16.0 Backports

- hosts toggle
- auto reboot
- bluetooth timeout
- unprivileged microG
- ptrace toggle
- exec spawning toggle

TODO: needs work

Signed-off-by: Tad <tad@spotco.us>

Patches/LineageOS-16.0/android_bionic/0004-hosts_toggle.patch

@@ -0,0 +1,35 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Tad <tad@spotco.us>
+Date: Wed, 20 Apr 2022 00:40:52 -0400
+Subject: [PATCH] Add a toggle to disable /etc/hosts lookup
+
+Signed-off-by: Tad <tad@spotco.us>
+Change-Id: I92679c57e73228dc194e61a86ea1a18b2ac90e04
+---
+ libc/dns/net/getaddrinfo.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/libc/dns/net/getaddrinfo.c b/libc/dns/net/getaddrinfo.c
+index 6fd825c38..be39d3181 100644
+--- a/libc/dns/net/getaddrinfo.c
++++ b/libc/dns/net/getaddrinfo.c
+@@ -83,6 +83,7 @@
+ #include <sys/stat.h>
+ #include <sys/param.h>
+ #include <sys/socket.h>
++#include <sys/system_properties.h>
+ #include <sys/un.h>
+ #include <net/if.h>
+ #include <netinet/in.h>
+@@ -2128,6 +2129,11 @@ _files_getaddrinfo(void *rv, void *cb_data, va_list ap)
+ 	name = va_arg(ap, char *);
+ 	pai = va_arg(ap, struct addrinfo *);
+ 
++	char value[PROP_VALUE_MAX] = { 0 };
++	if (__system_property_get("persist.security.hosts_disable", value) != 0)
++		if (atoi(value) != 0 && strcmp(name, "localhost") != 0 && strcmp(name, "ip6-localhost") != 0)
++			return NS_NOTFOUND;
++
+ 	memset(&sentinel, 0, sizeof(sentinel));
+ 	cur = &sentinel;
+ 	int gai_error = hc_getaddrinfo(name, NULL, pai, &cur);

Patches/LineageOS-16.0/android_frameworks_base/0015-Automatic_Reboot.patch

@@ -0,0 +1,152 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: anupritaisno1 <www.anuprita804@gmail.com>
+Date: Mon, 7 Jun 2021 22:04:53 +0100
+Subject: [PATCH] automatically reboot device after timeout if set
+
+Change-Id: Idf78e9f3512ad8d407623a7c7c822b4712f8201c
+---
+ core/java/android/provider/Settings.java      |  7 ++++
+ data/etc/privapp-permissions-platform.xml     |  1 +
+ packages/SystemUI/AndroidManifest.xml         |  3 ++
+ .../keyguard/KeyguardViewMediator.java        | 35 +++++++++++++++++++
+ 4 files changed, 46 insertions(+)
+
+diff --git a/core/java/android/provider/Settings.java b/core/java/android/provider/Settings.java
+index 0c73965d13c2..c0260a239ceb 100644
+--- a/core/java/android/provider/Settings.java
++++ b/core/java/android/provider/Settings.java
+@@ -13047,6 +13047,13 @@ public final class Settings {
+          */
+         public static final String GNSS_HAL_LOCATION_REQUEST_DURATION_MILLIS =
+                 "gnss_hal_location_request_duration_millis";
++
++        /**
++         * Whether to automatically reboot the device after a user defined timeout
++         *
++         * @hide
++         */
++        public static final String SETTINGS_REBOOT_AFTER_TIMEOUT = "settings_reboot_after_timeout";
+     }
+ 
+     /**
+diff --git a/data/etc/privapp-permissions-platform.xml b/data/etc/privapp-permissions-platform.xml
+index 82b6a22d2740..686edd41af13 100644
+--- a/data/etc/privapp-permissions-platform.xml
++++ b/data/etc/privapp-permissions-platform.xml
+@@ -375,6 +375,7 @@ applications that come with the platform
+         <permission name="android.permission.READ_NETWORK_USAGE_HISTORY"/>
+         <permission name="android.permission.READ_PRIVILEGED_PHONE_STATE"/>
+         <permission name="android.permission.REAL_GET_TASKS"/>
++        <permission name="android.permission.REBOOT"/>
+         <permission name="android.permission.RECEIVE_MEDIA_RESOURCE_USAGE"/>
+         <permission name="android.permission.START_TASKS_FROM_RECENTS"/>
+         <permission name="android.permission.STATUS_BAR"/>
+diff --git a/packages/SystemUI/AndroidManifest.xml b/packages/SystemUI/AndroidManifest.xml
+index c924effe6933..18559af7ae5f 100644
+--- a/packages/SystemUI/AndroidManifest.xml
++++ b/packages/SystemUI/AndroidManifest.xml
+@@ -216,6 +216,9 @@
+ 
+     <uses-permission android:name="android.permission.HIDE_NON_SYSTEM_OVERLAY_WINDOWS" />
+ 
++    <!-- Permission to allow rebooting the device after a user configurable amount of time -->
++    <uses-permission android:name="android.permission.REBOOT" />
++
+     <protected-broadcast android:name="com.android.settingslib.action.REGISTER_SLICE_RECEIVER" />
+     <protected-broadcast android:name="com.android.settingslib.action.UNREGISTER_SLICE_RECEIVER" />
+ 
+diff --git a/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java b/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java
+index bac481c8e478..8a7be570ee76 100644
+--- a/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java
++++ b/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java
+@@ -148,6 +148,8 @@ public class KeyguardViewMediator extends SystemUI {
+ 
+     private final static String TAG = "KeyguardViewMediator";
+ 
++    private static final String DELAYED_REBOOT_ACTION =
++        "com.android.internal.policy.impl.PhoneWindowManager.DELAYED_REBOOT";
+     private static final String DELAYED_KEYGUARD_ACTION =
+         "com.android.internal.policy.impl.PhoneWindowManager.DELAYED_KEYGUARD";
+     private static final String DELAYED_LOCK_PROFILE_ACTION =
+@@ -269,6 +271,11 @@ public class KeyguardViewMediator extends SystemUI {
+      */
+     private int mDelayedProfileShowingSequence;
+ 
++    /**
++     * Same as {@link #mDelayedProfileShowingSequence}, but used for our reboot implementation
++     */
++    private int mDelayedRebootSequence;
++
+     /**
+      * If the user has disabled the keyguard, then requests to exit, this is
+      * how we'll ultimately let them know whether it was successful.  We use this
+@@ -735,6 +742,7 @@ public class KeyguardViewMediator extends SystemUI {
+         final IntentFilter delayedActionFilter = new IntentFilter();
+         delayedActionFilter.addAction(DELAYED_KEYGUARD_ACTION);
+         delayedActionFilter.addAction(DELAYED_LOCK_PROFILE_ACTION);
++        delayedActionFilter.addAction(DELAYED_REBOOT_ACTION);
+         mContext.registerReceiver(mDelayedLockBroadcastReceiver, delayedActionFilter,
+                 SYSTEMUI_PERMISSION, null /* scheduler */);
+ 
+@@ -998,6 +1006,18 @@ public class KeyguardViewMediator extends SystemUI {
+         }
+     }
+ 
++    private void doRebootForOwnerAfterTimeoutIfEnabled(long rebootAfterTimeout) {
++        long when = SystemClock.elapsedRealtime() + rebootAfterTimeout;
++        Intent rebootIntent = new Intent(DELAYED_REBOOT_ACTION);
++        rebootIntent.putExtra("seq", mDelayedRebootSequence);
++        rebootIntent.addFlags(Intent.FLAG_RECEIVER_FOREGROUND);
++        PendingIntent sender = PendingIntent.getBroadcast(mContext,
++                0, rebootIntent, PendingIntent.FLAG_CANCEL_CURRENT);
++        mAlarmManager.setExactAndAllowWhileIdle(AlarmManager.ELAPSED_REALTIME_WAKEUP, when, sender);
++        if (DEBUG) Log.d(TAG, "setting alarm to reboot device, timeout = "
++                         + String.valueOf(rebootAfterTimeout));
++    }
++
+     private void doKeyguardForChildProfilesLocked() {
+         UserManager um = UserManager.get(mContext);
+         for (int profileId : um.getEnabledProfileIds(UserHandle.myUserId())) {
+@@ -1015,6 +1035,10 @@ public class KeyguardViewMediator extends SystemUI {
+         mDelayedProfileShowingSequence++;
+     }
+ 
++    private void cancelDoRebootForOwnerAfterTimeoutIfEnabled() {
++        mDelayedRebootSequence++;
++    }
++
+     /**
+      * Let's us know when the device is waking up.
+      */
+@@ -1402,6 +1426,10 @@ public class KeyguardViewMediator extends SystemUI {
+ 
+         if (DEBUG) Log.d(TAG, "doKeyguard: showing the lock screen");
+         showLocked(options);
++        final long rebootAfterTimeout = Settings.Global.getLong(mContext.getContentResolver(), Settings.Global.SETTINGS_REBOOT_AFTER_TIMEOUT, 0);
++        if (rebootAfterTimeout >= 1) {
++            doRebootForOwnerAfterTimeoutIfEnabled(rebootAfterTimeout);
++        }
+     }
+ 
+     private void lockProfile(int userId) {
+@@ -1565,6 +1593,12 @@ public class KeyguardViewMediator extends SystemUI {
+                         }
+                     }
+                 }
++            } else if (DELAYED_REBOOT_ACTION.equals(intent.getAction())) {
++                final int sequence = intent.getIntExtra("seq", 0);
++                if (sequence == mDelayedRebootSequence) {
++                    PowerManager pm = mContext.getSystemService(PowerManager.class);
++                    pm.reboot(null);
++                }
+             }
+         }
+     };
+@@ -1961,6 +1995,7 @@ public class KeyguardViewMediator extends SystemUI {
+             mHideAnimationRun = false;
+             adjustStatusBarLocked();
+             sendUserPresentBroadcast();
++            cancelDoRebootForOwnerAfterTimeoutIfEnabled();
+             mUpdateMonitor.setKeyguardGoingAway(false /* goingAway */);
+         }
+         Trace.endSection();

Patches/LineageOS-16.0/android_frameworks_base/0016-Bluetooth_Timeout.patch

@@ -0,0 +1,121 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: pratyush <codelab@pratyush.dev>
+Date: Thu, 1 Jul 2021 12:26:49 +0530
+Subject: [PATCH] Bluetooth auto turn off
+
+---
+ core/java/android/provider/Settings.java      |  6 ++
+ .../server/BluetoothManagerService.java       | 76 +++++++++++++++++++
+ 2 files changed, 82 insertions(+)
+
+diff --git a/core/java/android/provider/Settings.java b/core/java/android/provider/Settings.java
+index c0260a239ceb..adafd9def4aa 100644
+--- a/core/java/android/provider/Settings.java
++++ b/core/java/android/provider/Settings.java
+@@ -13048,6 +13048,12 @@ public final class Settings {
+         public static final String GNSS_HAL_LOCATION_REQUEST_DURATION_MILLIS =
+                 "gnss_hal_location_request_duration_millis";
+ 
++        /**
++         * The amount of time in milliseconds before bluetooth is turned off
++         * @hide
++         */
++        public static final String BLUETOOTH_OFF_TIMEOUT = "bluetooth_off_timeout";
++
+         /**
+          * Whether to automatically reboot the device after a user defined timeout
+          *
+diff --git a/services/core/java/com/android/server/BluetoothManagerService.java b/services/core/java/com/android/server/BluetoothManagerService.java
+index e5cde96d383f..5947af7325fe 100644
+--- a/services/core/java/com/android/server/BluetoothManagerService.java
++++ b/services/core/java/com/android/server/BluetoothManagerService.java
+@@ -21,6 +21,7 @@ package com.android.server;
+ 
+ import android.Manifest;
+ import android.app.ActivityManager;
++import android.app.AlarmManager;
+ import android.app.AppGlobals;
+ import android.app.AppOpsManager;
+ import android.bluetooth.BluetoothAdapter;
+@@ -443,6 +444,81 @@ class BluetoothManagerService extends IBluetoothManager.Stub {
+             Slog.w(TAG, "Unable to resolve SystemUI's UID.", e);
+         }
+         mSystemUiUid = systemUiUid;
++
++        /*
++        * System sends ACTION_STATE_CHANGED broadcast soon as any state
++        * changes. what it means in action is we don't have to take care if
++        * device reboot while BT has not been turned off automatically.
++        *
++        * A word of warning though it does not check if device as been
++        * unlocked or not what it means in real life is if you have sometime
++        * like tile ble tracker configured it will turn off BT. As result tile
++        * tracking will fail because of auto timeout. this behaviour can be
++        * changed with UserManager.isUnlocked()
++        * */
++        IntentFilter btFilter = new IntentFilter();
++        btFilter.addAction(BluetoothAdapter.ACTION_STATE_CHANGED);
++        btFilter.addAction(BluetoothAdapter.ACTION_CONNECTION_STATE_CHANGED);
++        btFilter.addAction(BluetoothAdapter.ACTION_LOCAL_NAME_CHANGED);
++        context.registerReceiver(new BroadcastReceiver() {
++            @Override
++            public void onReceive(Context broadcastContext, Intent intent) {
++                reconfigureBtTimeoutListener();
++            }
++        }, btFilter);
++
++        context.getContentResolver().registerContentObserver(
++                Settings.Global.getUriFor(Settings.Global.BLUETOOTH_OFF_TIMEOUT),
++                false,
++                new ContentObserver(new Handler(context.getMainLooper())) {
++                    @Override
++                    public void onChange(boolean selfChange) {
++                        super.onChange(selfChange);
++                        reconfigureBtTimeoutListener();
++                    }
++                });
++    }
++
++    private static final AlarmManager.OnAlarmListener listener = () -> {
++        BluetoothAdapter bluetoothAdapter = BluetoothAdapter.getDefaultAdapter();
++        if (isBtOnAndDisconnected() && bluetoothAdapter != null) {
++            bluetoothAdapter.disable();
++        }
++    };
++
++    // If device is still connected cancel timeout for now and wait for disconnected signal
++    private void reconfigureBtTimeoutListener() {
++        AlarmManager alarmManager = (AlarmManager) mContext.getSystemService(Context.ALARM_SERVICE);
++        if (isTimeoutEnabled(mContext) && isBtOnAndDisconnected()) {
++            final long timeout = SystemClock.elapsedRealtime() + btTimeoutDurationInMilli(mContext);
++            alarmManager.cancel(listener);
++            alarmManager.setExact(
++                    AlarmManager.ELAPSED_REALTIME_WAKEUP,
++                    timeout,
++                    "BT Idle Timeout",
++                    listener,
++                    new Handler(mContext.getMainLooper())
++            );
++        } else {
++            alarmManager.cancel(listener);
++        }
++    }
++
++    private static boolean isBtOnAndDisconnected() {
++        BluetoothAdapter bluetoothAdapter = BluetoothAdapter.getDefaultAdapter();
++        return bluetoothAdapter != null && bluetoothAdapter.getState() == BluetoothAdapter.STATE_ON
++                && bluetoothAdapter.getState() == BluetoothAdapter.STATE_ON &&
++                bluetoothAdapter.getConnectionState() == BluetoothAdapter.STATE_DISCONNECTED;
++    }
++
++    private static long btTimeoutDurationInMilli(Context context) {
++        return Settings.Global.getLong(context.getContentResolver(),
++                Settings.Global.BLUETOOTH_OFF_TIMEOUT, 0);
++    }
++
++    /** Zero is default and means disabled */
++    private static boolean isTimeoutEnabled(Context context) {
++        return 0 != btTimeoutDurationInMilli(context);
+     }
+ 
+     /**

Patches/LineageOS-16.0/android_packages_apps_Settings/0005-Automatic_Reboot.patch

@@ -0,0 +1,193 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: pratyush <codelab@pratyush.dev>
+Date: Mon, 7 Jun 2021 22:15:59 +0100
+Subject: [PATCH] add auto-reboot setting
+
+---
+ res/values/arrays.xml                         | 31 +++++++
+ res/values/strings.xml                        |  3 +
+ res/xml/security_dashboard_settings.xml       |  9 +-
+ .../AutoRebootPreferenceController.java       | 82 +++++++++++++++++++
+ .../settings/security/SecuritySettings.java   |  1 +
+ 5 files changed, 125 insertions(+), 1 deletion(-)
+ create mode 100644 src/com/android/settings/security/AutoRebootPreferenceController.java
+
+diff --git a/res/values/arrays.xml b/res/values/arrays.xml
+index be7a0ca50b..be42e5a339 100644
+--- a/res/values/arrays.xml
++++ b/res/values/arrays.xml
+@@ -136,6 +136,37 @@
+         <item>1800000</item>
+     </string-array>
+ 
++    <!-- Auto reboot settings -->
++    <string-array name="auto_reboot_entries">
++        <item>Off</item>
++        <item>10 minutes</item>
++        <item>30 minutes</item>
++        <item>1 hour</item>
++        <item>2 hours</item>
++        <item>4 hours</item>
++        <item>8 hours</item>
++        <item>12 hours</item>
++        <item>24 hours</item>
++        <item>36 hours</item>
++        <item>48 hours</item>
++        <item>72 hours</item>
++    </string-array>
++
++    <string-array name="auto_reboot_values" translatable="false">
++        <item>0</item>  <!-- Disabled -->
++        <item>600000</item>
++        <item>1800000</item>
++        <item>3600000</item>
++        <item>7200000</item>
++        <item>14400000</item>
++        <item>28800000</item>
++        <item>43200000</item>
++        <item>86400000</item>
++        <item>129600000</item>
++        <item>172800000</item>
++        <item>259200000</item>
++    </string-array>
++
+     <string-array name="entries_font_size">
+         <item msgid="6490061470416867723">Small</item>
+         <item msgid="3579015730662088893">Default</item>
+diff --git a/res/values/strings.xml b/res/values/strings.xml
+index 9f78d9b654..705d08dae1 100644
+--- a/res/values/strings.xml
++++ b/res/values/strings.xml
+@@ -10124,4 +10124,7 @@
+     <string name="bluetooth_connect_access_dialog_negative">Don\u2019t connect</string>
+     <!-- Strings for Dialog connect button -->
+     <string name="bluetooth_connect_access_dialog_positive">Connect</string>
++
++    <string name="auto_reboot_title">Auto reboot</string>
++    <string name="auto_reboot_summary">Automatically reboot the device, if the phone hasn\'t been unlocked within the selected number of hours.</string>
+ </resources>
+diff --git a/res/xml/security_dashboard_settings.xml b/res/xml/security_dashboard_settings.xml
+index 591d8a7c21..5d13c434d4 100644
+--- a/res/xml/security_dashboard_settings.xml
++++ b/res/xml/security_dashboard_settings.xml
+@@ -56,6 +56,13 @@
+             android:summary="@string/summary_placeholder"
+             settings:keywords="@string/keywords_fingerprint_settings"/>
+ 
++        <ListPreference
++            android:key="auto_reboot"
++            android:title="@string/auto_reboot_title"
++            android:summary="@string/auto_reboot_summary"
++            android:persistent="false"
++            android:entries="@array/auto_reboot_entries"
++            android:entryValues="@array/auto_reboot_values" />
+     </PreferenceCategory>
+ 
+     <!-- work profile security section -->
+@@ -165,4 +172,4 @@
+         android:summary="@string/summary_placeholder"
+         android:fragment="com.android.settings.security.ScreenPinningSettings" />
+ 
+-</PreferenceScreen>
+\ No newline at end of file
++</PreferenceScreen>
+diff --git a/src/com/android/settings/security/AutoRebootPreferenceController.java b/src/com/android/settings/security/AutoRebootPreferenceController.java
+new file mode 100644
+index 0000000000..c7a75219a5
+--- /dev/null
++++ b/src/com/android/settings/security/AutoRebootPreferenceController.java
+@@ -0,0 +1,82 @@
++package com.android.settings.security;
++
++import android.content.Context;
++import android.os.UserManager;
++import android.provider.Settings;
++import android.util.Log;
++
++import androidx.preference.ListPreference;
++import androidx.preference.Preference;
++import androidx.preference.PreferenceCategory;
++import androidx.preference.PreferenceScreen;
++
++import com.android.settings.core.PreferenceControllerMixin;
++import com.android.settingslib.core.AbstractPreferenceController;
++import com.android.settingslib.core.lifecycle.events.OnResume;
++
++public class AutoRebootPreferenceController extends AbstractPreferenceController
++    implements PreferenceControllerMixin, OnResume,
++           Preference.OnPreferenceChangeListener {
++
++    private static final String KEY_AUTO_REBOOT = "auto_reboot";
++    private static final String PREF_KEY_SECURITY_CATEGORY = "security_category";
++
++    private PreferenceCategory mSecurityCategory;
++    private boolean mIsAdmin;
++    private final UserManager mUm;
++
++    public AutoRebootPreferenceController(Context context) {
++        super(context);
++        mUm = UserManager.get(context);
++    }
++
++    @Override
++    public void displayPreference(PreferenceScreen screen) {
++        super.displayPreference(screen);
++        mSecurityCategory = screen.findPreference(PREF_KEY_SECURITY_CATEGORY);
++        updatePreferenceState();
++    }
++
++    @Override
++    public boolean isAvailable() {
++        mIsAdmin = mUm.isAdminUser();
++        return mIsAdmin;
++    }
++
++    @Override
++    public String getPreferenceKey() {
++        return KEY_AUTO_REBOOT;
++    }
++
++    // TODO: should we use onCreatePreferences() instead?
++    private void updatePreferenceState() {
++        if (mSecurityCategory == null) {
++            return;
++        }
++
++        if (mIsAdmin) {
++            ListPreference autoReboot =
++                    (ListPreference) mSecurityCategory.findPreference(KEY_AUTO_REBOOT);
++            autoReboot.setValue(Long.toString(Settings.Global.getLong(
++                    mContext.getContentResolver(), Settings.Global.SETTINGS_REBOOT_AFTER_TIMEOUT, 0)));
++        } else {
++            mSecurityCategory.removePreference(
++                    mSecurityCategory.findPreference(KEY_AUTO_REBOOT));
++        }
++    }
++
++    @Override
++    public void onResume() {
++        updatePreferenceState();
++    }
++
++    @Override
++    public boolean onPreferenceChange(Preference preference, Object value) {
++        final String key = preference.getKey();
++        if (KEY_AUTO_REBOOT.equals(key) && mIsAdmin) {
++            long timeout = Long.parseLong((String) value);
++            Settings.Global.putLong(mContext.getContentResolver(), Settings.Global.SETTINGS_REBOOT_AFTER_TIMEOUT, timeout);
++        }
++        return true;
++    }
++}
+diff --git a/src/com/android/settings/security/SecuritySettings.java b/src/com/android/settings/security/SecuritySettings.java
+index 0839450a93..defbdc2e68 100644
+--- a/src/com/android/settings/security/SecuritySettings.java
++++ b/src/com/android/settings/security/SecuritySettings.java
+@@ -128,6 +128,7 @@ public class SecuritySettings extends DashboardFragment {
+         securityPreferenceControllers.add(new FingerprintStatusPreferenceController(context));
+         securityPreferenceControllers.add(new LockScreenPreferenceController(context, lifecycle));
+         securityPreferenceControllers.add(new ChangeScreenLockPreferenceController(context, host));
++        securityPreferenceControllers.add(new AutoRebootPreferenceController(context));
+         controllers.add(new PreferenceCategoryController(context, SECURITY_CATEGORY)
+                 .setChildren(securityPreferenceControllers));
+         controllers.addAll(securityPreferenceControllers);

Patches/LineageOS-16.0/android_packages_apps_Settings/0006-Bluetooth_Timeout.patch

@@ -0,0 +1,238 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Oliver Scott <olivercscott@gmail.com>
+Date: Fri, 2 Oct 2020 12:37:30 -0400
+Subject: [PATCH] add bluetooth auto-turn-off setting
+
+---
+ res/values/arrays.xml                         |  44 +++++++
+ res/values/strings.xml                        |  19 +++
+ res/xml/connected_devices.xml                 |   8 ++
+ .../BluetoothTimeoutPreferenceController.java | 115 ++++++++++++++++++
+ 4 files changed, 186 insertions(+)
+ create mode 100644 src/com/android/settings/bluetooth/BluetoothTimeoutPreferenceController.java
+
+diff --git a/res/values/arrays.xml b/res/values/arrays.xml
+index be42e5a339..8a690ced0f 100644
+--- a/res/values/arrays.xml
++++ b/res/values/arrays.xml
+@@ -39,6 +39,50 @@
+         <item>All</item>
+     </string-array>
+ 
++    <!-- Bluetooth settings.  The delay in inactivity before bluetooth is turned off. These are shown in a list dialog. -->
++    <string-array name="bluetooth_timeout_entries">
++        <item>@string/bluetooth_timeout_summary_never</item>
++        <item>@string/bluetooth_timeout_summary_15secs</item>
++        <item>@string/bluetooth_timeout_summary_30secs</item>
++        <item>@string/bluetooth_timeout_summary_1min</item>
++        <item>@string/bluetooth_timeout_summary_2mins</item>
++        <item>@string/bluetooth_timeout_summary_5mins</item>
++        <item>@string/bluetooth_timeout_summary_10mins</item>
++        <item>@string/bluetooth_timeout_summary_30mins</item>
++        <item>@string/bluetooth_timeout_summary_1hour</item>
++        <item>@string/bluetooth_timeout_summary_2hours</item>
++        <item>@string/bluetooth_timeout_summary_4hours</item>
++        <item>@string/bluetooth_timeout_summary_8hours</item>
++    </string-array>
++
++    <!-- Do not translate. -->
++    <string-array name="bluetooth_timeout_values" translatable="false">
++        <!-- Do not translate. -->
++        <item>0</item>
++        <!-- Do not translate. -->
++        <item>15000</item>
++        <!-- Do not translate. -->
++        <item>30000</item>
++        <!-- Do not translate. -->
++        <item>60000</item>
++        <!-- Do not translate. -->
++        <item>120000</item>
++        <!-- Do not translate. -->
++        <item>300000</item>
++        <!-- Do not translate. -->
++        <item>600000</item>
++        <!-- Do not translate. -->
++        <item>1800000</item>
++        <!-- Do not translate. -->
++        <item>3600000</item>
++        <!-- Do not translate. -->
++        <item>7200000</item>
++        <!-- Do not translate. -->
++        <item>14400000</item>
++        <!-- Do not translate. -->
++        <item>28800000</item>
++    </string-array>
++
+     <!-- Display settings.  The delay in inactivity before the screen is turned off. These are shown in a list dialog. -->
+     <string-array name="screen_timeout_entries">
+         <item>15 seconds</item>
+diff --git a/res/values/strings.xml b/res/values/strings.xml
+index 705d08dae1..d80f6cbd94 100644
+--- a/res/values/strings.xml
++++ b/res/values/strings.xml
+@@ -30,6 +30,25 @@
+     <!-- Strings for Dialog switch button [CHAR LIMIT=20] -->
+     <string name="dlg_switch">Switch</string>
+ 
++    <!-- Connected devices screen, setting option name to change bluetooth timeout -->
++    <string name="bluetooth_timeout">Bluetooth timeout</string>
++
++    <!-- Connected devices screen, setting option summary to change bluetooth timeout -->
++    <string name="bluetooth_timeout_summary">Bluetooth will turn off after <xliff:g id="timeout_description">%1$s</xliff:g> if no devices connected</string>
++    <string name="bluetooth_timeout_summary2">Do not automatically turn off Bluetooth</string>
++    <string name="bluetooth_timeout_summary_never">Never</string>
++    <string name="bluetooth_timeout_summary_15secs">15 seconds</string>
++    <string name="bluetooth_timeout_summary_30secs">30 seconds</string>
++    <string name="bluetooth_timeout_summary_1min">1 minute</string>
++    <string name="bluetooth_timeout_summary_2mins">2 minutes</string>
++    <string name="bluetooth_timeout_summary_5mins">5 minutes</string>
++    <string name="bluetooth_timeout_summary_10mins">10 minutes</string>
++    <string name="bluetooth_timeout_summary_30mins">30 minutes</string>
++    <string name="bluetooth_timeout_summary_1hour">1 hour</string>
++    <string name="bluetooth_timeout_summary_2hours">2 hours</string>
++    <string name="bluetooth_timeout_summary_4hours">4 hours</string>
++    <string name="bluetooth_timeout_summary_8hours">8 hours</string>
++
+     <!-- Device Info --> <skip />
+     <!-- Device Info screen. Used for a status item's value when the proper value is not known -->
+     <string name="device_info_default">Unknown</string>
+diff --git a/res/xml/connected_devices.xml b/res/xml/connected_devices.xml
+index 424ca750f9..0bfd5292e2 100644
+--- a/res/xml/connected_devices.xml
++++ b/res/xml/connected_devices.xml
+@@ -41,6 +41,14 @@
+         settings:useAdminDisabledSummary="true"
+         settings:controller="com.android.settings.connecteddevice.AddDevicePreferenceController"/>
+ 
++    <androidx.preference.ListPreference
++        android:key="bluetooth_timeout"
++        android:title="@string/bluetooth_timeout"
++        android:summary="@string/summary_placeholder"
++        android:entries="@array/bluetooth_timeout_entries"
++        android:entryValues="@array/bluetooth_timeout_values"
++        settings:controller="com.android.settings.bluetooth.BluetoothTimeoutPreferenceController"/>
++
+     <Preference
+         android:key="previously_connected_devices"
+         android:title="@string/connected_device_previously_connected_title"
+diff --git a/src/com/android/settings/bluetooth/BluetoothTimeoutPreferenceController.java b/src/com/android/settings/bluetooth/BluetoothTimeoutPreferenceController.java
+new file mode 100644
+index 0000000000..244147948a
+--- /dev/null
++++ b/src/com/android/settings/bluetooth/BluetoothTimeoutPreferenceController.java
+@@ -0,0 +1,115 @@
++/*
++ * Copyright (C) 2020 The Calyx Institute
++ *
++ * Licensed under the Apache License, Version 2.0 (the "License");
++ * you may not use this file except in compliance with the License.
++ * You may obtain a copy of the License at
++ *
++ *      http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ */
++
++package com.android.settings.bluetooth;
++
++import android.bluetooth.BluetoothAdapter;
++import android.content.Context;
++import android.provider.Settings;
++import android.util.Log;
++
++import androidx.preference.ListPreference;
++import androidx.preference.Preference;
++
++import com.android.settings.R;
++import com.android.settings.core.BasePreferenceController;
++import com.android.settings.core.PreferenceControllerMixin;
++
++public class BluetoothTimeoutPreferenceController extends BasePreferenceController implements
++        PreferenceControllerMixin, Preference.OnPreferenceChangeListener {
++    private static final String TAG = "BluetoothTimeoutPrefCtrl";
++
++    public static final int FALLBACK_BLUETOOTH_TIMEOUT_VALUE = 0;
++
++    private final String mBluetoothTimeoutKey;
++
++    protected BluetoothAdapter mBluetoothAdapter;
++
++    public BluetoothTimeoutPreferenceController(Context context, String key) {
++        super(context, key);
++        mBluetoothTimeoutKey = key;
++
++        mBluetoothAdapter = BluetoothAdapter.getDefaultAdapter();
++        if (mBluetoothAdapter == null) {
++            Log.e(TAG, "Bluetooth is not supported on this device");
++            return;
++        }
++    }
++
++    @Override
++    public int getAvailabilityStatus() {
++        return mBluetoothAdapter != null ? AVAILABLE : UNSUPPORTED_ON_DEVICE;
++    }
++
++    @Override
++    public String getPreferenceKey() {
++        return mBluetoothTimeoutKey;
++    }
++
++    @Override
++    public void updateState(Preference preference) {
++        final ListPreference timeoutListPreference = (ListPreference) preference;
++        final long currentTimeout = Settings.Global.getLong(mContext.getContentResolver(),
++                Settings.Global.BLUETOOTH_OFF_TIMEOUT, FALLBACK_BLUETOOTH_TIMEOUT_VALUE);
++        timeoutListPreference.setValue(String.valueOf(currentTimeout));
++        updateTimeoutPreferenceDescription(timeoutListPreference,
++                Long.parseLong(timeoutListPreference.getValue()));
++    }
++
++    @Override
++    public boolean onPreferenceChange(Preference preference, Object newValue) {
++        try {
++            long value = Long.parseLong((String) newValue);
++            Settings.Global.putLong(mContext.getContentResolver(), Settings.Global.BLUETOOTH_OFF_TIMEOUT, value);
++            updateTimeoutPreferenceDescription((ListPreference) preference, value);
++        } catch (NumberFormatException e) {
++            Log.e(TAG, "could not persist bluetooth timeout setting", e);
++        }
++        return true;
++    }
++
++    public static CharSequence getTimeoutDescription(
++            long currentTimeout, CharSequence[] entries, CharSequence[] values) {
++        if (currentTimeout < 0 || entries == null || values == null
++                || values.length != entries.length) {
++            return null;
++        }
++
++        for (int i = 0; i < values.length; i++) {
++            long timeout = Long.parseLong(values[i].toString());
++            if (currentTimeout == timeout) {
++                return entries[i];
++            }
++        }
++        return null;
++    }
++
++    private void updateTimeoutPreferenceDescription(ListPreference preference,
++                                                    long currentTimeout) {
++        final CharSequence[] entries = preference.getEntries();
++        final CharSequence[] values = preference.getEntryValues();
++        final CharSequence timeoutDescription = getTimeoutDescription(
++                currentTimeout, entries, values);
++        String summary = "";
++        if (timeoutDescription != null) {
++            if (currentTimeout != 0)
++                summary = mContext.getString(R.string.bluetooth_timeout_summary, timeoutDescription);
++            else
++                summary = mContext.getString(R.string.bluetooth_timeout_summary2);
++        }
++        preference.setSummary(summary);
++    }
++}

Patches/LineageOS-16.0/android_packages_apps_Settings/0008-ptrace_scope.patch

@@ -0,0 +1,166 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: flawedworld <38294951+flawedworld@users.noreply.github.com>
+Date: Tue, 6 Apr 2021 01:15:32 +0100
+Subject: [PATCH] add native debugging setting
+
+---
+ res/values/strings.xml                        |   3 +
+ res/xml/security_dashboard_settings.xml       |   6 +
+ .../NativeDebugPreferenceController.java      | 106 ++++++++++++++++++
+ .../settings/security/SecuritySettings.java   |   1 +
+ 4 files changed, 116 insertions(+)
+ create mode 100644 src/com/android/settings/security/NativeDebugPreferenceController.java
+
+diff --git a/res/values/strings.xml b/res/values/strings.xml
+index d80f6cbd94..05a253e170 100644
+--- a/res/values/strings.xml
++++ b/res/values/strings.xml
+@@ -10146,4 +10146,7 @@
+ 
+     <string name="auto_reboot_title">Auto reboot</string>
+     <string name="auto_reboot_summary">Automatically reboot the device, if the phone hasn\'t been unlocked within the selected number of hours.</string>
++
++    <string name="native_debug_title">Enable native code debugging</string>
++    <string name="native_debug_summary">Generate useful logs / bug reports from crashes and permit debugging native code.</string>
+ </resources>
+diff --git a/res/xml/security_dashboard_settings.xml b/res/xml/security_dashboard_settings.xml
+index 5d13c434d4..0e8f0f511a 100644
+--- a/res/xml/security_dashboard_settings.xml
++++ b/res/xml/security_dashboard_settings.xml
+@@ -63,6 +63,12 @@
+             android:persistent="false"
+             android:entries="@array/auto_reboot_entries"
+             android:entryValues="@array/auto_reboot_values" />
++
++        <SwitchPreference
++            android:key="native_debug"
++            android:title="@string/native_debug_title"
++            android:summary="@string/native_debug_summary"
++            android:persistent="false" />
+     </PreferenceCategory>
+ 
+     <!-- work profile security section -->
+diff --git a/src/com/android/settings/security/NativeDebugPreferenceController.java b/src/com/android/settings/security/NativeDebugPreferenceController.java
+new file mode 100644
+index 0000000000..9271e6e21c
+--- /dev/null
++++ b/src/com/android/settings/security/NativeDebugPreferenceController.java
+@@ -0,0 +1,106 @@
++/*
++ * Copyright (C) 2020 The Android Open Source Project
++ *
++ * Licensed under the Apache License, Version 2.0 (the "License");
++ * you may not use this file except in compliance with the License.
++ * You may obtain a copy of the License at
++ *
++ *      http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License
++ */
++
++package com.android.settings.security;
++
++import android.content.Context;
++
++import android.os.UserHandle;
++import android.os.UserManager;
++import android.os.SystemProperties;
++
++import android.provider.Settings;
++
++import androidx.preference.Preference;
++import androidx.preference.PreferenceCategory;
++import androidx.preference.PreferenceGroup;
++import androidx.preference.PreferenceScreen;
++import androidx.preference.TwoStatePreference;
++import androidx.preference.SwitchPreference;
++
++import com.android.internal.widget.LockPatternUtils;
++import com.android.settings.core.PreferenceControllerMixin;
++import com.android.settingslib.core.AbstractPreferenceController;
++import com.android.settingslib.core.lifecycle.events.OnResume;
++
++public class NativeDebugPreferenceController extends AbstractPreferenceController
++        implements PreferenceControllerMixin, OnResume, Preference.OnPreferenceChangeListener {
++
++    private static final String SYS_KEY_NATIVE_DEBUG = "persist.native_debug";
++    private static final String PREF_KEY_NATIVE_DEBUG = "native_debug";
++    private static final String PREF_KEY_SECURITY_CATEGORY = "security_category";
++
++    private PreferenceCategory mSecurityCategory;
++    private SwitchPreference mNativeDebug;
++    private boolean mIsAdmin;
++    private UserManager mUm;
++
++    public NativeDebugPreferenceController(Context context) {
++        super(context);
++        mUm = UserManager.get(context);
++    }
++
++    @Override
++    public void displayPreference(PreferenceScreen screen) {
++        super.displayPreference(screen);
++        mSecurityCategory = screen.findPreference(PREF_KEY_SECURITY_CATEGORY);
++        updatePreferenceState();
++    }
++
++    @Override
++    public boolean isAvailable() {
++        mIsAdmin = mUm.isAdminUser();
++        return mIsAdmin;
++    }
++
++    @Override
++    public String getPreferenceKey() {
++        return PREF_KEY_NATIVE_DEBUG;
++    }
++
++    // TODO: should we use onCreatePreferences() instead?
++    private void updatePreferenceState() {
++        if (mSecurityCategory == null) {
++            return;
++        }
++
++        if (mIsAdmin) {
++            mNativeDebug = (SwitchPreference) mSecurityCategory.findPreference(PREF_KEY_NATIVE_DEBUG);
++            mNativeDebug.setChecked(SystemProperties.getBoolean(SYS_KEY_NATIVE_DEBUG, true));
++        } else {
++            mSecurityCategory.removePreference(mSecurityCategory.findPreference(PREF_KEY_NATIVE_DEBUG));
++        }
++    }
++
++    @Override
++    public void onResume() {
++        updatePreferenceState();
++        if (mNativeDebug != null) {
++                boolean mode = mNativeDebug.isChecked();
++                SystemProperties.set(SYS_KEY_NATIVE_DEBUG, Boolean.toString(mode));
++        }
++    }
++
++    @Override
++    public boolean onPreferenceChange(Preference preference, Object value) {
++        final String key = preference.getKey();
++        if (PREF_KEY_NATIVE_DEBUG.equals(key)) {
++            final boolean mode = !mNativeDebug.isChecked();
++            SystemProperties.set(SYS_KEY_NATIVE_DEBUG, Boolean.toString(mode));
++        }
++        return true;
++    }
++}
+diff --git a/src/com/android/settings/security/SecuritySettings.java b/src/com/android/settings/security/SecuritySettings.java
+index defbdc2e68..89f5176121 100644
+--- a/src/com/android/settings/security/SecuritySettings.java
++++ b/src/com/android/settings/security/SecuritySettings.java
+@@ -129,6 +129,7 @@ public class SecuritySettings extends DashboardFragment {
+         securityPreferenceControllers.add(new LockScreenPreferenceController(context, lifecycle));
+         securityPreferenceControllers.add(new ChangeScreenLockPreferenceController(context, host));
+         securityPreferenceControllers.add(new AutoRebootPreferenceController(context));
++        securityPreferenceControllers.add(new NativeDebugPreferenceController(context));
+         controllers.add(new PreferenceCategoryController(context, SECURITY_CATEGORY)
+                 .setChildren(securityPreferenceControllers));
+         controllers.addAll(securityPreferenceControllers);

Patches/LineageOS-16.0/android_packages_apps_Settings/0009-exec_spawning_toggle.patch

@@ -0,0 +1,166 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Sat, 26 Mar 2022 20:35:37 -0400
+Subject: [PATCH] add exec spawning toggle
+
+---
+ res/values/strings.xml                        |   3 +
+ res/xml/security_dashboard_settings.xml       |   6 +
+ .../ExecSpawnPreferenceController.java        | 106 ++++++++++++++++++
+ .../settings/security/SecuritySettings.java   |   1 +
+ 4 files changed, 116 insertions(+)
+ create mode 100644 src/com/android/settings/security/ExecSpawnPreferenceController.java
+
+diff --git a/res/values/strings.xml b/res/values/strings.xml
+index 05a253e170..d87bce5878 100644
+--- a/res/values/strings.xml
++++ b/res/values/strings.xml
+@@ -10149,4 +10149,7 @@
+ 
+     <string name="native_debug_title">Enable native code debugging</string>
+     <string name="native_debug_summary">Generate useful logs / bug reports from crashes and permit debugging native code.</string>
++
++    <string name="exec_spawn_title">Enable secure app spawning</string>
++    <string name="exec_spawn_summary">Launch apps in a more secure way than Android which takes slightly longer and increases memory usage by app processes.</string>
+ </resources>
+diff --git a/res/xml/security_dashboard_settings.xml b/res/xml/security_dashboard_settings.xml
+index 0e8f0f511a..dc0ead6148 100644
+--- a/res/xml/security_dashboard_settings.xml
++++ b/res/xml/security_dashboard_settings.xml
+@@ -64,6 +64,12 @@
+             android:entries="@array/auto_reboot_entries"
+             android:entryValues="@array/auto_reboot_values" />
+ 
++        <SwitchPreference
++            android:key="exec_spawn"
++            android:title="@string/exec_spawn_title"
++            android:summary="@string/exec_spawn_summary"
++            android:persistent="false" />
++
+         <SwitchPreference
+             android:key="native_debug"
+             android:title="@string/native_debug_title"
+diff --git a/src/com/android/settings/security/ExecSpawnPreferenceController.java b/src/com/android/settings/security/ExecSpawnPreferenceController.java
+new file mode 100644
+index 0000000000..98cc3c29e1
+--- /dev/null
++++ b/src/com/android/settings/security/ExecSpawnPreferenceController.java
+@@ -0,0 +1,106 @@
++/*
++ * Copyright (C) 2022 The Android Open Source Project
++ *
++ * Licensed under the Apache License, Version 2.0 (the "License");
++ * you may not use this file except in compliance with the License.
++ * You may obtain a copy of the License at
++ *
++ *      http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License
++ */
++
++package com.android.settings.security;
++
++import android.content.Context;
++
++import android.os.UserHandle;
++import android.os.UserManager;
++import android.os.SystemProperties;
++
++import android.provider.Settings;
++
++import androidx.preference.Preference;
++import androidx.preference.PreferenceCategory;
++import androidx.preference.PreferenceGroup;
++import androidx.preference.PreferenceScreen;
++import androidx.preference.TwoStatePreference;
++import androidx.preference.SwitchPreference;
++
++import com.android.internal.widget.LockPatternUtils;
++import com.android.settings.core.PreferenceControllerMixin;
++import com.android.settingslib.core.AbstractPreferenceController;
++import com.android.settingslib.core.lifecycle.events.OnResume;
++
++public class ExecSpawnPreferenceController extends AbstractPreferenceController
++        implements PreferenceControllerMixin, OnResume, Preference.OnPreferenceChangeListener {
++
++    private static final String SYS_KEY_EXEC_SPAWN = "persist.security.exec_spawn_new";
++    private static final String PREF_KEY_EXEC_SPAWN = "exec_spawn";
++    private static final String PREF_KEY_SECURITY_CATEGORY = "security_category";
++
++    private PreferenceCategory mSecurityCategory;
++    private SwitchPreference mExecSpawn;
++    private boolean mIsAdmin;
++    private UserManager mUm;
++
++    public ExecSpawnPreferenceController(Context context) {
++        super(context);
++        mUm = UserManager.get(context);
++    }
++
++    @Override
++    public void displayPreference(PreferenceScreen screen) {
++        super.displayPreference(screen);
++        mSecurityCategory = screen.findPreference(PREF_KEY_SECURITY_CATEGORY);
++        updatePreferenceState();
++    }
++
++    @Override
++    public boolean isAvailable() {
++        mIsAdmin = mUm.isAdminUser();
++        return mIsAdmin;
++    }
++
++    @Override
++    public String getPreferenceKey() {
++        return PREF_KEY_EXEC_SPAWN;
++    }
++
++    // TODO: should we use onCreatePreferences() instead?
++    private void updatePreferenceState() {
++        if (mSecurityCategory == null) {
++            return;
++        }
++
++        if (mIsAdmin) {
++            mExecSpawn = (SwitchPreference) mSecurityCategory.findPreference(PREF_KEY_EXEC_SPAWN);
++            mExecSpawn.setChecked(SystemProperties.getBoolean(SYS_KEY_EXEC_SPAWN, false));
++        } else {
++            mSecurityCategory.removePreference(mSecurityCategory.findPreference(PREF_KEY_EXEC_SPAWN));
++        }
++    }
++
++    @Override
++    public void onResume() {
++        updatePreferenceState();
++        if (mExecSpawn != null) {
++                boolean mode = mExecSpawn.isChecked();
++                SystemProperties.set(SYS_KEY_EXEC_SPAWN, Boolean.toString(mode));
++        }
++    }
++
++    @Override
++    public boolean onPreferenceChange(Preference preference, Object value) {
++        final String key = preference.getKey();
++        if (PREF_KEY_EXEC_SPAWN.equals(key)) {
++            final boolean mode = !mExecSpawn.isChecked();
++            SystemProperties.set(SYS_KEY_EXEC_SPAWN, Boolean.toString(mode));
++        }
++        return true;
++    }
++}
+diff --git a/src/com/android/settings/security/SecuritySettings.java b/src/com/android/settings/security/SecuritySettings.java
+index 89f5176121..b358dcb69e 100644
+--- a/src/com/android/settings/security/SecuritySettings.java
++++ b/src/com/android/settings/security/SecuritySettings.java
+@@ -129,6 +129,7 @@ public class SecuritySettings extends DashboardFragment {
+         securityPreferenceControllers.add(new LockScreenPreferenceController(context, lifecycle));
+         securityPreferenceControllers.add(new ChangeScreenLockPreferenceController(context, host));
+         securityPreferenceControllers.add(new AutoRebootPreferenceController(context));
++        securityPreferenceControllers.add(new ExecSpawnPreferenceController(context));
+         securityPreferenceControllers.add(new NativeDebugPreferenceController(context));
+         controllers.add(new PreferenceCategoryController(context, SECURITY_CATEGORY)
+                 .setChildren(securityPreferenceControllers));

Patches/LineageOS-16.0/android_packages_apps_Settings/0012-hosts_toggle.patch

@@ -0,0 +1,170 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Tad <tad@spotco.us>
+Date: Wed, 20 Apr 2022 01:04:27 -0400
+Subject: [PATCH] Add a toggle to disable /etc/hosts lookup
+
+Copy and pasted from the GrapheneOS exec spawning toggle patch
+
+Signed-off-by: Tad <tad@spotco.us>
+Change-Id: Ic01a142722372d9d57f52947025cd9db23e58ef4
+---
+ res/values/strings.xml                        |   3 +
+ res/xml/security_dashboard_settings.xml       |   6 +
+ .../security/HostsPreferenceController.java   | 106 ++++++++++++++++++
+ .../settings/security/SecuritySettings.java   |   1 +
+ 4 files changed, 116 insertions(+)
+ create mode 100644 src/com/android/settings/security/HostsPreferenceController.java
+
+diff --git a/res/values/strings.xml b/res/values/strings.xml
+index d87bce5878..56f80e99c1 100644
+--- a/res/values/strings.xml
++++ b/res/values/strings.xml
+@@ -10152,4 +10152,7 @@
+ 
+     <string name="exec_spawn_title">Enable secure app spawning</string>
+     <string name="exec_spawn_summary">Launch apps in a more secure way than Android which takes slightly longer and increases memory usage by app processes.</string>
++
++    <string name="hosts_disable_title">Disable DNS content blocker</string>
++    <string name="hosts_disable_summary">Disables use of the included /etc/hosts database for data collection and malware blocking.</string>
+ </resources>
+diff --git a/res/xml/security_dashboard_settings.xml b/res/xml/security_dashboard_settings.xml
+index dc0ead6148..b7e7ff6d88 100644
+--- a/res/xml/security_dashboard_settings.xml
++++ b/res/xml/security_dashboard_settings.xml
+@@ -75,6 +75,12 @@
+             android:title="@string/native_debug_title"
+             android:summary="@string/native_debug_summary"
+             android:persistent="false" />
++
++        <SwitchPreference
++            android:key="hosts_disable"
++            android:title="@string/hosts_disable_title"
++            android:summary="@string/hosts_disable_summary"
++            android:persistent="false" />
+     </PreferenceCategory>
+ 
+     <!-- work profile security section -->
+diff --git a/src/com/android/settings/security/HostsPreferenceController.java b/src/com/android/settings/security/HostsPreferenceController.java
+new file mode 100644
+index 0000000000..d8af6d2649
+--- /dev/null
++++ b/src/com/android/settings/security/HostsPreferenceController.java
+@@ -0,0 +1,106 @@
++/*
++ * Copyright (C) 2022 The Android Open Source Project
++ *
++ * Licensed under the Apache License, Version 2.0 (the "License");
++ * you may not use this file except in compliance with the License.
++ * You may obtain a copy of the License at
++ *
++ *      http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License
++ */
++
++package com.android.settings.security;
++
++import android.content.Context;
++
++import android.os.UserHandle;
++import android.os.UserManager;
++import android.os.SystemProperties;
++
++import android.provider.Settings;
++
++import androidx.preference.Preference;
++import androidx.preference.PreferenceCategory;
++import androidx.preference.PreferenceGroup;
++import androidx.preference.PreferenceScreen;
++import androidx.preference.TwoStatePreference;
++import androidx.preference.SwitchPreference;
++
++import com.android.internal.widget.LockPatternUtils;
++import com.android.settings.core.PreferenceControllerMixin;
++import com.android.settingslib.core.AbstractPreferenceController;
++import com.android.settingslib.core.lifecycle.events.OnResume;
++
++public class HostsPreferenceController extends AbstractPreferenceController
++        implements PreferenceControllerMixin, OnResume, Preference.OnPreferenceChangeListener {
++
++    private static final String SYS_KEY_HOSTS_DISABLE = "persist.security.hosts_disable";
++    private static final String PREF_KEY_HOSTS_DISABLE = "hosts_disable";
++    private static final String PREF_KEY_SECURITY_CATEGORY = "security_category";
++
++    private PreferenceCategory mSecurityCategory;
++    private SwitchPreference mHostsDisable;
++    private boolean mIsAdmin;
++    private UserManager mUm;
++
++    public HostsPreferenceController(Context context) {
++        super(context);
++        mUm = UserManager.get(context);
++    }
++
++    @Override
++    public void displayPreference(PreferenceScreen screen) {
++        super.displayPreference(screen);
++        mSecurityCategory = screen.findPreference(PREF_KEY_SECURITY_CATEGORY);
++        updatePreferenceState();
++    }
++
++    @Override
++    public boolean isAvailable() {
++        mIsAdmin = mUm.isAdminUser();
++        return mIsAdmin;
++    }
++
++    @Override
++    public String getPreferenceKey() {
++        return PREF_KEY_HOSTS_DISABLE;
++    }
++
++    // TODO: should we use onCreatePreferences() instead?
++    private void updatePreferenceState() {
++        if (mSecurityCategory == null) {
++            return;
++        }
++
++        if (mIsAdmin) {
++            mHostsDisable = (SwitchPreference) mSecurityCategory.findPreference(PREF_KEY_HOSTS_DISABLE);
++            mHostsDisable.setChecked(SystemProperties.getInt(SYS_KEY_HOSTS_DISABLE, 0) == 1);
++        } else {
++            mSecurityCategory.removePreference(mSecurityCategory.findPreference(PREF_KEY_HOSTS_DISABLE));
++        }
++    }
++
++    @Override
++    public void onResume() {
++        updatePreferenceState();
++        if (mHostsDisable != null) {
++                boolean mode = mHostsDisable.isChecked();
++                SystemProperties.set(SYS_KEY_HOSTS_DISABLE, mode ? "1" : "0");
++        }
++    }
++
++    @Override
++    public boolean onPreferenceChange(Preference preference, Object value) {
++        final String key = preference.getKey();
++        if (PREF_KEY_HOSTS_DISABLE.equals(key)) {
++            final boolean mode = !mHostsDisable.isChecked();
++            SystemProperties.set(SYS_KEY_HOSTS_DISABLE, mode ? "1" : "0");
++        }
++        return true;
++    }
++}
+diff --git a/src/com/android/settings/security/SecuritySettings.java b/src/com/android/settings/security/SecuritySettings.java
+index b358dcb69e..60ea0d1e87 100644
+--- a/src/com/android/settings/security/SecuritySettings.java
++++ b/src/com/android/settings/security/SecuritySettings.java
+@@ -131,6 +131,7 @@ public class SecuritySettings extends DashboardFragment {
+         securityPreferenceControllers.add(new AutoRebootPreferenceController(context));
+         securityPreferenceControllers.add(new ExecSpawnPreferenceController(context));
+         securityPreferenceControllers.add(new NativeDebugPreferenceController(context));
++        securityPreferenceControllers.add(new HostsPreferenceController(context));
+         controllers.add(new PreferenceCategoryController(context, SECURITY_CATEGORY)
+                 .setChildren(securityPreferenceControllers));
+         controllers.addAll(securityPreferenceControllers);

Patches/LineageOS-16.0/android_packages_apps_Settings/0014-microG_Toggle.patch

@@ -9,32 +9,33 @@ Change-Id: Ibea6ea9bed1c2ae3491f403d9e5c17c1d1c403f1
 Signed-off-by: Tad <tad@spotco.us>
 ---
  res/values/strings.xml                        |   3 +
- res/xml/security_dashboard_settings.xml       |   7 +-
+ res/xml/security_dashboard_settings.xml       |   6 +
  .../settings/security/SecuritySettings.java   |   1 +
  .../SigSpoofPreferenceController.java         | 106 ++++++++++++++++++
- 4 files changed, 116 insertions(+), 1 deletion(-)
+ 4 files changed, 116 insertions(+)
  create mode 100644 src/com/android/settings/security/SigSpoofPreferenceController.java
 
 diff --git a/res/values/strings.xml b/res/values/strings.xml
-index 9f78d9b654..c5d856095e 100644
+index 56f80e99c1..7c42eb79c9 100644
 --- a/res/values/strings.xml
 +++ b/res/values/strings.xml
-@@ -10124,4 +10124,7 @@
-     <string name="bluetooth_connect_access_dialog_negative">Don\u2019t connect</string>
-     <!-- Strings for Dialog connect button -->
-     <string name="bluetooth_connect_access_dialog_positive">Connect</string>
+@@ -10155,4 +10155,7 @@
+ 
+     <string name="hosts_disable_title">Disable DNS content blocker</string>
+     <string name="hosts_disable_summary">Disables use of the included /etc/hosts database for data collection and malware blocking.</string>
 +
 +    <string name="sig_spoof_title">Unprivileged microG enablement</string>
 +    <string name="sig_spoof_summary">Allows official builds of microG apps to function. Not supported, not recommended. May break apps and/or degrade their security model. Notes: 1) microG connects directly to Google, 2) apps talking to microG do so using proprietary Google libraries, 3) microG can download/execute proprietary code from Google.</string>
  </resources>
 diff --git a/res/xml/security_dashboard_settings.xml b/res/xml/security_dashboard_settings.xml
-index 591d8a7c21..0a861e9b90 100644
+index b7e7ff6d88..b146bc9b63 100644
 --- a/res/xml/security_dashboard_settings.xml
 +++ b/res/xml/security_dashboard_settings.xml
-@@ -56,6 +56,11 @@
-             android:summary="@string/summary_placeholder"
-             settings:keywords="@string/keywords_fingerprint_settings"/>
- 
+@@ -81,6 +81,12 @@
+             android:title="@string/hosts_disable_title"
+             android:summary="@string/hosts_disable_summary"
+             android:persistent="false" />
++
 +        <SwitchPreference
 +            android:key="sig_spoof"
 +            android:title="@string/sig_spoof_title"
@@ -43,21 +44,14 @@ index 591d8a7c21..0a861e9b90 100644
      </PreferenceCategory>
  
      <!-- work profile security section -->
-@@ -165,4 +170,4 @@
-         android:summary="@string/summary_placeholder"
-         android:fragment="com.android.settings.security.ScreenPinningSettings" />
- 
--</PreferenceScreen>
-\ No newline at end of file
-+</PreferenceScreen>
 diff --git a/src/com/android/settings/security/SecuritySettings.java b/src/com/android/settings/security/SecuritySettings.java
-index 0839450a93..34d248ccdf 100644
+index 60ea0d1e87..d3918919b1 100644
 --- a/src/com/android/settings/security/SecuritySettings.java
 +++ b/src/com/android/settings/security/SecuritySettings.java
-@@ -128,6 +128,7 @@ public class SecuritySettings extends DashboardFragment {
-         securityPreferenceControllers.add(new FingerprintStatusPreferenceController(context));
-         securityPreferenceControllers.add(new LockScreenPreferenceController(context, lifecycle));
-         securityPreferenceControllers.add(new ChangeScreenLockPreferenceController(context, host));
+@@ -132,6 +132,7 @@ public class SecuritySettings extends DashboardFragment {
+         securityPreferenceControllers.add(new ExecSpawnPreferenceController(context));
+         securityPreferenceControllers.add(new NativeDebugPreferenceController(context));
+         securityPreferenceControllers.add(new HostsPreferenceController(context));
 +        securityPreferenceControllers.add(new SigSpoofPreferenceController(context));
          controllers.add(new PreferenceCategoryController(context, SECURITY_CATEGORY)
                  .setChildren(securityPreferenceControllers));

Patches/LineageOS-16.0/android_system_core/0004-ptrace_scope.patch

@@ -8,10 +8,10 @@ Subject: [PATCH] add a property for controlling ptrace_scope
  1 file changed, 6 insertions(+)
 
 diff --git a/rootdir/init.rc b/rootdir/init.rc
-index 4a8a60a96..e0bead37b 100644
+index eca5a9f9c..50576e056 100644
 --- a/rootdir/init.rc
 +++ b/rootdir/init.rc
-@@ -724,6 +724,12 @@ on property:sys.sysctl.extra_free_kbytes=*
+@@ -737,6 +737,12 @@ on property:sys.sysctl.extra_free_kbytes=*
  on property:sys.sysctl.tcp_def_init_rwnd=*
      write /proc/sys/net/ipv4/tcp_default_init_rwnd ${sys.sysctl.tcp_def_init_rwnd}
  

Scripts/LineageOS-16.0/Patch.sh

@@ -78,6 +78,7 @@ applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-9.patch";
 #applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-14.patch"; #Use a better pthread_attr junk filling pattern (GrapheneOS)
 #applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-15.patch"; #Move pthread_internal_t out of the stack mapping (GrapheneOS)
 fi;
+#applyPatch "$DOS_PATCHES/android_bionic/0004-hosts_toggle.patch"; #Add a toggle to disable /etc/hosts lookup (DivestOS)
 fi;
 
 if enterAndClear "bootable/recovery"; then
@@ -186,7 +187,10 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Special_Permissions.patch"
 applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-1.patch"; #Make INTERNET into a special runtime permission (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-2.patch"; #Add a NETWORK permission group for INTERNET (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Sensors_Permission.patch"; #Add special runtime permission for other sensors (GrapheneOS)
+#applyPatch "$DOS_PATCHES/android_frameworks_base/0015-Automatic_Reboot.patch"; #Timeout for reboot (GrapheneOS)
+#applyPatch "$DOS_PATCHES/android_frameworks_base/0016-Bluetooth_Timeout.patch"; #Timeout for Bluetooth (GrapheneOS)
 if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0014-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS)
+#if [ "$DOS_MICROG_SUPPORT" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0021-Unprivileged_microG_Handling.patch"; fi; #Unprivileged microG handling (heavily based off of a CalyxOS patch)
 applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0008-No_Crash_GSF.patch"; #Don't crash apps that depend on missing Gservices provider (GrapheneOS)
 sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox internal logging service
 sed -i 's/DEFAULT_MAX_FILES_LOWRAM = 300;/DEFAULT_MAX_FILES_LOWRAM = 0;/' services/core/java/com/android/server/DropBoxManagerService.java;
@@ -306,6 +310,12 @@ if enterAndClear "packages/apps/Settings"; then
 git revert --no-edit c240992b4c86c7f226290807a2f41f2619e7e5e8; #Don't hide OEM unlock
 applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969)
 #applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0004-Private_DNS.patch"; #More 'Private DNS' options (heavily based off of a CalyxOS patch) #TODO: Needs work
+#applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0005-Automatic_Reboot.patch"; #Timeout for reboot (GrapheneOS)
+#applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0006-Bluetooth_Timeout.patch"; #Timeout for Bluetooth (CalyxOS)
+#applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0008-ptrace_scope.patch"; #Add native debugging setting (GrapheneOS)
+#if [ "$DOS_GRAPHENE_EXEC" = true ]; then applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0009-exec_spawning_toggle.patch"; fi; #Add exec spawning toggle (GrapheneOS)
+#applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0012-hosts_toggle.patch"; #Add a toggle to disable /etc/hosts lookup (heavily based off of a GrapheneOS patch)
+#if [ "$DOS_MICROG_SUPPORT" = true ]; then applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0014-microG_Toggle.patch"; fi; #Add a toggle for microG enablement (heavily based off of a GrapheneOS patch)
 sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 64;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase default max password length to 64 (GrapheneOS)
 sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service
 fi;