Small tweaks

Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
Tad 2021-10-09 19:34:25 -04:00
parent dd2e8b4b5c
commit d5d3846f2c
10 changed files with 8 additions and 21 deletions

View File

@ -72,7 +72,7 @@ commentPatches android_kernel_razer_msm8998.sh "0008-Graphene-Kernel_Hardening/4
commentPatches android_kernel_samsung_exynos5420.sh "CVE-2021-Misc2/3.4/0061.patch" "CVE-2021-Misc2/3.4/0062.patch"; commentPatches android_kernel_samsung_exynos5420.sh "CVE-2021-Misc2/3.4/0061.patch" "CVE-2021-Misc2/3.4/0062.patch";
commentPatches android_kernel_samsung_jf.sh "CVE-2019-11599"; commentPatches android_kernel_samsung_jf.sh "CVE-2019-11599";
commentPatches android_kernel_samsung_manta.sh "CVE-2021-Misc2/3.4/0055.patch" "CVE-2021-Misc2/3.4/0056.patch"; commentPatches android_kernel_samsung_manta.sh "CVE-2021-Misc2/3.4/0055.patch" "CVE-2021-Misc2/3.4/0056.patch";
commentPatches android_kernel_samsung_msm8930-common.sh "CVE-2017-11015/prima" "CVE-2019-11599"; commentPatches android_kernel_samsung_msm8930-common.sh "CVE-2017-11015/prima" "CVE-2019-11599" "CVE-2021-Misc2/ANY/0031.patch";
commentPatches android_kernel_samsung_smdk4412.sh "CVE-2012-2127" "CVE-2016-8463/ANY/0001.patch"; commentPatches android_kernel_samsung_smdk4412.sh "CVE-2012-2127" "CVE-2016-8463/ANY/0001.patch";
commentPatches android_kernel_samsung_tuna.sh "CVE-2012-2127"; commentPatches android_kernel_samsung_tuna.sh "CVE-2012-2127";
commentPatches android_kernel_samsung_universal8890.sh "CVE-2016-7917" "CVE-2018-1092" "CVE-2018-17972" "CVE-2019-16746" "CVE-2020-0427" "CVE-2020-14381" "CVE-2020-16166"; commentPatches android_kernel_samsung_universal8890.sh "CVE-2016-7917" "CVE-2018-1092" "CVE-2018-17972" "CVE-2019-16746" "CVE-2020-0427" "CVE-2020-14381" "CVE-2020-16166";

View File

@ -69,7 +69,6 @@ patch -p1 < "$DOS_PATCHES/android_build/0001-OTA_Keys.patch"; #Add correct keys
patch -p1 < "$DOS_PATCHES/android_build/0002-Enable_fwrapv.patch"; #Use -fwrapv at a minimum (GrapheneOS) patch -p1 < "$DOS_PATCHES/android_build/0002-Enable_fwrapv.patch"; #Use -fwrapv at a minimum (GrapheneOS)
sed -i '57i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches. sed -i '57i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
sed -i 's/messaging/Silence/' target/product/aosp_base_telephony.mk target/product/treble_common.mk; #Replace the Messaging app with Silence sed -i 's/messaging/Silence/' target/product/aosp_base_telephony.mk target/product/treble_common.mk; #Replace the Messaging app with Silence
sed -i 's/2021-09-05/2021-10-05/' core/version_defaults.mk; #Bump Security String #O_asb_2021-10 #XXX
fi; fi;
if enterAndClear "build/soong"; then if enterAndClear "build/soong"; then

View File

@ -73,7 +73,6 @@ patch -p1 < "$DOS_PATCHES/android_build/0002-Enable_fwrapv.patch"; #Use -fwrapv
sed -i '74i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches. sed -i '74i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
sed -i 's/messaging/Silence/' target/product/aosp_base_telephony.mk target/product/treble_common.mk; #Replace the Messaging app with Silence sed -i 's/messaging/Silence/' target/product/aosp_base_telephony.mk target/product/treble_common.mk; #Replace the Messaging app with Silence
sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 17/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS) sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 17/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
sed -i 's/2021-09-05/2021-10-05/' core/version_defaults.mk; #Bump Security String #P_asb_2021-10 #XXX
fi; fi;
if enterAndClear "build/soong"; then if enterAndClear "build/soong"; then

View File

@ -92,9 +92,9 @@ patchWorkspace() {
umask 0022; umask 0022;
if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi; if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi;
source build/envsetup.sh; #source build/envsetup.sh;
#repopick -it ten-firewall; #repopick -it ten-firewall;
repopick -it Q_asb_2021-10; #repopick -it Q_tzdb2021a1;
source "$DOS_SCRIPTS/Patch.sh"; source "$DOS_SCRIPTS/Patch.sh";
source "$DOS_SCRIPTS_COMMON/Copy_Keys.sh"; source "$DOS_SCRIPTS_COMMON/Copy_Keys.sh";

View File

@ -70,7 +70,6 @@ sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aap
sed -i 's/messaging/Silence/' target/product/aosp_base_telephony.mk target/product/gsi_common.mk; #Replace the Messaging app with Silence sed -i 's/messaging/Silence/' target/product/aosp_base_telephony.mk target/product/gsi_common.mk; #Replace the Messaging app with Silence
awk -i inplace '!/updatable_apex.mk/' target/product/mainline_system.mk; #Disable APEX awk -i inplace '!/updatable_apex.mk/' target/product/mainline_system.mk; #Disable APEX
sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS) sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
sed -i 's/2021-09-05/2021-10-05/' core/version_defaults.mk; #Bump Security String #Q_asb_2021-10 #XXX
fi; fi;
if enterAndClear "build/soong"; then if enterAndClear "build/soong"; then

View File

@ -1,7 +1,5 @@
#!/bin/bash #!/bin/bash
cd "$DOS_BUILD_BASE""kernel/essential/msm8998" cd "$DOS_BUILD_BASE""kernel/essential/msm8998"
git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.4/4.4.0285-0286.patch --exclude=Makefile
git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.4/4.4.0286-0287.patch --exclude=Makefile
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0002.patch git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0003.patch git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0003.patch
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0004.patch git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0004.patch
@ -98,9 +96,8 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11608/4.4/0006.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11608/^5.6.1/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11608/^5.6.1/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14386/3.10-^4.4/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14386/3.10-^4.4/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-16119/^5.10/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-16119/^5.10/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-24587/qca-wifi-host-cmn/0016.patch --directory=drivers/staging/qca-wifi-host-cmn
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-0936/ANY/0005.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-0936/ANY/0005.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-0936/ANY/0011.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-0936/ANY/0011.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-1963/ANY/0003.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-1963/ANY/0003.patch
editKernelLocalversion "-dos.p102" editKernelLocalversion "-dos.p99"
cd "$DOS_BUILD_BASE" cd "$DOS_BUILD_BASE"

View File

@ -43,19 +43,11 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15291/4.4/0006.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-16994/^5.0/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-16994/^5.0/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19051/4.4/0012.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19051/4.4/0012.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19068/4.4/0004.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19068/4.4/0004.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-3702/4.4/0026.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-3702/4.4/0027.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-3702/4.4/0028.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-3702/4.4/0029.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-3702/4.4/0030.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11160/4.4/0003.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11160/4.4/0003.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11608/4.4/0006.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11608/4.4/0006.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11608/^5.6.1/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11608/^5.6.1/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14386/3.10-^4.4/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14386/3.10-^4.4/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-16119/4.4/0006.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-16119/^5.10/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-16119/^5.10/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-24587/qca-wifi-host-cmn/0016.patch --directory=drivers/staging/qca-wifi-host-cmn git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-24587/qca-wifi-host-cmn/0016.patch --directory=drivers/staging/qca-wifi-host-cmn
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3655/^5.13/0003.patch editKernelLocalversion "-dos.p49"
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-40490/3.9-^5.14/0001.patch
editKernelLocalversion "-dos.p57"
cd "$DOS_BUILD_BASE" cd "$DOS_BUILD_BASE"

View File

@ -388,7 +388,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0026.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0028.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0028.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0029.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0029.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0030.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0030.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0031.patch #git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0031.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0032.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0032.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0033.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0033.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0034.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0034.patch

View File

@ -128,7 +128,7 @@ patchWorkspace() {
#source build/envsetup.sh; #source build/envsetup.sh;
#repopick -it eleven-firewall; #repopick -it eleven-firewall;
#repopick -it android-11.0.0_r46; #repopick -it R_tzdb2021a1;
source "$DOS_SCRIPTS/Patch.sh"; source "$DOS_SCRIPTS/Patch.sh";
source "$DOS_SCRIPTS_COMMON/Copy_Keys.sh"; source "$DOS_SCRIPTS_COMMON/Copy_Keys.sh";

View File

@ -328,6 +328,7 @@ fi;
if enterAndClear "device/google/redbull"; then if enterAndClear "device/google/redbull"; then
enableVerity; #Resurrect dm-verity enableVerity; #Resurrect dm-verity
awk -i inplace '!/sctp/' BoardConfig-common.mk modules.load; #fix compile after hardenDefconfig
fi; fi;
if enterAndClear "device/google/redfin"; then if enterAndClear "device/google/redfin"; then