mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-24 15:09:34 -05:00
More cleanup
This commit is contained in:
parent
add30db605
commit
c23646ebd5
@ -63,12 +63,6 @@
|
||||
|
||||
<!-- START OF ADDITIONAL REPOS -->
|
||||
<!--<project path="external/swiftshader" name="google/swiftshader" remote="github" revision="master" />-->
|
||||
|
||||
<!-- F-Droid -->
|
||||
<remote name="fdroid" fetch="https://gitlab.com/fdroid/" />
|
||||
|
||||
<!-- GrapheneOS
|
||||
<project path="external/hardened_malloc" name="GrapheneOS/hardened_malloc" remote="github" revision="master" />-->
|
||||
<!-- END OF ADDITIONAL REPOS -->
|
||||
|
||||
<!-- START OF DEVICE REPOS -->
|
||||
|
@ -67,18 +67,6 @@
|
||||
<project path="external/swiftshader" name="google/swiftshader" remote="github" revision="master" />-->
|
||||
<!-- END OF BRANCH SWITCHING -->
|
||||
|
||||
<!-- START OF ADDITIONAL REPOS -->
|
||||
<!-- Backup
|
||||
<remote name="stevesoltys-github" fetch="https://github.com/stevesoltys/" revision="refs/heads/master" />
|
||||
<project path="packages/apps/Backup" name="backup" remote="stevesoltys-github" /> -->
|
||||
|
||||
<!-- F-Droid -->
|
||||
<remote name="fdroid" fetch="https://gitlab.com/fdroid/" />
|
||||
|
||||
<!-- GrapheneOS
|
||||
<project path="external/hardened_malloc" name="GrapheneOS/hardened_malloc" remote="github" revision="master" />-->
|
||||
<!-- END OF ADDITIONAL REPOS -->
|
||||
|
||||
<!-- START OF DEVICE REPOS -->
|
||||
<!-- Common -->
|
||||
<project path="packages/resources/devicesettings" name="LineageOS/android_packages_resources_devicesettings" remote="github" />
|
||||
|
@ -66,21 +66,11 @@
|
||||
<!-- START OF BRANCH SWITCHING -->
|
||||
<!--<remove-project name="platform/external/swiftshader" />
|
||||
<project path="external/swiftshader" name="google/swiftshader" remote="github" revision="master" />-->
|
||||
|
||||
<!--<remove-project name="LineageOS/android_bootable_recovery" />
|
||||
<project path="bootable/recovery" name="platform/bootable/recovery" groups="pdk" remote="aosp" />-->
|
||||
<!-- END OF BRANCH SWITCHING -->
|
||||
|
||||
<!-- START OF ADDITIONAL REPOS -->
|
||||
<project path="external/svox" name="platform/external/svox" groups="pdk" remote="aosp" revision="master" />
|
||||
<project path="prebuilts/gcc/linux-x86/arm/arm-eabi-4.8" name="platform/prebuilts/gcc/linux-x86/arm/arm-eabi-4.8" groups="pdk,linux,arm" clone-depth="1" remote="aosp" revision="refs/tags/android-8.1.0_r52" />
|
||||
|
||||
<!-- Backup
|
||||
<remote name="stevesoltys-github" fetch="https://github.com/stevesoltys/" revision="refs/heads/master" />
|
||||
<project path="packages/apps/Backup" name="backup" remote="stevesoltys-github" /> -->
|
||||
|
||||
<!-- F-Droid -->
|
||||
<remote name="fdroid" fetch="https://gitlab.com/fdroid/" />
|
||||
<project path="prebuilts/gcc/linux-x86/arm/arm-eabi-4.8" name="platform/prebuilts/gcc/linux-x86/arm/arm-eabi-4.8" groups="pdk,linux,arm" clone-depth="1" remote="aosp" revision="refs/tags/android-8.1.0_r81" />
|
||||
|
||||
<!-- GrapheneOS -->
|
||||
<project path="external/hardened_malloc" name="GrapheneOS/hardened_malloc" remote="github" revision="464bfd4d829927f19fd5d2729a101ee241319d1e" />
|
||||
|
@ -64,21 +64,11 @@
|
||||
<!-- START OF BRANCH SWITCHING -->
|
||||
<!--<remove-project name="platform/external/swiftshader" />
|
||||
<project path="external/swiftshader" name="google/swiftshader" remote="github" revision="master" />-->
|
||||
|
||||
<!--<remove-project name="LineageOS/android_bootable_recovery" />
|
||||
<project path="bootable/recovery" name="platform/bootable/recovery" groups="pdk" remote="aosp" />-->
|
||||
<!-- END OF BRANCH SWITCHING -->
|
||||
|
||||
<!-- START OF ADDITIONAL REPOS -->
|
||||
<project path="external/svox" name="platform/external/svox" groups="pdk" remote="aosp" revision="master" />
|
||||
<project path="prebuilts/gcc/linux-x86/arm/arm-eabi-4.8" name="platform/prebuilts/gcc/linux-x86/arm/arm-eabi-4.8" groups="pdk,linux,arm" clone-depth="1" remote="aosp" revision="refs/tags/android-8.1.0_r52" />
|
||||
|
||||
<!-- Backup
|
||||
<remote name="stevesoltys-github" fetch="https://github.com/stevesoltys/" revision="refs/heads/master" />
|
||||
<project path="packages/apps/Backup" name="backup" remote="stevesoltys-github" /> -->
|
||||
|
||||
<!-- F-Droid -->
|
||||
<remote name="fdroid" fetch="https://gitlab.com/fdroid/" />
|
||||
<project path="prebuilts/gcc/linux-x86/arm/arm-eabi-4.8" name="platform/prebuilts/gcc/linux-x86/arm/arm-eabi-4.8" groups="pdk,linux,arm" clone-depth="1" remote="aosp" revision="refs/tags/android-8.1.0_r81" />
|
||||
|
||||
<!-- GrapheneOS -->
|
||||
<project path="external/hardened_malloc" name="GrapheneOS/hardened_malloc" remote="github" revision="526ccd915180ae9d0464f4e92c1c485c2ec91dec" />
|
||||
@ -90,7 +80,7 @@
|
||||
<project path="external/bson" name="LineageOS/android_external_bson" remote="github" />
|
||||
<project path="external/sony/boringssl-compat" name="LineageOS/android_external_sony_boringssl-compat" remote="github" />
|
||||
<project path="hardware/sony/thermanager" name="LineageOS/android_hardware_sony_thermanager" remote="github" />
|
||||
<!--<project path="hardware/sony/timekeep" name="LineageOS/android_hardware_sony_timekeep" remote="github" />-->
|
||||
<project path="hardware/sony/timekeep" name="LineageOS/android_hardware_sony_timekeep" remote="github" />
|
||||
|
||||
<!-- Essential PH-1 (mata) -->
|
||||
<project path="device/essential/mata" name="LineageOS/android_device_essential_mata" remote="github" />
|
||||
|
@ -1,129 +0,0 @@
|
||||
From f6ce62a62d47d3f8469ef6aa4749e07e644de5d0 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Wed, 5 Dec 2018 01:51:56 -0500
|
||||
Subject: [PATCH] add hardened_malloc library
|
||||
|
||||
---
|
||||
libc/Android.bp | 48 ++++++++++++++++++++++++++++-------
|
||||
libc/bionic/malloc_common.cpp | 5 ++++
|
||||
2 files changed, 44 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/libc/Android.bp b/libc/Android.bp
|
||||
index c92acf70b..877ff7f4f 100644
|
||||
--- a/libc/Android.bp
|
||||
+++ b/libc/Android.bp
|
||||
@@ -83,6 +83,8 @@ cc_defaults {
|
||||
"-Werror=int-to-pointer-cast",
|
||||
"-Werror=type-limits",
|
||||
"-Werror",
|
||||
+
|
||||
+ "-DH_MALLOC_PREFIX",
|
||||
],
|
||||
// TODO: split out the asflags.
|
||||
asflags: [
|
||||
@@ -96,10 +98,21 @@ cc_defaults {
|
||||
"-Werror=int-to-pointer-cast",
|
||||
"-Werror=type-limits",
|
||||
"-Werror",
|
||||
+
|
||||
+ "-DH_MALLOC_PREFIX",
|
||||
],
|
||||
conlyflags: ["-std=gnu99"],
|
||||
cppflags: [],
|
||||
- include_dirs: ["external/jemalloc/include"],
|
||||
+ include_dirs: [],
|
||||
+
|
||||
+ multilib: {
|
||||
+ lib32: {
|
||||
+ include_dirs: ["external/jemalloc/include"],
|
||||
+ },
|
||||
+ lib64: {
|
||||
+ include_dirs: ["external/hardened_malloc/"],
|
||||
+ },
|
||||
+ },
|
||||
|
||||
arch: {
|
||||
// Clang/llvm has incompatible long double (fp128) for x86_64.
|
||||
@@ -1601,11 +1614,6 @@ cc_library_static {
|
||||
name: "libc_ndk",
|
||||
defaults: ["libc_defaults"],
|
||||
srcs: libc_common_src_files + ["bionic/malloc_common.cpp"],
|
||||
- multilib: {
|
||||
- lib32: {
|
||||
- srcs: libc_common_src_files_32,
|
||||
- },
|
||||
- },
|
||||
arch: {
|
||||
arm: {
|
||||
srcs: [
|
||||
@@ -1635,8 +1643,17 @@ cc_library_static {
|
||||
"libc_syscalls",
|
||||
"libc_tzcode",
|
||||
"libm",
|
||||
- "libjemalloc",
|
||||
],
|
||||
+
|
||||
+ multilib: {
|
||||
+ lib32: {
|
||||
+ srcs: libc_common_src_files_32,
|
||||
+ whole_static_libs: ["libjemalloc"],
|
||||
+ },
|
||||
+ lib64: {
|
||||
+ whole_static_libs: ["libhardened_malloc"],
|
||||
+ },
|
||||
+ },
|
||||
}
|
||||
|
||||
// ========================================================
|
||||
@@ -1714,7 +1731,11 @@ cc_library_static {
|
||||
// ========================================================
|
||||
cc_library_static {
|
||||
defaults: ["libc_defaults"],
|
||||
- srcs: ["bionic/jemalloc_wrapper.cpp"],
|
||||
+ multilib: {
|
||||
+ lib32: {
|
||||
+ srcs: ["bionic/jemalloc_wrapper.cpp"],
|
||||
+ },
|
||||
+ },
|
||||
cflags: ["-fvisibility=hidden"],
|
||||
|
||||
name: "libc_malloc",
|
||||
@@ -1765,7 +1786,16 @@ cc_library {
|
||||
// you wanted!
|
||||
|
||||
shared_libs: ["libdl"],
|
||||
- whole_static_libs: ["libc_common", "libjemalloc"],
|
||||
+ whole_static_libs: ["libc_common"],
|
||||
+
|
||||
+ multilib: {
|
||||
+ lib32: {
|
||||
+ whole_static_libs: ["libjemalloc"],
|
||||
+ },
|
||||
+ lib64: {
|
||||
+ whole_static_libs: ["libhardened_malloc"],
|
||||
+ },
|
||||
+ },
|
||||
|
||||
// We'd really like to do this for all architectures, but since this wasn't done
|
||||
// before, these symbols must continue to be exported on LP32 for binary
|
||||
diff --git a/libc/bionic/malloc_common.cpp b/libc/bionic/malloc_common.cpp
|
||||
index e05061917..af544f3e1 100644
|
||||
--- a/libc/bionic/malloc_common.cpp
|
||||
+++ b/libc/bionic/malloc_common.cpp
|
||||
@@ -46,8 +46,13 @@
|
||||
#include <private/bionic_globals.h>
|
||||
#include <private/bionic_malloc_dispatch.h>
|
||||
|
||||
+#ifdef __LP64__
|
||||
+#include "h_malloc.h"
|
||||
+#define Malloc(function) h_ ## function
|
||||
+#else
|
||||
#include "jemalloc.h"
|
||||
#define Malloc(function) je_ ## function
|
||||
+#endif
|
||||
|
||||
static constexpr MallocDispatch __libc_malloc_default_dispatch
|
||||
__attribute__((unused)) = {
|
||||
--
|
||||
2.20.1
|
||||
|
@ -1,36 +0,0 @@
|
||||
From 0896379253e9f87f6bdf19147068b800d0a7ef76 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Wed, 5 Dec 2018 09:29:25 -0500
|
||||
Subject: [PATCH] avoid setting RLIMIT_AS with hardened malloc
|
||||
|
||||
This needs to be ported to a better mechanism like memory control groups
|
||||
in order to remain compatible with hardening mechanisms based on large
|
||||
PROT_NONE address space reservations.
|
||||
|
||||
Change-Id: Ibfb7164d764fcb9244055953bedc9a1c424cedcb
|
||||
---
|
||||
media/libmedia/MediaUtils.cpp | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/media/libmedia/MediaUtils.cpp b/media/libmedia/MediaUtils.cpp
|
||||
index a02ca65a7..bb93e3d27 100644
|
||||
--- a/media/libmedia/MediaUtils.cpp
|
||||
+++ b/media/libmedia/MediaUtils.cpp
|
||||
@@ -31,6 +31,14 @@ void limitProcessMemory(
|
||||
size_t numberOfBytes,
|
||||
size_t percentageOfTotalMem) {
|
||||
|
||||
+#ifdef __LP64__
|
||||
+ // This needs to be ported to a better mechanism like memory control groups
|
||||
+ // in order to remain compatible with hardening mechanisms based on large
|
||||
+ // PROT_NONE address space reservations.
|
||||
+ ALOGW("Running with hardened malloc implementation, skip enforcing memory limitations.");
|
||||
+ return;
|
||||
+#endif
|
||||
+
|
||||
long pageSize = sysconf(_SC_PAGESIZE);
|
||||
long numPages = sysconf(_SC_PHYS_PAGES);
|
||||
size_t maxMem = SIZE_MAX;
|
||||
--
|
||||
2.20.1
|
||||
|
@ -1,126 +0,0 @@
|
||||
From 2fbd005f1c87938133f94b574b96caa5dbd8f3fd Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Wed, 5 Dec 2018 01:51:56 -0500
|
||||
Subject: [PATCH] add hardened_malloc library
|
||||
|
||||
---
|
||||
libc/Android.bp | 45 ++++++++++++++++++++++++++++-------
|
||||
libc/bionic/malloc_common.cpp | 5 ++++
|
||||
2 files changed, 41 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/libc/Android.bp b/libc/Android.bp
|
||||
index c339b0451..6b3066e07 100644
|
||||
--- a/libc/Android.bp
|
||||
+++ b/libc/Android.bp
|
||||
@@ -48,6 +48,8 @@ libc_common_flags = [
|
||||
"-Werror=int-to-pointer-cast",
|
||||
"-Werror=type-limits",
|
||||
"-Werror",
|
||||
+
|
||||
+ "-DH_MALLOC_PREFIX",
|
||||
]
|
||||
|
||||
// Define some common cflags
|
||||
@@ -61,9 +63,17 @@ cc_defaults {
|
||||
cppflags: [],
|
||||
include_dirs: [
|
||||
"bionic/libc/async_safe/include",
|
||||
- "external/jemalloc/include",
|
||||
],
|
||||
|
||||
+ multilib: {
|
||||
+ lib32: {
|
||||
+ include_dirs: ["external/jemalloc/include"],
|
||||
+ },
|
||||
+ lib64: {
|
||||
+ include_dirs: ["external/hardened_malloc/"],
|
||||
+ },
|
||||
+ },
|
||||
+
|
||||
stl: "none",
|
||||
system_shared_libs: [],
|
||||
sanitize: {
|
||||
@@ -1641,11 +1651,6 @@ cc_library_static {
|
||||
name: "libc_ndk",
|
||||
defaults: ["libc_defaults"],
|
||||
srcs: libc_common_src_files + ["bionic/malloc_common.cpp"],
|
||||
- multilib: {
|
||||
- lib32: {
|
||||
- srcs: libc_common_src_files_32,
|
||||
- },
|
||||
- },
|
||||
arch: {
|
||||
arm: {
|
||||
srcs: [
|
||||
@@ -1676,9 +1681,18 @@ cc_library_static {
|
||||
"libc_syscalls",
|
||||
"libc_tzcode",
|
||||
"libm",
|
||||
- "libjemalloc",
|
||||
"libstdc++",
|
||||
],
|
||||
+
|
||||
+ multilib: {
|
||||
+ lib32: {
|
||||
+ srcs: libc_common_src_files_32,
|
||||
+ whole_static_libs: ["libjemalloc"],
|
||||
+ },
|
||||
+ lib64: {
|
||||
+ whole_static_libs: ["libhardened_malloc"],
|
||||
+ },
|
||||
+ },
|
||||
}
|
||||
|
||||
// ========================================================
|
||||
@@ -1755,7 +1769,11 @@ cc_library_static {
|
||||
// ========================================================
|
||||
cc_library_static {
|
||||
defaults: ["libc_defaults"],
|
||||
- srcs: ["bionic/jemalloc_wrapper.cpp"],
|
||||
+ multilib: {
|
||||
+ lib32: {
|
||||
+ srcs: ["bionic/jemalloc_wrapper.cpp"],
|
||||
+ },
|
||||
+ },
|
||||
cflags: ["-fvisibility=hidden"],
|
||||
|
||||
name: "libc_malloc",
|
||||
@@ -1814,7 +1832,16 @@ cc_library {
|
||||
// you wanted!
|
||||
|
||||
shared_libs: ["libdl"],
|
||||
- whole_static_libs: ["libc_common", "libjemalloc"],
|
||||
+ whole_static_libs: ["libc_common"],
|
||||
+
|
||||
+ multilib: {
|
||||
+ lib32: {
|
||||
+ whole_static_libs: ["libjemalloc"],
|
||||
+ },
|
||||
+ lib64: {
|
||||
+ whole_static_libs: ["libhardened_malloc"],
|
||||
+ },
|
||||
+ },
|
||||
|
||||
nocrt: true,
|
||||
|
||||
diff --git a/libc/bionic/malloc_common.cpp b/libc/bionic/malloc_common.cpp
|
||||
index 1f201d1ca..06f85b40d 100644
|
||||
--- a/libc/bionic/malloc_common.cpp
|
||||
+++ b/libc/bionic/malloc_common.cpp
|
||||
@@ -46,8 +46,13 @@
|
||||
#include <private/bionic_globals.h>
|
||||
#include <private/bionic_malloc_dispatch.h>
|
||||
|
||||
+#ifdef __LP64__
|
||||
+#include "h_malloc.h"
|
||||
+#define Malloc(function) h_ ## function
|
||||
+#else
|
||||
#include "jemalloc.h"
|
||||
#define Malloc(function) je_ ## function
|
||||
+#endif
|
||||
|
||||
static constexpr MallocDispatch __libc_malloc_default_dispatch
|
||||
__attribute__((unused)) = {
|
||||
--
|
||||
2.20.1
|
||||
|
@ -97,8 +97,6 @@ patchWorkspace() {
|
||||
repopick -it n_asb_09-2018-qcom; #TODO: move in tree
|
||||
#repopick -it bt-sbc-hd-dualchannel-nougat;
|
||||
|
||||
export DOS_GRAPHENE_MALLOC=false; #patches apply, compile fails
|
||||
|
||||
source "$DOS_SCRIPTS/Patch.sh";
|
||||
source "$DOS_SCRIPTS_COMMON/Copy_Keys.sh";
|
||||
source "$DOS_SCRIPTS/Defaults.sh";
|
||||
|
@ -59,9 +59,6 @@ gpgVerifyDirectory "$DOS_PREBUILT_APPS""android_vendor_FDroid_PrebuiltApps/packa
|
||||
cp -r "$DOS_PREBUILT_APPS""android_vendor_FDroid_PrebuiltApps/." "$DOS_BUILD_BASE""vendor/fdroid_prebuilt/"; #Add the prebuilt apps
|
||||
cp -r "$DOS_PATCHES_COMMON""android_vendor_divested/." "$DOS_BUILD_BASE""vendor/divested/"; #Add our vendor files
|
||||
|
||||
enterAndClear "bionic";
|
||||
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_bionic/0001-HM-Use_HM.patch"; fi; #(GrapheneOS)
|
||||
|
||||
enterAndClear "bootable/recovery";
|
||||
git revert --no-edit 3c0d796b79c7a1ee904e0cef7c0f2e20bf84c237; #remove sideload cache, breaks with large files
|
||||
patch -p1 < "$DOS_PATCHES/android_bootable_recovery/0001-Squash_Menus.patch"; #What's a back button?
|
||||
@ -84,7 +81,6 @@ patch -p1 < "$DOS_PATCHES/android_external_sqlite/0001-Secure_Delete.patch"; #En
|
||||
|
||||
enterAndClear "frameworks/av";
|
||||
patch -p1 < "$DOS_PATCHES/android_frameworks_av/212799.patch"; #FLAC extractor CVE-2017-0592. alt: 212827/174106
|
||||
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch"; fi; #(GrapheneOS)
|
||||
|
||||
enterAndClear "frameworks/base";
|
||||
hardenLocationFWB "$DOS_BUILD_BASE";
|
||||
@ -204,7 +200,6 @@ sed -i 's/!= 2048/< 2048/' libmincrypt/tools/DumpPublicKey.java; #Allow 4096-bit
|
||||
if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file
|
||||
git revert --no-edit 0217dddeb5c16903c13ff6c75213619b79ea622b d7aa1231b6a0631f506c0c23816f2cd81645b15f; #Always update recovery XXX: This doesn't seem to work
|
||||
patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden.patch"; #Harden mounts with nodev/noexec/nosuid + misc sysfs changes (GrapheneOS)
|
||||
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_system_core/0001-HM-Increase_vm_mmc.patch"; fi; #(GrapheneOS)
|
||||
|
||||
enterAndClear "system/sepolicy";
|
||||
patch -p1 < "$DOS_PATCHES/android_system_sepolicy/248600.patch"; #restrict access to timing information in /proc
|
||||
|
@ -91,8 +91,6 @@ patchWorkspace() {
|
||||
|
||||
#source build/envsetup.sh;
|
||||
|
||||
export DOS_GRAPHENE_MALLOC=false; #patches apply, compile fails
|
||||
|
||||
source "$DOS_SCRIPTS/Patch.sh";
|
||||
source "$DOS_SCRIPTS_COMMON/Copy_Keys.sh";
|
||||
source "$DOS_SCRIPTS/Defaults.sh";
|
||||
|
@ -56,9 +56,6 @@ gpgVerifyDirectory "$DOS_PREBUILT_APPS""android_vendor_FDroid_PrebuiltApps/packa
|
||||
cp -r "$DOS_PREBUILT_APPS""android_vendor_FDroid_PrebuiltApps/." "$DOS_BUILD_BASE""vendor/fdroid_prebuilt/"; #Add the prebuilt apps
|
||||
cp -r "$DOS_PATCHES_COMMON""android_vendor_divested/." "$DOS_BUILD_BASE""vendor/divested/"; #Add our vendor files
|
||||
|
||||
enterAndClear "bionic";
|
||||
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_bionic/0001-HM-Use_HM.patch"; fi; #(GrapheneOS)
|
||||
|
||||
enterAndClear "bootable/recovery";
|
||||
git revert --no-edit eb98fde70a6e54a25408eb8c626caecf7841c5df; #remove sideload cache, breaks with large files
|
||||
git revert --no-edit ac258a4f4c4b4b91640cc477ad1ac125f206db02; #Resurrect dm-verity
|
||||
@ -84,9 +81,6 @@ git pull "https://github.com/LineageOS/android_external_chromium-webview" refs/c
|
||||
enterAndClear "external/svox";
|
||||
git revert --no-edit 1419d63b4889a26d22443fd8df1f9073bf229d3d; #Add back Makefiles
|
||||
|
||||
enterAndClear "frameworks/av";
|
||||
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch"; fi; #(GrapheneOS)
|
||||
|
||||
enterAndClear "frameworks/base";
|
||||
hardenLocationFWB "$DOS_BUILD_BASE";
|
||||
sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox
|
||||
@ -193,7 +187,6 @@ enterAndClear "system/core";
|
||||
if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file
|
||||
git revert --no-edit a6a4ce8e9a6d63014047a447c6bb3ac1fa90b3f4; #Always update recovery
|
||||
patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden.patch"; #Harden mounts with nodev/noexec/nosuid + misc sysfs changes (GrapheneOS)
|
||||
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_system_core/0001-HM-Increase_vm_mmc.patch"; fi; #(GrapheneOS)
|
||||
|
||||
enterAndClear "system/sepolicy";
|
||||
patch -p1 < "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch"; #Fix -user builds for LGE devices
|
||||
|
Loading…
Reference in New Issue
Block a user