Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2025-01-11 23:49:34 -05:00
Code Issues Packages Projects Releases Wiki Activity

FIX

Browse Source 
Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
Tad 2022-04-06 16:12:16 -04:00
parent 18c840222b
commit c5477f31dc
2 changed files with 20 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
Scripts/Common/Enable_Verity.sh
View File

@ -25,7 +25,7 @@ enableVerity() {
if [ -d "$DOS_BUILD_BASE/$1" ]; then
cd "$DOS_BUILD_BASE/$1";
#TODO: skip if recoveryonly is set?
sed -i '/\/system/{/verify/!s|wait|wait,verify|}' fstab.* root/fstab.* rootdir/fstab.* rootdir/*/fstab.* &>/dev/null || true;
sed -i '/\/system/{/verify/!s|wait|wait,verify|}' *fstab* */*fstab* */*/*fstab* &>/dev/null || true;
cd "$DOS_BUILD_BASE";
echo "Enabled verity for $1";
fi;
@ -35,18 +35,21 @@ export -f enableVerity;
enableAVB() {
if [ -d "$DOS_BUILD_BASE/$1" ]; then
cd "$DOS_BUILD_BASE/$1";
awk -i inplace '!/AVB_MAKE_VBMETA_IMAGE_ARGS += --set_hashtree_disabled_flag/' *.mk &>/dev/null || true;
awk -i inplace '!/AVB_MAKE_VBMETA_IMAGE_ARGS += --flag/' *.mk &>/dev/null || true;
awk -i inplace '!/AVB_MAKE_VBMETA_IMAGE_ARGS \+= --set_hashtree_disabled_flag/' *.mk &>/dev/null || true;
awk -i inplace '!/AVB_MAKE_VBMETA_IMAGE_ARGS \+= --flag/' *.mk &>/dev/null || true;
#Disable chaining
awk -i inplace '!/BOARD_AVB_VBMETA_SYSTEM/' *.mk &>/dev/null || true;
awk -i inplace '!/BOARD_AVB_BOOT/' *.mk &>/dev/null || true;
awk -i inplace '!/BOARD_AVB_RECOVERY/' *.mk &>/dev/null || true;
awk -i inplace '!/vbmeta_system \\/' *.mk &>/dev/null || true;
sed -i 's/vbmeta_system//' *.mk &>/dev/null || true;
sed -i '/\/system /{s|avb=vbmeta_system|avb=vbmeta|}' fstab.* root/fstab.* rootdir/fstab.* rootdir/*/fstab.* &>/dev/null || true;
sed -i '/\/system_ext/{s|avb=vbmeta_system|avb|}' fstab.* root/fstab.* rootdir/fstab.* rootdir/*/fstab.* &>/dev/null || true;
sed -i '/\/system_ext/{s|avb=vbmeta|avb|}' fstab.* root/fstab.* rootdir/fstab.* rootdir/*/fstab.* &>/dev/null || true;
sed -i '/\/vendor/{s|avb=vbmeta_system|avb|}' fstab.* root/fstab.* rootdir/fstab.* rootdir/*/fstab.* &>/dev/null || true;
sed -i '/\/vendor/{s|avb=vbmeta|avb|}' fstab.* root/fstab.* rootdir/fstab.* rootdir/*/fstab.* &>/dev/null || true;
sed -i '/\/system /{s|avb=vbmeta_system|avb=vbmeta|}' *fstab* */*fstab* */*/*fstab* &>/dev/null || true;
sed -i '/\/system_ext/{s|avb=vbmeta_system|avb|}' *fstab* */*fstab* */*/*fstab* &>/dev/null || true;
sed -i '/\/system_ext/{s|avb=vbmeta|avb|}' *fstab* */*fstab* */*/*fstab* &>/dev/null || true;
sed -i '/\/vendor/{s|avb=vbmeta_system|avb|}' *fstab* */*fstab* */*/*fstab* &>/dev/null || true;
sed -i '/\/vendor/{s|avb=vbmeta|avb|}' *fstab* */*fstab* */*/*fstab* &>/dev/null || true;
sed -i '/\/product/{s|avb=vbmeta_system|avb|}' *fstab* */*fstab* */*/*fstab* &>/dev/null || true;
sed -i '/\/product/{s|avb=vbmeta|avb|}' *fstab* */*fstab* */*/*fstab* &>/dev/null || true;
echo "Enabled AVB for $1";
cd "$DOS_BUILD_BASE";
fi;

18
Scripts/Common/Functions.sh
View File

@ -309,7 +309,7 @@ processRelease() {
#OTA
echo -e "\e[0;32mCreating OTA\e[0m";
"$RELEASETOOLS_PREFIX"ota_from_target_files $BLOCK_SWITCHES -k "$KEY_DIR/releasekey" \
"$OUT_DIR/$PREFIX-target_files.zip" \
"$OUT_DIR/$PREFIX-target_files.zip" \
"$OUT_DIR/$PREFIX-ota.zip";
md5sum "$OUT_DIR/$PREFIX-ota.zip" > "$OUT_DIR/$PREFIX-ota.zip.md5sum";
sha512sum "$OUT_DIR/$PREFIX-ota.zip" > "$OUT_DIR/$PREFIX-ota.zip.sha512sum";
@ -464,13 +464,13 @@ deblobAudio() {
export -f deblobAudio;
imsAllowDiag() {
find device -name "ims.te" -type f -exec sh -c "echo 'diag_use(ims)' >> {}" \;
find device -name "hal_imsrtp.te" -type f -exec sh -c "echo 'diag_use(hal_imsrtp)' >> {}" \;
find device -name "ims.te" -type f -exec sh -c "echo 'diag_use(ims)' >> {}" \;
find device -name "hal_imsrtp.te" -type f -exec sh -c "echo 'diag_use(hal_imsrtp)' >> {}" \;
}
export -f imsAllowDiag;
extremeWiFiDeepSleep() {
sed -i 's/gEnablePowerSaveOffload=2/gEnablePowerSaveOffload=4/' $1;
sed -i 's/gEnablePowerSaveOffload=2/gEnablePowerSaveOffload=4/' $1;
echo "Enabled extreme Wi-Fi deep sleep for $1";
}
export -f extremeWiFiDeepSleep;
@ -560,7 +560,7 @@ export -f hardenLocationFWB;
enableZram() {
cd "$DOS_BUILD_BASE$1";
sed -i 's|#/dev/block/zram0|/dev/block/zram0|' fstab.* root/fstab.* rootdir/fstab.* rootdir/*/fstab.* &>/dev/null || true;
sed -i 's|#/dev/block/zram0|/dev/block/zram0|' *fstab* */*fstab* */*/*fstab* &>/dev/null || true;
echo "Enabled zram for $1";
cd "$DOS_BUILD_BASE";
}
@ -569,16 +569,16 @@ export -f enableZram;
hardenUserdata() {
cd "$DOS_BUILD_BASE$1";
#awk -i inplace '!/f2fs/' fstab.* root/fstab.* rootdir/fstab.* rootdir/*/fstab.* &>/dev/null || true;
#awk -i inplace '!/f2fs/' *fstab* */*fstab* */*/*fstab* &>/dev/null || true;
#Remove latemount to allow selinux contexts be restored upon /cache wipe
#Fixes broken OTA updater and broken /recovery updater
sed -i '/\/cache/s|latemount,||' fstab.* root/fstab.* rootdir/fstab.* rootdir/*/fstab.* &>/dev/null || true;
sed -i '/\/cache/s|latemount,||' *fstab* */*fstab* */*/*fstab* &>/dev/null || true;
#TODO: Ensure: noatime,nosuid,nodev
sed -i '/\/data/{/discard/!s|nosuid|discard,nosuid|}' fstab.* root/fstab.* rootdir/fstab.* rootdir/*/fstab.* &>/dev/null || true;
sed -i '/\/data/{/discard/!s|nosuid|discard,nosuid|}' *fstab* */*fstab* */*/*fstab* &>/dev/null || true;
if [ "$1" != "device/samsung/tuna" ] && [ "$1" != "device/amazon/hdx-common" ]; then #tuna needs first boot to init, hdx-c has broken encryption
sed -i 's|encryptable=/|forceencrypt=/|' fstab.* root/fstab.* rootdir/fstab.* rootdir/*/fstab.* &>/dev/null || true;
sed -i 's|encryptable=/|forceencrypt=/|' *fstab* */*fstab* */*/*fstab* &>/dev/null || true;
fi;
echo "Hardened /data for $1";
cd "$DOS_BUILD_BASE";