From c23646ebd5fa050cab4119e24d2296c5d8cbf23d Mon Sep 17 00:00:00 2001 From: Tad Date: Sat, 20 Mar 2021 16:37:15 -0400 Subject: [PATCH] More cleanup --- Manifests/Manifest_LAOS-14.1.xml | 6 - Manifests/Manifest_LAOS-15.1.xml | 12 -- Manifests/Manifest_LAOS-16.0.xml | 12 +- Manifests/Manifest_LAOS-17.1.xml | 14 +- .../android_bionic/0001-HM-Use_HM.patch | 129 ------------------ .../0001-HM-No_RLIMIT_AS.patch | 36 ----- .../android_bionic/0001-HM-Use_HM.patch | 126 ----------------- Scripts/LineageOS-14.1/Functions.sh | 2 - Scripts/LineageOS-14.1/Patch.sh | 5 - Scripts/LineageOS-15.1/Functions.sh | 2 - Scripts/LineageOS-15.1/Patch.sh | 7 - 11 files changed, 3 insertions(+), 348 deletions(-) delete mode 100644 Patches/LineageOS-14.1/android_bionic/0001-HM-Use_HM.patch delete mode 100644 Patches/LineageOS-14.1/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch delete mode 100644 Patches/LineageOS-15.1/android_bionic/0001-HM-Use_HM.patch diff --git a/Manifests/Manifest_LAOS-14.1.xml b/Manifests/Manifest_LAOS-14.1.xml index 9c700fc8..9cff7f8d 100644 --- a/Manifests/Manifest_LAOS-14.1.xml +++ b/Manifests/Manifest_LAOS-14.1.xml @@ -63,12 +63,6 @@ - - - - - diff --git a/Manifests/Manifest_LAOS-15.1.xml b/Manifests/Manifest_LAOS-15.1.xml index adfec7a3..260eafca 100644 --- a/Manifests/Manifest_LAOS-15.1.xml +++ b/Manifests/Manifest_LAOS-15.1.xml @@ -67,18 +67,6 @@ --> - - - - - - - - - diff --git a/Manifests/Manifest_LAOS-16.0.xml b/Manifests/Manifest_LAOS-16.0.xml index 4098d207..9f123761 100644 --- a/Manifests/Manifest_LAOS-16.0.xml +++ b/Manifests/Manifest_LAOS-16.0.xml @@ -66,21 +66,11 @@ - - - - - - - - + diff --git a/Manifests/Manifest_LAOS-17.1.xml b/Manifests/Manifest_LAOS-17.1.xml index 19507c44..2782e7d7 100644 --- a/Manifests/Manifest_LAOS-17.1.xml +++ b/Manifests/Manifest_LAOS-17.1.xml @@ -64,21 +64,11 @@ - - - - - - - - + @@ -90,7 +80,7 @@ - + diff --git a/Patches/LineageOS-14.1/android_bionic/0001-HM-Use_HM.patch b/Patches/LineageOS-14.1/android_bionic/0001-HM-Use_HM.patch deleted file mode 100644 index 42da086e..00000000 --- a/Patches/LineageOS-14.1/android_bionic/0001-HM-Use_HM.patch +++ /dev/null @@ -1,129 +0,0 @@ -From f6ce62a62d47d3f8469ef6aa4749e07e644de5d0 Mon Sep 17 00:00:00 2001 -From: Daniel Micay -Date: Wed, 5 Dec 2018 01:51:56 -0500 -Subject: [PATCH] add hardened_malloc library - ---- - libc/Android.bp | 48 ++++++++++++++++++++++++++++------- - libc/bionic/malloc_common.cpp | 5 ++++ - 2 files changed, 44 insertions(+), 9 deletions(-) - -diff --git a/libc/Android.bp b/libc/Android.bp -index c92acf70b..877ff7f4f 100644 ---- a/libc/Android.bp -+++ b/libc/Android.bp -@@ -83,6 +83,8 @@ cc_defaults { - "-Werror=int-to-pointer-cast", - "-Werror=type-limits", - "-Werror", -+ -+ "-DH_MALLOC_PREFIX", - ], - // TODO: split out the asflags. - asflags: [ -@@ -96,10 +98,21 @@ cc_defaults { - "-Werror=int-to-pointer-cast", - "-Werror=type-limits", - "-Werror", -+ -+ "-DH_MALLOC_PREFIX", - ], - conlyflags: ["-std=gnu99"], - cppflags: [], -- include_dirs: ["external/jemalloc/include"], -+ include_dirs: [], -+ -+ multilib: { -+ lib32: { -+ include_dirs: ["external/jemalloc/include"], -+ }, -+ lib64: { -+ include_dirs: ["external/hardened_malloc/"], -+ }, -+ }, - - arch: { - // Clang/llvm has incompatible long double (fp128) for x86_64. -@@ -1601,11 +1614,6 @@ cc_library_static { - name: "libc_ndk", - defaults: ["libc_defaults"], - srcs: libc_common_src_files + ["bionic/malloc_common.cpp"], -- multilib: { -- lib32: { -- srcs: libc_common_src_files_32, -- }, -- }, - arch: { - arm: { - srcs: [ -@@ -1635,8 +1643,17 @@ cc_library_static { - "libc_syscalls", - "libc_tzcode", - "libm", -- "libjemalloc", - ], -+ -+ multilib: { -+ lib32: { -+ srcs: libc_common_src_files_32, -+ whole_static_libs: ["libjemalloc"], -+ }, -+ lib64: { -+ whole_static_libs: ["libhardened_malloc"], -+ }, -+ }, - } - - // ======================================================== -@@ -1714,7 +1731,11 @@ cc_library_static { - // ======================================================== - cc_library_static { - defaults: ["libc_defaults"], -- srcs: ["bionic/jemalloc_wrapper.cpp"], -+ multilib: { -+ lib32: { -+ srcs: ["bionic/jemalloc_wrapper.cpp"], -+ }, -+ }, - cflags: ["-fvisibility=hidden"], - - name: "libc_malloc", -@@ -1765,7 +1786,16 @@ cc_library { - // you wanted! - - shared_libs: ["libdl"], -- whole_static_libs: ["libc_common", "libjemalloc"], -+ whole_static_libs: ["libc_common"], -+ -+ multilib: { -+ lib32: { -+ whole_static_libs: ["libjemalloc"], -+ }, -+ lib64: { -+ whole_static_libs: ["libhardened_malloc"], -+ }, -+ }, - - // We'd really like to do this for all architectures, but since this wasn't done - // before, these symbols must continue to be exported on LP32 for binary -diff --git a/libc/bionic/malloc_common.cpp b/libc/bionic/malloc_common.cpp -index e05061917..af544f3e1 100644 ---- a/libc/bionic/malloc_common.cpp -+++ b/libc/bionic/malloc_common.cpp -@@ -46,8 +46,13 @@ - #include - #include - -+#ifdef __LP64__ -+#include "h_malloc.h" -+#define Malloc(function) h_ ## function -+#else - #include "jemalloc.h" - #define Malloc(function) je_ ## function -+#endif - - static constexpr MallocDispatch __libc_malloc_default_dispatch - __attribute__((unused)) = { --- -2.20.1 - diff --git a/Patches/LineageOS-14.1/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch b/Patches/LineageOS-14.1/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch deleted file mode 100644 index b8e271d3..00000000 --- a/Patches/LineageOS-14.1/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 0896379253e9f87f6bdf19147068b800d0a7ef76 Mon Sep 17 00:00:00 2001 -From: Daniel Micay -Date: Wed, 5 Dec 2018 09:29:25 -0500 -Subject: [PATCH] avoid setting RLIMIT_AS with hardened malloc - -This needs to be ported to a better mechanism like memory control groups -in order to remain compatible with hardening mechanisms based on large -PROT_NONE address space reservations. - -Change-Id: Ibfb7164d764fcb9244055953bedc9a1c424cedcb ---- - media/libmedia/MediaUtils.cpp | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/media/libmedia/MediaUtils.cpp b/media/libmedia/MediaUtils.cpp -index a02ca65a7..bb93e3d27 100644 ---- a/media/libmedia/MediaUtils.cpp -+++ b/media/libmedia/MediaUtils.cpp -@@ -31,6 +31,14 @@ void limitProcessMemory( - size_t numberOfBytes, - size_t percentageOfTotalMem) { - -+#ifdef __LP64__ -+ // This needs to be ported to a better mechanism like memory control groups -+ // in order to remain compatible with hardening mechanisms based on large -+ // PROT_NONE address space reservations. -+ ALOGW("Running with hardened malloc implementation, skip enforcing memory limitations."); -+ return; -+#endif -+ - long pageSize = sysconf(_SC_PAGESIZE); - long numPages = sysconf(_SC_PHYS_PAGES); - size_t maxMem = SIZE_MAX; --- -2.20.1 - diff --git a/Patches/LineageOS-15.1/android_bionic/0001-HM-Use_HM.patch b/Patches/LineageOS-15.1/android_bionic/0001-HM-Use_HM.patch deleted file mode 100644 index 9fd999cf..00000000 --- a/Patches/LineageOS-15.1/android_bionic/0001-HM-Use_HM.patch +++ /dev/null @@ -1,126 +0,0 @@ -From 2fbd005f1c87938133f94b574b96caa5dbd8f3fd Mon Sep 17 00:00:00 2001 -From: Daniel Micay -Date: Wed, 5 Dec 2018 01:51:56 -0500 -Subject: [PATCH] add hardened_malloc library - ---- - libc/Android.bp | 45 ++++++++++++++++++++++++++++------- - libc/bionic/malloc_common.cpp | 5 ++++ - 2 files changed, 41 insertions(+), 9 deletions(-) - -diff --git a/libc/Android.bp b/libc/Android.bp -index c339b0451..6b3066e07 100644 ---- a/libc/Android.bp -+++ b/libc/Android.bp -@@ -48,6 +48,8 @@ libc_common_flags = [ - "-Werror=int-to-pointer-cast", - "-Werror=type-limits", - "-Werror", -+ -+ "-DH_MALLOC_PREFIX", - ] - - // Define some common cflags -@@ -61,9 +63,17 @@ cc_defaults { - cppflags: [], - include_dirs: [ - "bionic/libc/async_safe/include", -- "external/jemalloc/include", - ], - -+ multilib: { -+ lib32: { -+ include_dirs: ["external/jemalloc/include"], -+ }, -+ lib64: { -+ include_dirs: ["external/hardened_malloc/"], -+ }, -+ }, -+ - stl: "none", - system_shared_libs: [], - sanitize: { -@@ -1641,11 +1651,6 @@ cc_library_static { - name: "libc_ndk", - defaults: ["libc_defaults"], - srcs: libc_common_src_files + ["bionic/malloc_common.cpp"], -- multilib: { -- lib32: { -- srcs: libc_common_src_files_32, -- }, -- }, - arch: { - arm: { - srcs: [ -@@ -1676,9 +1681,18 @@ cc_library_static { - "libc_syscalls", - "libc_tzcode", - "libm", -- "libjemalloc", - "libstdc++", - ], -+ -+ multilib: { -+ lib32: { -+ srcs: libc_common_src_files_32, -+ whole_static_libs: ["libjemalloc"], -+ }, -+ lib64: { -+ whole_static_libs: ["libhardened_malloc"], -+ }, -+ }, - } - - // ======================================================== -@@ -1755,7 +1769,11 @@ cc_library_static { - // ======================================================== - cc_library_static { - defaults: ["libc_defaults"], -- srcs: ["bionic/jemalloc_wrapper.cpp"], -+ multilib: { -+ lib32: { -+ srcs: ["bionic/jemalloc_wrapper.cpp"], -+ }, -+ }, - cflags: ["-fvisibility=hidden"], - - name: "libc_malloc", -@@ -1814,7 +1832,16 @@ cc_library { - // you wanted! - - shared_libs: ["libdl"], -- whole_static_libs: ["libc_common", "libjemalloc"], -+ whole_static_libs: ["libc_common"], -+ -+ multilib: { -+ lib32: { -+ whole_static_libs: ["libjemalloc"], -+ }, -+ lib64: { -+ whole_static_libs: ["libhardened_malloc"], -+ }, -+ }, - - nocrt: true, - -diff --git a/libc/bionic/malloc_common.cpp b/libc/bionic/malloc_common.cpp -index 1f201d1ca..06f85b40d 100644 ---- a/libc/bionic/malloc_common.cpp -+++ b/libc/bionic/malloc_common.cpp -@@ -46,8 +46,13 @@ - #include - #include - -+#ifdef __LP64__ -+#include "h_malloc.h" -+#define Malloc(function) h_ ## function -+#else - #include "jemalloc.h" - #define Malloc(function) je_ ## function -+#endif - - static constexpr MallocDispatch __libc_malloc_default_dispatch - __attribute__((unused)) = { --- -2.20.1 - diff --git a/Scripts/LineageOS-14.1/Functions.sh b/Scripts/LineageOS-14.1/Functions.sh index 7ebee063..3403abc9 100644 --- a/Scripts/LineageOS-14.1/Functions.sh +++ b/Scripts/LineageOS-14.1/Functions.sh @@ -97,8 +97,6 @@ patchWorkspace() { repopick -it n_asb_09-2018-qcom; #TODO: move in tree #repopick -it bt-sbc-hd-dualchannel-nougat; - export DOS_GRAPHENE_MALLOC=false; #patches apply, compile fails - source "$DOS_SCRIPTS/Patch.sh"; source "$DOS_SCRIPTS_COMMON/Copy_Keys.sh"; source "$DOS_SCRIPTS/Defaults.sh"; diff --git a/Scripts/LineageOS-14.1/Patch.sh b/Scripts/LineageOS-14.1/Patch.sh index 2310b049..0870dc14 100644 --- a/Scripts/LineageOS-14.1/Patch.sh +++ b/Scripts/LineageOS-14.1/Patch.sh @@ -59,9 +59,6 @@ gpgVerifyDirectory "$DOS_PREBUILT_APPS""android_vendor_FDroid_PrebuiltApps/packa cp -r "$DOS_PREBUILT_APPS""android_vendor_FDroid_PrebuiltApps/." "$DOS_BUILD_BASE""vendor/fdroid_prebuilt/"; #Add the prebuilt apps cp -r "$DOS_PATCHES_COMMON""android_vendor_divested/." "$DOS_BUILD_BASE""vendor/divested/"; #Add our vendor files -enterAndClear "bionic"; -if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_bionic/0001-HM-Use_HM.patch"; fi; #(GrapheneOS) - enterAndClear "bootable/recovery"; git revert --no-edit 3c0d796b79c7a1ee904e0cef7c0f2e20bf84c237; #remove sideload cache, breaks with large files patch -p1 < "$DOS_PATCHES/android_bootable_recovery/0001-Squash_Menus.patch"; #What's a back button? @@ -84,7 +81,6 @@ patch -p1 < "$DOS_PATCHES/android_external_sqlite/0001-Secure_Delete.patch"; #En enterAndClear "frameworks/av"; patch -p1 < "$DOS_PATCHES/android_frameworks_av/212799.patch"; #FLAC extractor CVE-2017-0592. alt: 212827/174106 -if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch"; fi; #(GrapheneOS) enterAndClear "frameworks/base"; hardenLocationFWB "$DOS_BUILD_BASE"; @@ -204,7 +200,6 @@ sed -i 's/!= 2048/< 2048/' libmincrypt/tools/DumpPublicKey.java; #Allow 4096-bit if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file git revert --no-edit 0217dddeb5c16903c13ff6c75213619b79ea622b d7aa1231b6a0631f506c0c23816f2cd81645b15f; #Always update recovery XXX: This doesn't seem to work patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden.patch"; #Harden mounts with nodev/noexec/nosuid + misc sysfs changes (GrapheneOS) -if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_system_core/0001-HM-Increase_vm_mmc.patch"; fi; #(GrapheneOS) enterAndClear "system/sepolicy"; patch -p1 < "$DOS_PATCHES/android_system_sepolicy/248600.patch"; #restrict access to timing information in /proc diff --git a/Scripts/LineageOS-15.1/Functions.sh b/Scripts/LineageOS-15.1/Functions.sh index 922657b3..c1a0ead2 100644 --- a/Scripts/LineageOS-15.1/Functions.sh +++ b/Scripts/LineageOS-15.1/Functions.sh @@ -91,8 +91,6 @@ patchWorkspace() { #source build/envsetup.sh; - export DOS_GRAPHENE_MALLOC=false; #patches apply, compile fails - source "$DOS_SCRIPTS/Patch.sh"; source "$DOS_SCRIPTS_COMMON/Copy_Keys.sh"; source "$DOS_SCRIPTS/Defaults.sh"; diff --git a/Scripts/LineageOS-15.1/Patch.sh b/Scripts/LineageOS-15.1/Patch.sh index 0d0a0f3e..56f19080 100644 --- a/Scripts/LineageOS-15.1/Patch.sh +++ b/Scripts/LineageOS-15.1/Patch.sh @@ -56,9 +56,6 @@ gpgVerifyDirectory "$DOS_PREBUILT_APPS""android_vendor_FDroid_PrebuiltApps/packa cp -r "$DOS_PREBUILT_APPS""android_vendor_FDroid_PrebuiltApps/." "$DOS_BUILD_BASE""vendor/fdroid_prebuilt/"; #Add the prebuilt apps cp -r "$DOS_PATCHES_COMMON""android_vendor_divested/." "$DOS_BUILD_BASE""vendor/divested/"; #Add our vendor files -enterAndClear "bionic"; -if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_bionic/0001-HM-Use_HM.patch"; fi; #(GrapheneOS) - enterAndClear "bootable/recovery"; git revert --no-edit eb98fde70a6e54a25408eb8c626caecf7841c5df; #remove sideload cache, breaks with large files git revert --no-edit ac258a4f4c4b4b91640cc477ad1ac125f206db02; #Resurrect dm-verity @@ -84,9 +81,6 @@ git pull "https://github.com/LineageOS/android_external_chromium-webview" refs/c enterAndClear "external/svox"; git revert --no-edit 1419d63b4889a26d22443fd8df1f9073bf229d3d; #Add back Makefiles -enterAndClear "frameworks/av"; -if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch"; fi; #(GrapheneOS) - enterAndClear "frameworks/base"; hardenLocationFWB "$DOS_BUILD_BASE"; sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox @@ -193,7 +187,6 @@ enterAndClear "system/core"; if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file git revert --no-edit a6a4ce8e9a6d63014047a447c6bb3ac1fa90b3f4; #Always update recovery patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden.patch"; #Harden mounts with nodev/noexec/nosuid + misc sysfs changes (GrapheneOS) -if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_system_core/0001-HM-Increase_vm_mmc.patch"; fi; #(GrapheneOS) enterAndClear "system/sepolicy"; patch -p1 < "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch"; #Fix -user builds for LGE devices