Small additions + churn

- 18.1+: Disable NTP fully when automatic time is off, credit GrapheneOS
- 20.0: Handle Tor-over-Orbot when killswitch enabled, credit CalyxOS, BROKEN

Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
Tad 2023-02-18 11:10:50 -05:00
parent 9f82763c53
commit b08bf0356f
No known key found for this signature in database
GPG Key ID: B286E9F57A07424B
10 changed files with 188 additions and 12 deletions

View File

@ -46,7 +46,7 @@
<!-- START OF ADDITIONAL REPOS --> <!-- START OF ADDITIONAL REPOS -->
<!-- GrapheneOS --> <!-- GrapheneOS -->
<project path="external/hardened_malloc" name="GrapheneOS/hardened_malloc" remote="github" revision="13" /> <project path="external/hardened_malloc" name="GrapheneOS/hardened_malloc" remote="github" revision="2250130c537fda373a4362cf7727562287eb1168" />
<project path="external/SecureCamera" name="GrapheneOS/platform_external_Camera" remote="github" revision="13" /> <project path="external/SecureCamera" name="GrapheneOS/platform_external_Camera" remote="github" revision="13" />
<!-- END OF ADDITIONAL REPOS --> <!-- END OF ADDITIONAL REPOS -->

View File

@ -4,13 +4,14 @@ QQ3A.200805.001.2020.09.11.14
PQ3B.190801.002.2019.08.25.15 PQ3B.190801.002.2019.08.25.15
https time https time
12 https://github.com/GrapheneOS/platform_frameworks_base/commit/1d4e3f495b7b544f6314f04243e9d47b3f8e7102 13 https://github.com/GrapheneOS/platform_frameworks_base/commit/2cd879a68511da741cff663c50e3e8489b50ef0f
12 https://github.com/GrapheneOS/platform_frameworks_base/commit/2c04a077ec9f3ac6857885199f49f4845b70ec2e 13 https://github.com/GrapheneOS/platform_frameworks_base/commit/dc650862f0941750c0c1da6e6ba5855586b67a7a
12 https://github.com/GrapheneOS/platform_frameworks_base/commit/4a90523abcacd1b2cb69e82b5622d33185aab044 13 https://github.com/GrapheneOS/platform_frameworks_base/commit/ad7e8988562cc0421d2f70a857fd8a5f2b8347d2
12 https://github.com/GrapheneOS/platform_frameworks_base/commit/88fa99ee2312fac5a0dbf50ac6f407be5700f785 12 https://github.com/GrapheneOS/platform_frameworks_base/commit/ae51cdbf9ff5dd0796c800753288b65e55c24864
12 https://github.com/GrapheneOS/platform_frameworks_base/commit/001d5db924bb2d409494a07fdf69bc91aaf5f86f
12 https://github.com/GrapheneOS/platform_frameworks_base/commit/227ddba2bd897da03cc2f95f79f2317a4465bf8d
11 https://github.com/GrapheneOS/platform_frameworks_base/commit/940beb096b9dc078ec1a051ee8c73667885fa5a9 11 https://github.com/GrapheneOS/platform_frameworks_base/commit/940beb096b9dc078ec1a051ee8c73667885fa5a9
11 https://github.com/GrapheneOS/platform_frameworks_base/commit/b92c2eb03ea574cd4a9def02bb81e99812068595 11 https://github.com/GrapheneOS/platform_frameworks_base/commit/b92c2eb03ea574cd4a9def02bb81e99812068595
11 https://github.com/GrapheneOS/platform_frameworks_base/commit/546c1099f2775391c86f996104d74f307a954a74
11 https://github.com/GrapheneOS/platform_frameworks_base/commit/ec7b5ee8caa40b9100ec5842a6a63aea3b68eae0 11 https://github.com/GrapheneOS/platform_frameworks_base/commit/ec7b5ee8caa40b9100ec5842a6a63aea3b68eae0
10 https://github.com/GrapheneOS/platform_frameworks_base/commit/961eaeb2220d073b8de325f8d5d5927dbf905645 10 https://github.com/GrapheneOS/platform_frameworks_base/commit/961eaeb2220d073b8de325f8d5d5927dbf905645
@ -56,6 +57,12 @@ nojit
9 https://github.com/GrapheneOS/platform_build/commit/5b9927197e63593b9220d1a9280021252ef205e9 9 https://github.com/GrapheneOS/platform_build/commit/5b9927197e63593b9220d1a9280021252ef205e9
9 https://github.com/GrapheneOS/platform_build/commit/e36c7aefaa78a1ed5b94c7f51d29277008eea232 9 https://github.com/GrapheneOS/platform_build/commit/e36c7aefaa78a1ed5b94c7f51d29277008eea232
[partially implemented] disable forced ntp checks
13 https://github.com/GrapheneOS/platform_frameworks_base/commit/4c8a4469a56fad03de58996ccf719b098436f987
12 https://github.com/GrapheneOS/platform_frameworks_base/commit/723fb336f7246585ee1595dd1bf1633528265a8b
11 https://github.com/GrapheneOS/platform_frameworks_base/commit/546c1099f2775391c86f996104d74f307a954a74
10 https://github.com/GrapheneOS/platform_frameworks_base/commit/9300e141fe843876876401fda6beab13d40c78d5
[implemented] strict package verification [implemented] strict package verification
13 https://github.com/GrapheneOS/platform_frameworks_base/commit/6cd9eb28a755c520a398f6ed7b0f2e58ff4ccff2 13 https://github.com/GrapheneOS/platform_frameworks_base/commit/6cd9eb28a755c520a398f6ed7b0f2e58ff4ccff2
13 https://github.com/GrapheneOS/platform_frameworks_base/commit/48f947b0466ce9646d590d5078802cac809460dd 13 https://github.com/GrapheneOS/platform_frameworks_base/commit/48f947b0466ce9646d590d5078802cac809460dd

View File

@ -0,0 +1,29 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Renlord <me@renlord.com>
Date: Tue, 30 Jun 2020 11:52:43 +1000
Subject: [PATCH] dont ping server when nitz time update is toggled off
---
core/java/android/util/NtpTrustedTime.java | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/core/java/android/util/NtpTrustedTime.java b/core/java/android/util/NtpTrustedTime.java
index 0892c94d5bec..17162d65159f 100644
--- a/core/java/android/util/NtpTrustedTime.java
+++ b/core/java/android/util/NtpTrustedTime.java
@@ -141,6 +141,15 @@ public class NtpTrustedTime implements TrustedTime {
@UnsupportedAppUsage
public boolean forceRefresh() {
synchronized (this) {
+ final ContentResolver resolver = mContext.getContentResolver();
+
+ final boolean networkPollTime = Settings.Global.getInt(resolver,
+ Settings.Global.AUTO_TIME, 1) != 0;
+ if (!networkPollTime) {
+ Log.d(TAG, "forceRefresh: nitzTimeUpdate disabled bailing early");
+ return false;
+ }
+
NtpConnectionInfo connectionInfo = getNtpConnectionInfo();
if (connectionInfo == null) {
// missing server config, so no trusted time available

View File

@ -0,0 +1,30 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Renlord <me@renlord.com>
Date: Tue, 30 Jun 2020 11:52:43 +1000
Subject: [PATCH] dont ping server when nitz time update is toggled off
Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
---
core/java/android/util/NtpTrustedTime.java | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/core/java/android/util/NtpTrustedTime.java b/core/java/android/util/NtpTrustedTime.java
index 4ac3178ecb4c..518cfed6e326 100644
--- a/core/java/android/util/NtpTrustedTime.java
+++ b/core/java/android/util/NtpTrustedTime.java
@@ -142,6 +142,15 @@ public class NtpTrustedTime implements TrustedTime {
@UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553)
public boolean forceRefresh() {
synchronized (this) {
+ final ContentResolver resolver = mContext.getContentResolver();
+
+ final boolean networkPollTime = Settings.Global.getInt(resolver,
+ Settings.Global.AUTO_TIME, 1) != 0;
+ if (!networkPollTime) {
+ Log.d(TAG, "forceRefresh: nitzTimeUpdate disabled bailing early");
+ return false;
+ }
+
NtpConnectionInfo connectionInfo = getNtpConnectionInfo();
if (connectionInfo == null) {
// missing server config, so no trusted time available

View File

@ -0,0 +1,81 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Oliver Scott <olivercscott@gmail.com>
Date: Thu, 5 Jan 2023 19:42:40 -0500
Subject: [PATCH] Always add Briar and Tor Browser to Orbot's lockdown
allowlist
Change-Id: I62c2553c8877b946d7e7e1ca4ef113f963d3f8eb
---
.../com/android/server/connectivity/Vpn.java | 35 +++++++++++++++++++
1 file changed, 35 insertions(+)
diff --git a/services/core/java/com/android/server/connectivity/Vpn.java b/services/core/java/com/android/server/connectivity/Vpn.java
index 8510de4ef201..3e5724d36f44 100644
--- a/services/core/java/com/android/server/connectivity/Vpn.java
+++ b/services/core/java/com/android/server/connectivity/Vpn.java
@@ -47,9 +47,11 @@ import android.content.Intent;
import android.content.IntentFilter;
import android.content.ServiceConnection;
import android.content.pm.ApplicationInfo;
+import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.PackageManager.NameNotFoundException;
import android.content.pm.ResolveInfo;
+import android.content.pm.Signature;
import android.content.pm.UserInfo;
import android.net.ConnectivityManager;
import android.net.DnsResolver;
@@ -121,6 +123,7 @@ import android.system.keystore2.KeyPermission;
import android.text.TextUtils;
import android.util.ArraySet;
import android.util.Log;
+import android.util.Pair;
import android.util.Range;
import com.android.internal.R;
@@ -140,6 +143,7 @@ import com.android.server.vcn.util.PersistableBundleUtils;
import libcore.io.IoUtils;
+import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileDescriptor;
import java.io.IOException;
@@ -891,6 +895,37 @@ public class Vpn {
return false;
}
+ final String ORBOT_PACKAGE_NAME = "org.torproject.android";
+ if (ORBOT_PACKAGE_NAME.equals(packageName)) {
+ if (lockdownAllowlist == null) {
+ lockdownAllowlist = new ArrayList<>();
+
+ }
+ final Set<Pair<String, String>> ORBOT_LOCKDOWN_ALLOWLIST = Set.of(
+ new Pair<>("org.torproject.torbrowser
+ new Pair<>("org.briarproject.briar.android
+ );
+ for (Pair<String, String> pair : ORBOT_LOCKDOWN_ALLOWLIST) {
+ try {
+ PackageInfo packageInfo = mUserIdContext.getPackageManager()
+ .getPackageInfo(pair.first, PackageManager.PackageInfoFlags.of(
+ PackageManager.GET_SIGNING_CERTIFICATES));
+ ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
+ for (Signature signature : packageInfo.signingInfo.getApkContentsSigners()) {
+ outputStream.write(signature.toByteArray());
+ }
+ if (!Signature.areEffectiveMatch(new Signature(outputStream.toByteArray()), new Signature(pair.second))) {
+ throw new SecurityException(pair.first + " signature does not match allowlisted signature");
+ }
+ if (!lockdownAllowlist.contains(pair.first)) {
+ lockdownAllowlist.add(pair.first);
+ }
+ } catch (NameNotFoundException | IOException | CertificateException e) {
+ Log.w(TAG, "Failed to add " + pair.first + " to lockdown allowlist", e);
+ }
+ }
+ }
+
if (lockdownAllowlist != null) {
for (String pkg : lockdownAllowlist) {
if (pkg.contains(",")) {

View File

@ -0,0 +1,30 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Renlord <me@renlord.com>
Date: Tue, 30 Jun 2020 11:52:43 +1000
Subject: [PATCH] dont ping server when nitz time update is toggled off
Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
---
core/java/android/util/NtpTrustedTime.java | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/core/java/android/util/NtpTrustedTime.java b/core/java/android/util/NtpTrustedTime.java
index 4e7b3a51d758..06a8322fe5de 100644
--- a/core/java/android/util/NtpTrustedTime.java
+++ b/core/java/android/util/NtpTrustedTime.java
@@ -179,6 +179,15 @@ public class NtpTrustedTime implements TrustedTime {
@UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553)
public boolean forceRefresh() {
synchronized (this) {
+ final ContentResolver resolver = mContext.getContentResolver();
+
+ final boolean networkPollTime = Settings.Global.getInt(resolver,
+ Settings.Global.AUTO_TIME, 1) != 0;
+ if (!networkPollTime) {
+ Log.d(TAG, "forceRefresh: nitzTimeUpdate disabled bailing early");
+ return false;
+ }
+
NtpConnectionInfo connectionInfo = getNtpConnectionInfo();
if (connectionInfo == null) {
// missing server config, so no NTP time available

View File

@ -162,6 +162,7 @@ fi;
applyPatch "$DOS_PATCHES/android_frameworks_base/0019-Random_MAC.patch"; #Add option of always randomizing MAC addresses (GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0019-Random_MAC.patch"; #Add option of always randomizing MAC addresses (GrapheneOS)
applyPatch "$DOS_PATCHES/android_frameworks_base/0020-Burnin_Protection.patch"; #SystemUI: add burnIn protection (arter97) applyPatch "$DOS_PATCHES/android_frameworks_base/0020-Burnin_Protection.patch"; #SystemUI: add burnIn protection (arter97)
applyPatch "$DOS_PATCHES/android_frameworks_base/0021-SUPL_Toggle.patch"; #Add a setting for forcibly disabling SUPL (GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0021-SUPL_Toggle.patch"; #Add a setting for forcibly disabling SUPL (GrapheneOS)
applyPatch "$DOS_PATCHES/android_frameworks_base/0022-Allow_Disabling_NTP.patch"; #Dont ping ntp server when nitz time update is toggled off (GrapheneOS)
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0006-Do-not-throw-in-setAppOnInterfaceLocked.patch"; #Fix random reboots on broken kernels when an app has data restricted XXX: ugly (DivestOS) applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0006-Do-not-throw-in-setAppOnInterfaceLocked.patch"; #Fix random reboots on broken kernels when an app has data restricted XXX: ugly (DivestOS)
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0007-ABI_Warning.patch"; #Warn when running activity from 32 bit app on ARM64 devices. (AOSP) applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0007-ABI_Warning.patch"; #Warn when running activity from 32 bit app on ARM64 devices. (AOSP)
hardenLocationConf services/core/java/com/android/server/location/gps_debug.conf; #Harden the default GPS config hardenLocationConf services/core/java/com/android/server/location/gps_debug.conf; #Harden the default GPS config

View File

@ -172,6 +172,7 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/0026-Crash_Details.patch"; #Add
applyPatch "$DOS_PATCHES/android_frameworks_base/0027-appops_reset_fix-1.patch"; #Revert "Null safe package name in AppOps writeState" (GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0027-appops_reset_fix-1.patch"; #Revert "Null safe package name in AppOps writeState" (GrapheneOS)
applyPatch "$DOS_PATCHES/android_frameworks_base/0027-appops_reset_fix-2.patch"; #appops: skip ops for invalid null package during state serialization (GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0027-appops_reset_fix-2.patch"; #appops: skip ops for invalid null package during state serialization (GrapheneOS)
applyPatch "$DOS_PATCHES/android_frameworks_base/0028-SUPL_Toggle.patch"; #Add a setting for forcibly disabling SUPL (GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0028-SUPL_Toggle.patch"; #Add a setting for forcibly disabling SUPL (GrapheneOS)
applyPatch "$DOS_PATCHES/android_frameworks_base/0029-Allow_Disabling_NTP.patch"; #Dont ping ntp server when nitz time update is toggled off (GrapheneOS)
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0007-ABI_Warning.patch"; #Warn when running activity from 32 bit app on ARM64 devices. (AOSP) applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0007-ABI_Warning.patch"; #Warn when running activity from 32 bit app on ARM64 devices. (AOSP)
hardenLocationConf services/core/java/com/android/server/location/gnss/gps_debug.conf; #Harden the default GPS config hardenLocationConf services/core/java/com/android/server/location/gnss/gps_debug.conf; #Harden the default GPS config
sed -i 's/DEFAULT_USE_COMPACTION = false;/DEFAULT_USE_COMPACTION = true;/' services/core/java/com/android/server/am/CachedAppOptimizer.java; #Enable app compaction by default (GrapheneOS) sed -i 's/DEFAULT_USE_COMPACTION = false;/DEFAULT_USE_COMPACTION = true;/' services/core/java/com/android/server/am/CachedAppOptimizer.java; #Enable app compaction by default (GrapheneOS)

View File

@ -66,7 +66,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-1679/4.14/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-2153/^5.17/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-2153/^5.17/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-2153/^5.17/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-2153/^5.17/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-3061/^5.18/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-3061/^5.18/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-3424/4.9/0004.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-4382/^6.2/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-4382/^6.2/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20148/^5.15/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20148/^5.15/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20369/4.14/0006.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20369/4.14/0006.patch
@ -76,15 +75,11 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-25722/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-27950/^5.16/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-27950/^5.16/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-28388/4.14/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-28388/4.14/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-33225/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-33225/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-36280/4.9/0004.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-45934/4.9/0004.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-0045/4.14/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-0045/4.14/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-0394/4.14/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-0615/4.9/0005.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23559/4.14/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23559/4.14/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-fortify/4.9/0003.patch git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-fortify/4.9/0003.patch
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0016.patch git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0016.patch
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0029.patch git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0029.patch
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-slab/4.9/0005.patch git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-slab/4.9/0005.patch
editKernelLocalversion "-dos.p86" editKernelLocalversion "-dos.p81"
cd "$DOS_BUILD_BASE" cd "$DOS_BUILD_BASE"

View File

@ -181,6 +181,8 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/0030-agnss.goog_override.patch"
applyPatch "$DOS_PATCHES/android_frameworks_base/0031-appops_reset_fix-1.patch"; #Revert "Null safe package name in AppOps writeState" (GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0031-appops_reset_fix-1.patch"; #Revert "Null safe package name in AppOps writeState" (GrapheneOS)
applyPatch "$DOS_PATCHES/android_frameworks_base/0031-appops_reset_fix-2.patch"; #appops: skip ops for invalid null package during state serialization (GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0031-appops_reset_fix-2.patch"; #appops: skip ops for invalid null package during state serialization (GrapheneOS)
applyPatch "$DOS_PATCHES/android_frameworks_base/0032-SUPL_Toggle.patch"; #Add a setting for forcibly disabling SUPL (GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0032-SUPL_Toggle.patch"; #Add a setting for forcibly disabling SUPL (GrapheneOS)
#applyPatch "$DOS_PATCHES/android_frameworks_base/0033-Ugly_Orbot_Workaround.patch"; #Always add Briar and Tor Browser to Orbot's lockdown allowlist (CalyxOS) XXX: BREAKS BOOT
applyPatch "$DOS_PATCHES/android_frameworks_base/0034-Allow_Disabling_NTP.patch"; #Dont ping ntp server when nitz time update is toggled off (GrapheneOS)
hardenLocationConf services/core/java/com/android/server/location/gnss/gps_debug.conf; #Harden the default GPS config hardenLocationConf services/core/java/com/android/server/location/gnss/gps_debug.conf; #Harden the default GPS config
sed -i 's/DEFAULT_USE_COMPACTION = false;/DEFAULT_USE_COMPACTION = true;/' services/core/java/com/android/server/am/CachedAppOptimizer.java; #Enable app compaction by default (GrapheneOS) sed -i 's/DEFAULT_USE_COMPACTION = false;/DEFAULT_USE_COMPACTION = true;/' services/core/java/com/android/server/am/CachedAppOptimizer.java; #Enable app compaction by default (GrapheneOS)
sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox internal logging service sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox internal logging service