Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2025-05-02 06:26:20 -04:00
Code Issues Projects Releases Packages Wiki Activity

15.1+16.0: September 2022 ASB picks

Browse source 
16.0 backports thanks to MSe1969 as usual:
https://github.com/lin16-microg/android_system_bt/commits/lineage-16.0 - last 3 commits
https://github.com/lin16-microg/android_frameworks_base/commits/lineage-16.0 - last 4 commits
https://github.com/lin16-microg/android_external_expat/commits/lineage-16.0 - last 4 commits

Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
Tad 2022-09-10 18:09:00 -04:00
parent e5eb67f77d
commit e2b314da3c
No known key found for this signature in database
GPG key ID: B286E9F57A07424B
18 changed files with 529 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

13
Scripts/LineageOS-15.1/Patch.sh
View file

@ -74,7 +74,7 @@ applyPatch "$DOS_PATCHES/android_build/0002-Enable_fwrapv.patch"; #Use -fwrapv a
sed -i '57i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
if [ "$DOS_SILENCE_INCLUDED" = true ]; then sed -i 's/messaging/Silence/' target/product/aosp_base_telephony.mk target/product/treble_common.mk; fi; #Replace the Messaging app with Silence
awk -i inplace '!/Email/' target/product/core.mk; #Remove Email
sed -i 's/2021-10-05/2022-08-05/' core/version_defaults.mk; #Bump Security String #XXX
sed -i 's/2021-10-05/2022-09-05/' core/version_defaults.mk; #Bump Security String #XXX
fi;
if enterAndClear "build/soong"; then
@ -96,6 +96,10 @@ if [ "$(type -t DOS_WEBVIEW_CHERRYPICK)" = "alias" ] ; then DOS_WEBVIEW_CHERRYPI
if [ "$DOS_WEBVIEW_LFS" = true ]; then git lfs pull; fi; #Ensure the objects are available
fi;
if enterAndClear "external/expat"; then
applyPatch "$DOS_PATCHES/android_external_expat/337987.patch"; #Q_asb_2022-09 Prevent XML_GetBuffer signed integer overflow
fi;
#if [ "$DOS_GRAPHENE_MALLOC_BROKEN" = true ]; then
#if enterAndClear "external/hardened_malloc"; then
#applyPatch "$DOS_PATCHES_COMMON/android_external_hardened_malloc/0001-Broken_Audio.patch"; #DeviceDescriptor sorting wrongly relies on malloc addresses (GrapheneOS)
@ -126,6 +130,10 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/335117-backport.patch"; #P_asb_
#applyPatch "$DOS_PATCHES/android_frameworks_base/335119.patch"; #P_asb_2022-08 Remove package title from notification access confirmation intent TODO: 335116 must be backported
applyPatch "$DOS_PATCHES/android_frameworks_base/335120.patch"; #P_asb_2022-08 Stop using invalid URL to prevent unexpected crash
applyPatch "$DOS_PATCHES/android_frameworks_base/335121-backport.patch"; #P_asb_2022-08 Only allow the system server to connect to sync adapters
applyPatch "$DOS_PATCHES/android_frameworks_base/337990.patch"; #Q_asb_2022-09 Fix duplicate permission privilege escalation
applyPatch "$DOS_PATCHES/android_frameworks_base/337991.patch"; #Q_asb_2022-09 Parcel: recycle recycles
applyPatch "$DOS_PATCHES/android_frameworks_base/337992-backport.patch"; #Q_asb_2022-09 IMMS: Make IMMS PendingIntents immutable
applyPatch "$DOS_PATCHES/android_frameworks_base/337993.patch"; #Q_asb_2022-09 Remove package name from SafetyNet logs
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0001-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969)
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after three failed attempts (GrapheneOS)
@ -302,6 +310,9 @@ applyPatch "$DOS_PATCHES/android_system_bt/334266.patch"; #P_asb_2022-07 Securit
applyPatch "$DOS_PATCHES/android_system_bt/334267.patch"; #P_asb_2022-07 Check Avrcp packet vendor length before extracting length
applyPatch "$DOS_PATCHES/android_system_bt/334268.patch"; #P_asb_2022-07 Security: Fix out of bound read in AT_SKIP_REST
applyPatch "$DOS_PATCHES/android_system_bt/335109.patch"; #P_asb_2022-08 Removing bonded device when auth fails due to missing keys
applyPatch "$DOS_PATCHES/android_system_bt/337995-backport.patch"; #Q_asb_2022-09 Fix OOB in bnep_is_packet_allowed
applyPatch "$DOS_PATCHES/android_system_bt/337996.patch"; #Q_asb_2022-09 Fix OOB in BNEP_Write
applyPatch "$DOS_PATCHES/android_system_bt/337997.patch"; #Q_asb_2022-09 Fix OOB in reassemble_and_dispatch
fi;
if enterAndClear "system/core"; then

20
Scripts/LineageOS-16.0/Patch.sh
View file

@ -98,7 +98,7 @@ sed -i '74i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aap
if [ "$DOS_SILENCE_INCLUDED" = true ]; then sed -i 's/messaging/Silence/' target/product/aosp_base_telephony.mk target/product/treble_common.mk; fi; #Replace the Messaging app with Silence
sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 17/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
awk -i inplace '!/Email/' target/product/core.mk; #Remove Email
sed -i 's/2022-01-05/2022-08-05/' core/version_defaults.mk; #Bump Security String #P_asb_2022-08 #XXX
sed -i 's/2022-01-05/2022-09-05/' core/version_defaults.mk; #Bump Security String #P_asb_2022-09 #XXX
fi;
if enterAndClear "build/soong"; then
@ -119,6 +119,13 @@ if enterAndClear "external/conscrypt"; then
if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_external_conscrypt/0001-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS)
fi;
if enterAndClear "external/expat"; then
git fetch https://github.com/LineageOS/android_external_expat refs/changes/86/337986/2 && git cherry-pick FETCH_HEAD; #Q_asb_2022-09
git fetch https://github.com/LineageOS/android_external_expat refs/changes/87/337987/2 && git cherry-pick FETCH_HEAD;
git fetch https://github.com/LineageOS/android_external_expat refs/changes/88/337988/2 && git cherry-pick FETCH_HEAD;
git fetch https://github.com/LineageOS/android_external_expat refs/changes/89/337989/2 && git cherry-pick FETCH_HEAD;
fi;
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then
if enterAndClear "external/hardened_malloc"; then
applyPatch "$DOS_PATCHES_COMMON/android_external_hardened_malloc/0001-Broken_Audio.patch"; #DeviceDescriptor sorting wrongly relies on malloc addresses (GrapheneOS)
@ -138,6 +145,10 @@ if [ "$DOS_GRAPHENE_MALLOC" = true ]; then applyPatch "$DOS_PATCHES/android_fram
fi;
if enterAndClear "frameworks/base"; then
git fetch https://github.com/LineageOS/android_frameworks_base refs/changes/90/337990/2 && git cherry-pick FETCH_HEAD; #Q_asb_2022-09
git fetch https://github.com/LineageOS/android_frameworks_base refs/changes/91/337991/2 && git cherry-pick FETCH_HEAD;
applyPatch "$DOS_PATCHES/android_frameworks_base/337992-Backport.patch"; #(MSe1969)
git fetch https://github.com/LineageOS/android_frameworks_base refs/changes/93/337993/2 && git cherry-pick FETCH_HEAD;
applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS)
applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
applyPatch "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch"; #Allow SystemUI to directly manage Bluetooth/WiFi (GrapheneOS)
@ -311,9 +322,12 @@ applyPatch "$DOS_PATCHES/android_packages_services_Telephony/0001-PREREQ_Handle_
applyPatch "$DOS_PATCHES/android_packages_services_Telephony/0002-More_Preferred_Network_Modes.patch";
fi;
#if enterAndClear "system/bt"; then
if enterAndClear "system/bt"; then
git fetch https://github.com/LineageOS/android_vendor_qcom_opensource_system_bt refs/changes/95/337995/1 && git cherry-pick FETCH_HEAD; #Q_asb_2022-09
git fetch https://github.com/LineageOS/android_vendor_qcom_opensource_system_bt refs/changes/96/337996/1 && git cherry-pick FETCH_HEAD;
git fetch https://github.com/LineageOS/android_vendor_qcom_opensource_system_bt refs/changes/97/337997/1 && git cherry-pick FETCH_HEAD;
#applyPatch "$DOS_PATCHES_COMMON/android_system_bt/0001-alloc_size.patch"; #Add alloc_size attributes to the allocator (GrapheneOS)
#fi;
fi;
if enterAndClear "system/core"; then
if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file

3
Scripts/LineageOS-17.1/Functions.sh
View file

@ -81,9 +81,8 @@ patchWorkspace() {
gpgVerifyGitTag "$DOS_BUILD_BASE/external/hardened_malloc";
gpgVerifyGitHead "$DOS_BUILD_BASE/external/chromium-webview";
source build/envsetup.sh;
#source build/envsetup.sh;
#repopick -it ten-firewall;
repopick -it Q_asb_2022-09;
sh "$DOS_SCRIPTS/Patch.sh";
sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";

8
Scripts/LineageOS-17.1/Patch.sh
View file

@ -97,7 +97,6 @@ if [ "$DOS_SILENCE_INCLUDED" = true ]; then sed -i 's/messaging/Silence/' target
awk -i inplace '!/updatable_apex.mk/' target/product/mainline_system.mk; #Disable APEX
sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
#sed -i 's/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := true/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := false/' core/product_config.mk; #broken by hardenDefconfig
sed -i 's/2022-08-05/2022-09-05/' core/version_defaults.mk; #Bump Security String #Q_asb_2022-09 #XXX
fi;
if enterAndClear "build/soong"; then
@ -119,13 +118,6 @@ if enterAndClear "external/conscrypt"; then
if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_external_conscrypt/0001-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS)
fi;
if enterAndClear "external/expat"; then
git fetch https://github.com/LineageOS/android_external_expat refs/changes/86/337986/1 && git cherry-pick FETCH_HEAD; #Q_asb_2022-09
git fetch https://github.com/LineageOS/android_external_expat refs/changes/87/337987/1 && git cherry-pick FETCH_HEAD;
git fetch https://github.com/LineageOS/android_external_expat refs/changes/88/337988/1 && git cherry-pick FETCH_HEAD;
git fetch https://github.com/LineageOS/android_external_expat refs/changes/89/337989/1 && git cherry-pick FETCH_HEAD;
fi;
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then
if enterAndClear "external/hardened_malloc"; then
applyPatch "$DOS_PATCHES/android_external_hardened_malloc/0001-Broken_Cameras.patch"; #Expand workaround to all camera executables (DivestOS)

3
Scripts/LineageOS-18.1/Functions.sh
View file

@ -122,12 +122,11 @@ patchWorkspace() {
gpgVerifyGitTag "$DOS_BUILD_BASE/external/hardened_malloc";
gpgVerifyGitHead "$DOS_BUILD_BASE/external/chromium-webview";
source build/envsetup.sh;
#source build/envsetup.sh;
#repopick -it eleven-firewall;
#repopick -i 314130; #adbconnection: don't spin if adbd isn't running
#repopick -i 314453; #TaskViewTouchController: Null check current animation on drag
#repopick -i 325011; #lineage: Opt-in to shipping full recovery image by default
repopick -it R_asb_2022-09;
sh "$DOS_SCRIPTS/Patch.sh";
sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";

8
Scripts/LineageOS-18.1/Patch.sh
View file

@ -96,7 +96,6 @@ if [ "$DOS_SILENCE_INCLUDED" = true ]; then sed -i 's/messaging/Silence/' target
awk -i inplace '!/updatable_apex.mk/' target/product/mainline_system.mk; #Disable APEX
sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
#sed -i 's/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := true/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := false/' core/product_config.mk; #broken by hardenDefconfig
sed -i 's/2022-08-05/2022-09-05/' core/version_defaults.mk; #Bump Security String #R_asb_2022-09 #XXX
fi;
if enterAndClear "build/soong"; then
@ -118,13 +117,6 @@ if enterAndClear "external/conscrypt"; then
if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_external_conscrypt/0001-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS)
fi;
if enterAndClear "external/expat"; then
git fetch https://github.com/LineageOS/android_external_expat refs/changes/66/337966/1 && git cherry-pick FETCH_HEAD; #R_asb_2022-09
git fetch https://github.com/LineageOS/android_external_expat refs/changes/67/337967/1 && git cherry-pick FETCH_HEAD;
git fetch https://github.com/LineageOS/android_external_expat refs/changes/68/337968/1 && git cherry-pick FETCH_HEAD;
git fetch https://github.com/LineageOS/android_external_expat refs/changes/69/337969/1 && git cherry-pick FETCH_HEAD;
fi;
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then
if enterAndClear "external/hardened_malloc"; then
applyPatch "$DOS_PATCHES/android_external_hardened_malloc/0001-Broken_Cameras.patch"; #Expand workaround to all camera executables (DivestOS)

3
Scripts/LineageOS-19.1/Functions.sh
View file

@ -114,8 +114,7 @@ patchWorkspace() {
gpgVerifyGitTag "$DOS_BUILD_BASE/external/SecureCamera";
gpgVerifyGitHead "$DOS_BUILD_BASE/external/chromium-webview";
source build/envsetup.sh;
repopick -it S_asb_2022-09;
#source build/envsetup.sh;
sh "$DOS_SCRIPTS/Patch.sh";
sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";

8
Scripts/LineageOS-19.1/Patch.sh
View file

@ -97,7 +97,6 @@ sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aap
awk -i inplace '!/updatable_apex.mk/' target/product/generic_system.mk; #Disable APEX
sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
#sed -i 's/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := true/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := false/' core/product_config.mk; #broken by hardenDefconfig
sed -i 's/2022-08-05/2022-09-05/' core/version_defaults.mk; #Bump Security String #S_asb_2022-09 #XXX
fi;
if enterAndClear "build/soong"; then
@ -114,13 +113,6 @@ if enterAndClear "external/conscrypt"; then
if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_external_conscrypt/0001-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS)
fi;
if enterAndClear "external/expat"; then
git fetch https://github.com/LineageOS/android_external_expat refs/changes/00/337900/1 && git cherry-pick FETCH_HEAD; #S_asb_2022-09
git fetch https://github.com/LineageOS/android_external_expat refs/changes/01/337901/1 && git cherry-pick FETCH_HEAD;
git fetch https://github.com/LineageOS/android_external_expat refs/changes/02/337902/1 && git cherry-pick FETCH_HEAD;
git fetch https://github.com/LineageOS/android_external_expat refs/changes/03/337903/1 && git cherry-pick FETCH_HEAD;
fi;
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then
if enterAndClear "external/hardened_malloc"; then
applyPatch "$DOS_PATCHES/android_external_hardened_malloc/0001-Broken_Cameras-1.patch"; #Workarounds for Pixel 3 SoC era camera driver bugs (GrapheneOS)