From c5477f31dc183d3378c36065e53fb3a5f4e8f359 Mon Sep 17 00:00:00 2001 From: Tad Date: Wed, 6 Apr 2022 16:12:16 -0400 Subject: [PATCH] FIX Signed-off-by: Tad --- Scripts/Common/Enable_Verity.sh | 19 +++++++++++-------- Scripts/Common/Functions.sh | 18 +++++++++--------- 2 files changed, 20 insertions(+), 17 deletions(-) diff --git a/Scripts/Common/Enable_Verity.sh b/Scripts/Common/Enable_Verity.sh index aa9ca293..36c5379a 100644 --- a/Scripts/Common/Enable_Verity.sh +++ b/Scripts/Common/Enable_Verity.sh @@ -25,7 +25,7 @@ enableVerity() { if [ -d "$DOS_BUILD_BASE/$1" ]; then cd "$DOS_BUILD_BASE/$1"; #TODO: skip if recoveryonly is set? - sed -i '/\/system/{/verify/!s|wait|wait,verify|}' fstab.* root/fstab.* rootdir/fstab.* rootdir/*/fstab.* &>/dev/null || true; + sed -i '/\/system/{/verify/!s|wait|wait,verify|}' *fstab* */*fstab* */*/*fstab* &>/dev/null || true; cd "$DOS_BUILD_BASE"; echo "Enabled verity for $1"; fi; @@ -35,18 +35,21 @@ export -f enableVerity; enableAVB() { if [ -d "$DOS_BUILD_BASE/$1" ]; then cd "$DOS_BUILD_BASE/$1"; - awk -i inplace '!/AVB_MAKE_VBMETA_IMAGE_ARGS += --set_hashtree_disabled_flag/' *.mk &>/dev/null || true; - awk -i inplace '!/AVB_MAKE_VBMETA_IMAGE_ARGS += --flag/' *.mk &>/dev/null || true; + awk -i inplace '!/AVB_MAKE_VBMETA_IMAGE_ARGS \+= --set_hashtree_disabled_flag/' *.mk &>/dev/null || true; + awk -i inplace '!/AVB_MAKE_VBMETA_IMAGE_ARGS \+= --flag/' *.mk &>/dev/null || true; #Disable chaining awk -i inplace '!/BOARD_AVB_VBMETA_SYSTEM/' *.mk &>/dev/null || true; awk -i inplace '!/BOARD_AVB_BOOT/' *.mk &>/dev/null || true; awk -i inplace '!/BOARD_AVB_RECOVERY/' *.mk &>/dev/null || true; + awk -i inplace '!/vbmeta_system \\/' *.mk &>/dev/null || true; sed -i 's/vbmeta_system//' *.mk &>/dev/null || true; - sed -i '/\/system /{s|avb=vbmeta_system|avb=vbmeta|}' fstab.* root/fstab.* rootdir/fstab.* rootdir/*/fstab.* &>/dev/null || true; - sed -i '/\/system_ext/{s|avb=vbmeta_system|avb|}' fstab.* root/fstab.* rootdir/fstab.* rootdir/*/fstab.* &>/dev/null || true; - sed -i '/\/system_ext/{s|avb=vbmeta|avb|}' fstab.* root/fstab.* rootdir/fstab.* rootdir/*/fstab.* &>/dev/null || true; - sed -i '/\/vendor/{s|avb=vbmeta_system|avb|}' fstab.* root/fstab.* rootdir/fstab.* rootdir/*/fstab.* &>/dev/null || true; - sed -i '/\/vendor/{s|avb=vbmeta|avb|}' fstab.* root/fstab.* rootdir/fstab.* rootdir/*/fstab.* &>/dev/null || true; + sed -i '/\/system /{s|avb=vbmeta_system|avb=vbmeta|}' *fstab* */*fstab* */*/*fstab* &>/dev/null || true; + sed -i '/\/system_ext/{s|avb=vbmeta_system|avb|}' *fstab* */*fstab* */*/*fstab* &>/dev/null || true; + sed -i '/\/system_ext/{s|avb=vbmeta|avb|}' *fstab* */*fstab* */*/*fstab* &>/dev/null || true; + sed -i '/\/vendor/{s|avb=vbmeta_system|avb|}' *fstab* */*fstab* */*/*fstab* &>/dev/null || true; + sed -i '/\/vendor/{s|avb=vbmeta|avb|}' *fstab* */*fstab* */*/*fstab* &>/dev/null || true; + sed -i '/\/product/{s|avb=vbmeta_system|avb|}' *fstab* */*fstab* */*/*fstab* &>/dev/null || true; + sed -i '/\/product/{s|avb=vbmeta|avb|}' *fstab* */*fstab* */*/*fstab* &>/dev/null || true; echo "Enabled AVB for $1"; cd "$DOS_BUILD_BASE"; fi; diff --git a/Scripts/Common/Functions.sh b/Scripts/Common/Functions.sh index 38e8e016..f1852f54 100644 --- a/Scripts/Common/Functions.sh +++ b/Scripts/Common/Functions.sh @@ -309,7 +309,7 @@ processRelease() { #OTA echo -e "\e[0;32mCreating OTA\e[0m"; "$RELEASETOOLS_PREFIX"ota_from_target_files $BLOCK_SWITCHES -k "$KEY_DIR/releasekey" \ - "$OUT_DIR/$PREFIX-target_files.zip" \ + "$OUT_DIR/$PREFIX-target_files.zip" \ "$OUT_DIR/$PREFIX-ota.zip"; md5sum "$OUT_DIR/$PREFIX-ota.zip" > "$OUT_DIR/$PREFIX-ota.zip.md5sum"; sha512sum "$OUT_DIR/$PREFIX-ota.zip" > "$OUT_DIR/$PREFIX-ota.zip.sha512sum"; @@ -464,13 +464,13 @@ deblobAudio() { export -f deblobAudio; imsAllowDiag() { - find device -name "ims.te" -type f -exec sh -c "echo 'diag_use(ims)' >> {}" \; - find device -name "hal_imsrtp.te" -type f -exec sh -c "echo 'diag_use(hal_imsrtp)' >> {}" \; + find device -name "ims.te" -type f -exec sh -c "echo 'diag_use(ims)' >> {}" \; + find device -name "hal_imsrtp.te" -type f -exec sh -c "echo 'diag_use(hal_imsrtp)' >> {}" \; } export -f imsAllowDiag; extremeWiFiDeepSleep() { - sed -i 's/gEnablePowerSaveOffload=2/gEnablePowerSaveOffload=4/' $1; + sed -i 's/gEnablePowerSaveOffload=2/gEnablePowerSaveOffload=4/' $1; echo "Enabled extreme Wi-Fi deep sleep for $1"; } export -f extremeWiFiDeepSleep; @@ -560,7 +560,7 @@ export -f hardenLocationFWB; enableZram() { cd "$DOS_BUILD_BASE$1"; - sed -i 's|#/dev/block/zram0|/dev/block/zram0|' fstab.* root/fstab.* rootdir/fstab.* rootdir/*/fstab.* &>/dev/null || true; + sed -i 's|#/dev/block/zram0|/dev/block/zram0|' *fstab* */*fstab* */*/*fstab* &>/dev/null || true; echo "Enabled zram for $1"; cd "$DOS_BUILD_BASE"; } @@ -569,16 +569,16 @@ export -f enableZram; hardenUserdata() { cd "$DOS_BUILD_BASE$1"; - #awk -i inplace '!/f2fs/' fstab.* root/fstab.* rootdir/fstab.* rootdir/*/fstab.* &>/dev/null || true; + #awk -i inplace '!/f2fs/' *fstab* */*fstab* */*/*fstab* &>/dev/null || true; #Remove latemount to allow selinux contexts be restored upon /cache wipe #Fixes broken OTA updater and broken /recovery updater - sed -i '/\/cache/s|latemount,||' fstab.* root/fstab.* rootdir/fstab.* rootdir/*/fstab.* &>/dev/null || true; + sed -i '/\/cache/s|latemount,||' *fstab* */*fstab* */*/*fstab* &>/dev/null || true; #TODO: Ensure: noatime,nosuid,nodev - sed -i '/\/data/{/discard/!s|nosuid|discard,nosuid|}' fstab.* root/fstab.* rootdir/fstab.* rootdir/*/fstab.* &>/dev/null || true; + sed -i '/\/data/{/discard/!s|nosuid|discard,nosuid|}' *fstab* */*fstab* */*/*fstab* &>/dev/null || true; if [ "$1" != "device/samsung/tuna" ] && [ "$1" != "device/amazon/hdx-common" ]; then #tuna needs first boot to init, hdx-c has broken encryption - sed -i 's|encryptable=/|forceencrypt=/|' fstab.* root/fstab.* rootdir/fstab.* rootdir/*/fstab.* &>/dev/null || true; + sed -i 's|encryptable=/|forceencrypt=/|' *fstab* */*fstab* */*/*fstab* &>/dev/null || true; fi; echo "Hardened /data for $1"; cd "$DOS_BUILD_BASE";