diff --git a/Manifests/Manifest_LAOS-15.1.xml b/Manifests/Manifest_LAOS-15.1.xml
index 26471596..e0c49984 100644
--- a/Manifests/Manifest_LAOS-15.1.xml
+++ b/Manifests/Manifest_LAOS-15.1.xml
@@ -139,10 +139,6 @@
-
-
-
-
diff --git a/Scripts/Common/Functions.sh b/Scripts/Common/Functions.sh
index 79df5003..a5399490 100644
--- a/Scripts/Common/Functions.sh
+++ b/Scripts/Common/Functions.sh
@@ -276,7 +276,6 @@ getDefconfig() {
defconfigPath="arch/arm/configs/*defconfig arch/arm64/configs/*defconfig";
fi;
echo $defconfigPath;
- #echo "Found defconfig at $defconfigPath"
}
export -f getDefconfig;
@@ -286,7 +285,12 @@ changeDefaultDNS() {
dnsSecondary="";
dnsSecondaryV6="";
if [ -z "$DNS_PRESET" ]; then
- if [[ "$DOS_DEFAULT_DNS_PRESET" == "Cloudflare" ]]; then #https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/privacy-policy/
+ if [[ "$DOS_DEFAULT_DNS_PRESET" == "CensurfriDNS" ]]; then #https://uncensoreddns.org
+ dnsPrimary="91.239.100.100";
+ dnsPrimaryV6="2001:67c:28a4::";
+ dnsSecondary="89.233.43.71";
+ dnsSecondaryV6="2a01:3a0:53:53::";
+ elif [[ "$DOS_DEFAULT_DNS_PRESET" == "Cloudflare" ]]; then #https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/privacy-policy
dnsPrimary="1.0.0.1";
dnsPrimaryV6="2606:4700:4700::1001";
dnsSecondary="1.1.1.1";
@@ -306,17 +310,27 @@ changeDefaultDNS() {
dnsPrimaryV6="2001:4860:4860::8888";
dnsSecondary="8.8.4.4";
dnsSecondaryV6="2001:4860:4860::8844";
+ elif [[ "$DOS_DEFAULT_DNS_PRESET" == "Neustar" ]]; then #https://www.security.neustar/digital-performance/dns-services/recursive-dns
+ dnsPrimary="156.154.70.2";
+ dnsPrimaryV6="2610:a1:1018::2";
+ dnsSecondary="156.154.71.2";
+ dnsSecondaryV6="2610:a1:1019::2";
+ elif [[ "$DOS_DEFAULT_DNS_PRESET" == "Neustar-NOBL" ]]; then #https://www.security.neustar/digital-performance/dns-services/recursive-dns
+ dnsPrimary="156.154.70.5";
+ dnsPrimaryV6="2610:a1:1018::5";
+ dnsSecondary="156.154.71.5";
+ dnsSecondaryV6="2610:a1:1019::5";
elif [[ "$DOS_DEFAULT_DNS_PRESET" == "OpenDNS" ]]; then #https://www.cisco.com/c/en/us/about/legal/privacy-full.html
dnsPrimary="208.67.222.222";
dnsPrimaryV6="2620:0:ccc::2";
dnsSecondary="208.67.220.220";
dnsSecondaryV6="2620:0:ccd::2";
- elif [[ "$DOS_DEFAULT_DNS_PRESET" == "Quad9" ]]; then #https://www.quad9.net/privacy/
+ elif [[ "$DOS_DEFAULT_DNS_PRESET" == "Quad9" ]]; then #https://www.quad9.net/privacy
dnsPrimary="9.9.9.9";
dnsPrimaryV6="2620:fe::fe";
dnsSecondary="149.112.112.112";
dnsSecondaryV6="2620:fe::9";
- elif [[ "$DOS_DEFAULT_DNS_PRESET" == "Quad9U" ]]; then #https://www.quad9.net/privacy/
+ elif [[ "$DOS_DEFAULT_DNS_PRESET" == "Quad9-NOBL" ]]; then #https://www.quad9.net/privacy
dnsPrimary="9.9.9.10";
dnsPrimaryV6="2620:fe::10";
dnsSecondary="149.112.112.10";
@@ -326,6 +340,16 @@ changeDefaultDNS() {
dnsPrimaryV6="2620:74:1b::1:1";
dnsSecondary="64.6.65.6";
dnsSecondaryV6="2620:74:1c::2:2";
+ elif [[ "$DOS_DEFAULT_DNS_PRESET" == "Yandex" ]]; then #https://dns.yandex.com/advanced
+ dnsPrimary="77.88.8.88";
+ dnsPrimaryV6="2a02:6b8::feed:bad";
+ dnsSecondary="77.88.8.2";
+ dnsSecondaryV6="2a02:6b8:0:1::feed:bad";
+ elif [[ "$DOS_DEFAULT_DNS_PRESET" == "Yandex-NOBL" ]]; then #https://dns.yandex.com/advanced
+ dnsPrimary="77.88.8.8";
+ dnsPrimaryV6="2a02:6b8::feed:0ff";
+ dnsSecondary="77.88.8.1";
+ dnsSecondaryV6="2a02:6b8:0:1::feed:0ff";
fi;
else
echo "You must first set a preset via the DEFAULT_DNS_PRESET variable in init.sh!";
diff --git a/Scripts/LineageOS-14.1/Functions.sh b/Scripts/LineageOS-14.1/Functions.sh
index ed9f9ad2..aa6417d6 100644
--- a/Scripts/LineageOS-14.1/Functions.sh
+++ b/Scripts/LineageOS-14.1/Functions.sh
@@ -96,7 +96,6 @@ patchWorkspace() {
if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/cm"; fi;
source build/envsetup.sh;
repopick -it n_asb_09-2018-qcom;
- repopick 239016; #update webview
repopick -it n-asb-2019-2;
source "$DOS_SCRIPTS/Patch.sh";
diff --git a/Scripts/LineageOS-14.1/Patch.sh b/Scripts/LineageOS-14.1/Patch.sh
index 58811feb..bc7a6692 100644
--- a/Scripts/LineageOS-14.1/Patch.sh
+++ b/Scripts/LineageOS-14.1/Patch.sh
@@ -223,7 +223,7 @@ sed -i "s/TZ.BF.2.0-2.0.0134/TZ.BF.2.0-2.0.0134|TZ.BF.2.0-2.0.0137/" board-info.
enterAndClear "device/samsung/tuna";
rm setup-makefiles.sh; #broken, deblobber will still function
sed -i 's/arm-eabi-4.7/arm-eabi-4.8/' BoardConfig.mk; #fix toolchain
-#See: https://review.lineageos.org/q/topic:%22tuna-sepolicies and https://gerrit.nailyk.fr/#/q/project:android_device_samsung_tuna+branch:cm-14.1
+#See: https://review.lineageos.org/q/topic:%22tuna-sepolicies
patch -p1 < "$DOS_PATCHES/android_device_samsung_tuna/0001-fix_denial.patch";
patch -p1 < "$DOS_PATCHES/android_device_samsung_tuna/0002-fix_denial.patch";
patch -p1 < "$DOS_PATCHES/android_device_samsung_tuna/0003-fix_denial.patch";
@@ -231,7 +231,6 @@ patch -p1 < "$DOS_PATCHES/android_device_samsung_tuna/0004-fix_denial.patch";
echo "allow rild system_file:file execmod;" >> sepolicy/rild.te;
echo "allow rild toolbox_exec:file getattr;" >> sepolicy/rild.te;
-
enter "vendor/google";
echo "" > atv/atv-common.mk;
diff --git a/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_lge_msm8974.sh b/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_lge_msm8974.sh
index 8f39c165..74372c49 100644
--- a/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_lge_msm8974.sh
+++ b/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_lge_msm8974.sh
@@ -21,10 +21,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0005.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7487/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10879/3.4/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10879/3.4/0003.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10880/3.4/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10882/3.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10883/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11832/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-14634/ANY/0001.patch
@@ -32,5 +28,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9439/ANY/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/Untracked-01/ANY/0008-nfsd-check-for-oversized-NFSv2-v3-arguments.patch
git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/kernel.msm.git-9f34c6ebc016cd061ae5ec901221d15fa3d67e49.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
-editKernelLocalversion "-dos.p32"
+editKernelLocalversion "-dos.p28"
cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_samsung_jf.sh b/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_samsung_jf.sh
deleted file mode 100644
index e8942c30..00000000
--- a/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_samsung_jf.sh
+++ /dev/null
@@ -1,77 +0,0 @@
-#!/bin/bash
-cd "$DOS_BUILD_BASE""kernel/samsung/jf"
-git apply $DOS_PATCHES_LINUX_CVES/0003-syskaller-Misc/ANY/0008.patch
-git apply $DOS_PATCHES_LINUX_CVES/0003-syskaller-Misc/ANY/0009.patch
-git apply $DOS_PATCHES_LINUX_CVES/0005-Copperhead-Deny_USB/3.4/3.4-Backport.patch
-git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.4/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-0801/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-10233/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2185/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2186/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2475/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3854/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3857/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3865/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3894/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6672/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6791/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-7117/^4.5/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8404/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0430/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0524/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0573/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0648/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0706/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0710/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0751/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0786/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0791/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000111/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000380/^4.11/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11015/prima/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11015/prima/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11089/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11090/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11473/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-12153/3.2-^3.16/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13080/ANY/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13215/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13246/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13292/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13305/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15265/^4.14/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16525/^4.13/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16526/^4.13/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16532/^4.13/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16533/^4.13/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16535/^4.13/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16537/^4.13/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16650/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0005.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17558/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17806/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7487/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8254/3.4/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8254/3.4/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-1068/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10879/3.4/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10879/3.4/0003.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10880/3.4/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10882/3.4/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10883/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11832/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9389/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9416/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9439/ANY/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9516/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/Untracked-01/ANY/0008-nfsd-check-for-oversized-NFSv2-v3-arguments.patch
-git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/797912_0001-usb-gadget-Fix-synchronization-issue-between-f_audio.patch
-git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/870057_0001-wcnss-add-null-check-in-pm_ops-unregister.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2475/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
-editKernelLocalversion "-dos.p73"
-cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-15.1/Functions.sh b/Scripts/LineageOS-15.1/Functions.sh
index 226c1f04..33f3ff9b 100644
--- a/Scripts/LineageOS-15.1/Functions.sh
+++ b/Scripts/LineageOS-15.1/Functions.sh
@@ -85,7 +85,6 @@ patchWorkspace() {
repopick 239013; #update webview
repopick -it O_asb_2019-02;
-
source "$DOS_SCRIPTS/Patch.sh";
source "$DOS_SCRIPTS/Defaults.sh";
source "$DOS_SCRIPTS/Rebrand.sh";
diff --git a/Scripts/LineageOS-15.1/Patch.sh b/Scripts/LineageOS-15.1/Patch.sh
index 375c81c9..44474671 100644
--- a/Scripts/LineageOS-15.1/Patch.sh
+++ b/Scripts/LineageOS-15.1/Patch.sh
@@ -184,10 +184,10 @@ enterAndClear "device/lge/g2-common";
sed -i '3itypeattribute hwaddrs misc_block_device_exception;' sepolicy/hwaddrs.te;
enterAndClear "device/lge/g3-common";
-git revert 8ce6724ed9649bf00283691acbf497e4f740fe06 65968c3809d7ce421df5318ab1d52bae1190e3fa cb31af784935469a4b7b67783cd24a5a800b51d8 37d6fbd036171068eb15d7855a2c8aaa5e731eb6; #g3-oreo, no /vendor
sed -i '3itypeattribute hwaddrs misc_block_device_exception;' sepolicy/hwaddrs.te;
sed -i '1itypeattribute wcnss_service misc_block_device_exception;' sepolicy/wcnss_service.te;
echo "/dev/block/platform/msm_sdcc\.1/by-name/pad u:object_r:misc_block_device:s0" >> sepolicy/file_contexts; #fix uncrypt denial
+sed -i 's/qcrilmsgtunnel.apk/qcrilmsgtunnel.apk:vendor/priv-app/qcrilmsgtunnel/qcrilmsgtunnel.apk' proprietary-files.txt; #Fix vendor Android.mk path for qcrilmsgtunnel.apk
enterAndClear "device/lge/msm8996-common";
sed -i '3itypeattribute hwaddrs misc_block_device_exception;' sepolicy/hwaddrs.te;
diff --git a/Scripts/init.sh b/Scripts/init.sh
index a37a33de..066d67cb 100644
--- a/Scripts/init.sh
+++ b/Scripts/init.sh
@@ -31,7 +31,7 @@ export DOS_DEBLOBBER_REMOVE_IMS=false; #Set true to remove all IMS blobs XXX: Wi
export DOS_DEBLOBBER_REMOVE_IPA=false; #Set true to remove all IPA blobs
export DOS_DEBLOBBER_REMOVE_IR=false; #Set true to remove all IR blobs
export DOS_DEBLOBBER_REPLACE_TIME=false; #Set true to replace Qualcomm Time Services with the open source Sony TimeKeep reimplementation #TODO: Needs work
-export DOS_DEFAULT_DNS_PRESET="Cloudflare"; #Sets default DNS. Options: Cloudflare, OpenNIC, DNSWATCH, Google, OpenDNS, Quad9, Quad9U, Verisign
+export DOS_DEFAULT_DNS_PRESET="OpenNIC"; #Sets default DNS. Options: CensurfriDNS, Cloudflare, OpenNIC, DNSWATCH, Google, Neustar(-NOBL), OpenDNS, Quad9(-NOBL), Verisign, Yandex(-NOBL)
export DOS_GPS_SUPL_HOST="supl.google.com"; #Options: supl.{google,vodafone,sonyericsson}.com
export DOS_GPS_NTP_SERVER="1.android.pool.ntp.org"; #Options: Any NTP pool
export DOS_GPS_GLONASS_FORCED=true; #Enables GLONASS on all devices