From b5bb49824828734e614adbfab6bc13b17c4b0590 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Thu, 13 Jul 2023 11:24:46 -0400
Subject: [PATCH] Many tweaks

- 19.1/20.0: Enable low ram for <6GB devices
- 20.0: support RROs with exec spawning patch from GrapheneOS
- allow work profiles when low ram is enabled
- churn
- cherrypicks

Signed-off-by: Tad <tad@spotco.us>
---
 .../0001-disable_apps.patch                   |   2 +-
 .../0018-Exec_Based_Spawning-14.patch         | 125 ++++++++++++++++++
 .../0022-Ignore_StatementService_ANR.patch    |   4 +-
 .../0026-Crash_Details.patch                  |   4 +-
 .../0036-Hardened-signature-spoofing.patch    |   4 +-
 .../0001-Private_DNS-Migration.patch          |  16 +--
 Scripts/Common/Functions.sh                   |   2 +-
 Scripts/Common/Post.sh                        |   7 +
 Scripts/LineageOS-18.1/Functions.sh           |   3 +-
 Scripts/LineageOS-18.1/Patch.sh               |   9 --
 Scripts/LineageOS-19.1/Functions.sh           |   3 +-
 Scripts/LineageOS-19.1/Patch.sh               |  31 +++--
 Scripts/LineageOS-20.0/Patch.sh               |  19 +++
 13 files changed, 184 insertions(+), 45 deletions(-)
 create mode 100644 Patches/LineageOS-20.0/android_frameworks_base/0018-Exec_Based_Spawning-14.patch

diff --git a/Patches/Common/android_packages_apps_Settings/0001-disable_apps.patch b/Patches/Common/android_packages_apps_Settings/0001-disable_apps.patch
index 59cca0c0..f371eb77 100644
--- a/Patches/Common/android_packages_apps_Settings/0001-disable_apps.patch
+++ b/Patches/Common/android_packages_apps_Settings/0001-disable_apps.patch
@@ -92,7 +92,7 @@ index 1b270d63b4d..77d264772c5 100644
          Uri packageUri = Uri.parse("package:" + packageName);
          Intent uninstallIntent = new Intent(Intent.ACTION_UNINSTALL_PACKAGE, packageUri);
          uninstallIntent.putExtra(Intent.EXTRA_UNINSTALL_ALL_USERS, allUsers);
-+        uninstallIntent.putExtra(Intent.EXTRA_UNINSTALL_SHOW_MORE_OPTIONS_BUTTON, false);
++        //uninstallIntent.putExtra(Intent.EXTRA_UNINSTALL_SHOW_MORE_OPTIONS_BUTTON, false);
  
          mMetricsFeatureProvider.action(
                  mActivity, SettingsEnums.ACTION_SETTINGS_UNINSTALL_APP);
diff --git a/Patches/LineageOS-20.0/android_frameworks_base/0018-Exec_Based_Spawning-14.patch b/Patches/LineageOS-20.0/android_frameworks_base/0018-Exec_Based_Spawning-14.patch
new file mode 100644
index 00000000..e3ae382e
--- /dev/null
+++ b/Patches/LineageOS-20.0/android_frameworks_base/0018-Exec_Based_Spawning-14.patch
@@ -0,0 +1,125 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
+Date: Thu, 30 Mar 2023 17:42:56 +0300
+Subject: [PATCH] exec spawning: support runtime resource overlays
+
+---
+ core/java/android/app/IActivityManager.aidl   |  2 ++
+ .../android/content/res/AssetManager.java     | 33 +++++++++++++++++--
+ .../com/android/internal/os/ExecInit.java     |  4 +++
+ .../server/am/ActivityManagerService.java     |  6 ++++
+ 4 files changed, 43 insertions(+), 2 deletions(-)
+
+diff --git a/core/java/android/app/IActivityManager.aidl b/core/java/android/app/IActivityManager.aidl
+index 8367441b1b95..e582ea40ccf5 100644
+--- a/core/java/android/app/IActivityManager.aidl
++++ b/core/java/android/app/IActivityManager.aidl
+@@ -760,4 +760,6 @@ interface IActivityManager {
+      * </p>
+      */
+     int getBackgroundRestrictionExemptionReason(int uid);
++
++    String[] getSystemIdmapPaths();
+ }
+diff --git a/core/java/android/content/res/AssetManager.java b/core/java/android/content/res/AssetManager.java
+index 4d9c3258f659..2e0ba40c6552 100644
+--- a/core/java/android/content/res/AssetManager.java
++++ b/core/java/android/content/res/AssetManager.java
+@@ -24,6 +24,7 @@ import android.annotation.Nullable;
+ import android.annotation.StringRes;
+ import android.annotation.StyleRes;
+ import android.annotation.TestApi;
++import android.app.ActivityManager;
+ import android.compat.annotation.UnsupportedAppUsage;
+ import android.content.pm.ActivityInfo;
+ import android.content.res.Configuration.NativeConfig;
+@@ -38,6 +39,7 @@ import android.util.TypedValue;
+ import com.android.internal.annotations.GuardedBy;
+ import com.android.internal.annotations.VisibleForTesting;
+ import com.android.internal.content.om.OverlayConfig;
++import com.android.internal.os.ExecInit;
+ 
+ import java.io.FileDescriptor;
+ import java.io.FileNotFoundException;
+@@ -233,6 +235,9 @@ public final class AssetManager implements AutoCloseable {
+         }
+     }
+ 
++    /** @hide */
++    public static volatile String[] systemIdmapPaths_;
++
+     /**
+      * This must be called from Zygote so that system assets are shared by all applications.
+      * @hide
+@@ -249,8 +254,32 @@ public final class AssetManager implements AutoCloseable {
+             final ArrayList<ApkAssets> apkAssets = new ArrayList<>();
+             apkAssets.add(ApkAssets.loadFromPath(frameworkPath, ApkAssets.PROPERTY_SYSTEM));
+ 
+-            final String[] systemIdmapPaths =
+-                    OverlayConfig.getZygoteInstance().createImmutableFrameworkIdmapsInZygote();
++            // createImmutableFrameworkIdmapsInZygote() should be called only in zygote, it fails
++            // in regular processes and is unnecessary there.
++            // When it's called in zygote, overlay state is cached in /data/resource-cache/*@idmap
++            // files. These files are readable by regular app processes.
++            //
++            // When exec-based spawning in used, in-memory cache of assets is lost, and the spawned
++            // process is unable to recreate it, since it's not allowed to create idmaps.
++            //
++            // As a workaround, ask the ActivityManager to return paths of cached idmaps and use
++            // them directly. ActivityManager runs in system_server, which always uses zygote-based
++            // spawning.
++
++            String[] systemIdmapPaths;
++            if (ExecInit.isExecSpawned) {
++                try {
++                    systemIdmapPaths = ActivityManager.getService().getSystemIdmapPaths();
++                    Objects.requireNonNull(systemIdmapPaths);
++                } catch (Throwable t) {
++                    Log.e(TAG, "unable to retrieve systemIdmapPaths", t);
++                    systemIdmapPaths = new String[0];
++                }
++            } else {
++                systemIdmapPaths = OverlayConfig.getZygoteInstance().createImmutableFrameworkIdmapsInZygote();
++                systemIdmapPaths_ = systemIdmapPaths;
++            }
++
+             for (String idmapPath : systemIdmapPaths) {
+                 apkAssets.add(ApkAssets.loadOverlayFromPath(idmapPath, ApkAssets.PROPERTY_SYSTEM));
+             }
+diff --git a/core/java/com/android/internal/os/ExecInit.java b/core/java/com/android/internal/os/ExecInit.java
+index 749c67abf389..39f08b6a0f15 100644
+--- a/core/java/com/android/internal/os/ExecInit.java
++++ b/core/java/com/android/internal/os/ExecInit.java
+@@ -84,6 +84,8 @@ public class ExecInit {
+         }
+     }
+ 
++    public static boolean isExecSpawned;
++
+     /**
+      * The main function called when an application is started with exec-based spawning.
+      *
+@@ -99,6 +101,8 @@ public class ExecInit {
+             Slog.d(RuntimeInit.TAG, "RuntimeInit: Starting application from exec");
+         }
+ 
++        isExecSpawned = true;
++
+         // Check whether the first argument is a "-cp" in argv, and assume the next argument is the
+         // classpath. If found, create a PathClassLoader and use it for applicationInit.
+         ClassLoader classLoader = null;
+diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
+index aa64cbffda24..71458e8568c7 100644
+--- a/services/core/java/com/android/server/am/ActivityManagerService.java
++++ b/services/core/java/com/android/server/am/ActivityManagerService.java
+@@ -18597,4 +18597,10 @@ public class ActivityManagerService extends IActivityManager.Stub
+             Trace.traceBegin(traceTag, methodName + subInfo);
+         }
+     }
++
++    @Override
++    public String[] getSystemIdmapPaths() {
++        // see comment in AssetManager#createSystemAssetsInZygoteLocked()
++        return android.content.res.AssetManager.systemIdmapPaths_;
++    }
+ }
diff --git a/Patches/LineageOS-20.0/android_frameworks_base/0022-Ignore_StatementService_ANR.patch b/Patches/LineageOS-20.0/android_frameworks_base/0022-Ignore_StatementService_ANR.patch
index dbb11ab8..313a4b76 100644
--- a/Patches/LineageOS-20.0/android_frameworks_base/0022-Ignore_StatementService_ANR.patch
+++ b/Patches/LineageOS-20.0/android_frameworks_base/0022-Ignore_StatementService_ANR.patch
@@ -12,10 +12,10 @@ they get a message each time it tries again.
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml
-index 91dd9179c329..a01ec67630de 100644
+index f5ed2e508411..a7eae9c60b46 100644
 --- a/core/res/res/values/config.xml
 +++ b/core/res/res/values/config.xml
-@@ -3890,7 +3890,7 @@
+@@ -3893,7 +3893,7 @@
  
      <!-- List of comma separated package names for which we the system will not show crash, ANR,
           etc. dialogs. -->
diff --git a/Patches/LineageOS-20.0/android_frameworks_base/0026-Crash_Details.patch b/Patches/LineageOS-20.0/android_frameworks_base/0026-Crash_Details.patch
index 36cab594..6ca17d4d 100644
--- a/Patches/LineageOS-20.0/android_frameworks_base/0026-Crash_Details.patch
+++ b/Patches/LineageOS-20.0/android_frameworks_base/0026-Crash_Details.patch
@@ -122,10 +122,10 @@ index e0ca922bf686..2ff3933a5cd8 100644
 +    <string name="aerr_show_details">Show details</string>
  </resources>
 diff --git a/core/res/res/values/symbols.xml b/core/res/res/values/symbols.xml
-index c767df56860c..a90c66763fbc 100644
+index 7d8e2f818ce9..6ffcf51936fc 100644
 --- a/core/res/res/values/symbols.xml
 +++ b/core/res/res/values/symbols.xml
-@@ -4911,6 +4911,9 @@
+@@ -4912,6 +4912,9 @@
    <java-symbol type="id" name="language_picker_item" />
    <java-symbol type="id" name="language_picker_header" />
  
diff --git a/Patches/LineageOS-20.0/android_frameworks_base/0036-Hardened-signature-spoofing.patch b/Patches/LineageOS-20.0/android_frameworks_base/0036-Hardened-signature-spoofing.patch
index c16d4d7d..dba14206 100644
--- a/Patches/LineageOS-20.0/android_frameworks_base/0036-Hardened-signature-spoofing.patch
+++ b/Patches/LineageOS-20.0/android_frameworks_base/0036-Hardened-signature-spoofing.patch
@@ -79,10 +79,10 @@ index 1e659b74db77..00d669ab24e7 100644
      private void __metadata() {}
  
 diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml
-index a01ec67630de..20ab9e79ae79 100644
+index a7eae9c60b46..dbd475b52f02 100644
 --- a/core/res/res/values/config.xml
 +++ b/core/res/res/values/config.xml
-@@ -2011,6 +2011,8 @@
+@@ -2014,6 +2014,8 @@
      <string-array name="config_locationProviderPackageNames" translatable="false">
          <!-- The standard AOSP fused location provider -->
          <item>com.android.location.fused</item>
diff --git a/Patches/LineageOS-20.0/android_lineage-sdk/0001-Private_DNS-Migration.patch b/Patches/LineageOS-20.0/android_lineage-sdk/0001-Private_DNS-Migration.patch
index 5cebd132..08530430 100644
--- a/Patches/LineageOS-20.0/android_lineage-sdk/0001-Private_DNS-Migration.patch
+++ b/Patches/LineageOS-20.0/android_lineage-sdk/0001-Private_DNS-Migration.patch
@@ -9,14 +9,14 @@ Credit: CalyxOS
 
 Change-Id: Ie3990a6e789be22da0c7771d85ad71034ed334eb
 ---
- .../LineageDatabaseHelper.java                | 61 +++++++++++++++++++
- 1 file changed, 61 insertions(+)
+ .../LineageDatabaseHelper.java                | 60 +++++++++++++++++++
+ 1 file changed, 60 insertions(+)
 
 diff --git a/packages/LineageSettingsProvider/src/org/lineageos/lineagesettings/LineageDatabaseHelper.java b/packages/LineageSettingsProvider/src/org/lineageos/lineagesettings/LineageDatabaseHelper.java
-index 3e468f2d..9ae6726d 100644
+index 4f1ee43b..fae437bd 100644
 --- a/packages/LineageSettingsProvider/src/org/lineageos/lineagesettings/LineageDatabaseHelper.java
 +++ b/packages/LineageSettingsProvider/src/org/lineageos/lineagesettings/LineageDatabaseHelper.java
-@@ -162,6 +162,66 @@ public class LineageDatabaseHelper extends SQLiteOpenHelper{
+@@ -163,6 +163,66 @@ public class LineageDatabaseHelper extends SQLiteOpenHelper{
          } catch (PackageManager.NameNotFoundException e) {
              e.printStackTrace();
          }
@@ -83,11 +83,3 @@ index 3e468f2d..9ae6726d 100644
      }
  
      /**
-@@ -459,6 +519,7 @@ public class LineageDatabaseHelper extends SQLiteOpenHelper{
-                     oldSetting);
-             upgradeVersion = 18;
-         }
-+
-         // *** Remember to update DATABASE_VERSION above!
-         if (upgradeVersion != newVersion) {
-             Log.wtf(TAG, "warning: upgrading settings database to version "
diff --git a/Scripts/Common/Functions.sh b/Scripts/Common/Functions.sh
index d153fbb4..f59269f5 100644
--- a/Scripts/Common/Functions.sh
+++ b/Scripts/Common/Functions.sh
@@ -688,7 +688,7 @@ fixupCarrierConfigs() {
 	local pathsToFixup="packages/apps/CarrierConfig/assets/*.xml device/*/*/overlay/packages/apps/CarrierConfig/res/xml/vendor.xml device/*/*/overlay/CarrierConfigResCommon/res/xml/vendor.xml device/*/*/rro_overlays/CarrierConfigOverlay/res/xml/vendor.xml";
 	#Things we don't want
 	#Reference (BSD-3-Clause): https://github.com/GrapheneOS/carriersettings-extractor/blob/13/carriersettings_extractor.py
-	local ccLines="allow_adding_apns_bool|apn_expand_bool|hide_ims_apn_bool|hide_preset_apn_details_bool|hide_enable_2g_bool";
+	local ccLines="allow_adding_apns_bool|apn_expand_bool|hide_ims_apn_bool|hide_preset_apn_details_bool|hide_enable_2g_bool|gps.lpp_profile|gps.persist_lpp_mode_bool";
 	sed -i -E "/($ccLines)/d" $pathsToFixup;
 	local ccArrays="read_only_apn_fields_string_array|read_only_apn_types_string_array";
 	sed -i -E "/("$ccArrays").*num=\"0\"/d" $pathsToFixup; #ugly hack because next line is very greedy
diff --git a/Scripts/Common/Post.sh b/Scripts/Common/Post.sh
index 3320d672..4f27a002 100644
--- a/Scripts/Common/Post.sh
+++ b/Scripts/Common/Post.sh
@@ -30,6 +30,10 @@ sed -i 's/static int slab_nomerge;/static int slab_nomerge = 1;/' kernel/*/*/mm/
 sed -i 's/static bool slab_nomerge = !IS_ENABLED(CONFIG_SLAB_MERGE_DEFAULT);/static bool slab_nomerge = true;/' kernel/*/*/mm/slab_common.c &>/dev/null || true; #4.13+
 sed -i 's/static bool slab_nomerge __ro_after_init = !IS_ENABLED(CONFIG_SLAB_MERGE_DEFAULT);/static bool slab_nomerge __ro_after_init = true;/' kernel/*/*/mm/slab_common.c &>/dev/null || true; #4.13+
 
+#Enable KSM #XXX testing only
+#sed -i 's/unsigned int ksm_run = KSM_RUN_STOP;/unsigned int ksm_run = KSM_RUN_MERGE;/' kernel/*/*/mm/ksm.c &>/dev/null || true;
+#sed -i 's/unsigned long ksm_run = KSM_RUN_STOP;/unsigned long ksm_run = KSM_RUN_MERGE;/' kernel/*/*/mm/ksm.c &>/dev/null || true;
+
 #Enable page poisoning
 #Commented as set by defconfig
 #sed -i 's/= IS_ENABLED(CONFIG_PAGE_POISONING_ENABLE_DEFAULT);/= true;/' kernel/*/*/mm/page_poison.c &>/dev/null || true; #4.4+ #XXX: shouldn't be enabled past 5.3
@@ -41,5 +45,8 @@ sed -i 's/static bool slab_nomerge __ro_after_init = !IS_ENABLED(CONFIG_SLAB_MER
 awk -i inplace '!/persist.device_config.runtime_native.usap_pool_enabled=true/' device/*/*/*.prop &>/dev/null || true;
 awk -i inplace '!/config_pinnerCameraApp/' device/*/*/overlay/frameworks/base/core/res/res/values/config.xml &>/dev/null || true;
 
+#Allow Work Profiles in low_ram mode
+sed -i '/android.software.managed_users/s/notLowRam="true"//' frameworks/native/data/etc/handheld_core_hardware.xml || true;
+
 cd "$DOS_BUILD_BASE";
 echo -e "\e[0;32m[SCRIPT COMPLETE] Post tweaks complete\e[0m";
diff --git a/Scripts/LineageOS-18.1/Functions.sh b/Scripts/LineageOS-18.1/Functions.sh
index af8660a7..a8294472 100644
--- a/Scripts/LineageOS-18.1/Functions.sh
+++ b/Scripts/LineageOS-18.1/Functions.sh
@@ -114,11 +114,10 @@ patchWorkspaceReal() {
 	verifyAllPlatformTags;
 	gpgVerifyGitHead "$DOS_BUILD_BASE/external/chromium-webview";
 
-	source build/envsetup.sh;
+	#source build/envsetup.sh;
 	#repopick -it eleven-firewall;
 	#repopick -i 314453; #TaskViewTouchController: Null check current animation on drag
 	#repopick -i 325011; #lineage: Opt-in to shipping full recovery image by default
-	repopick -it R_asb_2023-07;
 
 	sh "$DOS_SCRIPTS/Patch.sh";
 	sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";
diff --git a/Scripts/LineageOS-18.1/Patch.sh b/Scripts/LineageOS-18.1/Patch.sh
index 45667d83..92919859 100644
--- a/Scripts/LineageOS-18.1/Patch.sh
+++ b/Scripts/LineageOS-18.1/Patch.sh
@@ -95,7 +95,6 @@ sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aap
 awk -i inplace '!/updatable_apex.mk/' target/product/mainline_system.mk; #Disable APEX
 sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
 #sed -i 's/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := true/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := false/' core/product_config.mk; #broken by hardenDefconfig
-sed -i 's/2023-06-05/2023-07-05/' core/version_defaults.mk; #Bump Security String #R_asb_2023-07 #XXX
 fi;
 
 if enterAndClear "build/soong"; then
@@ -117,10 +116,6 @@ if enterAndClear "external/conscrypt"; then
 if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_external_conscrypt/0001-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS)
 fi;
 
-if enterAndClear "external/freetype"; then
-git fetch https://github.com/LineageOS/android_external_freetype refs/changes/51/360951/1 && git cherry-pick FETCH_HEAD; #R_asb_2023-07
-fi;
-
 if [ "$DOS_GRAPHENE_MALLOC" = true ]; then
 if enterAndClear "external/hardened_malloc"; then
 applyPatch "$DOS_PATCHES/android_external_hardened_malloc/0001-Broken_Cameras.patch"; #Expand workaround to all camera executables (DivestOS)
@@ -426,10 +421,6 @@ if enterAndClear "system/vold"; then
 git revert --no-edit 3461ff5c9ad334c96780f3da14f1d23fcbee63ad; #breaks mako first boot
 fi;
 
-if enterAndClear "tools/apksig"; then
-git fetch https://github.com/LineageOS/android_tools_apksig refs/changes/73/360973/1 && git cherry-pick FETCH_HEAD; #R_asb_2023-07
-fi;
-
 if enterAndClear "vendor/lineage"; then
 rm build/target/product/security/lineage.x509.pem; #Remove Lineage keys
 rm -rf overlay/common/lineage-sdk/packages/LineageSettingsProvider/res/values/defaults.xml; #Remove analytics
diff --git a/Scripts/LineageOS-19.1/Functions.sh b/Scripts/LineageOS-19.1/Functions.sh
index 8c3e2dcb..ddbf9747 100644
--- a/Scripts/LineageOS-19.1/Functions.sh
+++ b/Scripts/LineageOS-19.1/Functions.sh
@@ -88,10 +88,9 @@ patchWorkspaceReal() {
 	verifyAllPlatformTags;
 	gpgVerifyGitHead "$DOS_BUILD_BASE/external/chromium-webview";
 
-	source build/envsetup.sh;
+	#source build/envsetup.sh;
 	#repopick -ift twelve-bt-sbc-hd-dualchannel;
 	#repopick -it twelve-colors;
-	repopick -it S_asb_2023-07;
 
 	sh "$DOS_SCRIPTS/Patch.sh";
 	sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";
diff --git a/Scripts/LineageOS-19.1/Patch.sh b/Scripts/LineageOS-19.1/Patch.sh
index 413244ac..b3b7c209 100644
--- a/Scripts/LineageOS-19.1/Patch.sh
+++ b/Scripts/LineageOS-19.1/Patch.sh
@@ -97,7 +97,6 @@ sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aap
 awk -i inplace '!/updatable_apex.mk/' target/product/generic_system.mk; #Disable APEX
 sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
 #sed -i 's/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := true/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := false/' core/product_config.mk; #broken by hardenDefconfig
-sed -i 's/2023-06-05/2023-07-05/' core/version_defaults.mk; #Bump Security String #S_asb_2023-07 #XXX
 fi;
 
 if enterAndClear "build/soong"; then
@@ -114,10 +113,6 @@ if enterAndClear "external/conscrypt"; then
 if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_external_conscrypt/0001-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS)
 fi;
 
-if enterAndClear "external/freetype"; then
-git fetch https://github.com/LineageOS/android_external_freetype refs/changes/29/360929/1 && git cherry-pick FETCH_HEAD; #S_asb_2023-07
-fi;
-
 if [ "$DOS_GRAPHENE_MALLOC" = true ]; then
 if enterAndClear "external/hardened_malloc"; then
 applyPatch "$DOS_PATCHES/android_external_hardened_malloc/0001-Broken_Cameras-1.patch"; #Workarounds for Pixel 3 SoC era camera driver bugs (GrapheneOS)
@@ -427,10 +422,6 @@ if enterAndClear "system/update_engine"; then
 git revert --no-edit a5a18ac5e2a2377fe036fcae93548967a7b40470; #Do not skip payload signature verification
 fi;
 
-if enterAndClear "tools/apksig"; then
-git fetch https://github.com/LineageOS/android_tools_apksig refs/changes/46/360946/1 && git cherry-pick FETCH_HEAD; #S_asb_2023-07
-fi;
-
 if enterAndClear "vendor/lineage"; then
 rm build/target/product/security/lineage.x509.pem; #Remove Lineage keys
 rm -rf overlay/common/lineage-sdk/packages/LineageSettingsProvider/res/values/defaults.xml; #Remove analytics
@@ -500,9 +491,25 @@ removeUntrustedCerts || true;
 cd "$DOS_BUILD_BASE";
 #rm -rfv device/*/*/overlay/CarrierConfigResCommon device/*/*/rro_overlays/CarrierConfigOverlay device/*/*/overlay/packages/apps/CarrierConfig/res/xml/vendor.xml;
 
-#Tweaks for <4GB RAM devices
-#enableLowRam "device/sony/kirin" "kirin";
-#enableLowRam "device/sony/pioneer" "pioneer";
+#Tweaks for 3GB RAM devices
+enableLowRam "device/sony/kirin" "kirin";
+enableLowRam "device/sony/pioneer" "pioneer";
+#Tweaks for 4GB RAM devices
+enableLowRam "device/lge/h830" "h830";
+enableLowRam "device/lge/h850" "h850";
+enableLowRam "device/lge/h870" "h870";
+enableLowRam "device/lge/h910" "h910";
+enableLowRam "device/lge/h918" "h918";
+enableLowRam "device/lge/h990" "h990";
+enableLowRam "device/lge/ls997" "ls997";
+enableLowRam "device/lge/rs988" "rs988";
+enableLowRam "device/lge/us996" "us996";
+enableLowRam "device/lge/us997" "us997";
+enableLowRam "device/lge/vs995" "vs995";
+enableLowRam "device/sony/discovery" "discovery";
+#Tweaks for 4GB/6GB RAM devices
+#enableLowRam "device/sony/voyager" "voyager";
+#enableLowRam "device/sony/mermaid" "mermaid";
 
 #Fix broken options enabled by hardenDefconfig()
 #none yet
diff --git a/Scripts/LineageOS-20.0/Patch.sh b/Scripts/LineageOS-20.0/Patch.sh
index a7348eb0..6a56801b 100644
--- a/Scripts/LineageOS-20.0/Patch.sh
+++ b/Scripts/LineageOS-20.0/Patch.sh
@@ -161,6 +161,7 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-10.pat
 applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-11.patch";
 applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-12.patch";
 applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-13.patch";
+applyPatch "$DOS_PATCHES/android_frameworks_base/0018-Exec_Based_Spawning-14.patch";
 sed -i 's/sys.spawn.exec/persist.security.exec_spawn_new/' core/java/com/android/internal/os/ZygoteConnection.java;
 fi;
 applyPatch "$DOS_PATCHES/android_frameworks_base/0020-Location_Indicators.patch"; #SystemUI: Use new privacy indicators for location (GrapheneOS)
@@ -514,6 +515,24 @@ removeUntrustedCerts || true;
 cd "$DOS_BUILD_BASE";
 #rm -rfv device/*/*/overlay/CarrierConfigResCommon device/*/*/rro_overlays/CarrierConfigOverlay device/*/*/overlay/packages/apps/CarrierConfig/res/xml/vendor.xml;
 
+#Tweaks for <4GB RAM devices
+enableLowRam "device/xiaomi/Mi8937" "Mi8917";
+enableLowRam "device/xiaomi/Mi8937" "Mi8937";
+#Tweaks for 4GB RAM devices
+enableLowRam "device/essential/mata" "mata";
+enableLowRam "device/fairphone/FP3" "FP3";
+enableLowRam "device/google/bonito" "bonito";
+enableLowRam "device/google/bonito" "sargo";
+enableLowRam "device/google/crosshatch" "blueline";
+enableLowRam "device/google/crosshatch" "crosshatch";
+enableLowRam "device/google/muskie/walleye" "walleye";
+enableLowRam "device/google/taimen" "taimen";
+enableLowRam "device/samsung/starlte" "starlte";
+#Tweaks for 4GB/6GB RAM devices
+#enableLowRam "device/sony/akari" "akari";
+#enableLowRam "device/sony/akatsuki" "akatsuki";
+#enableLowRam "device/sony/xz2c" "xz2c";
+
 #Fix broken options enabled by hardenDefconfig()
 [[ -d kernel/fairphone/sdm632 ]] && sed -i "s/CONFIG_PREEMPT_TRACER=n/CONFIG_PREEMPT_TRACER=y/" kernel/fairphone/sdm632/arch/arm64/configs/lineageos_*_defconfig; #Breaks on compile
 [[ -d kernel/google/msm-4.9 ]] && sed -i "s/CONFIG_DEBUG_NOTIFIERS=y/# CONFIG_DEBUG_NOTIFIERS is not set/" kernel/google/msm-4.9/arch/arm64/configs/*_defconfig; #Likely breaks boot