic $DOS_BUILD_BASE/bootable $DOS_BUILD_BASE/build $DOS_BUILD_BASE/compatibility $DOS_BUILD_BASE/dalvik $DOS_BUILD_BASE/device $DOS_BUILD_BASE/hardware $DOS_BUILD_BASE/libcore $DOS_BUILD_BASE/libnativehelper $DOS_BUILD_BASE/packages $DOS_BUILD_BASE/pdk $DOS_BUILD_BASE/platform_testing $DOS_BUILD_BASE/sdk $DOS_BUILD_BASE/system";
+	scanQueue=$scanQueue" $DOS_BUILD_BASE/lineage-sdk $DOS_BUILD_BASE/vendor/lineage";
+	scanForMalware true $scanQueue;
+}
+export -f scanWorkspaceForMalware;
+
+buildDevice() {
+	brunch "lineage_$1-user";
+}
+export -f buildDevice;
+
+buildDeviceDebug() {
+	unset SIGNING_KEY_DIR;
+	unset OTA_PACKAGE_SIGNING_KEY;
+	brunch "lineage_$1-eng";
+}
+export -f buildDeviceDebug;
+
+buildAll() {
+	if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanWorkspaceForMalware; fi;
+	brunch lineage_bacon-user;
+	brunch lineage_klte-user;
+	brunch lineage_shamu-user;
+}
+export -f buildAll;
+
+patchWorkspace() {
+	if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi;
+
+	#source build/envsetup.sh;
+
+	source "$DOS_SCRIPTS/Patch.sh";
+	source "$DOS_SCRIPTS/Defaults.sh";
+	source "$DOS_SCRIPTS/Rebrand.sh";
+	if [ "$DOS_OVERCLOCKS_ENABLED" = true ]; then source "$DOS_SCRIPTS_COMMON/Overclock.sh"; fi;
+	source "$DOS_SCRIPTS_COMMON/Optimize.sh";
+	source "$DOS_SCRIPTS_COMMON/Deblob.sh";
+	source "$DOS_SCRIPTS_COMMON/Patch_CVE.sh";
+	source build/envsetup.sh;
+}
+export -f patchWorkspace;
+
+enableDexPreOpt() {
+	cd "$DOS_BUILD_BASE$1";
+	#Some devices won't compile, or have too small of a /system partition, or Wi-Fi breaks
+	if [ "$1" != "device/amazon/thor" ] && [ "$1" != "device/samsung/i9100" ] && [ "$1" != "device/samsung/maguro" ] && [ "$1" != "device/samsung/toro" ] && [ "$1" != "device/samsung/toroplus" ] && [ "$1" != "device/samsung/tuna" ] && [ "$1" != "device/lge/h850" ] && [ "$1" != "device/lge/mako" ] && [ "$1" != "device/asus/grouper" ]; then
+		if [ -f BoardConfig.mk ]; then
+			echo "WITH_DEXPREOPT := true" >> BoardConfig.mk;
+			echo "WITH_DEXPREOPT_PIC := true" >> BoardConfig.mk;
+			echo "WITH_DEXPREOPT_BOOT_IMG_AND_SYSTEM_SERVER_ONLY := true" >> BoardConfig.mk;
+			echo "Enabled dexpreopt for $1";
+		fi;
+	fi;
+	cd "$DOS_BUILD_BASE";
+}
+export -f enableDexPreOpt;
+
+enableDexPreOptFull() {
+	cd "$DOS_BUILD_BASE$1";
+	if [ -f BoardConfig.mk ]; then
+		sed -i "s/WITH_DEXPREOPT_BOOT_IMG_AND_SYSTEM_SERVER_ONLY := true/WITH_DEXPREOPT_BOOT_IMG_AND_SYSTEM_SERVER_ONLY := false/" BoardConfig.mk;
+		echo "Enabled full dexpreopt for $1";
+	fi;
+	cd "$DOS_BUILD_BASE";
+}
+export -f enableDexPreOptFull;
+
+enableLowRam() {
+	cd "$DOS_BUILD_BASE$1";
+	#if [ -f lineage.mk ]; then echo '$(call inherit-product, $(SRC_TARGET_DIR)/product/go_defaults.mk)' >> lineage.mk; fi;
+	if [ -f lineage.mk ]; then echo '$(call inherit-product, vendor/divested/build/target/product/lowram.mk)' >> lineage.mk; fi;
+	if [ -f BoardConfig.mk ]; then echo 'MALLOC_SVELTE := true' >> BoardConfig.mk; fi;
+	if [ -f BoardConfigCommon.mk ]; then echo 'MALLOC_SVELTE := true' >> BoardConfigCommon.mk; fi;
+	echo "Enabled lowram for $1";
+	cd "$DOS_BUILD_BASE";
+}
+export -f enableLowRam;

Scripts/LineageOS-16.0/Patch.sh

@@ -0,0 +1,195 @@
+#!/bin/bash
+#DivestOS: A privacy oriented Android distribution
+#Copyright (c) 2015-2018 Divested Computing, Inc.
+#
+#This program is free software: you can redistribute it and/or modify
+#it under the terms of the GNU General Public License as published by
+#the Free Software Foundation, either version 3 of the License, or
+#(at your option) any later version.
+#
+#This program is distributed in the hope that it will be useful,
+#but WITHOUT ANY WARRANTY; without even the implied warranty of
+#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#GNU General Public License for more details.
+#
+#You should have received a copy of the GNU General Public License
+#along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+#Last verified: 2019-03-04
+
+#Initialize aliases
+#source ../../Scripts/init.sh
+
+#Delete Everything and Sync
+#resetWorkspace
+
+#Apply all of our changes
+#patchWorkspace
+
+#Build!
+#buildDevice [device]
+#buildAll
+
+#Generate an incremental
+#./build/tools/releasetools/ota_from_target_files --block -t 8 -i old.zip new.zip update.zip
+
+#Generate firmware deblobber
+#mka firmware_deblobber
+
+#
+#START OF PREPRATION
+#
+#Download some (non-executable) out-of-tree files for use later on
+cd "$DOS_TMP_DIR";
+if [ "$DOS_HOSTS_BLOCKING" = true ]; then $DOS_TOR_WRAPPER wget "$DOS_HOSTS_BLOCKING_LIST" -N; fi;
+cd "$DOS_BUILD_BASE";
+
+#Accept all SDK licences, not normally needed but Gradle managed apps fail without it
+mkdir -p "$ANDROID_HOME/licenses";
+echo -e "\n8933bad161af4178b1185d1a37fbf41ea5269c55\nd56f5187479451eabf01fb78af6dfcb131a6481e" > "$ANDROID_HOME/licenses/android-sdk-license";
+echo -e "\n84831b9409646a918e30573bab4c9c91346d8abd" > "$ANDROID_HOME/licenses/android-sdk-preview-license";
+#
+#END OF PREPRATION
+#
+
+#
+#START OF ROM CHANGES
+#
+
+#top dir
+cp -r "$DOS_PREBUILT_APPS""Fennec_DOS-Shim" "$DOS_BUILD_BASE""packages/apps/"; #Add a shim to install Fennec DOS without actually including the large APK
+gpgVerifyDirectory "$DOS_PREBUILT_APPS""android_vendor_FDroid_PrebuiltApps/packages";
+cp -r "$DOS_PREBUILT_APPS""android_vendor_FDroid_PrebuiltApps/." "$DOS_BUILD_BASE""vendor/fdroid_prebuilt/"; #Add the prebuilt apps
+cp -r "$DOS_PATCHES_COMMON""android_vendor_divested/." "$DOS_BUILD_BASE""vendor/divested/"; #Add our vendor files
+
+enterAndClear "build/make";
+patch -p1 < "$DOS_PATCHES/android_build/0001-Automated_Build_Signing.patch"; #Automated build signing (CopperheadOS-13.0)
+awk -i inplace '!/PRODUCT_EXTRA_RECOVERY_KEYS/' core/product.mk;
+sed -i '74i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk;
+
+enterAndClear "device/qcom/sepolicy-legacy";
+patch -p1 < "$DOS_PATCHES/android_device_qcom_sepolicy-legacy/0001-Camera_Fix.patch"; #Fix camera on -user builds XXX: REMOVE THIS TRASH
+
+enterAndClear "external/svox";
+git revert 1419d63b4889a26d22443fd8df1f9073bf229d3d; #Add back Makefiles
+
+enterAndClear "frameworks/base";
+hardenLocationFWB "$DOS_BUILD_BASE";
+sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox
+sed -i 's/DEFAULT_MAX_FILES_LOWRAM = 300;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox
+sed -i 's/(notif.needNotify)/(true)/' location/java/com/android/internal/location/GpsNetInitiatedHandler.java; #Notify user when location is requested via SUPL
+#if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_base/0002-Signature_Spoofing.patch"; fi; #Allow packages to spoof their signature (microG) #TODO: REBASE-16.0
+#if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_base/0003-Harden_Sig_Spoofing.patch"; fi; #Restrict signature spoofing to system apps signed with the platform key #TODO: REBASE-16.0
+changeDefaultDNS;
+#patch -p1 < "$DOS_PATCHES/android_frameworks_base/0005-Connectivity.patch"; #Change connectivity check URLs to ours
+patch -p1 < "$DOS_PATCHES/android_frameworks_base/0006-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries
+rm -rf packages/PrintRecommendationService; #App that just creates popups to install proprietary print apps
+
+if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then
+enterAndClear "frameworks/opt/net/ims";
+patch -p1 < "$DOS_PATCHES/android_frameworks_opt_net_ims/0001-Fix_Calling.patch"; #Fix calling when IMS is removed
+fi
+
+enterAndClear "frameworks/opt/net/wifi";
+#Fix an issue when permision review is enabled that prevents using the Wi-Fi quick tile
+#See https://github.com/CopperheadOS/platform_frameworks_opt_net_wifi/commit/c2a2f077a902226093b25c563e0117e923c7495b
+sed -i 's/boolean mPermissionReviewRequired/boolean mPermissionReviewRequired = false/' service/java/com/android/server/wifi/WifiServiceImpl.java;
+awk -i inplace '!/mPermissionReviewRequired = Build.PERMISSIONS_REVIEW_REQUIRED/' service/java/com/android/server/wifi/WifiServiceImpl.java;
+awk -i inplace '!/\|\| context.getResources\(\).getBoolean\(/' service/java/com/android/server/wifi/WifiServiceImpl.java;
+awk -i inplace '!/com.android.internal.R.bool.config_permissionReviewRequired/' service/java/com/android/server/wifi/WifiServiceImpl.java;
+
+if enter "kernel/wireguard"; then
+if [ "$DOS_WIREGUARD_INCLUDED" = false ]; then rm Android.mk; fi;
+#Remove system information from HTTP requests
+awk -i inplace '!/USER_AGENT=/' fetch.sh;
+sed -i '3iUSER_AGENT="WireGuard-AndroidROMBuild/0.2"' fetch.sh;
+fi;
+
+enterAndClear "lineage-sdk";
+awk -i inplace '!/LineageWeatherManagerService/' lineage/res/res/values/config.xml; #Disable Weather
+if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then awk -i inplace '!/LineageAudioService/' lineage/res/res/values/config.xml; fi;
+
+enterAndClear "packages/apps/LineageParts";
+rm -rf src/org/lineageos/lineageparts/lineagestats/ res/xml/anonymous_stats.xml res/xml/preview_data.xml; #Nuke part of the analytics
+patch -p1 < "$DOS_PATCHES/android_packages_apps_LineageParts/0001-Remove_Analytics.patch"; #Remove analytics
+
+enterAndClear "packages/apps/Settings";
+#patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks, credit @MSe1969
+sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase max password length
+sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service
+if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/PrivacySettings.java; fi; #microG doesn't support Backup, hide the options
+
+enterAndClear "packages/apps/SetupWizard";
+patch -p1 < "$DOS_PATCHES/android_packages_apps_SetupWizard/0001-Remove_Analytics.patch"; #Remove analytics
+
+enterAndClear "packages/apps/Updater";
+patch -p1 < "$DOS_PATCHES_COMMON/android_packages_apps_Updater/0001-Server.patch"; #Switch to our server
+patch -p1 < "$DOS_PATCHES/android_packages_apps_Updater/0002-Tor_Support.patch"; #Add Tor support
+#TODO: Remove changelog
+
+enterAndClear "packages/apps/WallpaperPicker";
+#TODO: Add back wallpapers
+sed -i 's/req.touchEnabled = touchEnabled;/req.touchEnabled = true;/' src/com/android/wallpaperpicker/WallpaperCropActivity.java; #Allow scrolling
+sed -i 's/mCropView.setTouchEnabled(req.touchEnabled);/mCropView.setTouchEnabled(true);/' src/com/android/wallpaperpicker/WallpaperCropActivity.java;
+sed -i 's/WallpaperUtils.EXTRA_WALLPAPER_OFFSET, 0);/WallpaperUtils.EXTRA_WALLPAPER_OFFSET, 0.5f);/' src/com/android/wallpaperpicker/WallpaperPickerActivity.java; #Center aligned by default
+
+enterAndClear "packages/inputmethods/LatinIME";
+patch -p1 < "$DOS_PATCHES_COMMON/android_packages_inputmethods_LatinIME/0001-Voice.patch"; #Remove voice input key
+
+enterAndClear "packages/services/Telephony";
+patch -p1 < "$DOS_PATCHES/android_packages_services_Telephony/0001-PREREQ_Handle_All_Modes.patch";
+patch -p1 < "$DOS_PATCHES/android_packages_services_Telephony/0002-More_Preferred_Network_Modes.patch";
+
+enterAndClear "system/core";
+if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file
+git revert b3609d82999d23634c5e6db706a3ecbc5348309a; #Always update recovery
+patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden_Mounts.patch"; #Harden mounts with nodev/noexec/nosuid (CopperheadOS-13.0)
+
+enterAndClear "system/sepolicy";
+patch -p1 < "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch"; #Fix -user builds for LGE devices
+
+enterAndClear "vendor/lineage";
+rm -rf overlay/common/lineage-sdk/packages/LineageSettingsProvider/res/values/defaults.xml; #Remove analytics
+if [ "$DOS_HOSTS_BLOCKING" = true ]; then awk -i inplace '!/50-lineage.sh/' config/common.mk; fi; #Make sure our hosts is always used
+awk -i inplace '!/PRODUCT_EXTRA_RECOVERY_KEYS/' config/common.mk; #Remove extra keys
+awk -i inplace '!/security\/lineage/' config/common.mk; #Remove extra keys
+awk -i inplace '!/WeatherProvider/' config/common.mk;
+if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then awk -i inplace '!/AudioFX/' config/common.mk; fi;
+if [ "$DOS_MICROG_INCLUDED" = "NLP" ]; then sed -i '/Google provider/!b;n;s/com.google.android.gms/org.microg.nlp/' overlay/common/frameworks/base/core/res/res/values/config.xml; fi;
+sed -i 's/LINEAGE_BUILDTYPE := UNOFFICIAL/LINEAGE_BUILDTYPE := dos/' config/common.mk; #Change buildtype
+if [ "$DOS_NON_COMMERCIAL_USE_PATCHES" = true ]; then sed -i 's/LINEAGE_BUILDTYPE := dos/LINEAGE_BUILDTYPE := dosNC/' config/common.mk; fi;
+echo 'include vendor/divested/divestos.mk' >> config/common.mk; #Include our customizations
+
+enter "vendor/divested";
+if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then echo "PRODUCT_PACKAGES += GmsCore GsfProxy FakeStore" >> packages.mk; fi;
+if [ "$DOS_HOSTS_BLOCKING" = false ]; then echo "PRODUCT_PACKAGES += $DOS_HOSTS_BLOCKING_APP" >> packages.mk; fi;
+#
+#END OF ROM CHANGES
+#
+
+#
+#START OF DEVICE CHANGES
+#
+enterAndClear "device/oppo/msm8974-common";
+sed -i "s/TZ.BF.2.0-2.0.0134/TZ.BF.2.0-2.0.0134|TZ.BF.2.0-2.0.0137/" board-info.txt; #Suport new TZ firmware https://review.lineageos.org/#/c/178999/
+
+enter "vendor/google";
+echo "" > atv/atv-common.mk;
+
+#Make changes to all devices
+cd "$DOS_BUILD_BASE";
+if [ "$DOS_LOWRAM_ENABLED" = true ]; then find "device" -maxdepth 2 -mindepth 2 -type d -exec bash -c 'enableLowRam "$0"' {} \;; fi;
+find "hardware/qcom/gps" -name "gps\.conf" -type f -exec bash -c 'hardenLocationConf "$0"' {} \;;
+find "device" -name "gps\.conf" -type f -exec bash -c 'hardenLocationConf "$0"' {} \;;
+find "device" -type d -name "overlay" -exec bash -c 'hardenLocationFWB "$0"' {} \;;
+find "device" -maxdepth 2 -mindepth 2 -type d -exec bash -c 'enableDexPreOpt "$0"' {} \;;
+find "device" -maxdepth 2 -mindepth 2 -type d -exec bash -c 'hardenUserdata "$0"' {} \;;
+if [ "$DOS_STRONG_ENCRYPTION_ENABLED" = true ]; then find "device" -maxdepth 2 -mindepth 2 -type d -exec bash -c 'enableStrongEncryption "$0"' {} \;; fi;
+find "kernel" -maxdepth 2 -mindepth 2 -type d -exec bash -c 'hardenDefconfig "$0"' {} \;;
+cd "$DOS_BUILD_BASE";
+
+#Fix broken options enabled by hardenDefconfig()
+sed -i "s/CONFIG_STRICT_MEMORY_RWX=y/# CONFIG_STRICT_MEMORY_RWX is not set/" kernel/motorola/msm8996/arch/arm64/configs/*_defconfig; #Breaks on compile
+#
+#END OF DEVICE CHANGES
+#

Scripts/LineageOS-16.0/Rebrand.sh

@@ -0,0 +1,62 @@
+#!/bin/bash
+#DivestOS: A privacy oriented Android distribution
+#Copyright (c) 2017-2018 Divested Computing, Inc.
+#
+#This program is free software: you can redistribute it and/or modify
+#it under the terms of the GNU General Public License as published by
+#the Free Software Foundation, either version 3 of the License, or
+#(at your option) any later version.
+#
+#This program is distributed in the hope that it will be useful,
+#but WITHOUT ANY WARRANTY; without even the implied warranty of
+#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#GNU General Public License for more details.
+#
+#You should have received a copy of the GNU General Public License
+#along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+#Updates select user facing strings
+#Last verified: 2019-03-04
+
+echo "Rebranding...";
+
+enter "bootable/recovery";
+sed -i 's|Android Recovery|'"$DOS_BRANDING_NAME"' Recovery|' ./*_ui.cpp;
+
+enter "build/make";
+sed -i 's|echo "ro.build.user=$USER"|echo "ro.build.user=emy"|' tools/buildinfo.sh; #Override build user
+sed -i 's|echo "ro.build.host=`hostname`"|echo "ro.build.host=dosbm"|' tools/buildinfo.sh; #Override build host
+
+enter "frameworks/base";
+generateBootAnimationMask "$DOS_BRANDING_NAME" "$DOS_BRANDING_BOOTANIMATION_FONT" core/res/assets/images/android-logo-mask.png;
+generateBootAnimationShine "$DOS_BRANDING_BOOTANIMATION_COLOR" "$DOS_BRANDING_BOOTANIMATION_STYLE" core/res/assets/images/android-logo-shine.png;
+
+enter "lineage-sdk";
+sed -i '/.*lineage_version/s/LineageOS/'"$DOS_BRANDING_NAME"'/' lineage/res/res/values*/strings.xml;
+sed -i '/.*lineage_updates/s/LineageOS/'"$DOS_BRANDING_NAME"'/' lineage/res/res/values*/strings.xml;
+sed -i '/.*lineageos_system_label/s/LineageOS/'"$DOS_BRANDING_NAME"'/' lineage/res/res/values*/strings.xml;
+
+enter "packages/apps/LineageParts";
+sed -i '/.*trust_feature_security_patches_explain/s/LineageOS/'"$DOS_BRANDING_NAME"'/' res/values*/strings.xml;
+
+enter "packages/apps/Settings";
+sed -i '/.*lineagelicense_title/s/LineageOS/'"$DOS_BRANDING_NAME"'/' res/values*/cm_strings.xml;
+
+enter "packages/apps/SetupWizard";
+sed -i 's|http://lineageos.org/legal|'"$DOS_BRANDING_LINK_PRIVACY"'|' src/org/lineageos/setupwizard/LineageSettingsActivity.java;
+sed -i '/.*setup_services/s/LineageOS/'"$DOS_BRANDING_NAME"'/' res/values*/strings.xml;
+sed -i '/.*services_explanation/s/LineageOS/'"$DOS_BRANDING_NAME"'/' res/values*/strings.xml;
+
+enter "packages/apps/Updater";
+sed -i 's|0OTA_SERVER_CLEARNET0|'"$DOS_BRANDING_SERVER_OTA"'|' src/org/lineageos/updater/misc/Utils.java;
+sed -i 's|0OTA_SERVER_ONION0|'"$DOS_BRANDING_SERVER_OTA_ONION"'|' src/org/lineageos/updater/misc/Utils.java;
+sed -i 's|>LineageOS|>'"$DOS_BRANDING_NAME"'|' res/values*/strings.xml;
+
+enter "vendor/lineage";
+sed -i 's|https://lineageos.org/legal|'"$DOS_BRANDING_LINK_ABOUT"'|' build/core/main_version.mk
+sed -i '/.*ZIPPATH=/s/lineage/'"$DOS_BRANDING_ZIP_PREFIX"'/' build/envsetup.sh;
+sed -i '/LINEAGE_TARGET_PACKAGE/s/lineage/'"$DOS_BRANDING_ZIP_PREFIX"'/' build/tasks/bacon.mk;
+rm -rf bootanimation;
+
+cd "$DOS_BUILD_BASE";
+echo "Rebranding complete!";

Scripts/init.sh

@@ -44,7 +44,7 @@ export DOS_HOSTS_BLOCKING_APP="DNS66"; #App installed when built-in blocking is
 export DOS_HOSTS_BLOCKING_LIST="https://divestos.xyz/hosts"; #Must be in the format "127.0.0.1 bad.domain.tld"
 export DOS_OVERCLOCKS_ENABLED=false; #Switch to false to disable overclocks #XXX: Most devices have their processors directly under their RAM, heatsinking is mostly into the ground plane, potentially inflicting damage to RAM and the processor itself
 export DOS_LOWRAM_ENABLED=false; #Switch to true to enable low_ram on all devices
-export DOS_STRONG_ENCRYPTION_ENABLED=false; #Switch to true to enable AES-256bit encryption XXX: THIS WILL **DESTROY** EXISTING INSTALLS!
+export DOS_STRONG_ENCRYPTION_ENABLED=false; #Switch to true to enable AES-256bit encryption on 14.1+15.1 XXX: THIS WILL **DESTROY** EXISTING INSTALLS!
 export DOS_NON_COMMERCIAL_USE_PATCHES=false; #Switch to false to prevent inclusion of non-commercial use patches XXX: Unused, see 1dc9247
 
 export DOS_BRANDING_NAME="DivestOS";