mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-06-26 14:42:13 +00:00
Many changes
- Add more DNS resolver choices - Change default DNS resolver back to OpenNIC - More cleanup - 15.1: Update some CVE patchers
This commit is contained in:
Tad
parent
ffabfb3616
commit
c9e17ffb52
|
|
@ -139,10 +139,6 @@
|
|||
<project path="device/motorola/victara" name="LineageOS/android_device_motorola_victara" remote="github" />
|
||||
<project path="kernel/motorola/msm8974" name="LineageOS/android_kernel_motorola_msm8974" remote="github" />
|
||||
|
||||
<!-- Moto X Pure Edition (clark) -->
|
||||
<project path="device/motorola/clark" name="HashBang173/android_device_motorola_clark" remote="github" />
|
||||
<project path="kernel/motorola/msm8992" name="HashBang173/android_kernel_motorola_msm8992" remote="github" />
|
||||
|
||||
<!-- Moto Z (griffin) -->
|
||||
<project path="device/motorola/griffin" name="LineageOS/android_device_motorola_griffin" remote="github" />
|
||||
<project path="kernel/motorola/msm8996" name="LineageOS/android_kernel_motorola_msm8996" remote="github" />
|
||||
|
|
|
|||
|
|
@ -276,7 +276,6 @@ getDefconfig() {
|
|||
defconfigPath="arch/arm/configs/*defconfig arch/arm64/configs/*defconfig";
|
||||
fi;
|
||||
echo $defconfigPath;
|
||||
#echo "Found defconfig at $defconfigPath"
|
||||
}
|
||||
export -f getDefconfig;
|
||||
|
||||
|
|
@ -286,7 +285,12 @@ changeDefaultDNS() {
|
|||
dnsSecondary="";
|
||||
dnsSecondaryV6="";
|
||||
if [ -z "$DNS_PRESET" ]; then
|
||||
if [[ "$DOS_DEFAULT_DNS_PRESET" == "Cloudflare" ]]; then #https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/privacy-policy/
|
||||
if [[ "$DOS_DEFAULT_DNS_PRESET" == "CensurfriDNS" ]]; then #https://uncensoreddns.org
|
||||
dnsPrimary="91.239.100.100";
|
||||
dnsPrimaryV6="2001:67c:28a4::";
|
||||
dnsSecondary="89.233.43.71";
|
||||
dnsSecondaryV6="2a01:3a0:53:53::";
|
||||
elif [[ "$DOS_DEFAULT_DNS_PRESET" == "Cloudflare" ]]; then #https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/privacy-policy
|
||||
dnsPrimary="1.0.0.1";
|
||||
dnsPrimaryV6="2606:4700:4700::1001";
|
||||
dnsSecondary="1.1.1.1";
|
||||
|
|
@ -306,17 +310,27 @@ changeDefaultDNS() {
|
|||
dnsPrimaryV6="2001:4860:4860::8888";
|
||||
dnsSecondary="8.8.4.4";
|
||||
dnsSecondaryV6="2001:4860:4860::8844";
|
||||
elif [[ "$DOS_DEFAULT_DNS_PRESET" == "Neustar" ]]; then #https://www.security.neustar/digital-performance/dns-services/recursive-dns
|
||||
dnsPrimary="156.154.70.2";
|
||||
dnsPrimaryV6="2610:a1:1018::2";
|
||||
dnsSecondary="156.154.71.2";
|
||||
dnsSecondaryV6="2610:a1:1019::2";
|
||||
elif [[ "$DOS_DEFAULT_DNS_PRESET" == "Neustar-NOBL" ]]; then #https://www.security.neustar/digital-performance/dns-services/recursive-dns
|
||||
dnsPrimary="156.154.70.5";
|
||||
dnsPrimaryV6="2610:a1:1018::5";
|
||||
dnsSecondary="156.154.71.5";
|
||||
dnsSecondaryV6="2610:a1:1019::5";
|
||||
elif [[ "$DOS_DEFAULT_DNS_PRESET" == "OpenDNS" ]]; then #https://www.cisco.com/c/en/us/about/legal/privacy-full.html
|
||||
dnsPrimary="208.67.222.222";
|
||||
dnsPrimaryV6="2620:0:ccc::2";
|
||||
dnsSecondary="208.67.220.220";
|
||||
dnsSecondaryV6="2620:0:ccd::2";
|
||||
elif [[ "$DOS_DEFAULT_DNS_PRESET" == "Quad9" ]]; then #https://www.quad9.net/privacy/
|
||||
elif [[ "$DOS_DEFAULT_DNS_PRESET" == "Quad9" ]]; then #https://www.quad9.net/privacy
|
||||
dnsPrimary="9.9.9.9";
|
||||
dnsPrimaryV6="2620:fe::fe";
|
||||
dnsSecondary="149.112.112.112";
|
||||
dnsSecondaryV6="2620:fe::9";
|
||||
elif [[ "$DOS_DEFAULT_DNS_PRESET" == "Quad9U" ]]; then #https://www.quad9.net/privacy/
|
||||
elif [[ "$DOS_DEFAULT_DNS_PRESET" == "Quad9-NOBL" ]]; then #https://www.quad9.net/privacy
|
||||
dnsPrimary="9.9.9.10";
|
||||
dnsPrimaryV6="2620:fe::10";
|
||||
dnsSecondary="149.112.112.10";
|
||||
|
|
@ -326,6 +340,16 @@ changeDefaultDNS() {
|
|||
dnsPrimaryV6="2620:74:1b::1:1";
|
||||
dnsSecondary="64.6.65.6";
|
||||
dnsSecondaryV6="2620:74:1c::2:2";
|
||||
elif [[ "$DOS_DEFAULT_DNS_PRESET" == "Yandex" ]]; then #https://dns.yandex.com/advanced
|
||||
dnsPrimary="77.88.8.88";
|
||||
dnsPrimaryV6="2a02:6b8::feed:bad";
|
||||
dnsSecondary="77.88.8.2";
|
||||
dnsSecondaryV6="2a02:6b8:0:1::feed:bad";
|
||||
elif [[ "$DOS_DEFAULT_DNS_PRESET" == "Yandex-NOBL" ]]; then #https://dns.yandex.com/advanced
|
||||
dnsPrimary="77.88.8.8";
|
||||
dnsPrimaryV6="2a02:6b8::feed:0ff";
|
||||
dnsSecondary="77.88.8.1";
|
||||
dnsSecondaryV6="2a02:6b8:0:1::feed:0ff";
|
||||
fi;
|
||||
else
|
||||
echo "You must first set a preset via the DEFAULT_DNS_PRESET variable in init.sh!";
|
||||
|
|
|
|||
|
|
@ -96,7 +96,6 @@ patchWorkspace() {
|
|||
if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/cm"; fi;
|
||||
source build/envsetup.sh;
|
||||
repopick -it n_asb_09-2018-qcom;
|
||||
repopick 239016; #update webview
|
||||
repopick -it n-asb-2019-2;
|
||||
|
||||
source "$DOS_SCRIPTS/Patch.sh";
|
||||
|
|
|
|||
|
|
@ -223,7 +223,7 @@ sed -i "s/TZ.BF.2.0-2.0.0134/TZ.BF.2.0-2.0.0134|TZ.BF.2.0-2.0.0137/" board-info.
|
|||
enterAndClear "device/samsung/tuna";
|
||||
rm setup-makefiles.sh; #broken, deblobber will still function
|
||||
sed -i 's/arm-eabi-4.7/arm-eabi-4.8/' BoardConfig.mk; #fix toolchain
|
||||
#See: https://review.lineageos.org/q/topic:%22tuna-sepolicies and https://gerrit.nailyk.fr/#/q/project:android_device_samsung_tuna+branch:cm-14.1
|
||||
#See: https://review.lineageos.org/q/topic:%22tuna-sepolicies
|
||||
patch -p1 < "$DOS_PATCHES/android_device_samsung_tuna/0001-fix_denial.patch";
|
||||
patch -p1 < "$DOS_PATCHES/android_device_samsung_tuna/0002-fix_denial.patch";
|
||||
patch -p1 < "$DOS_PATCHES/android_device_samsung_tuna/0003-fix_denial.patch";
|
||||
|
|
@ -231,7 +231,6 @@ patch -p1 < "$DOS_PATCHES/android_device_samsung_tuna/0004-fix_denial.patch";
|
|||
echo "allow rild system_file:file execmod;" >> sepolicy/rild.te;
|
||||
echo "allow rild toolbox_exec:file getattr;" >> sepolicy/rild.te;
|
||||
|
||||
|
||||
enter "vendor/google";
|
||||
echo "" > atv/atv-common.mk;
|
||||
|
||||
|
|
|
|||
|
|
@ -21,10 +21,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0001.patch
|
|||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0005.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7487/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10879/3.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10879/3.4/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10880/3.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10882/3.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10883/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11832/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-14634/ANY/0001.patch
|
||||
|
|
@ -32,5 +28,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9439/ANY/0002.patch
|
|||
git apply $DOS_PATCHES_LINUX_CVES/Untracked-01/ANY/0008-nfsd-check-for-oversized-NFSv2-v3-arguments.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/kernel.msm.git-9f34c6ebc016cd061ae5ec901221d15fa3d67e49.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
|
||||
editKernelLocalversion "-dos.p32"
|
||||
editKernelLocalversion "-dos.p28"
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
|
|
|||
|
|
@ -1,77 +0,0 @@
|
|||
#!/bin/bash
|
||||
cd "$DOS_BUILD_BASE""kernel/samsung/jf"
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0003-syskaller-Misc/ANY/0008.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0003-syskaller-Misc/ANY/0009.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0005-Copperhead-Deny_USB/3.4/3.4-Backport.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.4/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-0801/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-10233/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2185/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2186/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2475/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3854/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3857/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3865/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3894/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6672/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6791/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-7117/^4.5/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8404/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0430/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0524/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0573/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0648/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0706/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0710/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0751/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0786/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0791/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000111/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000380/^4.11/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11015/prima/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11015/prima/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11089/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11090/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11473/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-12153/3.2-^3.16/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13080/ANY/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13215/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13246/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13292/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13305/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15265/^4.14/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16525/^4.13/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16526/^4.13/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16532/^4.13/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16533/^4.13/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16535/^4.13/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16537/^4.13/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16650/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0005.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17558/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17806/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7487/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8254/3.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8254/3.4/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-1068/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10879/3.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10879/3.4/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10880/3.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10882/3.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10883/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11832/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9389/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9416/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9439/ANY/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9516/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/Untracked-01/ANY/0008-nfsd-check-for-oversized-NFSv2-v3-arguments.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/797912_0001-usb-gadget-Fix-synchronization-issue-between-f_audio.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/870057_0001-wcnss-add-null-check-in-pm_ops-unregister.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2475/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
|
||||
editKernelLocalversion "-dos.p73"
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
|
@ -85,7 +85,6 @@ patchWorkspace() {
|
|||
repopick 239013; #update webview
|
||||
repopick -it O_asb_2019-02;
|
||||
|
||||
|
||||
source "$DOS_SCRIPTS/Patch.sh";
|
||||
source "$DOS_SCRIPTS/Defaults.sh";
|
||||
source "$DOS_SCRIPTS/Rebrand.sh";
|
||||
|
|
|
|||
|
|
@ -184,10 +184,10 @@ enterAndClear "device/lge/g2-common";
|
|||
sed -i '3itypeattribute hwaddrs misc_block_device_exception;' sepolicy/hwaddrs.te;
|
||||
|
||||
enterAndClear "device/lge/g3-common";
|
||||
git revert 8ce6724ed9649bf00283691acbf497e4f740fe06 65968c3809d7ce421df5318ab1d52bae1190e3fa cb31af784935469a4b7b67783cd24a5a800b51d8 37d6fbd036171068eb15d7855a2c8aaa5e731eb6; #g3-oreo, no /vendor
|
||||
sed -i '3itypeattribute hwaddrs misc_block_device_exception;' sepolicy/hwaddrs.te;
|
||||
sed -i '1itypeattribute wcnss_service misc_block_device_exception;' sepolicy/wcnss_service.te;
|
||||
echo "/dev/block/platform/msm_sdcc\.1/by-name/pad u:object_r:misc_block_device:s0" >> sepolicy/file_contexts; #fix uncrypt denial
|
||||
sed -i 's/qcrilmsgtunnel.apk/qcrilmsgtunnel.apk:vendor/priv-app/qcrilmsgtunnel/qcrilmsgtunnel.apk' proprietary-files.txt; #Fix vendor Android.mk path for qcrilmsgtunnel.apk
|
||||
|
||||
enterAndClear "device/lge/msm8996-common";
|
||||
sed -i '3itypeattribute hwaddrs misc_block_device_exception;' sepolicy/hwaddrs.te;
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ export DOS_DEBLOBBER_REMOVE_IMS=false; #Set true to remove all IMS blobs XXX: Wi
|
|||
export DOS_DEBLOBBER_REMOVE_IPA=false; #Set true to remove all IPA blobs
|
||||
export DOS_DEBLOBBER_REMOVE_IR=false; #Set true to remove all IR blobs
|
||||
export DOS_DEBLOBBER_REPLACE_TIME=false; #Set true to replace Qualcomm Time Services with the open source Sony TimeKeep reimplementation #TODO: Needs work
|
||||
export DOS_DEFAULT_DNS_PRESET="Cloudflare"; #Sets default DNS. Options: Cloudflare, OpenNIC, DNSWATCH, Google, OpenDNS, Quad9, Quad9U, Verisign
|
||||
export DOS_DEFAULT_DNS_PRESET="OpenNIC"; #Sets default DNS. Options: CensurfriDNS, Cloudflare, OpenNIC, DNSWATCH, Google, Neustar(-NOBL), OpenDNS, Quad9(-NOBL), Verisign, Yandex(-NOBL)
|
||||
export DOS_GPS_SUPL_HOST="supl.google.com"; #Options: supl.{google,vodafone,sonyericsson}.com
|
||||
export DOS_GPS_NTP_SERVER="1.android.pool.ntp.org"; #Options: Any NTP pool
|
||||
export DOS_GPS_GLONASS_FORCED=true; #Enables GLONASS on all devices
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user